summaryrefslogtreecommitdiffstats
path: root/old/modules/lass
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-07-16 23:22:30 +0200
committertv <tv@krebsco.de>2015-07-16 23:22:30 +0200
commit6aadd262fc1ec1cb7159da9ee62bd35616ddc23d (patch)
tree57983c04bb49fe0375300861111a61cede545794 /old/modules/lass
parent546d86da1e3cab814372fc57c83e737617c7fed8 (diff)
Goodbye old world, and thanks for all the fish!
Diffstat (limited to 'old/modules/lass')
-rw-r--r--old/modules/lass/base.nix129
-rw-r--r--old/modules/lass/binary-caches.nix13
-rw-r--r--old/modules/lass/bird.nix13
-rw-r--r--old/modules/lass/bitcoin.nix17
-rw-r--r--old/modules/lass/browsers.nix67
-rw-r--r--old/modules/lass/chromium-patched.nix48
-rw-r--r--old/modules/lass/desktop-base.nix65
-rw-r--r--old/modules/lass/elster.nix20
-rw-r--r--old/modules/lass/games.nix25
-rw-r--r--old/modules/lass/gitolite-base.nix173
-rw-r--r--old/modules/lass/iptables/config.nix119
-rw-r--r--old/modules/lass/iptables/default.nix11
-rw-r--r--old/modules/lass/iptables/options.nix44
-rw-r--r--old/modules/lass/ircd.nix88
-rw-r--r--old/modules/lass/pass.nix10
-rw-r--r--old/modules/lass/programs.nix24
-rw-r--r--old/modules/lass/sshkeys.nix11
-rw-r--r--old/modules/lass/steam.nix29
-rw-r--r--old/modules/lass/texlive.nix7
-rw-r--r--old/modules/lass/urxvt.nix40
-rw-r--r--old/modules/lass/urxvtd.nix55
-rw-r--r--old/modules/lass/vim.nix118
-rw-r--r--old/modules/lass/virtualbox.nix22
-rw-r--r--old/modules/lass/wine.nix23
-rw-r--r--old/modules/lass/xresources.nix57
25 files changed, 0 insertions, 1228 deletions
diff --git a/old/modules/lass/base.nix b/old/modules/lass/base.nix
deleted file mode 100644
index 159372a..0000000
--- a/old/modules/lass/base.nix
+++ /dev/null
@@ -1,129 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- ./sshkeys.nix
- ./iptables
- ];
-
- nix.useChroot = true;
-
- users.mutableUsers = false;
-
- boot.tmpOnTmpfs = true;
- # see tmpfiles.d(5)
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -"
- ];
-
- # multiple-definition-problem when defining environment.variables.EDITOR
- environment.extraInit = ''
- EDITOR=vim
- PAGER=most
- '';
-
- environment.systemPackages = with pkgs; [
- git
- most
- rxvt_unicode.terminfo
-
- #network
- iptables
- ];
-
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=65536
- HISTFILESIZE=$HISTSIZE
-
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- complete -d cd
-
- #fancy colors
- if [ -e ~/LS_COLORS ]; then
- eval $(dircolors ~/LS_COLORS)
- fi
-
- if [ -e /etc/nixos/dotfiles/link ]; then
- /etc/nixos/dotfiles/link
- fi
- '';
- promptInit = ''
- if test $UID = 0; then
- PS1='\[\033[1;31m\]\w\[\033[0m\] '
- elif test $UID = 1337; then
- PS1='\[\033[1;32m\]\w\[\033[0m\] '
- else
- PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
- fi
- if test -n "$SSH_CLIENT"; then
- PS1='\[\033[35m\]\h'" $PS1"
- fi
- '';
- };
-
- security.setuidPrograms = [
- "sendmail"
- ];
-
- services.gitolite = {
- enable = true;
- dataDir = "/home/gitolite";
- adminPubkey = config.sshKeys.lass.pub;
- };
-
- services.openssh = {
- enable = true;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- lass.iptables = {
- enable = true;
- tables = {
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-i lo"; target = "ACCEPT"; }
