From 0cd3e8771b01774bcfda000634395c10d1410d89 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:13:20 +0200 Subject: l: use ipv4 addresses for wiregrill --- lass/1systems/prism/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 33ec21e72..42d07f36a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -272,9 +272,9 @@ with import ; resolveLocalQueries = false; extraConfig= '' - listen-address=42:1:ce16::1 + listen-address=42:1:ce16::1,10.244.1.103 except-interface=lo - interface=wg0 + interface=wiregrill ''; }; } -- cgit v1.2.3 From db997dd0742c8c180cf88d89db052f865c477773 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:15:13 +0200 Subject: l blue: disable restic backups --- lass/1systems/blue/config.nix | 21 --------------------- 1 file changed, 21 deletions(-) (limited to 'lass') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index c46bb351e..f6dc23d20 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -17,27 +17,6 @@ with import ; networking.nameservers = [ "1.1.1.1" ]; - services.restic.backups = genAttrs [ - "daedalus" - "icarus" - "littleT" - "prism" - "shodan" - "skynet" - ] (dest: { - initialize = true; - extraOptions = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - repository = "sftp:backup@${dest}.r:/backups/blue"; - passwordFile = (toString ) + "/restic/${dest}"; - timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; - paths = [ - "/home/" - "/var/lib" - ]; - }); - time.timeZone = "Europe/Berlin"; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ]; } -- cgit v1.2.3 From 985e70c5b4485467d85c014d8d8654b9cdd51b7b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:15:36 +0200 Subject: l morpheus.r: add ag to pkgs --- lass/1systems/morpheus/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix index c3a8ea6c8..79fbe4c97 100644 --- a/lass/1systems/morpheus/config.nix +++ b/lass/1systems/morpheus/config.nix @@ -18,6 +18,7 @@ with import ; gitAndTools.hub nix-review firefox + ag ]; services.openssh.forwardX11 = true; -- cgit v1.2.3 From 353fd8b647e74f8aab5d9574998ea943ed582fec Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:16:11 +0200 Subject: l mors.r: migrate to new hardware --- lass/1systems/mors/physical.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index 2f3a68442..a9108104b 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -23,7 +23,7 @@ services.udev.extraRules = '' SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:4f:42:35", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:37:15:d9", NAME="et0" ''; #TODO activationScripts seem broken, fix them! -- cgit v1.2.3 From 77e19ca192e5baab0d09f34ae1f9dd533ec1ea65 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:19:42 +0200 Subject: l mors.r: remove iodine from pkgs --- lass/1systems/mors/config.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c1ceb0633..b03d95c49 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -126,8 +126,6 @@ with import ; remmina transmission - iodine - macchanger dpass -- cgit v1.2.3 From 707ffcfebb2f7689ff5129bf25d1cd99e12c4498 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:22:33 +0200 Subject: l prism.r: allow more bandwidth for murmur --- lass/1systems/prism/config.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 42d07f36a..b335353be 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -284,7 +284,10 @@ with import ; ]; } { - services.murmur.enable = true; + services.murmur = { + enable = true; + bandwidth = 10000000; + }; services.murmur.registerName = "lassul.us"; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} -- cgit v1.2.3 From 4f6084494b146fde7e6ebc8d6724aa078b78a266 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:23:59 +0200 Subject: l prism.r: add wallpaper & xanf mounts --- lass/1systems/prism/physical.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 7458f5ffd..1a3bee850 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -55,6 +55,16 @@ fsType = "zfs"; }; + fileSystems."/var/realwallpaper/archive" = { + device = "tank/wallpaper"; + fsType = "zfs"; + }; + + fileSystems."/home/xanf" = { + device = "/dev/disk/by-id/wwn-0x500a07511becb076"; + fsType = "ext4"; + }; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -- cgit v1.2.3 From 41accf7ac76136c929c69679c45df2b3f6216e77 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:24:24 +0200 Subject: l shodan.r: use new luks device schema --- lass/1systems/shodan/physical.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 39a4d9661..55e91b0e4 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -10,7 +10,7 @@ loader.grub.version = 2; loader.grub.device = "/dev/sda"; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices.lusksroot.device = "/dev/sda2"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; -- cgit v1.2.3 From e778f9d6f511874ae0dff55dbfa2b0694d96b06d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:26:35 +0200 Subject: l wizard.r: fix local testing --- lass/1systems/wizard/run-vm.sh | 7 +++++++ lass/1systems/wizard/test.nix | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100755 lass/1systems/wizard/run-vm.sh (limited to 'lass') diff --git a/lass/1systems/wizard/run-vm.sh b/lass/1systems/wizard/run-vm.sh new file mode 100755 index 000000000..13914ad5f --- /dev/null +++ b/lass/1systems/wizard/run-vm.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nixos-generators + +set -efu + +WD=$(dirname "$0") +nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run diff --git a/lass/1systems/wizard/test.nix b/lass/1systems/wizard/test.nix index c7a27102a..165b9f14d 100644 --- a/lass/1systems/wizard/test.nix +++ b/lass/1systems/wizard/test.