summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/default.nix2
-rw-r--r--krebs/5pkgs/bepasty-client-cli/default.nix13
-rw-r--r--lass/1systems/icarus.nix32
-rw-r--r--lass/1systems/mors.nix7
-rw-r--r--lass/1systems/prism.nix33
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/2configs/default.nix5
-rw-r--r--lass/2configs/fetchWallpaper.nix4
-rw-r--r--lass/2configs/git.nix3
-rw-r--r--lass/2configs/hw/tp-x220.nix1
-rw-r--r--lass/2configs/nixpkgs.nix4
-rw-r--r--lass/2configs/retiolum.nix4
-rw-r--r--lass/2configs/screenlock.nix17
-rw-r--r--lass/2configs/vim.nix166
-rw-r--r--lass/2configs/websites/domsen.nix50
-rw-r--r--lass/2configs/websites/lassulus.nix9
-rw-r--r--lass/2configs/zsh.nix2
-rw-r--r--lass/5pkgs/default.nix3
-rw-r--r--lass/5pkgs/init/default.nix159
-rw-r--r--lass/5pkgs/xmonad-lass.nix8
-rw-r--r--makefu/2configs/zsh-user.nix2
-rw-r--r--tv/1systems/wu.nix15
-rw-r--r--tv/2configs/hw/w110er.nix8
-rw-r--r--tv/2configs/urlwatch.nix2
24 files changed, 410 insertions, 140 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 05982bd54..4b17c4abd 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -201,7 +201,7 @@ let
})
//
# GitHub's IPv4 address range is 192.30.252.0/22
- # Refs https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/
+ # Refs https://help.github.com/articles/github-s-ip-addresses/
# 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
# Because line length is limited by OPENSSH_LINE_MAX (= 8192),
# we split each /24 into its own entry.
diff --git a/krebs/5pkgs/bepasty-client-cli/default.nix b/krebs/5pkgs/bepasty-client-cli/default.nix
index 990f99af6..c58e637b3 100644
--- a/krebs/5pkgs/bepasty-client-cli/default.nix
+++ b/krebs/5pkgs/bepasty-client-cli/default.nix
@@ -1,17 +1,18 @@
-{ lib, pkgs, pythonPackages, fetchurl, ... }:
+{ lib, pkgs, pythonPackages, fetchFromGitHub, ... }:
with pythonPackages; buildPythonPackage rec {
- name = "bepasty-client-cli-${version}";
- version = "0.3.0";
+ name = "bepasty-client-cli";
propagatedBuildInputs = [
python_magic
click
requests2
];
- src = fetchurl {
- url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz";
- sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw";
+ src = fetchFromGitHub {
+ owner = "bepasty";
+ repo = "bepasty-client-cli";
+ rev = "4b7135ba8ba1e17501de08ad7b6aca73c0d949d2";
+ sha256 = "1svchyk9zai1vip9ppm12jm7wfjbdr9ijhgcd2n10xh73jrn9cnc";
};
meta = {
diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix
index 3998fc177..7f632e9bf 100644
--- a/lass/1systems/icarus.nix
+++ b/lass/1systems/icarus.nix
@@ -14,15 +14,6 @@ with import <stockholm/lib>;
../2configs/fetchWallpaper.nix
../2configs/backups.nix
../2configs/games.nix
- #{
- # users.extraUsers = {
- # root = {
- # openssh.authorizedKeys.keys = map readFile [
- # ../../krebs/Zpubkeys/uriel.ssh.pub
- # ];
- # };
- # };
- #}
];
krebs.build.host = config.krebs.hosts.icarus;
@@ -32,19 +23,28 @@ with import <stockholm/lib>;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
};
fileSystems = {
"/" = {
- device = "/dev/pool/nix";
+ device = "/dev/mapper/pool-root";
fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/bku" = {
+ device = "/dev/mapper/pool-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/home" = {
+ device = "/dev/mapper/pool-home";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
-
"/boot" = {
- device = "/dev/sda1";
+ device = "/dev/sda2";
};
"/tmp" = {
device = "tmpfs";
@@ -54,7 +54,7 @@ with import <stockholm/lib>;
};
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
}
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 012bd359f..dde867eb3 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -256,11 +256,6 @@ with import <stockholm/lib>;
fsType = "ext4";
};
