summaryrefslogtreecommitdiffstats
path: root/modules/lass
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-04-10 01:37:29 +0200
committertv <tv@shackspace.de>2015-05-19 23:17:19 +0200
commitaa5d113f90c29f483aa679738dc52e5df1763fec (patch)
tree9be801304c8331bc211ad738836b3f3a03e74cea /modules/lass
parent6593d16308109ded64d5c842d6a12c4106767df4 (diff)
mors: import mors + config
Diffstat (limited to 'modules/lass')
-rw-r--r--modules/lass/bitcoin.nix17
-rw-r--r--modules/lass/browsers-lass.nix65
-rw-r--r--modules/lass/desktop-base.nix157
-rw-r--r--modules/lass/elster.nix17
-rw-r--r--modules/lass/games.nix22
-rw-r--r--modules/lass/pass.nix10
-rw-r--r--modules/lass/programs.nix24
-rw-r--r--modules/lass/retiolum-mors.nix21
-rw-r--r--modules/lass/steam.nix29
-rw-r--r--modules/lass/urxvt-lass.nix54
-rw-r--r--modules/lass/vim.nix93
-rw-r--r--modules/lass/virtualbox.nix16
-rw-r--r--modules/lass/wine.nix17
-rw-r--r--modules/lass/xserver-lass.nix8
14 files changed, 550 insertions, 0 deletions
diff --git a/modules/lass/bitcoin.nix b/modules/lass/bitcoin.nix
new file mode 100644
index 000000000..d3bccbf5c
--- /dev/null
+++ b/modules/lass/bitcoin.nix
@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+
+{
+ environment.systemPackages = with pkgs; [
+ electrum
+ ];
+
+ users.extraUsers = {
+ bitcoin = {
+ name = "bitcoin";
+ description = "user for bitcoin stuff";
+ home = "/home/bitcoin";
+ useDefaultShell = true;
+ createHome = true;
+ };
+ };
+}
diff --git a/modules/lass/browsers-lass.nix b/modules/lass/browsers-lass.nix
new file mode 100644
index 000000000..8c27de7b4
--- /dev/null
+++ b/modules/lass/browsers-lass.nix
@@ -0,0 +1,65 @@
+{ config, pkgs, ... }:
+
+{
+
+ nixpkgs.config.packageOverrides = pkgs : {
+ chromium = pkgs.chromium.override {
+ pulseSupport = true;
+ };
+ };
+
+ environment.systemPackages = with pkgs; [
+ firefox
+ chromium
+ ];
+
+ users.extraUsers = {
+ firefox = {
+ name = "firefox";
+ description = "user for running firefox";
+ home = "/home/firefox";
+ useDefaultShell = true;
+ extraGroups = [ "audio" ];
+ createHome = true;
+ };
+ chromium = {
+ name = "chromium";
+ description = "user for running chromium";
+ home = "/home/chromium";
+ useDefaultShell = true;
+ extraGroups = [ "audio" ];
+ createHome = true;
+ };
+ facebook = {
+ name = "facebook";
+ description = "user for running facebook in chromium";
+ home = "/home/facebook";
+ useDefaultShell = true;
+ extraGroups = [ "audio" ];
+ createHome = true;
+ };
+ google = {
+ name = "google";
+ description = "user for running google+/gmail in chromium";
+ home = "/home/google";
+ useDefaultShell = true;
+ createHome = true;
+ };
+ flash = {
+ name = "flash";
+ description = "user for running flash stuff";
+ home = "/home/flash";
+ useDefaultShell = true;
+ extraGroups = [ "audio" ];
+ createHome = true;
+ };
+ };
+
+ security.sudo.extraConfig = ''
+ lass ALL=(firefox) NOPASSWD: ALL
+ lass ALL=(chromium) NOPASSWD: ALL
+ lass ALL=(facebook) NOPASSWD: ALL
+ lass ALL=(google) NOPASSWD: ALL
+ lass ALL=(flash) NOPASSWD: ALL
+ '';
+}
diff --git a/modules/lass/desktop-base.nix b/modules/lass/desktop-base.nix
new file mode 100644
index 000000000..8b8da6538
--- /dev/null
+++ b/modules/lass/desktop-base.nix
@@ -0,0 +1,157 @@
+{ config, pkgs, ... }:
+
+{
+ boot.tmpOnTmpfs = true;
+ # see tmpfiles.d(5)
+ systemd.tmpfiles.rules = [
+ "d /tmp 1777 root root - -"
+ ];
+
+ time.timeZone = "Europe/Berlin";
+
+ virtualisation.libvirtd.enable = true;
+
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ };
+
+ # multiple-definition-problem when defining environment.variables.EDITOR
+ environment.extraInit = ''
+ EDITOR=vim
+ PAGER=most
+ '';
+
+ programs.bash = {
+ enableCompletion = true;
+ interactiveShellInit = ''
+ HISTCONTROL='erasedups:ignorespace'
+ HISTSIZE=65536
+ HISTFILESIZE=$HISTSIZE
+
+ shopt -s checkhash
+ shopt -s histappend histreedit histverify
+ shopt -s no_empty_cmd_completion
+ complete -d cd
+
+ #fancy colors
+ if [ -e ~/LS_COLORS ]; then
+ eval $(dircolors ~/LS_COLORS)
+ fi
+
+ if [ -e /etc/nixos/dotfiles/link ]; then
+ /etc/nixos/dotfiles/link
+ fi
+ '';
+ promptInit = ''
+ if test $UID = 0; then
+ PS1='\[\033[1;31m\]\w\[\033[0m\] '
+ elif test $UID = 1337; then
+ PS1='\[\033[1;32m\]\w\[\033[0m\] '
+ else
+ PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
+ fi
+ if test -n "$SSH_CLIENT"; then
+ PS1='\[\033[35m\]\h'" $PS1"
+ fi
+ '';
+ };
+
+ programs.ssh.startAgent = false;
+
+ security.setuidPrograms = [ "slock" ];
+
+ ###SERVICES BEGIN
+ services.gitolite = {
+ enable = true;
+ dataDir = "/home/gitolite";
+ adminPubkey = ''
+ ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors
+ '';
+ };
+
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ # XXX bits here make no science
+ { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+
+ services.printing = {
+ enable = true;
+ drivers = [ pkgs.foomatic_filters ];
+ };
+ ###SERVICES END
+
+ environment.systemPackages = with pkgs; [
+ gitolite
+ git
+
+ #terminal
+ most
+ powertop
+
+ #network
+ iptables
+
+ #video stuff
+ haskellPackages.xmobar
+ haskellPackages.yeganesh
+ dmenu2
+ xlibs.fontschumachermisc
+ ];
+
+ nix.useChroot = true;
+
+ #
+ # user settings
+ #
+ users.mutableUsers = false;
+ users.extraUsers = {
+ #gitolite = {
+ # name = "gitolite";
+ # description = "gitolite git manager";
+ # home = "/home/gitolite";
+ # createHome = true;
+ # useDefaultShell = true;
+ #};
+ testing = {
+ name = "testing";
+ description = "user for testing various stuff";
+ home = "/home/testing";
+ useDefaultShell = true;
+ createHome = true;
+ };
+ };
+
+ networking.firewall = {
+ enable = true;
+
+ allowedTCPPorts = [
+ 22
+ ];
+
+ extraCommands = ''
+ iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
+ iptables -A INPUT -j ACCEPT -i lo
+
+ #iptables -N Retiolum
+ iptables -A INPUT -j Retiolum -i retiolum
+ iptables -A Retiolum -j ACCEPT -p icmp
+ iptables -A Retiolum -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
+ iptables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset
+ iptables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable
+ iptables -A Retiolum -j REJECT --reject-with icmp-proto-unreachable
+ iptables -A Retiolum -j REJECT
+ '';
+
+ extraStopCommands = "iptables -F";
+ };
+
+}
diff --git a/modules/lass/elster.nix b/modules/lass/elster.nix
new file mode 100644
index 000000000..c31c2f310
--- /dev/null
+++ b/modules/lass/elster.nix
@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+
+{
+ users.extraUsers = {
+ elster = {
+ name = "elster";
+ description = "user for running elster-online";
+ home = "/home/elster";
+ useDefaultShell = true;
+ extraGroups = [];
+ createHome = true;
+ };
+ };
+ security.sudo.extraConfig = ''
+ lass ALL=(elster) NOPASSWD: ALL
+ '';
+}
diff --git a/modules/lass/games.nix b/modules/lass/games.nix
new file mode 100644
index 000000000..d48c484da
--- /dev/null
+++ b/modules/lass/games.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+{
+ environment.systemPackages = with pkgs; [