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { imports = [ - ./default.nix + ./config.nix ]; virtualisation.emptyDiskImages = [ 8000 -- cgit v1.2.3 From 2aa02e6f60aa10119ae0f085e6dec509616a64ab Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:27:31 +0200 Subject: l xerxes.r: remove the_playlist share --- lass/1systems/xerxes/config.nix | 16 ---------------- 1 file changed, 16 deletions(-) (limited to 'lass') diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index e4a4fb505..6f64c6999 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -41,22 +41,6 @@ displayManager.lightdm.autoLogin.user = "lass"; }; - services.syncthing.declarative = { - folders = { - the_playlist = { - path = "/home/lass/tmp/the_playlist"; - devices = [ "mors" "phone" "prism" "xerxes" ]; - }; - }; - }; - krebs.permown = { - "/home/lass/tmp/the_playlist" = { - owner = "lass"; - group = "syncthing"; - umask = "0007"; - }; - }; - boot.blacklistedKernelModules = [ "xpad" ]; systemd.services.xboxdrv = { wantedBy = [ "multi-user.target" ]; -- cgit v1.2.3 From 9a38ff748296af8a8ef90ae7f4212f6c6173cf4b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:27:57 +0200 Subject: l xerxes.r: activate bluetooth --- lass/1systems/xerxes/config.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 6f64c6999..8c4362865 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -77,7 +77,15 @@ }; }; - hardware.bluetooth.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + # config.General.Disable = "Headset"; + extraConfig = '' + [General] + Disable = Headset + ''; + }; hardware.pulseaudio.package = pkgs.pulseaudioFull; # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" '' # load-module module-bluetooth-policy -- cgit v1.2.3 From 33a37f3d2194a7f9cfaf94e249a049a921d3f679 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:28:46 +0200 Subject: l yellow.r: use new nordvpn endpoint --- lass/1systems/yellow/config.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index bc3b1f5d5..d400697d7 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -172,7 +172,7 @@ with import ; client dev tun proto udp - remote 89.249.65.83 1194 + remote 185.230.127.27 1194 resolv-retry infinite remote-random nobind @@ -195,7 +195,6 @@ with import ; fast-io cipher AES-256-CBC auth SHA512 - -----BEGIN CERTIFICATE----- MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ -- cgit v1.2.3 From 2fb25e24dfefd5bfd1d6dc84550c77d1f6c22cb8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:29:20 +0200 Subject: l baseX: add libarchive to pkgs --- lass/2configs/baseX.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index baf93ffe5..9eb0120c5 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -72,10 +72,11 @@ in { git-preview gnome3.dconf iodine + libarchive lm_sensors ncdu nix-index - nix-review + nixpkgs-review nmap pavucontrol ponymix -- cgit v1.2.3 From 2dcf7167e7f4c60be29ab629a1f4d3f529ceaca0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:29:38 +0200 Subject: l baseX: add -efu to screenshot script --- lass/2configs/baseX.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9eb0120c5..e92ddbcca 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -93,6 +93,8 @@ in { xsel zathura (pkgs.writeDashBin "screenshot" '' + set -efu + ${pkgs.flameshot-once}/bin/flameshot-once ${pkgs.klem}/bin/klem '') -- cgit v1.2.3 From 63412ba8b964d0782e2cbb1f48d0d5e30b5cd298 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:31:40 +0200 Subject: l blue: add dovecot2 to serve mails --- lass/2configs/blue.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lass') diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index a4000cada..15408a200 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -26,6 +26,8 @@ with (import ); { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";} { predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";} + { predicate = "-i retiolum -p tcp --dport imap"; target = "ACCEPT";} + { predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";} ]; systemd.services.chat = let @@ -64,4 +66,9 @@ with (import ); ExecStop = "${tmux} kill-session -t IM"; }; }; + + services.dovecot2 = { + enable = true; + mailLocation = "maildir:~/Maildir"; + }; } -- cgit v1.2.3 From 5b44319083e8ae5386e181d73b1585be8ecd4a35 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:32:38 +0200 Subject: l blue-host: disable syncing --- lass/2configs/blue-host.nix | 90 ++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 45 deletions(-) (limited to 'lass') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 718a92e9c..7aabf0931 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -49,54 +49,54 @@ in { }; - systemd.services = builtins.listToAttrs (map (host: - let - in nameValuePair "sync-blue-${host}" { - bindsTo = [ "container@blue.service" ]; - wantedBy = [ "container@blue.service" ]; - # ssh needed for rsync - path = [ pkgs.openssh ]; - serviceConfig = { - Restart = "always"; - RestartSec = 10; - ExecStart = pkgs.writeDash "sync-blue-${host}" '' - set -efu - #make sure blue is running - /run/wrappers/bin/ping -c1 blue.r > /dev/null + #systemd.services = builtins.listToAttrs (map (host: + # let + # in nameValuePair "sync-blue-${host}" { + # bindsTo = [ "container@blue.service" ]; + # wantedBy = [ "container@blue.service" ]; + # # ssh needed for rsync + # path = [ pkgs.openssh ]; + # serviceConfig = { + # Restart = "always"; + # RestartSec = 10; + # ExecStart = pkgs.writeDash "sync-blue-${host}" '' + # set -efu + # #make sure blue is running + # /run/wrappers/bin/ping -c1 blue.r > /dev/null - #make sure the container is unlocked - ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + # #make sure the container is unlocked + # ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' - #make sure our target is reachable - ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null + # #make sure our target is reachable + # ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null - #start sync - ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" '' - settings { - nodaemon = true, - inotifyMode = "CloseWrite or Modify", - } - sync { - default.rsyncssh, - source = "/var/lib/containers/.blue", - host = "${host}.r", - targetdir = "/var/lib/containers/.blue", - rsync = { - archive = true, - owner = true, - group = true, - }; - ssh = { - binary = "${pkgs.openssh}/bin/ssh"; - identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", - }, - } - ''} - ''; - }; - unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; - } - ) remote_hosts); + # #start sync + # ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" '' + # settings { + # nodaemon = true, + # inotifyMode = "CloseWrite or Modify", + # } + # sync { + # default.rsyncssh, + # source = "/var/lib/containers/.blue", + # host = "${host}.r", + # targetdir = "/var/lib/containers/.blue", + # rsync = { + # archive = true, + # owner = true, + # group = true, + # }; + # ssh = { + # binary = "${pkgs.openssh}/bin/ssh"; + # identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", + # }, + # } + # ''} + # ''; + # }; + # unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; + # } + #) remote_hosts); environment.systemPackages = [ (pkgs.writeDashBin "start-blue" '' -- cgit v1.2.3 From e73200db951ebd2fb891b0656f2d9c7fc76f4cc3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:33:14 +0200 Subject: l: add nix user to all systems --- lass/2configs/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index ae2754c96..e4996743d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -44,7 +44,15 @@ with import ; config.krebs.users.lass-yubikey.pubkey ]; }; + nix = { + isNormalUser = true; + uid = genid_uint31 "nix"; + openssh.authorizedKeys.keys = [ + config.krebs.hosts.mors.ssh.pubkey + ]; + }; }; + nix.trustedUsers = ["nix"]; } { environment.variables = { -- cgit v1.2.3 From 9bb40397b71ae61b5e6b5a282fb8efc6f37a3f51 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:33:24 +0200 Subject: l: use 24:00 time format again --- lass/2configs/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index e4996743d..f59988b75 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -220,4 +220,7 @@ with import ; networking.dhcpcd.extraConfig = '' noipv4ll ''; + + # use 24:00 time format, the default got sneakily changed around 20.03 + i18n.defaultLocale = mkDefault "C.UTF-8"; } -- cgit v1.2.3 From a2f2cff1c1d7161fd040ff7083fe2016f7c9b354 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:34:10 +0200 Subject: l exim-smarthost: mail only to blue --- lass/2configs/exim-smarthost.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 82839beba..012f44a05 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -2,8 +2,6 @@ to = concatStringsSep "," [ "lass@blue.r" - "lass@xerxes.r" - "lass@mors.r" ]; mails = [ -- cgit v1.2.3 From 8564c687e5a1867d33fa5b95809f3e8f13cab150 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:34:24 +0200 Subject: l exim-smarthost: add more mail aliases --- lass/2configs/exim-smarthost.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 012f44a05..797864b15 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -108,6 +108,12 @@ "auschein@lassul.us" "tleech@lassul.us" "durstexpress@lassul.us" + "acme@lassul.us" + "antstore@lassul.us" + "openweather@lassul.us" + "lobsters@lassul.us" + "rewe@lassul.us" + "spotify@lassul.us" ]; in { -- cgit v1.2.3 From fc60a8a77794bfe608925dee51af9366fe81aa8c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:34:44 +0200 Subject: l gc: delete older than 15 days --- lass/2configs/gc.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index 0ddb63a03..f9c61c461 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -4,5 +4,6 @@ with import ; { nix.gc = { automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer); + options = "--delete-older-than 15d"; }; } -- cgit v1.2.3 From fbbd72feab82207992b410315d0e8a8f84bfe47e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:35:01 +0200 Subject: l git: add grib2json-bin repo --- lass/2configs/git.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index eba68c0bc..edec2dcb4 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -58,6 +58,10 @@ let cgit.desc = "url shortener"; cgit.section = "software"; }; + grib2json-bin = { + cgit.desc = "build jar of grib2json"; + cgit.section = "deployment"; + }; krebspage = { cgit.desc = "homepage of krebs"; cgit.section = "configuration"; -- cgit v1.2.3 From 0cee1b93024ff9ca0e89687324682b69814b7107 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:35:28 +0200 Subject: l x220: use new luks device schema --- lass/2configs/hw/x220.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index 89b119347..668dcdf60 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -5,7 +5,7 @@ ]; boot = { - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; + initrd.luks.devices.luksroot.device = "/dev/sda3"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; extraModulePackages = [ -- cgit v1.2.3 From d450eb6c37745af467c30c1c1a83f764fdeb6ce6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:36:01 +0200 Subject: l hass: make lovelace configurable --- lass/2configs/hass/default.nix | 1 + lass/2configs/hass/rooms/bett.nix | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) (limited to 'lass') diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index a48c61a69..66d430cd1 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -23,6 +23,7 @@ with import ./lib.nix { inherit lib; }; # extraComponents = [ "hue" ]; }; configWritable = true; + lovelaceConfigWritable = true; }; lass.hass.config = let diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix index b5da9221c..16227fcb6 100644 --- a/lass/2configs/hass/rooms/bett.nix +++ b/lass/2configs/hass/rooms/bett.nix @@ -5,4 +5,35 @@ with import ../lib.nix { inherit lib; }; lass.hass.config = lib.mkMerge [ (lightswitch switches.dimmer.bett lights.bett) ]; + + lass.hass.love = { + resources = [{ + url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map"; + type = "js"; + }]; + views = [{ + title = "bett"; + cards = [ + { + type = "markdown"; + title = "hello world"; + content = "This is just a test"; + } + { + type = "light"; + entity = "light.