summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/Reaktor.nix2
-rw-r--r--krebs/3modules/bepasty-server.nix4
-rw-r--r--krebs/3modules/fetchWallpaper.nix2
-rw-r--r--krebs/3modules/lass/default.nix134
-rw-r--r--krebs/3modules/realwallpaper.nix185
-rw-r--r--krebs/3modules/tinc_graphs.nix2
-rw-r--r--krebs/5pkgs/simple/realwallpaper/default.nix24
-rw-r--r--lass/1systems/archprism/config.nix276
-rw-r--r--lass/1systems/cabal/config.nix16
-rw-r--r--lass/1systems/cabal/physical.nix12
-rw-r--r--lass/1systems/icarus/config.nix4
-rw-r--r--lass/1systems/mors/config.nix5
-rw-r--r--lass/1systems/prism/config.nix68
-rw-r--r--lass/1systems/prism/physical.nix5
-rw-r--r--lass/1systems/shodan/config.nix3
-rw-r--r--lass/1systems/skynet/config.nix1
-rw-r--r--lass/1systems/yellow/config.nix140
-rw-r--r--lass/1systems/yellow/physical.nix8
-rw-r--r--lass/2configs/baseX.nix6
-rw-r--r--lass/2configs/binary-cache/server.nix1
-rw-r--r--lass/2configs/blue-host.nix1
-rw-r--r--lass/2configs/downloading.nix65
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/mail.nix10
-rw-r--r--lass/2configs/radio.nix3
-rw-r--r--lass/2configs/tests/dummy-secrets/nordvpn.txt0
-rw-r--r--lass/2configs/websites/fritz.nix70
-rw-r--r--lass/2configs/websites/lassulus.nix22
-rw-r--r--lass/3modules/xjail.nix2
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix21
-rw-r--r--lass/5pkgs/emot-menu/default.nix31
-rw-r--r--lass/5pkgs/fzfmenu/default.nix45
-rw-r--r--lib/default.nix5
33 files changed, 612 insertions, 562 deletions
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix
index 677b6f7b8..669483f3c 100644
--- a/krebs/3modules/Reaktor.nix
+++ b/krebs/3modules/Reaktor.nix
@@ -8,7 +8,7 @@ let
out = {
options.krebs.Reaktor = api;
- config = imp;
+ config = mkIf (cfg != {}) imp;
};
api = mkOption {
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index dd29a4e17..e12367b7c 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -143,12 +143,12 @@ let
) cfg.servers;
users.extraUsers.bepasty = {
- uid = genid "bepasty";
+ uid = genid_uint31 "bepasty";
group = "bepasty";
home = "/var/lib/bepasty-server";
};
users.extraGroups.bepasty = {
- gid = genid "bepasty";
+ gid = genid_uint31 "bepasty";
};
};
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index 5a5065565..e89b86e32 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -53,7 +53,7 @@ let
imp = {
users.users.fetchWallpaper = {
name = "fetchWallpaper";
- uid = genid "fetchWallpaper";
+ uid = genid_uint31 "fetchWallpaper";
description = "fetchWallpaper user";
home = cfg.stateDir;
createHome = true;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 836ecb3f6..44417f006 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -409,6 +409,66 @@ with import <stockholm/lib>;
};
};
};
+ scardanelli = {
+ monitoring = false;
+ ci = false;
+ external = true;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.2.2";
+ ip6.addr = "42:2:5ca:da:3111::1";
+ aliases = [
+ "scardanelli.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
+ MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
+ UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
+ kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
+ gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
+ we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
+ QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
+ SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
+ 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
+ m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
+ FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
+ lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ homeros = {
+ monitoring = false;
+ ci = false;
+ external = true;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.2.1";
+ ip6.addr = "42:2::0:3:05::1";
+ aliases = [
+ "homeros.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
+ ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
+ 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
+ RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
+ vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
+ +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
+ QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
+ fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
+ VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
+ k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
+ gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
+ mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
turingmachine = {
monitoring = false;
ci = false;
@@ -644,47 +704,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
};
- cabal = {
- cores = 2;
- nets = rec {
- retiolum = {
- ip4.addr = "10.243.1.4";
- ip6.addr = "42::1:4";
- aliases = [
- "cabal.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
- SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
- rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
- qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
- LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
- rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
- 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
- fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
- yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
- kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
- KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
- TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
- oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
- TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
- 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD
- rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
- 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
- luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
- w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
- 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
- K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
- ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- secure = true;
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
- };
red = {
monitoring = false;
cores = 1;
@@ -716,6 +735,36 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
};
+ yellow = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.14";
+ ip6.addr = "42:0:0:0:0:0:0:14";
+ aliases = [
+ "yellow.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
+ MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY
+ b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU
+ Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd
+ OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP
+ vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6
+ C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp
+ Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU
+ 52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg
+ zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p
+ DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ
+ Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
+ };
blue = {
cores = 1;
nets = {
@@ -789,9 +838,6 @@ with import <stockholm/lib>;
mail = "lass@daedalus.r";
pubkey = builtins.readFile ./ssh/daedalus.rsa;
};
- fritz = {
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
- };
prism-repo-sync = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
mail = "lass@prism.r";
diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index 044811c7d..cb940efef 100644
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -77,7 +77,190 @@ let
serviceConfig = {
Type = "simple";
- ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh";
+ ExecStart = pkgs.writeDash "generate-wallpaper" ''
+ set -xeuf
+
+ # usage: getimg FILENAME URL
+ fetch() {
+ echo "fetch $1"
+ curl -LsS -z "$1" -o "$1" "$2"
+ }
+
+ # usage: check_type FILENAME TYPE
+ check_type() {
+ if ! file -ib "$1" | grep -q "^$2/"; then
+ echo "$1 is not of type $2" >&2
+ rm "$1"
+ return 1
+ fi
+ }
+
+ # usage: image_size FILENAME
+ image_size() {
+ identify "$1" | awk '{print$3}'
+ }
+
+ # usage: make_mask DST SRC MASK
+ make_layer() {
+ if needs_rebuild "$@"; then
+ echo "make $1 (apply mask)" >&2
+ convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1"
+ fi
+ }
+
+ # usage: flatten DST HILAYER LOLAYER
+ flatten() {
+ if needs_rebuild "$@"; then
+ echo "make $1 (flatten)" >&2
+ composite "$2" "$3" "$1"
+ fi
+ }
+
+ # usage: needs_rebuild DST SRC...
+ needs_rebuild() {
+ a="$1"
+ shift
+ if ! test -e "$a"; then
+ #echo " $a does not exist" >&2
+ result=0
+ else
+ result=1
+ for b; do
+ if test "$b" -nt "$a"; then
+ #echo " $b is newer than $a" >&2
+ result=0
+ fi
+ done
+ fi
+ #case $result in
+ # 0) echo "$a needs rebuild" >&2;;
+ #esac
+ return $result
+ }
+
+ main() {
+ cd ${cfg.workingDir}
+
+ # fetch source images in parallel
+ fetch nightmap-raw.jpg \
+ ${cfg.nightmap} &
+ fetch daymap-raw.png \
