diff options
author | lassulus <lass@aidsballs.de> | 2015-04-10 01:37:29 +0200 |
---|---|---|
committer | tv <tv@shackspace.de> | 2015-05-19 23:17:19 +0200 |
commit | aa5d113f90c29f483aa679738dc52e5df1763fec (patch) | |
tree | 9be801304c8331bc211ad738836b3f3a03e74cea /modules/lass | |
parent | 6593d16308109ded64d5c842d6a12c4106767df4 (diff) |
mors: import mors + config
Diffstat (limited to 'modules/lass')
-rw-r--r-- | modules/lass/bitcoin.nix | 17 | ||||
-rw-r--r-- | modules/lass/browsers-lass.nix | 65 | ||||
-rw-r--r-- | modules/lass/desktop-base.nix | 157 | ||||
-rw-r--r-- | modules/lass/elster.nix | 17 | ||||
-rw-r--r-- | modules/lass/games.nix | 22 | ||||
-rw-r--r-- | modules/lass/pass.nix | 10 | ||||
-rw-r--r-- | modules/lass/programs.nix | 24 | ||||
-rw-r--r-- | modules/lass/retiolum-mors.nix | 21 | ||||
-rw-r--r-- | modules/lass/steam.nix | 29 | ||||
-rw-r--r-- | modules/lass/urxvt-lass.nix | 54 | ||||
-rw-r--r-- | modules/lass/vim.nix | 93 | ||||
-rw-r--r-- | modules/lass/virtualbox.nix | 16 | ||||
-rw-r--r-- | modules/lass/wine.nix | 17 | ||||
-rw-r--r-- | modules/lass/xserver-lass.nix | 8 |
14 files changed, 550 insertions, 0 deletions
diff --git a/modules/lass/bitcoin.nix b/modules/lass/bitcoin.nix new file mode 100644 index 000000000..d3bccbf5c --- /dev/null +++ b/modules/lass/bitcoin.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + electrum + ]; + + users.extraUsers = { + bitcoin = { + name = "bitcoin"; + description = "user for bitcoin stuff"; + home = "/home/bitcoin"; + useDefaultShell = true; + createHome = true; + }; + }; +} diff --git a/modules/lass/browsers-lass.nix b/modules/lass/browsers-lass.nix new file mode 100644 index 000000000..8c27de7b4 --- /dev/null +++ b/modules/lass/browsers-lass.nix @@ -0,0 +1,65 @@ +{ config, pkgs, ... }: + +{ + + nixpkgs.config.packageOverrides = pkgs : { + chromium = pkgs.chromium.override { + pulseSupport = true; + }; + }; + + environment.systemPackages = with pkgs; [ + firefox + chromium + ]; + + users.extraUsers = { + firefox = { + name = "firefox"; + description = "user for running firefox"; + home = "/home/firefox"; + useDefaultShell = true; + extraGroups = [ "audio" ]; + createHome = true; + }; + chromium = { + name = "chromium"; + description = "user for running chromium"; + home = "/home/chromium"; + useDefaultShell = true; + extraGroups = [ "audio" ]; + createHome = true; + }; + facebook = { + name = "facebook"; + description = "user for running facebook in chromium"; + home = "/home/facebook"; + useDefaultShell = true; + extraGroups = [ "audio" ]; + createHome = true; + }; + google = { + name = "google"; + description = "user for running google+/gmail in chromium"; + home = "/home/google"; + useDefaultShell = true; + createHome = true; + }; + flash = { + name = "flash"; + description = "user for running flash stuff"; + home = "/home/flash"; + useDefaultShell = true; + extraGroups = [ "audio" ]; + createHome = true; + }; + }; + + security.sudo.extraConfig = '' + lass ALL=(firefox) NOPASSWD: ALL + lass ALL=(chromium) NOPASSWD: ALL + lass ALL=(facebook) NOPASSWD: ALL + lass ALL=(google) NOPASSWD: ALL + lass ALL=(flash) NOPASSWD: ALL + ''; +} diff --git a/modules/lass/desktop-base.nix b/modules/lass/desktop-base.nix new file mode 100644 index 000000000..8b8da6538 --- /dev/null +++ b/modules/lass/desktop-base.nix @@ -0,0 +1,157 @@ +{ config, pkgs, ... }: + +{ + boot.tmpOnTmpfs = true; + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" + ]; + + time.timeZone = "Europe/Berlin"; + + virtualisation.libvirtd.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + # multiple-definition-problem when defining environment.variables.EDITOR + environment.extraInit = '' + EDITOR=vim + PAGER=most + ''; + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + + #fancy colors + if [ -e ~/LS_COLORS ]; then + eval $(dircolors ~/LS_COLORS) + fi + + if [ -e /etc/nixos/dotfiles/link ]; then + /etc/nixos/dotfiles/link + fi + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]\w\[\033[0m\] ' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]\w\[\033[0m\] ' + else + PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + programs.ssh.startAgent = false; + + security.setuidPrograms = [ "slock" ]; + + ###SERVICES BEGIN + services.gitolite = { + enable = true; + dataDir = "/home/gitolite"; + adminPubkey = '' + ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors + ''; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + + services.printing = { + enable = true; + drivers = [ pkgs.foomatic_filters ]; + }; + ###SERVICES END + + environment.systemPackages = with pkgs; [ + gitolite + git + + #terminal + most + powertop + + #network + iptables + + #video stuff + haskellPackages.xmobar + haskellPackages.yeganesh + dmenu2 + xlibs.fontschumachermisc + ]; + + nix.useChroot = true; + + # + # user settings + # + users.mutableUsers = false; + users.extraUsers = { + #gitolite = { + # name = "gitolite"; + # description = "gitolite git manager"; + # home = "/home/gitolite"; + # createHome = true; + # useDefaultShell = true; + #}; + testing = { + name = "testing"; + description = "user for testing various stuff"; + home = "/home/testing"; + useDefaultShell = true; + createHome = true; + }; + }; + + networking.firewall = { + enable = true; + + allowedTCPPorts = [ + 22 + ]; + + extraCommands = '' + iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED + iptables -A INPUT -j ACCEPT -i lo + + #iptables -N Retiolum + iptables -A INPUT -j Retiolum -i retiolum + iptables -A Retiolum -j ACCEPT -p icmp + iptables -A Retiolum -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED + iptables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset + iptables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable + iptables -A Retiolum -j REJECT --reject-with icmp-proto-unreachable + iptables -A Retiolum -j REJECT + ''; + + extraStopCommands = "iptables -F"; + }; + +} diff --git a/modules/lass/elster.nix b/modules/lass/elster.nix new file mode 100644 index 000000000..c31c2f310 --- /dev/null +++ b/modules/lass/elster.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + users.extraUsers = { + elster = { + name = "elster"; + description = "user for running elster-online"; + home = "/home/elster"; + useDefaultShell = true; + extraGroups = []; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + lass ALL=(elster) NOPASSWD: ALL + ''; +} diff --git a/modules/lass/games.nix b/modules/lass/games.nix new file mode 100644 index 000000000..d48c484da --- /dev/null +++ b/modules/lass/games.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + dwarf_fortress + ]; + + users.extraUsers = { + games = { + name = "games"; + description = "user playing games"; + home = "/home/games"; + extraGroups = [ "audio" ]; + createHome = true; + useDefaultShell = true; + }; + }; + + security.sudo.extraConfig = '' + lass ALL=(games) NOPASSWD: ALL + ''; +} diff --git a/modules/lass/pass.nix b/modules/lass/pass.nix new file mode 100644 index 000000000..33eca0a17 --- /dev/null +++ b/modules/lass/pass.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + pass + gnupg1 + ]; + + services.xserver.startGnuPGAgent = true; +} diff --git a/modules/lass/programs.nix b/modules/lass/programs.nix new file mode 100644 index 000000000..41d241bac --- /dev/null +++ b/modules/lass/programs.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: + +## TODO sort and split up +{ + environment.systemPackages = with pkgs; [ + aria2 + gnupg1compat + htop + i3lock + mc + mosh + mpv + pass + pavucontrol + pv + pwgen + python34Packages.livestreamer + remmina + silver-searcher + wget + xsel + youtube-dl + ]; +} diff --git a/modules/lass/retiolum-mors.nix b/modules/lass/retiolum-mors.nix new file mode 100644 index 000000000..61a7856c1 --- /dev/null +++ b/modules/lass/retiolum-mors.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../tv/retiolum.nix + ]; + + services.retiolum = { + enable = true; + hosts = ../../hosts; + privateKeyFile = "/etc/nixos/secrets/mors.retiolum.rsa_key.priv"; + connectTo = [ + "fastpoke" + "gum" + "ire" + ]; + }; + + networking.firewall.allowedTCPPorts = [ 655 ]; + networking.firewall.allowedUDPPorts = [ 655 ]; +} diff --git a/modules/lass/steam.nix b/modules/lass/steam.nix new file mode 100644 index 000000000..d54873b1f --- /dev/null +++ b/modules/lass/steam.