Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'cd/master'

Browse Source
This commit is contained in:
lassulus 2015-11-09 02:37:13 +01:00
commit 3d7790601e
44 changed files with 384 additions and 572 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
default.nix
View File

@ -32,7 +32,10 @@ let stockholm = {
upath = lib.nspath current-user-name;
base-module = { config, ... }: {
imports = map (f: f "3modules") [ kpath upath ];
imports = builtins.filter builtins.pathExists (lib.concatLists [
(map (f: f "2configs") [ upath ])
(map (f: f "3modules") [ kpath upath ])
]);
krebs.current.enable = true;
krebs.current.host = config.krebs.hosts.${current-host-name};

5
krebs/3modules/build.nix
View File

@ -29,10 +29,13 @@ let
};
options.krebs.build.source.dir = mkOption {
type = types.attrsOf (types.submodule ({ config, ... }: {
type = let
default-host = config.krebs.current.host;
in types.attrsOf (types.submodule ({ config, ... }: {
options = {
host = mkOption {
type = types.host;
default = default-host;
};
path = mkOption {
type = types.str;

1
krebs/3modules/default.nix
View File

@ -15,6 +15,7 @@ let
./git.nix
./iptables.nix
./nginx.nix
./per-user.nix
./Reaktor.nix
./retiolum-bootstrap.nix
./realwallpaper.nix

29
krebs/3modules/makefu/default.nix
View File

@ -164,6 +164,7 @@ with lib;
dc = "makefu"; #dc = "cac";
extraZones = {
"krebsco.de" = ''
euer IN A ${head nets.internet.addrs4}
wiki.euer IN A ${head nets.internet.addrs4}
wry IN A ${head nets.internet.addrs4}
io IN NS wry.krebsco.de.
@ -191,6 +192,9 @@ with lib;
"paste.retiolum"
"wry.retiolum"
"wiki.makefu.retiolum"
"wiki.wry.retiolum"
"blog.makefu.retiolum"
"blog.wry.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -210,13 +214,36 @@ with lib;
};
};
};
filepimp = rec {
cores = 1;
dc = "makefu"; #nas
nets = {
retiolum = {
addrs4 = ["10.243.153.102"];
addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"];
aliases = [
"filepimp.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
gum = rec {
cores = 1;
dc = "online.net"; #root-server
extraZones = {
"krebsco.de" = ''
euer IN A ${head nets.internet.addrs4}
share.euer IN A ${head nets.internet.addrs4}
gum IN A ${head nets.internet.addrs4}
'';

35
krebs/3modules/per-user.nix Normal file
View File

@ -0,0 +1,35 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.krebs.per-user;
out = {
options.krebs.per-user = api;
config = imp;
};
api = mkOption {
type = with types; attrsOf (submodule {
options = {
packages = mkOption {
type = listOf path;
default = [];
};
};
});
default = {};
};
imp = {
environment = {
etc = flip mapAttrs' cfg (name: { packages, ... }: {
name = "per-user/${name}";
value.source = pkgs.symlinkJoin "per-user.${name}" packages;
});
profiles = ["/etc/per-user/$LOGNAME"];
};
};
in out

20
krebs/3modules/tv/default.nix
View File

@ -158,7 +158,8 @@ with lib;
};
};
secure = true;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILn7C3LxAs9kUynENdRNgQs4qjrhNDfXzlHTpVJt6e09";
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
};
ok = {
nets = {
@ -276,17 +277,26 @@ with lib;
};
};
secure = true;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw";
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
};
};
users = addNames {
users = addNames rec {
mv = {
mail = "mv@cd.retiolum";
pubkey = readFile ../../Zpubkeys/mv_vod.ssh.pub;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
};
tv = {
mail = "tv@wu.retiolum";
pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
};
tv_nomic = {
inherit (tv) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2";
};
tv_xu = {
inherit (tv) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
};
};
}