+ dwarf_fortress
+ ];
+
+ users.extraUsers = {
+ games = {
+ name = "games";
+ description = "user playing games";
+ home = "/home/games";
+ extraGroups = [ "audio" ];
+ createHome = true;
+ useDefaultShell = true;
+ };
+ };
+
+ security.sudo.extraConfig = ''
+ lass ALL=(games) NOPASSWD: ALL
+ '';
+}
diff --git a/modules/lass/pass.nix b/modules/lass/pass.nix
new file mode 100644
index 000000000..33eca0a17
--- /dev/null
+++ b/modules/lass/pass.nix
@@ -0,0 +1,10 @@
+{ config, pkgs, ... }:
+
+{
+ environment.systemPackages = with pkgs; [
+ pass
+ gnupg1
+ ];
+
+ services.xserver.startGnuPGAgent = true;
+}
diff --git a/modules/lass/programs.nix b/modules/lass/programs.nix
new file mode 100644
index 000000000..41d241bac
--- /dev/null
+++ b/modules/lass/programs.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, ... }:
+
+## TODO sort and split up
+{
+ environment.systemPackages = with pkgs; [
+ aria2
+ gnupg1compat
+ htop
+ i3lock
+ mc
+ mosh
+ mpv
+ pass
+ pavucontrol
+ pv
+ pwgen
+ python34Packages.livestreamer
+ remmina
+ silver-searcher
+ wget
+ xsel
+ youtube-dl
+ ];
+}
diff --git a/modules/lass/retiolum-mors.nix b/modules/lass/retiolum-mors.nix
new file mode 100644
index 000000000..61a7856c1
--- /dev/null
+++ b/modules/lass/retiolum-mors.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ../tv/retiolum.nix
+ ];
+
+ services.retiolum = {
+ enable = true;
+ hosts = ../../hosts;
+ privateKeyFile = "/etc/nixos/secrets/mors.retiolum.rsa_key.priv";
+ connectTo = [
+ "fastpoke"
+ "gum"
+ "ire"
+ ];
+ };
+
+ networking.firewall.allowedTCPPorts = [ 655 ];
+ networking.firewall.allowedUDPPorts = [ 655 ];
+}
diff --git a/modules/lass/steam.nix b/modules/lass/steam.nix
new file mode 100644
index 000000000..d54873b1f
--- /dev/null
+++ b/modules/lass/steam.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+
+{
+
+ imports = [
+ ./games.nix
+ ];
+ #
+ # Steam stuff
+ # source: https://nixos.org/wiki/Talk:Steam
+ #
+ ##TODO: make steam module
+ hardware.opengl.driSupport32Bit = true;
+
+ environment.systemPackages = with pkgs; [
+ steam
+ ];
+ networking.firewall = {
+ allowedUDPPorts = [
+ 27031
+ 27036
+ ];
+ allowedTCPPorts = [
+ 27036
+ 27037
+ ];
+ };
+
+}
diff --git a/modules/lass/urxvt-lass.nix b/modules/lass/urxvt-lass.nix
new file mode 100644
index 000000000..ca3fe363c
--- /dev/null
+++ b/modules/lass/urxvt-lass.nix
@@ -0,0 +1,54 @@
+{ pkgs, ... }:
+
+{
+ imports = [
+ ./urxvtd.nix
+ ];
+
+ services.urxvtd = {
+ enable = true;
+ users = [ "lass" ];
+ urxvtPackage = pkgs.rxvt_unicode_with-plugins;
+ xresources = ''
+ URxvt*scrollBar: false
+ URxvt*urgentOnBell: true
+ URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
+ URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
+ URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
+ URxvt.url-select.launcher: browser-select
+ URxvt.url-select.underline: true
+ URxvt.keysym.M-u: perl:url-select:select_next
+ URxvt.keysym.M-Escape: perl:keyboard-select:activate
+ URxvt.keysym.M-s: perl:keyboard-select:search
+
+ URxvt.intensityStyles: false
+
+ !solarized colors
+ URxvt*fading: 5
+ URxvt*background: #002b36
+ URxvt*foreground: #657b83
+ URxvt*fadeColor: #002b36
+ URxvt*cursorColor: #93a1a1
+ URxvt*pointerColorBackground: #586e75
+ URxvt*pointerColorForeground: #93a1a1
+ URxvt*colorUL: #859900
+ URxvt*colorBD: #268bd2
+ URxvt*color0: #073642
+ URxvt*color8: #002b36
+ URxvt*color1: #dc322f
+ URxvt*color9: #cb4b16
+ URxvt*color2: #859900
+ URxvt*color10: #586e75
+ URxvt*color3: #b58900
