Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

2 lass: re-add all configs

Browse Source
This commit is contained in:
lassulus 2015-07-16 15:51:01 +02:00
parent 670cfaf39a
commit c3e295b56e
23 changed files with 1187 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
2configs/lass/base.nix Normal file
View File

@ -0,0 +1,136 @@
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
./sshkeys.nix
../../3modules/lass/iptables.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
(import /root/src/secrets/hashedPasswords.nix);
}
];
nix.useChroot = true;
users.mutableUsers = false;
boot.tmpOnTmpfs = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
PAGER=most
'';
environment.systemPackages = with pkgs; [
git
most
rxvt_unicode.terminfo
#network
iptables
];
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
#fancy colors
if [ -e ~/LS_COLORS ]; then
eval $(dircolors ~/LS_COLORS)
fi
if [ -e /etc/nixos/dotfiles/link ]; then
/etc/nixos/dotfiles/link
fi
'';
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]\w\[\033[0m\] '
elif test $UID = 1337; then
PS1='\[\033[1;32m\]\w\[\033[0m\] '
else
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
fi
'';
};
security.setuidPrograms = [
"sendmail"
];
services.gitolite = {
enable = true;
dataDir = "/home/gitolite";
adminPubkey = config.sshKeys.lass.pub;
};
services.openssh = {
enable = true;
hostKeys = [
# XXX bits here make no science
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
lass.iptables = {
enable = true;
tables = {
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
{ predicate = "-i lo"; target = "ACCEPT"; }
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
{ predicate = "-p icmp"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; }
];
};
};
#Networking.firewall = {
# enable = true;
# allowedTCPPorts = [
# 22
# ];
# extraCommands = ''
# iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
# iptables -A INPUT -j ACCEPT -i lo
# #http://serverfault.com/questions/84963/why-not-block-icmp
# iptables -A INPUT -j ACCEPT -p icmp
# #TODO: fix Retiolum firewall
# #iptables -N RETIOLUM
# #iptables -A INPUT -j RETIOLUM -i retiolum
# #iptables -A RETIOLUM -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
# #iptables -A RETIOLUM -j REJECT -p tcp --reject-with tcp-reset
# #iptables -A RETIOLUM -j REJECT -p udp --reject-with icmp-port-unreachable
# #iptables -A RETIOLUM -j REJECT --reject-with icmp-proto-unreachable
# #iptables -A RETIOLUM -j REJECT
# '';
#};
}

13
2configs/lass/binary-caches.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, ... }:
{
nix.sshServe.enable = true;
nix.sshServe.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel"
];
nix.binaryCaches = [
#"scp://nix-ssh@mors"
#"scp://nix-ssh@uriel"
];
}

13
2configs/lass/bird.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, ... }:
{
config.services.bird = {
enable = true;
config = ''
router id 192.168.122.1;
protocol device {
scan time 10;
}
'';
};
}

17
2configs/lass/bitcoin.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
electrum
];
users.extraUsers = {
bitcoin = {
name = "bitcoin";
description = "user for bitcoin stuff";
home = "/home/bitcoin";
useDefaultShell = true;
createHome = true;
};
};
}

67
2configs/lass/browsers.nix Normal file
View File

@ -0,0 +1,67 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
in {
nixpkgs.config.packageOverrides = pkgs : {
chromium = pkgs.chromium.override {
pulseSupport = true;
};
};
environment.systemPackages = with pkgs; [
firefox
];
users.extraUsers = {
firefox = {
name = "firefox";
description = "user for running firefox";
home = "/home/firefox";
useDefaultShell = true;
extraGroups = [ "audio" ];
createHome = true;
};
chromium = {
name = "chromium";
description = "user for running chromium";
home = "/home/chromium";
useDefaultShell = true;
extraGroups = [ "audio" ];
createHome = true;
};
facebook = {
name = "facebook";
description = "user for running facebook in chromium";
home = "/home/facebook";
useDefaultShell = true;
extraGroups = [ "audio" ];
createHome = true;
};
google = {
name = "google";
description = "user for running google+/gmail in chromium";
home = "/home/google";
useDefaultShell = true;
createHome = true;
};
flash = {
name = "flash";
description = "user for running flash stuff";
home = "/home/flash";
useDefaultShell = true;
extraGroups = [ "audio" ];
createHome = true;
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(firefox) NOPASSWD: ALL
${mainUser.name} ALL=(chromium) NOPASSWD: ALL
${mainUser.name} ALL=(facebook) NOPASSWD: ALL
${mainUser.name} ALL=(google) NOPASSWD: ALL
${mainUser.name} ALL=(flash) NOPASSWD: ALL
'';
}

