From 79e5320e6b1da4d9d3569fe2b4f42c5d9db7c641 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 09:47:35 +0100 Subject: l: use genid_uint31 where needed --- lass/2configs/radio.nix | 3 +-- lass/2configs/websites/lassulus.nix | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 85faded14..987632cd1 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -5,7 +5,6 @@ with import ; let name = "radio"; mainUser = config.users.extraUsers.mainUser; - inherit (import ) genid; admin-password = import ; source-password = import ; @@ -31,7 +30,7 @@ in { "${name}" = rec { inherit name; group = name; - uid = genid name; + uid = genid_uint31 name; description = "radio manager"; home = "/home/${name}"; useDefaultShell = true; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 6470d86f7..17af0d00d 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -3,7 +3,7 @@ with lib; let inherit (import ) - genid + genid_uint31 ; in { @@ -22,7 +22,7 @@ in { krebs.tinc_graphs.enable = true; users.users.lass-stuff = { - uid = genid "lass-stuff"; + uid = genid_uint31 "lass-stuff"; description = "lassul.us blog cgi stuff"; home = "/var/empty"; }; @@ -124,7 +124,7 @@ in { }; users.users.blog = { - uid = genid "blog"; + uid = genid_uint31 "blog"; description = "lassul.us blog deployment"; home = "/srv/http/lassul.us"; useDefaultShell = true; -- cgit v1.2.3 From 9e632ce4905fe46d285ad36f0e5b8a90f5d53dfd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 16:54:00 +0100 Subject: l: add wirelum.nix --- lass/2configs/default.nix | 1 + lass/2configs/wirelum.nix | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 lass/2configs/wirelum.nix (limited to 'lass/2configs') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index a43113177..dea32d4d4 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -10,6 +10,7 @@ with import ; ./zsh.nix ./htop.nix ./security-workarounds.nix + ./wirelum.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/wirelum.nix b/lass/2configs/wirelum.nix new file mode 100644 index 000000000..cd8a20c6b --- /dev/null +++ b/lass/2configs/wirelum.nix @@ -0,0 +1,44 @@ +with import ; +{ config, pkgs, ... }: let + + self = config.krebs.build.host.nets.wirelum; + isRouter = !isNull self.via; + +in mkIf (hasAttr "wirelum" config.krebs.build.host.nets) { + #hack for modprobe inside containers + systemd.services."wireguard-wirelum".path = mkIf config.boot.isContainer (mkBefore [ + (pkgs.writeDashBin "modprobe" ":") + ]); + + boot.kernel.sysctl = mkIf isRouter { + "net.ipv6.conf.all.forwarding" = 1; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [ + { precedence = 1000; predicate = "-i wirelum -o wirelum"; target = "ACCEPT"; } + ]; + + networking.wireguard.interfaces.wirelum = { + ips = + (optional (!isNull self.ip4) self.ip4.addr) ++ + (optional (!isNull self.ip6) self.ip6.addr); + listenPort = 51820; + privateKeyFile = (toString ) + "/wirelum.key"; + allowedIPsAsRoutes = true; + peers = mapAttrsToList + (_: host: { + allowedIPs = if isRouter then + (optional (!isNull host.nets.wirelum.ip4) host.nets.wirelum.ip4.addr) ++ + (optional (!isNull host.nets.wirelum.ip6) host.nets.wirelum.ip6.addr) + else + host.nets.wirelum.wireguard.subnets + ; + endpoint = mkIf (!isNull host.nets.wirelum.via) (host.nets.wirelum.via.ip4.addr + ":${toString host.nets.wirelum.wireguard.port}"); + persistentKeepalive = mkIf (!isNull host.nets.wirelum.via) 61; + publicKey = host.nets.wirelum.wireguard.pubkey; + }) + (filterAttrs (_: h: hasAttr "wirelum" h.nets) config.krebs.hosts); + }; +} -- cgit v1.2.3 From 848ababbe1d050b12ca98da2ca713e7de7eca286 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:04:02 +0100 Subject: l: add more mails --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 1ee45bb41..1acfe5056 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -94,6 +94,7 @@ with import ; { from = "osmocom@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; } { from = "nordvpn@lassul.us"; to = lass.mail; } + { from = "csv-direct@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 72e9832f73ba27aafe0fe819d8dc160235222897 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:04:13 +0100 Subject: l games: add dolhinEmu to pkgs --- lass/2configs/games.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 49602898e..62e3f6d52 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -57,6 +57,7 @@ let in { environment.systemPackages = with pkgs; [ + dolphinEmu doom1 doom2 vdoom1 -- cgit v1.2.3 From dfa8e29fd82219849676244b3e90574cfaf7fe2c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:07:53 +0100 Subject: l: rebind capslock, enable libinput --- lass/2configs/baseX.nix | 4 ++-- lass/2configs/mouse.nix | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index d781f8c71..53d90ed7d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -97,9 +97,9 @@ in { enable = true; layout = "us"; display = mkForce 0; - xkbModel = "evdev"; xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; + xkbOptions = "caps:escape"; + libinput.enable = true; displayManager.lightdm.enable = true; windowManager.default = "xmonad"; windowManager.session = [{ diff --git a/lass/2configs/mouse.nix b/lass/2configs/mouse.nix index 098809d62..f5f9319ed 100644 --- a/lass/2configs/mouse.nix +++ b/lass/2configs/mouse.