Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mors: import mors + config

Browse Source
This commit is contained in:
lassulus 2015-04-10 01:37:29 +02:00 committed by tv
parent 6593d16308
commit aa5d113f90
15 changed files with 837 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
modules/lass/bitcoin.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
electrum
];
users.extraUsers = {
bitcoin = {
name = "bitcoin";
description = "user for bitcoin stuff";
home = "/home/bitcoin";
useDefaultShell = true;
createHome = true;
};
};
}

65
modules/lass/browsers-lass.nix Normal file
View File

@ -0,0 +1,65 @@
{ config, pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs : {
chromium = pkgs.chromium.override {
pulseSupport = true;
};
};
environment.systemPackages = with pkgs; [
firefox
chromium
];
users.extraUsers = {
firefox = {
name = "firefox";
description = "user for running firefox";
home = "/home/firefox";
useDefaultShell = true;
extraGroups = [ "audio" ];
createHome = true;
};
chromium = {
name = "chromium";
description = "user for running chromium";
home = "/home/chromium";
useDefaultShell = true;
extraGroups = [ "audio" ];
createHome = true;
};
facebook = {
name = "facebook";
description = "user for running facebook in chromium";
home = "/home/facebook";
useDefaultShell = true;
extraGroups = [ "audio" ];
createHome = true;
};
google = {
name = "google";
description = "user for running google+/gmail in chromium";
home = "/home/google";
useDefaultShell = true;
createHome = true;
};
flash = {
name = "flash";
description = "user for running flash stuff";
home = "/home/flash";
useDefaultShell = true;
extraGroups = [ "audio" ];
createHome = true;
};
};
security.sudo.extraConfig = ''
lass ALL=(firefox) NOPASSWD: ALL
lass ALL=(chromium) NOPASSWD: ALL
lass ALL=(facebook) NOPASSWD: ALL
lass ALL=(google) NOPASSWD: ALL
lass ALL=(flash) NOPASSWD: ALL
'';
}

157
modules/lass/desktop-base.nix Normal file
View File

@ -0,0 +1,157 @@
{ config, pkgs, ... }:
{
boot.tmpOnTmpfs = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
time.timeZone = "Europe/Berlin";
virtualisation.libvirtd.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
PAGER=most
'';
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
#fancy colors
if [ -e ~/LS_COLORS ]; then
eval $(dircolors ~/LS_COLORS)
fi
if [ -e /etc/nixos/dotfiles/link ]; then
/etc/nixos/dotfiles/link
fi
'';
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]\w\[\033[0m\] '
elif test $UID = 1337; then
PS1='\[\033[1;32m\]\w\[\033[0m\] '
else
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
fi
'';
};
programs.ssh.startAgent = false;
security.setuidPrograms = [ "slock" ];
###SERVICES BEGIN
services.gitolite = {
enable = true;
dataDir = "/home/gitolite";
adminPubkey = ''
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors
'';
};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
services.openssh = {
enable = true;
hostKeys = [
# XXX bits here make no science
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
services.printing = {
enable = true;
drivers = [ pkgs.foomatic_filters ];
};
###SERVICES END
environment.systemPackages = with pkgs; [
gitolite
git
#terminal
most
powertop
#network
iptables
#video stuff
haskellPackages.xmobar
haskellPackages.yeganesh
dmenu2
xlibs.fontschumachermisc
];
nix.useChroot = true;
#
# user settings
#
users.mutableUsers = false;
users.extraUsers = {
#gitolite = {
# name = "gitolite";
# description = "gitolite git manager";
# home = "/home/gitolite";
# createHome = true;
# useDefaultShell = true;
#};
testing = {
name = "testing";
description = "user for testing various stuff";
home = "/home/testing";
useDefaultShell = true;
createHome = true;
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [
22
];
extraCommands = ''
iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
iptables -A INPUT -j ACCEPT -i lo
#iptables -N Retiolum
iptables -A INPUT -j Retiolum -i retiolum
iptables -A Retiolum -j ACCEPT -p icmp
iptables -A Retiolum -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
iptables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset
iptables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable
iptables -A Retiolum -j REJECT --reject-with icmp-proto-unreachable
iptables -A Retiolum -j REJECT
'';
extraStopCommands = "iptables -F";
};
}

17
modules/lass/elster.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
users.extraUsers = {
elster = {
name = "elster";
description = "user for running elster-online";
home = "/home/elster";
useDefaultShell = true;
extraGroups = [];
createHome = true;
};
};
security.sudo.extraConfig = ''
lass ALL=(elster) NOPASSWD: ALL
'';
}

