diff options
33 files changed, 509 insertions, 372 deletions
diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix index cfc05b636..d72b167b6 100644 --- a/kartei/lass/prism.nix +++ b/kartei/lass/prism.nix @@ -21,7 +21,7 @@ rec { 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - cgit CNAME ${config.krebs.hosts.prism.nets.internet.ip4.addr} + cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} @@ -38,6 +38,7 @@ rec { mail 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + schrott 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { diff --git a/kartei/palo/default.nix b/kartei/palo/default.nix index 9d35c3808..6fc9a594f 100644 --- a/kartei/palo/default.nix +++ b/kartei/palo/default.nix @@ -17,13 +17,28 @@ let in { hosts = mapAttrs hostDefaults { - sterni = { + sol = { owner = config.krebs.users.palo; nets = { retiolum = { tinc.port = 720; - aliases = [ "sterni.r" ]; - tinc.pubkey = builtins.readFile ./retiolum.pub; + aliases = [ "sol.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxrvdMSAcOJXM1TbIIDZ+zPojrcRG3RVMfPC2/0DasRpBFSuS+L60 + mQEs0l0ptAL6Sbr4+9gfaHkdETfYpeKB4Q4lCPahMq88YfTyB1f3tEOqW3vP22nC + Z+Yf+W/sTLWVRoDoS/Eok6wS95R1IQ74vr37YXdbJTD/eeX6sAJkn2I2RV5PD6Bu + lHsMuunAj+PyhAgqb2P393h7FN4exL0xM6UbHbgsd9OSp5qKTjZE3jeOyWmounK1 + 7n+8pyRjI0VE47ontnj/GANwpsxRFFtRGmG/S5KhUBXMv7wZr/vaVETRphAu+KhT + NqdclmGkQlB/YBodzJID7C21Zz4b33kcn12TU3nc6AL5u9j3sU2sEu/22fAZBWLV + yOZ9l/Qe4aJkIbdL70Gvp9G8m7+M4vkdM+e/nA5cZT0N9ArI2D5ltJRd7VLVzxef + Y0t/bS9bVOcNt2Sgd81Ubg0OmF2paHGGboAAMqXhf3afwCMyXcDsP6sgPXOIEu7Q + hjuo5rg6Fu8eK9edAAQ2afl52GiFUawzjHbjGANwVyea1JTQ3uR6eBtxGOEaYpkr + vbl75CxLwE0YA0L3VwhJTNLMVldTrUi2M76QedjzyePkJHMijHT5+0nqTlsmjcNg + uv89Mh9shNKdqulfGjTAFyKjTCuUe/rCprJ5CeZWBaEuQKYkcZuMkJsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "qCJvjlNz5YNOz5IEiwGaoK3InSVCL76uNl+xVBUa/AP"; }; }; }; diff --git a/kartei/palo/retiolum.pub b/kartei/palo/retiolum.pub deleted file mode 100644 index 65284d51d..000000000 --- a/kartei/palo/retiolum.pub +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE -8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4 -oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/ -ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD -ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ -ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu -MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL -rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo -sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1 -EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH -yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 9849937d5..70307a96b 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -26,4 +26,8 @@ boot.isContainer = true; networking.useDHCP = false; + krebs.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM20tYHHvwIgrJZzR35ATzH9AlTrM1enNKEQJ7IP6lBh"; + }; } diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix index 620e6249e..b27fc3737 100644 --- a/krebs/1systems/news/config.nix +++ b/krebs/1systems/news/config.nix @@ -17,13 +17,8 @@ boot.isContainer = true; networking.useDHCP = lib.mkForce true; - krebs.bindfs = { - "/var/lib/brockman" = { - source = "/var/state/brockman"; - options = [ - "-m ${toString config.users.users.brockman.uid}:${toString config.users.users.nginx.uid}" - ]; - clearTarget = true; - }; + krebs.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBVZomw68WDQy0HsHhNbWK1KpzaR5aRUG1oioE7IgCv"; }; } diff --git a/krebs/2configs/hotdog-host.nix b/krebs/2configs/hotdog-host.nix new file mode 100644 index 000000000..95d70376b --- /dev/null +++ b/krebs/2configs/hotdog-host.nix @@ -0,0 +1,9 @@ +{ + krebs.sync-containers3.containers.hotdog = { + sshKey = "${toString <secrets>}/hotdog.sync.key"; + }; + containers.hotdog.bindMounts."