diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix new file mode 100644 index 000000000..5e5b8a7b1 --- /dev/null +++ b/2configs/lass/base.nix @@ -0,0 +1,136 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + imports = [ + ./sshkeys.nix + ../../3modules/lass/iptables.nix + { + users.extraUsers = + mapAttrs (_: h: { hashedPassword = h; }) + (import /root/src/secrets/hashedPasswords.nix); + } + + ]; + + nix.useChroot = true; + + users.mutableUsers = false; + + boot.tmpOnTmpfs = true; + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" + ]; + + # multiple-definition-problem when defining environment.variables.EDITOR + environment.extraInit = '' + EDITOR=vim + PAGER=most + ''; + + environment.systemPackages = with pkgs; [ + git + most + rxvt_unicode.terminfo + + #network + iptables + ]; + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + + #fancy colors + if [ -e ~/LS_COLORS ]; then + eval $(dircolors ~/LS_COLORS) + fi + + if [ -e /etc/nixos/dotfiles/link ]; then + /etc/nixos/dotfiles/link + fi + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]\w\[\033[0m\] ' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]\w\[\033[0m\] ' + else + PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + security.setuidPrograms = [ + "sendmail" + ]; + + services.gitolite = { + enable = true; + dataDir = "/home/gitolite"; + adminPubkey = config.sshKeys.lass.pub; + }; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + lass.iptables = { + enable = true; + tables = { + filter.INPUT.policy = "DROP"; + filter.FORWARD.policy = "DROP"; + filter.INPUT.rules = [ + { predicate = "-i lo"; target = "ACCEPT"; } + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } + { predicate = "-p icmp"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; } + ]; + }; + }; + + #Networking.firewall = { + # enable = true; + + # allowedTCPPorts = [ + # 22 + # ]; + + # extraCommands = '' + # iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED + # iptables -A INPUT -j ACCEPT -i lo + # #http://serverfault.com/questions/84963/why-not-block-icmp + # iptables -A INPUT -j ACCEPT -p icmp + + # #TODO: fix Retiolum firewall + # #iptables -N RETIOLUM + # #iptables -A INPUT -j RETIOLUM -i retiolum + # #iptables -A RETIOLUM -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED + # #iptables -A RETIOLUM -j REJECT -p tcp --reject-with tcp-reset + # #iptables -A RETIOLUM -j REJECT -p udp --reject-with icmp-port-unreachable + # #iptables -A RETIOLUM -j REJECT --reject-with icmp-proto-unreachable + # #iptables -A RETIOLUM -j REJECT + # ''; + #}; +} diff --git a/2configs/lass/binary-caches.nix b/2configs/lass/binary-caches.nix new file mode 100644 index 000000000..c2727520d --- /dev/null +++ b/2configs/lass/binary-caches.nix @@ -0,0 +1,13 @@ +{ config, ... }: + +{ + nix.sshServe.enable = true; + nix.sshServe.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel" + ]; + nix.binaryCaches = [ + #"scp://nix-ssh@mors" + #"scp://nix-ssh@uriel" + ]; +} diff --git a/2configs/lass/bird.nix b/2configs/lass/bird.nix new file mode 100644 index 000000000..3fc265cd7 --- /dev/null +++ b/2configs/lass/bird.nix @@ -0,0 +1,13 @@ +{ config, ... }: + +{ + config.services.bird = { + enable = true; + config = '' + router id 192.168.122.1; + protocol device { + scan time 10; + } + ''; + }; +} diff --git a/2configs/lass/bitcoin.nix b/2configs/lass/bitcoin.nix new file mode 100644 index 000000000..d3bccbf5c --- /dev/null +++ b/2configs/lass/bitcoin.