From 0ab6466d7664466e8afd4a68d31ade84b207f6db Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 25 Sep 2018 19:02:09 +0200 Subject: tv gitrepos: add fswm --- tv/2configs/gitrepos.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 74fb521..8e4beca 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -39,6 +39,9 @@ let { disko = { cgit.desc = "declarative partitioning and formatting tool"; }; + fswm = { + cgit.desc = "simple full screen window manager"; + }; get = {}; hstool = { cgit.desc = "Haskell Development Environment ^_^"; -- cgit v1.3.1 From 049ce1452bb893a3902fadb7ffb1107c8a5c5cc0 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 28 Sep 2018 15:16:11 +0200 Subject: tv gitrepos nix-writers: add cgit desc --- tv/2configs/gitrepos.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 8e4beca..00873bd 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -64,7 +64,9 @@ let { netcup = { cgit.desc = "netcup command line interface"; }; - nix-writers = {}; + nix-writers = { + cgit.desc = "collection of package builders"; + }; populate = { cgit.desc = "source code installer"; }; -- cgit v1.3.1 From 434f5b44276f46cc3672606d7471ee799ce2f3f2 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 28 Sep 2018 15:18:43 +0200 Subject: tv gitrepos: move unused stuff to museums --- tv/2configs/gitrepos.nix | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 00873bd..e7104be 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -30,9 +30,6 @@ let { public-repos = mapAttrs make-public-repo ({ } // mapAttrs (_: recursiveUpdate { cgit.section = "1. miscellaneous"; }) { - cac-api = { - cgit.desc = "CloudAtCost API command line interface"; - }; dic = { cgit.desc = "dict.leo.org command line interface"; }; @@ -42,24 +39,12 @@ let { fswm = { cgit.desc = "simple full screen window manager"; }; - get = {}; - hstool = { - cgit.desc = "Haskell Development Environment ^_^"; - }; htgen = { cgit.desc = "toy HTTP server"; }; - kirk = { - cgit.desc = "IRC tools"; - }; krops = { cgit.desc = "deployment tools"; }; - load-env = {}; - loldns = { - cgit.desc = "toy DNS server"; - }; - make-snapshot = {}; much = {}; netcup = { cgit.desc = "netcup command line interface"; @@ -72,9 +57,6 @@ let { }; q = {}; regfish = {}; - soundcloud = { - cgit.desc = "SoundCloud command line interface"; - }; stockholm = { cgit.desc = "NixOS configuration"; }; @@ -91,15 +73,32 @@ let { xintmap = {}; xmonad-stockholm = {}; } // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) { + cac-api = { + cgit.desc = "CloudAtCost API command line interface"; + }; cgserver = {}; crude-mail-setup = {}; dot-xmonad = {}; hirc = {}; + hstool = { + cgit.desc = "Haskell Development Environment ^_^"; + }; + kirk = { + cgit.desc = "IRC tools"; + }; make-snapshot = {}; nixos-infest = {}; painload = {}; push = {}; with-tmpdir = {}; + get = {}; + load-env = {}; + loldns = { + cgit.desc = "toy DNS server"; + }; + soundcloud = { + cgit.desc = "SoundCloud command line interface"; + }; }); restricted-repos = mapAttrs make-restricted-repo ( -- cgit v1.3.1 From cb2f57c2556a01a42f9409e65f536a4f9a0c4b85 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 28 Sep 2018 16:20:48 +0200 Subject: tv gitrepos cgit: use README.md for about pages --- tv/2configs/gitrepos.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index e7104be..a8cbe0f 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -9,8 +9,19 @@ let { enable = true; cgit = { settings = { - root-title = "repositories at ${config.krebs.build.host.name}"; + about-filter = pkgs.exec "krebs.cgit.about-filter" rec { + filename = "${pkgs.pythonPackages.markdown2}/bin/markdown2"; + argv = [ + filename + "--extras=fenced-code-blocks" + ]; + envp = {}; + }; + readme = [ + ":README.md" + ]; root-desc = "mostly krebs"; + root-title = "repositories at ${config.krebs.build.host.name}"; }; }; repos = repos; -- cgit v1.3.1 From 6f6c8fc66e48824243c7048b2e0cc2af994318ce Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 29 Sep 2018 10:26:36 +0200 Subject: tv urlwatch: filter all api.github.com results --- tv/2configs/urlwatch.nix | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index aa71be7..77947da 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -1,6 +1,10 @@ -{ config, pkgs, ... }: with import ; -{ +{ config, pkgs, ... }: let + json = url: { + inherit url; + filter = "system:${pkgs.jq}/bin/jq ."; + }; +in { krebs.urlwatch = { enable = true; mailto = config.krebs.users.tv.mail; @@ -13,18 +17,9 @@ with import ; http://www.exim.org/ - # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix - { - url = https://api.github.com/repos/simple-evcorr/sec/tags; - filter = "system:${pkgs.jq}/bin/jq ."; - } - # ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix https://thp.io/2008/urlwatch/ - # 2014-12-20 ref src/nixpkgs/pkgs/tools/networking/tlsdate/default.nix - https://api.github.com/repos/ioerror/tlsdate/tags - # 2015-02-18 # ref ~/src/nixpkgs/pkgs/tools/text/qprint/default.nix http://www.fourmilab.ch/webtools/qprint/ @@ -50,7 +45,13 @@ with import ; #http://hackage.haskell.org/package/web-page # ref , services.openssh.knownHosts.github* - https://api.github.com/meta + (json https://api.github.com/meta) + + # 2014-12-20 ref src/nixpkgs/pkgs/tools/networking/tlsdate/default.nix + (json https://api.github.com/repos/ioerror/tlsdate/tags) + + # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix + (json https://api.github.com/repos/simple-evcorr/sec/tags) # # is derived from `configFile` in: -- cgit v1.3.1 From 21e7a49885dce34155395a77babc9d090b42acc4 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 3 Oct 2018 10:14:20 +0200 Subject: tv mu: use br --- tv/1systems/mu/config.nix | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index f513665..c26d4ab 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -3,6 +3,7 @@ with import ; imports = [ + ]; @@ -90,20 +91,6 @@ with import ; pkgs.xlibs.fontschumachermisc ]; - # Enable CUPS to print documents. - services.printing = { - enable = true; - #drivers = [ - # #pkgs.foomatic_filters - # #pkgs.gutenprint - # #pkgs.cups_pdf_filter - # #pkgs.ghostscript - #]; - #cupsdConf = '' - # LogLevel debug2 - #''; - }; - services.xserver.enable = true; services.xserver.layout = "de"; services.xserver.xkbOptions = "eurosign:e"; -- cgit v1.3.1 From a8e75ec0e75eb0c3a4542582dc8aa47a961a0494 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 3 Oct 2018 22:23:31 +0200 Subject: tv bash: use XMONAD_SPAWN_WORKSPACE when SHLVL=1 --- tv/2configs/bash/default.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix index 546b2e7..b75ad8b 100644 --- a/tv/2configs/bash/default.nix +++ b/tv/2configs/bash/default.nix @@ -33,11 +33,13 @@ with import ; PS1="ssh-agent[$SSH_AGENT_PID] $PS1" fi - case ''${XMONAD_SPAWN_WORKSPACE-} in - stockholm) - cd ~/stockholm - ;; - esac + if test ''${SHLVL-1} = 1; then + case ''${XMONAD_SPAWN_WORKSPACE-} in + stockholm) + cd ~/stockholm + ;; + esac + fi ''; }; } -- cgit v1.3.1 From dbfc1de755192d28f3a1b0c3bca88eda768959fa Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 5 Oct 2018 13:59:01 +0200 Subject: tv pkgs: init utsushi at 3.48.0 --- tv/5pkgs/simple/utsushi.nix | 206 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 206 insertions(+) create mode 100644 tv/5pkgs/simple/utsushi.nix diff --git a/tv/5pkgs/simple/utsushi.nix b/tv/5pkgs/simple/utsushi.nix new file mode 100644 index 0000000..518c34c --- /dev/null +++ b/tv/5pkgs/simple/utsushi.nix @@ -0,0 +1,206 @@ +{ boost, fetchurl, file, imagemagick, libudev, libusb, pkgconfig, stdenv +, coreutils, dash, patchelf, writeScriptBin # for add-rpath + +, guiSupport ? false, gtkmm2 ? null +, jpegSupport ? true +, networkSupport ? false, dpkg ? null +, ocrSupport ? false, tesseract ? null +, saneSupport ? true, saneBackends ? null +, tiffSupport ? true, libtiff ? null + +# Logging defaults copied from Utsushi source (lib/log.cpp) +, logCategory ? "NOTHING" +, logLevel ? "FATAL" +}: + +# Logging possibilities copied from Utsushi source (utsushi/log.hpp) +assert builtins.elem logCategory [ + "NOTHING" + "SANE_BACKEND" + "ALL" +]; +assert builtins.elem logLevel [ + "FATAL" # famous last words + "ALERT" # outside intervention required + "ERROR" # something went wrong + "BRIEF" # short informational notes + "TRACE" # more chattery feedback + "DEBUG" # the gory details + "QUARK" # stack tracing feedback +]; + +let + + # usage: add-rpath LIBPATH [SOFILE...] + # Adds LIBPATH to each SOFILE's RPATH + add-rpath = writeScriptBin "add-rpath" '' + #! ${dash}/bin/dash + set -efu + path=$1; shift + for file; do + file=$(${coreutils}/bin/readlink -f "$file") + old_rpath=$(${patchelf}/bin/patchelf --print-rpath "$file") + new_rpath=''${old_rpath+$old_rpath:}$path + ${patchelf}/bin/patchelf --set-rpath "$new_rpath" "$file" + done + ''; + + imagescan-plugin-networkscan = stdenv.mkDerivation rec { + name = "imagescan-plugin-networkscan-${meta.version}"; + + src = + if stdenv.system == "i686-linux" then + fetchurl { + url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x86.deb.tar.gz"; + sha256 = "16xv1pdfm2ryis815fawb7zqg6c4swww726g272ssx044r5dp80r"; + } + else if stdenv.system == "x86_64-linux" then + fetchurl { + url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x64.deb.tar.gz"; + sha256 = "0zik35h2jwrvkwcmq55wc72imidwdnmn1bayhypzhjcz61rasjg2"; + } + else throw "${name} is not supported on ${stdenv.system} (only i686-linux and x86_64 linux are supported)"; + + dontBuild = true; + + installPhase = '' + # Wildcard * stand for either i386 or amd64 + ${dpkg}/bin/dpkg -x \ + plugins/imagescan-plugin-networkscan_${meta.version}-1epson4debian9_*.deb \ + tmp + + mv tmp/usr $out + ''; + + preFixup = '' + patchelf --set-interpreter \ + ${stdenv.glibc}/lib/ld-linux${stdenv.lib.optionalString stdenv.is64bit "-x86-64"}.so.2 \ + $out/lib/utsushi/networkscan + + # libstdc++.so.6 + patchelf --set-rpath ${stdenv.cc.cc.lib}/lib \ + $out/lib/utsushi/networkscan + ''; + + meta = { + description = "Epson Image Scan v3 networkscan plugin"; + longDescription = '' + This package provides the unfree networkscan plugin from the Epson + Image Scan v3 scanner driver bundle, which can be used by Utsushi. + ''; + homepage = "http://support.epson.net/linux/en/imagescanv3.php?version=${meta.version}"; + license = stdenv.lib.licenses.eapl; + maintainers = [ stdenv.lib.maintainers.tv ]; + platforms = stdenv.lib.platforms.linux; + version = "1.1.0"; + }; + }; + +in + +stdenv.mkDerivation rec { + name = "utsushi-${meta.version}"; + + src = fetchurl { + url = "http://support.epson.net/linux/src/scanner/imagescanv3/debian/imagescan_${meta.version}.orig.tar.gz"; + sha256 = "12mzq3wc8gzdma84pjs5gb0gp8mga13wax5g7vjfrzq8pjyqrnmw"; + }; + + preConfigure = '' + substituteInPlace configure \ + --replace /usr/bin/file ${file}/bin/file + + substituteInPlace lib/log.cpp \ + --replace FATAL ${logLevel} \ + --replace NOTHING ${logCategory} + ''; + + postInstall = '' + # Allow configuration to be done via /etc/utsushi.conf + ln -s /etc/utsushi.conf $out/etc/utsushi/utsushi.conf + + ${stdenv.lib.optionalString saneSupport '' + # Make this package compatible with hardware.sane.extraBackends + mkdir $out/etc/sane.d + echo utsushi > $out/etc/sane.d/dll.conf + mkdir $out/lib/sane + ln -s $out/lib/utsushi/sane/libsane-utsushi.