From bae469d2a64165a42d93cdb31e231fa75e9813a5 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 6 Nov 2015 22:36:01 +0100
Subject: tv: condense krebs.build

---
 tv/2configs/default.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'tv/2configs')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index d3f4eed0d..d31862b60 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -5,6 +5,25 @@ with lib;
 {
   krebs.enable = true;
 
+  krebs.build = {
+    user = config.krebs.users.tv;
+    target = mkDefault "root@${config.krebs.build.host.name}";
+    source = {
+      git.nixpkgs = {
+        url = mkDefault https://github.com/NixOS/nixpkgs;
+        rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613";
+        target-path = mkDefault "/var/src/nixpkgs";
+      };
+      dir.secrets = {
+        path = mkDefault "/home/tv/secrets/${config.krebs.build.host.name}";
+      };
+      dir.stockholm = {
+        path = mkDefault "/home/tv/stockholm";
+        target-path = mkDefault "/var/src/stockholm";
+      };
+    };
+  };
+
   networking.hostName = config.krebs.build.host.name;
 
   imports = [
-- 
cgit v1.2.3


From a3f6dcb75ce73f57e1053054cf70667c2daef22d Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Sat, 7 Nov 2015 10:04:46 +0100
Subject: tv: move X-based tools to xserver

---
 tv/2configs/xserver/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'tv/2configs')

diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index df00203be..7a48db6b8 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -34,7 +34,13 @@ let
     };
 
     environment.systemPackages = [
+      pkgs.ff
+      pkgs.gitAndTools.qgit
+      pkgs.mpv
+      pkgs.pavucontrol
       pkgs.slock
+      pkgs.sxiv
+      pkgs.zathura
     ];
 
     security.setuidPrograms = [
-- 
cgit v1.2.3


From e35e3b5eb05cea1e3c033423c2f6ee4e0a511817 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 7 Nov 2015 19:24:25 +0100
Subject: tv: mv user xr to sub

---
 tv/2configs/sub/xr.nix          | 22 ++++++++++++++++++++++
 tv/2configs/xserver/default.nix |  1 +
 tv/2configs/z.nix               | 11 +----------
 3 files changed, 24 insertions(+), 10 deletions(-)
 create mode 100644 tv/2configs/sub/xr.nix

(limited to 'tv/2configs')

diff --git a/tv/2configs/sub/xr.nix b/tv/2configs/sub/xr.nix
new file mode 100644
index 000000000..6c9cbb93e
--- /dev/null
+++ b/tv/2configs/sub/xr.nix
@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  krebs.per-user.xr.packages = [
+    pkgs.cr
+  ];
+
+  security.sudo.extraConfig = "tv ALL=(xr) NOPASSWD: ALL";
+
+  users.users.xr = {
+    extraGroups = [
+      "audio"
+      "video"
+    ];
+    group = "subusers";
+    home = "/home/xr";
+    uid = 1660006127; # genid xr
+    useDefaultShell = true;
+  };
+}
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 7a48db6b8..afc2d699c 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -40,6 +40,7 @@ let
       pkgs.pavucontrol
       pkgs.slock
       pkgs.sxiv
+      pkgs.xsel
       pkgs.zathura
     ];
 
diff --git a/tv/2configs/z.nix b/tv/2configs/z.nix
index e5494ecc9..3acd168d4 100644
--- a/tv/2configs/z.nix
+++ b/tv/2configs/z.nix
@@ -4,16 +4,7 @@ with lib;
 
 {
   krebs.per-user.z.packages = [
-    (pkgs.writeScriptBin "cr" ''
-      #! /bin/sh
-      set -efu
-      export LC_TIME=de_DE.utf8
-      exec ${pkgs.chromium}/bin/chromium \
-          --ssl-version-min=tls1 \
-          --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
-          --disk-cache-size=50000000 \
-          "%@"
-    '')
+    pkgs.cr
   ];
 
   programs.bash.interactiveShellInit = ''
-- 
cgit v1.2.3


From 60faa6e3cf3b592a4aad71b246fbe2abdd699b9c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 8 Nov 2015 11:53:29 +0100
Subject: tv: remove legacy users

---
 tv/2configs/default.nix | 43 +++++++++----------------------------------
 tv/2configs/sub/xr.nix  | 22 ----------------------
 tv/2configs/z.nix       | 31 -------------------------------
 3 files changed, 9 insertions(+), 87 deletions(-)
 delete mode 100644 tv/2configs/sub/xr.nix
 delete mode 100644 tv/2configs/z.nix

