summaryrefslogtreecommitdiffstats
path: root/lass/3modules
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-09-07 12:26:31 +0200
committerlassulus <git@lassul.us>2023-09-07 13:50:26 +0200
commitf55307fd73af235069744dd5155fda0bc73fe613 (patch)
treef048d7750a50e48493505a08784c96d07d291f89 /lass/3modules
parent85ae348bf3f53125c8281669a32bf007dc0063be (diff)
lass: migrate away
Diffstat (limited to 'lass/3modules')
-rw-r--r--lass/3modules/autowifi.nix38
-rw-r--r--lass/3modules/default.nix18
-rw-r--r--lass/3modules/dnsmasq.nix48
-rw-r--r--lass/3modules/drbd.nix159
-rw-r--r--lass/3modules/folderPerms.nix104
-rw-r--r--lass/3modules/hosts.nix12
-rw-r--r--lass/3modules/klem.nix75
-rw-r--r--lass/3modules/mysql-backup.nix86
-rw-r--r--lass/3modules/news.nix76
-rw-r--r--lass/3modules/nichtparasoup.nix161
-rw-r--r--lass/3modules/pyload.nix55
-rw-r--r--lass/3modules/screenlock.nix40
-rw-r--r--lass/3modules/usershadow.nix139
13 files changed, 0 insertions, 1011 deletions
diff --git a/lass/3modules/autowifi.nix b/lass/3modules/autowifi.nix
deleted file mode 100644
index 9aa1a2d28..000000000
--- a/lass/3modules/autowifi.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-let
-
- cfg = config.lass.autowifi;
-
-in {
- options.lass.autowifi = {
- enable = mkEnableOption "automatic wifi connector";
- knownWifisFile = mkOption {
- type = types.str;
- default = "/etc/wifis";
- };
- enablePrisonBreak = mkOption {
- type = types.bool;
- default = false;
- };
- };
-
- config = lib.mkIf cfg.enable {
- systemd.services.autowifi = {
- description = "Automatic wifi connector";
- wantedBy = [ "multi-user.target" ];
- path = [ pkgs.networkmanager ];
- serviceConfig = {
- Type = "simple";
- Restart = "always";
- RestartSec = "10s";
- ExecStart = "${autowifi}/bin/autowifi";
- };
- };
-
- networking.networkmanager.dispatcherScripts = mkIf cfg.enablePrisonBreak [
- { source = "${pkgs.callPackage <stockholm/makefu/5pkgs/prison-break}/bin/prison-break"; }
- ];
- };
-}
-
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
deleted file mode 100644
index 4082c8bd2..000000000
--- a/lass/3modules/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-_:
-{
- imports = [
- ../../submodules/disko/module.nix
- ./dnsmasq.nix
- ./drbd.nix
- ./folderPerms.nix
- ./hosts.nix
- ./klem.nix
- ./mysql-backup.nix
- ./news.nix
- ./nichtparasoup.nix
- ./pyload.nix
- ./screenlock.nix
- ./usershadow.nix
- ./autowifi.nix
- ];
-}
diff --git a/lass/3modules/dnsmasq.nix b/lass/3modules/dnsmasq.nix
deleted file mode 100644
index 83a9cb180..000000000
--- a/lass/3modules/dnsmasq.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with builtins;
-with lib;
-
-let
- cfg = config.lass.dnsmasq;
-
- out = {
- options.lass.dnsmasq = api;
- config = mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "dnsmasq";
- config = mkOption {