22
modules/lass/games.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
dwarf_fortress
];
users.extraUsers = {
games = {
name = "games";
description = "user playing games";
home = "/home/games";
extraGroups = [ "audio" ];
createHome = true;
useDefaultShell = true;
};
};
security.sudo.extraConfig = ''
lass ALL=(games) NOPASSWD: ALL
'';
}

10
modules/lass/pass.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
pass
gnupg1
];
services.xserver.startGnuPGAgent = true;
}

24
modules/lass/programs.nix Normal file
View File

@ -0,0 +1,24 @@
{ config, pkgs, ... }:
## TODO sort and split up
{
environment.systemPackages = with pkgs; [
aria2
gnupg1compat
htop
i3lock
mc
mosh
mpv
pass
pavucontrol
pv
pwgen
python34Packages.livestreamer
remmina
silver-searcher
wget
xsel
youtube-dl
];
}

21
modules/lass/retiolum-mors.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, pkgs, ... }:
{
imports = [
../tv/retiolum.nix
];
services.retiolum = {
enable = true;
hosts = ../../hosts;
privateKeyFile = "/etc/nixos/secrets/mors.retiolum.rsa_key.priv";
connectTo = [
"fastpoke"
"gum"
"ire"
];
};
networking.firewall.allowedTCPPorts = [ 655 ];
networking.firewall.allowedUDPPorts = [ 655 ];
}

29
modules/lass/steam.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, pkgs, ... }:
{
imports = [
./games.nix
];
#
# Steam stuff
# source: https://nixos.org/wiki/Talk:Steam
#
##TODO: make steam module
hardware.opengl.driSupport32Bit = true;
environment.systemPackages = with pkgs; [
steam
];
networking.firewall = {
allowedUDPPorts = [
27031
27036
];
allowedTCPPorts = [
27036
27037
];
};
}

54
modules/lass/urxvt-lass.nix Normal file
View File

@ -0,0 +1,54 @@
{ pkgs, ... }:
{
imports = [
./urxvtd.nix
];
services.urxvtd = {
enable = true;
users = [ "lass" ];
urxvtPackage = pkgs.rxvt_unicode_with-plugins;
xresources = ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.url-select.launcher: browser-select
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
!solarized colors
URxvt*fading: 5
URxvt*background: #002b36
URxvt*foreground: #657b83
URxvt*fadeColor: #002b36
URxvt*cursorColor: #93a1a1
URxvt*pointerColorBackground: #586e75
URxvt*pointerColorForeground: #93a1a1
URxvt*colorUL: #859900
URxvt*colorBD: #268bd2
URxvt*color0: #073642
URxvt*color8: #002b36
URxvt*color1: #dc322f
URxvt*color9: #cb4b16
URxvt*color2: #859900
URxvt*color10: #586e75
URxvt*color3: #b58900
URxvt*color11: #657b83
URxvt*color4: #268bd2
URxvt*color12: #839496
URxvt*color5: #d33682
URxvt*color13: #6c71c4
URxvt*color6: #2aa198
URxvt*color14: #93a1a1
URxvt*color7: #eee8d5
URxvt*color15: #fdf6e3
'';
};
}

93
modules/lass/vim.nix Normal file
View File

@ -0,0 +1,93 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
(vim_configurable.customize {
name = "vim";
vimrcConfig.customRC = ''
set nocompatible
set t_Co=16
syntax on
" TODO autoload colorscheme file
set background=dark
colorscheme solarized
filetype off
filetype plugin indent on
imap <F1> <nop>
set mouse=a
set ruler
set showmatch
set backspace=2
set visualbell
set encoding=utf8
set showcmd
set wildmenu
set title
set titleold=
set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
set autoindent
set ttyfast
set pastetoggle=<INS>
" Force Saving Files that Require Root Permission
command! W silent w !sudo tee "%" >/dev/null
nnoremap <C-c> :q<Return>
vnoremap < <gv
vnoremap > >gv
"Tabwidth
set ts=2 sts=2 sw=2 et
autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
" create Backup/tmp/undo dirs
function! InitBackupDir()
let l:parent = $HOME . '/.vim/'
let l:backup = l:parent . 'backups/'
let l:tmpdir = l:parent . 'tmp/'
let l:undodi = l:parent . 'undo/'
if !isdirectory(l:parent)
call mkdir(l:parent)
endif
if !isdirectory(l:backup)
call mkdir(l:backup)
endif
if !isdirectory(l:tmpdir)
call mkdir(l:tmpdir)
endif
if !isdirectory(l:undodi)
call mkdir(l:undodi)
endif
endfunction
call InitBackupDir()
" Backups & Files
set backup
set backupdir=~/.vim/backups
set directory=~/.vim/tmp//
set viminfo='20,<1000,s100,h,n~/.vim/tmp/info
set undodir=$HOME/.vim/undo
set undofile
'';
vimrcConfig.vam.knownPlugins = vimPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ name = "Gundo"; }
{ name = "commentary"; }
{ name = "vim-addon-nix"; }
{ name = "colors-solarized"; }
];
})
];
}

