Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse Source
This commit is contained in:
makefu 2017-12-08 13:33:48 +01:00
commit 3faa411069
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
35 changed files with 772 additions and 450 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
krebs/1systems/hotdog/config.nix
View File

@ -13,7 +13,6 @@
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix> <stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix> <stockholm/krebs/2configs/reaktor-retiolum.nix>
]; ];

3
krebs/2configs/ircd.nix
View File

@ -7,6 +7,9 @@
services.charybdis = { services.charybdis = {
enable = true; enable = true;
motd = ''
hello
'';
config = '' config = ''
serverinfo { serverinfo {
name = "${config.krebs.build.host.name}.irc.retiolum"; name = "${config.krebs.build.host.name}.irc.retiolum";

2
krebs/3modules/ci.nix
View File

@ -104,7 +104,7 @@ in
"dummy_secrets": "true", "dummy_secrets": "true",
}, },
command=[ command=[
"nix-shell", "--run", " ".join(["test", "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
"--user={}".format(user), "--user={}".format(user),
"--system={}".format(host), "--system={}".format(host),
"--force-populate", "--force-populate",

13
krebs/3modules/default.nix
View File

@ -44,6 +44,7 @@ let
./tinc_graphs.nix ./tinc_graphs.nix
./urlwatch.nix ./urlwatch.nix
./repo-sync.nix ./repo-sync.nix
./zones.nix
]; ];
options.krebs = api; options.krebs = api;
config = lib.mkIf cfg.enable imp; config = lib.mkIf cfg.enable imp;
@ -60,6 +61,7 @@ let
hosts = mkOption { hosts = mkOption {
type = with types; attrsOf host; type = with types; attrsOf host;
default = {};
}; };
users = mkOption { users = mkOption {
@ -171,17 +173,6 @@ let
''; '';
}; };
# Implements environment.etc."zones/<zone-name>"
environment.etc = let
stripEmptyLines = s: (concatStringsSep "\n"
(remove "\n" (remove "" (splitString "\n" s)))) + "\n";
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
([cfg.zone-head-config] ++ combined-hosts);
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
in lib.mapAttrs' (name: value: nameValuePair
("zones/" + name)
{ text=(stripEmptyLines value); }) all-zones;
krebs.exim-smarthost.internet-aliases = let krebs.exim-smarthost.internet-aliases = let
format = from: to: { format = from: to: {
inherit from; inherit from;

2
krebs/3modules/fetchWallpaper.nix
View File

@ -27,7 +27,7 @@ let
}; };
display = mkOption { display = mkOption {
type = types.str; type = types.str;
default = ":0"; default = ":${toString config.services.xserver.display}";
}; };
unitConfig = mkOption { unitConfig = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;

48
krebs/3modules/lass/default.nix
View File

@ -449,8 +449,6 @@ with import <stockholm/lib>;
retiolum = rec { retiolum = rec {
via = internet; via = internet;
addrs = [ addrs = [
# edinburgh university
"129.215.0.0/16"
ip4.addr ip4.addr
ip6.addr ip6.addr
]; ];
@ -472,6 +470,10 @@ with import <stockholm/lib>;
lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
tinc.subnets = [
# edinburgh university
"129.215.0.0/16"
];
}; };
}; };
}; };
@ -533,6 +535,45 @@ with import <stockholm/lib>;
}; };
}; };
}; };
reagenzglas = {
ci = false;
external = true;
nets = {
retiolum = {
ip4.addr = "10.243.27.27";
ip6.addr = "42::27";
aliases = [
"reagenzglas.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P
bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0
utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO
2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5
hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u
mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW
8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06
aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw
pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu
3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/
lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5
+IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz
9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli
PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0
ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn
GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE
hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2
ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX
vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe
G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44
5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x
Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
}; };
users = { users = {
lass = { lass = {
@ -581,5 +622,8 @@ with import <stockholm/lib>;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
mail = "joerg@higgsboson.tk"; mail = "joerg@higgsboson.tk";
}; };
jeschli = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01";
};
}; };
} }

22
krebs/3modules/zones.nix Normal file
View File

@ -0,0 +1,22 @@
with import <stockholm/lib>;
{ config, ... }: {
config = {
# Implements environment.etc."zones/<zone-name>"
environment.etc = let
stripEmptyLines = s: (concatStringsSep "\n"
(remove "\n" (remove "" (splitString "\n" s)))) + "\n";
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
([config.krebs.zone-head-config] ++ combined-hosts);
combined-hosts =
mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts;
in
mapAttrs'
(name: value: {
name = "zones/${name}";
value.text = stripEmptyLines value;
})
all-zones;
};
}

22
krebs/5pkgs/haskell/nix-diff.nix Normal file
View File

@ -0,0 +1,22 @@
{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl
, nix-derivation, optparse-generic, stdenv, system-filepath, text
, unix, vector
}:
mkDerivation {
pname = "nix-diff";
version = "1.0.0";
src = fetchgit {
url = "https://github.com/Gabriel439/nix-diff";
sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k";
rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d";
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
attoparsec base containers Diff mtl nix-derivation optparse-generic
system-filepath text unix vector
];
homepage = "https://github.com/Gabriel439/nix-diff";
description = "Explain why two Nix derivations differ";
license = stdenv.lib.licenses.bsd3;
}

8
krebs/5pkgs/haskell/xmonad-stockholm.nix
View File

@ -1,13 +1,13 @@
{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape { mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape
, xmonad, xmonad-contrib , xmonad, xmonad-contrib
}: }:
mkDerivation { mkDerivation rec {
pname = "xmonad-stockholm"; pname = "xmonad-stockholm";
version = "1.1.0"; version = "1.1.1";
src = fetchgit { src = fetchgit {
url = http://cgit.ni.krebsco.de/xmonad-stockholm; url = http://cgit.ni.krebsco.de/xmonad-stockholm;
rev = "179d29fd4c765dee698058ef63295331ac603639"; rev = "refs/tags/v${version}";
sha256 = "0c6mj68xsxxr4j8adkzhjszi7bg6cpisrsmqn587a16sblpbrnkj"; sha256 = "05nnfg6q35z3qgf507qa80bz32jl4k719dl5phlmchplp3769585";
}; };
libraryHaskellDepends = [ libraryHaskellDepends = [
base containers X11 X11-xshape xmonad xmonad-contrib base containers X11 X11-xshape xmonad xmonad-contrib

