summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--jeschli/1systems/bln/config.nix64
-rw-r--r--jeschli/1systems/bln/dcso-vpn.nix44
-rw-r--r--jeschli/1systems/bln/hardware-configuration.nix2
-rw-r--r--jeschli/2configs/xserver/Xresources.nix4
-rw-r--r--jeschli/2configs/xserver/default.nix3
-rw-r--r--jeschli/2configs/zsh.nix4
-rw-r--r--jeschli/5pkgs/simple/xmonad-jeschli/default.nix5
-rw-r--r--lib/types.nix8
-rw-r--r--nin/0tests/dummysecrets/hashedPasswords.nix (renamed from nin/6tests/dummysecrets/hashedPasswords.nix)0
-rw-r--r--nin/0tests/dummysecrets/ssh.id_ed25519 (renamed from nin/6tests/dummysecrets/ssh.id_ed25519)0
-rw-r--r--nin/1systems/axon/config.nix15
-rw-r--r--nin/2configs/vim.nix1
-rw-r--r--nin/source.nix2
-rw-r--r--tv/2configs/gitrepos.nix3
-rw-r--r--tv/2configs/urlwatch.nix2
-rw-r--r--tv/5pkgs/simple/otpmenu.nix15
-rw-r--r--tv/5pkgs/simple/xmonad-tv/default.nix1
-rw-r--r--tv/source.nix3
18 files changed, 141 insertions, 35 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index a8329c4..7d37134 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -1,16 +1,32 @@
{ config, lib, pkgs, ... }:
# bln config file
{
- imports =
- [ <stockholm/jeschli>
- <stockholm/jeschli/2configs/virtualbox.nix>
- <stockholm/jeschli/2configs/urxvt.nix>
- <stockholm/jeschli/2configs/emacs.nix>
- ./hardware-configuration.nix
- ];
-
- boot.loader.systemd-boot.enable = true;
+ imports = [
+ ./hardware-configuration.nix
+ <stockholm/jeschli>
+ <stockholm/jeschli/2configs/virtualbox.nix>
+ <stockholm/jeschli/2configs/urxvt.nix>
+ <stockholm/jeschli/2configs/emacs.nix>
+ <stockholm/jeschli/2configs/xdg.nix>
+ <stockholm/jeschli/2configs/xserver>
+ ];
+
+# boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
+ boot.loader.efi.efiSysMountPoint = "/boot";
+ boot.loader.grub = {
+ devices = [ "nodev" ];
+ efiSupport = true;
+ enable = true;
+ extraEntries = ''
+ menuentry "Debian" {
+ insmod ext2
+ insmod chain
+ chainloader /EFI/debian/grubx64.efi
+ }
+ '';
+ version = 2;
+ };
jeschliFontSize = 20;
@@ -54,7 +70,6 @@
sqlite
# internet
thunderbird
- hipchat
chromium
google-chrome
# programming languages
@@ -92,18 +107,17 @@
services.printing.drivers = [ pkgs.postscript-lexmark ];
# Enable the X11 windowing system.
- services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
- services.xserver.windowManager.xmonad.enable = true;
- services.xserver.windowManager.xmonad.enableContribAndExtras = true;
- services.xserver.displayManager.sddm.enable = true;
- services.xserver.dpi = 100;
- fonts.fontconfig.dpi = 100;
+# services.xserver.windowManager.xmonad.enable = true;
+# services.xserver.windowManager.xmonad.enableContribAndExtras = true;
+# services.xserver.displayManager.sddm.enable = true;
+# services.xserver.dpi = 100;
+# fonts.fontconfig.dpi = 100;
users.extraUsers.jeschli = {
isNormalUser = true;
- extraGroups = ["docker" "vboxusers"];
+ extraGroups = ["docker" "vboxusers" "audio"];
uid = 1000;
};
@@ -123,15 +137,17 @@
# DCSO Certificates
security.pki.certificateFiles = [
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
+
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
];
+
hardware.bluetooth.enable = true;
krebs.build.host = config.krebs.hosts.bln;
}
diff --git a/jeschli/1systems/bln/dcso-vpn.nix b/jeschli/1systems/bln/dcso-vpn.nix
new file mode 100644
index 0000000..0a5623b
--- /dev/null
+++ b/jeschli/1systems/bln/dcso-vpn.nix
@@ -0,0 +1,44 @@
+with import <stockholm/lib>;
+{ ... }:
+
+{
+
+ users.extraUsers = {
