summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/lass/default.nix5
-rw-r--r--krebs/3modules/lass/pgp/yubikey.pgp109
-rw-r--r--krebs/3modules/lass/ssh/yubikey.rsa1
-rw-r--r--krebs/3modules/power-action.nix2
-rw-r--r--krebs/5pkgs/simple/cholerab/default.nix17
-rw-r--r--lass/1systems/daedalus/config.nix1
-rw-r--r--lass/1systems/hilum/config.nix28
-rw-r--r--lass/1systems/icarus/config.nix11
-rw-r--r--lass/1systems/prism/config.nix35
-rw-r--r--lass/1systems/xerxes/config.nix28
-rw-r--r--lass/1systems/xerxes/physical.nix10
-rw-r--r--lass/2configs/baseX.nix5
-rw-r--r--lass/2configs/browsers.nix97
-rw-r--r--lass/2configs/default.nix21
-rw-r--r--lass/2configs/exim-smarthost.nix5
-rw-r--r--lass/2configs/games.nix18
-rw-r--r--lass/2configs/gc.nix2
-rw-r--r--lass/2configs/git.nix2
-rw-r--r--lass/2configs/hw/x220.nix21
-rw-r--r--lass/2configs/pass.nix2
-rw-r--r--lass/2configs/radio.nix2
-rw-r--r--lass/2configs/starcraft.nix33
-rw-r--r--lass/2configs/steam.nix5
-rw-r--r--lass/2configs/ts3.nix4
-rw-r--r--lass/2configs/websites/domsen.nix49
-rw-r--r--lass/2configs/yubikey.nix25
-rw-r--r--lass/2configs/zsh.nix1
-rw-r--r--lass/3modules/autowifi.nix93
-rw-r--r--lass/3modules/browsers.nix87
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/5pkgs/autowifi/autowifi.py228
-rw-r--r--lass/5pkgs/autowifi/default.nix1
-rw-r--r--lass/5pkgs/bank/default.nix14
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix15
-rw-r--r--lass/5pkgs/default.nix16
-rw-r--r--lass/krops.nix12
36 files changed, 624 insertions, 382 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 78f3542fa..e1bb9b3aa 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -681,6 +681,11 @@ in {
};
users = rec {
lass = lass-blue;
+ lass-yubikey = {
+ mail = lass.mail;
+ pubkey = builtins.readFile ./ssh/yubikey.rsa;
+ pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp;
+ };
lass-blue = {
mail = "lass@blue.r";
pubkey = builtins.readFile ./ssh/blue.rsa;
diff --git a/krebs/3modules/lass/pgp/yubikey.pgp b/krebs/3modules/lass/pgp/yubikey.pgp
new file mode 100644
index 000000000..0c7791ce8
--- /dev/null
+++ b/krebs/3modules/lass/pgp/yubikey.pgp
@@ -0,0 +1,109 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF2iTTQBEAChyVXMTAd7NWUHV1iepW+ZjvCedpr5AQR7kT6btSYPJCjiCNEy
+aCesw0OFyodQDhEZhKldBdvCnvTxKF/GtBuSKrvFhm7uxJgtT7/VS82IB57Ezmog
+3AaX95D7tRHKf0I0coWKk+5Yaq2SpNyjTYmG65y93/Hf1PMt4v+oySGfEz/f+R4P
+rsyIJBfpXOyVKwd7zy4Hj0mqzbsNy9aP7Fk3zMUv+M3A0D33XCd+dm/ogzQpI4vw
+xlzd5my5R+b7uGwrCHZg9Egp4gbeSChgQc/5ZIcYrUncVVP6OMAjlHfdJFQEOmru
+eLtuoXwSSSlU8c85O2PV/1/ClkrGGn2zT+UmKnOz1RK405MCOB35wkyboZ4efk2m
+28LVoYRaoN1yTW7c3CsHpOAIXLsP91LmcHmRI59UHAkNmtlZKS95titv6Dwe3yZj
+iyOE7McfxpxR0K9P3vUSr42XRYHLJFQuZDCDeReMomGzy8X9EQhUi0cH1BcfZfSD
+dvcXC9IWpdWickU2wFkDkTECSyJTbC4JPpTQQtj/LAP+zya3tdobnpPn9Msj99WX
