merge conflicts

boxes/netbox/default.nix

@@ -12,7 +12,6 @@
       ./radicale.nix
       ./vaultwarden.nix
       ./sslh.nix
-      ./fail2ban.nix
       ./nginx.nix
       ./franklincce.nix
       ./wireguard.nix

boxes/netbox/fail2ban.nix

@@ -1,42 +0,0 @@
-{ lib, config, pkgs, ... }:
-{
-  services.fail2ban = {
-    enable = true;
-    ignoreIP = [
-      "192.168.1.0/24"
-    ];
-    extraPackages = [pkgs.ipset];
-    banaction = "iptables-ipset-proto6-allports";
-
-    jails = {
-      "nginx-bruteforce" = ''
-        enabled = true
-        filter = nginx-bruteforce
-        logpath = /var/log/nginx/access.log
-        backend = auto
-        maxretry = 6
-        findtime = 600
-      '';
-
-      "postfix-bruteforce" = ''
-        enabled = true
-        filter = postfix-bruteforce
-        maxretry = 6
-        findtime = 600
-      '';
-    };
-  };
-
-  environment.etc = {
-    "fail2ban/filter.d/nginx-bruteforce.conf".text = ''
-      [Definition]
-      failregex = ^<HOST>.*GET.*(matrix/server|\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$
-    '';
-
-    "fail2ban/filter.d/postfix-bruteforce.conf".text = ''
-      [Definition]
-      failregex = warning: [\w\.\-]+\[<HOST>\]: SASL LOGIN authentication failed.*$
-      journalmatch = _SYSTEMD_UNIT=postfix.service
-    '';
-  };
-}

boxes/netbox/socks.nix

@@ -1,14 +0,0 @@
-{ lib, config, pkgs, ... }:
-{
-  services._3proxy = {
-    enable = true;
-    services = [
-      {
-        type = "socks";
-        auth = [ "none" ];
-        bindAddress = "10.100.0.1";
-        bindPort = 3128;
-      }
-    ];
-  };
-}

lappy/builds/default.nix

@@ -4,5 +4,6 @@
   environment.systemPackages = with pkgs; [
     (callPackage ./utils.nix {})
     (callPackage ./dwm.nix {})
+    (callPackage ./sssg.nix {})
   ];
 }

lappy/builds/sssg.nix

@@ -0,0 +1,28 @@
+{ stdenv
+, lib
+, pkgs
+, fetchgit
+, makeWrapper
+, bash
+, pandoc
+}:
+
+stdenv.mkDerivation rec {
+  pname = "sssg";
+  version = "1.00";
+
+  src = fetchgit {
+    url = "https://git.beepboop.systems/stupidcomputer/sssg";
+    hash = "sha256-b0lbHsu628CKPNC6HDLApZQ4HsinTrXCoFqr1KdVIYE=";
+  };
+
+  nativeBuildInputs = [ makeWrapper ];
+  buildInputs = [ bash pandoc ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+
+    cp $src/sssg.sh $out/bin/sssg
+    wrapProgram $out/bin/sssg --prefix PATH : ${lib.makeBinPath [ bash pandoc ]}
+  '';
+}

lappy/builds/utils.nix

@@ -3,6 +3,8 @@
 , pkgs
 # shell scripts stuff
 , makeWrapper
+, xclip
+, rbw
 }:
 
 stdenv.mkDerivation rec {
@@ -12,14 +14,14 @@ stdenv.mkDerivation rec {
   src = ./utils;
 
   nativeBuildInputs = [ makeWrapper ];
-  buildInputs = [ ];
+  buildInputs = [ xclip rbw ];
 
   installPhase = ''
     mkdir -p $out/bin
 
     for i in $(ls $src/); do
       cp $src/$i $out/bin
-      wrapProgram $out/bin/$i --prefix PATH : ${lib.makeBinPath [ ]}
+      wrapProgram $out/bin/$i --prefix PATH : ${lib.makeBinPath [ xclip rbw ]}
     done
   '';
 }

lappy/builds/utils/git-rbw-wrap

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+[ -z "$1" ] && exit 1
+
+# wrap rbw get $1 --full to output in the git credential helper
+# format:
+# username=yourusername
+# password=yourpassword
+
+rbw get $1 --full | \
+	sed '1{s/^/password=/}' | \
+	sed 's/Username: /username=/g' | \
+	grep -E 'username|password' | \
+	tac

lappy/builds/utils/passmenu

@@ -0,0 +1,6 @@
+#!/bin/sh
+resp=$(rbw list | dmenu)
+
+rbw get "$resp" | xclip -selection clipboard
+sleep 15
+echo "cleared" | xclip -selection clipboard