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + electrum + ]; + + users.extraUsers = { + bitcoin = { + name = "bitcoin"; + description = "user for bitcoin stuff"; + home = "/home/bitcoin"; + useDefaultShell = true; + createHome = true; + }; + }; +} diff --git a/2configs/lass/browsers.nix b/2configs/lass/browsers.nix new file mode 100644 index 000000000..8aecea925 --- /dev/null +++ b/2configs/lass/browsers.nix @@ -0,0 +1,67 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + +in { + + nixpkgs.config.packageOverrides = pkgs : { + chromium = pkgs.chromium.override { + pulseSupport = true; + }; + }; + + environment.systemPackages = with pkgs; [ + firefox + ]; + + users.extraUsers = { + firefox = { + name = "firefox"; + description = "user for running firefox"; + home = "/home/firefox"; + useDefaultShell = true; + extraGroups = [ "audio" ]; + createHome = true; + }; + chromium = { + name = "chromium"; + description = "user for running chromium"; + home = "/home/chromium"; + useDefaultShell = true; + extraGroups = [ "audio" ]; + createHome = true; + }; + facebook = { + name = "facebook"; + description = "user for running facebook in chromium"; + home = "/home/facebook"; + useDefaultShell = true; + extraGroups = [ "audio" ]; + createHome = true; + }; + google = { + name = "google"; + description = "user for running google+/gmail in chromium"; + home = "/home/google"; + useDefaultShell = true; + createHome = true; + }; + flash = { + name = "flash"; + description = "user for running flash stuff"; + home = "/home/flash"; + useDefaultShell = true; + extraGroups = [ "audio" ]; + createHome = true; + }; + }; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(firefox) NOPASSWD: ALL + ${mainUser.name} ALL=(chromium) NOPASSWD: ALL + ${mainUser.name} ALL=(facebook) NOPASSWD: ALL + ${mainUser.name} ALL=(google) NOPASSWD: ALL + ${mainUser.name} ALL=(flash) NOPASSWD: ALL + ''; +} diff --git a/2configs/lass/chromium-patched.nix b/2configs/lass/chromium-patched.nix new file mode 100644 index 000000000..715181778 --- /dev/null +++ b/2configs/lass/chromium-patched.nix @@ -0,0 +1,48 @@ +{ config, pkgs, ... }: + +#settings to test: +# + #"ForceEphemeralProfiles": true, +let + masterPolicy = pkgs.writeText "master.json" '' + { + "PasswordManagerEnabled": false, + "DefaultGeolocationSetting": 2, + "RestoreOnStartup": 1, + "AutoFillEnabled": false, + "BackgroundModeEnabled": false, + "DefaultBrowserSettingEnabled": false, + "SafeBrowsingEnabled": false, + "ExtensionInstallForcelist": [ + "cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx", + "ihlenndgcmojhcghmfjfneahoeklbjjh;https://clients2.google.com/service/update2/crx" + ] + } + ''; + + master_preferences = pkgs.writeText "master_preferences" '' + { + "browser": { + "custom_chrome_frame": true + }, + + "extensions": { + "theme": { + "id": "", + "use_system": true + } + } + } + ''; +in { + environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy; + + environment.systemPackages = [ + #pkgs.chromium + (pkgs.lib.overrideDerivation pkgs.chromium (attrs: { + buildCommand = attrs.buildCommand + '' + touch $out/TEST123 + ''; + })) + ]; +} diff --git a/2configs/lass/desktop-base.nix b/2configs/lass/desktop-base.nix new file mode 100644 index 000000000..ee7a94bc9 --- /dev/null +++ b/2configs/lass/desktop-base.nix @@ -0,0 +1,65 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; +in { + imports = [ + ./base.nix + ]; + + time.timeZone = "Europe/Berlin"; + + virtualisation.libvirtd.