+yLFkKUGWy9yxmDRYst6ErAZMY84J+dqZkm+mLQw9x1jKWIVZDNlwP+Jrz7VMqc1g
+S2gg1BVl6Nts8Z7foZV6w5IYLr7g3noUm7+NhD83jKTJw8AsHU5RIaJnwwARAQAB
+tB1sYXNzdWx1cyA8bGFzc3VsdXNAbGFzc3VsLnVzPokCTAQTAQoANhYhBNvNdXhG
+Bps5LqlAHWZXvoqNHugHBQJdok00AhsBBAsJCAcEFQoJCAUWAgMBAAIeAQIXgAAK
+CRBmV76KjR7oB3AdD/0TaW3wUWaUhNr5B3clDrTOHL94Ztzsg/Xjr1b/KT1sygad
+WAanuwGvdmFr4x+eshrTijIXmh5giBwi+QnG7+VX2hlOKuJ+j+0zR2n7i4KVwAuQ
+SRcQ8TGnBCrWLl80NjnGOky5Nmq4qCzpxhtuFcWixaqlBa3GnXDfecDfBDrcD1T9
+z63gPJ2Ghovoub1UGp01A+4ZBXD4yc1ZEGmhLFA8Aih4BPdsD6cfXWsAi5Nx8FmC
+KvNEg4FeMGV13ZEAF8cxaIS/xq9R2xdgYt+lImaDson/ODIoeg+k5B9ntSGs2H9N
+YoFDlSiB4/a6mBkZm6BA649aL2FjbfOaIB3V07ynzkrSDeUvES9ybnyqbkvd2Slf
+4us4me9zroOo2UQn1fJVWfPFRFb7aAoBIAIHNVmf1vtMYe9tQQ5o1Mcxb0sixaqO
+To4fBaaz1WOtrH6NdEWD3OHUkJrFJb/2dVfvR4bHxdWxtF+WdKkbRfdRmYPVAwVf
+PhasEaaTOZ5r0QghOnjF0YL0YAqvJLx/roz54mNTgavH5BzXjYd9koW0csbWghXd
+p7BfBwGjfaJfPq6MK+Ifk0WH2Dr5mbSFUw1QdEx9dYZJUDuwu7np5ctd62sjZkwY
+ppZlgf+gp+OVjGz+yiTAlQ3PB3wCs23qKtdypxsA7G056TNNkwMcBLN16ngLD7kC
+DQRdok2SARAA/FdD3ji4pAe3C8ziLQfxq2LJX2QPmySoqr0nZWZ2XmZu58w9fVZh
+SSaKpdmqXfR1qSxIw8Pz+7i5Hh2dcG6dJleAMNYYTc7sm4EUDqLtUaQSNVtXrmCE
+SwWcsOPybgHwQNIBd6CTgtQON+iNe6xA/b6nLw5/4ITalkTe43Kv3yVZbvo7X8x+
+c+eIyhYx1UZjbndagH26FXB+WJ22QsNgQrPAYdltn57eQ2m8u9LBCtQl00DLUbv4
++1SDvVAlal3Es62m0u97tKx2FOoJBehMBc+Czle5/6hS6xKgKgArdKfUcfLch7Au
+FtOd2n+HpCCUskApEgH9s7pcMFmioL9V366x1sgTZoRE+qhs81255hjnK8oWQ6+E
+F+D3YHPKb8b9wDLMfvwXZLPQPyNpAuDczDBrbAZ7s2CvQ4icOYJLBGzQo0bHAHTs
+N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs
+8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4
+bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr
+s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE
+cgQYAQoAJhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJdok2SAhsCBQkB4TOAAkAJ
+EGZXvoqNHugHwXQgBBkBCgAdFiEEVAotn4qIhqe83vdsfheGip18nM8FAl2iTZIA
+CgkQfheGip18nM9DVxAAuqX7iztddbttkIfN65R5XJPjz7NRg0AI8G+1qnkvF3c2
+ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA/JM782D6lDfSZltW4YBBqkJZdtiP
+ElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhyl+0RdBuSvR0+KOXXBfoNmsyQM4/h
+UKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxgtXyiXU/VxvUWI7cH6I7daRDTFR3L
+4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6eKkn/gt/T7qYxnhcG5guS2DwIay5
+c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7/6hsw2e6TBcn295fEekvBupYVwaz
+efBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTaTglOeNtRnYGRwHwE/tiJ0G0uwGfv
+aI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7mz8MrRNMjtR+Es8gzuw7hNErmbh0S
+LZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99jYjdDDm5lsxCZKLSX4r9Mp236K6D
+MGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9Mcg5HgeXTdxan6QP35ygDtmNldJGE
+P+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQqnldvrtajUzUegvJUstLS5B1TFQl