291
krebs/5pkgs/simple/stockholm/default.nix Normal file
View File

@ -0,0 +1,291 @@
{ pkgs }: let
stockholm-dir = ../../../..;
lib = import (stockholm-dir + "/lib");
#
# high level commands
#
cmds.deploy = pkgs.withGetopt {
diff = { default = /* sh */ "false"; switch = true; };
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
source_file = {
default = /* sh */ "$user/1systems/$system/source.nix";
long = "source";
};
system = {};
target.default = /* sh */ "$system";
user.default = /* sh */ "$LOGNAME";
} (opts: pkgs.writeDash "stockholm.deploy" ''
set -efu
. ${init.env}
. ${init.proxy "deploy" opts}
if \test ${opts.diff.ref} = true; then
system_profile=/nix/var/nix/profiles/system
system_drv_cur=/etc/system.drv
system_drv_new=$(
${pkgs.nix}/bin/nix-instantiate \
-Q \
-I "$target_path" \
-E '
(import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [ <nixos-config> ];
}).config.system.build.toplevel
'
)
if \test -e "$system_drv_cur"; then
system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur")
system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new")
if \test "$system_drv_cur_c" = "$system_drv_new_c"; then
echo "$0: system up to date" >&2
exit 0
fi
system_drv_cur=$system_drv_cur_c \
system_drv_new=$system_drv_new_c \
${pkgs.utillinux}/bin/script \
--command '
${pkgs.haskellPackages.nix-diff}/bin/nix-diff \
"$system_drv_cur" "$system_drv_new"
' \
--quiet \
--return \
/dev/null
printf 'deploy? [N/y] ' >&2
read -r REPLY
if \test "$REPLY" != y; then
echo "$0: abort!" >&2
exit 1
fi
else
echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2
fi
new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new")
${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system"
PATH=${lib.makeBinPath [
pkgs.systemd
]} \
"$system_profile"/bin/switch-to-configuration switch
${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur"
exit
fi
# Use system's nixos-rebuild, which is not self-contained
export PATH=/run/current-system/sw/bin
exec ${utils.with-whatsupnix} \
nixos-rebuild switch \
--show-trace \
-I "$target_path"
'');
cmds.install = pkgs.withGetopt {
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
source_file = {
default = /* sh */ "$user/1systems/$system/source.nix";
long = "source";
};
system = {};
target = {};
user.default = /* sh */ "$LOGNAME";
} (opts: pkgs.writeBash "stockholm.install" ''
set -efu
. ${init.env}
if \test "''${using_proxy-}" != true; then
${pkgs.openssh}/bin/ssh \
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
"$target_user@$target_host" -p "$target_port" \
env target_path=$(${pkgs.quote}/bin/quote "$target_path") \
sh -s prepare \
< ${stockholm-dir + "/krebs/4lib/infest/prepare.sh"}
# TODO inline prepare.sh?
fi
. ${init.proxy "install" opts}
# these variables get defined by nix-shell (i.e. nix-build) from
# XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0),
# which only exists on / and not at /mnt.
export NIX_BUILD_TOP=/tmp
export TEMPDIR=/tmp
export TEMP=/tmp
export TMPDIR=/tmp
export TMP=/tmp
export XDG_RUNTIME_DIR=/tmp
export NIXOS_CONFIG="$target_path/nixos-config"
cd
exec nixos-install
'');
cmds.test = pkgs.withGetopt {
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
source_file = {
default = /* sh */ "$user/1systems/$system/source.nix";
long = "source";
};
system = {};
target = {};
user.default = /* sh */ "$LOGNAME";
} (opts: pkgs.writeDash "stockholm.test" /* sh */ ''
set -efu
export dummy_secrets=true
. ${init.env}
. ${init.proxy "test" opts}
exec ${utils.build} config.system.build.toplevel
'');
#
# low level commands
#
# usage: get-source SOURCE_FILE
cmds.get-source = pkgs.writeDash "stockholm.get-source" ''
set -efu
exec ${pkgs.nix}/bin/nix-instantiate \
--eval \
--json \
--readonly-mode \
--show-trace \
--strict \
"$1"
'';
# usage: parse-target [--default=TARGET] TARGET
# TARGET = [USER@]HOST[:PORT][/PATH]
cmds.parse-target = pkgs.withGetopt {
default_target = {
long = "default";
short = "d";
};
} (opts: pkgs.writeDash "stockholm.parse-target" ''
set -efu
target=$1; shift
for arg; do echo "$0: bad argument: $arg" >&2; done
if \test $# != 0; then exit 2; fi
exec ${pkgs.jq}/bin/jq \
-enr \
--arg default_target "$default_target" \
--arg target "$target" \
-f ${pkgs.writeText "stockholm.parse-target.jq" ''
def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | {
user: .captures[0].string,
host: .captures[1].string,
port: .captures[2].string,
path: .captures[3].string,
};
def sanitize: with_entries(select(.value != null));
($default_target | parse) + ($target | parse | sanitize) |
. + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) }
''}
'');
init.env = pkgs.writeText "init.env" /* sh */ ''
export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}"
export quiet
export system
export target
export user
default_target=root@$system:22/var/src
export target_object="$(
${cmds.parse-target} "$target" -d "$default_target"
)"
export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)"
export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)"
export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)"
export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)"
export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)"
'';
init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ ''
if \test "''${using_proxy-}" != true; then
source=$(${cmds.get-source} "$source_file")
qualified_target=$target_user@$target_host:$target_port$target_path
if \test "$force_populate" = true; then
echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target"
else
echo "$source" | ${pkgs.populate}/bin/populate "$qualified_target"
fi
if \test "$target_local" != true; then
exec ${pkgs.openssh}/bin/ssh \
"$target_user@$target_host" -p "$target_port" \
cd "$target_path/stockholm" \; \
NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \
STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \
nix-shell --run "$(${pkgs.quote}/bin/quote "
${lib.concatStringsSep " " (lib.mapAttrsToList
(name: opt: /* sh */
"${opt.varname}=\$(${pkgs.quote}/bin/quote ${opt.ref})")
opts
)} \
using_proxy=true \
${lib.shell.escape command} \
$WITHGETOPT_ORIG_ARGS \
")"
fi
fi
'';
utils.build = pkgs.writeDash "utils.build" ''
set -efu
${utils.with-whatsupnix} \
${pkgs.nix}/bin/nix-build \
--no-out-link \
--show-trace \
-E "with import <stockholm>; $1" \
-I "$target_path" \
'';
utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" ''
set -efu
if \test "$quiet" = true; then
"$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix
else
exec "$@"
fi
'';
shell.get-version = pkgs.writeDash "stockholm.get-version" ''
set -efu
version=git.$(${pkgs.git}/bin/git describe --always --dirty)
case $version in (*-dirty)
version=$version@$HOSTNAME
esac
date=$(${pkgs.coreutils}/bin/date +%y.%m)
echo "$date.$version"
'';
in
pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link:
lib.nameValuePair "/bin/${name}" { inherit link; }
) cmds)