48
2configs/lass/chromium-patched.nix Normal file
View File

@ -0,0 +1,48 @@
{ config, pkgs, ... }:
#settings to test:
#
#"ForceEphemeralProfiles": true,
let
masterPolicy = pkgs.writeText "master.json" ''
{
"PasswordManagerEnabled": false,
"DefaultGeolocationSetting": 2,
"RestoreOnStartup": 1,
"AutoFillEnabled": false,
"BackgroundModeEnabled": false,
"DefaultBrowserSettingEnabled": false,
"SafeBrowsingEnabled": false,
"ExtensionInstallForcelist": [
"cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx",
"ihlenndgcmojhcghmfjfneahoeklbjjh;https://clients2.google.com/service/update2/crx"
]
}
'';
master_preferences = pkgs.writeText "master_preferences" ''
{
"browser": {
"custom_chrome_frame": true
},
"extensions": {
"theme": {
"id": "",
"use_system": true
}
}
}
'';
in {
environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy;
environment.systemPackages = [
#pkgs.chromium
(pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
buildCommand = attrs.buildCommand + ''
touch $out/TEST123
'';
}))
];
}

65
2configs/lass/desktop-base.nix Normal file
View File

@ -0,0 +1,65 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
in {
imports = [
./base.nix
];
time.timeZone = "Europe/Berlin";
virtualisation.libvirtd.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
programs.ssh.startAgent = false;
security.setuidPrograms = [ "slock" ];
services.printing = {
enable = true;
drivers = [ pkgs.foomatic_filters ];
};
environment.systemPackages = with pkgs; [
powertop
#window manager stuff
haskellPackages.xmobar
haskellPackages.yeganesh
dmenu2
xlibs.fontschumachermisc
];
fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
services.xserver = {
enable = true;
windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [
X11-xshape
];
windowManager.xmonad.enable = true;
windowManager.xmonad.enableContribAndExtras = true;
windowManager.default = "xmonad";
desktopManager.default = "none";
desktopManager.xterm.enable = false;
displayManager.slim.enable = true;
displayManager.auto.enable = true;
displayManager.auto.user = mainUser.name;
layout = "us,de";
xkbModel = "evdev";
xkbVariant = "altgr-intl,nodeadkeys";
xkbOptions = "grp:caps_toggle";
};
}

20
2configs/lass/elster.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
in {
users.extraUsers = {
elster = {
name = "elster";
description = "user for running elster-online";
home = "/home/elster";
useDefaultShell = true;
extraGroups = [];
createHome = true;
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(elster) NOPASSWD: ALL
'';
}

25
2configs/lass/games.nix Normal file
View File

@ -0,0 +1,25 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
in {
environment.systemPackages = with pkgs; [
dwarf_fortress
];
users.extraUsers = {
games = {
name = "games";
description = "user playing games";
home = "/home/games";
extraGroups = [ "audio" "video" "input" ];
createHome = true;
useDefaultShell = true;
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(games) NOPASSWD: ALL
'';
}