+Ug/9EV4nuVrGU0uFQLFKLzCXAxWGQPwFwJW4XI4SfhHzyXm8nuJLAKJunxxYni9z
+7bIe297hNCMLh8VwW6WkGCz4v9BfURE1jUEPeuu0biCHxa+U8vd1l/CIgAYbNTgj
+8eNsN6hV4X9fpGaW0YjDtGSkl1FMC+4YLXm8xRHzdM0RpZpRMaUKSuAYJzi21LGa
+QyhdrTn77RvbkeFu0I3b8If5QLTFxLTkAM2IwfyHd7ytlhl6vxHaUwh8djop9jjc
+Ty+bSyEjEIZyR+buj3CVUiheQXWw6rGFdR/TLGERWMf6rYF/fuXp5s6jmRCPmB0d
+7iX3WkZ6XvjW6wuM9TaBhK3PixPHcHss8uwhtg7+WeVqRAr4VWTFxTIy60vacDvL
+5Sskqas4JWnYxfuFpm60IDnBS2kkHM07O+PY2x4S5o+7S0qT9RPtcvqVtAp8eont
+2ovc9fXn4UpbeENFeytwed65QrFYDLGlNtq66iO2kp2mX/sFk634TUZ04vyz6nut
+senoOofrZefND2uhzJ8pyJkYWTWBsmGitn0JPSBxbIil7PSDBbqEdHE/fD6QnOdw
+dmDrFJUdcDzwdBDlmn80VOmooyR8pfrH5u6wKfNZ9xBjVsh1z6lWQbuBgXtltTtE
+5rJJvZ7Pawt8nmb+UW0WxCL3TsWCG3sq1MV8ryU/9l0hTEK5Ag0EXaJN1gEQANML
+yxoeknGlTtkG640UP5ZkUEojwXxlni3v2dpWEaEJO9yqvkELCWum5pRz+iDzoDFS
+lUPnP3YKVFkLbAlk56abIAQ6VK7wkOSHCw1F7LlCY830bRkgGJ8/b8us9KpET6Am
+ei7OGYVtqNBUodEJi6XkH5q9RLQeVR+7ynt0LTAxO/mMFYc3nhccrhadubhh5rTd
+e/UcxBL/zYx8tCBy2F4ep6Anx02HOauTwaqk4KLhB9IcdS8sJQHFY7iEVWNcovwF
+8luGEGPJOdOPTMZz4jD4aWFqbT6ragWaG8tisLEe9UhET2LL3r/4DIgAJY4bwg5T
+ZyK/1j+Nj1IyYkQ9A6YF96Y5XCi9DF0MYq9NytWNnMCT8F4QCCDRWhgql714/Er/
+qfwnT2M6m8P4OS1sAHv5vDDYXezB0WrJNstYvhtHhi4ctuolBuwOb7nyIBlZovhk
+5/6IAFmoUprfGHOuttEcPTRDGv737cR1cYaz5QMuz2svNU3ivI/tYfIQwMAjv84A
+ZN2wl63QkghYo/dm9a5Ex78CNwZD/z7HOE3zD+Rd0C9/hXLpVVhN0mKmDzgJHPUo
+VDk//P3YgzM+dtUWWPJ1FfaTz2543V9MwVWUJQj0DIgl4noLHX3wkd/d4gYGAhlW
+kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYWIQTb
+zXV4RgabOS6pQB1mV76KjR7oBwUCXaJN1gIbDAUJAeEzgAAKCRBmV76KjR7oB4ke
+D/94TykloLIX2yjqUgsIbzPNH4Q+wzXYAUwhPaY9WlRsnwMJdoWxLVvMDF44JxKj
+nzUi5UctaeI2GylLv5G2na5/trRnvIAQq0IyMCz7+mQwSDcZL1UgWpoljRnKbPYs
+dYSS1t7LLjP9So4YXeHlAu6tKfF5XkUvB8yfcpupPF+mhfIGPMDRPMBuO3GovpNk
+Gutgrzo3dttRr5b4lwFv6uZBw906b5dgKf82nC3zhvJ0q45VFPmBvriCMHdCzR+E
+i6Lv06/xSe/ksY2m2Ma16M5n/cvPdl0NFMSwPz/VctEbWV+HoIJs/swW3l5xSV1f
+06GQ9h+kaTlF7UUaXWqgiKaOBpvjgVhg88AUwxbpkH/BN1MJ3ww3XAk8gyI7AW0P
+60Xzj0q8zlKxYWxaDWCrBc0yCfC0ulChetVGGaJ9WWRVu2ZjPLwHoZmwEpevSrNc
+0UmO4jtB/5ojCzTI+l5lLHDLYjAZFDvA2qaLfgs5roQvEaGxW9MDpuz10AclrUfV
+u6UikxdivbYssVA0/ytdiIDmITONY6kNL3PLSA7Ki/N3oz4s5WpPFUOBL3wPmpW/
+MXq/d/GvzbgjXHHWdPKrC3sz12/R+PUzr+dTQeJR72eW+6QQqAEmEhS8xfffjsvQ
+z3unfvv/4c/mVInpnGBuQXNFYbZxgEsFxbzVavnwppvAirkCDQRdok4KARAAyG97
+rjKhP8Uie1i/16SekDo+GkpodBmvhrZiZdwg75YxriHhgioe2AKKmQItOdZOY+mV
+qMA63FmByDlPodHmQnrIAn/gr7p5V3lM+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBk
+L6P2cPPaTpcv76qWl/WcMiEflPNSAFaxyIapq04rafthcIILWmOBbQ+liMn9YT7a
+6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAceQQYAqIrlu8F5y1AQVWHjtyCPee1z/8l
+PNnPg40lSbXozg5kQDP965Pge6XReUoUVVRcgeiSUfkHdYPIkh/tkFy1MtzTNize
+buadqE41Ds6BD1maO5cpGc5iFnf+YY01vWIhwvgPMbAsUKrPOw/RyvYSwOrnWegh
+pKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm64rKyYS8RIilqTCmIHnpoSIq3n1wOlMV