lappy/builds/utils/pimsync

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+mkdir -p ~/Mail/main
+mbsync -c ~/.config/isync/config main
+
+vdirsyncer sync
+rbw sync

lappy/config/default.nix

@@ -18,26 +18,47 @@
   system.userActivationScripts = {
     copyEssentialConfiguration = {
       text = ''
-        mkdir -p /home/usr/.config
-
-        mkdir -p /home/usr/.config/nvim
-        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/nvim/init.lua /home/usr/.config/nvim/init.lua
-
-        mkdir -p /home/usr/.config/sx
-        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/sx/sxrc /home/usr/.config/sx/sxrc
-
         mkdir -p /home/usr/.config/bash
         ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/bash/bashrc /home/usr/.config/bash/bashrc
         ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/bash/profile /home/usr/.config/bash/profile
 
+        mkdir -p /home/usr/.config/cmus
+        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/cmus/rc /home/usr/.config/cmus/rc
+
         mkdir -p /home/usr/.config/git
         ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/git/config /home/usr/.config/git/config
 
+        mkdir -p /home/usr/.config/isync
+        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/isync/config /home/usr/.config/isync/config
+
+        mkdir -p /home/usr/.config/khal
+        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/khal/config /home/usr/.config/khal/config
+
+        mkdir -p /home/usr/.config/khard
+        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/khard/khard.conf /home/usr/.config/khard/khard.conf
+
+        mkdir -p /home/usr/.config/msmtp
+        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/msmtp/config /home/usr/.config/msmtp/config
+
+        mkdir -p /home/usr/.config/neomutt
+        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/neomutt/neomuttrc /home/usr/.config/neomutt/neomuttrc
+
+        mkdir -p /home/usr/.config/nvim
+        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/nvim/init.lua /home/usr/.config/nvim/init.lua
+
         mkdir -p /home/usr/.config/rbw
         ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/rbw/config.json /home/usr/.config/rbw/config.json
 
-        mkdir -p /home/usr/.config/cmus
+        mkdir -p /home/usr/.config/ssh
-        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/cmus/rc /home/usr/.config/cmus/rc
+        mkdir -p /home/usr/.ssh
+        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/ssh/config /home/usr/.config/ssh/config
+        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/ssh/config /home/usr/.ssh/config
+
+        mkdir -p /home/usr/.config/sx
+        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/sx/sxrc /home/usr/.config/sx/sxrc
+
+        mkdir -p /home/usr/.config/vdirsyncer
+        ${pkgs.coreutils}/bin/ln -sf /home/usr/dots/lappy/config/vdirsyncer/config /home/usr/.config/vdirsyncer/config
       '';
       deps = [];
     };

lappy/config/isync/config

@@ -0,0 +1,20 @@
+IMAPStore main-remote
+Host mail.beepboop.systems
+Port 993
+User ryan@beepboop.systems
+PassCmd "rbw get mail.beepboop.systems"
+SSLType IMAPS
+CertificateFile /etc/ssl/certs/ca-certificates.crt
+
+MaildirStore main-local
+Path ~/Mail/main/
+Inbox ~/Mail/main/INBOX
+Subfolders Verbatim
+
+Channel main
+Far :main-remote:
+Near :main-local:
+Create Both
+Expunge Both
+Patterns *
+SyncState *

lappy/config/khal/config

@@ -0,0 +1,23 @@
+[calendars]
+[[home]]
+path = "~/vdir/calendar/personal/edfbeaf1-e9f3-4d94-a512-40cdafdbc7a0"
+color = dark green
+
+[[band]]
+path = "~/vdir/calendar/band"
+color = light cyan
+
+[[pco]]
+path = "~/vdir/calendar/pco"
+color = yellow
+
+[[school]]
+path = "~/vdir/calendar/school"
+color = dark red
+
+[locale]
+timeformat = %H:%M
+dateformat = %Y-%m-%d
+longdateformat = %Y-%m-%d %a
+datetimeformat = %Y-%m-%d %H:%M
+longdatetimeformat = %Y-%m-%d %H:%M

lappy/config/khard/khard.conf

@@ -0,0 +1,19 @@
+[addressbooks]
+[[main]]
+path = ~/vdir/people/main/20cda0dd-5922-4905-8956-859c989a6519
+[general]
+default_action = list
+editor = nvim
+merge_editor = nvim, -d
+
+[contact table]
+display = first_name
+group_by_addressbook = no
+reverse = no
+show_nicknames = no
+show_uids = yes
+show_kinds = no
+sort = last_name
+localize_dates = yes
+preferred_phone_number_type = pref, cell, home
+preferred_email_address_type = pref, work, home

lappy/config/msmtp/config

@@ -0,0 +1,12 @@
+defaults
+auth on
+tls on
+tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account default
+host mail.beepboop.systems
+port 587
+tls_starttls on
+from ryan@beepboop.systems
+user ryan@beepboop.systems
+passwordeval rbw get "mail.beepboop.systems"

