From 890e44ebcc11c48f7347aa60748a84c48261aa5e Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Thu, 12 Nov 2020 17:13:39 -0800 Subject: Get Biz.Dev setup again Also correctly renamed the files (didn't work the first time thanks to the macOS filesystem) and moved the default build.os settings to a OsBase.nix file to be used via imports. --- Biz/Bild/Rules.nix | 24 +---- Biz/Bild/Sources.json | 8 +- Biz/Dev/Configuration.nix | 248 ++++++++++++++++++++++++++++++++++++++++++++++ Biz/Dev/Hardware.nix | 36 +++++++ Biz/Dev/configuration.nix | 213 --------------------------------------- Biz/Dev/hardware.nix | 34 ------- Biz/Keys/Ben.pub | 1 + Biz/Keys/Deploy.pub | 1 + Biz/Keys/Nick.pub | 1 + Biz/Lint.py | 97 ++++++++++++++++++ Biz/OsBase.nix | 24 +++++ Biz/Packages.nix | 20 ++++ Biz/Users.nix | 43 ++++++++ Biz/keys/ben.pub | 1 - Biz/keys/deploy.pub | 1 - Biz/keys/nick.pub | 1 - Biz/lint.py | 97 ------------------ Biz/packages.nix | 20 ---- Biz/users.nix | 39 -------- 19 files changed, 476 insertions(+), 433 deletions(-) create mode 100644 Biz/Dev/Configuration.nix create mode 100644 Biz/Dev/Hardware.nix delete mode 100644 Biz/Dev/configuration.nix delete mode 100644 Biz/Dev/hardware.nix create mode 100644 Biz/Keys/Ben.pub create mode 100644 Biz/Keys/Deploy.pub create mode 100644 Biz/Keys/Nick.pub create mode 100755 Biz/Lint.py create mode 100644 Biz/OsBase.nix create mode 100644 Biz/Packages.nix create mode 100644 Biz/Users.nix delete mode 100644 Biz/keys/ben.pub delete mode 100644 Biz/keys/deploy.pub delete mode 100644 Biz/keys/nick.pub delete mode 100755 Biz/lint.py delete mode 100644 Biz/packages.nix delete mode 100644 Biz/users.nix (limited to 'Biz') diff --git a/Biz/Bild/Rules.nix b/Biz/Bild/Rules.nix index 9fea5df..e6a6979 100644 --- a/Biz/Bild/Rules.nix +++ b/Biz/Bild/Rules.nix @@ -128,27 +128,5 @@ in { shellHook = ". ${./ShellHook.sh}"; }; - os = cfg: (nixos (args: lib.attrsets.recursiveUpdate cfg { - boot.cleanTmpDir = true; - networking.firewall.allowPing = true; - nix.binaryCaches = [ "https://cache.nixos.org" ]; - nix.gc.automatic = true; - nix.gc.dates = "Sunday 02:15"; - nix.optimise.automatic = true; - nix.optimise.dates = [ "Sunday 02:30" ]; - nixpkgs.overlays = overlays; - programs.mosh.enable = true; - programs.mosh.withUtempter = true; - security.acme.email = "ben@bsima.me"; - security.acme.acceptTerms = true; - security.sudo.wheelNeedsPassword = false; - services.clamav.daemon.enable = true; # security - services.clamav.updater.enable = true; # security - services.fail2ban.enable = true; # security - services.openssh.enable = true; - services.openssh.openFirewall = true; - services.openssh.forwardX11 = true; - services.openssh.passwordAuthentication = false; - system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin - })).toplevel; + os = cfg: (nixos (args: cfg)).toplevel; } diff --git a/Biz/Bild/Sources.json b/Biz/Bild/Sources.json index d2565a7..da5e255 100644 --- a/Biz/Bild/Sources.json +++ b/Biz/Bild/Sources.json @@ -51,15 +51,15 @@ "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs": { - "branch": "nixos-19.09", + "branch": "nixos-20.09", "description": "Nix Packages collection", "homepage": "https://github.com/NixOS/nixpkgs", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0c285807d6a9f1b7562ec417c24fa1a30ecc31a", - "sha256": "0waapr7aqz0h1fy1fqlx981ygllh91qx9sz1l2j2h59s46cdircl", + "rev": "d105075a1fd870b1d1617a6008cb38b443e65433", + "sha256": "1jcs44wn0s6mlf2jps25bvcai1rij9b2dil6zcj8zqwf2i8xmqjh", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/b0c285807d6a9f1b7562ec417c24fa1a30ecc31a.