22
krebs/5pkgs/bepasty-client-cli/default.nix Normal file
View File

@ -0,0 +1,22 @@
{ lib, pkgs, pythonPackages, fetchurl, ... }:
with pythonPackages; buildPythonPackage rec {
name = "bepasty-client-cli-${version}";
version = "0.3.0";
propagatedBuildInputs = [
python_magic
click
requests2
];
src = fetchurl {
url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz";
sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw";
};
meta = {
homepage = https://github.com/bepasty/bepasty-client-cli;
description = "CLI client for bepasty-server";
license = lib.licenses.bsd2;
};
}

7
krebs/5pkgs/krebspaste/default.nix Normal file
View File

@ -0,0 +1,7 @@
{ writeScriptBin, pkgs }:
# TODO: use `wrapProgram --add-flags` instead?
writeScriptBin "krebspaste" ''
#! /bin/sh
exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
''

7
krebs/5pkgs/push/default.nix
View File

@ -9,12 +9,12 @@
, ... }:
stdenv.mkDerivation {
name = "push-1.1.0";
name = "push-1.1.1";
src = fetchgit {
url = http://cgit.cd.retiolum/push;
rev = "c5f4bda5bd00bad7778bbd5a9af8d476de0de920";
sha256 = "d335b644b791214263cee5c6659538c8e45326531b0588e5e7eb3bd9ef969800";
rev = "ea8b76569c6b226fe148e559477669b095408472";
sha256 = "c305a1515d30603f6ed825d44487e863fdc7d90400620ceaf2c335a3b5d1e221";
};
phases = [
@ -45,4 +45,3 @@ stdenv.mkDerivation {
chmod +x $out/bin/push
'';
}

43
krebs/5pkgs/translate-shell/default.nix Normal file
View File

@ -0,0 +1,43 @@
{stdenv, fetchurl,pkgs,... }:
let
s =
rec {
baseName="translate-shell";
version="0.9.0.9";
name="${baseName}-${version}";
url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz;
sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34";
};
searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [
fribidi
gawk
bash
curl
less
];
buildInputs = [
pkgs.makeWrapper
];
in
stdenv.mkDerivation {
inherit (s) name version;
inherit buildInputs;
src = fetchurl {
inherit (s) url sha256;
};
# TODO: maybe mplayer
installPhase = ''
mkdir -p $out/bin
make PREFIX=$out install
wrapProgram $out/bin/trans --suffix PATH : "${searchpath}"
'';
meta = {
inherit (s) version;
description = ''translate using google api'';
license = stdenv.lib.licenses.free;
maintainers = [stdenv.lib.maintainers.makefu];
platforms = stdenv.lib.platforms.linux ;
};
}

1
krebs/Zhosts/gum
View File

@ -2,7 +2,6 @@ Address= 195.154.108.70
Address= 195.154.108.70 53
Subnet = 10.243.0.211
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
Aliases = paste
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY

1
krebs/Zpubkeys/tv_wu.ssh.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu

3
krebs/default.nix
View File

@ -84,6 +84,7 @@ let out = {
cat<<EOF
# put following into config.krebs.hosts.$system:
ssh.privkey.path = <secrets/ssh.$key_type>;
ssh.pubkey = $(echo $pubkey | jq -R .);
EOF
'';
@ -178,7 +179,7 @@ let out = {
nix-path =
lib.concatStringsSep ":"
(lib.mapAttrsToList (name: _: "${name}=/root/${name}")
(lib.mapAttrsToList (name: src: "${name}=${src.target-path}")
(config.krebs.build.source.dir //
config.krebs.build.source.git));
in ''

38
makefu/1systems/filepimp.nix Normal file
View File

@ -0,0 +1,38 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
../2configs/default.nix
../2configs/fs/vm-single-partition.nix
../2configs/fs/single-partition-ext4.nix
../2configs/tinc-basic-retiolum.nix
];
krebs.build.host = config.krebs.hosts.filepimp;
# AMD N54L
boot = {
loader.grub.device = "/dev/sda";
initrd.availableKernelModules = [
"usb_storage"
"ahci"
"xhci_hcd"
"ata_piix"
"uhci_hcd"
"ehci_pci"
];
kernelModules = [ ];
extraModulePackages = [ ];
};
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
networking.firewall.allowPing = true;
}