11
lass/1systems/helios/config.nix
View File

@ -13,6 +13,9 @@ with import <stockholm/lib>;
# TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
#<stockholm/lass/2configs/git.nix> #<stockholm/lass/2configs/git.nix>
<stockholm/lass/2configs/dcso-vpn.nix> <stockholm/lass/2configs/dcso-vpn.nix>
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
{ # automatic hardware detection { # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
@ -60,6 +63,13 @@ with import <stockholm/lib>;
maxTime = 9001; maxTime = 9001;
}; };
} }
{
#urban terror port
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 27960"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 27960"; target = "ACCEPT"; }
];
}
]; ];
krebs.build.host = config.krebs.hosts.helios; krebs.build.host = config.krebs.hosts.helios;
@ -91,7 +101,6 @@ with import <stockholm/lib>;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ag ag
vim vim
rxvt_unicode
git git
rsync rsync
hashPassword hashPassword

2
lass/1systems/prism/config.nix
View File

@ -285,6 +285,8 @@ in {
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; } { predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
]; ];
} }
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix>
]; ];
krebs.build.host = config.krebs.hosts.prism; krebs.build.host = config.krebs.hosts.prism;

40
lass/2configs/baseX.nix
View File

@ -7,9 +7,9 @@ in {
./mpv.nix ./mpv.nix
./power-action.nix ./power-action.nix
./copyq.nix ./copyq.nix
./xresources.nix
./livestream.nix ./livestream.nix
./dns-stuff.nix ./dns-stuff.nix
./urxvt.nix
{ {
hardware.pulseaudio = { hardware.pulseaudio = {
enable = true; enable = true;
@ -41,6 +41,11 @@ in {
default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
}; };
}; };
config.services.xresources.resources.X = ''
*.font: ${config.lass.fonts.regular}
*.boldFont: ${config.lass.fonts.bold}
*.italicFont: ${config.lass.fonts.italic}
'';
} }
]; ];
@ -64,9 +69,11 @@ in {
dic dic
dmenu dmenu
gi gi
git-preview
gitAndTools.qgit gitAndTools.qgit
lm_sensors
haskellPackages.hledger haskellPackages.hledger
lm_sensors
mpv-poll
much much
ncdu ncdu
nix-repl nix-repl
@ -74,7 +81,7 @@ in {
pavucontrol pavucontrol
powertop powertop
push push
rxvt_unicode rxvt_unicode_with-plugins
screengrab screengrab
slock slock
sxiv sxiv
@ -97,26 +104,8 @@ in {
xlibs.fontschumachermisc xlibs.fontschumachermisc
]; ];
lass.xserver.enable = true;
services.xserver = { services.xserver = {
enable = true;
desktopManager.xterm.enable = false;
desktopManager.default = "none";
displayManager.lightdm.enable = true;
displayManager.lightdm.autoLogin = {
enable = true;
user = "lass";
};
windowManager.default = "xmonad";
windowManager.session = [{
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
${pkgs.xmonad-lass}/bin/xmonad &
waitPID=$!
'';
}];
layout = "us"; layout = "us";
xkbModel = "evdev"; xkbModel = "evdev";
xkbVariant = "altgr-intl"; xkbVariant = "altgr-intl";
@ -127,12 +116,7 @@ in {
HandleLidSwitch=ignore HandleLidSwitch=ignore
''; '';
services.xserver.synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
};
services.urxvtd.enable = true; services.urxvtd.enable = true;
services.xresources.enable = true;
lass.screenlock.enable = true; lass.screenlock.enable = true;
} }

