summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--jeschli/1systems/brauerei/config.nix3
-rw-r--r--jeschli/2configs/emacs.nix1
-rw-r--r--nin/0tests/dummysecrets/hashedPasswords.nix1
-rw-r--r--nin/0tests/dummysecrets/ssh.id_ed255190
-rw-r--r--nin/1systems/axon/config.nix132
-rw-r--r--nin/1systems/hiawatha/config.nix126
-rw-r--r--nin/1systems/onondaga/config.nix23
-rw-r--r--nin/2configs/ableton.nix20
-rw-r--r--nin/2configs/copyq.nix38
-rw-r--r--nin/2configs/default.nix173
-rw-r--r--nin/2configs/games.nix70
-rw-r--r--nin/2configs/git.nix60
-rw-r--r--nin/2configs/im.nix19
-rw-r--r--nin/2configs/retiolum.nix28
-rw-r--r--nin/2configs/skype.nix27
-rw-r--r--nin/2configs/termite.nix22
-rw-r--r--nin/2configs/vim.nix355
-rw-r--r--nin/2configs/weechat.nix21
-rw-r--r--nin/default.nix7
-rw-r--r--nin/krops.nix35
-rw-r--r--tv/1systems/xu/config.nix4
-rw-r--r--tv/2configs/backup.nix2
-rw-r--r--tv/2configs/default.nix1
-rw-r--r--tv/2configs/xserver/default.nix27
-rw-r--r--tv/3modules/charybdis/default.nix2
-rw-r--r--tv/5pkgs/compat/18.03/pass-otp/default.nix30
-rw-r--r--tv/5pkgs/compat/18.03/pass/default.nix121
-rw-r--r--tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch9
-rw-r--r--tv/5pkgs/compat/18.03/pass/rofi-pass.nix57
-rw-r--r--tv/5pkgs/compat/18.03/pass/set-correct-program-name-for-sleep.patch69
-rw-r--r--tv/5pkgs/compat/default.nix1
-rw-r--r--tv/5pkgs/default.nix12
-rw-r--r--tv/5pkgs/simple/utsushi.nix1
33 files changed, 321 insertions, 1176 deletions
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 4ba888e..ad58226 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -119,6 +119,8 @@
# Don't install feh into systemPackages
# refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
desktopManager.session = lib.mkForce [];
+ displayManager.lightdm.enable = lib.mkForce false;
+ displayManager.job.execCmd = lib.mkForce "derp";
enable = true;
display = lib.mkForce 11;
@@ -147,6 +149,7 @@
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
];
};
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index 3bd2dbf..5fc8874 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -67,7 +67,6 @@ let
emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [
epkgs.melpaPackages.evil
epkgs.melpaStablePackages.magit
- epkgs.melpaPackages.mmm-mode
epkgs.melpaPackages.nix-mode
epkgs.melpaPackages.go-mode
epkgs.melpaPackages.google-this
diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix
deleted file mode 100644
index 0967ef4..0000000
--- a/nin/0tests/dummysecrets/hashedPasswords.nix
+++ /dev/null
@@ -1 +0,0 @@
-{}
diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519
deleted file mode 100644
index e69de29..0000000
--- a/nin/0tests/dummysecrets/ssh.id_ed25519
+++ /dev/null
diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix
deleted file mode 100644
index 5e81afd..0000000
--- a/nin/1systems/axon/config.nix
+++ /dev/null
@@ -1,132 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- imports = [
- <stockholm/nin>
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- #../2configs/copyq.nix
- <stockholm/nin/2configs/ableton.nix>
- <stockholm/nin/2configs/games.nix>
- <stockholm/nin/2configs/git.nix>
- <stockholm/nin/2configs/retiolum.nix>
- <stockholm/nin/2configs/termite.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.axon;
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/pool/root";
- fsType = "ext4";
- };
-
- fileSystems."/tmp" =
- { device = "tmpfs";
- fsType = "tmpfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/sda1";
- fsType = "ext2";
- };
-
- boot.initrd.luks.devices.crypted.device = "/dev/sda2";
- boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda";
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
-
- # nin config
- time.timeZone = "Europe/Berlin";
- services.xserver = {
- enable = true;
-
- displayManager.lightdm.enable = true;
- };
-
- networking.networkmanager.enable = true;
- #networking.wireless.enable = true;
-
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
-
- hardware.bluetooth.enable = true;
-
- hardware.opengl.driSupport32Bit = true;
-
- #nixpkgs.config.steam.java = true;
-
- environment.systemPackages = with pkgs; [
- atom
- chromium
- firefox
- git
- htop
- keepassx
- lmms
- networkmanagerapplet
- openvpn
- python
- ruby
- steam
- taskwarrior
- thunderbird
- vim
- virtmanager
- ];
-
- nixpkgs.config = {
-
- allowUnfree = true;
-
- };
-
- #services.logind.extraConfig = "HandleLidSwitch=ignore";
-
- services.xserver.synaptics = {
- enable = true;
- };
-
- services.xserver.displayManager.sessionCommands = ''
- ${pkgs.xorg.xhost}/bin/xhost + local:
- '';
-
- services.xserver.desktopManager.xfce = let
- xbindConfig = pkgs.writeText "xbindkeysrc" ''
- "${pkgs.pass}/bin/passmenu --type"
- Control + p
- '';
- in {
- enable = true;
- extraSessionCommands = ''
- ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
- '';
- };
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "17.03";
-
-}
diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix
deleted file mode 100644
index a09eed9..0000000
--- a/nin/1systems/hiawatha/config.nix
+++ /dev/null
@@ -1,126 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- imports = [
- <stockholm/nin>
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- #../2configs/copyq.nix
- <stockholm/nin/2configs/games.nix>
- <stockholm/nin/2configs/git.nix>
- <stockholm/nin/2configs/retiolum.nix>
