summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/cloudkrebs.nix4
-rw-r--r--lass/1systems/mors.nix9
-rw-r--r--lass/1systems/uriel.nix4
-rw-r--r--lass/2configs/base.nix9
-rw-r--r--lass/2configs/bitlbee.nix15
-rw-r--r--lass/2configs/browsers.nix93
-rw-r--r--lass/2configs/chromium-patched.nix16
-rw-r--r--lass/2configs/new-repos.nix13
-rw-r--r--lass/2configs/retiolum.nix2
-rw-r--r--lass/2configs/texlive.nix2
-rw-r--r--lass/2configs/virtualbox.nix2
-rw-r--r--lass/3modules/bitlbee.nix153
-rw-r--r--lass/3modules/per-user.nix54
-rw-r--r--lass/4lib/default.nix20
-rw-r--r--lass/5pkgs/bitlbee-dev.nix20
-rw-r--r--lass/5pkgs/bitlbee-steam.nix31
-rw-r--r--lass/5pkgs/bitlbee.nix71
-rw-r--r--lass/5pkgs/default.nix13
18 files changed, 446 insertions, 85 deletions
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 515810e44..7c95e0f87 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -28,10 +28,6 @@
target = "root@cloudkrebs";
host = config.krebs.hosts.cloudkrebs;
deps = {
- nixpkgs = {
- url = https://github.com/Lassulus/nixpkgs;
- rev = "1879a011925c561f0a7fd4043da0768bbff41d0b";
- };
secrets = {
url = "/home/lass/secrets/${config.krebs.build.host.name}";
};
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index e7f8d5276..d07fe14d9 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -15,12 +15,13 @@
../2configs/wine.nix
../2configs/texlive.nix
../2configs/binary-caches.nix
- ../2configs/ircd.nix
+ #../2configs/ircd.nix
../2configs/chromium-patched.nix
../2configs/new-repos.nix
#../../2configs/tv/synaptics.nix
../2configs/retiolum.nix
../2configs/wordpress.nix
+ ../2configs/bitlbee.nix
];
krebs.build = {
@@ -28,10 +29,6 @@
target = "root@mors";
host = config.krebs.hosts.mors;
deps = {
- nixpkgs = {
- url = https://github.com/Lassulus/nixpkgs;
- rev = "961fd7b7a0f88dde7dac2f7a4c05ee4e1a25381d";
- };
secrets = {
url = "/home/lass/secrets/${config.krebs.build.host.name}";
};
@@ -128,7 +125,7 @@
#VM writeback timeout
echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs'
#Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
- echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
+ #echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
#Autosuspend for USB device Biometric Coprocessor
echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 041b891b6..7c3d08123 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -28,10 +28,6 @@ with builtins;
target = "root@uriel";
host = config.krebs.hosts.uriel;
deps = {
- nixpkgs = {
- url = https://github.com/Lassulus/nixpkgs;
- rev = "961fcbabd7643171ea74bd550fee1ce5c13c2e90";
- };
secrets = {
url = "/home/lass/secrets/${config.krebs.build.host.name}";
};
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 095c7660c..d44a19c1e 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -39,12 +39,20 @@ with lib;
krebs = {
enable = true;
search-domain = "retiolum";
+ exim-retiolum.enable = true;
+ build.deps.nixpkgs = {
+ url = https://github.com/Lassulus/nixpkgs;
+ rev = "58a82ff50b8605b88a8f66481d8c85bf8ab53be3";
+ };
};
nix.useChroot = true;
users.mutableUsers = false;
+ #why is this on in the first place?
