From 4a2af184e6846f80b139357c6230558cd8785b10 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 28 Feb 2018 19:54:11 +0000 Subject: [PATCH 01/55] j vim: unsure changes --- jeschli/2configs/vim.nix | 118 ++++++++++++++++++++------------------- 1 file changed, 62 insertions(+), 56 deletions(-) diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index 1a2231a86..ddf0f9195 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -16,72 +16,78 @@ let owner = "mxw"; repo = "vim-jsx"; rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; - sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; }; }; in { -# { environment.systemPackages = [ (pkgs.vim_configurable.customize { name = "vim"; - - vimrcConfig.customRC = '' - set nocompatible - - :imap jk - :vmap v v - :map gr :GoRun - :nnoremap :bnext - :nnoremap - :map nf :NERDTreeToggle - set autowrite - set number - set ruler - set path+=** - set wildmenu - - noremap x "_x - set clipboard=unnamedplus - - let g:jsx_ext_required = 0 - - let g:go_list_type = "quickfix" - let g:go_test_timeout = '10s' - let g:go_fmt_command = "goimports" - let g:go_snippet_case_type = "camelcase" - let g:go_highlight_types = 1 - let g:go_highlight_fields = 1 - let g:go_highlight_functions = 1 - let g:go_highlight_methods = 1 - let g:go_highlight_extra_types = 1 - autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 - let g:rehash256 = 1 - let g:molokai_original = 1 - colorscheme molokai - let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] - let g:go_metalinter_autosave = 1 - " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] - " let g:go_def_mode = 'godef' - " let g:go_decls_includes = "func,type" - - - " Trigger configuration. Do not use if you use https://github.com/Valloric/YouCompleteMe. - let g:UltiSnipsExpandTrigger="" - let g:UltiSnipsJumpForwardTrigger="" - let g:UltiSnipsJumpBackwardTrigger="" - - " If you want :UltiSnipsEdit to split your window. - let g:UltiSnipsEditSplit="vertical" - - if has('persistent_undo') "check if your vim version supports it - set undofile "turn on the feature - set undodir=$HOME/.vim/undo "directory where the undo files will be stored - endif + vimrcConfig.customRC = let + colorscheme = ''colorscheme molokai''; + setStatements = '' + set autowrite + set clipboard=unnamedplus + set nocompatible + set path+=** + set ruler + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + set undofile "turn on the feature + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set listchars=trail:¶ + ''; + remapStatements = '' + imap jk + map gr :GoRun " Map gr to execute go run + map nf :NERDTreeToggle + nnoremap + nnoremap :bnext + noremap x "_x + vmap v v + ''; + settingsForGo = '' + let g:go_decls_includes = "func,type" + let g:go_def_mode = 'godef' + let g:go_fmt_command = "goimports" + let g:go_highlight_extra_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_types = 1 + let g:go_list_type = "quickfix" + let g:go_metalinter_autosave = 1 + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:syntastic_go_checkers = ['go', 'golint', 'errcheck'] + let g:go_snippet_case_type = "camelcase" + let g:go_test_timeout = '10s' + let g:jsx_ext_required = 0 + let g:molokai_original = 1 + let g:rehash256 = 1 + ''; + settingsForElm = '' + let g:polyglot_disabled = ['elm'] + let g:elm_detailed_complete = 1 + let g:elm_format_autosave = 1 + let g:elm_syntastic_show_warnings = 1 ''; vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; vimrcConfig.vam.pluginDictionaries = [ - { names = [ "undotree" "molokai" "Syntastic" "ctrlp" "surround" "snipmate" "nerdtree" "easymotion"]; } + { + names = [ + "ctrlp" + "easymotion" + "molokai" + "nerdtree" + "snipmate" + "surround" + "Syntastic" + "undotree" + "elm-vim" + "youcompleteme" + ]; + } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } From 7a53169d3ab17125c9966eea54482aeb89b0433a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 6 Mar 2018 21:12:30 +0100 Subject: [PATCH 02/55] kops: init at 1.0.0 --- krebs/5pkgs/simple/kops.nix | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 krebs/5pkgs/simple/kops.nix diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix new file mode 100644 index 000000000..a6c82f3ca --- /dev/null +++ b/krebs/5pkgs/simple/kops.nix @@ -0,0 +1,7 @@ +{ fetchgit, ... }: + +fetchgit { + url = https://cgit.krebsco.de/kops; + rev = "refs/tags/v1.0.0"; + sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb"; +} From 5fdbd513406ce6a4caef35f60a446cc15104d9ee Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:30:04 +0100 Subject: [PATCH 03/55] buildbot-all: remove deploy test (currently broken) --- krebs/2configs/buildbot-all.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index 5ea78f227..d85cde175 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -5,6 +5,5 @@ with import ; krebs.ci.enable = true; krebs.ci.treeStableTimer = 1; krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts); - krebs.ci.tests = [ "deploy" ]; } From 53c3b2b80593569d736bcced56f97b995f246997 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:30:36 +0100 Subject: [PATCH 04/55] l: make spf header more restrictive --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index e269d1fa1..dbdf70008 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -89,7 +89,7 @@ with import ; 60 IN NS ns16.ovh.net. 60 IN NS dns16.ovh.net. 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - 60 IN TXT v=spf1 mx -all + 60 IN TXT v=spf1 mx a:lassul.us -all cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} From 666f030b10d8c8ad3ea92fce5c20e013df598cb8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:31:02 +0100 Subject: [PATCH 05/55] l helios.r: fix displayManager setup --- lass/1systems/helios/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index c4d99cb2c..c4a171d86 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -131,7 +131,7 @@ with import ; ]; services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal ''; networking.hostName = lib.mkForce "BLN02NB0162"; From d5a7a288ba51b6cc21529f610fcfecd90d2664ea Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:31:30 +0100 Subject: [PATCH 06/55] l mors.r: minimize deploy script --- lass/1systems/mors/config.nix | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cbb71ab24..f77bc64c2 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -170,31 +170,11 @@ with import ; export PATH=${makeBinPath [ pkgs.bash pkgs.coreutils - pkgs.nix - (pkgs.writeDashBin "is-git-crypt-locked" '' - magic=$(dd status=none if="$1" skip=1 bs=1 count=8) - test "$magic" = GITCRYPT - '') + pkgs.nixUnstable ]} cd ~/stockholm export SYSTEM="$1" - if is-git-crypt-locked ~/secrets/ready; then - echo 'secrets are crypted' >&2 - exit 23 - else - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' - fi - ''; - predeploy = pkgs.writeDash "predeploy" '' - set -eu - export PATH=${makeBinPath [ - pkgs.bash - pkgs.coreutils - pkgs.nix - ]} - cd ~/stockholm - export SYSTEM="$1" - exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate' + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' ''; }; From fbf87b0f7eedc029c111a98662b2e639888d45db Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:39:24 +0100 Subject: [PATCH 07/55] l: add allygator@lassul.us mail --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index ae652722a..4455d2761 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -78,6 +78,7 @@ with import ; { from = "github@lassul.us"; to = lass.mail; } { from = "ovh@lassul.us"; to = lass.mail; } { from = "hetzner@lassul.us"; to = lass.mail; } + { from = "allygator@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 099bf40e49688ab8946a5b88ac974458eee69469 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 22:39:38 +0100 Subject: [PATCH 08/55] l: add c-base to msmtprc --- lass/2configs/mail.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 03d39ef75..ebe873cf9 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -8,6 +8,16 @@ let logfile ~/.msmtp.log account prism host prism.r + account c-base + from lassulus@c-base.org + host c-mail.c-base.org + port 465 + tls on + tls_starttls off + tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4 + auth on + user lassulus + passwordeval pass show c-base/pass account default: prism ''; From 7bc8fc7a44969387621425b1c10c8391e56ba087 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 22:40:46 +0100 Subject: [PATCH 09/55] l mail: add more mailboxes --- lass/2configs/mail.