diff options
Diffstat (limited to 'lass')
35 files changed, 593 insertions, 548 deletions
diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix deleted file mode 100644 index 6411c423d..000000000 --- a/lass/1systems/archprism/config.nix +++ /dev/null @@ -1,328 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; - -let - ip = config.krebs.build.host.nets.internet.ip4.addr; - -in { - imports = [ - <stockholm/lass> - { - networking.interfaces.et0.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = "213.239.205.225"; - networking.nameservers = [ - "8.8.8.8" - ]; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" - ''; - } - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/exim-smarthost.nix> - #<stockholm/lass/2configs/downloading.nix> - <stockholm/lass/2configs/ts3.nix> - <stockholm/lass/2configs/bitlbee.nix> - <stockholm/lass/2configs/weechat.nix> - <stockholm/lass/2configs/privoxy-retiolum.nix> - <stockholm/lass/2configs/radio.nix> - <stockholm/lass/2configs/repo-sync.nix> - <stockholm/lass/2configs/binary-cache/server.nix> - <stockholm/lass/2configs/iodined.nix> - <stockholm/lass/2configs/libvirt.nix> - <stockholm/lass/2configs/hfos.nix> - <stockholm/lass/2configs/monitoring/server.nix> - <stockholm/lass/2configs/monitoring/monit-alarms.nix> - <stockholm/lass/2configs/paste.nix> - <stockholm/lass/2configs/syncthing.nix> - #<stockholm/lass/2configs/reaktor-coders.nix> - <stockholm/lass/2configs/ciko.nix> - <stockholm/lass/2configs/container-networking.nix> - #<stockholm/lass/2configs/reaktor-krebs.nix> - #{ - # lass.pyload.enable = true; - #} - { - imports = [ - <stockholm/lass/2configs/bepasty.nix> - ]; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { - return 403; - } - ''; - } - { - users.extraGroups = { - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE - # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. - # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. - # warning: error(s) occured while switching to the new configuration - lock.gid = 10001; - }; - } - { - boot.loader.grub = { - devices = [ - "/dev/sda" - "/dev/sdb" - ]; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/pool/nix"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; - }; - - fileSystems."/var/download" = { - device = "/dev/pool/download"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/http"; - }; - - fileSystems."/srv/o.ubikmedia.de-data" = { - device = "/dev/pool/owncloud-ubik-data"; - }; - - fileSystems."/bku" = { - device = "/dev/pool/bku"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - - } - { - sound.enable = false; - } - { - nixpkgs.config.allowUnfree = true; - } - { - #stuff for juhulian - users.extraUsers.juhulian = { - name = "juhulian"; - uid = 1339; - home = "/home/juhulian"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - ]; - } - { - environment.systemPackages = [ - pkgs.perlPackages.Plack - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} - ]; - } - { - time.timeZone = "Europe/Berlin"; - } - { - imports = [ - <stockholm/lass/2configs/websites/domsen.nix> - <stockholm/lass/2configs/websites/lassulus.nix> - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { - services.tor = { - enable = true; - }; - } - { - lass.ejabberd = { - enable = true; - hosts = [ "lassul.us" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } - { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } - ]; - } - { - imports = [ - <stockholm/lass/2configs/realwallpaper.nix> - ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; - } - { - users.users.tv = { - uid = genid "tv"; - inherit (config.krebs.users.tv) home; - group = "users"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; - }; - users.users.makefu = { - uid = genid "makefu"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.makefu.pubkey - ]; - }; - users.users.nin = { - uid = genid "nin"; - inherit (config.krebs.users.nin) home; - group = "users"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - extraGroups = [ - "libvirtd" - ]; - }; - } - { - krebs.repo-sync.timerConfig = { - OnBootSec = "15min"; - OnUnitInactiveSec = "90min"; - RandomizedDelaySec = "30min"; - }; - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; - }; - } - { - lass.usershadow = { - enable = true; - }; - } - #{ - # krebs.Reaktor.prism = { - # nickname = "Reaktor|lass"; - # channels = [ "#retiolum" ]; - # extraEnviron = { - # REAKTOR_HOST = "ni.r"; - # }; - # plugins = with pkgs.ReaktorPlugins; [ - # sed-plugin - # ]; - # }; - #} - { - #stuff for dritter - users.extraUsers.dritter = { - name = "dritter"; - uid = genid "dritter"; - home = "/home/dritter"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" - ]; - }; - } - { - #hotdog - containers.hotdog = { - config = { ... }: { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.1"; - localAddress = "10.233.2.2"; - }; - } - { - #kaepsele - containers.kaepsele = { - config = { ... }: { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - tv.pubkey - ]; - }; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.3"; - localAddress = "10.233.2.4"; - }; - } - { - #onondaga - containers.onondaga = { - config = { ... }: { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey - ]; - }; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.4"; - localAddress = "10.233.2.5"; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.archprism; -} diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 7b90ebb63..6674b3db5 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -37,6 +37,9 @@ with import <stockholm/lib>; networkmanagerapplet libreoffice audacity + zathura + skype + wine ]; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; @@ -52,8 +55,10 @@ with import <stockholm/lib>; name = "bitcoin"; description = "user for bitcoin stuff"; home = "/home/bitcoin"; + isNormalUser = true; useDefaultShell = true; createHome = true; + extraGroups = [ "audio" ]; }; }; security.sudo.extraConfig = '' diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index c64789d8d..b14ef2a3e 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -10,8 +10,12 @@ with import <stockholm/lib>; <stockholm/lass/2configs/pass.nix> <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/otp-ssh.nix> - <stockholm/lass/2configs/git.nix> + # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined + #<stockholm/lass/2configs/git.nix> <stockholm/lass/2configs/dcso-vpn.nix> + <stockholm/lass/2configs/virtualbox.nix> + <stockholm/lass/2configs/dcso-dev.nix> + <stockholm/lass/2configs/steam.nix> { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; @@ -59,6 +63,13 @@ with import <stockholm/lib>; maxTime = 9001; }; } + { + #urban terror port + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 27960"; target = "ACCEPT"; } + { predicate = "-p udp --dport 27960"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.helios; @@ -68,6 +79,16 @@ with import <stockholm/lib>; repo = [ config.krebs.git.repos.stockholm ]; perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ]; } + { + lass.umts = { + enable = true; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09"; + initstrings = '' + Init1 = AT+CFUN=1 + Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + ''; + }; + } ]; # Use the systemd-boot EFI boot loader. @@ -80,7 +101,6 @@ with import <stockholm/lib>; environment.systemPackages = with pkgs; [ ag vim - rxvt_unicode git rsync hashPassword @@ -100,11 +120,16 @@ with import <stockholm/lib>; services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.xrandrHeads = [ - { output = "DP-0.8"; } - { output = "DP-4"; monitorConfig = ''Option "Rotate" "right"''; } { output = "DP-2"; primary = true; } + { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; } + { output = "DP-0"; } ]; + services.xserver.displayManager.sessionCommands = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal + ${pkgs.systemd}/bin/systemctl start xresources.service + ''; + networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ @@ -123,8 +148,6 @@ with import <stockholm/lib>; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" ]; - services.printing = { - enable = true; - drivers = [ pkgs.postscript-lexmark ]; - }; + services.printing.drivers = [ pkgs.postscript-lexmark ]; + } diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix new file mode 100644 index 000000000..7211c78eb --- /dev/null +++ b/lass/1systems/littleT/config.nix @@ -0,0 +1,84 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/hw/x220.nix> + <stockholm/lass/2configs/boot/stock-x220.nix> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/backups.nix> + <stockholm/lass/2configs/steam.nix> + { + users.users.blacky = { + uid = genid "blacky"; + home = "/home/blacky"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + "video" + ]; + useDefaultShell = true; + }; + networking.networkmanager.enable = true; + networking.wireless.enable = mkForce false; + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + environment.systemPackages = with pkgs; [ + pavucontrol + chromium + hexchat + networkmanagerapplet + vlc + ]; + services.xserver.enable = true; + services.xserver.displayManager.lightdm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.layout = "de"; + users.mutableUsers = mkForce true; + services.xserver.synaptics.enable = true; + } + { + #remote control + environment.systemPackages = with pkgs; [ + x11vnc + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } + ]; + } + ]; + + time.timeZone = "Europe/Berlin"; + + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + + krebs.build.host = config.krebs.hosts.littleT; + + #fileSystems = { + # "/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + # }; + #}; + + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + #''; +} diff --git a/lass/1systems/archprism/source.nix b/lass/1systems/littleT/source.nix index 3e96c1d38..a86b8fd10 100644 --- a/lass/1systems/archprism/source.nix +++ b/lass/1systems/littleT/source.nix @@ -1,3 +1,4 @@ import <stockholm/lass/source.nix> { - name = "archprism"; + name = "littleT"; + secure = true; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6a61ce1fa..ad133802f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -29,7 +29,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/otp-ssh.nix> <stockholm/lass/2configs/c-base.nix> - <stockholm/tv/2configs/br.nix> + <stockholm/lass/2configs/br.nix> { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ @@ -135,6 +135,8 @@ with import <stockholm/lib>; macchanger dpass + + dnsutils ]; #TODO: fix this shit @@ -177,7 +179,7 @@ with import <stockholm/lib>; echo 'secrets are crypted' >&2 exit 23 else - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' + exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"' fi ''; predeploy = pkgs.writeDash "predeploy" '' @@ -192,4 +194,8 @@ with import <stockholm/lib>; exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate' ''; }; + + #nix.package = pkgs.nixUnstable; + programs.adb.enable = true; + users.users.mainUser.extraGroups = [ "adbusers" ]; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a0bc1b900..87270b8b8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -67,6 +67,11 @@ in { fsType = "ext4"; }; + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; + swapDevices = [ { label = "swap1"; } { label = "swap2"; } @@ -220,8 +225,8 @@ in { }; enableTun = true; privateNetwork = true; - hostAddress = "10.233.2.4"; - localAddress = "10.233.2.5"; + hostAddress = "10.233.2.5"; + localAddress = "10.233.2.6"; }; } <stockholm/lass/2configs/exim-smarthost.nix> @@ -280,6 +285,17 @@ in { { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } ]; } + <stockholm/krebs/2configs/reaktor-krebs.nix> + <stockholm/lass/2configs/dcso-dev.nix> + { + krebs.git.rules = [ + { + user = [ config.krebs.users.jeschli ]; + repo = [ config.krebs.git.repos.stockholm ]; + perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ]; + } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix new file mode 100644 index 000000000..0669748f5 --- /dev/null +++ b/lass/1systems/xerxes/config.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/hw/gpd-pocket.nix> + <stockholm/lass/2configs/boot/stock-x220.nix> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + ]; + + krebs.build.host = config.krebs.hosts.xerxes; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0" + ''; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/16C8-D053"; + fsType = "vfat"; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ]; + networking.wireless.enable = true; +} diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix new file mode 100644 index 000000000..11f5bf796 --- /dev/null +++ b/lass/1systems/xerxes/source.nix @@ -0,0 +1,11 @@ +with import <stockholm/lib>; +import <stockholm/lass/source.nix> { + name = "xerxes"; + secure = true; + override = { + nixpkgs.git = mkForce { + url = https://github.com/lassulus/nixpkgs; + ref = "3eccd0b"; + }; + }; +} diff --git a/lass/2configs/audit.nix b/lass/2configs/audit.nix deleted file mode 100644 index 644741a5b..000000000 --- a/lass/2configs/audit.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - security.audit = { - rules = [ - "-a task,never" - ]; - }; -} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index a8bb8693f..9712bafff 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -7,9 +7,9 @@ in { ./mpv.nix ./power-action.nix ./copyq.nix - ./xresources.nix ./livestream.nix ./dns-stuff.nix + ./urxvt.nix { hardware.pulseaudio = { enable = true; @@ -41,6 +41,11 @@ in { default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; }; }; + config.services.xresources.resources.X = '' + *.font: ${config.lass.fonts.regular} + *.boldFont: ${config.lass.fonts.bold} + *.italicFont: ${config.lass.fonts.italic} + ''; } ]; @@ -64,9 +69,11 @@ in { dic dmenu gi + git-preview gitAndTools.qgit - lm_sensors haskellPackages.hledger + lm_sensors + mpv-poll much ncdu nix-repl @@ -74,21 +81,20 @@ in { pavucontrol powertop push + rxvt_unicode_with-plugins + screengrab slock sxiv + termite xclip xorg.xbacklight xorg.xhost xsel - zathura - - mpv-poll - yt-next - youtube-tools + yt-next + zathura - rxvt_unicode - termite + cabal2nix ]; fonts.fonts = with pkgs; [ @@ -98,42 +104,15 @@ in { xlibs.fontschumachermisc ]; + lass.xserver.enable = true; services.xserver = { - enable = true; - - desktopManager.xterm.enable = false; - desktopManager.default = "none"; - displayManager.lightdm.enable = true; - displayManager.lightdm.autoLogin = { - enable = true; - user = "lass"; - }; - windowManager.default = "xmonad"; - windowManager.session = [{ - name = "xmonad"; - start = '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - ${pkgs.xmonad-lass}/bin/xmonad & - waitPID=$! - ''; - }]; - layout = "us"; xkbModel = "evdev"; xkbVariant = "altgr-intl"; xkbOptions = "caps:backspace"; }; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - }; - services.urxvtd.enable = true; + services.xresources.enable = true; lass.screenlock.enable = true; } diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix index 35bac8fee..ad307c797 100644 --- a/lass/2configs/br.nix +++ b/lass/2configs/br.nix @@ -18,7 +18,7 @@ with import <stockholm/lib>; netDevices = { bra = { model = "MFCL2700DN"; - ip = "10.23.42.221"; + ip = "10.42.23.221"; }; }; }; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 6c381863c..9459cfd6f 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -5,19 +5,23 @@ let mainUser = config.users.extraUsers.mainUser; - browser-select = pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu) + browser-select = let + sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) + (mapAttrsToList (name: value: { inherit name value; }) + config.lass.browser.paths); + in pkgs.writeScriptBin "browser-select" '' + BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) case $BROWSER in ${concatMapStringsSep "\n" (n: '' - ${n}) - export BIN=${config.lass.browser.paths.${n}}/bin/${n} + ${n.name}) + export BIN=${n.value.path}/bin/${n.name} ;; - '') (attrNames config.lass.browser.paths)} + '') (sortedPaths)} esac $BIN "$@" ''; - createChromiumUser = name: extraGroups: + createChromiumUser = name: extraGroups: precedence: let bin = pkgs.writeScriptBin name '' /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ @@ -31,7 +35,7 @@ let useDefaultShell = true; createHome = true; }; - lass.browser.paths.${name} = bin; + lass.browser.paths.${name}.path = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; @@ -40,10 +44,10 @@ let ]; }; - createFirefoxUser = name: extraGroups: + createFirefoxUser = name: extraGroups: precedence: let bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@ ''; in { users.extraUsers.${name} = { @@ -54,7 +58,10 @@ let useDefaultShell = true; createHome = true; }; - lass.browser.paths.${name} = bin; + lass.browser.paths.${name} = { + path = bin; + inherit precedence; + }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; @@ -79,14 +86,24 @@ in { type = types.path; }; options.lass.browser.paths = mkOption { - type = with types; attrsOf path; + type = types.attrsOf (types.submodule ({ + options = { + path = mkOption { + type = types.path; + }; + precedence = mkOption { + type = types.int; + default = 0; + }; + }; + })); }; } - ( createFirefoxUser "ff" [ "audio" ] ) - ( createChromiumUser "cr" [ "video" "audio" ] ) + ( createFirefoxUser "ff" [ "audio" ] 10 ) + ( createChromiumUser "cr" [ "video" "audio" ] 9 ) + ( createChromiumUser "gm" [ "video" "audio" ] 8 ) ( createChromiumUser "wk" [ "video" "audio" ] ) ( createChromiumUser "fb" [ "video" "audio" ] ) - ( createChromiumUser "gm" [ "video" "audio" ] ) ( createChromiumUser "com" [ "video" "audio" ] ) ]; } diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index fa01a99c9..cd10313fc 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -21,9 +21,9 @@ let in { systemd.services.copyq = { wantedBy = [ "multi-user.target" ]; - requires = [ "display-manager.service" ]; + requires = [ "xserver.service" ]; environment = { - DISPLAY = ":0"; + DISPLAY = ":${toString config.services.xserver.display}"; }; path = with pkgs; [ qt5.full diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix new file mode 100644 index 000000000..2b91f91d6 --- /dev/null +++ b/lass/2configs/dcso-dev.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + inherit (import <stockholm/lib>) genid; + +in { + users.extraUsers = { + dev = { + name = "dev"; + uid = genid "dev"; + description = "user for collaborative development"; + home = "/home/dev"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + config.krebs.users.lass-android.