Merge remote-tracking branch 'ni/master'

krebs/3modules/github-hosts-sync.nix

@@ -57,7 +57,7 @@ let
 
   user = rec {
     name = "github-hosts-sync";
-    uid = genid name;
+    uid = genid_uint31 name;
   };
 
   # TODO move to lib?

krebs/3modules/urlwatch.nix

@@ -183,7 +183,7 @@ let
 
   user = rec {
     name = "urlwatch";
-    uid = genid name;
+    uid = genid_uint31 name;
   };
 
   subtypes.job = types.submodule {

lib/types.nix

@@ -3,7 +3,7 @@
 let
   inherit (lib)
     all any attrNames concatMapStringsSep concatStringsSep const filter flip
-    genid hasSuffix head isInt isString length mergeOneOption mkOption
+    genid_uint31 hasSuffix head isInt isString length mergeOneOption mkOption
     mkOptionType optional optionalAttrs optionals range splitString
     stringLength substring test testString typeOf;
   inherit (lib.types)
@@ -365,7 +365,7 @@ rec {
       };
       uid = mkOption {
         type = int;
-        default = genid config.name;
+        default = genid_uint31 config.name;
       };
     };
   });
@@ -377,7 +377,7 @@ rec {
       };
       gid = mkOption {
         type = int;
-        default = genid config.name;
+        default = genid_uint31 config.name;
       };
     };
   });

tv/2configs/pulse.nix

@@ -95,7 +95,7 @@ in
   users = {
     groups.pulse.gid = config.users.users.pulse.uid;
     users.pulse = {
-      uid = genid "pulse";
+      uid = genid_uint31 "pulse";
       group = "pulse";
       extraGroups = [ "audio" ];
       home = "${runDir}/home";

tv/2configs/vim.nix

@@ -129,7 +129,7 @@ let {
         command! -n=0 -bar ShowSyntax :call ShowSyntax()
       '';
     })))
-    ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" {
+    ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" {
       "/syntax/haskell.vim".text = /* vim */ ''
         syn region String start=+\[[[:alnum:]]*|+ end=+|]+
 
@@ -239,26 +239,58 @@ let {
           " This is required because containedin isn't transitive.
           syn cluster nix_has_dollar_curly
             \ add=@nix_${lang}_syntax
-        '') {
+        '') (let
+
+          capitalize = s: let
+            xs = stringToCharacters s;
+          in
+            toUpper (head xs) + concatStrings (tail xs);
+
+          alts = xs: ''\(${concatStringsSep ''\|'' xs}\)'';
+          def = k: ''${k}[ \t\r\n]*='';
+          writer = k: ''write${k}[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'';
+
+        in {
           c = {};
           cabal = {};
           diff = {};
           haskell = {};
-          jq.extraStart = concatStringsSep ''\|'' [
+          jq.extraStart = alts [
-            ''writeJq.*''
+            (writer "Jq")
             ''write[^ \t\r\n]*[ \t\r\n]*"[^"]*\.jq"''
           ];
+          javascript.extraStart = ''/\* js \*/'';
           lua = {};
-          sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
+          python.extraStart = ''/\* py \*/'';
-          sh.extraStart = concatStringsSep ''\|'' [
+          sed.extraStart = writer "Sed";
-            ''write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
+          sh.extraStart = let
-            ''[a-z]*Phase[ \t\r\n]*=''
+            phases = [
+              "unpack"
+              "patch"
+              "configure"
+              "build"
+              "check"
+              "install"
+              "fixup"
+              "installCheck"
+              "dist"
+            ];
+            shells = [
+              "ash"
+              "bash"
+              "dash"
+            ];
+          in alts [
+            (def "shellHook")
+            (def "${alts phases}Phase")
+            (def "${alts ["pre" "post"]}${alts (map capitalize phases)}")
+            (writer (alts (map capitalize shells)))
           ];
           yaml = {};
           vim.extraStart =
             ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
           xdefaults = {};
-        })}
+        }))}
 
         " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
         syn clear shVarAssign

tv/2configs/xserver/default.nix

@@ -24,17 +24,6 @@ in {
     pkgs.xlibs.fontschumachermisc
   ];
 
-  # TODO dedicated group, i.e. with a single user [per-user-setuid]
-  # TODO krebs.setuid.slock.path vs /run/wrappers/bin
-  krebs.setuid.slock = {
-    filename = "${pkgs.slock}/bin/slock";
-    group = "wheel";
-    envp = {
-      DISPLAY = ":${toString config.services.xserver.display}";
-      USER = cfg.user.name;
-    };
-  };
-
   services.xserver = {
 