+ dcsovpn = rec {
+ name = "dcsovpn";
+ uid = genid "dcsovpn";
+ description = "user for running dcso openvpn";
+ home = "/home/${name}";
+ };
+ };
+
+ users.extraGroups.dcsovpn.gid = genid "dcsovpn";
+
+ services.openvpn.servers = {
+ dcso = {
+ config = ''
+ client
+ dev tun
+ tun-mtu 1356
+ mssfix
+ proto udp
+ float
+ remote 217.111.55.41 1194
+ nobind
+ user dcsovpn
+ group dcsovpn
+ persist-key
+ persist-tun
+ ca ${toString <secrets/dcsovpn/ca.pem>}
+ cert ${toString <secrets/dcsovpn/cert.pem>}
+ key ${toString <secrets/dcsovpn/cert.key>}
+ verb 3
+ mute 20
+ auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
+ route-method exe
+ route-delay 2
+ '';
+ updateResolvConf = true;
+ };
+ };
+}
diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix
index b774bfc..35f0b3b 100644
--- a/jeschli/1systems/bln/hardware-configuration.nix
+++ b/jeschli/1systems/bln/hardware-configuration.nix
@@ -30,4 +30,6 @@
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = "powersave";
+
+ hardware.pulseaudio.enable = true;
}
diff --git a/jeschli/2configs/xserver/Xresources.nix b/jeschli/2configs/xserver/Xresources.nix
index e433a85..e815491 100644
--- a/jeschli/2configs/xserver/Xresources.nix
+++ b/jeschli/2configs/xserver/Xresources.nix
@@ -3,6 +3,10 @@
with import <stockholm/lib>;
pkgs.writeText "Xresources" /* xdefaults */ ''
+ Xcursor.theme: aero-large-drop
+ Xcursor.size: 128
+ Xft.dpi: 144
+
URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}‘’"
URxvt*eightBitInput: false
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
diff --git a/jeschli/2configs/xserver/default.nix b/jeschli/2configs/xserver/default.nix
index df06000..748d122 100644
--- a/jeschli/2configs/xserver/default.nix
+++ b/jeschli/2configs/xserver/default.nix
@@ -43,7 +43,10 @@ in {
enable = true;
display = 11;
tty = 11;
+
+ dpi = 200;
+ videoDrivers = [ "nvidia" ];
synaptics = {
enable = true;
twoFingerScroll = true;
diff --git a/jeschli/2configs/zsh.nix b/jeschli/2configs/zsh.nix
index be5b661..0f6775e 100644
--- a/jeschli/2configs/zsh.nix
+++ b/jeschli/2configs/zsh.nix
@@ -53,8 +53,8 @@
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
- rev = "master";
- sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
+ rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
+ sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
}}/LS_COLORS)
#beautiful colors
diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
index 48382dc..fa03fd4 100644
--- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
+++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
@@ -87,7 +87,8 @@ mainNoArgs = do
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
--, handleEventHook = handleTimerEvent
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
- , startupHook =
+ , startupHook = do
+ setWMName "LG3D"
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
(\path -> forkFile path [] Nothing) <+> setWMName "LG3D"
, normalBorderColor = "#1c1c1c"
@@ -221,7 +222,7 @@ myKeys conf = Map.fromList $
pagerConfig :: PagerConfig
pagerConfig = def
{ pc_font = myFont
- , pc_cellwidth = 64
+ , pc_cellwidth = 256
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
--, pc_borderwidth = 1
--, pc_matchcolor = "#f0b000"
diff --git a/lib/types.nix b/lib/types.nix
index 1cf2d96..d663d25 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -50,6 +50,14 @@ rec {
default = false;
};
+ monitoring = mkOption {
+ description = ''
+ Whether the host should be monitored by monitoring tools like Prometheus.