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + programs.ssh.startAgent = false; + + security.setuidPrograms = [ "slock" ]; + + services.printing = { + enable = true; + drivers = [ pkgs.foomatic_filters ]; + }; + + environment.systemPackages = with pkgs; [ + + powertop + + #window manager stuff + haskellPackages.xmobar + haskellPackages.yeganesh + dmenu2 + xlibs.fontschumachermisc + ]; + + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + services.xserver = { + enable = true; + + windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [ + X11-xshape + ]; + windowManager.xmonad.enable = true; + windowManager.xmonad.enableContribAndExtras = true; + windowManager.default = "xmonad"; + desktopManager.default = "none"; + desktopManager.xterm.enable = false; + displayManager.slim.enable = true; + displayManager.auto.enable = true; + displayManager.auto.user = mainUser.name; + + layout = "us,de"; + xkbModel = "evdev"; + xkbVariant = "altgr-intl,nodeadkeys"; + xkbOptions = "grp:caps_toggle"; + + }; + +} diff --git a/2configs/lass/elster.nix b/2configs/lass/elster.nix new file mode 100644 index 000000000..1edd01896 --- /dev/null +++ b/2configs/lass/elster.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + +in { + users.extraUsers = { + elster = { + name = "elster"; + description = "user for running elster-online"; + home = "/home/elster"; + useDefaultShell = true; + extraGroups = []; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(elster) NOPASSWD: ALL + ''; +} diff --git a/2configs/lass/games.nix b/2configs/lass/games.nix new file mode 100644 index 000000000..6043a8759 --- /dev/null +++ b/2configs/lass/games.nix @@ -0,0 +1,25 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + +in { + environment.systemPackages = with pkgs; [ + dwarf_fortress + ]; + + users.extraUsers = { + games = { + name = "games"; + description = "user playing games"; + home = "/home/games"; + extraGroups = [ "audio" "video" "input" ]; + createHome = true; + useDefaultShell = true; + }; + }; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(games) NOPASSWD: ALL + ''; +} diff --git a/2configs/lass/git-repos.nix b/2configs/lass/git-repos.nix new file mode 100644 index 000000000..94ab6317d --- /dev/null +++ b/2configs/lass/git-repos.nix @@ -0,0 +1,130 @@ +{ config, lib, pkgs, ... }: + +let + inherit (builtins) map readFile; + inherit (lib) concatMap listToAttrs; + # TODO lib should already include our stuff + inherit (import ../../4lib/tv { inherit lib pkgs; }) addNames git; + + x-repos = [ + (krebs-private "brain") + + (public "painload") + (public "shitment") + (public "wai-middleware-time") + (public "web-routes-wai-custom") + + (secret "pass") + + (tv-lass "emse-drywall") + (tv-lass "emse-hsdb") + ]; + + users = addNames { + tv = { pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; }; + lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; }; + uriel = { pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; }; + makefu = { pubkey = readFile ../../Zpubkeys/makefu.ssh.pub; }; + }; + + repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) x-repos); + + rules = concatMap ({ rules, ... }: rules) x-repos; + + krebs-private = repo-name: + rec { + repo = { + name = repo-name; + hooks = { + post-receive = git.irc-announce { + nick = config.networking.hostName; # TODO make this the default + channel = "#retiolum"; + server = "ire.retiolum"; + }; + }; + }; + rules = with git; with users; [ + { user = lass; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } + { user = [ tv makefu uriel ]; + repo = [ repo ]; + perm = fetch; + } + ]; + }; + + public = repo-name: + rec { + repo = { + name = repo-name; + hooks = { + post-receive = git.irc-announce { + nick = config.networking.hostName; # TODO make this the default + channel = "#retiolum"; + server = "ire.retiolum"; + }; + }; + public = true; + }; + rules = with git; with users; [ + { user = lass; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } + { user = [ tv makefu uriel ]; + repo = [ repo ]; + perm = fetch; + } + ]; + }; + + secret = repo-name: + rec { + repo = { + name = repo-name; + hooks = {}; + }; + rules = with git; with users; [ + { user = lass; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } + { user = [ uriel ]; + repo = [ repo ]; + perm = fetch; + } + ]; + }; + + tv-lass = repo-name: + rec { + repo = { + name = repo-name; + hooks = {}; + }; + rules = with git; with users; [ + { user = lass; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } + { user = [ tv ]; + repo = [ repo ]; + perm = fetch; + } + ]; + }; + +in + +{ + imports = [ + ../../3modules/tv/git.nix + ]; + + tv.git = { + enable = true; + inherit repos rules users; + }; +} diff --git a/2configs/lass/gitolite-base.nix b/2configs/lass/gitolite-base.nix new file mode 100644 index 000000000..b47629956 --- /dev/null +++ b/2configs/lass/gitolite-base.nix @@ -0,0 +1,173 @@ +{ config, ... }: + +{ + services.gitolite = { + mutable = false; + keys = { + lass = config.sshKeys.lass.pub; + uriel = config.sshKeys.uriel.pub; + }; + rc = '' + %RC = ( + UMASK => 0077, + GIT_CONFIG_KEYS => "", + LOG_EXTRA => 1, + ROLES => { + READERS => 1, + WRITERS => 1, + }, + LOCAL_CODE => "$ENV{HOME}/.gitolite", + ENABLE => [ + 'help', + 'desc', + 'info', + 'perms', + 'writable', + 'ssh-authkeys', + 'git-config', + 'daemon', + 'gitweb', + 'repo-specific-hooks', + ], + ); + 1; + ''; + + repoSpecificHooks = { + irc-announce = '' + #! /bin/sh + set -euf + + config_file="$GL_ADMIN_BASE/conf/irc-announce.conf" + if test -f "$config_file"; then + . "$config_file" + fi + + # XXX when changing IRC_CHANNEL or IRC_SERVER/_PORT, don't forget to update + # any relevant gitolite LOCAL_CODE! + # CAVEAT we hope that IRC_NICK is unique + IRC_NICK="''${IRC_NICK-gl$GL_TID}" + IRC_CHANNEL="''${IRC_CHANNEL-#retiolum}" + IRC_SERVER="''${IRC_SERVER-ire.retiolum}" + IRC_PORT="''${IRC_PORT-6667}" + + # for privmsg_cat below + export IRC_CHANNEL + + # collect users that are mentioned in the gitolite configuration + interested_users="$(perl -e ' + do "gl-conf"; + print join(" ", keys%{ $one_repo{$ENV{"GL_REPO"}} }); + ')" + + # CAVEAT beware of real TABs in grep pattern! + # CAVEAT there will never be more than 42 relevant log entries! + tab=$(printf '\x09') + log="$(tail -n 42 "$GL_LOGFILE" | grep "^[^$tab]*$tab$GL_TID$tab" || :)" + + update_log="$(echo "$log" | grep "^[^$tab]*$tab$GL_TID''${tab}update")" + + # (debug output) + env | sed 's/^/env: /' + echo "$log" | sed 's/^/log: /' + + # see http://gitolite.com/gitolite/dev-notes.html#lff + reponame=$(echo "$update_log" | cut -f 4) + username=$(echo "$update_log" | cut -f 5) + ref_name=$(echo "$update_log" | cut -f 7 | sed 's|^refs/heads/||') + old_sha=$(echo "$update_log" | cut -f 8) + new_sha=$(echo "$update_log" | cut -f 9) + + # check if new branch is created + if test $old_sha = 0000000000000000000000000000000000000000; then + # TODO what should we really show? + old_sha=$new_sha^ + fi + + # + git_log="$(git log $old_sha..