${lights.bett}"; + } + { + type = "custom:light-entity-card"; + entity = "light.${lights.bett}"; + } + { + type = "history-graph"; + entities = [ + "light.${lights.bett}" + ]; + } + ]; + }]; + }; } -- cgit v1.2.3 From 519223df33e8ff4573f7ce63d32834ad73c31fe5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:36:35 +0200 Subject: l x220: disable charging threshold --- lass/2configs/hw/x220.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'lass') diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index 668dcdf60..31f9787e0 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -47,9 +47,10 @@ services.logind.lidSwitchDocked = "ignore"; services.tlp.enable = true; - services.tlp.extraConfig = '' - START_CHARGE_THRESH_BAT0=80 - STOP_CHARGE_THRESH_BAT0=95 - ''; + #services.tlp.extraConfig = '' + # START_CHARGE_THRESH_BAT0=80 + # STOP_CHARGE_THRESH_BAT0=95 + #''; + services.xserver.dpi = 80; } -- cgit v1.2.3 From 919bf188859d077887f87fca7e19c133ac72437c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:37:26 +0200 Subject: l mail: update config to reflect upstream changes --- lass/2configs/mail.nix | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'lass') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 174c1ab5e..98affdd83 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -107,10 +107,12 @@ let set mailcap_path = ${mailcap} # notmuch - set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir + set folder="$HOME/Maildir" + set nm_default_uri = "notmuch://$HOME/Maildir" set nm_record = yes set nm_record_tags = "-inbox me archive" - set virtual_spoolfile=yes # enable virtual folders + set spoolfile = +Inbox + set virtual_spoolfile = yes set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail @@ -132,8 +134,8 @@ let # V ''} %r |" - virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox" virtual-mailboxes "Unread" "notmuch://?query=tag:unread" + virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox" ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)} virtual-mailboxes "TODO" "notmuch://?query=tag:TODO" virtual-mailboxes "Starred" "notmuch://?query=tag:*" @@ -200,9 +202,15 @@ let macro pager ] ,@1 'Toggle indexbar # sidebar + set sidebar_divider_char = '│' + set sidebar_delim_chars = "/" + set sidebar_short_path + set sidebar_folder_indent + set sidebar_visible = yes + set sidebar_format = '%B%?F? [%F]?%* %?N?%N/? %?S?%S?' set sidebar_width = 20 - set sidebar_visible = yes # set to "no" to disable sidebar view at startup - color sidebar_new yellow default + color sidebar_new yellow red + # sidebar bindings bind index sidebar-prev # got to previous folder in sidebar bind index sidebar-next # got to next folder in sidebar @@ -229,7 +237,6 @@ in { mutt pkgs.notmuch pkgs.muchsync - pkgs.haskellPackages.much tag-new-mails tag-old-mails ]; -- cgit v1.2.3 From 7023f780542b8976e1e609e43ad2f135ffef9bb5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:37:48 +0200 Subject: l mpv: use gpu video output by default --- lass/2configs/mpv.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 5d7bfed60..210551a62 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -80,7 +80,7 @@ let name = "mpv"; paths = [ (pkgs.writeDashBin "mpv" '' - exec ${pkgs.mpv}/bin/mpv --no-config --script=${autosub} "$@" + exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@" '') pkgs.mpv ]; -- cgit v1.2.3 From e998c4b789109ce6e941a4d23da28118303c32b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:38:10 +0200 Subject: l paste: add imgur api under /image --- lass/2configs/paste.nix | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 23cab8e6e..0cf62ec0b 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -7,7 +7,17 @@ with import ; locations."/".extraConfig = '' client_max_body_size 4G; proxy_set_header Host $host; - proxy_pass http://localhost:9081; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port}; + ''; + locations."/image".extraConfig = /* nginx */ '' + client_max_body_size 40M; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; + proxy_pass_header Server; ''; }; services.nginx.virtualHosts."p.krebsco.de" = { @@ -19,21 +29,36 @@ with import ; return 403; } proxy_set_header Host $host; - proxy_pass http://localhost:9081; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port}; + ''; + locations."/image".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; + proxy_pass_header Server; ''; }; + krebs.htgen.paste = { port = 9081; script = toString [ "PATH=${makeBinPath [ pkgs.nix + pkgs.file ]}:$PATH" "STATEDIR=$HOME" ". ${pkgs.htgen}/examples/paste" ]; }; + krebs.htgen.imgur = { + port = 7771; + script = /* sh */ '' + (. ${pkgs.htgen-imgur}/bin/htgen-imgur) + ''; + }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";} - { predicate = "-i retiolum -p tcp --dport 9081"; target = "ACCEPT";} ]; } -- cgit v1.2.3 From 7919c36f5c860fbcde9fed27b0b3c374261b224d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:39:04 +0200 Subject: l radio: announce more to irc, filter .graveyard --- lass/2configs/radio.nix | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) (limited to 'lass') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 6245691fe..3e8d12381 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -12,7 +12,16 @@ let music_dir = "/home/radio/music"; add_random = pkgs.writeDashBin "add_random" '' - ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" | grep -v '/other/' | grep '\.ogg$' | shuf -n1 | sed 's,${music_dir}/,,')" + ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" \ + | grep -Ev '/other/|/.graveyard/' \ + | grep '\.ogg$' \ + | shuf -n1 \ + | sed 's,${music_dir}/,,' \ + )" + ''; + + get_current_track_position = pkgs.writeDash "get_current_track_position" '' + ${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }' ''; skip_track = pkgs.writeBashBin "skip_track" '' @@ -28,8 +37,8 @@ let ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$music_dir"/"$current_track" echo skipping: "$track_infos" skip_count: "$skip_count" else - mkdir -p "$music_dir"/.graveyard/ - mv "$music_dir"/"$current_track" "$music_dir"/.graveyard/ + mkdir -p "$music_dir"/the_playlist/.graveyard/ + mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/.graveyard/ echo killing: "$track_infos" fi ${pkgs.mpc_cli}/bin/mpc -q next @@ -62,10 +71,18 @@ let print_current_json = pkgs.writeDashBin "print_current_json" '' ${pkgs.jq}/bin/jq -n -c \ --arg name "$(${pkgs.mpc_cli}/bin/mpc current)" \ + --arg artist "$(${pkgs.mpc_cli}/bin/mpc current -f %artist%)" \ + --arg title "$(${pkgs.mpc_cli}/bin/mpc current -f %title%)" \ --arg filename "$(${pkgs.mpc_cli}/bin/mpc current -f %file%)" \ + --arg position "$(${get_current_track_position})" \ + --arg length "$(${pkgs.mpc_cli}/bin/mpc current -f %time%)" \ --arg youtube "$(${track_youtube_link})" '{ name: $name, + artist: $artist, + title: $title, filename: $filename, + position: $position, + length: $length, youtube: $youtube }' ''; @@ -193,7 +210,7 @@ in { timeLeft () { playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') - currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') + currentTime=$(${get_current_track_position}) expr ''${playlistDuration:-0} - ''${currentTime:-0} } @@ -221,9 +238,11 @@ in { ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null ${pkgs.mpc_cli}/bin/mpc current -f %file% done | while read track; do + listeners=$(${pkgs.curl}/bin/curl 'http://localhost:8000/status-json.xsl' \ + | ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add') echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" - ${write_to_irc} "playing: $track" + ${write_to_irc} "playing: $track listeners: $listeners" done ''; in { -- cgit v1.2.3 From aaefc7edd2157dd1985052a972c2816bd21ba779 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:39:23 +0200 Subject: l steam: add Halo MCC fix --- lass/2configs/steam.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index eae31aec4..2b9811959 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -13,7 +13,11 @@ nixpkgs.config.steam.java = true; hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; - users.users.games.packages = [ pkgs.steam ]; + users.users.games.packages = [ (pkgs.steam.override { + extraPkgs = p: with p; [ + gnutls # needed for Halo MCC + ]; + }) ]; #ports for inhome streaming krebs.iptables = { -- cgit v1.2.3 From 9463cb64457bf4648ebfccc3f133d73843ae2046 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:39:47 +0200 Subject: l syncthing: keepGoing with permown --- lass/2configs/syncthing.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 5397c2ca6..7758b860d 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -31,5 +31,6 @@ in { owner = "lass"; group = "syncthing"; umask = "0002"; + keepGoing = true; }; } -- cgit v1.2.3 From f76b72358dabd94c1e17a415e7e13cb8ecba2438 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:40:10 +0200 Subject: l domsen: apanowicz.de is now a static site --- lass/2configs/websites/domsen.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index bd113567f..48ea5f0a2 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,6 +26,7 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "aldonasiech.com" "www.aldonasiech.com" ]) + (servePage [ "apanowicz.de" "www.apanowicz.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "freemonkey.art" @@ -34,7 +35,6 @@ in { (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ "ubikmedia.de" - "apanowicz.de" "nirwanabluete.de" "ubikmedia.eu" "youthtube.xyz" @@ -42,7 +42,6 @@ in { "weirdwednesday.de" "jarugadesign.de" - "www.apanowicz.de" "www.nirwanabluete.de" "www.ubikmedia.eu" "www.youthtube.xyz" @@ -52,7 +51,6 @@ in { "www.jarugadesign.de" "aldona2.ubikmedia.de" - "apanowicz.ubikmedia.de" "cinevita.ubikmedia.de" "factscloud.ubikmedia.de" "illucloud.ubikmedia.de" -- cgit v1.2.3 From c361849c38cc1bfb86536043c9554bdc75953508 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:40:34 +0200 Subject: l domsen: add legacy ssl certs for legacy devices --- lass/2configs/websites/domsen.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 48ea5f0a2..8cd489bd5 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -105,6 +105,10 @@ in { # MAIL STUFF # TODO: make into its own module + + # workaround for android 7 + security.acme.certs."lassul.us".keyType = "rsa4096"; + services.dovecot2 = { enable = true; mailLocation = "maildir:~/Mail"; -- cgit v1.2.3 From bdc1cb2f02e61810e3e5ccd674cecb91d50c8e80 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:40:52 +0200 Subject: l domsen: use nextcloud 18 --- lass/2configs/websites/domsen.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 8cd489bd5..2d2ba79be 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -91,6 +91,7 @@ in { services.nextcloud = { enable = true; hostName = "o.xanf.org"; + package = pkgs.nextcloud18; config = { adminpassFile = toString + "/nextcloud_pw"; overwriteProtocol = "https"; -- cgit v1.2.3 From e1251ee299af6b00dc81a76560d4810cd0a6126c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:41:35 +0200 Subject: l domsen: update mail aliases --- lass/2configs/websites/domsen.