+ services.ntp.enable = false;
+
boot.tmpOnTmpfs = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
@@ -134,6 +142,7 @@ with lib;
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
+ { predicate = "-i retiolum"; target = "REJECT"; precedence = -10000; }
];
};
};
diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
new file mode 100644
index 000000000..3a0080402
--- /dev/null
+++ b/lass/2configs/bitlbee.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+
+let
+ lpkgs = import ../5pkgs { inherit pkgs; };
+in {
+
+ imports = [
+ ../3modules/bitlbee.nix
+ ];
+
+ config.lass.bitlbee = {
+ enable = true;
+ bitlbeePkg = lpkgs.bitlbee;
+ };
+}
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 8aecea925..9849c829a 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -1,67 +1,50 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
let
+ inherit (import ../4lib { inherit pkgs lib; }) simpleScript;
+
mainUser = config.users.extraUsers.mainUser;
+ createBrowserUser = name: extraGroups: packages:
+ {
+ users.extraUsers = {
+ ${name} = {
+ inherit name;
+ inherit extraGroups;
+ home = "/home/${name}";
+ useDefaultShell = true;
+ createHome = true;
+ };
+ };
+ lass.per-user.${name}.packages = packages;
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
+ '';
+ environment.systemPackages = [
+ (simpleScript name ''
+ sudo -u ${name} -i chromium $@
+ '')
+ ];
+ };
in {
- nixpkgs.config.packageOverrides = pkgs : {
- chromium = pkgs.chromium.override {
- pulseSupport = true;
- };
- };
-
- environment.systemPackages = with pkgs; [
- firefox
+ imports = [
+ ../3modules/per-user.nix
+ ] ++ [
+ ( createBrowserUser "ff" [ "audio" ] [ pkgs.firefox ] )
+ ( createBrowserUser "cr" [ "audio" ] [ pkgs.chromium ] )
+ ( createBrowserUser "fb" [ ] [ pkgs.chromium ] )
+ ( createBrowserUser "gm" [ ] [ pkgs.chromium ] )
+ ( createBrowserUser "flash" [ ] [ pkgs.flash ] )
];
- users.extraUsers = {
- firefox = {
- name = "firefox";
- description = "user for running firefox";
- home = "/home/firefox";
- useDefaultShell = true;
- extraGroups = [ "audio" ];
- createHome = true;
- };
- chromium = {
- name = "chromium";
- description = "user for running chromium";
- home = "/home/chromium";
- useDefaultShell = true;
- extraGroups = [ "audio" ];
- createHome = true;
- };
- facebook = {
- name = "facebook";
- description = "user for running facebook in chromium";
- home = "/home/facebook";
- useDefaultShell = true;
- extraGroups = [ "audio" ];
- createHome = true;
- };
- google = {
- name = "google";
- description = "user for running google+/gmail in chromium";
- home = "/home/google";
- useDefaultShell = true;
- createHome = true;
+ nixpkgs.config.packageOverrides = pkgs : {
+ flash = pkgs.chromium.override {
+ pulseSupport = true;
+ enablePepperFlash = true;
};
- flash = {
- name = "flash";
- description = "user for running flash stuff";
- home = "/home/flash";
- useDefaultShell = true;
- extraGroups = [ "audio" ];
- createHome = true;
+ chromium = pkgs.chromium.override {
+ pulseSupport = true;
};
};
-
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(firefox) NOPASSWD: ALL
- ${mainUser.name} ALL=(chromium) NOPASSWD: ALL
- ${mainUser.name} ALL=(facebook) NOPASSWD: ALL
- ${mainUser.name} ALL=(google) NOPASSWD: ALL
- ${mainUser.name} ALL=(flash) NOPASSWD: ALL
- '';
}
diff --git a/lass/2configs/chromium-patched.nix b/lass/2configs/chromium-patched.nix
index 715181778..d9d7760dd 100644
--- a/lass/2configs/chromium-patched.nix
+++ b/lass/2configs/chromium-patched.nix
@@ -37,12 +37,12 @@ let
in {
environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy;
- environment.systemPackages = [
- #pkgs.chromium
- (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
- buildCommand = attrs.buildCommand + ''
- touch $out/TEST123
- '';
- }))
- ];
+ #environment.systemPackages = [
+ # #pkgs.chromium
+ # (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
+ # buildCommand = attrs.buildCommand + ''
+ # touch $out/TEST123
+ # '';
+ # }))
+ #];
}
diff --git a/lass/2configs/new-repos.nix b/lass/2configs/new-repos.nix
index 64e9a7f14..026f9a665 100644
--- a/lass/2configs/new-repos.nix