* $out/lib/sane + ''} + + ${stdenv.lib.optionalString networkSupport '' + ln -s ${imagescan-plugin-networkscan}/lib/utsushi/networkscan \ + $out/libexec/utsushi/ + ''} + ''; + + # Fixup libraries which otherwise would end up broken like this: + # + # $ ldd .../blah.so | grep libboost_system + # libboost_system.so.X.Y.Z => not found + # libboost_system.so.X.Y.Z => /nix/store/.../libboost_system.so.X.Y.Z (...) + # + preFixup = '' + add-rpath ${boost}/lib $out/lib/utsushi/libdrv-esci.so + ${stdenv.lib.optionalString saneSupport '' + add-rpath ${boost}/lib $out/lib/utsushi/sane/libsane-utsushi.so + ''} + ''; + + nativeBuildInputs = [ + add-rpath + pkgconfig + ]; + + buildInputs = [ + boost + imagemagick + libudev + libusb + ] + ++ stdenv.lib.optional guiSupport gtkmm2 + ++ stdenv.lib.optional ocrSupport tesseract + ++ stdenv.lib.optional saneSupport saneBackends + ++ stdenv.lib.optional tiffSupport libtiff + ; + + NIX_CFLAGS_COMPILE = [ + "-Wno-error=unused-variable" + ]; + + configureFlags = [ + "--with-boost=${boost}" + "--with-magick" + "--with-magick-pp" + ] + ++ stdenv.lib.optionals guiSupport [ + "--with-gtkmm" + ] + ++ stdenv.lib.optionals jpegSupport [ + "--with-jpeg" + ] + ++ stdenv.lib.optionals saneSupport [ + "--with-sane" + ] + ++ stdenv.lib.optionals tiffSupport [ + "--with-tiff" + ] + ; + + meta = { + description = "Utsushi - Next Generation Image Acquisition"; + longDescription = '' + This software provides applications to easily turn hard-copy + documents and imagery into formats that are more amenable to + computer processing. + + Included are a native driver for a number of EPSON scanners + and a compatibility driver to interface with software built + around the SANE standard. + ''; + homepage = http://download.ebz.epson.net/dsc/search/01/search/?OSC=LX; + license = stdenv.lib.licenses.gpl3; + maintainers = [ stdenv.lib.maintainers.tv ]; + platforms = stdenv.lib.platforms.linux; + version = "3.48.0"; + }; +} -- cgit v1.3.1 From c2763f088abc49062c1b892c8c8d8a667051c1ce Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 5 Oct 2018 22:13:26 +0200 Subject: tv xp-332: init --- tv/2configs/xp-332.nix | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 tv/2configs/xp-332.nix diff --git a/tv/2configs/xp-332.nix b/tv/2configs/xp-332.nix new file mode 100644 index 0000000..627401d --- /dev/null +++ b/tv/2configs/xp-332.nix @@ -0,0 +1,45 @@ +with import ; +{ config, pkgs, ... }: { + + environment.etc."utsushi.conf".text = '' + [devices] + dev1.udi = esci:networkscan://EPSON79678C.fritz.box:1865 + dev1.model = XP-332 + dev1.vendor = EPSON + ''; + + hardware.sane = { + enable = true; + extraBackends = [ + pkgs.utsushi + ]; + }; + + krebs.nixpkgs.allowUnfreePredicate = pkg: + elem (parseDrvName pkg.name).name [ "imagescan-plugin-networkscan" ]; + + nixpkgs.overlays = singleton (self: super: { + utsushi = super.utsushi.override { + guiSupport = false; + jpegSupport = false; + networkSupport = true; + ocrSupport = false; + saneSupport = true; + tiffSupport = true; + + logCategory = "ALL"; + logLevel = "BRIEF"; + }; + }); + + services = { + printing = { + drivers = [ + pkgs.epson-escpr + ]; + enable = true; + }; + saned.enable = true; + }; + +} -- cgit v1.3.1 From b11df47d92bebd5236b6218b6e6e9599f98e5ce5 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 5 Oct 2018 22:14:36 +0200 Subject: tv querel: import xp-332 --- tv/1systems/querel/config.nix | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix index 5f981c6..01d67b5 100644 --- a/tv/1systems/querel/config.nix +++ b/tv/1systems/querel/config.nix @@ -2,10 +2,9 @@ with import ; { config, pkgs, ... }: { imports = [ - - - + + ]; krebs.build.host = config.krebs.hosts.querel; @@ -37,6 +36,7 @@ with import ; sxiv texlive.combined.scheme-full vim + xsane zathura ]; @@ -67,10 +67,6 @@ with import ; programs.ssh.startAgent = false; - services.printing = { - enable = true; - }; - services.xserver.enable = true; services.xserver.layout = "de"; services.xserver.xkbOptions = "eurosign:e"; -- cgit v1.3.1 From da33d471371a1a139a3d73808d612323f31975a7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 19:32:25 +0200 Subject: force xserver values --- jeschli/1systems/brauerei/config.nix | 4 ++-- tv/2configs/xserver/default.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 0c01b79..4ba888e 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -121,8 +121,8 @@ desktopManager.session = lib.mkForce []; enable = true; - display = 11; - tty = 11; + display = lib.mkForce 11; + tty = lib.mkForce 11; dpi = 144; diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 6ef8a87..e33b431 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -42,8 +42,8 @@ in { desktopManager.session = mkForce []; enable = true; - display = 11; - tty = 11; + display = mkForce 11; + tty = mkForce 11; synaptics = { enable = true; -- cgit v1.3.1 From 273475e0e96ac0e5bfd33ce74afbed509463d9af Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Oct 2018 09:54:55 +0200 Subject: tv xserver: cleanup services --- tv/2configs/xserver/default.nix | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 6ef8a87..96c59c6 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -55,7 +55,7 @@ in { systemd.services.display-manager.enable = false; systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; + wantedBy = [ "graphical.target" ]; requires = [ "xserver.service" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; @@ -101,21 +101,20 @@ in { systemd.services.xserver = { after = [ - "systemd-udev-settle.service" - "local-fs.target" "acpid.service" + "local-fs.target" + "systemd-udev-settle.service" + ]; + wants = [ + "systemd-udev-settle.service" ]; - reloadIfChanged = true; + restartIfChanged = false; environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + LD_LIBRARY_PATH = concatStringsSep ":" ([ "/run/opengl-driver/lib" ] ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); }; serviceConfig = { SyslogIdentifier = "xserver"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; ExecStart = toString [ "${pkgs.xorg.xorgserver}/bin/X" ":${toString config.services.xserver.display}" @@ -123,17 +122,16 @@ in { "-config ${import ./xserver.conf.nix args}" "-logfile /dev/null -logverbose 0 -verbose 3" "-nolisten tcp" - "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" + "-xkbdir ${config.services.xserver.xkbDir}" ]; }; }; systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; + wantedBy = [ "graphical.target" ]; + restartIfChanged = false; serviceConfig = { SyslogIdentifier = "urxvtd"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; Restart = "always"; RestartSec = "2s"; -- cgit v1.3.1 From 837cd18f4d8d81dcfb3a2c4d8433cec6dd33d04a Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Oct 2018 10:17:21 +0200 Subject: tv xu: import xp-332 --- tv/1systems/xu/config.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 14926fe..24179cc 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -18,6 +18,7 @@ with import ; + { environment.systemPackages = with pkgs; [ @@ -147,8 +148,6 @@ with import ; gptfdisk ]; - services.printing.enable = true; - #services.bitlbee.enable = true; #services.tor.client.enable = true; #services.tor.enable = true; -- cgit v1.3.1 From 526794c4e37bd5a1c528ab1e9ad434e73400a421 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Oct 2018 10:18:07 +0200 Subject: tv backups: nomic-pull-querel-home @22:00 --- tv/2configs/backup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index 14d3815..f8de72d 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -26,7 +26,7 @@ with import ; method = "pull"; src = { host = config.krebs.hosts.querel; path = "/home"; }; dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; }; - startAt = "00:00"; + startAt = "22:00"; }; wu-home-xu = { method = "push"; -- cgit v1.3.1 From 94c1cf62732f26944b5bb613c4880011f68420a3 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Oct 2018 23:48:20 +0200 Subject: tv: add 18.09 compatibility --- tv/1systems/xu/config.nix | 1 - tv/2configs/xserver/default.nix | 3 + tv/3modules/charybdis/default.nix | 2 +- tv/5pkgs/compat/18.03/pass-otp/default.nix | 30 +++++ tv/5pkgs/compat/18.03/pass/default.nix | 121 +++++++++++++++++++++ tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch | 9 ++ tv/5pkgs/compat/18.03/pass/rofi-pass.nix | 57 ++++++++++ .../pass/set-correct-program-name-for-sleep.patch | 69 ++++++++++++ tv/5pkgs/compat/default.nix | 1 + tv/5pkgs/default.nix | 12 ++ tv/5pkgs/simple/utsushi.nix | 1 + 11 files changed, 304 insertions(+), 2 deletions(-) create mode 100644 tv/5pkgs/compat/18.03/pass-otp/default.nix create mode 100644 tv/5pkgs/compat/18.03/pass/default.nix create mode 100644 tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch create mode 100644 tv/5pkgs/compat/18.03/pass/rofi-pass.nix create mode 100644 tv/5pkgs/compat/18.03/pass/set-correct-program-name-for-sleep.patch create mode 100644 tv/5pkgs/compat/default.nix diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 24179cc..5421cab 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -41,7 +41,6 @@ with import ; mkpasswd netcat netcup - nix-repl nmap p7zip pass diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 96c59c6..892b7e3 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -41,6 +41,9 @@ in { # refs desktopManager.session = mkForce []; + displayManager.lightdm.enable = mkForce false; + displayManager.job.execCmd = mkForce "derp"; + enable = true; display = 11; tty = 11; diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index e252f2e..62a7037 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -64,7 +64,7 @@ in { ExecStartPre = "${pkgs.coreutils}/bin/ln -s /etc/charybdis-ircd.motd /tmp/ircd.motd"; ExecStart = toString [ - "${pkgs.charybdis}/bin/charybdis-ircd" + "${pkgs.charybdis}/bin/charybdis" "-configfile ${import ./config.nix args}" "-foreground" "-logfile /dev/stderr" diff --git a/tv/5pkgs/compat/18.03/pass-otp/default.nix b/tv/5pkgs/compat/18.03/pass-otp/default.nix new file mode 100644 index 0000000..3341118 --- /dev/null +++ b/tv/5pkgs/compat/18.03/pass-otp/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub, oathToolkit }: +stdenv.mkDerivation rec { + name = "pass-otp-${version}"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "tadfisher"; + repo = "pass-otp"; + rev = "v${version}"; + sha256 = "1cgj4zc8fq88n3h6c0vkv9i5al785mdprpgpbv5m22dz9p1wqvbb"; + }; + + buildInputs = [ oathToolkit ]; + + patchPhase = '' + sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash + ''; + + installPhase = '' + make PREFIX=$out install + ''; + + meta = with stdenv.lib; { + description = "A pass extension for managing one-time-password (OTP) tokens"; + homepage = https://github.com/tadfisher/pass-otp; + license = licenses.gpl3; + maintainers = with maintainers; [ jwiegley tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/tv/5pkgs/compat/18.03/pass/default.nix b/tv/5pkgs/compat/18.03/pass/default.nix new file mode 100644 index 0000000..c2fe0e1 --- /dev/null +++ b/tv/5pkgs/compat/18.03/pass/default.nix @@ -0,0 +1,121 @@ +{ stdenv, lib, fetchurl, fetchFromGitHub +, coreutils, gnused, getopt, git, tree, gnupg, which, procps, qrencode +, makeWrapper + +, pass-otp + +, xclip ? null, xdotool ? null, dmenu ? null +, x11Support ? !stdenv.isDarwin +, tombPluginSupport ? false, tomb +}: + +with lib; + +assert x11Support -> xclip != null + && xdotool != null + && dmenu != null; + +let + plugins = map (p: (fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-${p.name}"; + inherit (p) rev sha256; + })) + ([ + { name = "import"; + rev = "491935bd275f29ceac2b876b3a288011d1ce31e7"; + sha256 = "02mbh05ab8h7kc30hz718d1d1vkjz43b96c7p0xnd92610d2q66q"; } + { name = "update"; + rev = "cf576c9036fd18efb9ed29e0e9f811207b556fde"; + sha256 = "1hhbrg6a2walrvla6q4cd3pgrqbcrf9brzjkb748735shxfn52hd"; } + ] ++ stdenv.lib.optional tombPluginSupport { + name = "tomb"; + rev = "3368134898a42c1b758fabac625ec240e125c6be"; + sha256 = "0qqmxfg4w3r088qhlkhs44036mya82vjflsjjhw2hk8y0wd2i6ds"; } + ); + +in stdenv.mkDerivation rec { + version = "1.7.2"; + name = "password-store-${version}"; + + src = fetchurl { + url = "http://git.zx2c4.com/password-store/snapshot/${name}.tar.xz"; + sha256 = "1sl0d7nc85c6c2bmmmyb8rpmn47vhkj831l153mjlkawjvhwas27"; + }; + + patches = [ ./set-correct-program-name-for-sleep.patch + ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; + + nativeBuildInputs = [ makeWrapper ]; + + installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ]; + + postInstall = '' + # plugins + ${stdenv.lib.concatStringsSep "\n" (map (plugin: '' + pushd ${plugin} + PREFIX=$out make install + popd + '') plugins)} + + ln -s \ + ${pass-otp}/lib/password-store/extensions/otp.bash \ + $out/lib/password-store/extensions/ + + ln -s \ + ${pass-otp}/share/man/man1/pass-otp.1.gz \ + $out/share/man/man1/ + + # Install Emacs Mode. NOTE: We can't install the necessary + # dependencies (s.el and f.el) here. The user has to do this + # himself. + mkdir -p "$out/share/emacs/site-lisp" + cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/" + '' + optionalString x11Support '' + cp "contrib/dmenu/passmenu" "$out/bin/" + ''; + + wrapperPath = with stdenv.lib; makeBinPath ([ + coreutils + getopt + git + gnupg + gnused + tree + which + qrencode + ] ++ optional tombPluginSupport tomb + ++ optional stdenv.isLinux procps + ++ ifEnable x11Support [ dmenu xclip xdotool ]); + + postFixup = '' + # Fix program name in --help + substituteInPlace $out/bin/pass \ + --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass" + + # Ensure all dependencies are in PATH + wrapProgram $out/bin/pass \ + --prefix PATH : "${wrapperPath}" + '' + stdenv.lib.optionalString x11Support '' + # We just wrap passmenu with the same PATH as pass. It doesn't + # need all the tools in there but it doesn't hurt either. + wrapProgram $out/bin/passmenu \ + --prefix PATH : "$out/bin:${wrapperPath}" + ''; + + meta = with stdenv.lib; { + description = "Stores, retrieves, generates, and synchronizes passwords securely"; + homepage = https://www.passwordstore.org/; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ lovek323 the-kenny fpletz ]; + platforms = platforms.unix; + + longDescription = '' + pass is a very simple password store that keeps passwords inside gpg2 + encrypted files inside a simple directory tree residing at + ~/.password-store. The pass utility provides a series of commands for + manipulating the password store, allowing the user to add, remove, edit, + synchronize, generate, and manipulate passwords. + ''; + }; +} diff --git a/tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch b/tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch new file mode 100644 index 0000000..e8f7e13 --- /dev/null +++ b/tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch @@ -0,0 +1,9 @@ +diff -Naur password-store-1.6.5-orig/src/platform/darwin.sh password-store-1.6.5/src/platform/darwin.sh +--- password-store-1.6.5-orig/src/platform/darwin.sh 2015-01-28 16:43:02.000000000 +0000 ++++ password-store-1.6.5/src/platform/darwin.sh 2015-02-15 16:09:02.000000000 +0000 +@@ -31,5 +31,4 @@ + mount -t hfs -o noatime -o nobrowse "$DARWIN_RAMDISK_DEV" "$SECURE_TMPDIR" || die "Error: could not mount filesystem on ramdisk." + } + +-GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt" + SHRED="srm -f -z" diff --git a/tv/5pkgs/compat/18.03/pass/rofi-pass.nix b/tv/5pkgs/compat/18.03/pass/rofi-pass.nix new file mode 100644 index 0000000..61f5197 --- /dev/null +++ b/tv/5pkgs/compat/18.03/pass/rofi-pass.nix @@ -0,0 +1,57 @@ +{ stdenv, fetchFromGitHub, pass, rofi, coreutils, utillinux, xdotool, gnugrep +, libnotify, pwgen, findutils, gawk, gnused, xclip, makeWrapper +}: + +stdenv.mkDerivation rec { + name = "rofi-pass-${version}"; + version = "1.5.3"; + + src = fetchFromGitHub { + owner = "carnager"; + repo = "rofi-pass"; + rev = version; + sha256 = "1fn1j2rf3abc5qb44zfc8z8ffw6rva4xfp7597hwr1g3szacazpq"; + }; + + buildInputs = [ makeWrapper ]; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/bin + cp -a rofi-pass $out/bin/rofi-pass + + mkdir -p $out/share/doc/rofi-pass/ + cp -a config.example $out/share/doc/rofi-pass/config.example + ''; + + wrapperPath = with stdenv.lib; makeBinPath [ + coreutils + findutils + gawk + gnugrep + gnused + libnotify + pass + pwgen + rofi + utillinux + xclip + xdotool + ]; + + fixupPhase = '' + patchShebangs $out/bin + + wrapProgram $out/bin/rofi-pass \ + --prefix PATH : "${wrapperPath}" + ''; + + meta = { + description = "A script to make rofi work with password-store"; + homepage = https://github.com/carnager/rofi-pass; + maintainers = with stdenv.lib.maintainers; [ the-kenny garbas ]; + license = stdenv.lib.licenses.gpl3; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/tv/5pkgs/compat/18.03/pass/set-correct-program-name-for-sleep.patch b/tv/5pkgs/compat/18.03/pass/set-correct-program-name-for-sleep.patch new file mode 100644 index 0000000..782e06e --- /dev/null +++ b/tv/5pkgs/compat/18.03/pass/set-correct-program-name-for-sleep.patch @@ -0,0 +1,69 @@ +From 25b44e00ed5df8ffe2782d38ad5cd9f514379599 Mon Sep 17 00:00:00 2001 +From: "Andrew R. M" +Date: Sat, 8 Apr 2017 13:50:01 -0400 +Subject: [PATCH] Patch the clip() function to work even when using + single-binary coreutils + +--- + src/password-store.sh | 4 ++-- + src/platform/cygwin.sh | 4 ++-- + src/platform/darwin.sh | 4 ++-- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/password-store.sh b/src/password-store.sh +index 6a4172d..4dbd6b8 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -155,11 +155,11 @@ clip() { + # variable. Specifically, it cannot store nulls nor (non-trivally) store + # trailing new lines. + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)" + echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" + ( +- ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" ) ++ ( exec -a "$sleep_argv0" bash <(echo trap 'kill %1' TERM\; sleep "$CLIP_TIME & wait") ) + local now="$(xclip -o -selection "$X_SELECTION" | base64)" + [[ $now != $(echo -n "$1" | base64) ]] && before="$now" + +diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh +index 6e5dd86..f3574c4 100644 +--- a/src/platform/cygwin.sh ++++ b/src/platform/cygwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(base64 < /dev/clipboard)" + echo -n "$1" > /dev/clipboard + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$(base64 < /dev/clipboard)" + [[ $now != $(echo -n "$1" | base64) ]] && before="$now" + echo "$before" | base64 -d > /dev/clipboard +diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh +index 86eb325..deb04c4 100644 +--- a/src/platform/darwin.sh ++++ b/src/platform/darwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep for user $(id -u)" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(pbpaste | openssl base64)" + echo -n "$1" | pbcopy + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$(pbpaste | openssl base64)" + [[ $now != $(echo -n "$1" | openssl base64) ]] && before="$now" + echo "$before" | openssl base64 -d | pbcopy +-- +2.12.2 + diff --git a/tv/5pkgs/compat/default.nix b/tv/5pkgs/compat/default.nix new file mode 100644 index 0000000..0d1e61b --- /dev/null +++ b/tv/5pkgs/compat/default.nix @@ -0,0 +1 @@ +self: super: {} diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 82474ad..c5c800b 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -33,4 +33,16 @@ foldl' mergeAttrs {} ''; gnupg = self.gnupg22; + + pass = { + "18.03" = + self.callPackage ./compat/18.03/pass { + pass-otp = self.callPackage ./compat/18.03/pass-otp {}; + }; + "18.09" = + super.pass.withExtensions (ext: [ + ext.pass-otp + ]); + }.${versions.majorMinor nixpkgsVersion}; + } diff --git a/tv/5pkgs/simple/utsushi.nix b/tv/5pkgs/simple/utsushi.nix index 518c34c..e61dd18 100644 --- a/tv/5pkgs/simple/utsushi.nix +++ b/tv/5pkgs/simple/utsushi.nix @@ -164,6 +164,7 @@ stdenv.mkDerivation rec { ; NIX_CFLAGS_COMPILE = [ + "-Wno-error=deprecated-declarations" "-Wno-error=unused-variable" ]; -- cgit v1.3.1 From 8bb0e8442e377cb1152959d5de4f61cb135cc31a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 00:39:21 +0200 Subject: j brauerei.r: force lightdm off --- jeschli/1systems/brauerei/config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 0c01b79..3ec2b5c 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -119,6 +119,8 @@ # Don't install feh into systemPackages # refs desktopManager.session = lib.mkForce []; + displayManager.lightdm.enable = lib.mkForce false; + displayManager.job.execCmd = lib.mkForce "derp"; enable = true; display = 11; -- cgit v1.3.1 From cc844a059e4a5b81176646dfd815d00392f96a2f Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Oct 2018 16:37:06 +0200 Subject: tv: systemPackages += git-crypt --- tv/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 2ccab3d..d9ddc90 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -143,6 +143,7 @@ with import ; environment.systemPackages = [ pkgs.get pkgs.git + pkgs.git-crypt pkgs.git-preview pkgs.hashPassword pkgs.htop -- cgit v1.3.1 From 9f3f7dd5b2f2db5f86cddc0ff09c11820c6f00e7 Mon Sep 17 00:00:00 2001 From: jeschli Date: Fri, 5 Oct 2018 14:04:27 +0200 Subject: j brauerei: +luis @ dev tmux --- jeschli/1systems/brauerei/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 3ec2b5c..98db60e 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -149,6 +149,7 @@ isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" ]; }; -- cgit v1.3.1 From a3790a6ce4a95ada12d28b39c3e99bb1c20d3b74 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sun, 7 Oct 2018 16:42:45 +0200 Subject: j emacs: remove melpaPackages.mmm-mode --- jeschli/2configs/emacs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 3bd2dbf..5fc8874 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -67,7 +67,6 @@ let emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ epkgs.melpaPackages.evil epkgs.melpaStablePackages.magit - epkgs.melpaPackages.mmm-mode epkgs.melpaPackages.nix-mode epkgs.melpaPackages.go-mode epkgs.melpaPackages.google-this -- cgit v1.3.1 From b71d54a13045154fd60a1a7209ad8c3b6fe57df8 