diff options
author | makefu <github@syntax-fehler.de> | 2015-11-14 01:50:39 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2015-11-14 01:50:39 +0100 |
commit | a0fbe917ac45cda4de0f16bced3ce3ebfc556fe8 (patch) | |
tree | 44b66f4c43eeec674dcd763eb50141dd567c35e7 /tv/2configs | |
parent | 79b890670100d08c3640fffade2caf3eced192d8 (diff) | |
parent | ebba531273715c1a9c124007b97f3547d16e780f (diff) |
Merge remote-tracking branch 'cd/master' into pre-merge
Diffstat (limited to 'tv/2configs')
-rw-r--r-- | tv/2configs/default.nix | 85 | ||||
-rw-r--r-- | tv/2configs/git.nix | 22 | ||||
-rw-r--r-- | tv/2configs/vim.nix | 4 | ||||
-rw-r--r-- | tv/2configs/xserver/default.nix | 7 | ||||
-rw-r--r-- | tv/2configs/z.nix | 40 |
5 files changed, 75 insertions, 83 deletions
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index d3f4eed0d..3400c13b6 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -5,9 +5,29 @@ with lib; { krebs.enable = true; + krebs.build = { + user = config.krebs.users.tv; + target = mkDefault "root@${config.krebs.build.host.name}"; + source = { + git.nixpkgs = { + url = mkDefault https://github.com/NixOS/nixpkgs; + rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613"; + target-path = mkDefault "/var/src/nixpkgs"; + }; + dir.secrets = { + path = mkDefault "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + dir.stockholm = { + path = mkDefault "/home/tv/stockholm"; + target-path = mkDefault "/var/src/stockholm"; + }; + }; + }; + networking.hostName = config.krebs.build.host.name; imports = [ + <secrets> ./vim.nix { # stockholm dependencies @@ -16,40 +36,14 @@ with lib; ]; } { - # TODO never put hashedPassword into the store - users.extraUsers = - mapAttrs (_: h: { hashedPassword = h; }) - (import <secrets/hashedPasswords.nix>); - } - { - users.groups.subusers.gid = 1093178926; # genid subusers - } - { - users.defaultUserShell = "/run/current-system/sw/bin/bash"; - users.mutableUsers = false; - } - { - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - config.krebs.users.tv_xu.pubkey - ]; - }; - tv = { - uid = 1337; - group = "users"; - home = "/home/tv"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "audio" - "video" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; + users = { + defaultUserShell = "/run/current-system/sw/bin/bash"; + mutableUsers = false; + users = { + tv = { + isNormalUser = true; + uid = 1337; + }; }; }; } @@ -94,6 +88,21 @@ with lib; ls = "ls -h --color=auto --group-directories-first"; dmesg = "dmesg -L --reltime"; view = "vim -R"; + + reload = "systemctl reload"; + restart = "systemctl restart"; + start = "systemctl start"; + status = "systemctl status"; + stop = "systemctl stop"; + }; + + environment.variables = { + NIX_PATH = + with config.krebs.build.source; with dir; with git; + mkForce (concatStringsSep ":" [ + "nixpkgs=${nixpkgs.target-path}" + "secrets=${stockholm.target-path}/null" + ]); }; programs.bash = { @@ -164,5 +173,13 @@ with lib; "sendmail" # for sudo ]; } + { + systemd.tmpfiles.rules = let + forUsers = flip map users; + isUser = { group, ... }: hasSuffix "users" group; + users = filter isUser (mapAttrsToList (_: id) config.users.users); + in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -"); + environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME"; + } ]; } diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 2520da173..4387be36a 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: -with import ../4lib { inherit lib pkgs; }; +with lib; + let out = { @@ -20,26 +21,22 @@ let rules = concatMap make-rules (attrValues repos); public-repos = mapAttrs make-public-repo ({ + } // mapAttrValues (setAttr "section" "1. Miscellaneous") { cac = { desc = "CloudAtCost command line interface"; }; - cgserver = {}; - crude-mail-setup = {}; - dot-xmonad = {}; get = {}; hack = {}; load-env = {}; make-snapshot = {}; much = {}; - nixos-infest = {}; nixpkgs = {}; - painload = {}; push = {}; regfish = {}; stockholm = { desc = "take all the computers hostage, they'll love you!"; }; - } // mapAttrs (_: repo: repo // { section = "Haskell libraries"; }) { + } // mapAttrValues (setAttr "section" "2. Haskell libraries") { blessings = {}; mime = {}; quipper = {}; @@ -47,6 +44,13 @@ let wai-middleware-time = {}; web-routes-wai-custom = {}; xintmap = {}; + xmonad-stockholm = {}; + } // mapAttrValues (setAttr "section" "3. Museum") { + cgserver = {}; + crude-mail-setup = {}; + dot-xmonad = {}; + nixos-infest = {}; + painload = {}; }); restricted-repos = mapAttrs make-restricted-repo ( @@ -63,7 +67,7 @@ let inherit name desc section; public = true; hooks = { - post-receive = git.irc-announce { + post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; channel = "#retiolum"; @@ -82,7 +86,7 @@ let with git // config.krebs.users; repo: singleton { - user = tv; + user = [ tv tv_xu ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 04b1480c1..0822fb5bf 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -64,6 +64,10 @@ let \ | hi TrailingSpace ctermbg=88 \ | hi Normal ctermfg=White + au BufRead,BufNewFile *.hs so ${pkgs.writeText "hs.vim" '' + syn region String start=+\[[^|]*|+ end=+|]+ + ''} + au BufRead,BufNewFile *.nix so ${pkgs.writeText "nix.vim" '' setf nix set isk=@,48-57,_,192-255,-,' diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index df00203be..afc2d699c 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -34,7 +34,14 @@ let }; environment.systemPackages = [ + pkgs.ff + pkgs.gitAndTools.qgit + pkgs.mpv + pkgs.pavucontrol pkgs.slock + pkgs.sxiv + pkgs.xsel + pkgs.zathura ]; security.setuidPrograms = [ diff --git a/tv/2configs/z.nix b/tv/2configs/z.nix deleted file mode 100644 index e5494ecc9..000000000 --- a/tv/2configs/z.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - krebs.per-user.z.packages = [ - (pkgs.writeScriptBin "cr" '' - #! /bin/sh - set -efu - export LC_TIME=de_DE.utf8 - exec ${pkgs.chromium}/bin/chromium \ - --ssl-version-min=tls1 \ - --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \ - --disk-cache-size=50000000 \ - "%@" - '') - ]; - - programs.bash.interactiveShellInit = '' - case ''${XMONAD_SPAWN_WORKSPACE-} in - za|zh|zj|zs) - exec sudo -u z -i - ;; - esac - ''; - - security.sudo.extraConfig = "tv ALL=(z) NOPASSWD: ALL"; - - users.users.z = { - extraGroups = [ - "audio" - "vboxusers" - "video" - ]; - group = "subusers"; - home = "/home/z"; - uid = 3043726074; # genid z - useDefaultShell = true; - }; -} |