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- { predicate = "-p icmp"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; }
- ];
- };
- };
-
- #Networking.firewall = {
- # enable = true;
-
- # allowedTCPPorts = [
- # 22
- # ];
-
- # extraCommands = ''
- # iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
- # iptables -A INPUT -j ACCEPT -i lo
- # #http://serverfault.com/questions/84963/why-not-block-icmp
- # iptables -A INPUT -j ACCEPT -p icmp
-
- # #TODO: fix Retiolum firewall
- # #iptables -N RETIOLUM
- # #iptables -A INPUT -j RETIOLUM -i retiolum
- # #iptables -A RETIOLUM -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
- # #iptables -A RETIOLUM -j REJECT -p tcp --reject-with tcp-reset
- # #iptables -A RETIOLUM -j REJECT -p udp --reject-with icmp-port-unreachable
- # #iptables -A RETIOLUM -j REJECT --reject-with icmp-proto-unreachable
- # #iptables -A RETIOLUM -j REJECT
- # '';
- #};
-}
diff --git a/old/modules/lass/binary-caches.nix b/old/modules/lass/binary-caches.nix
deleted file mode 100644
index c272752..0000000
--- a/old/modules/lass/binary-caches.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }:
-
-{
- nix.sshServe.enable = true;
- nix.sshServe.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel"
- ];
- nix.binaryCaches = [
- #"scp://nix-ssh@mors"
- #"scp://nix-ssh@uriel"
- ];
-}
diff --git a/old/modules/lass/bird.nix b/old/modules/lass/bird.nix
deleted file mode 100644
index 3fc265c..0000000
--- a/old/modules/lass/bird.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }:
-
-{
- config.services.bird = {
- enable = true;
- config = ''
- router id 192.168.122.1;
- protocol device {
- scan time 10;
- }
- '';
- };
-}
diff --git a/old/modules/lass/bitcoin.nix b/old/modules/lass/bitcoin.nix
deleted file mode 100644
index d3bccbf..0000000
--- a/old/modules/lass/bitcoin.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- environment.systemPackages = with pkgs; [
- electrum
- ];
-
- users.extraUsers = {
- bitcoin = {
- name = "bitcoin";
- description = "user for bitcoin stuff";
- home = "/home/bitcoin";
- useDefaultShell = true;
- createHome = true;
- };
- };
-}
diff --git a/old/modules/lass/browsers.nix b/old/modules/lass/browsers.nix
deleted file mode 100644
index 8aecea9..0000000
--- a/old/modules/lass/browsers.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
-
-in {
-
- nixpkgs.config.packageOverrides = pkgs : {
- chromium = pkgs.chromium.override {
- pulseSupport = true;
- };
- };
-
- environment.systemPackages = with pkgs; [
- firefox
- ];
-
- users.extraUsers = {
- firefox = {
- name = "firefox";
- description = "user for running firefox";
- home = "/home/firefox";
- useDefaultShell = true;
- extraGroups = [ "audio" ];
- createHome = true;
- };
- chromium = {
- name = "chromium";
- description = "user for running chromium";
- home = "/home/chromium";
- useDefaultShell = true;
- extraGroups = [ "audio" ];
- createHome = true;
- };
- facebook = {
- name = "facebook";
- description = "user for running facebook in chromium";
- home = "/home/facebook";
- useDefaultShell = true;
- extraGroups = [ "audio" ];
- createHome = true;
- };
- google = {
- name = "google";
- description = "user for running google+/gmail in chromium";
