summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/exim-smarthost.nix2
-rw-r--r--krebs/3modules/exim.nix2
-rw-r--r--krebs/3modules/on-failure.nix2
-rw-r--r--krebs/3modules/setuid.nix2
-rw-r--r--krebs/3modules/tv/default.nix2
-rw-r--r--krebs/3modules/urlwatch.nix2
-rw-r--r--krebs/5pkgs/git-hooks/default.nix19
-rw-r--r--lass/1systems/prism.nix21
-rw-r--r--lass/2configs/baseX.nix18
-rw-r--r--lass/2configs/binary-cache/client.nix10
-rw-r--r--lass/2configs/browsers.nix4
-rw-r--r--lass/2configs/default.nix5
-rw-r--r--lass/2configs/exim-smarthost.nix3
-rw-r--r--lass/2configs/games.nix1
-rw-r--r--lass/2configs/git.nix1
-rw-r--r--lass/2configs/hfos.nix1
-rw-r--r--lass/2configs/livestream.nix12
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/programs.nix1
-rw-r--r--lass/2configs/security-workarounds.nix8
-rw-r--r--lass/2configs/termite.nix22
-rw-r--r--lass/2configs/vim.nix1
-rw-r--r--lass/2configs/websites/util.nix7
-rw-r--r--lass/2configs/xresources.nix55
-rw-r--r--lass/5pkgs/xmonad-lass.nix2
-rw-r--r--makefu/1systems/filepimp.nix2
-rw-r--r--makefu/1systems/x.nix9
-rw-r--r--makefu/2configs/base-gui.nix2
-rw-r--r--makefu/2configs/default.nix14
-rw-r--r--makefu/2configs/deployment/owncloud.nix8
-rw-r--r--makefu/2configs/hw/tp-x230.nix12
-rw-r--r--makefu/2configs/laptop-utils.nix65
-rw-r--r--makefu/2configs/logging/central-stats-server.nix15
-rw-r--r--makefu/2configs/main-laptop.nix5
-rw-r--r--makefu/2configs/omo-share.nix11
-rw-r--r--makefu/2configs/printer.nix1
-rw-r--r--makefu/2configs/tools/all.nix11
-rw-r--r--makefu/2configs/tools/core-gui.nix24
-rw-r--r--makefu/2configs/tools/core.nix46
-rw-r--r--makefu/2configs/tools/dev.nix10
-rw-r--r--makefu/2configs/tools/extra-gui.nix12
-rw-r--r--makefu/2configs/tools/games.nix7
-rw-r--r--makefu/2configs/tools/media.nix12
-rw-r--r--makefu/2configs/tools/sec.nix15
-rw-r--r--makefu/2configs/urlwatch.nix3
-rw-r--r--makefu/3modules/umts.nix9
-rw-r--r--makefu/5pkgs/awesomecfg/full.cfg4
-rw-r--r--makefu/5pkgs/default.nix41
-rw-r--r--makefu/5pkgs/dymo-cups-drivers/default.nix17
-rw-r--r--makefu/5pkgs/esptool/default.nix32
-rw-r--r--makefu/5pkgs/wol/default.nix22
-rw-r--r--mv/1systems/stro.nix6
-rw-r--r--shared/2configs/default.nix6
-rw-r--r--tv/1systems/cd.nix4
-rw-r--r--tv/1systems/mu.nix8
-rw-r--r--tv/1systems/wu.nix6
-rw-r--r--tv/1systems/xu.nix6
-rw-r--r--tv/1systems/zu.nix6
-rw-r--r--tv/2configs/default.nix2
-rw-r--r--tv/2configs/pulse.nix3
-rw-r--r--tv/2configs/urlwatch.nix2
-rw-r--r--tv/2configs/xserver/default.nix2
-rw-r--r--tv/5pkgs/q/default.nix38
-rw-r--r--tv/5pkgs/xmonad-tv/default.nix4
64 files changed, 483 insertions, 224 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index bda563f8d..0ad952e3b 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -55,7 +55,7 @@ let
local_domains = mkOption {
type = with types; listOf hostname;
- default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
+ default = unique (["localhost" cfg.primary_hostname] ++ config.krebs.build.host.nets.retiolum.aliases);
};
relay_from_hosts = mkOption {
diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix
index 1127c0a50..0044f5b32 100644
--- a/krebs/3modules/exim.nix
+++ b/krebs/3modules/exim.nix
@@ -40,7 +40,7 @@ in {
etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" ''
exim_user = ${cfg.user.name}
exim_group = ${cfg.group.name}
- exim_path = /var/setuid-wrappers/exim
+ exim_path = /run/wrappers/bin/exim
spool_directory = ${cfg.user.home}
${cfg.config}
'';
diff --git a/krebs/3modules/on-failure.nix b/krebs/3modules/on-failure.nix
index 8bb022442..4da303dec 100644
--- a/krebs/3modules/on-failure.nix
+++ b/krebs/3modules/on-failure.nix
@@ -58,7 +58,7 @@
};
sendmail = mkOption {
type = types.str;
- default = "/var/setuid-wrappers/sendmail";
+ default = "/run/wrappers/bin/sendmail";
};
};
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix
index 13f981437..c9677fd24 100644
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@@ -73,7 +73,7 @@ let
};
imp = {
- system.activationScripts."krebs.setuid" = stringAfter [ "setuid" ]
+ system.activationScripts."krebs.setuid" = stringAfter [ "wrappers" ]
(concatMapStringsSep "\n" (getAttr "activate") (attrValues cfg));
};
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 1220143a7..d44c322aa 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -85,7 +85,7 @@ with import <stockholm/lib>;
};
nets = {
internet = {
- ip4.addr = "64.137.177.226";
+ ip4.addr = "45.62.237.203";