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/d105075a1fd870b1d1617a6008cb38b443e65433.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "regex-applicative": { diff --git a/Biz/Dev/Configuration.nix b/Biz/Dev/Configuration.nix new file mode 100644 index 0000000..70c2d36 --- /dev/null +++ b/Biz/Dev/Configuration.nix @@ -0,0 +1,248 @@ +{ config, lib, pkgs, ... }: + +let + murmurPort = 64738; + torrents = { from = 6000; to = 6999; }; +in { + networking = { + hostName = "lithium"; + hosts = { + "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; + }; + + firewall = { + allowedTCPPorts = [ + 22 8000 8443 443 # standard ports + 8080 8081 8082 # mostly for urbit + 500 10000 # no idea + 8096 # emby/jellyfin + 8112 # deluge + murmurPort + ]; + allowedTCPPortRanges = [ + { from = 3000; to = 3100; } # dev stuff + torrents + ]; + allowedUDPPorts = [ murmurPort ]; + allowedUDPPortRanges = [ + torrents + ]; + checkReversePath = false; + }; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + useDHCP = false; + interfaces.enp1s0.useDHCP = true; + interfaces.wlp0s20f0u4.useDHCP = true; + + wireless.enable = true; # Enables wireless support via wpa_supplicant. + wireless.interfaces = [ "wlp0s20f0u4" ]; + wireless.networks = { + Simanet = { + psk = "1123581321"; + }; + Simanet-5g = { + psk = "1123581321"; + priority = 1; + }; + }; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.enableContainers = true; + + powerManagement.enable = false; + + time.timeZone = "America/Los_Angeles"; + + fonts.fonts = with pkgs; [ + google-fonts mononoki source-code-pro fantasque-sans-mono hack-font + fira fira-code fira-code-symbols + ]; + + environment.systemPackages = [ + #pkgs.wemux + pkgs.tmux + ]; + + nixpkgs = { + config = { + allowUnfree = true; + allowBroken = true; + }; + }; + + hardware = { + opengl.enable = true; + pulseaudio = { + enable = true; + extraConfig = '' + load-module module-loopback + ''; + }; + }; + + programs = { + bash.enableCompletion = true; + command-not-found.enable = true; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + mosh.enable = true; + }; + + virtualisation = { + docker = { + enable = true; + liveRestore = false; + }; + libvirtd.enable = true; + virtualbox = { + host = { + enable = false; + headless = false; + addNetworkInterface = false; + }; + guest = { + enable = false; + x11 = false; + }; + }; + }; + + services = { + pcscd.enable = true; + logind = { + lidSwitch = "ignore"; + extraConfig = "IdleAction=ignore"; + }; + + deluge = { + enable = true; + openFilesLimit = 10240; + web.enable = true; + }; + + printing.enable = true; + + murmur = { + enable = true; + registerName = "simatime"; + password = "simatime"; + port = murmurPort; + }; + + xserver = { + enable = true; + autorun = true; + layout = "us"; + xkbOptions = "caps:ctrl_modifier"; + displayManager = { + sddm = { + enable = true; + enableHidpi = true; + }; + #startx.enable = true; + session = [ + { + manage = "desktop"; + name = "home-manager"; + start = '' + ${pkgs.runtimeShell} $HOME/.hm-xsession & + waitPID=$! + ''; + } + ]; + }; + desktopManager = { + #kodi.enable = false; + #plasma5.enable = false; + xterm.enable = true; + }; + windowManager = { + xmonad.enable = true; + }; + }; + + jupyter = { + enable = false; + port = 3099; + ip = "*"; + password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'"; + kernels = { + python3 = let + env = (pkgs.python3.withPackages (p: with p; [ + ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets + ])); + in { + displayName = "py3"; + argv = [ + "${env.interpreter}" + "-m" + "ipykernel_launcher" + "-f" + "{connection_file}" + ]; + language = "python"; + #logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png"; + #logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png"; + }; + }; + }; + + jellyfin = { # previously emby + enable = true; + user = "jellyfin"; + group = "jellyfin"; + }; + + vnstat.enable = true; + + postgresql = { + enable = true; + package = pkgs.postgresql_10; + authentication = '' + local all pprjam md5 + local all pprjam_test md5 + ''; + enableTCPIP = true; + }; + redis = { + enable = true; + }; + }; + + documentation = { + enable = true; + dev.enable = true; + doc.enable = true; + info.enable = true; + man.enable = true; + nixos.enable = true; + }; + + + nix = { + # 1 job * 2 cores = 2 maximum cores used at any one time + maxJobs = 1; + buildCores = 1; + # Since this is the dev machine, we can turn these on at the expense + # of extra disk space. + extraOptions = '' + keep-outputs = true + keep-derivations = true + ''; + trustedUsers = [ "root" "ben" ]; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "20.09"; # Did you read the comment? +} diff --git a/Biz/Dev/Hardware.nix b/Biz/Dev/Hardware.nix new file mode 100644 index 0000000..7f87f74 --- /dev/null +++ b/Biz/Dev/Hardware.nix @@ -0,0 +1,36 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/f08dd8f9-787c-4e2a-a0cc-7019edc2ce2b"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/C67C-D7B5"; + fsType = "vfat"; + }; + + #fileSystems."/mnt/lake" = + # { device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7"; + # fsType = "ext4"; + # }; + + swapDevices = [ ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + # high-resolution display + hardware.video.hidpi.enable = lib.mkDefault true; +} diff --git a/Biz/Dev/configuration.nix b/Biz/Dev/configuration.nix deleted file mode 100644 index 6664163..0000000 --- a/Biz/Dev/configuration.nix +++ /dev/null @@ -1,213 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - murmurPort = 64738; - torrents = { from = 6000; to = 6999; }; -in { - networking = { - hosts = { - "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; - }; - - firewall = { - allowedTCPPorts = [ - 22 8000 8443 443 # standard ports - 8080 8081 8082 # mostly for urbit - 500 10000 # no idea - 8096 # emby/jellyfin - 8112 # deluge - murmurPort - ]; - allowedTCPPortRanges = [ - { from = 3000; to = 3100; } # dev stuff - torrents - ]; - allowedUDPPorts = [ murmurPort ]; - allowedUDPPortRanges = [ - torrents - ]; - checkReversePath = false; - }; - - }; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.enableContainers = true; - - boot.initrd.luks.devices = { - root = { - device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a"; - preLVM = true; - }; - }; - - powerManagement.enable = false; - - time.timeZone = "America/Los_Angeles"; - - fonts.fonts = with pkgs; [ - google-fonts mononoki source-code-pro fantasque-sans-mono hack-font - fira fira-code fira-code-symbols - ]; - - environment.systemPackages = [ pkgs.wemux pkgs.tmux ]; - - nixpkgs = { - config = { - allowUnfree = true; - allowBroken = true; - }; - }; - - hardware = { - opengl.enable = true; - pulseaudio = { - enable = true; - extraConfig = '' - load-module module-loopback - ''; - }; - }; - - programs = { - bash.enableCompletion = true; - command-not-found.enable = true; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - mosh.enable = true; - }; - - virtualisation = { - docker = { - enable = true; - liveRestore = false; - }; - libvirtd.enable = true; - virtualbox = { - host = { - enable = false; - headless = false; - addNetworkInterface = false; - }; - guest = { - enable = false; - x11 = false; - }; - }; - }; - - services = { - pcscd.enable = true; - logind = { - lidSwitch = "ignore"; - extraConfig = "IdleAction=ignore"; - }; - - deluge = { - enable = true; - openFilesLimit = 10240; - web.enable = true; - }; - - printing.enable = true; - - murmur = { - enable = true; - registerName = "simatime"; - password = "simatime"; - port = murmurPort; - }; - - xserver = { - enable = true; - layout = "us"; - xkbOptions = "caps:ctrl_modifier"; - displayManager.sddm.enable = true; - desktopManager = { - kodi.enable = true; - plasma5.enable = true; - xterm.enable = true; - }; - }; - - jupyter = { - enable = false; - port = 3099; - ip = "*"; - password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'"; - kernels = { - python3 = let - env = (pkgs.python3.withPackages (p: with p; [ - ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets - ])); - in { - displayName = "py3"; - argv = [ - "${env.interpreter}" - "-m" - "ipykernel_launcher" - "-f" - "{connection_file}" - ]; - language = "python"; - #logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png"; - #logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png"; - }; - }; - }; - - jellyfin = { # previously emby - enable = true; - user = "jellyfin"; - group = "jellyfin"; - }; - - vnstat.enable = true; - - postgresql = { - enable = true; - package = pkgs.postgresql_10; - authentication = '' - local all pprjam md5 - local all pprjam_test md5 - ''; - enableTCPIP = true; - }; - redis = { - enable = true; - }; - }; - - documentation = { - enable = true; - dev.enable = true; - doc.enable = true; - info.enable = true; - man.enable = true; - nixos.enable = true; - }; - - - nix = { - # 1 job * 2 cores = 2 maximum cores used at any one time - maxJobs = 1; - buildCores = 1; - # Since this is the dev machine, we can turn these on at the expense - # of extra disk space. - extraOptions = '' - keep-outputs = true - keep-derivations = true - ''; - trustedUsers = [ "root" "ben" ]; - }; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "17.09"; # Did you read the comment? -} diff --git a/Biz/Dev/hardware.nix b/Biz/Dev/hardware.nix deleted file mode 100644 index fc0e7a0..0000000 --- a/Biz/Dev/hardware.