- home = "/home/google";
- useDefaultShell = true;
- createHome = true;
- };
- flash = {
- name = "flash";
- description = "user for running flash stuff";
- home = "/home/flash";
- useDefaultShell = true;
- extraGroups = [ "audio" ];
- createHome = true;
- };
- };
-
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(firefox) NOPASSWD: ALL
- ${mainUser.name} ALL=(chromium) NOPASSWD: ALL
- ${mainUser.name} ALL=(facebook) NOPASSWD: ALL
- ${mainUser.name} ALL=(google) NOPASSWD: ALL
- ${mainUser.name} ALL=(flash) NOPASSWD: ALL
- '';
-}
diff --git a/old/modules/lass/chromium-patched.nix b/old/modules/lass/chromium-patched.nix
deleted file mode 100644
index 7151817..0000000
--- a/old/modules/lass/chromium-patched.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ config, pkgs, ... }:
-
-#settings to test:
-#
- #"ForceEphemeralProfiles": true,
-let
- masterPolicy = pkgs.writeText "master.json" ''
- {
- "PasswordManagerEnabled": false,
- "DefaultGeolocationSetting": 2,
- "RestoreOnStartup": 1,
- "AutoFillEnabled": false,
- "BackgroundModeEnabled": false,
- "DefaultBrowserSettingEnabled": false,
- "SafeBrowsingEnabled": false,
- "ExtensionInstallForcelist": [
- "cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx",
- "ihlenndgcmojhcghmfjfneahoeklbjjh;https://clients2.google.com/service/update2/crx"
- ]
- }
- '';
-
- master_preferences = pkgs.writeText "master_preferences" ''
- {
- "browser": {
- "custom_chrome_frame": true
- },
-
- "extensions": {
- "theme": {
- "id": "",
- "use_system": true
- }
- }
- }
- '';
-in {
- environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy;
-
- environment.systemPackages = [
- #pkgs.chromium
- (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
- buildCommand = attrs.buildCommand + ''
- touch $out/TEST123
- '';
- }))
- ];
-}
diff --git a/old/modules/lass/desktop-base.nix b/old/modules/lass/desktop-base.nix
deleted file mode 100644
index ee7a94b..0000000
--- a/old/modules/lass/desktop-base.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
-in {
- imports = [
- ./base.nix
- ];
-
- time.timeZone = "Europe/Berlin";
-
- virtualisation.libvirtd.enable = true;
-
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
-
- programs.ssh.startAgent = false;
-
- security.setuidPrograms = [ "slock" ];
-
- services.printing = {
- enable = true;
- drivers = [ pkgs.foomatic_filters ];
- };
-
- environment.systemPackages = with pkgs; [
-
- powertop
-
- #window manager stuff
- haskellPackages.xmobar
- haskellPackages.yeganesh
- dmenu2
- xlibs.fontschumachermisc
- ];
-
- fonts.fonts = [
- pkgs.xlibs.fontschumachermisc
- ];
-
- services.xserver = {
- enable = true;
-
- windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [
- X11-xshape
- ];
- windowManager.xmonad.enable = true;
- windowManager.xmonad.enableContribAndExtras = true;
- windowManager.default = "xmonad";
- desktopManager.default = "none";
- desktopManager.xterm.enable = false;
- displayManager.slim.enable = true;
- displayManager.auto.enable = true;
- displayManager.auto.user = mainUser.name;
-
- layout = "us,de";
- xkbModel = "evdev";
- xkbVariant = "altgr-intl,nodeadkeys";
- xkbOptions = "grp:caps_toggle";
-
- };
-
-}
diff --git a/old/modules/lass/elster.nix b/old/modules/lass/elster.nix
