Merge remote-tracking branch 'prism/master'

author: tv <tv@krebsco.de> 2017-10-26 18:43:33 +0200
committer: tv <tv@krebsco.de> 2017-10-26 18:43:33 +0200
commit: 53312b95f7baba5793b8ac4f15247fa88fd6fe76 (patch)
tree: 0ee7121da8aa0623e0b7097050a8b8860976ee45
parent: fabbe4fb3eeb883df0d22b6fdf4bc051d527155b (diff)
parent: 6402cbc33988253eace61dd8d5671fa931e664d7 (diff)
5 files changed, 55 insertions, 14 deletions
diff --git a/lib/types.nix b/lib/types.nix
index 70570a6..08dc097 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -92,7 +92,7 @@ rec {
         default = null;
       };
       addrs = mkOption {
-        type = listOf addr;
+        type = listOf cidr;
         default =
           optional (config.ip4 != null) config.ip4.addr ++
           optional (config.ip6 != null) config.ip6.addr;
@@ -109,7 +109,7 @@ rec {
               type = addr4;
             };
             prefix = mkOption ({
-              type = str; # TODO routing prefix (CIDR)
+              type = cidr4;
             } // optionalAttrs (config.name == "retiolum") {
               default = "10.243.0.0/16";
             });
@@ -125,7 +125,7 @@ rec {
               apply = lib.normalize-ip6-addr;
             };
             prefix = mkOption ({
-              type = str; # TODO routing prefix (CIDR)
+              type = cidr6;
             } // optionalAttrs (config.name == "retiolum") {
               default = "42::/16";
             });
@@ -364,6 +364,26 @@ rec {
     merge = mergeOneOption;
   };
 
+  cidr = either cidr4 cidr6;
+  cidr4 = mkOptionType {
+    name = "CIDRv4 address";
+    check = let
+      CIDRv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in
+        concatMapStringsSep "." (const d) (range 1 4) + "(/([1-2]?[0-9]|3[0-2]))?";
+    in
+      test CIDRv4address;
+    merge = mergeOneOption;
+  };
+  cidr6 = mkOptionType {
+    name = "CIDRv6 address";
+    check = let
+      # TODO check IPv6 address harder
+      CIDRv6address = "[0-9a-f.:]+(/([0-9][0-9]?|1[0-2][0-8]))?";
+    in
+      test CIDRv6address;
+    merge = mergeOneOption;
+  };
+
   binary-cache-pubkey = str;
 
   pgp-pubkey = str;
diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix
index 0e48b41..fdae354 100644
--- a/nin/1systems/hiawatha/config.nix
+++ b/nin/1systems/hiawatha/config.nix
@@ -15,6 +15,7 @@ with lib;
     <stockholm/nin/2configs/git.nix>
     <stockholm/nin/2configs/retiolum.nix>
     <stockholm/nin/2configs/termite.nix>
+    <stockholm/nin/2configs/skype.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.hiawatha;
@@ -98,10 +99,6 @@ with lib;
 
     allowUnfree = true;
 
-    firefox = {
-      enableGoogleTalkPlugin = true;
-      enableAdobeFlash = true;
-    };
   };
 
   #services.logind.extraConfig = "HandleLidSwitch=ignore";
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix
index 212fd36..0d2253c 100644
--- a/nin/2configs/default.nix
+++ b/nin/2configs/default.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
 {
   imports = [
     ../2configs/vim.nix
+    <stockholm/krebs/2configs/binary-cache/prism.nix>
     {
       users.extraUsers =
         mapAttrs (_: h: { hashedPassword = h; })
@@ -45,12 +46,6 @@ with import <stockholm/lib>;
         SSL_CERT_FILE = ca-bundle;
       };
     })
-    {
-      nix = {
-        binaryCaches = ["http://cache.prism.r"];
-        binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
-      };
-    }
   ];
 
   networking.hostName = config.krebs.build.host.name;
@@ -96,6 +91,7 @@ with import <stockholm/lib>;
     gnumake
     jq
     proot
+    pavucontrol
     populate
     p7zip
     termite
@@ -158,6 +154,7 @@ with import <stockholm/lib>;
       filter.INPUT.rules = [
         { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
         { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+        { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false;  precedence = 10000; }
         { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
         { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
         { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix
new file mode 100644
index 0000000..621dfae
--- /dev/null
+++ b/nin/2configs/skype.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+let
+  mainUser = config.users.extraUsers.nin;
+  inherit (import <stockholm/lib>) genid;
+
+in {
+  users.extraUsers = {
+    skype = {
+      name = "skype";
+      uid = genid "skype";
+      description = "user for running skype";
+      home = "/home/skype";
+      useDefaultShell = true;
+      extraGroups = [ "audio" "video" ];
+      createHome = true;
+    };
+  };
+
+  krebs.per-user.skype.packages = [
+    pkgs.skype
+  ];
+
+  security.sudo.extraConfig = ''
+    ${mainUser.name} ALL=(skype) NOPASSWD: ALL
+  '';
+}
diff --git a/nin/source.nix b/nin/source.nix
index 183c71b..188ebaf 100644
--- a/nin/source.nix
+++ b/nin/source.nix
@@ -14,6 +14,6 @@ in
     stockholm.file = toString <stockholm>;
     nixpkgs.git = {
       url = https://github.com/nixos/nixpkgs;
-      ref = "799435b";
+      ref = "c99239b";
     };
   }
author	tv <tv@krebsco.de>	2017-10-26 18:43:33 +0200
committer	tv <tv@krebsco.de>	2017-10-26 18:43:33 +0200
commit	53312b95f7baba5793b8ac4f15247fa88fd6fe76 (patch)
tree	0ee7121da8aa0623e0b7097050a8b8860976ee45
parent	fabbe4fb3eeb883df0d22b6fdf4bc051d527155b (diff)
parent	6402cbc33988253eace61dd8d5671fa931e664d7 (diff)