- "/bku" = {
- device = "/dev/big/backups";
- fsType = "ext4";
- };
-
"/home/games/.local/share/Steam" = {
device = "/dev/big/steam";
fsType = "ext4";
@@ -289,7 +284,7 @@ with import <stockholm/lib>;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index d07acebee..34d81f099 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -226,6 +226,39 @@ in {
enable = true;
};
}
+ {
+ users.users.nin = {
+ uid = genid "nin";
+ inherit (config.krebs.users.nin) home;
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.nin.pubkey
+ ];
+ extraGroups = [
+ "libvirtd"
+ ];
+ };
+ krebs.git.rules = [
+ {
+ user = [ config.krebs.users.nin ];
+ repo = [ config.krebs.git.repos.stockholm ];
+ perm = with git; push "refs/heads/nin" [ fast-forward non-fast-forward create delete merge ];
+ }
+ ];
+ krebs.repo-sync.repos.stockholm.nin = {
+ origin.url = "http://cgit.prism/stockholm";
+ origin.ref = "heads/nin";
+ mirror.url = "git@${config.networking.hostName}:stockholm";
+ };
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; }
+ ];
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index a67c25145..e879e8e58 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -7,6 +7,7 @@ in {
./xserver
./mpv.nix
./power-action.nix
+ ./screenlock.nix
{
hardware.pulseaudio = {
enable = true;
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 1cb68a985..63114cdb1 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -9,7 +9,6 @@ with import <stockholm/lib>;
../2configs/mc.nix
../2configs/nixpkgs.nix
../2configs/vim.nix
- ../2configs/zsh.nix
./backups.nix
{
users.extraUsers =
@@ -162,13 +161,17 @@ with import <stockholm/lib>;
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]\w\[\033[0m\] '
+ PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
elif test $UID = 1337; then
PS1='\[\033[1;32m\]\w\[\033[0m\] '
+ PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
else
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
+ PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
+ PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
fi
'';
};
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index a724e2e45..fc5acce31 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -8,5 +8,9 @@ in {
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
url = "prism/wallpaper.png";
};
+ systemd.services.fetchWallpaper = {
+ after = [ "xserver.service" ];
+ wantedBy = [ "xserver.service" ];
+ };
}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index ded0922b8..d7ec39f2d 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -56,7 +56,8 @@ let
channel = "#retiolum";
server = "ni.r";
verbose = config.krebs.build.host.name == "prism";
- branches = [ "master" ];
+ # TODO define branches in some kind of option per repo
+ branches = [ "master" "newest" "nin" ];
};
};
};
diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix
index 4a7d0bbcd..44b2dcac1 100644
--- a/lass/2configs/hw/tp-x220.nix
+++ b/lass/2configs/hw/tp-x220.nix
@@ -36,6 +36,7 @@ with import <stockholm/lib>;
boot = {
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+ kernelParams = [ "acpi_backlight=none" ];
};
hardware.opengl.extraPackages = [
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index a33e69bf8..27b7c2439 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -2,7 +2,7 @@
{
krebs.build.source.nixpkgs.git = {
- url = https://github.com/lassulus/nixpkgs;
- ref = "d98b556864f2b3a634e39ed1ae29f47c0e3fae35";
+ url = https://github.com/nixos/nixpkgs;
+ ref = "39098270855c171f0824c09d071b606ae991ff87";
};
}
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index eba40532d..7a7bf95be 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -16,9 +16,9 @@
enable = true;
connectTo = [
"prism"
- "pigstarter"