8
makefu/1systems/gum.nix
View File

@ -7,8 +7,6 @@ let
in {
imports = [
# TODO: copy this config or move to krebs
../2configs/base.nix
../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
# ../2configs/iodined.nix
@ -17,11 +15,7 @@ in {
../2configs/Reaktor/simpleExtend.nix
];
krebs.build = {
user = config.krebs.users.makefu;
target = "root@gum.krebsco.de";
host = config.krebs.hosts.gum;
};
krebs.build.host = config.krebs.hosts.gum;
krebs.Reaktor.enable = true;

6
makefu/1systems/pnp.nix
View File

@ -8,12 +8,12 @@
imports =
[ # Include the results of the hardware scan.
# Base
../2configs/base.nix
../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
# HW/FS
# enables virtio kernel modules in initrd
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/fs/vm-single-partition.nix
@ -43,8 +43,6 @@
};
krebs.build.host = config.krebs.hosts.pnp;
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@pnp";
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };

22
makefu/1systems/pornocauster.nix
View File

@ -6,12 +6,8 @@
{
imports =
[ # Include the results of the hardware scan.
../2configs/base.nix
../2configs/main-laptop.nix #< base-gui
# configures sources
../2configs/base-sources.nix
# Krebs
../2configs/tinc-basic-retiolum.nix
#../2configs/disable_v6.nix
@ -23,7 +19,8 @@
../2configs/exim-retiolum.nix
../2configs/mail-client.nix
#../2configs/virtualization.nix
../2configs/virtualization-virtualbox.nix
../2configs/virtualization.nix
#../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
# services
@ -34,16 +31,19 @@
../2configs/hw/tp-x220.nix
# mount points
../2configs/fs/sda-crypto-root-home.nix
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
];
krebs.Reaktor.enable = true;
krebs.Reaktor.debug = true;
krebs.Reaktor.nickname = "makefu|r";
#krebs.Reaktor.enable = true;
#krebs.Reaktor.nickname = "makefu|r";
krebs.build.host = config.krebs.hosts.pornocauster;
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@pornocauster";
environment.systemPackages = with pkgs;[ get ];
environment.systemPackages = with pkgs;[
get
virtmanager
gnome3.dconf
];
services.logind.extraConfig = "HandleLidSwitch=ignore";
# configure pulseAudio to provide a HDMI sink as well

17
makefu/1systems/repunit.nix
View File

@ -8,26 +8,9 @@
imports =
[ # Include the results of the hardware scan.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/base.nix
../2configs/cgit-retiolum.nix
];
krebs.build.host = config.krebs.hosts.repunit;
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@repunit";
krebs.build.deps = {
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
#url = https://github.com/makefu/nixpkgs;
rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
};
secrets = {
url = "/home/makefu/secrets/${config.krebs.build.host.name}";
};
stockholm = {
url = toString ../..;
};
};
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;

11
makefu/1systems/tsp.nix
View File

@ -6,7 +6,6 @@
{
imports =
[ # Include the results of the hardware scan.
../2configs/base.nix
../2configs/base-gui.nix
../2configs/tinc-basic-retiolum.nix
../2configs/fs/sda-crypto-root.nix
@ -21,19 +20,9 @@
];
# not working in vm
krebs.build.host = config.krebs.hosts.tsp;
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@tsp";
networking.firewall.allowedTCPPorts = [
25
];
krebs.build.deps = {
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
#url = https://github.com/makefu/nixpkgs;
rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
};
};
}

15
makefu/1systems/wry.nix
View File

@ -8,8 +8,8 @@ let
in {
imports = [
# TODO: copy this config or move to krebs
../../tv/2configs/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../../tv/2configs/hw/CAC.nix
../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/unstable-sources.nix
../2configs/headless.nix
../2configs/tinc-basic-retiolum.nix
@ -23,15 +23,13 @@ in {
# other nginx
../2configs/nginx/euer.wiki.nix
../2configs/nginx/euer.blog.nix
# collectd
../2configs/collectd/collectd-base.nix
];
krebs.build = {
user = config.krebs.users.makefu;
target = "root@wry";
host = config.krebs.hosts.wry;
};
krebs.build.host = config.krebs.hosts.wry;
krebs.Reaktor.enable = true;
@ -59,6 +57,7 @@ in {
};
};
};
networking = {
firewall.allowPing = true;
firewall.allowedTCPPorts = [ 53 80 443 ];
@ -71,5 +70,5 @@ in {
nameservers = [ "8.8.8.8" ];
};
environment.systemPackages = [ pkgs.translate-shell ];
}

