diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index e6db3aa42..3b626dc46 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -57,7 +57,7 @@ let user = rec { name = "github-hosts-sync"; - uid = genid name; + uid = genid_uint31 name; }; # TODO move to lib? diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 463fa26ba..0cec1a2d3 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -183,7 +183,7 @@ let user = rec { name = "urlwatch"; - uid = genid name; + uid = genid_uint31 name; }; subtypes.job = types.submodule { diff --git a/lib/types.nix b/lib/types.nix index d663d2512..016853300 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -3,7 +3,7 @@ let inherit (lib) all any attrNames concatMapStringsSep concatStringsSep const filter flip - genid hasSuffix head isInt isString length mergeOneOption mkOption + genid_uint31 hasSuffix head isInt isString length mergeOneOption mkOption mkOptionType optional optionalAttrs optionals range splitString stringLength substring test testString typeOf; inherit (lib.types) @@ -365,7 +365,7 @@ rec { }; uid = mkOption { type = int; - default = genid config.name; + default = genid_uint31 config.name; }; }; }); @@ -377,7 +377,7 @@ rec { }; gid = mkOption { type = int; - default = genid config.name; + default = genid_uint31 config.name; }; }; }); diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index c051b4261..2e679bd14 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -95,7 +95,7 @@ in users = { groups.pulse.gid = config.users.users.pulse.uid; users.pulse = { - uid = genid "pulse"; + uid = genid_uint31 "pulse"; group = "pulse"; extraGroups = [ "audio" ]; home = "${runDir}/home"; diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index a5641f094..3794628c1 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -129,7 +129,7 @@ let { command! -n=0 -bar ShowSyntax :call ShowSyntax() ''; }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" { + ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" { "/syntax/haskell.vim".text = /* vim */ '' syn region String start=+\[[[:alnum:]]*|+ end=+|]+ @@ -239,26 +239,58 @@ let { " This is required because containedin isn't transitive. syn cluster nix_has_dollar_curly \ add=@nix_${lang}_syntax - '') { + '') (let + + capitalize = s: let + xs = stringToCharacters s; + in + toUpper (head xs) + concatStrings (tail xs); + + alts = xs: ''\(${concatStringsSep ''\|'' xs}\)''; + def = k: ''${k}[ \t\r\n]*=''; + writer = k: ''write${k}[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''; + + in { c = {}; cabal = {}; diff = {}; haskell = {}; - jq.extraStart = concatStringsSep ''\|'' [ - ''writeJq.*'' + jq.extraStart = alts [ + (writer "Jq") ''write[^ \t\r\n]*[ \t\r\n]*"[^"]*\.jq"'' ]; + javascript.extraStart = ''/\* js \*/''; lua = {}; - sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - sh.extraStart = concatStringsSep ''\|'' [ - ''write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'' - ''[a-z]*Phase[ \t\r\n]*='' + python.extraStart = ''/\* py \*/''; + sed.extraStart = writer "Sed"; + sh.extraStart = let + phases = [ + "unpack" + "patch" + "configure" + "build" + "check" + "install" + "fixup" + "installCheck" + "dist" + ]; + shells = [ + "ash" + "bash" + "dash" + ]; + in alts [ + (def "shellHook") + (def "${alts phases}Phase") + (def "${alts ["pre" "post"]}${alts (map capitalize phases)}") + (writer (alts (map capitalize shells))) ]; yaml = {}; vim.extraStart = ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; xdefaults = {}; - })} + }))} " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. syn clear shVarAssign diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 22c94f7b1..8d4b13fad 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -24,17 +24,6 @@ in { pkgs.xlibs.fontschumachermisc ]; - # TODO dedicated group, i.e. with a single user [per-user-setuid] - # TODO krebs.setuid.slock.path vs /run/wrappers/bin - krebs.setuid.slock = { - filename = "${pkgs.slock}/bin/slock"; - group = "wheel"; - envp = { - DISPLAY = ":${toString config.services.xserver.display}"; - USER = cfg.user.name; - }; - }; - services.xserver = { # Don't install feh into systemPackages @@ -96,9 +85,12 @@ in { ]); }; path = [ + config.tv.slock.package pkgs.fzmenu pkgs.pulseaudioLight.out pkgs.rxvt_unicode + pkgs.xcalib + "/run/wrappers" # for su ]; serviceConfig = { SyslogIdentifier = "xmonad"; @@ -154,4 +146,9 @@ in { User = cfg.user.name; }; }; + + tv.slock = { + enable = true; + user = cfg.user; + }; } diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 6172feb03..f53a58e9a 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -6,6 +6,7 @@ ./hosts.nix ./iptables.nix ./nixpkgs-overlays.nix + ./slock.nix ./x0vncserver.nix ]; } diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix new file mode 100644 index 000000000..1c84b1e9e --- /dev/null +++ b/tv/3modules/slock.nix @@ -0,0 +1,71 @@ +with import ; +{ config, pkgs, ... }: let + cfg = config.tv.slock; +in { + options.tv.slock = { + enable = mkEnableOption "tv.slock"; + package = mkOption { + default = pkgs.execBin "slock" rec { + filename = "${pkgs.systemd}/bin/systemctl"; + argv = [ filename "start" "slock-${cfg.user.name}.service" ]; + }; + type = types.package; + }; + user = mkOption { + type = types.user; + }; + }; + config = mkIf cfg.enable { + security.polkit.extraConfig = /* js */ '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units" && + action.lookup("unit") == "slock-${cfg.user.name}.service" && + subject.user == ${toJSON cfg.user.name}) { + return polkit.Result.YES; + } + }); + ''; + systemd.services."slock-${cfg.user.name}" = { + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" { + passAsFile = ["text"]; + text = /* c */ '' + #include + #include + + static struct spwd entry = { + .sp_namp = "", + .sp_pwdp = + ${toC config.users.users.