summaryrefslogtreecommitdiffstats
path: root/makefu/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-08-02 20:58:42 +0200
committertv <tv@krebsco.de>2016-08-02 20:58:42 +0200
commite6aef09ad41cd55d716b8ee276ebd774b95d8ecb (patch)
tree6d8d5cce976f3843ab196367e82fec56f0798838 /makefu/2configs
parent0928cc03a6191640c66c9122159994855527faef (diff)
parentb197949ab83ee3ee87b5774e0fc7c8d0123a6708 (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/2configs')
-rw-r--r--makefu/2configs/base-gui.nix7
-rw-r--r--makefu/2configs/bepasty-dual.nix6
-rw-r--r--makefu/2configs/fetchWallpaper.nix2
-rw-r--r--makefu/2configs/hw/tp-x2x0.nix7
-rw-r--r--makefu/2configs/main-laptop.nix51
-rw-r--r--makefu/2configs/nginx/euer.wiki.nix38
-rw-r--r--makefu/2configs/tinc/siem.nix12
-rw-r--r--makefu/2configs/zsh-user.nix2
8 files changed, 106 insertions, 19 deletions
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index f7d6991c5..b039c12ca 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -55,7 +55,7 @@ in
hardware.pulseaudio = {
enable = true;
- # systemWide = true;
+ systemWide = true;
};
services.xserver.displayManager.sessionCommands = let
xdefaultsfile = pkgs.writeText "Xdefaults" ''
@@ -87,5 +87,8 @@ in
URxvt.url-select.underline: true
URxvt.searchable-scrollback: CM-s
'';
- in "cat ${xdefaultsfile} | xrdb -merge";
+ in ''
+ cat ${xdefaultsfile} | xrdb -merge
+ ${pkgs.xorg.xhost}/bin/xhost +local:
+ '';
}
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index f675c4ac8..4b5389c32 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -45,6 +45,7 @@ in {
#certificate = "${sec}/wildcard.krebsco.de.crt";
#certificate_key = "${sec}/wildcard.krebsco.de.key";
ciphers = "RC4:HIGH:!aNULL:!MD5" ;
+ force_encryption = true;
};
locations = singleton ( nameValuePair "/.well-known/acme-challenge" ''
root ${acmechall}/${ext-dom}/;
@@ -54,10 +55,7 @@ in {
ssl_session_timeout 10m;
ssl_verify_client off;
proxy_ssl_session_reuse off;
-
- if ($scheme = http){
- return 301 https://$server_name$request_uri;
- }'';
+ '';
};
defaultPermissions = "read";
secretKey = secKey;
diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix
index 786df6d40..fb74919c4 100644
--- a/makefu/2configs/fetchWallpaper.nix
+++ b/makefu/2configs/fetchWallpaper.nix
@@ -3,7 +3,7 @@
{
krebs.fetchWallpaper = {
enable = true;
- display = ":0";
+ display = ":0.0";
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
timerConfig = {
OnCalendar = "*:0/30";
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index c10ec1314..9047cfb66 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -12,6 +12,12 @@ with config.krebs.lib;
zramSwap.enable = true;
zramSwap.numDevices = 2;
+ # enable synaptics so we can easily disable the touchpad
+ # enable the touchpad with `synclient TouchpadOff=0`
+ services.xserver.synaptics = {
+ enable = true;
+ additionalOptions = ''Option "TouchpadOff" "1"'';
+ };
hardware.trackpoint = {
enable = true;
sensitivity = 220;
@@ -19,7 +25,6 @@ with config.krebs.lib;
emulateWheel = true;
};
-
services.tlp.enable = true;
services.tlp.extraConfig = ''
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index 3cc91b630..9d5b06f70 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -6,7 +6,10 @@
# TODO split generic desktop stuff and laptop-specifics like lidswitching
with config.krebs.lib;
-{
+let
+ window-manager = "awesome";
+ user = config.krebs.build.user.name;
+in {
imports = [
./base-gui.nix
./fetchWallpaper.nix
@@ -16,6 +19,52 @@ with config.krebs.lib;
users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];
+ krebs.power-action = let
+ #speak = "XDG_RUNTIME_DIR=/run/user/$(id -u) ${pkgs.espeak}/bin/espeak"; # when run as user
+ speak = "${pkgs.espeak}/bin/espeak"; # systemwide pulse
+ whisper = text: ''${speak} -v +whisper -s 110 "${text}"'';
+
+ note = pkgs.writeDash "note-as-user" ''
+ eval "export $(egrep -z DBUS_SESSION_BUS_ADDRESS /proc/$(${pkgs.procps}/bin/pgrep -u ${user} ${window-manager})/environ)"
+ ${pkgs.libnotify}/bin/notify-send "$@";
+ '';
+ in {
+ enable = true;
+ inherit user;
+ plans.low-battery = {
+ upperLimit = 25;
+ lowerLimit = 15;
+ charging = false;
+ action = pkgs.writeDash "low-speak" ''
+ ${whisper "power level low, please plug me in"}
+ '';
+ };
+ plans.nag-harder = {
+ upperLimit = 15;
+ lowerLimit = 5;
+ charging = false;
+ action = pkgs.writeDash "crit-speak" ''
+ ${note} Battery -u critical -t 60000 "Power level critical, do something!"