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/0d8b0e52-10de-4af2-bcd9-b36278352e77"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9B89-85C7"; - fsType = "vfat"; - }; - - fileSystems."/mnt/lake" = - { device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = "powersave"; -} diff --git a/Biz/Keys/Ben.pub b/Biz/Keys/Ben.pub new file mode 100644 index 0000000..c661508 --- /dev/null +++ b/Biz/Keys/Ben.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDhmSEbvX6LSk1ZO/whhAWpxwUxGPwbn7ZKVmxLcIilLdkd/vhFQKSYyMBW+21G3cMbwyFVsCyPbADoXcvV5OSIklxgitP77/2TAgkEPjyklJ4KD0QNDjpu+YGGIyVTgE9YPBhpwuUlxRhux15vN8xzAXq4f5/xpyBPekIdbEaEUZHrKN/z9g8cgw9ZMWSrchbsE3QlU8MJK78HO+v3TjH7Ip+LffWNuhckiYnzT8Duy47vgc1OYqtJaDMN/ufK7yeNILK81M1ybHGOlqYxSfV/RM7oD0P5w5YeTXMpRsOyn4YVzhWSQFrlf08XbwlZUNm6Pb8eNRjM+3YyFTcUU/S81xKwOPRNNhlPnxz+tUltCR3H/0Falu1pxJYT2qfuM9j9z9xA1bJEsSSZ1b2bsHw7ujpRmg0xsPUk7DXIQ1Kh92BFfmDoZWeqsMF1E7H8iuaVsN9k96BwbBfiB4stQqI3ycuHO9zbsa12y8AQusDbr9W8rl/vR0pKNrcNO32ojOzkblJGWgyNxDvTS4l69+qi6pMBONicUUMQnXEtJoasjpECzwlAHIYJMmFQUuloEafR8b0ZAaCw+I5SfsyYF4hHLYseHvMavxgLNZ6W4ZlaL9XmQ7ZGhh10ub4ceW61QvCzKD34yO1yl8PcmS8Fa7bZbGxkq36oCusGbD65AlY+w== ben@lithium diff --git a/Biz/Keys/Deploy.pub b/Biz/Keys/Deploy.pub new file mode 100644 index 0000000..664a2d9 --- /dev/null +++ b/Biz/Keys/Deploy.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDlLRbbXgwjF7IqObf4dZE/jj0HoT6xJR6bP/6ZrJz7NPCPIgY3GacOtBfkJp6KK0zKQdFmxNpcfb3zgpe/Ru7pkmSfI9IoWAU3aLPWK2G3tbLPmktGmF9C53OhyXgFtBGr2Q/+wSRKAfN/FrEEa2FuRBtvtcAMiwbQLbFCzlmWhE7swSBvg38ZSFrjhANsEhfNVCtsrtG16fkfrfmBFv4JIog1fEoMKmXg7rhMjpaas8+n52HMFXvjllePRpywK4wB20GOcOuDSdc3i3zs7NFuicGunEpW2S/byrHotSWHZ9VuUwPn3GJ6xorrGyvsRuPS2anhHTSBxYCqYdXg0BIYUn1x5Uhtzd8kIU06gSLsvuhqGCLNucnXAT1Zix7pSlO21be81SX4vwQEth+6Dkm6kja0ArHZL6wglF8Njd1fV9iOwvcS07clwa/2S8suFLwVrQXz16vfAfA2zi4/qeop5Sv9W4DIOZuIMPmbWZCoy7L6Fu4+x4prb8LCQNM5m4CP3HngCW8PpxtBbBJd0dcXVap1HgDTIt/CLH8ms52uX5k3bHuvzryOihSuwmi/cDZAJAmbgclM9klsZr4R/GAoAWhhGxXM2tLuiwZ2nLvCPlXbBazZpdM2aC3VIwnMwJrJFu2u9B6RSsz2ijbygecT98UmiMYK7Mk1y6GkvY+mDQ== ben@lithium diff --git a/Biz/Keys/Nick.pub b/Biz/Keys/Nick.pub new file mode 100644 index 0000000..4dc08fb --- /dev/null +++ b/Biz/Keys/Nick.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com diff --git a/Biz/Lint.py b/Biz/Lint.py new file mode 100755 index 0000000..fccda57 --- /dev/null +++ b/Biz/Lint.py @@ -0,0 +1,97 @@ +#!/usr/bin/env python +""" +all your lint are belong to us +""" +import os +import subprocess +import sys + + +# pylint: disable=missing-class-docstring,too-few-public-methods +class Color: + HEAD = "\033[95m" + BLUE = "\033[94m" + GREEN = "\033[92m" + WARN = "\033[93m" + FAIL = "\033[91m" + BOLD = "\033[1m" + UNDER = "\033[4m" + END = "\033[0m" + + +def run(cmd, file): + "Exec a linter for a file." + global ERRORS # pylint: disable=global-statement + args = { + "ormolu": ["--mode", "check"], + "hlint": [], + "black": ["--quiet", "--check"], + "pylint": [], + } + # pylint: disable=subprocess-run-check + ret = subprocess.run([cmd, *args[cmd], file], stdout=subprocess.PIPE) + if ret.returncode != 0: + ERRORS += 1 # pylint: disable=undefined-variable + msg = ret.stdout.decode("utf-8").strip() + print(Color.WARN + f"lint error: {cmd}: {file}" + Color.END) + if msg: + for line in msg.split("\n"): + print(" " + line) + + +def changed_files(): + "Return a list of changed files according to git." + merge_base = ( + subprocess.check_output(["git", "merge-base", "HEAD", "origin/master"]) + .decode("utf-8") + .strip() + ) + return ( + subprocess.check_output(["git", "diff", "--name-only", merge_base]) + .decode("utf-8") + .strip() + .split() + ) + + +def group_files(files, extensions): + """Given a list of files and list of extensions, return a dict of: + {ext: [files]} + + """ + root = os.getenv("BIZ_ROOT") + ret = {k: [] for k in extensions} + for ext in extensions: + for file in files: + if file.endswith(ext): + ret[ext].append(os.path.join(root, file)) + return ret + + +def guard_todos(files): + for fname in files: + with open(fname) as text: + if "TODO" in text.read(): + ERRORS += 1 + print("found todo:", fname) + + +if __name__ == "__main__": + ERRORS = 0 + if "-h" in sys.argv: + print(f"usage: {os.path.basename(__file__)} ") + print("if no files given, lint changed files in this branch") + sys.exit(0) + elif len(sys.argv) == 1: + FILES = group_files(changed_files(), [".hs", ".py"]) + else: + FILES = group_files(sys.argv[1:], [".hs", ".py"]) + for hs in FILES[".hs"]: + print(f"lint: {hs}") + run("ormolu", hs) + run("hlint", hs) + for py in FILES[".py"]: + print(f"lint: {py}") + run("black", py) + run("pylint", py) + sys.exit(ERRORS) diff --git a/Biz/OsBase.nix b/Biz/OsBase.nix new file mode 100644 index 0000000..0ba3fca --- /dev/null +++ b/Biz/OsBase.nix @@ -0,0 +1,24 @@ +{...}: +{ + boot.cleanTmpDir = true; + networking.firewall.allowPing = true; + nix.binaryCaches = [ "https://cache.nixos.org" ]; + nix.gc.automatic = true; + nix.gc.dates = "Sunday 02:15"; + nix.optimise.automatic = true; + nix.optimise.dates = [ "Sunday 02:30" ]; + #nixpkgs.overlays = overlays; + programs.mosh.enable = true; + programs.mosh.withUtempter = true; + security.acme.email = "ben@bsima.me"; + security.acme.acceptTerms = true; + security.sudo.wheelNeedsPassword = false; + services.clamav.daemon.enable = true; # security + services.clamav.updater.enable = true; # security + services.fail2ban.enable = true; # security + services.openssh.enable = true; + services.openssh.openFirewall = true; + services.openssh.forwardX11 = true; + services.openssh.passwordAuthentication = false; + system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin +} diff --git a/Biz/Packages.nix b/Biz/Packages.nix new file mode 100644 index 0000000..ea032fe --- /dev/null +++ b/Biz/Packages.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +# Base set of packages to be expected everywhere. + +with pkgs; + +{ + environment.systemPackages = [ + file + gitAndTools.gitFull + htop + python3 + ranger + telnet + traceroute + vim + vnstat + wget + ]; +} diff --git a/Biz/Users.nix b/Biz/Users.nix new file mode 100644 index 0000000..8a804ca --- /dev/null +++ b/Biz/Users.nix @@ -0,0 +1,43 @@ +{ config, ... }: + +{ + users.motd = '' + + welcome to the simatime network! + your host is '${config.networking.hostName}' + + ''; + users.mutableUsers = false; + users.users = { # + # bots + # + deploy = { + isNormalUser = true; + home = "/home/deploy"; + openssh.authorizedKeys.keyFiles = [ ./Keys/Deploy.pub ]; + extraGroups = [ "wheel" ]; + }; + # + # humans + # + root.openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.pub ]; + root.password = "erewhon"; + + ben = { + description = "Ben Sima"; + isNormalUser = true; + home = "/home/ben"; + openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.pub ]; + extraGroups = [ "wheel" "docker" ]; + hashedPassword = + "$6$SGhdoRB6DhWe$elW8RQE1ebe8JKf1ALW8jGZTPCyn2rpq/0J8MV/A9y8qFMEhA.Z2eiexMgptohZAK5kcGOc6HIUgNzJqnDUvY."; + }; + nick = { + description = "Nick Sima"; + isNormalUser = true; + home = "/home/nick"; + openssh.authorizedKeys.keyFiles = [ ./Keys/Nick.pub ]; + extraGroups = [ "docker" ]; + }; + }; +} diff --git a/Biz/keys/ben.pub b/Biz/keys/ben.pub deleted file mode 100644 index c661508..0000000 --- a/Biz/keys/ben.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDhmSEbvX6LSk1ZO/whhAWpxwUxGPwbn7ZKVmxLcIilLdkd/vhFQKSYyMBW+21G3cMbwyFVsCyPbADoXcvV5OSIklxgitP77/2TAgkEPjyklJ4KD0QNDjpu+YGGIyVTgE9YPBhpwuUlxRhux15vN8xzAXq4f5/xpyBPekIdbEaEUZHrKN/z9g8cgw9ZMWSrchbsE3QlU8MJK78HO+v3TjH7Ip+LffWNuhckiYnzT8Duy47vgc1OYqtJaDMN/ufK7yeNILK81M1ybHGOlqYxSfV/RM7oD0P5w5YeTXMpRsOyn4YVzhWSQFrlf08XbwlZUNm6Pb8eNRjM+3YyFTcUU/S81xKwOPRNNhlPnxz+tUltCR3H/0Falu1pxJYT2qfuM9j9z9xA1bJEsSSZ1b2bsHw7ujpRmg0xsPUk7DXIQ1Kh92BFfmDoZWeqsMF1E7H8iuaVsN9k96BwbBfiB4stQqI3ycuHO9zbsa12y8AQusDbr9W8rl/vR0pKNrcNO32ojOzkblJGWgyNxDvTS4l69+qi6pMBONicUUMQnXEtJoasjpECzwlAHIYJMmFQUuloEafR8b0ZAaCw+I5SfsyYF4hHLYseHvMavxgLNZ6W4ZlaL9XmQ7ZGhh10ub4ceW61QvCzKD34yO1yl8PcmS8Fa7bZbGxkq36oCusGbD65AlY+w== ben@lithium diff --git a/Biz/keys/deploy.pub b/Biz/keys/deploy.pub deleted file mode 100644 index 664a2d9..0000000 --- a/Biz/keys/deploy.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDlLRbbXgwjF7IqObf4dZE/jj0HoT6xJR6bP/6ZrJz7NPCPIgY3GacOtBfkJp6KK0zKQdFmxNpcfb3zgpe/Ru7pkmSfI9IoWAU3aLPWK2G3tbLPmktGmF9C53OhyXgFtBGr2Q/+wSRKAfN/FrEEa2FuRBtvtcAMiwbQLbFCzlmWhE7swSBvg38ZSFrjhANsEhfNVCtsrtG16fkfrfmBFv4JIog1fEoMKmXg7rhMjpaas8+n52HMFXvjllePRpywK4wB20GOcOuDSdc3i3zs7NFuicGunEpW2S/byrHotSWHZ9VuUwPn3GJ6xorrGyvsRuPS2anhHTSBxYCqYdXg0BIYUn1x5Uhtzd8kIU06gSLsvuhqGCLNucnXAT1Zix7pSlO21be81SX4vwQEth+6Dkm6kja0ArHZL6wglF8Njd1fV9iOwvcS07clwa/2S8suFLwVrQXz16vfAfA2zi4/qeop5Sv9W4DIOZuIMPmbWZCoy7L6Fu4+x4prb8LCQNM5m4CP3HngCW8PpxtBbBJd0dcXVap1HgDTIt/CLH8ms52uX5k3bHuvzryOihSuwmi/cDZAJAmbgclM9klsZr4R/GAoAWhhGxXM2tLuiwZ2nLvCPlXbBazZpdM2aC3VIwnMwJrJFu2u9B6RSsz2ijbygecT98UmiMYK7Mk1y6GkvY+mDQ== ben@lithium diff --git a/Biz/keys/nick.pub b/Biz/keys/nick.pub deleted file mode 100644 index 4dc08fb..0000000 --- a/Biz/keys/nick.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com diff --git a/Biz/lint.py b/Biz/lint.py deleted file mode 100755 index fccda57..0000000 --- a/Biz/lint.py +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/bin/env python -""" -all your lint are belong to us -""" -import os -import subprocess -import sys - - -# pylint: disable=missing-class-docstring,too-few-public-methods -class Color: - HEAD = "\033[95m" - BLUE = "\033[94m" - GREEN = "\033[92m" - WARN = "\033[93m" - FAIL = "\033[91m" - BOLD = "\033[1m" - UNDER = "\033[4m" - END = "\033[0m" - - -def run(cmd, file): - "Exec a linter for a file." - global