├── .gitignore ├── machines ├── charon │ ├── nginx │ │ ├── sites │ │ │ ├── coretto.io │ │ │ ├── jb55.com │ │ │ ├── npmrepo.com │ │ │ ├── wineparty.xyz │ │ │ └── hearpress.com │ │ ├── pokemap.nix │ │ └── default.nix │ ├── config │ │ └── default.nix │ ├── networking │ │ └── default.nix │ ├── hardware │ │ └── default.nix │ ├── vidstats │ │ └── default.nix │ ├── sheetzen │ │ └── default.nix │ ├── dovecot │ │ └── filters.sieve │ └── default.nix ├── quiver │ ├── config │ │ └── default.nix │ ├── timers │ │ ├── default.nix │ │ └── archer-cookies │ │ │ └── default.nix │ ├── networking │ │ └── default.nix │ ├── hardware-configuration.nix │ └── default.nix ├── archer │ ├── config │ │ └── default.nix │ ├── nginx │ │ ├── nix-serve.nix │ │ ├── sites │ │ │ └── local │ │ ├── hoogle.nix │ │ ├── git.nix │ │ └── default.nix │ ├── payments-runner │ │ └── default.nix │ ├── trendbot │ │ └── default.nix │ ├── transaction-bot │ │ └── default.nix │ ├── cogs-bot │ │ └── default.nix │ ├── bandcamp-sales-bot │ │ └── default.nix │ ├── youtube-sales-bot │ │ └── default.nix │ ├── shopify-sales-bot │ │ └── default.nix │ ├── youtube-pub-sales-bot │ │ └── default.nix │ ├── fail-notifier │ │ └── default.nix │ ├── tunecore-sales-bot │ │ └── default.nix │ ├── beatport-sales-bot │ │ └── default.nix │ ├── itunes-bots │ │ └── default.nix │ ├── hardware │ │ └── default.nix │ ├── backups │ │ ├── wiki.nix │ │ ├── default.nix │ │ └── git.nix │ ├── payments-server │ │ └── default.nix │ └── default.nix └── monad │ ├── config │ └── default.nix │ ├── hardware │ └── default.nix │ ├── bitcoin.nix │ ├── nginx │ └── default.nix │ ├── networking │ └── default.nix │ └── default.nix ├── services ├── pokemongo-map │ ├── requirements_override.nix │ ├── requirements.nix │ ├── default.nix │ └── requirements_generated.nix ├── default.nix ├── mailz │ ├── opensmtpd.diff │ ├── opensmtpd.nix │ ├── proc_path.diff │ └── default.nix ├── fail-notifier │ └── default.nix ├── hoogle │ └── default.nix ├── footswitch │ └── default.nix └── desktop │ ├── networking │ └── default.nix │ └── default.nix ├── misc ├── util.nix ├── msmtp │ └── default.nix ├── dnsmasq-adblock.nix ├── git-server.nix └── imap-notifier │ └── default.nix ├── nixpkgs ├── haskell-overrides │ ├── default.nix │ ├── massager-service.nix │ ├── monstercat-backend.nix │ └── payment.nix ├── scripts │ ├── ds4ctl │ │ └── default.nix │ ├── footswitch │ │ ├── default.nix │ │ └── patch.diff │ └── ical2org │ │ └── default.nix ├── clipmenu │ └── default.nix ├── dotfiles.nix └── config.nix ├── networking └── default.nix ├── certs ├── default.nix ├── flynn-dev.cer └── flynn-prod.cer ├── hardware-configuration.nix ├── environment ├── default.nix └── desktop │ └── default.nix ├── wayland └── default.nix ├── timers └── sync-ical2org.nix ├── hardware └── desktop │ └── default.nix ├── configuration.nix └── fonts └── default.nix /.gitignore: -------------------------------------------------------------------------------- 1 | private.nix -------------------------------------------------------------------------------- /machines/charon/nginx/sites/coretto.io: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /machines/charon/nginx/sites/jb55.com: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /machines/charon/config/default.nix: -------------------------------------------------------------------------------- 1 | pkgs: {} 2 | -------------------------------------------------------------------------------- /machines/quiver/config/default.nix: -------------------------------------------------------------------------------- 1 | 2 | pkgs: { 3 | sessionCommands = ""; 4 | } 5 | -------------------------------------------------------------------------------- /services/pokemongo-map/requirements_override.nix: -------------------------------------------------------------------------------- 1 | { pkgs, python }: 2 | 3 | self: super: { 4 | 5 | } 6 | -------------------------------------------------------------------------------- /machines/quiver/timers/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | { 4 | imports = [ 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /machines/archer/config/default.nix: -------------------------------------------------------------------------------- 1 | pkgs: { 2 | sessionCommands = '' 3 | ${pkgs.xlibs.xset}/bin/xset m 0 0 4 | ''; 5 | } 6 | -------------------------------------------------------------------------------- /misc/util.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | { 3 | writeBash = fname: body: pkgs.writeScript fname '' 4 | #! ${pkgs.bash}/bin/bash 5 | ${body} 6 | ''; 7 | } 8 | -------------------------------------------------------------------------------- /nixpkgs/haskell-overrides/default.nix: -------------------------------------------------------------------------------- 1 | { monstercatPkgs }: 2 | pkgs: self: super: 3 | let overrideCabal = pkgs.haskell.lib.overrideCabal; 4 | in { 5 | } 6 | -------------------------------------------------------------------------------- /networking/default.nix: -------------------------------------------------------------------------------- 1 | machine: 2 | { config, lib, pkgs, ... }: 3 | { 4 | networking.hostName = machine; 5 | 6 | networking.firewall.allowPing = true; 7 | } 8 | -------------------------------------------------------------------------------- /machines/archer/nginx/nix-serve.nix: -------------------------------------------------------------------------------- 1 | config: 2 | let 3 | port = config.nix-serve.port; 4 | bind = config.ztip; 5 | localbind = config.nix-serve.bindAddress; 6 | in '' 7 | '' 8 | -------------------------------------------------------------------------------- /certs/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | let certs = [ ./flynn-dev.cer 3 | ./flynn-prod.cer 4 | ]; 5 | in { 6 | security.pki.certificates = map builtins.readFile certs; 7 | } 8 | -------------------------------------------------------------------------------- /machines/monad/config/default.nix: -------------------------------------------------------------------------------- 1 | pkgs: rec { 2 | hostId = "d7ee0243"; # needed for zfs 3 | ztip = "172.24.172.226"; 4 | nix-serve = { 5 | port = 10845; 6 | bindAddress = ztip; 7 | }; 8 | sessionCommands = '' 9 | ''; 10 | } 11 | -------------------------------------------------------------------------------- /machines/archer/payments-runner/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let 4 | monstercatpkgs = import {}; 5 | payments-processor = monstercatpkgs.payments-processor; 6 | payment-scripts = monstercatpkgs.payment-scripts; 7 | in 8 | { 9 | } 10 | -------------------------------------------------------------------------------- /machines/archer/nginx/sites/local: -------------------------------------------------------------------------------- 1 | 2 | server { 3 | listen 80; 4 | server_name archer.; 5 | root /www/jb55/public; 6 | index index.html index.htm; 7 | 8 | location / { 9 | try_files $uri $uri/ =404; 10 | } 11 | } 12 | 13 | server { 14 | listen 80; 15 | server_name www.archer.; 16 | return 301 https://archer.$request_uri; 17 | } -------------------------------------------------------------------------------- /hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config, lib, pkgs, ... }: 5 | 6 | { 7 | imports = [ ]; 8 | 9 | boot.loader.grub.version = 2; 10 | nix.maxJobs = 8; 11 | } 12 | -------------------------------------------------------------------------------- /misc/msmtp/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | { 4 | # services.mail.sendmailSetuidWrapper = { 5 | # program = "sendmail"; 6 | # source = lib.mkForce (extra.util.writeBash "sendmail" '' 7 | # ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C /home/jb55/.msmtprc -t "$@" 8 | # ''); 9 | # setuid = false; 10 | # setgid = false; 11 | # }; 12 | } 13 | -------------------------------------------------------------------------------- /machines/charon/nginx/sites/npmrepo.com: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name npmrepo.com www.npmrepo.com; 4 | 5 | location / { 6 | proxy_pass http://localhost:9676; 7 | proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 8 | proxy_redirect off; 9 | proxy_buffering off; 10 | proxy_set_header Host $host; 11 | proxy_set_header X-Real-IP $remote_addr; 12 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /machines/archer/nginx/hoogle.nix: -------------------------------------------------------------------------------- 1 | ztip: '' 2 | server { 3 | listen 80; 4 | server_name hoogle.zero.monster.cat; 5 | 6 | location / { 7 | proxy_pass http://localhost:8080; 8 | proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 9 | proxy_redirect off; 10 | proxy_buffering off; 11 | proxy_set_header Host $host; 12 | proxy_set_header X-Real-IP $remote_addr; 13 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 14 | } 15 | } 16 | '' -------------------------------------------------------------------------------- /machines/archer/trendbot/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | { 4 | systemd.user.services.trend-bot = { 5 | description = "tc trend bot"; 6 | 7 | wantedBy = [ "default.target" ]; 8 | after = [ "default.target" ]; 9 | 10 | environment = { 11 | TUNECORE_USER = extra.private.tc-user; 12 | TUNECORE_PASS = extra.private.tc-pass; 13 | }; 14 | 15 | serviceConfig.ExecStart = "${extra.import-scripts}/bin/trend-bot"; 16 | unitConfig.OnFailure = "notify-failed@%n.service"; 17 | 18 | startAt = "*-*-* 23:59:00"; 19 | }; 20 | } 21 | 22 | -------------------------------------------------------------------------------- /machines/archer/transaction-bot/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | { 4 | systemd.user.services.transaction-bot = { 5 | description = "tc transaction bot"; 6 | 7 | wantedBy = [ "default.target" ]; 8 | after = [ "default.target" ]; 9 | 10 | environment = { 11 | TUNECORE_USER = extra.private.tc-user; 12 | TUNECORE_PASS = extra.private.tc-pass; 13 | }; 14 | 15 | serviceConfig.ExecStart = "${extra.import-scripts}/bin/tunecore-transaction-bot"; 16 | unitConfig.OnFailure = "notify-failed@%n.service"; 17 | 18 | startAt = "*-*-* 01:00:00"; 19 | }; 20 | } 21 | 22 | -------------------------------------------------------------------------------- /nixpkgs/scripts/ds4ctl/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv, fetchFromGitHub }: 2 | 3 | stdenv.mkDerivation rec { 4 | name = "ds4ctl-${version}"; 5 | version = "0.6.4"; 6 | 7 | src = fetchFromGitHub { 8 | owner = "jb55"; 9 | repo = "ds4ctl"; 10 | rev = version; 11 | sha256 = "1zv905bhqxb1ksd96i6pwqq5ai1zkn3xf3xc3ky57cxgvb8p5c2a"; 12 | }; 13 | 14 | makeFlags = "PREFIX=$(out)"; 15 | 16 | buildInputs = [ ]; 17 | 18 | meta = with stdenv.lib; { 19 | description = "ds4ctl"; 20 | homepage = "https://github.com/jb55/ds4ctl"; 21 | maintainers = with maintainers; [ jb55 ]; 22 | license = licenses.mit; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /machines/archer/cogs-bot/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let cfg = extra.private; 4 | util = extra.util; 5 | import-scripts = extra.import-scripts; 6 | in 7 | { 8 | systemd.user.services.cogs-bot = { 9 | description = "cogs bot"; 10 | 11 | wantedBy = [ "default.target" ]; 12 | after = [ "default.target" ]; 13 | 14 | environment = { 15 | COGS_SHEET_ID="1lIluimJqBlGK1yRTmsekwUmk0_Wk0wD9VErUE8z6_dY"; 16 | }; 17 | 18 | serviceConfig.ExecStart = "${import-scripts}/bin/cogs-bot daily-check"; 19 | unitConfig.OnFailure = "notify-failed-user@%n.service"; 20 | 21 | startAt = "*-*-* 5:30:00"; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /machines/charon/networking/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | let 3 | openTCP = dev: port: '' 4 | ip46tables -A nixos-fw -i ${dev} -p tcp --dport ${toString port} -j nixos-fw-accept 5 | ''; 6 | in 7 | { 8 | networking.firewall.allowedTCPPorts = [ 22 443 80 12566 12788 5222 5269 ]; 9 | networking.firewall.trustedInterfaces = ["zt0"]; 10 | networking.domain = "jb55.com"; 11 | networking.search = [ "jb55.com" ]; 12 | networking.extraHosts = '' 13 | 127.0.0.1 jb55.com 14 | ::1 jb55.com 15 | ''; 16 | 17 | networking.firewall.extraCommands = '' 18 | ${openTCP "zt0" 993} 19 | ${openTCP "zt0" 143} 20 | ${openTCP "zt0" 587} 21 | ''; 22 | } 23 | -------------------------------------------------------------------------------- /services/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | { 4 | imports = [ 5 | ./footswitch 6 | ./fail-notifier 7 | ]; 8 | 9 | #services.mongodb.enable = true; 10 | #services.redis.enable = true; 11 | 12 | services.openssh.enable = true; 13 | services.openssh.passwordAuthentication = false; 14 | services.openssh.permitRootLogin = "no"; 15 | 16 | services.atd.enable = true; 17 | 18 | services.logrotate = { 19 | enable = true; 20 | config = '' 21 | dateext 22 | dateformat %Y-%m-%d. 23 | compresscmd ${pkgs.xz.bin}/bin/xz 24 | uncompresscmd ${pkgs.xz.bin}/bin/unxz 25 | compressext .xz 26 | ''; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /machines/archer/bandcamp-sales-bot/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let cfg = extra.private; 4 | in 5 | { 6 | systemd.services.bandcamp-sales-bot = { 7 | description = "bandcamp sales bot"; 8 | 9 | environment = { 10 | BANDCAMP_USER = cfg.bandcamp-user; 11 | BANDCAMP_PASS = cfg.bandcamp-pass; 12 | AWS_ACCESS_KEY_ID = cfg.aws_access_key; 13 | AWS_SECRET_ACCESS_KEY = cfg.aws_secret_key; 14 | }; 15 | 16 | serviceConfig.ExecStart = "${extra.import-scripts}/bin/bandcamp-sales-bot"; 17 | unitConfig.OnFailure = "notify-failed@%n.service"; 18 | 19 | # 3rd day of each month 20 | startAt = "*-*-03 8:30:00"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /machines/archer/youtube-sales-bot/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let cfg = extra.private; 4 | in 5 | { 6 | systemd.user.services.youtube-sales-bot = { 7 | description = "youtube sales bot"; 8 | 9 | wantedBy = [ "default.target" ]; 10 | after = [ "default.target" ]; 11 | 12 | serviceConfig.ExecStart = "${extra.import-scripts}/bin/youtube-sales-bot"; 13 | unitConfig.OnFailure = "notify-failed-user@%n.service"; 14 | 15 | # monthly, more than half way through the month. This is because YouTube 16 | # updates these sheets all the way up to at most half the month (highest 17 | # I've seen is ~15th) 18 | startAt = "*-*-20 10:24:00"; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /machines/archer/shopify-sales-bot/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let cfg = extra.private; 4 | util = extra.util; 5 | import-scripts = extra.import-scripts; 6 | in 7 | { 8 | systemd.user.services.shopify-sales-bot = { 9 | description = "shopify sales bot"; 10 | 11 | environment = { 12 | SHOPIFY_USER = extra.private.shopify-user; 13 | SHOPIFY_PASS = extra.private.shopify-pass; 14 | }; 15 | 16 | serviceConfig.ExecStart = "${import-scripts}/bin/shopify-sales-bot"; 17 | unitConfig.OnFailure = "notify-failed-user@%n.service"; 18 | 19 | # 20th is always before the earliest possible last wednesday (22nd) 20 | startAt = "*-*-20 8:30:00"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /machines/charon/nginx/pokemap.nix: -------------------------------------------------------------------------------- 1 | subdomain: port: '' 2 | server { 3 | listen 80; 4 | server_name ${subdomain}.jb55.com; 5 | root /www/jb55/public/maps; 6 | 7 | location /.well-known { 8 | try_files $uri $uri/ =404; 9 | } 10 | 11 | location / { 12 | return 301 https://${subdomain}.jb55.com$request_uri; 13 | } 14 | } 15 | 16 | server { 17 | listen 443; 18 | server_name ${subdomain}.jb55.com; 19 | 20 | ssl_certificate /etc/letsencrypt/live/${subdomain}.jb55.com/fullchain.pem; 21 | ssl_certificate_key /etc/letsencrypt/live/${subdomain}.jb55.com/privkey.pem; 22 | 23 | location / { 24 | proxy_pass http://localhost:${port}; 25 | } 26 | } 27 | 28 | '' 29 | -------------------------------------------------------------------------------- /services/mailz/opensmtpd.diff: -------------------------------------------------------------------------------- 1 | diff --git a/smtpd/smtp.c b/smtpd/smtp.c 2 | index 5f817be..a318b16 100644 3 | --- a/smtpd/smtp.c 4 | +++ b/smtpd/smtp.c 5 | @@ -161,6 +161,15 @@ smtp_setup_listeners(void) 6 | sizeof(opt)) < 0) 7 | fatal("smtpd: setsockopt"); 8 | #endif 9 | +#ifdef IPV6_V6ONLY 10 | + /* If using IPv6, bind only to IPv6 if possible. This avoids 11 | + ambiguities with IPv4-mapped IPv6 addresses. */ 12 | + if (l->ss.ss_family == AF_INET6) { 13 | + if (setsockopt(l->fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, 14 | + sizeof(opt)) < 0) 15 | + fatal("smtpd: setsockopt"); 16 | + } 17 | +#endif 18 | if (bind(l->fd, (struct sockaddr *)&l->ss, SS_LEN(&l->ss)) == -1) 19 | fatal("smtpd: bind"); 20 | } 21 | 22 | -------------------------------------------------------------------------------- /machines/archer/youtube-pub-sales-bot/default.nix: -------------------------------------------------------------------------------- 1 | 2 | extra: 3 | { config, lib, pkgs, ... }: 4 | let cfg = extra.private; 5 | in 6 | { 7 | systemd.user.services.youtube-pub-sales-bot = { 8 | description = "youtube publishing sales bot"; 9 | 10 | environment = { 11 | YOUTUBE_TYPE="publishing"; 12 | YOUTUBE_OWNER_ID="svBi-FFZiMepj02zaNfDNQ"; 13 | }; 14 | 15 | serviceConfig.ExecStart = "${extra.import-scripts}/bin/youtube-sales-bot"; 16 | unitConfig.OnFailure = "notify-failed-user@%n.service"; 17 | 18 | # monthly, more than half way through the month. This is because YouTube 19 | # updates these sheets all the way up to at most half the month (highest 20 | # I've seen is ~15th) 21 | startAt = "*-*-20 11:00:00"; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /nixpkgs/scripts/footswitch/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv, hidapi, fetchFromGitHub }: 2 | 3 | stdenv.mkDerivation rec { 4 | name = "footswitch-${version}"; 5 | version = "git-2015-06-23"; 6 | 7 | src = fetchFromGitHub { 8 | repo = "footswitch"; 9 | owner = "rgerganov"; 10 | rev = "cbb9091277a34adf236ee90e0f3895e35359051c"; 11 | sha256 = "0b5s8wccvk5825kplac6nzfqjzjfyml6qvk0qpf6md9dq0f9fy16"; 12 | }; 13 | 14 | makeFlags = "PREFIX=$(out)"; 15 | 16 | patches = [ ./patch.diff ]; 17 | 18 | buildInputs = [ hidapi ]; 19 | 20 | meta = with stdenv.lib; { 21 | description = "footswitch usb driver"; 22 | homepage = "https://github.com/rgerganov/footswitch"; 23 | maintainers = with maintainers; [ jb55 ]; 24 | license = licenses.mit; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /machines/archer/fail-notifier/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | { 3 | systemd.services."notify-failed@" = { 4 | description = "Job failure notifier"; 5 | 6 | serviceConfig.ExecStart = let script = pkgs.writeScript "failure-notifier" '' 7 | #!${pkgs.bash}/bin/bash 8 | 9 | UNIT=$1 10 | 11 | /var/setuid-wrappers/sendmail -t < 14 | Subject: $UNIT Failed 15 | Content-Transfer-Encoding: 8bit 16 | Content-Type: text/plain; charset=UTF-8 17 | 18 | $2 19 | $3 20 | $4 21 | 22 | $(systemctl status $UNIT) 23 | ERRMAIL 24 | ''; 25 | in "${script} %I 'Hostname: %H' 'Machine ID: %m' 'Boot ID: %b'"; 26 | 27 | }; 28 | 29 | } 30 | -------------------------------------------------------------------------------- /machines/charon/nginx/sites/wineparty.xyz: -------------------------------------------------------------------------------- 1 | 2 | server { 3 | listen 80; 4 | server_name www.wineparty.xyz; 5 | root /www/wineparty.xyz/public; 6 | index index.html index.htm; 7 | 8 | location / { 9 | try_files $uri $uri/ =404; 10 | } 11 | } 12 | 13 | server { 14 | listen 80; 15 | server_name wineparty.xyz; 16 | return 301 http://www.wineparty.xyz$request_uri; 17 | } 18 | 19 | server { 20 | listen 80; 21 | server_name pg-zero.wineparty.xyz; 22 | location / { 23 | proxy_pass http://localhost:3000; 24 | proxy_set_header Host $host; 25 | proxy_set_header X-Real-IP $remote_addr; 26 | } 27 | } 28 | 29 | server { 30 | listen 443 ssl; 31 | server_name wineparty.xyz www.wineparty.xyz; 32 | return 301 http://www.wineparty.xyz$request_uri; 33 | } 34 | -------------------------------------------------------------------------------- /machines/archer/tunecore-sales-bot/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | { 4 | systemd.user.services.tunecore-sales-bot = { 5 | description = "tc sales bot"; 6 | 7 | wantedBy = [ "default.target" ]; 8 | after = [ "default.target" ]; 9 | 10 | environment = { 11 | TUNECORE_USER = extra.private.tc-user; 12 | TUNECORE_PASS = extra.private.tc-pass; 13 | AWS_ACCESS_KEY_ID = extra.private.aws_access_key; 14 | AWS_SECRET_ACCESS_KEY = extra.private.aws_secret_key; 15 | }; 16 | 17 | serviceConfig.ExecStart = "${extra.import-scripts}/bin/tunecore-sales-bot daily-check"; 18 | unitConfig.OnFailure = "notify-failed@%n.service"; 19 | 20 | # monthly, first tuesday 21 | startAt = "Tue *-*-1..7 10:30:00"; 22 | }; 23 | } 24 | 25 | -------------------------------------------------------------------------------- /machines/archer/beatport-sales-bot/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let cfg = extra.private; 4 | util = extra.util; 5 | import-scripts = extra.import-scripts; 6 | in 7 | { 8 | systemd.user.services.shopify-sales-bot = { 9 | description = "beatport sales bot"; 10 | 11 | wantedBy = [ "default.target" ]; 12 | after = [ "default.target" ]; 13 | 14 | environment = { 15 | SHOPIFY_USER = extra.private.beatport-user; 16 | SHOPIFY_PASS = extra.private.beatport-pass; 17 | }; 18 | 19 | serviceConfig.ExecStart = "${import-scripts}/bin/beaport-sales-bot"; 20 | unitConfig.OnFailure = "notify-failed-user@%n.service"; 21 | 22 | # 20th is always before the earliest possible last wednesday (22nd) 23 | startAt = "*-*-20 7:30:00"; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /misc/dnsmasq-adblock.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | let 3 | adblock-hosts = pkgs.fetchurl { 4 | url = "https://jb55.com/s/ad-sources.txt"; 5 | sha256 = "d9e6ae17ecc41eb7021c0552548a1c8da97efbb61e3a750fb023674d01d81134"; 6 | }; 7 | dnsmasq-adblock = pkgs.fetchurl { 8 | url = "https://jb55.com/s/dnsmasq-ad-sources.txt"; 9 | sha256 = "3b34e565fb240c4ac1d261cb223bdc2d992fa755b5f6e981144e5b18f96f260d"; 10 | }; 11 | in 12 | { 13 | services.dnsmasq.enable = true; 14 | services.dnsmasq.resolveLocalQueries = false; 15 | services.dnsmasq.servers = ["1.1.1.1" "8.8.8.8"]; 16 | services.dnsmasq.extraConfig = '' 17 | addn-hosts=${adblock-hosts} 18 | conf-file=${dnsmasq-adblock} 19 | ''; 20 | } 21 | -------------------------------------------------------------------------------- /machines/charon/hardware/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | { 3 | imports = 4 | [ 5 | ]; 6 | boot.kernelParams = [ "console=ttyS0" ]; 7 | boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" "ata_piix" "virtio_pci" ]; 8 | boot.loader.grub.extraConfig = "serial; terminal_input serial; terminal_output serial"; 9 | boot.loader.grub.device = "/dev/sda"; 10 | 11 | fileSystems."/" = 12 | { device = "/dev/disk/by-uuid/98b261fa-4f9e-4e42-895b-91c17cf145b3"; 13 | fsType = "ext4"; 14 | }; 15 | 16 | fileSystems."