(limited to 'tv/2configs')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index d31862b60..688f8f9cf 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -27,6 +27,7 @@ with lib;
   networking.hostName = config.krebs.build.host.name;
 
   imports = [
+    <secrets>
     ./vim.nix
     {
       # stockholm dependencies
@@ -35,40 +36,14 @@ with lib;
       ];
     }
     {
-      # TODO never put hashedPassword into the store
-      users.extraUsers =
-        mapAttrs (_: h: { hashedPassword = h; })
-                 (import <secrets/hashedPasswords.nix>);
-    }
-    {
-      users.groups.subusers.gid = 1093178926; # genid subusers
-    }
-    {
-      users.defaultUserShell = "/run/current-system/sw/bin/bash";
-      users.mutableUsers = false;
-    }
-    {
-      users.extraUsers = {
-        root = {
-          openssh.authorizedKeys.keys = [
-            config.krebs.users.tv.pubkey
-            config.krebs.users.tv_xu.pubkey
-          ];
-        };
-        tv = {
-          uid = 1337;
-          group = "users";
-          home = "/home/tv";
-          createHome = true;
-          useDefaultShell = true;
-          extraGroups = [
-            "audio"
-            "video"
-            "wheel"
-          ];
-          openssh.authorizedKeys.keys = [
-            config.krebs.users.tv.pubkey
-          ];
+      users = {
+        defaultUserShell = "/run/current-system/sw/bin/bash";
+        mutableUsers = false;
+        users = {
+          tv = {
+            isNormalUser = true;
+            uid = 1337;
+          };
         };
       };
     }
diff --git a/tv/2configs/sub/xr.nix b/tv/2configs/sub/xr.nix
deleted file mode 100644
index 6c9cbb93e..000000000
--- a/tv/2configs/sub/xr.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
-  krebs.per-user.xr.packages = [
-    pkgs.cr
-  ];
-
-  security.sudo.extraConfig = "tv ALL=(xr) NOPASSWD: ALL";
-
-  users.users.xr = {
-    extraGroups = [
-      "audio"
-      "video"
-    ];
-    group = "subusers";
-    home = "/home/xr";
-    uid = 1660006127; # genid xr
-    useDefaultShell = true;
-  };
-}
diff --git a/tv/2configs/z.nix b/tv/2configs/z.nix
deleted file mode 100644
index 3acd168d4..000000000
--- a/tv/2configs/z.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
-  krebs.per-user.z.packages = [
-    pkgs.cr
-  ];
-
-  programs.bash.interactiveShellInit = ''
-    case ''${XMONAD_SPAWN_WORKSPACE-} in
-      za|zh|zj|zs)
-        exec sudo -u z -i
-      ;;
-    esac
-  '';
-
-  security.sudo.extraConfig = "tv ALL=(z) NOPASSWD: ALL";
-
-  users.users.z = {
-    extraGroups = [
-      "audio"
-      "vboxusers"
-      "video"
-    ];
-    group = "subusers";
-    home = "/home/z";
-    uid = 3043726074; # genid z
-    useDefaultShell = true;
-  };
-}
-- 
cgit v1.2.3


From 0faad027e7e241edbe842cf6a54aad606d00adf7 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 8 Nov 2015 12:28:53 +0100
Subject: tv configs: set NIX_PATH

---
 tv/2configs/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'tv/2configs')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 688f8f9cf..6ed1c65f9 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -90,6 +90,15 @@ with lib;
         view = "vim -R";
       };
 
+      environment.variables = {
+        NIX_PATH =
+          with config.krebs.build.source; with dir; with git;
+          mkForce (concatStringsSep ":" [
+            "nixpkgs=${nixpkgs.target-path}"
+            "secrets=${stockholm.target-path}/null"
+          ]);
+      };
+
       programs.bash = {
         interactiveShellInit = ''
           HISTCONTROL='erasedups:ignorespace'
-- 
cgit v1.2.3


From e5e56abd6d3aeb547b773015f79cfcf0251eae9a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 9 Nov 2015 18:01:30 +0100
Subject: tv git: add repo xmonad-stockholm

---
 tv/2configs/git.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'tv/2configs')

diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 2520da173..38af92b02 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -47,6 +47,7 @@ let
     wai-middleware-time = {};
     web-routes-wai-custom = {};
     xintmap = {};
+    xmonad-stockholm = {};
   });
 
   restricted-repos = mapAttrs make-restricted-repo (
-- 
cgit v1.2.3


From 2263c04e7c95caa5c21fb80952a19916eace5a3e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 9 Nov 2015 18:01:52 +0100
Subject: tv git: tv_xu has R/W-access to protected repos

---
 tv/2configs/git.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tv/2configs')

diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 38af92b02..ff5bedce9 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -83,7 +83,7 @@ let
     with git // config.krebs.users;
     repo:
       singleton {
-        user = tv;
+        user = [ tv tv_xu ];
         repo = [ repo ];
         perm = push "refs/*" [ non-fast-forward create delete merge ];
       } ++
-- 
cgit v1.2.3


From 1f4d7ffa50483cde6024fe910fb16d0c8040e245 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 9 Nov 2015 18:34:02 +0100
Subject: tv git: move old stuff to the museum section

