Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse Source
This commit is contained in:
makefu 2018-01-04 00:21:13 +01:00
commit 8c6bd7431c
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
29 changed files with 392 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
krebs/2configs/buildbot-all.nix
View File

@ -9,5 +9,6 @@ with import <stockholm/lib>;
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
krebs.ci.tests = [ "deploy" ];
}

2
krebs/2configs/hw/x220.nix
View File

@ -23,7 +23,7 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau
];
security.rngd.enable = true;
security.rngd.enable = mkDefault true;
services.xserver = {
videoDriver = "intel";

48
krebs/3modules/ci.nix
View File

@ -24,6 +24,13 @@ in
List of hosts that should be build
'';
};
tests = mkOption {
type = types.listOf types.str;
default = [];
description = ''
List of tests that should be build
'';
};
};
config = mkIf cfg.enable {
@ -56,14 +63,14 @@ in
'';
scheduler = {
build-scheduler = ''
# build all hosts
sched.append(
schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=${toString cfg.treeStableTimer}*60,
name="build-all-branches",
builderNames=[
"build-hosts"
${optionalString (cfg.hosts != []) ''"hosts",''}
${optionalString (cfg.tests != []) ''"tests",''}
]
)
)
@ -73,7 +80,8 @@ in
schedulers.ForceScheduler(
name="force",
builderNames=[
"build-hosts"
${optionalString (cfg.hosts != []) ''"hosts",''}
${optionalString (cfg.tests != []) ''"tests",''}
]
)
)
@ -91,7 +99,7 @@ in
factory.addStep(steps.ShellCommand(**kwargs))
'';
builder = {
build-hosts = ''
hosts = mkIf (cfg.hosts != []) ''
f = util.BuildFactory()
f.addStep(grab_repo)
@ -120,12 +128,42 @@ in
bu.append(
util.BuilderConfig(
name="build-hosts",
name="hosts",
slavenames=slavenames,
factory=f
)
)
'';
tests = mkIf (cfg.tests != []) ''
f = util.BuildFactory()
f.addStep(grab_repo)
def run_test(test):
addShell(f,
name="{}".format(test),
env={
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
},
command=[
"nix-build", "-I", "stockholm=.", "krebs/6tests",
"-A", "{}".format(test)
],
timeout=90001
)
${concatMapStringsSep "\n" (test:
"run_test(\"${test}\")"
) cfg.tests}
bu.append(
util.BuilderConfig(
name="tests",
slavenames=slavenames,
factory=f
)
)
'';
};
enable = true;

9
krebs/3modules/iptables.nix
View File

@ -61,6 +61,15 @@ let
};
};
})));
default = {
filter.INPUT.policy = "ACCEPT";
filter.FORWARD.policy = "ACCEPT";
filter.OUTPUT.policy = "ACCEPT";
nat.PREROUTING.policy = "ACCEPT";
nat.INPUT.policy = "ACCEPT";
nat.OUTPUT.policy = "ACCEPT";
nat.POSTROUTING.policy = "ACCEPT";
};
};
};

45
krebs/3modules/nin/default.nix
View File

@ -31,6 +31,47 @@ with import <stockholm/lib>;
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
};
axon= {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.134.66";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
aliases = [
"axon.retiolum"
"axon.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
/F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
};
onondaga = {
cores = 1;
@ -63,6 +104,10 @@ with import <stockholm/lib>;
};
users = {
nin = {
mail = "nin@axon.retiolum";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
};
nin_h = {
mail = "nin@hiawatha.retiolum";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
};

29
krebs/5pkgs/simple/bitlbee-discord/default.nix Normal file
View File

@ -0,0 +1,29 @@
{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoreconfHook, pkgconfig, glib }:
with stdenv.lib;
stdenv.mkDerivation rec {
name = "bitlbee-discord-2017-12-27";
src = fetchFromGitHub {
rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182";
owner = "sm00th";
repo = "bitlbee-discord";
sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95";
};
nativeBuildInputs = [ autoreconfHook pkgconfig ];
buildInputs = [ bitlbee glib ];
preConfigure = ''
export BITLBEE_PLUGINDIR=$out/lib/bitlbee
./autogen.sh
'';
meta = {
description = "Bitlbee plugin for Discord";
homepage = https://github.com/sm00th/bitlbee-discord;
license = licenses.gpl2Plus;
platforms = stdenv.lib.platforms.linux;
};
}