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index ebe873cf9..278ec0ff3 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -46,9 +46,11 @@ let ]; dezentrale = [ "to:dezentrale.space" ]; dhl = [ "to:dhl@lassul.us" ]; + eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; + lugs = [ "to:lugs@lug-s.org" ]; nix-devel = [ "to:nix-devel@googlegroups.com" ]; patreon = [ "to:patreon@lassul.us" ]; paypal = [ "to:paypal@lassul.us" ]; From 92f8c5f94b88cd837bc77200e70e7fd9f2af88d2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 15 Mar 2018 19:33:43 +0100 Subject: [PATCH 10/55] l mail: update pubkey --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 278ec0ff3..b9682c5ee 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -77,7 +77,7 @@ let # gpg source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc set pgp_use_gpg_agent = yes - set pgp_sign_as = 0x976A7E4D + set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D set crypt_autosign = yes set crypt_replyencrypt = yes set crypt_verify_sig = yes From 8766727e01f8892b5adab38096264028878d2803 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:31:03 +0100 Subject: [PATCH 11/55] electron-cash: RIP --- krebs/5pkgs/simple/electron-cash/default.nix | 64 -------------------- 1 file changed, 64 deletions(-) delete mode 100644 krebs/5pkgs/simple/electron-cash/default.nix diff --git a/krebs/5pkgs/simple/electron-cash/default.nix b/krebs/5pkgs/simple/electron-cash/default.nix deleted file mode 100644 index e51136c60..000000000 --- a/krebs/5pkgs/simple/electron-cash/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ stdenv, fetchFromGitHub, python2Packages }: - -python2Packages.buildPythonApplication rec { - name = "electron-cash-${src.rev}"; - - src = fetchFromGitHub { - owner = "fyookball"; - repo = "electrum"; - rev = "a2245ea"; - sha256 = "1a0ym94azfd1yn97n2jcky344ajbj2amr9l6jpx30pqxndffpbgv"; - }; - - propagatedBuildInputs = with python2Packages; [ - dns - ecdsa - jsonrpclib - pbkdf2 - pyaes - pycrypto - pyqt4 - pysocks - qrcode - requests - tlslite - - # plugins - keepkey - trezor - ]; - - preBuild = '' - sed -i 's,usr_share = .*,usr_share = "'$out'/share",g' setup.py - pyrcc4 icons.qrc -o gui/qt/icons_rc.py - # Recording the creation timestamps introduces indeterminism to the build - sed -i '/Created: .*/d' gui/qt/icons_rc.py - ''; - - postInstall = '' - # Despite setting usr_share above, these files are installed under - # $out/nix ... - mv $out/lib/python2.7/site-packages/nix/store"/"*/share $out - rm -rf $out/lib/python2.7/site-packages/nix - - substituteInPlace $out/share/applications/electron.desktop \ - --replace "Exec=electrum %u" "Exec=$out/bin/electrum %u" - ''; - - doInstallCheck = true; - installCheckPhase = '' - $out/bin/electrum help >/dev/null - ''; - - meta = with stdenv.lib; { - description = "A lightweight Bitcoin wallet"; - longDescription = '' - An easy-to-use Bitcoin client featuring wallets generated from - mnemonic seeds (in addition to other, more advanced, wallet options) - and the ability to perform transactions without downloading a copy - of the blockchain. - ''; - homepage = https://electrum.org/; - license = licenses.mit; - }; -} From f4562cf068ee880cfd7a06c7efc6cc19ab8ae729 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:34:11 +0100 Subject: [PATCH 12/55] l security: use default kernel --- lass/2configs/security-workarounds.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix index c3d07d5fe..537c8a59b 100644 --- a/lass/2configs/security-workarounds.nix +++ b/lass/2configs/security-workarounds.nix @@ -5,6 +5,4 @@ with import ; boot.extraModprobeConfig = '' install dccp /run/current-system/sw/bin/false ''; - - boot.kernelPackages = pkgs.linuxPackages_latest; } From 768d9a94967a502e497aada07cafd9521bd08d8e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:35:27 +0100 Subject: [PATCH 13/55] l websites domsen: more domains --- lass/2configs/websites/domsen.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 9ece2af77..7a72499c9 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -49,6 +49,7 @@ in { "www.ubikmedia.eu" "www.youthtube.xyz" "www.ubikmedia.de" + "www.joemisch.com" "www.weirdwednesday.de" "aldona2.ubikmedia.de" @@ -63,6 +64,7 @@ in { "weirdwednesday.ubikmedia.de" "freemonkey.ubikmedia.de" "jarugadesign.ubikmedia.de" + "crypto4art.ubikmedia.de" ]) ]; From 8a0e77e2bbe8147e81ccbf1039a6590369b6100d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:57:45 +0100 Subject: [PATCH 14/55] l: add cabal --- krebs/3modules/lass/default.nix | 41 +++++++++++++++++++++++++++++++++ lass/1systems/cabal/config.nix | 35 ++++++++++++++++++++++++++++ lass/1systems/cabal/source.nix | 4 ++++ 3 files changed, 80 insertions(+) create mode 100644 lass/1systems/cabal/config.nix create mode 100644 lass/1systems/cabal/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index dbdf70008..0c3e68c39 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -618,6 +618,47 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; }; + cabal = { + cores = 2; + nets = rec { + retiolum = { + ip4.addr = "10.243.1.4"; + ip6.addr = "42::1:4"; + aliases = [ + "cabal.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A + SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj + rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK + qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e + LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq + rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3 + 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE + fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v + yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A + kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR + KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi + TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U + oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs + TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw + 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD + rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ + 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf + luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py + w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG + 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1 + K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g + ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; + }; }; users = { lass = { diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix new file mode 100644 index 000000000..7eba86c52 --- /dev/null +++ b/lass/1systems/cabal/config.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: + +{ + imports = [ + + + + + + + + + + + + + + + ]; + + krebs.build.host = config.krebs.hosts.cabal; + + #fileSystems = { + # "/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + # }; + #}; + + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + #''; +} diff --git a/lass/1systems/cabal/source.nix b/lass/1systems/cabal/source.nix new file mode 100644 index 000000000..5d9507f3d --- /dev/null +++ b/lass/1systems/cabal/source.nix @@ -0,0 +1,4 @@ +import { + name = "cabal"; + secure = true; +} From fa724ceab0f5f10b253d806326b7c917814412eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 22:03:25 +0100 Subject: [PATCH 15/55] l: use xlockmore as lockscreen --- lass/1systems/helios/config.nix | 2 -- lass/3modules/screenlock.nix | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index c4a171d86..e64cfbe79 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -168,8 +168,6 @@ with import ; '') ]; - lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; - programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix index e16ce9868..29c3861f2 100644 --- a/lass/3modules/screenlock.nix +++ b/lass/3modules/screenlock.nix @@ -14,7 +14,7 @@ let enable = mkEnableOption "screenlock"; command = mkOption { type = types.str; - default = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f"; + default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1"; }; }; @@ -28,7 +28,7 @@ let serviceConfig = { SyslogIdentifier = "screenlock"; ExecStart = cfg.command; - Type = "forking"; + Type = "simple"; User = "lass"; }; }; From 1334ab82d0f987c3551ed49d67869bc528f5bd07 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 22:12:55 +0100 Subject: [PATCH 16/55] l websites fritz: simplify msmtprc --- lass/2configs/websites/fritz.