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { hardware.trackpoint = { enable = true; @@ -7,6 +7,7 @@ emulateWheel = true; }; + services.xserver.libinput.enable = lib.mkForce false; services.xserver.synaptics = { enable = true; horizEdgeScroll = false; -- cgit v1.2.3 From 4d44efa2fceda1308dbe8207e8fd0f122cd64e19 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Dec 2018 15:35:15 +0100 Subject: l: import network-manager only in mors --- lass/2configs/baseX.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 53d90ed7d..859a2a1b9 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,7 +9,6 @@ in { ./power-action.nix ./copyq.nix ./urxvt.nix - ./network-manager.nix { hardware.pulseaudio = { enable = true; -- cgit v1.2.3 From e1cbd678dfddb2033b5d56eb8bbd32763a6976b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 09:34:40 +0100 Subject: l blue: allow connections from wirelum --- lass/2configs/blue.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 4d4a92eb9..6dc2b1213 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -22,7 +22,9 @@ with (import ); krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-i wirelum -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";} + { predicate = "-i wirelum -p tcp --dport 9999"; target = "ACCEPT";} ]; systemd.services.chat = let -- cgit v1.2.3 From 19380cfd7096b203415995a40d0a53d606282e66 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 09:36:39 +0100 Subject: l browsers: use stable firefox --- lass/2configs/browsers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 425e0ee13..eaffdf623 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -45,7 +45,7 @@ let createFirefoxUser = name: groups: precedence: createUser (pkgs.writeDash name '' - ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + ${pkgs.firefox}/bin/firefox "$@" '') name groups precedence 80; createQuteUser = name: groups: precedence: -- cgit v1.2.3 From 42f9ff16452d7273dd8d1814758a2ae275751e7b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 09:37:37 +0100 Subject: l git: set announce to true --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 62173e33f..7650f4294 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -154,7 +154,7 @@ let public = true; }; - make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? false, hooks ? {}, ... }: { + make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? true, hooks ? {}, ... }: { inherit admins collaborators name; public = false; hooks = { -- cgit v1.2.3 From ea50add2ba55f0779d8e79c3d11cdba4b2bb9fcf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 14:38:05 +0100 Subject: l browsers: use ff more often --- lass/2configs/browsers.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index eaffdf623..d214e224d 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -89,8 +89,8 @@ in { })); }; } - ( createQuteUser "qb" [ "audio" ] 20 ) - ( createFirefoxUser "ff" [ "audio" ] 10 ) + ( createFirefoxUser "ff" [ "audio" ] 11 ) + ( createQuteUser "qb" [ "audio" ] 10 ) ( createChromiumUser "cr" [ "audio" "video" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) ( createChromiumUser "wk" [ "audio" ] 0 ) -- cgit v1.2.3 From 9e464d988859395466543d62f94b71229791628d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 14:38:24 +0100 Subject: l mail: don't autosign with gpg --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 36e797a96..21b9d7b49 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -82,7 +82,7 @@ let source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc set pgp_use_gpg_agent = yes set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D - set crypt_autosign = yes + set crypt_autosign = no set crypt_replyencrypt = yes set crypt_verify_sig = yes set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f" -- cgit v1.2.3 From 24330950fe2bd31056e3ae1d58c1965c8a736f1f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 16:11:02 +0100 Subject: wirelum -> wiregrill --- lass/2configs/blue.nix | 4 ++-- lass/2configs/default.nix | 2 +- lass/2configs/wiregrill.nix | 44 ++++++++++++++++++++++++++++++++++++++++++++ lass/2configs/wirelum.nix | 44 -------------------------------------------- 4 files changed, 47 insertions(+), 47 deletions(-) create mode 100644 lass/2configs/wiregrill.nix delete mode 100644 lass/2configs/wirelum.nix (limited to 'lass/2configs') diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 6dc2b1213..cdd77e847 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -22,9 +22,9 @@ with (import ); krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-i wirelum -p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";} - { predicate = "-i wirelum -p tcp --dport 9999"; target = "ACCEPT";} + { predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";} ]; systemd.services.chat = let diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index dea32d4d4..62a42baf9 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -10,7 +10,7 @@ with import ; ./zsh.nix ./htop.nix ./security-workarounds.nix - ./wirelum.nix + ./wiregrill.