$new_sha --pretty=oneline --abbrev-commit)" + commit_count=$(echo "$git_log" | wc -l) + + # echo2 and cat2 are used output to both, stdout and stderr + # This is used to see what we send to the irc server. (debug output) + echo2() { echo "$*"; echo "$*" >&2; } + cat2() { tee /dev/stderr; } + + # privmsg_cat transforms stdin to a privmsg + privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } + + # ircin is used to feed the output of netcat back to the "irc client" + # so we can implement expect-like behavior with sed^_^ + # XXX mkselfdestructingtmpfifo would be nice instead of this cruft + tmpdir="$(mktemp -d irc-announce_XXXXXXXX)" + cd "$tmpdir" + mkfifo ircin + trap " + rm ircin + cd '$OLDPWD' + rmdir '$tmpdir' + trap - EXIT INT QUIT + " EXIT INT QUIT + + # + # + # + { + echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)" + echo2 "NICK $IRC_NICK" + + # wait for MODE message + sed -n '/^:[^ ]* MODE /q' + + echo2 "JOIN $IRC_CHANNEL" + + echo "$interested_users" \ + | tr ' ' '\n' \ + | grep -v "^$GL_USER" \ + | sed 's/$/: poke/' \ + | privmsg_cat \ + | cat2 + + printf '[\x0313%s\x03] %s pushed %s new commit%s to \x036%s %s\x03\n' \ + "$reponame" \ + "$username" \ + "$commit_count" \ + "$(test $commit_count = 1 || echo s)" \ + "$(hostname)" \ + "$ref_name" \ + | privmsg_cat \ + | cat2 + + echo "$git_log" \ + | sed 's/^/\x0314/;s/ /\x03 /' \ + | privmsg_cat \ + | cat2 + + echo2 "PART $IRC_CHANNEL" + + # wait for PART confirmation + sed -n '/:'"$IRC_NICK"'![^ ]* PART /q' + + echo2 'QUIT :Gone to have lunch' + } < ircin \ + | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin + ''; + }; + customFiles = [ + { + path = ".gitolite/conf/irc-announce.conf"; + file = '' + IRC_NICK="$(hostname)$GL_TID" + case "$GL_REPO" in + brain|painload|services|load-env|config) + IRC_CHANNEL='#retiolum' + ;; + *) + IRC_CHANNEL='&testing' + ;; + esac + ''; + } + ]; + }; +} diff --git a/2configs/lass/ircd.nix b/2configs/lass/ircd.nix new file mode 100644 index 000000000..c57f7dd5c --- /dev/null +++ b/2configs/lass/ircd.nix @@ -0,0 +1,88 @@ +{ config, pkgs, ... }: + +{ + config.services.charybdis = { + enable = true; + config = '' + serverinfo { + name = "ire.irc.retiolum"; + sid = "4z3"; + description = "miep!"; + network_name = "irc.retiolum"; + network_desc = "Retiolum IRC Network"; + hub = yes; + + vhost = "0.0.0.0"; + vhost6 = "::"; + + #ssl_private_key = "etc/ssl.key"; + #ssl_cert = "etc/ssl.cert"; + #ssl_dh_params = "etc/dh.pem"; + #ssld_count = 1; + + default_max_clients = 10000; + #nicklen = 30; + }; + + listen { + defer_accept = yes; + + /* If you want to listen on a specific IP only, specify host. + * host definitions apply only to the following port line. + */ + host = "0.0.0.0"; + port = 6667; + sslport = 6697; + + /* Listen on IPv6 (if you used host= above). */ + host = "::"; + port = 6667; + sslport = 9999; + }; + + class "users" { + ping_time = 2 minutes; + number_per_ident = 200; + number_per_ip = 200; + number_per_ip_global = 500; + cidr_ipv4_bitlen = 24; + cidr_ipv6_bitlen = 64; + number_per_cidr = 9000; + max_number = 10000; + sendq = 400 kbytes; + }; + + exempt { + ip = "127.0.0.1"; + }; + + auth { + user = "*@*"; + class = "users"; + flags = exceed_limit; + }; + + channel { + use_invex = yes; + use_except = yes; + use_forward = yes; + use_knock = yes; + knock_delay = 5 minutes; + knock_delay_channel = 1 minute; + max_chans_per_user = 15; + max_bans = 100; + max_bans_large = 500; + default_split_user_count = 0; + default_split_server_count = 0; + no_create_on_split = no; + no_join_on_split = no; + burst_topicwho = yes; + kick_on_split_riding = no; + only_ascii_channels = no; + resv_forcepart = yes; + channel_target_change = yes; + disable_local_channels = no; + }; + ''; + }; +} diff --git a/2configs/lass/mors/repos.nix