"gum"
- "flap"
+ "ni"
+ "dishfire"
];
};
diff --git a/lass/2configs/screenlock.nix b/lass/2configs/screenlock.nix
new file mode 100644
index 000000000..237127f69
--- /dev/null
+++ b/lass/2configs/screenlock.nix
@@ -0,0 +1,17 @@
+{ pkgs, config, ... }:
+
+{
+ systemd.services.screenlock = {
+ before = [ "sleep.target" ];
+ wantedBy = [ "sleep.target" ];
+ environment = {
+ DISPLAY = ":${toString config.services.xserver.display}";
+ };
+ serviceConfig = {
+ SyslogIdentifier = "screenlock";
+ ExecStart = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
+ Type = "forking";
+ User = "lass";
+ };
+ };
+}
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index f79e6b807..c3eac8f38 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -14,6 +14,91 @@ let
environment.variables.VIMINIT = ":so /etc/vimrc";
};
+ vimrc = pkgs.writeText "vimrc" ''
+ set nocompatible
+
+ set autoindent
+ set backspace=indent,eol,start
+ set backup
+ set backupdir=${dirs.backupdir}/
+ set directory=${dirs.swapdir}//
+ set hlsearch
+ set incsearch
+ set mouse=a
+ set noruler
+ set pastetoggle=<INS>
+ set runtimepath=${extra-runtimepath},$VIMRUNTIME
+ set shortmess+=I
+ set showcmd
+ set showmatch
+ set ttimeoutlen=0
+ set undodir=${dirs.undodir}
+ set undofile
+ set undolevels=1000000
+ set undoreload=1000000
+ set viminfo='20,<1000,s100,h,n${files.viminfo}
+ set visualbell
+ set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
+ set wildmenu
+ set wildmode=longest,full
+
+ set title
+ set titleold=
+ set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
+
+ set et ts=2 sts=2 sw=2
+
+ filetype plugin indent on
+
+ set t_Co=256
+ colorscheme hack
+ syntax on
+
+ au Syntax * syn match Garbage containedin=ALL /\s\+$/
+ \ | syn match TabStop containedin=ALL /\t\+/
+ \ | syn keyword Todo containedin=ALL TODO
+
+ au BufRead,BufNewFile *.hs so ${hs.vim}
+
+ au BufRead,BufNewFile *.nix so ${nix.vim}
+
+ au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
+
+ "Syntastic config
+ let g:syntastic_python_checkers=['flake8']
+
+ nmap <esc>q :buffer
+ nmap <M-q> :buffer
+
+ cnoremap <C-A> <Home>
+
+ noremap <C-c> :q<cr>
+ vnoremap < <gv
+ vnoremap > >gv
+
+ nnoremap <esc>[5^ :tabp<cr>
+ nnoremap <esc>[6^ :tabn<cr>
+ nnoremap <esc>[5@ :tabm -1<cr>
+ nnoremap <esc>[6@ :tabm +1<cr>
+
+ nnoremap <f1> :tabp<cr>
+ nnoremap <f2> :tabn<cr>
+ inoremap <f1> <esc>:tabp<cr>
+ inoremap <f2> <esc>:tabn<cr>
+
+ " <C-{Up,Down,Right,Left>
+ noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
+ noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
+ noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
+ noremap <esc>Od <nop> | noremap! <esc>Od <nop>
+ " <[C]S-{Up,Down,Right,Left>
+ noremap <esc>[a <nop> | noremap! <esc>[a <nop>
+ noremap <esc>[b <nop> | noremap! <esc>[b <nop>
+ noremap <esc>[c <nop> | noremap! <esc>[c <nop>
+ noremap <esc>[d <nop> | noremap! <esc>[d <nop>
+ vnoremap u <nop>
+ '';
+
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
pkgs.vimPlugins.Gundo
pkgs.vimPlugins.Syntastic
@@ -127,87 +212,6 @@ let
exec ${pkgs.vim}/bin/vim "$@"
'';
- vimrc = pkgs.writeText "vimrc" ''
- set nocompatible
-
- set autoindent
- set backspace=indent,eol,start
- set backup
- set backupdir=${dirs.backupdir}/
- set directory=${dirs.swapdir}//
- set hlsearch
- set incsearch
- set mouse=a
- set noruler
- set pastetoggle=<INS>
- set runtimepath=${extra-runtimepath},$VIMRUNTIME
- set shortmess+=I
- set showcmd
- set showmatch
- set ttimeoutlen=0
- set undodir=${dirs.undodir}
- set undofile
- set undolevels=1000000
- set undoreload=1000000
- set viminfo='20,<1000,s100,h,n${files.viminfo}
- set visualbell
- set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
- set wildmenu
- set wildmode=longest,full
