Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
5a2cdca774
@ -270,8 +270,8 @@ with config.krebs.lib;
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
|
||||
#ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
#ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
|
||||
};
|
||||
wbob = rec {
|
||||
cores = 1;
|
||||
@ -409,6 +409,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
ip6.addr = "42:9898:a8be:ce56:0ee3:b99c:42c5:109e";
|
||||
aliases = [
|
||||
"heidi.r"
|
||||
"heidi.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
@ -424,6 +425,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
soundflower = rec {
|
||||
cores = 1;
|
||||
nets = {
|
||||
@ -594,7 +596,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
} // { # hosts only maintained in stockholm, not owned by me
|
||||
tpsw = {
|
||||
cores = 2;
|
||||
owner = config.krebs.users.ciko; # main laptop
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.183.236";
|
||||
ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c";
|
||||
aliases = [ "tpsw.r" "tpsw.retiolum" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
|
||||
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
|
||||
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
|
||||
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
|
||||
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
|
||||
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
users = rec {
|
||||
makefu = {
|
||||
@ -615,6 +638,9 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
inherit (makefu) mail pgp;
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
|
||||
};
|
||||
ciko = {
|
||||
mail = "wieczorek.stefan@googlemail.com";
|
||||
};
|
||||
exco = {
|
||||
mail = "dickbutt@excogitation.de";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de";
|
||||
|
@ -26,6 +26,7 @@
|
||||
# services
|
||||
../2configs/git/brain-retiolum.nix
|
||||
../2configs/tor.nix
|
||||
../2configs/steam.nix
|
||||
# ../2configs/buildbot-standalone.nix
|
||||
|
||||
# hardware specifics are in here
|
||||
@ -35,23 +36,36 @@
|
||||
# ../2configs/mediawiki.nix
|
||||
#../2configs/wordpress.nix
|
||||
../2configs/nginx/public_html.nix
|
||||
|
||||
# temporary modules
|
||||
# ../2configs/temp/share-samba.nix
|
||||
# ../2configs/temp/elkstack.nix
|
||||
# ../2configs/temp/sabnzbd.nix
|
||||
];
|
||||
|
||||
krebs.nginx = {
|
||||
default404 = false;
|
||||
servers.default.listen = [ "80 default_server" ];
|
||||
servers.default.server-names = [ "_" ];
|
||||
};
|
||||
krebs.retiolum.enable = true;
|
||||
# steam
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
hardware.pulseaudio.support32Bit = true;
|
||||
|
||||
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ];
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
# configure pulseAudio to provide a HDMI sink as well
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
25
|
||||
80
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
networking.firewall.allowedUDPPorts = [ 665 ];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.pornocauster;
|
||||
|
||||
krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
|
||||
krebs.retiolum = {
|
||||
enable = true;
|
||||
connectTo = [ "omo" "gum" "prism" ];
|
||||
};
|
||||
networking.extraHosts = ''
|
||||
192.168.1.11 omo.local
|
||||
'';
|
||||
}
|
||||
|
@ -22,7 +22,7 @@ with config.krebs.lib;
|
||||
source = mapAttrs (_: mkDefault) {
|
||||
nixpkgs = {
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
rev = "40c586b7ce2c559374df435f46d673baf711c543"; # unstable @ 2016-02-27, tested on wry
|
||||
rev = "63b9785"; # stable @ 2016-06-01
|
||||
};
|
||||
secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/";
|
||||
stockholm = "/home/makefu/stockholm";
|
||||
@ -75,7 +75,7 @@ with config.krebs.lib;
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /tmp 1777 root root - -"
|
||||