- <stockholm/nin/2configs/termite.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.hiawatha;
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e";
- fsType = "ext4";
- };
-
- fileSystems."/tmp" =
- { device = "tmpfs";
- fsType = "tmpfs";
- };
-
- fileSystems."/home" =
- { device = "/dev/fam/home";
- };
-
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010";
- fsType = "ext2";
- };
-
- boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
- boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda";
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
-
- fileSystems."/home/nin/.local/share/Steam" = {
- device = "/dev/fam/steam";
- };
-
- # nin config
- time.timeZone = "Europe/Berlin";
- services.xserver.enable = true;
-
- networking.networkmanager.enable = true;
- #networking.wireless.enable = true;
-
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
-
- hardware.bluetooth.enable = true;
-
- hardware.opengl.driSupport32Bit = true;
-
- #nixpkgs.config.steam.java = true;
-
- environment.systemPackages = with pkgs; [
- firefox
- git
- lmms
- networkmanagerapplet
- python
- steam
- thunderbird
- vim
- virtmanager
- ];
-
- nixpkgs.config = {
-
- allowUnfree = true;
-
- };
-
- #services.logind.extraConfig = "HandleLidSwitch=ignore";
-
- services.xserver.synaptics = {
- enable = true;
- };
-
-
- services.xserver.desktopManager.xfce = let
- xbindConfig = pkgs.writeText "xbindkeysrc" ''
- "${pkgs.pass}/bin/passmenu --type"
- Control + p
- '';
- in {
- enable = true;
- extraSessionCommands = ''
- ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
- '';
- };
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "17.03";
-
-}
diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix
deleted file mode 100644
index 3cd0773..0000000
--- a/nin/1systems/onondaga/config.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/nin>
- <stockholm/nin/2configs/retiolum.nix>
- <stockholm/nin/2configs/weechat.nix>
- <stockholm/nin/2configs/git.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.onondaga;
-
- boot.isContainer = true;
- networking.useDHCP = false;
-
- time.timeZone = "Europe/Amsterdam";
-
- services.openssh.enable = true;
-}
diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix
deleted file mode 100644
index 343a908..0000000
--- a/nin/2configs/ableton.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, pkgs, ... }: let
- mainUser = config.users.extraUsers.nin;
-in {
- users.users= {
- ableton = {
- isNormalUser = true;
- extraGroups = [
- "audio"
- "video"
- ];
- packages = [
- pkgs.wine
- pkgs.winetricks
- ];
- };
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(ableton) NOPASSWD: ALL
- '';
-}
diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix
deleted file mode 100644
index 0616c40..0000000
--- a/nin/2configs/copyq.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-let
- copyqConfig = pkgs.writeDash "copyq-config" ''
- ${pkgs.copyq}/bin/copyq config check_clipboard true
- ${pkgs.copyq}/bin/copyq config check_selection true
- ${pkgs.copyq}/bin/copyq config copy_clipboard true
- ${pkgs.copyq}/bin/copyq config copy_selection true
-
- ${pkgs.copyq}/bin/copyq config activate_closes true
- ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
- ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
- ${pkgs.copyq}/bin/copyq config disable_tray true
- ${pkgs.copyq}/bin/copyq config hide_tabs true
- ${pkgs.copyq}/bin/copyq config hide_toolbar true
- ${pkgs.copyq}/bin/copyq config item_popup_interval true
- ${pkgs.copyq}/bin/copyq config maxitems 1000
- ${pkgs.copyq}/bin/copyq config move true
- ${pkgs.copyq}/bin/copyq config text_wrap true
- '';
-in {
- systemd.user.services.copyq = {
- after = [ "graphical.target" ];
- wants = [ "graphical.target" ];
- wantedBy = [ "default.target" ];
- environment = {
- DISPLAY = ":0";
- };
- serviceConfig = {
- SyslogIdentifier = "copyq";
- ExecStart = "${pkgs.copyq}/bin/copyq";
- ExecStartPost = copyqConfig;
- Restart = "always";
- RestartSec = "2s";
- StartLimitBurst = 0;
- };
- };
-}
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix
deleted file mode 100644
index 62f499a..0000000
--- a/nin/2configs/default.nix
+++ /dev/null
@@ -1,173 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-{
- imports = [
- ../2configs/vim.nix
- <stockholm/krebs/2configs/binary-cache/nixos.nix>
- <stockholm/krebs/2configs/binary-cache/prism.nix>
- {
- users.extraUsers =
- mapAttrs (_: h: { hashedPassword = h; })
- (import <secrets/hashedPasswords.nix>);
- }
- {
- users.users = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- config.krebs.users.nin_h.pubkey
- ];
- };
- nin = {
- name = "nin";
- uid = 1337;
- home = "/home/nin";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "fuse"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- config.krebs.users.nin_h.pubkey
- ];
- };
- };
- }
- {
- environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- }
- (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
- environment.variables = {
- CURL_CA_BUNDLE = ca-bundle;
- GIT_SSL_CAINFO = ca-bundle;
- SSL_CERT_FILE = ca-bundle;
- };
- })
- ];
-
- networking.hostName = config.krebs.build.host.name;
- nix.maxJobs = config.krebs.build.host.cores;
-
- krebs = {
- enable = true;
- search-domain = "r";
- build = {
- user = config.krebs.users.nin;
- };
- };
-
- nix.useSandbox = true;
-
- users.mutableUsers = false;
-
- services.timesyncd.enable = true;
-
- #why is this on in the first place?