/boot" = 17 | { device = "/dev/disk/by-uuid/b3c7ddd8-fa2f-41ea-b77f-b9a1f434b668"; 18 | fsType = "ext4"; 19 | }; 20 | 21 | swapDevices = 22 | [ { device = "/dev/disk/by-uuid/eb7f5cd4-6586-47f4-b4cd-c118e3521f17"; } 23 | ]; 24 | } 25 | -------------------------------------------------------------------------------- /nixpkgs/haskell-overrides/massager-service.nix: -------------------------------------------------------------------------------- 1 | { mkDerivation, base, bytestring, cassava, flexible-instances 2 | , http-types, payment, data-default, pipes, pipes-csv, stdenv, streaming 3 | , streaming-wai, text, unordered-containers, vector, wai, warp 4 | , word8 5 | }: 6 | with stdenv.lib; 7 | mkDerivation { 8 | pname = "massager-service"; 9 | version = "0.1.0"; 10 | src = /dropbox/projects/monstercat/haskell/massager-service; 11 | isLibrary = false; 12 | isExecutable = true; 13 | executableHaskellDepends = [ 14 | base bytestring data-default cassava flexible-instances http-types payment 15 | pipes pipes-csv streaming streaming-wai text unordered-containers 16 | vector wai warp word8 17 | ]; 18 | postInstall = '' 19 | cp -r parsers $out/bin 20 | ''; 21 | homepage = "https://phabricator.monstercat.com/diffusion/MASRV"; 22 | description = "Match csvs with Connect users and tracks"; 23 | license = stdenv.lib.licenses.mit; 24 | } 25 | -------------------------------------------------------------------------------- /machines/charon/nginx/sites/hearpress.com: -------------------------------------------------------------------------------- 1 | server { 2 | listen 443 ssl; 3 | server_name hearpress.com; 4 | root /www/hearpress.com/public; 5 | index index.html index.htm; 6 | 7 | ssl_certificate /var/lib/acme/hearpress.com/fullchain.pem; 8 | ssl_certificate_key /var/lib/acme/hearpress.com/key.pem; 9 | 10 | location @hearpress { 11 | proxy_pass http://localhost:3000$request_uri; 12 | } 13 | 14 | location / { 15 | try_files $uri $uri/ @hearpress; 16 | error_page 405 @hearpress; 17 | } 18 | 19 | location /blobs { 20 | resolver 8.8.8.8; 21 | proxy_pass https://hearpress.s3.amazonaws.com$request_uri; 22 | } 23 | } 24 | 25 | server { 26 | listen 80; 27 | server_name hearpress.com www.hearpress.com; 28 | 29 | location /.well-known/acme-challenge { 30 | root /var/www/challenges; 31 | } 32 | 33 | location / { 34 | return 301 https://hearpress.com$request_uri; 35 | } 36 | 37 | } 38 | 39 | server { 40 | listen 443 ssl; 41 | server_name www.hearpress.com; 42 | return 301 https://hearpress.com$request_uri; 43 | } 44 | -------------------------------------------------------------------------------- /nixpkgs/clipmenu/default.nix: -------------------------------------------------------------------------------- 1 | { clipnotify, makeWrapper, xsel, dmenu2, utillinux, gawk, stdenv, fetchFromGitHub, lib }: 2 | let 3 | makeBinPath = pkgs: lib.concatStringsSep ":" (map (pkg: "${lib.getBin pkg}/bin") pkgs); 4 | runtimePath = makeBinPath [ clipnotify xsel dmenu2 utillinux gawk ]; 5 | in 6 | stdenv.mkDerivation rec { 7 | name = "clipmenu-${version}"; 8 | version = "5.4.0"; 9 | 10 | src = fetchFromGitHub { 11 | owner = "cdown"; 12 | repo = "clipmenu"; 13 | rev = version; 14 | sha256 = "1qbpca0wny6i222vbikfl2znn3fynhbl4100qs8v4wn27ra5p0mi"; 15 | }; 16 | 17 | buildInputs = [ makeWrapper ]; 18 | 19 | installPhase = '' 20 | mkdir -p $out/bin 21 | cp clipdel clipmenu clipmenud $out/bin 22 | 23 | for bin in $out/bin/*; do 24 | wrapProgram "$bin" --prefix PATH : "${runtimePath}" 25 | done 26 | ''; 27 | 28 | meta = with stdenv.lib; { 29 | description = "Clipboard management using dmenu"; 30 | inherit (src.meta) homepage; 31 | maintainers = with maintainers; [ jb55 ]; 32 | license = licenses.publicDomain; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /nixpkgs/scripts/footswitch/patch.diff: -------------------------------------------------------------------------------- 1 | diff --git a/Makefile b/Makefile 2 | index e3e4814..6605e65 100644 3 | --- a/Makefile 4 | +++ b/Makefile 5 | @@ -1,5 +1,5 @@ 6 | -INSTALL = /usr/bin/install -c 7 | -INSTALLDATA = /usr/bin/install -c -m 644 8 | +INSTALL = install -D 9 | +INSTALLDATA = install -D -m 644 10 | PROGNAME = footswitch 11 | CFLAGS = -Wall 12 | UNAME := $(shell uname) 13 | @@ -7,11 +7,7 @@ ifeq ($(UNAME), Darwin) 14 | CFLAGS += -DOSX 15 | LDFLAGS = -lhidapi 16 | else 17 | - ifeq ($(UNAME), Linux) 18 | - LDFLAGS = `pkg-config hidapi-libusb --libs` 19 | - else 20 | - LDFLAGS = -lhidapi 21 | - endif 22 | +LDFLAGS = -lhidapi-hidraw 23 | endif 24 | 25 | all: $(PROGNAME) 26 | @@ -20,9 +16,9 @@ $(PROGNAME): $(PROGNAME).c common.h common.c debug.h debug.c 27 | $(CC) $(PROGNAME).c common.c debug.c -o $(PROGNAME) $(CFLAGS) $(LDFLAGS) 28 | 29 | install: all 30 | - $(INSTALL) $(PROGNAME) /usr/bin 31 | + $(INSTALL) $(PROGNAME) $(PREFIX)/bin/$(PROGNAME) 32 | ifeq ($(UNAME), Linux) 33 | - $(INSTALLDATA) 19-footswitch.rules /etc/udev/rules.d 34 | + $(INSTALLDATA) 19-footswitch.rules $(PREFIX)/etc/udev/rules.d 35 | endif 36 | 37 | clean: 38 | -------------------------------------------------------------------------------- /certs/flynn-dev.cer: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDAzCCAe2gAwIBAgIQRt44w0Dtmo6Kc0rZK/yGtzALBgkqhkiG9w0BAQswLTEO 3 | MAwGA1UEChMFRmx5bm4xGzAZBgNVBAsTEkZseW5uIEVwaGVtZXJhbCBDQTAeFw0x 4 | NjAxMTEyMzU4MTRaFw0yMTAxMDkyMzU4MTRaMC0xDjAMBgNVBAoTBUZseW5uMRsw 5 | GQYDVQQLExJGbHlubiBFcGhlbWVyYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB 6 | DwAwggEKAoIBAQC1vDwqPoUmwRepdUV1rs67c/vnDn8GaFoKyLY4OBrmsxMA/E9J 7 | yeTK5cfTmFK7YnMjBOg93PxYkQIL3viJhL04gKqZdVF3VTMdP0RNYLIT28qyoWbt 8 | bDfc/OMLDh8pNXtOovCuIIWkKkVJWPk+SA5a1Cj6755WU8faRJ58unUFK3AeurFs 9 | 5g7F+FZahzrGqYAZt6uN/er3OQlYWOueklMBkQBo26EPN9GX6wSJJyh+tlXXnIU7 10 | aGs+Y3za8Sf9aitEdZJ1++S7nunzfv6DHmT+qGLgKkeykWJp3pt01l2KfM99n4cu 11 | dTMY1sdI8xjc5bKb1N80xf39GZfCw5btzZctAgMBAAGjIzAhMA4GA1UdDwEB/wQE 12 | AwIABjAPBgNVHRMBAf8EBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEAOy5O7cME57bR 13 | BemhUY9tQrcxJOIu/Wzo6ccHxDzWMJ2aCPuFZGcCvflGKdYorVFDGq4qWAAISrRT 14 | 3j5gtfPgDxGlck17RdptM1PB6IM//1WwoZoKO6h6tRyXGjCQr7PvhBB9rWepZfyZ 15 | 8CxH6XZY3To0IdVfikXnSgWpFncpmlfl465fBERKkDRN0+5q51wlxPNsykQOzgjo 16 | giJySbYUD345vGDsVwAffwMnnE9xwGB9Xdoyd7AvAaXFmsYONGCb0+kaN4CZQYtR 17 | P1zau8J1jy5KAahfvMIWvih2aWqeqQpNQ9PfSsz5F2C76XvkxnkOicga9tuoJYgo 18 | luF0apj1Qg== 19 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /certs/flynn-prod.cer: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDAzCCAe2gAwIBAgIQWmzx7lHQxRCWh1Nm8gse2zALBgkqhkiG9w0BAQswLTEO 3 | MAwGA1UEChMFRmx5bm4xGzAZBgNVBAsTEkZseW5uIEVwaGVtZXJhbCBDQTAeFw0x 4 | NjAxMTIwMDI0MjdaFw0yMTAxMTAwMDI0MjdaMC0xDjAMBgNVBAoTBUZseW5uMRsw 5 | GQYDVQQLExJGbHlubiBFcGhlbWVyYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB 6 | DwAwggEKAoIBAQCn5f5K0iqK5ZtE2wjFnxD5hoMa3k9oyvkSflOO7tDyMi+zLyt3 7 | chvbccKcJLiYEWB5+RTu/JzmTNMejxh1toAglrrKTxqQ76t8oHDh0pD661rUELDQ 8 | I4a83Lh3A4JBY2IjFMSWHqSJjEK50HIUoPbkkIkRlBVpZP6n/c4Tgl43VTLiShFz 9 | RndX3PF3+Zxdilo4sIbFGKzw2Gq15qKuSV5P8FRpQMBC5uMAFaC2coxgdHZ0SclV 10 | m/te3f5L3Dg71dLXePqotlCBW89peoOBu3+n8v0IzMB0R4tMm5kT7kGVYWNN//Gf 11 | d4syJ7Q5mg2fWOdfOGiTOgZWw3OI/odn1TnPAgMBAAGjIzAhMA4GA1UdDwEB/wQE 12 | AwIABjAPBgNVHRMBAf8EBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEAAfEDAS/VW7q0 13 | xaWqjtr341h+VKAjLPjgMrrOIli52oco1q5UvYWa5EVSoVtU2NZwzstDOIrnD/2T 14 | +RG1gOdMA+FyRIeC6qmQ7An4Tim2O08TG18jGRHDMzoIi2s4ZSek989OT4ZvLMmX 15 | yIh4M1mNt3v2aSOVEYiUrZ0yibo1i6QgRJSgIJ/QSCCyR1suyKIcQIlYGSgIeA0s 16 | cPUbGhjj2T28oAZDVDPx7QdXRwLz07FAvrblL4mm4LnI/tjZ9Zy5xYqRdEl/Q0uu 17 | PLmE19PrMCXE3r2kS3z+EY2KKbaZyaoP5nkSdx5YI1re6jPp6snZsjyCW7uOpY2Z 18 | VjkJuS7sCQ== 19 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /environment/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | let jb55pkgs = import { inherit pkgs; }; 3 | kindle-send = pkgs.callPackage (pkgs.fetchFromGitHub { 4 | owner = "jb55"; 5 | repo = "kindle-send"; 6 | rev = "0.1.3"; 7 | sha256 = "18p8mn5qxq9blpa0d7yagiczd18inkpvfvh76vbkm42c5j86wqi3"; 8 | }) {}; 9 | myPackages = with jb55pkgs; [ 10 | csv-delim 11 | csv-scripts 12 | dbopen 13 | extname 14 | mandown 15 | snap 16 | sharefile 17 | samp 18 | kindle-send 19 | ]; 20 | myHaskellPackages = with pkgs.haskellPackages; [ 21 | #skeletons 22 | ]; 23 | in { 24 | environment.systemPackages = with pkgs; myHaskellPackages ++ myPackages ++ [ 25 | bat 26 | bc 27 | binutils 28 | dateutils 29 | file 30 | fzf 31 | gitAndTools.gitFull 32 | gnupg 33 | haskellPackages.una 34 | htop 35 | jq 36 | libqalculate 37 | lsof 38 | manpages 39 | network-tools 40 | parallel 41 | patchelf 42 | pv 43 | python 44 | ranger 45 | ripgrep 46 | rsync 47 | screen 48 | shellcheck 49 | unzip 50 | vim 51 | weechat 52 | wget 53 | zip 54 | zstd 55 | ]; 56 | } 57 | -------------------------------------------------------------------------------- /wayland/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | let 3 | url = "https://github.com/colemickens/nixpkgs-wayland/archive/master.tar.gz"; 4 | waylandOverlay = (import (builtins.fetchTarball url)); 5 | in 6 | { 7 | nixpkgs.overlays = [ waylandOverlay ]; 8 | programs.sway-beta.enable = false; 9 | programs.sway-beta.extraPackages = with pkgs; [ 10 | swayidle # used for controlling idle timeouts and triggers (screen locking, etc) 11 | swaylock # used for locking Wayland sessions 12 | 13 | waybar # polybar-alike 14 | i3status-rust # simpler bar written in Rust 15 | 16 | grim # screen image capture 17 | slurp # screen are selection tool 18 | mako # notification daemon 19 | wlstream # screen recorder 20 | oguri # animated background utility 21 | kanshi # dynamic display configuration helper 22 | redshift-wayland # patched to work with wayland gamma protocol 23 | rofi 24 | alacritty 25 | ]; 26 | 27 | environment.systemPackages = with pkgs; [ 28 | # other compositors/window-managers 29 | wayfire # 3D wayland compositor 30 | waybox # An openbox clone on Wayland 31 | bspwc # Wayland compositor based on BSPWM 32 | ]; 33 | } 34 | -------------------------------------------------------------------------------- /machines/archer/itunes-bots/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let util = extra.util; 4 | import-scripts = extra.import-scripts; 5 | countries = pkgs.fetchurl { 6 | url = "https://jb55.com/s/8536f14537bbb417.csv"; 7 | sha256 = "9c31690e31f5a26b12bc5a16d3a1508a06ac1d842e4a129868bc7aaf33358ab5"; 8 | }; 9 | in 10 | { 11 | systemd.user.services.itunes-sales-bot = { 12 | description = "itunes sales bot"; 13 | 14 | wantedBy = [ "default.target" ]; 15 | after = [ "default.target" ]; 16 | 17 | environment = { 18 | ISO_3166_COUNTRIES = countries; 19 | }; 20 | 21 | serviceConfig.ExecStart = "${import-scripts}/bin/itunes-sales-bot"; 22 | unitConfig.OnFailure = "notify-failed-user@%n.service"; 23 | 24 | # First tuesday of every month @ 1600 25 | startAt = "Tue *-*-1..7 11:30:00"; 26 | }; 27 | 28 | systemd.user.services.itunes-transaction-bot = { 29 | description = "itunes transaction bot"; 30 | 31 | wantedBy = [ "default.target" ]; 32 | after = [ "default.target" ]; 33 | 34 | serviceConfig.ExecStart = "${import-scripts}/bin/itunes-transaction-bot"; 35 | unitConfig.OnFailure = "notify-failed-user@%n.service"; 36 | 37 | # First tuesday of every month @11 38 | startAt = "Tue *-*-1..7 11:00:00"; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /nixpkgs/scripts/ical2org/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv, gawk, fetchurl }: 2 | stdenv.mkDerivation rec { 3 | name = "ical2org-${version}"; 4 | version = "15r1rq9xpjypij0bb89zrscm1wc5czljfyv47z68vmkhimr579az"; 5 | 6 | src = fetchurl { 7 | url = http://orgmode.org/worg/code/awk/ical2org.awk; 8 | sha256 = version; 9 | }; 10 | 11 | phases = [ "installPhase" ]; 12 | 13 | buildInputs = [ gawk ]; 14 | 15 | installPhase = '' 16 | mkdir -p $out/bin 17 | cp $src $out/bin/ical2org 18 | chmod +x $out/bin/ical2org 19 | substituteInPlace $out/bin/ical2org \ 20 | --replace "/usr/bin/awk" "${gawk}/bin/gawk" \ 21 | --replace "max_age = 7" "max_age = -1" \ 22 | --replace "condense = 0" "condense = 1" \ 23 | --replace "original = 1" "original = 0" \ 24 | --replace "preamble = 1" "preamble = 0" \ 25 | --replace 'author = "Eric S Fraga"' 'author = "William Casarin"' \ 26 | --replace 'emailaddress = "e.fraga@ucl.ac.uk"' 'emailaddress = "bill@casarin.me"' 27 | ''; 28 | 29 | meta = with stdenv.lib; { 30 | description = "Convert ical to org"; 31 | homepage = "http://orgmode.org/worg/org-tutorials/org-google-sync.html"; 32 | license = licenses.free; 33 | platforms = with platforms; linux ++ darwin ; 34 | maintainers = with maintainers; [ jb55 ]; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /machines/quiver/networking/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let 4 | chromecastIPs = [ "192.168.86.190" ]; 5 | iptables = "iptables -A nixos-fw"; 6 | openChromecast = ip: '' 7 | ${iptables} -p udp -s ${ip} -j nixos-fw-accept 8 | ${iptables} -p tcp -s ${ip} -j nixos-fw-accept 9 | ''; 10 | ipr = "${pkgs.iproute}/bin/ip"; 11 | writeBash = extra.util.writeBash; 12 | openTCP = dev: port: '' 13 | ip46tables -A nixos-fw -i ${dev} -p tcp --dport ${toString port} -j nixos-fw-accept 14 | ''; 15 | 16 | in 17 | { 18 | # workaround for starbucks blackholing 1.1.1.1 and 8.8.8.8 dns reqs 19 | #networking.nameservers = [ "172.24.242.111" ]; 20 | 21 | networking.extraHosts = '' 22 | 10.0.9.1 secure.datavalet.io 23 | 192.168.86.26 torrents.home. 24 | 172.24.242.111 securitycam.home. 25 | 24.244.54.234 wifisignon.shaw.ca 26 | ''; 27 | 28 | networking.wireless.userControlled.enable = true; 29 | 30 | networking.firewall.enable = true; 31 | networking.firewall.extraCommands = '' 32 | ${lib.concatStringsSep "\n\n" (map openChromecast chromecastIPs)} 33 | 34 | # home network nginx 35 | iptables -A nixos-fw -p tcp -s 192.168.86.0/24 -d 192.168.86.0/24 --dport 80 -j nixos-fw-accept 36 | 37 | ${openTCP "zt1" "9735"} 38 | ''; 39 | 40 | networking.firewall.allowedTCPPorts = [ 8333 ]; 41 | } 42 | -------------------------------------------------------------------------------- /machines/archer/hardware/default.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config, lib, pkgs, ... }: 5 | 6 | { 7 | imports = 8 | [ 9 | ]; 10 | 11 | boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_hcd" "firewire_ohci" "usb_storage" "usbhid" ]; 12 | boot.kernelModules = [ "kvm-intel" ]; 13 | boot.extraModulePackages = [ ]; 14 | boot.loader.grub.device = "/dev/sda"; 15 | 16 | fileSystems."/" = { 17 | device = "/dev/disk/by-uuid/4b076497-f2f8-4e3a-bd27-2874a4a0e361"; 18 | fsType = "ext4"; 19 | options = ["noatime" "nodiratime" "discard"]; 20 | }; 21 | 22 | fileSystems."/shares/turtlerock" = { 23 | device = "//192.168.1.66/Confidential\\040Share"; 24 | fsType = "cifs"; 25 | options = ["x-systemd.automount" "x-systemd.idle-timeout=1min" "username=bill" "password=connect123" "uid=1000" "gid=1000" "workgroup=WORKGROUP" "rw"]; 26 | }; 27 | 28 | fileSystems."/dropbox" = { 29 | device = "/dev/disk/by-label/vertex"; 30 | fsType = "ext4"; 31 | options = ["noatime" "nodiratime" "discard"]; 32 | }; 33 | 34 | # swapDevices = 35 | # [ { device = "/dev/disk/by-uuid/d4e4ae51-9179-439d-925b-8df42dd1bfc5"; } ] ; 36 | } 37 | -------------------------------------------------------------------------------- /machines/archer/backups/wiki.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let pubkey = pkgs.fetchurl { 4 | url = "https://jb55.com/pgp.txt"; 5 | sha256 = "012910961fb58b886fc44a8ebedba394240be4e17604703f3b094eef86d5aca5"; 6 | }; 7 | in 8 | { 9 | systemd.services.wiki-backup = { 10 | description = "Wiki backups"; 11 | 12 | environment = { 13 | AWS_ACCESS_KEY_ID = extra.private.aws_access_key; 14 | AWS_SECRET_ACCESS_KEY = extra.private.aws_secret_key; 15 | }; 16 | 17 | unitConfig.OnFailure = "notify-failed@%n.service"; 18 | startAt = "Sat *-*-* 02:57:00"; 19 | serviceConfig.ExecStart = extra.util.writeBash "wiki-backup" '' 20 | set -euo pipefail 21 | 22 | filename="Monstercat-wiki-$(date +%F-%H%M%z).tar.xz.gpg" 23 | 24 | ${pkgs.gnupg}/bin/gpg2 --import ${pubkey} || echo "already have key!" 25 | 26 | ${pkgs.gnutar}/bin/tar -cf - /var/lib/gitit \ 27 | | ${pkgs.pxz}/bin/pxz -T24 \ 28 | | ${pkgs.gnupg}/bin/gpg2 \ 29 | -e \ 30 | --compress-level 0 \ 31 | --yes \ 32 | --no-tty \ 33 | --output - \ 34 | -r 0x6D3E2004415AF4A3 \ 35 | | ${pkgs.awscli}/bin/aws s3 \ 36 | cp - \ 37 | "s3://data.monstercat.com/backups/wiki/$filename" 38 | 39 | ''; 40 | }; 41 | 42 | } 43 | -------------------------------------------------------------------------------- /nixpkgs/dotfiles.nix: -------------------------------------------------------------------------------- 1 | { pkgs 2 | , fetchFromGitHub 3 | , fetchurl 4 | , stdenv 5 | , writeScript 6 | , machineSessionCommands ? "" 7 | }: 8 | let 9 | dotfiles = pkgs.jb55-dotfiles; 10 | bgimg = fetchurl { 11 | url = "http://jb55.com/img/haskell-space.jpg"; 12 | sha256 = "e08d82e184f34e6a6596faa2932ea9699da9b9a4fbbd7356c344e9fb90473482"; 13 | }; 14 | impureSessionCommands = '' 15 | #!${pkgs.bash}/bin/bash 16 | '' + "\n" + machineSessionCommands; 17 | sessionCommands = '' 18 | #!${pkgs.bash}/bin/bash 19 | ${pkgs.feh}/bin/feh --bg-fill ${bgimg} 20 | ${pkgs.xlibs.xsetroot}/bin/xsetroot -cursor_name left_ptr 21 | 22 | gpg-connect-agent /bye 23 | GPG_TTY=$(tty) 24 | export GPG_TTY 25 | unset SSH_AGENT_PID 26 | export SSH_AUTH_SOCK="/run/user/1000/gnupg/S.gpg-agent.ssh" 27 | '' + "\n" + impureSessionCommands; 28 | xinitrc = writeScript "xinitrc" sessionCommands; 29 | xinitrc-refresh = writeScript "xinitrc-refresh" impureSessionCommands; 30 | in stdenv.mkDerivation rec { 31 | name = "jb55-config-${version}"; 32 | version = "git-2015-01-13"; 33 | 34 | phases = "installPhase"; 35 | 36 | installPhase = '' 37 | mkdir -p $out/bin 38 | echo "user config at '$out'" 39 | # ln -s "${dotfiles}" $out/dotfiles 40 | cp "${xinitrc}" $out/bin/xinitrc 41 | cp "${xinitrc-refresh}" $out/bin/xinitrc-refresh 42 | ln -s $out/bin/xinitrc $out/.xinitrc 43 | ''; 44 | } 45 | -------------------------------------------------------------------------------- /machines/charon/vidstats/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let cfg = extra.private.vidstats; 4 | videostats = (import (pkgs.fetchgit { 5 | url = "http://git.zero.jb55.com/edm-video-stats"; 6 | rev = "4514bd35d111257f71235fcb121cfbbc6c11eb15"; 7 | sha256 = "0sd26vvffk12a3ax98qlcd0kw7lgnszx9lxyqfya913qkgcyrzmb"; 8 | }) {}).package; 9 | client_secret = pkgs.fetchurl { 10 | name = "client_secret.json"; 11 | url = "http://git.zero.jb55.com/repos/?p=edm-video-stats;a=blob_plain;f=client_secret.json"; 12 | sha256 = "0i1kwq8zy1s1w7db3yh6687hyh44m5g5xrlxc425nfnl6hzl9187"; 13 | }; 14 | in 15 | { 16 | systemd.services.vidstats = { 17 | enable = true; 18 | 19 | description = "vidstats bot"; 20 | 21 | wantedBy = [ "multi-user.target" ]; 22 | after = [ "network-online.target" ]; 23 | 24 | environment = { 25 | GOOGLE_SHEET_ID = cfg.sheet_id; 26 | GOOGLE_API_KEY = cfg.api_key; 27 | VIDEOSTATS_RANGE = cfg.range; 28 | TOKEN_DIR = "/home/jb55/.config/edm/videostats/credentials"; 29 | VIDEOSTATS_STATS_RANGE = cfg.stats_range; 30 | CLIENT_SECRET = "${client_secret}"; 31 | }; 32 | 33 | serviceConfig.Type = "oneshot"; 34 | serviceConfig.ExecStart = "${videostats}/bin/video-stats"; 35 | 36 | unitConfig.OnFailure = "systemd-failure-emailer@%n.service"; 37 | 38 | startAt = "*-*-* 05:24:00"; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /services/pokemongo-map/requirements.nix: -------------------------------------------------------------------------------- 1 | # generated using pypi2nix tool (version: 1.3.0dev) 2 | # See more at: https://github.com/garbas/pypi2nix 3 | # 4 | # COMMAND: 5 | # pypi2nix -V 2.7 -r requirements.txt -E stdenv -E sqlite 6 | # 7 | 8 | { pkgs ? import {} 9 | }: 10 | 11 | let 12 | 13 | inherit (pkgs.stdenv.lib) fix' extends inNixShell; 14 | 15 | pythonPackages = pkgs.python27Packages; 16 | commonBuildInputs = with pkgs; [ sqlite ]; 17 | commonDoCheck = false; 18 | 19 | buildEnv = { pkgs ? {}, modules ? {} }: 20 | let 21 | interpreter = pythonPackages.python.buildEnv.override { 22 | extraLibs = (builtins.attrValues pkgs) ++ (builtins.attrValues modules); 23 | }; 24 | in { 25 | mkDerivation = pythonPackages.buildPythonPackage; 26 | interpreter = if inNixShell then interpreter.env else interpreter; 27 | overrideDerivation = drv: f: pythonPackages.buildPythonPackage (drv.drvAttrs // f drv.drvAttrs); 28 | pkgs_top_level = builtins.filter (x: !(builtins.hasAttr "top_level" x.passthru)) ( 29 | builtins.attrValues (builtins.removeAttrs pkgs ["__unfix__"])); 30 | inherit buildEnv pkgs modules; 31 | }; 32 | 33 | python = buildEnv {}; 34 | generated = import ./requirements_generated.nix { inherit pkgs python commonBuildInputs commonDoCheck; }; 35 | overrides = import ./requirements_override.nix { inherit pkgs python; }; 36 | 37 | python' = buildEnv { 38 | pkgs = fix' (extends overrides generated); 39 | }; 40 | 41 | in python' -------------------------------------------------------------------------------- /machines/archer/backups/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let pubkey = pkgs.fetchurl { 4 | url = "https://jb55.com/pgp.txt"; 5 | sha256 = "012910961fb58b886fc44a8ebedba394240be4e17604703f3b094eef86d5aca5"; 6 | }; 7 | in 8 | { 9 | systemd.services.postgresql-backup = { 10 | description = "PostgreSQL backups"; 11 | 12 | environment = { 13 | AWS_ACCESS_KEY_ID = extra.private.aws_access_key; 14 | AWS_SECRET_ACCESS_KEY = extra.private.aws_secret_key; 15 | }; 16 | 17 | unitConfig.OnFailure = "notify-failed@%n.service"; 18 | # Saturday morning? should be fine 19 | startAt = "Sat *-*-* 08:10:00"; 20 | serviceConfig.ExecStart = let script = pkgs.writeScript "postgresql-backup" '' 21 | #!${pkgs.bash}/bin/bash 22 | set -euo pipefail 23 | 24 | filename="Monstercat-pgdev-$(date +%F-%H%M%z).sql.xz.gpg" 25 | 26 | ${pkgs.gnupg}/bin/gpg2 --import ${pubkey} || echo "already have key!" 27 | 28 | ${pkgs.postgresql}/bin/pg_dump Monstercat \ 29 | | ${pkgs.pxz}/bin/pxz -T24 \ 30 | | ${pkgs.gnupg}/bin/gpg2 \ 31 | -e \ 32 | --compress-level 0 \ 33 | --yes \ 34 | --no-tty \ 35 | --output - \ 36 | -r 0x6D3E2004415AF4A3 \ 37 | | ${pkgs.awscli}/bin/aws s3 \ 38 | cp - \ 39 | "s3://data.monstercat.com/backups/pg-dev/$filename" 40 | 41 | ''; 42 | in "${script}"; 43 | }; 44 | 45 | } 46 | -------------------------------------------------------------------------------- /services/mailz/opensmtpd.nix: -------------------------------------------------------------------------------- 1 | { stdenv, fetchurl, autoconf, automake, libtool, bison 2 | , libasr, libevent, zlib, openssl, db, pam, cacert 3 | }: 4 | 5 | stdenv.mkDerivation rec { 6 | name = "opensmtpd-${version}"; 7 | version = "5.7.3p2"; 8 | 9 | nativeBuildInputs = [ autoconf automake libtool bison ]; 10 | buildInputs = [ libasr libevent zlib openssl db pam ]; 11 | 12 | src = fetchurl { 13 | url = "http://www.opensmtpd.org/archives/${name}.tar.gz"; 14 | sha256 = "0d2973008d0f66bebb84bed516be6c32617735241cc54dd26643529281a8e52b"; 15 | }; 16 | 17 | patches = [ ./proc_path.diff ]; 18 | 19 | configureFlags = [ 20 | "--sysconfdir=/etc" 21 | "--localstatedir=/var" 22 | "--with-mantype=doc" 23 | "--with-pam" 24 | "--without-bsd-auth" 25 | "--with-sock-dir=/run" 26 | "--with-privsep-user=smtpd" 27 | "--with-queue-user=smtpq" 28 | "--with-ca-file=/etc/ssl/certs/ca-certificates.crt" 29 | "--with-libevent-dir=${libevent}" 30 | "--enable-table-db" 31 | ]; 32 | 33 | installFlags = [ 34 | "sysconfdir=\${out}/etc" 35 | "localstatedir=\${TMPDIR}" 36 | ]; 37 | 38 | meta = { 39 | homepage = https://www.opensmtpd.org/; 40 | description = '' 41 | A free implementation of the server-side SMTP protocol as defined by 42 | RFC 5321, with some additional standard extensions 43 | ''; 44 | license = stdenv.lib.licenses.isc; 45 | platforms = stdenv.lib.platforms.linux; 46 | maintainers = [ stdenv.lib.maintainers.rickynils ]; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /machines/archer/backups/git.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let pubkey = pkgs.fetchurl { 4 | url = "https://jb55.com/pgp.txt"; 5 | sha256 = "012910961fb58b886fc44a8ebedba394240be4e17604703f3b094eef86d5aca5"; 6 | }; 7 | in 8 | { 9 | systemd.services.gitzero-backup = { 10 | description = "Git repo backups"; 11 | 12 | environment = { 13 | AWS_ACCESS_KEY_ID = extra.private.aws_access_key; 14 | AWS_SECRET_ACCESS_KEY = extra.private.aws_secret_key; 15 | }; 16 | 17 | unitConfig.OnFailure = "notify-failed@%n.service"; 18 | # Saturday morning? should be fine 19 | startAt = "*-*-* 03:57:00"; 20 | serviceConfig.ExecStart = let script = pkgs.writeScript "gitzero-backup" '' 21 | #!${pkgs.bash}/bin/bash 22 | set -euo pipefail 23 | 24 | filename="Monstercat-gitzero-$(date +%F-%H%M%z).tar.xz.gpg" 25 | 26 | ${pkgs.gnupg}/bin/gpg2 --import ${pubkey} || echo "already have key!" 27 | 28 | ${pkgs.gnutar}/bin/tar --exclude=/var/git/db-backup -cf - /var/git \ 29 | | ${pkgs.pxz}/bin/pxz -T24 \ 30 | | ${pkgs.gnupg}/bin/gpg2 \ 31 | -e \ 32 | --compress-level 0 \ 33 | --yes \ 34 | --no-tty \ 35 | --output - \ 36 | -r 0x6D3E2004415AF4A3 \ 37 | | ${pkgs.awscli}/bin/aws s3 \ 38 | cp - \ 39 | "s3://data.monstercat.com/backups/gitzero/$filename" 40 | 41 | ''; 42 | in "${script}"; 43 | }; 44 | 45 | } 46 | -------------------------------------------------------------------------------- /machines/quiver/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config, lib, pkgs, ... }: 5 | 6 | { 7 | imports = 8 | [ 9 | ]; 10 | 11 | boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; 12 | boot.kernelModules = [ "kvm-intel" "ledtrig_heartbeat" ]; 13 | #boot.kernelParams = [ "intel_pstate=nohwp" ]; 14 | boot.extraModulePackages = [ ]; 15 | 16 | boot.loader.grub.enable = true; 17 | boot.loader.grub.device = "nodev"; 18 | boot.loader.grub.efiSupport = true; 19 | boot.loader.efi.canTouchEfiVariables = true; 20 | 21 | boot.initrd.luks.devices = [ 22 | { name = "root"; 23 | device = "/dev/disk/by-uuid/ddb70a55-f123-461d-a4c1-a42a393b61fa"; 24 | preLVM = false; 25 | allowDiscards = true; 26 | } 27 | ]; 28 | 29 | fileSystems."/" = 30 | { device = "/dev/disk/by-uuid/a6670d72-9bdf-4c62-b397-d35c8c1356ef"; 31 | fsType = "ext4"; 32 | options = [ "noatime" "nodiratime" "discard" ]; 33 | }; 34 | 35 | fileSystems."/boot" = 36 | { device = "/dev/disk/by-uuid/4F4E-282E"; 37 | fsType = "vfat"; 38 | }; 39 | 40 | swapDevices = 41 | [ { device = "/dev/disk/by-uuid/699fec01-9969-4279-bc7c-8f64252e40b0"; } 42 | ]; 43 | 44 | nix.maxJobs = lib.mkDefault 4; 45 | powerManagement.cpuFreqGovernor = "powersave"; 46 | } 47 | -------------------------------------------------------------------------------- /services/fail-notifier/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | { 3 | systemd.services."notify-failed@" = { 4 | description = "Job failure notifier"; 5 | 6 | serviceConfig.ExecStart = let script = pkgs.writeScript "failure-notifier" '' 7 | #!${pkgs.bash}/bin/bash 8 | 9 | UNIT=$1 10 | 11 | /run/wrappers/bin/sendmail -f bill@monstercat.com -t < 14 | Subject: $UNIT Failed 15 | Content-Transfer-Encoding: 8bit 16 | Content-Type: text/plain; charset=UTF-8 17 | 18 | $2 19 | $3 20 | $4 21 | 22 | $(systemctl status $UNIT) 23 | ERRMAIL 24 | ''; 25 | in "${script} %I 'Hostname: %H' 'Machine ID: %m' 'Boot ID: %b'"; 26 | 27 | }; 28 | 29 | # todo: abstract 30 | systemd.user.services."notify-failed-user@" = { 31 | description = "Job failure notifier"; 32 | 33 | serviceConfig.ExecStart = let script = pkgs.writeScript "failure-notifier" '' 34 | #!