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2d2ba79be..a177a0228 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -134,18 +134,16 @@ in { server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} ''; internet-aliases = [ - { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } { from = "dma@ubikmedia.de"; to = "domsen"; } { from = "dma@ubikmedia.eu"; to = "domsen"; } { from = "mail@habsys.de"; to = "domsen"; } { from = "mail@habsys.eu"; to = "domsen"; } + { from = "hallo@apanowicz.de"; to = "domsen"; } { from = "bruno@apanowicz.de"; to = "bruno"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } { from = "jms@ubikmedia.eu"; to = "jms"; } { from = "ms@ubikmedia.eu"; to = "ms"; } { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } - { from = "akayguen@freemonkey.art"; to ="akayguen"; } - { from = "bui@freemonkey.art"; to ="bui"; } { from = "kontakt@alewis.de"; to ="klabusterbeere"; } { from = "hallo@jarugadesign.de"; to ="kasia"; } @@ -156,9 +154,14 @@ in { "jla-trading.com" "ubikmedia.eu" "ubikmedia.de" + "apanowicz.de" "alewis.de" "jarugadesign.de" ]; + dkim = [ + { domain = "ubikmedia.eu"; } + { domain = "apanowicz.de"; } + ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; -- cgit v1.2.3 From 687ae7ca86bad6648ef53bf8ef5c6f335ad88037 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:42:33 +0200 Subject: l init: update with local tests, sgdisk, etc.. --- lass/2configs/websites/lassulus.nix | 2 +- lass/5pkgs/init/default.nix | 45 +++++++++++-------------------------- lass/5pkgs/init/run-vm.sh | 7 ++++++ lass/5pkgs/init/test.nix | 13 +++++++++++ lass/5pkgs/init/test.sh | 11 +++++++++ 5 files changed, 45 insertions(+), 33 deletions(-) create mode 100755 lass/5pkgs/init/run-vm.sh create mode 100644 lass/5pkgs/init/test.nix create mode 100755 lass/5pkgs/init/test.sh (limited to 'lass') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index baeac213b..5a45f03ef 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -61,7 +61,7 @@ in { pubkey = config.krebs.users.lass.pubkey; }; in '' - alias ${initscript}; + alias ${initscript}/bin/init; ''; locations."= /blue.pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix index cbcfe2c00..ee49951b1 100644 --- a/lass/5pkgs/init/default.nix +++ b/lass/5pkgs/init/default.nix @@ -2,10 +2,10 @@ with lib; -pkgs.writeScript "init" '' +pkgs.writeScriptBin "init" '' #!/usr/bin/env nix-shell - #! nix-shell -i bash -p jq parted libxfs - set -efu + #! nix-shell -i bash -p cryptsetup gptfdisk jq libxfs + set -xefuo pipefail disk=$1 @@ -14,12 +14,12 @@ pkgs.writeScript "init" '' exit 2 fi + bootdev="$disk"2 luksdev="$disk"3 luksmap=/dev/mapper/${luksmap} vgname=${vgname} - bootdev=/dev/sda2 rootdev=/dev/mapper/${vgname}-root homedev=/dev/mapper/${vgname}-home @@ -35,15 +35,13 @@ pkgs.writeScript "init" '' # dd if=/dev/zero bs=512 count=34 of=/dev/sda # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then - parted -s -a optimal "$disk" \ - mklabel gpt \ - mkpart no-fs 0 1024KiB \ - set 1 bios_grub on \ - mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ - mkpart primary 1025MiB 100% + sgdisk -og "$disk" + sgdisk -n 1:2048:4095 -c 1:"BIOS Boot Partition" -t 1:ef02 "$disk" + sgdisk -n 2:4096:+1G -c 2:"EFI System Partition" -t 2:ef00 "$disk" + sgdisk -n 3:0:0 -c 3:"LUKS container" -t 3:8300 "$disk" fi - if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then + if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = "LUKS container"; then echo zonk2 exit 23 fi @@ -58,7 +56,6 @@ pkgs.writeScript "init" '' if ! test -e "$luksmap"; then echo "$lukspw" | cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" - fi - # cryptsetup close if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then pvcreate "$luksmap" @@ -68,11 +65,7 @@ pkgs.writeScript "init" '' lvchange -a y /dev/mapper/"$vgname" - if ! test -e "$rootdev"; then lvcreate -L 7G -n root "$vgname"; fi - if ! test -e "$homedev"; then lvcreate -L 100M -n home "$vgname"; fi - - # lvchange -a n "$vgname" - + if ! test -e "$rootdev"; then lvcreate -L 3G -n root "$vgname"; fi # # formatting @@ -82,35 +75,23 @@ pkgs.writeScript "init" '' mkfs.vfat "$bootdev" fi - if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then + if ! test "$(blkid -o value -s TYPE "$rootdev")" = xfs; then mkfs.xfs "$rootdev" fi - if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then - mkfs.xfs "$homedev" - fi - - if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then + mkdir -p /mnt mount "$rootdev" /mnt fi if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then mkdir -m 0000 -p /mnt/boot mount "$bootdev" /mnt/boot fi - if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then - mkdir -m 0000 -p /mnt/home - mount "$homedev" /mnt/home - fi - - # umount -R /mnt # # dependencies for stockholm # - nix-env -iA nixos.git - # TODO: get sentinal file from target_path mkdir -p /mnt/var/src touch /mnt/var/src/.populate @@ -119,7 +100,7 @@ pkgs.writeScript "init" '' # print all the infos # - parted "$disk" print + gdisk -l "$disk" lsblk "$disk" echo READY. diff --git a/lass/5pkgs/init/run-vm.sh b/lass/5pkgs/init/run-vm.sh new file mode 100755 index 000000000..13914ad5f --- /dev/null +++ b/lass/5pkgs/init/run-vm.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nixos-generators + +set -efu + +WD=$(dirname "$0") +nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run diff --git a/lass/5pkgs/init/test.nix b/lass/5pkgs/init/test.nix new file mode 100644 index 000000000..e76e7e009 --- /dev/null +++ b/lass/5pkgs/init/test.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: +{ + virtualisation.emptyDiskImages = [ + 8000 + ]; + virtualisation.memorySize = 1500; + boot.tmpOnTmpfs = true; + + environment.systemPackages = [ + (pkgs.callPackage ./default.nix {}) + ]; + services.mingetty.autologinUser = lib.mkForce "root"; +} diff --git a/lass/5pkgs/init/test.sh b/lass/5pkgs/init/test.sh new file mode 100755 index 000000000..0ceaa73ca --- /dev/null +++ b/lass/5pkgs/init/test.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nixos-generators + +set -xefu + +WD=$(realpath $(dirname "$0")) +TMPDIR=$(mktemp -d) +cd "$TMPDIR" +nixos-generate -c "$WD"/test.nix -f vm-nogui --run "$@" +cd - +rm -r "$TMPDIR" -- cgit v1.2.3 From e870fd3ef82c06ad620ebff4ead8e7be9fb4a6c1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:43:33 +0200 Subject: l websites: serve yubi pubkey --- lass/2configs/websites/lassulus.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 5a45f03ef..74585a6f8 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -69,6 +69,9 @@ in { locations."