- services.nscd.enable = false;
-
- boot.tmpOnTmpfs = true;
- # see tmpfiles.d(5)
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -"
- ];
-
- # multiple-definition-problem when defining environment.variables.EDITOR
- environment.extraInit = ''
- EDITOR=vim
- '';
-
- nixpkgs.config.allowUnfree = true;
-
- environment.shellAliases = {
- gs = "git status";
- };
-
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- gnumake
- jq
- proot
- pavucontrol
- populate
- p7zip
- termite
- unzip
- unrar
- hashPassword
- ];
-
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=65536
- HISTFILESIZE=$HISTSIZE
-
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- complete -d cd
- '';
- promptInit = ''
- if test $UID = 0; then
- PS1='\[\033[1;31m\]$PWD\[\033[0m\] '
- elif test $UID = 1337; then
- PS1='\[\033[1;32m\]$PWD\[\033[0m\] '
- else
- PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] '
- fi
- if test -n "$SSH_CLIENT"; then
- PS1='\[\033[35m\]\h'" $PS1"
- fi
- '';
- };
-
- services.openssh = {
- enable = true;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- krebs.iptables = {
- enable = true;
- tables = {
- nat.PREROUTING.rules = [
- { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
- { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
- ];
- nat.OUTPUT.rules = [
- { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
- ];
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
- { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
- { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
- { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
- { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
- { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
- { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
- ];
- };
- };
-
- networking.dhcpcd.extraConfig = ''
- noipv4ll
- '';
-}
diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix
deleted file mode 100644
index 15e1723..0000000
--- a/nin/2configs/games.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
- vdoom = pkgs.writeDash "vdoom" ''
- ${pkgs.zandronum}/bin/zandronum \
- -fov 120 \
- "$@"
- '';
- doom = pkgs.writeDash "doom" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} \
- -file $DOOM_DIR/lib/brutalv20.pk3 \
- "$@"
- '';
- doom1 = pkgs.writeDashBin "doom1" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
- '';
- doom2 = pkgs.writeDashBin "doom2" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
- '';
- vdoom1 = pkgs.writeDashBin "vdoom1" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
- '';
- vdoom2 = pkgs.writeDashBin "vdoom2" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
- '';
-
- doomservercfg = pkgs.writeText "doomserver.cfg" ''
- skill 7
- #survival true
- #sv_maxlives 4
- #sv_norespawn true
- #sv_weapondrop true
- no_jump true
- #sv_noweaponspawn true
- sv_sharekeys true
- sv_survivalcountdowntime 1
- sv_noteamselect true
- sv_updatemaster false
- #sv_coop_loseinventory true
- #cl_startasspectator false
- #lms_spectatorview false
- '';
-
- vdoomserver = pkgs.writeDashBin "vdoomserver" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
-
- ${pkgs.zandronum}/bin/zandronum-server \
- +exec ${doomservercfg} \
- "$@"
- '';
-
-in {
- environment.systemPackages = with pkgs; [
- dwarf_fortress
- doom1
- doom2
- vdoom1
- vdoom2
- vdoomserver
- ];
-
- hardware.pulseaudio.support32Bit = true;
-
-}
diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix
deleted file mode 100644
index aed4a9f..0000000
--- a/nin/2configs/git.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
-
- out = {
- services.nginx.enable = true;
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "public repositories at ${config.krebs.build.host.name}";
- root-desc = "keep calm and engage";
- };
- };
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
- rules = rules;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
-
- repos = public-repos;
-
- rules = concatMap make-rules (attrValues repos);
-
- public-repos = mapAttrs make-public-repo {
- stockholm = {
- cgit.desc = "take all the computers hostage, they'll love you!";
- };
- };
-
- make-public-repo = name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = true;
- };
-
- make-rules =
- with git // config.krebs.users;
- repo:
- singleton {
- user = [ nin nin_h ];
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional repo.public {
- user = attrValues config.krebs.users;
- repo = [ repo ];
- perm = fetch;
- } ++
- optional (length (repo.collaborators or []) > 0) {
- user = repo.collaborators;
- repo = [ repo ];
- perm = fetch;
- };
-
-in out
diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix
deleted file mode 100644
index b078dbd..0000000
--- a/nin/2configs/im.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-{
- environment.systemPackages = with pkgs; [
- (pkgs.writeDashBin "im" ''
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- ssh chat@onondaga
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
- ];
-}
diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix
deleted file mode 100644
index 821e3cc..0000000