21
makefu/2configs/base-sources.nix
View File

@ -1,21 +0,0 @@
{ config, lib, pkgs, ... }:
{
system.stateVersion = "15.09";
krebs.build.source = {
git.nixpkgs = {
#url = https://github.com/NixOS/nixpkgs;
url = https://github.com/makefu/nixpkgs;
rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine
};
dir.secrets = {
host = config.krebs.hosts.pornocauster;
path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
};
dir.stockholm = {
host = config.krebs.hosts.pornocauster;
path = toString ../.. ;
};
};
}

33
makefu/2configs/base.nix → makefu/2configs/default.nix
View File

@ -2,6 +2,8 @@
with lib;
{
system.stateVersion = "15.09";
imports = [
{
users.extraUsers =
@ -10,10 +12,36 @@ with lib;
}
./vim.nix
];
krebs.enable = true;
krebs.search-domain = "retiolum";
krebs = {
enable = true;
search-domain = "retiolum";
build = {
target = mkDefault "root@${config.krebs.build.host.name}";
user = config.krebs.users.makefu;
source = {
git.nixpkgs = {
#url = https://github.com/NixOS/nixpkgs;
url = mkDefault https://github.com/makefu/nixpkgs;
rev = mkDefault "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picking
target-path = "/var/src/nixpkgs";
};
dir.secrets = {
host = config.krebs.hosts.pornocauster;
path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
};
dir.stockholm = {
host = config.krebs.hosts.pornocauster;
path = "/home/makefu/stockholm" ;
target-path = "/var/src/stockholm";
};
};
};
};
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
@ -56,7 +84,6 @@ with lib;
environment.systemPackages = with pkgs; [
jq
git
vim
gnumake
rxvt_unicode.terminfo
htop

2
makefu/2configs/fs/cac-boot-partition.nix
View File

@ -18,6 +18,4 @@ with lib;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
hardware.cpu.amd.updateMicrocode = true;
}

4
makefu/2configs/fs/sda-crypto-root.nix
View File

@ -6,8 +6,8 @@
with lib;
{
boot = {
loader.grub.enable =true;
loader.grub.version =2;
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];

10
makefu/2configs/fs/single-partition-ext4.nix Normal file
View File

@ -0,0 +1,10 @@
{config, ...}:
{
boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true;
boot.loader.grub.version = 2;
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
}

15
makefu/2configs/fs/vm-single-partition.nix
View File

@ -3,18 +3,9 @@
# vda1 ext4 (label nixos) -> only root partition
with lib;
{
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
imports = [
./single-partition-ext4.nix
];
boot.loader.grub.device = "/dev/vda";
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
hardware.cpu.amd.updateMicrocode = true;
}

4
makefu/2configs/headless.nix
View File

@ -1,4 +1,4 @@
_:
{lib,... }:
{
sound.enable = false;
sound.enable = lib.mkForce false;
}

2
makefu/2configs/hw/tp-x2x0.nix
View File

@ -8,6 +8,8 @@ with lib;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
hardware.cpu.intel.updateMicrocode = true;
zramSwap.enable = true;
zramSwap.numDevices = 2;