= /mors.pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; ''; + locations."= /yubi.pub".extraConfig = '' + alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pubkey}; + ''; }; security.acme.certs."cgit.lassul.us" = { -- cgit v1.2.3 From 3eafd0943b9c473e4900fc9cec98392a228ced18 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:44:07 +0200 Subject: l wine: minimize footprint --- lass/2configs/wine.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 02d7ffc8c..5cb019c13 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -14,8 +14,7 @@ in { ]; createHome = true; packages = [ - pkgs.wine - pkgs.winetricks + pkgs.wineMinimal ]; }; }; -- cgit v1.2.3 From b1d3ce19c4d89a8a8cc940346b90ae8626c494ea Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:44:29 +0200 Subject: l zsh: fix weird multiline errors --- lass/2configs/zsh.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'lass') diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 05964eb51..e65cdd97d 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -122,14 +122,15 @@ case $TERM in (*xterm* | *rxvt*) function precmd { - PROMPT_EVALED="$(print -P $TITLE)" + PROMPT_EVALED=$(print -P "$TITLE") echo -ne "\033]0;$$ $PROMPT_EVALED\007" } - # This is seen while the shell waits for a command to complete. - function preexec { - PROMPT_EVALED="$(print -P $TITLE)" - echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" - } + # This seems broken for some reason + # # This is seen while the shell waits for a command to complete. + # function preexec { + # PROMPT_EVALED=$(print -P "$TITLE") + # echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" + # } ;; esac ''; -- cgit v1.2.3 From 570ba85941e0d8756b8b000df74fbda69590699b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:45:17 +0200 Subject: l xmonad: use different float tactics, remove old junk --- lass/5pkgs/custom/xmonad-lass/default.nix | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) (limited to 'lass') diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index e6d4b0664..5a741353d 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -19,6 +19,8 @@ import System.Environment (getArgs, lookupEnv) import System.Exit (exitFailure) import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) +import Data.Ratio + import XMonad.Actions.CopyWindow (copy, copyToAll, kill1) import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) @@ -29,14 +31,17 @@ import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) -import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>)) +import XMonad.Hooks.ManageHelpers (doCenterFloat, doRectFloat, (-?>)) +import XMonad.Hooks.Place (placeHook, smart) import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Layout.FixedColumn (FixedColumn(..)) +import XMonad.Layout.Grid (Grid(..)) import XMonad.Layout.Minimize (minimize) import XMonad.Layout.NoBorders (smartBorders) import XMonad.Layout.MouseResizableTile (mouseResizableTile) import XMonad.Layout.SimplestFloat (simplestFloat) +import XMonad.ManageHook (composeAll) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Util.EZConfig (additionalKeysP) @@ -76,7 +81,7 @@ main' = do { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , manageHook = floatHooks <+> floatNextHook + , manageHook = floatHooks , startupHook = whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) @@ -88,14 +93,17 @@ main' = do myLayoutHook = defLayout where - defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile) - -floatHooks :: Query (Endo WindowSet) -floatHooks = composeOne - [ className =? "Pinentry" -?> doCenterFloat - , title =? "fzfmenu" -?> doCenterFloat - , title =? "glxgears" -?> doCenterFloat - , resource =? "Dialog" -?> doFloat + defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid) + +floatHooks = composeAll + [ className =? "Pinentry" --> doCenterFloat + , title =? "fzfmenu" --> doCenterFloat + , title =? "glxgears" --> doCenterFloat + , resource =? "Dialog" --> doFloat + , title =? "Upload to Imgur" --> + doRectFloat (W.RationalRect 0 0 (1 % 8) (1 % 8)) + , placeHook (smart (1,0)) + , floatNextHook ] myKeyMap :: [([Char], X ())] @@ -105,7 +113,6 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-S-p", spawn "${pkgs.otpmenu}/bin/otpmenu") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") - , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") , ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") -- cgit v1.2.3 From 9b5c11239956ff5cd7a24fe1ef32cd49a3aa8d26 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:45:41 +0200 Subject: l emot-menu: clearmodifiers when typing --- lass/5pkgs/emot-menu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/5pkgs/emot-menu/default.nix b/lass/5pkgs/emot-menu/default.nix index 440e160d0..3ce635dac 100644 --- a/lass/5pkgs/emot-menu/default.nix +++ b/lass/5pkgs/emot-menu/default.nix @@ -29,6 +29,6 @@ writeDashBin "emoticons" '' data=$(${coreutils}/bin/cat ${emoticons}) emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//') - ${xdotool}/bin/xdotool type -- "$emoticon" + ${xdotool}/bin/xdotool type --clearmodifiers -- "$emoticon" exit 0 '' -- cgit v1.2.3 From 22d52b8ed4faf55be5d37790e9f84b24fdec80eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:58:38 +0200 Subject: l hass: add love option --- lass/3modules/hass.