From f491fac2025b2e99788be8e26181da1b26995e84 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Jan 2020 12:40:44 +0100 Subject: l gg23: remove deprecated hass override --- lass/2configs/gg23.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index 2ec7b94d..b23494b2 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -75,7 +75,6 @@ with import ; in { enable = true; package = pkgs.home-assistant.override { - python3 = pkgs.python36; #extraComponents = [ # (pkgs.fetchgit { # url = "https://github.com/marcschumacher/dwd_pollen"; -- cgit v1.2.3 From 472b52e98a2d36604c7f090b6e73fb2ee5b83796 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:29:21 +0100 Subject: l hilum.r: get autoiso.cfg easier via git --- lass/1systems/hilum/config.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'lass') diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index d4a389a4..f66a0abe 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -21,13 +21,6 @@ source /grub/autoiso.cfg } ''; - extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation { - name = "autoiso.cfg"; - src = pkgs.grub2.src; - phases = [ "unpackPhase" "installPhase" ]; - installPhase = '' - cp docs/autoiso.cfg $out - ''; - }); + extraFiles."/grub/autoiso.cfg" = "${pkgs.grub2.src}/docs/autoiso.cfg"; }; } -- cgit v1.2.3 From 18f073cecfdb596e553cae4b81df006fddb08f70 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:30:04 +0100 Subject: l hilum.r: don't suspend on lid close --- lass/1systems/hilum/config.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index f66a0abe..470dd3af 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -23,4 +23,7 @@ ''; extraFiles."/grub/autoiso.cfg" = "${pkgs.grub2.src}/docs/autoiso.cfg"; }; + + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; } -- cgit v1.2.3 From 1a73dffbddb934355b7994bb3558441bbeed9abd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:30:32 +0100 Subject: l icarus.r: reinstall after 36c3 --- lass/1systems/icarus/config.nix | 1 + lass/1systems/icarus/physical.nix | 47 ++++++++++++++++++++++++++++++++------- 2 files changed, 40 insertions(+), 8 deletions(-) (limited to 'lass') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 46f0892a..5e16052a 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -20,6 +20,7 @@ with import ; # + ]; #media center diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix index d764dabc..861bd8b0 100644 --- a/lass/1systems/icarus/physical.nix +++ b/lass/1systems/icarus/physical.nix @@ -1,22 +1,53 @@ +{ config, lib, pkgs, ... }: { imports = [ ./config.nix - - + # + # + + ]; - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6"; + boot.initrd.luks.devices.ssd.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6-part3"; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/298eb635-8db2-4c15-a73d-2e0d6afa10e8"; + fsType = "xfs"; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/eec94bef-e745-4d95-ad17-4df728f5fd31"; + fsType = "xfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/D975-2CAB"; + fsType = "vfat"; }; + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; services.thinkfan.enable = true; + + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; + } -- cgit v1.2.3 From 919b0ad48e39ff78d90342383d010c08cc0b28c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:39:18 +0100 Subject: l iso: rework for wizard magic --- lass/1systems/iso.nix | 193 ---------------------------------- lass/1systems/iso/default.nix | 212 ++++++++++++++++++++++++++++++++++++++ lass/1systems/iso/generate-iso.sh | 7 ++ 3 files changed, 219 insertions(+), 193 deletions(-) delete mode 100644 lass/1systems/iso.nix create mode 100644 lass/1systems/iso/default.nix create mode 100755 lass/1systems/iso/generate-iso.sh (limited to 'lass') diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix deleted file mode 100644 index a7b9f21b..00000000 --- a/lass/1systems/iso.nix +++ /dev/null @@ -1,193 +0,0 @@ -{ config, pkgs, ... }: - -with import ; -{ - imports = [ - - - - - - { - # /dev/stderr doesn't work. I don't know why - # /proc/self doesn't seem to work correctly - # /dev/pts is empty except for 1 file - # my life sucks - nixpkgs.config.packageOverrides = super: { - irc-announce = super.callPackage { - pkgs = pkgs // { - coreutils = pkgs.symlinkJoin { - name = "coreutils-hack"; - paths = [ - (pkgs.writeDashBin "tee" '' - if test "$1" = /dev/stderr; then - while read -r line; do - echo "$line" - echo "$line" >&2 - done - else - ${super.coreutils}/bin/tee "$@" - fi - '') - pkgs.coreutils - ]; - }; - }; - }; - }; - boot.kernelParams = [ "copytoram" ]; - networking.hostName = "lass-iso"; - } - { - nixpkgs.config.packageOverrides = import pkgs; - krebs.enable = true; - krebs.build.user = config.krebs.users.lass; - krebs.build.host = {}; - } - { - nixpkgs.config.allowUnfree = true; - } - { - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - }; - } - { - environment.extraInit = '' - EDITOR=vim - ''; - } - { - environment.systemPackages = with pkgs; [ - #stockholm - git - gnumake - jq - parallel - proot - populate - - #style - most - rxvt_unicode.terminfo - - #monitoring tools - htop - iotop - - #network - iptables - iftop - - #stuff for dl - aria2 - - #neat utils - hashPassword - krebspaste - pciutils - pop - psmisc - q - rs - tmux - untilport - usbutils - - #unpack stuff - p7zip - unzip - unrar - - #data recovery - ddrescue - ntfs3g - dosfstools - ]; - } - { - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"' - else - PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"' - fi - ''; - }; - } - { - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ]; - } - { - networking.firewall = { - enable = true; - allowedTCPPorts = [ 22 ]; - }; - } - { - krebs.hidden-ssh.enable = true; - } - { - services.xserver = { - enable = true; - #videoDrivers = mkForce [ "ati_unfree" ]; - - desktopManager.xterm.enable = false; - desktopManager.default = "none"; - displayManager.lightdm.enable = true; - displayManager.lightdm.autoLogin = { - enable = true; - user = "lass"; - }; - windowManager.default = "xmonad"; - windowManager.session = let - xmonad-lass = pkgs.callPackage { inherit config; }; - in [{ - name = "xmonad"; - start = '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - ${xmonad-lass}/bin/xmonad & - waitPID=$! - ''; - }]; - - layout = "us"; - xkbModel = "evdev"; - xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; - }; - } - ]; -} diff --git a/lass/1systems/iso/default.nix b/lass/1systems/iso/default.nix new file mode 100644 index 00000000..ba483f5f --- /dev/null +++ b/lass/1systems/iso/default.nix @@ -0,0 +1,212 @@ +{ config, pkgs, ... }: +with import ; + +let + + wizard = pkgs.writers.writeBash "wizard" '' + set -x + shopt -s extglob + + echo -n ' + welcome to the computer wizard + first we will check for internet connectivity + (press enter to continue) + ' + read -n 1 -s + if ! ping -c1 lassul.us; then + echo 'no internet detectio, you will have to provide credentials' + read -n 1 -s + nmtui + fi + + # ping -c1 lassuls.us || ${pkgs.writeDash "nm-dmenu" '' + # set -x + # export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin + # exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" + # ''} + + mode=$(echo -n ' + 1. help of the wizard + 2. let the wizard watch and help if needed + 3. I will do it alone + ' | ${pkgs.fzf}/bin/fzf --reverse) + case "$mode" in + 1*) + echo 'mode_1' > /tmp/mode + systemctl start hidden-ssh-announce.service + tmux new -s help + ;; + 2*) + echo 'mode_2' > /tmp/mode + ;; + 3*) + echo 'mode_3' > /tmp/mode + ;; + *) + echo 'no mode selected' + ;; + esac + ''; + +in { + imports = [ + + + + { + nixpkgs.config.packageOverrides = import pkgs; + krebs.enable = true; + krebs.build.user = config.krebs.users.lass; + krebs.build.host = {}; + } + # { + # systemd.services.wizard = { + # description = "Computer Wizard"; + # wantedBy = [ "multi-user.target" ]; + # serviceConfig = { + # ExecStart = pkgs.writers.writeDash "wizard" '' + # set -efu + # cat < Date: Sat, 11 Jan 2020 20:40:38 +0100 Subject: l xerxes.r: reinstall with xfs --- lass/1systems/xerxes/physical.nix | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) (limited to 'lass') diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix index 77cf2206..2e9e62a8 100644 --- a/lass/1systems/xerxes/physical.nix +++ b/lass/1systems/xerxes/physical.nix @@ -5,40 +5,32 @@ ]; - boot.zfs.enableUnstable = true; boot.loader.grub = { enable = true; device = "/dev/sda"; efiSupport = true; + efiInstallAsRemovable = true; }; - boot.loader.efi.canTouchEfiVariables = true; boot.blacklistedKernelModules = [ "sdhci_pci" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; boot.initrd.luks.devices.crypted.device = "/dev/sda3"; boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; boot.kernelParams = [ "fbcon=rotate:1" "boot.shell_on_fail" ]; fileSystems."