b/2configs/lass/mors/repos.nix new file mode 100644 index 000000000..1f7f33456 --- /dev/null +++ b/2configs/lass/mors/repos.nix @@ -0,0 +1,87 @@ +{ ... }: + +{ + imports = [ + ../lass/gitolite-base.nix + ../common/krebs-keys.nix + ../common/krebs-repos.nix + ]; + + services.gitolite = { + repos = { + + config = { + users = { + lass = "RW+"; + uriel = "R"; + tv = "R"; + }; + extraConfig = "option hook.post-receive = irc-announce"; + }; + + pass = { + users = { + lass = "RW+"; + uriel = "R"; + }; + }; + + load-env = { + users = { + lass = "RW+"; + uriel = "R"; + tv = "R"; + }; + extraConfig = "option hook.post-receive = irc-announce"; + }; + + emse-drywall = { + users = { + lass = "RW+"; + uriel = "R"; + tv = "R"; + }; + extraConfig = "option hook.post-receive = irc-announce"; + }; + + emse-hsdb = { + users = { + lass = "RW+"; + uriel = "R"; + tv = "R"; + }; + extraConfig = "option hook.post-receive = irc-announce"; + }; + + brain = { + users = { + lass = "RW+"; + }; + extraConfig = "option hook.post-receive = irc-announce"; + #hooks.post-receive = irc-announce; + }; + + painload = { + users = { + lass = "RW+"; + }; + extraConfig = "option hook.post-receive = irc-announce"; + }; + + services = { + users = { + lass = "RW+"; + }; + extraConfig = "option hook.post-receive = irc-announce"; + }; + + xmonad-config = { + users = { + lass = "RW+"; + uriel = "R"; + }; + }; + + }; + }; +} diff --git a/2configs/lass/mors/retiolum.nix b/2configs/lass/mors/retiolum.nix new file mode 100644 index 000000000..1148bee9c --- /dev/null +++ b/2configs/lass/mors/retiolum.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../tv/retiolum + ]; + + tv.retiolum = { + enable = true; + hosts = ; + privateKeyFile = "/etc/nixos/secrets/mors.retiolum.rsa_key.priv"; + connectTo = [ + "fastpoke" + "gum" + "ire" + ]; + }; + + networking.firewall.allowedTCPPorts = [ 655 ]; + networking.firewall.allowedUDPPorts = [ 655 ]; +} diff --git a/2configs/lass/pass.nix b/2configs/lass/pass.nix new file mode 100644 index 000000000..33eca0a17 --- /dev/null +++ b/2configs/lass/pass.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + pass + gnupg1 + ]; + + services.xserver.startGnuPGAgent = true; +} diff --git a/2configs/lass/programs.nix b/2configs/lass/programs.nix new file mode 100644 index 000000000..41d241bac --- /dev/null +++ b/2configs/lass/programs.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: + +## TODO sort and split up +{ + environment.systemPackages = with pkgs; [ + aria2 + gnupg1compat + htop + i3lock + mc + mosh + mpv + pass + pavucontrol + pv + pwgen + python34Packages.livestreamer + remmina + silver-searcher + wget + xsel + youtube-dl + ]; +} diff --git a/2configs/lass/sshkeys.nix b/2configs/lass/sshkeys.nix new file mode 100644 index 000000000..114a2596b --- /dev/null +++ b/2configs/lass/sshkeys.nix @@ -0,0 +1,11 @@ +{ config, ... }: + +{ + imports = [ + ../../3modules/lass/sshkeys.nix + ]; + + config.sshKeys.lass.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors"; + + config.sshKeys.uriel.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel"; +} diff --git a/2configs/lass/steam.nix b/2configs/lass/steam.nix new file mode 100644 index 000000000..d54873b1f --- /dev/null +++ b/2configs/lass/steam.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + + imports = [ + ./games.nix + ]; + # + # Steam stuff + # source: https://nixos.org/wiki/Talk:Steam + # + ##TODO: make steam module + hardware.opengl.driSupport32Bit = true; + + environment.systemPackages = with pkgs; [ + steam + ]; + networking.firewall = { + allowedUDPPorts = [ + 27031 + 27036 + ]; + allowedTCPPorts = [ + 27036 + 27037 + ]; + }; + +} diff --git a/2configs/lass/texlive.nix b/2configs/lass/texlive.nix new file mode 100644 index 000000000..295df31cd --- /dev/null +++ b/2configs/lass/texlive.