130
2configs/lass/git-repos.nix Normal file
View File

@ -0,0 +1,130 @@
{ config, lib, pkgs, ... }:
let
inherit (builtins) map readFile;
inherit (lib) concatMap listToAttrs;
# TODO lib should already include our stuff
inherit (import ../../4lib/tv { inherit lib pkgs; }) addNames git;
x-repos = [
(krebs-private "brain")
(public "painload")
(public "shitment")
(public "wai-middleware-time")
(public "web-routes-wai-custom")
(secret "pass")
(tv-lass "emse-drywall")
(tv-lass "emse-hsdb")
];
users = addNames {
tv = { pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; };
lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; };
uriel = { pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; };
makefu = { pubkey = readFile ../../Zpubkeys/makefu.ssh.pub; };
};
repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) x-repos);
rules = concatMap ({ rules, ... }: rules) x-repos;
krebs-private = repo-name:
rec {
repo = {
name = repo-name;
hooks = {
post-receive = git.irc-announce {
nick = config.networking.hostName; # TODO make this the default
channel = "#retiolum";
server = "ire.retiolum";
};
};
};
rules = with git; with users; [
{ user = lass;
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
}
{ user = [ tv makefu uriel ];
repo = [ repo ];
perm = fetch;
}
];
};
public = repo-name:
rec {
repo = {
name = repo-name;
hooks = {
post-receive = git.irc-announce {
nick = config.networking.hostName; # TODO make this the default
channel = "#retiolum";
server = "ire.retiolum";
};
};
public = true;
};
rules = with git; with users; [
{ user = lass;
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
}
{ user = [ tv makefu uriel ];
repo = [ repo ];
perm = fetch;
}
];
};
secret = repo-name:
rec {
repo = {
name = repo-name;
hooks = {};
};
rules = with git; with users; [
{ user = lass;
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
}
{ user = [ uriel ];
repo = [ repo ];
perm = fetch;
}
];
};
tv-lass = repo-name:
rec {
repo = {
name = repo-name;
hooks = {};
};
rules = with git; with users; [
{ user = lass;
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
}
{ user = [ tv ];
repo = [ repo ];
perm = fetch;
}
];
};
in
{
imports = [
../../3modules/tv/git.nix
];
tv.git = {
enable = true;
inherit repos rules users;
};
}