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Oct 2018 16:37:06 +0200 Subject: tv: systemPackages += git-crypt --- tv/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 2ccab3d..d9ddc90 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -143,6 +143,7 @@ with import ; environment.systemPackages = [ pkgs.get pkgs.git + pkgs.git-crypt pkgs.git-preview pkgs.hashPassword pkgs.htop -- cgit v1.3.1 From fd1e5ba45de8ef8662dacf4e9c93b167364eb3a5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 20:57:53 +0200 Subject: remove nin --- nin/0tests/dummysecrets/hashedPasswords.nix | 1 - nin/0tests/dummysecrets/ssh.id_ed25519 | 0 nin/1systems/axon/config.nix | 132 ----------- nin/1systems/hiawatha/config.nix | 126 ---------- nin/1systems/onondaga/config.nix | 23 -- nin/2configs/ableton.nix | 20 -- nin/2configs/copyq.nix | 38 --- nin/2configs/default.nix | 173 -------------- nin/2configs/games.nix | 70 ------ nin/2configs/git.nix | 60 ----- nin/2configs/im.nix | 19 -- nin/2configs/retiolum.nix | 28 --- nin/2configs/skype.nix | 27 --- nin/2configs/termite.nix | 22 -- nin/2configs/vim.nix | 355 ---------------------------- nin/2configs/weechat.nix | 21 -- nin/default.nix | 7 - nin/krops.nix | 35 --- 18 files changed, 1157 deletions(-) delete mode 100644 nin/0tests/dummysecrets/hashedPasswords.nix delete mode 100644 nin/0tests/dummysecrets/ssh.id_ed25519 delete mode 100644 nin/1systems/axon/config.nix delete mode 100644 nin/1systems/hiawatha/config.nix delete mode 100644 nin/1systems/onondaga/config.nix delete mode 100644 nin/2configs/ableton.nix delete mode 100644 nin/2configs/copyq.nix delete mode 100644 nin/2configs/default.nix delete mode 100644 nin/2configs/games.nix delete mode 100644 nin/2configs/git.nix delete mode 100644 nin/2configs/im.nix delete mode 100644 nin/2configs/retiolum.nix delete mode 100644 nin/2configs/skype.nix delete mode 100644 nin/2configs/termite.nix delete mode 100644 nin/2configs/vim.nix delete mode 100644 nin/2configs/weechat.nix delete mode 100644 nin/default.nix delete mode 100644 nin/krops.nix diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix deleted file mode 100644 index 0967ef4..0000000 --- a/nin/0tests/dummysecrets/hashedPasswords.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519 deleted file mode 100644 index e69de29..0000000 diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix deleted file mode 100644 index 5e81afd..0000000 --- a/nin/1systems/axon/config.nix +++ /dev/null @@ -1,132 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - - - #../2configs/copyq.nix - - - - - - ]; - - krebs.build.host = config.krebs.hosts.axon; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/pool/root"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices.crypted.device = "/dev/sda2"; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver = { - enable = true; - - displayManager.lightdm.enable = true; - }; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - atom - chromium - firefox - git - htop - keepassx - lmms - networkmanagerapplet - openvpn - python - ruby - steam - taskwarrior - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xhost}/bin/xhost + local: - ''; - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix deleted file mode 100644 index a09eed9..0000000 --- a/nin/1systems/hiawatha/config.nix +++ /dev/null @@ -1,126 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - - - #../2configs/copyq.nix - - - - - ]; - - krebs.build.host = config.krebs.hosts.hiawatha; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/home" = - { device = "/dev/fam/home"; - }; - - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - fileSystems."/home/nin/.local/share/Steam" = { - device = "/dev/fam/steam"; - }; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - firefox - git - lmms - networkmanagerapplet - python - steam - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix deleted file mode 100644 index 3cd0773..0000000 --- a/nin/1systems/onondaga/config.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - ]; - - krebs.build.host = config.krebs.hosts.onondaga; - - boot.isContainer = true; - networking.useDHCP = false; - - time.timeZone = "Europe/Amsterdam"; - - services.openssh.enable = true; -} diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix deleted file mode 100644 index 343a908..0000000 --- a/nin/2configs/ableton.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, ... }: let - mainUser = config.users.extraUsers.nin; -in { - users.users= { - ableton = { - isNormalUser = true; - extraGroups = [ - "audio" - "video" - ]; - packages = [ - pkgs.wine - pkgs.winetricks - ]; - }; - }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(ableton) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix deleted file mode 100644 index 0616c40..0000000 --- a/nin/2configs/copyq.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, ... }: -with import ; -let - copyqConfig = pkgs.writeDash "copyq-config" '' - ${pkgs.copyq}/bin/copyq config check_clipboard true - ${pkgs.copyq}/bin/copyq config check_selection true - ${pkgs.copyq}/bin/copyq config copy_clipboard true - ${pkgs.copyq}/bin/copyq config copy_selection true - - ${pkgs.copyq}/bin/copyq config activate_closes true - ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 - ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard - ${pkgs.copyq}/bin/copyq config disable_tray true - ${pkgs.copyq}/bin/copyq config hide_tabs true - ${pkgs.copyq}/bin/copyq config hide_toolbar true - ${pkgs.copyq}/bin/copyq config item_popup_interval true - ${pkgs.copyq}/bin/copyq config maxitems 1000 - ${pkgs.copyq}/bin/copyq config move true - ${pkgs.copyq}/bin/copyq config text_wrap true - ''; -in { - systemd.user.services.copyq = { - after = [ "graphical.target" ]; - wants = [ "graphical.target" ]; - wantedBy = [ "default.target" ]; - environment = { - DISPLAY = ":0"; - }; - serviceConfig = { - SyslogIdentifier = "copyq"; - ExecStart = "${pkgs.copyq}/bin/copyq"; - ExecStartPost = copyqConfig; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - }; - }; -} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix deleted file mode 100644 index 62f499a..0000000 --- a/nin/2configs/default.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -{ - imports = [ - ../2configs/vim.nix - - - { - users.extraUsers = - mapAttrs (_: h: { hashedPassword = h; }) - (import ); - } - { - users.users = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - nin = { - name = "nin"; - uid = 1337; - home = "/home/nin"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "audio" - "fuse" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - }; - } - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { - environment.variables = { - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - }) - ]; - - networking.hostName = config.krebs.build.host.name; - nix.maxJobs = config.krebs.build.host.cores; - - krebs = { - enable = true; - search-domain = "r"; - build = { - user = config.krebs.users.nin; - }; - }; - - nix.useSandbox = true; - - users.mutableUsers = false; - - services.timesyncd.enable = true; - - #why is this on in the first place? - services.nscd.enable = false; - - boot.tmpOnTmpfs = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - ''; - - nixpkgs.config.allowUnfree = true; - - environment.shellAliases = { - gs = "git status"; - }; - - environment.systemPackages = with pkgs; [ - #stockholm - git - gnumake - jq - proot - pavucontrol - populate - p7zip - termite - unzip - unrar - hashPassword - ]; - - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' - else - PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; - - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - krebs.iptables = { - enable = true; - tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } - { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } - { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } - ]; - }; - }; - - networking.dhcpcd.extraConfig = '' - noipv4ll - ''; -} diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix deleted file mode 100644 index 15e1723..0000000 --- a/nin/2configs/games.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.mainUser; - vdoom = pkgs.writeDash "vdoom" '' - ${pkgs.zandronum}/bin/zandronum \ - -fov 120 \ - "$@" - ''; - doom = pkgs.writeDash "doom" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} \ - -file $DOOM_DIR/lib/brutalv20.pk3 \ - "$@" - ''; - doom1 = pkgs.writeDashBin "doom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - doom2 = pkgs.writeDashBin "doom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - vdoom1 = pkgs.writeDashBin "vdoom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - vdoom2 = pkgs.writeDashBin "vdoom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - - doomservercfg = pkgs.writeText "doomserver.cfg" '' - skill 7 - #survival true - #sv_maxlives 4 - #sv_norespawn true - #sv_weapondrop true - no_jump true - #sv_noweaponspawn true - sv_sharekeys true - sv_survivalcountdowntime 1 - sv_noteamselect true - sv_updatemaster false - #sv_coop_loseinventory true - #cl_startasspectator false - #lms_spectatorview false - ''; - - vdoomserver = pkgs.writeDashBin "vdoomserver" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - - ${pkgs.zandronum}/bin/zandronum-server \ - +exec ${doomservercfg} \ - "$@" - ''; - -in { - environment.systemPackages = with pkgs; [ - dwarf_fortress - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver - ]; - - hardware.pulseaudio.support32Bit = true; - -} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix deleted file mode 100644 index aed4a9f..0000000 --- a/nin/2configs/git.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -let - - out = { - services.nginx.enable = true; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - }; - }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - - repos = public-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - stockholm = { - cgit.desc = "take all the computers hostage, they'll love you!"; - }; - }; - - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = [ nin nin_h ]; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix deleted file mode 100644 index b078dbd..0000000 --- a/nin/2configs/im.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -{ - environment.systemPackages = with pkgs; [ - (pkgs.writeDashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - ssh chat@onondaga - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - ]; -} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix deleted file mode 100644 index 821e3cc..0000000 --- a/nin/2configs/retiolum.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: - -{ - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } - ]; - }; - }; - - krebs.tinc.retiolum = { - enable = true; - connectTo = [ - "prism" - "pigstarter" - "gum" - "flap" - ]; - }; - - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; -} diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix deleted file mode 100644 index 621dfae..0000000 --- a/nin/2configs/skype.