+X4sB4N4CfAZRAbI9LZfx1QEYn0dst9+mCDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh
+81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN
+6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BPg6qZH7JeMnlOZXXOg8K5VcLkiGuL1brO
+Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJhYhBNvN
+dXhGBps5LqlAHWZXvoqNHugHBQJdok4KAhsgBQkB4TOAAAoJEGZXvoqNHugHSVkP
+/iEIS7oVZuXBRYCv6GSfrS7b8h5NH8TFiu89sl3B0aRjRXhcsCgutFHVa4ztJqjF
+rzuzmZ/6dlZ2F/LGu1Qzgu8Vd3VNFTuxanUE5W82mFqTcYij1G2HjN0gBoOhscl3
+Oy5zsYfP4gyB3pypPujcqhKfFxxW4V7HK8CvspQ6Anh8TrrAobM7b5gREm3BUvl+
+VH7ErYLy13XkH2dNhUeAY2lNLLBbftwBE3RDFtaT9on/e4FZycgtfOM9fXOqdNXk
+EQW4fXBoazWWYXXcVMro0+KTpITjXdX9F613C9xwLEATS8OVIDxQZFuyrl1r/Dty
+keEn2OKi1RVdZhW7aV09ckKKeH1X/89850WDQatrsREjLXfJBJU94XKwekFC0wsw
+uUJkyf5tb/FbAQg8fTMLhVv1D+IqkEISSwr3JmRZXqDEAYqCZHHWqnRrB8mm6eoB
+vI93yMV1bkxb2/aI4xBtGKhPzfLIiiV5PevmnDOq08htU/Jr6VGhW+Wm1/qnHmPw
+JE1J+yH8NHJQ6NemztSomK8K9J23zgJfgb24Eztc8zIBcNb2CWJ9BgkSYy1BLFy4
+gsfSx3i91GdfsjMpBL7o4/rjdlJGbt76k18dSyWJEdtwYYKwGYvNes21GwbZ/aOx
+z8vpeBc06aBx5UOb4Y22HNfG9hDfuuDhGP7Kl0b0LIqq
+=U2Jf
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/3modules/lass/ssh/yubikey.rsa b/krebs/3modules/lass/ssh/yubikey.rsa
new file mode 100644
index 000000000..349bb4aab
--- /dev/null
+++ b/krebs/3modules/lass/ssh/yubikey.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIb3uuMqE/xSJ7WL/XpJ6QOj4aSmh0Ga+GtmJl3CDvljGuIeGCKh7YAoqZAi051k5j6ZWowDrcWYHIOU+h0eZCesgCf+CvunlXeUz6XShVMjyZo87f2JPs2Hpb+u/ieLx4wGQvo/Zw89pOly/vqpaX9ZwyIR+U81IAVrHIhqmrTitp+2FwggtaY4FtD6WIyf1hPtrrDecX8iDhnHHuGhATr8etMLwdwQ2kIBx5BBgCoiuW7wXnLUBBVYeO3II957XP/yU82c+DjSVJtejODmRAM/3rk+B7pdF5ShRVVFyB6JJR+Qd1g8iSH+2QXLUy3NM2LN5u5p2oTjUOzoEPWZo7lykZzmIWd/5hjTW9YiHC+A8xsCxQqs87D9HK9hLA6udZ6CGkq4hG/6wFwNjSMnv30IcHZzx6IBihNGbrisrJhLxEiKWpMKYgeemhIirefXA6UxVfiwHg3gJ8BlEBsj0tl/HVARifR2y336YINEn8AsHGhwrPTBFOnBTmfA/VnP1NlWHzXCfVimP6YVvdoGCCnAwvFuJ+ZuxmZ3UzBb2TenZZOzwzV0sUzZk0D1CaSBFJUU3oZNOkDIM6z5lIZgzsyKwb38S8Vs3HYE+Dqpkfsl4yeU5ldc6DwrlVwuSIa4vVus4eWD3gDGFrx98yaqOx17pc4CC9KXk/2TjtJY5xmQ== lass@yubikey
diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix
index 78f2b8ebd..71e2b541a 100644
--- a/krebs/3modules/power-action.nix
+++ b/krebs/3modules/power-action.nix
@@ -16,7 +16,7 @@ let
default = "BAT0";
};
user = mkOption {
- type = types.string;
+ type = types.str;
default = "power-action";
};
startAt = mkOption {
diff --git a/krebs/5pkgs/simple/cholerab/default.nix b/krebs/5pkgs/simple/cholerab/default.nix
index 94514fe44..007776164 100644
--- a/krebs/5pkgs/simple/cholerab/default.nix
+++ b/krebs/5pkgs/simple/cholerab/default.nix
@@ -1,7 +1,16 @@
-{ fetchgit, callPackage }: let
- src = fetchgit {
- url = "https://github.com/krebs/cholerab";
+{ stdenv, fetchFromGitHub, pandoc }:
+stdenv.mkDerivation {
+ name = "cholerab";
+ src = fetchFromGitHub {
