From 878eb2f4d0562928adf0478c509f34655f19f716 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Apr 2015 01:37:29 +0200 Subject: mors: import mors + config --- modules/lass/bitcoin.nix | 17 +++++ modules/lass/browsers-lass.nix | 65 +++++++++++++++++ modules/lass/desktop-base.nix | 157 +++++++++++++++++++++++++++++++++++++++++ modules/lass/elster.nix | 17 +++++ modules/lass/games.nix | 22 ++++++ modules/lass/pass.nix | 10 +++ modules/lass/programs.nix | 24 +++++++ modules/lass/retiolum-mors.nix | 21 ++++++ modules/lass/steam.nix | 29 ++++++++ modules/lass/urxvt-lass.nix | 54 ++++++++++++++ modules/lass/vim.nix | 93 ++++++++++++++++++++++++ modules/lass/virtualbox.nix | 16 +++++ modules/lass/wine.nix | 17 +++++ modules/lass/xserver-lass.nix | 8 +++ 14 files changed, 550 insertions(+) create mode 100644 modules/lass/bitcoin.nix create mode 100644 modules/lass/browsers-lass.nix create mode 100644 modules/lass/desktop-base.nix create mode 100644 modules/lass/elster.nix create mode 100644 modules/lass/games.nix create mode 100644 modules/lass/pass.nix create mode 100644 modules/lass/programs.nix create mode 100644 modules/lass/retiolum-mors.nix create mode 100644 modules/lass/steam.nix create mode 100644 modules/lass/urxvt-lass.nix create mode 100644 modules/lass/vim.nix create mode 100644 modules/lass/virtualbox.nix create mode 100644 modules/lass/wine.nix create mode 100644 modules/lass/xserver-lass.nix (limited to 'modules/lass') diff --git a/modules/lass/bitcoin.nix b/modules/lass/bitcoin.nix new file mode 100644 index 0000000..d3bccbf --- /dev/null +++ b/modules/lass/bitcoin.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + electrum + ]; + + users.extraUsers = { + bitcoin = { + name = "bitcoin"; + description = "user for bitcoin stuff"; + home = "/home/bitcoin"; + useDefaultShell = true; + createHome = true; + }; + }; +} diff --git a/modules/lass/browsers-lass.nix b/modules/lass/browsers-lass.nix new file mode 100644 index 0000000..8c27de7 --- /dev/null +++ b/modules/lass/browsers-lass.nix @@ -0,0 +1,65 @@ +{ config, pkgs, ... }: + +{ + + nixpkgs.config.packageOverrides = pkgs : { + chromium = pkgs.chromium.override { + pulseSupport = true; + }; + }; + + environment.systemPackages = with pkgs; [ + firefox + chromium + ]; + + users.extraUsers = { + firefox = { + name = "firefox"; + description = "user for running firefox"; + home = "/home/firefox"; + useDefaultShell = true; + extraGroups = [ "audio" ]; + createHome = true; + }; + chromium = { + name = "chromium"; + description = "user for running chromium"; + home = "/home/chromium"; + useDefaultShell = true; + extraGroups = [ "audio" ]; + createHome = true; + }; + facebook = { + name = "facebook"; + description = "user for running facebook in chromium"; + home = "/home/facebook"; + useDefaultShell = true; + extraGroups = [ "audio" ]; + createHome = true; + }; + google = { + name = "google"; + description = "user for running google+/gmail in chromium"; + home = "/home/google"; + useDefaultShell = true; + createHome = true; + }; + flash = { + name = "flash"; + description = "user for running flash stuff"; + home = "/home/flash"; + useDefaultShell = true; + extraGroups = [ "audio" ]; + createHome = true; + }; + }; + + security.sudo.extraConfig = '' + lass ALL=(firefox) NOPASSWD: ALL + lass ALL=(chromium) NOPASSWD: ALL + lass ALL=(facebook) NOPASSWD: ALL + lass ALL=(google) NOPASSWD: ALL + lass ALL=(flash) NOPASSWD: ALL + ''; +} diff --git a/modules/lass/desktop-base.nix b/modules/lass/desktop-base.nix new file mode 100644 index 0000000..8b8da65 --- /dev/null +++ b/modules/lass/desktop-base.nix @@ -0,0 +1,157 @@ +{ config, pkgs, ... }: + +{ + boot.tmpOnTmpfs = true; + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" + ]; + + time.timeZone = "Europe/Berlin"; + + virtualisation.libvirtd.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + # multiple-definition-problem when defining environment.variables.EDITOR + environment.extraInit = '' + EDITOR=vim + PAGER=most + ''; + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + + #fancy colors + if [ -e ~/LS_COLORS ]; then + eval $(dircolors ~/LS_COLORS) + fi + + if [ -e /etc/nixos/dotfiles/link ]; then + /etc/nixos/dotfiles/link + fi + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]\w\[\033[0m\] ' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]\w\[\033[0m\] ' + else + PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + programs.ssh.startAgent = false; + + security.setuidPrograms = [ "slock" ]; + + ###SERVICES