34
makefu/2configs/nginx/euer.blog.nix
View File

@ -5,14 +5,40 @@ let
sec = toString <secrets>;
ssl_cert = "${sec}/wildcard.krebsco.de.crt";
ssl_key = "${sec}/wildcard.krebsco.de.key";
hostname = krebs.build.host.name;
hostname = config.krebs.build.host.name;
user = config.services.nginx.user;
group = config.services.nginx.group;
external-ip = head config.krebs.build.host.nets.internet.addrs4;
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
base-dir = "/var/www/blog.euer";
in {
# Prepare Blog directory
systemd.services.prepare-euer-blog = {
wantedBy = [ "local-fs.target" ];
before = [ "nginx.service" ];
serviceConfig = {
# do nothing if the base dir already exists
ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
#!/bin/sh
if ! test -d "${base-dir}" ;then
mkdir -p "${base-dir}"
chown ${user}:${group} "${base-dir}"
chmod 700 "${base-dir}"
fi
'';
Type = "oneshot";
RemainAfterExit = "yes";
TimeoutSec = "0";
};
};
krebs.nginx = {
enable = mkDefault true;
servers = {
euer-blog = {
listen = [ "80" "443 ssl" ];
server-names = [ "euer.krebsco.de" "euer.blog.krebsco.de" "blog.${hostname}" ];
listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
"${internal-ip}:80" "${internal-ip}:443 ssl" ];
server-names = [ "euer.krebsco.de" "blog.euer.krebsco.de" "blog.${hostname}" ];
extraConfig = ''
gzip on;
gzip_buffers 4 32k;
@ -22,7 +48,7 @@ in {
default_type text/plain;
'';
locations = singleton (nameValuePair "/" ''
root /var/www/euer.blog/;
root ${base-dir};
'');
};
};

3
makefu/2configs/nginx/euer.wiki.nix
View File

@ -51,6 +51,7 @@ in {
serviceConfig = {
ExecStart = pkgs.writeScript "prepare-tw-service" ''
#!/bin/sh
if ! test -d "${base-dir}" ;then
mkdir -p "${wiki-dir}" "${backup-dir}"
# write the base configuration
@ -61,8 +62,10 @@ in {
backupdir = ${backup-dir}
savedir = ${wiki-dir}
EOF
chown -R ${user}:${group} "${base-dir}"
chmod 700 -R "${base-dir}"
fi
'';
Type = "oneshot";
RemainAfterExit = "yes";

16
makefu/2configs/unstable-sources.nix
View File

@ -1,20 +1,8 @@
{ config, lib, pkgs, ... }:
_:
{
system.stateVersion = "15.09";
krebs.build.source = {
git.nixpkgs = {
krebs.build.source.git.nixpkgs = {
url = https://github.com/makefu/nixpkgs;
rev = "15b5bbfbd1c8a55e7d9e05dd9058dc102fac04fe"; # cherry-picked collectd
};
dir.secrets = {
host = config.krebs.hosts.pornocauster;
path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
};
dir.stockholm = {
host = config.krebs.hosts.pornocauster;
path = toString ../.. ;
};
};
}

1
null/default.nix Normal file
View File

@ -0,0 +1 @@
_:{}

2
shared/1systems/wolf.nix
View File

@ -27,7 +27,7 @@ with lib;
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "e916273209560b302ab231606babf5ce1c481f08";
rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
};
dir.secrets = {
host = config.krebs.current.host;

4
shared/2configs/collectd-base.nix
View File

@ -9,7 +9,7 @@ let
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
Import "collectd_connect_time"
<Module collectd_connect_time>
target "heidi.retiolum:8080" "localhost" "google.com" "google.de" "omo.retiolum" "gum.retiolum" "gum.krebsco.de"
target "localhost:22" "google.com" "google.de" "gum.retiolum:22" "gum.krebsco.de" "heidi.shack:22" "10.42.0.1:22" "heise.de" "t-online.de"
interval 10
</Module>
</Plugin>
@ -18,7 +18,7 @@ let
LoadPlugin write_graphite
<Plugin "write_graphite">
<Carbon>
Host "heidi.retiolum"
Host "heidi.shack"
Port "2003"
Prefix "retiolum."
EscapeCharacter "_"