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + (pkgs.texLiveAggregationFun { paths = [ pkgs.texLive pkgs.texLiveFull ]; }) + ]; +} diff --git a/2configs/lass/urxvt.nix b/2configs/lass/urxvt.nix new file mode 100644 index 000000000..a2074ba02 --- /dev/null +++ b/2configs/lass/urxvt.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: + +let + inherit (config.users.extraUsers) mainUser; + +in + +{ + imports = [ + ../../3modules/lass/urxvtd.nix + ../../3modules/lass/xresources.nix + ]; + + services.urxvtd = { + enable = true; + users = [ mainUser.name ]; + urxvtPackage = pkgs.rxvt_unicode_with-plugins; + }; + services.xresources.enable = true; + services.xresources.resources.urxvt = '' + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select + URxvt.url-select.launcher: browser-select + URxvt.url-select.underline: true + URxvt.keysym.M-u: perl:url-select:select_next + URxvt.keysym.M-Escape: perl:keyboard-select:activate + URxvt.keysym.M-s: perl:keyboard-select:search + + URxvt.intensityStyles: false + + URxvt*background: #000000 + URxvt*foreground: #ffffff + + !change unreadable blue + URxvt*color4: #268bd2 + ''; +} diff --git a/2configs/lass/vim.nix b/2configs/lass/vim.nix new file mode 100644 index 000000000..3fe45e1d1 --- /dev/null +++ b/2configs/lass/vim.nix @@ -0,0 +1,118 @@ +{ config, pkgs, ... }: + +let + customPlugins.mustang2 = pkgs.vimUtils.buildVimPlugin { + name = "Mustang2"; + src = pkgs.fetchFromGitHub { + owner = "croaker"; + repo = "mustang-vim"; + rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5"; + sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67"; + }; + }; + +in { + + environment.systemPackages = [ + (pkgs.vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = '' + set nocompatible + set t_Co=16 + syntax on + " TODO autoload colorscheme file + set background=dark + colorscheme mustang + filetype off + filetype plugin indent on + + imap + + set mouse=a + set ruler + set showmatch + set backspace=2 + set visualbell + set encoding=utf8 + set showcmd + set wildmenu + + set title + set titleold= + set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} + + set autoindent + + set ttyfast + + set pastetoggle= + + + " Force Saving Files that Require Root Permission + command! W silent w !sudo tee "%" >/dev/null + + nnoremap :q + vnoremap < >gv + + nmap q :buffer + + "Tabwidth + set ts=2 sts=2 sw=2 et + + " create Backup/tmp/undo dirs + function! InitBackupDir() + let l:parent = $HOME . '/.vim/' + let l:backup = l:parent . 'backups/' + let l:tmpdir = l:parent . 'tmp/' + let l:undodi = l:parent . 'undo/' + + if !isdirectory(l:parent) + call mkdir(l:parent) + endif + if !isdirectory(l:backup) + call mkdir(l:backup) + endif + if !isdirectory(l:tmpdir) + call mkdir(l:tmpdir) + endif + if !isdirectory(l:undodi) + call mkdir(l:undodi) + endif + endfunction + call InitBackupDir() + + " Backups & Files + set backup + set backupdir=~/.vim/backups + set directory=~/.vim/tmp// + set viminfo='20,<1000,s100,h,n~/.vim/tmp/info + set undodir=$HOME/.vim/undo + set undofile + + " highlight whitespaces + highlight ExtraWhitespace ctermbg=red guibg=red + match ExtraWhitespace /\s\+$/ + autocmd BufWinEnter * match ExtraWhitespace /\s\+$/ + autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@