16
modules/lass/virtualbox.nix Normal file
View File

@ -0,0 +1,16 @@
{ config, pkgs, ... }:
{
services.virtualboxHost.enable = true;
users.extraUsers = {
virtual = {
name = "virtual";
description = "user for running VirtualBox";
home = "/home/virtual";
useDefaultShell = true;
extraGroups = [ "vboxusers" ];
createHome = true;
};
};
}

17
modules/lass/wine.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
users.extraUsers = {
elster = {
name = "elster";
description = "user for running elster-online";
home = "/home/elster";
useDefaultShell = true;
extraGroups = [];
createHome = true;
};
};
security.sudo.extraConfig = ''
lass ALL=(wine) NOPASSWD: ALL
'';
}

8
modules/lass/xserver-lass.nix Normal file
View File

@ -0,0 +1,8 @@
{ config, pkgs, ... }:
{
imports = [
../tv/xserver.nix
];
services.xserver.displayManager.auto.user = "lass";
}

287
modules/mors/default.nix Normal file
View File

@ -0,0 +1,287 @@
{ config, pkgs, ... }:
{
imports = [
../lass/desktop-base.nix
../lass/programs.nix
../lass/retiolum-mors.nix
../lass/xserver-lass.nix
../tv/synaptics.nix
../lass/bitcoin.nix
../lass/browsers-lass.nix
../lass/games.nix
../tv/exim-retiolum.nix
../lass/pass.nix
../lass/vim.nix
../lass/virtualbox.nix
../lass/elster.nix
../lass/urxvt-lass.nix
../lass/steam.nix
];
networking.hostName = "mors";
networking.wireless.enable = true;
networking.extraHosts = ''
'';
nix.maxJobs = 4;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
boot = {
kernelParams = [
"acpi.brightness_switch_enabled=0"
];
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
kernelModules = [ "msr" ];
extraModprobeConfig = ''
'';
};
fileSystems = {
"/" = {
device = "/dev/big/nix";
fsType = "ext4";
};
"/boot" = {
device = "/dev/sda1";
};
"/mnt/loot" = {
device = "/dev/big/loot";
fsType = "ext4";
};
"/home" = {
device = "/dev/big/home";
fsType = "ext4";
};
"/home/lass" = {
device = "/dev/big/home-lass";
fsType = "ext4";
};
"/mnt/backups" = {
device = "/dev/big/backups";
fsType = "ext4";
};
"/home/games/.local/share/Steam" = {
device = "/dev/big/steam";
fsType = "ext4";
};
"/home/virtual/virtual" = {
device = "/dev/big/virtual";
fsType = "ext4";
};
"/mnt/public" = {
device = "/dev/big/public";
fsType = "ext4";
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
'';
#activationScripts
#split up and move into base
system.activationScripts.powertopTunables = ''
#Enable Audio codec power management
echo '1' > '/sys/module/snd_hda_intel/parameters/power_save'
#VM writeback timeout
echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs'
#Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
#Autosuspend for USB device Biometric Coprocessor
echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
#Runtime PMs
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:16.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:03:00.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:0d:00.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:16.3/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
'';
system.activationScripts.trackpoint = ''
echo 0 > '/sys/devices/platform/i8042/serio1/serio2/speed'
echo 220 > '/sys/devices/platform/i8042/serio1/serio2/sensitivity'
'';
services.xserver = {
videoDriver = "intel";
vaapiDrivers = [ pkgs.vaapiIntel ];
deviceSection = ''
Option "AccelMethod" "sna"
BusID "PCI:0:2:0"
'';
};
#TODO move into modules
users.extraUsers = {