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index aa57a9857..14d6ce9ec 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -12,9 +12,8 @@ let ; msmtprc = pkgs.writeText "msmtprc" '' - account localhost + account default host localhost - account default: localhost ''; sendmail = pkgs.writeDash "msmtp" '' From bd4def24bfbd8f034032e3a6e89ce4dd88d6930e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 22:36:44 +0100 Subject: [PATCH 17/55] nixpkgs: c5bc83b -> c665fcc --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 7e0ea7e47..733601a21 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27 + ref = "c665fcca9e7be8cd06c1f3c5bbe2b00d4c8f2a92"; # nixos-17.09 @ 2018-03-18 }; } override From 390375cd8a0c745eb6b4df93f3f6f3e5f2985c90 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 15:17:36 +0100 Subject: [PATCH 18/55] j: dirty merge again --- jeschli/1systems/bln/config.nix | 85 ++++++------------- .../1systems/bln/hardware-configuration.nix | 22 ++--- jeschli/2configs/virtualbox.nix | 2 +- jeschli/source.nix | 2 +- 4 files changed, 38 insertions(+), 73 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 9c491c8a1..885307b7a 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -12,54 +12,25 @@ ./hardware-configuration.nix # ./dcso-vpn.nix ]; + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - boot.loader.grub.extraEntries = '' - menuentry "Debian GNU/Linux, kernel 4.9.0-4-amd64" { - search --set=drive1 --fs-uuid f169fd32-bf96-4da0-bc34-294249ffa606 - linux ($drive1)/vmlinuz-4.9.0-4-amd64 root=/dev/mapper/pool-debian ro - initrd ($drive1)/initrd.img-4.9.0-4-amd64 - } - ''; - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/cba5d550-c3c8-423e-a913-14b5210bdd32"; - preLVM = true; - allowDiscards = true; - } - ]; - - networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname. + environment.shellAliases = { + n = "nix-shell"; + gd = "cd /home/jeschli/go/src/gitlab.dcso.lolcat"; + gh = "cd /home/jeschli/go/src/github.com"; + stocki = pkgs.writeDash "deploy" '' + cd ~/stockholm + LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"' + ''; + }; + networking.hostName = lib.mkForce "BLN02NB0232"; # Define your hostname. networking.networkmanager.enable = true; - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Select internationalisation properties. - # i18n = { - # consoleFont = "Lat2-Terminus16"; - # consoleKeyMap = "us"; - # defaultLocale = "en_US.UTF-8"; - # }; - # Set your time zone. time.timeZone = "Europe/Berlin"; - - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget + # Setup Packages nixpkgs.config.allowUnfree = true; - environment.shellAliases = { - n = "nix-shell"; - gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; - gh = "cd /home/markus/go/src/github.com"; - }; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; environment.systemPackages = with pkgs; [ # system helper @@ -108,9 +79,6 @@ ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. programs.bash.enableCompletion = true; programs.vim.defaultEditor = true; # programs.mtr.enable = true; @@ -132,33 +100,26 @@ services.printing.drivers = [ pkgs.postscript-lexmark ]; # Enable the X11 windowing system. services.xserver.enable = true; + services.xserver.videoDrivers = [ "nvidia" ]; # services.xserver.xrandrHeads = [ # { output = "eDP1"; } # { output = "DP-2-2-8"; primary = true; } # { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; } # ]; - # services.xserver.layout = "us"; - # services.xserver.xkbOptions = "eurosign:e"; - - # Enable touchpad support. - # services.xserver.libinput.enable = true; - - # Enable the KDE Desktop Environment. -# services.xserver.displayManager.lightdm.enable = true; services.xserver.windowManager.xmonad.enable = true; services.xserver.windowManager.xmonad.enableContribAndExtras = true; -# services.xserver.desktopManager.gnome3.enable = true; - # services.xserver.displayManager.gdm.enable = true; services.xserver.displayManager.sddm.enable = true; - #services.xserver.desktopManager.plasma5.enable = true; +# services.xserver.desktopManager.gnome3.enable = true; + services.xserver.dpi = 100; + fonts.fontconfig.dpi = 100; + # services.xserver.displayManager.sessionCommands = '' # (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off #''; - # Define a user account. Don't forget to set a password with ‘passwd’. - users.extraUsers.markus = { + users.extraUsers.jeschli = { isNormalUser = true; - extraGroups = ["docker"]; + extraGroups = ["docker" "vboxusers"]; uid = 1000; }; @@ -179,7 +140,7 @@ # }); # }; -# virtualisation.docker.enable = true; + virtualisation.docker.enable = true; # DCSO Certificates @@ -191,6 +152,8 @@ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + # VBOX certs + ./services.bundled.crt ]; hardware.bluetooth.enable = true; diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix index 714162271..2b354190c 100644 --- a/jeschli/1systems/bln/hardware-configuration.nix +++ b/jeschli/1systems/bln/hardware-configuration.nix @@ -8,27 +8,29 @@ [ ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sr_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; + boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/25534522-5748-4dcc-a5ca-80a3ac70f59d"; + fileSystems."/" = - { device = "/dev/disk/by-uuid/02144ea4-947d-440e-bbf9-99cab0dccf05"; + { device = "/dev/disk/by-uuid/496c8889-96db-446d-9bac-60d4347faeac"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/2785adf5-a99e-49d7-86d6-99f393f457ea"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/f169fd32-bf96-4da0-bc34-294249ffa606"; - fsType = "ext2"; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/68ef2163-7b3d-4dbb-add9-d3543ad7c738"; - fsType = "ext4"; + { device = "/dev/disk/by-uuid/927E-01A0"; + fsType = "vfat"; }; swapDevices = [ ]; - nix.maxJobs = lib.mkDefault 4; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = "powersave"; } diff --git a/jeschli/2configs/virtualbox.nix b/jeschli/2configs/virtualbox.nix index b2cb851a1..c9bb8c41f 100644 --- a/jeschli/2configs/virtualbox.nix +++ b/jeschli/2configs/virtualbox.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: let - mainUser = config.users.extraUsers.markus; + mainUser = config.users.extraUsers.jeschli; in { #services.virtualboxHost.enable = true; diff --git a/jeschli/source.nix b/jeschli/source.nix index 382dd61bc..d5cc32a9f 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0653b73"; + ref = "395fe7f"; }; secrets.file = getAttr builder { buildbot = toString ; From 36aaeb793bd19fdc0662d29f242c07abf54a849c Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 16:06:34 +0100 Subject: [PATCH 19/55] bln: fix config again --- jeschli/1systems/bln/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 6142933f5..407e913c0 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -19,8 +19,8 @@ jeschliFontSize = 20; # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; +# boot.loader.grub.enable = true; +# boot.loader.grub.version = 2; # boot.loader.grub.efiSupport = true; # boot.loader.grub.efiInstallAsRemovable = true; # boot.loader.efi.efiSysMountPoint = "/boot/efi"; From 0c04595ddfdd25b7d5cbb508609d731736a2f00e Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 16:37:12 +0100 Subject: [PATCH 20/55] jeschli bln: config cosmetics --- jeschli/1systems/bln/config.nix | 75 +++++++++------------------------ 1 file changed, 20 insertions(+), 55 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 407e913c0..6098f8cfe 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -1,30 +1,18 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - { config, lib, pkgs, ... }: # bln config file { imports = - [ # Include the results of the hardware scan. - + [ ./hardware-configuration.nix - # ./dcso-vpn.nix ]; - # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; jeschliFontSize = 20; - # Use the GRUB 2 boot loader. -# boot.loader.grub.enable = true; -# boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. + environment.shellAliases = { n = "nix-shell"; gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; @@ -34,10 +22,12 @@ LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"' ''; }; - networking.hostName = lib.mkForce "BLN02NB0232"; # Define your hostname. + networking.hostName = lib.mkForce "BLN02NB0232"; networking.networkmanager.enable = true; + # Set your time zone. time.timeZone = "Europe/Berlin"; + # Setup Packages nixpkgs.config.allowUnfree = true; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; @@ -61,7 +51,7 @@ emacs # databases sqlite - # internet + # internet thunderbird hipchat chromium @@ -92,67 +82,42 @@ programs.bash.enableCompletion = true; programs.vim.defaultEditor = true; - # programs.mtr.enable = true; - # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - # List services that you want to enable: - - # Enable the OpenSSH daemon. services.openssh.enable = true; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - # Enable CUPS to print documents. services.printing.enable = true; services.printing.drivers = [ pkgs.postscript-lexmark ]; + # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; - # services.xserver.xrandrHeads = [ - # { output = "eDP1"; } - # { output = "DP-2-2-8"; primary = true; } - # { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; } - # ]; + services.xserver.windowManager.xmonad.enable = true; services.xserver.windowManager.xmonad.enableContribAndExtras = true; services.xserver.displayManager.sddm.enable = true; -# services.xserver.desktopManager.gnome3.enable = true; services.xserver.dpi = 100; fonts.fontconfig.dpi = 100; -# services.xserver.displayManager.sessionCommands = '' -# (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off -#''; - users.extraUsers.jeschli = { isNormalUser = true; extraGroups = ["docker" "vboxusers"]; uid = 1000; }; - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "17.09"; # Did you read the comment? - + system.stateVersion = "17.09"; # Gogland Debugger workaround -# nixpkgs.config.packageOverrides = super: { -# idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { -# postFixup = '' -# interp="$(cat $NIX_CC/nix-support/dynamic-linker)" -# patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv -# chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv -# ''; -# }); -# }; + # nixpkgs.config.packageOverrides = super: { + # idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { + # postFixup = '' + # interp="$(cat $NIX_CC/nix-support/dynamic-linker)" + # patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv + # chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv + # ''; + # }); + # }; virtualisation.docker.enable = true; - # DCSO Certificates security.pki.certificateFiles = [ @@ -165,7 +130,7 @@ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) # VBOX certs ./services.bundled.crt - ]; + ]; hardware.bluetooth.enable = true; krebs.build.host = config.krebs.hosts.bln; From 44843b90627eb95ab98955e6ea51171706b30aca Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 16:42:35 +0100 Subject: [PATCH 21/55] j bln: -VBOX certs --- jeschli/1systems/bln/config.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 6098f8cfe..75f083a05 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -128,8 +128,6 @@ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) - # VBOX certs - ./services.bundled.crt ]; hardware.bluetooth.enable = true; From 86cb23a682b6453544942646080c6c62d488e617 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 17:38:26 +0100 Subject: [PATCH 22/55] j: add my-emacs --- jeschli/1systems/bln/config.nix | 1 + jeschli/2configs/emacs.nix | 58 +++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 jeschli/2configs/emacs.nix diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 75f083a05..c9a7a34e2 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -5,6 +5,7 @@ [ + ./hardware-configuration.nix ]; diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix new file mode 100644 index 000000000..3c1d6ba06 --- /dev/null +++ b/jeschli/2configs/emacs.nix @@ -0,0 +1,58 @@ +{ config, pkgs, ... }: + +let + emacsFile = '' +(require 'package) ;; You might already have this line +(let* ((no-ssl (and (memq system-type '(windows-nt ms-dos)) + (not (gnutls-available-p)))) + (url (concat (if no-ssl "http" "https") "://melpa.org/packages/"))) + (add-to-list 'package-archives (cons "melpa" url) t) + (add-to-list 'package-archives + '("org" . "http://orgmode.org/elpa/") t) +) +(when (< emacs-major-version 24) + ;; For important compatibility libraries like cl-lib + (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/"))) + +(package-initialize) + +;; Evil Mode +(add-to-list 'load-path "~/.emacs.d/evil") +(require 'evil) +(evil-mode 1) +(require 'evil-org) + + + +(custom-set-variables + ;; custom-set-variables was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + '(inhibit-startup-screen t) + '(org-agenda-files nil) + '(package-selected-packages + (quote + (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) +(custom-set-faces + ;; custom-set-faces was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + ) + +(tool-bar-mode -1) ; Disable the button bar atop screen +(scroll-bar-mode -1) ; Disable scroll bar +(setq inhibit-startup-screen t) ; Disable startup screen with graphics +(setq-default indent-tabs-mode nil) ; Use spaces instead of tabs +(setq tab-width 2) ; Four spaces is a tab +(setq visible-bell nil) ; Disable annoying visual bell graphic +(setq ring-bell-function 'ignore) ; Disable super annoying audio bell + ''; + dotEmacs = pkgs.writeText "dot-emacs" emacsFile; + myEmacs = pkgs.writeDashBin "my-emacs" ''emacs -q -l ${dotEmacs}''; +in { + environment.systemPackages = [ + myEmacs + ]; +} From 917db24b3f0f3da858d5575ca20fdaeafc007c20 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 17:39:11 +0100 Subject: [PATCH 23/55] j bln: hardware-configuration cosmetics --- jeschli/1systems/bln/hardware-configuration.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix index 2b354190c..b774bfc19 100644 --- a/jeschli/1systems/bln/hardware-configuration.nix +++ b/jeschli/1systems/bln/hardware-configuration.nix @@ -1,6 +1,3 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { config, lib, pkgs, ... }: { From c16e7b2ceae1d42d961f9e2aa66ec2bf32ac489b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 20 Mar 2018 20:12:13 +0100 Subject: [PATCH 24/55] default.nix: add debug code --- default.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/default.nix b/default.nix index 52e8924cd..cab55d40a 100644 --- a/default.nix +++ b/default.nix @@ -3,3 +3,20 @@ import { (import "NIXOS_CONFIG" ) ]; } +// +{ + lib = import ./lib; + systems = with import ./lib; let + ns = getEnv "LOGNAME"; + in + genAttrs + (attrNames (filterAttrs (_: eq "directory") (readDir ( + "/${ns}/1systems")))) + (name: let + config = import ( + "/${ns}/1systems/${name}/config.nix"); + source = import ( + "/${ns}/1systems/${name}/source.nix"); + in import { + modules = [ config ]; + } // { + inherit source; + }); +} From 117ca7ba1c7709fd4249b5e64d06731a302eb970 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 20:14:51 +0100 Subject: [PATCH 25/55] j brauerei: +emacs --- jeschli/1systems/brauerei/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index eb2bb11d2..1203720a5 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix + ]; krebs.build.host = config.krebs.hosts.brauerei; From a94da8573103f3a7ccaf836c6126041dc351b623 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 20:16:12 +0100 Subject: [PATCH 26/55] j brauerei: *emacs with magit --- jeschli/2configs/emacs.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 3c1d6ba06..b616acfae 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -50,7 +50,12 @@ let (setq ring-bell-function 'ignore) ; Disable super annoying audio bell ''; dotEmacs = pkgs.writeText "dot-emacs" emacsFile; - myEmacs = pkgs.writeDashBin "my-emacs" ''emacs -q -l ${dotEmacs}''; + emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ + magit + ])); + myEmacs = pkgs.writeDashBin "my-emacs" '' + exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@" + ''; in { environment.systemPackages = [ myEmacs From 87528e2ab6085a1a0fadcd1aa00870834c878c27 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 21 Mar 2018 08:59:35 +0100 Subject: [PATCH 27/55] j emacs: cosmetics --- jeschli/2configs/emacs.nix | 103 +++++++++++++++++++------------------ 1 file changed, 54 insertions(+), 49 deletions(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index b616acfae..05e977844 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -1,58 +1,63 @@ { config, pkgs, ... }: let + packageRepos = '' + (require 'package) ;; You might already have this line + (let* ((no-ssl (and (memq system-type '(windows-nt ms-dos)) + (not (gnutls-available-p)))) + (url (concat (if no-ssl "http" "https") "://melpa.org/packages/"))) + (add-to-list 'package-archives (cons "melpa" url) t) + (add-to-list 'package-archives + '("org" . "http://orgmode.org/elpa/") t) + ) + (when (< emacs-major-version 24) + ;; For important compatibility libraries like cl-lib + (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/"))) + (package-initialize) + ''; + evilMode = '' + ;; Evil Mode + (add-to-list 'load-path "~/.emacs.d/evil") + (require 'evil) + (evil-mode 1) + (require 'evil-org) + ''; + windowCosmetics = '' + (tool-bar-mode -1) ; Disable the button bar atop screen + (scroll-bar-mode -1) ; Disable scroll bar + (setq inhibit-startup-screen t) ; Disable startup screen with graphics + (setq-default indent-tabs-mode nil) ; Use spaces instead of tabs + (setq tab-width 2) ; Four spaces is a tab + (setq visible-bell