43
lass/2configs/browsers.nix
View File

@ -5,19 +5,23 @@ let
mainUser = config.users.extraUsers.mainUser; mainUser = config.users.extraUsers.mainUser;
browser-select = pkgs.writeScriptBin "browser-select" '' browser-select = let
BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu) sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
(mapAttrsToList (name: value: { inherit name value; })
config.lass.browser.paths);
in pkgs.writeScriptBin "browser-select" ''
BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
case $BROWSER in case $BROWSER in
${concatMapStringsSep "\n" (n: '' ${concatMapStringsSep "\n" (n: ''
${n}) ${n.name})
export BIN=${config.lass.browser.paths.${n}}/bin/${n} export BIN=${n.value.path}/bin/${n.name}
;; ;;
'') (attrNames config.lass.browser.paths)} '') (sortedPaths)}
esac esac
$BIN "$@" $BIN "$@"
''; '';
createChromiumUser = name: extraGroups: createChromiumUser = name: extraGroups: precedence:
let let
bin = pkgs.writeScriptBin name '' bin = pkgs.writeScriptBin name ''
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
@ -31,7 +35,7 @@ let
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
}; };
lass.browser.paths.${name} = bin; lass.browser.paths.${name}.path = bin;
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
''; '';
@ -40,7 +44,7 @@ let
]; ];
}; };
createFirefoxUser = name: extraGroups: createFirefoxUser = name: extraGroups: precedence:
let let
bin = pkgs.writeScriptBin name '' bin = pkgs.writeScriptBin name ''
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
@ -54,7 +58,10 @@ let
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
}; };
lass.browser.paths.${name} = bin; lass.browser.paths.${name} = {
path = bin;
inherit precedence;
};
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
''; '';
@ -79,14 +86,24 @@ in {
type = types.path; type = types.path;
}; };
options.lass.browser.paths = mkOption { options.lass.browser.paths = mkOption {
type = with types; attrsOf path; type = types.attrsOf (types.submodule ({
options = {
path = mkOption {
type = types.path;
};
precedence = mkOption {
type = types.int;
default = 0;
};
};
}));
}; };
} }
( createFirefoxUser "ff" [ "audio" ] ) ( createFirefoxUser "ff" [ "audio" ] 10 )
( createChromiumUser "cr" [ "video" "audio" ] ) ( createChromiumUser "cr" [ "video" "audio" ] 9 )
( createChromiumUser "gm" [ "video" "audio" ] 8 )
( createChromiumUser "wk" [ "video" "audio" ] ) ( createChromiumUser "wk" [ "video" "audio" ] )
( createChromiumUser "fb" [ "video" "audio" ] ) ( createChromiumUser "fb" [ "video" "audio" ] )
( createChromiumUser "gm" [ "video" "audio" ] )
( createChromiumUser "com" [ "video" "audio" ] ) ( createChromiumUser "com" [ "video" "audio" ] )
]; ];
} }

4
lass/2configs/copyq.nix
View File

@ -21,9 +21,9 @@ let
in { in {
systemd.services.copyq = { systemd.services.copyq = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "display-manager.service" ]; requires = [ "xserver.service" ];
environment = { environment = {
DISPLAY = ":0"; DISPLAY = ":${toString config.services.xserver.display}";
}; };
path = with pkgs; [ path = with pkgs; [
qt5.full qt5.full

48
lass/2configs/dcso-dev.nix Normal file
View File

@ -0,0 +1,48 @@
{ config, lib, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
inherit (import <stockholm/lib>) genid;
in {
users.extraUsers = {
dev = {
name = "dev";
uid = genid "dev";
description = "user for collaborative development";
home = "/home/dev";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
];
packages = with pkgs; [
emacs25-nox
(pkgs.symlinkJoin {
name = "tmux";
paths = [
(pkgs.writeDashBin "tmux" ''
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g default-terminal screen-256color
#use session instead of windows
bind-key c new-session
bind-key p switch-client -p
bind-key n switch-client -n
bind-key C-s switch-client -l
''} "$@"
'')
pkgs.tmux
];
})
];
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';
}

20
lass/2configs/hw/gpd-pocket.nix Normal file
View File

@ -0,0 +1,20 @@
{ pkgs, ... }:
let
dummy_firmware = pkgs.writeTextFile {
name = "brcmfmac4356-pcie.txt";
text = builtins.readFile ./brcmfmac4356-pcie.txt;
destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt";
};
in {
hardware.firmware = [ dummy_firmware ];
boot.kernelPackages = pkgs.linuxPackages_4_14;
boot.kernelParams = [
"fbcon=rotate:1"
];
services.tlp.enable = true;
services.xserver.displayManager.sessionCommands = ''
(sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right)
'';
}

1
lass/2configs/mail.nix
View File

@ -76,6 +76,7 @@ let
"INBOX" "notmuch://?query=tag:inbox \ "INBOX" "notmuch://?query=tag:inbox \
and NOT to:nix-devel\ and NOT to:nix-devel\
and NOT to:shackspace\ and NOT to:shackspace\
and NOT to:security\
and NOT to:c-base" \ and NOT to:c-base" \
"shack" "notmuch://?query=to:shackspace"\ "shack" "notmuch://?query=to:shackspace"\
"c-base" "notmuch://?query=to:c-base"\ "c-base" "notmuch://?query=to:c-base"\

25
lass/2configs/repo-sync.nix
View File

@ -22,15 +22,22 @@ let
}); });
}; };
in { in {
rules = with git; singleton { rules = with git; [
user = with config.krebs.users; [ {
config.krebs.users."${config.networking.hostName}-repo-sync" user = with config.krebs.users; [
lass config.krebs.users."${config.networking.hostName}-repo-sync"
lass-shodan lass
]; lass-shodan
repo = [ repo ]; ];
perm = push ''refs/*'' [ non-fast-forward create delete merge ]; repo = [ repo ];
}; perm = push ''refs/*'' [ non-fast-forward create delete merge ];
}
{
user = attrValues config.krebs.users;
repo = [ repo ];
perm = fetch;
}
];
repos."${name}" = repo; repos."${name}" = repo;
}; };