deleted file mode 100644
index 1edd018..0000000
--- a/old/modules/lass/elster.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
-
-in {
- users.extraUsers = {
- elster = {
- name = "elster";
- description = "user for running elster-online";
- home = "/home/elster";
- useDefaultShell = true;
- extraGroups = [];
- createHome = true;
- };
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(elster) NOPASSWD: ALL
- '';
-}
diff --git a/old/modules/lass/games.nix b/old/modules/lass/games.nix
deleted file mode 100644
index 6043a87..0000000
--- a/old/modules/lass/games.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
-
-in {
- environment.systemPackages = with pkgs; [
- dwarf_fortress
- ];
-
- users.extraUsers = {
- games = {
- name = "games";
- description = "user playing games";
- home = "/home/games";
- extraGroups = [ "audio" "video" "input" ];
- createHome = true;
- useDefaultShell = true;
- };
- };
-
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(games) NOPASSWD: ALL
- '';
-}
diff --git a/old/modules/lass/gitolite-base.nix b/old/modules/lass/gitolite-base.nix
deleted file mode 100644
index b476299..0000000
--- a/old/modules/lass/gitolite-base.nix
+++ /dev/null
@@ -1,173 +0,0 @@
-{ config, ... }:
-
-{
- services.gitolite = {
- mutable = false;
- keys = {
- lass = config.sshKeys.lass.pub;
- uriel = config.sshKeys.uriel.pub;
- };
- rc = ''
- %RC = (
- UMASK => 0077,
- GIT_CONFIG_KEYS => "",
- LOG_EXTRA => 1,
- ROLES => {
- READERS => 1,
- WRITERS => 1,
- },
- LOCAL_CODE => "$ENV{HOME}/.gitolite",
- ENABLE => [
- 'help',
- 'desc',
- 'info',
- 'perms',
- 'writable',
- 'ssh-authkeys',
- 'git-config',
- 'daemon',
- 'gitweb',
- 'repo-specific-hooks',
- ],
- );
- 1;
- '';
-
- repoSpecificHooks = {
- irc-announce = ''
- #! /bin/sh
- set -euf
-
- config_file="$GL_ADMIN_BASE/conf/irc-announce.conf"
- if test -f "$config_file"; then
- . "$config_file"
- fi
-
- # XXX when changing IRC_CHANNEL or IRC_SERVER/_PORT, don't forget to update
- # any relevant gitolite LOCAL_CODE!
- # CAVEAT we hope that IRC_NICK is unique
- IRC_NICK="''${IRC_NICK-gl$GL_TID}"
- IRC_CHANNEL="''${IRC_CHANNEL-#retiolum}"
- IRC_SERVER="''${IRC_SERVER-ire.retiolum}"
- IRC_PORT="''${IRC_PORT-6667}"
-
- # for privmsg_cat below
- export IRC_CHANNEL
-
- # collect users that are mentioned in the gitolite configuration
- interested_users="$(perl -e '
- do "gl-conf";
- print join(" ", keys%{ $one_repo{$ENV{"GL_REPO"}} });
- ')"
-
- # CAVEAT beware of real TABs in grep pattern!
- # CAVEAT there will never be more than 42 relevant log entries!
- tab=$(printf '\x09')
- log="$(tail -n 42 "$GL_LOGFILE" | grep "^[^$tab]*$tab$GL_TID$tab" || :)"
-
- update_log="$(echo "$log" | grep "^[^$tab]*$tab$GL_TID''${tab}update")"
-
- # (debug output)
- env | sed 's/^/env: /'
- echo "$log" | sed 's/^/log: /'
-
- # see http://gitolite.com/gitolite/dev-notes.html#lff
- reponame=$(echo "$update_log" | cut -f 4)
- username=$(echo "$update_log" | cut -f 5)
- ref_name=$(echo "$update_log" | cut -f 7 | sed 's|^refs/heads/||')
- old_sha=$(echo "$update_log" | cut -f 8)
- new_sha=$(echo "$update_log" | cut -f 9)
-
- # check if new branch is created
- if test $old_sha = 0000000000000000000000000000000000000000; then
- # TODO what should we really show?