+ ${cfg.daymap} &
+ fetch clouds-raw.jpg \
+ ${cfg.cloudmap} &
+ fetch marker.json \
+ ${cfg.marker} &
+ wait
+
+ check_type nightmap-raw.jpg image
+ check_type daymap-raw.png image
+ check_type clouds-raw.jpg image
+
+ in_size=2048x1024
+ xplanet_out_size=1466x1200
+ out_geometry=1366x768+100+160
+
+ nightsnow_color='#0c1a49' # nightmap
+
+ for raw in \
+ nightmap-raw.jpg \
+ daymap-raw.png \
+ clouds-raw.jpg \
+ ;
+ do
+ normal=''${raw%-raw.*}.png
+ if needs_rebuild $normal $raw; then
+ echo "make $normal; normalize $raw" >&2
+ convert $raw -scale $in_size $normal
+ fi
+ done
+
+ # create nightmap-fullsnow
+ if needs_rebuild nightmap-fullsnow.png; then
+ convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png
+ fi
+
+ # extract daymap-snowmask from daymap-final
+ if needs_rebuild daymap-snowmask.png daymap.png; then
+ convert daymap.png -threshold 95% daymap-snowmask.png
+ fi
+
+ # extract nightmap-lightmask from nightmap
+ if needs_rebuild nightmap-lightmask.png nightmap.png; then
+ convert nightmap.png -threshold 25% nightmap-lightmask.png
+ fi
+
+ # create layers
+ make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png
+ make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png
+
+ # apply layers
+ flatten nightmap-lightsnowlayer.png \
+ nightmap-lightlayer.png \
+ nightmap-snowlayer.png
+
+ flatten nightmap-final.png \
+ nightmap-lightsnowlayer.png \
+ nightmap.png
+
+ # create marker file from json
+ if [ -s marker.json ]; then
+ jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file
+ fi
+
+ # make all unmodified files as final
+ for normal in \
+ daymap.png \
+ clouds.png \
+ ;
+ do
+ final=''${normal%.png}-final.png
+ needs_rebuild $final &&
+ ln $normal $final
+ done
+
+ # rebuild every time to update shadow
+ xplanet --num_times 1 --geometry $xplanet_out_size \
+ --output xplanet-output.png --projection merc \
+ -config ${pkgs.writeText "xplanet.config" ''
+ [earth]
+ "Earth"
+ map=daymap-final.png
+ night_map=nightmap-final.png
+ cloud_map=clouds-final.png
+ cloud_threshold=10
+ shade=15
+ ''}
+
+ xplanet --num_times 1 --geometry $xplanet_out_size \
+ --output xplanet-krebs-output.png --projection merc \
+ -config ${pkgs.writeText "xplanet-krebs.config" ''
+ [earth]
+ "Earth"
+ map=daymap-final.png
+ night_map=nightmap-final.png
+ cloud_map=clouds-final.png
+ cloud_threshold=10
+ marker_file=marker_file
+ shade=15
+ ''}
+
+ # trim xplanet output
+ if needs_rebuild realwallpaper.png xplanet-output.png; then
+ convert xplanet-output.png -crop $out_geometry \
+ realwallpaper-tmp.png
+ mv realwallpaper-tmp.png realwallpaper.png
+ fi
+
+ if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then
+ convert xplanet-krebs-output.png -crop $out_geometry \
+ realwallpaper-krebs-tmp.png
+ mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png
+ fi
+ }
+
+ main "$@"
+ '';
User = "realwallpaper";
};
};
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index 8390eccbb..486a0c9cc 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -124,7 +124,7 @@ let
};
users.extraUsers.tinc_graphs = {
- uid = genid "tinc_graphs";
+ uid = genid_uint31 "tinc_graphs";
home = "/var/spool/tinc_graphs";
};
services.nginx = mkIf cfg.nginx.enable {
diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix
deleted file mode 100644
index 7c9812117..000000000
--- a/krebs/5pkgs/simple/realwallpaper/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ stdenv, fetchgit, xplanet, imagemagick, curl, file }:
-
-stdenv.mkDerivation {
- name = "realwallpaper";
-
- src = fetchgit {
- url = https://github.com/Lassulus/realwallpaper;
- rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0";
- sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr";
- };
-
- phases = [
- "unpackPhase"
- "installPhase"
- ];
-
- buildInputs = [
- ];
-
- installPhase = ''
- mkdir -p $out
- cp realwallpaper.sh $out/realwallpaper.sh
- '';
-}
diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
index bed8961b8..0a2ab1611 100644
--- a/lass/1systems/archprism/config.nix
+++ b/lass/1systems/archprism/config.nix
@@ -6,26 +6,10 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/libvirt.nix>
- {
- services.nginx.enable = true;
- imports = [
- <stockholm/lass/2configs/websites/domsen.nix>
- <stockholm/lass/2configs/websites/lassulus.nix>
- ];
- # needed by domsen.nix ^^
- lass.usershadow = {
- enable = true;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
- ];
- }