40
lass/2configs/urxvt.nix
View File

@ -1,40 +1,32 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
with import <stockholm/lib>;
let
inherit (config.users.extraUsers) mainUser;
in
{ {
imports = [ services.urxvtd.enable = true;
../3modules/urxvtd.nix
../3modules/xresources.nix
];
services.urxvtd = {
enable = true;
users = [ mainUser.name ];
urxvtPackage = pkgs.rxvt_unicode_with-plugins;
};
services.xresources.enable = true;
services.xresources.resources.urxvt = '' services.xresources.resources.urxvt = ''
URxvt*scrollBar: false URxvt*SaveLines: 4096
URxvt*urgentOnBell: true URxvt*scrollBar: false
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* URxvt*urgentOnBell: true
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.url-select.launcher: browser-select
${optionalString (hasAttr "browser" config.lass)
"URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select"
}
URxvt.url-select.underline: true URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false URxvt.intensityStyles: false
URxvt*background: #000000 URxvt*background: #000000
URxvt*foreground: #ffffff URxvt*foreground: #ffffff
!change unreadable blue !change unreadable blue
URxvt*color4: #268bd2 URxvt*color4: #268bd2
URxvt*color0: #232342
''; '';
} }

22
lass/2configs/wine.nix
View File

@ -4,10 +4,6 @@ let
mainUser = config.users.extraUsers.mainUser; mainUser = config.users.extraUsers.mainUser;
in { in {
krebs.per-user.wine.packages = with pkgs; [
wine
#(wineFull.override { wineBuild = "wine64"; })
];
users.users= { users.users= {
wine = { wine = {
name = "wine"; name = "wine";
@ -19,9 +15,27 @@ in {
"video" "video"
]; ];
createHome = true; createHome = true;
packages = [
pkgs.wine
];
};
wine64 = {
name = "wine64";
description = "user for running wine in 64bit";
home = "/home/wine64";
useDefaultShell = true;
extraGroups = [
"audio"
"video"
];
createHome = true;
packages = [
(pkgs.wine.override { wineBuild = "wineWow"; })
];
}; };
}; };
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${mainUser.name} ALL=(wine) NOPASSWD: ALL ${mainUser.name} ALL=(wine) NOPASSWD: ALL
${mainUser.name} ALL=(wine64) NOPASSWD: ALL
''; '';
} }

63
lass/2configs/xresources.nix
View File

@ -1,63 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
xresources = pkgs.writeText "Xresources" ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*SaveLines: 4096
URxvt.font: ${config.lass.fonts.regular}
URxvt.boldFont: ${config.lass.fonts.bold}
URxvt.italicFont: ${config.lass.fonts.italic}
! ref https://github.com/muennich/urxvt-perls
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
${optionalString (hasAttr "browser" config.lass)
"URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select"
}
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
URxvt*background: #000000
URxvt*foreground: #d0d7d0
URxvt*cursorColor: #f042b0
URxvt*cursorColor2: #f0b000
URxvt*cursorBlink: off
URxvt*.pointerBlank: true
URxvt*.pointerBlankDelay: 987654321
URxvt*.pointerColor: #f042b0
URxvt*.pointerColor2: #050505
URxvt*color0: #232342
'';
in {
systemd.services.xresources = {
description = "xresources";
wantedBy = [ "multi-user.target" ];
after = [ "display-manager.service" ];
environment = {
DISPLAY = ":0";
};
restartIfChanged = true;
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
Restart = "on-failure";
User = "lass";
};
};
}

1
lass/3modules/default.nix
View File

@ -11,6 +11,7 @@ _:
./screenlock.nix ./screenlock.nix
./umts.nix ./umts.nix
./usershadow.nix ./usershadow.nix
./xserver
./xresources.nix ./xresources.nix
]; ];
} }

2
lass/3modules/screenlock.nix
View File

@ -23,7 +23,7 @@ let
before = [ "sleep.target" ]; before = [ "sleep.target" ];
wantedBy = [ "sleep.target" ]; wantedBy = [ "sleep.target" ];
environment = { environment = {
DISPLAY = ":0"; DISPLAY = ":${toString config.services.xserver.display}";
}; };
serviceConfig = { serviceConfig = {
SyslogIdentifier = "screenlock"; SyslogIdentifier = "screenlock";

15
lass/3modules/xresources.nix
View File

@ -4,16 +4,13 @@
#prefix with Attribute Name #prefix with Attribute Name
#ex: urxvt #ex: urxvt
#
#
with builtins; with builtins;
with lib; with lib;
let let
inherit (import ../../tv/4lib { inherit pkgs lib; }) shell-escape; inherit (pkgs) writeScript writeText;
inherit (pkgs) writeScript;
in in
@ -46,12 +43,16 @@ in
config = config =
let let
cfg = config.services.xresources; cfg = config.services.xresources;
xres = concatStringsSep "\n" (attrValues cfg.resources); xres = writeText "xresources" (concatStringsSep "\n" (attrValues cfg.resources));
in mkIf cfg.enable { in mkIf cfg.enable {
services.xserver.displayManager.sessionCommands = '' services.xserver.displayManager.sessionCommands = ''
echo ${shell-escape xres} | xrdb -merge ${pkgs.xorg.xrdb}/bin/xrdb -merge ${xres}
''; '';
environment.systemPackages = [
(pkgs.writeDashBin "updateXresources" ''
${pkgs.xorg.xrdb}/bin/xrdb -merge ${xres}
'')
];
}; };
} }

101
lass/3modules/xserver/default.nix Normal file
View File

@ -0,0 +1,101 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
let
out = {
options.lass.xserver = api;
config = mkIf cfg.enable imp;
};
user = config.krebs.build.user;
cfg = config.lass.xserver;
xcfg = config.services.xserver;
api = {
enable = mkEnableOption "lass xserver";
};
imp = {
services.xserver = {
# Don't install feh into systemPackages
# refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
desktopManager.session = mkForce [];
enable = true;
display = 11;
tty = 11;
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString xcfg.display}";
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${xcfg.displayManager.sessionCommands}
wait
'';
XMONAD_DATA_DIR = "/tmp";
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
User = user.name;
WorkingDirectory = user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" xcfg.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString xcfg.display}"
"vt${toString xcfg.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
];
};
};
services.xresources.resources.dpi = ''
${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"}
'';
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
};
in out