- type = types.str;
- #TODO: find a good default
- default = ''
- '';
- description = "configuration dnsmasq is started with";
- };
- };
-
- configFile = pkgs.writeText "dnsmasq.conf" cfg.config;
-
- imp = {
-
- systemd.services.dnsmasq = {
- description = "dnsmasq";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- path = with pkgs; [
- dnsmasq
- ];
-
-
- restartIfChanged = true;
-
- serviceConfig = {
- Restart = "always";
- ExecStart = "${pkgs.dnsmasq}/bin/dnsmasq -k -C ${configFile}";
- };
- };
- };
-
-in out
diff --git a/lass/3modules/drbd.nix b/lass/3modules/drbd.nix
deleted file mode 100644
index b933158a5..000000000
--- a/lass/3modules/drbd.nix
+++ /dev/null
@@ -1,159 +0,0 @@
-{ config, lib, pkgs, ... }: let
- cfg = config.lass.drbd;
- slib = import <stockholm/lib>;
-in {
- options = {
- lass.drbd = lib.mkOption {
- default = {};
- type = lib.types.attrsOf (lib.types.submodule ({ config, ... }: {
- options = {
- name = lib.mkOption {
- type = lib.types.str;
- default = config._module.args.name;
- };
- blockMinor = lib.mkOption {
- type = lib.types.int;
- default = lib.mod (slib.genid config.name) 16000; # TODO get max_id fron drbd
- };
- port = lib.mkOption {
- type = lib.types.int;
- default = 20000 + config.blockMinor;
- };
- peers = lib.mkOption {
- type = lib.types.listOf slib.types.host;
- };
- disk = lib.mkOption {
- type = lib.types.str;
- default = "/dev/loop${toString config.blockMinor}";
- };
- drbdConfig = lib.mkOption {
- type = lib.types.path;
- internal = true;
- default = pkgs.writeText "drbd-${config.name}.conf" ''
- resource ${config.name} {
- net {
- protocol a;
- ping-int 10;
- csums-alg crc32c;
- connect-int 3;
- after-sb-0pri discard-older-primary;
- after-sb-1pri discard-secondary;
-
- # seems to be drbd-proxy premium feature
- on-congestion pull-ahead;
- congestion-fill 1G;
- congestion-extents 500;
-
- sndbuf-size 10M;
- max-epoch-size 20000;
- }
- device minor ${toString config.blockMinor};
- disk ${config.disk};
- meta-disk internal;
- ${slib.indent (lib.concatStrings (lib.imap1 (i: peer: /* shell */ ''
- on ${peer.name} {
- address ${peer.nets.retiolum.ip4.addr}:${toString config.port};
- node-id ${toString i};
- }
- '') config.peers))}
- connection-mesh {
- hosts ${lib.concatMapStringsSep " " (peer: peer.name) config.peers};
- }
- }
- '';
- };
- };
- }));
- };
- };
- config = lib.mkIf (cfg != {}) {
- boot.extraModulePackages = [
- (pkgs.linuxPackages.callPackage ../5pkgs/drbd9/default.nix {})
- ];
- boot.extraModprobeConfig = ''
- options drbd usermode_helper=/run/current-system/sw/bin/drbdadm
- '';
- services.udev.packages = [ pkgs.drbd ];
- boot.kernelModules = [ "drbd" ];
-
- environment.systemPackages = [
- pkgs.drbd
- (pkgs.writers.writeDashBin "drbd-change-nodeid" ''
- # https://linbit.com/drbd-user-guide/drbd-guide-9_0-en/#s-using-truck-based-replication
