diff options
| -rw-r--r-- | jeschli/1systems/bln/config.nix | 64 | ||||
| -rw-r--r-- | jeschli/1systems/bln/dcso-vpn.nix | 44 | ||||
| -rw-r--r-- | jeschli/1systems/bln/hardware-configuration.nix | 2 | ||||
| -rw-r--r-- | jeschli/2configs/xserver/Xresources.nix | 4 | ||||
| -rw-r--r-- | jeschli/2configs/xserver/default.nix | 3 | ||||
| -rw-r--r-- | jeschli/2configs/zsh.nix | 4 | ||||
| -rw-r--r-- | jeschli/5pkgs/simple/xmonad-jeschli/default.nix | 5 | ||||
| -rw-r--r-- | lib/types.nix | 8 | ||||
| -rw-r--r-- | nin/0tests/dummysecrets/hashedPasswords.nix (renamed from nin/6tests/dummysecrets/hashedPasswords.nix) | 0 | ||||
| -rw-r--r-- | nin/0tests/dummysecrets/ssh.id_ed25519 (renamed from nin/6tests/dummysecrets/ssh.id_ed25519) | 0 | ||||
| -rw-r--r-- | nin/1systems/axon/config.nix | 15 | ||||
| -rw-r--r-- | nin/2configs/vim.nix | 1 | ||||
| -rw-r--r-- | nin/source.nix | 2 | ||||
| -rw-r--r-- | tv/2configs/gitrepos.nix | 3 | ||||
| -rw-r--r-- | tv/2configs/urlwatch.nix | 2 | ||||
| -rw-r--r-- | tv/5pkgs/simple/otpmenu.nix | 15 | ||||
| -rw-r--r-- | tv/5pkgs/simple/xmonad-tv/default.nix | 1 | ||||
| -rw-r--r-- | tv/source.nix | 3 |
18 files changed, 141 insertions, 35 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index a8329c4..7d37134 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -1,16 +1,32 @@ { config, lib, pkgs, ... }: # bln config file { - imports = - [ <stockholm/jeschli> - <stockholm/jeschli/2configs/virtualbox.nix> - <stockholm/jeschli/2configs/urxvt.nix> - <stockholm/jeschli/2configs/emacs.nix> - ./hardware-configuration.nix - ]; - - boot.loader.systemd-boot.enable = true; + imports = [ + ./hardware-configuration.nix + <stockholm/jeschli> + <stockholm/jeschli/2configs/virtualbox.nix> + <stockholm/jeschli/2configs/urxvt.nix> + <stockholm/jeschli/2configs/emacs.nix> + <stockholm/jeschli/2configs/xdg.nix> + <stockholm/jeschli/2configs/xserver> + ]; + +# boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot"; + boot.loader.grub = { + devices = [ "nodev" ]; + efiSupport = true; + enable = true; + extraEntries = '' + menuentry "Debian" { + insmod ext2 + insmod chain + chainloader /EFI/debian/grubx64.efi + } + ''; + version = 2; + }; jeschliFontSize = 20; @@ -54,7 +70,6 @@ sqlite # internet thunderbird - hipchat chromium google-chrome # programming languages @@ -92,18 +107,17 @@ services.printing.drivers = [ pkgs.postscript-lexmark ]; # Enable the X11 windowing system. - services.xserver.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; - services.xserver.windowManager.xmonad.enable = true; - services.xserver.windowManager.xmonad.enableContribAndExtras = true; - services.xserver.displayManager.sddm.enable = true; - services.xserver.dpi = 100; - fonts.fontconfig.dpi = 100; +# services.xserver.windowManager.xmonad.enable = true; +# services.xserver.windowManager.xmonad.enableContribAndExtras = true; +# services.xserver.displayManager.sddm.enable = true; +# services.xserver.dpi = 100; +# fonts.fontconfig.dpi = 100; users.extraUsers.jeschli = { isNormalUser = true; - extraGroups = ["docker" "vboxusers"]; + extraGroups = ["docker" "vboxusers" "audio"]; uid = 1000; }; @@ -123,15 +137,17 @@ # DCSO Certificates security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; }) + + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; }) ]; + hardware.bluetooth.enable = true; krebs.build.host = config.krebs.hosts.bln; } diff --git a/jeschli/1systems/bln/dcso-vpn.nix b/jeschli/1systems/bln/dcso-vpn.nix new file mode 100644 index 0000000..0a5623b --- /dev/null +++ b/jeschli/1systems/bln/dcso-vpn.nix @@ -0,0 +1,44 @@ +with import <stockholm/lib>; +{ ... }: + +{ + + users.extraUsers = { + dcsovpn = rec { + name = "dcsovpn"; + uid = genid "dcsovpn"; + description = "user for running dcso openvpn"; + home = "/home/${name}"; + }; + }; + + users.extraGroups.dcsovpn.gid = genid "dcsovpn"; + + services.openvpn.servers = { + dcso = { + config = '' + client + dev tun + tun-mtu 1356 + mssfix + proto udp + float + remote 217.111.55.41 1194 + nobind + user dcsovpn + group dcsovpn + persist-key + persist-tun + ca ${toString <secrets/dcsovpn/ca.pem>} + cert ${toString <secrets/dcsovpn/cert.pem>} + key ${toString <secrets/dcsovpn/cert.key>} + verb 3 + mute 20 + auth-user-pass ${toString <secrets/dcsovpn/login.txt>} + route-method exe + route-delay 2 + ''; + updateResolvConf = true; + }; + }; +} diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix index b774bfc..35f0b3b 100644 --- a/jeschli/1systems/bln/hardware-configuration.nix +++ b/jeschli/1systems/bln/hardware-configuration.nix @@ -30,4 +30,6 @@ nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = "powersave"; + + hardware.pulseaudio.enable = true; } diff --git a/jeschli/2configs/xserver/Xresources.nix b/jeschli/2configs/xserver/Xresources.nix index e433a85..e815491 100644 --- a/jeschli/2configs/xserver/Xresources.nix +++ b/jeschli/2configs/xserver/Xresources.nix @@ -3,6 +3,10 @@ with import <stockholm/lib>; pkgs.writeText "Xresources" /* xdefaults */ '' + Xcursor.theme: aero-large-drop + Xcursor.size: 128 + Xft.dpi: 144 + URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}‘’" URxvt*eightBitInput: false URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 diff --git a/jeschli/2configs/xserver/default.nix b/jeschli/2configs/xserver/default.nix index df06000..748d122 100644 --- a/jeschli/2configs/xserver/default.nix +++ b/jeschli/2configs/xserver/default.nix @@ -43,7 +43,10 @@ in { enable = true; display = 11; tty = 11; + + dpi = 200; + videoDrivers = [ "nvidia" ]; synaptics = { enable = true; twoFingerScroll = true; diff --git a/jeschli/2configs/zsh.nix b/jeschli/2configs/zsh.nix index be5b661..0f6775e 100644 --- a/jeschli/2configs/zsh.nix +++ b/jeschli/2configs/zsh.nix @@ -53,8 +53,8 @@ eval $(dircolors -b ${pkgs.fetchFromGitHub { owner = "trapd00r"; repo = "LS_COLORS"; - rev = "master"; - sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp"; + rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0"; + sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4"; }}/LS_COLORS) #beautiful colors diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix index 48382dc..fa03fd4 100644 --- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix +++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix @@ -87,7 +87,8 @@ mainNoArgs = do -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent --, handleEventHook = handleTimerEvent , manageHook = placeHook (smart (1,0)) <+> floatNextHook - , startupHook = + , startupHook = do + setWMName "LG3D" whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) <+> setWMName "LG3D" , normalBorderColor = "#1c1c1c" @@ -221,7 +222,7 @@ myKeys conf = Map.fromList $ pagerConfig :: PagerConfig pagerConfig = def { pc_font = myFont - , pc_cellwidth = 64 + , pc_cellwidth = 256 --, pc_cellheight = 36 -- TODO automatically keep screen aspect --, pc_borderwidth = 1 --, pc_matchcolor = "#f0b000" diff --git a/lib/types.nix b/lib/types.nix index 1cf2d96..d663d25 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -50,6 +50,14 @@ rec { default = false; }; + monitoring = mkOption { + description = '' + Whether the host should be monitored by monitoring tools like Prometheus. + ''; + type = bool; + default = false; + }; + owner = mkOption { type = user; }; diff --git a/nin/6tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix index 0967ef4..0967ef4 100644 --- a/nin/6tests/dummysecrets/hashedPasswords.nix +++ b/nin/0tests/dummysecrets/hashedPasswords.nix diff --git a/nin/6tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519 index e69de29..e69de29 