17
tv/1systems/cd.nix
View File

@ -14,11 +14,9 @@ with lib;
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
};
dir.secrets = {
host = config.krebs.hosts.wu;
path = "/home/tv/secrets/cd";
};
dir.stockholm = {
host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
@ -26,7 +24,6 @@ with lib;
imports = [
../2configs/hw/CAC-Developer-2.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/base.nix
#../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix
@ -118,7 +115,6 @@ with lib;
iftop
iotop
iptables
mutt # for mv
nethogs
ntp # ntpate
rxvt_unicode.terminfo
@ -129,17 +125,4 @@ with lib;
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
users.extraUsers = {
mv = {
uid = 1338;
group = "users";
home = "/home/mv";
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.mv.pubkey
];
};
};
}

17
tv/1systems/mkdir.nix
View File

@ -17,29 +17,12 @@ in
{
krebs.build.host = config.krebs.hosts.mkdir;
krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@${primary-addr4}";
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
};
dir.secrets = {
host = config.krebs.hosts.wu;
path = "/home/tv/secrets/mkdir";
};
dir.stockholm = {
host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix

17
tv/1systems/nomic.nix
View File

@ -4,28 +4,11 @@ with lib;
{
krebs.build.host = config.krebs.hosts.nomic;
krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@nomic.gg23";
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
};
dir.secrets = {
host = config.krebs.hosts.wu;
path = "/home/tv/secrets/nomic";
};
dir.stockholm = {
host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
imports = [
../2configs/hw/AO753.nix
../2configs/base.nix
#../2configs/consul-server.nix
../2configs/git.nix
{

17
tv/1systems/rmdir.nix
View File

@ -17,29 +17,12 @@ in
{
krebs.build.host = config.krebs.hosts.rmdir;
krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@rmdir.internet";
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
};
dir.secrets = {
host = config.krebs.hosts.wu;
path = "/home/tv/secrets/rmdir";
};
dir.stockholm = {
host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix

154
tv/1systems/wu.nix
View File

@ -4,28 +4,9 @@ with lib;
{
krebs.build.host = config.krebs.hosts.wu;
krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@wu";
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
};
dir.secrets = {
host = config.krebs.hosts.wu;
path = "/home/tv/secrets/wu";
};
dir.stockholm = {
host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
imports = [
../2configs/hw/w110er.nix
../2configs/base.nix
#../2configs/consul-client.nix
../2configs/git.nix
../2configs/mail-client.nix
@ -62,31 +43,24 @@ with lib;
bind # dig
cac
dic
ff
file
get
gitAndTools.qgit
gnupg21
haskellPackages.hledger
htop
jq
manpages
mkpasswd
mpv
netcat
nix-repl
nmap
nq
p7zip
pavucontrol
posix_man_pages
pssh
push
qrencode
sxiv
texLive
tmux
zathura
#ack
#apache-httpd
@ -145,6 +119,8 @@ with lib;
#xkill
#xl2tpd
#xsel
unison
];
}
{
@ -180,132 +156,6 @@ with lib;
];
};
}
{
users.extraGroups = {
tv.gid = 1337;
slaves.gid = 3799582008; # genid slaves
};
users.extraUsers =
mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
inherit name;
home = "/home/${name}";
createHome = true;
useDefaultShell = true;
group = "tv";
extraGroups = ["slaves"] ++ extraGroups;
}) {
ff = {
uid = 13378001;
extraGroups = [
"audio"
"video"
];
};
cr = {
uid = 13378002;
extraGroups = [
"audio"
"video"
];
};
fa = {
uid = 2300001;
};
rl = {
uid = 2300002;
};
tief = {
uid = 2300702;
};
btc-bitcoind = {
uid = 2301001;
};
btc-electrum = {
uid = 2301002;
};
ltc-litecoind = {
uid = 2301101;
};
eth = {
uid = 2302001;
};
emse-hsdb = {
uid = 4200101;
};
wine = {
uid = 13370400;
extraGroups = [
"audio"
"video"
];
};
df = {
uid = 13370401;
extraGroups = [
"audio"
"video"
];
};
xr = {
uid = 13370061;
extraGroups = [
"audio"
"video"
];
};
"23" = {
uid = 13370023;
};
electrum = {
uid = 13370102;
};
skype = {
uid = 6660001;
extraGroups = [
"audio"
];
};
onion = {
uid = 6660010;
};
zalora = {
uid = 1000301;
extraGroups = [
"audio"
# TODO remove vboxusers when hardening is active
"vboxusers"
"video"
];
};
};
security.sudo.extraConfig =
let
isSlave = u: elem "slaves" u.extraGroups;
masterOf = u: u.group;
slaves = filterAttrs (_: isSlave) config.users.extraUsers;
toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
in
concatMapStringsSep "\n" toSudoers (attrValues slaves);
}
];
boot.initrd.luks = {