+++ b/lass/2configs/new-repos.nix
@@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }:
with import ../../tv/4lib { inherit lib pkgs; };
+
let
out = {
@@ -8,14 +9,14 @@ let
enable = true;
root-title = "public repositories at ${config.krebs.build.host.name}";
root-desc = "keep calm and engage";
- inherit repos rules;
+ repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
+ rules = rules;
};
};
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) (
+ repos =
public-repos //
- optionalAttrs config.krebs.build.host.secure restricted-repos
- );
+ optionalAttrs config.krebs.build.host.secure restricted-repos;
rules = concatMap make-rules (attrValues repos);
@@ -50,8 +51,8 @@ let
};
};
- make-restricted-repo = name: { desc ? null, ... }: {
- inherit name desc;
+ make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: {
+ inherit name collaborators desc;
public = false;
};
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index 2d583a88a..7c7f2b4d4 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -22,6 +22,8 @@
"fastpoke"
"cloudkrebs"
"pigstarter"
+ "gum"
+ "flap"
];
};
}
diff --git a/lass/2configs/texlive.nix b/lass/2configs/texlive.nix
index 295df31cd..18d72297d 100644
--- a/lass/2configs/texlive.nix
+++ b/lass/2configs/texlive.nix
@@ -2,6 +2,6 @@
{
environment.systemPackages = with pkgs; [
- (pkgs.texLiveAggregationFun { paths = [ pkgs.texLive pkgs.texLiveFull ]; })
+ texLive
];
}
diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix
index 026203124..ad7ac1429 100644
--- a/lass/2configs/virtualbox.nix
+++ b/lass/2configs/virtualbox.nix
@@ -4,7 +4,7 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
- services.virtualboxHost.enable = true;
+ virtualisation.virtualbox.host.enable = true;
users.extraUsers = {
virtual = {
diff --git a/lass/3modules/bitlbee.nix b/lass/3modules/bitlbee.nix
new file mode 100644
index 000000000..8ce560146
--- /dev/null
+++ b/lass/3modules/bitlbee.nix
@@ -0,0 +1,153 @@
+{ config, lib, pkgs, ... }:
+
+
+let
+
+ inherit (lib)
+ mkIf
+ mkOption
+ types
+ singleton
+ ;
+
+ authModeCheck = v:
+ v == "Open" ||
+ v == "Closed" ||
+ v == "Registered"
+ ;
+
+ bitlbeeConfig = pkgs.writeText "bitlbee.conf" ''
+ [settings]
+ RunMode = Daemon
+ User = bitlbee
+ ConfigDir = ${cfg.configDir}
+ DaemonInterface = ${cfg.interface}
+ DaemonPort = ${toString cfg.portNumber}
+ AuthMode = ${cfg.authMode}
+ ${lib.optionalString (cfg.hostName != "") "HostName = ${cfg.hostName}"}
+ ${lib.optionalString (cfg.protocols != "") "Protocols = ${cfg.protocols}"}
+ ${cfg.extraSettings}
+
+ [defaults]
+ ${cfg.extraDefaults}
+ '';
+
+ cfg = config.lass.bitlbee;
+
+ out = {
+ options.lass.bitlbee = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkOption {
+ default = false;
+ description = ''
+ Whether to run the BitlBee IRC to other chat network gateway.
+ Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat
+ networks via an IRC client.
+ '';
+ };
+
+ interface = mkOption {
+ default = "127.0.0.1";
+ description = ''
+ The interface the BitlBee deamon will be listening to. If `127.0.0.1',
+ only clients on the local host can connect to it; if `0.0.0.0', clients
+ can access it from any network interface.
+ '';
+ };
+
+ portNumber = mkOption {
+ default = 6667;
+ description = ''
+ Number of the port BitlBee will be listening to.
+ '';
+ };
+
+ authMode = mkOption {
+ default = "Open";
+ type = types.addCheck types.str authModeCheck;
+ description = ''
+ The following authentication modes are available:
+ Open -- Accept connections from anyone, use NickServ for user authentication.
+ Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all.
+ Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.
+ '';
+ };
+
+ hostName = mkOption {
+ default = "";
+ type = types.str;
+ description = ''
+ Normally, BitlBee gets a hostname using getsockname(). If you have a nicer
+ alias for your BitlBee daemon, you can set it here and BitlBee will identify
+ itself with that name instead.
+ '';
+ };
+
+ configDir = mkOption {
+ default = "/var/lib/bitlbee";
+ type = types.path;
+ description = ''
+ Specify an alternative directory to store all the per-user configuration
+ files.