- set -efux
-
- if [ "$#" -ne 2 ]; then
- echo '$1 needs to be drbd volume name'
- echo '$2 needs to be new node id'
- exit 1
- fi
-
-
- TMPDIR=$(mktemp -d)
- trap 'rm -rf $TMPDIR' EXIT
-
- V=$1
- NODE_TO=$2
- META_DATA_LOCATION=internal
-
- ${pkgs.drbd}/bin/drbdadm -- --force dump-md $V > "$TMPDIR"/md_orig.txt
- NODE_FROM=$(cat "$TMPDIR"/md_orig.txt | ${pkgs.gnused}/bin/sed -n 's/^node-id \(.*\);$/\1/p')
- ${pkgs.gnused}/bin/sed -e "s/node-id $NODE_FROM/node-id $NODE_TO/" \
- -e "s/^peer.$NODE_FROM. /peer-NEW /" \
- -e "s/^peer.$NODE_TO. /peer[$NODE_FROM] /" \
- -e "s/^peer-NEW /peer[$NODE_TO] /" \
- < "$TMPDIR"/md_orig.txt > "$TMPDIR"/md.txt
-
- drbdmeta --force $(drbdadm sh-minor $V) v09 $(drbdadm sh-md-dev $V) $META_DATA_LOCATION restore-md "$TMPDIR"/md.txt
- '')
- ];
-
- networking.firewall.allowedTCPPorts = map (device: device.port) (lib.attrValues cfg);
- systemd.services = lib.mapAttrs' (_: device:
- lib.nameValuePair "drbd-${device.name}" {
- after = [ "systemd-udev.settle.service" "network.target" "retiolum.service" ];
- wants = [ "systemd-udev.settle.service" ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- RemainAfterExit = true;
- ExecStart = pkgs.writers.writeDash "start-drbd-${device.name}" ''
- set -efux
- mkdir -p /var/lib/sync-containers2
- ${lib.optionalString (device.disk == "/dev/loop${toString device.blockMinor}") ''
- if ! test -e /var/lib/sync-containers2/${device.name}.disk; then
- truncate -s 10G /var/lib/sync-containers2/${device.name}.disk
- fi
- if ! ${pkgs.util-linux}/bin/losetup /dev/loop${toString device.blockMinor}; then
- ${pkgs.util-linux}/bin/losetup /dev/loop${toString device.blockMinor} /var/lib/sync-containers2/${device.name}.disk
- fi
- ''}
- if ! ${pkgs.drbd}/bin/drbdadm adjust ${device.name}; then
- ${pkgs.drbd}/bin/drbdadm down ${device.name}
- ${pkgs.drbd}/bin/drbdadm create-md ${device.name}/0 --max-peers 31
- ${pkgs.drbd}/bin/drbdadm up ${device.name}
- fi
- '';
- ExecStop = pkgs.writers.writeDash "stop-drbd-${device.name}" ''
- set -efux
- ${pkgs.drbd}/bin/drbdadm -c ${device.drbdConfig} down ${device.name}
- ${lib.optionalString (device.disk == "/dev/loop${toString device.blockMinor}") ''
- ${pkgs.util-linux}/bin/losetup -d /dev/loop${toString device.blockMinor}
- ''}
- '';
- };
- }
- ) cfg;
-
-
- environment.etc."drbd.conf".text = ''
- global {
- usage-count yes;
- }
-
- ${lib.concatMapStrings (device: /* shell */ ''
- include ${device.drbdConfig};
- '') (lib.attrValues cfg)}
- '';
- };
-}
-
diff --git a/lass/3modules/folderPerms.nix b/lass/3modules/folderPerms.nix
deleted file mode 100644
index bb0320327..000000000
--- a/lass/3modules/folderPerms.nix
+++ /dev/null
@@ -1,104 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-#TODO: implement recursive mode maybe?
