diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 4fdb53ae7..73b5377bd 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -13,7 +13,6 @@ - ]; diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 38f58952e..b534f9ad4 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -7,6 +7,9 @@ services.charybdis = { enable = true; + motd = '' + hello + ''; config = '' serverinfo { name = "${config.krebs.build.host.name}.irc.retiolum"; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index adbc1ebe1..b56f5c543 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -104,7 +104,7 @@ in "dummy_secrets": "true", }, command=[ - "nix-shell", "--run", " ".join(["test", + "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test", "--user={}".format(user), "--system={}".format(host), "--force-populate", diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index c89f3229d..7cf02cd8b 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -44,6 +44,7 @@ let ./tinc_graphs.nix ./urlwatch.nix ./repo-sync.nix + ./zones.nix ]; options.krebs = api; config = lib.mkIf cfg.enable imp; @@ -60,6 +61,7 @@ let hosts = mkOption { type = with types; attrsOf host; + default = {}; }; users = mkOption { @@ -171,17 +173,6 @@ let ''; }; - # Implements environment.etc."zones/" - environment.etc = let - stripEmptyLines = s: (concatStringsSep "\n" - (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; - all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" - ([cfg.zone-head-config] ++ combined-hosts); - combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts ); - in lib.mapAttrs' (name: value: nameValuePair - ("zones/" + name) - { text=(stripEmptyLines value); }) all-zones; - krebs.exim-smarthost.internet-aliases = let format = from: to: { inherit from; diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 8d4933cb5..f67188122 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -27,7 +27,7 @@ let }; display = mkOption { type = types.str; - default = ":0"; + default = ":${toString config.services.xserver.display}"; }; unitConfig = mkOption { type = types.attrsOf types.str; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 867f1bd34..ff6ba474f 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -449,8 +449,6 @@ with import ; retiolum = rec { via = internet; addrs = [ - # edinburgh university - "129.215.0.0/16" ip4.addr ip6.addr ]; @@ -472,6 +470,10 @@ with import ; lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== -----END RSA PUBLIC KEY----- ''; + tinc.subnets = [ + # edinburgh university + "129.215.0.0/16" + ]; }; }; }; @@ -533,6 +535,45 @@ with import ; }; }; }; + reagenzglas = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.27.27"; + ip6.addr = "42::27"; + aliases = [ + "reagenzglas.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P + bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0 + utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO + 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5 + hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u + mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW + 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06 + aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw + pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu + 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/ + lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5 + +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz + 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli + PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0 + ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn + GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE + hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2 + ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX + vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe + G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44 + 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x + Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { @@ -581,5 +622,8 @@ with import ; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; mail = "joerg@higgsboson.tk"; }; + jeschli = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01"; + }; }; } diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix new file mode 100644 index 000000000..eb1351866 --- /dev/null +++ b/krebs/3modules/zones.nix @@ -0,0 +1,22 @@ +with import ; +{ config, ... }: { + + config = { + # Implements environment.etc."zones/" + environment.etc = let + stripEmptyLines = s: (concatStringsSep "\n" + (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; + all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" + ([config.krebs.zone-head-config] ++ combined-hosts); + combined-hosts = + mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts; + in + mapAttrs' + (name: value: { + name = "zones/${name}"; + value.text = stripEmptyLines value; + }) + all-zones; + }; + +} diff --git a/krebs/5pkgs/haskell/nix-diff.nix b/krebs/5pkgs/haskell/nix-diff.nix new file mode 100644 index 000000000..2070dbd2e --- /dev/null +++ b/krebs/5pkgs/haskell/nix-diff.nix @@ -0,0 +1,22 @@ +{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl +, nix-derivation, optparse-generic, stdenv, system-filepath, text +, unix, vector +}: +mkDerivation { + pname = "nix-diff"; + version = "1.0.0"; + src = fetchgit { + url = "https://github.com/Gabriel439/nix-diff"; + sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k"; + rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + attoparsec base containers Diff mtl nix-derivation optparse-generic + system-filepath text unix vector + ]; + homepage = "https://github.com/Gabriel439/nix-diff"; + description = "Explain why two Nix derivations differ"; + license = stdenv.lib.licenses.bsd3; +} diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix index bf19e7d66..954cfd76a 100644 --- a/krebs/5pkgs/haskell/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix @@ -1,13 +1,13 @@ { mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape , xmonad, xmonad-contrib }: -mkDerivation { +mkDerivation rec { pname = "xmonad-stockholm"; - version = "1.1.0"; + version = "1.1.1"; src = fetchgit { url = http://cgit.ni.krebsco.de/xmonad-stockholm; - rev = "179d29fd4c765dee698058ef63295331ac603639"; - sha256 = "0c6mj68xsxxr4j8adkzhjszi7bg6cpisrsmqn587a16sblpbrnkj"; + rev = "refs/tags/v${version}"; + sha256 = "05nnfg6q35z3qgf507qa80bz32jl4k719dl5phlmchplp3769585"; }; libraryHaskellDepends = [ base containers X11 X11-xshape xmonad xmonad-contrib diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix new file mode 100644 index 000000000..5705f086d --- /dev/null +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -0,0 +1,291 @@ +{ pkgs }: let + + stockholm-dir = ../../../..; + + lib = import (stockholm-dir + "/lib"); + + # + # high level commands + # + + cmds.deploy = pkgs.withGetopt { + diff = { default = /* sh */ "false"; switch = true; }; + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target.default = /* sh */ "$system"; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "stockholm.deploy" '' + set -efu + + . ${init.env} + . ${init.proxy "deploy" opts} + + if \test ${opts.diff.ref} = true; then + + system_profile=/nix/var/nix/profiles/system + system_drv_cur=/etc/system.drv + + system_drv_new=$( + ${pkgs.nix}/bin/nix-instantiate \ + -Q \ + -I "$target_path" \ + -E ' + (import { + modules = [ ]; + }).config.system.build.toplevel + ' + ) + + if \test -e "$system_drv_cur"; then + + system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur") + system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new") + + if \test "$system_drv_cur_c" = "$system_drv_new_c"; then + echo "$0: system up to date" >&2 + exit 0 + fi + + system_drv_cur=$system_drv_cur_c \ + system_drv_new=$system_drv_new_c \ + ${pkgs.utillinux}/bin/script \ + --command ' + ${pkgs.haskellPackages.nix-diff}/bin/nix-diff \ + "$system_drv_cur" "$system_drv_new" + ' \ + --quiet \ + --return \ + /dev/null + + printf 'deploy? [N/y] ' >&2 + read -r REPLY + if \test "$REPLY" != y; then + echo "$0: abort!" >&2 + exit 1 + fi + else + echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2 + fi + + new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new") + + ${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system" + PATH=${lib.makeBinPath [ + pkgs.systemd + ]} \ + "$system_profile"/bin/switch-to-configuration switch + + ${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur" + exit + fi + + # Use system's nixos-rebuild, which is not self-contained + export PATH=/run/current-system/sw/bin + exec ${utils.with-whatsupnix} \ + nixos-rebuild switch \ + --show-trace \ + -I "$target_path" + ''); + + cmds.install = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeBash "stockholm.install" '' + set -efu + + . ${init.env} + + if \test "''${using_proxy-}" != true; then + ${pkgs.openssh}/bin/ssh \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + "$target_user@$target_host" -p "$target_port" \ + env target_path=$(${pkgs.quote}/bin/quote "$target_path") \ + sh -s prepare \ + < ${stockholm-dir + "/krebs/4lib/infest/prepare.sh"} + # TODO inline prepare.sh? + fi + + . ${init.proxy "install" opts} + + # these variables get defined by nix-shell (i.e. nix-build) from + # XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0), + # which only exists on / and not at /mnt. + export NIX_BUILD_TOP=/tmp + export TEMPDIR=/tmp + export TEMP=/tmp + export TMPDIR=/tmp + export TMP=/tmp + export XDG_RUNTIME_DIR=/tmp + + export NIXOS_CONFIG="$target_path/nixos-config" + + cd + exec nixos-install + ''); + + cmds.test = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "stockholm.test" /* sh */ '' + set -efu + + export dummy_secrets=true + + . ${init.env} + . ${init.proxy "test" opts} + + exec ${utils.build} config.system.build.toplevel + ''); + + # + # low level commands + # + + # usage: get-source SOURCE_FILE + cmds.get-source = pkgs.writeDash "stockholm.get-source" '' + set -efu + exec ${pkgs.nix}/bin/nix-instantiate \ + --eval \ + --json \ + --readonly-mode \ + --show-trace \ + --strict \ + "$1" + ''; + + # usage: parse-target [--default=TARGET] TARGET + # TARGET = [USER@]HOST[:PORT][/PATH] + cmds.parse-target = pkgs.withGetopt { + default_target = { + long = "default"; + short = "d"; + }; + } (opts: pkgs.writeDash "stockholm.parse-target" '' + set -efu + target=$1; shift + for arg; do echo "$0: bad argument: $arg" >&2; done + if \test $# != 0; then exit 2; fi + exec ${pkgs.jq}/bin/jq \ + -enr \ + --arg default_target "$default_target" \ + --arg target "$target" \ + -f ${pkgs.writeText "stockholm.parse-target.jq" '' + def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { + user: .captures[0].string, + host: .captures[1].string, + port: .captures[2].string, + path: .captures[3].string, + }; + def sanitize: with_entries(select(.value != null)); + ($default_target | parse) + ($target | parse | sanitize) | + . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } + ''} + ''); + + init.env = pkgs.writeText "init.env" /* sh */ '' + + export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" + export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}" + + export quiet + export system + export target + export user + + default_target=root@$system:22/var/src + + export target_object="$( + ${cmds.parse-target} "$target" -d "$default_target" + )" + export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" + export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" + export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" + export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)" + export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" + ''; + + init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ '' + if \test "''${using_proxy-}" != true; then + + source=$(${cmds.get-source} "$source_file") + qualified_target=$target_user@$target_host:$target_port$target_path + if \test "$force_populate" = true; then + echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target" + else + echo "$source" | ${pkgs.populate}/bin/populate "$qualified_target" + fi + + if \test "$target_local" != true; then + exec ${pkgs.openssh}/bin/ssh \ + "$target_user@$target_host" -p "$target_port" \ + cd "$target_path/stockholm" \; \ + NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \ + STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \ + nix-shell --run "$(${pkgs.quote}/bin/quote " + ${lib.concatStringsSep " " (lib.mapAttrsToList + (name: opt: /* sh */ + "${opt.varname}=\$(${pkgs.quote}/bin/quote ${opt.ref})") + opts + )} \ + using_proxy=true \ + ${lib.shell.escape command} \ + $WITHGETOPT_ORIG_ARGS \ + ")" + fi + fi + ''; + + utils.build = pkgs.writeDash "utils.build" '' + set -efu + ${utils.with-whatsupnix} \ + ${pkgs.nix}/bin/nix-build \ + --no-out-link \ + --show-trace \ + -E "with import ; $1" \ + -I "$target_path" \ + ''; + + utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" '' + set -efu + if \test "$quiet" = true; then + "$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix + else + exec "$@" + fi + ''; + + shell.get-version = pkgs.writeDash "stockholm.get-version" '' + set -efu + version=git.$(${pkgs.git}/bin/git describe --always --dirty) + case $version in (*-dirty) + version=$version@$HOSTNAME + esac + date=$(${pkgs.coreutils}/bin/date +%y.%m) + echo "$date.$version" + ''; + +in + + pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link: + lib.nameValuePair "/bin/${name}" { inherit link; } + ) cmds) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index eb45d92ec..b14ef2a3e 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -13,6 +13,9 @@ with import ; # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined # + + + { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; @@ -60,6 +63,13 @@ with import ; maxTime = 9001; }; } + { + #urban terror port + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 27960"; target = "ACCEPT"; } + { predicate = "-p udp --dport 27960"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.helios; @@ -91,7 +101,6 @@ with import ; environment.systemPackages = with pkgs; [ ag vim - rxvt_unicode git rsync hashPassword diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b7f0ea554..b18abf509 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -285,6 +285,8 @@ in { { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } ]; } + + ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1638264d9..32a9f66cf 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -7,9 +7,9 @@ in { ./mpv.nix ./power-action.nix ./copyq.nix - ./xresources.nix ./livestream.nix ./dns-stuff.nix + ./urxvt.nix { hardware.pulseaudio = { enable = true; @@ -41,6 +41,11 @@ in { default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; }; }; + config.services.xresources.resources.X = '' + *.font: ${config.lass.fonts.regular} + *.boldFont: ${config.lass.fonts.bold} + *.italicFont: ${config.lass.fonts.italic} + ''; } ]; @@ -64,9 +69,11 @@ in { dic dmenu gi + git-preview gitAndTools.qgit - lm_sensors haskellPackages.hledger + lm_sensors + mpv-poll much ncdu nix-repl @@ -74,7 +81,7 @@ in { pavucontrol powertop push - rxvt_unicode + rxvt_unicode_with-plugins screengrab slock sxiv @@ -97,26 +104,8 @@ in { xlibs.fontschumachermisc ]; + lass.xserver.enable = true; services.xserver = { - enable = true; - - desktopManager.xterm.enable = false; - desktopManager.default = "none"; - displayManager.lightdm.enable = true; - displayManager.lightdm.autoLogin = { - enable = true; - user = "lass"; - }; - windowManager.default = "xmonad"; - windowManager.session = [{ - name = "xmonad"; - start = '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - ${pkgs.xmonad-lass}/bin/xmonad & - waitPID=$! - ''; - }]; - layout = "us"; xkbModel = "evdev"; xkbVariant = "altgr-intl"; @@ -127,12 +116,7 @@ in { HandleLidSwitch=ignore ''; - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - }; - services.urxvtd.enable = true; + services.xresources.enable = true; lass.screenlock.enable = true; } diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 6c381863c..a858d3fec 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -5,19 +5,23 @@ let mainUser = config.users.extraUsers.mainUser; - browser-select = pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu) + browser-select = let + sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) + (mapAttrsToList (name: value: { inherit name value; }) + config.lass.browser.paths); + in pkgs.writeScriptBin "browser-select" '' + BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) case $BROWSER in ${concatMapStringsSep "\n" (n: '' - ${n}) - export BIN=${config.lass.browser.paths.