/" = { - device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "rpool/home"; - fsType = "zfs"; + device = "/dev/disk/by-uuid/8efd0c22-f712-46bf-baad-1fbf19d9ec25"; + fsType = "xfs"; }; fileSystems."/boot" = { - device = "/dev/disk/by-uuid/E749-784C"; + device = "/dev/disk/by-uuid/7F23-DDB4"; fsType = "vfat"; }; -- cgit v1.2.3 From 3367cc374a6739331681032427b2f53197537251 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:41:03 +0100 Subject: l xerxes.r: remove debug output --- lass/1systems/xerxes/physical.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix index 2e9e62a8..5a6f0721 100644 --- a/lass/1systems/xerxes/physical.nix +++ b/lass/1systems/xerxes/physical.nix @@ -66,7 +66,6 @@ services.xserver = { videoDrivers = [ "intel" ]; displayManager.sessionCommands = '' - echo nonono > /tmp/xxyy (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right) (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1) ''; -- cgit v1.2.3 From 88e7821ed2ae331082ad3cad6d2885c3125316ea Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:41:28 +0100 Subject: l yellow.r: remove broken fancyindex theme --- lass/1systems/yellow/config.nix | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'lass') diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index d049bdee..abbc0045 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -47,17 +47,6 @@ with import ; }; virtualHosts.default = { default = true; - locations."=/Nginx-Fancyindex-Theme-dark" = { - extraConfig = '' - alias ${pkgs.fetchFromGitHub { - owner = "Naereen"; - repo = "Nginx-Fancyindex-Theme"; - rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4"; - sha256 = "0wzl4ws2w8f0749vxfd1c8c21p3jw463wishgfcmaljbh4dwplg6"; - }}/Nginx-Fancyindex-Theme-dark; - autoindex on; - ''; - }; locations."/dl".extraConfig = '' return 301 /; ''; @@ -65,8 +54,6 @@ with import ; root = "/var/download/finished"; extraConfig = '' fancyindex on; - fancyindex_header "/Nginx-Fancyindex-Theme-dark/header.html"; - fancyindex_footer "/Nginx-Fancyindex-Theme-dark/footer.html"; dav_methods PUT DELETE MKCOL COPY MOVE; create_full_put_path on; -- cgit v1.2.3 From c2d0a98038f98bad03f7cd7982029aa07a17073f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:42:09 +0100 Subject: l ciko: remove slash16.net mail --- lass/2configs/ciko.nix | 8 -------- 1 file changed, 8 deletions(-) (limited to 'lass') diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix index 6818db46..3d87fb62 100644 --- a/lass/2configs/ciko.nix +++ b/lass/2configs/ciko.nix @@ -11,14 +11,6 @@ with import ; "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr" ]; }; - krebs.exim-smarthost = { - internet-aliases = [ - { from = "*@slash16.net"; to = "ciko"; } - ]; - sender_domains = [ - "slash16.net" - ]; - }; system.activationScripts.user-shadow = '' ${pkgs.coreutils}/bin/chmod +x /home/ciko -- cgit v1.2.3 From eeb1c6004d96dfc781648a40f3a20b759c51d0cf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:42:43 +0100 Subject: l: add/remove some pkgs --- lass/2configs/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index dcae2f3e..b0d7ff23 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -96,9 +96,6 @@ with import ; git gnumake jq - parallel - proot - populate #style most @@ -118,6 +115,7 @@ with import ; #neat utils file + hashPassword kpaste krebspaste mosh -- cgit v1.2.3 From 82cd863f9e6f88539f9bda33bd2a27243866a45c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:43:56 +0100 Subject: l exim-smarthost: simplify mailboxes --- lass/2configs/exim-smarthost.nix | 204 ++++++++++++++++++++------------------- 1 file changed, 106 insertions(+), 98 deletions(-) (limited to 'lass') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index a8267299..56560863 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -1,8 +1,110 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with import ; let -with import ; + to = concatStringsSep "," [ + "lass@blue.r" + "lass@xerxes.r" + "lass@mors.r" + ]; + + mails = [ + "postmaster@lassul.us" + "lass@lassul.us" + "lassulus@lassul.us" + "test@lassul.us" + "outlook@lassul.us" + "steuer@aidsballs.de" + "lass@aidsballs.de" + "wordpress@ubikmedia.de" + "finanzamt@lassul.us" + "netzclub@lassul.us" + "nebenan@lassul.us" + "feed@lassul.us" + "art@lassul.us" + "irgendwas@lassul.us" + "polo@lassul.us" + "shack@lassul.us" + "nix@lassul.us" + "c-base@lassul.us" + "paypal@lassul.us" + "patreon@lassul.us" + "steam@lassul.us" + "securityfocus@lassul.us" + "radio@lassul.us" + "btce@lassul.us" + "raf@lassul.us" + "apple@lassul.us" + "coinbase@lassul.us" + "tomtop@lassul.us" + "aliexpress@lassul.us" + "business@lassul.us" + "payeer@lassul.us" + "github@lassul.us" + "bitwala@lassul.us" + "bitstamp@lassul.us" + "bitcoin.de@lassul.us" + "ableton@lassul.us" + "dhl@lassul.us" + "sipgate@lassul.us" + "coinexchange@lassul.us" + "verwaltung@lassul.us" + "gearbest@lassul.us" + "binance@lassul.us" + "bitfinex@lassul.us" + "alternate@lassul.us" + "redacted@lassul.us" + "mytaxi@lassul.us" + "pizza@lassul.us" + "robinhood@lassul.us" + "drivenow@lassul.us" + "aws@lassul.us" + "reddit@lassul.us" + "banggood@lassul.us" + "immoscout@lassul.us" + "gmail@lassul.us" + "amazon@lassul.us" + "humblebundle@lassul.us" + "meetup@lassul.us" + "gebfrei@lassul.us" + "github@lassul.us" + "ovh@lassul.us" + "hetzner@lassul.us" + "allygator@lassul.us" + "immoscout@lassul.us" + "elitedangerous@lassul.us" + "boardgamegeek@lassul.us" + "qwertee@lassul.us" + "zazzle@lassul.us" + "hackbeach@lassul.us" + "transferwise@lassul.us" + "cis@lassul.us" + "afra@lassul.us" + "ksp@lassul.us" + "ccc@lassul.us" + "neocron@lassul.us" + "osmocom@lassul.us" + "lesswrong@lassul.us" + "nordvpn@lassul.us" + "csv-direct@lassul.us" + "nintendo@lassul.us" + "overleaf@lassul.us" + "box@lassul.us" + "paloalto@lassul.us" + "subtitles@lassul.us" + "lobsters@lassul.us" + "fysitech@lassul.us" + "threema@lassul.us" + "ubisoft@lassul.us" + "kottezeller@lassul.us" + "pie@lassul.us" + "vebit@lassul.us" + "vcvrack@lassul.us" + "epic@lassul.us" + "microsoft@lassul.us" + "stickers@lassul.us" + "nextbike@lassul.us" + ]; -{ +in { krebs.exim-smarthost = { enable = true; dkim = [ @@ -17,101 +119,7 @@ with import ; config.krebs.hosts.blue config.krebs.hosts.xerxes ]; - internet-aliases = with config.krebs.users; [ - { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 - { from = "lass@lassul.us"; to = lass.mail; } - { from = "lassulus@lassul.us"; to = lass.mail; } - { from = "test@lassul.us"; to = lass.mail; } - { from = "outlook@lassul.us"; to = lass.mail; } - { from = "steuer@aidsballs.de"; to = lass.mail; } - { from = "lass@aidsballs.de"; to = lass.mail; } - { from = "wordpress@ubikmedia.de"; to = lass.mail; } - { from = "finanzamt@lassul.us"; to = lass.mail; } - { from = "netzclub@lassul.us"; to = lass.mail; } - { from = "nebenan@lassul.us"; to = lass.mail; } - { from = "feed@lassul.us"; to = lass.mail; } - { from = "art@lassul.us"; to = lass.mail; } - { from = "irgendwas@lassul.us"; to = lass.mail; } - { from = "polo@lassul.us"; to = lass.mail; } - { from = "shack@lassul.us"; to = lass.mail; } - { from = "nix@lassul.us"; to = lass.mail; } - { from = "c-base@lassul.us"; to = lass.mail; } - { from = "paypal@lassul.us"; to = lass.mail; } - { from = "patreon@lassul.us"; to = lass.mail; } - { from = "steam@lassul.us"; to = lass.mail; } - { from = "securityfocus@lassul.us"; to = lass.mail; } - { from = "radio@lassul.us"; to = lass.mail; } - { from = "btce@lassul.us"; to = lass.mail; } - { from = "raf@lassul.us"; to = lass.mail; } - { from = "apple@lassul.us"; to = lass.mail; } - { from = "coinbase@lassul.us"; to = lass.mail; } - { from = "tomtop@lassul.us"; to = lass.mail; } - { from = "aliexpress@lassul.us"; to = lass.mail; } - { from = "business@lassul.us"; to = lass.mail; } - { from = "payeer@lassul.us"; to = lass.mail; } - { from = "github@lassul.us"; to = lass.mail; } - { from = "bitwala@lassul.us"; to = lass.mail; } - { from = "bitstamp@lassul.us"; to = lass.mail; } - { from = "bitcoin.de@lassul.us"; to = lass.mail; } - { from = "ableton@lassul.us"; to = lass.mail; } - { from = "dhl@lassul.us"; to = lass.mail; } - { from = "sipgate@lassul.us"; to = lass.mail; } - { from = "coinexchange@lassul.us"; to = lass.mail; } - { from = "verwaltung@lassul.us"; to = lass.mail; } - { from = "gearbest@lassul.us"; to = lass.mail; } - { from = "binance@lassul.us"; to = lass.mail; } - { from = "bitfinex@lassul.us"; to = lass.mail; } - { from = "alternate@lassul.us"; to = lass.mail; } - { from = "redacted@lassul.us"; to = lass.mail; } - { from = "mytaxi@lassul.us"; to = lass.mail; } - { from = "pizza@lassul.us"; to = lass.mail; } - { from = "robinhood@lassul.us"; to = lass.mail; } - { from = "drivenow@lassul.us"; to = lass.mail; } - { from = "aws@lassul.us"; to = lass.mail; } - { from = "reddit@lassul.us"; to = lass.mail; } - { from = "banggood@lassul.us"; to = lass.mail; } - { from = "immoscout@lassul.us"; to = lass.mail; } - { from = "gmail@lassul.us"; to = lass.mail; } - { from = "amazon@lassul.us"; to = lass.mail; } - { from = "humblebundle@lassul.us"; to = lass.mail; } - { from = "meetup@lassul.us"; to = lass.mail; } - { from = "gebfrei@lassul.us"; to = lass.mail; } - { from = "github@lassul.us"; to = lass.mail; } - { from = "ovh@lassul.us"; to = lass.mail; } - { from = "hetzner@lassul.us"; to = lass.mail; } - { from = "allygator@lassul.us"; to = lass.mail; } - { from = "immoscout@lassul.us"; to = lass.mail; } - { from = "elitedangerous@lassul.us"; to = lass.mail; } - { from = "boardgamegeek@lassul.us"; to = lass.mail; } - { from = "qwertee@lassul.us"; to = lass.mail; } - { from = "zazzle@lassul.us"; to = lass.mail; } - { from = "hackbeach@lassul.us"; to = lass.mail; } - { from = "transferwise@lassul.us"; to = lass.mail; } - { from = "cis@lassul.us"; to = lass.mail; } - { from = "afra@lassul.us"; to = lass.mail; } - { from = "ksp@lassul.us"; to = lass.mail; } - { from = "ccc@lassul.us"; to = lass.mail; } - { from = "neocron@lassul.us"; to = lass.mail; } - { from = "osmocom@lassul.us"; to = lass.mail; } - { from = "lesswrong@lassul.us"; to = lass.mail; } - { from = "nordvpn@lassul.us"; to = lass.mail; } - { from = "csv-direct@lassul.us"; to = lass.mail; } - { from = "nintendo@lassul.us"; to = lass.mail; } - { from = "overleaf@lassul.us"; to = lass.mail; } - { from = "box@lassul.us"; to = lass.mail; } - { from = "paloalto@lassul.us"; to = lass.mail; } - { from = "subtitles@lassul.us"; to = lass.mail; } - { from = "lobsters@lassul.us"; to = lass.mail; } - { from = "fysitech@lassul.us"; to = lass.mail; } - { from = "threema@lassul.us"; to = lass.mail; } - { from = "ubisoft@lassul.us"; to = lass.mail; } - { from = "kottezeller@lassul.us"; to = lass.mail; } - { from = "pie@lassul.us"; to = lass.mail; } - { from = "vebit@lassul.us"; to = lass.mail; } - { from = "vcvrack@lassul.us"; to = lass.mail; } - { from = "epic@lassul.us"; to = lass.mail; } - { from = "microsoft@lassul.us"; to = lass.mail; } - ]; + internet-aliases = map (from: { inherit from to; }) mails; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } { from = "postmaster"; to = "root"; } -- cgit v1.2.3 From 7fa23f4d3104b36632b941f6502fbf25387ba99c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:44:39 +0100 Subject: l mail: add new c-base tls fingerprint --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 6de111ba..035e79dd 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -14,7 +14,7 @@ let port 465 tls on tls_starttls off - tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4 + tls_fingerprint 9C:82:3B:0F:31:CE:1B:8E:96:00:CC:C9:FF:E7:BE:66:95:92:4F:22:DD:D6:2E:0E:1D:90:76:BE:8E:9E:8E:16 auth on user lassulus passwordeval pass show c-base/pass -- cgit v1.2.3 From 2bc2b6ac77244c797e0b7d67283a5619d85b0b64 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:45:20 +0100 Subject: l mail: pass arguments correctly to neomutt --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 035e79dd..174c1ab5 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -217,7 +217,7 @@ let name = "mutt"; paths = [ (pkgs.writeDashBin "mutt" '' - exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@ + exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} "$@" '') pkgs.neomutt ]; -- cgit v1.2.3 From e0fb96d07276cba145f8a415d8a641d00d7e19a3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:48:37 +0100 Subject: l mc: open rmvb as video --- lass/2configs/mc.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix index eb457b7d..f5de0461 100644 --- a/lass/2configs/mc.nix +++ b/lass/2configs/mc.nix @@ -228,6 +228,9 @@ let shell/i/.divx Include=video + shell/i/.rmvb + Include=video + shell/i/.mkv Include=video -- cgit v1.2.3 From ded0441e2582bd511ae2bdf45cbca8b0f4ae1796 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:49:10 +0100 Subject: l paste: add ssl support for p.krebsco.de --- lass/2configs/paste.