-# enable different mods for files and folders
-
-let
- inherit (pkgs)
- writeScript
- ;
-
- inherit (lib)
- concatMapStringsSep
- concatStringsSep
- mkEnableOption
- mkIf
- mkOption
- types
- ;
-
- cfg = config.lass.folderPerms;
-
- out = {
- options.lass.folderPerms = api;
- config = mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "folder permissions";
- permissions = mkOption {
- type = with types; listOf (submodule ({
- options = {
- path = mkOption {
- type = str;
- };
- permission = mkOption {
- type = nullOr str;
- example = "755";
- description = ''
- basically anything that chmod takes as permission
- '';
- default = null;
- };
- owner = mkOption {
- type = nullOr str;
- example = "root:root";
- description = ''
- basically anything that chown takes as owner
- '';
- default = null;
- };
- };
- }));
- };
- };
-
- imp = {
- systemd.services.lass-folderPerms = {
- description = "lass-folderPerms";
- wantedBy = [ "multi-user.target" ];
-
- path = with pkgs; [
- coreutils
- ];
-
- restartIfChanged = true;
-
- serviceConfig = {
- type = "simple";
- RemainAfterExit = true;
- Restart = "always";
- ExecStart = "@${startScript}";
- };
- };
- };
-
- startScript = writeScript "lass-folderPerms" ''
- ${concatMapStringsSep "\n" writeCommand cfg.permissions}
- '';
-
- writeCommand = fperm:
- concatStringsSep "\n" [
- (buildPermission fperm)
- (buildOwner fperm)
- ];
-
- buildPermission = perm:
- #TODO: create folder maybe
- #TODO: check if permission is valid
- if (perm.permission == null) then
- ""
- else
- "chmod ${perm.permission} ${perm.path}"
- ;
-
- buildOwner = perm:
- #TODO: create folder maybe
- #TODO: check if owner/group valid
- if (perm.owner == null) then
- ""
- else
- "chown ${perm.owner} ${perm.path}"
- ;
-
-in out
diff --git a/lass/3modules/hosts.nix b/lass/3modules/hosts.nix
deleted file mode 100644
index 37cbf3ed3..000000000
--- a/lass/3modules/hosts.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-
-{
- options.lass.hosts = mkOption {
- type = types.attrsOf types.host;
- default =
- filterAttrs (_: host: host.owner.name == "lass" && host.ci)
- config.krebs.hosts;
- };
-}
diff --git a/lass/3modules/klem.nix b/lass/3modules/klem.nix
deleted file mode 100644
index 8536d967d..000000000
--- a/lass/3modules/klem.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-{ config, pkgs, ... }: with import <stockholm/lib>; let
- cfg = config.lass.klem;
-in {
- options.lass.klem = mkOption {
- default = {};
- type = types.attrsOf (types.submodule ({ config, ...}: {
- options = {
- target = mkOption {
- default = ".*";
- description = ''
- regex of valid targets
- can be shown with xclip -selection clipboard -t TARGETS
- the first hit is taken as target argument
- '';
- type = types.str;
- };
- script = mkOption {
- description = ''
- file to run if entry is selected
- '';
- type = types.path;
- };
- label = mkOption {
- default = config._module.args.name;
- description = ''
- label to show in dmenu for this script
- '';
- type = types.str;
- };
- };
- }));
- };
- config = let
- klem = pkgs.writers.writeDashBin "klem" ''
- set -x
-
- labels=""
- # match filetype against patterns
- ${concatMapStringsSep "\n" (script: ''
- ${pkgs.xclip}/bin/xclip -selection clipboard -target TARGETS -out \
- | ${pkgs.gnugrep}/bin/grep -q '${script.target}'
- if [ $? -eq 0 ]; then
- labels="$labels:${script.label}"
- fi
- '') (attrValues cfg)}
-
- #remove empty line, feed into dmenu
- script=$(echo "$labels" \
- | ${pkgs.gnused}/bin/sed 's/^://;s/:/\n/g' \
- | ${pkgs.dmenu}/bin/dmenu)
-
- #run the chosen script
- case $script in
- ${concatMapStringsSep "\n" (script: indent ''
- ${script.label})
- target=$(${pkgs.xclip}/bin/xclip -selection clipboard -target TARGETS -out \
- | ${pkgs.gnugrep}/bin/grep '${script.target}' \
- | ${pkgs.gnugrep}/bin/grep -v TARGETS \
- | ${pkgs.coreutils}/bin/head -1)
- ${pkgs.xclip}/bin/xclip -selection clipboard -target "$target" -out \
- | ${script.script} \
- | ${pkgs.xclip}/bin/xclip -selection clipboard -in
- ;;
- '') (attrValues cfg)}
- esac
- '';
- in mkIf (cfg != {}) {
- environment.systemPackages = [ klem ];
- nixpkgs.overlays = [
- (self: super: {
- klem = klem;
- })
- ];
- };
-}
diff --git a/lass/3modules/mysql-backup.nix b/lass/3modules/mysql-backup.nix
deleted file mode 100644
index 516f96c34..000000000
--- a/lass/3modules/mysql-backup.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
- cfg = config.lass.mysqlBackup;
-
- out = {
- options.lass.mysqlBackup = api;
- config = mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "mysqlBackup";
- config = mkOption {
- type = with types; attrsOf (submodule ({ config, ... }: {
- options = {
- name = mkOption {
- type = types.str;
- default = config._module.args.name;
- };
- startAt = mkOption {
- type = with types; nullOr str; # TODO systemd.time(7)'s calendar event
- default = "*-*-* 01:15:00";
- };
- user = mkOption {
- type = str;
- default = "root";
- };
- password = mkOption {
- type = nullOr str;
- default = null;
- description = ''
- path to a file containing the mysqlPassword for the specified user.