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - mainUser = config.users.extraUsers.nin; - inherit (import ) genid; - -in { - users.extraUsers = { - skype = { - name = "skype"; - uid = genid "skype"; - description = "user for running skype"; - home = "/home/skype"; - useDefaultShell = true; - extraGroups = [ "audio" "video" ]; - createHome = true; - }; - }; - - krebs.per-user.skype.packages = [ - pkgs.skype - ]; - - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(skype) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix deleted file mode 100644 index 942446b..0000000 --- a/nin/2configs/termite.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = [ - pkgs.termite - ]; - - krebs.per-user.nin.packages = let - termitecfg = pkgs.writeTextFile { - name = "termite-config"; - destination = "/etc/xdg/termite/config"; - text = '' - [colors] - foreground = #d0d7d0 - background = #000000 - ''; - }; - in [ - termitecfg - ]; - -} diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix deleted file mode 100644 index 7b5d376..0000000 --- a/nin/2configs/vim.nix +++ /dev/null @@ -1,355 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - out = { - environment.systemPackages = [ - vim - pkgs.pythonPackages.flake8 - ]; - - environment.etc.vimrc.source = vimrc; - - environment.variables.EDITOR = mkForce "vim"; - environment.variables.VIMINIT = ":so /etc/vimrc"; - }; - - vimrc = pkgs.writeText "vimrc" '' - set nocompatible - - set autoindent - set backspace=indent,eol,start - set backup - set backupdir=${dirs.backupdir}/ - set directory=${dirs.swapdir}// - set hlsearch - set incsearch - set laststatus=2 - set mouse=a - set noruler - set pastetoggle= - set runtimepath=${extra-runtimepath},$VIMRUNTIME - set shortmess+=I - set showcmd - set showmatch - set ttimeoutlen=0 - set undodir=${dirs.undodir} - set undofile - set undolevels=1000000 - set undoreload=1000000 - set viminfo='20,<1000,s100,h,n${files.viminfo} - set visualbell - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - set wildmode=longest,full - - set et ts=2 sts=2 sw=2 - - filetype plugin indent on - - set t_Co=256 - colorscheme hack - syntax on - - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - \ | syn match TabStop containedin=ALL /\t\+/ - \ | syn keyword Todo containedin=ALL TODO - - au BufRead,BufNewFile *.hs so ${hs.vim} - - au BufRead,BufNewFile *.nix so ${nix.vim} - - au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - - "Syntastic config - let g:syntastic_python_checkers=['flake8'] - - nmap q :buffer - nmap :buffer - - cnoremap - - noremap :q - vnoremap < >gv - - nnoremap [5^ :tabp - nnoremap [6^ :tabn - nnoremap [5@ :tabm -1 - nnoremap [6@ :tabm +1 - - nnoremap :tabp - nnoremap :tabn - inoremap :tabp - inoremap :tabn - - " - noremap Oa | noremap! Oa - noremap Ob | noremap! Ob - noremap Oc | noremap! Oc - noremap Od | noremap! Od - " <[C]S-{Up,Down,Right,Left> - noremap [a | noremap! [a - noremap [b | noremap! [b - noremap [c | noremap! [c - noremap [d | noremap! [d - vnoremap u - ''; - - extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ - pkgs.vimPlugins.Syntastic - pkgs.vimPlugins.undotree - pkgs.vimPlugins.airline - (pkgs.vimUtils.buildVimPlugin { - name = "file-line-1.0"; - src = pkgs.fetchgit { - url = git://github.com/bogado/file-line; - rev = "refs/tags/1.0"; - sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; - }; - }) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "hack"; - in { - name = "vim-color-${name}-1.0.2"; - destination = "/colors/${name}.vim"; - text = /* vim */ '' - set background=dark - hi clear - if exists("syntax_on") - syntax clear - endif - - let colors_name = ${toJSON name} - - hi Normal ctermbg=235 - hi Comment ctermfg=242 - hi Constant ctermfg=062 - hi Identifier ctermfg=068 - hi Function ctermfg=041 - hi Statement ctermfg=167 - hi PreProc ctermfg=167 - hi Type ctermfg=041 - hi Delimiter ctermfg=251 - hi Special ctermfg=062 - - hi Garbage ctermbg=088 - hi TabStop ctermbg=016 - hi Todo ctermfg=174 ctermbg=NONE - - hi NixCode ctermfg=148 - hi NixData ctermfg=149 - hi NixQuote ctermfg=150 - - hi diffNewFile ctermfg=207 - hi diffFile ctermfg=207 - hi diffLine ctermfg=207 - hi diffSubname ctermfg=207 - hi diffAdded ctermfg=010 - hi diffRemoved ctermfg=009 - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "vim"; - in { - name = "vim-syntax-${name}-1.0.0"; - destination = "/syntax/${name}.vim"; - text = /* vim */ '' - ${concatMapStringsSep "\n" (s: /* vim */ '' - syn keyword vimColor${s} ${s} - \ containedin=ALLBUT,vimComment,vimLineComment - hi vimColor${s} ctermfg=${s} - '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "showsyntax"; - in { - name = "vim-plugin-${name}-1.0.0"; - destination = "/plugin/${name}.vim"; - text = /* vim */ '' - if exists('g:loaded_showsyntax') - finish - endif - let g:loaded_showsyntax = 0 - - fu! ShowSyntax() - let id = synID(line("."), col("."), 1) - let name = synIDattr(id, "name") - let transName = synIDattr(synIDtrans(id),"name") - if name != transName - let name .= " (" . transName . ")" - endif - echo "Syntax: " . name - endfu - - command! -n=0 -bar ShowSyntax :call ShowSyntax() - ''; - }))) - ]; - - dirs = { - backupdir = "$HOME/.cache/vim/backup"; - swapdir = "$HOME/.cache/vim/swap"; - undodir = "$HOME/.cache/vim/undo"; - }; - files = { - viminfo = "$HOME/.cache/vim/info"; - }; - - mkdirs = let - dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); - in assert out != ""; out; - alldirs = attrValues dirs ++ map dirOf (attrValues files); - in unique (sort lessThan alldirs); - - vim = pkgs.writeDashBin "vim" '' - set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) - exec ${pkgs.vim}/bin/vim "$@" - ''; - - - hs.vim = pkgs.writeText "hs.vim" '' - syn region String start=+\[[[:alnum:]]*|+ end=+|]+ - - hi link ConId Identifier - hi link VarId Identifier - hi link hsDelimiter Delimiter - ''; - - nix.vim = pkgs.writeText "nix.vim" '' - setf nix - - " Ref - syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ - syn match NixINT /\<[0-9]\+\>/ - syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ - syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ - syn region NixSTRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - syn region NixIND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - - syn match NixOther /[():/;=.,?\[\]]/ - - syn match NixCommentMatch /\(^\|\s\)#.*/ - syn region NixCommentRegion start="/\*" end="\*/" - - hi link NixCode Statement - hi link NixData Constant - hi link NixComment Comment - - hi link NixCommentMatch NixComment - hi link NixCommentRegion NixComment - hi link NixID NixCode - hi link NixINT NixData - hi link NixPATH NixData - hi link NixHPATH NixData - hi link NixSPATH NixData - hi link NixURI NixData - hi link NixSTRING NixData - hi link NixIND_STRING NixData - - hi link NixEnter NixCode - hi link NixOther NixCode - hi link NixQuote NixData - - syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings - syn cluster nix_ind_strings contains=NixIND_STRING - syn cluster nix_strings contains=NixSTRING - - ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let - startAlts = filter isString [ - ''/\* ${lang} \*/'' - extraStart - ]; - sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; - in /* vim */ '' - syn include @nix_${lang}_syntax syntax/${lang}.vim - unlet b:current_syntax - - syn match nix_${lang}_sigil - \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X - \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING - \ transparent - - syn region nix_${lang}_region_STRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn region nix_${lang}_region_IND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn cluster nix_ind_strings - \ add=nix_${lang}_region_IND_STRING - - syn cluster nix_strings - \ add=nix_${lang}_region_STRING - - syn cluster nix_has_dollar_curly - \ add=@nix_${lang}_syntax - '') { - c = {}; - cabal = {}; - haskell = {}; - sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - vim.extraStart = - ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; - })} - - " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. - syn clear shVarAssign - - syn region nixINSIDE_DOLLAR_CURLY - \ matchgroup=NixEnter - \ start="[$]{" - \ end="}" - \ contains=TOP - \ containedin=@nix_has_dollar_curly - \ transparent - - syn region nix_inside_curly - \ matchgroup=NixEnter - \ start="{" - \ end="}" - \ contains=TOP - \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly - \ transparent - - syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /\\./he=s+1 - \ containedin=@nix_strings - \ contained - - syn sync fromstart - - let b:current_syntax = "nix" - - set isk=@,48-57,_,192-255,-,' - set bg=dark - ''; -in -out diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix deleted file mode 100644 index 6c0fb31..0000000 --- a/nin/2configs/weechat.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import ) genid; -in { - krebs.per-user.chat.packages = with pkgs; [ - mosh - weechat - tmux - ]; - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; -} diff --git a/nin/default.nix b/nin/default.nix deleted file mode 100644 index c31d6d9..0000000 --- a/nin/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: -{ - imports = [ - ../krebs - ./2configs - ]; -} diff --git a/nin/krops.nix b/nin/krops.nix deleted file mode 100644 index d007484..0000000 --- a/nin/krops.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ name }: let - inherit (import ../krebs/krops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - source = { test }: lib.evalSource [ - krebs-source - { - nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; - secrets = if test then { - file = toString ./0tests/dummysecrets; - } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - } - ]; - -in { - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.krops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - target = "root@${name}/var/src"; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) - test = { target }: pkgs.krops.writeTest "${name}-test" { - inherit target; - source = source { test = true; }; - }; -} -- cgit v1.3.1 From a245d36d295b39d45caef61f16970d14007abdd6 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 9 Oct 2018 09:35:35 +0200 Subject: tv vim: add vim-elixir --- tv/2configs/vim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 400d179..2ac7f75 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -15,6 +15,7 @@ let { extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ pkgs.vimPlugins.undotree + pkgs.vimPlugins.vim-elixir (pkgs.vimUtils.buildVimPlugin { name = "vim-syntax-jq"; src = pkgs.fetchgit { -- cgit v1.3.1 From 433df48cbc31a40c045abd9e1c7036a451d7074d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Oct 2018 13:48:52 +0200 Subject: force test in krops.nix --- jeschli/krops.nix | 1 + tv/krops.