-
- set et ts=2 sts=2 sw=2
-
- filetype plugin indent on
-
- set t_Co=256
- colorscheme hack
- syntax on
-
- au Syntax * syn match Garbage containedin=ALL /\s\+$/
- \ | syn match TabStop containedin=ALL /\t\+/
- \ | syn keyword Todo containedin=ALL TODO
-
- au BufRead,BufNewFile *.hs so ${hs.vim}
-
- au BufRead,BufNewFile *.nix so ${nix.vim}
-
- au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
-
- "Syntastic config
- let g:syntastic_python_checkers=['flake8']
-
- nmap <esc>q :buffer
- nmap <M-q> :buffer
-
- cnoremap <C-A> <Home>
-
- noremap <C-c> :q<cr>
- vnoremap < <gv
- vnoremap > >gv
-
- nnoremap <esc>[5^ :tabp<cr>
- nnoremap <esc>[6^ :tabn<cr>
- nnoremap <esc>[5@ :tabm -1<cr>
- nnoremap <esc>[6@ :tabm +1<cr>
-
- nnoremap <f1> :tabp<cr>
- nnoremap <f2> :tabn<cr>
- inoremap <f1> <esc>:tabp<cr>
- inoremap <f2> <esc>:tabn<cr>
-
- " <C-{Up,Down,Right,Left>
- noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
- noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
- noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
- noremap <esc>Od <nop> | noremap! <esc>Od <nop>
- " <[C]S-{Up,Down,Right,Left>
- noremap <esc>[a <nop> | noremap! <esc>[a <nop>
- noremap <esc>[b <nop> | noremap! <esc>[b <nop>
- noremap <esc>[c <nop> | noremap! <esc>[c <nop>
- noremap <esc>[d <nop> | noremap! <esc>[d <nop>
- vnoremap u <nop>
- '';
-
hs.vim = pkgs.writeText "hs.vim" ''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 71eae5b71..e79973a66 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -57,14 +57,15 @@ in {
"www.illucloud.de"
"www.illucloud.com"
"www.ubikmedia.de"
+ "aldona2.ubikmedia.de"
"apanowicz.ubikmedia.de"
- "karlaskop.ubikmedia.de"
- "nb.ubikmedia.de"
"cinevita.ubikmedia.de"
"factscloud.ubikmedia.de"
- "youthtube.ubikmedia.de"
- "aldona2.ubikmedia.de"
"illucloud.ubikmedia.de"
+ "joemisch.ubikmedia.de"
+ "karlaskop.ubikmedia.de"
+ "nb.ubikmedia.de"
+ "youthtube.ubikmedia.de"
])
];
@@ -111,17 +112,26 @@ in {
'';
internet-aliases = [
{ from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
+ { from = "dma@ubikmedia.de"; to = "domsen"; }
+ { from = "dma@ubikmedia.eu"; to = "domsen"; }
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
+ { from = "jms@ubikmedia.eu"; to = "jms"; }
+ { from = "ms@ubikmedia.eu"; to = "ms"; }
+ { from = "nrg@ubikmedia.eu"; to = "nrg"; }
+ { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms, nrg"; }
+
+ { from = "testuser@lassul.us"; to = "testuser"; }
];
sender_domains = [
"jla-trading.com"
+ "ubikmedia.eu"
];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";
};
users.users.domsen = {
- uid = genid "domsen";
+ uid = genid_signed "domsen";
description = "maintenance acc for domsen";
home = "/home/domsen";
useDefaultShell = true;
@@ -130,10 +140,38 @@ in {
};
users.users.jla-trading = {
- uid = genid "jla-trading";
+ uid = genid_signed "jla-trading";
home = "/home/jla-trading";
useDefaultShell = true;
createHome = true;
};
+
+ users.users.jms = {
+ uid = genid_signed "jms";
+ home = "/home/jms";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
+ users.users.ms = {
+ uid = genid_signed "ms";
+ home = "/home/ms";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
+ users.users.nrg = {
+ uid = genid_signed "nrg";
+ home = "/home/nrg";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
+ users.users.testuser = {
+ uid = genid_signed "testuser";
+ home = "/home/testuser";
+ useDefaultShell = true;
+ createHome = true;
+ };
}
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index cfdda05db..024d2eeb2 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -83,6 +83,7 @@ in {
locations."/tinc".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external;
'';
+ # TODO make this work!