     # Don't install feh into systemPackages
@@ -96,9 +85,12 @@ in {
       ]);
     };
     path = [
+      config.tv.slock.package
       pkgs.fzmenu
       pkgs.pulseaudioLight.out
       pkgs.rxvt_unicode
+      pkgs.xcalib
+      "/run/wrappers" # for su
     ];
     serviceConfig = {
       SyslogIdentifier = "xmonad";
@@ -154,4 +146,9 @@ in {
       User = cfg.user.name;
     };
   };
+
+  tv.slock = {
+    enable = true;
+    user = cfg.user;
+  };
 }

tv/3modules/default.nix

@@ -6,6 +6,7 @@
     ./hosts.nix
     ./iptables.nix
     ./nixpkgs-overlays.nix
+    ./slock.nix
     ./x0vncserver.nix
   ];
 }

tv/3modules/slock.nix

@@ -0,0 +1,71 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+  cfg = config.tv.slock;
+in {
+  options.tv.slock = {
+    enable = mkEnableOption "tv.slock";
+    package = mkOption {
+      default = pkgs.execBin "slock" rec {
+        filename = "${pkgs.systemd}/bin/systemctl";
+        argv = [ filename "start" "slock-${cfg.user.name}.service" ];
+      };
+      type = types.package;
+    };
+    user = mkOption {
+      type = types.user;
+    };
+  };
+  config = mkIf cfg.enable {
+    security.polkit.extraConfig = /* js */ ''
+      polkit.addRule(function(action, subject) {
+        if (action.id == "org.freedesktop.systemd1.manage-units" &&
+            action.lookup("unit") == "slock-${cfg.user.name}.service" &&
+            subject.user == ${toJSON cfg.user.name}) {
+          return polkit.Result.YES;
+        }
+      });
+    '';
+    systemd.services."slock-${cfg.user.name}" = {
+      environment = {
+        DISPLAY = ":${toString config.services.xserver.display}";
+        LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" {
+          passAsFile = ["text"];
+          text = /* c */ ''
+            #include <shadow.h>
+            #include <unistd.h>
+
+            static struct spwd entry = {
+              .sp_namp = "",
+              .sp_pwdp =
+                ${toC config.users.users.${cfg.user.name}.hashedPassword},
+              .sp_lstchg = 0,
+              .sp_min = 0,
+              .sp_max = 0,
+              .sp_warn = 0,
+              .sp_inact = 0,
+              .sp_expire = 0,
+              .sp_flag = 0,
+            };
+
+            extern struct spwd *getspnam(const char *name) { return &entry; }
+            extern int setgroups(size_t size, const gid_t *list) { return 0; }
+            extern int setgid(gid_t gid) { return 0; }
+            extern int setuid(uid_t uid) { return 0; }
+          '';
+        } /* sh */ ''
+          gcc -Wall -shared -o $out -xc "$textPath"
+        '';
+      };
+      restartIfChanged = false;
+      serviceConfig = {
+        ExecStart = "${pkgs.slock}/bin/slock";
+        OOMScoreAdjust = -1000;
+        Restart = "on-failure";
+        RestartSec = "100ms";
+        StartLimitBurst = 0;
+        SyslogIdentifier = "slock";
+        User = cfg.user.name;
+      };
+    };
+  };
+}

tv/5pkgs/haskell/xmonad-tv/shell.nix

@@ -28,7 +28,7 @@ in
         config.systemd.services.xmonad.environment.XMONAD_CACHE_DIR
       }
 
-      xmonad=$CACHEDIR/main
+      xmonad=$CACHEDIR/xmonad-${lib.currentSystem}
 
       xmonad_build() {(
         set -efu

tv/5pkgs/haskell/xmonad-tv/src/Paths.hs

@@ -13,10 +13,13 @@ passmenu :: FilePath
 passmenu = findExecutable "passmenu"
 
 slock :: FilePath
-slock = "/run/wrappers/bin/slock"
+slock = findExecutable "slock"
 
 su :: FilePath
-su = "/run/wrappers/bin/su"
+su = findExecutable "su"
 
 urxvtc :: FilePath
 urxvtc = findExecutable "urxvtc"
+
+xcalib :: FilePath
+xcalib = findExecutable "xcalib"

