diff options
| author | lassulus <lass@aidsballs.de> | 2015-11-09 02:37:13 +0100 |
|---|---|---|
| committer | lassulus <lass@aidsballs.de> | 2015-11-09 02:37:13 +0100 |
| commit | 3d7790601ef2b32bf6b72f829137fd18d9874fd3 (patch) | |
| tree | 02b5af9d30d27c5ddac360ae1fa13e0e20d5c20c /tv/1systems/wu.nix | |
| parent | 9ff1f770f6f3703fad34ef4ce2d24116d84a5665 (diff) | |
| parent | 610a3ce59c2ba0e58205305a85e9cb86e680d481 (diff) | |
Merge remote-tracking branch 'cd/master'
Diffstat (limited to 'tv/1systems/wu.nix')
| -rw-r--r-- | tv/1systems/wu.nix | 154 |
1 files changed, 2 insertions, 152 deletions
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 85fba1d8a..3fa5481e2 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -4,28 +4,9 @@ with lib; { krebs.build.host = config.krebs.hosts.wu; - krebs.build.user = config.krebs.users.tv; - - krebs.build.target = "root@wu"; - - krebs.build.source = { - git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; - }; - dir.secrets = { - host = config.krebs.hosts.wu; - path = "/home/tv/secrets/wu"; - }; - dir.stockholm = { - host = config.krebs.hosts.wu; - path = "/home/tv/stockholm"; - }; - }; imports = [ ../2configs/hw/w110er.nix - ../2configs/base.nix #../2configs/consul-client.nix ../2configs/git.nix ../2configs/mail-client.nix @@ -62,31 +43,24 @@ with lib; bind # dig cac dic - ff file get - gitAndTools.qgit gnupg21 haskellPackages.hledger htop jq manpages mkpasswd - mpv netcat nix-repl nmap nq p7zip - pavucontrol posix_man_pages - pssh push qrencode - sxiv texLive tmux - zathura #ack #apache-httpd @@ -145,6 +119,8 @@ with lib; #xkill #xl2tpd #xsel + + unison ]; } { @@ -180,132 +156,6 @@ with lib; ]; }; } - { - users.extraGroups = { - tv.gid = 1337; - slaves.gid = 3799582008; # genid slaves - }; - - users.extraUsers = - mapAttrs (name: user@{ extraGroups ? [], ... }: user // { - inherit name; - home = "/home/${name}"; - createHome = true; - useDefaultShell = true; - group = "tv"; - extraGroups = ["slaves"] ++ extraGroups; - }) { - ff = { - uid = 13378001; - extraGroups = [ - "audio" - "video" - ]; - }; - - cr = { - uid = 13378002; - extraGroups = [ - "audio" - "video" - ]; - }; - - fa = { - uid = 2300001; - }; - - rl = { - uid = 2300002; - }; - - tief = { - uid = 2300702; - }; - - btc-bitcoind = { - uid = 2301001; - }; - - btc-electrum = { - uid = 2301002; - }; - - ltc-litecoind = { - uid = 2301101; - }; - - eth = { - uid = 2302001; - }; - - emse-hsdb = { - uid = 4200101; - }; - - wine = { - uid = 13370400; - extraGroups = [ - "audio" - "video" - ]; - }; - - df = { - uid = 13370401; - extraGroups = [ - "audio" - "video" - ]; - }; - - xr = { - uid = 13370061; - extraGroups = [ - "audio" - "video" - ]; - }; - - "23" = { - uid = 13370023; - }; - - electrum = { - uid = 13370102; - }; - - skype = { - uid = 6660001; - extraGroups = [ - "audio" - ]; - }; - - onion = { - uid = 6660010; - }; - - zalora = { - uid = 1000301; - extraGroups = [ - "audio" - # TODO remove vboxusers when hardening is active - "vboxusers" - "video" - ]; - }; - }; - - security.sudo.extraConfig = - let - isSlave = u: elem "slaves" u.extraGroups; - masterOf = u: u.group; - slaves = filterAttrs (_: isSlave) config.users.extraUsers; - toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL"; - in - concatMapStringsSep "\n" toSudoers (attrValues slaves); - } ]; boot.initrd.luks = { |