${pkgs.bash}/bin/bash 35 | 36 | UNIT=$1 37 | 38 | /run/wrappers/bin/sendmail -f bill@monstercat.com -t < 41 | Subject: user $UNIT Failed 42 | Content-Transfer-Encoding: 8bit 43 | Content-Type: text/plain; charset=UTF-8 44 | 45 | $2 46 | $3 47 | $4 48 | 49 | $(systemctl --user status $UNIT) 50 | ERRMAIL 51 | ''; 52 | in "${script} %I 'Hostname: %H' 'Machine ID: %m' 'Boot ID: %b'"; 53 | 54 | }; 55 | 56 | } 57 | -------------------------------------------------------------------------------- /machines/quiver/timers/archer-cookies/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let 4 | util = extra.util; 5 | in 6 | { 7 | 8 | systemd.user.services.cookie-bot = { 9 | description = "copy cookies to archer"; 10 | 11 | wantedBy = [ "default.target" ]; 12 | after = [ "default.target" ]; 13 | 14 | path = with pkgs; [ openssh rsync ]; 15 | 16 | serviceConfig.ExecStart = util.writeBash "cp-cookies" '' 17 | export HOME=/home/jb55 18 | PTH=".config/chromium/Default/Cookies" 19 | rsync -av $HOME/$PTH archer:$PTH 20 | ''; 21 | unitConfig.OnFailure = "notify-failed-user@%n.service"; 22 | 23 | startAt = [ 24 | "*-*-20 09:24:00" # youtube bot is run on the 20th at 10:24:00 25 | "Tue *-*-1..7 15:00:00" # cookies for itunes bot on the first tuesday 26 | ]; 27 | }; 28 | 29 | systemd.user.services.cookie-bot-reminder = { 30 | description = "reminder to login"; 31 | 32 | wantedBy = [ "default.target" ]; 33 | after = [ "default.target" ]; 34 | 35 | serviceConfig.ExecStart = util.writeBash "cookie-reminder" '' 36 | /run/wrappers/bin/sendmail -f bill@monstercat.com < 40 | Subject: Reminder to log into YouTube cms 41 | 42 | I'll be doing an rsync from quiver tomorrow at 10:24 43 | 44 | Here's a link for your convenience: 45 | 46 | https://cms.youtube.com 47 | 48 | Cheers, 49 | THE COOKIE MONSTER 50 | EOF 51 | ''; 52 | unitConfig.OnFailure = "notify-failed-user@%n.service"; 53 | 54 | startAt = "*-*-19 10:24:00"; 55 | }; 56 | 57 | } 58 | -------------------------------------------------------------------------------- /machines/monad/hardware/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | { 3 | # fileSystems."/" = 4 | # { device = "/dev/disk/by-uuid/62518649-0872-49e2-a269-34975e314c6a"; 5 | # fsType = "ext4"; 6 | # }; 7 | 8 | # fileSystems."/" = 9 | # { device = "/dev/nvme0n1p1"; 10 | # fsType = "zfs"; 11 | #nixos-generate-config --root /mnt }; 12 | 13 | boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" ]; 14 | boot.kernelModules = [ "kvm-amd" ]; 15 | boot.extraModulePackages = [ ]; 16 | 17 | fileSystems."/" = 18 | { device = "znix/root/nixos"; 19 | fsType = "zfs"; 20 | }; 21 | 22 | fileSystems."/home" = 23 | { device = "znix/home"; 24 | fsType = "zfs"; 25 | }; 26 | 27 | fileSystems."/zbig" = 28 | { device = "zbig"; 29 | fsType = "zfs"; 30 | }; 31 | 32 | #fileSystems."/vr" = 33 | # { device = "/dev/disk/by-uuid/E234A89834A87169"; 34 | # fsType = "ntfs"; 35 | # }; 36 | 37 | #fileSystems."/sand" = 38 | # { device = "/dev/disk/by-uuid/2ee709b8-7e83-470f-91bc-d0b0ba59b945"; 39 | # fsType = "ext4"; 40 | # }; 41 | 42 | # fileSystems."/home/jb55/shares/will-vm/projects" = 43 | # { device = "//192.168.86.199/Users/jb55/projects"; 44 | # fsType = "cifs"; 45 | # options = ["username=jb55" "password=notsecurepw" "gid=100" "uid=1000"]; 46 | # }; 47 | 48 | #fileSystems."/home/jb55/.local/share/Steam/steamapps" = 49 | # { device = "/sand/data/SteamAppsLinux"; 50 | # fsType = "none"; 51 | # options = ["bind"]; 52 | # }; 53 | 54 | swapDevices = 55 | [ { device = "/dev/disk/by-uuid/d4e4ae51-9179-439d-925b-8df42dd1bfc5"; } 56 | ]; 57 | 58 | hardware.enableAllFirmware = true; 59 | 60 | boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/sda" ]; 61 | boot.supportedFilesystems = ["zfs"]; 62 | } 63 | -------------------------------------------------------------------------------- /nixpkgs/haskell-overrides/monstercat-backend.nix: -------------------------------------------------------------------------------- 1 | { Decimal 2 | , MissingH 3 | , aeson 4 | , async 5 | , attoparsec 6 | , base 7 | , bson 8 | , bytestring 9 | , conduit 10 | , data-default 11 | , failure 12 | , fetchgitPrivate 13 | , flexible 14 | , flexible-instances 15 | , ghc-prim 16 | , hashable 17 | , hashable-generics 18 | , lens 19 | , mkDerivation 20 | , mongoDB 21 | , mtl 22 | , persistent 23 | , persistent-mongoDB 24 | , persistent-template 25 | , pwstore-fast 26 | , safe 27 | , stdenv 28 | , template-haskell 29 | , text 30 | , time 31 | , transformers 32 | , unordered-containers 33 | , uuid 34 | , vector 35 | , word8 36 | }: 37 | 38 | with stdenv.lib; 39 | mkDerivation rec { 40 | pname = "monstercat-backend"; 41 | version = "1.1.0"; 42 | 43 | # todo: get fetchgitPrivate working 44 | 45 | src = fetchgitPrivate { 46 | url = "ssh://git@phabricator.monstercat.com/diffusion/HBACK/haskell-backend"; 47 | rev = "3e5ba112ca708e3ef036a26d03c632ee7507140e"; 48 | sha256 = "306c7a985135011066cfcf6611bc5c7e7386e7900f218209f534083beaaff4ba"; 49 | }; 50 | 51 | # src = /dropbox/projects/monstercat/haskell/monstercat-backend; 52 | 53 | buildDepends = [ 54 | Decimal 55 | MissingH 56 | aeson 57 | async 58 | attoparsec 59 | base 60 | bson 61 | bytestring 62 | conduit 63 | data-default 64 | failure 65 | flexible 66 | flexible-instances 67 | ghc-prim 68 | hashable 69 | lens 70 | mongoDB 71 | mtl 72 | persistent 73 | persistent-mongoDB 74 | persistent-template 75 | pwstore-fast 76 | safe 77 | template-haskell 78 | text 79 | time 80 | transformers 81 | unordered-containers 82 | uuid 83 | vector 84 | word8 85 | ]; 86 | 87 | description = "Monstercat backend database"; 88 | license = stdenv.lib.licenses.unfree; 89 | } 90 | -------------------------------------------------------------------------------- /services/hoogle/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | with lib; 4 | 5 | let 6 | 7 | cfg = config.services.hoogle; 8 | ghcWithHoogle = pkgs.haskellPackages.ghcWithHoogle; 9 | 10 | in { 11 | 12 | options.services.hoogle = { 13 | enable = mkOption { 14 | type = types.bool; 15 | default = false; 16 | example = true; 17 | description = '' 18 | Enable Hoogle to run a documentation server for a list of haskell packages 19 | ''; 20 | }; 21 | 22 | port = mkOption { 23 | type = types.int; 24 | default = 8080; 25 | description = '' 26 | Number of the port Hoogle will be listening to. 27 | ''; 28 | }; 29 | 30 | packages = mkOption { 31 | default = hp: []; 32 | example = "hp: with hp; [ text lens ]"; 33 | description = '' 34 | A function that takes a haskell package set and returns a list of 35 | packages from it. 36 | ''; 37 | }; 38 | 39 | haskellPackages = mkOption { 40 | description = "Which haskell package set to use."; 41 | example = "pkgs.haskell.packages.ghc704"; 42 | default = pkgs.haskellPackages; 43 | type = types.attrs; 44 | }; 45 | }; 46 | 47 | config = mkIf cfg.enable { 48 | systemd.services.hoogle = { 49 | description = "Hoogle Haskell documentation search"; 50 | wantedBy = [ "multi-user.target" ]; 51 | serviceConfig = { 52 | Restart = "always"; 53 | ExecStart = 54 | let env = cfg.haskellPackages.ghcWithHoogle cfg.packages; 55 | hoogleEnv = pkgs.buildEnv { 56 | name = "hoogleServiceEnv"; 57 | paths = [env]; 58 | }; 59 | in '' 60 | ${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port} 61 | ''; 62 | }; 63 | }; 64 | }; 65 | 66 | } 67 | -------------------------------------------------------------------------------- /timers/sync-ical2org.nix: -------------------------------------------------------------------------------- 1 | home: 2 | { config, lib, pkgs, ... }: 3 | let calendars = (import ../private.nix).calendars; 4 | calendarArgs = with pkgs.lib; 5 | let xs = mapAttrsToList (n: v: "'" + n + "=" + v.category + "=" + v.link + "'") calendars; 6 | in concatStringsSep " " xs; 7 | in { 8 | systemd.services.sync-ical2org = { 9 | description = "Sync gcal calendar to calendar.org"; 10 | serviceConfig = { 11 | Type = "oneshot"; 12 | ExecStart = let script = pkgs.writeScript "ical2org-auto" '' 13 | #!${pkgs.python35}/bin/python3 14 | import os 15 | import sys 16 | from urllib.request import urlopen 17 | import subprocess 18 | caldir = "${home}/var/ical2org" 19 | os.makedirs(caldir, exist_ok=True) 20 | cat = lambda n: b"#+CATEGORY: " + bytes(n, "utf-8") 21 | for arg in sys.argv[1:]: 22 | [name, category, link] = arg.split("=") 23 | ical = urlopen(link).read() 24 | fname = os.path.join(caldir, name + ".org") 25 | org = open(fname, "wb") 26 | icalfd = open(os.path.join(caldir, name + ".ical"), "wb") 27 | icalfd.write(ical) 28 | icalfd.close() 29 | # just download for now 30 | #proc = subprocess.Popen("${pkgs.ical2org}/bin/ical2org", 31 | # close_fds=True, 32 | # stdin=subprocess.PIPE, 33 | # stdout=subprocess.PIPE) 34 | #out, err = proc.communicate(ical) 35 | #org.write(out.replace(cat("google"), cat(category))) 36 | #org.close() 37 | ''; in "${script} ${calendarArgs}"; 38 | 39 | }; 40 | preStart = '' 41 | export SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" 42 | ''; 43 | restartIfChanged = false; 44 | startAt = "*:0/10"; 45 | }; 46 | } 47 | 48 | -------------------------------------------------------------------------------- /nixpkgs/haskell-overrides/payment.nix: -------------------------------------------------------------------------------- 1 | { mkDerivation 2 | , Decimal 3 | , MissingH 4 | , QuickCheck 5 | , aeson 6 | , aeson-pretty 7 | , ansi-wl-pprint 8 | , async 9 | , attoparsec 10 | , base 11 | , bytestring 12 | , cased 13 | , cassava 14 | , data-default 15 | , directory 16 | , errors 17 | , envy 18 | , fetchFromGitHub 19 | , fetchgitPrivate 20 | , filepath 21 | , flexible 22 | , flexible-instances 23 | , foldl 24 | , formatting 25 | , hashable 26 | , haskellPackages 27 | , keys 28 | , lens 29 | , lens-aeson 30 | , lifted-base 31 | , money 32 | , monstercat-backend 33 | , mtl 34 | , options 35 | , parsec 36 | , pipes 37 | , pipes-bytestring 38 | , pipes-csv 39 | , pipes-safe 40 | , random 41 | , safe 42 | , stdenv 43 | , syb 44 | , split 45 | , text 46 | , time 47 | , transformers 48 | , unordered-containers 49 | , uuid 50 | , yaml 51 | }: 52 | mkDerivation { 53 | pname = "payment"; 54 | version = "0.1.2"; 55 | src = /dropbox/projects/monstercat/haskell/massager; 56 | buildDepends = [ 57 | Decimal 58 | MissingH 59 | QuickCheck 60 | aeson 61 | aeson-pretty 62 | ansi-wl-pprint 63 | async 64 | attoparsec 65 | base 66 | bytestring 67 | cased 68 | cassava 69 | data-default 70 | directory 71 | errors 72 | envy 73 | filepath 74 | formatting 75 | split 76 | flexible 77 | flexible-instances 78 | foldl 79 | hashable 80 | keys 81 | lens 82 | lens-aeson 83 | lifted-base 84 | money 85 | monstercat-backend 86 | mtl 87 | options 88 | parsec 89 | pipes 90 | pipes-bytestring 91 | pipes-csv 92 | pipes-safe 93 | random 94 | safe 95 | syb 96 | text 97 | time 98 | transformers 99 | unordered-containers 100 | uuid 101 | yaml 102 | ]; 103 | license = stdenv.lib.licenses.bsd3; 104 | } 105 | -------------------------------------------------------------------------------- /services/footswitch/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | with lib; 4 | 5 | let 6 | 7 | cfg = config.services.footswitch; 8 | 9 | in { 10 | 11 | options.services.footswitch = { 12 | enable = mkOption { 13 | type = types.bool; 14 | default = false; 15 | example = true; 16 | description = "Enable foot switch"; 17 | }; 18 | 19 | enable-led = mkOption { 20 | type = types.bool; 21 | default = false; 22 | example = true; 23 | description = "Enable foot switch led"; 24 | }; 25 | 26 | led = mkOption { 27 | type = types.string; 28 | default = "input2::scrolllock"; 29 | example = "input2::scrolllock"; 30 | description = "/sys/class/leds/ to turn on when foot switch is pressed"; 31 | }; 32 | 33 | args = mkOption { 34 | type = types.string; 35 | default = "-m alt"; 36 | example = "-m ctrl"; 37 | description = "footswitch arguments"; 38 | }; 39 | 40 | }; 41 | 42 | config = mkIf cfg.enable { 43 | systemd.services.footswitch = { 44 | description = "Footswitch Setup"; 45 | 46 | wantedBy = [ "multi-user.target" ]; 47 | 48 | serviceConfig.Type = "oneshot"; 49 | serviceConfig.RemainAfterExit = "yes"; 50 | serviceConfig.ExecStart = "${pkgs.footswitch}/bin/footswitch ${cfg.args}"; 51 | }; 52 | 53 | 54 | systemd.services.footswitch-led = mkIf cfg.enable-led { 55 | description = "Footswitch LED"; 56 | 57 | wantedBy = [ "multi-user.target" ]; 58 | 59 | serviceConfig.Type = "simple"; 60 | serviceConfig.ExecStart = pkgs.writeScript "footswitch-led" '' 61 | #!${pkgs.bash}/bin/bash 62 | ${pkgs.evtest}/bin/evtest /dev/input/by-id/usb-RDing_FootSwitch1F1.-event-kbd | \ 63 | stdbuf -oL grep KEY_ | \ 64 | stdbuf -oL sed 's/.*value \(.\)$/\1/' | \ 65 | stdbuf -oL tr '2' '1' | \ 66 | while read x; do echo $x > /sys/class/leds/${cfg.led}/brightness; done 67 | ''; 68 | }; 69 | }; 70 | 71 | 72 | } 73 | -------------------------------------------------------------------------------- /machines/archer/payments-server/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let 4 | port = "8989"; 5 | monstercatpkgs = import {}; 6 | payments-server = monstercatpkgs.payments-server; 7 | payments-client = monstercatpkgs.payments-client; 8 | in 9 | { 10 | services.nginx.httpConfig = lib.mkIf config.services.nginx.enable '' 11 | server { 12 | listen 80; 13 | server_name payments.zero.monster.cat; 14 | root ${payments-client}/share; 15 | index index.html; 16 | 17 | location ^~ /api/ { 18 | proxy_pass http://localhost:${port}/; 19 | proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 20 | proxy_redirect off; 21 | proxy_buffering off; 22 | proxy_intercept_errors on; 23 | proxy_set_header Host $host; 24 | proxy_set_header X-Real-IP $remote_addr; 25 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 26 | } 27 | 28 | location / { 29 | try_files $uri $uri /index.html; 30 | } 31 | } 32 | ''; 33 | 34 | systemd.services.payments-server = { 35 | description = "Monstercat Payments Server"; 36 | 37 | wantedBy = [ "multi-user.target" ]; 38 | after = [ "network.target" "redis.service" "postgresql.service" ]; 39 | 40 | environment = with extra.private; { 41 | POSTGRES_USER = "jb55"; 42 | POSTGRES_PASSWORD = ""; 43 | POSTGRES_HOST = "db.zero.monster.cat"; 44 | POSTGRES_DATABASE = "Monstercat"; 45 | REDIS_URL = "redis://redis.zero.monster.cat:6379"; 46 | PORT = port; 47 | AWS_ACCESS_KEY = aws_access_key; 48 | AWS_PRIVATE_KEY = aws_secret_key; 49 | AWS_REGION = aws_region; 50 | AWS_BUCKET = aws_bucket; 51 | }; 52 | 53 | serviceConfig.ExecStart = "${payments-server}/bin/payments-server"; 54 | serviceConfig.Restart = "always"; 55 | unitConfig.OnFailure = "notify-failed@%n.service"; 56 | }; 57 | } 58 | -------------------------------------------------------------------------------- /services/pokemongo-map/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | with lib; 4 | let private = extra.private; 5 | foldAttr = lib.lists.fold (a: b: a // b) {}; 6 | foldMap = fn: foldAttr (map fn private.pokemaps); 7 | mkName = def: "pogom-${def.subdomain}"; 8 | mkOptions = def: { "${mkName def}" = { enable = mkEnableOption "PokemonGO-Map, ${def.subdomain}";}; }; 9 | mkService = def: mkIf config.services."${mkName def}".enable (services def); 10 | pythonEnv = import ./requirements.nix {}; 11 | pokemonMap = pkgs.fetchFromGitHub { 12 | owner = "jb55"; 13 | repo = "PokemonGo-Map"; 14 | rev = "a63721bfadc318b1f158f53e0cc532a4e16091ef"; 15 | sha256 = "11m8h38glpbm2va4xxjfsvpigfmmjf531w1db2nqfccnkw872k75"; 16 | }; 17 | services = def: { 18 | "${mkName def}" = { 19 | description = "PokemonGO-Map, ${def.subdomain}"; 20 | 21 | wantedBy = [ "multi-user.target" ]; 22 | 23 | environment = { 24 | AUTH_SERVICE = def.service; 25 | USERNAME = def.user; 26 | PASSWORD = def.pass; 27 | LOCATION = def.location; 28 | GMAPS_KEY = def.mapkey; 29 | STEP_COUNT = "5"; 30 | PORT = def.port; 31 | }; 32 | 33 | serviceConfig.Type = "simple"; 34 | serviceConfig.ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/db/pogom"; 35 | serviceConfig.ExecStart = pkgs.writeScript "run-pogom" '' 36 | #!${pkgs.bash}/bin/bash 37 | ${pythonEnv.interpreter}/bin/python ${pokemonMap}/runserver.py \ 38 | -a "$AUTH_SERVICE" \ 39 | -u "$USERNAME" \ 40 | -p "$PASSWORD" \ 41 | -l "$LOCATION" \ 42 | -st $STEP_COUNT \ 43 | -D /var/db/pogom/pogom-${def.subdomain}.db \ 44 | -wh "https://jb55.com/pogom" \ 45 | -H 0.0.0.0 \ 46 | -P $PORT \ 47 | -k $GMAPS_KEY 48 | ''; 49 | }; 50 | }; 51 | in { options.services = foldMap mkOptions; 52 | config.systemd.services = foldMap mkService; 53 | } 54 | -------------------------------------------------------------------------------- /environment/desktop/default.nix: -------------------------------------------------------------------------------- 1 | { userConfig, theme, icon-theme }: 2 | { config, lib, pkgs, ... }: 3 | let gtk2rc = pkgs.writeText "gtk2rc" '' 4 | gtk-icon-theme-name = "${icon-theme.name}" 5 | gtk-theme-name = "${theme.name}" 6 | 7 | binding "gtk-binding-menu" { 8 | bind "j" { "move-current" (next) } 9 | bind "k" { "move-current" (prev) } 10 | bind "h" { "move-current" (parent) } 11 | bind "l" { "move-current" (child) } 12 | } 13 | class "GtkMenuShell" binding "gtk-binding-menu" 14 | ''; 15 | clipmenu = pkgs.callPackage ../../nixpkgs/clipmenu {}; 16 | in { 17 | environment.variables = { 18 | LC_TIME="en_DK.UTF-8"; 19 | GDK_PIXBUF_MODULE_FILE = "${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache"; 20 | GTK2_RC_FILES = "${gtk2rc}:${theme.package}/share/themes/${theme.name}/gtk-2.0/gtkrc:$GTK2_RC_FILES"; 21 | GTK_EXEC_PREFIX = "${theme.package}"; 22 | GTK_IM_MODULE = "xim"; 23 | GTK_PATH = "${theme.package}:${pkgs.gtk3.out}"; 24 | GTK_THEME = "${theme.name}"; 25 | QT_STYLE_OVERRIDE = "GTK+"; 26 | }; 27 | 28 | environment.systemPackages = with pkgs; [ 29 | clipit 30 | clipmenu 31 | dmenu2 32 | dragon-drop 33 | dynamic-colors 34 | emacs 35 | feh 36 | gnome3.gnome-calculator 37 | gtk-engine-murrine 38 | icon-theme.package 39 | lastpass-cli 40 | libnotify 41 | msmtp 42 | muchsync 43 | notmuch 44 | pandoc 45 | pavucontrol 46 | qalculate-gtk 47 | qutebrowser 48 | rxvt_unicode-with-plugins 49 | shared_mime_info 50 | signal-desktop 51 | simplescreenrecorder 52 | skypeforlinux 53 | slock 54 | spotify 55 | texlive.combined.scheme-full 56 | theme.package 57 | twmn 58 | userConfig 59 | vlc 60 | w3m 61 | wmctrl 62 | x11vnc 63 | xautolock 64 | xbindkeys 65 | xclip 66 | xdotool 67 | xfce.thunar 68 | xlibs.xev 69 | xlibs.xmodmap 70 | xlibs.xset 71 | zathura 72 | ]; 73 | 74 | security.wrappers = { 75 | slock.source = "${pkgs.slock}/bin/slock"; 76 | }; 77 | } 78 | -------------------------------------------------------------------------------- /misc/git-server.nix: -------------------------------------------------------------------------------- 1 | { extra, config, pkgs }: 2 | let gitwebConf = pkgs.writeText "gitweb.conf" '' 3 | # path to git projects (.git) 4 | $projectroot = "${extra.git.projectroot}"; 5 | ''; 6 | gitweb-wrapper = pkgs.writeScript "gitweb.cgi" '' 7 | #!${pkgs.bash}/bin/bash 8 | export PERL5LIB=$PERL5LIB:${with pkgs.perlPackages; pkgs.lib.makePerlPath [ CGI HTMLParser ]} 9 | ${pkgs.perl}/bin/perl ${pkgs.git}/share/gitweb/gitweb.cgi 10 | ''; 11 | gitweb-theme = pkgs.fetchFromGitHub { 12 | owner = "kogakure"; 13 | repo = "gitweb-theme"; 14 | rev = "4305b3551551c470339c24a6567b1ac9e642ae54"; 15 | sha256 = "0gagy0jvqb3mc587b6yy8l9g5j5wqr2xlz128v6f01364cb7whmv"; 16 | }; 17 | in 18 | if config.services.fcgiwrap.enable then '' 19 | server { 20 | listen 80; 21 | server_name ${extra.host}; 22 | 23 | location = / { 24 | return 301 http://${extra.host}/repos/; 25 | } 26 | 27 | location = /repos { 28 | return 301 http://${extra.host}/repos/; 29 | } 30 | 31 | location / { 32 | # fcgiwrap is set up to listen on this host:port 33 | fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; 34 | include ${pkgs.nginx}/conf/fastcgi_params; 35 | fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend; 36 | 37 | client_max_body_size 0; 38 | 39 | # export all repositories under GIT_PROJECT_ROOT 40 | 41 | fastcgi_param GIT_HTTP_EXPORT_ALL ""; 42 | fastcgi_param GIT_PROJECT_ROOT ${extra.git.projectroot}; 43 | fastcgi_param PATH_INFO $uri; 44 | } 45 | 46 | location /repos/static { 47 | alias ${gitweb-theme}; 48 | } 49 | 50 | location /repos { 51 | include ${pkgs.nginx}/conf/fastcgi_params; 52 | gzip off; 53 | 54 | fastcgi_param GITWEB_CONFIG ${gitwebConf}; 55 | fastcgi_param SCRIPT_FILENAME ${gitweb-wrapper}; 56 | fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; 57 | } 58 | 59 | } 60 | '' else throw "fcgiwrap must be enabled to run git-server" 61 | -------------------------------------------------------------------------------- /machines/archer/nginx/git.nix: -------------------------------------------------------------------------------- 1 | 2 | { extra, config, pkgs }: 3 | let gitwebConf = pkgs.writeText "gitweb.conf" '' 4 | # path to git projects (.git) 5 | $projectroot = "${extra.git.projectroot}"; 6 | ''; 7 | gitweb-wrapper = pkgs.writeScript "gitweb.cgi" '' 8 | #!${pkgs.bash}/bin/bash 9 | export PERL5LIB=$PERL5LIB:${with pkgs.perlPackages; pkgs.lib.makePerlPath [ CGI HTMLParser ]} 10 | ${pkgs.perl}/bin/perl ${pkgs.git}/share/gitweb/gitweb.cgi 11 | ''; 12 | gitweb-theme = pkgs.fetchFromGitHub { 13 | owner = "kogakure"; 14 | repo = "gitweb-theme"; 15 | rev = "4305b3551551c470339c24a6567b1ac9e642ae54"; 16 | sha256 = "0gagy0jvqb3mc587b6yy8l9g5j5wqr2xlz128v6f01364cb7whmv"; 17 | }; 18 | giturl = "git.monster.cat"; 19 | in 20 | if config.services.fcgiwrap.enable then '' 21 | server { 22 | listen 80; 23 | server_name ${giturl}; 24 | 25 | location = / { 26 | return 301 http://${giturl}/repos/; 27 | } 28 | 29 | location = /repos { 30 | return 301 http://${giturl}/repos/; 31 | } 32 | 33 | location / { 34 | # fcgiwrap is set up to listen on this host:port 35 | fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; 36 | include ${pkgs.nginx}/conf/fastcgi_params; 37 | fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend; 38 | 39 | client_max_body_size 0; 40 | 41 | # export all repositories under GIT_PROJECT_ROOT 42 | 43 | fastcgi_param GIT_HTTP_EXPORT_ALL ""; 44 | fastcgi_param GIT_PROJECT_ROOT ${extra.git.projectroot}; 45 | fastcgi_param PATH_INFO $uri; 46 | } 47 | 48 | location /repos/static { 49 | alias ${gitweb-theme}; 50 | } 51 | 52 | location /add-repo { 53 | include ${pkgs.nginx}/conf/fastcgi_params; 54 | gzip off; 55 | 56 | fastcgi_param SCRIPT_FILENAME /var/git/mkrepod; 57 | fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; 58 | } 59 | 60 | location /repos { 61 | include ${pkgs.nginx}/conf/fastcgi_params; 62 | gzip off; 63 | 64 | fastcgi_param GITWEB_CONFIG ${gitwebConf}; 65 | fastcgi_param SCRIPT_FILENAME ${gitweb-wrapper}; 66 | fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; 67 | } 68 | 69 | } 70 | '' else "" 71 | -------------------------------------------------------------------------------- /machines/charon/sheetzen/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let port = "1080"; 4 | sname = "sheetzen.com"; 5 | sheetzen = (import (pkgs.fetchzip { 6 | url = "https://jb55.com/s/2d3e137102241acb.tgz"; 7 | sha256 = "00rha983ym6p0bsiz0wsxv750ppgcalvpas6wx790jp9awn5zxlb"; 8 | }) {}); 9 | in 10 | { 11 | services.nginx.httpConfig = lib.mkIf config.services.nginx.enable '' 12 | server { 13 | listen 80; 14 | server_name ${sname} www.${sname}; 15 | 16 | location /.well-known/acme-challenge { 17 | root /var/www/challenges; 18 | } 19 | 20 | location / { 21 | return 301 https://${sname}$request_uri; 22 | } 23 | } 24 | 25 | server { 26 | listen 443 ssl; 27 | server_name ${sname}; 28 | root ${sheetzen}/share/sheetzen/frontend; 29 | index index.html; 30 | 31 | ssl_certificate /var/lib/acme/${sname}/fullchain.pem; 32 | ssl_certificate_key /var/lib/acme/${sname}/key.pem; 33 | 34 | location = / { 35 | try_files index.html /index.html; 36 | } 37 | 38 | location / { 39 | try_files $uri $uri/ @proxy; 40 | } 41 | 42 | location @proxy { 43 | proxy_pass http://localhost:${port}; 44 | proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 45 | proxy_redirect off; 46 | proxy_buffering off; 47 | proxy_intercept_errors on; 48 | proxy_set_header Host $host; 49 | proxy_set_header X-Real-IP $remote_addr; 50 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 51 | } 52 | 53 | } 54 | ''; 55 | 56 | systemd.services.sheetzen = { 57 | enable = true; 58 | 59 | description = "sheetzen"; 60 | 61 | wantedBy = [ "multi-user.target" ]; 62 | after = [ "postgresql.target" ]; 63 | 64 | environment = { 65 | PGHOST = "127.0.0.1"; 66 | PGPORT = "5432"; 67 | PGUSER = "jb55"; 68 | PGPASS = ""; 69 | PGDATABASE = "sheetzen"; 70 | ENV = "Production"; 71 | JWT_KEYFILE = "${sheetzen}/share/sheetzen/credentials/token-key.json"; 72 | CREDENTIAL_PATH = "${sheetzen}/share/sheetzen/credentials/SocialTracker.json"; 73 | PORT = "${port}"; 74 | }; 75 | 76 | serviceConfig.ExecStart = "${sheetzen}/bin/sheetzend"; 77 | unitConfig.OnFailure = "systemd-failure-emailer@%n.service"; 78 | }; 79 | } 80 | -------------------------------------------------------------------------------- /machines/charon/nginx/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let sites = [./sites/jb55.com 4 | ./sites/npmrepo.com 5 | ./sites/wineparty.xyz 6 | ./sites/hearpress.com 7 | ]; 8 | logDir = "/var/log/nginx"; 9 | in { 10 | services.logrotate.config = '' 11 | ${logDir}/*.log { 12 | daily 13 | missingok 14 | rotate 52 15 | compress 16 | delaycompress 17 | notifempty 18 | # 20MB 19 | minsize 20971520 20 | create 640 root adm 21 | sharedscripts 22 | postrotate 23 | ${pkgs.procps}/bin/pkill -USR1 nginx 24 | endscript 25 | } 26 | ''; 27 | 28 | services.nginx = { 29 | enable = true; 30 | 31 | config = '' 32 | worker_processes 2; 33 | 34 | events { 35 | worker_connections 768; 36 | # multi_accept on; 37 | } 38 | ''; 39 | 40 | httpConfig = '' 41 | port_in_redirect off; 42 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 43 | ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 44 | ssl_prefer_server_ciphers on; 45 | 46 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) 47 | add_header Strict-Transport-Security max-age=15768000; 48 | 49 | sendfile on; 50 | tcp_nopush on; 51 | tcp_nodelay on; 52 | keepalive_timeout 65; 53 | types_hash_max_size 2048; 54 | # server_tokens off; 55 | proxy_buffering off; 56 | proxy_read_timeout 300s; 57 | expires off; 58 | default_type application/octet-stream; 59 | 60 | access_log ${logDir}/access.log; 61 | error_log ${logDir}/error.log; 62 | 63 | gzip on; 64 | gzip_disable "msie6"; 65 | 66 | server { 67 | listen 80 default_server; 68 | server_name ""; 69 | return 444; 70 | } 71 | 72 | ${lib.concatStringsSep "\n\n" (map builtins.readFile sites)} 73 | ''; 74 | }; 75 | } 76 | -------------------------------------------------------------------------------- /hardware/desktop/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | let 3 | kindle-opts = ["noatime" "user" "gid=100" "uid=1000" "utf8" "x-systemd.automount"]; 4 | in 5 | { 6 | boot.supportedFilesystems = ["ntfs" "exfat"]; 7 | 8 | services.hoogle = { 9 | enable = true; 10 | packages = pkgs.myHaskellPackages; 11 | haskellPackages = pkgs.haskellPackages; 12 | }; 13 | 14 | services.udev.extraRules = '' 15 | # ds4 16 | KERNEL=="uinput", MODE="0666" 17 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="054c", ATTRS{idProduct}=="05c4", MODE="0666" 18 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", KERNELS=="0005:054C:05C4.