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/jeschli/krops.nix b/jeschli/krops.nix index 34f3aaa..d45d57c 100644 --- a/jeschli/krops.nix +++ b/jeschli/krops.nix @@ -29,6 +29,7 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { + force = true; inherit target; source = source { test = true; }; }; diff --git a/tv/krops.nix b/tv/krops.nix index 231486a..e922630 100644 --- a/tv/krops.nix +++ b/tv/krops.nix @@ -16,6 +16,7 @@ # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "tv-krops-${name}-ci" { + force = true; inherit source target; }; -- cgit v1.3.1 From 746cee73a0610ff5a984f02f1a6d5f65beac78de Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 9 Oct 2018 21:09:42 +0200 Subject: Revert "remove nin" This reverts commit fd1e5ba45de8ef8662dacf4e9c93b167364eb3a5. --- nin/0tests/dummysecrets/hashedPasswords.nix | 1 + nin/0tests/dummysecrets/ssh.id_ed25519 | 0 nin/1systems/axon/config.nix | 132 +++++++++++ nin/1systems/hiawatha/config.nix | 126 ++++++++++ nin/1systems/onondaga/config.nix | 23 ++ nin/2configs/ableton.nix | 20 ++ nin/2configs/copyq.nix | 38 +++ nin/2configs/default.nix | 173 ++++++++++++++ nin/2configs/games.nix | 70 ++++++ nin/2configs/git.nix | 60 +++++ nin/2configs/im.nix | 19 ++ nin/2configs/retiolum.nix | 28 +++ nin/2configs/skype.nix | 27 +++ nin/2configs/termite.nix | 22 ++ nin/2configs/vim.nix | 355 ++++++++++++++++++++++++++++ nin/2configs/weechat.nix | 21 ++ nin/default.nix | 7 + nin/krops.nix | 35 +++ 18 files changed, 1157 insertions(+) create mode 100644 nin/0tests/dummysecrets/hashedPasswords.nix create mode 100644 nin/0tests/dummysecrets/ssh.id_ed25519 create mode 100644 nin/1systems/axon/config.nix create mode 100644 nin/1systems/hiawatha/config.nix create mode 100644 nin/1systems/onondaga/config.nix create mode 100644 nin/2configs/ableton.nix create mode 100644 nin/2configs/copyq.nix create mode 100644 nin/2configs/default.nix create mode 100644 nin/2configs/games.nix create mode 100644 nin/2configs/git.nix create mode 100644 nin/2configs/im.nix create mode 100644 nin/2configs/retiolum.nix create mode 100644 nin/2configs/skype.nix create mode 100644 nin/2configs/termite.nix create mode 100644 nin/2configs/vim.nix create mode 100644 nin/2configs/weechat.nix create mode 100644 nin/default.nix create mode 100644 nin/krops.nix diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix new file mode 100644 index 0000000..0967ef4 --- /dev/null +++ b/nin/0tests/dummysecrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519 new file mode 100644 index 0000000..e69de29 diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix new file mode 100644 index 0000000..5e81afd --- /dev/null +++ b/nin/1systems/axon/config.nix @@ -0,0 +1,132 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + + + #../2configs/copyq.nix + + + + + + ]; + + krebs.build.host = config.krebs.hosts.axon; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/pool/root"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices.crypted.device = "/dev/sda2"; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver = { + enable = true; + + displayManager.lightdm.enable = true; + }; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.systemPackages = with pkgs; [ + atom + chromium + firefox + git + htop + keepassx + lmms + networkmanagerapplet + openvpn + python + ruby + steam + taskwarrior + thunderbird + vim + virtmanager + ]; + + nixpkgs.config = { + + allowUnfree = true; + + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + services.xserver.displayManager.sessionCommands = '' + ${pkgs.xorg.xhost}/bin/xhost + local: + ''; + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix new file mode 100644 index 0000000..a09eed9 --- /dev/null +++ b/nin/1systems/hiawatha/config.nix @@ -0,0 +1,126 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + + + #../2configs/copyq.nix + + + + + ]; + + krebs.build.host = config.krebs.hosts.hiawatha; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/home" = + { device = "/dev/fam/home"; + }; + + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + fileSystems."/home/nin/.local/share/Steam" = { + device = "/dev/fam/steam"; + }; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver.enable = true; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.systemPackages = with pkgs; [ + firefox + git + lmms + networkmanagerapplet + python + steam + thunderbird + vim + virtmanager + ]; + + nixpkgs.config = { + + allowUnfree = true; + + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix new file mode 100644 index 0000000..3cd0773 --- /dev/null +++ b/nin/1systems/onondaga/config.nix @@ -0,0 +1,23 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + + ]; + + krebs.build.host = config.krebs.hosts.onondaga; + + boot.isContainer = true; + networking.useDHCP = false; + + time.timeZone = "Europe/Amsterdam"; + + services.openssh.enable = true; +} diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix new file mode 100644 index 0000000..343a908 --- /dev/null +++ b/nin/2configs/ableton.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: let + mainUser = config.users.extraUsers.nin; +in { + users.users= { + ableton = { + isNormalUser = true; + extraGroups = [ + "audio" + "video" + ]; + packages = [ + pkgs.wine + pkgs.winetricks + ]; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(ableton) NOPASSWD: ALL + ''; +} diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix new file mode 100644 index 0000000..0616c40 --- /dev/null +++ b/nin/2configs/copyq.nix @@ -0,0 +1,38 @@ +{ config, pkgs, ... }: +with import ; +let + copyqConfig = pkgs.writeDash "copyq-config" '' + ${pkgs.copyq}/bin/copyq config check_clipboard true + ${pkgs.copyq}/bin/copyq config check_selection true + ${pkgs.copyq}/bin/copyq config copy_clipboard true + ${pkgs.copyq}/bin/copyq config copy_selection true + + ${pkgs.copyq}/bin/copyq config activate_closes true + ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 + ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard + ${pkgs.copyq}/bin/copyq config disable_tray true + ${pkgs.copyq}/bin/copyq config hide_tabs true + ${pkgs.copyq}/bin/copyq config hide_toolbar true + ${pkgs.copyq}/bin/copyq config item_popup_interval true + ${pkgs.copyq}/bin/copyq config maxitems 1000 + ${pkgs.copyq}/bin/copyq config move true + ${pkgs.copyq}/bin/copyq config text_wrap true + ''; +in { + systemd.user.services.copyq = { + after = [ "graphical.target" ]; + wants = [ "graphical.target" ]; + wantedBy = [ "default.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + SyslogIdentifier = "copyq"; + ExecStart = "${pkgs.copyq}/bin/copyq"; + ExecStartPost = copyqConfig; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + }; + }; +} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix new file mode 100644 index 0000000..62f499a --- /dev/null +++ b/nin/2configs/default.nix @@ -0,0 +1,173 @@ +{ config, lib, pkgs, ... }: + +with import ; +{ + imports = [ + ../2configs/vim.nix + + + { + users.extraUsers = + mapAttrs (_: h: { hashedPassword = h; }) + (import ); + } + { + users.users = { + root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + config.krebs.users.nin_h.pubkey + ]; + }; + nin = { + name = "nin"; + uid = 1337; + home = "/home/nin"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "audio" + "fuse" + ]; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + config.krebs.users.nin_h.pubkey + ]; + }; + }; + } + { + environment.variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + } + (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { + environment.variables = { + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + }) + ]; + + networking.hostName = config.krebs.build.host.name; + nix.maxJobs = config.krebs.build.host.cores; + + krebs = { + enable = true; + search-domain = "r"; + build = { + user = config.krebs.users.nin; + }; + }; + + nix.useSandbox = true; + + users.mutableUsers = false; + + services.timesyncd.enable = true; + + #why is this on in the first place? + services.nscd.enable = false; + + boot.tmpOnTmpfs = true; + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" + ]; + + # multiple-definition-problem when defining environment.variables.EDITOR + environment.extraInit = '' + EDITOR=vim + ''; + + nixpkgs.config.allowUnfree = true; + + environment.shellAliases = { + gs = "git status"; + }; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + proot + pavucontrol + populate + p7zip + termite + unzip + unrar + hashPassword + ]; + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' + else + PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + krebs.iptables = { + enable = true; + tables = { + nat.PREROUTING.rules = [ + { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } + ]; + nat.OUTPUT.rules = [ + { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } + ]; + filter.INPUT.policy = "DROP"; + filter.FORWARD.policy = "DROP"; + filter.INPUT.rules = [ + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } + { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } + { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } + { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } + { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } + ]; + }; + }; + + networking.dhcpcd.extraConfig = '' + noipv4ll + ''; +} diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix new file mode 100644 index 0000000..15e1723 --- /dev/null +++ b/nin/2configs/games.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + vdoom = pkgs.writeDash "vdoom" '' + ${pkgs.zandronum}/bin/zandronum \ + -fov 120 \ + "$@" + ''; + doom = pkgs.writeDash "doom" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} \ + -file $DOOM_DIR/lib/brutalv20.pk3 \ + "$@" + ''; + doom1 = pkgs.writeDashBin "doom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + doom2 = pkgs.writeDashBin "doom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; + vdoom1 = pkgs.writeDashBin "vdoom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + vdoom2 = pkgs.writeDashBin "vdoom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; + + doomservercfg = pkgs.writeText "doomserver.cfg" '' + skill 7 + #survival true + #sv_maxlives 4 + #sv_norespawn true + #sv_weapondrop true + no_jump true + #sv_noweaponspawn true + sv_sharekeys true + sv_survivalcountdowntime 1 + sv_noteamselect true + sv_updatemaster false + #sv_coop_loseinventory true + #cl_startasspectator false + #lms_spectatorview false + ''; + + vdoomserver = pkgs.writeDashBin "vdoomserver" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + + ${pkgs.zandronum}/bin/zandronum-server \ + +exec ${doomservercfg} \ + "$@" + ''; + +in { + environment.systemPackages = with pkgs; [ + dwarf_fortress + doom1 + doom2 + vdoom1 + vdoom2 + vdoomserver + ]; + + hardware.pulseaudio.support32Bit = true; + +} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix new file mode 100644 index 0000000..aed4a9f --- /dev/null +++ b/nin/2configs/git.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +with import ; + +let + + out = { + services.nginx.enable = true; + krebs.git = { + enable = true; + cgit = { + settings = { + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + }; + }; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = public-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + stockholm = { + cgit.desc = "take all the computers hostage, they'll love you!"; + }; + }; + + make-public-repo = name: { cgit ? {}, ... }: { + inherit cgit name; + public = true; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = [ nin nin_h ]; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix new file mode 100644 index 0000000..b078dbd --- /dev/null +++ b/nin/2configs/im.