46
krebs/5pkgs/writers.nix
View File

@ -283,27 +283,33 @@ with import <stockholm/lib>;
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
'');
writePython2 = name: text:
assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = {
check = pkgs.writeDash "python2check.sh" ''
exec ${pkgs.python2}/bin/python -m py_compile "$1"
'';
inherit text;
};
};
writePython2 = deps:
let
py = pkgs.python2.withPackages(ps: attrVals deps ps);
in
pkgs.makeScriptWriter {
interpreter = "${py}/bin/python";
check = pkgs.writeDash "python2check.sh" ''
exec ${pkgs.python2Packages.flake8}/bin/flake8 --show-source "$1"
'';
};
writePython3 = name: text:
assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = {
check = pkgs.writeDash "python3check.sh" ''
exec ${pkgs.python3}/bin/python -m py_compile "$textPath"
'';
inherit text;
};
};
writePython2Bin = d: name:
pkgs.writePython2 d "/bin/${name}";
writePython3 = deps:
let
py = pkgs.python3.withPackages(ps: attrVals deps ps);
in
pkgs.makeScriptWriter {
interpreter = "${py}/bin/python";
check = pkgs.writeDash "python3check.sh" ''
exec ${pkgs.python3Packages.flake8}/bin/flake8 --show-source "$1"
'';
};
writePython3Bin = d: name:
pkgs.writePython3 d "/bin/${name}";
writeSed = pkgs.makeScriptWriter {
interpreter = "${pkgs.gnused}/bin/sed -f";

6
krebs/6tests/default.nix Normal file
View File

@ -0,0 +1,6 @@
with import <stockholm/lib>;
{ ... }:
{
deploy = import ./deploy.nix;
}

18
krebs/6tests/deploy.nix
View File

@ -1,7 +1,8 @@
with import <stockholm/lib>;
import <nixpkgs/nixos/tests/make-test.nix> ({ pkgs, ... }:
import <nixpkgs/nixos/tests/make-test.nix> ({ ... }:
let
pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; };
test-config = <stockholm/krebs/6tests/data/test-config.nix>;
privKey = ''
-----BEGIN OPENSSH PRIVATE KEY-----
@ -41,15 +42,12 @@ let
cd ${<stockholm>}
export NIX_PATH=stockholm=${<stockholm>}:nixpkgs=${<nixpkgs>}:$NIX_PATH
exec >&2
: ${minimalSystem}
source=${pkgs.writeJSON "source.json" populate-source}
cat > /tmp/derp <<EOF
builtins.fromJSON (builtins.readFile "$source")
EOF
LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source"
# TODO: make deploy work
#LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \
# --force-populate \
# --source=/tmp/derp \
# --source=${./data/test-source.nix} \
# --system=server \
'';
minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
@ -70,22 +68,20 @@ in {
imports = [ test-config ];
environment.variables = {
NIX_PATH = mkForce "nixpkgs=${<nixpkgs>}";
#LOL = minimalSystem;
};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [
pubKey
];
#virtualisation.writableStore = true;
virtualisation.pathsInNixDB = [
minimalSystem
pkgs.stockholm
];
environment.systemPackages = [ pkgs.git ];
};
client =
{ config, pkgs, ... }: { };
{ config, pkgs, ... }:
{ };
};
testScript = ''

2
krebs/source.nix
View File

@ -17,6 +17,6 @@ in
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13
ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04
};
}

2
lass/1systems/helios/config.nix
View File

@ -120,8 +120,6 @@ with import <stockholm/lib>;
];
};
programs.ssh.startAgent = lib.mkForce true;
services.tlp.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];