--- a/nin/2configs/retiolum.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ ... }:
-
-{
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
- { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
- ];
- };
- };
-
- krebs.tinc.retiolum = {
- enable = true;
- connectTo = [
- "prism"
- "pigstarter"
- "gum"
- "flap"
- ];
- };
-
- nixpkgs.config.packageOverrides = pkgs: {
- tinc = pkgs.tinc_pre;
- };
-}
diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix
deleted file mode 100644
index 621dfae..0000000
--- a/nin/2configs/skype.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.nin;
- inherit (import <stockholm/lib>) genid;
-
-in {
- users.extraUsers = {
- skype = {
- name = "skype";
- uid = genid "skype";
- description = "user for running skype";
- home = "/home/skype";
- useDefaultShell = true;
- extraGroups = [ "audio" "video" ];
- createHome = true;
- };
- };
-
- krebs.per-user.skype.packages = [
- pkgs.skype
- ];
-
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(skype) NOPASSWD: ALL
- '';
-}
diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix
deleted file mode 100644
index 942446b..0000000
--- a/nin/2configs/termite.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- environment.systemPackages = [
- pkgs.termite
- ];
-
- krebs.per-user.nin.packages = let
- termitecfg = pkgs.writeTextFile {
- name = "termite-config";
- destination = "/etc/xdg/termite/config";
- text = ''
- [colors]
- foreground = #d0d7d0
- background = #000000
- '';
- };
- in [
- termitecfg
- ];
-
-}
diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix
deleted file mode 100644
index 7b5d376..0000000
--- a/nin/2configs/vim.nix
+++ /dev/null
@@ -1,355 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- out = {
- environment.systemPackages = [
- vim
- pkgs.pythonPackages.flake8
- ];
-
- environment.etc.vimrc.source = vimrc;
-
- environment.variables.EDITOR = mkForce "vim";
- environment.variables.VIMINIT = ":so /etc/vimrc";
- };
-
- vimrc = pkgs.writeText "vimrc" ''
- set nocompatible
-
- set autoindent
- set backspace=indent,eol,start
- set backup
- set backupdir=${dirs.backupdir}/
- set directory=${dirs.swapdir}//
- set hlsearch
- set incsearch
- set laststatus=2
- set mouse=a
- set noruler
- set pastetoggle=<INS>
- set runtimepath=${extra-runtimepath},$VIMRUNTIME
- set shortmess+=I
- set showcmd
- set showmatch
- set ttimeoutlen=0
- set undodir=${dirs.undodir}
- set undofile
- set undolevels=1000000
- set undoreload=1000000
- set viminfo='20,<1000,s100,h,n${files.viminfo}
- set visualbell
- set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
- set wildmenu
- set wildmode=longest,full
-
- set et ts=2 sts=2 sw=2
-
- filetype plugin indent on
-
- set t_Co=256
- colorscheme hack
- syntax on
-
- au Syntax * syn match Garbage containedin=ALL /\s\+$/
- \ | syn match TabStop containedin=ALL /\t\+/
- \ | syn keyword Todo containedin=ALL TODO
-
- au BufRead,BufNewFile *.hs so ${hs.vim}
-
- au BufRead,BufNewFile *.nix so ${nix.vim}
-
- au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
-
- "Syntastic config
- let g:syntastic_python_checkers=['flake8']
-
- nmap <esc>q :buffer
- nmap <M-q> :buffer
-
- cnoremap <C-A> <Home>
-
- noremap <C-c> :q<cr>
- vnoremap < <gv
- vnoremap > >gv
-
- nnoremap <esc>[5^ :tabp<cr>
- nnoremap <esc>[6^ :tabn<cr>
- nnoremap <esc>[5@ :tabm -1<cr>
- nnoremap <esc>[6@ :tabm +1<cr>
-
- nnoremap <f1> :tabp<cr>
- nnoremap <f2> :tabn<cr>
- inoremap <f1> <esc>:tabp<cr>
- inoremap <f2> <esc>:tabn<cr>
-
- " <C-{Up,Down,Right,Left>
- noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
- noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
- noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
- noremap <esc>Od <nop> | noremap! <esc>Od <nop>
- " <[C]S-{Up,Down,Right,Left>
- noremap <esc>[a <nop> | noremap! <esc>[a <nop>
- noremap <esc>[b <nop> | noremap! <esc>[b <nop>
- noremap <esc>[c <nop> | noremap! <esc>[c <nop>
- noremap <esc>[d <nop> | noremap! <esc>[d <nop>
- vnoremap u <nop>
- '';
-
- extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
- pkgs.vimPlugins.Syntastic
- pkgs.vimPlugins.undotree
- pkgs.vimPlugins.airline
- (pkgs.vimUtils.buildVimPlugin {
- name = "file-line-1.0";
- src = pkgs.fetchgit {
- url = git://github.com/bogado/file-line;
- rev = "refs/tags/1.0";
- sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
- };
- })
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "hack";
- in {
- name = "vim-color-${name}-1.0.2";
- destination = "/colors/${name}.vim";
- text = /* vim */ ''
- set background=dark
- hi clear
- if exists("syntax_on")
- syntax clear
- endif
-
- let colors_name = ${toJSON name}
-
- hi Normal ctermbg=235
- hi Comment ctermfg=242
- hi Constant ctermfg=062
- hi Identifier ctermfg=068
- hi Function ctermfg=041
- hi Statement ctermfg=167
- hi PreProc ctermfg=167
- hi Type ctermfg=041
- hi Delimiter ctermfg=251
- hi Special ctermfg=062
-
- hi Garbage ctermbg=088
- hi TabStop ctermbg=016
- hi Todo ctermfg=174 ctermbg=NONE
-
- hi NixCode ctermfg=148
- hi NixData ctermfg=149
- hi NixQuote ctermfg=150
-
- hi diffNewFile ctermfg=207
- hi diffFile ctermfg=207
- hi diffLine ctermfg=207