- '';
- };
- databases = mkOption {
- type = listOf str;
- default = [];
- };
- location = mkOption {
- type = str;
- default = "/backups/sql_dumps";
- };
- };
- }));
- description = "configuration for mysqlBackup";
- };
- };
-
- imp = {
-
- services.mysql.ensureUsers = [
- { ensurePermissions = { "*.*" = "ALL"; }; name = "root"; }
- ];
-
- systemd.services =
- mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
- path = with pkgs; [
- mysql
- gzip
- ];
- serviceConfig = rec {
- ExecStart = start plan;
- SyslogIdentifier = ExecStart.name;
- Type = "oneshot";
- User = plan.user;
- };
- startAt = plan.startAt;
- }) cfg.config;
- };
-
-
- start = plan: let
- backupScript = plan: db: ''
- mkdir -p ${plan.location}
- mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz
- '';
-
- in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
- ${concatMapStringsSep "\n" (backupScript plan) plan.databases}
- '';
-
-
-in out
diff --git a/lass/3modules/news.nix b/lass/3modules/news.nix
deleted file mode 100644
index b6061736c..000000000
--- a/lass/3modules/news.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
- cfg = config.lass.news;
-
- out = {
- options.lass.news = api;
- config = lib.mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "news";
- feeds = mkOption {
- type = types.listOf (types.submodule { options = {
- nick = mkOption {
- type = types.str;
- };
- feedurl = mkOption {
- type = types.str;
- };
- interval = mkOption {
- type = types.int;
- default = 1000;
- };
- channels = mkOption {
- type = types.listOf types.str;
- };
- };});
- };
- user = mkOption {
- type = types.user;
- default = {
- name = "news";
- home = "/var/lib/news";
- };
- };
- ircServer = mkOption {
- type = types.str;
- default = "localhost";
- description = "to which server the bot should connect";
- };
- };
-
- imp = {
-
- users.users.${cfg.user.name} = {
- inherit (cfg.user) home name uid;
- createHome = true;
- };
-
- systemd.services = listToAttrs (map (feed:
- nameValuePair "news-${feed.nick}" {
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
- serviceConfig = {
- SyslogIdentifier = "news-${feed.nick}";
- User = cfg.user.name;
- PrivateTmp = true;
- Restart = "always";
- ExecStart = pkgs.writeDash "news-${feed.nick}" ''
- ${pkgs.haskellPackages.news}/bin/news '${feed.feedurl}' '${toString feed.interval}' \
- | ${pkgs.goify}/bin/goify \
- | while :; do
- ${pkgs.haskellPackages.kirk}/bin/ircout --nick '${feed.nick}' --host '${cfg.ircServer}' \
- \${concatStringsSep " \\" feed.channels}
- done
- '';
- };
- }
- ) cfg.feeds);
-
- };
-
-in out
diff --git a/lass/3modules/nichtparasoup.nix b/lass/3modules/nichtparasoup.nix
deleted file mode 100644
index a28c2a159..000000000
--- a/lass/3modules/nichtparasoup.nix
+++ /dev/null
@@ -1,161 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
- options.lass.nichtparasoup = {
- enable = mkEnableOption "nichtparasoup funny image page";
- config = mkOption {
- type = types.str;
- default = ''
- [General]
- Port: 5001
- IP: 0.0.0.0
- Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25
-
- [Cache]
- Images_min_limit: 15
-
- [Logging]
- ;; possible destinations: file syslog
- Destination: syslog
- Verbosity: ERROR
-
- [Sites]
- SoupIO: everyone
- Pr0gramm: new,top
- Reddit: ${lib.concatStringsSep "," [
- "2healthbars"
