From ad93b27981e754498c06351a020bd47b16511d52 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 25 Jan 2023 23:27:16 +0100 Subject: l yubikey: fix initial setup --- lass/2configs/yubikey.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix index a37752d5e..bf6a587af 100644 --- a/lass/2configs/yubikey.nix +++ b/lass/2configs/yubikey.nix @@ -3,6 +3,7 @@ environment.systemPackages = with pkgs; [ yubikey-personalization yubikey-manager + pinentry-curses pinentry-qt ]; services.udev.packages = with pkgs; [ yubikey-personalization ]; @@ -11,6 +12,7 @@ services.pcscd.enable = true; systemd.user.services.gpg-agent.serviceConfig.ExecStartPre = pkgs.writers.writeDash "init_gpg" '' set -x + mkdir -p $HOME/.gnupg ${pkgs.coreutils}/bin/ln -sf ${pkgs.writeText "scdaemon.conf" '' disable-ccid pcsc-driver ${pkgs.pcsclite.out}/lib/libpcsclite.so.1 @@ -25,6 +27,10 @@ reader-port Yubico YubiKey ''} $HOME/.gnupg/scdaemon.conf ''; + systemd.user.services.gpg-agent.serviceConfig.ExecStartPost = pkgs.writers.writeDash "init_gpg" '' + ${pkgs.gnupg}/bin/gpg --import ${../../kartei/lass/pgp/yubikey.pgp} >/dev/null + echo -e '5\ny\n' | gpg --command-fd 0 --expert --edit-key DBCD757846069B392EA9401D6657BE8A8D1EE807 trust >/dev/null || : + ''; security.polkit.extraConfig = '' polkit.addRule(function(action, subject) { @@ -38,13 +44,14 @@ } }); polkit.addRule(function(action, subject) { - polkit.log("subject: " + subject + " action: " + action); + polkit.log("subject: " + subject + " action: " + action); }); ''; environment.shellInit = '' if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then export GPG_TTY="$(tty)" + mkdir -p $HOME/.gnupg gpg-connect-agent --quiet updatestartuptty /bye > /dev/null export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" if [ -z "$SSH_AUTH_SOCK" ]; then @@ -61,6 +68,7 @@ ssh.startAgent = false; gnupg.agent = { enable = true; + pinentryFlavor = "qt"; # enableSSHSupport = true; }; }; -- cgit v1.2.3 From ab06eab6af32e794882687a25746a35a66ef481d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Jan 2023 16:15:35 +0100 Subject: l ubik.r: init on neoprism.r --- lass/2configs/ubik-host.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 lass/2configs/ubik-host.nix (limited to 'lass/2configs') diff --git a/lass/2configs/ubik-host.nix b/lass/2configs/ubik-host.nix new file mode 100644 index 000000000..874d4ecb8 --- /dev/null +++ b/lass/2configs/ubik-host.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: +{ + lass.sync-containers3.containers.ubik = { + sshKey = "${toString }/ubik.sync.key"; + }; + containers.ubik.bindMounts."/var/lib" = { + hostPath = "/var/lib/sync-containers3/ubik/state"; + isReadOnly = false; + }; + containers.ubik.bindMounts."/var/lib/nextcloud/data" = { + hostPath = "/var/ubik"; + isReadOnly = false; + }; + services.nginx.virtualHosts."c.apanowicz.de" = { + enableACME = true; + forceSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://ubik.r"; + extraConfig = '' + client_max_body_size 9001M; + ''; + }; + }; +} -- cgit v1.2.3 From f10b0ca342af20cdd1f4f25bd47e6f21a115a300 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Jan 2023 20:03:58 +0100 Subject: l gg23: disable link local on wan --- lass/2configs/gg23.