root = {
hashedPassword = "$6$78Zog6OCAQn6tFCO$jpOPksguWEsOPz7u1r6kVApD0Zb2SqjFV8Gn1JCZevcMtBI.jm0CcojXvW.v23xWDt4wZE4KcxFSNWNU.E9ef.";
};
#main user
lass = {
uid = 1337;
name = "lass";
#isNormalUser = true;
group = "users";
createHome = true;
home = "/home/lass";
useDefaultShell = true;
isSystemUser = false;
description = "lassulus";
extraGroups = [ "wheel" "audio" ];
hashedPassword = "$6$78Zog6OCAQn6tFCO$jpOPksguWEsOPz7u1r6kVApD0Zb2SqjFV8Gn1JCZevcMtBI.jm0CcojXvW.v23xWDt4wZE4KcxFSNWNU.E9ef.";
};
#miefda-mc-dev user
miefda = {
uid = 1338;
name = "miefda";
#isNormalUser = true;
group = "users";
createHome = true;
home = "/home/miefda";
useDefaultShell = true;
isSystemUser = false;
description = "miefda-minecraft-dev";
};
};
environment.systemPackages = with pkgs; [
];
#TODO: fix this shit
##fprint stuff
##sudo fprintd-enroll $USER to save fingerprints
#services.fprintd.enable = true;
#security.pam.services.sudo.fprintAuth = true;
users.extraGroups = {
loot = {
members = [
"lass"
"firefox"
"chromium"
"google"
];
};
};
networking.firewall = {
allowPing = true;
allowedTCPPorts = [
8000
];
allowedUDPPorts = [
67
];
};
services.ircdHybrid = {
enable = true;
description = "local test server";
};
#TODO
#services.urxvtd = {
# enable = true;
# users = [ "lass" ];
# urxvtPackage = pkgs.rxvt_unicode_with-plugins;
#};
#system.activationScripts.iptables =
# let
# log = false;
# when = c: f: if c then f else "";
# in
# ''
# ip4tables() { ${pkgs.iptables}/sbin/iptables "$@"; }
# ip6tables() { ${pkgs.iptables}/sbin/ip6tables "$@"; }
# ipXtables() { ip4tables "$@"; ip6tables "$@"; }
# #
# # nat
# #
# # reset tables
# ipXtables -t nat -F
# ipXtables -t nat -X
# #
# #ipXtables -t nat -A PREROUTING -j REDIRECT ! -i retiolum -p tcp --dport ssh --to-ports 0
# ipXtables -t nat -A PREROUTING -j REDIRECT -p tcp --dport 11423 --to-ports ssh
# #
# # filter
# #
# # reset tables
# ipXtables -P INPUT DROP
# ipXtables -P FORWARD DROP
# ipXtables -F
# ipXtables -X
# # create custom chains
# ipXtables -N Retiolum
# # INPUT
# ipXtables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
# ipXtables -A INPUT -j ACCEPT -i lo
# ipXtables -A INPUT -j ACCEPT -p tcp --dport ssh -m conntrack --ctstate NEW
# ipXtables -A INPUT -j ACCEPT -p tcp --dport http -m conntrack --ctstate NEW
# ipXtables -A INPUT -j ACCEPT -p tcp --dport tinc -m conntrack --ctstate NEW
# ipXtables -A INPUT -j ACCEPT -p tcp --dport smtp -m conntrack --ctstate NEW
# #mc
# ipXtables -A INPUT -j ACCEPT -p tcp --dport 25565
# ipXtables -A INPUT -j ACCEPT -p udp --dport 25565
# ipXtables -A INPUT -j Retiolum -i retiolum
# ${when log "ipXtables -A INPUT -j LOG --log-level info --log-prefix 'INPUT DROP '"}
# # FORWARD
# ${when log "ipXtables -A FORWARD -j LOG --log-level info --log-prefix 'FORWARD DROP '"}
# # Retiolum
# ip4tables -A Retiolum -j ACCEPT -p icmp --icmp-type echo-request
# ip6tables -A Retiolum -j ACCEPT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request
# ${when log "ipXtables -A Retiolum -j LOG --log-level info --log-prefix 'REJECT '"}
# ipXtables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset
# ip4tables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable
# ip4tables -A Retiolum -j REJECT --reject-with icmp-proto-unreachable
# ip6tables -A Retiolum -j REJECT -p udp --reject-with icmp6-port-unreachable
# ip6tables -A Retiolum -j REJECT
# '';
}