aliases = [
"cd.i"
"cd.krebsco.de"
diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix
index e43f8de4a..126fc33bb 100644
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@@ -178,7 +178,7 @@ let
echo To: ${shell.escape cfg.mailto}
echo
cat changes
- } | /var/setuid-wrappers/sendmail -t
+ } | /run/wrappers/bin/sendmail -t
fi
'';
};
diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix
index 9355a878c..4017b873b 100644
--- a/krebs/5pkgs/git-hooks/default.nix
+++ b/krebs/5pkgs/git-hooks/default.nix
@@ -1,13 +1,10 @@
-{ lib, pkgs, ... }:
+{ pkgs, ... }:
-with lib;
-
-let
- out = {
- inherit irc-announce;
- };
+with import <stockholm/lib>;
+{
# TODO irc-announce should return a derivation
+ # but it cannot because krebs.git.repos.*.hooks :: attrsOf str
irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: ''
#! /bin/sh
set -euf
@@ -37,7 +34,7 @@ let
port=${toString port}
host=$nick
- cgit_endpoint=http://cgit.$host
+ cgit_endpoint=http://cgit.$host.r
empty=0000000000000000000000000000000000000000
@@ -99,7 +96,7 @@ let
done
if test -n "''${message-}"; then
- exec ${irc-announce-script} \
+ exec ${pkgs.irc-announce}/bin/irc-announce \
"$server" \
"$port" \
"$nick" \
@@ -107,6 +104,4 @@ let
"$message"
fi
'';
-
- irc-announce-script = "${pkgs.irc-announce}/bin/irc-announce";
-in out
+}
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 81520ad5f..b55732f65 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -215,6 +215,7 @@ in {
}
{
krebs.repo-sync.timerConfig = {
+ OnBootSec = "5min";
OnUnitInactiveSec = "3min";
RandomizedDelaySec = "2min";
};
@@ -247,7 +248,13 @@ in {
];
}
{
- krebs.Reaktor.coders = {
+ krebs.Reaktor.coders = let
+ lambdabot = (import (pkgs.fetchFromGitHub {
+ owner = "NixOS"; repo = "nixpkgs";
+ rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
+ sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
+ }) {}).lambdabot;
+ in {
nickname = "reaktor-lass";
channels = [ "#coders" ];
extraEnviron = {
@@ -263,7 +270,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@pl $1"
'';
@@ -271,7 +278,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@type $1"
'';
@@ -279,7 +286,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@let $1"
'';
@@ -287,7 +294,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@run $1"
'';
@@ -295,7 +302,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
@@ -303,7 +310,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 539fdc875..275b93f26 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -8,6 +8,8 @@ in {
./power-action.nix
./screenlock.nix
./copyq.nix
+ ./xresources.nix
+ ./livestream.nix
{
hardware.pulseaudio = {
enable = true;
@@ -32,15 +34,15 @@ in {
programs.ssh.startAgent = false;
- security.setuidPrograms = [ "slock" ];
-
services.printing = {
enable = true;
- drivers = [ pkgs.foomatic_filters ];
+ drivers = [
+ pkgs.foomatic_filters
+ pkgs.gutenprint
+ ];
};
environment.systemPackages = with pkgs; [
-
acpi
dic
dmenu
@@ -76,7 +78,13 @@ in {
enable = true;
desktopManager.xterm.enable = false;
- displayManager.slim.enable = true;
+ desktopManager.default = "none";
+ displayManager.lightdm.enable = true;
+ displayManager.lightdm.autoLogin = {
+ enable = true;
+ user = "lass";
+ };
+ windowManager.default = "xmonad";
windowManager.session = [{
name = "xmonad";
start = ''
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
index 108ff7a1e..9dba5fbfb 100644
--- a/lass/2configs/binary-cache/client.nix
+++ b/lass/2configs/binary-cache/client.nix
@@ -2,8 +2,14 @@
{
nix = {
- binaryCaches = ["http://cache.prism.r"];
- binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
+ binaryCaches = [
+ "http://cache.prism.r"
+ "https://cache.nixos.org/"
+ ];
+ binaryCachePublicKeys = [
+ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+ ];
};
}
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 88ee70802..6c381863c 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -20,7 +20,7 @@ let
createChromiumUser = name: extraGroups:
let
bin = pkgs.writeScriptBin name ''
- /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
+ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
'';
in {
users.extraUsers.${name} = {
@@ -43,7 +43,7 @@ let
createFirefoxUser = name: extraGroups:
let
bin = pkgs.writeScriptBin name ''
- /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
+ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
'';
in {
users.extraUsers.${name} = {
