From 32b2aff200edf3e73f6a2c9e3d6548e4985ecd9f Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 28 Dec 2018 14:49:44 +0100 Subject: [PATCH 01/14] tv gitrepos: with-ssh --- tv/2configs/gitrepos.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index a89d1302c..9409246e2 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -71,6 +71,7 @@ let { stockholm = { cgit.desc = "NixOS configuration"; }; + with-ssh = {}; } // mapAttrs (_: recursiveUpdate { cgit.section = "2. Host configurations"; }) { ni = { }; From 9a5415b662e9aad91eb518bfb2aa3feffc5e7cd5 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 29 Dec 2018 12:18:14 +0100 Subject: [PATCH 02/14] tv nixpkgs-overlays: RIP --- tv/1systems/xu/config.nix | 5 ----- tv/2configs/default.nix | 1 - tv/3modules/default.nix | 1 - tv/3modules/nixpkgs-overlays.nix | 23 ----------------------- 4 files changed, 30 deletions(-) delete mode 100644 tv/3modules/nixpkgs-overlays.nix diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index b9c76cf49..c47608aa9 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -156,10 +156,5 @@ with import ; # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; - tv.nixpkgs-overlays = { - krebs = "/home/tv/stockholm/krebs/5pkgs"; - tv = "/home/tv/stockholm/tv/5pkgs"; - }; - virtualisation.virtualbox.host.enable = true; } diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 484a337b7..e18ba31b0 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -92,7 +92,6 @@ with import ; environment.variables = { NIX_PATH = mkForce (concatStringsSep ":" [ "secrets=/var/src/stockholm/null" - "nixpkgs-overlays=${config.tv.nixpkgs-overlays}" "/var/src" ]); }; diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index f53a58e9a..67fb3f650 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -5,7 +5,6 @@ ./ejabberd ./hosts.nix ./iptables.nix - ./nixpkgs-overlays.nix ./slock.nix ./x0vncserver.nix ]; diff --git a/tv/3modules/nixpkgs-overlays.nix b/tv/3modules/nixpkgs-overlays.nix deleted file mode 100644 index 4eb7a86bd..000000000 --- a/tv/3modules/nixpkgs-overlays.nix +++ /dev/null @@ -1,23 +0,0 @@ -with import ; -{ config, pkgs, ... }: { - - options.tv.nixpkgs-overlays = mkOption { - apply = src: - pkgs.runCommand "nixpkgs-overlays" {} '' - mkdir $out - ${concatStringsSep "\n" (mapAttrsToList (name: path: - "ln -s ${shell.escape path} $out/${shell.escape name}" - ) src)} - '' // { - inherit src; - }; - type = types.attrsOf types.absolute-pathname; - }; - - config = { - tv.nixpkgs-overlays = { - krebs = mkDefault "/var/src/stockholm/krebs/5pkgs"; - tv = mkDefault "/var/src/stockholm/tv/5pkgs"; - }; - }; -} From 4a3650b3e3091343cc30034ac88bda8516306ea9 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 29 Dec 2018 12:58:45 +0100 Subject: [PATCH 03/14] tv ejabberd: move home to /var/lib --- tv/2configs/backup.nix | 4 ++-- tv/3modules/ejabberd/default.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index f8de72d00..b8dec8da4 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -60,7 +60,7 @@ with import ; }; xu-pull-ni-ejabberd = { method = "pull"; - src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; }; + src = { host = config.krebs.hosts.ni; path = "/var/lib/ejabberd"; }; dst = { host = config.krebs.hosts.xu; path = "/bku/ni-ejabberd"; }; startAt = "07:00"; }; @@ -78,7 +78,7 @@ with import ; }; zu-pull-ni-ejabberd = { method = "pull"; - src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; }; + src = { host = config.krebs.hosts.ni; path = "/var/lib/ejabberd"; }; dst = { host = config.krebs.hosts.zu; path = "/bku/ni-ejabberd"; }; startAt = "06:00"; }; diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index e99b94ff9..f16dfac86 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -67,7 +67,7 @@ in { type = types.user; default = { name = "ejabberd"; - home = "/var/ejabberd"; + home = "/var/lib/ejabberd"; }; }; }; From 45359e7db5ec7fe9e33624e15e362c2b9e6ef9d9 