---
 tv/2configs/git.nix | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'tv/2configs')

diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index ff5bedce9..3c0524b33 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -20,26 +20,22 @@ let
   rules = concatMap make-rules (attrValues repos);
 
   public-repos = mapAttrs make-public-repo ({
+  } // mapAttrValues (setAttr "section" "1. Miscellaneous") {
     cac = {
       desc = "CloudAtCost command line interface";
     };
-    cgserver = {};
-    crude-mail-setup = {};
-    dot-xmonad = {};
     get = {};
     hack = {};
     load-env = {};
     make-snapshot = {};
     much = {};
-    nixos-infest = {};
     nixpkgs = {};
-    painload = {};
     push = {};
     regfish = {};
     stockholm = {
       desc = "take all the computers hostage, they'll love you!";
     };
-  } // mapAttrs (_: repo: repo // { section = "Haskell libraries"; }) {
+  } // mapAttrValues (setAttr "section" "2. Haskell libraries") {
     blessings = {};
     mime = {};
     quipper = {};
@@ -48,6 +44,12 @@ let
     web-routes-wai-custom = {};
     xintmap = {};
     xmonad-stockholm = {};
+  } // mapAttrValues (setAttr "section" "3. Museum") {
+    cgserver = {};
+    crude-mail-setup = {};
+    dot-xmonad = {};
+    nixos-infest = {};
+    painload = {};
   });
 
   restricted-repos = mapAttrs make-restricted-repo (
-- 
cgit v1.2.3


From 85c25d6947f370c8ab8a304d7371ea9085003d3d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 9 Nov 2015 18:51:26 +0100
Subject: tv {lib.git => pkgs.git-hooks} irc-announce

---
 tv/2configs/git.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tv/2configs')

diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 3c0524b33..63d65a630 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -66,7 +66,7 @@ let
     inherit name desc section;
     public = true;
     hooks = {
-      post-receive = git.irc-announce {
+      post-receive = pkgs.git-hooks.irc-announce {
         # TODO make nick = config.krebs.build.host.name the default
         nick = config.krebs.build.host.name;
         channel = "#retiolum";
-- 
cgit v1.2.3


From 1f39b86dad2f8ddeb8008f6dda02a6dea1c369a6 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 9 Nov 2015 18:52:11 +0100
Subject: stockholm: import user lib if it exists

---
 tv/2configs/git.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'tv/2configs')

diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 63d65a630..4387be36a 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -1,6 +1,7 @@
 { config, lib, pkgs, ... }:
 
-with import ../4lib { inherit lib pkgs; };
+with lib;
+
 let
 
   out = {
-- 
cgit v1.2.3


From 7cf1b1e4b7e5fe6980309b4037a75d154bb38598 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 9 Nov 2015 23:18:15 +0100
Subject: tv vim hs: hi quasi quotes

---
 tv/2configs/vim.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'tv/2configs')

diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 04b1480c1..0822fb5bf 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -64,6 +64,10 @@ let
             \ | hi TrailingSpace ctermbg=88
             \ | hi Normal ctermfg=White
 
+    au BufRead,BufNewFile *.hs so ${pkgs.writeText "hs.vim" ''
+      syn region String start=+\[[^|]*|+ end=+|]+
+    ''}
+
     au BufRead,BufNewFile *.nix so ${pkgs.writeText "nix.vim" ''
       setf nix
       set isk=@,48-57,_,192-255,-,'
-- 
cgit v1.2.3


From 7ce26169db88cf68ab802a68ed55a3ed7b9be33a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 10 Nov 2015 12:44:05 +0100
Subject: tv: setup XDG_RUNTIME_DIR for users

---
 tv/2configs/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'tv/2configs')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 6ed1c65f9..749d249af 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -167,5 +167,13 @@ with lib;
         "sendmail"  # for sudo
       ];
     }
+    {
+      systemd.tmpfiles.rules = let
+        forUsers = flip map users;
+        isUser = { group, ... }: hasSuffix "users" group;
+        users = filter isUser (mapAttrsToList (_: id) config.users.users);
+      in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -");
+      environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
+    }
   ];
 }
-- 
cgit v1.2.3


From ebba531273715c1a9c124007b97f3547d16e780f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 10 Nov 2015 12:44:30 +0100
Subject: tv: add shell aliases for systemd

---
 tv/2configs/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'tv/2configs')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 749d249af..3400c13b6 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -88,6 +88,12 @@ with lib;
         ls = "ls -h --color=auto --group-directories-first";
         dmesg = "dmesg -L --reltime";
         view = "vim -R";
+
+        reload = "systemctl reload";
+        restart = "systemctl restart";
+        start = "systemctl start";
+        status = "systemctl status";
+        stop = "systemctl stop";
       };
 
       environment.variables = {
-- 
cgit v1.2.3