];
|
||||
|
||||
nix.nixPath = [ "/var/src" ];
|
||||
environment.variables = {
|
||||
NIX_PATH = mkForce "/var/src";
|
||||
EDITOR = mkForce "vim";
|
||||
@ -126,6 +126,7 @@ with config.krebs.lib;
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
nano = pkgs.runCommand "empty" {} "mkdir -p $out";
|
||||
tinc = pkgs.tinc_pre;
|
||||
gnupg1compat = super.gnupg1compat.override { gnupg = self.gnupg21; };
|
||||
};
|
||||
|
||||
services.cron.enable = false;
|
||||
|
@ -2,9 +2,10 @@
|
||||
|
||||
with config.krebs.lib;
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 25 ];
|
||||
|
||||
krebs.exim-retiolum.enable = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
msmtp
|
||||
];
|
||||
|
||||
}
|
||||
|
@ -15,6 +15,9 @@ let
|
||||
tinc_graphs = {
|
||||
desc = "Tinc Advanced Graph Generation";
|
||||
};
|
||||
stockholm-init = {
|
||||
desc = "Build new Stockholm hosts";
|
||||
};
|
||||
cac-api = { };
|
||||
init-stockholm = {
|
||||
desc = "Init stuff for stockholm";
|
||||
|
@ -69,15 +69,15 @@ in {
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
usenet-rw = {
|
||||
path = "/media/crypt0/usenet";
|
||||
crypt0-rw = {
|
||||
path = "/media/crypt0/";
|
||||
"read only" = "no";
|
||||
browseable = "yes";
|
||||
"guest ok" = "no";
|
||||
"valid users" = "makefu";
|
||||
};
|
||||
emu-rw = {
|
||||
path = "/media/crypt1/emu";
|
||||
crypt1-rw = {
|
||||
path = "/media/crypt1/";
|
||||
"read only" = "no";
|
||||
browseable = "yes";
|
||||
"guest ok" = "no";
|
||||
|
6
makefu/2configs/steam.nix
Normal file
6
makefu/2configs/steam.nix
Normal file
@ -0,0 +1,6 @@
|
||||
{pkgs, ...}:
|
||||
{
|
||||
environment.systemPackages = [ pkgs.steam ];
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
hardware.pulseaudio.support32Bit = true;
|
||||
}
|
28
makefu/2configs/temp-share-samba.nix
Normal file
28
makefu/2configs/temp-share-samba.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{config, ... }:{
|
||||
users.users.smbguest = {
|
||||
name = "smbguest";
|
||||
uid = config.ids.uids.smbguest;
|
||||
description = "smb guest user";
|
||||
home = "/var/empty";
|
||||
};
|
||||
services.samba = {
|
||||
enable = true;
|
||||
shares = {
|
||||
share-home = {
|
||||
path = "/home/share/";
|
||||
"read only" = "no";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
guest account = smbguest
|
||||
map to guest = bad user
|
||||
# disable printing
|
||||
load printers = no
|
||||
printing = bsd
|
||||
printcap name = /dev/null
|
||||
disable spoolss = yes
|
||||
'';
|
||||
};
|
||||
}
|
@ -13,6 +13,7 @@ in
|
||||
nodemcu-uploader = callPackage ./nodemcu-uploader {};
|
||||
tw-upload-plugin = callPackage ./tw-upload-plugin {};
|
||||
inherit (callPackage ./devpi {}) devpi-web devpi-server;
|
||||
skytraq-logger = callPackage ./skytraq-logger/ {};
|
||||
taskserver = callPackage ./taskserver {};
|
||||
};
|
||||
}
|
||||
|
31
makefu/5pkgs/skytraq-logger/default.nix
Normal file
31
makefu/5pkgs/skytraq-logger/default.nix
Normal file
@ -0,0 +1,31 @@
|
||||
{ stdenv, lib, pkgs, fetchFromGitHub, ... }:
|
||||
stdenv.mkDerivation rec {
|
||||
name = "skytraq-datalogger-${version}";
|
||||
version = "4966a8";
|
||||
src = fetchFromGitHub {
|
||||
owner = "makefu";
|
||||
repo = "skytraq-datalogger";
|
||||
rev = version ;
|
||||
sha256 = "1qaszrs7638kc9x4qq4m1yxqmk8jw7wajywvdk4wc2i007p89v3y";
|
||||
};
|
||||
buildFlags = "CC=gcc";
|
||||
makeFlags = "PREFIX=bin/ DESTDIR=$(out)";
|
||||
|
||||
preInstall = ''
|
||||
mkdir -p $out/bin
|
||||
'';
|
||||
#patchPhase = ''
|
||||
# sed -i -e 's#/usr/bin/gcc#gcc#' -e Makefile
|
||||
#'';
|
||||
|
||||
buildInputs = with pkgs;[
|
||||
curl
|
||||
gnugrep
|
||||
];
|
||||
|
||||
meta = {
|
||||
homepage = http://github.com/makefu/skytraq-datalogger;
|
||||
description = "datalogger for skytraq";
|
||||
license = lib.licenses.gpl2;
|
||||
};
|
||||
}
|
1
makefu/5pkgs/skytraq-logger/result