+ owner = "krebs";
+ repo = "cholerab";
rev = "25d7ef051d6fc74d99b155e768b3c650296a230c";
sha256 = "1pymw7v2ql42iq825ccx98s4fp9jsz5b2hjr1qad6bamfc6i7yy9";
};
-in callPackage src {}
+ phases = [ "buildPhase" ];
+ buildPhase = ''
+ mkdir -p $out/share/man/man1
+ ${pandoc}/bin/pandoc -s -t man $src/thesauron.md -o $out/share/man/man1/thesauron.1
+ ${pandoc}/bin/pandoc -s -t man $src/enterprise-patterns.md -o $out/share/man/man1/enterprise-patterns.1
+ '';
+}
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index 2c1be473a..bd559944a 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -34,6 +34,7 @@ with import <stockholm/lib>;
];
};
environment.systemPackages = with pkgs; [
+ ark
pavucontrol
#firefox
chromium
diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix
index 998fa1478..f57d275d8 100644
--- a/lass/1systems/hilum/config.nix
+++ b/lass/1systems/hilum/config.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
{
imports = [
<stockholm/lass>
@@ -14,15 +14,19 @@
krebs.build.host = config.krebs.hosts.hilum;
- boot.loader.grub.extraEntries = ''
- menuentry "grml" {
- iso_path=/isos/grml.iso
- export iso_path
- search --set=root --file $iso_path
- loopback loop $iso_path
- root=(loop)
- configfile /boot/grub/loopback.cfg
- loopback --delete loop
- }
- '';
+ boot.loader.grub = {
+ extraEntries = ''
+ submenu isos {
+ source /grub/autoiso.cfg
+ }
+ '';
+ extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation {
+ name = "autoiso.cfg";
+ src = pkgs.grub2.src;
+ phases = [ "unpackPhase" "installPhase" ];
+ installPhase = ''
+ cp docs/autoiso.cfg $out
+ '';
+ });
+ };
}
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index d8c8699ae..86727700f 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
{
imports = [
@@ -14,20 +14,13 @@
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix>
- <stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/nfs-dl.nix>
- <stockholm/lass/2configs/prism-share.nix>
+ #<stockholm/lass/2configs/prism-share.nix>
<stockholm/lass/2configs/ssh-cryptsetup.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
-
- environment.systemPackages = with pkgs; [
- macchanger
- dpass
- ];
programs.adb.enable = true;
}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 13e865c6e..e957279e2 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -261,41 +261,6 @@ with import <stockholm/lib>;
hostAddress = "10.233.2.3";
localAddress = "10.233.2.4";
};
- services.nginx.virtualHosts."rote-allez-fraktion.de" = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- extraConfig = ''
- proxy_set_header Host rote-allez-fraktion.de;
- proxy_pass http://10.233.2.4;
- '';
- };
- };
- }
- {
- imports = [ <stockholm/lass/2configs/backup.nix> ];
- lass.restic = genAttrs [
- "daedalus"
- "icarus"
- "littleT"
- "mors"
- "shodan"