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index 1af2fa226..b35b0cb85 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -12,9 +12,9 @@ with import ; linkConfig = { RequiredForOnline = "routable"; }; - # networkConfig = { - # LinkLocalAddressing = "no"; - # }; + networkConfig = { + LinkLocalAddressing = "no"; + }; # dhcpV6Config = { # PrefixDelegationHint = "::/60"; # }; -- cgit v1.2.3 From 4b2b7add164158119729e60078e0d7c03107dbf8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Jan 2023 21:27:26 +0100 Subject: l mail: create dirs on first use, minor issues --- lass/2configs/mail.nix | 57 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 37 insertions(+), 20 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index b874695a8..098982892 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -1,5 +1,4 @@ -with import ; -{ pkgs, ... }: +{ config, lib, pkgs, ... }: let @@ -14,7 +13,6 @@ let port 465 tls on tls_starttls off - tls_fingerprint 9C:82:3B:0F:31:CE:1B:8E:96:00:CC:C9:FF:E7:BE:66:95:92:4F:22:DD:D6:2E:0E:1D:90:76:BE:8E:9E:8E:16 auth on user lassulus passwordeval pass show c-base/pass @@ -24,11 +22,12 @@ let notmuch-config = pkgs.writeText "notmuch-config" '' [database] path=/home/lass/Maildir + mail_root=/home/lass/Maildir [user] name=lassulus primary_email=lassulus@lassul.us - other_email=lass@mors.r;${concatStringsSep ";" (flatten (attrValues mailboxes))} + other_email=lass@mors.r;${lib.concatStringsSep ";" (lib.flatten (lib.attrValues mailboxes))} [new] tags=unread;inbox; @@ -93,11 +92,37 @@ let tag-new-mails = pkgs.writeDashBin "nm-tag-init" '' ${pkgs.notmuch}/bin/notmuch new - ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)} + ${lib.concatMapStringsSep "\n" (i: '' + '') (lib.mapAttrsToList lib.nameValuePair mailboxes)} + ${lib.concatMapStringsSep "\n" (i: '' + mkdir -p "$HOME/Maildir/.${i.name}/cur" + for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files 'tag:inbox and (${lib.concatMapStringsSep " or " (f: "${f}") i.value})'); do + if test -e "$mail"; then + mv "$mail" "$HOME/Maildir/.${i.name}/cur/" + else + echo "$mail does not exist" + fi + done + ${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${lib.concatMapStringsSep " or " (f: "${f}") i.value} + '') (lib.mapAttrsToList lib.nameValuePair mailboxes)} + ${pkgs.notmuch}/bin/notmuch new + ${pkgs.notmuch}/bin/notmuch dump > "$HOME/Maildir/notmuch.backup" ''; tag-old-mails = pkgs.writeDashBin "nm-tag-old" '' - ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)} + set -efux + ${lib.concatMapStringsSep "\n" (i: '' + ${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${lib.concatMapStringsSep " or " (f: "${f}") i.value} + mkdir -p "$HOME/Maildir/.${i.name}/cur" + for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files ${lib.concatMapStringsSep " or " (f: "${f}") i.value}); do + if test -e "$mail"; then + mv "$mail" "$HOME/Maildir/.${i.name}/cur/" + else + echo "$mail does not exist" + fi + done + '') (lib.mapAttrsToList lib.nameValuePair mailboxes)} + ${pkgs.notmuch}/bin/notmuch new --no-hooks ''; muttrc = pkgs.writeText "muttrc" '' @@ -110,17 +135,6 @@ let set crypt_verify_sig = yes set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f" - macro index \Cv \ - " set my_crypt_verify_sig=\$crypt_verify_sig \ - set crypt_verify_sig=yes \ - set crypt_verify_sig=\$my_crypt_verify_sig" \ - 'Verify PGP signature and open the message' - - macro pager \Cv \ - " set my_crypt_verify_sig=\$crypt_verify_sig \ - set crypt_verify_sig=yes \ - set crypt_verify_sig=\$my_crypt_verify_sig" \ - 'Verify PGP signature' # read html mails auto_view text/html @@ -138,8 +152,8 @@ let set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail set from="lassulus@lassul.us" alternates ^.*@lassul\.us$ ^.*@.