40
lass/3modules/xserver/xserver.conf.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

5
lass/5pkgs/default.nix
View File

@ -21,6 +21,9 @@
xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; }; xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; };
yt-next = pkgs.callPackage ./yt-next/default.nix {}; yt-next = pkgs.callPackage ./yt-next/default.nix {};
screengrab = pkgs.writeDashBin "screengrab" "${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -s 1024x768 -i :0.0 -c:v huffyuv $1"; screengrab = pkgs.writeDashBin "screengrab" ''
resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')"
${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :0.0 -s $resolution -c:v huffyuv $1
'';
}; };
} }

41
lass/5pkgs/xmonad-lass.nix
View File

@ -3,6 +3,7 @@ pkgs.writeHaskell "xmonad-lass" {
executables.xmonad = { executables.xmonad = {
extra-depends = [ extra-depends = [
"containers" "containers"
"extra"
"unix" "unix"
"X11" "X11"
"xmonad" "xmonad"
@ -20,17 +21,15 @@ module Main where
import XMonad import XMonad
import qualified XMonad.StackSet as W import qualified XMonad.StackSet as W
import Control.Exception import Control.Monad.Extra (whenJustM)
import Data.List (isInfixOf) import Data.List (isInfixOf)
import System.Environment (getArgs, withArgs) import System.Environment (getArgs, lookupEnv)
import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile) import System.Posix.Process (executeFile)
import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CopyWindow (copy, kill1)
import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
import XMonad.Actions.DynamicWorkspaces (withWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace)
import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch) import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
import XMonad.Actions.UpdatePointer (updatePointer)
import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNext)
import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
@ -48,28 +47,30 @@ import XMonad.Layout.SimpleFloat (simpleFloat)
import XMonad.Stockholm.Shutdown import XMonad.Stockholm.Shutdown
myTerm :: FilePath myTerm :: FilePath
myTerm = "${pkgs.rxvt_unicode}/bin/urxvtc" myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc"
myFont :: String myFont :: String
myFont = "${config.lass.fonts.regular}" myFont = "${config.lass.fonts.regular}"
main :: IO () main :: IO ()
main = getArgs >>= \case main = getArgs >>= \case
["--shutdown"] -> sendShutdownEvent ["--shutdown"] -> sendShutdownEvent
_ -> mainNoArgs _ -> main'
mainNoArgs :: IO () main' :: IO ()
mainNoArgs = do main' = do
xmonad' xmonad
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def $ def
{ terminal = myTerm { terminal = myTerm
, modMask = mod4Mask , modMask = mod4Mask
, layoutHook = smartBorders $ myLayoutHook , layoutHook = smartBorders $ myLayoutHook
, logHook = updatePointer (0.25, 0.25) (0.25, 0.25)
, manageHook = placeHook (smart (1,0)) <+> floatNextHook , manageHook = placeHook (smart (1,0)) <+> floatNextHook
, startupHook =
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
(\path -> forkFile path [] Nothing)
, normalBorderColor = "#1c1c1c" , normalBorderColor = "#1c1c1c"
, focusedBorderColor = "#f000b0" , focusedBorderColor = "#ff0000"
, handleEventHook = handleShutdownEvent , handleEventHook = handleShutdownEvent
, workspaces = [ "dashboard", "sys", "wp" ] , workspaces = [ "dashboard", "sys", "wp" ]
} `additionalKeysP` myKeyMap } `additionalKeysP` myKeyMap
@ -78,22 +79,6 @@ myLayoutHook = defLayout
where where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) ||| simpleFloat defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) ||| simpleFloat
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
xmonad' conf = do
let path = "/tmp/xmonad.state"
try (readFile path) >>= \case
Right content -> do
hPutStrLn stderr ("resuming from " ++ path)
withArgs ("--resume" : lines content) (xmonad conf)
Left e -> do
hPutStrLn stderr (displaySomeException e)
xmonad conf
displaySomeException :: SomeException -> String
displaySomeException = displayException
myKeyMap :: [([Char], X ())] myKeyMap :: [([Char], X ())]
myKeyMap = myKeyMap =
[ ("M4-<F11>", spawn "${config.lass.screenlock.command}") [ ("M4-<F11>", spawn "${config.lass.screenlock.command}")

2
lass/source.nix
View File

@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = { nixpkgs.git = {
url = https://github.com/nixos/nixpkgs; url = https://github.com/nixos/nixpkgs;
ref = "0c5a587"; ref = "f9390d6";
}; };
secrets.file = getAttr builder { secrets.file = getAttr builder {
buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

9
lib/types.nix
View File

@ -92,7 +92,7 @@ rec {
default = null; default = null;
}; };
addrs = mkOption { addrs = mkOption {
type = listOf cidr; type = listOf addr;
default = default =
optional (config.ip4 != null) config.ip4.addr ++ optional (config.ip4 != null) config.ip4.addr ++
optional (config.ip6 != null) config.ip6.addr; optional (config.ip6 != null) config.ip6.addr;
@ -155,6 +155,8 @@ rec {
++ ++
(map (a: "Subnet = ${a}") net.addrs) (map (a: "Subnet = ${a}") net.addrs)
++ ++
(map (a: "Subnet = ${a}") config.subnets)
++
[config.extraConfig] [config.extraConfig]
++ ++
[config.pubkey] [config.pubkey]
@ -173,6 +175,11 @@ rec {
description = "tinc port to use to connect to host"; description = "tinc port to use to connect to host";
default = 655; default = 655;
}; };
subnets = mkOption {
type = listOf cidr;
description = "tinc subnets";
default = [];
};
}; };
})); }));
default = null; default = null;