*", MODE="0666" 19 | 20 | # rtl-sdr 21 | SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2832", MODE="0666", SYMLINK+="rtl_sdr" 22 | 23 | # arduino 24 | SUBSYSTEM=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0043", MODE="0666", SYMLINK+="arduino" 25 | 26 | # vive hmd 27 | KERNEL=="hidraw*", ATTRS{idVendor}=="0bb4", ATTRS{idProduct}=="2c87", MODE="0666" 28 | 29 | # vive lighthouse 30 | KERNEL=="hidraw*", ATTRS{idVendor}=="28de", ATTRS{idProduct}=="2000", MODE="0666" 31 | 32 | # vive controller 33 | KERNEL=="hidraw*", ATTRS{idVendor}=="28de", ATTRS{idProduct}=="2101", MODE="0666" 34 | 35 | # vive audio 36 | KERNEL=="hidraw*", ATTRS{idVendor}=="0d8c", ATTRS{idProduct}=="0012", MODE="0666" 37 | ''; 38 | 39 | services.xserver.config = '' 40 | Section "InputClass" 41 | Identifier "Logitech M705" 42 | MatchIsPointer "yes" 43 | Option "AccelerationProfile" "-1" 44 | Option "ConstantDeceleration" "5" 45 | Option "AccelerationScheme" "none" 46 | Option "AccelSpeed" "-1" 47 | EndSection 48 | 49 | Section "InputClass" 50 | Identifier "Razer Razer DeathAdder 2013" 51 | MatchIsPointer "yes" 52 | Option "AccelerationProfile" "-1" 53 | Option "ConstantDeceleration" "5" 54 | Option "AccelerationScheme" "none" 55 | Option "AccelSpeed" "-1" 56 | EndSection 57 | ''; 58 | 59 | services.printing.drivers = [ pkgs.samsung-unified-linux-driver_4_01_17 ]; 60 | 61 | boot.blacklistedKernelModules = ["dvb_usb_rtl28xxu"]; 62 | fileSystems."/media/kindle" = 63 | { device = "/dev/kindle"; 64 | fsType = "vfat"; 65 | options = kindle-opts; 66 | }; 67 | 68 | fileSystems."/media/kindledx" = 69 | { device = "/dev/kindledx"; 70 | fsType = "vfat"; 71 | options = kindle-opts; 72 | }; 73 | 74 | hardware = { 75 | bluetooth.enable = true; 76 | pulseaudio = { 77 | package = pkgs.pulseaudioFull; 78 | enable = true; 79 | support32Bit = true; 80 | }; 81 | opengl.driSupport32Bit = true; 82 | opengl.driSupport = true; 83 | }; 84 | } 85 | -------------------------------------------------------------------------------- /machines/monad/bitcoin.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | { 3 | services.spruned = { 4 | enable = false; 5 | dataDir = "/zbig/spruned"; 6 | network = "mainnet"; 7 | extraArguments = "--debug"; 8 | }; 9 | 10 | services.bitcoind.networks = { 11 | mainnet = { 12 | dataDir = "/zbig/bitcoin"; 13 | extraConfig = '' 14 | txindex=1 15 | rpcuser=rpcuser 16 | rpcpassword=rpcpass 17 | rpcallowip=172.24.129.211 18 | rpcallowip=127.0.0.1 19 | rpcbind=172.24.242.111 20 | rpcbind=127.0.0.1 21 | rpcport=6532 22 | ''; 23 | }; 24 | 25 | testnet = { 26 | testnet = true; 27 | dataDir = "/zbig/bitcoin-testnet"; 28 | extraConfig = '' 29 | [test] 30 | txindex=1 31 | rpcuser=rpcuser 32 | rpcpassword=rpcpass 33 | rpcallowip=172.24.129.211 34 | rpcallowip=127.0.0.1 35 | rpcbind=172.24.242.111 36 | rpcbind=127.0.0.1 37 | rpcport=6533 38 | ''; 39 | }; 40 | }; 41 | 42 | services.clightning.networks = { 43 | testnet = { 44 | dataDir = "/home/jb55/.lightning"; 45 | 46 | config = '' 47 | fee-per-satoshi=9000 48 | bitcoin-rpcuser=rpcuser 49 | bitcoin-rpcpassword=rpcpass 50 | bitcoin-rpcconnect=127.0.0.1 51 | bitcoin-rpcport=6533 52 | bind-addr=0.0.0.0:9736 53 | announce-addr=24.84.152.187:9736 54 | network=testnet 55 | log-level=debug 56 | alias=bitsbacker.com 57 | rgb=ff0000 58 | ''; 59 | }; 60 | 61 | mainnet = { 62 | dataDir = "/home/jb55/.lightning-bitcoin"; 63 | 64 | config = '' 65 | bitcoin-rpcuser=rpcuser 66 | bitcoin-rpcpassword=rpcpass 67 | bitcoin-rpcconnect=127.0.0.1 68 | bitcoin-rpcport=6532 69 | fee-per-satoshi=900 70 | bind-addr=0.0.0.0:9735 71 | announce-addr=24.84.152.187:9735 72 | network=bitcoin 73 | log-level=debug 74 | alias=bitsbacker.com 75 | rgb=ff0000 76 | ''; 77 | }; 78 | }; 79 | 80 | systemd.user.services.clightning-testnet-rpc-tunnel = { 81 | description = "clightning testnet rpc tunnel"; 82 | wantedBy = [ "default.target" ]; 83 | after = [ "default.target" ]; 84 | 85 | serviceConfig.ExecStart = '' 86 | ${pkgs.socat}/bin/socat -d -d TCP-LISTEN:7879,fork,reuseaddr UNIX-CONNECT:/home/jb55/.lightning/lightning-rpc 87 | ''; 88 | }; 89 | 90 | systemd.user.services.clightning-rpc-tunnel = { 91 | description = "clightning mainnet rpc tunnel"; 92 | wantedBy = [ "default.target" ]; 93 | after = [ "default.target" ]; 94 | 95 | serviceConfig.ExecStart = '' 96 | ${pkgs.socat}/bin/socat -d -d TCP-LISTEN:7878,fork,reuseaddr UNIX-CONNECT:/home/jb55/.lightning-bitcoin/lightning-rpc 97 | ''; 98 | }; 99 | 100 | } 101 | -------------------------------------------------------------------------------- /services/mailz/proc_path.diff: -------------------------------------------------------------------------------- 1 | diff -Naur opensmtpd-5.7.1p1/smtpd/parse.y opensmtpd-5.7.1p1.patched/smtpd/parse.y 2 | --- opensmtpd-5.7.1p1/smtpd/parse.y 2015-06-30 10:13:34.000000000 +0200 3 | +++ opensmtpd-5.7.1p1.patched/smtpd/parse.y 2015-09-26 08:41:17.012472516 +0200 4 | @@ -2519,13 +2519,19 @@ 5 | { 6 | struct filter_conf *f; 7 | char *path; 8 | + const char *proc_path; 9 | 10 | if (dict_get(&conf->sc_filters, name)) { 11 | yyerror("filter \"%s\" already defined", name); 12 | return (NULL); 13 | } 14 | 15 | - if (asprintf(&path, "%s/filter-%s", PATH_LIBEXEC, prog) == -1) { 16 | + proc_path = getenv("OPENSMTPD_PROC_PATH"); 17 | + if (proc_path == NULL) { 18 | + proc_path = PATH_LIBEXEC; 19 | + } 20 | + 21 | + if (asprintf(&path, "%s/filter-%s", proc_path, prog) == -1) { 22 | yyerror("filter \"%s\" asprintf failed", name); 23 | return (0); 24 | } 25 | diff -Naur opensmtpd-5.7.1p1/smtpd/smtpd.c opensmtpd-5.7.1p1.patched/smtpd/smtpd.c 26 | --- opensmtpd-5.7.1p1/smtpd/smtpd.c 2015-06-30 10:13:34.000000000 +0200 27 | +++ opensmtpd-5.7.1p1.patched/smtpd/smtpd.c 2015-09-26 08:41:16.998472557 +0200 28 | @@ -854,6 +854,7 @@ 29 | char path[PATH_MAX]; 30 | char name[PATH_MAX]; 31 | char *arg; 32 | + char *proc_path; 33 | 34 | if (strlcpy(name, conf, sizeof(name)) >= sizeof(name)) { 35 | log_warnx("warn: %s-proc: conf too long", key); 36 | @@ -864,7 +865,12 @@ 37 | if (arg) 38 | *arg++ = '\0'; 39 | 40 | - if (snprintf(path, sizeof(path), PATH_LIBEXEC "/%s-%s", key, name) >= 41 | + proc_path = getenv("OPENSMTPD_PROC_PATH"); 42 | + if (proc_path == NULL) { 43 | + proc_path = PATH_LIBEXEC; 44 | + } 45 | + 46 | + if (snprintf(path, sizeof(path), "%s/%s-%s", proc_path, key, name) >= 47 | (ssize_t)sizeof(path)) { 48 | log_warn("warn: %s-proc: exec path too long", key); 49 | return (-1); 50 | diff -Naur opensmtpd-5.7.1p1/smtpd/table.c opensmtpd-5.7.1p1.patched/smtpd/table.c 51 | --- opensmtpd-5.7.1p1/smtpd/table.c 2015-06-30 10:13:34.000000000 +0200 52 | +++ opensmtpd-5.7.1p1.patched/smtpd/table.c 2015-09-26 08:41:17.005472536 +0200 53 | @@ -201,6 +201,7 @@ 54 | struct table_backend *tb; 55 | char buf[LINE_MAX]; 56 | char path[LINE_MAX]; 57 | + const char *proc_path; 58 | size_t n; 59 | struct stat sb; 60 | 61 | @@ -215,8 +216,14 @@ 62 | if (name && table_find(name, NULL)) 63 | fatalx("table_create: table \"%s\" already defined", name); 64 | 65 | + proc_path = getenv("OPENSMTPD_PROC_PATH"); 66 | + if (proc_path == NULL) { 67 | + proc_path = PATH_LIBEXEC; 68 | + } 69 | + 70 | if ((tb = table_backend_lookup(backend)) == NULL) { 71 | - if ((size_t)snprintf(path, sizeof(path), PATH_LIBEXEC "/table-%s", 72 | + if ((size_t)snprintf(path, sizeof(path), "%s/table-%s", 73 | + proc_path, 74 | backend) >= sizeof(path)) { 75 | fatalx("table_create: path too long \"" 76 | PATH_LIBEXEC "/table-%s\"", backend); 77 | -------------------------------------------------------------------------------- /machines/archer/nginx/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let sites = [ ]; 4 | logDir = "/var/log/nginx"; 5 | gitExtra = { 6 | git = { 7 | projectroot = "/var/git"; 8 | }; 9 | }; 10 | gitCfg = import ./git.nix { inherit config pkgs; extra = extra // gitExtra; }; 11 | hoogle = import ./hoogle.nix extra.ztip; 12 | nixserve = import ./nix-serve.nix extra; 13 | in { 14 | services.logrotate.config = '' 15 | ${logDir}/*.log { 16 | daily 17 | missingok 18 | rotate 52 19 | compress 20 | delaycompress 21 | notifempty 22 | # 20MB 23 | minsize 20971520 24 | create 640 root adm 25 | sharedscripts 26 | postrotate 27 | ${pkgs.procps}/bin/pkill -USR1 nginx 28 | endscript 29 | } 30 | ''; 31 | 32 | services.nginx = { 33 | enable = true; 34 | 35 | httpConfig = '' 36 | port_in_redirect off; 37 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 38 | ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 39 | ssl_prefer_server_ciphers on; 40 | 41 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) 42 | add_header Strict-Transport-Security max-age=15768000; 43 | 44 | sendfile on; 45 | tcp_nopush on; 46 | tcp_nodelay on; 47 | keepalive_timeout 65; 48 | types_hash_max_size 2048; 49 | client_max_body_size 6G; 50 | 51 | # server_tokens off; 52 | proxy_buffering off; 53 | proxy_read_timeout 300s; 54 | expires off; 55 | default_type application/octet-stream; 56 | 57 | access_log ${logDir}/access.log; 58 | error_log ${logDir}/error.log; 59 | 60 | gzip on; 61 | gzip_disable "msie6"; 62 | 63 | server { 64 | listen 80; 65 | server_name archer.zero.monster.cat; 66 | 67 | root /www/public; 68 | index index.html index.htm; 69 | 70 | location / { 71 | try_files $uri $uri/ =404; 72 | } 73 | } 74 | 75 | server { 76 | listen 80; 77 | server_name siren.zero.monster.cat; 78 | 79 | location / { 80 | include ${pkgs.nginx}/conf/fastcgi_params; 81 | gzip off; 82 | 83 | fastcgi_param SCRIPT_FILENAME /home/jb55/src/c/libsirenofshame/siren-rest.fcgi; 84 | fastcgi_param PATH_INFO $uri; 85 | fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; 86 | } 87 | } 88 | 89 | ${lib.concatStringsSep "\n\n" (map builtins.readFile sites)} 90 | 91 | ${gitCfg} 92 | ${hoogle} 93 | ''; 94 | }; 95 | } 96 | -------------------------------------------------------------------------------- /machines/monad/nginx/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let sites = [ ]; 4 | logDir = "/var/log/nginx"; 5 | gitExtra = { 6 | ztip = "172.24.172.226"; 7 | git = { 8 | projectroot = "/var/git"; 9 | }; 10 | host = "git.zero.jb55.com"; 11 | }; 12 | razornetExtra = { 13 | ztip = "172.29.172.226"; 14 | git = { 15 | projectroot = "/var/razorgit"; 16 | }; 17 | host = "git.razor.jb55.com"; 18 | }; 19 | gitCfg = extra.git-server { inherit config pkgs; extra = extra // gitExtra; }; 20 | razornetGit = extra.git-server { inherit config pkgs; extra = extra // razornetExtra; }; 21 | in { 22 | services.logrotate.config = '' 23 | ${logDir}/*.log { 24 | daily 25 | missingok 26 | rotate 52 27 | compress 28 | delaycompress 29 | notifempty 30 | # 20MB 31 | minsize 20971520 32 | create 640 root adm 33 | sharedscripts 34 | postrotate 35 | ${pkgs.procps}/bin/pkill -USR1 nginx 36 | endscript 37 | } 38 | ''; 39 | 40 | services.nginx = { 41 | enable = true; 42 | 43 | package = pkgs.nginx.override { 44 | modules = with pkgs.nginxModules; [ lua ]; 45 | }; 46 | 47 | user = "jb55"; 48 | 49 | config = '' 50 | worker_processes 2; 51 | 52 | events { 53 | worker_connections 768; 54 | # multi_accept on; 55 | } 56 | ''; 57 | 58 | httpConfig = '' 59 | port_in_redirect off; 60 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 61 | ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 62 | ssl_prefer_server_ciphers on; 63 | 64 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) 65 | add_header Strict-Transport-Security max-age=15768000; 66 | 67 | sendfile on; 68 | tcp_nopush on; 69 | tcp_nodelay on; 70 | keepalive_timeout 65; 71 | types_hash_max_size 2048; 72 | # server_tokens off; 73 | proxy_buffering off; 74 | proxy_read_timeout 300s; 75 | expires off; 76 | default_type application/octet-stream; 77 | 78 | access_log ${logDir}/access.log; 79 | error_log ${logDir}/error.log; 80 | 81 | gzip on; 82 | gzip_disable "msie6"; 83 | 84 | server { 85 | listen 80 default_server; 86 | server_name _; 87 | root /www/public; 88 | index index.html index.htm; 89 | location / { 90 | try_files $uri $uri/ =404; 91 | } 92 | } 93 | 94 | ${gitCfg} 95 | 96 | ${razornetGit} 97 | ''; 98 | }; 99 | } 100 | -------------------------------------------------------------------------------- /configuration.nix: -------------------------------------------------------------------------------- 1 | # Edit this configuration file to define what should be installed on 2 | # your system. Help is available in the configuration.nix(5) man page 3 | # and in the NixOS manual (accessible by running ‘nixos-help’). 4 | 5 | { config, pkgs, ... }: 6 | 7 | let machine = "quiver"; 8 | isDesktop = true; 9 | machinePath = p: let m = "/" + machine; 10 | in ./machines + m + p; 11 | machineConfig = import (machinePath "/config") pkgs; 12 | userConfig = pkgs.callPackage ./nixpkgs/dotfiles.nix { 13 | machineSessionCommands = machineConfig.sessionCommands; 14 | }; 15 | extra = { 16 | git-server = import ./misc/git-server.nix; 17 | util = import ./misc/util.nix { inherit pkgs; }; 18 | private = import ./private.nix; 19 | machine = machineConfig; 20 | }; 21 | util = extra.util; 22 | caches = [ "https://cache.nixos.org" ]; 23 | zsh = "${pkgs.zsh}/bin/zsh"; 24 | composeKey = if machine == "quiver" then "ralt" else "rwin"; 25 | nixpkgsConfig = import ./nixpkgs/config.nix; 26 | home = "/home/jb55"; 27 | isDark = false; 28 | theme = if isDark then { 29 | package = pkgs.theme-vertex; 30 | name = "Vertex-Dark"; 31 | } 32 | else { 33 | package = pkgs.arc-theme; 34 | name = "Arc"; 35 | }; 36 | icon-theme = { 37 | package = pkgs.numix-icon-theme; 38 | name = "Numix"; 39 | }; 40 | user = { 41 | name = "jb55"; 42 | group = "users"; 43 | uid = 1000; 44 | extraGroups = [ "wheel" "dialout" ]; 45 | createHome = true; 46 | openssh.authorizedKeys.keys = [ 47 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAvMdnEEAd/ZQM+pYp6ZYG/1NPE/HSwIKoec0/QgGy4UlO0EvpWWhxPaV0HlNUFfwiHE0I2TwHc+KOKcG9jcbLAjCk5rvqU7K8UeZ0v/J83bQh78dr4le09WLyhczamJN0EkNddpCyUqIbH0q3ISGPmTiW4oQniejtkdJPn2bBwb3Za8jLzlh2UZ/ZJXhKvcGjQ/M1+fBmFUwCp5Lpvg0XYXrmp9mxAaO+fxY32EGItXcjYM41xr/gAcpmzL5rNQ9a9YBYFn2VzlpL+H7319tgdZa4L57S49FPQ748paTPDDqUzHtQD5FEZXe7DZZPZViRsPc370km/5yIgsEhMPKr jb55" 48 | ]; 49 | home = home; 50 | shell = zsh; 51 | }; 52 | in { 53 | imports = 54 | [ # Include the results of the hardware scan. 55 | ./hardware-configuration.nix 56 | ./certs 57 | (import ./services extra) 58 | ./environment 59 | (import ./networking machine) 60 | (import (machinePath "") extra) 61 | ] ++ (if isDesktop then [ 62 | ./hardware/desktop 63 | #./wayland 64 | ./fonts 65 | (import ./environment/desktop { inherit userConfig theme icon-theme; }) 66 | (import ./services/desktop { inherit extra util composeKey userConfig theme icon-theme; }) 67 | ] else []); 68 | 69 | # Use the GRUB 2 boot loader. 70 | boot.loader.grub.enable = true; 71 | 72 | systemd.extraConfig = '' 73 | DefaultTimeoutStopSec=10s 74 | DefaultTimeoutStartSec=20s 75 | ''; 76 | 77 | documentation.nixos.enable = false; 78 | 79 | programs.ssh.startAgent = true; 80 | 81 | time.timeZone = "America/Vancouver"; 82 | 83 | nixpkgs.config = nixpkgsConfig; 84 | 85 | nix.useSandbox = machine != "charon"; 86 | nix.trustedUsers = [ "root" "jb55" ]; 87 | 88 | users.extraUsers.jb55 = user; 89 | users.extraGroups.docker.members = [ "jb55" ]; 90 | 91 | users.defaultUserShell = zsh; 92 | users.mutableUsers = true; 93 | 94 | i18n.consoleUseXkbConfig = true; 95 | 96 | programs.zsh.enable = true; 97 | } 98 | -------------------------------------------------------------------------------- /machines/monad/networking/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let 4 | chromecastIP = "192.168.86.190"; 5 | iptables = "iptables -A nixos-fw"; 6 | ipr = "${pkgs.iproute}/bin/ip"; 7 | writeBash = extra.util.writeBash; 8 | transmission-dir = "/zbig/torrents"; 9 | download-dir = "${transmission-dir}/Downloads"; 10 | openTCP = dev: port: '' 11 | ip46tables -A nixos-fw -i ${dev} -p tcp --dport ${toString port} -j nixos-fw-accept 12 | ''; 13 | 14 | in 15 | { 16 | networking.hostId = extra.machine.hostId; 17 | 18 | networking.firewall.trustedInterfaces = ["zt1"]; 19 | networking.firewall.allowedTCPPorts = [ 5432 9735 9736 80 53 ]; 20 | networking.firewall.allowedUDPPorts = [ 53 ]; 21 | 22 | networking.firewall.extraCommands = '' 23 | ${openTCP "ztrtaygmfr" 6533} 24 | ${openTCP "ztrtaygmfr" 6532} 25 | ${openTCP "ztrtaygmfr" 7878} 26 | ${openTCP "ztrtaygmfr" 7879} 27 | ''; 28 | 29 | services.transmission = { 30 | enable = true; 31 | home = transmission-dir; 32 | settings = { 33 | incomplete-dir-enable = true; 34 | rpc-whitelist = "127.0.0.1"; 35 | }; 36 | 37 | port = 14325; 38 | }; 39 | 40 | services.plex = { 41 | enable = false; 42 | group = "transmission"; 43 | openFirewall = true; 44 | }; 45 | 46 | services.nginx.httpConfig = lib.mkIf config.services.transmission.enable '' 47 | server { 48 | listen 80; 49 | listen ${extra.machine.ztip}:80; 50 | listen 192.168.86.26; 51 | 52 | # server names for this server. 53 | # any requests that come in that match any these names will use the proxy. 54 | server_name plex.jb55.com plez.jb55.com media.home plex.home; 55 | 56 | # this is where everything cool happens (you probably don't need to change anything here): 57 | location / { 58 | # if a request to / comes in, 301 redirect to the main plex page. 59 | # but only if it doesn't contain the X-Plex-Device-Name header 60 | # this fixes a bug where you get permission issues when accessing the web dashboard 61 | 62 | if ($http_x_plex_device_name = \'\') { 63 | rewrite ^/$ http://$http_host/web/index.html; 64 | } 65 | 66 | # set some headers and proxy stuff. 67 | proxy_set_header X-Real-IP $remote_addr; 68 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 69 | proxy_redirect off; 70 | 71 | # include Host header 72 | proxy_set_header Host $http_host; 73 | 74 | # proxy request to plex server 75 | proxy_pass http://127.0.0.1:32400; 76 | } 77 | } 78 | 79 | server { 80 | listen 80; 81 | listen ${extra.machine.ztip}:80; 82 | listen 192.168.86.26; 83 | server_name torrents.jb55.com torrentz.jb55.com torrents.home torrent.home; 84 | 85 | location /download { 86 | alias ${download-dir}; 87 | autoindex on; 88 | } 89 | 90 | location / { 91 | proxy_read_timeout 300; 92 | proxy_pass_header X-Transmission-Session-Id; 93 | proxy_set_header X-Forwarded-Host $host; 94 | proxy_set_header X-Forwarded-Server $host; 95 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 96 | proxy_pass http://127.0.0.1:${toString config.services.transmission.port}/transmission/web/; 97 | } 98 | 99 | location /rpc { 100 | proxy_pass http://127.0.0.1:${toString config.services.transmission.port}/transmission/rpc; 101 | } 102 | 103 | location /upload { 104 | proxy_pass http://127.0.0.1:${toString config.services.transmission.port}/transmission/upload; 105 | } 106 | } 107 | ''; 108 | 109 | } 110 | -------------------------------------------------------------------------------- /misc/imap-notifier/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let notify = pkgs.callPackage (pkgs.fetchFromGitHub { 4 | owner = "jb55"; 5 | repo = "imap-notify"; 6 | rev = "c0936c0bb4b7e283bbfeccdbac77f4cb50f71b3b"; 7 | sha256 = "19vadvnkg6bjp1607nlawdx1x07xnbbx7bgk66rbwrs4vhkvarkg"; 8 | }) {}; 9 | penv = pkgs.python2.withPackages (ps: with ps; [ dbus-python pygobject2 ]); 10 | awake-from-sleep-fetcher = pkgs.writeScript "awake-from-sleep-fetcher" '' 11 | #!${penv}/bin/python2 -u 12 | 13 | import dbus 14 | import datetime 15 | import gobject 16 | import os 17 | from dbus.mainloop.glib import DBusGMainLoop 18 | 19 | def start_home(): 20 | print("starting email fetcher") 21 | os.system("systemctl restart --user email-fetcher") 22 | 23 | def handle_sleep_callback(sleeping): 24 | if not sleeping: 25 | # awoke from sleep 26 | start_home() 27 | 28 | DBusGMainLoop(set_as_default=True) # integrate into main loob 29 | bus = dbus.SystemBus() # connect to dbus system wide 30 | bus.add_signal_receiver( # defince the signal to listen to 31 | handle_sleep_callback, # name of callback function 32 | 'PrepareForSleep', # signal name 33 | 'org.freedesktop.login1.Manager', # interface 34 | 'org.freedesktop.login1' # bus name 35 | ) 36 | 37 | loop = gobject.MainLoop() # define mainloop 38 | loop.run() 39 | ''; 40 | 41 | notifier = user: pass: cmd: host: extra.util.writeBash "notifier" '' 42 | set -e 43 | 44 | arg="${host}" 45 | host=''${arg:-8.8.8.8} 46 | 47 | # wait for connectivity 48 | until /var/run/wrappers/bin/ping -c1 $host &>/dev/null; do :; done 49 | 50 | # run it once first in case we missed any from lost connectivity 51 | ${cmd} || : 52 | ${notify}/bin/imap-notify ${user} ${pass} ${cmd} ${host} 53 | ''; 54 | in 55 | with extra; { 56 | systemd.user.services.email-fetcher = { 57 | enable = true; 58 | description = "email fetcher"; 59 | 60 | environment = { 61 | IMAP_ALLOW_UNAUTHORIZED = "0"; 62 | IMAP_NOTIFY_PORT = "12788"; 63 | }; 64 | 65 | path = with pkgs; [ twmn eject utillinux muchsync notmuch bash openssh ]; 66 | 67 | serviceConfig.Type = "simple"; 68 | serviceConfig.Restart = "always"; 69 | serviceConfig.ExecStart = 70 | let cmd = util.writeBash "email-fetcher" '' 71 | set -e 72 | export HOME=/home/jb55 73 | export DATABASEDIR=$HOME/mail/personal 74 | 75 | notify() { 76 | c=$(notmuch --config /home/jb55/.notmuch-config-personal count 'tag:inbox and not tag:filed and not tag:noise') 77 | if [ -f ~/var/notify/home ] && [ "$c" -gt 0 ]; then 78 | twmnc -i new_email -c p -s 32 --pos top_left 79 | fi 80 | } 81 | 82 | ( 83 | flock -x -w 100 200 || exit 1 84 | muchsync -C ~/.notmuch-config-personal notmuch 85 | notify 86 | ) 200>/tmp/email-notify.lock 87 | ''; 88 | in notifier "jb55@jb55.com" private.personal-email-pass cmd "jb55.com"; 89 | }; 90 | 91 | systemd.user.services.awake-from-sleep-fetcher = { 92 | enable = true; 93 | description = ""; 94 | 95 | path = with pkgs; [ systemd ]; 96 | 97 | wantedBy = [ "default.target" ]; 98 | after = [ "default.target" ]; 99 | 100 | serviceConfig.ExecStart = "${awake-from-sleep-fetcher}"; 101 | }; 102 | 103 | } 104 | -------------------------------------------------------------------------------- /fonts/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | let mkfont = n: lesrc: 3 | pkgs.stdenv.mkDerivation rec { 4 | name = "${n}-${version}"; 5 | src = pkgs.fetchurl lesrc; 6 | version = "1.0"; 7 | phases = ["installPhase"]; 8 | 9 | installPhase = '' 10 | mkdir -p $out/share/fonts/${n} 11 | cp -v ${src} $out/share/fonts/${n} 12 | ''; 13 | }; 14 | aldrich = 15 | mkfont "aldrich" { 16 | url = "https://jb55.com/s/bef303d9e370f941.ttf"; 17 | sha256 = "ecc2fbf1117eed2d0b1bf32ee8624077577d568f1c785699353416b67b519227"; 18 | }; 19 | VarelaRound-Regular = 20 | mkfont "VarelaRound-Regular" { 21 | url = "https://jb55.com/s/c8bbd8415dea995f.ttf"; 22 | sha256 = "c4327a38270780eb03d305de3514de62534262c73f9e7235eea6ce26904c2dc5"; 23 | }; 24 | Bookerly-Regular = 25 | mkfont "Bookerly-Regular" { 26 | url = "https://jb55.com/s/Bookerly-Regular.ttf"; 27 | sha256 = "1db94d4ab763f812b3fe505c02cdeb0927251c118cc65322be23eb93a70eafd7"; 28 | }; 29 | Bookerly-RegularItalic = 30 | mkfont "Bookerly-RegularItalic" { 31 | url = "https://jb55.com/s/Bookerly-RegularItalic.ttf"; 32 | sha256 = "6e364837e08fa89c0fed287a13c7149567ab5657847f666e45e523ecc9c7820b"; 33 | }; 34 | Bookerly-Bold = 35 | mkfont "Bookerly-Bold" { 36 | url = "https://jb55.com/s/Bookerly-Bold.ttf"; 37 | sha256 = "367a28ceb9b2c79dbe5956624f023a54219d89f31d6d2e81e467e202273d40da"; 38 | }; 39 | Bookerly-BoldItalic = 40 | mkfont "Bookerly-BoldItalic" { 41 | url = "https://jb55.com/s/Bookerly-BoldItalic.ttf"; 