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost" + ]; + packages = with pkgs; [ + emacs25-nox + + (pkgs.symlinkJoin { + name = "tmux"; + paths = [ + (pkgs.writeDashBin "tmux" '' + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g default-terminal screen-256color + + #use session instead of windows + bind-key c new-session + bind-key p switch-client -p + bind-key n switch-client -n + bind-key C-s switch-client -l + ''} "$@" + '') + pkgs.tmux + ]; + }) + ]; + }; + }; + + krebs.per-user.dev.packages = [ + pkgs.go + ]; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(dev) NOPASSWD: ALL + ''; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 180647a6d..0e00dc2fd 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,7 +2,6 @@ with import <stockholm/lib>; { imports = [ - ../2configs/audit.nix ../2configs/binary-cache/client.nix ../2configs/gc.nix ../2configs/mc.nix @@ -23,6 +22,7 @@ with import <stockholm/lib>; config.krebs.users.lass.pubkey config.krebs.users.lass-shodan.pubkey config.krebs.users.lass-icarus.pubkey + config.krebs.users.lass-xerxes.pubkey ]; }; mainUser = { diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index f9c8f8ebc..2d848773f 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -46,6 +46,9 @@ with import <stockholm/lib>; { from = "apple@lassul.us"; to = lass.mail; } { from = "coinbase@lassul.us"; to = lass.mail; } { from = "tomtop@lassul.us"; to = lass.mail; } + { from = "aliexpress@lassul.us"; to = lass.mail; } + { from = "business@lassul.us"; to = lass.mail; } + { from = "payeer@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index d114a826d..6cea271c1 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -57,7 +57,7 @@ let in { environment.systemPackages = with pkgs; [ - dwarf_fortress + (dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; }) doom1 doom2 vdoom1 diff --git a/lass/2configs/hw/gpd-pocket.nix b/lass/2configs/hw/gpd-pocket.nix new file mode 100644 index 000000000..87b4c518b --- /dev/null +++ b/lass/2configs/hw/gpd-pocket.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: + +let + dummy_firmware = pkgs.writeTextFile { + name = "brcmfmac4356-pcie.txt"; + text = builtins.readFile ./brcmfmac4356-pcie.txt; + destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt"; + }; +in { + #imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ]; + hardware.firmware = [ dummy_firmware ]; + hardware.enableRedistributableFirmware = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" "sdhci_pci" ]; + boot.kernelPackages = pkgs.linuxPackages_4_14; + boot.kernelParams = [ + "fbcon=rotate:1" + ]; + services.xserver.displayManager.sessionCommands = '' + (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) + ''; + services.xserver.dpi = 200; + fonts.fontconfig.dpi = 200; + lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola"; + lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola"; + lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol"; +} diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index bf7decc40..f5651da13 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -29,4 +29,9 @@ options = ["nosuid" "nodev" "noatime"]; }; }; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 91127f737..962efaf3f 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -76,6 +76,7 @@ let "INBOX" "notmuch://?query=tag:inbox \ and NOT to:nix-devel\ and NOT to:shackspace\ + and NOT to:security\ and NOT to:c-base" \ "shack" "notmuch://?query=to:shackspace"\ "c-base" "notmuch://?query=to:c-base"\ diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index f3ef23e67..98dbdc227 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -22,15 +22,22 @@ let }); }; in { - rules = with git; singleton { - user = with config.krebs.users; [ - config.krebs.users."${config.networking.hostName}-repo-sync" - lass - lass-shodan - ]; - repo = [ repo ]; - perm = push ''refs/*'' [ non-fast-forward create delete merge ]; - }; + rules = with git; [ + { + user = with config.krebs.users; [ + config.krebs.users."${config.networking.hostName}-repo-sync" + lass + lass-shodan + ]; + repo = [ repo ]; + perm = push ''refs/*'' [ non-fast-forward create delete merge ]; + } + { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } + ]; repos."