- "abandonedporn"
- "animalsbeingderps"
- "ANormalDayInRussia"
- "assholedesign"
- "AwesomeOffBrands"
- "bizarrebuildings"
- "bonehurtingjuice"
- "boottoobig"
- "bossfight"
- "bravofotogeschichten"
- "breathinginformation"
- "buddhistmemes"
- "cablefail"
- "cableporn"
- "catastrophicfailure"
- "chairsunderwater"
- "clevercomebacks"
- "confusingperspective"
- "conni"
- "crappydesign"
- "cursedcomments"
- "desirepath"
- "doenerverbrechen"
- "dontdeadopeninside"
- "educationalgifs"
- "EngineeringPorn"
- "eyebleach"
- "forbiddensnacks"
- "funnyanimals"
- "gifs"
- "Gittertiere"
- "goodboomerhumor"
- "grssk"
- "halthoch"
- "hmm"
- "hmmm"
- "holdmybeer"
- "holup"
- "iamatotalpieceofshit"
- "ichbin40undlustig"
- "idiotsincars"
- "illegallysmolcats"
- "infokriegerkutschen"
- "instagramreality"
- "instant_regret"
- "itrunsdoom"
- "itsaunixsystem"
- "kamikazebywords"
- "keming"
- "kidsarefuckingstupid"
- "kitchenconfidential"
- "laughingbuddha"
- "LiminalSpace"
- "loadingicon"
- "MachinePorn"
- "mallninjashit"
- "michaelbaygifs"
- "mildlyinfuriating"
- "miscatculations"
- "natureisfuckinglit"
- "nononoyesno"
- "notinteresting"
- "notliketheothergirls"
- "oddlysatisfying"
- "ofcoursethatsathing"
- "okbuddylinux"
- "OSHA"
- "PeopleFuckingDying"
- "Perfectfit"
- "perfectloops"
- "PerfectTiming"
- "picsofunusualbirds"
- "PixelArt"
- "pizzacrimes"
- "prequelmemes"
- "Prisonwallet"
- "reactiongifs"
- "RealFakeDoors"
- "reallifedoodles"
- "RetroFuturism"
- "robotsbeingjerks"
- "SchizophreniaRides"
- "scriptedasiangifs"
- "shitposting"
- "shittyfoodporn"
- "shittyrobots"
- "softwaregore"
- "specializedtools"
- "spicypillows"
- "StallmanWasRight"
- "startledcats"
- "startrekstabilized"
- "stupidfood"
- "techsupportgore"
- "thathappened"
- "ThingsCutInHalfPorn"
- "totallynotrobots"
- "trippinthroughtime"
- "Unexpected"
- "urbanexploration"
- "wasletztepreis"
- "wellthatsucks"
- "wertekinder"
- "wewantplates"
- "whatcouldgowrong"
- "whatsthisbug"
- "whatsthisplant"
- "whatswrongwithyourdog"
- "whenthe"
- "yesyesyesyesno"
- "youseeingthisshit"
- ]}
- NineGag: geeky,wtf,hot,trending
- Instagram: nature,wtf
- Fourchan: sci
- '';
- };
- };
-
- config = mkIf config.lass.nichtparasoup.enable {
- systemd.services.nichtparasoup = {
- description = "nichtparasoup";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- restartIfChanged = true;
- serviceConfig = {
- Restart = "always";
- ExecStart = "${pkgs.nichtparasoup}/bin/nichtparasoup -c ${pkgs.writeText "config.ini" config.lass.nichtparasoup.config}";
- };
- };
- };
-}
diff --git a/lass/3modules/pyload.nix b/lass/3modules/pyload.nix
deleted file mode 100644
index 6f29ffb17..000000000
--- a/lass/3modules/pyload.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
- cfg = config.lass.pyload;
-
- out = {
- options.lass.pyload = api;
- config = lib.mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "pyload";
- user = mkOption {
- type = types.str;
- default = "download";
- };
- };
-
- imp = {
-
- krebs.per-user.${cfg.user}.packages = [
- pkgs.pyload
- pkgs.spidermonkey
- pkgs.tesseract
- ];
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 9099"; target = "ACCEPT"; }
- ];
- systemd.services.pyload = {
- description = "pyload";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- path = with pkgs; [
- pyload
- spidermonkey
- tesseract
- dnsmasq
- ];
-
- restartIfChanged = true;
-
- serviceConfig = {
- Restart = "always";
- ExecStart = "${pkgs.pyload}/bin/pyLoadCore";
- User = cfg.user;
- };
- };
-
- };
-
-in out
diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix
deleted file mode 100644
index b5c69b65a..000000000
--- a/lass/3modules/screenlock.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ pkgs, config, ... }:
-
-with import <stockholm/lib>;
-
-let
- cfg = config.lass.screenlock;
-
- out = {
- options.lass.screenlock = api;
- config = mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "screenlock";
- command = mkOption {
- type = types.path;
- default = pkgs.writeDash "screenlock" ''
- ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1
- sleep 3
- '';
- };
- };
-
- imp = {
- systemd.services.screenlock = {
- before = [ "sleep.target" ];
- requiredBy = [ "sleep.target" ];
- environment = {
- DISPLAY = ":${toString config.services.xserver.display}";
- };
- serviceConfig = {
- SyslogIdentifier = "screenlock";
- ExecStart = cfg.command;
- Type = "simple";
- User = "lass";
- };
- };
- };
-
-in out
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
deleted file mode 100644
index 094d37a36..000000000
--- a/lass/3modules/usershadow.nix
+++ /dev/null
@@ -1,139 +0,0 @@
-{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
-
- cfg = config.lass.usershadow;
-
- out = {
- options.lass.usershadow = api;
- config = lib.mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "usershadow";
- pattern = mkOption {
- type = types.str;
- default = "/home/%/.shadow";
- };
- path = mkOption {
- type = types.str;
- };
- };
-
- imp = {
- environment.systemPackages = [ usershadow ];
- lass.usershadow.path = "${usershadow}";
- security.pam.services.sshd.text = ''
- auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
- auth required pam_permit.so
- account required pam_permit.so
- session required pam_permit.so
- '';
-
- security.pam.services.dovecot2.text = ''
- auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
- auth required pam_permit.so
- account required pam_permit.so
- session required pam_permit.so
- '';
-
- security.wrappers.shadow_verify_pam = {
- setuid = true;
- source = "${usershadow}/bin/verify_pam";
- owner = "root";
- group = "root";
- };
- security.wrappers.shadow_verify_arg = {
- setuid = true;
- source = "${usershadow}/bin/verify_arg";
- owner = "root";
- group = "root";
- };
- };
-
- usershadow = let {
- deps = [
- "pwstore-fast"
- "bytestring"
- ];
- body = pkgs.writeHaskellPackage "passwords" {
- ghc-options = [
- "-rtsopts"
- "-Wall"
- ];
- executables.verify_pam = {
- extra-depends = deps;
- text = ''
- import System.IO
- import Data.Char (chr)
- import System.Environment (getEnv, getArgs)
- import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
- import qualified Data.ByteString.Char8 as BS8
- import System.Exit (exitFailure, exitSuccess)
-
- main :: IO ()
- main = do
- user <- getEnv "PAM_USER"
- shadowFilePattern <- head <$> getArgs
- let shadowFile = lhs <> user <> tail rhs
- (lhs, rhs) = span (/= '%') shadowFilePattern
- hash <- readFile shadowFile
- password <- takeWhile (/= (chr 0)) <$> hGetLine stdin
- let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
- if res then exitSuccess else exitFailure
- '';
-