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 3c3d8e63..23cab8e6 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -10,7 +10,9 @@ with import ; proxy_pass http://localhost:9081; ''; }; - services.nginx.virtualHosts.paste-readonly = { + services.nginx.virtualHosts."p.krebsco.de" = { + enableACME = true; + addSSL = true; serverAliases = [ "p.krebsco.de" ]; locations."/".extraConfig = '' if ($request_method != GET) { -- cgit v1.2.3 From aea96c36727aaa1918a92a5f700a0a58642ce593 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:49:33 +0100 Subject: l steam: add libva as dependency --- lass/2configs/steam.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index 701e5047..eae31aec 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -11,6 +11,7 @@ # ##TODO: make steam module nixpkgs.config.steam.java = true; + hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; users.users.games.packages = [ pkgs.steam ]; -- cgit v1.2.3 From 1e5eaeaac41db3f38b422180a97d1880fb1a8649 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:50:25 +0100 Subject: l urxvt: refactor --- lass/2configs/urxvt.nix | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) (limited to 'lass') diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix index 82f3fb2e..7dd59e0c 100644 --- a/lass/2configs/urxvt.nix +++ b/lass/2configs/urxvt.nix @@ -5,19 +5,18 @@ with import ; services.urxvtd.enable = true; krebs.xresources.resources.urxvt = '' - URxvt.saveLines: 100000 - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select + URxvt.saveLines: 10000 + URxvt.scrollBar: false + URxvt.urgentOnBell: true + URxvt.perl-ext: default,matcher - ${optionalString (hasAttr "browser" config.lass) - "URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select" - } + URxvt.url-launcher: /run/current-system/sw/bin/browser-select + URxvt.matcher.pattern.1: \\bwww\\.[\\w-]+\\.[\\w./?&@#-]*[\\w/-] - URxvt.url-select.underline: true - URxvt.keysym.M-u: perl:url-select:select_next - URxvt.keysym.M-Escape: perl:keyboard-select:activate - URxvt.keysym.M-s: perl:keyboard-select:search + URxvt.keysym.M-Escape: perl:keyboard-select:activate + URxvt.keysym.M-s: perl:keyboard-select:search + URxvt.keysym.M-u: matcher:select + URxvt.keysym.M-i: matcher:list URxvt.keysym.M-F1: command:\033]710;${config.lass.fonts.regular}\007\033]711;${config.lass.fonts.bold}\007 URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=12\007\033]711;xft:Monospace:size=15:bold\007 @@ -25,14 +24,14 @@ with import ; URxvt.keysym.M-F4: command:\033]710;xft:Monospace:size=25\007\033]711;xft:Monospace:size=25:bold\007 URxvt.keysym.M-F5: command:\033]710;xft:Monospace:size=30\007\033]711;xft:Monospace:size=30:bold\007 - URxvt.intensityStyles: false + URxvt.intensityStyles: false - URxvt*background: #000000 - URxvt*foreground: #ffffff + URxvt*background: #000000 + URxvt*foreground: #ffffff !change unreadable blue - URxvt*color4: #268bd2 + URxvt*color4: #268bd2 - URxvt*color0: #232342 + URxvt*color0: #232342 ''; } -- cgit v1.2.3 From 088c3786308919eb07e9546a838dac554692a3f9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:51:00 +0100 Subject: l websites domsen: make aldonasiech.com static --- lass/2configs/websites/domsen.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index b9673de7..80ed12ed 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -25,6 +25,7 @@ in { imports = [ ./default.nix ./sqlBackup.nix + (servePage [ "aldonasiech.com" "www.aldonasiech.com" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "freemonkey.art" @@ -35,7 +36,6 @@ in { "ubikmedia.de" "apanowicz.de" "nirwanabluete.de" - "aldonasiech.com" "ubikmedia.eu" "youthtube.xyz" "joemisch.com" @@ -44,7 +44,6 @@ in { "www.apanowicz.de" "www.nirwanabluete.de" - "www.aldonasiech.com" "www.ubikmedia.eu" "www.youthtube.xyz" "www.ubikmedia.de" -- cgit v1.2.3 From 6c260f6fc47059af8ae6ffa25ce954ac0e8d813c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:51:33 +0100 Subject: l websites lassulus: fix /tinc locaton --- lass/2configs/websites/lassulus.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index f04f312d..248334be 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -47,7 +47,8 @@ in { alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey}; ''; locations."/tinc/".extraConfig = '' - alias ${config.krebs.tinc_graphs.workingDir}/external; + index index.html; + alias ${config.krebs.tinc_graphs.workingDir}/external/; ''; locations."