Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse Source
This commit is contained in:
makefu 2019-01-03 22:55:53 +01:00
commit 4715e28304
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
21 changed files with 135 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ci.nix
View File

@ -16,6 +16,6 @@ let
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts; ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
build = host: owner: build = host: owner:
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";}); ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";});
in mapAttrs (n: h: build n h.owner.name) ci-systems in mapAttrs (n: h: build n h.owner.name) ci-systems

42
krebs/3modules/external/default.nix vendored
View File

@ -8,6 +8,9 @@ with import <stockholm/lib>;
} // optionalAttrs (host.nets?retiolum) { } // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr = nets.retiolum.ip6.addr =
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill.ip6.addr =
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
}); });
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub"); tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
@ -341,6 +344,41 @@ in {
}; };
}; };
}; };
matchbox = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.172";
aliases = [ "matchbox.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m
VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w
nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u
TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE
TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1
yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO
4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4
Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/
bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4
nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
miaoski = {
owner = config.krebs.users.miaoski;
nets = {
wiregrill = {
aliases = [ "miaoski.w" ];
wireguard = {
pubkey = "8haz9JX5nAMORzNy89VdHC1Z9XA94ogaZsY3d2Rfkl4=";
};
};
};
};
}; };
users = { users = {
ciko = { ciko = {
@ -351,6 +389,8 @@ in {
pubkey = ssh-for "exco"; pubkey = ssh-for "exco";
}; };
kmein = { kmein = {
mail = "kieran.meinhardt@gmail.com";
pubkey = ssh-for "kmein";
}; };
Mic92 = { Mic92 = {
mail = "joerg@higgsboson.tk"; mail = "joerg@higgsboson.tk";
@ -371,6 +411,8 @@ in {
mail = "shackspace.de@myvdr.de"; mail = "shackspace.de@myvdr.de";
pubkey = ssh-for "ulrich"; pubkey = ssh-for "ulrich";
}; };
miaoski = {
};
}; };
} }

1
krebs/3modules/external/ssh/kmein.pub vendored Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com

13
krebs/3modules/lass/default.nix
View File

@ -91,7 +91,6 @@ in {
}; };
wiregrill = { wiregrill = {
via = internet; via = internet;
ip4.addr = "10.244.1.1";
ip6.addr = w6 "1"; ip6.addr = w6 "1";
aliases = [ aliases = [
"prism.w" "prism.w"
@ -99,7 +98,6 @@ in {
wireguard = { wireguard = {
pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
subnets = [ subnets = [
"10.244.1.0/24"
(krebs.genipv6 "wiregrill" "external" 0).subnetCIDR (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
(krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
]; ];
@ -278,7 +276,7 @@ in {
nets = rec { nets = rec {
retiolum = { retiolum = {
ip4.addr = "10.243.133.115"; ip4.addr = "10.243.133.115";
ip6.addr = r6 "dead"; ip6.addr = r6 "daed";
aliases = [ aliases = [
"daedalus.r" "daedalus.r"
"cgit.daedalus.r" "cgit.daedalus.r"
@ -294,8 +292,14 @@ in {
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
wiregrill = {
ip6.addr = w6 "daed";
aliases = [
"daedalus.w"
];
wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI=";
};
}; };
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g";
}; };
@ -474,7 +478,6 @@ in {
phone = { phone = {
nets = { nets = {
wiregrill = { wiregrill = {
ip4.addr = "10.244.1.2";
ip6.addr = w6 "a"; ip6.addr = w6 "a";
aliases = [ aliases = [
"phone.w" "phone.w"

14
krebs/krops.nix
View File

@ -9,15 +9,15 @@
krebs-source = { test ? false }: rec { krebs-source = { test ? false }: rec {
nixpkgs = if test then { nixpkgs = if test then {
file = { derivation = ''
path = toString (pkgs.fetchFromGitHub { with import <nixpkgs> {};
pkgs.fetchFromGitHub {
owner = "nixos"; owner = "nixos";
repo = "nixpkgs"; repo = "nixpkgs";
rev = (lib.importJSON ./nixpkgs.json).rev; rev = "${(lib.importJSON ./nixpkgs.json).rev}";
sha256 = (lib.importJSON ./nixpkgs.json).sha256; sha256 = "${(lib.importJSON ./nixpkgs.json).sha256}";
}); }
useChecksum = true; '';
};
} else { } else {
git = { git = {
ref = (lib.importJSON ./nixpkgs.json).rev; ref = (lib.importJSON ./nixpkgs.json).rev;