+ '';
+ };
+
+ protocols = mkOption {
+ default = "";
+ type = types.str;
+ description = ''
+ This option allows to remove the support of protocol, even if compiled
+ in. If nothing is given, there are no restrictions.
+ '';
+ };
+
+ extraSettings = mkOption {
+ default = "";
+ description = ''
+ Will be inserted in the Settings section of the config file.
+ '';
+ };
+
+ extraDefaults = mkOption {
+ default = "";
+ description = ''
+ Will be inserted in the Default section of the config file.
+ '';
+ };
+
+ bitlbeePkg = mkOption {
+ default = pkgs.bitlbee;
+ description = ''
+ the bitlbee pkg to use.
+ '';
+ };
+ };
+
+ imp = {
+ users.extraUsers = singleton {
+ name = "bitlbee";
+ uid = config.ids.uids.bitlbee;
+ description = "BitlBee user";
+ home = "/var/lib/bitlbee";
+ createHome = true;
+ };
+
+ users.extraGroups = singleton {
+ name = "bitlbee";
+ gid = config.ids.gids.bitlbee;
+ };
+
+ systemd.services.bitlbee = {
+ description = "BitlBee IRC to other chat networks gateway";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig.User = "bitlbee";
+ serviceConfig.ExecStart = "${cfg.bitlbeePkg}/sbin/bitlbee -F -n -c ${bitlbeeConfig}";
+ };
+ };
+
+in
+out
diff --git a/lass/3modules/per-user.nix b/lass/3modules/per-user.nix
new file mode 100644
index 000000000..98d6339db
--- /dev/null
+++ b/lass/3modules/per-user.nix
@@ -0,0 +1,54 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+let
+ cfg = config.lass.per-user;
+
+ out = {
+ options.lass.per-user = api;
+ config = imp;
+ };
+
+ api = mkOption {
+ type = with types; attrsOf (submodule {
+ options = {
+ packages = mkOption {
+ type = listOf path;
+ default = [];
+ };
+ };
+ });
+ default = {};
+ };
+
+ imp = {
+ #
+ # TODO only shellInit and use well-known paths
+ #
+ environment.shellInit = ''
+ if test -e ${user-profiles}/"$LOGNAME"; then
+ . ${user-profiles}/"$LOGNAME"
+ fi
+ '';
+ environment.interactiveShellInit = ''
+ if test -e ${user-profiles}/"$LOGNAME"; then
+ . ${user-profiles}/"$LOGNAME"
+ fi
+ '';
+ environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
+ };
+
+ user-profiles = pkgs.runCommand "user-profiles" {} ''
+ mkdir $out
+ ${concatStrings (mapAttrsToList (logname: { packages, ... }: ''
+ cat > $out/${logname} <<\EOF
+ ${optionalString (length packages > 0) (
+ let path = makeSearchPath "bin" packages; in
+ ''export PATH="$PATH":${escapeShellArg path}''
+ )}
+ EOF
+ '') cfg)}
+ '';
+
+in out
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
new file mode 100644
index 000000000..21a083d1a
--- /dev/null
+++ b/lass/4lib/default.nix
@@ -0,0 +1,20 @@
+{ lib, pkgs, ... }:
+
+let
+ krebs = import ../../krebs/4lib { inherit lib; };
+in
+
+with krebs;
+
+krebs // rec {
+
+ simpleScript = name: content:
+ pkgs.stdenv.mkDerivation {
+ inherit name;
+ phases = [ "installPhase" ];
+ installPhase = ''
+ mkdir -p $out/bin
+ ln -s ${pkgs.writeScript name content} $out/bin/${name}
+ '';
+ };
+}
diff --git a/lass/5pkgs/bitlbee-dev.nix b/lass/5pkgs/bitlbee-dev.nix
new file mode 100644
index 000000000..dd129591e
--- /dev/null
+++ b/lass/5pkgs/bitlbee-dev.nix
@@ -0,0 +1,20 @@
+{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python }:
+
+stdenv.mkDerivation rec {
+ name = "bitlbee-3.4.1";
+
+ src = fetchurl {