${n}}/bin/${n} + ${n.name}) + export BIN=${n.value.path}/bin/${n.name} ;; - '') (attrNames config.lass.browser.paths)} + '') (sortedPaths)} esac $BIN "$@" ''; - createChromiumUser = name: extraGroups: + createChromiumUser = name: extraGroups: precedence: let bin = pkgs.writeScriptBin name '' /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ @@ -31,7 +35,7 @@ let useDefaultShell = true; createHome = true; }; - lass.browser.paths.${name} = bin; + lass.browser.paths.${name}.path = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; @@ -40,7 +44,7 @@ let ]; }; - createFirefoxUser = name: extraGroups: + createFirefoxUser = name: extraGroups: precedence: let bin = pkgs.writeScriptBin name '' /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ @@ -54,7 +58,10 @@ let useDefaultShell = true; createHome = true; }; - lass.browser.paths.${name} = bin; + lass.browser.paths.${name} = { + path = bin; + inherit precedence; + }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; @@ -79,14 +86,24 @@ in { type = types.path; }; options.lass.browser.paths = mkOption { - type = with types; attrsOf path; + type = types.attrsOf (types.submodule ({ + options = { + path = mkOption { + type = types.path; + }; + precedence = mkOption { + type = types.int; + default = 0; + }; + }; + })); }; } - ( createFirefoxUser "ff" [ "audio" ] ) - ( createChromiumUser "cr" [ "video" "audio" ] ) + ( createFirefoxUser "ff" [ "audio" ] 10 ) + ( createChromiumUser "cr" [ "video" "audio" ] 9 ) + ( createChromiumUser "gm" [ "video" "audio" ] 8 ) ( createChromiumUser "wk" [ "video" "audio" ] ) ( createChromiumUser "fb" [ "video" "audio" ] ) - ( createChromiumUser "gm" [ "video" "audio" ] ) ( createChromiumUser "com" [ "video" "audio" ] ) ]; } diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index fa01a99c9..cd10313fc 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -21,9 +21,9 @@ let in { systemd.services.copyq = { wantedBy = [ "multi-user.target" ]; - requires = [ "display-manager.service" ]; + requires = [ "xserver.service" ]; environment = { - DISPLAY = ":0"; + DISPLAY = ":${toString config.services.xserver.display}"; }; path = with pkgs; [ qt5.full diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix new file mode 100644 index 000000000..b7fcc7aab --- /dev/null +++ b/lass/2configs/dcso-dev.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + inherit (import ) genid; + +in { + users.extraUsers = { + dev = { + name = "dev"; + uid = genid "dev"; + description = "user for collaborative development"; + home = "/home/dev"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost" + ]; + packages = with pkgs; [ + emacs25-nox + + (pkgs.symlinkJoin { + name = "tmux"; + paths = [ + (pkgs.writeDashBin "tmux" '' + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g default-terminal screen-256color + + #use session instead of windows + bind-key c new-session + bind-key p switch-client -p + bind-key n switch-client -n + bind-key C-s switch-client -l + ''} "$@" + '') + pkgs.tmux + ]; + }) + ]; + }; + }; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(dev) NOPASSWD: ALL + ''; +} diff --git a/lass/2configs/hw/gpd-pocket.nix b/lass/2configs/hw/gpd-pocket.nix new file mode 100644 index 000000000..e3d212741 --- /dev/null +++ b/lass/2configs/hw/gpd-pocket.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +let + dummy_firmware = pkgs.writeTextFile { + name = "brcmfmac4356-pcie.txt"; + text = builtins.readFile ./brcmfmac4356-pcie.txt; + destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt"; + }; +in { + hardware.firmware = [ dummy_firmware ]; + + boot.kernelPackages = pkgs.linuxPackages_4_14; + boot.kernelParams = [ + "fbcon=rotate:1" + ]; + services.tlp.enable = true; + services.xserver.displayManager.sessionCommands = '' + (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right) + ''; +} diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 91127f737..962efaf3f 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -76,6 +76,7 @@ let "INBOX" "notmuch://?query=tag:inbox \ and NOT to:nix-devel\ and NOT to:shackspace\ + and NOT to:security\ and NOT to:c-base" \ "shack" "notmuch://?query=to:shackspace"\ "c-base" "notmuch://?query=to:c-base"\ diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index f3ef23e67..98dbdc227 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -22,15 +22,22 @@ let }); }; in { - rules = with git; singleton { - user = with config.krebs.users; [ - config.krebs.users."${config.networking.hostName}-repo-sync" - lass - lass-shodan - ]; - repo = [ repo ]; - perm = push ''refs/*'' [ non-fast-forward create delete merge ]; - }; + rules = with git; [ + { + user = with config.krebs.users; [ + config.krebs.users."${config.networking.hostName}-repo-sync" + lass + lass-shodan + ]; + repo = [ repo ]; + perm = push ''refs/*'' [ non-fast-forward create delete merge ]; + } + { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } + ]; repos."