summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/helios/config.nix37
-rw-r--r--lass/1systems/prism/config.nix10
-rw-r--r--lass/1systems/shodan/config.nix4
-rw-r--r--lass/2configs/baseX.nix4
-rw-r--r--lass/2configs/minecraft.nix1
-rw-r--r--lass/2configs/network-manager.nix24
-rw-r--r--lass/2configs/vim.nix6
-rw-r--r--lass/2configs/websites/util.nix1
-rw-r--r--lass/2configs/wine.nix15
9 files changed, 77 insertions, 25 deletions
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index 5a553572e..c4d99cb2c 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -137,14 +137,35 @@ with import <stockholm/lib>;
networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
-
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
+
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ (pkgs.writeText "minio.cert" ''
+ -----BEGIN CERTIFICATE-----
+ MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
+ MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
+ OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+ AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
+ 8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
+ YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
+ ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
+ CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
+ hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
+ MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
+ I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
+ CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
+ hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
+ jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
+ EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM
+ zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a
+ qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa
+ -----END CERTIFICATE-----
+ '')
];
lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index b498d94ff..c0e4620cc 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -292,6 +292,16 @@ in {
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix>
{
+ users.users.jeschli = {
+ uid = genid "jeschli";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ jeschli.pubkey
+ jeschli-bln.pubkey
+ jeschli-bolide.pubkey
+ jeschli-brauerei.pubkey
+ ];
+ };
krebs.git.rules = [
{
user = with config.krebs.users; [
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index ef015aebc..7fb57544f 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -61,4 +61,8 @@ with import <stockholm/lib>;
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
'';
+
+ services.logind.extraConfig = ''
+ HandleLidSwitch=ignore
+ '';
}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 61a006a52..2b7a5c924 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -10,6 +10,7 @@ in {
./livestream.nix
./dns-stuff.nix
./urxvt.nix
+ ./network-manager.nix
{
hardware.pulseaudio = {
enable = true;
@@ -121,13 +122,14 @@ in {
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
+ ${pkgs.systemd}/bin/systemctl --user start xmonad
exec ${pkgs.coreutils}/bin/sleep infinity
'';
}];
};
systemd.user.services.xmonad = {
- wantedBy = [ "graphical-session.target" ];
+ #wantedBy = [ "graphical-session.target" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
RXVT_SOCKET = "%t/urxvtd-socket";
diff --git a/lass/2configs/minecraft.nix b/lass/2configs/minecraft.nix
index aa33dcccc..6f8ceb358 100644
--- a/lass/2configs/minecraft.nix
+++ b/lass/2configs/minecraft.nix
@@ -17,5 +17,6 @@
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
];
}
diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix
new file mode 100644
index 000000000..c4f757de1
--- /dev/null
+++ b/lass/2configs/network-manager.nix
@@ -0,0 +1,24 @@
+{ pkgs, lib, ... }:
+{
+ networking.wireless.enable = lib.mkForce false;
+
+ systemd.services.modemmanager = {
+ description = "ModemManager";
+ after = [ "network-manager.service" ];
+ bindsTo = [ "network-manager.service" ];
+ wantedBy = [ "network-manager.service" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
+ PrivateTmp = true;
+ Restart = "always";
+ RestartSec = "5";
+ };
+ };
+ networking.networkmanager.enable = true;
+ users.users.mainUser = {
+ extraGroups = [ "networkmanager" ];
+ packages = with pkgs; [
+ gnome3.gnome_keyring gnome3.dconf
+ ];
+ };
+}
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index 5fe9e1450..6014fd082 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -6,6 +6,9 @@ let
environment.systemPackages = [
(hiPrio vim)
pkgs.python35Packages.flake8
+ (pkgs.writeDashBin "govet" ''
+ go vet "$@"
+ '')
];
environment.etc.vimrc.source = vimrc;
@@ -68,6 +71,9 @@ let
let g:syntastic_python_checkers=['flake8']
let g:syntastic_python_flake8_post_args='--ignore=E501'
+ let g:go_metalinter_autosave = 1
+ let g:go_metalinter_deadline = "10s"
+
nmap <esc>q :buffer
nmap <M-q> :buffer
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 36ae1a904..62055d0fd 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -32,7 +32,6 @@ rec {
let
domain = head domains;
in {
- services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
enableSSL = true;
diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix
index d60b1feea..dd82b34eb 100644
--- a/lass/2configs/wine.nix
+++ b/lass/2configs/wine.nix
@@ -19,23 +19,8 @@ in {
pkgs.wine
];
};
- wine64 = {
- name = "wine64";
- description = "user for running wine in 64bit";
- home = "/home/wine64";
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "video"
- ];
- createHome = true;
- packages = [
- (pkgs.wine.override { wineBuild = "wineWow"; })
- ];
- };
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(wine) NOPASSWD: ALL
- ${mainUser.name} ALL=(wine64) NOPASSWD: ALL
'';
}