${name}" = repo; }; diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix index 1358dde7a..ee50b3381 100644 --- a/lass/2configs/urxvt.nix +++ b/lass/2configs/urxvt.nix @@ -1,40 +1,32 @@ { config, pkgs, ... }: - -let - inherit (config.users.extraUsers) mainUser; - -in +with import <stockholm/lib>; { - imports = [ - ../3modules/urxvtd.nix - ../3modules/xresources.nix - ]; + services.urxvtd.enable = true; - services.urxvtd = { - enable = true; - users = [ mainUser.name ]; - urxvtPackage = pkgs.rxvt_unicode_with-plugins; - }; - services.xresources.enable = true; services.xresources.resources.urxvt = '' - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* - URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + URxvt*SaveLines: 4096 + URxvt*scrollBar: false + URxvt*urgentOnBell: true URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - URxvt.url-select.launcher: browser-select + + ${optionalString (hasAttr "browser" config.lass) + "URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select" + } + URxvt.url-select.underline: true URxvt.keysym.M-u: perl:url-select:select_next URxvt.keysym.M-Escape: perl:keyboard-select:activate URxvt.keysym.M-s: perl:keyboard-select:search - URxvt.intensityStyles: false + URxvt.intensityStyles: false - URxvt*background: #000000 - URxvt*foreground: #ffffff + URxvt*background: #000000 + URxvt*foreground: #ffffff !change unreadable blue - URxvt*color4: #268bd2 + URxvt*color4: #268bd2 + + URxvt*color0: #232342 ''; } diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 698344b09..f6c736fbc 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -98,8 +98,13 @@ let noremap <esc>[c <nop> | noremap! <esc>[c <nop> noremap <esc>[d <nop> | noremap! <esc>[d <nop> + " search with ack let g:ackprg = 'ag --vimgrep' cnoreabbrev Ack Ack! + + " copy/paste from/to xclipboard + noremap x "_x + set clipboard=unnamedplus ''; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 6e185a4d6..25ca1f455 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -147,12 +147,32 @@ in { in '' alias ${initscript}; ''; + locations."/pub".extraConfig = '' + alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; + ''; + }; + + security.acme.certs."cgit.lassul.us" = { + email = "lassulus@lassul.us"; + webroot = "/var/lib/acme/acme-challenge"; + plugins = [ + "account_key.json" + "fullchain.pem" + "key.pem" + ]; + group = "nginx"; + user = "nginx"; }; + services.nginx.virtualHosts.cgit = { serverName = "cgit.lassul.us"; addSSL = true; - enableACME = true; + sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; + locations."/.well-known/acme-challenge".extraConfig = '' + root /var/lib/acme/acme-challenge; + ''; }; users.users.blog = { diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 0d2b731ca..d60b1feea 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -4,10 +4,6 @@ let mainUser = config.users.extraUsers.mainUser; in { - krebs.per-user.wine.packages = with pkgs; [ - wine - #(wineFull.override { wineBuild = "wine64"; }) - ]; users.users= { wine = { name = "wine"; @@ -19,9 +15,27 @@ in { "video" ]; createHome = true; + packages = [ + pkgs.wine + ]; + }; + wine64 = { + name = "wine64"; + description = "user for running wine in 64bit"; + home = "/home/wine64"; + useDefaultShell = true; + extraGroups = [ + "audio" + "video" + ]; + createHome = true; + packages = [ + (pkgs.wine.override { wineBuild = "wineWow"; }) + ]; }; }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(wine) NOPASSWD: ALL + ${mainUser.name} ALL=(wine64) NOPASSWD: ALL ''; } diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix deleted file mode 100644 index a3c54f3a1..000000000 --- a/lass/2configs/xresources.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, pkgs, ... }: - -with import <stockholm/lib>; - -let - - xresources = pkgs.writeText "Xresources" '' - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*SaveLines: 4096 - - URxvt.font: ${config.lass.fonts.regular} - URxvt.boldFont: ${config.lass.fonts.bold} - URxvt.italicFont: ${config.lass.fonts.italic} - - ! ref https://github.com/muennich/urxvt-perls - URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl - URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - ${optionalString (hasAttr "browser" config.lass) - "URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select" - } - URxvt.url-select.underline: true - URxvt.keysym.M-u: perl:url-select:select_next - URxvt.keysym.M-Escape: perl:keyboard-select:activate - URxvt.keysym.M-s: perl:keyboard-select:search - - URxvt.intensityStyles: false - - URxvt*background: #000000 - URxvt*foreground: #d0d7d0 - - URxvt*cursorColor: #f042b0 - URxvt*cursorColor2: #f0b000 - URxvt*cursorBlink: off - - URxvt*.pointerBlank: true - URxvt*.pointerBlankDelay: 987654321 - URxvt*.pointerColor: #f042b0 - URxvt*.pointerColor2: #050505 - - URxvt*color0: #232342 - ''; - -in { - systemd.services.xresources = { - description = "xresources"; - wantedBy = [ "multi-user.target" ]; - after = [ "display-manager.service" ]; - - environment = { - DISPLAY = ":0"; - }; - - restartIfChanged = true; - - serviceConfig = { - Type = "simple"; - ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}"; - Restart = "on-failure"; - User = "lass"; - }; - }; -} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index e14e39bc2..81b52c306 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -11,6 +11,7 @@ _: ./screenlock.nix ./umts.nix ./usershadow.nix + ./xserver ./xresources.nix ]; } diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix index 06ca1f27d..e16ce9868 100644 --- a/lass/3modules/screenlock.nix +++ b/lass/3modules/screenlock.nix @@ -23,7 +23,7 @@ let before = [ "sleep.target" ]; wantedBy = [ "sleep.target" ]; environment = { - DISPLAY = ":0"; + DISPLAY = ":${toString config.services.xserver.display}"; }; serviceConfig = { SyslogIdentifier = "screenlock"; diff --git a/lass/3modules/xresources.nix b/lass/3modules/xresources.nix index 074963022..017dbff2b 100644 --- a/lass/3modules/xresources.nix +++ b/lass/3modules/xresources.nix @@ -4,16 +4,13 @@ #prefix with Attribute Name #ex: urxvt -# -# with builtins; with lib; let - inherit (import ../../tv/4lib { inherit pkgs lib; }) shell-escape; - inherit (pkgs) writeScript; + inherit (pkgs) writeScript writeText; in @@ -46,12 +43,16 @@ in config = let cfg = config.services.xresources; - xres = concatStringsSep "\n" (attrValues cfg.resources); + xres = writeText "xresources" (concatStringsSep "\n" (attrValues cfg.resources)); in mkIf cfg.enable { services.xserver.displayManager.sessionCommands = '' - echo ${shell-escape xres} | xrdb -merge + ${pkgs.xorg.xrdb}/bin/xrdb -merge ${xres} ''; + environment.systemPackages = [ + (pkgs.writeDashBin "updateXresources" '' + ${pkgs.xorg.xrdb}/bin/xrdb -merge ${xres} + '') + ]; }; - } diff --git a/lass/3modules/xserver/default.nix b/lass/3modules/xserver/default.nix new file mode 100644 index 000000000..462c6deef --- /dev/null +++ b/lass/3modules/xserver/default.nix @@ -0,0 +1,101 @@ +{ config, pkgs, ... }@args: +with import <stockholm/lib>; +let + + out = { + options.lass.xserver = api; + config = mkIf cfg.enable imp; + }; + + user = config.krebs.build.user; + + cfg = config.lass.xserver; + xcfg = config.services.xserver; + api = { + enable = mkEnableOption "lass xserver"; + }; + imp = { + + services.xserver = { + # Don't install feh into systemPackages + # refs <nixpkgs/nixos/modules/services/x11/desktop-managers> + desktopManager.session = mkForce []; + + enable = true; + display = 11; + tty = 11; + }; + + systemd.services.display-manager.enable = false; + + systemd.services.xmonad = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = { + DISPLAY = ":${toString xcfg.display}"; + + XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & + ${xcfg.displayManager.sessionCommands} + wait + ''; + + XMONAD_DATA_DIR = "/tmp"; + }; + serviceConfig = { + SyslogIdentifier = "xmonad"; + ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; + ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown"; + User = user.name; + WorkingDirectory = user.home; + }; + }; + + systemd.services.xserver = { + after = [ + "systemd-udev-settle.service" + "local-fs.target" + "acpid.service" + ]; + reloadIfChanged = true; + environment = { + XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. + XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. + LD_LIBRARY_PATH = concatStringsSep ":" ( + [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + ++ concatLists (catAttrs "libPath" xcfg.drivers)); + }; + serviceConfig = { + SyslogIdentifier = "xserver"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = toString [ + "${pkgs.xorg.xorgserver}/bin/X" + ":${toString xcfg.display}" + "vt${toString xcfg.tty}" + "-config ${import ./xserver.conf.nix args}" + "-logfile /dev/null -logverbose 0 -verbose 3" + "-nolisten tcp" + "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" + (optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}") + ]; + }; + }; + services.xresources.resources.dpi = '' + ${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"} + ''; + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + serviceConfig = { + SyslogIdentifier = "urxvtd"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = user.name; + }; + }; + }; + +in out diff --git a/lass/3modules/xserver/xserver.conf.nix b/lass/3modules/xserver/xserver.conf.nix new file mode 100644 index 000000000..6f34e0150 --- /dev/null +++ b/lass/3modules/xserver/xserver.conf.