230
shell.nix
View File

@ -2,239 +2,16 @@ let
lib = import ./lib; lib = import ./lib;
pkgs = import <nixpkgs> { overlays = [(import ./krebs/5pkgs)]; }; pkgs = import <nixpkgs> { overlays = [(import ./krebs/5pkgs)]; };
#
# high level commands
#
cmds.deploy = pkgs.withGetopt {
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
source_file = {
default = /* sh */ "$user/1systems/$system/source.nix";
long = "source";
};
system = {};
target.default = /* sh */ "$system";
user.default = /* sh */ "$LOGNAME";
} (opts: pkgs.writeDash "cmds.deploy" ''
set -efu
. ${init.env}
. ${init.proxy "deploy" opts}
# Use system's nixos-rebuild, which is not self-contained
export PATH=/run/current-system/sw/bin
exec ${utils.with-whatsupnix} \
nixos-rebuild switch \
--show-trace \
-I "$target_path"
'');
cmds.install = pkgs.withGetopt {
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
source_file = {
default = /* sh */ "$user/1systems/$system/source.nix";
long = "source";
};
system = {};
target = {};
user.default = /* sh */ "$LOGNAME";
} (opts: pkgs.writeBash "cmds.install" ''
set -efu
. ${init.env}
if \test "''${using_proxy-}" != true; then
${pkgs.openssh}/bin/ssh \
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
"$target_user@$target_host" -p "$target_port" \
env target_path=$(quote "$target_path") \
sh -s prepare < ${./krebs/4lib/infest/prepare.sh}
# TODO inline prepare.sh?
fi
. ${init.proxy "install" opts}
# Reset PATH because we need access to nixos-install.
# TODO provide nixos-install instead of relying on prepare.sh
export PATH="$OLD_PATH"
# these variables get defined by nix-shell (i.e. nix-build) from
# XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0),
# which only exists on / and not at /mnt.
export NIX_BUILD_TOP=/tmp
export TEMPDIR=/tmp
export TEMP=/tmp
export TMPDIR=/tmp
export TMP=/tmp
export XDG_RUNTIME_DIR=/tmp
export NIXOS_CONFIG="$target_path/nixos-config"
cd
exec nixos-install
'');
cmds.test = pkgs.withGetopt {
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
source_file = {
default = /* sh */ "$user/1systems/$system/source.nix";
long = "source";
};
system = {};
target = {};
user.default = /* sh */ "$LOGNAME";
} (opts: pkgs.writeDash "cmds.test" /* sh */ ''
set -efu
export dummy_secrets=true
. ${init.env}
. ${init.proxy "test" opts}
exec ${utils.build} config.system.build.toplevel
'');
#
# low level commands
#
# usage: get-source SOURCE_FILE
cmds.get-source = pkgs.writeDash "cmds.get-source" ''
set -efu
exec ${pkgs.nix}/bin/nix-instantiate \
--eval \
--json \
--readonly-mode \
--show-trace \
--strict \
"$1"
'';
# usage: parse-target [--default=TARGET] TARGET
# TARGET = [USER@]HOST[:PORT][/PATH]
cmds.parse-target = pkgs.withGetopt {
default_target = {
long = "default";
short = "d";
};
} (opts: pkgs.writeDash "cmds.parse-target" ''
set -efu
target=$1; shift
for arg; do echo "$0: bad argument: $arg" >&2; done
if \test $# != 0; then exit 2; fi
exec ${pkgs.jq}/bin/jq \
-enr \
--arg default_target "$default_target" \
--arg target "$target" \
-f ${pkgs.writeText "cmds.parse-target.jq" ''
def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | {
user: .captures[0].string,
host: .captures[1].string,
port: .captures[2].string,
path: .captures[3].string,
};
def sanitize: with_entries(select(.value != null));
($default_target | parse) + ($target | parse | sanitize) |
. + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) }
''}
'');
init.env = pkgs.writeText "init.env" /* sh */ ''
export quiet
export system
export target
export user
default_target=root@$system:22/var/src
export target_object="$(parse-target "$target" -d "$default_target")"
export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)"
export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)"
export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)"
export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)"
export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)"
'';
init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ ''
if \test "''${using_proxy-}" != true; then
source=$(get-source "$source_file")
qualified_target=$target_user@$target_host:$target_port$target_path
if \test "$force_populate" = true; then
echo "$source" | populate --force "$qualified_target"
else
echo "$source" | populate "$qualified_target"
fi
if \test "$target_local" != true; then
exec ${pkgs.openssh}/bin/ssh \
"$target_user@$target_host" -p "$target_port" \
cd "$target_path/stockholm" \; \
NIX_PATH=$(quote "$target_path") \
STOCKHOLM_VERSION=$(quote "$STOCKHOLM_VERSION") \
nix-shell --run "$(quote "
${lib.concatStringsSep " " (lib.mapAttrsToList
(name: opt: /* sh */ "${opt.varname}=\$(quote ${opt.ref})")
opts
)} \
using_proxy=true \
${lib.shell.escape command} \
$WITHGETOPT_ORIG_ARGS \
")"
fi
fi
'';
utils.build = pkgs.writeDash "utils.build" ''
set -efu
${utils.with-whatsupnix} \
${pkgs.nix}/bin/nix-build \
--no-out-link \
--show-trace \
-E "with import <stockholm>; $1" \
-I "$target_path" \
'';
utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" ''
set -efu
if \test "$quiet" = true; then
"$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix
else
exec "$@"
fi
'';
shell.get-version = pkgs.writeDash "shell.get-version" ''
set -efu
version=git.$(${pkgs.git}/bin/git describe --always --dirty)
case $version in (*-dirty)
version=$version@$HOSTNAME
esac
date=$(${pkgs.coreutils}/bin/date +%y.%m)
echo "$date.$version"
'';
shell.cmdspkg = pkgs.writeOut "shell.cmdspkg" (lib.mapAttrs' (name: link:
lib.nameValuePair "/bin/${name}" { inherit link; }
) cmds);
in pkgs.stdenv.mkDerivation { in pkgs.stdenv.mkDerivation {
name = "stockholm"; name = "stockholm";
shellHook = /* sh */ '' shellHook = /* sh */ ''
export OLD_PATH="$PATH"
export NIX_PATH=stockholm=${toString ./.}:nixpkgs=${toString <nixpkgs>} export NIX_PATH=stockholm=${toString ./.}:nixpkgs=${toString <nixpkgs>}
if test -e /nix/var/nix/daemon-socket/socket; then if test -e /nix/var/nix/daemon-socket/socket; then
export NIX_REMOTE=daemon export NIX_REMOTE=daemon
fi fi
export PATH=${lib.makeBinPath [ export PATH=${lib.makeBinPath [
pkgs.populate pkgs.stockholm
pkgs.quote ]}''${PATH+:$PATH}
shell.cmdspkg
]}
eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)" eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)"
shopt -u no_empty_cmd_completion shopt -u no_empty_cmd_completion
@ -251,9 +28,6 @@ in pkgs.stdenv.mkDerivation {
: :
} }
export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}"
PS1='\[\e[38;5;162m\]\w\[\e[0m\] ' PS1='\[\e[38;5;162m\]\w\[\e[0m\] '
''; '';
} }