${name}" = repo; }; diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix index 1358dde7a..ee50b3381 100644 --- a/lass/2configs/urxvt.nix +++ b/lass/2configs/urxvt.nix @@ -1,40 +1,32 @@ { config, pkgs, ... }: - -let - inherit (config.users.extraUsers) mainUser; - -in +with import ; { - imports = [ - ../3modules/urxvtd.nix - ../3modules/xresources.nix - ]; + services.urxvtd.enable = true; - services.urxvtd = { - enable = true; - users = [ mainUser.name ]; - urxvtPackage = pkgs.rxvt_unicode_with-plugins; - }; - services.xresources.enable = true; services.xresources.resources.urxvt = '' - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* - URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + URxvt*SaveLines: 4096 + URxvt*scrollBar: false + URxvt*urgentOnBell: true URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - URxvt.url-select.launcher: browser-select + + ${optionalString (hasAttr "browser" config.lass) + "URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select" + } + URxvt.url-select.underline: true URxvt.keysym.M-u: perl:url-select:select_next URxvt.keysym.M-Escape: perl:keyboard-select:activate URxvt.keysym.M-s: perl:keyboard-select:search - URxvt.intensityStyles: false + URxvt.intensityStyles: false - URxvt*background: #000000 - URxvt*foreground: #ffffff + URxvt*background: #000000 + URxvt*foreground: #ffffff !change unreadable blue - URxvt*color4: #268bd2 + URxvt*color4: #268bd2 + + URxvt*color0: #232342 ''; } diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 0d2b731ca..d60b1feea 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -4,10 +4,6 @@ let mainUser = config.users.extraUsers.mainUser; in { - krebs.per-user.wine.packages = with pkgs; [ - wine - #(wineFull.override { wineBuild = "wine64"; }) - ]; users.users= { wine = { name = "wine"; @@ -19,9 +15,27 @@ in { "video" ]; createHome = true; + packages = [ + pkgs.wine + ]; + }; + wine64 = { + name = "wine64"; + description = "user for running wine in 64bit"; + home = "/home/wine64"; + useDefaultShell = true; + extraGroups = [ + "audio" + "video" + ]; + createHome = true; + packages = [ + (pkgs.wine.override { wineBuild = "wineWow"; }) + ]; }; }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(wine) NOPASSWD: ALL + ${mainUser.name} ALL=(wine64) NOPASSWD: ALL ''; } diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix deleted file mode 100644 index a3c54f3a1..000000000 --- a/lass/2configs/xresources.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, pkgs, ... }: - -with import ; - -let - - xresources = pkgs.writeText "Xresources" '' - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*SaveLines: 4096 - - URxvt.font: ${config.lass.fonts.regular} - URxvt.boldFont: ${config.lass.fonts.bold} - URxvt.italicFont: ${config.lass.fonts.italic} - - ! ref https://github.com/muennich/urxvt-perls - URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl - URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - ${optionalString (hasAttr "browser" config.lass) - "URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select" - } - URxvt.url-select.underline: true - URxvt.keysym.M-u: perl:url-select:select_next - URxvt.keysym.M-Escape: perl:keyboard-select:activate - URxvt.keysym.M-s: perl:keyboard-select:search - - URxvt.intensityStyles: false - - URxvt*background: #000000 - URxvt*foreground: #d0d7d0 - - URxvt*cursorColor: #f042b0 - URxvt*cursorColor2: #f0b000 - URxvt*cursorBlink: off - - URxvt*.pointerBlank: true - URxvt*.pointerBlankDelay: 987654321 - URxvt*.pointerColor: #f042b0 - URxvt*.pointerColor2: #050505 - - URxvt*color0: #232342 - ''; - -in { - systemd.services.xresources = { - description = "xresources"; - wantedBy = [ "multi-user.target" ]; - after = [ "display-manager.service" ]; - - environment = { - DISPLAY = ":0"; - }; - - restartIfChanged = true; - - serviceConfig = { - Type = "simple"; - ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}"; - Restart = "on-failure"; - User = "lass"; - }; - }; -} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index e14e39bc2..81b52c306 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -11,6 +11,7 @@ _: ./screenlock.nix ./umts.nix ./usershadow.nix + ./xserver ./xresources.nix ]; } diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix index 06ca1f27d..e16ce9868 100644 --- a/lass/3modules/screenlock.nix +++ b/lass/3modules/screenlock.nix @@ -23,7 +23,7 @@ let before = [ "sleep.target" ]; wantedBy = [ "sleep.target" ]; environment = { - DISPLAY = ":0"; + DISPLAY = ":${toString config.services.xserver.display}"; }; serviceConfig = { SyslogIdentifier = "screenlock"; diff --git a/lass/3modules/xresources.nix b/lass/3modules/xresources.nix index 074963022..017dbff2b 100644 --- a/lass/3modules/xresources.nix +++ b/lass/3modules/xresources.nix @@ -4,16 +4,13 @@ #prefix with Attribute Name #ex: urxvt -# -# with builtins; with lib; let - inherit (import ../../tv/4lib { inherit pkgs lib; }) shell-escape; - inherit (pkgs) writeScript; + inherit (pkgs) writeScript writeText; in @@ -46,12 +43,16 @@ in config = let cfg = config.services.xresources; - xres = concatStringsSep "\n" (attrValues cfg.resources); + xres = writeText "xresources" (concatStringsSep "\n" (attrValues cfg.resources)); in mkIf cfg.enable { services.xserver.displayManager.sessionCommands = '' - echo ${shell-escape xres} | xrdb -merge + ${pkgs.xorg.xrdb}/bin/xrdb -merge ${xres} ''; + environment.systemPackages = [ + (pkgs.writeDashBin "updateXresources" '' + ${pkgs.xorg.xrdb}/bin/xrdb -merge ${xres} + '') + ]; }; - } diff --git a/lass/3modules/xserver/default.nix b/lass/3modules/xserver/default.nix new file mode 100644 index 000000000..462c6deef --- /dev/null +++ b/lass/3modules/xserver/default.nix @@ -0,0 +1,101 @@ +{ config, pkgs, ... }@args: +with