159
tv/1systems/xu.nix
View File

@ -4,28 +4,12 @@ with lib;
{
krebs.build.host = config.krebs.hosts.xu;
krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@xu";
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
};
dir.secrets = {
host = config.krebs.hosts.wu;
path = "/home/tv/secrets/xu";
};
dir.stockholm = {
host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
krebs.build.source.git.nixpkgs.rev =
"7ae05edcdd14f6ace83ead9bf0d114e97c89a83a";
imports = [
../2configs/hw/x220.nix
../2configs/base.nix
#../2configs/consul-client.nix
../2configs/git.nix
../2configs/mail-client.nix
@ -62,29 +46,23 @@ with lib;
bind # dig
#cac
dic
ff
file
gitAndTools.qgit #xserver
gnupg21
haskellPackages.hledger
htop
jq
manpages
mkpasswd
mpv #xserver
netcat
nix-repl
nmap
nq
p7zip
pavucontrol #xserver
pass
posix_man_pages
#pssh
qrencode
sxiv #xserver
texLive
tmux
zathura #xserver
#ack
#apache-httpd
@ -142,6 +120,8 @@ with lib;
#xkill
#xl2tpd
#xsel
unison
];
}
{
@ -178,135 +158,6 @@ with lib;
];
};
}
{
users.extraGroups = {
tv.gid = 1337;
slaves.gid = 3799582008; # genid slaves
};
users.extraUsers =
mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
inherit name;
home = "/home/${name}";
createHome = true;
useDefaultShell = true;
group = "tv";
extraGroups = ["slaves"] ++ extraGroups;
}) {
ff = {
uid = 13378001;
extraGroups = [
"audio"
"video"
];
};
cr = {
uid = 13378002;
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
fa = {
uid = 2300001;
};
rl = {
uid = 2300002;
};
tief = {
uid = 2300702;
};
btc-bitcoind = {
uid = 2301001;
};
btc-electrum = {
uid = 2301002;
};
ltc-litecoind = {
uid = 2301101;
};
eth = {
uid = 2302001;
};
emse-hsdb = {
uid = 4200101;
};
wine = {
uid = 13370400;
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
df = {
uid = 13370401;
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
xr = {
uid = 13370061;
extraGroups = [
"audio"
"video"
];
};
"23" = {
uid = 13370023;
};
electrum = {
uid = 13370102;
};
skype = {
uid = 6660001;
extraGroups = [
"audio"
];
};
onion = {
uid = 6660010;
};
zalora = {
uid = 1000301;
extraGroups = [
"audio"
# TODO remove vboxusers when hardening is active
"vboxusers"
"video"
];
};
};
security.sudo.extraConfig =
let
isSlave = u: elem "slaves" u.extraGroups;
masterOf = u: u.group;
slaves = filterAttrs (_: isSlave) config.users.extraUsers;
toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
in
concatMapStringsSep "\n" toSudoers (attrValues slaves);
}
];
boot.initrd.luks = {