42 | sha256 = "d975e3260e26f1b33fc50b00540caece84a0800e9bc900922cf200645e79693f"; 43 | }; 44 | Questrial = 45 | mkfont "Questrial" { 46 | url = "https://jb55.com/s/1ccac9ff5cb42fd7.ttf"; 47 | sha256 = "294729bb4bf3595490d2e3e89928e1754a7bfa91ce91e1e44ecd18c974a6dbbc"; 48 | }; 49 | Comfortaa-Regular = 50 | mkfont "Comfortaa-Regular" { 51 | url = "https://jb55.com/s/a266c50144cbad1a.ttf"; 52 | sha256 = "db5133b6a09c8eba78b29dc05019d8f361f350483d679fd8c668e1c657a303fc"; 53 | }; 54 | 55 | ohsnap = 56 | pkgs.stdenv.mkDerivation rec { 57 | name = "ohsnap-${version}"; 58 | version = "1.7.9"; 59 | 60 | src = pkgs.fetchzip { 61 | url = "https://sourceforge.net/projects/osnapfont/files/${name}.tar.gz"; 62 | sha256 = "0jvgii1sdv3gzmx8k68bd3fp2rmfsdigg67spbi2c83krb1x445v"; 63 | }; 64 | 65 | phases = ["unpackPhase" "installPhase"]; 66 | 67 | installPhase = '' 68 | mkdir -p $out/share/fonts/ohsnap 69 | cp ${src}/* $out/share/fonts/ohsnap 70 | ''; 71 | }; 72 | 73 | myfonts = [ aldrich VarelaRound-Regular Questrial Comfortaa-Regular 74 | Bookerly-Regular Bookerly-RegularItalic Bookerly-Bold Bookerly-BoldItalic ohsnap ]; 75 | in 76 | { 77 | fonts = { 78 | enableFontDir = true; 79 | enableGhostscriptFonts = true; 80 | enableCoreFonts = true; 81 | fontconfig.defaultFonts.serif = [ "Bookerly" ]; 82 | fontconfig.defaultFonts.monospace = [ "Inconsolata" ]; 83 | fontconfig.defaultFonts.sansSerif = [ "Noto Sans" ]; 84 | fonts = with pkgs; [ 85 | aldrich 86 | corefonts 87 | emojione 88 | fira-code 89 | fira-mono 90 | inconsolata 91 | ipafont 92 | kochi-substitute 93 | libertinus 94 | ibm-plex 95 | noto-fonts 96 | noto-fonts-emoji 97 | opensans-ttf 98 | raleway 99 | profont 100 | terminus_font 101 | paratype-pt-mono 102 | source-code-pro 103 | ubuntu_font_family 104 | proggyfonts 105 | ] ++ myfonts; 106 | }; 107 | } 108 | -------------------------------------------------------------------------------- /machines/archer/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let util = extra.util; 4 | private = extra.private; 5 | extras = (rec { ztip = "10.144.14.20"; 6 | nix-serve = { 7 | port = 10845; 8 | bindAddress = ztip; 9 | }; 10 | import-scripts = (import { }).import-scripts; 11 | }) // extra; 12 | in { 13 | imports = [ 14 | ./hardware 15 | (import ./backups extras) 16 | (import ./backups/git.nix extras) 17 | (import ./backups/wiki.nix extras) 18 | (import ./nginx extras) 19 | (import ./trendbot extras) 20 | (import ./transaction-bot extras) 21 | (import ./tunecore-sales-bot extras) 22 | (import ./bandcamp-sales-bot extras) 23 | (import ./youtube-sales-bot extras) 24 | (import ./youtube-pub-sales-bot extras) 25 | (import ./shopify-sales-bot extras) 26 | (import ./itunes-bots extras) 27 | (import ./cogs-bot extras) 28 | (import ) 29 | ]; 30 | 31 | services.printing.drivers = [ pkgs.samsung-unified-linux-driver_4_01_17 ]; 32 | services.mongodb.enable = true; 33 | services.redis = { 34 | enable = true; 35 | bind = extras.ztip; 36 | }; 37 | 38 | services.gitit = rec { 39 | enable = true; 40 | wikiTitle = "Monstercat Wiki"; 41 | requireAuthentication = "none"; 42 | sessionTimeout = 43800; 43 | math = "mathml"; 44 | mathJaxScript = "MathJax/MathJax.js"; 45 | plugins = []; 46 | mailCommand = "/run/current-system/sw/bin/sendmail %s"; 47 | accessQuestion = "Enter 'monstercat' here"; 48 | accessQuestionAnswers = "monstercat"; 49 | staticDir = "/var/lib/gitit-static"; 50 | useFeed = true; 51 | resetPasswordMessage = '' 52 | 53 | > From: gitit@monstercat.com 54 | > To: $useremail$ 55 | > Subject: ${wikiTitle} password reset 56 | > 57 | > Hello $username$, 58 | > 59 | > To reset your password, please follow the link below: 60 | > http://wiki.monstercat.com$resetlink$ 61 | > 62 | > Regards 63 | ''; 64 | }; 65 | 66 | users.extraGroups.gitit.members = [ "jb55" ]; 67 | 68 | services.nginx.httpConfig = '' 69 | server { 70 | listen 80; 71 | server_name pkgs.monster.cat; 72 | 73 | location = / { 74 | return 301 https://github.com/monstercat/monstercatpkgs/archive/master.tar.gz; 75 | } 76 | } 77 | 78 | server { 79 | listen 80; 80 | server_name nixcache.monstercat.com; 81 | 82 | location / { 83 | proxy_pass http://${extras.nix-serve.bindAddress}:${toString extras.nix-serve.port}; 84 | proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 85 | proxy_redirect off; 86 | proxy_buffering off; 87 | proxy_set_header Host $host; 88 | proxy_set_header X-Real-IP $remote_addr; 89 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 90 | } 91 | } 92 | 93 | server { 94 | listen 80; 95 | server_name wiki.monstercat.com wiki.monster.cat; 96 | 97 | location / { 98 | proxy_pass http://localhost:${toString config.services.gitit.port}; 99 | proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 100 | proxy_redirect off; 101 | proxy_buffering off; 102 | proxy_set_header Host $host; 103 | proxy_set_header X-Real-IP $remote_addr; 104 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 105 | } 106 | } 107 | ''; 108 | 109 | services.nix-serve.enable = true; 110 | services.nix-serve.bindAddress = extras.nix-serve.bindAddress; 111 | services.nix-serve.port = extras.nix-serve.port; 112 | 113 | networking.firewall.trustedInterfaces = ["zt0" "zt2"]; 114 | networking.firewall.allowedTCPPorts = [ 22 143 80 ]; 115 | 116 | networking.defaultMailServer = { 117 | directDelivery = private.gmail-user != null || private.gmail-pass != null; 118 | hostName = "smtp.gmail.com:587"; 119 | root = "bill@monstercat.com"; 120 | domain = "monstercat.com"; 121 | useTLS = true; 122 | useSTARTTLS = true; 123 | authUser = private.gmail-user; 124 | authPass = private.gmail-pass; 125 | }; 126 | 127 | services.fcgiwrap.enable = true; 128 | 129 | systemd.services.postgresql.after = [ "zerotierone.service" ]; 130 | 131 | services.postgresql = { 132 | dataDir = "/var/db/postgresql/9.5/"; 133 | enable = true; 134 | # extraPlugins = with pkgs; [ pgmp ]; 135 | authentication = pkgs.lib.mkForce '' 136 | # type db user address method 137 | local all all trust 138 | host all all 10.144.0.0/16 trust 139 | host all all 192.168.1.0/16 trust 140 | 141 | ''; 142 | extraConfig = '' 143 | listen_addresses = '10.144.14.20,192.168.1.49' 144 | ''; 145 | }; 146 | } 147 | -------------------------------------------------------------------------------- /machines/charon/dovecot/filters.sieve: -------------------------------------------------------------------------------- 1 | 2 | require ["regex", "variables","envelope","mailbox","body","fileinto","imap4flags","reject"]; 3 | 4 | if allof (header :contains "from" "Microsoft Canada") { 5 | addflag "\\Seen"; 6 | } 7 | 8 | if header :contains "X-RSS-Feed" "reddit.com" { 9 | fileinto "Reddit"; 10 | } 11 | elsif header :contains "X-RSS-Feed" "arxiv.org" { 12 | fileinto "Arxiv"; 13 | } 14 | elsif header :contains "X-RSS-Feed" "youtube.com" { 15 | fileinto "YouTube"; 16 | } 17 | elsif header :contains "X-RSS-Feed" "ycombinator.com" { 18 | fileinto "HackerNews"; 19 | } 20 | elsif header :contains "from" "user@rss2email.invalid" { 21 | fileinto "RSS"; 22 | } 23 | 24 | if header :contains "list-id" "lobsters-izs7WbyfQp@lobste.rs" { 25 | fileinto "Lists.lobsters"; 26 | } 27 | 28 | if header :contains "from" "nixos1@discoursemail.com" { 29 | fileinto "Lists.nix"; 30 | } 31 | 32 | if header :contains "list-id" "vger.kernel.org" { 33 | fileinto "Lists.lkml"; 34 | } 35 | 36 | if header :contains "list-id" "emacs-devel.gnu.org" { 37 | fileinto "Lists.emacs"; 38 | } 39 | 40 | if header :contains "list-id" "guix-devel.gnu.org" { 41 | fileinto "Lists.guix"; 42 | } 43 | 44 | if header :contains "to" "cryptography@metzdowd.com" { 45 | fileinto "Lists"; 46 | } 47 | 48 | if header :contains "user-agent" "rss2email" { 49 | fileinto "RSS"; 50 | } 51 | 52 | if allof (header :contains "from" "post@tinyportal.net") { 53 | discard; 54 | } 55 | 56 | if allof (header :contains "from" "yahoo.com.hk") { 57 | discard; 58 | } 59 | 60 | # rule:[servers] 61 | if allof (header :contains "from" "noreply@outbound.getsentry.com") { 62 | fileinto "Alerts"; 63 | } 64 | 65 | # rule:[Haskell Streaming] 66 | if header :contains "list-id" 67 | [ "streaming-haskell.googlegroups.com" 68 | , "cabal-devel.haskell.org" 69 | , "commercialhaskell.googlegroups.com" 70 | , "ghc-devs.haskell.org" 71 | , "haskell-cafe.haskell.org" 72 | , "haskell.haskell.org" 73 | , "libraries.haskell.org" 74 | , "haskell-pipes.googlegroups.com" 75 | , "shake-build-system.googlegroups.com" 76 | ] 77 | { 78 | fileinto "Lists.haskell"; 79 | } 80 | 81 | 82 | 83 | # rule:[Alerts] 84 | if allof (header :contains "from" "builds@circleci.com") { 85 | fileinto "Alerts"; 86 | } 87 | 88 | # rule:[bitcoin-dev] 89 | if allof (header :contains "list-id" "bitcoin-dev.lists.linuxfoundation.org") { 90 | fileinto "Lists.bitcoin"; 91 | } 92 | 93 | # rule:[Monstercat] 94 | if allof (header :contains "to" "bill@monstercat.com") { 95 | fileinto "Monstercat"; 96 | } 97 | 98 | # rule:[Updates] 99 | if header :contains "from" [ "no-reply@twitch.tv" 100 | , "notify@twitter.com" 101 | , "info@meetup.com" 102 | , "no-reply@mail.goodreads.com" 103 | ] 104 | { 105 | fileinto "Updates"; 106 | } 107 | 108 | # rule:[WebVR] 109 | if allof (header :contains "list-id" "web-vr-discuss.mozilla.org") { 110 | fileinto "Lists.webvr"; 111 | } 112 | 113 | # rule:[ICN] 114 | if allof (header :contains "list-id" "ccnx.www.ccnx.org") { 115 | fileinto "Lists.icn"; 116 | } 117 | 118 | # rule:[ICN] 119 | if allof (header :contains "list-id" "icnrg.irtf.org") { 120 | fileinto "Lists.icn"; 121 | } 122 | 123 | # rule:[ICN] 124 | if allof (header :contains "list-id" "ccnx.ccnx.org") { 125 | fileinto "Lists.icn"; 126 | } 127 | 128 | # Elm 129 | if header :contains "list-id" [ "elm-discuss", "elm-dev" ] { 130 | fileinto "Lists.elm"; 131 | } 132 | 133 | # GitHub 134 | if header :contains "list-id" 135 | [ "nix.NixOS.github.com" 136 | , "hydra.NixOS.github.com" 137 | , "nix-dev.lists.science.uu.nl" 138 | , "nix-devel.googlegroups.com" 139 | ] 140 | { 141 | fileinto "Lists.nix"; 142 | } 143 | elsif header :contains "list-id" "spacemacs.syl20bnr.github.com" { 144 | fileinto "Lists.spacemacs"; 145 | } 146 | elsif header :contains "list-id" "streaming.michaelt.github.com" { 147 | fileinto "Lists.haskell"; 148 | } 149 | elsif header :contains "list-id" "nixpkgs.NixOS.github.com" { 150 | fileinto "Lists.nixpkgs"; 151 | } 152 | elsif header :contains "from" "notifications@github.com" { 153 | # file into github if it doesn't match any other github lists 154 | fileinto "GitHub"; 155 | } 156 | 157 | # rule:[Updates] 158 | if header :contains "from" "gab.ai" { 159 | fileinto "Updates"; 160 | } 161 | 162 | if header :contains "to" "mention@noreply.github.com" { 163 | addflag "\\Flagged"; 164 | } 165 | 166 | if header :contains "list-id" "ndn-interest.lists.cs.ucla.edu" { 167 | fileinto "Lists.icn"; 168 | } 169 | 170 | # rule:[ats] 171 | if allof (header :contains "list-id" "ats-lang-users.googlegroups.com") { 172 | fileinto "Lists.ats"; 173 | } 174 | 175 | # rule:[shen] 176 | if allof (header :contains "list-id" "qilang.googlegroups.com") { 177 | fileinto "Lists.shen"; 178 | } 179 | 180 | 181 | # rule:[Craigslist] 182 | if allof (header :contains "from" "reply.craigslist.org") { 183 | fileinto "Lists.craigslist"; 184 | } 185 | 186 | 187 | # rule:[Alerts] 188 | if allof (header :contains "from" "noreply@md.getsentry.com") { 189 | fileinto "Alerts"; 190 | } 191 | 192 | -------------------------------------------------------------------------------- /machines/quiver/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | { 4 | imports = [ 5 | ./hardware-configuration.nix 6 | (import ../../misc/msmtp extra) 7 | (import ./networking extra) 8 | (import ../../misc/imap-notifier extra) 9 | (import ./timers extra) 10 | ]; 11 | 12 | environment.systemPackages = with pkgs; [ acpi xorg.xbacklight ]; 13 | 14 | virtualisation.docker.enable = true; 15 | virtualisation.virtualbox.host.enable = true; 16 | users.extraGroups.vboxusers.members = [ "jb55" ]; 17 | 18 | documentation.nixos.enable = false; 19 | 20 | boot.extraModprobeConfig = '' 21 | options thinkpad_acpi enabled=0 22 | ''; 23 | 24 | 25 | # telepathy is a garbage fire 26 | services.telepathy.enable = false; 27 | services.zerotierone.enable = true; 28 | services.mongodb.enable = false; 29 | services.redis.enable = false; 30 | services.keybase.enable = true; 31 | 32 | services.xinetd.enable = true; 33 | services.xinetd.services = [ 34 | { name = "gopher"; 35 | port = 70; 36 | server = "/var/gopher/in.gophernicus"; 37 | serverArgs = "-nf -r /var/gopher"; 38 | extraConfig = '' 39 | disable = no 40 | ''; 41 | } 42 | ]; 43 | 44 | services.xserver.libinput.enable = true; 45 | services.xserver.config = '' 46 | Section "InputClass" 47 | Identifier "Enable libinput for TrackPoint" 48 | MatchProduct "TPPS/2 Elan TrackPoint" 49 | Driver "libinput" 50 | Option "AccelSpeed" "1" 51 | Option "AccelProfile" "flat" 52 | EndSection 53 | 54 | Section "InputClass" 55 | Identifier "Disable TouchPad" 56 | MatchIsTouchpad "on" 57 | Driver "libinput" 58 | Option "Ignore" "true" 59 | EndSection 60 | ''; 61 | 62 | 63 | services.plex = { 64 | enable = false; 65 | openFirewall = true; 66 | }; 67 | 68 | services.nginx.enable = true; 69 | services.nginx.group = "www-data"; 70 | 71 | services.nginx.httpConfig = '' 72 | server { 73 | listen 80; 74 | 75 | root /var/www/share; 76 | 77 | location / { 78 | autoindex on; 79 | } 80 | } 81 | ''; 82 | 83 | systemd.user.services.clightning-rpc-tunnel = { 84 | description = "clightning mainnet rpc tunnel"; 85 | wantedBy = [ "default.target" ]; 86 | after = [ "default.target" ]; 87 | 88 | serviceConfig.ExecStart = extra.util.writeBash "lightning-tunnel" '' 89 | socket=/home/jb55/.lightning-bitcoin-rpc 90 | rm -f $socket 91 | ${pkgs.socat}/bin/socat -d -d UNIX-LISTEN:$socket,reuseaddr,fork TCP:10.147.20.220:7878 92 | ''; 93 | }; 94 | 95 | systemd.user.services.clightning-testnet-rpc-tunnel = { 96 | description = "clightning testnet rpc tunnel"; 97 | wantedBy = [ "default.target" ]; 98 | after = [ "default.target" ]; 99 | 100 | serviceConfig.ExecStart = extra.util.writeBash "lightning-testnet-tunnel" '' 101 | socket=/home/jb55/.lightning-testnet-rpc 102 | rm -f $socket 103 | ${pkgs.socat}/bin/socat -d -d UNIX-LISTEN:$socket,reuseaddr,fork TCP:10.147.20.220:7879 104 | ''; 105 | }; 106 | 107 | systemd.services.blink-led-battery-low = { 108 | description = "blink power led when battery is low"; 109 | wantedBy = [ "default.target" ]; 110 | after = [ "default.target" ]; 111 | 112 | path = with pkgs; [ gnused acpi ]; 113 | 114 | serviceConfig.ExecStart = extra.util.writeBash "battery-power" '' 115 | set -e 116 | 117 | LED=/sys/class/leds/tpacpi::power 118 | LED2=/sys/class/leds/tpacpi::kbd_backlight 119 | 120 | # led will start blinking below this battery % 121 | limit=10 122 | 123 | state="" 124 | 125 | while true 126 | do 127 | percent=$(acpi -b | sed -E -n 's/.* ([0-9]+)%.*/\1/p') 128 | 129 | if [ $percent -lt $limit ] && [ "$state" != "heartbeat" ] 130 | then 131 | printf "battery %d%% < %d%%, setting heartbeat trigger\n" "$percent" "$limit" >&2 132 | echo heartbeat > "$LED"/trigger 133 | echo heartbeat > "$LED2"/trigger 134 | state="heartbeat" 135 | elif [ $percent -ge $limit ] && [ "$state" = "heartbeat" ] 136 | then 137 | printf "battery %d%% >= %d%%, resetting led trigger\n" "$percent" "$limit" >&2 138 | echo none > "$LED"/trigger 139 | echo none > "$LED2"/trigger 140 | cat "$LED"/max_brightness > "$LED"/brightness 141 | state="" 142 | fi 143 | sleep 10 144 | done 145 | ''; 146 | }; 147 | 148 | services.hydra.enable = false; 149 | services.hydra.dbi = "dbi:Pg:dbname=hydra;host=localhost;user=postgres;"; 150 | services.hydra.hydraURL = "localhost"; 151 | services.hydra.notificationSender = "hydra@quiver"; 152 | services.hydra.buildMachinesFiles = []; 153 | services.hydra.useSubstitutes = true; 154 | 155 | users.extraGroups.hydra.members = [ "jb55" ]; 156 | users.extraGroups.www-data.members = [ "jb55" ]; 157 | 158 | # https://github.com/nmikhailov/Validity90 # driver not done yet 159 | services.fprintd.enable = false; 160 | 161 | services.tor.enable = true; 162 | services.tor.controlPort = 9051; 163 | 164 | services.autorandr.enable = true; 165 | services.acpid.enable = false; 166 | powerManagement.enable = false; 167 | 168 | networking.wireless.enable = true; 169 | 170 | services.postgresql = { 171 | dataDir = "/var/db/postgresql/10/"; 172 | enable = true; 173 | package = pkgs.postgresql_10; 174 | # extraPlugins = with pkgs; [ pgmp ]; 175 | authentication = pkgs.lib.mkForce '' 176 | # type db user address method 177 | local all all trust 178 | host all all localhost trust 179 | ''; 180 | # extraConfig = '' 181 | # listen_addresses = '172.24.172.226,127.0.0.1' 182 | # ''; 183 | }; 184 | 185 | } 186 | -------------------------------------------------------------------------------- /machines/monad/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let util = extra.util; 4 | nix-serve = extra.machine.nix-serve; 5 | zenstates = pkgs.fetchFromGitHub { 6 | owner = "r4m0n"; 7 | repo = "ZenStates-Linux"; 8 | rev = "0bc27f4740e382f2a2896dc1dabfec1d0ac96818"; 9 | sha256 = "1h1h2n50d2cwcyw3zp4lamfvrdjy1gjghffvl3qrp6arfsfa615y"; 10 | }; 11 | email-notify = util.writeBash "email-notify-user" '' 12 | export HOME=/home/jb55 13 | export PATH=${lib.makeBinPath (with pkgs; [ eject libnotify muchsync notmuch openssh ])}:$PATH 14 | ( 15 | flock -x -w 100 200 || exit 1 16 | 17 | muchsync charon 18 | 19 | #DISPLAY=:0 notify-send --category=email "you got mail" 20 | 21 | ) 200>/tmp/email-notify.lock 22 | ''; 23 | in 24 | { 25 | imports = [ 26 | ./hardware 27 | ./bitcoin.nix 28 | #(import ../../misc/dnsmasq-adblock.nix) 29 | (import ../../misc/msmtp extra) 30 | (import ./networking extra) 31 | (import ../../misc/imap-notifier extra) 32 | ]; 33 | 34 | 35 | 36 | 37 | services.dnsmasq.enable = true; 38 | services.dnsmasq.resolveLocalQueries = true; 39 | services.dnsmasq.servers = ["1.1.1.1" "8.8.8.8"]; 40 | services.dnsmasq.extraConfig = '' 41 | cache-size=10000 42 | addn-hosts=/var/hosts 43 | conf-file=/var/dnsmasq-hosts 44 | conf-file=/var/distracting-hosts 45 | ''; 46 | 47 | 48 | systemd.services.block-distracting-hosts = { 49 | description = "Block Distracting Hosts"; 50 | 51 | wantedBy = [ "default.target" ]; 52 | after = [ "default.target" ]; 53 | 54 | path = with pkgs; [ systemd procps ]; 55 | 56 | serviceConfig.ExecStart = util.writeBash "block-distracting-hosts" '' 57 | set -e 58 | cp /var/undistracting-hosts /var/distracting-hosts 59 | 60 | # crude way to clear the cache... 61 | systemctl restart dnsmasq 62 | pkill qutebrowser 63 | ''; 64 | 65 | startAt = "Mon..Fri *-*-* 09:00:00"; 66 | }; 67 | 68 | 69 | systemd.services.unblock-distracting-hosts = { 70 | description = "Unblock Distracting Hosts"; 71 | 72 | wantedBy = [ "default.target" ]; 73 | after = [ "default.target" ]; 74 | 75 | path = with pkgs; [ systemd ]; 76 | 77 | serviceConfig.ExecStart = util.writeBash "unblock-distracting-hosts" '' 78 | set -e 79 | echo "" > /var/distracting-hosts 80 | systemctl restart dnsmasq 81 | ''; 82 | 83 | startAt = "Mon..Fri *-*-* 17:00:00"; 84 | }; 85 | 86 | 87 | virtualisation.virtualbox.host.enable = true; 88 | virtualisation.virtualbox.host.enableHardening = true; 89 | #virtualization.virtualbox.host.enableExtensionPack = true; 90 | users.extraUsers.jb55.extraGroups = [ "vboxusers" ]; 91 | 92 | services.xserver.videoDrivers = [ "nvidiaBeta" ]; 93 | 94 | users.extraGroups.tor.members = [ "jb55" "nginx" ]; 95 | users.extraGroups.nginx.members = [ "jb55" ]; 96 | users.extraGroups.transmission.members = [ "nginx" "jb55" ]; 97 | 98 | programs.mosh.enable = false; 99 | 100 | documentation.nixos.enable = false; 101 | 102 | services.trezord.enable = true; 103 | services.redis.enable = false; 104 | services.zerotierone.enable = true; 105 | services.mongodb.enable = false; 106 | 107 | services.tor.enable = true; 108 | services.tor.controlPort = 9051; 109 | services.tor.extraConfig = extra.private.tor.extraConfig; 110 | 111 | services.fcgiwrap.enable = true; 112 | 113 | services.nix-serve.enable = false; 114 | services.nix-serve.bindAddress = nix-serve.bindAddress; 115 | services.nix-serve.port = nix-serve.port; 116 | 117 | services.nginx.enable = true; 118 | services.nginx.httpConfig = '' 119 | server { 120 | listen 80 default_server; 121 | server_name _; 122 | root /www/public; 123 | index index.html index.htm; 124 | location / { 125 | try_files $uri $uri/ =404; 126 | } 127 | } 128 | 129 | server { 130 | listen 80; 131 | server_name matrix.monad; 132 | 133 | root ${pkgs.riot-web}; 134 | index index.html index.htm; 135 | location / { 136 | 137 | try_files $uri $uri/ =404; 138 | } 139 | } 140 | 141 | '' + (if config.services.nix-serve.enable then '' 142 | server { 143 | listen ${nix-serve.bindAddress}:80; 144 | server_name cache.monad.jb55.com; 145 | 146 | location / { 147 | proxy_pass http://${nix-serve.bindAddress}:${toString nix-serve.port}; 148 | proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 149 | proxy_redirect off; 150 | proxy_buffering off; 151 | proxy_set_header Host $host; 152 | proxy_set_header X-Real-IP $remote_addr; 153 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 154 | } 155 | } 156 | '' else "") + (if config.services.tor.enable then extra.private.tor.nginx else ""); 157 | 158 | services.footswitch = { 159 | enable = false; 160 | enable-led = true; 161 | led = "input5::numlock"; 162 | }; 163 | 164 | systemd.services.disable-c6 = { 165 | description = "Ryzen Disable C6 State"; 166 | 167 | wantedBy = [ "basic.target" ]; 168 | after = [ "sysinit.target" "local-fs.target" ]; 169 | 170 | serviceConfig.Type = "oneshot"; 171 | serviceConfig.ExecStart = util.writeBash "disable-c6-state" '' 172 | ${pkgs.kmod}/bin/modprobe msr 173 | ${pkgs.python2}/bin/python ${zenstates}/zenstates.py --c6-disable --list 174 | ''; 175 | }; 176 | 177 | services.postgresql = { 178 | dataDir = "/var/db/postgresql/100/"; 179 | enable = true; 180 | package = pkgs.postgresql_10; 181 | # extraPlugins = with pkgs; [ pgmp ]; 182 | authentication = pkgs.lib.mkForce '' 183 | # type db user address method 184 | local all all trust 185 | host all all 127.0.0.1/32 trust 186 | host all all 192.168.86.0/24 trust 187 | ''; 188 | extraConfig = '' 189 | listen_addresses = '0.0.0.0' 190 | ''; 191 | }; 192 | 193 | # security.pam.u2f = { 194 | # enable = true; 195 | # interactive = true; 196 | # cue = true; 197 | # control = "sufficient"; 198 | # authfile = "${pkgs.writeText "pam-u2f-config" '' 199 | # jb55:vMXUgYb1ytYmOVgqFDwVOxJmvVI9F3gdSJVbvsi1A1VA-3mftTUhgARo4Kmm_8SAH6IJJ8p3LSXPSbtTSXMIpQ,04d8c1542a7391ee83112a577db968b84351f0090a9abe7c75bedcd94777cf15727c68ce4ac8858ff2812ded3c86d978efc5893b25cf906032632019fe792d3ec4 200 | # ''}"; 201 | # }; 202 | 203 | } 204 | -------------------------------------------------------------------------------- /services/desktop/networking/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let 4 | chromecastIP = "192.168.86.190"; 5 | iptables = "iptables -A nixos-fw"; 6 | ipr = "${pkgs.iproute}/bin/ip"; 7 | writeBash = extra.util.writeBash; 8 | vpn = { 9 | name = "pia"; 10 | table = "300"; 11 | credfile = pkgs.writeText "vpncreds" '' 12 | ${extra.private.vpncred.user} 13 | ${extra.private.vpncred.pass} 14 | ''; 15 | routeup = writeBash "openvpn-pia-routeup" '' 16 | ${pkgs.iproute}/bin/ip route add default via $route_vpn_gateway dev $dev metric 1 table ${vpn.table} 17 | exit 0 18 | ''; 19 | # up = writeBash "openvpn-pia-preup" config.services.openvpn.servers.pia.up; 20 | # down = writeBash "openvpn-pia-stop" config.services.openvpn.servers.pia.down; 21 | }; 22 | 23 | in 24 | { 25 | #networking.nameservers = [ "1.1.1.1" "8.8.8.8" ]; 26 | 27 | networking.firewall.extraCommands = 28 | # openvpn stuff, we only want to do this once 29 | if config.services.openvpn.servers.pia != null then '' 30 | # mangle packets in cgroup with a mark 31 | iptables -t mangle -A OUTPUT -m cgroup --cgroup 11 -j MARK --set-mark 11 32 | 33 | # NAT packets in cgroup through VPN tun interface 34 | iptables -t nat -A POSTROUTING -m cgroup --cgroup 11 -o tun0 -j MASQUERADE 35 | 36 | # create separate routing table 37 | ${ipr} rule add fwmark 11 table ${vpn.table} 38 | 39 | # add fallback route that blocks traffic, should the VPN go down 40 | ${ipr} route add blackhole default metric 2 table ${vpn.table} 41 | '' else ""; 42 | 43 | users.extraGroups.vpn-pia.members = [ "jb55" "transmission" ]; 44 | systemd.services.openvpn-pia.path = [ pkgs.libcgroup ]; 45 | services.openvpn.servers = { 46 | pia = { 47 | autoStart = true; 48 | 49 | config = '' 50 | client 51 | dev tun 52 | proto udp 53 | remote 172.83.40.224 1194 54 | resolv-retry infinite 55 | remote-random 56 | nobind 57 | tun-mtu 1500 58 | tun-mtu-extra 32 59 | mssfix 1450 60 | persist-key 61 | persist-tun 62 | ping 15 63 | ping-restart 0 64 | ping-timer-rem 65 | reneg-sec 0 66 | 67 | auth-user-pass ${vpn.credfile} 68 | route-noexec 69 | route-up ${vpn.routeup} 70 | 71 | remote-cert-tls server 72 | 73 | # Compress-lzo is not compactible with 2.3 clients so using deprecated comp-lzo 74 | comp-lzo no 75 | verb 3 76 | pull 77 | fast-io 78 | cipher AES-256-CBC 79 | auth SHA512 80 | 81 | 82 | -----BEGIN CERTIFICATE----- 83 | MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ 84 | MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2 