+ URxvt*color11: #657b83
+ URxvt*color4: #268bd2
+ URxvt*color12: #839496
+ URxvt*color5: #d33682
+ URxvt*color13: #6c71c4
+ URxvt*color6: #2aa198
+ URxvt*color14: #93a1a1
+ URxvt*color7: #eee8d5
+ URxvt*color15: #fdf6e3
+ '';
+ };
+}
diff --git a/modules/lass/vim.nix b/modules/lass/vim.nix
new file mode 100644
index 000000000..e277bd725
--- /dev/null
+++ b/modules/lass/vim.nix
@@ -0,0 +1,93 @@
+{ config, pkgs, ... }:
+
+{
+
+ environment.systemPackages = with pkgs; [
+ (vim_configurable.customize {
+ name = "vim";
+
+ vimrcConfig.customRC = ''
+ set nocompatible
+ set t_Co=16
+ syntax on
+ " TODO autoload colorscheme file
+ set background=dark
+ colorscheme solarized
+ filetype off
+ filetype plugin indent on
+
+ imap <F1> <nop>
+
+ set mouse=a
+ set ruler
+ set showmatch
+ set backspace=2
+ set visualbell
+ set encoding=utf8
+ set showcmd
+ set wildmenu
+
+ set title
+ set titleold=
+ set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
+
+ set autoindent
+
+ set ttyfast
+
+ set pastetoggle=<INS>
+
+
+ " Force Saving Files that Require Root Permission
+ command! W silent w !sudo tee "%" >/dev/null
+
+ nnoremap <C-c> :q<Return>
+ vnoremap < <gv
+ vnoremap > >gv
+
+ "Tabwidth
+ set ts=2 sts=2 sw=2 et
+ autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
+ autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
+
+ " create Backup/tmp/undo dirs
+ function! InitBackupDir()
+ let l:parent = $HOME . '/.vim/'
+ let l:backup = l:parent . 'backups/'
+ let l:tmpdir = l:parent . 'tmp/'
+ let l:undodi = l:parent . 'undo/'
+
+ if !isdirectory(l:parent)
+ call mkdir(l:parent)
+ endif
+ if !isdirectory(l:backup)
+ call mkdir(l:backup)
+ endif
+ if !isdirectory(l:tmpdir)
+ call mkdir(l:tmpdir)
+ endif
+ if !isdirectory(l:undodi)
+ call mkdir(l:undodi)
+ endif
+ endfunction
+ call InitBackupDir()
+
+ " Backups & Files
+ set backup
+ set backupdir=~/.vim/backups
+ set directory=~/.vim/tmp//
+ set viminfo='20,<1000,s100,h,n~/.vim/tmp/info
+ set undodir=$HOME/.vim/undo
+ set undofile
+ '';
+
+ vimrcConfig.vam.knownPlugins = vimPlugins;
+ vimrcConfig.vam.pluginDictionaries = [
+ { name = "Gundo"; }
+ { name = "commentary"; }
+ { name = "vim-addon-nix"; }
+ { name = "colors-solarized"; }
+ ];
+ })
+ ];
+}
diff --git a/modules/lass/virtualbox.nix b/modules/lass/virtualbox.nix
new file mode 100644
index 000000000..bd57077b7
--- /dev/null
+++ b/modules/lass/virtualbox.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+{
+ services.virtualboxHost.enable = true;
+
+ users.extraUsers = {
+ virtual = {
+ name = "virtual";
+ description = "user for running VirtualBox";
+ home = "/home/virtual";
+ useDefaultShell = true;
+ extraGroups = [ "vboxusers" ];
+ createHome = true;
+ };
+ };
+}
diff --git a/modules/lass/wine.nix b/modules/lass/wine.nix
new file mode 100644
index 000000000..838b67d2a
--- /dev/null
+++ b/modules/lass/wine.nix
@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+
+{
+ users.extraUsers = {
+ elster = {
+ name = "elster";
+ description = "user for running elster-online";
+ home = "/home/elster";
+ useDefaultShell = true;
+ extraGroups = [];
+ createHome = true;
+ };
+ };
+ security.sudo.extraConfig = ''
+ lass ALL=(wine) NOPASSWD: ALL
+ '';
+}
diff --git a/modules/lass/xserver-lass.nix b/modules/lass/xserver-lass.nix
new file mode 100644
index 000000000..62f711505
--- /dev/null
+++ b/modules/lass/xserver-lass.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ../tv/xserver.nix
+ ];
+ services.xserver.displayManager.auto.user = "lass";
+}