- old_sha=$new_sha^
- fi
-
- #
- git_log="$(git log $old_sha..$new_sha --pretty=oneline --abbrev-commit)"
- commit_count=$(echo "$git_log" | wc -l)
-
- # echo2 and cat2 are used output to both, stdout and stderr
- # This is used to see what we send to the irc server. (debug output)
- echo2() { echo "$*"; echo "$*" >&2; }
- cat2() { tee /dev/stderr; }
-
- # privmsg_cat transforms stdin to a privmsg
- privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
-
- # ircin is used to feed the output of netcat back to the "irc client"
- # so we can implement expect-like behavior with sed^_^
- # XXX mkselfdestructingtmpfifo would be nice instead of this cruft
- tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
- cd "$tmpdir"
- mkfifo ircin
- trap "
- rm ircin
- cd '$OLDPWD'
- rmdir '$tmpdir'
- trap - EXIT INT QUIT
- " EXIT INT QUIT
-
- #
- #
- #
- {
- echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
- echo2 "NICK $IRC_NICK"
-
- # wait for MODE message
- sed -n '/^:[^ ]* MODE /q'
-
- echo2 "JOIN $IRC_CHANNEL"
-
- echo "$interested_users" \
- | tr ' ' '\n' \
- | grep -v "^$GL_USER" \
- | sed 's/$/: poke/' \
- | privmsg_cat \
- | cat2
-
- printf '[\x0313%s\x03] %s pushed %s new commit%s to \x036%s %s\x03\n' \
- "$reponame" \
- "$username" \
- "$commit_count" \
- "$(test $commit_count = 1 || echo s)" \
- "$(hostname)" \
- "$ref_name" \
- | privmsg_cat \
- | cat2
-
- echo "$git_log" \
- | sed 's/^/\x0314/;s/ /\x03 /' \
- | privmsg_cat \
- | cat2
-
- echo2 "PART $IRC_CHANNEL"
-
- # wait for PART confirmation
- sed -n '/:'"$IRC_NICK"'![^ ]* PART /q'
-
- echo2 'QUIT :Gone to have lunch'
- } < ircin \
- | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
- '';
- };
- customFiles = [
- {
- path = ".gitolite/conf/irc-announce.conf";
- file = ''
- IRC_NICK="$(hostname)$GL_TID"
- case "$GL_REPO" in
- brain|painload|services|load-env|config)
- IRC_CHANNEL='#retiolum'
- ;;
- *)
- IRC_CHANNEL='&testing'
- ;;
- esac
- '';
- }
- ];
- };
-}
diff --git a/old/modules/lass/iptables/config.nix b/old/modules/lass/iptables/config.nix
deleted file mode 100644
index be521fe..0000000
--- a/old/modules/lass/iptables/config.nix
+++ /dev/null
@@ -1,119 +0,0 @@
-{ cfg, lib, pkgs, ... }:
-
-let
- inherit (pkgs) writeScript writeText;
- inherit (lib) concatMapStringsSep concatStringsSep attrNames unique fold any attrValues catAttrs filter flatten length hasAttr;
-
-#===== new api v4
-
- #buildTable :: iptablesAttrSet` -> str
- #todo: differentiate by iptables-version
- buildTables = iptv: ts:
- let
- declareChain = t: cn:
- #TODO: find out what to do whit these count numbers
- ":${cn} ${t."${cn}".policy} [0:0]";
-
- buildChain = tn: cn:
- #"${concatStringsSep " " ((attrNames t."${cn}") ++ [cn])}";
-
- #TODO: sort by precedence
- #TODO: double check should be unneccessary, refactor!
- if (hasAttr "rules" ts."${tn}"."${cn}") then
- if (ts."${tn}"."${cn}".rules == null) then
- ""
- else
- concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([]
- ++ map buildRule ts."${tn}"."${cn}".rules
- )
- else
- ""
- ;
-
-
- buildRule = rule:
- #TODO implement rule validation-test here
- #
- #target:
- #target needs to be an existing chain (in the same table) or ACCEPT, REJECT, DROP, LOG, QUEUE, RETURN
-
- #predicate:
- #maybe use iptables-test
- #TODO: howto exit with evaluation error by shellscript?
- #apperantly not possible from nix because evalatution wouldn't be deterministic.