6
krebs/nixpkgs.json
View File

@ -1,7 +1,7 @@
{ {
"url": "https://github.com/NixOS/nixpkgs-channels", "url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c", "rev": "0396345b79436f54920f7eb651ab42acf2eb7973",
"date": "2018-11-24T00:40:22-05:00", "date": "2018-12-30T21:22:33-05:00",
"sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq", "sha256": "10wd0wsair6dlilgaviqw2p9spgcf8qg736bzs08jha0f4zfqjs4",
"fetchSubmodules": false "fetchSubmodules": false
} }

15
lass/1systems/blue/source.nix
View File

@ -1,11 +1,14 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
{ {
nixpkgs = lib.mkForce { nixpkgs = lib.mkForce {
file = toString (pkgs.fetchFromGitHub { derivation = ''
owner = "nixos"; with import <nixpkgs> {};
repo = "nixpkgs"; pkgs.fetchFromGitHub {
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; owner = "nixos";
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; repo = "nixpkgs";
}); rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}";
sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}";
}
'';
}; };
} }

4
lass/1systems/daedalus/config.nix
View File

@ -6,9 +6,8 @@ with import <stockholm/lib>;
<stockholm/lass> <stockholm/lass>
<stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/nfs-dl.nix>
{ {
# bubsy config # bubsy config
users.users.bubsy = { users.users.bubsy = {
@ -72,6 +71,7 @@ with import <stockholm/lib>;
#remote control #remote control
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
x11vnc x11vnc
torbrowser
]; ];
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }

2
lass/1systems/mors/config.nix
View File

@ -35,6 +35,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/print.nix> <stockholm/lass/2configs/print.nix>
<stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix> <stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
{ {
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain #risk of rain
@ -147,6 +148,7 @@ with import <stockholm/lib>;
OnCalendar = "00:37"; OnCalendar = "00:37";
}; };
nixpkgs.config.android_sdk.accept_license = true;
programs.adb.enable = true; programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;

31
lass/1systems/prism/config.nix
View File

@ -82,6 +82,13 @@ with import <stockholm/lib>;
]; ];
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
}; };
users.users.kmein = {
uid = genid_uint31 "kmein";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.kmein.pubkey
];
};
} }
{ {
#hotdog #hotdog
@ -309,7 +316,7 @@ with import <stockholm/lib>;
{ precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; } { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
]; ];
krebs.iptables.tables.nat.POSTROUTING.rules = [ krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; } { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; }
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
]; ];
services.dnsmasq = { services.dnsmasq = {
@ -390,6 +397,28 @@ with import <stockholm/lib>;
ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
chown download: /var/download/finished chown download: /var/download/finished
''; '';
fileSystems."/export/download" = {
device = "/var/lib/containers/yellow/var/download";
options = [ "bind" ];
};
services.nfs.server = {
enable = true;
exports = ''
/export 42::/16(insecure,ro,crossmnt)
'';
lockdPort = 4001;
mountdPort = 4002;
statdPort = 4000;
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
];
} }
]; ];

1
lass/2configs/baseX.nix
View File

@ -79,7 +79,6 @@ in {
taskwarrior taskwarrior
termite termite
xclip xclip
xephyrify
xorg.xbacklight xorg.xbacklight
xorg.xhost xorg.xhost
xsel xsel

1
lass/2configs/exim-smarthost.nix
View File

@ -95,6 +95,7 @@ with import <stockholm/lib>;
{ from = "lesswrong@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; }
{ from = "nordvpn@lassul.us"; to = lass.mail; } { from = "nordvpn@lassul.us"; to = lass.mail; }
{ from = "csv-direct@lassul.us"; to = lass.mail; } { from = "csv-direct@lassul.us"; to = lass.mail; }
{ from = "nintendo@lassul.us"; to = lass.mail; }
]; ];
system-aliases = [ system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; } { from = "mailer-daemon"; to = "postmaster"; }

7
lass/2configs/nfs-dl.nix Normal file
View File

@ -0,0 +1,7 @@
{
fileSystems."/mnt/prism" = {
device = "prism.w:/export";
fsType = "nfs";
};
}

3
lass/2configs/websites/lassulus.nix
View File

@ -63,6 +63,9 @@ in {
locations."= /retiolum.hosts".extraConfig = '' locations."= /retiolum.hosts".extraConfig = ''
alias ${pkgs.retiolum-hosts}; alias ${pkgs.retiolum-hosts};
''; '';
locations."= /wireguard-key".extraConfig = ''
alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
'';
locations."/tinc".extraConfig = '' locations."/tinc".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external; alias ${config.krebs.tinc_graphs.workingDir}/external;
''; '';