{ # TODO make new hfos.nix out of this vv
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
- uid = genid "riot";
+ uid = genid_uint31 "riot";
isNormalUser = true;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
@@ -42,153 +26,7 @@ with import <stockholm/lib>;
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
];
}
- {
- users.users.tv = {
- uid = genid "tv";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.tv.pubkey
- ];
- };
- users.users.makefu = {
- uid = genid "makefu";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.makefu.pubkey
- ];
- };
- users.extraUsers.dritter = {
- uid = genid "dritter";
- isNormalUser = true;
- extraGroups = [
- "download"
- ];
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
- ];
- };
- users.extraUsers.juhulian = {
- uid = 1339;
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
- ];
- };
- users.users.hellrazor = {
- uid = genid "hellrazor";
- isNormalUser = true;
- extraGroups = [
- "download"
- ];
- openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
- };
- }
- {
- #hotdog
- systemd.services."container@hotdog".reloadIfChanged = mkForce false;
- containers.hotdog = {
- config = { ... }: {
- imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = true;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.1";
- localAddress = "10.233.2.2";
- };
- }
- <stockholm/lass/2configs/exim-smarthost.nix>
- <stockholm/lass/2configs/ts3.nix>
- <stockholm/lass/2configs/privoxy-retiolum.nix>
- <stockholm/lass/2configs/radio.nix>
- <stockholm/lass/2configs/binary-cache/server.nix>
- <stockholm/lass/2configs/iodined.nix>
- <stockholm/lass/2configs/paste.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/monitoring/prometheus-server.nix>
- { # quasi bepasty.nix
- imports = [
- <stockholm/lass/2configs/bepasty.nix>
- ];
- krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
- if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
- return 403;
- }
- '';
- }
- {
- services.tor = {
- enable = true;
- };
- }
- {
- lass.ejabberd = {
- enable = true;
- hosts = [ "lassul.us" ];
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
- ];
- }
- {
- imports = [
- <stockholm/lass/2configs/realwallpaper.nix>
- ];
- services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
- alias /var/realwallpaper/realwallpaper.png;
- '';
- }
- {
- users.users.jeschli = {
- uid = genid "jeschli";
- isNormalUser = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- jeschli.pubkey
- jeschli-bln.pubkey
- jeschli-bolide.pubkey
- jeschli-brauerei.pubkey
- ];
- };
- krebs.git.rules = [
- {
- user = with config.krebs.users; [
- jeschli
- jeschli-bln
- jeschli-bolide
- jeschli-brauerei
- ];
- repo = [ config.krebs.git.repos.xmonad-stockholm ];
- perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ];
- }
- {
- user = with config.krebs.users; [
- jeschli
- jeschli-bln
- jeschli-bolide
- jeschli-brauerei
- ];
- repo = [ config.krebs.git.repos.stockholm ];
- perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ];
- }
- ];
- }
- {
- krebs.repo-sync.repos.stockholm.timerConfig = {
- OnBootSec = "5min";
- OnUnitInactiveSec = "2min";
- RandomizedDelaySec = "2min";
- };
- }
- <stockholm/lass/2configs/downloading.nix>
- <stockholm/lass/2configs/minecraft.nix>
{
services.taskserver = {
enable = true;
@@ -201,123 +39,11 @@ with import <stockholm/lib>;
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
];
}
- #<stockholm/lass/2configs/go.nix>
- {
- environment.systemPackages = [ pkgs.cryptsetup ];
- systemd.services."container@red".reloadIfChanged = mkForce false;
- containers.red = {
- config = { ... }: {
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.3";
- localAddress = "10.233.2.4";
- };
- services.nginx.virtualHosts."rote-allez-fraktion.de" = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- extraConfig = ''
- proxy_set_header Host rote-allez-fraktion.de;
- proxy_pass http://10.233.2.4;
- '';
- };
- };
- }
- #{
- # imports = [ <stockholm/lass/2configs/backup.nix> ];
- # lass.restic = genAttrs [
- # "daedalus"
- # "icarus"
- # "littleT"
- # "mors"
- # "shodan"
- # "skynet"
- # ] (dest: {
- # dirs = [
- # "/home/chat/.weechat"
- # "/bku/sql_dumps"
- # ];
- # passwordFile = (toString <secrets>) + "/restic/${dest}";
- # repo = "sftp:backup@${dest}.r:/backups/prism";
- # extraArguments = [
- # "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
- # ];
- # timerConfig = {
- # OnCalendar = "00: