diff options
author | tv <tv@krebsco.de> | 2023-09-12 12:56:39 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2023-09-13 16:23:38 +0200 |
commit | fbd485cd86c7e9984819357398f912a2d5510845 (patch) | |
tree | e1a9e2eedacfa25018d6b0eef3f4628a4d503ebc /tv/2configs | |
parent | 5370e0485788224126861e076110ac705013d2de (diff) |
tv: emigrate
Diffstat (limited to 'tv/2configs')
55 files changed, 0 insertions, 2671 deletions
diff --git a/tv/2configs/autotether.nix b/tv/2configs/autotether.nix deleted file mode 100644 index 43b5575c8..000000000 --- a/tv/2configs/autotether.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, ... }: let - cfg.serial = "17e064850405"; -in { - systemd.services.usb_tether.serviceConfig = { - SyslogIdentifier = "usb_tether"; - ExecStartPre = "${pkgs.android-tools}/bin/adb -s ${cfg.serial} wait-for-device"; - ExecStart = "${pkgs.android-tools}/bin/adb -s ${cfg.serial} shell svc usb setFunctions rndis"; - }; - services.udev.extraRules = /* sh */ '' - ACTION=="add", SUBSYSTEM=="net", KERNEL=="usb*", NAME="android" - - ACTION=="add", SUBSYSTEM=="usb", ATTR{serial}=="${cfg.serial}", \ - TAG+="systemd", ENV{SYSTEMD_WANTS}="usb_tether.service" - ''; - systemd.network.networks.android = { - matchConfig.Name = "android"; - DHCP = "yes"; - }; -} diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix deleted file mode 100644 index 56c04c4e3..000000000 --- a/tv/2configs/backup.nix +++ /dev/null @@ -1,109 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: { - krebs.backup.plans = { - } // mapAttrs (_: recursiveUpdate { - snapshots = { - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; - }) { - bu-home-xu = { - method = "push"; - src = { host = config.krebs.hosts.bu; path = "/home"; }; - dst = { host = config.krebs.hosts.xu; path = "/bku/bu-home"; }; - startAt = "05:20"; - }; - bu-home-zu = { - method = "push"; - src = { host = config.krebs.hosts.bu; path = "/home"; }; - dst = { host = config.krebs.hosts.zu; path = "/bku/bu-home"; }; - startAt = "05:25"; - }; - nomic-home-xu = { - method = "push"; - src = { host = config.krebs.hosts.nomic; path = "/home"; }; - dst = { host = config.krebs.hosts.xu; path = "/bku/nomic-home"; }; - startAt = "05:00"; - }; - nomic-home-zu = { - method = "push"; - src = { host = config.krebs.hosts.nomic; path = "/home"; }; - dst = { host = config.krebs.hosts.zu; path = "/bku/nomic-home"; }; - startAt = "04:20"; - }; - nomic-pull-querel-home = { - method = "pull"; - src = { host = config.krebs.hosts.querel; path = "/home"; }; - dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; }; - startAt = "22:00"; - }; - xu-home-bu = { - method = "push"; - src = { host = config.krebs.hosts.xu; path = "/home"; }; - dst = { host = config.krebs.hosts.bu; path = "/bku/xu-home"; }; - startAt = "04:50"; - }; - xu-home-nomic = { - method = "push"; - src = { host = config.krebs.hosts.xu; path = "/home"; }; - dst = { host = config.krebs.hosts.nomic; path = "/fs/cis3hG/bku/xu-home"; }; - startAt = "05:20"; - }; - xu-home-zu = { - method = "push"; - src = { host = config.krebs.hosts.xu; path = "/home"; }; - dst = { host = config.krebs.hosts.zu; path = "/bku/xu-home"; }; - startAt = "06:20"; - }; - xu-pull-ni-ejabberd = { - method = "pull"; - src = { host = config.krebs.hosts.ni; path = "/var/lib/ejabberd"; }; - dst = { host = config.krebs.hosts.xu; path = "/bku/ni-ejabberd"; }; - startAt = "07:00"; - }; - xu-pull-ni-home = { - method = "pull"; - src = { host = config.krebs.hosts.ni; path = "/home"; }; - dst = { host = config.krebs.hosts.xu; path = "/bku/ni-home"; }; - startAt = "07:00"; - }; - zu-home-xu = { - method = "push"; - src = { host = config.krebs.hosts.zu; path = "/home"; }; - dst = { host = config.krebs.hosts.xu; path = "/bku/zu-home"; }; - startAt = "05:00"; - }; - zu-pull-ni-ejabberd = { - method = "pull"; - src = { host = config.krebs.hosts.ni; path = "/var/lib/ejabberd"; }; - dst = { host = config.krebs.hosts.zu; path = "/bku/ni-ejabberd"; }; - startAt = "06:00"; - }; - zu-pull-ni-home = { - method = "pull"; - src = { host = config.krebs.hosts.ni; path = "/home"; }; - dst = { host = config.krebs.hosts.zu; path = "/bku/ni-home"; }; - startAt = "06:30"; - }; - } // mapAttrs (_: recursiveUpdate { - snapshots = { - minutely = { format = "%Y-%m-%dT%H:%M"; retain = 3; }; - hourly = { format = "%Y-%m-%dT%H"; retain = 3; }; - daily = { format = "%Y-%m-%d"; retain = 3; }; - }; - startAt = null; - }) { - xu-test-push-xu = { - method = "push"; - src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; }; - dst = { host = config.krebs.hosts.xu; path = "/bku/xu-test-push"; }; - }; - xu-test-pull-xu = { - method = "pull"; - src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; }; - dst = { host = config.krebs.hosts.xu; path = "/bku/xu-test-pull"; }; - }; - }; -} diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix deleted file mode 100644 index 57801d964..000000000 --- a/tv/2configs/bash/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: { - programs.bash = { - interactiveShellInit = /* sh */ '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - HISTTIMEFORMAT= - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - - case $UID in - ${shell.escape (toString config.krebs.users.tv.uid)}) - if test ''${SHLVL-1} = 1 && test -n "''${DISPLAY-}"; then - _CURRENT_DESKTOP_NAME=''${_CURRENT_DESKTOP_NAME-$( - ${pkgs.xorg.xprop}/bin/xprop -notype -root \ - 32i _NET_CURRENT_DESKTOP \ - 8s _NET_DESKTOP_NAMES \ - | - ${pkgs.gnused}/bin/sed -r 's/.* = //;s/"//g;s/, /\a/g' | - { - read -r _NET_CURRENT_DESKTOP - IFS=$'\a' read -ra _NET_DESKTOP_NAMES - echo "''${_NET_DESKTOP_NAMES[$_NET_CURRENT_DESKTOP]}" - } - )} - case $_CURRENT_DESKTOP_NAME in - stockholm) - cd ~/stockholm - ;; - esac - fi - - export NIX_PATH="stockholm=$HOME/stockholm:$NIX_PATH" - ;; - esac - - ${pkgs.bash-fzf-history.bind} - - if test -n "''${BASH_EXTRA_INIT-}"; then - . "$BASH_EXTRA_INIT" - fi - ''; - promptInit = /* sh */ '' - case $UID in - 0) - PS1='\[\e[1;31m\]\w\[\e[0m\] ' - ;; - ${toString config.krebs.build.user.uid}) - PS1='\[\e[1;32m\]\w\[\e[0m\] ' - ;; - *) - PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' - ;; - esac - if test -n "$SSH_CLIENT"; then - PS1='\[\e[35m\]\h'" $PS1" - fi - if test -n "$SSH_AGENT_PID"; then - PS1="ssh-agent[$SSH_AGENT_PID] $PS1" - fi - ''; - }; -} diff --git a/tv/2configs/bash/lib b/tv/2configs/bash/lib deleted file mode 120000 index dc598c56d..000000000 --- a/tv/2configs/bash/lib +++ /dev/null @@ -1 +0,0 @@ -../lib
\ No newline at end of file diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix deleted file mode 100644 index 5b4e75107..000000000 --- a/tv/2configs/binary-cache/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: with import ./lib; -{ - environment.etc."binary-cache.pubkey".text = - config.krebs.build.host.binary-cache.pubkey; - - nixpkgs.overlays = [ - (self: super: { - nix-serve = self.haskellPackages.nix-serve-ng; - }) - ]; - - services.nix-serve = { - enable = true; - secretKeyFile = "${config.krebs.secret.directory}/nix-serve.key"; - }; - - services.nginx = { - enable = true; - virtualHosts.nix-serve = { - serverAliases = [ - "cache.${config.krebs.build.host.name}.hkw" - "cache.${config.krebs.build.host.name}.r" - ]; - locations."/".extraConfig = '' - proxy_pass http://localhost:${toString config.services.nix-serve.port}; - ''; - }; - }; -} diff --git a/tv/2configs/binary-cache/lib b/tv/2configs/binary-cache/lib deleted file mode 120000 index dc598c56d..000000000 --- a/tv/2configs/binary-cache/lib +++ /dev/null @@ -1 +0,0 @@ -../lib
\ No newline at end of file diff --git a/tv/2configs/br.nix b/tv/2configs/br.nix deleted file mode 100644 index 47d657c46..000000000 --- a/tv/2configs/br.nix +++ /dev/null @@ -1,49 +0,0 @@ -with import ./lib; -{ config, modulesPath, pkgs, ... }: { - - imports = [ - (modulesPath + "/services/hardware/sane_extra_backends/brscan4.nix") - ]; - - krebs.nixpkgs.allowUnfreePredicate = pkg: any (eq (packageName pkg)) [ - "brother-udev-rule-type1" - "brscan4" - "brscan4-etc-files" - "mfcl2700dnlpr" - ]; - - hardware.sane = { - enable = true; - brscan4 = { - enable = true; - netDevices = { - bra = { - model = "MFCL2700DN"; - ip = "10.23.1.214"; - }; - }; - }; - }; - - services.saned.enable = true; - - # usage: scanimage -d "$(find-scanner bra)" --batch --format=tiff --resolution 150 -x 211 -y 298 - environment.systemPackages = [ - (pkgs.writeDashBin "find-scanner" '' - set -efu - name=$1 - ${pkgs.sane-backends}/bin/scanimage -f '%m %d - ' \ - | ${pkgs.gawk}/bin/awk -v dev="*$name" '$1 == dev { print $2; exit }' \ - | ${pkgs.gnugrep}/bin/grep . - '') - ]; - - services.printing = { - enable = true; - drivers = [ - pkgs.mfcl2700dncupswrapper - ]; - }; - -} diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix deleted file mode 100644 index 91aad54cf..000000000 --- a/tv/2configs/default.nix +++ /dev/null @@ -1,137 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: { - boot.tmpOnTmpfs = true; - - krebs.enable = true; - - krebs.build.user = config.krebs.users.tv; - - networking.hostId = mkDefault (hashToLength 8 config.networking.hostName); - networking.hostName = config.krebs.build.host.name; - - imports = [ - ./backup.nix - ./bash - ./htop.nix - ./nets/hkw.nix - ./networkd.nix - ./nginx - ./nix.nix - ./pki - ./ssh.nix - ./sshd.nix - ./vim.nix - ./xdg.nix - { - users = { - defaultUserShell = "/run/current-system/sw/bin/bash"; - mutableUsers = false; - users = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; - }; - tv = { - inherit (config.krebs.users.tv) home uid; - isNormalUser = true; - extraGroups = [ "tv" ]; - }; - }; - }; - } - { - i18n.defaultLocale = mkDefault "C.UTF-8"; - security.sudo.extraConfig = '' - Defaults env_keep+="SSH_CLIENT _CURRENT_DESKTOP_NAME" - Defaults mailto="${config.krebs.users.tv.mail}" - Defaults !lecture - ''; - time.timeZone = "Europe/Berlin"; - } - - { - nixpkgs.config.allowUnfree = false; - } - { - environment.homeBinInPath = true; - - environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ]; - - environment.systemPackages = with pkgs; [ - rxvt_unicode.terminfo - ]; - - environment.shellAliases = mkForce { - gp = "${pkgs.pari}/bin/gp -q"; - df = "df -h"; - du = "du -h"; - - # TODO alias cannot contain #\' - # "ps?" = "ps ax | head -n 1;ps ax | fgrep -v ' grep --color=auto ' | grep"; - - ls = "ls -h --color=auto --group-directories-first"; - dmesg = "dmesg -L --reltime"; - view = "vim -R"; - }; - - environment.variables = { - NIX_PATH = mkForce (concatStringsSep ":" [ - "secrets=/var/src/stockholm/null" - "/var/src" - ]); - }; - } - - { - services.cron.enable = false; - services.ntp.enable = false; - services.timesyncd.enable = true; - } - - { - boot.kernel.sysctl = { - # Enable IPv6 Privacy Extensions - # - # XXX use mkForce here because since NixOS 21.11 there's a collision in - # net.ipv6.conf.default.use_tempaddr, and boot.kernel.sysctl incapable - # of merging. - # - # XXX net.ipv6.conf.all.use_tempaddr is set because it was mentioned in - # https://tldp.org/HOWTO/Linux+IPv6-HOWTO/ch06s05.html - # TODO check if that is really necessary, otherwise we can rely solely - # on networking.tempAddresses in the future (when nothing is <21.11) - "net.ipv6.conf.all.use_tempaddr" = mkForce 2; - "net.ipv6.conf.default.use_tempaddr" = mkForce 2; - }; - } - - { - tv.iptables.enable = true; - tv.iptables.accept-echo-request = "internet"; - } - - { - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - } - - { - environment.systemPackages = [ - pkgs.field - pkgs.get - pkgs.git - pkgs.git-crypt - pkgs.git-preview - pkgs.hashPassword - pkgs.htop - pkgs.kpaste - pkgs.nix-prefetch-scripts - pkgs.ovh-zone - pkgs.push - ]; - } - ]; -} diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix deleted file mode 100644 index caea18802..000000000 --- a/tv/2configs/elm-packages-proxy.nix +++ /dev/null @@ -1,359 +0,0 @@ -{ config, lib, pkgs, ... }: let - - cfg.nameserver = "1.1.1.1"; - cfg.packageDir = "/var/lib/elm-packages"; - cfg.port = 7782; - - # TODO secret files - cfg.htpasswd = "/var/lib/certs/package.elm-lang.org/htpasswd"; - cfg.sslCertificate = "/var/lib/certs/package.elm-lang.org/fullchain.pem"; - cfg.sslCertificateKey = "/var/lib/certs/package.elm-lang.org/key.pem"; - - semverRegex = - "(?<major>0|[1-9]\\d*)\\.(?<minor>0|[1-9]\\d*)\\.(?<patch>0|[1-9]\\d*)(?:-(?<prerelease>(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+(?<buildmetadata>[0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?"; - -in { - services.nginx.virtualHosts."package.elm-lang.org" = { - addSSL = true; - - sslCertificate = cfg.sslCertificate; - sslCertificateKey = cfg.sslCertificateKey; - - locations."/all-packages".extraConfig = '' - proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; - proxy_pass_header Server; - ''; - - locations."/all-packages/since/".extraConfig = '' - proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; - proxy_pass_header Server; - ''; - - locations."~ ^/packages/(?<author>[A-Za-z0-9-]+)/(?<pname>[A-Za-z0-9-]+)/(?<version>${semverRegex})\$".extraConfig = '' - auth_basic "Restricted Area"; - auth_basic_user_file ${cfg.htpasswd}; - - proxy_set_header X-User $remote_user; - proxy_set_header X-Author $author; - proxy_set_header X-Package $pname; - proxy_set_header X-Version $version; - proxy_pass_header Server; - - proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; - ''; - - locations."~ ^/packages/(?<author>[A-Za-z0-9-]+)/(?<pname>[A-Za-z0-9-]+)/(?