${cfg.user.name}.hashedPassword}, + .sp_lstchg = 0, + .sp_min = 0, + .sp_max = 0, + .sp_warn = 0, + .sp_inact = 0, + .sp_expire = 0, + .sp_flag = 0, + }; + + extern struct spwd *getspnam(const char *name) { return &entry; } + extern int setgroups(size_t size, const gid_t *list) { return 0; } + extern int setgid(gid_t gid) { return 0; } + extern int setuid(uid_t uid) { return 0; } + ''; + } /* sh */ '' + gcc -Wall -shared -o $out -xc "$textPath" + ''; + }; + restartIfChanged = false; + serviceConfig = { + ExecStart = "${pkgs.slock}/bin/slock"; + OOMScoreAdjust = -1000; + Restart = "on-failure"; + RestartSec = "100ms"; + StartLimitBurst = 0; + SyslogIdentifier = "slock"; + User = cfg.user.name; + }; + }; + }; +} diff --git a/tv/5pkgs/haskell/xmonad-tv/shell.nix b/tv/5pkgs/haskell/xmonad-tv/shell.nix index 2f9fff6ed..936e69627 100644 --- a/tv/5pkgs/haskell/xmonad-tv/shell.nix +++ b/tv/5pkgs/haskell/xmonad-tv/shell.nix @@ -28,7 +28,7 @@ in config.systemd.services.xmonad.environment.XMONAD_CACHE_DIR } - xmonad=$CACHEDIR/main + xmonad=$CACHEDIR/xmonad-${lib.currentSystem} xmonad_build() {( set -efu diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs index e12c25bd5..3a879b5d0 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs @@ -13,10 +13,13 @@ passmenu :: FilePath passmenu = findExecutable "passmenu" slock :: FilePath -slock = "/run/wrappers/bin/slock" +slock = findExecutable "slock" su :: FilePath -su = "/run/wrappers/bin/su" +su = findExecutable "su" urxvtc :: FilePath urxvtc = findExecutable "urxvtc" + +xcalib :: FilePath +xcalib = findExecutable "xcalib" diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs index c96a8539e..b7d4e9bca 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -20,12 +20,13 @@ import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace , removeEmptyWorkspace) import XMonad.Actions.CycleWS (toggleWS) import XMonad.Layout.NoBorders ( smartBorders ) +import XMonad.Layout.ResizableTile (ResizableTall(ResizableTall)) +import XMonad.Layout.ResizableTile (MirrorResize(MirrorExpand,MirrorShrink)) import qualified XMonad.StackSet as W import Data.Map (Map) import qualified Data.Map as Map import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Hooks.ManageHelpers (doCenterFloat) -import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Hooks.Place (placeHook, smart) import XMonad.Actions.PerWorkspaceKeys (chooseAction) @@ -47,6 +48,7 @@ main = getArgs >>= \case mainNoArgs :: IO () mainNoArgs = do + let width = 1366 workspaces0 <- getWorkspaces0 handleShutdownEvent <- newShutdownEventHandler xmonad @@ -56,7 +58,14 @@ mainNoArgs = do , modMask = mod4Mask , keys = myKeys , workspaces = workspaces0 - , layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full + , layoutHook = + smartBorders $ + ResizableTall + 1 + (10 * 6 / width) + ((80 * 6 + 2 * (1+1+1))/width) [] + ||| + Full , manageHook = composeAll [ appName =? "fzmenu-urxvt" --> doCenterFloat @@ -125,8 +134,9 @@ myKeys conf = Map.fromList $ , ((_C , xK_Menu ), toggleWS) , ((_4 , xK_space ), sendMessage NextLayout) - , ((_4S , xK_space ), setLayout $ XMonad.layoutHook conf) -- reset layout + , ((_4M , xK_space ), resetLayout) + , ((_4 , xK_m ), windows W.focusMaster) , ((_4 , xK_j ), windows W.focusDown) , ((_4 , xK_k ), windows W.focusUp) @@ -134,10 +144,13 @@ myKeys conf = Map.fromList $ , ((_4S , xK_j ), windows W.swapDown) , ((_4S , xK_k ), windows W.swapUp) - , ((_4 , xK_h ), sendMessage Shrink) - , ((_4 , xK_l ), sendMessage Expand) + , ((_4M , xK_h ), sendMessage Shrink) + , ((_4M , xK_l ), sendMessage Expand) - , ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling + , ((_4M , xK_j ), sendMessage MirrorShrink) + , ((_4M , xK_k ), sendMessage MirrorExpand) + + , ((_4 , xK_t ), withFocused $ windows . W.sink) , ((_4 , xK_comma ), sendMessage $ IncMasterN 1) , ((_4 , xK_period ), sendMessage $ IncMasterN (-1)) @@ -151,6 +164,8 @@ myKeys conf = Map.fromList $ , ((0, xF86XK_AudioLowerVolume), audioLowerVolume) , ((0, xF86XK_AudioRaiseVolume), audioRaiseVolume) , ((0, xF86XK_AudioMute), audioMute) + + , ((_4, xK_Prior), forkFile Paths.xcalib ["-invert", "-alter"] Nothing) ] where _4 = mod4Mask @@ -168,6 +183,8 @@ myKeys conf = Map.fromList $ audioRaiseVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "+5%"] audioMute = pactl ["--", "set-sink-mute", "@DEFAULT_SINK@", "toggle"] + resetLayout = setLayout $ XMonad.layoutHook conf + pagerConfig :: PagerConfig pagerConfig = def @@ -186,5 +203,4 @@ pagerConfig = def allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] -allWorkspaceNames ws = - return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws] +allWorkspaceNames = return . map W.tag . W.workspaces