+ url = "mirror://bitlbee/src/${name}.tar.gz";
+ sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh";
+ };
+
+ buildInputs = [ gnutls glib pkgconfig libotr python ];
+
+ buildPhase = "";
+
+ installPhase = ''
+ make install-dev
+ '';
+
+}
+
diff --git a/lass/5pkgs/bitlbee-steam.nix b/lass/5pkgs/bitlbee-steam.nix
new file mode 100644
index 000000000..d869eaac5
--- /dev/null
+++ b/lass/5pkgs/bitlbee-steam.nix
@@ -0,0 +1,31 @@
+{ stdenv, fetchgit, autoconf, automake, bitlbee-dev, glib, libgcrypt, libtool, pkgconfig }:
+
+stdenv.mkDerivation rec {
+ name = "bitlbee-steam-1.3.1";
+
+ src = fetchgit {
+ url = "https://github.com/jgeboski/bitlbee-steam";
+ rev = "439d777c7e8d06712ffc15c3e51d61799f4c0d0c";
+ sha256 = "493924da1083a3b23073c595a9e1989a7ae09a196524ad66ca99c4d8ccc20d2a";
+ };
+
+ buildInputs = [
+ autoconf
+ automake
+ bitlbee-dev
+ glib
+ libgcrypt
+ libtool
+ pkgconfig
+ ];
+
+ configurePhase = ''
+ ./autogen.sh
+ '';
+
+ installPhase = ''
+ mkdir -p $out
+ cp steam/.libs/steam.la $out/
+ cp steam/.libs/steam.so $out/
+ '';
+}
diff --git a/lass/5pkgs/bitlbee.nix b/lass/5pkgs/bitlbee.nix
new file mode 100644
index 000000000..2a5a8d86d
--- /dev/null
+++ b/lass/5pkgs/bitlbee.nix
@@ -0,0 +1,71 @@
+{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python
+ , bitlbee-facebook ? null
+ , bitlbee-steam ? null
+}:
+
+with stdenv.lib;
+stdenv.mkDerivation rec {
+ name = "bitlbee-3.4.1";
+
+ src = fetchurl {
+ url = "mirror://bitlbee/src/${name}.tar.gz";
+ sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh";
+ };
+
+
+ buildInputs = [ gnutls glib pkgconfig libotr python ]
+ ++ optional doCheck check;
+
+ configureFlags = [
+ "--gcov=1"
+ "--otr=1"
+ "--ssl=gnutls"
+ ];
+
+ postBuild = ''
+ ${if (bitlbee-steam != null) then
+ ''
+ mkdir -p $out/lib/bitlbee/
+ find ${bitlbee-steam}
+ cp ${bitlbee-steam}/* $out/lib/bitlbee/
+ ''
+ else
+ ""
+ }
+ '';
+ #${concatMapStringsSep "\n" ([] ++
+ # (if (bitlbee-facebook != null) then
+ # "cp ${bitlbee-faceook}/* $out/"
+ # else
+ # ""
+ # ) ++
+ # (if (bitlbee-steam != null) then
+ # "cp ${bitlbee-steam}/* $out/"
+ # else
+ # ""
+ # )
+ #)}
+
+ doCheck = true;
+
+ meta = {
+ description = "IRC instant messaging gateway";
+
+ longDescription = ''
+ BitlBee brings IM (instant messaging) to IRC clients. It's a
+ great solution for people who have an IRC client running all the
+ time and don't want to run an additional MSN/AIM/whatever
+ client.
+
+ BitlBee currently supports the following IM networks/protocols:
+ XMPP/Jabber (including Google Talk), MSN Messenger, Yahoo!
+ Messenger, AIM and ICQ.
+ '';
+
+ homepage = http://www.bitlbee.org/;
+ license = licenses.gpl2Plus;
+
+ maintainers = with maintainers; [ wkennington pSub ];
+ platforms = platforms.gnu; # arbitrary choice
+ };
+}
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
new file mode 100644
index 000000000..c776262ff
--- /dev/null
+++ b/lass/5pkgs/default.nix
@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+
+let
+ inherit (pkgs) callPackage;
+ kpkgs = import ../../krebs/5pkgs { inherit pkgs; };
+in
+
+kpkgs //
+rec {
+ bitlbee-dev = callPackage ./bitlbee-dev.nix {};
+ bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; };
+ bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; };
+}