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: +with import ; +{ + environment.systemPackages = with pkgs; [ + (pkgs.writeDashBin "im" '' + export PATH=${makeSearchPath "bin" (with pkgs; [ + tmux + gnugrep + weechat + ])} + ssh chat@onondaga + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + ]; +} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix new file mode 100644 index 0000000..821e3cc --- /dev/null +++ b/nin/2configs/retiolum.nix @@ -0,0 +1,28 @@ +{ ... }: + +{ + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } + { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } + { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + ]; + }; + }; + + krebs.tinc.retiolum = { + enable = true; + connectTo = [ + "prism" + "pigstarter" + "gum" + "flap" + ]; + }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; +} diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix new file mode 100644 index 0000000..621dfae --- /dev/null +++ b/nin/2configs/skype.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.users.extraUsers.nin; + inherit (import ) genid; + +in { + users.extraUsers = { + skype = { + name = "skype"; + uid = genid "skype"; + description = "user for running skype"; + home = "/home/skype"; + useDefaultShell = true; + extraGroups = [ "audio" "video" ]; + createHome = true; + }; + }; + + krebs.per-user.skype.packages = [ + pkgs.skype + ]; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(skype) NOPASSWD: ALL + ''; +} diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix new file mode 100644 index 0000000..942446b --- /dev/null +++ b/nin/2configs/termite.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = [ + pkgs.termite + ]; + + krebs.per-user.nin.packages = let + termitecfg = pkgs.writeTextFile { + name = "termite-config"; + destination = "/etc/xdg/termite/config"; + text = '' + [colors] + foreground = #d0d7d0 + background = #000000 + ''; + }; + in [ + termitecfg + ]; + +} diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix new file mode 100644 index 0000000..7b5d376 --- /dev/null +++ b/nin/2configs/vim.nix @@ -0,0 +1,355 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + out = { + environment.systemPackages = [ + vim + pkgs.pythonPackages.flake8 + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + }; + + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set laststatus=2 + set mouse=a + set noruler + set pastetoggle= + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + + nmap q :buffer + nmap :buffer + + cnoremap + + noremap :q + vnoremap < >gv + + nnoremap [5^ :tabp + nnoremap [6^ :tabn + nnoremap [5@ :tabm -1 + nnoremap [6@ :tabm +1 + + nnoremap :tabp + nnoremap :tabn + inoremap :tabp + inoremap :tabn + + " + noremap Oa | noremap! Oa + noremap Ob | noremap! Ob + noremap Oc | noremap! Oc + noremap Od | noremap! Od + " <[C]S-{Up,Down,Right,Left> + noremap [a | noremap! [a + noremap [b | noremap! [b + noremap [c | noremap! [c + noremap [d | noremap! [d + vnoremap u + ''; + + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree + pkgs.vimPlugins.airline + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchgit { + url = git://github.com/bogado/file-line; + rev = "refs/tags/1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; + }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 + hi Delimiter ctermfg=251 + hi Special ctermfg=062 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) + ]; + + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; + + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); + + vim = pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.vim}/bin/vim "$@" + ''; + + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + set bg=dark + ''; +in +out diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix new file mode 100644 index 0000000..6c0fb31 --- /dev/null +++ b/nin/2configs/weechat.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import ) genid; +in { + krebs.per-user.chat.packages = with pkgs; [ + mosh + weechat + tmux + ]; + + users.extraUsers.chat = { + home = "/home/chat"; + uid = genid "chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; +} diff --git a/nin/default.nix b/nin/default.nix new file mode 100644 index 0000000..c31d6d9 --- /dev/null +++ b/nin/default.nix @@ -0,0 +1,7 @@ +_: +{ + imports = [ + ../krebs + ./2configs + ]; +} diff --git a/nin/krops.nix b/nin/krops.nix new file mode 100644 index 0000000..d007484 --- /dev/null +++ b/nin/krops.nix @@ -0,0 +1,35 @@ +{ name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; + secrets = if test then { + file = toString ./0tests/dummysecrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) + test = { target }: pkgs.krops.writeTest "${name}-test" { + inherit target; + source = source { test = true; }; + }; +} -- cgit v1.3.1 From 25102053c3c20d211356e813333a3059af769beb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Oct 2018 21:12:36 +0200 Subject: Revert "remove nin" This reverts commit fd1e5ba45de8ef8662dacf4e9c93b167364eb3a5. --- nin/0tests/dummysecrets/hashedPasswords.nix | 1 + nin/0tests/dummysecrets/ssh.id_ed25519 | 0 nin/1systems/axon/config.nix | 132 +++++++++++ nin/1systems/hiawatha/config.nix | 126 ++++++++++ nin/1systems/onondaga/config.nix | 23 ++ nin/2configs/ableton.nix | 20 ++ nin/2configs/copyq.nix | 38 +++ nin/2configs/default.nix | 173 ++++++++++++++ nin/2configs/games.nix | 70 ++++++ nin/2configs/git.nix | 60 +++++ nin/2configs/im.nix | 19 ++ nin/2configs/retiolum.nix | 28 +++ nin/2configs/skype.nix | 27 +++ nin/2configs/termite.nix | 22 ++ nin/2configs/vim.nix | 355 ++++++++++++++++++++++++++++ nin/2configs/weechat.nix | 21 ++ nin/default.nix | 7 + nin/krops.nix | 35 +++ 18 files changed, 1157 insertions(+) create mode 100644 nin/0tests/dummysecrets/hashedPasswords.nix create mode 100644 nin/0tests/dummysecrets/ssh.id_ed25519 create mode 100644 nin/1systems/axon/config.nix create mode 100644 nin/1systems/hiawatha/config.nix create mode 100644 nin/1systems/onondaga/config.nix create mode 100644 nin/2configs/ableton.nix create mode 100644 nin/2configs/copyq.nix create mode 100644 nin/2configs/default.nix create mode 100644 nin/2configs/games.nix create mode 100644 nin/2configs/git.nix create mode 100644 nin/2configs/im.nix create mode 100644 nin/2configs/retiolum.nix create mode 100644 nin/2configs/skype.nix create mode 100644 nin/2configs/termite.nix create mode 100644 nin/2configs/vim.nix create mode 100644 nin/2configs/weechat.nix create mode 100644 nin/default.nix create mode 100644 nin/krops.nix diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix new file mode 100644 index 0000000..0967ef4 --- /dev/null +++ b/nin/0tests/dummysecrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519 new file mode 100644 index 0000000..e69de29 diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix new file mode 100644 index 0000000..5e81afd --- /dev/null +++ b/nin/1systems/axon/config.nix @@ -0,0 +1,132 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + + + #../2configs/copyq.nix + + + + + + ]; + + krebs.build.host = config.krebs.hosts.axon; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/pool/root"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices.crypted.device = "/dev/sda2"; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver = { + enable = true; + + displayManager.lightdm.enable = true; + }; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.systemPackages = with pkgs; [ + atom + chromium + firefox + git + htop + keepassx + lmms + networkmanagerapplet + openvpn + python + ruby + steam + taskwarrior + thunderbird + vim + virtmanager + ]; + + nixpkgs.config = { + + allowUnfree = true; + + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + services.xserver.displayManager.sessionCommands = '' + ${pkgs.xorg.xhost}/bin/xhost + local: + ''; + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix new file mode 100644 index 0000000..a09eed9 --- /dev/null +++ b/nin/1systems/hiawatha/config.nix @@ -0,0 +1,126 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + + + #../2configs/copyq.nix + + + + + ]; + + krebs.build.host = config.krebs.hosts.hiawatha; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/home" = + { device = "/dev/fam/home"; + }; + + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + fileSystems."/home/nin/.local/share/Steam" = { + device = "/dev/fam/steam"; + }; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver.enable = true; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.systemPackages = with pkgs; [ + firefox + git + lmms + networkmanagerapplet + python + steam + thunderbird + vim + virtmanager + ]; + + nixpkgs.config = { + + allowUnfree = true; + + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix new file mode 100644 index 0000000..3cd0773 --- /dev/null +++ b/nin/1systems/onondaga/config.nix @@ -0,0 +1,23 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + + ]; + + krebs.build.host = config.krebs.hosts.onondaga; + + boot.isContainer = true; + networking.useDHCP = false; + + time.timeZone = "Europe/Amsterdam"; + + services.openssh.enable = true; +} diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix new file mode 100644 index 0000000..343a908 --- /dev/null +++ b/nin/2configs/ableton.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: let + mainUser = config.users.extraUsers.nin; +in { + users.users= { + ableton = { + isNormalUser = true; + extraGroups = [ + "audio" + "video" + ]; + packages = [ + pkgs.wine + pkgs.winetricks + ]; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(ableton) NOPASSWD: ALL + ''; +} diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix new file mode 100644 index 0000000..0616c40 --- /dev/null +++ b/nin/2configs/copyq.nix @@ -0,0 +1,38 @@ +{ config, pkgs, ... }: +with import ; +let + copyqConfig = pkgs.writeDash "copyq-config" '' + ${pkgs.copyq}/bin/copyq config check_clipboard true + ${pkgs.copyq}/bin/copyq config check_selection true + ${pkgs.copyq}/bin/copyq config copy_clipboard true + ${pkgs.copyq}/bin/copyq config copy_selection true + + ${pkgs.copyq}/bin/copyq config activate_closes true + ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 + ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard + ${pkgs.copyq}/bin/copyq config disable_tray true + ${pkgs.copyq}/bin/copyq config hide_tabs true + ${pkgs.copyq}/bin/copyq config hide_toolbar true + ${pkgs.copyq}/bin/copyq config item_popup_interval true + ${pkgs.copyq}/bin/copyq config maxitems 1000 + ${pkgs.copyq}/bin/copyq config move true + ${pkgs.copyq}/bin/copyq config text_wrap true + ''; +in { + systemd.user.services.copyq = { + after = [ "graphical.target" ]; + wants = [ "graphical.target" ]; + wantedBy = [ "default.