nil) ; Disable annoying visual bell graphic + (setq ring-bell-function 'ignore) ; Disable super annoying audio bell + ''; emacsFile = '' -(require 'package) ;; You might already have this line -(let* ((no-ssl (and (memq system-type '(windows-nt ms-dos)) - (not (gnutls-available-p)))) - (url (concat (if no-ssl "http" "https") "://melpa.org/packages/"))) - (add-to-list 'package-archives (cons "melpa" url) t) - (add-to-list 'package-archives - '("org" . "http://orgmode.org/elpa/") t) -) -(when (< emacs-major-version 24) - ;; For important compatibility libraries like cl-lib - (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/"))) - -(package-initialize) - -;; Evil Mode -(add-to-list 'load-path "~/.emacs.d/evil") -(require 'evil) -(evil-mode 1) -(require 'evil-org) - - - -(custom-set-variables - ;; custom-set-variables was added by Custom. - ;; If you edit it by hand, you could mess it up, so be careful. - ;; Your init file should contain only one such instance. - ;; If there is more than one, they won't work right. - '(inhibit-startup-screen t) - '(org-agenda-files nil) - '(package-selected-packages - (quote - (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) -(custom-set-faces - ;; custom-set-faces was added by Custom. - ;; If you edit it by hand, you could mess it up, so be careful. - ;; Your init file should contain only one such instance. - ;; If there is more than one, they won't work right. - ) - -(tool-bar-mode -1) ; Disable the button bar atop screen -(scroll-bar-mode -1) ; Disable scroll bar -(setq inhibit-startup-screen t) ; Disable startup screen with graphics -(setq-default indent-tabs-mode nil) ; Use spaces instead of tabs -(setq tab-width 2) ; Four spaces is a tab -(setq visible-bell nil) ; Disable annoying visual bell graphic -(setq ring-bell-function 'ignore) ; Disable super annoying audio bell + ${packageRepos} + ${evilMode} + ${windowCosmetics} + (custom-set-variables + ;; custom-set-variables was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + '(inhibit-startup-screen t) + '(org-agenda-files nil) + '(package-selected-packages + (quote + (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) + (custom-set-faces + ;; custom-set-faces was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + ) ''; dotEmacs = pkgs.writeText "dot-emacs" emacsFile; - emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ - magit - ])); + emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ + epkgs.melpaStablePackages.magit + epkgs.melpaPackages.mmm-mode + epkgs.melpaPackages.nix-mode + ]); myEmacs = pkgs.writeDashBin "my-emacs" '' exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@" ''; From 26eb236cd9cce469be2a7cb227083742e037fac8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:22:14 +0100 Subject: [PATCH 28/55] nixpkgs: c5bc83b -> 2a32f6b (18.03) --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 733601a21..e12175b66 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "c665fcca9e7be8cd06c1f3c5bbe2b00d4c8f2a92"; # nixos-17.09 @ 2018-03-18 + ref = "2a32f6bc0ccfbe8f158a40b96d828fbba921fd54"; # nixos-18.03 # 2018-03-16 }; } override From e5f3827fc84ba1c769c1422d92fa93ebcb0fc5d1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:31:59 +0100 Subject: [PATCH 29/55] os-release: follow renamed modules --- krebs/3modules/os-release.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 8f71a357f..5fbfe6614 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -1,8 +1,11 @@ { config, ... }: with import ; let - nixos-version-id = "${config.system.nixosVersion}"; - nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; + nixos-version-id = if (hasAttr "nixos" config.system) then + "${config.system.nixos.version}" else "${config.system.nixosVersion}"; + nixos-codeName = if (hasAttr "nixos" config.system) then + "${config.system.nixos.codeName}" else "${config.system.nixosCodeName}"; + nixos-version = "${nixos-version-id} (${nixos-codeName})"; nixos-pretty-name = "NixOS ${nixos-version}"; stockholm-version-id = let From 84adc28a3b70bd6a93c79d36f0247393d801b32b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:36:46 +0100 Subject: [PATCH 30/55] l privoxy: RIP polipo --- lass/2configs/privoxy.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix index 33e8d1e46..e0a086421 100644 --- a/lass/2configs/privoxy.nix +++ b/lass/2configs/privoxy.nix @@ -3,10 +3,5 @@ { services.privoxy = { enable = true; - extraConfig = '' - #use polipo - forward / localhost:8123 - ''; }; - services.polipo.enable = true; } From f859b7d7f8fe0c9968c961711ec7a6578a4d36a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 20:51:52 +0100 Subject: [PATCH 31/55] nixpkgs: 2a32f6b -> 0e7c9b3 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index e12175b66..f275460e1 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "2a32f6bc0ccfbe8f158a40b96d828fbba921fd54"; # nixos-18.03 # 2018-03-16 + ref = "0e7c9b32817e5cbe61212d47a6cf9bcd71789322"; # nixos-18.03 # 2018-03-18 }; } override From 7303238443b3a76af6d12df1992ee499d98a7902 Mon Sep 17 00:00:00 2001 From: jeschli Date: Thu, 22 Mar 2018 16:19:29 +0100 Subject: [PATCH 32/55] j emacs: +orgMode +evil-org --- jeschli/2configs/emacs.nix | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 05e977844..3eced793c 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -21,6 +21,10 @@ let (require 'evil) (evil-mode 1) (require 'evil-org) + (add-hook 'org-mode-hook 'evil-org-mode) + (evil-org-set-key-theme '(navigation insert textobjects additional calendar)) + (require 'evil-org-agenda) + (evil-org-agenda-set-keys) ''; windowCosmetics = '' (tool-bar-mode -1) ; Disable the button bar atop screen @@ -31,6 +35,16 @@ let (setq visible-bell nil) ; Disable annoying visual bell graphic (setq ring-bell-function 'ignore) ; Disable super annoying audio bell ''; + orgMode = '' + (add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode)) + (global-set-key "\C-cl" 'org-store-link) + (global-set-key "\C-ca" 'org-agenda) + (global-set-key "\C-cb" 'org-iswitchb) + (if (boundp 'org-user-agenda-files) + (setq org-agenda-files org-user-agenda-files) + (setq org-agenda-files (quote ("~/projects/notes"))) + ) + ''; emacsFile = '' ${packageRepos} ${evilMode} @@ -45,12 +59,7 @@ let '(package-selected-packages (quote (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) - (custom-set-faces - ;; custom-set-faces was added by Custom. - ;; If you edit it by hand, you could mess it up, so be careful. - ;; Your init file should contain only one such instance. - ;; If there is more than one, they won't work right. - ) + ${orgMode} ''; dotEmacs = pkgs.writeText "dot-emacs" emacsFile; emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ From e7f3880de27ff00ac5d0a18899dc271675fdc2d0 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 24 Mar 2018 10:30:03 +0000 Subject: [PATCH 33/55] j bolide: +emacs --- jeschli/1systems/bolide/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix index 83640801f..699a85b58 100644 --- a/jeschli/1systems/bolide/config.nix +++ b/jeschli/1systems/bolide/config.nix @@ -10,6 +10,7 @@ ./hardware-configuration.nix + ]; krebs.build.host = config.krebs.hosts.bolide; From e80c081eb7d720fb5584f24b0f38b5d6e61ac41e Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 24 Mar 2018 10:30:30 +0000 Subject: [PATCH 34/55] j emacs: +go-mode -evil-mode --- jeschli/2configs/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 3eced793c..d9e6c854a 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -47,7 +47,6 @@ let ''; emacsFile = '' ${packageRepos} - ${evilMode} ${windowCosmetics} (custom-set-variables ;; custom-set-variables was added by Custom. @@ -66,6 +65,7 @@ let epkgs.melpaStablePackages.magit epkgs.melpaPackages.mmm-mode epkgs.melpaPackages.nix-mode + epkgs.melpaPackages.go-mode ]); myEmacs = pkgs.writeDashBin "my-emacs" '' exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@" From b27dfa5a37b1345d36b57aa24b940287293418e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 23 Mar 2018 20:53:23 +0100 Subject: [PATCH 35/55] 0e7c9b3 -> 48856a9 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index f275460e1..0bd797a16 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "0e7c9b32817e5cbe61212d47a6cf9bcd71789322"; # nixos-18.03 # 2018-03-18 + ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24 }; } override From 4851f6b43ff2eebecf5f1dc6a808225ee1af0f08 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 24 Mar 2018 12:08:14 +0100 Subject: [PATCH 36/55] j nixpkgs: follow krebs --- jeschli/source.