4
lass/2configs/websites/sqlBackup.nix
View File

@ -20,9 +20,7 @@
lass.mysqlBackup = { lass.mysqlBackup = {
enable = true; enable = true;
config.all = { config.all = {};
password = toString (<secrets/mysql_rootPassword>);
};
}; };
} }

1
lass/3modules/default.nix
View File

@ -14,6 +14,5 @@ _:
./umts.nix ./umts.nix
./usershadow.nix ./usershadow.nix
./xjail.nix ./xjail.nix
./xserver
]; ];
} }

16
lass/3modules/mysql-backup.nix
View File

@ -41,7 +41,7 @@ let
}; };
location = mkOption { location = mkOption {
type = str; type = str;
default = "/bku/sql_dumps"; default = "/backups/sql_dumps";
}; };
}; };
})); }));
@ -51,11 +51,9 @@ let
imp = { imp = {
#systemd.timers = services.mysql.ensureUsers = [
# mapAttrs (_: plan: { { ensurePermissions = { "*.*" = "ALL"; }; name = "root"; }
# wantedBy = [ "timers.target" ]; ];
# timerConfig = plan.timerConfig;
#}) cfg.config;
systemd.services = systemd.services =
mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" { mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
@ -75,8 +73,10 @@ let
start = plan: let start = plan: let
backupScript = plan: db: backupScript = plan: db: ''
"mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz"; mkdir -p ${plan.location}
mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz
'';
in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" '' in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
${concatMapStringsSep "\n" (backupScript plan) plan.databases} ${concatMapStringsSep "\n" (backupScript plan) plan.databases}

103
lass/3modules/xserver/default.nix
View File

@ -1,103 +0,0 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
let
out = {
options.lass.xserver = api;
config = mkIf cfg.enable imp;
};
user = config.krebs.build.user;
cfg = config.lass.xserver;
xcfg = config.services.xserver;
api = {
enable = mkEnableOption "lass xserver";
};
imp = {
services.xserver = {
enable = true;
display = 11;
tty = 11;
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString xcfg.display}";
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${xcfg.displayManager.sessionCommands}
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
fi
export DBUS_SESSION_BUS_ADDRESS
${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
wait
'';
XMONAD_DATA_DIR = "/tmp";
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
User = user.name;
WorkingDirectory = user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" xcfg.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString xcfg.display}"
"vt${toString xcfg.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
];
User = user.name;
};
};
krebs.xresources.resources.dpi = ''
${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"}
'';
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
};
in out

40
lass/3modules/xserver/xserver.conf.nix
View File

@ -1,40 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

7
lass/5pkgs/custom/xmonad-lass/default.nix
View File

@ -11,10 +11,7 @@ pkgs.writeHaskellPackage "xmonad-lass" {
"xmonad-stockholm" "xmonad-stockholm"
]; ];
text = /* haskell */ '' text = /* haskell */ ''
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
{-# LANGUAGE LambdaCase #-} {-# LANGUAGE LambdaCase #-}
{-# LANGUAGE ScopedTypeVariables #-}
module Main where module Main where
@ -28,7 +25,7 @@ import System.Environment (getArgs, lookupEnv)
import System.Exit (exitFailure) import System.Exit (exitFailure)
import System.IO (hPutStrLn, stderr) import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile) import System.Posix.Process (executeFile)
import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CopyWindow (copy, copyToAll, kill1)
import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
import XMonad.Actions.DynamicWorkspaces (withWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace)
@ -149,6 +146,8 @@ myKeyMap =
, ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
, ("M4-<F2>", windows copyToAll)
, ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" '' , ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" ''
export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"

14
makefu/krops.nix
View File

@ -27,15 +27,15 @@
# TODO: we want to track the unstable channel # TODO: we want to track the unstable channel
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
} else { } else {
file = { derivation = ''
path = toString (pkgs.fetchFromGitHub { with import <nixpkgs> {};
pkgs.fetchFromGitHub {
owner = "makefu"; owner = "makefu";
repo = "nixpkgs"; repo = "nixpkgs";
rev = nixpkgs-src.rev; rev = "${nixpkgs-src.rev}";
sha256 = nixpkgs-src.sha256; sha256 = "${nixpkgs-src.sha256}";
}); }
useChecksum = true; '';
};
}; };
nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix"; nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";