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix new file mode 100644 index 000000000..b2ee35df3 --- /dev/null +++ b/lass/2configs/wiregrill.nix @@ -0,0 +1,44 @@ +with import ; +{ config, pkgs, ... }: let + + self = config.krebs.build.host.nets.wiregrill; + isRouter = !isNull self.via; + +in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { + #hack for modprobe inside containers + systemd.services."wireguard-wiregrill".path = mkIf config.boot.isContainer (mkBefore [ + (pkgs.writeDashBin "modprobe" ":") + ]); + + boot.kernel.sysctl = mkIf isRouter { + "net.ipv6.conf.all.forwarding" = 1; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [ + { precedence = 1000; predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; } + ]; + + networking.wireguard.interfaces.wiregrill = { + ips = + (optional (!isNull self.ip4) self.ip4.addr) ++ + (optional (!isNull self.ip6) self.ip6.addr); + listenPort = 51820; + privateKeyFile = (toString ) + "/wiregrill.key"; + allowedIPsAsRoutes = true; + peers = mapAttrsToList + (_: host: { + allowedIPs = if isRouter then + (optional (!isNull host.nets.wiregrill.ip4) host.nets.wiregrill.ip4.addr) ++ + (optional (!isNull host.nets.wiregrill.ip6) host.nets.wiregrill.ip6.addr) + else + host.nets.wiregrill.wireguard.subnets + ; + endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}"); + persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61; + publicKey = host.nets.wiregrill.wireguard.pubkey; + }) + (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts); + }; +} diff --git a/lass/2configs/wirelum.nix b/lass/2configs/wirelum.nix deleted file mode 100644 index cd8a20c6b..000000000 --- a/lass/2configs/wirelum.nix +++ /dev/null @@ -1,44 +0,0 @@ -with import ; -{ config, pkgs, ... }: let - - self = config.krebs.build.host.nets.wirelum; - isRouter = !isNull self.via; - -in mkIf (hasAttr "wirelum" config.krebs.build.host.nets) { - #hack for modprobe inside containers - systemd.services."wireguard-wirelum".path = mkIf config.boot.isContainer (mkBefore [ - (pkgs.writeDashBin "modprobe" ":") - ]); - - boot.kernel.sysctl = mkIf isRouter { - "net.ipv6.conf.all.forwarding" = 1; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [ - { precedence = 1000; predicate = "-i wirelum -o wirelum"; target = "ACCEPT"; } - ]; - - networking.wireguard.interfaces.wirelum = { - ips = - (optional (!isNull self.ip4) self.ip4.addr) ++ - (optional (!isNull self.ip6) self.ip6.addr); - listenPort = 51820; - privateKeyFile = (toString ) + "/wirelum.key"; - allowedIPsAsRoutes = true; - peers = mapAttrsToList - (_: host: { - allowedIPs = if isRouter then - (optional (!isNull host.nets.wirelum.ip4) host.nets.wirelum.ip4.addr) ++ - (optional (!isNull host.nets.wirelum.ip6) host.nets.wirelum.ip6.addr) - else - host.nets.wirelum.wireguard.subnets - ; - endpoint = mkIf (!isNull host.nets.wirelum.via) (host.nets.wirelum.via.ip4.addr + ":${toString host.nets.wirelum.wireguard.port}"); - persistentKeepalive = mkIf (!isNull host.nets.wirelum.via) 61; - publicKey = host.nets.wirelum.wireguard.pubkey; - }) - (filterAttrs (_: h: hasAttr "wirelum" h.nets) config.krebs.hosts); - }; -} -- cgit v1.2.3 From bb22dc7475a01b262f4102c9a7b9df96c1ed5708 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 16:31:57 +0100 Subject: l littleT: make into blue-host --- lass/2configs/blue-host.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 9cf294afd..718a92e9c 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -7,6 +7,7 @@ let "daedalus" "skynet" "prism" + "littleT" ]; remote_hosts = filter (h: h != config.networking.hostName) all_hosts; -- cgit v1.2.3 From e9907ee8a8433904026bf1c54edd7f79ab0c49a3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 16:34:45 +0100 Subject: l baseX: add fzfmenu to pkgs --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 859a2a1b9..1b6a1d593 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -64,6 +64,7 @@ in { dic dmenu font-size + fzfmenu gitAndTools.qgit git-preview gnome3.dconf -- cgit v1.2.3 From 8705b4dbc8e8cf0c4e09c114daad3f96026520ab Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 16:36:13 +0100 Subject: l domsen: add klabusterbeere --- lass/2configs/websites/domsen.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 4935268a4..ce7df4bfb 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -126,6 +126,7 @@ in { { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } { from = "akayguen@freemonkey.art"; to ="akayguen"; } { from = "bui@freemonkey.art"; to ="bui"; } + { from = "kontakt@alewis.de"; to ="klabusterbeere"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -204,5 +205,12 @@ in { createHome = true; }; + users.users.klabusterbeere = { + uid = genid_uint31 "klabusterbeere"; + home = "/home/klabusterbeere"; + useDefaultShell = true; + createHome = true; + }; + } -- cgit v1.2.3