85 | MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV 86 | BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI 87 | hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF 88 | kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr 89 | XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU 90 | eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV 91 | skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu 92 | MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA 93 | 37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR 94 | hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s 95 | Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy 96 | WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6 97 | MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST 98 | LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG 99 | SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g 100 | nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/ 101 | k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S 102 | DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/ 103 | pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo 104 | k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp 105 | +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd 106 | NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa 107 | wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC 108 | VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S 109 | PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA== 110 | -----END CERTIFICATE----- 111 | 112 | key-direction 1 113 | 114 | # 115 | # 2048 bit OpenVPN static key 116 | # 117 | -----BEGIN OpenVPN Static key V1----- 118 | e685bdaf659a25a200e2b9e39e51ff03 119 | 0fc72cf1ce07232bd8b2be5e6c670143 120 | f51e937e670eee09d4f2ea5a6e4e6996 121 | 5db852c275351b86fc4ca892d78ae002 122 | d6f70d029bd79c4d1c26cf14e9588033 123 | cf639f8a74809f29f72b9d58f9b8f5fe 124 | fc7938eade40e9fed6cb92184abb2cc1 125 | 0eb1a296df243b251df0643d53724cdb 126 | 5a92a1d6cb817804c4a9319b57d53be5 127 | 80815bcfcb2df55018cc83fc43bc7ff8 128 | 2d51f9b88364776ee9d12fc85cc7ea5b 129 | 9741c4f598c485316db066d52db4540e 130 | 212e1518a9bd4828219e24b20d88f598 131 | a196c9de96012090e333519ae18d3509 132 | 9427e7b372d348d352dc4c85e18cd4b9 133 | 3f8a56ddb2e64eb67adfc9b337157ff4 134 | -----END OpenVPN Static key V1----- 135 | 136 | ''; 137 | 138 | up = '' 139 | # enable ip forwarding 140 | echo 1 > /proc/sys/net/ipv4/ip_forward 141 | 142 | # create cgroup for 3rd party VPN (can change 'vpn' to your name of choice) 143 | mkdir -p /sys/fs/cgroup/net_cls/${vpn.name} 144 | 145 | # give it an arbitrary id 146 | echo 11 > /sys/fs/cgroup/net_cls/${vpn.name}/net_cls.classid 147 | 148 | # grant a non-root user access 149 | cgcreate -t jb55:vpn-pia -a jb55:vpn-pia -g net_cls:${vpn.name} 150 | 151 | # disable reverse path filtering for all interfaces 152 | for i in /proc/sys/net/ipv4/conf\/*/rp_filter; do echo 0 > $i; done 153 | ''; 154 | 155 | down = '' 156 | echo 0 > /proc/sys/net/ipv4/ip_forward 157 | 158 | cgdelete -g net_cls:${vpn.name} 159 | 160 | # not sure if cgdelete does this... 161 | rm -rf /sys/fs/cgroup/net_cls/${vpn.name} 162 | ''; 163 | }; 164 | }; 165 | 166 | networking.firewall.checkReversePath = false; 167 | networking.firewall.logReversePathDrops = true; 168 | 169 | systemd.services.transmission.requires = [ "openvpn-pia.service" ]; 170 | systemd.services.transmission.after = [ "openvpn-pia.service" ]; 171 | #systemd.services.transmission.serviceConfig.User = lib.mkForce "root"; 172 | systemd.services.transmission.serviceConfig.ExecStart = lib.mkForce ( 173 | writeBash "start-transmission-under-vpn" '' 174 | ${pkgs.libcgroup}/bin/cgexec --sticky -g net_cls:pia \ 175 | #${pkgs.sudo}/bin/sudo -u transmission \ 176 | ${pkgs.transmission}/bin/transmission-daemon \ 177 | -f \ 178 | --port ${toString config.services.transmission.port}; 179 | '' 180 | ); 181 | 182 | 183 | } 184 | -------------------------------------------------------------------------------- /services/desktop/default.nix: -------------------------------------------------------------------------------- 1 | { composeKey, util, userConfig, theme, icon-theme, extra }: 2 | { config, lib, pkgs, ... }: 3 | let 4 | clippings-pl-file = pkgs.fetchurl { 5 | url = "https://raw.githubusercontent.com/jb55/kindle-clippings/master/clippings.pl"; 6 | sha256 = "13bn5lvm4p85369yj88jr62h3zalmmyrzmjc332qwlqgqhyf3dls"; 7 | }; 8 | clippings-pl = util.writeBash "clippings.pl" '' 9 | ${lib.getBin pkgs.perl}/bin/perl ${clippings-pl-file} 10 | ''; 11 | clipmenu = pkgs.callPackage ../../nixpkgs/clipmenu {}; 12 | 13 | secrets = extra.private; 14 | in 15 | { 16 | imports = [ 17 | (import ./networking extra) 18 | ]; 19 | 20 | services.gnome3.gnome-keyring.enable = true; 21 | 22 | services.trezord.enable = true; 23 | 24 | programs.gnupg.trezor-agent = { 25 | enable = true; 26 | configPath = "/home/jb55/.gnupg/trezor"; 27 | }; 28 | 29 | services.emacs.enable = true; 30 | services.emacs.install = true; 31 | 32 | systemd.user.services.emacs.path = with pkgs; [ bash nix ]; 33 | systemd.user.services.emacs.serviceConfig.ExecStart = 34 | let 35 | cfg = config.services.emacs; 36 | in 37 | lib.mkForce ( 38 | pkgs.writeScript "start-emacs" '' 39 | #!/usr/bin/env bash 40 | source ${config.system.build.setEnvironment} 41 | 42 | # hacky af 43 | export NIX_PATH=dotfiles=/home/jb55/dotfiles:jb55pkgs=/home/jb55/etc/jb55pkgs:monstercatpkgs=/home/jb55/etc/monstercatpkgs:nixos-config=/home/jb55/etc/nix-files:nixpkgs=/home/jb55/nixpkgs:/home/jb55/.nix-defexpr/channels:nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels 44 | export NIXPKGS=/home/jb55/nixpkgs 45 | 46 | exec /home/jb55/bin/all-dev --run 'exec ${cfg.package}/bin/emacs --daemon'; 47 | '' 48 | ); 49 | 50 | services.redshift = { 51 | enable = true; 52 | temperature.day = 5700; 53 | temperature.night = 3900; 54 | # gamma=0.8 55 | 56 | brightness = { 57 | day = "1.0"; 58 | night = "0.6"; 59 | }; 60 | 61 | latitude="49.270186"; 62 | longitude="-123.109353"; 63 | }; 64 | 65 | systemd.user.services.udiskie = { 66 | enable = true; 67 | description = "userspace removable drive automounter"; 68 | after = [ "multi-user.target" ]; 69 | wants = [ "multi-user.target" ]; 70 | wantedBy = [ "multi-user.target" ]; 71 | serviceConfig = { 72 | Type = "simple"; 73 | ExecStart = "${lib.getBin pkgs.udiskie}/bin/udiskie"; 74 | }; 75 | }; 76 | 77 | systemd.user.services.kindle-sync3 = { 78 | enable = true; 79 | description = "sync kindle"; 80 | after = [ "media-kindle.mount" ]; 81 | requires = [ "media-kindle.mount" ]; 82 | wantedBy = [ "media-kindle.mount" ]; 83 | serviceConfig = { 84 | ExecStart = util.writeBash "kindle-sync" '' 85 | export PATH=${lib.makeBinPath (with pkgs; [ coreutils eject perl dos2unix git ])}:$PATH 86 | NOTES=/home/jb55/doc/notes/kindle 87 | mkdir -p $NOTES 88 | $NOTES/clippings.yml 90 | cd $NOTES 91 | if [ ! -d ".git" ]; then 92 | git init . 93 | git remote add origin gh:jb55/my-clippings 94 | fi 95 | git add clippings.yml 96 | git commit -m "update" 97 | git push -u origin master 98 | ''; 99 | }; 100 | }; 101 | 102 | services.mpd = { 103 | enable = false; 104 | dataDir = "/home/jb55/mpd"; 105 | user = "jb55"; 106 | group = "users"; 107 | extraConfig = '' 108 | audio_output { 109 | type "pulse" 110 | name "Local MPD" 111 | server "127.0.0.1" 112 | } 113 | ''; 114 | }; 115 | 116 | services.udev.extraRules = '' 117 | # yubikey neo 118 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0116", MODE="0666" 119 | 120 | # yubikey4 121 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0407", MODE="0666" 122 | 123 | # kindle 124 | ATTRS{idVendor}=="1949", ATTRS{idProduct}=="0004", SYMLINK+="kindle" 125 | ATTRS{idVendor}=="1949", ATTRS{idProduct}=="0003", SYMLINK+="kindledx" 126 | 127 | ''; 128 | 129 | services.xserver = { 130 | enable = true; 131 | layout = "us"; 132 | 133 | # xset r rate 200 50 134 | autoRepeatDelay = 200; 135 | autoRepeatInterval = 50; 136 | 137 | xkbOptions = "terminate:ctrl_alt_bksp, ctrl:nocaps, keypad:hex, altwin:swap_alt_win, lv3:ralt_switch, compose:${composeKey}"; 138 | 139 | wacom.enable = true; 140 | 141 | desktopManager = { 142 | default = "none"; 143 | xterm.enable = false; 144 | }; 145 | 146 | displayManager = { 147 | sessionCommands = "${userConfig}/bin/xinitrc"; 148 | lightdm = { 149 | enable = true; 150 | background = "${pkgs.fetchurl { 151 | url = "https://jb55.com/img/haskell-space.jpg"; 152 | sha256 = "e08d82e184f34e6a6596faa2932ea9699da9b9a4fbbd7356c344e9fb90473482"; 153 | }}"; 154 | greeters.gtk = { 155 | theme = theme; 156 | # iconTheme = icon-theme; 157 | }; 158 | }; 159 | }; 160 | 161 | screenSection = '' 162 | Option "metamodes" "1920x1080 +0+0" 163 | Option "dpi" "96 x 96" 164 | ''; 165 | 166 | windowManager = { 167 | xmonad = { 168 | enable = true; 169 | enableContribAndExtras = true; 170 | }; 171 | default = "xmonad"; 172 | }; 173 | }; 174 | 175 | # Enable the OpenSSH daemon. 176 | # Enable CUPS to print documents. 177 | services.printing = { 178 | enable = true; 179 | drivers = [ pkgs.gutenprint ] ; 180 | }; 181 | 182 | systemd.user.services.urxvtd = { 183 | enable = true; 184 | description = "RXVT-Unicode Daemon"; 185 | wantedBy = [ "default.target" ]; 186 | after = [ "default.target" ]; 187 | path = [ pkgs.rxvt_unicode-with-plugins ]; 188 | serviceConfig = { 189 | Restart = "always"; 190 | ExecStart = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtd -q -o"; 191 | }; 192 | }; 193 | 194 | systemd.user.services.xautolock = { 195 | enable = true; 196 | description = "X auto screen locker"; 197 | wantedBy = [ "graphical-session.target" ]; 198 | after = [ "graphical-session.target" ]; 199 | serviceConfig.ExecStart = "${pkgs.xautolock}/bin/xautolock -time 10 -locker slock"; 200 | }; 201 | 202 | services.clipmenu.enable = true; 203 | 204 | environment.systemPackages = [pkgs.phonectl]; 205 | systemd.user.services.phonectl = { 206 | enable = true; 207 | description = "phonectl"; 208 | wantedBy = [ "graphical-session.target" ]; 209 | after = [ "graphical-session.target" ]; 210 | 211 | serviceConfig.ExecStart = "${pkgs.phonectl}/bin/phonectld"; 212 | 213 | environment = with secrets.phonectl; { 214 | PHONECTLUSER=user; 215 | PHONECTLPASS=pass; 216 | PHONECTLPHONE=phone; 217 | }; 218 | }; 219 | 220 | # TODO: maybe doesn't have my package env 221 | systemd.user.services.xbindkeys = { 222 | enable = true; 223 | description = "X key bind helper"; 224 | wantedBy = [ "graphical-session.target" ]; 225 | after = [ "graphical-session.target" ]; 226 | serviceConfig.ExecStart = "${pkgs.xbindkeys}/bin/xbindkeys -n -f ${pkgs.jb55-dotfiles}/.xbindkeysrc"; 227 | }; 228 | 229 | # TODO: maybe doesn't have my package env 230 | systemd.user.services.twmnd = { 231 | enable = true; 232 | 233 | description = "tiling window manager notifier"; 234 | wantedBy = [ "graphical-session.target" ]; 235 | after = [ "graphical-session.target" ]; 236 | serviceConfig.ExecStart = "${pkgs.twmn}/bin/twmnd"; 237 | }; 238 | 239 | systemd.user.services.xinitrc = { 240 | enable = true; 241 | description = "X session init commands"; 242 | wantedBy = [ "graphical-session.target" ]; 243 | after = [ "graphical-session.target" ]; 244 | 245 | serviceConfig = { 246 | Type = "oneshot"; 247 | RemainAfterExit = true; 248 | ExecStart = "${userConfig}/bin/xinitrc"; 249 | }; 250 | }; 251 | 252 | } 253 | -------------------------------------------------------------------------------- /services/mailz/default.nix: -------------------------------------------------------------------------------- 1 | 2 | { config, lib, pkgs, ... }: 3 | 4 | with lib; 5 | 6 | let 7 | cfg = config.services.mailz; 8 | mailbox = name: '' 9 | mailbox ${name} { 10 | auto = subscribe 11 | } 12 | ''; 13 | 14 | # Convert: 15 | # 16 | # { 17 | # a = { aliases = [ "x", "y" ]; }; 18 | # b = { aliases = [ "x" ]; }; 19 | # } 20 | # 21 | # To: 22 | # 23 | # { 24 | # x = [ "a" "b" ]; 25 | # y = [ "a" ]; 26 | # } 27 | aliases = foldAttrs (user: users: [user] ++ users) [ ] 28 | (flatten (flip mapAttrsToList cfg.users 29 | (user: options: flip map options.aliases 30 | (alias: { ${alias} = user; })))); 31 | 32 | files = { 33 | credentials = pkgs.writeText "credentials" 34 | (concatStringsSep "\n" 35 | (flip mapAttrsToList cfg.users 36 | (user: options: "${user}@${cfg.domain} ${options.password}"))); 37 | 38 | users = pkgs.writeText "users" 39 | (concatStringsSep "\n" 40 | (flip mapAttrsToList cfg.users 41 | (user: options: "${user}:${options.password}:::::"))); 42 | 43 | recipients = pkgs.writeText "recipients" 44 | (concatStringsSep "\n" 45 | (map (user: "${user}@${cfg.domain}") 46 | (attrNames cfg.users ++ flatten ((flip mapAttrsToList) cfg.users 47 | (user: options: options.aliases))))); 48 | 49 | aliases = pkgs.writeText "aliases" 50 | (concatStringsSep "\n" 51 | (flip mapAttrsToList aliases 52 | (alias: users: "${alias} ${concatStringsSep "," users}"))); 53 | 54 | spamassassinSieve = pkgs.writeText "spamassassin.sieve" '' 55 | require "fileinto"; 56 | if header :contains "X-Spam-Flag" "YES" { 57 | fileinto "Spam"; 58 | } 59 | ''; 60 | 61 | # From 62 | regex = pkgs.writeText "filter-regex.conf" '' 63 | helo ! ^\[ 64 | helo ^\. 65 | helo \.$ 66 | helo ^[^\.]*$ 67 | ''; 68 | }; 69 | 70 | in 71 | 72 | { 73 | options = { 74 | services.mailz = { 75 | domain = mkOption { 76 | default = cfg.networking.hostName; 77 | type = types.str; 78 | description = "Domain for this mail server."; 79 | }; 80 | 81 | enable = mkEnableOption "enable mailz: self-hosted email"; 82 | 83 | user = mkOption { 84 | default = "vmail"; 85 | type = types.str; 86 | }; 87 | 88 | sieves = mkOption { 89 | default = ""; 90 | type = types.str; 91 | }; 92 | 93 | group = mkOption { 94 | default = "vmail"; 95 | type = types.str; 96 | }; 97 | 98 | uid = mkOption { 99 | default = 2000; 100 | type = types.int; 101 | }; 102 | 103 | gid = mkOption { 104 | default = 2000; 105 | type = types.int; 106 | }; 107 | 108 | dkimDirectory = mkOption { 109 | default = "/var/lib/dkim"; 110 | type = types.str; 111 | description = "Where to store DKIM keys."; 112 | }; 113 | 114 | dkimBits = mkOption { 115 | type = types.int; 116 | default = 2048; 117 | description = "Size of the generated DKIM key."; 118 | }; 119 | 120 | users = mkOption { 121 | default = { }; 122 | type = types.loaOf types.optionSet; 123 | description = '' 124 | Attribute set of users. 125 | ''; 126 | 127 | options = { 128 | password = mkOption { 129 | type = types.str; 130 | description = '' 131 | The user password, generated with 132 | smtpctl encrypt. 133 | ''; 134 | }; 135 | 136 | aliases = mkOption { 137 | type = types.listOf types.str; 138 | default = [ ]; 139 | example = [ "postmaster" ]; 140 | description = "A list of aliases for this user."; 141 | }; 142 | }; 143 | 144 | example = { 145 | "foo" = { 146 | password = "encrypted"; 147 | aliases = [ "postmaster" ]; 148 | }; 149 | "bar" = { 150 | password = "encrypted"; 151 | }; 152 | }; 153 | }; 154 | }; 155 | }; 156 | 157 | config = mkIf (cfg.enable && cfg.users != { }) { 158 | nixpkgs.config.packageOverrides = pkgs: { 159 | opensmtpd = pkgs.callPackage ./opensmtpd.nix { }; 160 | opensmtpd-extras = pkgs.opensmtpd-extras.override { 161 | # Needed to have PRNG working in chroot (for dkim-signer) 162 | openssl = pkgs.libressl; 163 | }; 164 | }; 165 | 166 | system.activationScripts.mailz = '' 167 | # Make sure SpamAssassin database is present 168 | if ! [ -d /etc/spamassassin ]; then 169 | cp -r ${pkgs.spamassassin}/share/spamassassin /etc 170 | fi 171 | 172 | # Make sure a DKIM private key exist 173 | if ! [ -d ${cfg.dkimDirectory}/${cfg.domain} ]; then 174 | mkdir -p ${cfg.dkimDirectory}/${cfg.domain} 175 | chmod 700 ${cfg.dkimDirectory}/${cfg.domain} 176 | ${pkgs.opendkim}/bin/opendkim-genkey --bits ${toString cfg.dkimBits} --domain ${cfg.domain} --directory ${cfg.dkimDirectory}/${cfg.domain} 177 | fi 178 | ''; 179 | 180 | services.spamassassin.enable = true; 181 | 182 | services.opensmtpd = { 183 | enable = true; 184 | serverConfiguration = '' 185 | filter filter-pause pause 186 | filter filter-regex regex "${files.regex}" 187 | filter filter-spamassassin spamassassin "-s accept" 188 | filter filter-dkim-signer dkim-signer "-d ${cfg.domain}" "-p${cfg.dkimDirectory}/${cfg.domain}/default.private" 189 | filter in chain filter-regex filter-spamassassin 190 | filter out chain filter-dkim-signer 191 | 192 | pki ${cfg.domain} certificate "${config.security.acme.directory}/${cfg.domain}/fullchain.pem" 193 | pki ${cfg.domain} key "${config.security.acme.directory}/${cfg.domain}/key.pem" 194 | 195 | table credentials file:${files.credentials} 196 | table recipients file:${files.recipients} 197 | table aliases file:${files.aliases} 198 | 199 | listen on 0.0.0.0 port 25 hostname ${cfg.domain} filter in tls pki ${cfg.domain} 200 | listen on 0.0.0.0 port 12566 hostname ${cfg.domain} filter out tls-require pki ${cfg.domain} auth 201 | 202 | accept from any for domain "${cfg.domain}" recipient alias deliver to lmtp localhost:24 203 | accept from local for any relay 204 | ''; 205 | procPackages = [ pkgs.opensmtpd-extras ]; 206 | }; 207 | 208 | services.dovecot2 = { 209 | enable = true; 210 | enablePop3 = false; 211 | enableLmtp = true; 212 | mailLocation = "maildir:/var/spool/mail/%n"; 213 | mailUser = cfg.user; 214 | mailGroup = cfg.group; 215 | modules = [ pkgs.dovecot_pigeonhole ]; 216 | sslServerCert = "${config.security.acme.directory}/${cfg.domain}/fullchain.pem"; 217 | sslServerKey = "${config.security.acme.directory}/${cfg.domain}/key.pem"; 218 | enablePAM = false; 219 | sieveScripts = { 220 | before = files.spamassassinSieve; 221 | before2 = pkgs.writeText "sieves" cfg.sieves; 222 | }; 223 | extraConfig = '' 224 | postmaster_address = postmaster@${cfg.domain} 225 | mail_attribute_dict = file:/var/spool/mail/%n/dovecot-attributes 226 | 227 | service lmtp { 228 | inet_listener lmtp { 229 | address = 127.0.0.1 ::1 230 | port = 24 231 | } 232 | } 233 | 234 | service imap-login { 235 | inet_listener imaps { 236 | port = 12788 237 | ssl = yes 238 | } 239 | } 240 | 241 | userdb { 242 | driver = passwd-file 243 | args = username_format=%n ${files.users} 244 | default_fields = uid=${cfg.user} gid=${cfg.user} home=/var/spool/mail/%n 245 | } 246 | 247 | passdb { 248 | driver = passwd-file 249 | args = username_format=%n ${files.users} 250 | } 251 | 252 | namespace inbox { 253 | inbox = yes 254 | 255 | mailbox Sent { 256 | auto = subscribe 257 | special_use = \Sent 258 | } 259 | 260 | mailbox Drafts { 261 | auto = subscribe 262 | special_use = \Drafts 263 | } 264 | 265 | mailbox Spam { 266 | auto = subscribe 267 | special_use = \Junk 268 | } 269 | 270 | mailbox Trash { 271 | auto = subscribe 272 | special_use = \Trash 273 | } 274 | 275 | mailbox Archives { 276 | auto = subscribe 277 | special_use = \Archive 278 | } 279 | 280 | ${mailbox "Alerts"} 281 | ${mailbox "RSS"} 282 | ${mailbox "GitHub"} 283 | ${mailbox "Lists"} 284 | ${mailbox "YouTube"} 285 | ${mailbox "Lists.ats"} 286 | ${mailbox "Arxiv"} 287 | ${mailbox "Reddit"} 288 | ${mailbox "Lists.lobsters"} 289 | ${mailbox "Lists.icn"} 290 | ${mailbox "HackerNews"} 291 | ${mailbox "Lists.craigslist"} 292 | ${mailbox "Lists.bitcoin"} 293 | ${mailbox "Lists.elm"} 294 | ${mailbox "Lists.emacs"} 295 | ${mailbox "Lists.guix"} 296 | ${mailbox "Lists.haskell"} 297 | ${mailbox "Lists.lkml"} 298 | ${mailbox "Lists.nix"} 299 | ${mailbox "Lists.nixpkgs"} 300 | ${mailbox "Lists.shen"} 301 | ${mailbox "Lists.spacemacs"} 302 | ${mailbox "Monstercat"} 303 | ${mailbox "Updates"} 304 | 305 | } 306 | 307 | protocol lmtp { 308 | mail_plugins = $mail_plugins sieve notify push_notification 309 | } 310 | 311 | protocol imap { 312 | imap_metadata = yes 313 | } 314 | ''; 315 | }; 316 | 317 | # users.extraUsers = optional (cfg.user == "vmail") { 318 | # name = "vmail"; 319 | # uid = cfg.uid; 320 | # group = cfg.group; 321 | # }; 322 | 323 | # users.extraGroups = optional (cfg.group == "vmail") { 324 | # name = "vmail"; 325 | # gid = cfg.gid; 326 | # }; 327 | 328 | networking.firewall.allowedTCPPorts = [ 25 ]; 329 | }; 330 | } 331 | -------------------------------------------------------------------------------- /nixpkgs/config.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | let monstercatPkgs = import { inherit pkgs; }; 3 | haskellOverrides = import ./haskell-overrides { inherit monstercatPkgs; }; 4 | jb55pkgs = import { nixpkgs = pkgs; }; 5 | callPackage = pkgs.callPackage; 6 | doJailbreak = pkgs.haskell.lib.doJailbreak; 7 | dontCheck = pkgs.haskell.lib.dontCheck; 8 | regularFiles = builtins.filterSource (f: type: type == "symlink" 9 | || type == "directory" 10 | || type == "regular"); 11 | in { 12 | allowUnfree = true; 13 | allowUnfreeRedistributable = true; 14 | allowBroken = false; 15 | zathura.useMupdf = true; 16 | 17 | firefox = { 18 | enableGoogleTalkPlugin = true; 19 | enableAdobeFlash = true; 20 | }; 21 | 22 | 23 | packageOverrides = super: rec { 24 | # /run/current-system/sw/bin/ls $HOME/.emacs.d/elpa | sed 's/-[[:digit:]].*//g;s/\+$/-plus/g' | sort -u 25 | emacs = super.emacsWithPackages (ep: with ep; [ 26 | pkgs.urweb 27 | ]); 28 | 29 | msmtp = pkgs.lib.overrideDerivation super.msmtp (attrs: { 30 | patches = [ /home/jb55/dev/msmtp-1.8.3/msmtpq-custom-conn-test.patch ]; 31 | }); 32 | 33 | lastpass-cli = super.lastpass-cli.override { guiSupport = true; }; 34 | 35 | wine = super.wine.override { wineBuild = "wineWow"; }; 36 | 37 | bluez = pkgs.bluez5; 38 | 39 | # haskellPackages = super.haskellPackages.override { 40 | # overrides = haskellOverrides pkgs; 41 | # }; 42 | 43 | # xonsh = super.xonsh.override { 44 | # extraPythonPackages = py: with py; [ numpy ]; 45 | # }; 46 | 47 | phonectl = super.python3Packages.callPackage (super.fetchFromGitHub { 48 | owner = "jb55"; 49 | repo = "phonectl"; 50 | sha256 = "0wqpwg32qa1rzpw7881r6q2zklxlq1y4qgyyy742pihfh99rkcmj"; 51 | rev = "de0f37a20d16a32a73f9267860302357b2df0c20"; 52 | }) {}; 53 | 54 | jb55-dotfiles = regularFiles ; 55 | 56 | notmuch = pkgs.lib.overrideDerivation super.notmuch (attrs: { 57 | src = pkgs.fetchFromGitHub { 58 | owner = "jb55"; 59 | repo = "notmuch"; 60 | rev = "adcc427b8356cca865479b433d4be362b1f50e38"; 61 | sha256 = "14l95hld7gs42p890a9r8dfw4m945iy2sf9bdyajs2yqjwmarwn7"; 62 | }; 63 | 64 | doCheck = false; 65 | }); 66 | 67 | # wirelesstools = 68 | # let 69 | # patch = super.fetchurl { 70 | # url = "https://jb55.com/s/iwlist-print-scanning-info-allocation-failed.patch"; 71 | # sha256 = "31c97c6abf3f0073666f9f94f233fae2fcb8990aae5e7af1030af980745a8efc"; 72 | # }; 73 | # in 74 | # pkgs.lib.overrideDerivation super.wirelesstools (attrs: { 75 | # prePatch = '' 76 | # patch -p0 < ${patch} 77 | # ''; 78 | # }); 79 | 80 | dmenu2 = pkgs.lib.overrideDerivation super.dmenu2 (attrs: { 81 | patches = 82 | [ (super.fetchurl 83 | { url = "https://jb55.com/s/404ad3952cc5ccf3.patch"; 84 | sha1 = "404ad3952cc5ccf3aa0674f31a70ef0e446a8d49"; 85 | }) 86 | ]; 87 | }); 88 | 89 | htop = pkgs.lib.overrideDerivation super.htop (attrs: { 90 | patches = 91 | [ (super.fetchurl 92 | { url = "https://jb55.com/s/htop-vim.patch"; 93 | sha256 = "3d72aa07d28d7988e91e8e4bc68d66804a4faeb40b93c7a695c97f7d04a55195"; 94 | }) 95 | ]; 96 | }); 97 | 98 | ical2org = super.callPackage ./scripts/ical2org { }; 99 | 100 | footswitch = super.callPackage ./scripts/footswitch { }; 101 | 102 | ds4ctl = super.callPackage ./scripts/ds4ctl { }; 103 | 104 | haskellEnvHoogle = haskellEnvFun { 105 | name = "haskellEnvHoogle"; 106 | #compiler = "ghc821"; 107 | withHoogle = true; 108 | }; 109 | 110 | haskellEnv = haskellEnvFun { 111 | name = "haskellEnv"; 112 | #compiler = "ghc821"; 113 | withHoogle = false; 114 | }; 115 | 116 | haskell-tools = super.buildEnv { 117 | name = "haskell-tools"; 118 | paths = haskellTools super.haskellPackages; 119 | }; 120 | 121 | jb55-tools-env = pkgs.buildEnv { 122 | name = "jb55-tools"; 123 | paths = with jb55pkgs; [ 124 | csv-delim 125 | csv-scripts 126 | dbopen 127 | extname 128 | mandown 129 | snap 130 | sharefile 131 | samp 132 | ]; 133 | }; 134 | 135 | jvm-tools-env = pkgs.buildEnv { 136 | name = "jvm-tools"; 137 | paths = with pkgs; [ 138 | gradle 139 | maven 140 | oraclejdk 141 | ]; 142 | }; 143 | 144 | mk-rust-env = name: rustVer: pkgs.buildEnv { 145 | name = "rust-dev-${name}"; 146 | paths = with pkgs; with rustVer; [ 147 | clang 148 | rustracer 149 | rustracerd 150 | rust 151 | #cargo-edit 152 | #rustfmt 153 | rust-bindgen 154 | ]; 155 | }; 156 | 157 | rust-dev-env-nightly = mk-rust-env "nightly" pkgs.rustChannels.nightly; 158 | rust-dev-env-beta = mk-rust-env "beta" pkgs.rustChannels.beta; 159 | 160 | gaming-env = pkgs.buildEnv { 161 | name = "gaming"; 162 | paths = with pkgs; [ 163 | steam 164 | ]; 165 | }; 166 | 167 | file-tools = pkgs.buildEnv { 168 | name = "file-tools"; 169 | paths = with pkgs; [ 170 | ripgrep 171 | ranger 172 | ]; 173 | }; 174 | 175 | network-tools = pkgs.buildEnv { 176 | name = "network-tools"; 177 | paths = with pkgs; with xorg; [ 178 | nmap 179 | dnsutils 180 | whois 181 | nethogs 182 | ]; 183 | }; 184 | 185 | system-tools = pkgs.buildEnv { 186 | name = "system-tools"; 187 | paths = with pkgs; with xorg; [ 188 | xbacklight 189 | acpi 190 | psmisc 191 | ]; 192 | }; 193 | 194 | desktop-tools = pkgs.buildEnv { 195 | name = "desktop-tools"; 196 | paths = with pkgs; with xorg; [ 197 | twmn 198 | libnotify 199 | ]; 200 | }; 201 | 202 | syntax-tools = pkgs.buildEnv { 203 | name = "syntax-tools"; 204 | paths = with pkgs; [ 205 | shellcheck 206 | ]; 207 | }; 208 | 209 | mail-tools = pkgs.buildEnv { 210 | name = "mail-tools"; 211 | paths = with pkgs; [ 212 | notmuch 213 | msmtp 214 | muchsync 215 | isync 216 | ]; 217 | }; 218 | 219 | photo-env = pkgs.buildEnv { 220 | name = "photo-tools"; 221 | paths = with pkgs; [ 222 | gimp 223 | darktable 224 | rawtherapee 225 | ufraw 226 | dcraw 227 | ]; 228 | }; 229 | 230 | git-tools = pkgs.buildEnv { 231 | name = "git-tools"; 232 | paths = with pkgs; [ 233 | diffstat 234 | diffutils 235 | gist 236 | # git-lfs 237 | gitAndTools.diff-so-fancy 238 | gitAndTools.git-imerge 239 | gitAndTools.git-extras 240 | gitAndTools.gitFull 241 | gitAndTools.hub 242 | gitAndTools.tig 243 | #haskPkgs.git-all 244 | #haskPkgs.git-monitor 245 | github-release 246 | patch 247 | patchutils 248 | ]; 249 | }; 250 | 251 | haskellEnvFun = { withHoogle ? false, compiler ? null, name }: 252 | let hp = if compiler != null 253 | then super.haskell.packages.