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'lass') diff --git a/lass/3modules/hass.nix b/lass/3modules/hass.nix index 30158e78a..96521aaa9 100644 --- a/lass/3modules/hass.nix +++ b/lass/3modules/hass.nix @@ -22,6 +22,22 @@ in { }; in valueType; }; + love = mkOption { + default = {}; + type = with lib.types; let + valueType = nullOr (oneOf [ + bool + int + float + str + (attrsOf valueType) + (listOf valueType) + ]) // { + description = "Yaml value"; + emptyValue.value = {}; + }; + in valueType; + }; }; config = @@ -29,6 +45,7 @@ in { mkIf (cfg.config != {}) { services.home-assistant.config = cfg.config; + # services.home-assistant.lovelaceConfig = cfg.love; }; } -- cgit v1.2.3 From d554acc06850a83399de48ff3bbcb3afdf38b4bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 15 Oct 2020 20:19:57 +0200 Subject: l green-host: use cryfs & nixos-containers --- lass/2configs/green-host.nix | 109 +++++++++++++++++++++++++------------------ 1 file changed, 63 insertions(+), 46 deletions(-) (limited to 'lass') diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix index 0cccbc30e..6cccab4b3 100644 --- a/lass/2configs/green-host.nix +++ b/lass/2configs/green-host.nix @@ -1,38 +1,44 @@ { config, lib, pkgs, ... }: with import ; -{ +let + + cname = "green"; + cryfs = pkgs.cryfs.overrideAttrs (old: { + patches = [ + (pkgs.writeText "file_mode.patch" '' + --- a/src/cryfs/filesystem/CryNode.cpp + +++ b/src/cryfs/filesystem/CryNode.cpp + @@ -171,7 +171,7 @@ CryNode::stat_info CryNode::stat() const { + result.uid = fspp::uid_t(getuid()); + result.gid = fspp::gid_t(getgid()); + #endif + - result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag(); + + result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag().addGroupReadFlag().addGroupExecFlag().addOtherReadFlag().addOtherExecFlag();; + result.size = fsblobstore::DirBlob::DIR_LSTAT_SIZE; + //TODO If possible without performance loss, then for a directory, st_nlink should return number of dir entries (including "." and "..") + result.nlink = 1; + '') + ] ++ old.patches; + }); + +in { imports = [ - { #hack for already defined - systemd.services."container@green".reloadIfChanged = mkForce false; - systemd.services."container@green".preStart = '' - ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green ' - ''; - systemd.services."container@green".postStop = '' - set -x - ${pkgs.umount}/bin/umount /var/lib/containers/green - ls -la /dev/mapper/control - ${pkgs.devicemapper}/bin/dmsetup ls - ${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img - ''; - } ]; - services.syncthing.declarative.folders."/var/lib/sync-containers".devices = [ "icarus" "skynet" "littleT" "shodan" ]; - krebs.permown."/var/lib/sync-containers" = { - owner = "root"; - group = "syncthing"; - umask = "0007"; - }; + programs.fuse.userAllowOther = true; - system.activationScripts.containerPermissions = '' - mkdir -p /var/lib/containers - chmod 711 /var/lib/containers - ''; + services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}".devices = [ "icarus" "skynet" "littleT" "shodan" ]; + # krebs.permown."/var/lib/sync-containers/${cname}" = { + # owner = "root"; + # group = "syncthing"; + # umask = "0007"; + # }; - containers.green = { + systemd.services."container@green".reloadIfChanged = mkForce false; + containers.${cname} = { config = { ... }: { environment.systemPackages = [ pkgs.git @@ -42,41 +48,52 @@ with import ; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey ]; + system.activationScripts.fuse = { + text = '' + ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229 + ''; + deps = []; + }; }; + allowedDevices = [ + { modifier = "rwm"; node = "/dev/fuse"; } + ]; autoStart = false; enableTun = true; privateNetwork = true; - hostAddress = "10.233.2.15"; - localAddress = "10.233.2.16"; + hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs + localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs }; environment.systemPackages = [ - (pkgs.writeDashBin "start-green" '' - set -fu - CONTAINER='green' - IMAGE='/var/lib/sync-containers/green.img' - - ${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null - if [ "$?" -ne 0 ]; then - ${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER" - fi - - mkdir -p /var/lib/containers/"$CONTAINER" + (pkgs.writeDashBin "start-${cname}" '' + set -euf - ${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" " - if [ "$?" -ne 0 ]; then - ${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER" + mkdir -p /var/lib/containers/${cname}/var/state + chown ${config.services.syncthing.user}: /var/lib/containers/${cname}/var/state + if ! ${pkgs.mount}/bin/mount | grep -q '^cryfs@/var/lib/sync-containers/${cname} on /var/lib/containers/${cname}/var/state '; then + /run/wrappers/bin/sudo -u "${config.services.syncthing.user}" \ + ${cryfs}/bin/cryfs /var/lib/sync-containers/${cname} /var/lib/containers/${cname}/var/state -o allow_other -o default_permissions fi - STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER") + STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname}) if [ "$STATE" = 'down' ]; then - ${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER" + ${pkgs.nixos-container}/bin/nixos-container start ${cname} fi - ping -c1 green.r - if [ "$?" -ne 0 ]; then - ${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch + + if ! ping -c1 -q -w5 ${cname}.r && [ -d /var/lib/containers/${cname}/var/src ]; then + ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" '' + mkdir -p /var/state/var_src + ln -sf state/var_Src /var/src + nixos-rebuild -I /var/src switch + ''} fi + '') + (pkgs.writeDashBin "stop-${cname}" '' + set -euf + ${pkgs.nixos-container}/bin/nixos-container stop ${cname} + ${cryfs}/bin/cryfs-unmount /var/lib/containers/${cname}/var/state '') ]; } -- cgit v1.2.3 From 5e304ff70ec34800e3b847664757b363e1e88a9b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Oct 2020 19:07:09 +0200 Subject: l krops: shallow clone new remote --- lass/krops.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/krops.nix b/lass/krops.nix index 5927b0062..128c9ee04 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -11,8 +11,9 @@ { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs-channels"; + url = "https://github.com/nixos/nixpkgs"; ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; + shallow = true; }; secrets = if test then { file = toString ./2configs/tests/dummy-secrets; -- cgit v1.2.3