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/jeschli/source.nix b/jeschli/source.nix index 91ff5514f..29cf9d818 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -13,10 +13,7 @@ in evalSource (toString _file) [ { nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; - nixpkgs.git = { - url = https://github.com/nixos/nixpkgs; - ref = "395fe7f"; - }; + nixpkgs = (import host).nixpkgs; secrets.file = getAttr builder { buildbot = toString ; jeschli = "${getEnv "HOME"}/secrets/${name}"; From d810727b985bbdce57ae2de515111949c141c3bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 24 Mar 2018 12:19:52 +0100 Subject: [PATCH 37/55] exim: krebs.setuid -> security.wrappers --- krebs/3modules/exim.nix | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index cfcbbc438..274a943b1 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -50,15 +50,9 @@ in { ''; systemPackages = [ pkgs.exim ]; }; - krebs.setuid = { - exim = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; - sendmail = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; + security.wrappers = { + exim.source = "${pkgs.exim}/bin/exim"; + sendmail.source = "${pkgs.exim}/bin/exim"; }; systemd.services.exim = { restartTriggers = [ From 6a94383764130a9a28a990d4e1e4413b0bbf3d06 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 26 Mar 2018 13:00:23 +0200 Subject: [PATCH 38/55] tv xmonad: add passmenu --- tv/5pkgs/simple/xmonad-tv/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index 94c70153d..d474b7edd 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -133,6 +133,8 @@ myKeys conf = Map.fromList $ [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) , ((_4S , xK_c ), kill) + , ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing) + , ((_4 , xK_x ), chooseAction spawnTermAt) , ((_4C , xK_x ), spawnRootTerm) From f76401ef002851cca81218de3d879b4829668ebe Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 20:06:23 +0200 Subject: [PATCH 39/55] tv pkgs: init font-size --- tv/5pkgs/simple/font-size.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 tv/5pkgs/simple/font-size.nix diff --git a/tv/5pkgs/simple/font-size.nix b/tv/5pkgs/simple/font-size.nix new file mode 100644 index 000000000..21097ed6a --- /dev/null +++ b/tv/5pkgs/simple/font-size.nix @@ -0,0 +1,26 @@ +{ writeDashBin }: +writeDashBin "font-size" '' + set -efu + + # set_font NORMAL_FONT BOLD_FONT + set_font() { + printf '\033]710;%s\007' "$1" + printf '\033]711;%s\007' "$2" + } + + case ''${1-} in + '''|0|--reset) + set_font \ + -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 \ + -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 \ + ;; + [1-9]|[1-9][0-9]|[1-9][0-9][0-9]) + set_font \ + xft:Monospace:size=$1 \ + xft:Monospace:size=$1:bold \ + ;; + *) + echo "$0: bad argument: $1" >&2 + exit 1 + esac +'' From bd70fe17cbe4f99b2c5027e7b23f96cf92317a61 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 20:06:48 +0200 Subject: [PATCH 40/55] tv xserver: systemPackages += font-size --- tv/2configs/xserver/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 7ba78b974..6ef8a8768 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -11,6 +11,7 @@ in { environment.systemPackages = [ pkgs.ff + pkgs.font-size pkgs.gitAndTools.qgit pkgs.mpv pkgs.sxiv From 5f9622bbdae0a9a459fd6a70cc9a3147f382162b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 20:46:56 +0200 Subject: [PATCH 41/55] haskellPackages.nix-diff: RIP --- krebs/5pkgs/haskell/nix-diff/default.nix | 25 -------- .../5pkgs/haskell/nix-diff/nixos-system.patch | 18 ------ krebs/5pkgs/simple/stockholm/default.nix | 60 ------------------- tv/2configs/urlwatch.nix | 5 -- 4 files changed, 108 deletions(-) delete mode 100644 krebs/5pkgs/haskell/nix-diff/default.nix delete mode 100644 krebs/5pkgs/haskell/nix-diff/nixos-system.patch diff --git a/krebs/5pkgs/haskell/nix-diff/default.nix b/krebs/5pkgs/haskell/nix-diff/default.nix deleted file mode 100644 index df0315048..000000000 --- a/krebs/5pkgs/haskell/nix-diff/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl -, nix-derivation, optparse-generic, stdenv, system-filepath, text -, unix, vector -}: -mkDerivation { - pname = "nix-diff"; - version = "1.0.0-krebs1"; - src = fetchgit { - url = "https://github.com/Gabriel439/nix-diff"; - sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k"; - rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d"; - }; - patches = [ - ./nixos-system.patch - ]; - isLibrary = false; - isExecutable = true; - executableHaskellDepends = [ - attoparsec base containers Diff mtl nix-derivation optparse-generic - system-filepath text unix vector - ]; - homepage = "https://github.com/Gabriel439/nix-diff"; - description = "Explain why two Nix derivations differ"; - license = stdenv.lib.licenses.bsd3; -} diff --git a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch deleted file mode 100644 index 03e186aa9..000000000 --- a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/src/Main.hs b/src/Main.hs -index 959ab8e..d3b6077 100644 ---- a/src/Main.hs -+++ b/src/Main.hs -@@ -95,7 +95,12 @@ pathToText path = - underneath `/nix/store`, but this is the overwhelmingly common use case - -} - derivationName :: FilePath -> Text --derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText -+derivationName p = -+ if Data.Text.isPrefixOf "nixos-system" s -+ then "nixos-system" -+ else s -+ where -+ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p - - -- | Group input derivations by their name - groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text)) diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix index 4d15e7ac2..9afe79510 100644 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -9,7 +9,6 @@ # cmds.deploy = pkgs.withGetopt { - diff = { default = /* sh */ "false"; switch = true; }; force-populate = { default = /* sh */ "false"; switch = true; }; quiet = { default = /* sh */ "false"; switch = true; }; source_file = { @@ -25,65 +24,6 @@ . ${init.env} . ${init.proxy "deploy" opts} - if \test ${opts.diff.ref} = true; then - - system_profile=/nix/var/nix/profiles/system - system_drv_cur=/etc/system.drv - - system_drv_new=$( - ${pkgs.nix}/bin/nix-instantiate \ - -Q \ - -I "$target_path" \ - -E ' - (import { - modules = [ ]; - }).config.system.build.toplevel - ' - ) - - if \test -e "$system_drv_cur"; then - - system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur") - system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new") - - if \test "$system_drv_cur_c" = "$system_drv_new_c"; then - echo "$0: system up to date" >&2 - exit 0 - fi - - system_drv_cur=$system_drv_cur_c \ - system_drv_new=$system_drv_new_c \ - ${pkgs.utillinux}/bin/script \ - --command ' - ${pkgs.haskellPackages.nix-diff}/bin/nix-diff \ - "$system_drv_cur" "$system_drv_new" - ' \ - --quiet \ - --return \ - /dev/null - - printf 'deploy? [N/y] ' >&2 - read -r REPLY - if \test "$REPLY" != y; then - echo "$0: abort!" >&2 - exit 1 - fi - else - echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2 - fi - - new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new") - - ${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system" - PATH=${lib.makeBinPath [ - pkgs.systemd - ]} \ - "$system_profile"/bin/switch-to-configuration switch - - ${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur" - exit - fi - # Use system's nixos-rebuild, which is not self-contained export PATH=/run/current-system/sw/bin exec ${utils.with-whatsupnix} \ diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 509257c48..897def8c9 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -13,11 +13,6 @@ with import ; http://www.exim.org/ - { - url = https://api.github.com/repos/Gabriel439/nix-diff/git/refs/heads/master; - filter = "system:${pkgs.jq}/bin/jq -r .object.sha"; - } - # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix { url = https://api.github.com/repos/simple-evcorr/sec/tags; From 2cc1d9a54eaf512a2fddb57990df3462931990a4 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 21:32:14 +0200 Subject: [PATCH 42/55] writeC: use binutils-unwrapped --- krebs/5pkgs/writers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index a48fc0f87..23773e17f 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -57,7 +57,7 @@ with import ; passAsFile = [ "text" ]; } /* sh */ '' PATH=${makeBinPath (with pkgs; [ - binutils + binutils-unwrapped coreutils gcc ])} From 7e62c44607f193d3c9740f7c56df976b0db3c417 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Mar 2018 21:35:27 +0200 Subject: [PATCH 43/55] Revert "exim: krebs.setuid -> security.wrappers" This reverts commit d810727b985bbdce57ae2de515111949c141c3bd. --- krebs/3modules/exim.