1
lass/1systems/mors/config.nix
View File

@ -30,6 +30,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/otp-ssh.nix>
<stockholm/lass/2configs/c-base.nix>
<stockholm/lass/2configs/br.nix>
<stockholm/lass/2configs/ableton.nix>
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [

3
lass/1systems/prism/config.nix
View File

@ -234,8 +234,7 @@ in {
}
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/bitlbee.nix>
<stockholm/lass/2configs/weechat.nix>
<stockholm/lass/2configs/IM.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/radio.nix>
<stockholm/lass/2configs/repo-sync.nix>

57
lass/2configs/IM.nix Normal file
View File

@ -0,0 +1,57 @@
with (import <stockholm/lib>);
{ config, lib, pkgs, ... }:
let
tmux = pkgs.writeDash "tmux" ''
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g prefix `
unbind-key C-b
bind ` send-prefix
set-option -g status off
set-option -g default-terminal screen-256color
#use session instead of windows
bind-key c new-session
bind-key p switch-client -p
bind-key n switch-client -n
bind-key C-s switch-client -l
''} "$@"
'';
in {
users.extraUsers.chat = {
home = "/home/chat";
uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
lass-android.pubkey
];
};
# mosh
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
{ predicate = "-p tcp --dport 9999"; target = "ACCEPT";}
];
systemd.services.chat = {
description = "chat environment setup";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = false;
serviceConfig = {
User = "chat";
RemainAfterExit = true;
Type = "oneshot";
ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
ExecStop = "${tmux} kill-session -t IM";
};
};
}

20
lass/2configs/ableton.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, pkgs, ... }: let
mainUser = config.users.extraUsers.mainUser;
in {
users.users= {
ableton = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
];
packages = [
pkgs.wine
pkgs.winetricks
];
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(ableton) NOPASSWD: ALL
'';
}

2
lass/2configs/baseX.nix
View File

@ -53,7 +53,7 @@ in {
time.timeZone = "Europe/Berlin";
programs.ssh.startAgent = false;
programs.ssh.startAgent = true;
services.openssh.forwardX11 = true;
services.printing = {

12
lass/2configs/bitlbee.nix
View File

@ -1,12 +0,0 @@
{ config, pkgs, ... }:
{
services.bitlbee = {
enable = true;
portNumber = 6666;
plugins = [
pkgs.bitlbee-facebook
pkgs.bitlbee-steam
];
};
}

4
lass/2configs/default.nix
View File

@ -1,5 +1,5 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{ config, pkgs, ... }:
{
imports = [
../2configs/binary-cache/client.nix
@ -78,7 +78,7 @@ with import <stockholm/lib>;
users.mutableUsers = false;
services.timesyncd.enable = true;
services.timesyncd.enable = mkForce true;
#why is this on in the first place?
services.nscd.enable = false;

5
lass/2configs/exim-smarthost.nix
View File

@ -49,6 +49,11 @@ with import <stockholm/lib>;
{ from = "aliexpress@lassul.us"; to = lass.mail; }
{ from = "business@lassul.us"; to = lass.mail; }
{ from = "payeer@lassul.us"; to = lass.mail; }
{ from = "github@lassul.us"; to = lass.mail; }
{ from = "bitwala@lassul.us"; to = lass.mail; }
{ from = "bitstamp@lassul.us"; to = lass.mail; }
{ from = "bitcoin.de@lassul.us"; to = lass.mail; }
{ from = "ableton@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

4
lass/2configs/reaktor-coders.nix
View File

@ -21,6 +21,7 @@ with import <stockholm/lib>;
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \'';
in [
sed-plugin
url-title
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
@ -64,8 +65,7 @@ with import <stockholm/lib>;
})
(buildSimpleReaktorPlugin "random-unicorn-porn" {
pattern = "^!rup$$";
script = pkgs.writePython2 "rup" ''
#!${pkgs.python2}/bin/python
script = pkgs.writePython2 [] "rup" ''
t1 = """
_.
;=',_ ()