*\.r$ - set use_from=yes - set envelope_from=yes + unset envelope_from_address + set use_envelope_from set reverse_name set sort=threads @@ -148,7 +162,7 @@ let virtual-mailboxes "Unread" "notmuch://?query=tag:unread" virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox" - ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)} + ${lib.concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (lib.mapAttrsToList lib.nameValuePair mailboxes)} virtual-mailboxes "TODO" "notmuch://?query=tag:TODO" virtual-mailboxes "Starred" "notmuch://?query=tag:*" virtual-mailboxes "Archive" "notmuch://?query=tag:archive" @@ -213,6 +227,9 @@ let macro pager ,@3 " set pager_index_lines=7; macro pager ] ,@1 'Toggle indexbar" macro pager ] ,@1 'Toggle indexbar + # urlview + macro pager \cb '${pkgs.urlview}/bin/urlview' 'Follow links with urlview' + # sidebar set sidebar_divider_char = '│' set sidebar_delim_chars = "/" -- cgit v1.2.3 From 23f4065929de6c0438647725220915b7cdf6700b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Jan 2023 21:27:42 +0100 Subject: l mail: add muchsync keybinding --- lass/2configs/mail.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 098982892..f5b2e22b7 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -180,6 +180,15 @@ let macro index + "+*\n" # tag as starred macro index - "-*\n" # tag as unstarred + # muchsync + bind index \Cr noop + macro index \Cr \ + "unset wait_key \ + ${pkgs.writeDash "muchsync" '' + set -efu + ${pkgs.muchsync}/bin/muchsync -F lass@green.r + ''} \ + 'run muchsync to green.r' #killed bind index d noop -- cgit v1.2.3 From f33b7b1c800604fc08237176c05cd9d64a5cd9aa Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Jan 2023 21:39:44 +0100 Subject: l xmonad: paste on shift+f12 --- lass/2configs/xmonad.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index 8784da379..edede2995 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -53,6 +53,7 @@ import XMonad.Util.EZConfig (additionalKeysP) import XMonad.Util.NamedWindows (getName) import XMonad.Util.Run (safeSpawn) import XMonad.Util.Ungrab (unGrab) +import XMonad.Util.Paste (pasteSelection) data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show) @@ -177,13 +178,13 @@ myKeyMap = , ("M4-", spawn "${pkgs.redshift}/bin/redshift -x") , ("M4-", spawn "${config.lass.screenlock.command}") - , ("M4-", spawn "${pkgs.systemd}/bin/systemctl suspend -i") , ("M4-u", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("M4-y", spawn "/run/current-system/sw/bin/switch-theme toggle") , ("M4-s", spawn "${pkgs.knav}/bin/knav") , ("M4-i", spawn "/run/current-system/sw/bin/screenshot") + , ("S-", pasteSelection) --, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView)) --, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView)) -- cgit v1.2.3 From aab4b1ce8cbcdd9f31292650e42baab83757764e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Jan 2023 21:40:32 +0100 Subject: l xmonad: brain is now in pass, emotiocons -> unimenu --- lass/2configs/xmonad.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index edede2995..8fdfeb3f4 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -106,11 +106,9 @@ floatHooks = composeAll myKeyMap :: [([Char], X ())] myKeyMap = - [ ("M4-C-p", forkFile "${pkgs.scrot}/bin/scrot" [ "~/public_html/scrot.png" ] Nothing ) - , ("M4-p", forkFile "${pkgs.pass}/bin/passmenu" [ "--type" ] Nothing) + [ ("M4-p", forkFile "${pkgs.pass}/bin/passmenu" [ "--type" ] Nothing) , ("M4-S-p", forkFile "${pkgs.otpmenu}/bin/otpmenu" [] Nothing) - , ("M4-o", forkFile "${pkgs.brain}/bin/brainmenu --type" [] Nothing) - , ("M4-z", forkFile "${pkgs.emot-menu}/bin/emoticons" [] Nothing) + , ("M4-z", forkFile "${pkgs.unimenu}/bin/unimenu" [] Nothing) , ("M4-S-q", restart "xmonad" True) -- cgit v1.2.3 From 201bb10881ce51a170c4c33be560b48d05a661fe Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Jan 2023 21:40:47 +0100 Subject: l xmonad: knav -> warpd --- lass/2configs/xmonad.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index 8fdfeb3f4..b506e026d 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -180,7 +180,7 @@ myKeyMap = , ("M4-u", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("M4-y", spawn "/run/current-system/sw/bin/switch-theme toggle") - , ("M4-s", spawn "${pkgs.knav}/bin/knav") + ${lib.optionalString (builtins.hasAttr "warpd" pkgs) '', ("M4-s", spawn "${pkgs.warpd}/bin/warpd --hint")''} , ("M4-i", spawn "/run/current-system/sw/bin/screenshot") , ("S-", pasteSelection) -- cgit v1.2.3 From bf4a3fe78e4814b9281b7e20d8eae2e0461fed72 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 30 Jan 2023 20:40:25 +0100 Subject: l orange.r: init --- lass/2configs/orange-host.