/var/lib" = { + hostPath = "/var/lib/sync-containers3/hotdog/state"; + isReadOnly = false; + }; +} diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix index 07674c86e..71793e518 100644 --- a/krebs/2configs/news-host.nix +++ b/krebs/2configs/news-host.nix @@ -1,10 +1,5 @@ { - krebs.sync-containers.containers.news = { - peers = [ - "shodan" - "mors" - "styx" - ]; - format = "plain"; + krebs.sync-containers3.containers.news = { + sshKey = "${toString <secrets>}/news.sync.key"; }; } diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index d6c6371da..9d9470727 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -74,7 +74,7 @@ limits.identlen = 100; history.enabled = false; }; - systemd.services.brockman.bindsTo = [ "ergo.service" ]; + systemd.services.brockman.bindsTo = [ "ergochat.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; krebs.brockman = { @@ -87,6 +87,7 @@ nick = "brockman"; extraChannels = [ "#all" ]; }; + statePath = "/var/state/brockman/brockman.json"; bots = {}; }; }; diff --git a/krebs/5pkgs/simple/fzfmenu/default.nix b/krebs/5pkgs/simple/fzfmenu/default.nix index 4527ad90b..fe5d5e27a 100644 --- a/krebs/5pkgs/simple/fzfmenu/default.nix +++ b/krebs/5pkgs/simple/fzfmenu/default.nix @@ -48,10 +48,11 @@ pkgs.writeDashBin "fzfmenu" '' exec 4>&1 export FZFMENU_INPUT_FD=3 export FZFMENU_OUTPUT_FD=4 - exec ${pkgs.rxvt-unicode}/bin/urxvt \ - -name ${cfg.appName} \ - -title ${shell.escape cfg.windowTitle} \ - -e "$0" "$@" + exec ${pkgs.alacritty}/bin/alacritty \ + --config-file /var/theme/config/alacritty.yaml \ + --class ${cfg.appName} \ + --title ${shell.escape cfg.windowTitle} \ + --command "$0" "$@" else exec 0<&''${FZFMENU_INPUT_FD-0} exec 1>&''${FZFMENU_OUTPUT_FD-1} diff --git a/krebs/5pkgs/simple/pager.nix b/krebs/5pkgs/simple/pager.nix index 506ef2eb3..952b5ee1e 100644 --- a/krebs/5pkgs/simple/pager.nix +++ b/krebs/5pkgs/simple/pager.nix @@ -33,8 +33,6 @@ pkgs.symlinkJoin { -ti vt340 \ -xrm '*geometry: 32x10' \ -xrm '*internalBorder: 2' \ - -xrm '*background: #050505' \ - -xrm '*foreground: #d0d7d0' \ -e ${pkgs.haskellPackages.pager}/bin/pager "$@" '') pkgs.haskellPackages.pager diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix index ed5bbcf12..6992db4a5 100644 --- a/lass/1systems/aergia/config.nix +++ b/lass/1systems/aergia/config.nix @@ -26,6 +26,7 @@ <stockholm/lass/2configs/dunst.nix> <stockholm/lass/2configs/print.nix> <stockholm/lass/2configs/br.nix> + <stockholm/lass/2configs/c-base.nix> ]; system.stateVersion = "22.11"; @@ -47,11 +48,6 @@ }; hardware.pulseaudio.package = pkgs.pulseaudioFull; - lass.browser.config = { - fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; - qt = { browser = "qutebrowser"; groups = [ "audio" "video" ]; hidden = true; }; - }; - nix.trustedUsers = [ "root" "lass" ]; # nix.extraOptions = '' diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index de5f7540e..023639083 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -3,6 +3,7 @@ imports = [ ./config.nix (modulesPath + "/installer/scan/not-detected.nix") + <stockholm/lass/2configs/antimicrox> ]; disko.devices = import ./disk.nix; @@ -20,15 +21,41 @@ boot.kernelParams = [ # Enable energy savings during sleep "mem_sleep_default=deep" - "initcall_blacklist=acpi_cpufreq_init" + + # use less power with pstate + "amd_pstate=passive" # for ryzenadj -i "iomem=relaxed" + + # suspend + "resume_offset=178345675" ]; - # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html - # On recent AMD CPUs this can be more energy efficient. - boot.kernelModules = [ "amd-pstate" "kvm-amd" ]; + boot.kernelModules = [ + # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html + # On recent AMD CPUs this can be more energy efficient. + "amd-pstate" + "kvm-amd" + + # needed for zenstates + "msr" + + # zenpower + "zenpower" + ]; + + boot.extraModulePackages = [ + (config.boot.kernelPackages.zenpower.overrideAttrs (old: { + src = pkgs.fetchFromGitea { + domain = "git.exozy.me"; + owner = "a"; + repo = "zenpower3"; + rev = "c176fdb0d5bcba6ba2aba99ea36812e40f47751f"; + hash = "sha256-d2WH8Zv7F0phZmEKcDiaak9On+Mo9bAFhMulT/N5FWI="; + }; + })) + ]; # hardware.cpu.amd.updateMicrocode = true; @@ -36,7 +63,16 @@ "amdgpu" ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "thunderbolt" + "xhci_pci" + "usbhid" + ]; + + boot.initrd.kernelModules = [ + "amdgpu" + ]; environment.systemPackages = [ pkgs.vulkan-tools @@ -54,7 +90,13 @@ hardware.video.hidpi.enable = lib.mkDefault true; # corectrl - programs.corectrl.enable = true; + programs.corectrl = { + enable = true; + gpuOverclock = { + enable = true; + ppfeaturemask = "0xffffffff"; + }; + }; users.users.mainUser.extraGroups = [ "corectrl" ]; # use newer ryzenadj @@ -72,7 +114,7 @@ # keyboard quirks services.xserver.displayManager.sessionCommands = '' - xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert + ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert ''; services.udev.extraHwdb = /* sh */ '' # disable back buttons @@ -82,5 +124,20 @@ ''; # ignore power key - services.logind.extraConfig = "HandlePowerKey=ignore"; + + # update cpu microcode + hardware.cpu.amd.updateMicrocode = true; + + # suspend to disk + swapDevices = [{ + device = "/swapfile"; + }]; + boot.resumeDevice = "/dev/mapper/aergia1"; + services.logind.lidSwitch = "suspend-then-hibernate"; + services.logind.extraConfig = '' + HandlePowerKey=hibernate + ''; + + # firefox touchscreen support + environment.sessionVariables.MOZ_USE_XINPUT2 = "1"; } diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index 2c88b68cc..1df56f591 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -54,12 +54,6 @@ }; hardware.pulseaudio.package = pkgs.pulseaudioFull; - lass.browser.config = { - dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; - ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; }; - fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; - }; - nix.trustedUsers = [ "root" "lass" ]; services.tor = { diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 077f7b3fa..c232be9bd 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -35,6 +35,7 @@ with import <stockholm/lib>; systemd.tmpfiles.rules = [ "d /home/lass/.local/share 0700 lass users -" "d /home/lass/.local 0700 lass users -" + "d /home/lass/.config 0700 lass users -" "d /var/state/lass_mail 0700 lass users -" "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail" diff --git a/lass/1systems/lasspi/config.nix b/lass/1systems/lasspi/config.nix index 9f823dfc8..d2207627d 100644 --- a/lass/1systems/lasspi/config.nix +++ b/lass/1systems/lasspi/config.nix @@ -1,4 +1,3 @@ -with import <stockholm/lib>; { config, lib, pkgs, ... }: let in @@ -18,9 +17,9 @@ in }; environment.systemPackages = with pkgs; [ vim - rxvt_unicode.terminfo + rxvt-unicode-unwrapped.terminfo ]; services.openssh.enable = true; - system.stateVersion = "21.05"; + system.stateVersion = "22.05"; } diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix index 868bafad5..07efb5ca5 100644 --- a/lass/1systems/lasspi/physical.nix +++ b/lass/1systems/lasspi/physical.nix @@ -1,15 +1,14 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, modulesPath, ... }: { - # This configuration worked on 09-03-2021 nixos-unstable @ commit 102eb68ceec - # The image used https://hydra.nixos.org/build/134720986 imports = [ + (modulesPath + "/installer/scan/not-detected.nix") ./config.nix ]; boot = { # kernelPackages = pkgs.linuxPackages_rpi4; tmpOnTmpfs = true; - initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; + initrd.availableKernelModules = [ "usbhid" "usb_storage" "xhci_pci" ]; # ttyAMA0 is the serial console broken out to the GPIO kernelParams = [ "8250.nr_uarts=1" @@ -20,19 +19,23 @@ ]; }; - boot.loader.raspberryPi = { - enable = true; - version = 4; - }; + # boot.loader.raspberryPi = { + # enable = true; + # version = 4; + # # uboot.enable = true; + # }; boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; # Required