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + SyslogIdentifier = "copyq"; + ExecStart = "${pkgs.copyq}/bin/copyq"; + ExecStartPost = copyqConfig; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + }; + }; +} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix new file mode 100644 index 0000000..62f499a --- /dev/null +++ b/nin/2configs/default.nix @@ -0,0 +1,173 @@ +{ config, lib, pkgs, ... }: + +with import ; +{ + imports = [ + ../2configs/vim.nix + + + { + users.extraUsers = + mapAttrs (_: h: { hashedPassword = h; }) + (import ); + } + { + users.users = { + root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + config.krebs.users.nin_h.pubkey + ]; + }; + nin = { + name = "nin"; + uid = 1337; + home = "/home/nin"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "audio" + "fuse" + ]; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + config.krebs.users.nin_h.pubkey + ]; + }; + }; + } + { + environment.variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + } + (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { + environment.variables = { + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + }) + ]; + + networking.hostName = config.krebs.build.host.name; + nix.maxJobs = config.krebs.build.host.cores; + + krebs = { + enable = true; + search-domain = "r"; + build = { + user = config.krebs.users.nin; + }; + }; + + nix.useSandbox = true; + + users.mutableUsers = false; + + services.timesyncd.enable = true; + + #why is this on in the first place? + services.nscd.enable = false; + + boot.tmpOnTmpfs = true; + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" + ]; + + # multiple-definition-problem when defining environment.variables.EDITOR + environment.extraInit = '' + EDITOR=vim + ''; + + nixpkgs.config.allowUnfree = true; + + environment.shellAliases = { + gs = "git status"; + }; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + proot + pavucontrol + populate + p7zip + termite + unzip + unrar + hashPassword + ]; + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' + else + PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + krebs.iptables = { + enable = true; + tables = { + nat.PREROUTING.rules = [ + { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } + ]; + nat.OUTPUT.rules = [ + { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } + ]; + filter.INPUT.policy = "DROP"; + filter.FORWARD.policy = "DROP"; + filter.INPUT.rules = [ + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } + { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } + { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } + { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } + { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } + ]; + }; + }; + + networking.dhcpcd.extraConfig = '' + noipv4ll + ''; +} diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix new file mode 100644 index 0000000..15e1723 --- /dev/null +++ b/nin/2configs/games.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + vdoom = pkgs.writeDash "vdoom" '' + ${pkgs.zandronum}/bin/zandronum \ + -fov 120 \ + "$@" + ''; + doom = pkgs.writeDash "doom" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} \ + -file $DOOM_DIR/lib/brutalv20.pk3 \ + "$@" + ''; + doom1 = pkgs.writeDashBin "doom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + doom2 = pkgs.writeDashBin "doom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; + vdoom1 = pkgs.writeDashBin "vdoom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + vdoom2 = pkgs.writeDashBin "vdoom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; + + doomservercfg = pkgs.writeText "doomserver.cfg" '' + skill 7 + #survival true + #sv_maxlives 4 + #sv_norespawn true + #sv_weapondrop true + no_jump true + #sv_noweaponspawn true + sv_sharekeys true + sv_survivalcountdowntime 1 + sv_noteamselect true + sv_updatemaster false + #sv_coop_loseinventory true + #cl_startasspectator false + #lms_spectatorview false + ''; + + vdoomserver = pkgs.writeDashBin "vdoomserver" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + + ${pkgs.zandronum}/bin/zandronum-server \ + +exec ${doomservercfg} \ + "$@" + ''; + +in { + environment.systemPackages = with pkgs; [ + dwarf_fortress + doom1 + doom2 + vdoom1 + vdoom2 + vdoomserver + ]; + + hardware.pulseaudio.support32Bit = true; + +} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix new file mode 100644 index 0000000..aed4a9f --- /dev/null +++ b/nin/2configs/git.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +with import ; + +let + + out = { + services.nginx.enable = true; + krebs.git = { + enable = true; + cgit = { + settings = { + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + }; + }; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = public-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + stockholm = { + cgit.desc = "take all the computers hostage, they'll love you!"; + }; + }; + + make-public-repo = name: { cgit ? {}, ... }: { + inherit cgit name; + public = true; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = [ nin nin_h ]; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix new file mode 100644 index 0000000..b078dbd --- /dev/null +++ b/nin/2configs/im.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: +with import ; +{ + environment.systemPackages = with pkgs; [ + (pkgs.writeDashBin "im" '' + export PATH=${makeSearchPath "bin" (with pkgs; [ + tmux + gnugrep + weechat + ])} + ssh chat@onondaga + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + ]; +} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix new file mode 100644 index 0000000..821e3cc --- /dev/null +++ b/nin/2configs/retiolum.nix @@ -0,0 +1,28 @@ +{ ... }: + +{ + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } + { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } + { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + ]; + }; + }; + + krebs.tinc.retiolum = { + enable = true; + connectTo = [ + "prism" + "pigstarter" + "gum" + "flap" + ]; + }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; +} diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix new file mode 100644 index 0000000..621dfae --- /dev/null +++ b/nin/2configs/skype.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.users.extraUsers.nin; + inherit (import ) genid; + +in { + users.extraUsers = { + skype = { + name = "skype"; + uid = genid "skype"; + description = "user for running skype"; + home = "/home/skype"; + useDefaultShell = true; + extraGroups = [ "audio" "video" ]; + createHome = true; + }; + }; + + krebs.per-user.skype.packages = [ + pkgs.skype + ]; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(skype) NOPASSWD: ALL + ''; +} diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix new file mode 100644 index 0000000..942446b --- /dev/null +++ b/nin/2configs/termite.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = [ + pkgs.termite + ]; + + krebs.per-user.nin.packages = let + termitecfg = pkgs.writeTextFile { + name = "termite-config"; + destination = "/etc/xdg/termite/config"; + text = '' + [colors] + foreground = #d0d7d0 + background = #000000 + ''; + }; + in [ + termitecfg + ]; + +} diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix new file mode 100644 index 0000000..7b5d376 --- /dev/null +++ b/nin/2configs/vim.nix @@ -0,0 +1,355 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + out = { + environment.systemPackages = [ + vim + pkgs.pythonPackages.flake8 + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + }; + + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set laststatus=2 + set mouse=a + set noruler + set pastetoggle= + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + + nmap q :buffer + nmap :buffer + + cnoremap + + noremap :q + vnoremap < >gv + + nnoremap [5^ :tabp + nnoremap [6^ :tabn + nnoremap [5@ :tabm -1 + nnoremap [6@ :tabm +1 + + nnoremap :tabp + nnoremap :tabn + inoremap :tabp + inoremap :tabn + + " + noremap Oa | noremap! Oa + noremap Ob | noremap! Ob + noremap Oc | noremap! Oc + noremap Od | noremap! Od + " <[C]S-{Up,Down,Right,Left> + noremap [a | noremap! [a + noremap [b | noremap! [b + noremap [c | noremap! [c + noremap [d | noremap! [d + vnoremap u + ''; + + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree + pkgs.vimPlugins.airline + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchgit { + url = git://github.com/bogado/file-line; + rev = "refs/tags/1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; + }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 + hi Delimiter ctermfg=251 + hi Special ctermfg=062 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) + ]; + + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; + + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); + + vim = pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.vim}/bin/vim "$@" + ''; + + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + set bg=dark + ''; +in +out diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix new file mode 100644 index 0000000..6c0fb31 --- /dev/null +++ b/nin/2configs/weechat.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import ) genid; +in { + krebs.per-user.chat.packages = with pkgs; [ + mosh + weechat + tmux + ]; + + users.extraUsers.chat = { + home = "/home/chat"; + uid = genid "chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; +} diff --git a/nin/default.nix b/nin/default.nix new file mode 100644 index 0000000..c31d6d9 --- /dev/null +++ b/nin/default.nix @@ -0,0 +1,7 @@ +_: +{ + imports = [ + ../krebs + ./2configs + ]; +} diff --git a/nin/krops.nix b/nin/krops.nix new file mode 100644 index 0000000..d007484 --- /dev/null +++ b/nin/krops.nix @@ -0,0 +1,35 @@ +{ name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; + secrets = if test then { + file = toString ./0tests/dummysecrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) + test = { target }: pkgs.krops.writeTest "${name}-test" { + inherit target; + source = source { test = true; }; + }; +} -- cgit v1.3.1 From e5f55bee0992c2fce683022842d3a6c6c41f110f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Oct 2018 22:38:04 +0200 Subject: nin krops: force test --- nin/krops.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nin/krops.nix b/nin/krops.nix index d007484..fef8cc3 100644 --- a/nin/krops.nix +++ b/nin/krops.nix @@ -29,6 +29,7 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { + force = true; inherit target; source = source { test = true; }; }; -- cgit v1.3.1 From 8e6fcec17657935fe1a6a9f4f7496bc7459ca994 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 10 Oct 2018 20:14:05 +0200 Subject: nin games: remove dwarf_fortress --- nin/2configs/games.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix index 15e1723..4c4f0c3 100644 --- a/nin/2configs/games.nix +++ b/nin/2configs/games.nix @@ -57,7 +57,6 @@ let in { environment.systemPackages = with pkgs; [ - dwarf_fortress doom1 doom2 vdoom1 -- cgit v1.3.1 From 5afd672ac58e1db25a2b602055ba5baf0d204558 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 11 Oct 2018 11:33:03 +0200 Subject: tv gitrepos: use proper post-receive default --- tv/2configs/gitrepos.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index a8cbe0f..62c90d4 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -153,7 +153,7 @@ let { public = false; hooks = hooks // { post-receive = /* sh */ '' - (${hooks.post-receive or ""}) + (${hooks.post-receive or ":"}) ${cgit-clear-cache}/bin/cgit-clear-cache ''; }; -- cgit v1.3.1