diff options
author | makefu <github@syntax-fehler.de> | 2016-06-02 11:17:24 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2016-06-02 11:17:24 +0200 |
commit | 29cdc9994c90d5280543cd0628384dbf032ad15d (patch) | |
tree | 1283849d5caa27662cfb977dd4516cd887d02fcd | |
parent | 4f28d9a306c2989304b52889c07e22992e40da0b (diff) | |
parent | 8ec65b04dc5010f910bf67f1db8a78bd844202b0 (diff) |
Merge remote-tracking branch 'cd/master'
-rw-r--r-- | tv/2configs/xserver/default.nix | 221 | ||||
-rw-r--r-- | tv/5pkgs/ff/default.nix | 10 |
2 files changed, 113 insertions, 118 deletions
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index b5b116786..965c3bbe1 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -1,135 +1,126 @@ -{ config, lib, pkgs, ... }@args: - +{ config, pkgs, ... }@args: with config.krebs.lib; - let # TODO krebs.build.user user = config.users.users.tv; +in { + + environment.systemPackages = [ + pkgs.ff + pkgs.gitAndTools.qgit + pkgs.mpv + pkgs.sxiv + pkgs.xsel + pkgs.zathura + ]; + + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + # TODO dedicated group, i.e. with a single user [per-user-setuid] + # TODO krebs.setuid.slock.path vs /var/setuid-wrappers + krebs.setuid.slock = { + filename = "${pkgs.slock}/bin/slock"; + group = "wheel"; + envp = { + DISPLAY = ":${toString config.services.xserver.display}"; + USER = user.name; + }; + }; - out = { - services.xserver.display = 11; - services.xserver.tty = 11; + services.xserver = { + enable = true; + display = 11; + tty = 11; - services.xserver.synaptics = { + synaptics = { enable = true; twoFingerScroll = true; accelFactor = "0.035"; }; + }; - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; - - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - serviceConfig = { - ExecReload = need-reload "urxvtd.service"; - ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = user.name; - }; + systemd.services.display-manager.enable = false; + + systemd.services.xmonad = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + + XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & + ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & + ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} & + ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & + wait + ''; + + XMONAD_STATE = "/tmp/xmonad.state"; + + # XXX JSON is close enough :) + XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ + "Dashboard" # we start here + "23" + "cr" + "ff" + "hack" + "im" + "mail" + "stockholm" + "za" "zh" "zj" "zs" + ]); }; - - environment.systemPackages = [ - pkgs.ff - pkgs.gitAndTools.qgit - pkgs.mpv - pkgs.sxiv - pkgs.xsel - pkgs.zathura - ]; - - # TODO dedicated group, i.e. with a single user - # TODO krebs.setuid.slock.path vs /var/setuid-wrappers - krebs.setuid.slock = { - filename = "${pkgs.slock}/bin/slock"; - group = "wheel"; - envp = { - DISPLAY = ":${toString config.services.xserver.display}"; - USER = user.name; - }; + serviceConfig = { + SyslogIdentifier = "xmonad"; + ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-tv"; + ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-tv --shutdown"; + User = user.name; + WorkingDirectory = user.home; }; + }; - systemd.services.display-manager.enable = false; - - services.xserver.enable = true; - - systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = xmonad-environment; - serviceConfig = { - ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-tv"; - ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-tv --shutdown"; - User = user.name; - WorkingDirectory = user.home; - }; + systemd.services.xserver = { + after = [ + "systemd-udev-settle.service" + "local-fs.target" + "acpid.service" + ]; + reloadIfChanged = true; + environment = { + XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. + XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. + LD_LIBRARY_PATH = concatStringsSep ":" ( + [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); }; - - systemd.services.xserver = { - after = [ - "systemd-udev-settle.service" - "local-fs.target" - "acpid.service" + serviceConfig = { + SyslogIdentifier = "xserver"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = toString [ + "${pkgs.xorg.xorgserver}/bin/X" + ":${toString config.services.xserver.display}" + "vt${toString config.services.xserver.tty}" + "-config ${import ./xserver.conf.nix args}" + "-logfile /dev/null -logverbose 0 -verbose 3" + "-nolisten tcp" + "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" ]; - reloadIfChanged = true; - environment = xserver-environment; - serviceConfig = { - ExecReload = need-reload "xserver.service"; - ExecStart = toString [ - "${pkgs.xorg.xorgserver}/bin/X" - ":${toString config.services.xserver.display}" - "vt${toString config.services.xserver.tty}" - "-config ${import ./xserver.conf.nix args}" - "-logfile /var/log/X.${toString config.services.xserver.display}.log" - "-nolisten tcp" - "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" - ]; - }; }; }; - xmonad-environment = { - DISPLAY = ":${toString config.services.xserver.display}"; - - XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & - ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & - ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} & - ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & - wait - ''; - - XMONAD_STATE = "/tmp/xmonad.state"; - - # XXX JSON is close enough :) - XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ - "Dashboard" # we start here - "23" - "cr" - "ff" - "hack" - "im" - "mail" - "stockholm" - "za" "zh" "zj" "zs" - ]); - }; - - xserver-environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] - ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + serviceConfig = { + SyslogIdentifier = "urxvtd"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = user.name; + }; }; - - need-reload = s: toString [ - "${pkgs.writeDashBin "need-reload" ''echo "$*"''}/bin/need-reload" - (shell.escape s) - ]; - -in out +} diff --git a/tv/5pkgs/ff/default.nix b/tv/5pkgs/ff/default.nix index 2db404030..b1d2c579a 100644 --- a/tv/5pkgs/ff/default.nix +++ b/tv/5pkgs/ff/default.nix @@ -1,8 +1,12 @@ { pkgs, ... }: -pkgs.writeScriptBin "ff" '' - #! ${pkgs.bash}/bin/bash - exec sudo -u ff -i <<EOF +# TODO use krebs.setuid +# This requires that we can create setuid executables that can only be accessed +# by a single user. [per-user-setuid] + +# using bash for %q +pkgs.writeBashBin "ff" '' + exec /var/setuid-wrappers/sudo -u ff -i <<EOF exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@") EOF '' |