= /krebspage".extraConfig = '' default_type "text/html"; -- cgit v1.2.3 From fd542aa6919fa07f543da1aa7d451ba606ff0027 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:51:53 +0100 Subject: l websites lassulus: rename pubkeys --- lass/2configs/websites/lassulus.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 248334be..aa3a4862 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -61,10 +61,10 @@ in { in '' alias ${initscript}; ''; - locations."= /pub".extraConfig = '' + locations."= /blue.pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; ''; - locations."= /pub1".extraConfig = '' + locations."= /mors.pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; ''; }; -- cgit v1.2.3 From 666af374b4aefef7375e88bc31768cadabf77773 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:53:03 +0100 Subject: l websites lassulus: add blog user to nginx group --- lass/2configs/websites/lassulus.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index aa3a4862..901fecfb 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -94,6 +94,7 @@ in { users.users.blog = { uid = genid_uint31 "blog"; + group = "nginx"; description = "lassul.us blog deployment"; home = "/srv/http/lassul.us"; useDefaultShell = true; -- cgit v1.2.3 From 2e4c0684cc9b5696222d2c3e807dda6b3c4a45a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:57:45 +0100 Subject: l iso: remove debug output --- lass/1systems/iso/default.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/iso/default.nix b/lass/1systems/iso/default.nix index ba483f5f..a77a74fb 100644 --- a/lass/1systems/iso/default.nix +++ b/lass/1systems/iso/default.nix @@ -4,7 +4,6 @@ with import ; let wizard = pkgs.writers.writeBash "wizard" '' - set -x shopt -s extglob echo -n ' -- cgit v1.2.3 From 9ff12837cd1f84e24a211f896a01a70602b09746 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:59:06 +0100 Subject: l xdg-open: allow firefox --- lass/2configs/xdg-open.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix index 824c36dc..88ea7ba5 100644 --- a/lass/2configs/xdg-open.nix +++ b/lass/2configs/xdg-open.nix @@ -62,5 +62,6 @@ in { security.sudo.extraConfig = '' cr ALL=(lass) NOPASSWD: ${xdg-open} * + ff ALL=(lass) NOPASSWD: ${xdg-open} * ''; } -- cgit v1.2.3 From 6b5c205e6b4d5e904bc3f0d0090ec0d9fcbdc0d9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 21:00:01 +0100 Subject: l yubikey: make more robust, add some hacks --- lass/2configs/yubikey.nix | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix index e6482c58..9ab6b6cc 100644 --- a/lass/2configs/yubikey.nix +++ b/lass/2configs/yubikey.nix @@ -2,16 +2,29 @@ { environment.systemPackages = with pkgs; [ yubikey-personalization + yubikey-manager ]; services.udev.packages = with pkgs; [ yubikey-personalization ]; services.pcscd.enable = true; + systemd.user.sockets.gpg-agent-ssh.wantedBy = [ "sockets.target" ]; + + ##restart pcscd if yubikey is plugged in + #services.udev.extraRules = '' + # ACTION=="add", ATTRS{idVendor}=="04d9", ATTRS{idProduct}=="2013", RUN+="${pkgs.writeDash "restart_pcscd" '' + # ${pkgs.systemd}/bin/systemctl restart pcscd.service + # ''}" + #''; environment.shellInit = '' - if [ "$UID" -eq 1337 ]; then + if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then export GPG_TTY="$(tty)" - gpg-connect-agent /bye + gpg-connect-agent --quiet updatestartuptty /bye > /dev/null export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" + if [ -z "$SSH_AUTH_SOCK" ]; then + export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket) + fi + fi ''; @@ -19,7 +32,7 @@ ssh.startAgent = false; gnupg.agent = { enable = true; - enableSSHSupport = true; + # enableSSHSupport = true; }; }; } -- cgit v1.2.3 From c07ba2d80874b9f669377ce15e6992a67400a80d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 21:00:57 +0100 Subject: l fzfmenu: fix no match behaviour --- lass/5pkgs/fzfmenu/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/5pkgs/fzfmenu/default.nix b/lass/5pkgs/fzfmenu/default.nix index 905a5ce6..bdae8cee 100644 --- a/lass/5pkgs/fzfmenu/default.nix +++ b/lass/5pkgs/fzfmenu/default.nix @@ -37,9 +37,9 @@ pkgs.writeDashBin "fzfmenu" '' -e ${pkgs.dash}/bin/dash -c \ "echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \ --history=/dev/null \ - --no-sort \ + --print-query \ --prompt=\"$PROMPT\" \ > \"$OUTPUT\"" 2>/dev/null - ${pkgs.coreutils}/bin/cat "$OUTPUT" + ${pkgs.coreutils}/bin/tail -1 "$OUTPUT" ${pkgs.coreutils}/bin/rm "$OUTPUT" '' -- cgit v1.2.3 From f1a507bb48cca25ec89d3657098f4f9034823a4d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 21:01:13 +0100 Subject: l shodan.r: add scanner support --- lass/1systems/shodan/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index b3de1583..9bb31191 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -19,6 +19,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; -- cgit v1.2.3 From 1774a149f944345ac409226ec09fdfa9da970ef2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 21:02:26 +0100 Subject: l init: rework with xfs and luksPassword --- lass/5pkgs/init/default.nix | 49 ++++++++++++++------------------------------- 1 file changed, 15 insertions(+), 34 deletions(-) (limited to 'lass') diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix index b386fa94..cbcfe2c0 100644 --- a/lass/5pkgs/init/default.nix +++ b/lass/5pkgs/init/default.nix @@ -1,25 +1,20 @@ -{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "pool", luksmap ? "luksmap", keyfile ? "/root/keyfile", ... }: +{ pkgs, lib, vgname ? "vgname", luksmap ? "luksmap", ... }: with lib; -pkgs.writeText "init" '' - #! /bin/sh - # usage: curl xu/~tv/init | sh +pkgs.writeScript "init" '' + #!/usr/bin/env nix-shell + #! nix-shell -i bash -p jq parted libxfs set -efu - # TODO nix-env -f '' -iA jq # if not exists (also version) - # install at tmp location + disk=$1 - case $(cat /proc/cmdline) in - *' root=LABEL=NIXOS_ISO '*) :;; - *) echo Error: unknown operating system >&2; exit 1;; - esac - - keyfile=${keyfile} - - disk=${disk} + if mount | grep -q "$disk"; then + echo "target device is already mounted, bailout" + exit 2 + fi - luksdev=${disk}3 + luksdev="$disk"3 luksmap=/dev/mapper/${luksmap} vgname=${vgname} @@ -29,13 +24,7 @@ pkgs.writeText "init" '' rootdev=/dev/mapper/${vgname}-root homedev=/dev/mapper/${vgname}-home - # - #generate keyfile - # - - if ! test -e "$keyfile"; then - dd if=/dev/urandom bs=512 count=2048 of=$keyfile - fi + read -p "LUKS Password: " lukspw # # partitioning @@ -61,14 +50,13 @@ pkgs.writeText "init" '' if ! cryptsetup isLuks "$luksdev"; then # aes xts-plain64 - cryptsetup luksFormat "$luksdev" "$keyfile" \ + echo -n "$lukspw" | cryptsetup luksFormat "$luksdev" - \ -h sha512 \ --iter-time 5000 fi if ! test -e "$luksmap"; then - cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" \ - --key-file "$keyfile" + echo "$lukspw" | cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" - fi # cryptsetup close @@ -95,11 +83,11 @@ pkgs.writeText "init" '' fi if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then - mkfs.btrfs "$rootdev" + mkfs.xfs "$rootdev" fi if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then - mkfs.btrfs "$homedev" + mkfs.xfs "$homedev" fi @@ -134,12 +122,5 @@ pkgs.writeText "init" '' parted "$disk" print lsblk "$disk" - key='${pubkey}' - if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then - mkdir -p /root/.ssh - echo "$key" > /root/.ssh/authorized_keys - fi - systemctl start sshd - ip route echo READY. '' -- cgit v1.2.3 From 4ffb0073ff42fa8722960461171171748d86ad54 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 21:03:08 +0100 Subject: l krops: add nixpkgs-unstable --- lass/krops.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass') diff --git a/lass/krops.nix b/lass/krops.nix index da5933df..cb6bbe84 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -10,6 +10,10 @@ (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; + nixpkgs-unstable.git = { + url = "https://github.com/nixos/nixpkgs-channels"; + ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; + }; secrets = if test then { file = toString ./2configs/tests/dummy-secrets; } else { -- cgit v1.2.3 From a01e3174e04fc946e7dfaf3569919aacf5a6763d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 21:03:42 +0100 Subject: l krops: use new pwstore location --- lass/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/krops.nix b/lass/krops.nix index cb6bbe84..5927b006 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -18,7 +18,7 @@ file = toString ./2configs/tests/dummy-secrets; } else { pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; + dir = "${lib.getEnv "HOME"}/sync/pwstore"; name = "hosts/${name}"; }; }; -- cgit v1.2.3