locations."= /ddate".extraConfig = let
script = pkgs.writeBash "test" ''
echo "hello world"
@@ -100,6 +101,14 @@ in {
fastcgi_param SCRIPT_NAME ${script};
'';
+ locations."/init".extraConfig = let
+ initscript = pkgs.init.override {
+ pubkey = config.krebs.users.lass.pubkey;
+ };
+ in ''
+ alias ${initscript};
+ '';
+
enableSSL = true;
extraConfig = "listen 80;";
sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index 442a1d4d9..4d33aa79d 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -118,5 +118,5 @@
fi
'';
};
- users.users.${config.krebs.build.user.name}.shell = "/run/current-system/sw/bin/zsh";
+ users.users.mainUser.shell = "/run/current-system/sw/bin/zsh";
}
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 0beda7481..e47e3126a 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, ... }@args:
{
nixpkgs.config.packageOverrides = rec {
@@ -11,6 +11,7 @@
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
};
+ init = pkgs.callPackage ./init/default.nix args;
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
pop = pkgs.callPackage ./pop/default.nix {};
diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix
new file mode 100644
index 000000000..d0339f811
--- /dev/null
+++ b/lass/5pkgs/init/default.nix
@@ -0,0 +1,159 @@
+{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "pool", luksmap ? "luksmap", keyfile ? "/root/keyfile", ... }:
+
+with lib;
+
+pkgs.writeText "init" ''
+ #! /bin/sh
+ # usage: curl xu/~tv/init | sh
+ set -efu
+ # TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
+ # install at tmp location
+
+
+ case $(cat /proc/cmdline) in
+ *' root=LABEL=NIXOS_ISO '*) :;;
+ *) echo Error: unknown operating system >&2; exit 1;;
+ esac
+
+ keyfile=${keyfile}
+
+ disk=${disk}
+
+ bootdev=${disk}2
+
+ luksdev=${disk}3
+ luksmap=/dev/mapper/${luksmap}
+
+ vgname=${vgname}
+
+ rootdev=/dev/mapper/${vgname}-root
+ homedev=/dev/mapper/${vgname}-home
+ bkudev=/dev/mapper/${vgname}-bku
+
+ #
+ #generate keyfile
+ #
+
+ if ! test -e "$keyfile"; then
+ dd if=/dev/urandom bs=512 count=2048 of=$keyfile
+ fi
+
+ #
+ # partitioning
+ #
+
+ # http://en.wikipedia.org/wiki/GUID_Partition_Table
+ # undo:
+ # dd if=/dev/zero bs=512 count=34 of=/dev/sda
+ # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
+ if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
+ parted -a optimal "$disk" \
+ mklabel gpt \
+ mkpart no-fs 0 1024KiB \
+ set 1 bios_grub on \
+ mkpart ext2 1025KiB 1024MiB \
+ mkpart primary 1024MiB 100%
+ fi
+
+ if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ext2; then
+ echo zonk
+ exit 23
+ fi
+
+ if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
+ echo zonk2
+ exit 23
+ fi
+
+ if ! cryptsetup isLuks "$luksdev"; then
+ # aes xts-plain64
+ cryptsetup luksFormat "$luksdev" "$keyfile" \
+ -h sha512 \
+ --iter-time 5000
+ fi
+
+ if ! test -e "$luksmap"; then
+ cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" \
+ --key-file "$keyfile"
+ fi
+ # cryptsetup close
+
+ if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
+ pvcreate "$luksmap"
+ fi
+
+ if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi
+
+ lvchange -a y /dev/mapper/"$vgname"
+
+ if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi
+ if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi
+ if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi
+
+ # lvchange -a n "$vgname"
+
+
+ #
+ # formatting
+ #
+
+ if ! test "$(blkid -o value -s TYPE "$bootdev")" = ext2; then
+ mkfs.ext2 "$bootdev"
+ fi
+
+ if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
+ mkfs.btrfs "$rootdev"
+ fi
+
+ if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
+ mkfs.btrfs "$homedev"
+ fi
+
+ if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then
+ mkfs.btrfs "$bkudev"
+ fi
+
+
+ if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
+ mount "$rootdev" /mnt
+ fi
+ if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
+ mkdir -m 0000 -p /mnt/boot
+ mount "$bootdev" /mnt/boot
+ fi
+ if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
+ mkdir -m 0000 -p /mnt/home
+ mount "$homedev" /mnt/home
+ fi
+ if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then
+ mkdir -m 0000 -p /mnt/bku
+ mount "$bkudev" /mnt/bku
+ fi
+
+ # umount -R /mnt
+
+ #
+ # dependencies for stockholm
+ #
+
+ nix-env -iA nixos.git
+
+ mkdir -p /mnt/var/src
+ touch /mnt/var/src/.populate
+
+ #
+ # print all the infos
+ #
+
+ parted "$disk" print
+ lsblk "$disk"
+
+ key='${pubkey}'
+ if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
+ mkdir -p /root/.ssh
+ echo "$key" > /root/.ssh/authorized_keys
+ fi
+ systemctl start sshd
+ ip route
+ echo READY.
+''
diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index 2f2be6762..cf8eaf058 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/