1
lass/2configs/vim.nix
View File

@ -103,7 +103,6 @@ let
cnoreabbrev Ack Ack!
" copy/paste from/to xclipboard
noremap x "_x
set clipboard=unnamedplus
'';

47
lass/2configs/weechat.nix
View File

@ -1,47 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (import <stockholm/lib>) genid;
in {
krebs.per-user.chat.packages = with pkgs; [
mosh
weechat
];
users.extraUsers.chat = {
home = "/home/chat";
uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
lass-android.pubkey
];
};
# mosh
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
#systemd.services.chat = {
# description = "chat environment setup";
# after = [ "network.target" ];
# wantedBy = [ "multi-user.target" ];
# path = with pkgs; [
# weechat
# tmux
# ];
# restartIfChanged = true;
# serviceConfig = {
# User = "chat";
# Restart = "always";
# ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat";
# };
#};
}

2
lass/3modules/news.nix
View File

@ -38,7 +38,7 @@ let
};
ircServer = mkOption {
type = types.str;
default = "echelon.r";
default = "localhost";
description = "to which server the bot should connect";
};
};

10
lass/5pkgs/xmonad-lass.nix
View File

@ -66,7 +66,7 @@ main' = do
{ terminal = myTerm
, modMask = mod4Mask
, layoutHook = smartBorders $ myLayoutHook
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
, manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks
, startupHook =
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
(\path -> forkFile path [] Nothing)
@ -80,6 +80,14 @@ myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
floatHooks = composeAll . concat $
[ [ title =? t --> doFloat | t <- myTitleFloats]
, [ className =? c --> doFloat | c <- myClassFloats ] ]
where
myTitleFloats = [] -- for the KDE "open link" popup from konsole
myClassFloats = ["Pinentry"] -- for gpg passphrase entry
myKeyMap :: [([Char], X ())]
myKeyMap =
[ ("M4-<F11>", spawn "${config.lass.screenlock.command}")

2
lass/source.nix
View File

@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "3aec59c";
ref = "0b30c1d";
};
secrets = getAttr builder {
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;

117
nin/1systems/axon/config.nix Normal file
View File

@ -0,0 +1,117 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
<stockholm/nin>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
#../2configs/copyq.nix
<stockholm/nin/2configs/games.nix>
<stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/termite.nix>
];
krebs.build.host = config.krebs.hosts.axon;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/pool/root";
fsType = "ext4";
};
fileSystems."/tmp" =
{ device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "ext2";
};
boot.initrd.luks.devices.crypted.device = "/dev/sda2";
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
# nin config
time.timeZone = "Europe/Berlin";
services.xserver.enable = true;
networking.networkmanager.enable = true;
#networking.wireless.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
hardware.bluetooth.enable = true;
hardware.opengl.driSupport32Bit = true;
#nixpkgs.config.steam.java = true;
environment.systemPackages = with pkgs; [
firefox
git
lmms
networkmanagerapplet
python
steam
thunderbird
vim
virtmanager
];
nixpkgs.config = {
allowUnfree = true;
};
#services.logind.extraConfig = "HandleLidSwitch=ignore";
services.xserver.synaptics = {
enable = true;
};
services.xserver.desktopManager.xfce = let
xbindConfig = pkgs.writeText "xbindkeysrc" ''
"${pkgs.pass}/bin/passmenu --type"
Control + p
'';
in {
enable = true;
extraSessionCommands = ''
${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
'';
};
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
}

4
nin/1systems/axon/source.nix Normal file
View File

@ -0,0 +1,4 @@
import <stockholm/nin/source.nix> {
name = "axon";
secure = true;
}

2
nin/2configs/default.nix
View File

@ -16,6 +16,7 @@ with import <stockholm/lib>;
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
config.krebs.users.nin_h.pubkey
];
};
nin = {
@ -31,6 +32,7 @@ with import <stockholm/lib>;
];
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
config.krebs.users.nin_h.pubkey
];
};
};

2
nin/2configs/git.nix
View File

@ -53,7 +53,7 @@ let
with git // config.krebs.users;
repo:
singleton {
user = [ nin ];
user = [ nin nin_h ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++