80
tv/2configs/base.nix → tv/2configs/default.nix
View File

@ -1,14 +1,33 @@
{ config, lib, pkgs, ... }:
with builtins;
with lib;
{
krebs.enable = true;
krebs.build = {
user = config.krebs.users.tv;
target = mkDefault "root@${config.krebs.build.host.name}";
source = {
git.nixpkgs = {
url = mkDefault https://github.com/NixOS/nixpkgs;
rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613";
target-path = mkDefault "/var/src/nixpkgs";
};
dir.secrets = {
path = mkDefault "/home/tv/secrets/${config.krebs.build.host.name}";
};
dir.stockholm = {
path = mkDefault "/home/tv/stockholm";
target-path = mkDefault "/var/src/stockholm";
};
};
};
networking.hostName = config.krebs.build.host.name;
imports = [
<secrets>
./vim.nix
{
# stockholm dependencies
@ -17,36 +36,14 @@ with lib;
];
}
{
# TODO never put hashedPassword into the store
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
(import <secrets/hashedPasswords.nix>);
}
{
users.defaultUserShell = "/run/current-system/sw/bin/bash";
users.mutableUsers = false;
}
{
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
};
users = {
defaultUserShell = "/run/current-system/sw/bin/bash";
mutableUsers = false;
users = {
tv = {
isNormalUser = true;
uid = 1337;
group = "users";
home = "/home/tv";
createHome = true;
useDefaultShell = true;
extraGroups = [
"audio"
"video"
"wheel"
];
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
};
};
};
}
@ -69,22 +66,8 @@ with lib;
nix.useChroot = true;
}
{
# oldvim
environment.systemPackages = with pkgs; [
vim
];
environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
environment.etc."vim/vimrc".text = ''
set nocp
'';
environment.etc."vim/vim${majmin pkgs.vim.version}".source =
"${pkgs.vim}/share/vim/vim${majmin pkgs.vim.version}";
environment.variables.EDITOR = mkForce "vim";
environment.variables.VIM = "/etc/vim";
}
{
environment.systemPackages = with pkgs; [
rxvt_unicode.terminfo
];
@ -107,6 +90,15 @@ with lib;
view = "vim -R";
};
environment.variables = {
NIX_PATH =
with config.krebs.build.source; with dir; with git;
mkForce (concatStringsSep ":" [
"nixpkgs=${nixpkgs.target-path}"
"secrets=${stockholm.target-path}/null"
]);
};
programs.bash = {
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'

9
tv/2configs/vim.nix
View File

@ -50,6 +50,8 @@ let
set wildmenu
set wildmode=longest,full
set et ts=2 sts=2 sw=2
filetype plugin indent on
set t_Co=256
@ -64,9 +66,10 @@ let
au BufRead,BufNewFile *.nix so ${pkgs.writeText "nix.vim" ''
setf nix
set isk=@,48-57,_,192-255,-,'
" Ref <nix/src/libexpr/lexer.l>
syn match INT /[0-9]\+/
syn match INT /\<[0-9]\+\>/
syn match PATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match HPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match SPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
@ -77,8 +80,8 @@ let
hi link SPATH Constant
hi link URI Constant
syn match String /"\([^"]\|\\\"\)*"/
syn match Comment /\s#.*/
syn match String /"\([^\\"]\|\\.\)*"/
syn match Comment /\(^\|\s\)#.*/
''}
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile

15
tv/2configs/xserver/default.nix
View File

@ -34,7 +34,14 @@ let
};
environment.systemPackages = [
pkgs.ff
pkgs.gitAndTools.qgit
pkgs.mpv
pkgs.pavucontrol
pkgs.slock
pkgs.sxiv
pkgs.xsel
pkgs.zathura
];
security.setuidPrograms = [
@ -70,14 +77,6 @@ let
ExecStart = "${xserver}/bin/xserver";
};
};
programs.bash.interactiveShellInit = ''
case ''${XMONAD_SPAWN_WORKSPACE-} in
za|zh|zj|zs)
exec sudo -u zalora -i
;;
esac
'';
};
xmonad-environment = {

10
tv/5pkgs/default.nix
View File

@ -1,6 +1,16 @@
{ pkgs, ... }:
{
cr = pkgs.writeScriptBin "cr" ''
#! /bin/sh
set -efu
export LC_TIME=de_DE.utf8
exec ${pkgs.chromium}/bin/chromium \
--ssl-version-min=tls1 \
--disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
--disk-cache-size=50000000 \
"%@"
'';
ff = pkgs.callPackage ./ff {};
viljetic-pages = pkgs.callPackage ./viljetic-pages {};
xmonad-tv =