summaryrefslogtreecommitdiffstats
path: root/tv/2configs
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2015-11-14 01:50:39 +0100
committermakefu <github@syntax-fehler.de>2015-11-14 01:50:39 +0100
commita0fbe917ac45cda4de0f16bced3ce3ebfc556fe8 (patch)
tree44b66f4c43eeec674dcd763eb50141dd567c35e7 /tv/2configs
parent79b890670100d08c3640fffade2caf3eced192d8 (diff)
parentebba531273715c1a9c124007b97f3547d16e780f (diff)
Merge remote-tracking branch 'cd/master' into pre-merge
Diffstat (limited to 'tv/2configs')
-rw-r--r--tv/2configs/default.nix85
-rw-r--r--tv/2configs/git.nix22
-rw-r--r--tv/2configs/vim.nix4
-rw-r--r--tv/2configs/xserver/default.nix7
-rw-r--r--tv/2configs/z.nix40
5 files changed, 75 insertions, 83 deletions
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index d3f4eed0d..3400c13b6 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -5,9 +5,29 @@ with lib;
{
krebs.enable = true;
+ krebs.build = {
+ user = config.krebs.users.tv;
+ target = mkDefault "root@${config.krebs.build.host.name}";
+ source = {
+ git.nixpkgs = {
+ url = mkDefault https://github.com/NixOS/nixpkgs;
+ rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613";
+ target-path = mkDefault "/var/src/nixpkgs";
+ };
+ dir.secrets = {
+ path = mkDefault "/home/tv/secrets/${config.krebs.build.host.name}";
+ };
+ dir.stockholm = {
+ path = mkDefault "/home/tv/stockholm";
+ target-path = mkDefault "/var/src/stockholm";
+ };
+ };
+ };
+
networking.hostName = config.krebs.build.host.name;
imports = [
+ <secrets>
./vim.nix
{
# stockholm dependencies
@@ -16,40 +36,14 @@ with lib;
];
}
{
- # TODO never put hashedPassword into the store
- users.extraUsers =
- mapAttrs (_: h: { hashedPassword = h; })
- (import <secrets/hashedPasswords.nix>);
- }
- {
- users.groups.subusers.gid = 1093178926; # genid subusers
- }
- {
- users.defaultUserShell = "/run/current-system/sw/bin/bash";
- users.mutableUsers = false;
- }
- {
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.tv.pubkey
- config.krebs.users.tv_xu.pubkey
- ];
- };
- tv = {
- uid = 1337;
- group = "users";
- home = "/home/tv";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "video"
- "wheel"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.tv.pubkey
- ];
+ users = {
+ defaultUserShell = "/run/current-system/sw/bin/bash";
+ mutableUsers = false;
+ users = {
+ tv = {
+ isNormalUser = true;
+ uid = 1337;
+ };
};
};
}
@@ -94,6 +88,21 @@ with lib;
ls = "ls -h --color=auto --group-directories-first";
dmesg = "dmesg -L --reltime";
view = "vim -R";
+
+ reload = "systemctl reload";
+ restart = "systemctl restart";
+ start = "systemctl start";
+ status = "systemctl status";
+ stop = "systemctl stop";
+ };
+
+ environment.variables = {
+ NIX_PATH =
+ with config.krebs.build.source; with dir; with git;
+ mkForce (concatStringsSep ":" [
+ "nixpkgs=${nixpkgs.target-path}"
+ "secrets=${stockholm.target-path}/null"
+ ]);
};
programs.bash = {
@@ -164,5 +173,13 @@ with lib;
"sendmail" # for sudo
];
}
+ {
+ systemd.tmpfiles.rules = let
+ forUsers = flip map users;
+ isUser = { group, ... }: hasSuffix "users" group;
+ users = filter isUser (mapAttrsToList (_: id) config.users.users);
+ in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -");
+ environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
+ }
];
}
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 2520da173..4387be36a 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }:
-with import ../4lib { inherit lib pkgs; };
+with lib;
+
let
out = {
@@ -20,26 +21,22 @@ let
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo ({
+ } // mapAttrValues (setAttr "section" "1. Miscellaneous") {
cac = {
desc = "CloudAtCost command line interface";
};
- cgserver = {};
- crude-mail-setup = {};
- dot-xmonad = {};
get = {};
hack = {};
load-env = {};
make-snapshot = {};
much = {};
- nixos-infest = {};
nixpkgs = {};
- painload = {};
push = {};
regfish = {};
stockholm = {
desc = "take all the computers hostage, they'll love you!";
};
- } // mapAttrs (_: repo: repo // { section = "Haskell libraries"; }) {
+ } // mapAttrValues (setAttr "section" "2. Haskell libraries") {
blessings = {};
mime = {};
quipper = {};
@@ -47,6 +44,13 @@ let
wai-middleware-time = {};
web-routes-wai-custom = {};
xintmap = {};
+ xmonad-stockholm = {};
+ } // mapAttrValues (setAttr "section" "3. Museum") {
+ cgserver = {};
+ crude-mail-setup = {};
+ dot-xmonad = {};
+ nixos-infest = {};
+ painload = {};
});
restricted-repos = mapAttrs make-restricted-repo (
@@ -63,7 +67,7 @@ let
inherit name desc section;
public = true;
hooks = {
- post-receive = git.irc-announce {
+ post-receive = pkgs.git-hooks.irc-announce {
# TODO make nick = config.krebs.build.host.name the default
nick = config.krebs.build.host.name;
channel = "#retiolum";
@@ -82,7 +86,7 @@ let
with git // config.krebs.users;
repo:
singleton {
- user = tv;
+ user = [ tv tv_xu ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 04b1480c1..0822fb5bf 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -64,6 +64,10 @@ let
\ | hi TrailingSpace ctermbg=88
\ | hi Normal ctermfg=White
+ au BufRead,BufNewFile *.hs so ${pkgs.writeText "hs.vim" ''
+ syn region String start=+\[[^|]*|+ end=+|]+
+ ''}
+
au BufRead,BufNewFile *.nix so ${pkgs.writeText "nix.vim" ''
setf nix
set isk=@,48-57,_,192-255,-,'
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index df00203be..afc2d699c 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -34,7 +34,14 @@ let
};
environment.systemPackages = [
+ pkgs.ff
+ pkgs.gitAndTools.qgit
+ pkgs.mpv
+ pkgs.pavucontrol
pkgs.slock
+ pkgs.sxiv
+ pkgs.xsel
+ pkgs.zathura
];
security.setuidPrograms = [
diff --git a/tv/2configs/z.nix b/tv/2configs/z.nix
deleted file mode 100644
index e5494ecc9..000000000
--- a/tv/2configs/z.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- krebs.per-user.z.packages = [
- (pkgs.writeScriptBin "cr" ''
- #! /bin/sh
- set -efu
- export LC_TIME=de_DE.utf8
- exec ${pkgs.chromium}/bin/chromium \
- --ssl-version-min=tls1 \
- --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
- --disk-cache-size=50000000 \
- "%@"
- '')
- ];
-
- programs.bash.interactiveShellInit = ''
- case ''${XMONAD_SPAWN_WORKSPACE-} in
- za|zh|zj|zs)
- exec sudo -u z -i
- ;;
- esac
- '';
-
- security.sudo.extraConfig = "tv ALL=(z) NOPASSWD: ALL";
-
- users.users.z = {
- extraGroups = [
- "audio"
- "vboxusers"
- "video"
- ];
- group = "subusers";
- home = "/home/z";
- uid = 3043726074; # genid z
- useDefaultShell = true;
- };
-}