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 8100a433f..3e7881fb4 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -1,5 +1,4 @@
-{ config, lib, pkgs, ... }:
-
+{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
@@ -11,6 +10,7 @@ with import <stockholm/lib>;
../2configs/vim.nix
../2configs/monitoring/client.nix
./backups.nix
+ ./security-workarounds.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
@@ -135,6 +135,7 @@ with import <stockholm/lib>;
#neat utils
krebspaste
+ mosh
pciutils
pop
psmisc
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index d120dfcad..3353cdac0 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -8,11 +8,12 @@ with import <stockholm/lib>;
dkim = [
{ domain = "lassul.us"; }
];
+ primary_hostname = "lassul.us";
sender_domains = [
"lassul.us"
"aidsballs.de"
];
- relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
config.krebs.hosts.helios
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 58051560a..d114a826d 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -84,5 +84,6 @@ in {
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 10666"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 10666"; target = "ACCEPT"; }
];
}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index bdd65ce09..3e1b2c6e3 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -5,6 +5,7 @@ with import <stockholm/lib>;
let
out = {
+ services.nginx.enable = true;
krebs.git = {
enable = true;
cgit = {
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix
index dcd50dd7b..a28a6a5d2 100644
--- a/lass/2configs/hfos.nix
+++ b/lass/2configs/hfos.nix
@@ -8,7 +8,6 @@ with import <stockholm/lib>;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
- config.krebs.users.lass.pubkey
];
};
diff --git a/lass/2configs/livestream.nix b/lass/2configs/livestream.nix
new file mode 100644
index 000000000..c877a8c0a
--- /dev/null
+++ b/lass/2configs/livestream.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+let
+
+ stream = pkgs.writeDashBin "stream" ''
+ ${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@"
+ '';
+
+in {
+ environment.systemPackages = [ stream ];
+}
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index ad39848b6..9c3eafffd 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "6651c72";
+ ref = "5b0c9d4";
};
}
diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix
index 6cf23deaf..241d263f8 100644
--- a/lass/2configs/programs.nix
+++ b/lass/2configs/programs.nix
@@ -12,7 +12,6 @@
pavucontrol
pv
pwgen
- python34Packages.livestreamer
remmina
silver-searcher
wget
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
new file mode 100644
index 000000000..537c8a59b
--- /dev/null
+++ b/lass/2configs/security-workarounds.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ # http://seclists.org/oss-sec/2017/q1/471
+ boot.extraModprobeConfig = ''
+ install dccp /run/current-system/sw/bin/false
+ '';
+}
diff --git a/lass/2configs/termite.nix b/lass/2configs/termite.nix
new file mode 100644
index 000000000..245b89e9c
--- /dev/null
+++ b/lass/2configs/termite.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ environment.systemPackages = [
+ pkgs.termite
+ ];
+
+ krebs.per-user.lass.packages = let
+ termitecfg = pkgs.writeTextFile {
+ name = "termite-config";
+ destination = "/etc/xdg/termite/config";
+ text = ''
+ [colors]
+ foreground = #d0d7d0
+ background = #000000
+ '';
+ };
+ in [
+ termitecfg
+ ];
+}
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index 4d6dfe366..4e0af0dc7 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -66,6 +66,7 @@ let
"Syntastic config
let g:syntastic_python_checkers=['flake8']
+ let g:syntastic_python_flake8_post_args='--ignore=E501'
nmap <esc>q :buffer
nmap <M-q> :buffer
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index d596e9db9..6d14de731 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -32,6 +32,7 @@ rec {
let
domain = head domains;
in {
+ services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
enableSSL = true;
@@ -181,10 +182,10 @@ rec {
user = nginx
group = nginx
pm = dynamic
- pm.max_children = 5
- pm.start_servers = 2
+ pm.max_children = 15
+ pm.start_servers = 3
pm.min_spare_servers = 1
- pm.max_spare_servers = 3
+ pm.max_spare_servers = 10
listen.owner = nginx
listen.group = nginx
php_admin_value[error_log] = 'stderr'
diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix
new file mode 100644
index 000000000..35dbe2044
--- /dev/null
+++ b/lass/2configs/xresources.nix
@@ -0,0 +1,