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 lass/2configs/orange-host.nix (limited to 'lass/2configs') diff --git a/lass/2configs/orange-host.nix b/lass/2configs/orange-host.nix new file mode 100644 index 000000000..3fbf417a7 --- /dev/null +++ b/lass/2configs/orange-host.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + lass.sync-containers3.containers.orange = { + sshKey = "${toString }/orange.sync.key"; + }; + services.nginx.virtualHosts."lassul.us" = { + # enableACME = config.security; + # forceSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://orange.r"; + }; + }; +} -- cgit v1.2.3 From c7417c8bc1b50d466dae493ac3619d9f324f34f8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 30 Jan 2023 20:53:24 +0100 Subject: sync-containers3: lass -> krebs --- lass/2configs/green-host.nix | 6 +----- lass/2configs/orange-host.nix | 2 +- lass/2configs/radio/container-host.nix | 2 +- lass/2configs/red-host.nix | 2 +- lass/2configs/ubik-host.nix | 2 +- lass/2configs/yellow-host.nix | 2 +- 6 files changed, 6 insertions(+), 10 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix index 1e41e8e02..66088a562 100644 --- a/lass/2configs/green-host.nix +++ b/lass/2configs/green-host.nix @@ -1,10 +1,6 @@ { config, pkgs, ... }: { - imports = [ - - ]; - - lass.sync-containers3.containers.green = { + krebs.sync-containers3.containers.green = { sshKey = "${toString }/green.sync.key"; }; } diff --git a/lass/2configs/orange-host.nix b/lass/2configs/orange-host.nix index 3fbf417a7..e4bfcff89 100644 --- a/lass/2configs/orange-host.nix +++ b/lass/2configs/orange-host.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - lass.sync-containers3.containers.orange = { + krebs.sync-containers3.containers.orange = { sshKey = "${toString }/orange.sync.key"; }; services.nginx.virtualHosts."lassul.us" = { diff --git a/lass/2configs/radio/container-host.nix b/lass/2configs/radio/container-host.nix index e32095ffa..de0ea9afe 100644 --- a/lass/2configs/radio/container-host.nix +++ b/lass/2configs/radio/container-host.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - lass.sync-containers3.containers.radio = { + krebs.sync-containers3.containers.radio = { sshKey = "${toString }/radio.sync.key"; }; containers.radio = { diff --git a/lass/2configs/red-host.nix b/lass/2configs/red-host.nix index cbd9c097e..171191dac 100644 --- a/lass/2configs/red-host.nix +++ b/lass/2configs/red-host.nix @@ -8,7 +8,7 @@ in ]; - lass.sync-containers3.containers.red = { + krebs.sync-containers3.containers.red = { sshKey = "${toString }/containers/red/sync.key"; ephemeral = true; }; diff --git a/lass/2configs/ubik-host.nix b/lass/2configs/ubik-host.nix index 874d4ecb8..a4ad5e55e 100644 --- a/lass/2configs/ubik-host.nix +++ b/lass/2configs/ubik-host.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - lass.sync-containers3.containers.ubik = { + krebs.sync-containers3.containers.ubik = { sshKey = "${toString }/ubik.sync.key"; }; containers.ubik.bindMounts."/var/lib" = { diff --git a/lass/2configs/yellow-host.nix b/lass/2configs/yellow-host.nix index d07c222c6..36027cb5d 100644 --- a/lass/2configs/yellow-host.nix +++ b/lass/2configs/yellow-host.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - lass.sync-containers3.containers.yellow = { + krebs.sync-containers3.containers.yellow = { sshKey = "${toString }/yellow.sync.key"; }; containers.yellow.bindMounts."/var/lib" = { -- cgit v1.2.3