diff --git a/boxes/netbox/default.nix b/boxes/netbox/default.nix index 4331d02..a0d777c 100644 --- a/boxes/netbox/default.nix +++ b/boxes/netbox/default.nix @@ -12,7 +12,6 @@ ./radicale.nix ./vaultwarden.nix ./sslh.nix - ./fail2ban.nix ./nginx.nix ./franklincce.nix ./wireguard.nix diff --git a/boxes/netbox/fail2ban.nix b/boxes/netbox/fail2ban.nix deleted file mode 100644 index b23a151..0000000 --- a/boxes/netbox/fail2ban.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ lib, config, pkgs, ... }: -{ - services.fail2ban = { - enable = true; - ignoreIP = [ - "192.168.1.0/24" - ]; - extraPackages = [pkgs.ipset]; - banaction = "iptables-ipset-proto6-allports"; - - jails = { - "nginx-bruteforce" = '' - enabled = true - filter = nginx-bruteforce - logpath = /var/log/nginx/access.log - backend = auto - maxretry = 6 - findtime = 600 - ''; - - "postfix-bruteforce" = '' - enabled = true - filter = postfix-bruteforce - maxretry = 6 - findtime = 600 - ''; - }; - }; - - environment.etc = { - "fail2ban/filter.d/nginx-bruteforce.conf".text = '' - [Definition] - failregex = ^.*GET.*(matrix/server|\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$ - ''; - - "fail2ban/filter.d/postfix-bruteforce.conf".text = '' - [Definition] - failregex = warning: [\w\.\-]+\[\]: SASL LOGIN authentication failed.*$ - journalmatch = _SYSTEMD_UNIT=postfix.service - ''; - }; -} diff --git a/boxes/netbox/socks.nix b/boxes/netbox/socks.nix deleted file mode 100644 index a55d938..0000000 --- a/boxes/netbox/socks.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, config, pkgs, ... }: -{ - services._3proxy = { - enable = true; - services = [ - { - type = "socks"; - auth = [ "none" ]; - bindAddress = "10.100.0.1"; - bindPort = 3128; - } - ]; - }; -} diff --git a/lappy/builds/default.nix b/lappy/builds/default.nix index 9646d2c..61fd71e 100644 --- a/lappy/builds/default.nix +++ b/lappy/builds/default.nix @@ -4,5 +4,6 @@ environment.systemPackages = with pkgs; [ (callPackage ./utils.nix {}) (callPackage ./dwm.nix {}) + (callPackage ./sssg.nix {}) ]; } diff --git a/lappy/builds/sssg.nix b/lappy/builds/sssg.nix new file mode 100644 index 0000000..c9ac3f6 --- /dev/null +++ b/lappy/builds/sssg.nix @@ -0,0 +1,28 @@ +{ stdenv +, lib +, pkgs +, fetchgit +, makeWrapper +, bash +, pandoc +}: + +stdenv.mkDerivation rec { + pname = "sssg"; + version = "1.00"; + + src = fetchgit { + url = "https://git.beepboop.systems/stupidcomputer/sssg"; + hash = "sha256-b0lbHsu628CKPNC6HDLApZQ4HsinTrXCoFqr1KdVIYE="; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ bash pandoc ]; + + installPhase = '' + mkdir -p $out/bin + + cp $src/sssg.sh $out/bin/sssg + wrapProgram $out/bin/sssg --prefix PATH : ${lib.makeBinPath [ bash pandoc ]} + ''; +} diff --git a/lappy/builds/utils.nix b/lappy/builds/utils.nix index 44ca554..bdb36f6 100644 --- a/lappy/builds/utils.nix +++ b/lappy/builds/utils.nix @@ -3,6 +3,8 @@ , pkgs # shell scripts stuff , makeWrapper +, xclip +, rbw }: stdenv.mkDerivation rec { @@ -12,14 +14,14 @@ stdenv.mkDerivation rec { src = ./utils; nativeBuildInputs = [ makeWrapper ]; - buildInputs = [ ]; + buildInputs = [ xclip rbw ]; installPhase = '' mkdir -p $out/bin for i in $(ls $src/); do cp $src/$i $out/bin - wrapProgram $out/bin/$i --prefix PATH : ${lib.makeBinPath [ ]} + wrapProgram $out/bin/$i --prefix PATH : ${lib.makeBinPath [ xclip rbw ]} done ''; } diff --git a/lappy/builds/utils/git-rbw-wrap b/lappy/builds/utils/git-rbw-wrap new file mode 100755 index 0000000..082eeec --- /dev/null +++ b/lappy/builds/utils/git-rbw-wrap @@ -0,0 +1,14 @@ +#!