- hi diffSubname ctermfg=207
- hi diffAdded ctermfg=010
- hi diffRemoved ctermfg=009
- '';
- })))
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "vim";
- in {
- name = "vim-syntax-${name}-1.0.0";
- destination = "/syntax/${name}.vim";
- text = /* vim */ ''
- ${concatMapStringsSep "\n" (s: /* vim */ ''
- syn keyword vimColor${s} ${s}
- \ containedin=ALLBUT,vimComment,vimLineComment
- hi vimColor${s} ctermfg=${s}
- '') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
- '';
- })))
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "showsyntax";
- in {
- name = "vim-plugin-${name}-1.0.0";
- destination = "/plugin/${name}.vim";
- text = /* vim */ ''
- if exists('g:loaded_showsyntax')
- finish
- endif
- let g:loaded_showsyntax = 0
-
- fu! ShowSyntax()
- let id = synID(line("."), col("."), 1)
- let name = synIDattr(id, "name")
- let transName = synIDattr(synIDtrans(id),"name")
- if name != transName
- let name .= " (" . transName . ")"
- endif
- echo "Syntax: " . name
- endfu
-
- command! -n=0 -bar ShowSyntax :call ShowSyntax()
- '';
- })))
- ];
-
- dirs = {
- backupdir = "$HOME/.cache/vim/backup";
- swapdir = "$HOME/.cache/vim/swap";
- undodir = "$HOME/.cache/vim/undo";
- };
- files = {
- viminfo = "$HOME/.cache/vim/info";
- };
-
- mkdirs = let
- dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
- in assert out != ""; out;
- alldirs = attrValues dirs ++ map dirOf (attrValues files);
- in unique (sort lessThan alldirs);
-
- vim = pkgs.writeDashBin "vim" ''
- set -efu
- (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
- exec ${pkgs.vim}/bin/vim "$@"
- '';
-
-
- hs.vim = pkgs.writeText "hs.vim" ''
- syn region String start=+\[[[:alnum:]]*|+ end=+|]+
-
- hi link ConId Identifier
- hi link VarId Identifier
- hi link hsDelimiter Delimiter
- '';
-
- nix.vim = pkgs.writeText "nix.vim" ''
- setf nix
-
- " Ref <nix/src/libexpr/lexer.l>
- syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
- syn match NixINT /\<[0-9]\+\>/
- syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
- syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
- syn region NixSTRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- syn region NixIND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
-
- syn match NixOther /[():/;=.,?\[\]]/
-
- syn match NixCommentMatch /\(^\|\s\)#.*/
- syn region NixCommentRegion start="/\*" end="\*/"
-
- hi link NixCode Statement
- hi link NixData Constant
- hi link NixComment Comment
-
- hi link NixCommentMatch NixComment
- hi link NixCommentRegion NixComment
- hi link NixID NixCode
- hi link NixINT NixData
- hi link NixPATH NixData
- hi link NixHPATH NixData
- hi link NixSPATH NixData
- hi link NixURI NixData
- hi link NixSTRING NixData
- hi link NixIND_STRING NixData
-
- hi link NixEnter NixCode
- hi link NixOther NixCode
- hi link NixQuote NixData
-
- syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
- syn cluster nix_ind_strings contains=NixIND_STRING
- syn cluster nix_strings contains=NixSTRING
-
- ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
- startAlts = filter isString [
- ''/\* ${lang} \*/''
- extraStart
- ];
- sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
- in /* vim */ ''
- syn include @nix_${lang}_syntax syntax/${lang}.vim
- unlet b:current_syntax
-
- syn match nix_${lang}_sigil
- \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
- \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
- \ transparent
-
- syn region nix_${lang}_region_STRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
-
- syn region nix_${lang}_region_IND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
-
- syn cluster nix_ind_strings
- \ add=nix_${lang}_region_IND_STRING
-
- syn cluster nix_strings
- \ add=nix_${lang}_region_STRING
-
- syn cluster nix_has_dollar_curly
- \ add=@nix_${lang}_syntax
- '') {
- c = {};
- cabal = {};
- haskell = {};
- sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
- vim.extraStart =
- ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
- })}
-
- " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
- syn clear shVarAssign
-
- syn region nixINSIDE_DOLLAR_CURLY
- \ matchgroup=NixEnter
- \ start="[$]{"
- \ end="}"
- \ contains=TOP
- \ containedin=@nix_has_dollar_curly
- \ transparent
-
- syn region nix_inside_curly
- \ matchgroup=NixEnter
- \ start="{"
- \ end="}"
- \ contains=TOP
- \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
- \ transparent
-
- syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
- \ containedin=@nix_ind_strings
- \ contained
-
- syn match NixQuote /\\./he=s+1
- \ containedin=@nix_strings
- \ contained
-
- syn sync fromstart
-
- let b:current_syntax = "nix"
-
- set isk=@,48-57,_,192-255,-,'
- set bg=dark
- '';
-in
-out
diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix
deleted file mode 100644
index 6c0fb31..0000000
--- a/nin/2configs/weechat.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- inherit (import <stockholm/lib>) genid;
-in {
- krebs.per-user.chat.packages = with pkgs; [
- mosh
- weechat
- tmux
- ];
-
- users.extraUsers.chat = {
- home = "/home/chat";
- uid = genid "chat";
- useDefaultShell = true;
