Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse Source
This commit is contained in:
lassulus 2018-08-23 11:04:17 +02:00
commit 4d4f319e16
12 changed files with 19 additions and 260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
krebs/3modules/lass/default.nix
View File

@ -301,37 +301,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
};
helios = {
cores = 8;
nets = {
retiolum = {
ip4.addr = "10.243.133.117";
ip6.addr = "42:0:0:0:0:0:3:7105";
aliases = [
"helios.r"
"cgit.helios.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAp+SRmP5MoCSYInx4Dm5MLZzNyXVgfo/CDoeUlUT35X0yE7WHGWsG
wHPCu+3RWfBUjuqNdb0qiGtRi3Q/LwznwBROPOX8gMXia/DgCLbIjn5Rx081pTIo
3epbUCFtNgyDWg8IHF87ZnVBXTYAy5g4tz9u8kw82D8mR18o595TuZ9t5pDc/Kvi
fPHZenT6cd6FtL9uankX/jan1PRP9xTrhpE8dAQ6g+7XH7knMK3cno/Ztis5YzHt
Ith0bsIjk5of7hhITj0MXtTikjDqWxkpF5mfOK1cG/rC1goTmB9AfcENUBnu9iAM
I/alzqk3CEczznLyaOckfx2fRuar912LAdiJ5v7VPztfvN1p3gIxq5M0Rgkq+98B
H/s32xNRBPvqoIleKnhwE9gfrCLaAVqpaMkgKRvgsTkSDNYNhh4smQ3eAKKwwDH/
QG3sfP8xyNyDFhBtCiDGkf9hNqBBMaKjZoh8DasZNtcfOop3fGw7jmUUbB6cG8cp
+EfYbcb5mVpmrIyXgOTwwYcp7tn+zkd4Wa8C9Q98eFTs0HGVGxGX9Hj6PM/kXK4C
aIqIQVNpnJ/9cOwT8JFIriG1MWTOXbamUusKTLs8SRp3ZkyM7XUEcLL5HMh09rUw
rzEAmE7TywXVhd7j2IaEy+bx2dfGQH2bFoh6Drm6Olo+ySi1utB5dGkCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL";
};
littleT = {
cores = 2;
nets = {

8
krebs/5pkgs/haskell/xmonad-stockholm.nix
View File

@ -1,16 +1,16 @@
{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape
{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xft, X11-xshape
, xmonad, xmonad-contrib
}:
mkDerivation rec {
pname = "xmonad-stockholm";
version = "1.1.1";
version = "1.2.0";
src = fetchgit {
url = http://cgit.ni.krebsco.de/xmonad-stockholm;
rev = "refs/tags/v${version}";
sha256 = "05nnfg6q35z3qgf507qa80bz32jl4k719dl5phlmchplp3769585";
sha256 = "13mvmh3kk9a79l1nii028p0n7l95pb78wz9c4j42l90m02mg6cis";
};
libraryHaskellDepends = [
base containers X11 X11-xshape xmonad xmonad-contrib
base containers X11 X11-xft X11-xshape xmonad xmonad-contrib
];
license = stdenv.lib.licenses.mit;
}

61
lass/1systems/helios/config.nix
View File

@ -8,16 +8,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/otp-ssh.nix>
# TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
#<stockholm/lass/2configs/git.nix>
#<stockholm/lass/2configs/dcso-vpn.nix>
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
{
services.xserver.dpi = 200;
fonts.fontconfig.dpi = 200;
@ -25,44 +15,9 @@ with import <stockholm/lib>;
lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola";
lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol";
}
{ #TAPIR, AGATIS, sentral, a3 - foo
services.redis.enable = true;
}
{
krebs.fetchWallpaper = {
enable = true;
url = "http://i.imgur.com/0ktqxSg.png";
maxTime = 9001;
};
}
{
#urban terror port
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 27960"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 27960"; target = "ACCEPT"; }
];
}
];
krebs.build.host = config.krebs.hosts.helios;
krebs.git.rules = [
{
user = [ config.krebs.users.lass-helios ];
repo = [ config.krebs.git.repos.stockholm ];
perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ];
}
{
lass.umts = {
enable = true;
modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09";
initstrings = ''
Init1 = AT+CFUN=1
Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
'';
};
}
];
environment.systemPackages = with pkgs; [
ag
vim
@ -84,22 +39,6 @@ with import <stockholm/lib>;
services.tlp.enable = true;
networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
];
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ];
services.printing.drivers = [ pkgs.postscript-lexmark ];
services.logind.extraConfig = ''

64
lass/1systems/helios/physical.nix
View File

@ -1,64 +0,0 @@
{ pkgs, ... }:
{
imports = [
./config.nix
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = {
device = "/dev/pool/root";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1F60-17C6";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/pool/home";
fsType = "btrfs";
};
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
}
{ # crypto stuff
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
devices = [{
name = "luksroot";
device = "/dev/nvme0n1p3";
}];
};
}
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.wireless.enable = true;
hardware.enableRedistributableFirmware = true;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0"
'';
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.xrandrHeads = [
{ output = "DP-2"; primary = true; }
{ output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
{ output = "DP-0"; }
];
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
'';
}