173
2configs/lass/gitolite-base.nix Normal file
View File

@ -0,0 +1,173 @@
{ config, ... }:
{
services.gitolite = {
mutable = false;
keys = {
lass = config.sshKeys.lass.pub;
uriel = config.sshKeys.uriel.pub;
};
rc = ''
%RC = (
UMASK => 0077,
GIT_CONFIG_KEYS => "",
LOG_EXTRA => 1,
ROLES => {
READERS => 1,
WRITERS => 1,
},
LOCAL_CODE => "$ENV{HOME}/.gitolite",
ENABLE => [
'help',
'desc',
'info',
'perms',
'writable',
'ssh-authkeys',
'git-config',
'daemon',
'gitweb',
'repo-specific-hooks',
],
);
1;
'';
repoSpecificHooks = {
irc-announce = ''
#! /bin/sh
set -euf
config_file="$GL_ADMIN_BASE/conf/irc-announce.conf"
if test -f "$config_file"; then
. "$config_file"
fi
# XXX when changing IRC_CHANNEL or IRC_SERVER/_PORT, don't forget to update
# any relevant gitolite LOCAL_CODE!
# CAVEAT we hope that IRC_NICK is unique
IRC_NICK="''${IRC_NICK-gl$GL_TID}"
IRC_CHANNEL="''${IRC_CHANNEL-#retiolum}"
IRC_SERVER="''${IRC_SERVER-ire.retiolum}"
IRC_PORT="''${IRC_PORT-6667}"
# for privmsg_cat below
export IRC_CHANNEL
# collect users that are mentioned in the gitolite configuration
interested_users="$(perl -e '
do "gl-conf";
print join(" ", keys%{ $one_repo{$ENV{"GL_REPO"}} });
')"
# CAVEAT beware of real TABs in grep pattern!
# CAVEAT there will never be more than 42 relevant log entries!
tab=$(printf '\x09')
log="$(tail -n 42 "$GL_LOGFILE" | grep "^[^$tab]*$tab$GL_TID$tab" || :)"
update_log="$(echo "$log" | grep "^[^$tab]*$tab$GL_TID''${tab}update")"
# (debug output)
env | sed 's/^/env: /'
echo "$log" | sed 's/^/log: /'
# see http://gitolite.com/gitolite/dev-notes.html#lff
reponame=$(echo "$update_log" | cut -f 4)
username=$(echo "$update_log" | cut -f 5)
ref_name=$(echo "$update_log" | cut -f 7 | sed 's|^refs/heads/||')
old_sha=$(echo "$update_log" | cut -f 8)
new_sha=$(echo "$update_log" | cut -f 9)
# check if new branch is created
if test $old_sha = 0000000000000000000000000000000000000000; then
# TODO what should we really show?
old_sha=$new_sha^
fi
#
git_log="$(git log $old_sha..$new_sha --pretty=oneline --abbrev-commit)"
commit_count=$(echo "$git_log" | wc -l)
# echo2 and cat2 are used output to both, stdout and stderr
# This is used to see what we send to the irc server. (debug output)
echo2() { echo "$*"; echo "$*" >&2; }
cat2() { tee /dev/stderr; }
# privmsg_cat transforms stdin to a privmsg
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
# ircin is used to feed the output of netcat back to the "irc client"
# so we can implement expect-like behavior with sed^_^
# XXX mkselfdestructingtmpfifo would be nice instead of this cruft
tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
cd "$tmpdir"
mkfifo ircin
trap "
rm ircin
cd '$OLDPWD'
rmdir '$tmpdir'
trap - EXIT INT QUIT
" EXIT INT QUIT
#
#
#
{
echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
echo2 "NICK $IRC_NICK"
# wait for MODE message
sed -n '/^:[^ ]* MODE /q'
echo2 "JOIN $IRC_CHANNEL"
echo "$interested_users" \
| tr ' ' '\n' \
| grep -v "^$GL_USER" \
| sed 's/$/: poke/' \
| privmsg_cat \
| cat2
printf '[\x0313%s\x03] %s pushed %s new commit%s to \x036%s %s\x03\n' \
"$reponame" \
"$username" \
"$commit_count" \
"$(test $commit_count = 1 || echo s)" \
"$(hostname)" \
"$ref_name" \
| privmsg_cat \
| cat2
echo "$git_log" \
| sed 's/^/\x0314/;s/ /\x03 /' \
| privmsg_cat \
| cat2
echo2 "PART $IRC_CHANNEL"
# wait for PART confirmation
sed -n '/:'"$IRC_NICK"'![^ ]* PART /q'
echo2 'QUIT :Gone to have lunch'
} < ircin \
| nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
'';
};
customFiles = [
{
path = ".gitolite/conf/irc-announce.conf";
file = ''
IRC_NICK="$(hostname)$GL_TID"
case "$GL_REPO" in
brain|painload|services|load-env|config)
IRC_CHANNEL='#retiolum'
;;
*)
IRC_CHANNEL='&testing'
;;
esac
'';
}
];
};
}

88
2configs/lass/ircd.nix Normal file
View File

@ -0,0 +1,88 @@
{ config, pkgs, ... }:
{
config.services.charybdis = {
enable = true;
config = ''
serverinfo {
name = "ire.irc.retiolum";
sid = "4z3";
description = "miep!";
network_name = "irc.retiolum";
network_desc = "Retiolum IRC Network";
hub = yes;
vhost = "0.0.0.0";
vhost6 = "::";
#ssl_private_key = "etc/ssl.key";
#ssl_cert = "etc/ssl.cert";
#ssl_dh_params = "etc/dh.pem";
#ssld_count = 1;
default_max_clients = 10000;
#nicklen = 30;
};
listen {
defer_accept = yes;
/* If you want to listen on a specific IP only, specify host.
* host definitions apply only to the following port line.
*/
host = "0.0.0.0";
port = 6667;
sslport = 6697;
/* Listen on IPv6 (if you used host= above). */
host = "::";
port = 6667;
sslport = 9999;
};
class "users" {
ping_time = 2 minutes;
number_per_ident = 200;
number_per_ip = 200;
number_per_ip_global = 500;
cidr_ipv4_bitlen = 24;
cidr_ipv6_bitlen = 64;
number_per_cidr = 9000;
max_number = 10000;
sendq = 400 kbytes;
};
exempt {
ip = "127.0.0.1";
};
auth {
user = "*@*";
class = "users";
flags = exceed_limit;
};
channel {
use_invex = yes;
use_except = yes;
use_forward = yes;
use_knock = yes;
knock_delay = 5 minutes;
knock_delay_channel = 1 minute;
max_chans_per_user = 15;
max_bans = 100;
max_bans_large = 500;
default_split_user_count = 0;
default_split_server_count = 0;
no_create_on_split = no;
no_join_on_split = no;
burst_topicwho = yes;
kick_on_split_riding = no;
only_ascii_channels = no;
resv_forcepart = yes;
channel_target_change = yes;
disable_local_channels = no;
};
'';
};
}

