From 8b3916ad4ada99d4e48d8ad1a85f5dd8d4d40457 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 00:20:23 +0100 Subject: l helios.r: add minio.cert --- lass/1systems/helios/config.nix | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) (limited to 'lass') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 5a553572e..c4d99cb2c 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -137,14 +137,35 @@ with import ; networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) - - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) + + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + (pkgs.writeText "minio.cert" '' + -----BEGIN CERTIFICATE----- + MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS + MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1 + OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC + AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL + 8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV + YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C + ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM + CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw + hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk + MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw + I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB + CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30 + hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox + jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY + EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM + zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a + qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa + -----END CERTIFICATE----- + '') ]; lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; -- cgit v1.2.3 From d8c6ef4d103da4701092dc8120abe63bb855014a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:45:39 +0100 Subject: l prism.r: add jeschli user --- lass/1systems/prism/config.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b498d94ff..c0e4620cc 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -292,6 +292,16 @@ in { { + users.users.jeschli = { + uid = genid "jeschli"; + isNormalUser = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + jeschli.pubkey + jeschli-bln.pubkey + jeschli-bolide.pubkey + jeschli-brauerei.pubkey + ]; + }; krebs.git.rules = [ { user = with config.krebs.users; [ -- cgit v1.2.3 From 8c600fd0f5c8d63115c5527733885a14ad210913 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:46:00 +0100 Subject: l shodan.r: ignore lidswitch --- lass/1systems/shodan/config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass') diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index ef015aebc..7fb57544f 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -61,4 +61,8 @@ with import ; SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" ''; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; } -- cgit v1.2.3 From ae9dc0e1a645633be77559492840252517eb7c74 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:46:50 +0100 Subject: l minecraft: open port for dynmap --- lass/2configs/minecraft.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/minecraft.nix b/lass/2configs/minecraft.nix index aa33dcccc..6f8ceb358 100644 --- a/lass/2configs/minecraft.nix +++ b/lass/2configs/minecraft.nix @@ -17,5 +17,6 @@ krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; } { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; } ]; } -- cgit v1.2.3 From 1adeeffb7e0a6f7321743f431737cfc3d711f2eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:47:35 +0100 Subject: l vim: add govet workaround --- lass/2configs/vim.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 5fe9e1450..5d19ae75d 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -6,6 +6,9 @@ let environment.systemPackages = [ (hiPrio vim) pkgs.python35Packages.flake8 + (pkgs.writeDashBin "govet" '' + go vet "$@" + '') ]; environment.etc.vimrc.source = vimrc; -- cgit v1.2.3 From efb192f5153f48aa9f3ddde5ee25bc794ccf49bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:50:45 +0100 Subject: l vim: run gometalinter --- lass/2configs/vim.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 5d19ae75d..6014fd082 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -71,6 +71,9 @@ let let g:syntastic_python_checkers=['flake8'] let g:syntastic_python_flake8_post_args='--ignore=E501' + let g:go_metalinter_autosave = 1 + let g:go_metalinter_deadline = "10s" + nmap q :buffer nmap :buffer -- cgit v1.2.3 From 28f96d4cb1753d0632f42ce0894297f427323133 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:53:56 +0100 Subject: l: php5 -> php7 --- lass/2configs/websites/util.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 36ae1a904..62055d0fd 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -32,7 +32,6 @@ rec { let domain = head domains; in { - services.phpfpm.phpPackage = pkgs.php56; services.nginx.virtualHosts."${domain}" = { enableACME = true; enableSSL = true; -- cgit v1.2.3 From aef9e595f021ca9c6676d743b24b7de2a2592f5d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 22 Feb 2018 18:23:12 +0100 Subject: l baseX: use network-manager --- lass/2configs/baseX.nix | 1 + lass/2configs/network-manager.nix | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 lass/2configs/network-manager.nix (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 61a006a52..93189b0d3 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -10,6 +10,7 @@ in { ./livestream.nix ./dns-stuff.nix ./urxvt.nix + ./network-manager.nix { hardware.pulseaudio = { enable = true; diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix new file mode 100644 index 000000000..c4f757de1 --- /dev/null +++ b/lass/2configs/network-manager.nix @@ -0,0 +1,24 @@ +{ pkgs, lib, ... }: +{ + networking.wireless.enable = lib.mkForce false; + + systemd.services.modemmanager = { + description = "ModemManager"; + after = [ "network-manager.service" ]; + bindsTo = [ "network-manager.service" ]; + wantedBy = [ "network-manager.service" ]; + serviceConfig = { + ExecStart = "${pkgs.modemmanager}/bin/ModemManager"; + PrivateTmp = true; + Restart = "always"; + RestartSec = "5"; + }; + }; + networking.networkmanager.enable = true; + users.users.mainUser = { + extraGroups = [ "networkmanager" ]; + packages = with pkgs; [ + gnome3.gnome_keyring gnome3.dconf + ]; + }; +} -- cgit v1.2.3 From 87bc9a72eec639f8a73414e498ee2674355af640 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 22 Feb 2018 18:34:24 +0100 Subject: l baseX: run xmonad only in xmonad session --- lass/2configs/baseX.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 93189b0d3..2b7a5c924 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -122,13 +122,14 @@ in { name = "xmonad"; start = '' ${pkgs.xorg.xhost}/bin/xhost +LOCAL: + ${pkgs.systemd}/bin/systemctl --user start xmonad exec ${pkgs.coreutils}/bin/sleep infinity ''; }]; }; systemd.user.services.xmonad = { - wantedBy = [ "graphical-session.target" ]; + #wantedBy = [ "graphical-session.target" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; RXVT_SOCKET = "%t/urxvtd-socket"; -- cgit v1.2.3