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +let + cfg = config.services.xserver; +in + +pkgs.stdenv.mkDerivation { + name = "xserver.conf"; + + xfs = optionalString (cfg.useXFS != false) + ''FontPath "${toString cfg.useXFS}"''; + + inherit (cfg) config; + + buildCommand = + '' + echo 'Section "Files"' >> $out + echo $xfs >> $out + + for i in ${toString config.fonts.fonts}; do + if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then + for j in $(find $i -name fonts.dir); do + echo " FontPath \"$(dirname $j)\"" >> $out + done + fi + done + + for i in $(find ${toString cfg.modules} -type d); do + if test $(echo $i/*.so* | wc -w) -ne 0; then + echo " ModulePath \"$i\"" >> $out + fi + done + + echo 'EndSection' >> $out + + echo "$config" >> $out + ''; +} diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index d04833255..10df08e7f 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -20,5 +20,10 @@ xml2json = pkgs.callPackage ./xml2json/default.nix {}; xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; }; yt-next = pkgs.callPackage ./yt-next/default.nix {}; + + screengrab = pkgs.writeDashBin "screengrab" '' + resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')" + ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1 + ''; }; } diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 12c078940..d3f76903d 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -3,6 +3,7 @@ pkgs.writeHaskell "xmonad-lass" { executables.xmonad = { extra-depends = [ "containers" + "extra" "unix" "X11" "xmonad" @@ -20,18 +21,16 @@ module Main where import XMonad import qualified XMonad.StackSet as W -import Control.Exception +import Control.Monad.Extra (whenJustM) import Data.List (isInfixOf) -import System.Environment (getArgs, withArgs) -import System.IO (hPutStrLn, stderr) +import System.Environment (getArgs, lookupEnv) import System.Posix.Process (executeFile) -import Text.Read (readEither) import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace) import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch) -import XMonad.Actions.UpdatePointer (updatePointer) +import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) @@ -41,59 +40,45 @@ import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) import XMonad.Layout.NoBorders (smartBorders) +import XMonad.Layout.SimplestFloat (simplestFloat) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Util.EZConfig (additionalKeysP) -import XMonad.Layout.SimpleFloat (simpleFloat) import XMonad.Stockholm.Shutdown myTerm :: FilePath -myTerm = "${pkgs.rxvt_unicode}/bin/urxvtc" +myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc" myFont :: String myFont = "${config.lass.fonts.regular}" main :: IO () main = getArgs >>= \case - ["--shutdown"] -> sendShutdownEvent - _ -> mainNoArgs + ["--shutdown"] -> sendShutdownEvent + _ -> main' -mainNoArgs :: IO () -mainNoArgs = do - xmonad' +main' :: IO () +main' = do + xmonad $ ewmh $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , logHook = updatePointer (0.25, 0.25) (0.25, 0.25) , manageHook = placeHook (smart (1,0)) <+> floatNextHook + , startupHook = + whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) + (\path -> forkFile path [] Nothing) , normalBorderColor = "#1c1c1c" - , focusedBorderColor = "#f000b0" + , focusedBorderColor = "#ff0000" , handleEventHook = handleShutdownEvent , workspaces = [ "dashboard", "sys", "wp" ] } `additionalKeysP` myKeyMap myLayoutHook = defLayout where - defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) ||| simpleFloat - - -xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO () -xmonad' conf = do - let path = "/tmp/xmonad.state" - try (readFile path) >>= \case - Right content -> do - hPutStrLn stderr ("resuming from " ++ path) - withArgs ("--resume" : lines content) (xmonad conf) - Left e -> do - hPutStrLn stderr (displaySomeException e) - xmonad conf - -displaySomeException :: SomeException -> String -displaySomeException = displayException - + defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) myKeyMap :: [([Char], X ())] myKeyMap = @@ -102,6 +87,8 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") + + , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") , ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") diff --git a/lass/source.nix b/lass/source.nix index 738504228..710bfdf2d 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "e53e9a2"; + ref = "cb751f9"; }; secrets.file = getAttr builder { buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; |