6
tv/2configs/backup.nix
View File

@ -22,6 +22,12 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.zu; path = "/bku/nomic-home"; }; dst = { host = config.krebs.hosts.zu; path = "/bku/nomic-home"; };
startAt = "04:20"; startAt = "04:20";
}; };
nomic-pull-querel-home = {
method = "pull";
src = { host = config.krebs.hosts.querel; path = "/home"; };
dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; };
startAt = "00:00";
};
wu-home-xu = { wu-home-xu = {
method = "push"; method = "push";
src = { host = config.krebs.hosts.wu; path = "/home"; }; src = { host = config.krebs.hosts.wu; path = "/home"; };

26
tv/2configs/xserver/default.nix
View File

@ -1,7 +1,12 @@
{ config, pkgs, ... }@args: { config, pkgs, ... }@args:
with import <stockholm/lib>; with import <stockholm/lib>;
let let
user = config.krebs.build.user; cfg = {
cacheDir = cfg.dataDir;
configDir = "/var/empty";
dataDir = "/run/xdg/${cfg.user.name}/xmonad";
user = config.krebs.build.user;
};
in { in {
environment.systemPackages = [ environment.systemPackages = [
@ -25,7 +30,7 @@ in {
group = "wheel"; group = "wheel";
envp = { envp = {
DISPLAY = ":${toString config.services.xserver.display}"; DISPLAY = ":${toString config.services.xserver.display}";
USER = user.name; USER = cfg.user.name;
}; };
}; };
@ -54,6 +59,10 @@ in {
environment = { environment = {
DISPLAY = ":${toString config.services.xserver.display}"; DISPLAY = ":${toString config.services.xserver.display}";
XMONAD_CACHE_DIR = cfg.cacheDir;
XMONAD_CONFIG_DIR = cfg.configDir;
XMONAD_DATA_DIR = cfg.dataDir;
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: & ${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
@ -62,8 +71,6 @@ in {
wait wait
''; '';
XMONAD_STATE = "/tmp/xmonad.state";
# XXX JSON is close enough :) # XXX JSON is close enough :)
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
"Dashboard" # we start here "Dashboard" # we start here
@ -79,10 +86,15 @@ in {
}; };
serviceConfig = { serviceConfig = {
SyslogIdentifier = "xmonad"; SyslogIdentifier = "xmonad";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [
"\${XMONAD_CACHE_DIR}"
"\${XMONAD_CONFIG_DIR}"
"\${XMONAD_DATA_DIR}"
]}";
ExecStart = "${pkgs.xmonad-tv}/bin/xmonad"; ExecStart = "${pkgs.xmonad-tv}/bin/xmonad";
ExecStop = "${pkgs.xmonad-tv}/bin/xmonad --shutdown"; ExecStop = "${pkgs.xmonad-tv}/bin/xmonad --shutdown";
User = user.name; User = cfg.user.name;
WorkingDirectory = user.home; WorkingDirectory = cfg.user.home;
}; };
}; };
@ -125,7 +137,7 @@ in {
Restart = "always"; Restart = "always";
RestartSec = "2s"; RestartSec = "2s";
StartLimitBurst = 0; StartLimitBurst = 0;
User = user.name; User = cfg.user.name;
}; };
}; };
} }

13
tv/5pkgs/simple/xmonad-tv/default.nix
View File

@ -71,7 +71,7 @@ main = getArgs >>= \case
mainNoArgs :: IO () mainNoArgs :: IO ()
mainNoArgs = do mainNoArgs = do
workspaces0 <- getWorkspaces0 workspaces0 <- getWorkspaces0
xmonad' xmonad
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
-- urgencyConfig { remindWhen = Every 1 } -- urgencyConfig { remindWhen = Every 1 }
-- $ withUrgencyHook borderUrgencyHook "magenta" -- $ withUrgencyHook borderUrgencyHook "magenta"
@ -95,17 +95,6 @@ mainNoArgs = do
} }
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
xmonad' conf = do
path <- getEnv "XMONAD_STATE"
try (readFile path) >>= \case
Right content -> do
hPutStrLn stderr ("resuming from " ++ path)
withArgs ("--resume" : lines content) (xmonad conf)
Left e -> do
hPutStrLn stderr (displaySomeException e)
xmonad conf
getWorkspaces0 :: IO [String] getWorkspaces0 :: IO [String]
getWorkspaces0 = getWorkspaces0 =
try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case