87
2configs/lass/mors/repos.nix Normal file
View File

@ -0,0 +1,87 @@
{ ... }:
{
imports = [
../lass/gitolite-base.nix
../common/krebs-keys.nix
../common/krebs-repos.nix
];
services.gitolite = {
repos = {
config = {
users = {
lass = "RW+";
uriel = "R";
tv = "R";
};
extraConfig = "option hook.post-receive = irc-announce";
};
pass = {
users = {
lass = "RW+";
uriel = "R";
};
};
load-env = {
users = {
lass = "RW+";
uriel = "R";
tv = "R";
};
extraConfig = "option hook.post-receive = irc-announce";
};
emse-drywall = {
users = {
lass = "RW+";
uriel = "R";
tv = "R";
};
extraConfig = "option hook.post-receive = irc-announce";
};
emse-hsdb = {
users = {
lass = "RW+";
uriel = "R";
tv = "R";
};
extraConfig = "option hook.post-receive = irc-announce";
};
brain = {
users = {
lass = "RW+";
};
extraConfig = "option hook.post-receive = irc-announce";
#hooks.post-receive = irc-announce;
};
painload = {
users = {
lass = "RW+";
};
extraConfig = "option hook.post-receive = irc-announce";
};
services = {
users = {
lass = "RW+";
};
extraConfig = "option hook.post-receive = irc-announce";
};
xmonad-config = {
users = {
lass = "RW+";
uriel = "R";
};
};
};
};
}

21
2configs/lass/mors/retiolum.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, pkgs, ... }:
{
imports = [
../tv/retiolum
];
tv.retiolum = {
enable = true;
hosts = <retiolum-hosts>;
privateKeyFile = "/etc/nixos/secrets/mors.retiolum.rsa_key.priv";
connectTo = [
"fastpoke"
"gum"
"ire"
];
};
networking.firewall.allowedTCPPorts = [ 655 ];
networking.firewall.allowedUDPPorts = [ 655 ];
}

10
2configs/lass/pass.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
pass
gnupg1
];
services.xserver.startGnuPGAgent = true;
}

24
2configs/lass/programs.nix Normal file
View File

@ -0,0 +1,24 @@
{ config, pkgs, ... }:
## TODO sort and split up
{
environment.systemPackages = with pkgs; [
aria2
gnupg1compat
htop
i3lock
mc
mosh
mpv
pass
pavucontrol
pv
pwgen
python34Packages.livestreamer
remmina
silver-searcher
wget
xsel
youtube-dl
];
}

11
2configs/lass/sshkeys.nix Normal file
View File

@ -0,0 +1,11 @@
{ config, ... }:
{
imports = [
../../3modules/lass/sshkeys.nix
];
config.sshKeys.lass.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
config.sshKeys.uriel.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
}

29
2configs/lass/steam.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, pkgs, ... }:
{
imports = [
./games.nix
];
#
# Steam stuff
# source: https://nixos.org/wiki/Talk:Steam
#
##TODO: make steam module
hardware.opengl.driSupport32Bit = true;
environment.systemPackages = with pkgs; [
steam
];
networking.firewall = {
allowedUDPPorts = [
27031
27036
];
allowedTCPPorts = [
27036
27037
];
};
}