tv/5pkgs/haskell/xmonad-tv/src/main.hs

@@ -20,12 +20,13 @@ import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
                                         , removeEmptyWorkspace)
 import XMonad.Actions.CycleWS (toggleWS)
 import XMonad.Layout.NoBorders ( smartBorders )
+import XMonad.Layout.ResizableTile (ResizableTall(ResizableTall))
+import XMonad.Layout.ResizableTile (MirrorResize(MirrorExpand,MirrorShrink))
 import qualified XMonad.StackSet as W
 import Data.Map (Map)
 import qualified Data.Map as Map
 import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
 import XMonad.Hooks.ManageHelpers (doCenterFloat)
-import XMonad.Layout.FixedColumn (FixedColumn(..))
 import XMonad.Hooks.Place (placeHook, smart)
 import XMonad.Actions.PerWorkspaceKeys (chooseAction)
 
@@ -47,6 +48,7 @@ main = getArgs >>= \case
 
 mainNoArgs :: IO ()
 mainNoArgs = do
+    let width = 1366
     workspaces0 <- getWorkspaces0
     handleShutdownEvent <- newShutdownEventHandler
     xmonad
@@ -56,7 +58,14 @@ mainNoArgs = do
             , modMask           = mod4Mask
             , keys              = myKeys
             , workspaces        = workspaces0
-            , layoutHook        = smartBorders $ FixedColumn 1 20 80 10 ||| Full
+            , layoutHook =
+                smartBorders $
+                  ResizableTall
+                    1
+                    (10 * 6 / width)
+                    ((80 * 6 + 2 * (1+1+1))/width) []
+                  |||
+                  Full
             , manageHook =
                 composeAll
                   [ appName =? "fzmenu-urxvt" --> doCenterFloat
@@ -125,8 +134,9 @@ myKeys conf = Map.fromList $
     , ((_C  , xK_Menu   ), toggleWS)
 
     , ((_4  , xK_space  ), sendMessage NextLayout)
-    , ((_4S , xK_space  ), setLayout $ XMonad.layoutHook conf) -- reset layout
+    , ((_4M , xK_space  ), resetLayout)
 
+    , ((_4  , xK_m      ), windows W.focusMaster)
     , ((_4  , xK_j      ), windows W.focusDown)
     , ((_4  , xK_k      ), windows W.focusUp)
 
@@ -134,10 +144,13 @@ myKeys conf = Map.fromList $
     , ((_4S , xK_j      ), windows W.swapDown)
     , ((_4S , xK_k      ), windows W.swapUp)
 
-    , ((_4  , xK_h      ), sendMessage Shrink)
+    , ((_4M , xK_h      ), sendMessage Shrink)
-    , ((_4  , xK_l      ), sendMessage Expand)
+    , ((_4M , xK_l      ), sendMessage Expand)
 
-    , ((_4  , xK_t      ), withFocused $ windows . W.sink) -- make tiling
+    , ((_4M , xK_j      ), sendMessage MirrorShrink)
+    , ((_4M , xK_k      ), sendMessage MirrorExpand)
+
+    , ((_4  , xK_t      ), withFocused $ windows . W.sink)
 
     , ((_4  , xK_comma  ), sendMessage $ IncMasterN 1)
     , ((_4  , xK_period ), sendMessage $ IncMasterN (-1))
@@ -151,6 +164,8 @@ myKeys conf = Map.fromList $
     , ((0, xF86XK_AudioLowerVolume), audioLowerVolume)
     , ((0, xF86XK_AudioRaiseVolume), audioRaiseVolume)
     , ((0, xF86XK_AudioMute), audioMute)
+
+    , ((_4, xK_Prior), forkFile Paths.xcalib ["-invert", "-alter"] Nothing)
     ]
     where
     _4 = mod4Mask
@@ -168,6 +183,8 @@ myKeys conf = Map.fromList $
     audioRaiseVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "+5%"]
     audioMute = pactl ["--", "set-sink-mute", "@DEFAULT_SINK@", "toggle"]
 
+    resetLayout = setLayout $ XMonad.layoutHook conf
+
 
 pagerConfig :: PagerConfig
 pagerConfig = def
@@ -186,5 +203,4 @@ pagerConfig = def
 
 
 allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
-allWorkspaceNames ws =
+allWorkspaceNames = return . map W.tag . W.workspaces
-    return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]