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 274a943b1..cfcbbc438 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -50,9 +50,15 @@ in { ''; systemPackages = [ pkgs.exim ]; }; - security.wrappers = { - exim.source = "${pkgs.exim}/bin/exim"; - sendmail.source = "${pkgs.exim}/bin/exim"; + krebs.setuid = { + exim = { + filename = "${pkgs.exim}/bin/exim"; + mode = "4111"; + }; + sendmail = { + filename = "${pkgs.exim}/bin/exim"; + mode = "4111"; + }; }; systemd.services.exim = { restartTriggers = [ From 9c1e215dd500458d37832f234ecb33f455ed4c64 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:08:35 +0200 Subject: [PATCH 44/55] l xephyrify: handle resize --- lass/5pkgs/xephyrify/default.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix index 8b18ea949..f1711891c 100644 --- a/lass/5pkgs/xephyrify/default.nix +++ b/lass/5pkgs/xephyrify/default.nix @@ -2,15 +2,18 @@ let - minimalXmonad = writeHaskell "minimalXmonad" { + xephyrify-xmonad = writeHaskell "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ "containers" + "unix" "xmonad" ]; text = /* haskell */ '' module Main where import XMonad + import Data.Monoid + import System.Posix.Process (executeFile) import qualified Data.Map as Map main :: IO () @@ -21,8 +24,18 @@ let , keys = myKeys , normalBorderColor = "#000000" , focusedBorderColor = "#000000" + , handleEventHook = myEventHook } + myEventHook :: Event -> X All + + myEventHook (ConfigureEvent { ev_event_type = 22 }) = do + spawn "${xorg.xrandr}/bin/xrandr >/dev/null 2>&1" + return (All True) + + myEventHook _ = do + return (All True) + myLayoutHook = Full myKeys _ = Map.fromList [] ''; From 28e1b8d3a51e2405ecc60b04e321f1f7dba364ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:11:51 +0200 Subject: [PATCH 45/55] l xephyrify: change ownership of socket if wanted --- lass/5pkgs/xephyrify/default.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix index f1711891c..8d6036843 100644 --- a/lass/5pkgs/xephyrify/default.nix +++ b/lass/5pkgs/xephyrify/default.nix @@ -43,13 +43,20 @@ let }; in writeDashBin "xephyrify" '' - NDISPLAY=:$(${coreutils}/bin/shuf -i 100-65536 -n 1) + NDISPLAY=''${NDISPLAY:-$(${coreutils}/bin/shuf -i 100-65536 -n 1)} echo "using DISPLAY $NDISPLAY" - ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable $NDISPLAY & + ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -dpi 60 -nolisten local :$NDISPLAY & + if test -n $DROP_TO_USER; then + sleep 1 + ls /tmp/.X11-unix/ + id + ${coreutils}/bin/chgrp "$DROP_TO_USER" "/tmp/.X11-unix/X$NDISPLAY" + ${coreutils}/bin/chmod 770 "/tmp/.X11-unix/X$NDISPLAY" + fi XEPHYR_PID=$! - DISPLAY=$NDISPLAY ${minimalXmonad}/bin/xmonad & + DISPLAY=:$NDISPLAY ${xephyrify-xmonad}/bin/xmonad & XMONAD_PID=$! - DISPLAY=$NDISPLAY ${virtualgl}/bin/vglrun "$@" + DISPLAY=:$NDISPLAY ${virtualgl}/bin/vglrun "$@" kill $XMONAD_PID kill $XEPHYR_PID '' From 92540f5cf1628cfaceee6c19f08b3c13b05cf6b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:12:53 +0200 Subject: [PATCH 46/55] l xjails: init --- lass/3modules/default.nix | 1 + lass/3modules/xjail.nix | 87 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 lass/3modules/xjail.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index fd77b2262..0c10e1ec2 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -11,6 +11,7 @@ _: ./screenlock.nix ./umts.nix ./usershadow.nix + ./xjail.nix ./xserver ]; } diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix new file mode 100644 index 000000000..af851760b --- /dev/null +++ b/lass/3modules/xjail.nix @@ -0,0 +1,87 @@ +{ config, pkgs, ... }: + +with import ; +{ + options.lass.xjail = mkOption { + type = types.attrsOf (types.submodule ({ config, ...}: { + options = { + user = mkOption { + type = types.string; + default = "nobody"; + }; + groups = mkOption { + type = types.listOf types.str; + default = []; + }; + name = mkOption { + type = types.string; + default = config._module.args.name; + }; + display = mkOption { + type = types.string; + default = toString (genid_signed config._module.args.name); + }; + script = mkOption { + type = types.path; + default = pkgs.writeScript "echo_lol" "echo lol"; + }; + from = mkOption { + type = types.string; + default = "lass"; + }; + }; + })); + default = {}; + }; + + options.lass.xjail-bins = mkOption { + type = types.attrsOf types.path; + }; + + # implementation + config = { + + users.users = mapAttrs' (_: cfg: + nameValuePair cfg.name { + uid = genid cfg.name; + home = "/home/${cfg.name}"; + useDefaultShell = true; + createHome = true; + extraGroups = cfg.groups; + } + ) config.lass.xjail; + + users.groups = mapAttrs' (_: cfg: + nameValuePair cfg.name { + members = [ + cfg.name + cfg.from + ]; + } + ) config.lass.xjail; + + security.sudo.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: + # TODO allow just the right script with sudo + "${cfg.from} ALL=(${cfg.name}) NOPASSWD: ALL" + ) config.lass.xjail)); + + lass.xjail-bins = mapAttrs' (name: cfg: + let + sudo-wrapper = pkgs.writeScript name '' + /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@" + ''; + in nameValuePair name (pkgs.writeScriptBin cfg.name '' + export NDISPLAY=${cfg.display} + DISPLAY=:$NDISPLAY ${pkgs.xorg.xrandr}/bin/xrandr + if test $? -eq 0; then + echo xephyr already running + export DISPLAY=:$NDISPLAY + ${sudo-wrapper} "$@" + else + echo xephyr not running + DROP_TO_USER=${cfg.name} ${pkgs.xephyrify}/bin/xephyrify ${sudo-wrapper} "$@" + fi + '') + ) config.lass.xjail; + }; +} From 30068c17c9c8dc807feab2856b40012c3fffcce4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:13:57 +0200 Subject: [PATCH 47/55] l browsers: use xjails --- lass/2configs/browsers.nix | 77 ++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 40 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index cbbd54b6b..153c386cf 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -21,58 +21,55 @@ let $BIN "$@" ''; - createChromiumUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; + createChromiumUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.chromium}/bin/chromium "$@" + ''; + inherit groups; }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { - path = bin; + path = config.lass.xjail-bins.${name}; inherit precedence; }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; }; - createFirefoxUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; + createFirefoxUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + ''; + inherit groups; }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { - path = bin; + path = config.lass.xjail-bins.${name}; inherit precedence; }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; }; + createQuteUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.qutebrowser}/bin/qutebrowser "$@" + ''; + inherit groups; + }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; + lass.browser.paths.${name} = { + path = config.lass.xjail-bins.${name}; + inherit precedence; + }; + }; + + #TODO: abstract this in { From e7b4686c7ac46e08a526e5d74eb6cd45af23b1da Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:15:20 +0200 Subject: [PATCH 48/55] l browsers: remove video group from most users --- lass/2configs/browsers.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 153c386cf..351f15154 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -108,11 +108,11 @@ in { }; } ( createFirefoxUser "ff" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "video" "audio" ] 9 ) + ( createChromiumUser "cr" [ "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "video" "audio" ] 0 ) - ( createChromiumUser "fb" [ "video" "audio" ] 0 ) - ( createChromiumUser "com" [ "video" "audio" ] 0 ) + ( createChromiumUser "wk" [ "audio" ] 0 ) + ( createChromiumUser "fb" [ "audio" ] 0 ) + ( createChromiumUser "com" [ "audio" ] 0 ) ( createChromiumUser "fin" [] (-1) ) ]; } From 1b050f22d44711c4f296c6bba371528d0cf44cf9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:15:42 +0200 Subject: [PATCH 49/55] l browsers: add qb --- lass/2configs/browsers.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 351f15154..75a86db6a 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -107,6 +107,7 @@ in { })); }; } + ( createQuteUser "qb" [ "audio" ] 20 ) ( createFirefoxUser "ff" [ "audio" ] 10 ) ( createChromiumUser "cr" [ "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) From 22f33b8e99cf9ffe575905370df736ddc3517338 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:16:03 +0200 Subject: [PATCH 50/55] reaktor-plugins sed: limit output --- .../5pkgs/simple/Reaktor/scripts/sed-plugin.