- createHome = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- ];
- };
-}
diff --git a/nin/default.nix b/nin/default.nix
deleted file mode 100644
index c31d6d9..0000000
--- a/nin/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-_:
-{
- imports = [
- ../krebs
- ./2configs
- ];
-}
diff --git a/nin/krops.nix b/nin/krops.nix
deleted file mode 100644
index d007484..0000000
--- a/nin/krops.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ name }: let
- inherit (import ../krebs/krops.nix { inherit name; })
- krebs-source
- lib
- pkgs
- ;
-
- source = { test }: lib.evalSource [
- krebs-source
- {
- nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
- secrets = if test then {
- file = toString ./0tests/dummysecrets;
- } else {
- pass = {
- dir = "${lib.getEnv "HOME"}/.password-store";
- name = "hosts/${name}";
- };
- };
- }
- ];
-
-in {
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
- deploy = pkgs.krops.writeDeploy "${name}-deploy" {
- source = source { test = false; };
- target = "root@${name}/var/src";
- };
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
- test = { target }: pkgs.krops.writeTest "${name}-test" {
- inherit target;
- source = source { test = true; };
- };
-}
diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix
index 14926fe..5421cab 100644
--- a/tv/1systems/xu/config.nix
+++ b/tv/1systems/xu/config.nix
@@ -18,6 +18,7 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/retiolum.nix>
<stockholm/tv/2configs/binary-cache>
<stockholm/tv/2configs/br.nix>
+ <stockholm/tv/2configs/xp-332.nix>
<stockholm/tv/2configs/xserver>
{
environment.systemPackages = with pkgs; [
@@ -40,7 +41,6 @@ with import <stockholm/lib>;
mkpasswd
netcat
netcup
- nix-repl
nmap
p7zip
pass
@@ -147,8 +147,6 @@ with import <stockholm/lib>;
gptfdisk
];
- services.printing.enable = true;
-
#services.bitlbee.enable = true;
#services.tor.client.enable = true;
#services.tor.enable = true;
diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix
index 14d3815..f8de72d 100644
--- a/tv/2configs/backup.nix
+++ b/tv/2configs/backup.nix
@@ -26,7 +26,7 @@ with import <stockholm/lib>;
method = "pull";
src = { host = config.krebs.hosts.querel; path = "/home"; };
dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; };
- startAt = "00:00";
+ startAt = "22:00";
};
wu-home-xu = {
method = "push";
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 2ccab3d..d9ddc90 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -143,6 +143,7 @@ with import <stockholm/lib>;
environment.systemPackages = [
pkgs.get
pkgs.git
+ pkgs.git-crypt
pkgs.git-preview
pkgs.hashPassword
pkgs.htop
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index e33b431..dbfa804 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -41,6 +41,9 @@ in {
# refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
desktopManager.session = mkForce [];
+ displayManager.lightdm.enable = mkForce false;
+ displayManager.job.execCmd = mkForce "derp";
+
enable = true;
display = mkForce 11;
tty = mkForce 11;
@@ -55,7 +58,7 @@ in {
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
- wantedBy = [ "multi-user.target" ];
+ wantedBy = [ "graphical.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
@@ -101,21 +104,20 @@ in {
systemd.services.xserver = {
after = [
- "systemd-udev-settle.service"
- "local-fs.target"
"acpid.service"
+ "local-fs.target"
+ "systemd-udev-settle.service"
+ ];
+ wants = [
+ "systemd-udev-settle.service"
];
- reloadIfChanged = true;
+ restartIfChanged = false;
environment = {
- XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
- XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
- LD_LIBRARY_PATH = concatStringsSep ":" (
- [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
+ LD_LIBRARY_PATH = concatStringsSep ":" ([ "/run/opengl-driver/lib" ]
++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
- ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString config.services.xserver.display}"
@@ -123,17 +125,16 @@ in {
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
- "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
+ "-xkbdir ${config.services.xserver.xkbDir}"
];
};
};
systemd.services.urxvtd = {
- wantedBy = [ "multi-user.target" ];
- reloadIfChanged = true;
+ wantedBy = [ "graphical.target" ];
+ restartIfChanged = false;
serviceConfig = {
SyslogIdentifier = "urxvtd";
- ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix
index e252f2e..62a7037 100644
--- a/tv/3modules/charybdis/default.nix
+++ b/tv/3modules/charybdis/default.nix
@@ -64,7 +64,7 @@ in {
ExecStartPre =
"${pkgs.coreutils}/bin/ln -s /etc/charybdis-ircd.motd /tmp/ircd.motd";
ExecStart = toString [
- "${pkgs.charybdis}/bin/charybdis-ircd"
+ "${pkgs.charybdis}/bin/charybdis"
"-configfile ${import ./config.nix args}"
"-foreground"
"-logfile /dev/stderr"
diff --git a/tv/5pkgs/compat/18.03/pass-otp/default.nix b/tv/5pkgs/compat/18.03/pass-otp/default.nix
new file mode 100644
index 0000000..3341118
--- /dev/null
+++ b/tv/5pkgs/compat/18.03/pass-otp/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, fetchFromGitHub, oathToolkit }:
+stdenv.mkDerivation rec {
