summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2018-04-04 15:23:44 +0200
committermakefu <github@syntax-fehler.de>2018-04-04 15:23:44 +0200
commit3ed84b0b8c063a294e7cb40a786fa7a15ee0e5a4 (patch)
tree569658ceb8fc90f640d7ce48357eb84a0383b494 /lass/2configs
parent1b740bf9ef32972f7242226699a75b39feeb18b2 (diff)
parent1a5b58c828409ce9bf1639f3f26ebeb142e0148a (diff)
Merge remote-tracking branch 'lass/staging/18.03' into staging
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/browsers.nix74
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/mail.nix18
-rw-r--r--lass/2configs/privoxy.nix5
-rw-r--r--lass/2configs/security-workarounds.nix2
-rw-r--r--lass/2configs/websites/domsen.nix2
-rw-r--r--lass/2configs/websites/fritz.nix3
7 files changed, 43 insertions, 62 deletions
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index cbbd54b6b..91ee08bfd 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -21,59 +21,32 @@ let
$BIN "$@"
'';
- createChromiumUser = name: extraGroups: precedence:
- let
- bin = pkgs.writeScriptBin name ''
- /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
- '';
- in {
- users.extraUsers.${name} = {
- inherit name;
- inherit extraGroups;
- home = "/home/${name}";
- uid = genid name;
- useDefaultShell = true;
- createHome = true;
+ createUser = script: name: groups: precedence: dpi:
+ {
+ lass.xjail.${name} = {
+ inherit script groups dpi;
};
+ environment.systemPackages = [ config.lass.xjail-bins.${name} ];
lass.browser.paths.${name} = {
- path = bin;
+ path = config.lass.xjail-bins.${name};
inherit precedence;
};
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
- '';
- environment.systemPackages = [
- bin
- ];
};
- createFirefoxUser = name: extraGroups: precedence:
- let
- bin = pkgs.writeScriptBin name ''
- /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@
- '';
- in {
- users.extraUsers.${name} = {
- inherit name;
- inherit extraGroups;
- home = "/home/${name}";
- uid = genid name;
- useDefaultShell = true;
- createHome = true;
- };
- lass.browser.paths.${name} = {
- path = bin;
- inherit precedence;
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
- '';
- environment.systemPackages = [
- bin
- ];
- };
+ createChromiumUser = name: groups: precedence:
+ createUser (pkgs.writeDash name ''
+ ${pkgs.chromium}/bin/chromium "$@"
+ '') name groups precedence 80;
+
+ createFirefoxUser = name: groups: precedence:
+ createUser (pkgs.writeDash name ''
+ ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@"
+ '') name groups precedence 80;
- #TODO: abstract this
+ createQuteUser = name: groups: precedence:
+ createUser (pkgs.writeDash name ''
+ ${pkgs.qutebrowser}/bin/qutebrowser "$@"
+ '') name groups precedence 60;
in {
@@ -110,12 +83,13 @@ in {
}));
};
}
+ ( createQuteUser "qb" [ "audio" ] 20 )
( createFirefoxUser "ff" [ "audio" ] 10 )
- ( createChromiumUser "cr" [ "video" "audio" ] 9 )
+ ( createChromiumUser "cr" [ "audio" ] 9 )
( createChromiumUser "gm" [ "video" "audio" ] 8 )
- ( createChromiumUser "wk" [ "video" "audio" ] 0 )
- ( createChromiumUser "fb" [ "video" "audio" ] 0 )
- ( createChromiumUser "com" [ "video" "audio" ] 0 )
+ ( createChromiumUser "wk" [ "audio" ] 0 )
+ ( createChromiumUser "fb" [ "audio" ] 0 )
+ ( createChromiumUser "com" [ "audio" ] 0 )
( createChromiumUser "fin" [] (-1) )
];
}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index ae652722a..4455d2761 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -78,6 +78,7 @@ with import <stockholm/lib>;
{ from = "github@lassul.us"; to = lass.mail; }
{ from = "ovh@lassul.us"; to = lass.mail; }
{ from = "hetzner@lassul.us"; to = lass.mail; }
+ { from = "allygator@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 03d39ef75..81db59617 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -8,6 +8,16 @@ let
logfile ~/.msmtp.log
account prism
host prism.r
+ account c-base
+ from lassulus@c-base.org
+ host c-mail.c-base.org
+ port 465
+ tls on
+ tls_starttls off
+ tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4
+ auth on
+ user lassulus
+ passwordeval pass show c-base/pass
account default: prism
'';
@@ -36,9 +46,11 @@ let
];
dezentrale = [ "to:dezentrale.space" ];
dhl = [ "to:dhl@lassul.us" ];
+ eloop = [ "to:eloop.org" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
+ lugs = [ "to:lugs@lug-s.org" ];
nix-devel = [ "to:nix-devel@googlegroups.com" ];
patreon = [ "to:patreon@lassul.us" ];
paypal = [ "to:paypal@lassul.us" ];
@@ -63,9 +75,9 @@ let
muttrc = pkgs.writeText "muttrc" ''
# gpg
- source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
+ source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc
set pgp_use_gpg_agent = yes
- set pgp_sign_as = 0x976A7E4D
+ set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D
set crypt_autosign = yes
set crypt_replyencrypt = yes
set crypt_verify_sig = yes
@@ -183,7 +195,7 @@ let
name = "mutt";
paths = [
(pkgs.writeDashBin "mutt" ''
- exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@
+ exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@
'')
pkgs.neomutt
];
diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix
index 33e8d1e46..e0a086421 100644
--- a/lass/2configs/privoxy.nix
+++ b/lass/2configs/privoxy.nix
@@ -3,10 +3,5 @@
{
services.privoxy = {
enable = true;
- extraConfig = ''
- #use polipo
- forward / localhost:8123
- '';
};
- services.polipo.enable = true;
}
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
index c3d07d5fe..537c8a59b 100644
--- a/lass/2configs/security-workarounds.nix
+++ b/lass/2configs/security-workarounds.nix
@@ -5,6 +5,4 @@ with import <stockholm/lib>;
boot.extraModprobeConfig = ''
install dccp /run/current-system/sw/bin/false
'';
-
- boot.kernelPackages = pkgs.linuxPackages_latest;
}
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 9ece2af77..7a72499c9 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -49,6 +49,7 @@ in {
"www.ubikmedia.eu"
"www.youthtube.xyz"
"www.ubikmedia.de"
+ "www.joemisch.com"
"www.weirdwednesday.de"
"aldona2.ubikmedia.de"
@@ -63,6 +64,7 @@ in {
"weirdwednesday.ubikmedia.de"
"freemonkey.ubikmedia.de"
"jarugadesign.ubikmedia.de"
+ "crypto4art.ubikmedia.de"
])
];
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index aa57a9857..14d6ce9ec 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -12,9 +12,8 @@ let
;
msmtprc = pkgs.writeText "msmtprc" ''
- account localhost
+ account default
host localhost
- account default: localhost
'';
sendmail = pkgs.writeDash "msmtp" ''