BEGIN + services.gitolite = { + enable = true; + dataDir = "/home/gitolite"; + adminPubkey = '' + ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors + ''; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + + services.printing = { + enable = true; + drivers = [ pkgs.foomatic_filters ]; + }; + ###SERVICES END + + environment.systemPackages = with pkgs; [ + gitolite + git + + #terminal + most + powertop + + #network + iptables + + #video stuff + haskellPackages.xmobar + haskellPackages.yeganesh + dmenu2 + xlibs.fontschumachermisc + ]; + + nix.useChroot = true; + + # + # user settings + # + users.mutableUsers = false; + users.extraUsers = { + #gitolite = { + # name = "gitolite"; + # description = "gitolite git manager"; + # home = "/home/gitolite"; + # createHome = true; + # useDefaultShell = true; + #}; + testing = { + name = "testing"; + description = "user for testing various stuff"; + home = "/home/testing"; + useDefaultShell = true; + createHome = true; + }; + }; + + networking.firewall = { + enable = true; + + allowedTCPPorts = [ + 22 + ]; + + extraCommands = '' + iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED + iptables -A INPUT -j ACCEPT -i lo + + #iptables -N Retiolum + iptables -A INPUT -j Retiolum -i retiolum + iptables -A Retiolum -j ACCEPT -p icmp + iptables -A Retiolum -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED + iptables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset + iptables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable + iptables -A Retiolum -j REJECT --reject-with icmp-proto-unreachable + iptables -A Retiolum -j REJECT + ''; + + extraStopCommands = "iptables -F"; + }; + +} diff --git a/modules/lass/elster.nix b/modules/lass/elster.nix new file mode 100644 index 0000000..c31c2f3 --- /dev/null +++ b/modules/lass/elster.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + users.extraUsers = { + elster = { + name = "elster"; + description = "user for running elster-online"; + home = "/home/elster"; + useDefaultShell = true; + extraGroups = []; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + lass ALL=(elster) NOPASSWD: ALL + ''; +} diff --git a/modules/lass/games.nix b/modules/lass/games.nix new file mode 100644 index 0000000..d48c484 --- /dev/null +++ b/modules/lass/games.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + dwarf_fortress + ]; + + users.extraUsers = { + games = { + name = "games"; + description = "user playing games"; + home = "/home/games"; + extraGroups = [ "audio" ]; + createHome = true; + useDefaultShell = true; + }; + }; + + security.sudo.extraConfig = '' + lass ALL=(games) NOPASSWD: ALL + ''; +} diff --git a/modules/lass/pass.nix b/modules/lass/pass.nix new file mode 100644 index 0000000..33eca0a --- /dev/null +++ b/modules/lass/pass.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + pass + gnupg1 + ]; + + services.xserver.startGnuPGAgent = true; +} diff --git a/modules/lass/programs.nix b/modules/lass/programs.nix new file mode 100644 index 0000000..41d241b --- /dev/null +++ b/modules/lass/programs.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: + +## TODO sort and split up +{ + environment.systemPackages = with pkgs; [ + aria2 + gnupg1compat + htop + i3lock + mc + mosh + mpv + pass + pavucontrol + pv + pwgen + python34Packages.livestreamer + remmina + silver-searcher + wget + xsel + youtube-dl + ]; +} diff --git a/modules/lass/retiolum-mors.nix b/modules/lass/retiolum-mors.nix new file mode 100644 index 0000000..61a7856 --- /dev/null +++ b/modules/lass/retiolum-mors.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../tv/retiolum.nix + ]; + + services.retiolum = { + enable = true; + hosts = ../../hosts; + privateKeyFile = "/etc/nixos/secrets/mors.retiolum.rsa_key.priv"; + connectTo = [ + "fastpoke" + "gum" + "ire" + ]; + }; + + networking.firewall.allowedTCPPorts = [ 655 ]; + networking.firewall.allowedUDPPorts = [ 655 ]; +} diff --git a/modules/lass/steam.nix b/modules/lass/steam.nix new file mode 100644 index 0000000..d54873b --- /dev/null +++ b/modules/lass/steam.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + + imports = [ + ./games.nix + ]; + # + # Steam stuff + # source: https://nixos.org/wiki/Talk:Steam + # + ##TODO: make steam module + hardware.opengl.driSupport32Bit = true; + + environment.systemPackages = with pkgs; [ + steam + ]; + networking.firewall = { + allowedUDPPorts = [ + 27031 + 27036 + ]; + allowedTCPPorts = [ + 27036 + 27037 + ]; + }; + +} diff --git a/modules/lass/urxvt-lass.nix b/modules/lass/urxvt-lass.nix new file mode 100644 index 0000000..ca3fe36 --- /dev/null +++ b/modules/lass/urxvt-lass.nix @@ -0,0 +1,54 @@ +{ pkgs, ... }: + +{ + imports = [ + ./urxvtd.nix + ]; + + services.urxvtd = { + enable = true; + users = [ "lass" ]; + urxvtPackage = pkgs.rxvt_unicode_with-plugins; + xresources = '' + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select + URxvt.url-select.launcher: browser-select + URxvt.url-select.underline: true + URxvt.keysym.M-u: perl:url-select:select_next + URxvt.keysym.M-Escape: perl:keyboard-select:activate + URxvt.keysym.M-s: perl:keyboard-select:search + + URxvt.intensityStyles: false + + !solarized colors + URxvt*fading: 5 + URxvt*background: #002b36 + URxvt*foreground: #657b83 + URxvt*fadeColor: #002b36 + URxvt*cursorColor: #93a1a1 + URxvt*pointerColorBackground: #586e75 + URxvt*pointerColorForeground: #93a1a1 + URxvt*colorUL: #859900 + URxvt*colorBD: #268bd2 + URxvt*color0: #073642 + URxvt*color8: #002b36 + URxvt*color1: #dc322f + URxvt*color9: #cb4b16 + URxvt*color2: #859900 + URxvt*color10: #586e75 + URxvt*color3: #b58900 + URxvt*color11: #657b83 + URxvt*color4: #268bd2 + URxvt*color12: #839496 + URxvt*color5: #d33682 + URxvt*color13: #6c71c4 + URxvt*color6: #2aa198 + URxvt*color14: #93a1a1 + URxvt*color7: #eee8d5 + URxvt*color15: #fdf6e3 + ''; + }; +} diff --git a/modules/lass/vim.nix b/modules/lass/vim.nix new file mode 100644 index 0000000..e277bd7 --- /dev/null +++ b/modules/lass/vim.nix @@ -0,0 +1,93 @@ +{ config, pkgs, ... }: + +{ + + environment.systemPackages = with pkgs; [ + (vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = '' + set nocompatible + set t_Co=16 + syntax on + " TODO autoload colorscheme file + set background=dark + colorscheme solarized + filetype off + filetype plugin indent on + + imap + + set mouse=a + set ruler + set showmatch + set backspace=2 + set visualbell + set encoding=utf8 + set showcmd + set wildmenu + + set title + set titleold= + set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} + + set autoindent + + set ttyfast + + set pastetoggle= + + + " Force Saving Files that Require Root Permission + command! W silent w !sudo tee "%" >/dev/null + + nnoremap :q + vnoremap < >gv + + "Tabwidth + set ts=2 sts=2 sw=2 et + autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et + autocmd BufRead *.hs set ts=4 sts=4 sw=4 et + + " create Backup/tmp/undo dirs + function! InitBackupDir() + let l:parent = $HOME . '/.vim/' + let l:backup = l:parent . 'backups/' + let l:tmpdir = l:parent . 'tmp/' + let l:undodi = l:parent . 'undo/' + + if !isdirectory(l:parent) + call mkdir(l:parent) + endif + if !isdirectory(l:backup) + call mkdir(l:backup) + endif + if !isdirectory(l:tmpdir) + call mkdir(l:tmpdir) + endif + if !isdirectory(l:undodi) + call mkdir(l:undodi) + endif + endfunction + call InitBackupDir() + + " Backups & Files + set backup + set backupdir=~/.vim/backups + set directory=~/.vim/tmp// + set viminfo='20,<1000,s100,h,n~/.vim/tmp/info + set undodir=$HOME/.vim/undo + set undofile + ''; + + vimrcConfig.vam.knownPlugins = vimPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { name = "Gundo"; } + { name = "commentary"; } + { name = "vim-addon-nix"; } + { name = "colors-solarized"; } + ]; + }) + ]; +} diff --git a/modules/lass/virtualbox.nix b/modules/lass/virtualbox.nix new file mode 100644 index 0000000..bd57077 --- /dev/null +++ b/modules/lass/virtualbox.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + services.virtualboxHost.enable = true; + + users.extraUsers = { + virtual = { + name = "virtual"; + description = "user for running VirtualBox"; + home = "/home/virtual"; + useDefaultShell = true; + extraGroups = [ "vboxusers" ]; + createHome = true; + }; + }; +} diff --git a/modules/lass/wine.nix b/modules/lass/wine.nix new file mode 100644 index 0000000..838b67d --- /dev/null +++ b/modules/lass/wine.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + users.extraUsers = { + elster = { + name = "elster"; + description = "user for running elster-online"; + home = "/home/elster"; + useDefaultShell = true; + extraGroups = []; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + lass ALL=(wine) NOPASSWD: ALL + ''; +} diff --git a/modules/lass/xserver-lass.nix b/modules/lass/xserver-lass.nix new file mode 100644 index 0000000..62f7115 --- /dev/null +++ b/modules/lass/xserver-lass.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../tv/xserver.nix + ]; + services.xserver.displayManager.auto.user = "lass"; +} -- cgit v1.2.3