/bin/sh + +[ -z "$1" ] && exit 1 + +# wrap rbw get $1 --full to output in the git credential helper +# format: +# username=yourusername +# password=yourpassword + +rbw get $1 --full | \ + sed '1{s/^/password=/}' | \ + sed 's/Username: /username=/g' | \ + grep -E 'username|password' | \ + tac diff --git a/lappy/builds/utils/passmenu b/lappy/builds/utils/passmenu new file mode 100755 index 0000000..fd28fdf --- /dev/null +++ b/lappy/builds/utils/passmenu @@ -0,0 +1,6 @@ +#!/bin/sh +resp=$(rbw list | dmenu) + +rbw get "$resp" | xclip -selection clipboard +sleep 15 +echo "cleared" | xclip -selection clipboard diff --git a/lappy/builds/utils/pimsync b/lappy/builds/utils/pimsync new file mode 100755 index 0000000..7b6c335 --- /dev/null +++ b/lappy/builds/utils/pimsync @@ -0,0 +1,7 @@ +#!/bin/sh + +mkdir -p ~/Mail/main +mbsync -c ~/.config/isync/config main + +vdirsyncer sync +rbw sync diff --git a/lappy/config/default.nix b/lappy/config/default.nix index 71ecf63..0efdda1 100644 --- a/lappy/config/default.nix +++ b/lappy/config/default.nix @@ -18,26 +18,47 @@ system.userActivationScripts = { copyEssentialConfiguration = { text = '' - mkdir -p /home/usr/.config - - mkdir -p /home/usr/.config/nvim - ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/nvim/init.lua /home/usr/.config/nvim/init.lua - - mkdir -p /home/usr/.config/sx - ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/sx/sxrc /home/usr/.config/sx/sxrc - mkdir -p /home/usr/.config/bash ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/bash/bashrc /home/usr/.config/bash/bashrc ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/bash/profile /home/usr/.config/bash/profile + mkdir -p /home/usr/.config/cmus + ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/cmus/rc /home/usr/.config/cmus/rc + mkdir -p /home/usr/.config/git ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/git/config /home/usr/.config/git/config + mkdir -p /home/usr/.config/isync + ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/isync/config /home/usr/.config/isync/config + + mkdir -p /home/usr/.config/khal + ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/khal/config /home/usr/.config/khal/config + + mkdir -p /home/usr/.config/khard + ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/khard/khard.conf /home/usr/.config/khard/khard.conf + + mkdir -p /home/usr/.config/msmtp + ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/msmtp/config /home/usr/.config/msmtp/config + + mkdir -p /home/usr/.config/neomutt + ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/neomutt/neomuttrc /home/usr/.config/neomutt/neomuttrc + + mkdir -p /home/usr/.config/nvim + ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/nvim/init.lua /home/usr/.config/nvim/init.lua + mkdir -p /home/usr/.config/rbw ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/rbw/config.json /home/usr/.config/rbw/config.json - mkdir -p /home/usr/.config/cmus - ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/cmus/rc /home/usr/.config/cmus/rc + mkdir -p /home/usr/.config/ssh + mkdir -p /home/usr/.ssh + ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/ssh/config /home/usr/.config/ssh/config + ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/ssh/config /home/usr/.ssh/config + + mkdir -p /home/usr/.config/sx + ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/sx/sxrc /home/usr/.config/sx/sxrc + + mkdir -p /home/usr/.config/vdirsyncer + ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/vdirsyncer/config /home/usr/.config/vdirsyncer/config ''; deps = []; }; diff --git a/lappy/config/isync/config b/lappy/config/isync/config new file mode 100644 index 0000000..16994ab --- /dev/null +++ b/lappy/config/isync/config @@ -0,0 +1,20 @@ +IMAPStore main-remote +Host mail.beepboop.systems +Port 993 +User ryan@beepboop.systems +PassCmd "rbw get mail.beepboop.systems" +SSLType IMAPS +CertificateFile /etc/ssl/certs/ca-certificates.crt + +MaildirStore main-local +Path ~/Mail/main/ +Inbox ~/Mail/main/INBOX +Subfolders Verbatim + +Channel main +Far :main-remote: +Near :main-local: +Create Both +Expunge Both +Patterns * +SyncState * diff --git a/lappy/config/khal/config b/lappy/config/khal/config new file mode 100644 index 0000000..12abda8 --- /dev/null +++ b/lappy/config/khal/config @@ -0,0 +1,23 @@ +[calendars] +[[home]] +path = "~/vdir/calendar/personal/edfbeaf1-e9f3-4d94-a512-40cdafdbc7a0" +color = dark green + +[[band]] +path = "~/vdir/calendar/band" +color = light cyan + +[[pco]] +path = "~/vdir/calendar/pco" +color = yellow + +[[school]] +path = "~/vdir/calendar/school" +color = dark red + +[locale] +timeformat = %H:%M +dateformat = %Y-%m-%d +longdateformat = %Y-%m-%d %a +datetimeformat = %Y-%m-%d %H:%M +longdatetimeformat = %Y-%m-%d %H:%M diff --git a/lappy/config/khard/khard.conf b/lappy/config/khard/khard.conf new file mode 100644 index 0000000..4e57eb3 --- /dev/null +++ b/lappy/config/khard/khard.conf @@ -0,0 +1,19 @@ +[addressbooks] +[[main]] +path = ~/vdir/people/main/20cda0dd-5922-4905-8956-859c989a6519 +[general] +default_action = list +editor = nvim +merge_editor = nvim, -d + +[contact table] +display = first_name +group_by_addressbook = no +reverse = no +show_nicknames = no +show_uids = yes +show_kinds = no +sort = last_name +localize_dates = yes +preferred_phone_number_type = pref, cell, home +preferred_email_address_type = pref, work, home diff --git a/lappy/config/msmtp/config b/lappy/config/msmtp/config new file mode 100644 index 0000000..2e0e9cc --- /dev/null +++ b/lappy/config/msmtp/config @@ -0,0 +1,12 @@ +defaults +auth on +tls on +tls_trust_file /etc/ssl/certs/ca-certificates.crt + +account default +host mail.beepboop.systems +port 587 +tls_starttls on +from ryan@beepboop.systems +user ryan@beepboop.systems +passwordeval rbw get "mail.beepboop.systems" diff --git a/lappy/config/neomutt/neomuttrc b/lappy/config/neomutt/neomuttrc new file mode 100644 index 0000000..d76cc68 --- /dev/null +++ b/lappy/config/neomutt/neomuttrc @@ -0,0 +1,29 @@ +set editor = "nvim" + +set my_name = "Ryan Marina" +set fast_reply + +set mbox_type = Maildir +set folder = "~/Mail/main" + +set sidebar_visible +set sidebar_format = "%B%%* %%S" +set mail_check_stats + +set sendmail = "msmtp -a default -C $HOME/.config/msmtp/config" + +set from = "ryan@beepboop.systems" +set spoolfile = +INBOX +set record = "+Sent" +set trash = "+Trash" +set postponed = "+Drafts" +mailboxes +SMS +INBOX "+College Messages" +"Internship 24" + +unset wait_key +macro index S "pimsync" + +set use_threads = yes +set sort_aux = reverse-last-date-received + +set imap_keepalive = 300 +set query_command = "khard email --parsable --search-in-source-files '%s'" diff --git a/lappy/config/ssh/config b/lappy/config/ssh/config new file mode 100644 index 0000000..d8d8b2e --- /dev/null +++ b/lappy/config/ssh/config @@ -0,0 +1,4 @@ +Host netbox + HostName beepboop.systems + User ryan + Port 443 diff --git a/lappy/config/vdirsyncer/config b/lappy/config/vdirsyncer/config new file mode 100644 index 0000000..51efbab --- /dev/null +++ b/lappy/config/vdirsyncer/config @@ -0,0 +1,79 @@ +[general] +status_path = "~/vdir/status" + +[pair contacts] +a = "contacts_local" +b = "contacts_remote" +collections = ["from a", "from b"] + +[pair calendar] +a = "calendar_local" +b = "calendar_remote" +collections = ["from a", "from b"] + +[pair band_calendar] +a = "band_calendar_local" +b = "band_calendar_remote" +collections = null + +[pair pco_calendar] +a = "pco_local" +b = "pco_remote" +collections = null + +[pair school_calendar] +a = "school_local" +b = "school_remote" +collections = null + +[storage contacts_local] +type = "filesystem" +path = "~/vdir/people/main" +fileext = ".vcf" + +[storage calendar_local] +type = "filesystem" +path = "~/vdir/calendar/personal" +fileext = ".ics" + +[storage band_calendar_local] +type = "filesystem" +path = "~/vdir/calendar/band" +fileext = ".ics" + +[storage pco_local] +type = "filesystem" +path = "~/vdir/calendar/pco" +fileext = ".ics" + +[storage school_local] +type = "filesystem" +path = "~/vdir/calendar/school" +fileext = ".ics" + +[storage contacts_remote] +type = "carddav" + +url = "https://radicale.beepboop.systems/ryan/20cda0dd-5922-4905-8956-859c989a6519/" +username = "ryan" +password.fetch = ["command", "rbw", "get", "radicale"] + +[storage band_calendar_remote] +type = "http" +url = "https://calendar.google.com/calendar/ical/i6bong6iferbcuf1u25jg47t7k%40group.calendar.google.com/public/basic.ics" + +[storage pco_remote] +type = "http" + +url.fetch = ["command", "rbw", "get", "pco-ical-sync"] + +[storage school_remote] +type = "http" + +url.fetch = ["command", "rbw", "get", "school-ical-sync"] +[storage calendar_remote] +type = "caldav" + +url = "https://radicale.beepboop.systems/ryan/edfbeaf1-e9f3-4d94-a512-40cdafdbc7a0/" +username = "ryan" +password.fetch = ["command", "rbw", "get", "radicale"] diff --git a/lappy/configuration.nix b/lappy/configuration.nix index 6a2364f..3deac70 100644 --- a/lappy/configuration.nix +++ b/lappy/configuration.nix @@ -38,25 +38,43 @@ nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ - neovim - git - + # x11 brave - (pkgs.st.overrideAttrs (old: { + (pkgs.st.overrideAttrs (oldAttrs: rec { patches = [ ./builds/st/scrollback.patch ./builds/st/clipboard.patch ]; - conf = ./builds/st/config.h; - }) - ) + conf = builtins.readFile ./builds/st/config.h; + })) dmenu + pinentry-qt + + # tui/cli programs + # devel + gh + tea + neovim + git + + # audio cmus - htop - rbw - pinentry-tty ncpamixer bluetuith + + # pimtools + khard + khal + vdirsyncer + neomutt + isync + msmtp + + # utilities + htop + tmux + rbw + usbutils # for lsusb ]; services = {