- "${rule.predicate} -j ${rule.target}";
-
- buildTable = tn:
- "*${tn}\n" +
- concatStringsSep "\n" ([]
- ++ map (declareChain ts."${tn}") (attrNames ts."${tn}")
- ) +
- #this looks dirty, find a better way to do this (maybe optionalString)
- concatStringsSep "" ([]
- ++ map (buildChain tn) (attrNames ts."${tn}")
- ) +
- "\nCOMMIT";
- in
- concatStringsSep "\n" ([]
- ++ map buildTable (attrNames ts)
- );
-
-#=====
-
- rules4 = iptables-version:
- let
- #TODO: find out good defaults.
- tables-defaults = {
- nat.PREROUTING.policy = "ACCEPT";
- nat.INPUT.policy = "ACCEPT";
- nat.OUTPUT.policy = "ACCEPT";
- nat.POSTROUTING.policy = "ACCEPT";
- filter.INPUT.policy = "ACCEPT";
- filter.FORWARD.policy = "ACCEPT";
- filter.OUTPUT.policy = "ACCEPT";
-
- #if someone specifies any other rules on this chain, the default rules get lost.
- #is this wanted beahiviour or a bug?
- #TODO: implement abstraction of rules
- filter.INPUT.rules = [
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- ];
- };
- tables = tables-defaults // cfg.tables;
-
- in
- writeText "lass-iptables-rules${toString iptables-version}" ''
- ${buildTables iptables-version tables}
- '';
-
- startScript = writeScript "lass-iptables_start" ''
- #! /bin/sh
- set -euf
- iptables-restore < ${rules4 4}
- ip6tables-restore < ${rules4 6}
- '';
-in
-
-{
- networking.firewall.enable = false;
-
- systemd.services.lass-iptables = {
- description = "lass-iptables";
- wantedBy = [ "network-pre.target" ];
- before = [ "network-pre.target" ];
- after = [ "systemd-modules-load.service" ];
-
- path = with pkgs; [
- iptables
- ];
-
- restartIfChanged = true;
-
- serviceConfig = {
- Type = "simple";
- RemainAfterExit = true;
- Restart = "always";
- ExecStart = "@${startScript} lass-iptables_start";
- };
- };
-}
diff --git a/old/modules/lass/iptables/default.nix b/old/modules/lass/iptables/default.nix
deleted file mode 100644
index 7d46d45..0000000
--- a/old/modules/lass/iptables/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-arg@{ config, lib, pkgs, ... }:
-
-let
- cfg = config.lass.iptables;
- arg' = arg // { inherit cfg; };
-in
-
-{
- options.lass.iptables = import ./options.nix arg';
- config = lib.mkIf cfg.enable (import ./config.nix arg');
-}
diff --git a/old/modules/lass/iptables/options.nix b/old/modules/lass/iptables/options.nix
deleted file mode 100644
index eb3bfc0..0000000
--- a/old/modules/lass/iptables/options.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ lib, ... }:
-
-let
- inherit (lib) mkEnableOption mkOption types;
-in
-
-{
- enable = mkEnableOption "iptables";
-
- #tables.filter.INPUT = {
- # policy = "DROP";
- # rules = [
- # { predicate = "-i retiolum"; target = "ACCEPT"; priority = -10; }
- # ];
- #};
- #new api
- tables = mkOption {
- type = with types; attrsOf (attrsOf (submodule ({
- options = {
- policy = mkOption {
- type = str;
- default = "-";
- };
- rules = mkOption {
- type = nullOr (listOf (submodule ({
- options = {
- predicate = mkOption {
- type = str;
- };
- target = mkOption {
- type = str;
- };
- precedence = mkOption {
- type = int;
- default = 0;
- };
- };
- })));
- default = null;
- };
- };
- })));
- };
-}
diff --git a/old/modules/lass/ircd.nix b/old/modules/lass/ircd.nix
deleted file mode 100644
index c57f7dd..0000000
--- a/old/modules/lass/ircd.nix
+++ /dev/null
@@ -1,88 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- config.services.charybdis = {
- enable = true;
- config = ''
- serverinfo {
- name = "ire.irc.retiolum";
- sid = "4z3";
- description = "miep!";
- network_name = "irc.retiolum";
- network_desc = "Retiolum IRC Network";
- hub = yes;
-
- vhost = "0.0.0.0";
- vhost6 = "::";
-
- #ssl_private_key = "etc/ssl.key";
- #ssl_cert = "etc/ssl.cert";
- #ssl_dh_params = "etc/dh.pem";
- #ssld_count = 1;
-
- default_max_clients = 10000;
- #nicklen = 30;
- };
-
- listen {
- defer_accept = yes;
-
- /* If you want to listen on a specific IP only, specify host.