${compiler} 254 | else super.haskellPackages; 255 | 256 | ghcWith = if withHoogle 257 | then hp.ghcWithHoogle 258 | else hp.ghcWithPackages; 259 | 260 | in super.buildEnv { 261 | name = name; 262 | paths = [(ghcWith myHaskellPackages)]; 263 | }; 264 | 265 | haskellTools = hp: with hp; [ 266 | alex 267 | cabal-install 268 | cabal2nix 269 | #stack2nix 270 | hpack 271 | ghc-core 272 | happy 273 | (dontCheck hasktags) 274 | hindent 275 | hlint 276 | structured-haskell-mode 277 | haskell-ci 278 | ]; 279 | 280 | myHaskellPackages = hp: with hp; [ 281 | #(doJailbreak pandoc-lens) 282 | (dontCheck (doJailbreak serialise)) 283 | Boolean 284 | Decimal 285 | HTTP 286 | HUnit 287 | MissingH 288 | QuickCheck 289 | SafeSemaphore 290 | aeson 291 | aeson-qq 292 | async 293 | attoparsec 294 | base32-bytestring 295 | base32string 296 | base58-bytestring 297 | bifunctors 298 | bitcoin-api 299 | bitcoin-api-extra 300 | bitcoin-block 301 | bitcoin-script 302 | bitcoin-tx 303 | blaze-builder 304 | blaze-builder-conduit 305 | blaze-html 306 | blaze-markup 307 | blaze-textual 308 | bson-lens 309 | #bytestring-show 310 | cased 311 | cassava 312 | cereal 313 | clientsession 314 | clientsession 315 | colour 316 | comonad 317 | comonad-transformers 318 | #compact-string-fix 319 | #cryptohash 320 | directory 321 | dlist 322 | dlist-instances 323 | doctest 324 | either 325 | elm-export 326 | elm-export-persistent 327 | exceptions 328 | filepath 329 | fingertree 330 | foldl 331 | formatting 332 | free 333 | generics-sop 334 | hamlet 335 | hashable 336 | hashids 337 | here 338 | heroku 339 | hedgehog 340 | hspec 341 | hspec-expectations 342 | html 343 | http-client 344 | http-date 345 | http-types 346 | inline-c 347 | io-memoize 348 | io-storage 349 | keys 350 | language-c 351 | language-javascript 352 | lens 353 | lens-action 354 | lens-aeson 355 | lens-datetime 356 | lens-family 357 | lens-family-core 358 | lifted-async 359 | lifted-base 360 | linear 361 | list-extras 362 | list-t 363 | logict 364 | mbox 365 | mime-mail 366 | mime-types 367 | miso 368 | mmorph 369 | monad-control 370 | monad-coroutine 371 | monad-loops 372 | monad-par 373 | monad-par-extras 374 | monad-stm 375 | monadloc 376 | mongoDB 377 | monoid-extras 378 | neat-interpolation 379 | network 380 | newtype 381 | numbers 382 | options 383 | optparse-applicative 384 | optparse-generic 385 | pandoc 386 | parsec 387 | megaparsec 388 | parsers 389 | pcg-random 390 | persistent 391 | persistent-postgresql 392 | persistent-template 393 | posix-paths 394 | #postgresql-binary 395 | postgresql-simple 396 | pretty-show 397 | probability 398 | profunctors 399 | pwstore-fast 400 | quickcheck-instances 401 | random 402 | reducers 403 | reflection 404 | regex-applicative 405 | regex-base 406 | regex-compat 407 | regex-posix 408 | relational-record 409 | resourcet 410 | retry 411 | rex 412 | s3-signer 413 | safe 414 | #sbv 415 | scotty 416 | sqlite-simple 417 | lucid 418 | semigroupoids 419 | semigroups 420 | #servant 421 | #servant-cassava 422 | #servant-client 423 | #servant-docs 424 | #servant-lucid 425 | #servant-server 426 | shake 427 | shakespeare 428 | #shelly 429 | shqq 430 | simple-reflect 431 | #speculation 432 | split 433 | spoon 434 | stache 435 | stm 436 | stm-chans 437 | #stm-stats 438 | store 439 | stache 440 | streaming 441 | smtp-mail 442 | streaming-bytestring 443 | streaming-wai 444 | strict 445 | stringsearch 446 | strptime 447 | syb 448 | system-fileio 449 | system-filepath 450 | tagged 451 | taggy 452 | taggy-lens 453 | tar 454 | tardis 455 | tasty 456 | tasty-hspec 457 | tasty-hunit 458 | tasty-quickcheck 459 | tasty-smallcheck 460 | temporary 461 | test-framework 462 | test-framework-hunit 463 | text 464 | text-format 465 | text-regex-replace 466 | thyme 467 | time 468 | time-units 469 | #tinytemplate 470 | transformers 471 | transformers-base 472 | turtle 473 | unagi-chan 474 | uniplate 475 | unix-compat 476 | unordered-containers 477 | uuid 478 | vector 479 | void 480 | wai 481 | wai-middleware-static 482 | wai-extra 483 | warp 484 | wreq 485 | xhtml 486 | xml-lens 487 | yaml 488 | zippers 489 | zlib 490 | ]; 491 | }; 492 | } 493 | -------------------------------------------------------------------------------- /machines/charon/default.nix: -------------------------------------------------------------------------------- 1 | extra: 2 | { config, lib, pkgs, ... }: 3 | let gitExtra = { 4 | git = {projectroot = "/var/git";}; 5 | host = "git.zero.jb55.com"; 6 | }; 7 | httpipePort = "8899"; 8 | httpiped = (import (pkgs.fetchgit { 9 | url = https://github.com/jb55/httpipe; 10 | rev = "05d97c628e3be08db83dc29a80c7ea02a78bbf81"; 11 | sha256 = "0iy5wdb1jjx9xz90hpnrxk3h7nq0fnv5dqvmg1ac6cxs1823yh7c"; 12 | }) { nodejs = pkgs.nodejs; }).package; 13 | npmrepo = (import (pkgs.fetchFromGitHub { 14 | owner = "jb55"; 15 | repo = "npm-repo-proxy"; 16 | rev = "017cd7c7d98a9cf927d73c4f5c99636e21803935"; 17 | sha256 = "1knrzadnlcvd779da269njhs3psf5mjbbpf95axcc02rya01fqzc"; 18 | }) {}).package; 19 | gitCfg = extra.git-server { inherit config pkgs; extra = extra // gitExtra; }; 20 | hearpress = (import { nixpkgs = pkgs; }).hearpress; 21 | myemail = "jb55@jb55.com"; 22 | radicale-rights = pkgs.writeText "radicale-rights" '' 23 | [vanessa-famcal-access] 24 | user = vanessa 25 | collection = jb55/4bcae62e-9c8b-0d94-d8ef-977a29a24a84 26 | permission = rw 27 | 28 | # Give owners read-write access to everything else: 29 | [owner-write] 30 | user = .+ 31 | collection = %(login)s(/.*)? 32 | permission = rw 33 | 34 | # Everyone can read the root collection 35 | [read] 36 | user = .* 37 | collection = 38 | permission = r 39 | ''; 40 | jb55-activity = pkgs.writeText "jb55-custom-activity" '' 41 | { 42 | "@context": [ 43 | "https://www.w3.org/ns/activitystreams" 44 | ], 45 | "inbox": "https://jb55/inbox", 46 | "id": "https://jb55.com", 47 | "type": "Person", 48 | "preferredUsername": "jb55", 49 | "name": "William Casarin", 50 | "summary": "This is not a real activitypub endpoint yet! I'm still building it", 51 | "url": "https://jb55.com", 52 | "manuallyApprovesFollowers": false, 53 | "icon": { 54 | "type": "Image", 55 | "mediaType": "image/jpeg", 56 | "url": "https://jb55.com/me.jpg" 57 | }, 58 | "publicKey": { 59 | "id": "https://jb55.com#main-key", 60 | "owner": "https://jb55.com", 61 | "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJOPxwmRGBBQYm7YgHRu\nbTaYaKbMoEQiui+37nizXA73CRNeKblSXIaJnfOKfz/ttRG0GH43GzHTpghUDuZX\n+QBpyOk8UMmCW5gM0Y5c3IOv0zLezqLXrVEM8UXMUHE3hxf61r1NKl1+IG9MwhtH\nayx0Kaz6vT/V8nkotCSlb91lMT8X28bButwN86RCclZncecQXuVvgXnFeZCeBLM+\nqV2tBPnn14Ws+AqVvVnBW8xXwVfSPFHQchSLAusdWI7Kw/oWN/on2CqfRASoaVAS\nqKG+uPuJ+1f92iH0ZY1wLB2/ITl7HKTiIMKNikXTWcUudkMlKxc5Iqb7HMHuaPZ9\nIQIDAQAB\n-----END PUBLIC KEY-----" 62 | } 63 | } 64 | ''; 65 | webfinger = pkgs.writeText "webfinger-acct-jb55" '' 66 | { 67 | "subject": "acct:jb55@jb55.com", 68 | "aliases": [ 69 | "https://jb55.com" 70 | ], 71 | "links": [ 72 | { 73 | "rel": "http://webfinger.net/rel/profile-page", 74 | "type": "text/html", 75 | "href": "https://jb55.com" 76 | }, 77 | { 78 | "rel": "self", 79 | "type": "application/activity+json", 80 | "href": "https://jb55.com" 81 | } 82 | ] 83 | } 84 | ''; 85 | in 86 | { 87 | imports = [ 88 | ./networking 89 | ./hardware 90 | (import ./nginx extra) 91 | (import ./sheetzen extra) 92 | #(import ./vidstats extra) 93 | ]; 94 | 95 | systemd.services.httpiped = { 96 | description = "httpiped"; 97 | wantedBy = [ "multi-user.target" ]; 98 | after = [ "multi-user.target" ]; 99 | environment = { 100 | PORT = httpipePort; 101 | }; 102 | serviceConfig.Restart = "always"; 103 | serviceConfig.ExecStart = "${httpiped}/bin/httpiped"; 104 | }; 105 | 106 | users.extraGroups.jb55cert.members = [ "prosody" "nginx" ]; 107 | 108 | services.gitDaemon.basePath = "/var/git-public/repos"; 109 | services.gitDaemon.enable = true; 110 | 111 | services.radicale.enable = true; 112 | services.radicale.config = '' 113 | [auth] 114 | type = htpasswd 115 | htpasswd_filename = /home/jb55/.config/radicale/users 116 | htpasswd_encryption = plain 117 | delay = 1 118 | 119 | [storage] 120 | filesystem_folder = /home/jb55/.config/radicale/data 121 | 122 | [server] 123 | hosts = 127.0.0.1:5232 124 | ssl = False 125 | max_connections = 20 126 | 127 | # 1 Megabyte 128 | max_content_length = 10000000 129 | 130 | timeout = 10 131 | 132 | [rights] 133 | type = from_file 134 | file = ${radicale-rights} 135 | ''; 136 | 137 | security.acme.certs."jb55.com" = { 138 | webroot = "/var/www/challenges"; 139 | group = "jb55cert"; 140 | allowKeysForGroup = true; 141 | postRun = "systemctl restart prosody"; 142 | email = myemail; 143 | }; 144 | 145 | security.acme.certs."coretto.io" = { 146 | webroot = "/var/www/challenges"; 147 | email = myemail; 148 | }; 149 | 150 | security.acme.certs."git.jb55.com" = { 151 | webroot = "/var/www/challenges"; 152 | group = "jb55cert"; 153 | allowKeysForGroup = true; 154 | email = myemail; 155 | }; 156 | 157 | security.acme.certs."sheetzen.com" = { 158 | webroot = "/var/www/challenges"; 159 | email = myemail; 160 | }; 161 | 162 | security.acme.certs."hearpress.com" = { 163 | webroot = "/var/www/challenges"; 164 | email = myemail; 165 | }; 166 | 167 | services.mailz = { 168 | enable = true; 169 | domain = "jb55.com"; 170 | 171 | users = { 172 | jb55 = { 173 | password = "$6$KHmFLeDBaXBE1Jkg$eEN8HM3LpZ4muDK/JWC25qW9xSZq0AqsF4tlzEan7yctROJ9A/lSqz6gN1b1GtwE7efroXGHtDi2FEJ2ujDAl0"; 174 | aliases = [ "postmaster" "bill" "will" "william" "me" "jb" ]; 175 | }; 176 | }; 177 | 178 | sieves = builtins.readFile ./dovecot/filters.sieve; 179 | }; 180 | 181 | users.extraUsers.prosody.extraGroups = [ "jb55cert" ]; 182 | services.prosody.enable = true; 183 | services.prosody.admins = [ "jb55@jb55.com" ]; 184 | services.prosody.allowRegistration = false; 185 | services.prosody.extraModules = [ 186 | # "cloud_notify" 187 | # "smacks" 188 | # "carbons" 189 | # "http_upload" 190 | ]; 191 | services.prosody.extraConfig = '' 192 | c2s_require_encryption = true 193 | ''; 194 | services.prosody.ssl = { 195 | cert = "${config.security.acme.directory}/jb55.com/fullchain.pem"; 196 | key = "${config.security.acme.directory}/jb55.com/key.pem"; 197 | }; 198 | services.prosody.virtualHosts.jb55 = { 199 | enabled = true; 200 | domain = "jb55.com"; 201 | ssl = { 202 | cert = "${config.security.acme.directory}/jb55.com/fullchain.pem"; 203 | key = "${config.security.acme.directory}/jb55.com/key.pem"; 204 | }; 205 | }; 206 | 207 | services.postgresql = { 208 | dataDir = "/var/db/postgresql/9.5"; 209 | package = pkgs.postgresql95; 210 | enable = true; 211 | enableTCPIP = true; 212 | authentication = '' 213 | # type db user address method 214 | local all all trust 215 | host all all 172.24.0.0/16 trust 216 | host all all 127.0.0.1/16 trust 217 | ''; 218 | #extraConfig = '' 219 | # listen_addresses = '${extra.ztip}' 220 | #''; 221 | }; 222 | 223 | systemd.services.npmrepo = { 224 | description = "npmrepo.com"; 225 | 226 | wantedBy = [ "multi-user.target" ]; 227 | 228 | serviceConfig.Type = "simple"; 229 | serviceConfig.ExecStart = "${npmrepo}/bin/npm-repo-proxy"; 230 | }; 231 | 232 | systemd.user.services.rss2email = { 233 | description = "run rss2email"; 234 | path = with pkgs; [ rss2email ]; 235 | wantedBy = [ "default.target" ]; 236 | serviceConfig.ExecStart = "${pkgs.rss2email}/bin/r2e run"; 237 | }; 238 | 239 | systemd.user.services.backup-rss2email = { 240 | description = "backup rss2email"; 241 | wantedBy = [ "default.target" ]; 242 | serviceConfig.ExecStart = pkgs.writeScript "backup-rss2email" '' 243 | #!${pkgs.bash}/bin/bash 244 | BACKUP_DIR=/home/jb55/backups/rss2email 245 | cp /home/jb55/.config/rss2email.cfg $BACKUP_DIR 246 | cp /home/jb55/.local/share/rss2email.json $BACKUP_DIR 247 | cd $BACKUP_DIR 248 | ${pkgs.git}/bin/git add -u 249 | ${pkgs.git}/bin/git commit -m "bump" 250 | ${pkgs.git}/bin/git push 251 | ''; 252 | }; 253 | 254 | systemd.user.timers.backup-rss2email = { 255 | wantedBy = [ "timers.target" ]; 256 | timerConfig.OnCalendar = "daily"; 257 | }; 258 | 259 | systemd.user.timers.rss2email = { 260 | wantedBy = [ "timers.target" ]; 261 | timerConfig.OnCalendar = "hourly"; 262 | }; 263 | 264 | # systemd.services.hearpress = { 265 | # description = "Hearpress server"; 266 | # wantedBy = [ "multi-user.target" ]; 267 | # after = [ "postgresql.service" ]; 268 | 269 | # environment = { 270 | # PG_CS = "postgresql://jb55@localhost/hearpress"; 271 | # AWS_ACCESS_KEY_ID = extra.private.aws.access_key; 272 | # AWS_SECRET_ACCESS_KEY = extra.private.aws.secret_key; 273 | # }; 274 | 275 | # serviceConfig.Type = "simple"; 276 | # serviceConfig.ExecStart = "${hearpress}/bin/hearpressd"; 277 | # }; 278 | 279 | 280 | security.setuidPrograms = [ "sendmail" ]; 281 | 282 | services.fcgiwrap.enable = true; 283 | 284 | services.nginx.httpConfig = '' 285 | ${gitCfg} 286 | 287 | server { 288 | listen 443 ssl; 289 | server_name coretto.io; 290 | root /home/jb55/www/coretto.io; 291 | index index.html; 292 | 293 | ssl_certificate /var/lib/acme/coretto.io/fullchain.pem; 294 | ssl_certificate_key /var/lib/acme/coretto.io/key.pem; 295 | 296 | location / { 297 | try_files $uri $uri/ =404; 298 | } 299 | 300 | location /email { 301 | gzip off; 302 | # fcgiwrap is set up to listen on this host:port 303 | fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; 304 | include ${pkgs.nginx}/conf/fastcgi_params; 305 | fastcgi_param SCRIPT_FILENAME /home/jb55/www/coretto.io/email.py; 306 | 307 | client_max_body_size 512; 308 | 309 | # export all repositories under GIT_PROJECT_ROOT 310 | 311 | fastcgi_param PATH_INFO $uri; 312 | } 313 | 314 | 315 | } 316 | 317 | server { 318 | listen 80; 319 | server_name coretto.io www.coretto.io; 320 | 321 | location /.well-known/acme-challenge { 322 | root /var/www/challenges; 323 | } 324 | 325 | location / { 326 | return 301 https://coretto.io$uri; 327 | } 328 | } 329 | 330 | server { 331 | listen 443 ssl; 332 | server_name www.coretto.io; 333 | return 301 https://coretto.io$request_uri; 334 | } 335 | 336 | server { 337 | listen 80; 338 | server_name git.jb55.com; 339 | 340 | location /.well-known/acme-challenge { 341 | root /var/www/challenges; 342 | } 343 | 344 | location / { 345 | return 301 https://git.jb55.com$request_uri; 346 | } 347 | } 348 | 349 | server { 350 | listen 443 ssl; 351 | server_name git.jb55.com; 352 | 353 | root /var/git-public/stagit; 354 | index index.html index.htm; 355 | 356 | ssl_certificate /var/lib/acme/git.jb55.com/fullchain.pem; 357 | ssl_certificate_key /var/lib/acme/git.jb55.com/key.pem; 358 | } 359 | 360 | server { 361 | listen 443 ssl; 362 | server_name jb55.com; 363 | root /www/jb55/public; 364 | index index.html index.htm; 365 | 366 | ssl_certificate /var/lib/acme/jb55.com/fullchain.pem; 367 | ssl_certificate_key /var/lib/acme/jb55.com/key.pem; 368 | 369 | rewrite ^/pkgs.tar.gz$ https://github.com/jb55/jb55pkgs/archive/master.tar.gz permanent; 370 | rewrite ^/pkgs/?$ https://github.com/jb55/jb55pkgs/archive/master.tar.gz permanent; 371 | 372 | location / { 373 | error_page 418 = @jb55activity; 374 | 375 | if ( $http_accept ~ "application/activity\+json" ) { return 418; } 376 | 377 | try_files $uri $uri/ =404; 378 | } 379 | 380 | location @jb55activity { 381 | root /; 382 | default_type application/activity+json; 383 | try_files ${jb55-activity} =404; 384 | } 385 | 386 | location = /.well-known/webfinger { 387 | error_page 418 = @jb55webfinger; 388 | if ( $query_string = "resource=acct:jb55@jb55.com" ) { return 418; } 389 | return 404; 390 | } 391 | 392 | location @jb55webfinger { 393 | root /; 394 | default_type application/jrd+json; 395 | try_files ${webfinger} =404; 396 | } 397 | 398 | location /paste/ { 399 | proxy_max_temp_file_size 0; 400 | client_max_body_size 0; 401 | proxy_request_buffering off; 402 | proxy_buffering off; 403 | proxy_http_version 1.1; 404 | proxy_pass http://127.0.0.1:${httpipePort}/; 405 | 406 | add_header X-Content-Type-Options nosniff; 407 | } 408 | 409 | location /cal/ { 410 | proxy_pass http://127.0.0.1:5232/; 411 | proxy_set_header X-Script-Name /cal; 412 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 413 | } 414 | 415 | location ^~ /files/calls { 416 | error_page 405 =200 $uri; 417 | } 418 | } 419 | 420 | server { 421 | listen 80; 422 | server_name jb55.com www.jb55.com; 423 | 424 | location /.well-known/acme-challenge { 425 | root /var/www/challenges; 426 | } 427 | 428 | location / { 429 | return 301 https://jb55.com$request_uri; 430 | } 431 | } 432 | server { 433 | listen 443 ssl; 434 | server_name www.jb55.com; 435 | return 301 https://jb55.com$request_uri; 436 | } 437 | 438 | ''; 439 | 440 | } 441 | -------------------------------------------------------------------------------- /services/pokemongo-map/requirements_generated.nix: -------------------------------------------------------------------------------- 1 | # generated using pypi2nix tool (version: 1.3.0dev) 2 | # 3 | # COMMAND: 4 | # pypi2nix -V 2.7 -r requirements.txt -E stdenv -E sqlite 5 | # 6 | 7 | { pkgs, python, commonBuildInputs ? [], commonDoCheck ? false }: 8 | 9 | self: { 10 | 11 | "Babel" = python.mkDerivation { 12 | name = "Babel-2.3.4"; 13 | src = pkgs.fetchurl { 14 | url = "https://pypi.python.org/packages/6e/96/ba2a2462ed25ca0e651fb7b66e7080f5315f91425a07ea5b34d7c870c114/Babel-2.3.4.tar.gz"; 15 | sha256= "c535c4403802f6eb38173cd4863e419e2274921a01a8aad8a5b497c131c62875"; 16 | }; 17 | doCheck = commonDoCheck; 18 | buildInputs = commonBuildInputs; 19 | propagatedBuildInputs = [ 20 | self."pytz" 21 | ]; 22 | meta = with pkgs.stdenv.lib; { 23 | homepage = ""; 24 | license = licenses.bsdOriginal; 25 | description = "Internationalization utilities"; 26 | }; 27 | passthru.top_level = false; 28 | }; 29 | 30 | 31 | 32 | "CommonMark" = python.mkDerivation { 33 | name = "CommonMark-0.5.4"; 34 | src = pkgs.fetchurl { 35 | url = "https://pypi.python.org/packages/4d/93/3808cbcebe94d205f55a9a32857df733a603339d32c46cd32669d808d964/CommonMark-0.5.4.tar.gz"; 36 | sha256= "34d73ec8085923c023930dfc0bcd1c4286e28a2a82de094bb72fabcc0281cbe5"; 37 | }; 38 | doCheck = commonDoCheck; 39 | buildInputs = commonBuildInputs; 40 | propagatedBuildInputs = [ ]; 41 | meta = with pkgs.stdenv.lib; { 42 | homepage = ""; 43 | license = licenses.bsdOriginal; 44 | description = "Python parser for the CommonMark Markdown spec"; 45 | }; 46 | passthru.top_level = false; 47 | }; 48 | 49 | 50 | 51 | "ConfigArgParse" = python.mkDerivation { 52 | name = "ConfigArgParse-0.10.0"; 53 | src = pkgs.fetchurl { 54 | url = "https://pypi.python.org/packages/d0/b8/8f7689980caa66fc02671f5837dc761e4c7a47c6ca31b3e38b304cbc3e73/ConfigArgParse-0.10.0.tar.gz"; 55 | sha256= "3b50a83dd58149dfcee98cb6565265d10b53e9c0a2bca7eeef7fb5f5524890a7"; 56 | }; 57 | doCheck = commonDoCheck; 58 | buildInputs = commonBuildInputs; 59 | propagatedBuildInputs = [ ]; 60 | meta = with pkgs.stdenv.lib; { 61 | homepage = ""; 62 | license = licenses.mit; 63 | description = "A drop-in replacement for argparse that allows options to also be set via config files and/or environment variables."; 64 | }; 65 | passthru.top_level = false; 66 | }; 67 | 68 | 69 | 70 | "Flask" = python.mkDerivation { 71 | name = "Flask-0.11.1"; 72 | src = pkgs.fetchurl { 73 | url = "https://pypi.python.org/packages/55/8a/78e165d30f0c8bb5d57c429a30ee5749825ed461ad6c959688872643ffb3/Flask-0.11.1.tar.gz"; 74 | sha256= "b4713f2bfb9ebc2966b8a49903ae0d3984781d5c878591cf2f7b484d28756b0e"; 75 | }; 76 | doCheck = commonDoCheck; 77 | buildInputs = commonBuildInputs; 78 | propagatedBuildInputs = [ 79 | self."Jinja2" 80 | self."Werkzeug" 81 | self."click" 82 | self."itsdangerous" 83 | ]; 84 | meta = with pkgs.stdenv.lib; { 85 | homepage = ""; 86 | license = licenses.bsdOriginal; 87 | description = "A microframework based on Werkzeug, Jinja2 and good intentions"; 88 | }; 89 | passthru.top_level = false; 90 | }; 91 | 92 | 93 | 94 | "Flask-Compress" = python.mkDerivation { 95 | name = "Flask-Compress-1.3.0"; 96 | src = pkgs.fetchurl { 97 | url = "https://pypi.python.org/packages/4d/ce/44564d794ff7342ba376a92c88f8bb07f604d5d30f506bcde2834311eda8/Flask-Compress-1.3.0.tar.gz"; 98 | sha256= "e6c52f1e56b59e8702aed6eb73c6fb0bffe942e5ca188f10e54a33ec11bc5ed4"; 99 | }; 100 | doCheck = commonDoCheck; 101 | buildInputs = commonBuildInputs; 102 | propagatedBuildInputs = [ 103 | self."Flask" 104 | ]; 105 | meta = with pkgs.stdenv.lib; { 106 | homepage = ""; 107 | license = licenses.mit; 108 | description = "Compress responses in your Flask app with gzip."; 109 | }; 110 | passthru.top_level = false; 111 | }; 112 | 113 | 114 | 115 | "Flask-Cors" = python.mkDerivation { 116 | name = "Flask-Cors-2.1.2"; 117 | src = pkgs.fetchurl { 118 | url = "https://pypi.python.org/packages/99/c3/a65908bc5a031652248dfdb1fd4814391e7b8efca704a94008d764c45292/Flask-Cors-2.1.2.tar.gz"; 119 | sha256= "f262e73adce557b2802a64054c82a0395576c88fbb944e3a9e1e2147140aa639"; 120 | }; 121 | doCheck = commonDoCheck; 122 | buildInputs = commonBuildInputs; 123 | propagatedBuildInputs = [ 124 | self."Flask" 125 | self."six" 126 | ]; 127 | meta = with pkgs.stdenv.lib; { 128 | homepage = ""; 129 | license = licenses.mit; 130 | description = "A Flask extension adding a decorator for CORS support"; 131 | }; 132 | passthru.top_level = false; 133 | }; 134 | 135 | 136 | 137 | "Jinja2" = python.mkDerivation { 138 | name = "Jinja2-2.8"; 139 | src = pkgs.fetchurl { 140 | url = "https://pypi.python.org/packages/f2/2f/0b98b06a345a761bec91a079ccae392d282690c2d8272e708f4d10829e22/Jinja2-2.8.tar.gz"; 141 | sha256= "bc1ff2ff88dbfacefde4ddde471d1417d3b304e8df103a7a9437d47269201bf4"; 142 | }; 143 | doCheck = commonDoCheck; 144 | buildInputs = commonBuildInputs; 145 | propagatedBuildInputs = [ 146 | self."Babel" 147 | self."MarkupSafe" 148 | ]; 149 | meta = with pkgs.stdenv.lib; { 150 | homepage = ""; 151 | license = licenses.bsdOriginal; 152 | description = "A small but fast and easy to use stand-alone template engine written in pure python."; 153 | }; 154 | passthru.top_level = false; 155 | }; 156 | 157 | 158 | 159 | "LatLon" = python.mkDerivation { 160 | name = "LatLon-1.0.1"; 161 | src = pkgs.fetchurl { 162 | url = "https://pypi.python.org/packages/4a/2c/ae890794253ce8f87b8d8d7fb49a99a61c007776c92fc9faf8f1febe3e31/LatLon-1.0.1.tar.gz"; 163 | sha256= "0a5b3ba8f48b3bdf2f2c8f91ab4f80b1fa83d5cb5e3c28d5b16b4e3b3857f4fd"; 164 | }; 165 | doCheck = commonDoCheck; 166 | buildInputs = commonBuildInputs; 167 | propagatedBuildInputs = [ 168 | self."pyproj" 169 | ]; 170 | meta = with pkgs.stdenv.lib; { 171 | homepage = ""; 172 | license = ""; 173 | description = "Methods for representing geographic coordinates"; 174 | }; 175 | passthru.top_level = false; 176 | }; 177 | 178 | 179 | 180 | "MarkupSafe" = python.mkDerivation { 181 | name = "MarkupSafe-0.23"; 182 | src = pkgs.fetchurl { 183 | url = "https://pypi.python.org/packages/c0/41/bae1254e0396c0cc8cf1751cb7d9afc90a602353695af5952530482c963f/MarkupSafe-0.23.tar.gz"; 184 | sha256= "a4ec1aff59b95a14b45eb2e23761a0179e98319da5a7eb76b56ea8cdc7b871c3"; 185 | }; 186 | doCheck = commonDoCheck; 187 | buildInputs = commonBuildInputs; 188 | propagatedBuildInputs = [ ]; 189 | meta = with pkgs.stdenv.lib; { 190 | homepage = ""; 191 | license = licenses.bsdOriginal; 192 | description = "Implements a XML/HTML/XHTML Markup safe string for Python"; 193 | }; 194 | passthru.top_level = false; 195 | }; 196 | 197 | 198 | 199 | "PyMySQL" = python.mkDerivation { 200 | name = "PyMySQL-0.7.5"; 201 | src = pkgs.fetchurl { 202 | url = "https://pypi.python.org/packages/f3/4c/9d7611b78e88d1f8087e24239c3318ccd973a822577508a69570382c9064/PyMySQL-0.7.5.tar.gz"; 203 | sha256= "5006c7cf25cdf56f0c01ab21b8255ae5753464678c84ea8d00444667cc7a34ef"; 204 | }; 205 | doCheck = commonDoCheck; 206 | buildInputs = commonBuildInputs; 207 | propagatedBuildInputs = [ ]; 208 | meta = with pkgs.stdenv.lib; { 209 | homepage = ""; 210 | license = licenses.mit; 211 | description = "Pure Python MySQL Driver"; 212 | }; 213 | passthru.top_level = false; 214 | }; 215 | 216 | 217 | 218 | "PyYAML" = python.mkDerivation { 219 | name = "PyYAML-3.11"; 220 | src = pkgs.fetchurl { 221 | url = "https://pypi.python.org/packages/75/5e/b84feba55e20f8da46ead76f14a3943c8cb722d40360702b2365b91dec00/PyYAML-3.11.tar.gz"; 