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + + imports = [ + ./games.nix + ]; + # + # Steam stuff + # source: https://nixos.org/wiki/Talk:Steam + # + ##TODO: make steam module + hardware.opengl.driSupport32Bit = true; + + environment.systemPackages = with pkgs; [ + steam + ]; + networking.firewall = { + allowedUDPPorts = [ + 27031 + 27036 + ]; + allowedTCPPorts = [ + 27036 + 27037 + ]; + }; + +} diff --git a/modules/lass/urxvt-lass.nix b/modules/lass/urxvt-lass.nix new file mode 100644 index 000000000..ca3fe363c --- /dev/null +++ b/modules/lass/urxvt-lass.nix @@ -0,0 +1,54 @@ +{ pkgs, ... }: + +{ + imports = [ + ./urxvtd.nix + ]; + + services.urxvtd = { + enable = true; + users = [ "lass" ]; + urxvtPackage = pkgs.rxvt_unicode_with-plugins; + xresources = '' + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select + URxvt.url-select.launcher: browser-select + URxvt.url-select.underline: true + URxvt.keysym.M-u: perl:url-select:select_next + URxvt.keysym.M-Escape: perl:keyboard-select:activate + URxvt.keysym.M-s: perl:keyboard-select:search + + URxvt.intensityStyles: false + + !solarized colors + URxvt*fading: 5 + URxvt*background: #002b36 + URxvt*foreground: #657b83 + URxvt*fadeColor: #002b36 + URxvt*cursorColor: #93a1a1 + URxvt*pointerColorBackground: #586e75 + URxvt*pointerColorForeground: #93a1a1 + URxvt*colorUL: #859900 + URxvt*colorBD: #268bd2 + URxvt*color0: #073642 + URxvt*color8: #002b36 + URxvt*color1: #dc322f + URxvt*color9: #cb4b16 + URxvt*color2: #859900 + URxvt*color10: #586e75 + URxvt*color3: #b58900 + URxvt*color11: #657b83 + URxvt*color4: #268bd2 + URxvt*color12: #839496 + URxvt*color5: #d33682 + URxvt*color13: #6c71c4 + URxvt*color6: #2aa198 + URxvt*color14: #93a1a1 + URxvt*color7: #eee8d5 + URxvt*color15: #fdf6e3 + ''; + }; +} diff --git a/modules/lass/vim.nix b/modules/lass/vim.nix new file mode 100644 index 000000000..e277bd725 --- /dev/null +++ b/modules/lass/vim.nix @@ -0,0 +1,93 @@ +{ config, pkgs, ... }: + +{ + + environment.systemPackages = with pkgs; [ + (vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = '' + set nocompatible + set t_Co=16 + syntax on + " TODO autoload colorscheme file + set background=dark + colorscheme solarized + filetype off + filetype plugin indent on + + imap <F1> <nop> + + set mouse=a + set ruler + set showmatch + set backspace=2 + set visualbell + set encoding=utf8 + set showcmd + set wildmenu + + set title + set titleold= + set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} + + set autoindent + + set ttyfast + + set pastetoggle=<INS> + + + " Force Saving Files that Require Root Permission + command! W silent w !sudo tee "%" >/dev/null + + nnoremap <C-c> :q<Return> + vnoremap < <gv + vnoremap > >gv + + "Tabwidth + set ts=2 sts=2 sw=2 et + autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et + autocmd BufRead *.hs set ts=4 sts=4 sw=4 et + + " create Backup/tmp/undo dirs + function! InitBackupDir() + let l:parent = $HOME . '/.vim/' + let l:backup = l:parent . 'backups/' + let l:tmpdir = l:parent . 'tmp/' + let l:undodi = l:parent . 'undo/' + + if !isdirectory(l:parent) + call mkdir(l:parent) + endif + if !isdirectory(l:backup) + call mkdir(l:backup) + endif + if !isdirectory(l:tmpdir) + call mkdir(l:tmpdir) + endif + if !isdirectory(l:undodi) + call mkdir(l:undodi) + endif + endfunction + call InitBackupDir() + + " Backups & Files + set backup + set backupdir=~/.vim/backups + set directory=~/.vim/tmp// + set viminfo='20,<1000,s100,h,n~/.vim/tmp/info + set undodir=$HOME/.vim/undo + set undofile + ''; + + vimrcConfig.vam.knownPlugins = vimPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { name = "Gundo"; } + { name = "commentary"; } + { name = "vim-addon-nix"; } + { name = "colors-solarized"; } + ]; + }) + ]; +} diff --git a/modules/lass/virtualbox.nix b/modules/lass/virtualbox.nix new file mode 100644 index 000000000..bd57077b7 --- /dev/null +++ b/modules/lass/virtualbox.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + services.virtualboxHost.enable = true; + + users.extraUsers = { + virtual = { + name = "virtual"; + description = "user for running VirtualBox"; + home = "/home/virtual"; + useDefaultShell = true; + extraGroups = [ "vboxusers" ]; + createHome = true; + }; + }; +} diff --git a/modules/lass/wine.nix b/modules/lass/wine.nix new file mode 100644 index 000000000..838b67d2a --- /dev/null +++ b/modules/lass/wine.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + users.extraUsers = { + elster = { + name = "elster"; + description = "user for running elster-online"; + home = "/home/elster"; + useDefaultShell = true; + extraGroups = []; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + lass ALL=(wine) NOPASSWD: ALL + ''; +} diff --git a/modules/lass/xserver-lass.nix b/modules/lass/xserver-lass.nix new file mode 100644 index 000000000..62f711505 --- /dev/null +++ b/modules/lass/xserver-lass.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../tv/xserver.nix + ]; + services.xserver.displayManager.auto.user = "lass"; +} |