Symbolic link
1
makefu/5pkgs/skytraq-logger/result
Symbolic link
@ -0,0 +1 @@
|
||||
/nix/store/xpwdwpw2nkgi16yhpxin2kivaz7z588h-skytraq-datalogger-4966a8
|
@ -1,135 +1,126 @@
|
||||
{ config, lib, pkgs, ... }@args:
|
||||
|
||||
{ config, pkgs, ... }@args:
|
||||
with config.krebs.lib;
|
||||
|
||||
let
|
||||
# TODO krebs.build.user
|
||||
user = config.users.users.tv;
|
||||
in {
|
||||
|
||||
out = {
|
||||
services.xserver.display = 11;
|
||||
services.xserver.tty = 11;
|
||||
environment.systemPackages = [
|
||||
pkgs.ff
|
||||
pkgs.gitAndTools.qgit
|
||||
pkgs.mpv
|
||||
pkgs.sxiv
|
||||
pkgs.xsel
|
||||
pkgs.zathura
|
||||
];
|
||||
|
||||
services.xserver.synaptics = {
|
||||
fonts.fonts = [
|
||||
pkgs.xlibs.fontschumachermisc
|
||||
];
|
||||
|
||||
# TODO dedicated group, i.e. with a single user [per-user-setuid]
|
||||
# TODO krebs.setuid.slock.path vs /var/setuid-wrappers
|
||||
krebs.setuid.slock = {
|
||||
filename = "${pkgs.slock}/bin/slock";
|
||||
group = "wheel";
|
||||
envp = {
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
USER = user.name;
|
||||
};
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
display = 11;
|
||||
tty = 11;
|
||||
|
||||
synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
accelFactor = "0.035";
|
||||
};
|
||||
};
|
||||
|
||||
fonts.fonts = [
|
||||
pkgs.xlibs.fontschumachermisc
|
||||
systemd.services.display-manager.enable = false;
|
||||
|
||||
systemd.services.xmonad = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "xserver.service" ];
|
||||
environment = {
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
|
||||
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
|
||||
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
|
||||
${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
|
||||
${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} &
|
||||
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
|
||||
wait
|
||||
'';
|
||||
|
||||
XMONAD_STATE = "/tmp/xmonad.state";
|
||||
|
||||
# XXX JSON is close enough :)
|
||||
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
|
||||
"Dashboard" # we start here
|
||||
"23"
|
||||
"cr"
|
||||
"ff"
|
||||
"hack"
|
||||
"im"
|
||||
"mail"
|
||||
"stockholm"
|
||||
"za" "zh" "zj" "zs"
|
||||
]);
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "xmonad";
|
||||
ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-tv";
|
||||
ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-tv --shutdown";
|
||||
User = user.name;
|
||||
WorkingDirectory = user.home;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.xserver = {
|
||||
after = [
|
||||
"systemd-udev-settle.service"
|
||||
"local-fs.target"
|
||||
"acpid.service"
|
||||
];
|
||||
|
||||
systemd.services.urxvtd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
reloadIfChanged = true;
|
||||
serviceConfig = {
|
||||
ExecReload = need-reload "urxvtd.service";
|
||||
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
|
||||
Restart = "always";
|
||||
RestartSec = "2s";
|
||||
StartLimitBurst = 0;
|
||||
User = user.name;
|
||||
};
|
||||
reloadIfChanged = true;
|
||||
environment = {
|
||||
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
|
||||
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
|
||||
LD_LIBRARY_PATH = concatStringsSep ":" (
|
||||
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
|
||||
++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.ff
|
||||
pkgs.gitAndTools.qgit
|
||||
pkgs.mpv
|
||||
pkgs.sxiv
|
||||
pkgs.xsel
|
||||
pkgs.zathura
|
||||
];
|
||||
|
||||
# TODO dedicated group, i.e. with a single user
|
||||
# TODO krebs.setuid.slock.path vs /var/setuid-wrappers
|
||||
krebs.setuid.slock = {
|
||||
filename = "${pkgs.slock}/bin/slock";
|
||||
group = "wheel";
|
||||
envp = {
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
USER = user.name;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.display-manager.enable = false;
