summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2018-04-10 18:17:58 +0200
committerjeschli <jeschli@gmail.com>2018-04-10 18:17:58 +0200
commitab7b04f55e9eb331e5f9ed254843ed8e0bcf9d78 (patch)
tree3c5811972b7fb1c58dbcdc3ac5f52a6bcf9f492b /lass/2configs
parent3f9cbbc8d1f5420ef276633f087e63f700c386e7 (diff)
parent5b8c4d24e274bbf26e85420fc11b5bf7e24ac22d (diff)
Merge branch 'master' of prism.r:stockholm
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/browsers.nix77
-rw-r--r--lass/2configs/games.nix4
-rw-r--r--lass/2configs/mail.nix4
-rw-r--r--lass/2configs/network-manager.nix8
-rw-r--r--lass/2configs/privoxy.nix5
-rw-r--r--lass/2configs/reaktor-coders.nix2
-rw-r--r--lass/2configs/repo-sync.nix15
-rw-r--r--lass/2configs/virtualbox.nix2
8 files changed, 57 insertions, 60 deletions
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index cbbd54b6b..3030d8faf 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -21,59 +21,37 @@ let
$BIN "$@"
'';
- createChromiumUser = name: extraGroups: precedence:
- let
- bin = pkgs.writeScriptBin name ''
- /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
- '';
- in {
- users.extraUsers.${name} = {
- inherit name;
- inherit extraGroups;
- home = "/home/${name}";
- uid = genid name;
- useDefaultShell = true;
- createHome = true;
- };
- lass.browser.paths.${name} = {
- path = bin;
- inherit precedence;
+ createUser = script: name: groups: precedence: dpi:
+ {
+ lass.xjail.${name} = {
+ inherit script groups dpi;
};
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
- '';
environment.systemPackages = [
- bin
+ config.lass.xjail-bins.${name}
+ (pkgs.writeDashBin "cx-${name}" ''
+ DISPLAY=:${toString (genid_signed name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip
+ '')
];
- };
-
- createFirefoxUser = name: extraGroups: precedence:
- let
- bin = pkgs.writeScriptBin name ''
- /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@
- '';
- in {
- users.extraUsers.${name} = {
- inherit name;
- inherit extraGroups;
- home = "/home/${name}";
- uid = genid name;
- useDefaultShell = true;
- createHome = true;
- };
lass.browser.paths.${name} = {
- path = bin;
+ path = config.lass.xjail-bins.${name};
inherit precedence;
};
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
- '';
- environment.systemPackages = [
- bin
- ];
};
- #TODO: abstract this
+ createChromiumUser = name: groups: precedence:
+ createUser (pkgs.writeDash name ''
+ ${pkgs.chromium}/bin/chromium "$@"
+ '') name groups precedence 80;
+
+ createFirefoxUser = name: groups: precedence:
+ createUser (pkgs.writeDash name ''
+ ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@"
+ '') name groups precedence 80;
+
+ createQuteUser = name: groups: precedence:
+ createUser (pkgs.writeDash name ''
+ ${pkgs.qutebrowser}/bin/qutebrowser "$@"
+ '') name groups precedence 60;
in {
@@ -110,12 +88,13 @@ in {
}));
};
}
+ ( createQuteUser "qb" [ "audio" ] 20 )
( createFirefoxUser "ff" [ "audio" ] 10 )
- ( createChromiumUser "cr" [ "video" "audio" ] 9 )
+ ( createChromiumUser "cr" [ "audio" ] 9 )
( createChromiumUser "gm" [ "video" "audio" ] 8 )
- ( createChromiumUser "wk" [ "video" "audio" ] 0 )
- ( createChromiumUser "fb" [ "video" "audio" ] 0 )
- ( createChromiumUser "com" [ "video" "audio" ] 0 )
+ ( createChromiumUser "wk" [ "audio" ] 0 )
+ ( createChromiumUser "fb" [ "audio" ] 0 )
+ ( createChromiumUser "com" [ "audio" ] 0 )
( createChromiumUser "fin" [] (-1) )
];
}
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 50362cda4..3ee3a98a5 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -3,7 +3,7 @@
let
mainUser = config.users.extraUsers.mainUser;
vdoom = pkgs.writeDash "vdoom" ''
- ${pkgs.zandronum-bin}/bin/zandronum \
+ ${pkgs.zandronum}/bin/zandronum \
-fov 120 \
"$@"
'';
@@ -50,7 +50,7 @@ let
vdoomserver = pkgs.writeDashBin "vdoomserver" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${pkgs.zandronum-bin}/bin/zandronum-server \
+ ${pkgs.zandronum}/bin/zandronum-server \
+exec ${doomservercfg} \
"$@"
'';
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index b9682c5ee..81db59617 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -75,7 +75,7 @@ let
muttrc = pkgs.writeText "muttrc" ''
# gpg
- source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
+ source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc
set pgp_use_gpg_agent = yes
set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D
set crypt_autosign = yes
@@ -195,7 +195,7 @@ let
name = "mutt";
paths = [
(pkgs.writeDashBin "mutt" ''
- exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@
+ exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@
'')
pkgs.neomutt
];
diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix
index c4f757de1..5b890b591 100644
--- a/lass/2configs/network-manager.nix
+++ b/lass/2configs/network-manager.nix
@@ -14,7 +14,13 @@
RestartSec = "5";
};
};
- networking.networkmanager.enable = true;
+ networking.networkmanager = {
+ enable = true;
+ unmanaged = [
+ "docker*"
+ "vboxnet*"
+ ];
+ };
users.users.mainUser = {
extraGroups = [ "networkmanager" ];
packages = with pkgs; [
diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix
index 33e8d1e46..e0a086421 100644
--- a/lass/2configs/privoxy.nix
+++ b/lass/2configs/privoxy.nix
@@ -3,10 +3,5 @@
{
services.privoxy = {
enable = true;
- extraConfig = ''
- #use polipo
- forward / localhost:8123
- '';
};
- services.polipo.enable = true;
}
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 2541df3a6..5fa1611ae 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -84,7 +84,7 @@ with import <stockholm/lib>;
(buildSimpleReaktorPlugin "ping" {
pattern = "^!ping (?P<args>.*)$$";
script = pkgs.writeDash "ping" ''
- exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
+ exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
'';
})
];
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index 98dbdc227..ad44c67e1 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -61,6 +61,21 @@ let
origin.url = "http://cgit.lassul.us/${name}";
mirror.url = "${mirror}${name}";
};
+ makefu-staging = {
+ origin.url = "http://cgit.gum/${name}";
+ origin.ref = "heads/staging";
+ mirror.url = "${mirror}${name}";
+ };
+ tv-staging = {
+ origin.url = "http://cgit.ni.r/${name}";
+ origin.ref = "heads/staging";
+ mirror.url = "${mirror}${name}";
+ };
+ nin-staging = {
+ origin.url = "http://cgit.onondaga.r/${name}";
+ origin.ref = "heads/staging";
+ mirror.url = "${mirror}${name}";
+ };
};
latest = {
url = "${mirror}${name}";
diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix
index f7d196057..8171def2d 100644
--- a/lass/2configs/virtualbox.nix
+++ b/lass/2configs/virtualbox.nix
@@ -6,6 +6,8 @@ let
in {
#services.virtualboxHost.enable = true;
virtualisation.virtualbox.host.enable = true;
+ nixpkgs.config.virtualbox.enableExtensionPack = true;
+ virtualisation.virtualbox.host.enableHardening = false;
users.extraUsers = {
virtual = {