- "skynet"
- ] (dest: {
- dirs = [
- "/home/chat/.weechat"
- "/bku/sql_dumps"
- ];
- passwordFile = (toString <secrets>) + "/restic/${dest}";
- repo = "sftp:backup@${dest}.r:/backups/prism";
- extraArguments = [
- "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
- ];
- timerConfig = {
- OnCalendar = "00:05";
- RandomizedDelaySec = "5h";
- };
- });
}
{
users.users.download.openssh.authorizedKeys.keys = [
diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix
index 2d25bc88a..8630d0f4b 100644
--- a/lass/1systems/xerxes/config.nix
+++ b/lass/1systems/xerxes/config.nix
@@ -28,6 +28,12 @@
export SYSTEM="$1"
$(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
+ usb-tether-on = pkgs.writeDash "usb-tether-on" ''
+ adb shell su -c service call connectivity 33 i32 1 s16 text
+ '';
+ usb-tether-off = pkgs.writeDash "usb-tether-off" ''
+ adb shell su -c service call connectivity 33 i32 0 s16 text
+ '';
};
services.xserver = {
@@ -66,26 +72,8 @@
programs.adb.enable = true;
- services.logind.lidSwitch = "ignore";
- services.acpid = {
- enable = true;
- lidEventCommands = ''
- export DISPLAY=:${toString config.services.xserver.display}
- case "$1" in
- "button/lid LID close")
- ${pkgs.xorg.xinput}/bin/xinput disable 'pointer: Mouse for Windows'
- ${pkgs.xorg.xinput}/bin/xinput disable 'keyboard: Mouse for Windows'
- ${pkgs.acpilight}/bin/xbacklight -get > /tmp/pre_lid_brightness
- ${pkgs.acpilight}/bin/xbacklight -set 0
- ;;
- "button/lid LID open")
- ${pkgs.xorg.xinput}/bin/xinput enable 'pointer: Mouse for Windows'
- ${pkgs.xorg.xinput}/bin/xinput enable 'keyboard: Mouse for Windows'
- ${pkgs.acpilight}/bin/xbacklight -set $(cat /tmp/pre_lid_brightness)
- ;;
- esac
- '';
- };
+ services.logind.lidSwitch = "suspend";
+ lass.screenlock.enable = lib.mkForce false;
systemd.services.suspend-again = {
after = [ "suspend.target" ];
diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix
index 5d60dfc45..77cf2206b 100644
--- a/lass/1systems/xerxes/physical.nix
+++ b/lass/1systems/xerxes/physical.nix
@@ -13,9 +13,8 @@
};
boot.loader.efi.canTouchEfiVariables = true;
- # TODO fix touchscreen
boot.blacklistedKernelModules = [
- "goodix"
+ "sdhci_pci"
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
@@ -46,7 +45,7 @@
swapDevices = [ ];
boot.extraModprobeConfig = ''
- options zfs zfs_arc_max=1073741824
+ options zfs zfs_arc_max=107374182
'';
nix.maxJobs = lib.mkDefault 4;
@@ -74,13 +73,10 @@
services.xserver = {
videoDrivers = [ "intel" ];
- deviceSection = ''
- Option "TearFree" "true"
- '';
displayManager.sessionCommands = ''
echo nonono > /tmp/xxyy
(sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right)
- (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1)
+ (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1)
'';
};
