From 84adc28a3b70bd6a93c79d36f0247393d801b32b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:36:46 +0100 Subject: l privoxy: RIP polipo --- lass/2configs/privoxy.nix | 5 ----- 1 file changed, 5 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix index 33e8d1e46..e0a086421 100644 --- a/lass/2configs/privoxy.nix +++ b/lass/2configs/privoxy.nix @@ -3,10 +3,5 @@ { services.privoxy = { enable = true; - extraConfig = '' - #use polipo - forward / localhost:8123 - ''; }; - services.polipo.enable = true; } -- cgit v1.2.3 From 30068c17c9c8dc807feab2856b40012c3fffcce4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:13:57 +0200 Subject: l browsers: use xjails --- lass/2configs/browsers.nix | 77 ++++++++++++++++++++++------------------------ 1 file changed, 37 insertions(+), 40 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index cbbd54b6b..153c386cf 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -21,58 +21,55 @@ let $BIN "$@" ''; - createChromiumUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; + createChromiumUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.chromium}/bin/chromium "$@" + ''; + inherit groups; + }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; + lass.browser.paths.${name} = { + path = config.lass.xjail-bins.${name}; + inherit precedence; + }; + }; + + createFirefoxUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + ''; + inherit groups; }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { - path = bin; + path = config.lass.xjail-bins.${name}; inherit precedence; }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; }; - createFirefoxUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; + createQuteUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.qutebrowser}/bin/qutebrowser "$@" + ''; + inherit groups; }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { - path = bin; + path = config.lass.xjail-bins.${name}; inherit precedence; }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; }; + #TODO: abstract this in { -- cgit v1.2.3 From e7b4686c7ac46e08a526e5d74eb6cd45af23b1da Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:15:20 +0200 Subject: l browsers: remove video group from most users --- lass/2configs/browsers.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 153c386cf..351f15154 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -108,11 +108,11 @@ in { }; } ( createFirefoxUser "ff" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "video" "audio" ] 9 ) + ( createChromiumUser "cr" [ "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "video" "audio" ] 0 ) - ( createChromiumUser "fb" [ "video" "audio" ] 0 ) - ( createChromiumUser "com" [ "video" "audio" ] 0 ) + ( createChromiumUser "wk" [ "audio" ] 0 ) + ( createChromiumUser "fb" [ "audio" ] 0 ) + ( createChromiumUser "com" [ "audio" ] 0 ) ( createChromiumUser "fin" [] (-1) ) ]; } -- cgit v1.2.3 From 1b050f22d44711c4f296c6bba371528d0cf44cf9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:15:42 +0200 Subject: l browsers: add qb --- lass/2configs/browsers.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 351f15154..75a86db6a 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -107,6 +107,7 @@ in { })); }; } + ( createQuteUser "qb" [ "audio" ] 20 ) ( createFirefoxUser "ff" [ "audio" ] 10 ) ( createChromiumUser "cr" [ "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) -- cgit v1.2.3 From 23e797744017d984d67ba66d879e35913bbac4d7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 29 Mar 2018 16:39:08 +0200 Subject: l mail: track neomutt name change --- lass/2configs/mail.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index b9682c5ee..81db59617 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -75,7 +75,7 @@ let muttrc = pkgs.writeText "muttrc" '' # gpg - source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc + source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc set pgp_use_gpg_agent = yes set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D set crypt_autosign = yes @@ -195,7 +195,7 @@ let name = "mutt"; paths = [ (pkgs.writeDashBin "mutt" '' - exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@ + exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@ '') pkgs.neomutt ]; -- cgit v1.2.3 From 1a5b58c828409ce9bf1639f3f26ebeb142e0148a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 16:19:28 +0200 Subject: l browsers: use new xjail interface --- lass/2configs/browsers.nix | 50 ++++++++++++---------------------------------- 1 file changed, 13 insertions(+), 37 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 75a86db6a..91ee08bfd 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -21,14 +21,10 @@ let $BIN "$@" ''; - createChromiumUser = name: groups: precedence: + createUser = script: name: groups: precedence: dpi: { lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.chromium}/bin/chromium "$@" - ''; - inherit groups; + inherit script groups dpi; }; environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { @@ -37,40 +33,20 @@ let }; }; + createChromiumUser = name: groups: precedence: + createUser (pkgs.writeDash name '' + ${pkgs.chromium}/bin/chromium "$@" + '') name groups precedence 80; + createFirefoxUser = name: groups: precedence: - { - lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" - ''; - inherit groups; - }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; + createUser (pkgs.writeDash name '' + ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + '') name groups precedence 80; createQuteUser = name: groups: precedence: - { - lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.qutebrowser}/bin/qutebrowser "$@" - ''; - inherit groups; - }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; - - - #TODO: abstract this + createUser (pkgs.writeDash name '' + ${pkgs.qutebrowser}/bin/qutebrowser "$@" + '') name groups precedence 60; in { -- cgit v1.2.3 From 1604ecfc706d2921248d0c9ac7cef02274842272 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Apr 2018 12:02:31 +0200 Subject: l virtualbox: enable usb passthrough --- lass/2configs/virtualbox.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index f7d196057..8171def2d 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -6,6 +6,8 @@ let in { #services.virtualboxHost.enable = true; virtualisation.virtualbox.host.enable = true; + nixpkgs.config.virtualbox.enableExtensionPack = true; + virtualisation.virtualbox.host.enableHardening = false; users.extraUsers = { virtual = { -- cgit v1.2.3 From f07930259080716fd8e325aae457d4bfaaecb99b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:35:25 +0200 Subject: l browsers: add cx- command for copy & paste --- lass/2configs/browsers.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 91ee08bfd..3030d8faf 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -26,7 +26,12 @@ let lass.xjail.${name} = { inherit script groups dpi; }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; + environment.systemPackages = [ + config.lass.xjail-bins.${name} + (pkgs.writeDashBin "cx-${name}" '' + DISPLAY=:${toString (genid_signed name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip + '') + ]; lass.browser.paths.${name} = { path = config.lass.xjail-bins.${name}; inherit precedence; -- cgit v1.2.3 From 19895a67ff9b9fd7d2511dede24ccf84061b9904 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:36:19 +0200 Subject: l network-manager: don't manager docker & virtualbox --- lass/2configs/network-manager.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix index c4f757de1..5b890b591 100644 --- a/lass/2configs/network-manager.nix +++ b/lass/2configs/network-manager.nix @@ -14,7 +14,13 @@ RestartSec = "5"; }; }; - networking.networkmanager.enable = true; + networking.networkmanager = { + enable = true; + unmanaged = [ + "docker*" + "vboxnet*" + ]; + }; users.users.mainUser = { extraGroups = [ "networkmanager" ]; packages = with pkgs; [ -- cgit v1.2.3 From f316bb1f31d481dcad90a8b4f4cda0c27208cca4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:36:57 +0200 Subject: l reaktor-coders: use correct ping path --- lass/2configs/reaktor-coders.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 2541df3a6..5fa1611ae 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -84,7 +84,7 @@ with import ; (buildSimpleReaktorPlugin "ping" { pattern = "^!ping (?P.*)$$"; script = pkgs.writeDash "ping" '' - exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 + exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 ''; }) ]; -- cgit v1.2.3 From 2e5d4ac778aa3a9f2eeea31369a9147a4bafd73e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:38:31 +0200 Subject: l repo-sync: sync staging branches --- lass/2configs/repo-sync.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 98dbdc227..ad44c67e1 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -61,6 +61,21 @@ let origin.url = "http://cgit.lassul.us/${name}"; mirror.url = "${mirror}${name}"; }; + makefu-staging = { + origin.url = "http://cgit.gum/${name}"; + origin.ref = "heads/staging"; + mirror.url = "${mirror}${name}"; + }; + tv-staging = { + origin.url = "http://cgit.ni.r/${name}"; + origin.ref = "heads/staging"; + mirror.url = "${mirror}${name}"; + }; + nin-staging = { + origin.url = "http://cgit.onondaga.r/${name}"; + origin.ref = "heads/staging"; + mirror.url = "${mirror}${name}"; + }; }; latest = { url = "${mirror}${name}"; -- cgit v1.2.3 From 5b8c4d24e274bbf26e85420fc11b5bf7e24ac22d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 6 Apr 2018 15:57:20 +0200 Subject: RIP zandronum --- lass/2configs/games.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 50362cda4..3ee3a98a5 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -3,7 +3,7 @@ let mainUser = config.users.extraUsers.mainUser; vdoom = pkgs.writeDash "vdoom" '' - ${pkgs.zandronum-bin}/bin/zandronum \ + ${pkgs.zandronum}/bin/zandronum \ -fov 120 \ "$@" ''; @@ -50,7 +50,7 @@ let vdoomserver = pkgs.writeDashBin "vdoomserver" '' DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${pkgs.zandronum-bin}/bin/zandronum-server \ + ${pkgs.zandronum}/bin/zandronum-server \ +exec ${doomservercfg} \ "$@" ''; -- cgit v1.2.3