4
lass/1systems/helios/source.nix
View File

@ -1,4 +0,0 @@
import <stockholm/lass/source.nix> {
name = "helios";
secure = true;
}

1
lass/1systems/mors/config.nix
View File

@ -33,6 +33,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/dunst.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/print.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain

1
lass/1systems/prism/config.nix
View File

@ -175,7 +175,6 @@ with import <stockholm/lib>;
alias /var/realwallpaper/realwallpaper.png;
'';
}
<stockholm/lass/2configs/dcso-dev.nix>
{
users.users.jeschli = {
uid = genid "jeschli";

18
lass/2configs/baseX.nix
View File

@ -8,7 +8,6 @@ in {
./mpv.nix
./power-action.nix
./copyq.nix
./livestream.nix
./urxvt.nix
./network-manager.nix
{
@ -58,30 +57,18 @@ in {
programs.ssh.startAgent = true;
services.openssh.forwardX11 = true;
services.printing = {
enable = true;
drivers = [
pkgs.foomatic_filters
pkgs.gutenprint
];
};
environment.systemPackages = with pkgs; [
acpi
ag
bank
cabal2nix
cholerab
dic
dmenu
font-size
gi
gitAndTools.qgit
git-preview
gnome3.dconf
lm_sensors
mpv-poll
much
ncdu
nix-index
nix-repl
@ -90,18 +77,14 @@ in {
powertop
push
rxvt_unicode_with-plugins
slock
sxiv
taskwarrior
termite
timewarrior
xclip
xephyrify
xorg.xbacklight
xorg.xhost
xsel
youtube-tools
yt-next
zathura
];
@ -112,7 +95,6 @@ in {
xlibs.fontschumachermisc
];
#lass.xserver.enable = true;
services.xserver = {
enable = true;
layout = "us";

73
lass/2configs/dcso-dev.nix
View File

@ -1,73 +0,0 @@
{ config, lib, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
inherit (import <stockholm/lib>) genid;
in {
users.extraUsers = {
dev = {
name = "dev";
uid = genid "dev";
extraGroups = [ "vboxusers" ];
description = "user for collaborative development";
home = "/home/dev";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-android.pubkey
config.krebs.users.lass-mors.pubkey
config.krebs.users.jeschli-bln.pubkey
config.krebs.users.jeschli-brauerei.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB"
];
packages = with pkgs; [
emacs25-nox
(pkgs.symlinkJoin {
name = "tmux";
paths = [
(pkgs.writeDashBin "tmux" ''
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g default-terminal screen-256color
#use session instead of windows
bind-key c new-session
bind-key p switch-client -p
bind-key n switch-client -n
bind-key C-s switch-client -l
''} "$@"
'')
pkgs.tmux
];
})
];
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT";}
{ predicate = "-p tcp --dport 9000"; target = "ACCEPT";}
];
krebs.iptables.tables.filter.OUTPUT.rules = [
{ predicate = "-p tcp --dport 21"; target = "REJECT";}
];
krebs.per-user.dev.packages = [
pkgs.go
];
environment.variables.GOPATH = "$HOME/go";
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';
networking.interfaces.et0.ipv4.addresses = [
{ address = "10.99.23.1"; prefixLength = 24; }
];
services.rabbitmq.enable = true;
services.postgresql.enable = true;
}

10
lass/2configs/print.nix Normal file
View File

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
services.printing = {
enable = true;
drivers = [
pkgs.foomatic_filters
pkgs.gutenprint
];
};
}

6
lass/2configs/urxvt.nix
View File

@ -19,9 +19,9 @@ with import <stockholm/lib>;
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.keysym.M-F1: command:\033]710;-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1\007\033]711;-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1\007
URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=15\007\033]711;xft:Monospace:size=15:bold\007
URxvt.keysym.M-F3: command:\033]710;xft:Monospace:size=20\007\033]711;xft:Monospace:size=20:bold\007
URxvt.keysym.M-F1: command:\033]710;${config.lass.fonts.regular}\007\033]711;${config.lass.fonts.bold}\007
URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=12\007\033]711;xft:Monospace:size=15:bold\007
URxvt.keysym.M-F3: command:\033]710;xft:Monospace:size=18\007\033]711;xft:Monospace:size=20:bold\007
URxvt.keysym.M-F4: command:\033]710;xft:Monospace:size=25\007\033]711;xft:Monospace:size=25:bold\007
URxvt.keysym.M-F5: command:\033]710;xft:Monospace:size=30\007\033]711;xft:Monospace:size=30:bold\007

2
lass/5pkgs/custom/xmonad-lass/default.nix
View File

@ -64,7 +64,7 @@ myTerm :: FilePath
myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc"
myFont :: String
myFont = "${config.lass.fonts.regular}"
myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"
main :: IO ()
main = getArgs >>= \case