}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index ecbb7541f..52d694c46 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -10,6 +10,7 @@ in {
./copyq.nix
./urxvt.nix
./xdg-open.nix
+ ./yubikey.nix
{
hardware.pulseaudio = {
enable = true;
@@ -54,7 +55,7 @@ in {
time.timeZone = "Europe/Berlin";
programs.ssh.agentTimeout = "10m";
- programs.ssh.startAgent = true;
+ programs.ssh.startAgent = false;
services.openssh.forwardX11 = true;
environment.systemPackages = with pkgs; [
@@ -62,11 +63,11 @@ in {
acpilight
ag
cabal2nix
- cholerab
dic
dmenu
font-size
fzfmenu
+ gimp
gitAndTools.qgit
git-preview
gnome3.dconf
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index c0085995d..eafab400c 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -1,100 +1,13 @@
{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
-
- mainUser = config.users.extraUsers.mainUser;
-
- browser-select = let
- sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
- (mapAttrsToList (name: value: { inherit name value; })
- config.lass.browser.paths);
- in pkgs.writeScriptBin "browser-select" ''
- BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
- case $BROWSER in
- ${concatMapStringsSep "\n" (n: ''
- ${n.name})
- export BIN=${n.value.path}/bin/${n.name}
- ;;
- '') (sortedPaths)}
- esac
- $BIN "$@"
- '';
-
- createUser = script: name: groups: precedence: dpi:
- {
- lass.xjail.${name} = {
- inherit script groups dpi;
- };
- environment.systemPackages = [
- config.lass.xjail-bins.${name}
- (pkgs.writeDashBin "cx-${name}" ''
- DISPLAY=:${toString (genid_uint31 name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip
- '')
- ];
- lass.browser.paths.${name} = {
- path = config.lass.xjail-bins.${name};
- inherit precedence;
- };
- };
-
- createChromiumUser = name: groups: precedence:
- createUser (pkgs.writeDash name ''
- ${pkgs.chromium}/bin/chromium "$@"
- '') name groups precedence 80;
-
- createFirefoxUser = name: groups: precedence:
- createUser (pkgs.writeDash name ''
- ${pkgs.firefox}/bin/firefox "$@"
- '') name groups precedence 80;
-
- createQuteUser = name: groups: precedence:
- createUser (pkgs.writeDash name ''
- ${pkgs.qutebrowser}/bin/qutebrowser "$@"
- '') name groups precedence 60;
-
-in {
-
- lass.browser.select = browser-select;
-
- environment.systemPackages = [
- browser-select
- ];
-
+{
+ lass.browser.config = {
+ cr = { groups = [ "audio" "video" ]; precedence = 9; };
+ };
programs.chromium = {
enable = true;
extensions = [
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
- "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
+ "ihlenndgcmojhcghmfjfneahoeklbjjh" #cVim
];
};
-
- imports = [
- {
- options.lass.browser.select = mkOption {
- type = types.path;
- };
- options.lass.browser.paths = mkOption {
- type = types.attrsOf (types.submodule ({