lappy/config/neomutt/neomuttrc

@@ -0,0 +1,29 @@
+set editor = "nvim"
+
+set my_name = "Ryan Marina"
+set fast_reply
+
+set mbox_type = Maildir
+set folder = "~/Mail/main"
+
+set sidebar_visible
+set sidebar_format = "%B%<F? [%F}>%* %<N?%N/>%S"
+set mail_check_stats
+
+set sendmail = "msmtp -a default -C $HOME/.config/msmtp/config"
+
+set from = "ryan@beepboop.systems"
+set spoolfile = +INBOX
+set record = "+Sent"
+set trash = "+Trash"
+set postponed = "+Drafts"
+mailboxes +SMS +INBOX "+College Messages" +"Internship 24"
+
+unset wait_key
+macro index S "<shell-escape>pimsync<enter>"
+
+set use_threads = yes
+set sort_aux = reverse-last-date-received
+
+set imap_keepalive = 300
+set query_command = "khard email --parsable --search-in-source-files '%s'"

lappy/config/ssh/config

@@ -0,0 +1,4 @@
+Host netbox
+	HostName beepboop.systems
+	User ryan
+	Port 443

lappy/config/vdirsyncer/config

@@ -0,0 +1,79 @@
+[general]
+status_path = "~/vdir/status"
+
+[pair contacts]
+a = "contacts_local"
+b = "contacts_remote"
+collections = ["from a", "from b"]
+
+[pair calendar]
+a = "calendar_local"
+b = "calendar_remote"
+collections = ["from a", "from b"]
+
+[pair band_calendar]
+a = "band_calendar_local"
+b = "band_calendar_remote"
+collections = null
+
+[pair pco_calendar]
+a = "pco_local"
+b = "pco_remote"
+collections = null
+
+[pair school_calendar]
+a = "school_local"
+b = "school_remote"
+collections = null
+
+[storage contacts_local]
+type = "filesystem"
+path = "~/vdir/people/main"
+fileext = ".vcf"
+
+[storage calendar_local]
+type = "filesystem"
+path = "~/vdir/calendar/personal"
+fileext = ".ics"
+
+[storage band_calendar_local]
+type = "filesystem"
+path = "~/vdir/calendar/band"
+fileext = ".ics"
+
+[storage pco_local]
+type = "filesystem"
+path = "~/vdir/calendar/pco"
+fileext = ".ics"
+
+[storage school_local]
+type = "filesystem"
+path = "~/vdir/calendar/school"
+fileext = ".ics"
+
+[storage contacts_remote]
+type = "carddav"
+
+url = "https://radicale.beepboop.systems/ryan/20cda0dd-5922-4905-8956-859c989a6519/"
+username = "ryan"
+password.fetch = ["command", "rbw", "get", "radicale"]
+
+[storage band_calendar_remote]
+type = "http"
+url = "https://calendar.google.com/calendar/ical/i6bong6iferbcuf1u25jg47t7k%40group.calendar.google.com/public/basic.ics"
+
+[storage pco_remote]
+type = "http"
+
+url.fetch = ["command", "rbw", "get", "pco-ical-sync"]
+
+[storage school_remote]
+type = "http"
+
+url.fetch = ["command", "rbw", "get", "school-ical-sync"]
+[storage calendar_remote]
+type = "caldav"
+
+url = "https://radicale.beepboop.systems/ryan/edfbeaf1-e9f3-4d94-a512-40cdafdbc7a0/"
+username = "ryan"
+password.fetch = ["command", "rbw", "get", "radicale"]

lappy/configuration.nix

@@ -38,25 +38,43 @@
   nixpkgs.config.allowUnfree = true;
 
   environment.systemPackages = with pkgs; [
-    neovim
+    # x11
-    git
-
     brave
-    (pkgs.st.overrideAttrs (old: {
+    (pkgs.st.overrideAttrs (oldAttrs: rec {
         patches = [
           ./builds/st/scrollback.patch
           ./builds/st/clipboard.patch
         ];
-        conf = ./builds/st/config.h;
+        conf = builtins.readFile ./builds/st/config.h;
-      })
+    }))
-    )
     dmenu
+    pinentry-qt
+
+    # tui/cli programs
+    # devel
+    gh
+    tea
+    neovim
+    git
+
+    # audio
     cmus
-    htop
-    rbw
-    pinentry-tty
     ncpamixer
     bluetuith
+
+    # pimtools
+    khard
+    khal
+    vdirsyncer
+    neomutt
+    isync
+    msmtp
+
+    # utilities
+    htop
+    tmux
+    rbw
+    usbutils # for lsusb
   ];
 
   services = {