7
2configs/lass/texlive.nix Normal file
View File

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
(pkgs.texLiveAggregationFun { paths = [ pkgs.texLive pkgs.texLiveFull ]; })
];
}

40
2configs/lass/urxvt.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, pkgs, ... }:
let
inherit (config.users.extraUsers) mainUser;
in
{
imports = [
../../3modules/lass/urxvtd.nix
../../3modules/lass/xresources.nix
];
services.urxvtd = {
enable = true;
users = [ mainUser.name ];
urxvtPackage = pkgs.rxvt_unicode_with-plugins;
};
services.xresources.enable = true;
services.xresources.resources.urxvt = ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.url-select.launcher: browser-select
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
URxvt*background: #000000
URxvt*foreground: #ffffff
!change unreadable blue
URxvt*color4: #268bd2
'';
}

118
2configs/lass/vim.nix Normal file
View File

@ -0,0 +1,118 @@
{ config, pkgs, ... }:
let
customPlugins.mustang2 = pkgs.vimUtils.buildVimPlugin {
name = "Mustang2";
src = pkgs.fetchFromGitHub {
owner = "croaker";
repo = "mustang-vim";
rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
};
};
in {
environment.systemPackages = [
(pkgs.vim_configurable.customize {
name = "vim";
vimrcConfig.customRC = ''
set nocompatible
set t_Co=16
syntax on
" TODO autoload colorscheme file
set background=dark
colorscheme mustang
filetype off
filetype plugin indent on
imap <F1> <nop>
set mouse=a
set ruler
set showmatch
set backspace=2
set visualbell
set encoding=utf8
set showcmd
set wildmenu
set title
set titleold=
set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
set autoindent
set ttyfast
set pastetoggle=<INS>
" Force Saving Files that Require Root Permission
command! W silent w !sudo tee "%" >/dev/null
nnoremap <C-c> :q<Return>
vnoremap < <gv
vnoremap > >gv
nmap <esc>q :buffer
"Tabwidth
set ts=2 sts=2 sw=2 et
" create Backup/tmp/undo dirs
function! InitBackupDir()
let l:parent = $HOME . '/.vim/'
let l:backup = l:parent . 'backups/'
let l:tmpdir = l:parent . 'tmp/'
let l:undodi = l:parent . 'undo/'
if !isdirectory(l:parent)
call mkdir(l:parent)
endif
if !isdirectory(l:backup)
call mkdir(l:backup)
endif
if !isdirectory(l:tmpdir)
call mkdir(l:tmpdir)
endif
if !isdirectory(l:undodi)
call mkdir(l:undodi)
endif
endfunction
call InitBackupDir()
" Backups & Files
set backup
set backupdir=~/.vim/backups
set directory=~/.vim/tmp//
set viminfo='20,<1000,s100,h,n~/.vim/tmp/info
set undodir=$HOME/.vim/undo
set undofile
" highlight whitespaces
highlight ExtraWhitespace ctermbg=red guibg=red
match ExtraWhitespace /\s\+$/
autocmd BufWinEnter * match ExtraWhitespace /\s\+$/
autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@<!$/
autocmd InsertLeave * match ExtraWhitespace /\s\+$/
autocmd BufWinLeave * call clearmatches()
"ft specific stuff
autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
"esc timeout
set timeoutlen=1000 ttimeoutlen=0
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "Gundo" "commentary" "mustang2" ]; }
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
];
})
];
}

22
2configs/lass/virtualbox.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
in {
services.virtualboxHost.enable = true;
users.extraUsers = {
virtual = {
name = "virtual";
description = "user for running VirtualBox";
home = "/home/virtual";
useDefaultShell = true;
extraGroups = [ "vboxusers" "audio" ];
createHome = true;
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(virtual) NOPASSWD: ALL
'';
}

23
2configs/lass/wine.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
in {
environment.systemPackages = with pkgs; [
wineUnstable
];
users.extraUsers = {
wine = {
name = "wine";
description = "user for running wine";
home = "/home/wine";
useDefaultShell = true;
extraGroups = [ "audio" ];
createHome = true;
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(wine) NOPASSWD: ALL
'';
}