ERRORS # pylint: disable=global-statement - args = { - "ormolu": ["--mode", "check"], - "hlint": [], - "black": ["--quiet", "--check"], - "pylint": [], - } - # pylint: disable=subprocess-run-check - ret = subprocess.run([cmd, *args[cmd], file], stdout=subprocess.PIPE) - if ret.returncode != 0: - ERRORS += 1 # pylint: disable=undefined-variable - msg = ret.stdout.decode("utf-8").strip() - print(Color.WARN + f"lint error: {cmd}: {file}" + Color.END) - if msg: - for line in msg.split("\n"): - print(" " + line) - - -def changed_files(): - "Return a list of changed files according to git." - merge_base = ( - subprocess.check_output(["git", "merge-base", "HEAD", "origin/master"]) - .decode("utf-8") - .strip() - ) - return ( - subprocess.check_output(["git", "diff", "--name-only", merge_base]) - .decode("utf-8") - .strip() - .split() - ) - - -def group_files(files, extensions): - """Given a list of files and list of extensions, return a dict of: - {ext: [files]} - - """ - root = os.getenv("BIZ_ROOT") - ret = {k: [] for k in extensions} - for ext in extensions: - for file in files: - if file.endswith(ext): - ret[ext].append(os.path.join(root, file)) - return ret - - -def guard_todos(files): - for fname in files: - with open(fname) as text: - if "TODO" in text.read(): - ERRORS += 1 - print("found todo:", fname) - - -if __name__ == "__main__": - ERRORS = 0 - if "-h" in sys.argv: - print(f"usage: {os.path.basename(__file__)} ") - print("if no files given, lint changed files in this branch") - sys.exit(0) - elif len(sys.argv) == 1: - FILES = group_files(changed_files(), [".hs", ".py"]) - else: - FILES = group_files(sys.argv[1:], [".hs", ".py"]) - for hs in FILES[".hs"]: - print(f"lint: {hs}") - run("ormolu", hs) - run("hlint", hs) - for py in FILES[".py"]: - print(f"lint: {py}") - run("black", py) - run("pylint", py) - sys.exit(ERRORS) diff --git a/Biz/packages.nix b/Biz/packages.nix deleted file mode 100644 index ea032fe..0000000 --- a/Biz/packages.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -# Base set of packages to be expected everywhere. - -with pkgs; - -{ - environment.systemPackages = [ - file - gitAndTools.gitFull - htop - python3 - ranger - telnet - traceroute - vim - vnstat - wget - ]; -} diff --git a/Biz/users.nix b/Biz/users.nix deleted file mode 100644 index c7c4041..0000000 --- a/Biz/users.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, ... }: - -{ - users.motd = '' - - welcome to the simatime network! - your host is '${config.networking.hostName}' - - ''; - users.mutableUsers = false; - users.users = { # - # bots - # - deploy = { - isNormalUser = true; - home = "/home/deploy"; - openssh.authorizedKeys.keyFiles = [ ./Keys/Deploy.pub ]; - extraGroups = [ "wheel" ]; - }; - # - # humans - # - root.openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.pub ]; - ben = { - description = "Ben Sima"; - isNormalUser = true; - home = "/home/ben"; - openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.pub ]; - extraGroups = [ "wheel" "networkmanager" "docker" ]; - }; - nick = { - description = "Nick Sima"; - isNormalUser = true; - home = "/home/nick"; - openssh.authorizedKeys.keyFiles = [ ./Keys/Nick.pub ]; - extraGroups = [ "docker" ]; - }; - }; -} -- cgit v1.2.3