import ; +let + + out = { + options.lass.xserver = api; + config = mkIf cfg.enable imp; + }; + + user = config.krebs.build.user; + + cfg = config.lass.xserver; + xcfg = config.services.xserver; + api = { + enable = mkEnableOption "lass xserver"; + }; + imp = { + + services.xserver = { + # Don't install feh into systemPackages + # refs + desktopManager.session = mkForce []; + + enable = true; + display = 11; + tty = 11; + }; + + systemd.services.display-manager.enable = false; + + systemd.services.xmonad = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = { + DISPLAY = ":${toString xcfg.display}"; + + XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & + ${xcfg.displayManager.sessionCommands} + wait + ''; + + XMONAD_DATA_DIR = "/tmp"; + }; + serviceConfig = { + SyslogIdentifier = "xmonad"; + ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; + ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown"; + User = user.name; + WorkingDirectory = user.home; + }; + }; + + systemd.services.xserver = { + after = [ + "systemd-udev-settle.service" + "local-fs.target" + "acpid.service" + ]; + reloadIfChanged = true; + environment = { + XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. + XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. + LD_LIBRARY_PATH = concatStringsSep ":" ( + [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + ++ concatLists (catAttrs "libPath" xcfg.drivers)); + }; + serviceConfig = { + SyslogIdentifier = "xserver"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = toString [ + "${pkgs.xorg.xorgserver}/bin/X" + ":${toString xcfg.display}" + "vt${toString xcfg.tty}" + "-config ${import ./xserver.conf.nix args}" + "-logfile /dev/null -logverbose 0 -verbose 3" + "-nolisten tcp" + "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" + (optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}") + ]; + }; + }; + services.xresources.resources.dpi = '' + ${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"} + ''; + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + serviceConfig = { + SyslogIdentifier = "urxvtd"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = user.name; + }; + }; + }; + +in out diff --git a/lass/3modules/xserver/xserver.conf.nix b/lass/3modules/xserver/xserver.conf.nix new file mode 100644 index 000000000..6f34e0150 --- /dev/null +++ b/lass/3modules/xserver/xserver.conf.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +with import ; + +let + cfg = config.services.xserver; +in + +pkgs.stdenv.mkDerivation { + name = "xserver.conf"; + + xfs = optionalString (cfg.useXFS != false) + ''FontPath "${toString cfg.useXFS}"''; + + inherit (cfg) config; + + buildCommand = + '' + echo 'Section "Files"' >> $out + echo $xfs >> $out + + for i in ${toString config.fonts.fonts}; do + if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then + for j in $(find $i -name fonts.dir); do + echo " FontPath \"$(dirname $j)\"" >> $out + done + fi + done + + for i in $(find ${toString cfg.modules} -type d); do + if test $(echo $i/*.so* | wc -w) -ne 0; then + echo " ModulePath \"$i\"" >> $out + fi + done + + echo 'EndSection' >> $out + + echo "$config" >> $out + ''; +} diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index e0775f076..5b668c88f 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -21,6 +21,9 @@ xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; }; yt-next = pkgs.callPackage ./yt-next/default.nix {}; - screengrab = pkgs.writeDashBin "screengrab" "${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -s 1024x768 -i :0.0 -c:v huffyuv $1"; + screengrab = pkgs.writeDashBin "screengrab" '' + resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')" + ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :0.0 -s $resolution -c:v huffyuv $1 + ''; }; } diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 478686245..65bec117d 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -3,6 +3,7 @@ pkgs.writeHaskell "xmonad-lass" { executables.xmonad = { extra-depends = [ "containers" + "extra" "unix" "X11" "xmonad" @@ -20,17 +21,15 @@ module Main where import XMonad import qualified XMonad.StackSet as W -import Control.Exception +import Control.Monad.Extra (whenJustM) import Data.List (isInfixOf) -import System.Environment (getArgs, withArgs) -import System.IO (hPutStrLn, stderr) +import System.Environment (getArgs, lookupEnv) import System.Posix.Process (executeFile) import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace) import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch) -import XMonad.Actions.UpdatePointer (updatePointer) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) @@ -48,28 +47,30 @@ import XMonad.Layout.SimpleFloat (simpleFloat) import XMonad.Stockholm.Shutdown myTerm :: FilePath -myTerm = "${pkgs.rxvt_unicode}/bin/urxvtc" +myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc" myFont :: String myFont = "${config.lass.fonts.regular}" main :: IO () main = getArgs >>= \case - ["--shutdown"] -> sendShutdownEvent - _ -> mainNoArgs + ["--shutdown"] -> sendShutdownEvent + _ -> main' -mainNoArgs :: IO () -mainNoArgs = do - xmonad' +main' :: IO () +main' = do + xmonad $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , logHook = updatePointer (0.25, 0.25) (0.25, 0.25) , manageHook = placeHook (smart (1,0)) <+> floatNextHook + , startupHook = + whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) + (\path -> forkFile path [] Nothing) , normalBorderColor = "#1c1c1c" - , focusedBorderColor = "#f000b0" + , focusedBorderColor = "#ff0000" , handleEventHook = handleShutdownEvent , workspaces = [ "dashboard", "sys", "wp" ] } `additionalKeysP` myKeyMap @@ -78,22 +79,6 @@ myLayoutHook = defLayout where defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) ||| simpleFloat - -xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO () -xmonad' conf = do - let path = "/tmp/xmonad.state" - try (readFile path) >>= \case - Right content -> do - hPutStrLn stderr ("resuming from " ++ path) - withArgs ("--resume" : lines content) (xmonad conf) - Left e -> do - hPutStrLn stderr (displaySomeException e) - xmonad conf - -displaySomeException :: SomeException -> String -displaySomeException = displayException - - myKeyMap :: [([Char], X ())] myKeyMap = [ ("M4-", spawn "${config.lass.screenlock.command}") diff --git a/lass/source.nix b/lass/source.nix index d0f77573d..292b92a9e 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0c5a587"; + ref = "f9390d6"; }; secrets.file = getAttr builder { buildbot = toString ; diff --git a/lib/types.nix b/lib/types.nix index 08dc0974e..c3b14d807 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -92,7 +92,7 @@ rec { default = null; }; addrs = mkOption { - type = listOf cidr; + type = listOf addr; default = optional (config.ip4 != null) config.ip4.addr ++ optional (config.ip6 != null) config.ip6.addr; @@ -155,6 +155,8 @@ rec { ++ (map (a: "Subnet = ${a}") net.addrs) ++ + (map (a: "Subnet = ${a}") config.subnets) + ++ [config.extraConfig] ++ [config.pubkey] @@ -173,6 +175,11 @@ rec { description = "tinc port to use to connect to host"; default = 655; }; + subnets = mkOption { + type = listOf cidr; + description = "tinc subnets"; + default = []; + }; }; })); default = null; diff --git a/shell.nix b/shell.nix index 53b0f964a..bfdf1b3ca 100644 --- a/shell.nix +++ b/shell.nix @@ -2,239 +2,16 @@ let lib = import ./lib; pkgs = import { overlays = [(import ./krebs/5pkgs)]; }; - # - # high level commands - # - - cmds.deploy = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target.default = /* sh */ "$system"; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeDash "cmds.deploy" '' - set -efu - - . ${init.env} - . ${init.proxy "deploy" opts} - - # Use system's nixos-rebuild, which is not self-contained - export PATH=/run/current-system/sw/bin - exec ${utils.with-whatsupnix} \ - nixos-rebuild switch \ - --show-trace \ - -I "$target_path" - ''); - - cmds.install = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target = {}; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeBash "cmds.install" '' - set -efu - - . ${init.env} - - if \test "''${using_proxy-}" != true; then - ${pkgs.openssh}/bin/ssh \ - -o StrictHostKeyChecking=no \ - -o UserKnownHostsFile=/dev/null \ - "$target_user@$target_host" -p "$target_port" \ - env target_path=$(quote "$target_path") \ - sh -s prepare < ${./krebs/4lib/infest/prepare.sh} - # TODO inline prepare.sh? - fi - - . ${init.proxy "install" opts} - - # Reset PATH because we need access to nixos-install. - # TODO provide nixos-install instead of relying on prepare.sh - export PATH="$OLD_PATH" - - # these variables get defined by nix-shell (i.e. nix-build) from - # XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0), - # which only exists on / and not at /mnt. - export NIX_BUILD_TOP=/tmp - export TEMPDIR=/tmp - export TEMP=/tmp - export TMPDIR=/tmp - export TMP=/tmp - export XDG_RUNTIME_DIR=/tmp - - export NIXOS_CONFIG="$target_path/nixos-config" - - cd - exec nixos-install - ''); - - cmds.test = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target = {}; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeDash "cmds.test" /* sh */ '' - set -efu - - export dummy_secrets=true - - . ${init.env} - . ${init.proxy "test" opts} - - exec ${utils.build} config.system.build.toplevel - ''); - - # - # low level commands - # - - # usage: get-source SOURCE_FILE - cmds.get-source = pkgs.writeDash "cmds.get-source" '' - set -efu - exec ${pkgs.nix}/bin/nix-instantiate \ - --eval \ - --json \ - --readonly-mode \ - --show-trace \ - --strict \ - "$1" - ''; - - # usage: parse-target [--default=TARGET] TARGET - # TARGET = [USER@]HOST[:PORT][/PATH] - cmds.parse-target = pkgs.withGetopt { - default_target = { - long = "default"; - short = "d"; - }; - } (opts: pkgs.writeDash "cmds.parse-target" '' - set -efu - target=$1; shift - for arg; do echo "$0: bad argument: $arg" >&2; done - if \test $# != 0; then exit 2; fi - exec ${pkgs.jq}/bin/jq \ - -enr \ - --arg default_target "$default_target" \ - --arg target "$target" \ - -f ${pkgs.writeText "cmds.parse-target.jq" '' - def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { - user: .captures[0].string, - host: .captures[1].string, - port: .captures[2].string, - path: .captures[3].string, - }; - def sanitize: with_entries(select(.value != null)); - ($default_target | parse) + ($target | parse | sanitize) | - . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } - ''} - ''); - - init.env = pkgs.writeText "init.env" /* sh */ '' - export quiet - export system - export target - export user - - default_target=root@$system:22/var/src - - export target_object="$(parse-target "$target" -d "$default_target")" - export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" - export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" - export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" - export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)" - export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" - ''; - - init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ '' - if \test "''${using_proxy-}" != true; then - - source=$(get-source "$source_file") - qualified_target=$target_user@$target_host:$target_port$target_path - if \test "$force_populate" = true; then - echo "$source" | populate --force "$qualified_target" - else - echo "$source" | populate "$qualified_target" - fi - - if \test "$target_local" != true; then - exec ${pkgs.openssh}/bin/ssh \ - "$target_user@$target_host" -p "$target_port" \ - cd "$target_path/stockholm" \; \ - NIX_PATH=$(quote "$target_path") \ - STOCKHOLM_VERSION=$(quote "$STOCKHOLM_VERSION") \ - nix-shell --run "$(quote " - ${lib.concatStringsSep " " (lib.mapAttrsToList - (name: opt: /* sh */ "${opt.varname}=\$(quote ${opt.ref})") - opts - )} \ - using_proxy=true \ - ${lib.shell.escape command} \ - $WITHGETOPT_ORIG_ARGS \ - ")" - fi - fi - ''; - - utils.build = pkgs.writeDash "utils.build" '' - set -efu - ${utils.with-whatsupnix} \ - ${pkgs.nix}/bin/nix-build \ - --no-out-link \ - --show-trace \ - -E "with import ; $1" \ - -I "$target_path" \ - ''; - - utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" '' - set -efu - if \test "$quiet" = true; then - "$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix - else - exec "$@" - fi - ''; - - shell.get-version = pkgs.writeDash "shell.get-version" '' - set -efu - version=git.$(${pkgs.git}/bin/git describe --always --dirty) - case $version in (*-dirty) - version=$version@$HOSTNAME - esac - date=$(${pkgs.coreutils}/bin/date +%y.%m) - echo "$date.$version" - ''; - - shell.cmdspkg = pkgs.writeOut "shell.cmdspkg" (lib.mapAttrs' (name: link: - lib.nameValuePair "/bin/${name}" { inherit link; } - ) cmds); - in pkgs.stdenv.mkDerivation { name = "stockholm"; shellHook = /* sh */ '' - export OLD_PATH="$PATH" export NIX_PATH=stockholm=${toString ./.}:nixpkgs=${toString } if test -e /nix/var/nix/daemon-socket/socket; then export NIX_REMOTE=daemon fi export PATH=${lib.makeBinPath [ - pkgs.populate - pkgs.quote - shell.cmdspkg - ]} + pkgs.stockholm + ]}''${PATH+:$PATH} eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)" shopt -u no_empty_cmd_completion @@ -251,9 +28,6 @@ in pkgs.stdenv.mkDerivation { : } - export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" - export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}" - PS1='\[\e[38;5;162m\]\w\[\e[0m\] ' ''; } diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index f76fb2e01..14d381568 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -22,6 +22,12 @@ with import ; dst = { host = config.krebs.hosts.zu; path = "/bku/nomic-home"; }; startAt = "04:20"; }; + nomic-pull-querel-home = { + method = "pull"; + src = { host = config.krebs.hosts.querel; path = "/home"; }; + dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; }; + startAt = "00:00"; + }; wu-home-xu = { method = "push"; src = { host = config.krebs.hosts.wu; path = "/home"; }; diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 8f3ee5966..7ba78b974 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -1,7 +1,12 @@ { config, pkgs, ... }@args: with import ; let - user = config.krebs.build.user; + cfg = { + cacheDir = cfg.dataDir; + configDir = "/var/empty"; + dataDir = "/run/xdg/${cfg.user.name}/xmonad"; + user = config.krebs.build.user; + }; in { environment.systemPackages = [ @@ -25,7 +30,7 @@ in { group = "wheel"; envp = { DISPLAY = ":${toString config.services.xserver.display}"; - USER = user.name; + USER = cfg.user.name; }; }; @@ -54,6 +59,10 @@ in { environment = { DISPLAY = ":${toString config.services.xserver.display}"; + XMONAD_CACHE_DIR = cfg.cacheDir; + XMONAD_CONFIG_DIR = cfg.configDir; + XMONAD_DATA_DIR = cfg.dataDir; + XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & @@ -62,8 +71,6 @@ in { wait ''; - XMONAD_STATE = "/tmp/xmonad.state"; - # XXX JSON is close enough :) XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ "Dashboard" # we start here @@ -79,10 +86,15 @@ in { }; serviceConfig = { SyslogIdentifier = "xmonad"; + ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [ + "\${XMONAD_CACHE_DIR}" + "\${XMONAD_CONFIG_DIR}" + "\${XMONAD_DATA_DIR}" + ]}"; ExecStart = "${pkgs.xmonad-tv}/bin/xmonad"; ExecStop = "${pkgs.xmonad-tv}/bin/xmonad --shutdown"; - User = user.name; - WorkingDirectory = user.home; + User = cfg.user.name; + WorkingDirectory = cfg.user.home; }; }; @@ -125,7 +137,7 @@ in { Restart = "always"; RestartSec = "2s"; StartLimitBurst = 0; - User = user.name; + User = cfg.user.name; }; }; } diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index 94554f57c..94c70153d 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -71,7 +71,7 @@ main = getArgs >>= \case mainNoArgs :: IO () mainNoArgs = do workspaces0 <- getWorkspaces0 - xmonad' + xmonad -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } -- urgencyConfig { remindWhen = Every 1 } -- $ withUrgencyHook borderUrgencyHook "magenta" @@ -95,17 +95,6 @@ mainNoArgs = do } -xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO () -xmonad' conf = do - path <- getEnv "XMONAD_STATE" - try (readFile path) >>= \case - Right content -> do - hPutStrLn stderr ("resuming from " ++ path) - withArgs ("--resume" : lines content) (xmonad conf) - Left e -> do - hPutStrLn stderr (displaySomeException e) - xmonad conf - getWorkspaces0 :: IO [String] getWorkspaces0 = try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case