Merge remote-tracking branch 'cd/master'

This commit is contained in:
makefu 2016-06-02 11:17:24 +02:00
commit 29cdc9994c
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
2 changed files with 115 additions and 120 deletions

View File

@ -1,37 +1,9 @@
{ config, lib, pkgs, ... }@args: { config, pkgs, ... }@args:
with config.krebs.lib; with config.krebs.lib;
let let
# TODO krebs.build.user # TODO krebs.build.user
user = config.users.users.tv; user = config.users.users.tv;
in {
out = {
services.xserver.display = 11;
services.xserver.tty = 11;
services.xserver.synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
};
fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
ExecReload = need-reload "urxvtd.service";
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
environment.systemPackages = [ environment.systemPackages = [
pkgs.ff pkgs.ff
@ -42,7 +14,11 @@ let
pkgs.zathura pkgs.zathura
]; ];
# TODO dedicated group, i.e. with a single user fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
# TODO dedicated group, i.e. with a single user [per-user-setuid]
# TODO krebs.setuid.slock.path vs /var/setuid-wrappers # TODO krebs.setuid.slock.path vs /var/setuid-wrappers
krebs.setuid.slock = { krebs.setuid.slock = {
filename = "${pkgs.slock}/bin/slock"; filename = "${pkgs.slock}/bin/slock";
@ -53,46 +29,24 @@ let
}; };
}; };
systemd.services.display-manager.enable = false; services.xserver = {
enable = true;
display = 11;
tty = 11;
services.xserver.enable = true; synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
};
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = { systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ]; requires = [ "xserver.service" ];
environment = xmonad-environment; environment = {
serviceConfig = {
ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-tv";
ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-tv --shutdown";
User = user.name;
WorkingDirectory = user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = xserver-environment;
serviceConfig = {
ExecReload = need-reload "xserver.service";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString config.services.xserver.display}"
"vt${toString config.services.xserver.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /var/log/X.${toString config.services.xserver.display}.log"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
];
};
};
};
xmonad-environment = {
DISPLAY = ":${toString config.services.xserver.display}"; DISPLAY = ":${toString config.services.xserver.display}";
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
@ -118,18 +72,55 @@ let
"za" "zh" "zj" "zs" "za" "zh" "zj" "zs"
]); ]);
}; };
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-tv";
ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-tv --shutdown";
User = user.name;
WorkingDirectory = user.home;
};
};
xserver-environment = { systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" ( LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); ++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
}; };
serviceConfig = {
need-reload = s: toString [ SyslogIdentifier = "xserver";
"${pkgs.writeDashBin "need-reload" ''echo "$*"''}/bin/need-reload" ExecReload = "${pkgs.coreutils}/bin/echo NOP";
(shell.escape s) ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString config.services.xserver.display}"
"vt${toString config.services.xserver.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
]; ];
};
};
in out systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
}

View File

@ -1,8 +1,12 @@
{ pkgs, ... }: { pkgs, ... }:
pkgs.writeScriptBin "ff" '' # TODO use krebs.setuid
#! ${pkgs.bash}/bin/bash # This requires that we can create setuid executables that can only be accessed
exec sudo -u ff -i <<EOF # by a single user. [per-user-setuid]
# using bash for %q
pkgs.writeBashBin "ff" ''
exec /var/setuid-wrappers/sudo -u ff -i <<EOF
exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@") exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
EOF EOF
'' ''