+ '';
+ type = bool;
+ default = false;
+ };
+
owner = mkOption {
type = user;
};
diff --git a/nin/6tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix
index 0967ef4..0967ef4 100644
--- a/nin/6tests/dummysecrets/hashedPasswords.nix
+++ b/nin/0tests/dummysecrets/hashedPasswords.nix
diff --git a/nin/6tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519
index e69de29..e69de29 100644
--- a/nin/6tests/dummysecrets/ssh.id_ed25519
+++ b/nin/0tests/dummysecrets/ssh.id_ed25519
diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix
index 483a4f8..5e81afd 100644
--- a/nin/1systems/axon/config.nix
+++ b/nin/1systems/axon/config.nix
@@ -59,7 +59,11 @@ with lib;
# nin config
time.timeZone = "Europe/Berlin";
- services.xserver.enable = true;
+ services.xserver = {
+ enable = true;
+
+ displayManager.lightdm.enable = true;
+ };
networking.networkmanager.enable = true;
#networking.wireless.enable = true;
@@ -76,12 +80,19 @@ with lib;
#nixpkgs.config.steam.java = true;
environment.systemPackages = with pkgs; [
+ atom
+ chromium
firefox
git
+ htop
+ keepassx
lmms
networkmanagerapplet
+ openvpn
python
+ ruby
steam
+ taskwarrior
thunderbird
vim
virtmanager
@@ -109,7 +120,7 @@ with lib;
Control + p
'';
in {
- enable = true;
+ enable = true;
extraSessionCommands = ''
${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
'';
diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix
index 101a80c..7b5d376 100644
--- a/nin/2configs/vim.nix
+++ b/nin/2configs/vim.nix
@@ -349,6 +349,7 @@ let
let b:current_syntax = "nix"
set isk=@,48-57,_,192-255,-,'
+ set bg=dark
'';
in
out
diff --git a/nin/source.nix b/nin/source.nix
index 9fb2cb3..ae13c55 100644
--- a/nin/source.nix
+++ b/nin/source.nix
@@ -13,7 +13,7 @@ in
evalSource (toString _file) {
nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
secrets.file = getAttr builder {
- buildbot = toString <stockholm/nin/6tests/dummysecrets>;
+ buildbot = toString <stockholm/nin/0tests/dummysecrets>;
nin = "/home/nin/secrets/${name}";
};
stockholm.file = toString <stockholm>;
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index c3418e7..6e4830a 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -42,7 +42,7 @@ let {
kirk = {
cgit.desc = "IRC tools";
};
- kops = {
+ krops = {
cgit.desc = "deployment tools";
};
load-env = {};
@@ -54,6 +54,7 @@ let {
netcup = {
cgit.desc = "netcup command line interface";
};
+ nix-writers = {};
populate = {
cgit.desc = "source code installer";
};
diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index 897def8..aa71be7 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -34,7 +34,7 @@ with import <stockholm/lib>;
## other
- https://nixos.org/channels/nixos-17.09/git-revision
+ https://nixos.org/channels/nixos-18.03/git-revision
https://nixos.org/channels/nixos-unstable/git-revision
## 2014-10-17
diff --git a/tv/5pkgs/simple/otpmenu.nix b/tv/5pkgs/simple/otpmenu.nix
new file mode 100644
index 0000000..b35e160
--- /dev/null
+++ b/tv/5pkgs/simple/otpmenu.nix
@@ -0,0 +1,15 @@
+{ dmenu, gnused, pass, writeDashBin, xdotool }:
+
+writeDashBin "otpmenu" ''
+ set -efu
+
+ x=$(
+ ${pass}/bin/pass git ls-files '*/otp.gpg' \
+ | ${gnused}/bin/sed 's:/otp\.gpg$::' \
+ | ${dmenu}/bin/dmenu -f -p OTP
+ )
+
+ otp=$(${pass}/bin/pass otp code "$x/otp")
+
+ printf %s "$otp" | ${xdotool}/bin/xdotool type -f -
+''
diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix
index d474b7e..cb59e85 100644
--- a/tv/5pkgs/simple/xmonad-tv/default.nix
+++ b/tv/5pkgs/simple/xmonad-tv/default.nix
@@ -133,6 +133,7 @@ myKeys conf = Map.fromList $
[ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing)
, ((_4S , xK_c ), kill)
+ , ((_4 , xK_o ), forkFile "${pkgs.otpmenu}/bin/otpmenu" [] Nothing)
, ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing)
, ((_4 , xK_x ), chooseAction spawnTermAt)
diff --git a/tv/source.nix b/tv/source.nix
index e5e5e04..14527d9 100644
--- a/tv/source.nix
+++ b/tv/source.nix
@@ -16,8 +16,7 @@ in
{
nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix";
nixpkgs.git = {
- # nixos-17.09
- ref = mkDefault "53e6d671a9662922080635482b7e1c418d2cdc72";
+ ref = mkDefault "7cbf6ca1c84dfc917c1a99524e082fb677501844";
url = https://github.com/NixOS/nixpkgs;
};
secrets.file = getAttr builder {