222 | sha256= "c36c938a872e5ff494938b33b14aaa156cb439ec67548fcab3535bb78b0846e8"; 223 | }; 224 | doCheck = commonDoCheck; 225 | buildInputs = commonBuildInputs; 226 | propagatedBuildInputs = [ ]; 227 | meta = with pkgs.stdenv.lib; { 228 | homepage = ""; 229 | license = licenses.mit; 230 | description = "YAML parser and emitter for Python"; 231 | }; 232 | passthru.top_level = false; 233 | }; 234 | 235 | 236 | 237 | "Pygments" = python.mkDerivation { 238 | name = "Pygments-2.1.3"; 239 | src = pkgs.fetchurl { 240 | url = "https://pypi.python.org/packages/b8/67/ab177979be1c81bc99c8d0592ef22d547e70bb4c6815c383286ed5dec504/Pygments-2.1.3.tar.gz"; 241 | sha256= "88e4c8a91b2af5962bfa5ea2447ec6dd357018e86e94c7d14bd8cacbc5b55d81"; 242 | }; 243 | doCheck = commonDoCheck; 244 | buildInputs = commonBuildInputs; 245 | propagatedBuildInputs = [ ]; 246 | meta = with pkgs.stdenv.lib; { 247 | homepage = ""; 248 | license = licenses.bsdOriginal; 249 | description = "Pygments is a syntax highlighting package written in Python."; 250 | }; 251 | passthru.top_level = false; 252 | }; 253 | 254 | 255 | 256 | "Sphinx" = python.mkDerivation { 257 | name = "Sphinx-1.4.5"; 258 | src = pkgs.fetchurl { 259 | url = "https://pypi.python.org/packages/8b/78/eeea2b837f911cdc301f5f05163f9729a2381cadd03ccf35b25afe816c90/Sphinx-1.4.5.tar.gz"; 260 | sha256= "c5df65d97a58365cbf4ea10212186a9a45d89c61ed2c071de6090cdf9ddb4028"; 261 | }; 262 | doCheck = commonDoCheck; 263 | buildInputs = commonBuildInputs; 264 | propagatedBuildInputs = [ 265 | self."Babel" 266 | self."Jinja2" 267 | self."Pygments" 268 | self."alabaster" 269 | self."docutils" 270 | self."imagesize" 271 | self."six" 272 | self."snowballstemmer" 273 | ]; 274 | meta = with pkgs.stdenv.lib; { 275 | homepage = ""; 276 | license = licenses.bsdOriginal; 277 | description = "Python documentation generator"; 278 | }; 279 | passthru.top_level = false; 280 | }; 281 | 282 | 283 | 284 | "Werkzeug" = python.mkDerivation { 285 | name = "Werkzeug-0.11.10"; 286 | src = pkgs.fetchurl { 287 | url = "https://pypi.python.org/packages/b7/7f/44d3cfe5a12ba002b253f6985a4477edfa66da53787a2a838a40f6415263/Werkzeug-0.11.10.tar.gz"; 288 | sha256= "cc64dafbacc716cdd42503cf6c44cb5a35576443d82f29f6829e5c49264aeeee"; 289 | }; 290 | doCheck = commonDoCheck; 291 | buildInputs = commonBuildInputs; 292 | propagatedBuildInputs = [ ]; 293 | meta = with pkgs.stdenv.lib; { 294 | homepage = ""; 295 | license = licenses.bsdOriginal; 296 | description = "The Swiss Army knife of Python web development"; 297 | }; 298 | passthru.top_level = false; 299 | }; 300 | 301 | 302 | 303 | "alabaster" = python.mkDerivation { 304 | name = "alabaster-0.7.9"; 305 | src = pkgs.fetchurl { 306 | url = "https://pypi.python.org/packages/71/c3/70da7d8ac18a4f4c502887bd2549e05745fa403e2cd9d06a8a9910a762bc/alabaster-0.7.9.tar.gz"; 307 | sha256= "47afd43b08a4ecaa45e3496e139a193ce364571e7e10c6a87ca1a4c57eb7ea08"; 308 | }; 309 | doCheck = commonDoCheck; 310 | buildInputs = commonBuildInputs; 311 | propagatedBuildInputs = [ ]; 312 | meta = with pkgs.stdenv.lib; { 313 | homepage = ""; 314 | license = ""; 315 | description = "A configurable sidebar-enabled Sphinx theme"; 316 | }; 317 | passthru.top_level = false; 318 | }; 319 | 320 | 321 | 322 | "argh" = python.mkDerivation { 323 | name = "argh-0.26.2"; 324 | src = pkgs.fetchurl { 325 | url = "https://pypi.python.org/packages/e3/75/1183b5d1663a66aebb2c184e0398724b624cecd4f4b679cb6e25de97ed15/argh-0.26.2.tar.gz"; 326 | sha256= "e9535b8c84dc9571a48999094fda7f33e63c3f1b74f3e5f3ac0105a58405bb65"; 327 | }; 328 | doCheck = commonDoCheck; 329 | buildInputs = commonBuildInputs; 330 | propagatedBuildInputs = [ ]; 331 | meta = with pkgs.stdenv.lib; { 332 | homepage = ""; 333 | license = licenses.lgpl3; 334 | description = "An unobtrusive argparse wrapper with natural syntax"; 335 | }; 336 | passthru.top_level = false; 337 | }; 338 | 339 | 340 | 341 | "backports-abc" = python.mkDerivation { 342 | name = "backports-abc-0.4"; 343 | src = pkgs.fetchurl { 344 | url = "https://pypi.python.org/packages/f5/d0/1d02695c0dd4f0cf01a35c03087c22338a4f72e24e2865791ebdb7a45eac/backports_abc-0.4.tar.gz"; 345 | sha256= "8b3e4092ba3d541c7a2f9b7d0d9c0275b21c6a01c53a61c731eba6686939d0a5"; 346 | }; 347 | doCheck = commonDoCheck; 348 | buildInputs = commonBuildInputs; 349 | propagatedBuildInputs = [ ]; 350 | meta = with pkgs.stdenv.lib; { 351 | homepage = ""; 352 | license = ""; 353 | description = "A backport of recent additions to the 'collections.abc' module."; 354 | }; 355 | passthru.top_level = false; 356 | }; 357 | 358 | 359 | 360 | "certifi" = python.mkDerivation { 361 | name = "certifi-2016.8.2"; 362 | src = pkgs.fetchurl { 363 | url = "https://pypi.python.org/packages/60/d8/e4dbd7239f1dd3854135949cc2cc8344602b1545a7929b7bf652ac69fbb6/certifi-2016.8.2.tar.gz"; 364 | sha256= "65ddc34fd9c8509851031d7075b8325393b87e6dbe5875a723959a20266d7a41"; 365 | }; 366 | doCheck = commonDoCheck; 367 | buildInputs = commonBuildInputs; 368 | propagatedBuildInputs = [ ]; 369 | meta = with pkgs.stdenv.lib; { 370 | homepage = ""; 371 | license = "ISC"; 372 | description = "Python package for providing Mozilla's CA Bundle."; 373 | }; 374 | passthru.top_level = false; 375 | }; 376 | 377 | 378 | 379 | "click" = python.mkDerivation { 380 | name = "click-6.6"; 381 | src = pkgs.fetchurl { 382 | url = "https://pypi.python.org/packages/7a/00/c14926d8232b36b08218067bcd5853caefb4737cda3f0a47437151344792/click-6.6.tar.gz"; 383 | sha256= "cc6a19da8ebff6e7074f731447ef7e112bd23adf3de5c597cf9989f2fd8defe9"; 384 | }; 385 | doCheck = commonDoCheck; 386 | buildInputs = commonBuildInputs; 387 | propagatedBuildInputs = [ ]; 388 | meta = with pkgs.stdenv.lib; { 389 | homepage = ""; 390 | license = ""; 391 | description = "A simple wrapper around optparse for powerful command line utilities."; 392 | }; 393 | passthru.top_level = false; 394 | }; 395 | 396 | 397 | 398 | "docutils" = python.mkDerivation { 399 | name = "docutils-0.12"; 400 | src = pkgs.fetchurl { 401 | url = "https://pypi.python.org/packages/37/38/ceda70135b9144d84884ae2fc5886c6baac4edea39550f28bcd144c1234d/docutils-0.12.tar.gz"; 402 | sha256= "c7db717810ab6965f66c8cf0398a98c9d8df982da39b4cd7f162911eb89596fa"; 403 | }; 404 | doCheck = commonDoCheck; 405 | buildInputs = commonBuildInputs; 406 | propagatedBuildInputs = [ ]; 407 | meta = with pkgs.stdenv.lib; { 408 | homepage = ""; 409 | license = "public domain, Python, 2-Clause BSD, GPL 3 (see COPYING.txt)"; 410 | description = "Docutils -- Python Documentation Utilities"; 411 | }; 412 | passthru.top_level = false; 413 | }; 414 | 415 | 416 | 417 | "future" = python.mkDerivation { 418 | name = "future-0.15.2"; 419 | src = pkgs.fetchurl { 420 | url = "https://pypi.python.org/packages/5a/f4/99abde815842bc6e97d5a7806ad51236630da14ca2f3b1fce94c0bb94d3d/future-0.15.2.tar.gz"; 421 | sha256= "3d3b193f20ca62ba7d8782589922878820d0a023b885882deec830adbf639b97"; 422 | }; 423 | doCheck = commonDoCheck; 424 | buildInputs = commonBuildInputs; 425 | propagatedBuildInputs = [ ]; 426 | meta = with pkgs.stdenv.lib; { 427 | homepage = ""; 428 | license = licenses.mit; 429 | description = "Clean single-source support for Python 3 and 2"; 430 | }; 431 | passthru.top_level = false; 432 | }; 433 | 434 | 435 | 436 | "geopy" = python.mkDerivation { 437 | name = "geopy-1.11.0"; 438 | src = pkgs.fetchurl { 439 | url = "https://pypi.python.org/packages/19/d0/7128146692fb6facb956b07c40f73d7975b9a36bd8381a0cdb0c6a79a0b6/geopy-1.11.0.tar.gz"; 440 | sha256= "4250e5a9e9f7abb990eddf01d1491fc112755e14f76060011c607ba759a74112"; 441 | }; 442 | doCheck = commonDoCheck; 443 | buildInputs = commonBuildInputs; 444 | propagatedBuildInputs = [ 445 | self."pytz" 446 | ]; 447 | meta = with pkgs.stdenv.lib; { 448 | homepage = ""; 449 | license = licenses.mit; 450 | description = "Python Geocoding Toolbox"; 451 | }; 452 | passthru.top_level = false; 453 | }; 454 | 455 | 456 | 457 | "gpsoauth" = python.mkDerivation { 458 | name = "gpsoauth-0.3.0"; 459 | src = pkgs.fetchurl { 460 | url = "https://pypi.python.org/packages/1a/e0/2d4eb28074c2168732251b01d833673f5cba379f8bbf12c4e53528946cc3/gpsoauth-0.3.0.tar.gz"; 461 | sha256= "b3963375cd758a3c0ae9ceda044bebe954c25418ed76f977450a6197d38cdb7e"; 462 | }; 463 | doCheck = commonDoCheck; 464 | buildInputs = commonBuildInputs; 465 | propagatedBuildInputs = [ 466 | self."pycryptodomex" 467 | self."requests" 468 | ]; 469 | meta = with pkgs.stdenv.lib; { 470 | homepage = ""; 471 | license = licenses.mit; 472 | description = "A python client library for Google Play Services OAuth."; 473 | }; 474 | passthru.top_level = false; 475 | }; 476 | 477 | 478 | 479 | "imagesize" = python.mkDerivation { 480 | name = "imagesize-0.7.1"; 481 | src = pkgs.fetchurl { 482 | url = "https://pypi.python.org/packages/53/72/6c6f1e787d9cab2cc733cf042f125abec07209a58308831c9f292504e826/imagesize-0.7.1.tar.gz"; 483 | sha256= "0ab2c62b87987e3252f89d30b7cedbec12a01af9274af9ffa48108f2c13c6062"; 484 | }; 485 | doCheck = commonDoCheck; 486 | buildInputs = commonBuildInputs; 487 | propagatedBuildInputs = [ ]; 488 | meta = with pkgs.stdenv.lib; { 489 | homepage = ""; 490 | license = licenses.mit; 491 | description = "Getting image size from png/jpeg/jpeg2000/gif file"; 492 | }; 493 | passthru.top_level = false; 494 | }; 495 | 496 | 497 | 498 | "itsdangerous" = python.mkDerivation { 499 | name = "itsdangerous-0.24"; 500 | src = pkgs.fetchurl { 501 | url = "https://pypi.python.org/packages/dc/b4/a60bcdba945c00f6d608d8975131ab3f25b22f2bcfe1dab221165194b2d4/itsdangerous-0.24.tar.gz"; 502 | sha256= "cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519"; 503 | }; 504 | doCheck = commonDoCheck; 505 | buildInputs = commonBuildInputs; 506 | propagatedBuildInputs = [ ]; 507 | meta = with pkgs.stdenv.lib; { 508 | homepage = ""; 509 | license = ""; 510 | description = "Various helpers to pass trusted data to untrusted environments and back."; 511 | }; 512 | passthru.top_level = false; 513 | }; 514 | 515 | 516 | 517 | "livereload" = python.mkDerivation { 518 | name = "livereload-2.4.1"; 519 | src = pkgs.fetchurl { 520 | url = "https://pypi.python.org/packages/d3/fb/fa04cd6a08cc42e1ac089220b6f42d124d01aeb0c70fbe169a73713ca636/livereload-2.4.1.tar.gz"; 521 | sha256= "887cc9976d72d7616fa57c82c4ef5bf5da27e2350dfd6f65d3f44e86efc51b92"; 522 | }; 523 | doCheck = commonDoCheck; 524 | buildInputs = commonBuildInputs; 525 | propagatedBuildInputs = [ 526 | self."six" 527 | self."tornado" 528 | ]; 529 | meta = with pkgs.stdenv.lib; { 530 | homepage = ""; 531 | license = licenses.bsdOriginal; 532 | description = "Python LiveReload is an awesome tool for web developers"; 533 | }; 534 | passthru.top_level = false; 535 | }; 536 | 537 | 538 | 539 | "pathtools" = python.mkDerivation { 540 | name = "pathtools-0.1.2"; 541 | src = pkgs.fetchurl { 542 | url = "https://pypi.python.org/packages/e7/7f/470d6fcdf23f9f3518f6b0b76be9df16dcc8630ad409947f8be2eb0ed13a/pathtools-0.1.2.tar.gz"; 543 | sha256= "7c35c5421a39bb82e58018febd90e3b6e5db34c5443aaaf742b3f33d4655f1c0"; 544 | }; 545 | doCheck = commonDoCheck; 546 | buildInputs = commonBuildInputs; 547 | propagatedBuildInputs = [ ]; 548 | meta = with pkgs.stdenv.lib; { 549 | homepage = ""; 550 | license = licenses.mit; 551 | description = "File system general utilities"; 552 | }; 553 | passthru.top_level = false; 554 | }; 555 | 556 | 557 | 558 | "peewee" = python.mkDerivation { 559 | name = "peewee-2.8.1"; 560 | src = pkgs.fetchurl { 561 | url = "https://pypi.python.org/packages/59/4a/a1b78b0e47e880c07da21d633ff2ac8d5edbf969049a414edfbdadaed869/peewee-2.8.1.tar.gz"; 562 | sha256= "9fdb90124d95c02b470a23e06ae40751657d13a425d10ff39ae12943ecd7987d"; 563 | }; 564 | doCheck = commonDoCheck; 565 | buildInputs = commonBuildInputs; 566 | propagatedBuildInputs = [ ]; 567 | meta = with pkgs.stdenv.lib; { 568 | homepage = ""; 569 | license = ""; 570 | description = "a little orm"; 571 | }; 572 | passthru.top_level = false; 573 | }; 574 | 575 | 576 | 577 | "pgoapi" = python.mkDerivation { 578 | name = "pgoapi-1.1.6"; 579 | src = pkgs.fetchurl { 580 | url = "https://github.com/jb55/pgoapi/archive/master.tar.gz"; 581 | sha256= "50974aee8acd3fb50a76ae80536ca767ab153e77e66519489f288e76b36d24d6"; 582 | }; 583 | doCheck = commonDoCheck; 584 | buildInputs = commonBuildInputs; 585 | propagatedBuildInputs = [ 586 | self."geopy" 587 | self."gpsoauth" 588 | self."protobuf" 589 | self."requests" 590 | self."s2sphere" 591 | self."six" 592 | self."xxhash" 593 | ]; 594 | meta = with pkgs.stdenv.lib; { 595 | homepage = ""; 596 | license = ""; 597 | description = "Pokemon Go API lib"; 598 | }; 599 | passthru.top_level = false; 600 | }; 601 | 602 | 603 | 604 | "port-for" = python.mkDerivation { 605 | name = "port-for-0.3.1"; 606 | src = pkgs.fetchurl { 607 | url = "https://pypi.python.org/packages/ec/f1/e7d7a36b5f3e77fba587ae3ea4791512ffff74bc1d065d6185e463279bc4/port-for-0.3.1.tar.gz"; 608 | sha256= "b16a84bb29c2954db44c29be38b17c659c9c27e33918dec16b90d375cc596f1c"; 609 | }; 610 | doCheck = commonDoCheck; 611 | buildInputs = commonBuildInputs; 612 | propagatedBuildInputs = [ ]; 613 | meta = with pkgs.stdenv.lib; { 614 | homepage = ""; 615 | license = "MIT license"; 616 | description = "Utility that helps with local TCP ports managment. It can find an unused TCP localhost port and remember the association."; 617 | }; 618 | passthru.top_level = false; 619 | }; 620 | 621 | 622 | 623 | "protobuf" = python.mkDerivation { 624 | name = "protobuf-3.0.0"; 625 | src = pkgs.fetchurl { 626 | url = "https://pypi.python.org/packages/14/3e/56da1ecfa58f6da0053a523444dff9dfb8a18928c186ad529a24b0e82dec/protobuf-3.0.0.tar.gz"; 627 | sha256= "ecc40bc30f1183b418fe0ec0c90bc3b53fa1707c4205ee278c6b90479e5b6ff5"; 628 | }; 629 | doCheck = commonDoCheck; 630 | buildInputs = commonBuildInputs; 631 | propagatedBuildInputs = [ 632 | self."six" 633 | ]; 634 | meta = with pkgs.stdenv.lib; { 635 | homepage = ""; 636 | license = "New BSD License"; 637 | description = "Protocol Buffers"; 638 | }; 639 | passthru.top_level = false; 640 | }; 641 | 642 | 643 | 644 | "pycryptodomex" = python.mkDerivation { 645 | name = "pycryptodomex-3.4.2"; 646 | src = pkgs.fetchurl { 647 | url = "https://pypi.python.org/packages/67/9a/a9b49b2225af75bab5328b987f5cf3fd73306188b9272bd69bcf8c57ef04/pycryptodomex-3.4.2.tar.gz"; 648 | sha256= "66489980aa0dd97dce28171c5f42e9862d33cc354a518e52a7bad0699d9b402a"; 649 | }; 650 | doCheck = commonDoCheck; 651 | buildInputs = commonBuildInputs; 652 | propagatedBuildInputs = [ ]; 653 | meta = with pkgs.stdenv.lib; { 654 | homepage = ""; 655 | license = ""; 656 | description = "Cryptographic library for Python"; 657 | }; 658 | passthru.top_level = false; 659 | }; 660 | 661 | 662 | 663 | "pyproj" = python.mkDerivation { 664 | name = "pyproj-1.9.5.1"; 665 | src = pkgs.fetchurl { 666 | url = "https://pypi.python.org/packages/29/72/5c1888c4948a0c7b736d10e0f0f69966e7c0874a660222ed0a2c2c6daa9f/pyproj-1.9.5.1.tar.gz"; 667 | sha256= "53fa54c8fa8a1dfcd6af4bf09ce1aae5d4d949da63b90570ac5ec849efaf3ea8"; 668 | }; 669 | doCheck = commonDoCheck; 670 | buildInputs = commonBuildInputs; 671 | propagatedBuildInputs = [ ]; 672 | meta = with pkgs.stdenv.lib; { 673 | homepage = ""; 674 | license = "OSI Approved"; 675 | description = "Python interface to PROJ.4 library"; 676 | }; 677 | passthru.top_level = false; 678 | }; 679 | 680 | 681 | 682 | "pysqlite" = python.mkDerivation { 683 | name = "pysqlite-2.8.2"; 684 | src = pkgs.fetchurl { 685 | url = "https://pypi.python.org/packages/cc/a4/023ee9dba54b3cf0c5a4d0fb2f1ad80332ef23549dd4b551a9f2cbe88786/pysqlite-2.8.2.tar.gz"; 686 | sha256= "613d139e97ce0561dee312e29f3be4751d01fd1a085aa448dd53a003810e0008"; 687 | }; 688 | doCheck = commonDoCheck; 689 | buildInputs = commonBuildInputs; 690 | propagatedBuildInputs = [ ]; 691 | meta = with pkgs.stdenv.lib; { 692 | homepage = ""; 693 | license = "zlib/libpng license"; 694 | description = "DB-API 2.0 interface for SQLite 3.x"; 695 | }; 696 | passthru.top_level = false; 697 | }; 698 | 699 | 700 | 701 | "pytz" = python.mkDerivation { 702 | name = "pytz-2016.6.1"; 703 | src = pkgs.fetchurl { 704 | url = "https://pypi.python.org/packages/f7/c7/08e54702c74baf9d8f92d0bc331ecabf6d66a56f6d36370f0a672fc6a535/pytz-2016.6.1.tar.bz2"; 705 | sha256= "b5aff44126cf828537581e534cc94299b223b945a2bb3b5434d37bf8c7f3a10c"; 706 | }; 707 | doCheck = commonDoCheck; 708 | buildInputs = commonBuildInputs; 709 | propagatedBuildInputs = [ ]; 710 | meta = with pkgs.stdenv.lib; { 711 | homepage = ""; 712 | license = licenses.mit; 713 | description = "World timezone definitions, modern and historical"; 714 | }; 715 | passthru.top_level = false; 716 | }; 717 | 718 | 719 | 720 | "recommonmark" = python.mkDerivation { 721 | name = "recommonmark-0.4.0"; 722 | src = pkgs.fetchurl { 723 | url = "https://pypi.python.org/packages/3d/95/aa1085573adf3dc7b164ae8569d57b1af5e98922e40345bb7efffed5ad2e/recommonmark-0.4.0.tar.gz"; 724 | sha256= "6e29c723abcf5533842376d87c4589e62923ecb6002a8e059eb608345ddaff9d"; 725 | }; 726 | doCheck = commonDoCheck; 727 | buildInputs = commonBuildInputs; 728 | propagatedBuildInputs = [ 729 | self."CommonMark" 730 | self."docutils" 731 | ]; 732 | meta = with pkgs.stdenv.lib; { 733 | homepage = ""; 734 | license = ""; 735 | description = "UNKNOWN"; 736 | }; 737 | passthru.top_level = false; 738 | }; 739 | 740 | 741 | 742 | "requests" = python.mkDerivation { 743 | name = "requests-2.10.0"; 744 | src = pkgs.fetchurl { 745 | url = "https://pypi.python.org/packages/49/6f/183063f01aae1e025cf0130772b55848750a2f3a89bfa11b385b35d7329d/requests-2.10.0.tar.gz"; 746 | sha256= "63f1815788157130cee16a933b2ee184038e975f0017306d723ac326b5525b54"; 747 | }; 748 | doCheck = commonDoCheck; 749 | buildInputs = commonBuildInputs; 750 | propagatedBuildInputs = [ ]; 751 | meta = with pkgs.stdenv.lib; { 752 | homepage = ""; 753 | license = licenses.asl20; 754 | description = "Python HTTP for Humans."; 755 | }; 756 | passthru.top_level = false; 757 | }; 758 | 759 | 760 | 761 | "s2sphere" = python.mkDerivation { 762 | name = "s2sphere-0.2.4"; 763 | src = pkgs.fetchurl { 764 | url = "https://pypi.python.org/packages/59/49/c39a5563d6e1f244d72a384da828039d184c1c4d0b2ba3cf0ee3fb41caf1/s2sphere-0.2.4.tar.gz"; 765 | sha256= "6e8b32b5e9c7d0c06bdd31f7c8dac39e23d81c5ff0a3c7bf1e08fed626d9f256"; 766 | }; 767 | doCheck = commonDoCheck; 768 | buildInputs = commonBuildInputs; 769 | propagatedBuildInputs = [ 770 | self."Sphinx" 771 | self."future" 772 | self."sphinx-rtd-theme" 773 | ]; 774 | meta = with pkgs.stdenv.lib; { 775 | homepage = ""; 776 | license = licenses.mit; 777 | description = "Python implementation of the S2 Geometry Library"; 778 | }; 779 | passthru.top_level = false; 780 | }; 781 | 782 | 783 | 784 | "singledispatch" = python.mkDerivation { 785 | name = "singledispatch-3.4.0.3"; 786 | src = pkgs.fetchurl { 787 | url = "https://pypi.python.org/packages/d9/e9/513ad8dc17210db12cb14f2d4d190d618fb87dd38814203ea71c87ba5b68/singledispatch-3.4.0.3.tar.gz"; 788 | sha256= "5b06af87df13818d14f08a028e42f566640aef80805c3b50c5056b086e3c2b9c"; 789 | }; 790 | doCheck = commonDoCheck; 791 | buildInputs = commonBuildInputs; 792 | propagatedBuildInputs = [ 793 | self."six" 794 | ]; 795 | meta = with pkgs.stdenv.lib; { 796 | homepage = ""; 797 | license = licenses.mit; 798 | description = "This library brings functools.singledispatch from Python 3.4 to Python 2.6-3.3."; 799 | }; 800 | passthru.top_level = false; 801 | }; 802 | 803 | 804 | 805 | "six" = python.mkDerivation { 806 | name = "six-1.10.0"; 807 | src = pkgs.fetchurl { 808 | url = "https://pypi.python.org/packages/b3/b2/238e2590826bfdd113244a40d9d3eb26918bd798fc187e2360a8367068db/six-1.10.0.tar.gz"; 809 | sha256= "105f8d68616f8248e24bf0e9372ef04d3cc10104f1980f54d57b2ce73a5ad56a"; 810 | }; 811 | doCheck = commonDoCheck; 812 | buildInputs = commonBuildInputs; 813 | propagatedBuildInputs = [ ]; 814 | meta = with pkgs.stdenv.lib; { 815 | homepage = ""; 816 | license = licenses.mit; 817 | description = "Python 2 and 3 compatibility utilities"; 818 | }; 819 | passthru.top_level = true; 820 | }; 821 | 822 | 823 | 824 | "snowballstemmer" = python.mkDerivation { 825 | name = "snowballstemmer-1.2.1"; 826 | src = pkgs.fetchurl { 827 | url = "https://pypi.python.org/packages/20/6b/d2a7cb176d4d664d94a6debf52cd8dbae1f7203c8e42426daa077051d59c/snowballstemmer-1.2.1.tar.gz"; 828 | sha256= "919f26a68b2c17a7634da993d91339e288964f93c274f1343e3bbbe2096e1128"; 829 | }; 830 | doCheck = commonDoCheck; 831 | buildInputs = commonBuildInputs; 832 | propagatedBuildInputs = [ ]; 833 | meta = with pkgs.stdenv.lib; { 834 | homepage = ""; 835 | license = licenses.bsdOriginal; 836 | description = "This package provides 16 stemmer algorithms (15 + Poerter English stemmer) generated from Snowball algorithms."; 837 | }; 838 | passthru.top_level = false; 839 | }; 840 | 841 | 842 | 843 | "sphinx-autobuild" = python.mkDerivation { 844 | name = "sphinx-autobuild-0.6.0"; 845 | src = pkgs.fetchurl { 846 | url = "https://pypi.python.org/packages/85/cf/25b65781e6d2a4a89a431260daf1e0d53a81c52d27c98245481d46f3df2a/sphinx-autobuild-0.6.0.tar.gz"; 847 | sha256= "2f9262d7a35f80a18c3bcb03b2bf5a83f0a5e88b75ad922b3b1cee512c7e5cd2"; 848 | }; 849 | doCheck = commonDoCheck; 850 | buildInputs = commonBuildInputs; 851 | propagatedBuildInputs = [ 852 | self."PyYAML" 853 | self."argh" 854 | self."livereload" 855 | self."pathtools" 856 | self."port-for" 857 | self."tornado" 858 | self."watchdog" 859 | ]; 860 | meta = with pkgs.stdenv.lib; { 861 | homepage = ""; 862 | license = licenses.mit; 863 | description = "Watch a Sphinx directory and rebuild the documentation when a change is detected. Also includes a livereload enabled web server."; 864 | }; 865 | passthru.top_level = false; 866 | }; 867 | 868 | 869 | 870 | "sphinx-rtd-theme" = python.mkDerivation { 871 | name = "sphinx-rtd-theme-0.1.9"; 872 | src = pkgs.fetchurl { 873 | url = "https://pypi.python.org/packages/99/b5/249a803a428b4fd438dd4580a37f79c0d552025fb65619d25f960369d76b/sphinx_rtd_theme-0.1.9.tar.gz"; 874 | sha256= "273846f8aacac32bf9542365a593b495b68d8035c2e382c9ccedcac387c9a0a1"; 875 | }; 876 | doCheck = commonDoCheck; 877 | buildInputs = commonBuildInputs; 878 | propagatedBuildInputs = [ 879 | self."Sphinx" 880 | ]; 881 | meta = with pkgs.stdenv.lib; { 882 | homepage = ""; 883 | license = licenses.mit; 884 | description = "ReadTheDocs.org theme for Sphinx, 2013 version."; 885 | }; 886 | passthru.top_level = false; 887 | }; 888 | 889 | 890 | 891 | "tornado" = python.mkDerivation { 892 | name = "tornado-4.4.1"; 893 | src = pkgs.fetchurl { 894 | url = "https://pypi.python.org/packages/96/5d/ff472313e8f337d5acda5d56e6ea79a43583cc8771b34c85a1f458e197c3/tornado-4.4.1.tar.gz"; 895 | sha256= "371d0cf3d56c47accc66116a77ad558d76eebaa8458a6b677af71ca606522146"; 896 | }; 897 | doCheck = commonDoCheck; 898 | buildInputs = commonBuildInputs; 899 | propagatedBuildInputs = [ 900 | self."backports-abc" 901 | self."certifi" 902 | self."singledispatch" 903 | ]; 904 | meta = with pkgs.stdenv.lib; { 905 | homepage = ""; 906 | license = "http://www.apache.org/licenses/LICENSE-2.0"; 907 | description = "Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed."; 908 | }; 909 | passthru.top_level = false; 910 | }; 911 | 912 | 913 | 914 | "watchdog" = python.mkDerivation { 915 | name = "watchdog-0.8.3"; 916 | src = pkgs.fetchurl { 917 | url = "https://pypi.python.org/packages/54/7d/c7c0ad1e32b9f132075967fc353a244eb2b375a3d2f5b0ce612fd96e107e/watchdog-0.8.3.tar.gz"; 918 | sha256= "7e65882adb7746039b6f3876ee174952f8eaaa34491ba34333ddf1fe35de4162"; 919 | }; 920 | doCheck = commonDoCheck; 921 | buildInputs = commonBuildInputs; 922 | propagatedBuildInputs = [ 923 | self."PyYAML" 924 | self."argh" 925 | self."pathtools" 926 | ]; 927 | meta = with pkgs.stdenv.lib; { 928 | homepage = ""; 929 | license = licenses.asl20; 930 | description = "Filesystem events monitoring"; 931 | }; 932 | passthru.top_level = false; 933 | }; 934 | 935 | 936 | 937 | "wsgiref" = python.mkDerivation { 938 | name = "wsgiref-0.1.2"; 939 | src = pkgs.fetchurl { 940 | url = "https://pypi.python.org/packages/41/9e/309259ce8dff8c596e8c26df86dbc4e848b9249fd36797fd60be456f03fc/wsgiref-0.1.2.zip"; 941 | sha256= "c7e610c800957046c04c8014aab8cce8f0b9f0495c8cd349e57c1f7cabf40e79"; 942 | }; 943 | doCheck = commonDoCheck; 944 | buildInputs = commonBuildInputs; 945 | propagatedBuildInputs = [ ]; 946 | meta = with pkgs.stdenv.lib; { 947 | homepage = ""; 948 | license = "PSF or ZPL"; 949 | description = "WSGI (PEP 333) Reference Library"; 950 | }; 951 | passthru.top_level = false; 952 | }; 953 | 954 | 955 | 956 | "xxhash" = python.mkDerivation { 957 | name = "xxhash-0.6.1"; 958 | src = pkgs.fetchurl { 959 | url = "https://pypi.python.org/packages/08/ac/f5cf4fc624ef5a12a8c6e80143ee43d9ed8d0c8bda96e2af5772798bcfbe/xxhash-0.6.1.tar.bz2"; 960 | sha256= "8048b482bb6aa73016e672d1ef488a89810c2b8e6831366e92c2c67a3b2b151c"; 961 | }; 962 | doCheck = commonDoCheck; 963 | buildInputs = commonBuildInputs; 964 | propagatedBuildInputs = [ ]; 965 | meta = with pkgs.stdenv.lib; { 966 | homepage = ""; 967 | license = licenses.bsdOriginal; 968 | description = "Python binding for xxHash"; 969 | }; 970 | passthru.top_level = false; 971 | }; 972 | 973 | } --------------------------------------------------------------------------------