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 29 Dec 2018 14:22:24 +0100 Subject: [PATCH 04/14] tv dhcpcd: set saner dbdir --- tv/5pkgs/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index c5c800b55..605d827ef 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -24,6 +24,12 @@ foldl' mergeAttrs {} "$@" ''; + dhcpcd = overrideDerivation super.dhcpcd (old: { + configureFlags = old.configureFlags ++ [ + "--dbdir=/var/lib/dhcpcd" + ]; + }); + gitAndTools = super.gitAndTools // { inherit (self) diff-so-fancy; }; From 6e5a61b676eea8a066be7848e2a879f57f2c0c4a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Jan 2019 20:16:17 +0100 Subject: [PATCH 05/14] per-user module: enable only if configured --- krebs/3modules/per-user.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix index a7a07a8e6..5beb859aa 100644 --- a/krebs/3modules/per-user.nix +++ b/krebs/3modules/per-user.nix @@ -13,7 +13,7 @@ in { }); default = {}; }; - config = { + config = mkIf (cfg != {}) { environment = { etc = mapAttrs' From 7c84b32f2de5c759f18fe449597e0edba493ad9d Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 7 Jan 2019 11:23:25 +0100 Subject: [PATCH 06/14] tv slock service: support multiple displays --- tv/3modules/slock.nix | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix index 1c84b1e9e..53f7f1f62 100644 --- a/tv/3modules/slock.nix +++ b/tv/3modules/slock.nix @@ -5,10 +5,12 @@ in { options.tv.slock = { enable = mkEnableOption "tv.slock"; package = mkOption { - default = pkgs.execBin "slock" rec { - filename = "${pkgs.systemd}/bin/systemctl"; - argv = [ filename "start" "slock-${cfg.user.name}.service" ]; - }; + default = pkgs.writeDashBin "slock" '' + set -efu + display=''${DISPLAY#:} + service=slock-$LOGNAME@$display.service + exec ${pkgs.systemd}/bin/systemctl start "$service" + ''; type = types.package; }; user = mkOption { @@ -18,16 +20,16 @@ in { config = mkIf cfg.enable { security.polkit.extraConfig = /* js */ '' polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.systemd1.manage-units" && - action.lookup("unit") == "slock-${cfg.user.name}.service" && - subject.user == ${toJSON cfg.user.name}) { + if (action.id === "org.freedesktop.systemd1.manage-units" && + subject.user === ${toJSON cfg.user.name} && + /^slock-${cfg.user.name}@[0-9]+\.service$/.test(action.lookup("unit")) ) { return polkit.Result.YES; } }); ''; - systemd.services."slock-${cfg.user.name}" = { + systemd.services."slock-${cfg.user.name}@" = { environment = { - DISPLAY = ":${toString config.services.xserver.display}"; + DISPLAY = ":%I"; LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" { passAsFile = ["text"]; text = /* c */ '' From e0bbedff27bd3ca6d69b147f2f3dbc183de72243 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 7 Jan 2019 15:29:48 +0100 Subject: [PATCH 07/14] tv xkiller: init --- tv/5pkgs/simple/xkiller.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 tv/5pkgs/simple/xkiller.nix diff --git a/tv/5pkgs/simple/xkiller.nix b/tv/5pkgs/simple/xkiller.nix new file mode 100644 index 000000000..8d8f01690 --- /dev/null +++ b/tv/5pkgs/simple/xkiller.nix @@ -0,0 +1,25 @@ +{ pkgs }: +pkgs.writeDash "xkiller" '' + set -efu + exec >&2 + ${pkgs.iproute}/bin/ss -lp src unix:/tmp/.X11-unix/X* | + ${pkgs.gnused}/bin/sed -n ' + s|.*/tmp/.X11-unix/X\([0-9]\+\)\>.*("X[^"]*",pid=\([0-9]\+\)\>.*|\1 \2|p + ' | + while read -r display pid; do + { + exit_code=$( + DISPLAY=:$display ${pkgs.coreutils}/bin/timeout 1 \ + ${pkgs.xorg.xset}/bin/xset q >/dev/null 2>&1 && + echo 0 || echo $? + ) + if test $exit_code = 124; then + echo "X on display :$display is locked up; killing PID $pid..." + ${pkgs.coreutils}/bin/kill -SIGKILL "$pid" + else + echo "X on display :$display is healthy" + fi + } & + done + wait +'' From c4a8e1380df895e5c5a94fea4d042410b0e850fd Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 7 Jan 2019 15:31:55 +0100 Subject: [PATCH 08/14] tv xkiller service: init --- tv/2configs/xserver/xkiller.