<version>${semverRegex})/(?:zipball|elm.json|endpoint.json)\$".extraConfig = '' - set $zipball "${cfg.packageDir}/$author/$pname/$version/zipball"; - proxy_set_header X-Author $author; - proxy_set_header X-Package $pname; - proxy_set_header X-Version $version; - proxy_set_header X-Zipball $zipball; - proxy_pass_header Server; - resolver ${cfg.nameserver}; - - if (-f $zipball) { - set $new_uri http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; - } - if (!-f $zipball) { - set $new_uri https://package.elm-lang.org$request_uri; - } - - proxy_pass $new_uri; - ''; - - locations."/search.json".extraConfig = '' - proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; - proxy_pass_header Server; - ''; - }; - - krebs.htgen.elm-packages-proxy = { - port = cfg.port; - script = /* sh */ ''. ${pkgs.writeDash "elm-packages-proxy.sh" '' - PATH=${lib.makeBinPath [ - pkgs.attr - pkgs.coreutils - pkgs.curl - pkgs.findutils - pkgs.gnugrep - pkgs.jq - pkgs.p7zip - ]} - export PATH - file_response() {( - status_code=$1 - status_reason=$2 - file=$3 - content_type=$4 - - content_length=$(wc -c "$file" | cut -d\ -f1) - - printf "HTTP/1.1 $status_code $status_reason\r\n" - printf 'Connection: close\r\n' - printf 'Content-Length: %d\r\n' "$content_length" - printf 'Content-Type: %s\r\n' "$content_type" - printf 'Server: %s\r\n' "$Server" - printf '\r\n' - cat "$file" - )} - string_response() {( - status_code=$1 - status_reason=$2 - response_body=$3 - content_type=$4 - - printf "HTTP/1.1 $status_code $status_reason\r\n" - printf 'Connection: close\r\n' - printf 'Content-Length: %d\r\n' "$(expr ''${#response_body} + 1)" - printf 'Content-Type: %s\r\n' "$content_type" - printf 'Server: %s\r\n' "$Server" - printf '\r\n' - printf '%s\n' "$response_body" - )} - - case "$Method $Request_URI" in - 'GET /packages/'*) - - author=$req_x_author - pname=$req_x_package - version=$req_x_version - - zipball=${cfg.packageDir}/$author/$pname/$version/zipball - elmjson=$HOME/cache/$author%2F$pname%2F$version%2Felm.json - endpointjson=$HOME/cache/$author%2F$pname%2F$version%2Fendpoint.json - mkdir -p "$HOME/cache" - - case $(basename $Request_URI) in - zipball) - file_response 200 OK "$zipball" application/zip - exit - ;; - elm.json) - if ! test -f "$elmjson"; then - 7z x -so "$zipball" \*/elm.json > "$elmjson" - fi - file_response 200 OK "$elmjson" 'application/json; charset=UTF-8' - exit - ;; - endpoint.json) - if ! test -f "$endpointjson"; then - hash=$(sha1sum "$zipball" | cut -d\ -f1) - url=https://package.elm-lang.org/packages/$author/$pname/$version/zipball - jq -n \ - --arg hash "$hash" \ - --arg url "$url" \ - '{ $hash, $url }' \ - > "$endpointjson" - fi - file_response 200 OK "$endpointjson" 'application/json; charset=UTF-8' - exit - ;; - esac - ;; - 'POST /packages/'*) - - author=$req_x_author - pname=$req_x_package - user=$req_x_user - version=$req_x_version - - action=uploading - force=''${req_x_force-false} - zipball=${cfg.packageDir}/$author/$pname/$version/zipball - elmjson=$HOME/cache/$author%2F$pname%2F$version%2Felm.json - endpointjson=$HOME/cache/$author%2F$pname%2F$version%2Fendpoint.json - - if test -e "$zipball"; then - if test "$force" = true; then - zipball_owner=$(attr -q -g X-User "$zipball" || :) - if test "$zipball_owner" = "$req_x_user"; then - action=replacing - rm -f "$elmjson" - rm -f "$endpointjson"< |