- options = {
- path = mkOption {
- type = types.path;
- };
- precedence = mkOption {
- type = types.int;
- default = 0;
- };
- };
- }));
- };
- }
- ( createFirefoxUser "ff" [ "audio" ] 11 )
- ( createQuteUser "qb" [ "audio" ] 10 )
- ( createChromiumUser "cr" [ "audio" "video" ] 9 )
- ( createChromiumUser "gm" [ "video" "audio" ] 8 )
- ( createChromiumUser "wk" [ "audio" ] 0 )
- ( createChromiumUser "fb" [ "audio" ] 0 )
- ( createChromiumUser "com" [ "audio" ] 0 )
- ( createChromiumUser "fin" [] (-1) )
- ];
}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 972b4760a..27242b129 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -23,8 +23,8 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
config.krebs.users.lass-mors.pubkey
config.krebs.users.lass-blue.pubkey
- config.krebs.users.lass-shodan.pubkey
- config.krebs.users.lass-icarus.pubkey
+ config.krebs.users.lass-xerxes.pubkey
+ config.krebs.users.lass-yubikey.pubkey
];
};
mainUser = {
@@ -42,6 +42,8 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
config.krebs.users.lass-mors.pubkey
config.krebs.users.lass-blue.pubkey
+ config.krebs.users.lass-xerxes.pubkey
+ config.krebs.users.lass-yubikey.pubkey
];
};
};
@@ -173,13 +175,7 @@ with import <stockholm/lib>;
'';
};
- services.openssh = {
- enable = true;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
+ services.openssh.enable = true;
services.journald.extraConfig = ''
SystemMaxUse=1G
@@ -190,7 +186,9 @@ with import <stockholm/lib>;
enable = true;
tables = {
nat.PREROUTING.rules = [
- { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
+ { predicate = "-i retiolum -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; }
+ { predicate = "-i wiregrill -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; }
+ { predicate = "-p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
];
nat.OUTPUT.rules = [
@@ -217,7 +215,4 @@ with import <stockholm/lib>;
networking.dhcpcd.extraConfig = ''
noipv4ll
'';
- services.netdata = {
- enable = true;
- };
}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index d1e6b195b..a82672998 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -15,6 +15,7 @@ with import <stockholm/lib>;
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
config.krebs.hosts.blue
+ config.krebs.hosts.xerxes
];
internet-aliases = with config.krebs.users; [
{ from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
@@ -106,6 +107,10 @@ with import <stockholm/lib>;
{ from = "ubisoft@lassul.us"; to = lass.mail; }
{ from = "kottezeller@lassul.us"; to = lass.mail; }
{ from = "pie@lassul.us"; to = lass.mail; }
+ { from = "vebit@lassul.us"; to = lass.mail; }
+ { from = "vcvrack@lassul.us"; to = lass.mail; }
+ { from = "epic@lassul.us"; to = lass.mail; }
+ { from = "microsoft@lassul.us"; to = lass.mail; }