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 tv/2configs/xserver/xkiller.nix diff --git a/tv/2configs/xserver/xkiller.nix b/tv/2configs/xserver/xkiller.nix new file mode 100644 index 000000000..2f9763093 --- /dev/null +++ b/tv/2configs/xserver/xkiller.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: { + + services.acpid.enable = true; + services.acpid.handlers.xkiller = { + action = /* sh */ '' + event=($1) + if test "''${event[2]}" = 00000080; then + ${pkgs.systemd}/bin/systemd-cat -t xkiller ${pkgs.xkiller} + fi + ''; + event = "button/prog1"; + }; + +} From 3e46d0d057053ed0aa5b1f2d259ccee64beedcd8 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 7 Jan 2019 15:32:43 +0100 Subject: [PATCH 09/14] tv xu: add xkiller service --- tv/1systems/xu/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index c47608aa9..33f9539c9 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -20,6 +20,7 @@ with import ; + { environment.systemPackages = with pkgs; [ From 9475684bedcec695e196931a764b6e2e208349c4 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 8 Jan 2019 21:08:19 +0100 Subject: [PATCH 10/14] tv htop: header_margin=0 --- tv/2configs/htop.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/htop.nix b/tv/2configs/htop.nix index d7d2d7bfd..e78caeb5f 100644 --- a/tv/2configs/htop.nix +++ b/tv/2configs/htop.nix @@ -22,7 +22,7 @@ with import ; highlight_megabytes=1 highlight_threads=1 tree_view=1 - header_margin=1 + header_margin=0 detailed_cpu_time=0 cpu_count_from_zero=0 update_process_names=0 From 5e87f121a3b010705f255aa503ad428da05e7da7 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 13 Jan 2019 18:38:23 +0100 Subject: [PATCH 11/14] =?UTF-8?q?tv=20xmodmap:=20add=20=CE=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tv/2configs/xserver/Xmodmap.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/xserver/Xmodmap.nix b/tv/2configs/xserver/Xmodmap.nix index d2b1b2604..8e8e3dfdd 100644 --- a/tv/2configs/xserver/Xmodmap.nix +++ b/tv/2configs/xserver/Xmodmap.nix @@ -17,6 +17,7 @@ pkgs.writeText "Xmodmap" '' keycode 39 = s S ssharp keycode 33 = p P Greek_pi Greek_PI + keycode 40 = d D Greek_delta Greek_DELTA keycode 46 = l L Greek_lambda Greek_LAMBDA keycode 54 = c C cacute Cacute From a4bb3ee1d3afbee5e8b4676d481382be3a60a750 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 13 Jan 2019 23:42:14 +0100 Subject: [PATCH 12/14] tv gitrepos: add Reaktor --- tv/2configs/gitrepos.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 9409246e2..3eab1ce68 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -103,6 +103,7 @@ let { nixos-infest = {}; painload = {}; push = {}; + Reaktor = {}; with-tmpdir = {}; get = {}; load-env = {}; From 1e37db3b790cd4c01efd37722f2cc2fc40966b4e Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 13 Jan 2019 23:42:22 +0100 Subject: [PATCH 13/14] tv gitrepos: add reaktor2 --- tv/2configs/gitrepos.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 3eab1ce68..725ddefa8 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -67,6 +67,7 @@ let { cgit.desc = "source code installer"; }; q = {}; + reaktor2 = {}; regfish = {}; stockholm = { cgit.desc = "NixOS configuration"; From 2d2ab95f0707209c4c248d43cb57877a50a37991 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 16 Jan 2019 11:10:34 +0100 Subject: [PATCH 14/14] krebs tinc: Broadcast = no --- krebs/3modules/tinc.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index ecd449b09..24eac7158 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -27,6 +27,7 @@ let "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" '' Name = ${tinc.config.host.name} Interface = ${netname} + Broadcast = no ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} PrivateKeyFile = ${tinc.config.privkey.path} Port = ${toString tinc.config.host.nets.${netname}.tinc.port}