+ name = "pass-otp-${version}";
+ version = "1.1.0";
+
+ src = fetchFromGitHub {
+ owner = "tadfisher";
+ repo = "pass-otp";
+ rev = "v${version}";
+ sha256 = "1cgj4zc8fq88n3h6c0vkv9i5al785mdprpgpbv5m22dz9p1wqvbb";
+ };
+
+ buildInputs = [ oathToolkit ];
+
+ patchPhase = ''
+ sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash
+ '';
+
+ installPhase = ''
+ make PREFIX=$out install
+ '';
+
+ meta = with stdenv.lib; {
+ description = "A pass extension for managing one-time-password (OTP) tokens";
+ homepage = https://github.com/tadfisher/pass-otp;
+ license = licenses.gpl3;
+ maintainers = with maintainers; [ jwiegley tadfisher ];
+ platforms = platforms.unix;
+ };
+}
diff --git a/tv/5pkgs/compat/18.03/pass/default.nix b/tv/5pkgs/compat/18.03/pass/default.nix
new file mode 100644
index 0000000..c2fe0e1
--- /dev/null
+++ b/tv/5pkgs/compat/18.03/pass/default.nix
@@ -0,0 +1,121 @@
+{ stdenv, lib, fetchurl, fetchFromGitHub
+, coreutils, gnused, getopt, git, tree, gnupg, which, procps, qrencode
+, makeWrapper
+
+, pass-otp
+
+, xclip ? null, xdotool ? null, dmenu ? null
+, x11Support ? !stdenv.isDarwin
+, tombPluginSupport ? false, tomb
+}:
+
+with lib;
+
+assert x11Support -> xclip != null
+ && xdotool != null
+ && dmenu != null;
+
+let
+ plugins = map (p: (fetchFromGitHub {
+ owner = "roddhjav";
+ repo = "pass-${p.name}";
+ inherit (p) rev sha256;
+ }))
+ ([
+ { name = "import";
+ rev = "491935bd275f29ceac2b876b3a288011d1ce31e7";
+ sha256 = "02mbh05ab8h7kc30hz718d1d1vkjz43b96c7p0xnd92610d2q66q"; }
+ { name = "update";
+ rev = "cf576c9036fd18efb9ed29e0e9f811207b556fde";
+ sha256 = "1hhbrg6a2walrvla6q4cd3pgrqbcrf9brzjkb748735shxfn52hd"; }
+ ] ++ stdenv.lib.optional tombPluginSupport {
+ name = "tomb";
+ rev = "3368134898a42c1b758fabac625ec240e125c6be";
+ sha256 = "0qqmxfg4w3r088qhlkhs44036mya82vjflsjjhw2hk8y0wd2i6ds"; }
+ );
+
+in stdenv.mkDerivation rec {
+ version = "1.7.2";
+ name = "password-store-${version}";
+
+ src = fetchurl {
+ url = "http://git.zx2c4.com/password-store/snapshot/${name}.tar.xz";
+ sha256 = "1sl0d7nc85c6c2bmmmyb8rpmn47vhkj831l153mjlkawjvhwas27";
+ };
+
+ patches = [ ./set-correct-program-name-for-sleep.patch
+ ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch;
+
+ nativeBuildInputs = [ makeWrapper ];
+
+ installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ];
+
+ postInstall = ''
+ # plugins
+ ${stdenv.lib.concatStringsSep "\n" (map (plugin: ''
+ pushd ${plugin}
+ PREFIX=$out make install
+ popd
+ '') plugins)}
+
+ ln -s \
+ ${pass-otp}/lib/password-store/extensions/otp.bash \
+ $out/lib/password-store/extensions/
+
+ ln -s \
+ ${pass-otp}/share/man/man1/pass-otp.1.gz \
+ $out/share/man/man1/
+
+ # Install Emacs Mode. NOTE: We can't install the necessary
+ # dependencies (s.el and f.el) here. The user has to do this
+ # himself.
+ mkdir -p "$out/share/emacs/site-lisp"
+ cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/"
+ '' + optionalString x11Support ''
+ cp "contrib/dmenu/passmenu" "$out/bin/"
+ '';
+
+ wrapperPath = with stdenv.lib; makeBinPath ([
+ coreutils
+ getopt
+ git
+ gnupg
+ gnused
+ tree
+ which
+ qrencode
+ ] ++ optional tombPluginSupport tomb
+ ++ optional stdenv.isLinux procps
+ ++ ifEnable x11Support [ dmenu xclip xdotool ]);
+
+ postFixup = ''
+ # Fix program name in --help
+ substituteInPlace $out/bin/pass \
+ --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass"
+
+ # Ensure all dependencies are in PATH
+ wrapProgram $out/bin/pass \
+ --prefix PATH : "${wrapperPath}"
+ '' + stdenv.lib.optionalString x11Support ''
+ # We just wrap passmenu with the same PATH as pass. It doesn't
+ # need all the tools in there but it doesn't hurt either.
+ wrapProgram $out/bin/passmenu \
+ --prefix PATH : "$out/bin:${wrapperPath}"
+ '';
+
+ meta = with stdenv.lib; {
+ description = "Stores, retrieves, generates, and synchronizes passwords securely";
+ homepage = https://www.passwordstore.org/;
+ license = licenses.gpl2Plus;
+ maintainers = with maintainers; [ lovek323 the-kenny fpletz ];
+ platforms = platforms.unix;
+
+ longDescription = ''
+ pass is a very simple password store that keeps passwords inside gpg2
+ encrypted files inside a simple directory tree residing at
+ ~/.password-store. The pass utility provides a series of commands for
+ manipulating the password store, allowing the user to add, remove, edit,
+ synchronize, generate, and manipulate passwords.
+ '';
+ };
+}
diff --git a/tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch b/tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch
new file mode 100644
index 0000000..e8f7e13
--- /dev/null
+++ b/tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch
@@ -0,0 +1,9 @@
+diff -Naur password-store-1.6.5-orig/src/platform/darwin.sh password-store-1.6.5/src/platform/darwin.sh
+--- password-store-1.6.5-orig/src/platform/darwin.sh 2015-01-28 16:43:02.000000000 +0000
++++ password-store-1.6.5/src/platform/darwin.sh 2015-02-15 16:09:02.000000000 +0000
+@@ -31,5 +31,4 @@
+ mount -t hfs -o noatime -o nobrowse "$DARWIN_RAMDISK_DEV" "$SECURE_TMPDIR" || die "Error: could not mount filesystem on ramdisk."