100644 --- a/nin/6tests/dummysecrets/ssh.id_ed25519 +++ b/nin/0tests/dummysecrets/ssh.id_ed25519 diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix index 483a4f8..5e81afd 100644 --- a/nin/1systems/axon/config.nix +++ b/nin/1systems/axon/config.nix @@ -59,7 +59,11 @@ with lib; # nin config time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; + services.xserver = { + enable = true; + + displayManager.lightdm.enable = true; + }; networking.networkmanager.enable = true; #networking.wireless.enable = true; @@ -76,12 +80,19 @@ with lib; #nixpkgs.config.steam.java = true; environment.systemPackages = with pkgs; [ + atom + chromium firefox git + htop + keepassx lmms networkmanagerapplet + openvpn python + ruby steam + taskwarrior thunderbird vim virtmanager @@ -109,7 +120,7 @@ with lib; Control + p ''; in { - enable = true; + enable = true; extraSessionCommands = '' ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} ''; diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix index 101a80c..7b5d376 100644 --- a/nin/2configs/vim.nix +++ b/nin/2configs/vim.nix @@ -349,6 +349,7 @@ let let b:current_syntax = "nix" set isk=@,48-57,_,192-255,-,' + set bg=dark ''; in out diff --git a/nin/source.nix b/nin/source.nix index 9fb2cb3..ae13c55 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -13,7 +13,7 @@ in evalSource (toString _file) { nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; secrets.file = getAttr builder { - buildbot = toString <stockholm/nin/6tests/dummysecrets>; + buildbot = toString <stockholm/nin/0tests/dummysecrets>; nin = "/home/nin/secrets/${name}"; }; stockholm.file = toString <stockholm>; diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index c3418e7..6e4830a 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -42,7 +42,7 @@ let { kirk = { cgit.desc = "IRC tools"; }; - kops = { + krops = { cgit.desc = "deployment tools"; }; load-env = {}; @@ -54,6 +54,7 @@ let { netcup = { cgit.desc = "netcup command line interface"; }; + nix-writers = {}; populate = { cgit.desc = "source code installer"; }; diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 897def8..aa71be7 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -34,7 +34,7 @@ with import <stockholm/lib>; ## other - https://nixos.org/channels/nixos-17.09/git-revision + https://nixos.org/channels/nixos-18.03/git-revision https://nixos.org/channels/nixos-unstable/git-revision ## 2014-10-17 diff --git a/tv/5pkgs/simple/otpmenu.nix b/tv/5pkgs/simple/otpmenu.nix new file mode 100644 index 0000000..b35e160 --- /dev/null +++ b/tv/5pkgs/simple/otpmenu.nix @@ -0,0 +1,15 @@ +{ dmenu, gnused, pass, writeDashBin, xdotool }: + +writeDashBin "otpmenu" '' + set -efu + + x=$( + ${pass}/bin/pass git ls-files '*/otp.gpg' \ + | ${gnused}/bin/sed 's:/otp\.gpg$::' \ + | ${dmenu}/bin/dmenu -f -p OTP + ) + + otp=$(${pass}/bin/pass otp code "$x/otp") + + printf %s "$otp" | ${xdotool}/bin/xdotool type -f - +'' diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index d474b7e..cb59e85 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -133,6 +133,7 @@ myKeys conf = Map.fromList $ [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) , ((_4S , xK_c ), kill) + , ((_4 , xK_o ), forkFile "${pkgs.otpmenu}/bin/otpmenu" [] Nothing) , ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing) , ((_4 , xK_x ), chooseAction spawnTermAt) diff --git a/tv/source.nix b/tv/source.nix index e5e5e04..14527d9 100644 --- a/tv/source.nix +++ b/tv/source.nix @@ -16,8 +16,7 @@ in { nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; nixpkgs.git = { - # nixos-17.09 - ref = mkDefault "53e6d671a9662922080635482b7e1c418d2cdc72"; + ref = mkDefault "7cbf6ca1c84dfc917c1a99524e082fb677501844"; url = https://github.com/NixOS/nixpkgs; }; secrets.file = getAttr builder { |