|
||||
|
||||
services.xserver.enable = true;
|
||||
|
||||
systemd.services.xmonad = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "xserver.service" ];
|
||||
environment = xmonad-environment;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-tv";
|
||||
ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-tv --shutdown";
|
||||
User = user.name;
|
||||
WorkingDirectory = user.home;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.xserver = {
|
||||
after = [
|
||||
"systemd-udev-settle.service"
|
||||
"local-fs.target"
|
||||
"acpid.service"
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "xserver";
|
||||
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
|
||||
ExecStart = toString [
|
||||
"${pkgs.xorg.xorgserver}/bin/X"
|
||||
":${toString config.services.xserver.display}"
|
||||
"vt${toString config.services.xserver.tty}"
|
||||
"-config ${import ./xserver.conf.nix args}"
|
||||
"-logfile /dev/null -logverbose 0 -verbose 3"
|
||||
"-nolisten tcp"
|
||||
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
|
||||
];
|
||||
reloadIfChanged = true;
|
||||
environment = xserver-environment;
|
||||
serviceConfig = {
|
||||
ExecReload = need-reload "xserver.service";
|
||||
ExecStart = toString [
|
||||
"${pkgs.xorg.xorgserver}/bin/X"
|
||||
":${toString config.services.xserver.display}"
|
||||
"vt${toString config.services.xserver.tty}"
|
||||
"-config ${import ./xserver.conf.nix args}"
|
||||
"-logfile /var/log/X.${toString config.services.xserver.display}.log"
|
||||
"-nolisten tcp"
|
||||
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
xmonad-environment = {
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
|
||||
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
|
||||
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
|
||||
${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
|
||||
${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} &
|
||||
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
|
||||
wait
|
||||
'';
|
||||
|
||||
XMONAD_STATE = "/tmp/xmonad.state";
|
||||
|
||||
# XXX JSON is close enough :)
|
||||
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
|
||||
"Dashboard" # we start here
|
||||
"23"
|
||||
"cr"
|
||||
"ff"
|
||||
"hack"
|
||||
"im"
|
||||
"mail"
|
||||
"stockholm"
|
||||
"za" "zh" "zj" "zs"
|
||||
]);
|
||||
systemd.services.urxvtd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
reloadIfChanged = true;
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "urxvtd";
|
||||
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
|
||||
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
|
||||
Restart = "always";
|
||||
RestartSec = "2s";
|
||||
StartLimitBurst = 0;
|
||||
User = user.name;
|
||||
};
|
||||
};
|
||||
|
||||
xserver-environment = {
|
||||
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
|
||||
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
|
||||
LD_LIBRARY_PATH = concatStringsSep ":" (
|
||||
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
|
||||
++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
|
||||
};
|
||||
|
||||
need-reload = s: toString [
|
||||
"${pkgs.writeDashBin "need-reload" ''echo "$*"''}/bin/need-reload"
|
||||
(shell.escape s)
|
||||
];
|
||||
|
||||
in out
|
||||
}
|
||||
|
@ -1,8 +1,12 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeScriptBin "ff" ''
|
||||
#! ${pkgs.bash}/bin/bash
|
||||
exec sudo -u ff -i <<EOF
|
||||
# TODO use krebs.setuid
|
||||
# This requires that we can create setuid executables that can only be accessed
|
||||
# by a single user. [per-user-setuid]
|
||||
|
||||
# using bash for %q
|
||||
pkgs.writeBashBin "ff" ''
|
||||
exec /var/setuid-wrappers/sudo -u ff -i <<EOF
|
||||
exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
|
||||
EOF
|
||||
''
|
||||
|
Loading…
Reference in New Issue
Block a user