+ }
+
+-GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt"
+ SHRED="srm -f -z"
diff --git a/tv/5pkgs/compat/18.03/pass/rofi-pass.nix b/tv/5pkgs/compat/18.03/pass/rofi-pass.nix
new file mode 100644
index 0000000..61f5197
--- /dev/null
+++ b/tv/5pkgs/compat/18.03/pass/rofi-pass.nix
@@ -0,0 +1,57 @@
+{ stdenv, fetchFromGitHub, pass, rofi, coreutils, utillinux, xdotool, gnugrep
+, libnotify, pwgen, findutils, gawk, gnused, xclip, makeWrapper
+}:
+
+stdenv.mkDerivation rec {
+ name = "rofi-pass-${version}";
+ version = "1.5.3";
+
+ src = fetchFromGitHub {
+ owner = "carnager";
+ repo = "rofi-pass";
+ rev = version;
+ sha256 = "1fn1j2rf3abc5qb44zfc8z8ffw6rva4xfp7597hwr1g3szacazpq";
+ };
+
+ buildInputs = [ makeWrapper ];
+
+ dontBuild = true;
+
+ installPhase = ''
+ mkdir -p $out/bin
+ cp -a rofi-pass $out/bin/rofi-pass
+
+ mkdir -p $out/share/doc/rofi-pass/
+ cp -a config.example $out/share/doc/rofi-pass/config.example
+ '';
+
+ wrapperPath = with stdenv.lib; makeBinPath [
+ coreutils
+ findutils
+ gawk
+ gnugrep
+ gnused
+ libnotify
+ pass
+ pwgen
+ rofi
+ utillinux
+ xclip
+ xdotool
+ ];
+
+ fixupPhase = ''
+ patchShebangs $out/bin
+
+ wrapProgram $out/bin/rofi-pass \
+ --prefix PATH : "${wrapperPath}"
+ '';
+
+ meta = {
+ description = "A script to make rofi work with password-store";
+ homepage = https://github.com/carnager/rofi-pass;
+ maintainers = with stdenv.lib.maintainers; [ the-kenny garbas ];
+ license = stdenv.lib.licenses.gpl3;
+ platforms = with stdenv.lib.platforms; linux;
+ };
+}
diff --git a/tv/5pkgs/compat/18.03/pass/set-correct-program-name-for-sleep.patch b/tv/5pkgs/compat/18.03/pass/set-correct-program-name-for-sleep.patch
new file mode 100644
index 0000000..782e06e
--- /dev/null
+++ b/tv/5pkgs/compat/18.03/pass/set-correct-program-name-for-sleep.patch
@@ -0,0 +1,69 @@
+From 25b44e00ed5df8ffe2782d38ad5cd9f514379599 Mon Sep 17 00:00:00 2001
+From: "Andrew R. M" <andrewmiller237@gmail.com>
+Date: Sat, 8 Apr 2017 13:50:01 -0400
+Subject: [PATCH] Patch the clip() function to work even when using
+ single-binary coreutils
+
+---
+ src/password-store.sh | 4 ++--
+ src/platform/cygwin.sh | 4 ++--
+ src/platform/darwin.sh | 4 ++--
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/password-store.sh b/src/password-store.sh
+index 6a4172d..4dbd6b8 100755
+--- a/src/password-store.sh
++++ b/src/password-store.sh
+@@ -155,11 +155,11 @@ clip() {
+ # variable. Specifically, it cannot store nulls nor (non-trivally) store
+ # trailing new lines.
+ local sleep_argv0="password store sleep on display $DISPLAY"
+- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
+ local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)"
+ echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard"
+ (
+- ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" )
++ ( exec -a "$sleep_argv0" bash <(echo trap 'kill %1' TERM\; sleep "$CLIP_TIME & wait") )
+ local now="$(xclip -o -selection "$X_SELECTION" | base64)"
+ [[ $now != $(echo -n "$1" | base64) ]] && before="$now"
+
+diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh
+index 6e5dd86..f3574c4 100644
+--- a/src/platform/cygwin.sh
++++ b/src/platform/cygwin.sh
+@@ -3,11 +3,11 @@
+
+ clip() {
+ local sleep_argv0="password store sleep on display $DISPLAY"
+- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
+ local before="$(base64 < /dev/clipboard)"
+ echo -n "$1" > /dev/clipboard
+ (
+- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" )
++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") )
+ local now="$(base64 < /dev/clipboard)"
+ [[ $now != $(echo -n "$1" | base64) ]] && before="$now"
+ echo "$before" | base64 -d > /dev/clipboard
+diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh
+index 86eb325..deb04c4 100644
+--- a/src/platform/darwin.sh
++++ b/src/platform/darwin.sh
+@@ -3,11 +3,11 @@
+
+ clip() {
+ local sleep_argv0="password store sleep for user $(id -u)"
+- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
+ local before="$(pbpaste | openssl base64)"
+ echo -n "$1" | pbcopy
+ (
+- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" )
++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") )
+ local now="$(pbpaste | openssl base64)"
+ [[ $now != $(echo -n "$1" | openssl base64) ]] && before="$now"
+ echo "$before" | openssl base64 -d | pbcopy
+--
+2.12.2
+
diff --git a/tv/5pkgs/compat/default.nix b/tv/5pkgs/compat/default.nix
new file mode 100644
index 0000000..0d1e61b
--- /dev/null
+++ b/tv/5pkgs/compat/default.nix
@@ -0,0 +1 @@
+self: super: {}
diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index 82474ad..c5c800b 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -33,4 +33,16 @@ foldl' mergeAttrs {}
'';
gnupg = self.gnupg22;
+
+ pass = {
+ "18.03" =
+ self.callPackage ./compat/18.03/pass {
+ pass-otp = self.callPackage ./compat/18.03/pass-otp {};
+ };
+ "18.09" =
+ super.pass.withExtensions (ext: [
+ ext.pass-otp
+ ]);
+ }.${versions.majorMinor nixpkgsVersion};
+
}
diff --git a/tv/5pkgs/simple/utsushi.nix b/tv/5pkgs/simple/utsushi.nix
index 518c34c..e61dd18 100644
--- a/tv/5pkgs/simple/utsushi.nix
+++ b/tv/5pkgs/simple/utsushi.nix
@@ -164,6 +164,7 @@ stdenv.mkDerivation rec {
;
NIX_CFLAGS_COMPILE = [
+ "-Wno-error=deprecated-declarations"
"-Wno-error=unused-variable"
];