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py index da8e2f726..51ac7a071 100644 --- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py @@ -18,20 +18,27 @@ def is_regex(line): myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$') return myre.match(line) + line = argv[1] if is_regex(line): last = d.get(usr, None) if last: from subprocess import Popen, PIPE - p = Popen(['sed', line], stdin=PIPE, stdout=PIPE) + p = Popen(['sed', line], stdin=PIPE, stdout=PIPE, stderr=PIPE) so, se = p.communicate(bytes("{}\n".format(last), "UTF-8")) if p.returncode: - print("something went wrong when trying to process your regex: {}".format(se.decode())) + print("something went wrong when trying to process your regex: {}".format(line.strip())) ret = so.decode() - print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) - if ret: - d[usr] = ret + if len(ret) > 512: + print('message to long, skipped') + elif len(ret.split('\n')) > 5: + print('to many lines, skipped') + else: + if last.strip() != ret.strip(): + print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) + if ret: + d[usr] = ret else: print("no last message") From 1710530cae5189cdc779212084ea3091fefc275b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 29 Mar 2018 14:10:23 +0200 Subject: [PATCH 51/55] writers writeC: 17.09 workaround --- krebs/5pkgs/writers.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index 23773e17f..1939bf854 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -57,7 +57,8 @@ with import ; passAsFile = [ "text" ]; } /* sh */ '' PATH=${makeBinPath (with pkgs; [ - binutils-unwrapped + # TODO remove if everyone migrated to 18.03 + (if hasAttr "binutils-unwrapped" pkgs then binutils-unwrapped else binutils) coreutils gcc ])} From 23e797744017d984d67ba66d879e35913bbac4d7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 29 Mar 2018 16:39:08 +0200 Subject: [PATCH 52/55] l mail: track neomutt name change --- lass/2configs/mail.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index b9682c5ee..81db59617 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -75,7 +75,7 @@ let muttrc = pkgs.writeText "muttrc" '' # gpg - source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc + source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc set pgp_use_gpg_agent = yes set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D set crypt_autosign = yes @@ -195,7 +195,7 @@ let name = "mutt"; paths = [ (pkgs.writeDashBin "mutt" '' - exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@ + exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@ '') pkgs.neomutt ]; From a75858a8ced30f9ed46e282e75a3cdccd515abd7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 14:11:14 +0200 Subject: [PATCH 53/55] nixpkgs: 48856a9 -> b6ddb99 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 0bd797a16..e5fb6c5e1 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24 + ref = "b6ddb9913f2b8206837e0f137db907bdefb9275e"; # nixos-18.03 # 2018-03-24 }; } override From 0f47b98e81755494df19325e91974f8d9d2c8617 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 16:17:45 +0200 Subject: [PATCH 54/55] l xjail: add working GPU acceleration --- lass/3modules/xjail.nix | 121 ++++++++++++++++++++++++++++++++-------- 1 file changed, 99 insertions(+), 22 deletions(-) diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index af851760b..325ebcc99 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -1,33 +1,88 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: with import ; { options.lass.xjail = mkOption { type = types.attrsOf (types.submodule ({ config, ...}: { options = { + name = mkOption { + type = types.string; + default = config._module.args.name; + }; user = mkOption { type = types.string; - default = "nobody"; + default = config.name; }; groups = mkOption { type = types.listOf types.str; default = []; }; - name = mkOption { + from = mkOption { type = types.string; - default = config._module.args.name; + default = "lass"; }; display = mkOption { type = types.string; default = toString (genid_signed config._module.args.name); }; + dpi = mkOption { + type = types.int; + default = 90; + }; + extraXephyrArgs = mkOption { + type = types.str; + default = ""; + }; + extraVglrunArgs = mkOption { + type = types.str; + default = ""; + }; script = mkOption { type = types.path; default = pkgs.writeScript "echo_lol" "echo lol"; }; - from = mkOption { + wm = mkOption { + #TODO find type type = types.string; - default = "lass"; + default = "${pkgs.writeHaskell "xephyrify-xmonad" { + executables.xmonad = { + extra-depends = [ + "containers" + "unix" + "xmonad" + ]; + text = /* haskell */ '' + module Main where + import XMonad + import Data.Monoid + import System.Posix.Process (executeFile) + import qualified Data.Map as Map + + main :: IO () + main = do + xmonad def + { workspaces = [ "1" ] + , layoutHook = myLayoutHook + , keys = myKeys + , normalBorderColor = "#000000" + , focusedBorderColor = "#000000" + , handleEventHook = myEventHook + } + + myEventHook :: Event -> X All + + myEventHook (ConfigureEvent { ev_event_type = 22 }) = do + spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1" + return (All True) + + myEventHook _ = do + return (All True) + + myLayoutHook = Full + myKeys _ = Map.fromList [] + ''; + }; + }}/bin/xmonad"; }; }; })); @@ -39,7 +94,42 @@ with import ; }; # implementation - config = { + config = let + scripts = mapAttrs' (name: cfg: + let + newOrExisting = pkgs.writeDash "${cfg.name}-existing" '' + DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr + if test $? -eq 0; then + echo using existing xephyr + ${sudo_} "$@" + else + echo starting new xephyr + ${xephyr_} "$@" + fi + ''; + xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" '' + ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} & + XEPHYR_PID=$! + DISPLAY=:${cfg.display} ${cfg.wm} & + WM_PID=$! + ${sudo_} "$@" + ${pkgs.coreutils}/bin/kill $WM_PID + ${pkgs.coreutils}/bin/kill $XEPHYR_PID + ''; + sudo_ = pkgs.writeDash "${cfg.name}-sudo" '' + /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@" + ''; + vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" '' + DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@" + ''; + in nameValuePair name { + existing = newOrExisting; + xephyr = xephyr_; + sudo = sudo_; + vglrun = vglrun_; + } + ) config.lass.xjail; + in { users.users = mapAttrs' (_: cfg: nameValuePair cfg.name { @@ -66,21 +156,8 @@ with import ; ) config.lass.xjail)); lass.xjail-bins = mapAttrs' (name: cfg: - let - sudo-wrapper = pkgs.writeScript name '' - /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@" - ''; - in nameValuePair name (pkgs.writeScriptBin cfg.name '' - export NDISPLAY=${cfg.display} - DISPLAY=:$NDISPLAY ${pkgs.xorg.xrandr}/bin/xrandr - if test $? -eq 0; then - echo xephyr already running - export DISPLAY=:$NDISPLAY - ${sudo-wrapper} "$@" - else - echo xephyr not running - DROP_TO_USER=${cfg.name} ${pkgs.xephyrify}/bin/xephyrify ${sudo-wrapper} "$@" - fi + nameValuePair name (pkgs.writeScriptBin cfg.name '' + ${scripts.${name}.existing} "$@" '') ) config.lass.xjail; }; From 1a5b58c828409ce9bf1639f3f26ebeb142e0148a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 16:19:28 +0200 Subject: [PATCH 55/55] l browsers: use new xjail interface --- lass/2configs/browsers.nix | 50 ++++++++++---------------------------- 1 file changed, 13 insertions(+), 37 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 75a86db6a..91ee08bfd 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -21,14 +21,10 @@ let $BIN "$@" ''; - createChromiumUser = name: groups: precedence: + createUser = script: name: groups: precedence: dpi: { lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.chromium}/bin/chromium "$@" - ''; - inherit groups; + inherit script groups dpi; }; environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { @@ -37,40 +33,20 @@ let }; }; + createChromiumUser = name: groups: precedence: + createUser (pkgs.writeDash name '' + ${pkgs.chromium}/bin/chromium "$@" + '') name groups precedence 80; + createFirefoxUser = name: groups: precedence: - { - lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" - ''; - inherit groups; - }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; + createUser (pkgs.writeDash name '' + ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + '') name groups precedence 80; createQuteUser = name: groups: precedence: - { - lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.qutebrowser}/bin/qutebrowser "$@" - ''; - inherit groups; - }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; - - - #TODO: abstract this + createUser (pkgs.writeDash name '' + ${pkgs.qutebrowser}/bin/qutebrowser "$@" + '') name groups precedence 60; in {