- * host definitions apply only to the following port line.
- */
- host = "0.0.0.0";
- port = 6667;
- sslport = 6697;
-
- /* Listen on IPv6 (if you used host= above). */
- host = "::";
- port = 6667;
- sslport = 9999;
- };
-
- class "users" {
- ping_time = 2 minutes;
- number_per_ident = 200;
- number_per_ip = 200;
- number_per_ip_global = 500;
- cidr_ipv4_bitlen = 24;
- cidr_ipv6_bitlen = 64;
- number_per_cidr = 9000;
- max_number = 10000;
- sendq = 400 kbytes;
- };
-
- exempt {
- ip = "127.0.0.1";
- };
-
- auth {
- user = "*@*";
- class = "users";
- flags = exceed_limit;
- };
-
- channel {
- use_invex = yes;
- use_except = yes;
- use_forward = yes;
- use_knock = yes;
- knock_delay = 5 minutes;
- knock_delay_channel = 1 minute;
- max_chans_per_user = 15;
- max_bans = 100;
- max_bans_large = 500;
- default_split_user_count = 0;
- default_split_server_count = 0;
- no_create_on_split = no;
- no_join_on_split = no;
- burst_topicwho = yes;
- kick_on_split_riding = no;
- only_ascii_channels = no;
- resv_forcepart = yes;
- channel_target_change = yes;
- disable_local_channels = no;
- };
- '';
- };
-}
diff --git a/old/modules/lass/pass.nix b/old/modules/lass/pass.nix
deleted file mode 100644
index 33eca0a..0000000
--- a/old/modules/lass/pass.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- environment.systemPackages = with pkgs; [
- pass
- gnupg1
- ];
-
- services.xserver.startGnuPGAgent = true;
-}
diff --git a/old/modules/lass/programs.nix b/old/modules/lass/programs.nix
deleted file mode 100644
index 41d241b..0000000
--- a/old/modules/lass/programs.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, pkgs, ... }:
-
-## TODO sort and split up
-{
- environment.systemPackages = with pkgs; [
- aria2
- gnupg1compat
- htop
- i3lock
- mc
- mosh
- mpv
- pass
- pavucontrol
- pv
- pwgen
- python34Packages.livestreamer
- remmina
- silver-searcher
- wget
- xsel
- youtube-dl
- ];
-}
diff --git a/old/modules/lass/sshkeys.nix b/old/modules/lass/sshkeys.nix
deleted file mode 100644
index f2b0786..0000000
--- a/old/modules/lass/sshkeys.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ config, ... }:
-
-{
- imports = [
- ../common/sshkeys.nix
- ];
-
- config.sshKeys.lass.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
-
- config.sshKeys.uriel.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
-}
diff --git a/old/modules/lass/steam.nix b/old/modules/lass/steam.nix
deleted file mode 100644
index d54873b..0000000
--- a/old/modules/lass/steam.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
- imports = [
- ./games.nix
- ];
- #
- # Steam stuff
- # source: https://nixos.org/wiki/Talk:Steam
- #
- ##TODO: make steam module
- hardware.opengl.driSupport32Bit = true;
-
- environment.systemPackages = with pkgs; [
- steam
- ];
- networking.firewall = {
- allowedUDPPorts = [
- 27031
- 27036
- ];
- allowedTCP