+ ${whisper "Power level critical, do something"}
+ '';
+ };
+ plans.last-chance = {
+ upperLimit = 5;
+ lowerLimit = 3;
+ charging = false;
+ action = pkgs.writeDash "suspend-wrapper" ''
+ ${note} Battery -u crit "You've had your chance, suspend in 5 seconds"
+ ${concatMapStringsSep "\n" (i: ''
+ ${note} -u critical -t 1000 ${toString i}
+ ${speak} ${toString i} &
+ sleep 1
+ '')
+ [ 5 4 3 2 1 ]}
+ /var/setuid-wrappers/sudo ${pkgs.systemd}/bin/systemctl suspend
+ '';
+ };
+ };
+ security.sudo.extraConfig = "${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${pkgs.systemd}/bin/systemctl suspend";
services.redshift = {
enable = true;
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index 10985c833..655dee7b2 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -3,8 +3,15 @@
with config.krebs.lib;
let
sec = toString <secrets>;
- ssl_cert = "${sec}/wildcard.krebsco.de.crt";
- ssl_key = "${sec}/wildcard.krebsco.de.key";
+ ext-dom = "wiki.euer.krebsco.de";
+ acmepath = "/var/lib/acme/";
+ acmechall = acmepath + "/challenges/";
+
+ #ssl_cert = "${sec}/wildcard.krebsco.de.crt";
+ #ssl_key = "${sec}/wildcard.krebsco.de.key";
+ ssl_cert = "${acmepath}/${ext-dom}/fullchain.pem";
+ ssl_key = "${acmepath}/${ext-dom}/key.pem";
+
user = config.services.nginx.user;
group = config.services.nginx.group;
fpm-socket = "/var/run/php5-fpm.sock";
@@ -80,22 +87,23 @@ in {
listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
"${internal-ip}:80" "${internal-ip}:443 ssl" ];
server-names = [
- "wiki.euer.krebsco.de"
+ ext-dom
"wiki.makefu.retiolum"
"wiki.makefu"
];
+ ssl = {
+ enable = true;
+ # these certs will be needed if acme has not yet created certificates:
+ certificate = ssl_cert;
+ certificate_key = ssl_key;
+ force_encryption = true;
+ };
extraConfig = ''
gzip on;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/css;
- ssl_certificate ${ssl_cert};
- ssl_certificate_key ${ssl_key};
default_type text/plain;
- if ($scheme = http){
- return 301 https://$server_name$request_uri;
- }
-
'';
locations = [
(nameValuePair "/" ''
@@ -111,8 +119,20 @@ in {
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
'')
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root ${acmechall}/${ext-dom}/;
+ '')
+
];
};
};
};
+ security.acme.certs."${ext-dom}" = {
+ email = "acme@syntax-fehler.de";
+ webroot = "${acmechall}/${ext-dom}/";
+ group = "nginx";
+ allowKeysForGroup = true;
+ postRun = "systemctl reload nginx.service";
+ extraDomains."${ext-dom}" = null ;
+ };
}
diff --git a/makefu/2configs/tinc/siem.nix b/makefu/2configs/tinc/siem.nix
new file mode 100644
index 000000000..8f17f1a0a
--- /dev/null
+++ b/makefu/2configs/tinc/siem.nix
@@ -0,0 +1,12 @@
+{lib, config, ... }:
+{
+ # TODO do not know why we need to force it, port is only set via default to 655
+ krebs.build.host.nets.siem.tinc.port = lib.mkForce 1655;
+ krebs.dns.providers.siem = "hosts";
+ networking.firewall.allowedUDPPorts = [ 1665 ];
+ networking.firewall.allowedTCPPorts = [ 1655 ];
+ krebs.tinc.siem = {
+ enable = true;
+ connectTo = [ "shoney" ];
+ };
+}
diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix
index 99c1315e1..a3286b7fd 100644
--- a/makefu/2configs/zsh-user.nix
+++ b/makefu/2configs/zsh-user.nix
@@ -22,7 +22,7 @@ in
bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select
- gpg-connect-agent updatestartuptty /bye >/dev/null
+ ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null
GPG_TTY=$(tty)
export GPG_TTY
unset SSH_AGENT_PID