for the Wireless firmware hardware.enableRedistributableFirmware = true; + networking.interfaces.eth0.useDHCP = true; + # Assuming this is installed on top of the disk image. fileSystems = { "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; fsType = "ext4"; options = [ "noatime" ]; }; diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index 7f6be782e..be80e28da 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -10,6 +10,7 @@ <stockholm/lass/2configs/yellow-host.nix> <stockholm/lass/2configs/radio/container-host.nix> <stockholm/lass/2configs/ubik-host.nix> + <stockholm/krebs/2configs/hotdog-host.nix> # other containers <stockholm/lass/2configs/riot.nix> diff --git a/lass/1systems/orange/config.nix b/lass/1systems/orange/config.nix index 3bc20878e..5e975dba8 100644 --- a/lass/1systems/orange/config.nix +++ b/lass/1systems/orange/config.nix @@ -5,6 +5,7 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs> <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/mumble-reminder.nix> ]; krebs.build.host = config.krebs.hosts.orange; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bcc8c1a08..f23778eba 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -137,7 +137,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/jitsi.nix> <stockholm/lass/2configs/fysiirc.nix> <stockholm/lass/2configs/bgt-bot> - <stockholm/lass/2configs/mumble-reminder.nix> <stockholm/krebs/2configs/mastodon-proxy.nix> { services.tor = { diff --git a/lass/2configs/antimicrox/default.nix b/lass/2configs/antimicrox/default.nix new file mode 100644 index 000000000..16f546ce6 --- /dev/null +++ b/lass/2configs/antimicrox/default.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: +{ + systemd.services.antimicrox = { + wantedBy = [ "multi-user.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + User = config.users.users.mainUser.name; + ExecStartPre = lib.singleton (pkgs.writeDash "init_state" "echo 0 > /tmp/gamepad.state"); + ExecStart = "${pkgs.antimicrox}/bin/antimicrox --no-tray --hidden --profile ${./mouse.amgp}"; + }; + }; + + environment.systemPackages = [ + (pkgs.writers.writeDashBin "gamepad_mouse_disable" '' + echo 1 > /tmp/gamepad.state + ${pkgs.antimicrox}/bin/antimicrox --profile ${./empty.amgp} + '') + (pkgs.writers.writeDashBin "gamepad_mouse_enable" '' + echo 0 > /tmp/gamepad.state + ${pkgs.antimicrox}/bin/antimicrox --profile ${./mouse.amgp} + '') + (pkgs.writers.writeDashBin "gamepad_mouse_toggle" '' + state=$(${pkgs.coreutils}/bin/cat /tmp/gamepad.state) + if [ "$state" = 1 ]; then + /run/current-system/sw/bin/gamepad_mouse_enable + else + /run/current-system/sw/bin/gamepad_mouse_disable + fi + '') + ]; +} diff --git a/lass/2configs/antimicrox/empty.amgp b/lass/2configs/antimicrox/empty.amgp new file mode 100644 index 000000000..0257bfe71 --- /dev/null +++ b/lass/2configs/antimicrox/empty.amgp @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<gamecontroller configversion="19" appversion="3.3.2"> + <!--The SDL name for a joystick is included for informational purposes only.--> + <sdlname>XInput Controller</sdlname> + <!--The Unique ID for a joystick is included for informational purposes only.--> + <uniqueID>030000005e0400008e020000010100001118654</uniqueID> + <stickAxisAssociation index="2" xAxis="3" yAxis="4"/> + <stickAxisAssociation index="1" xAxis="1" yAxis="2"/> + <vdpadButtonAssociations index="1"> + <vdpadButtonAssociation axis="0" button="12" direction="1"/> + <vdpadButtonAssociation axis="0" button="13" direction="4"/> + <vdpadButtonAssociation axis="0" button="14" direction="8"/> + <vdpadButtonAssociation axis="0" button="15" direction="2"/> + </vdpadButtonAssociations> + <names> + <controlstickname index="2">R Stick</controlstickname> + <controlstickname index="1">L Stick</controlstickname> + </names> + <sets/> +</gamecontroller> diff --git a/lass/2configs/antimicrox/mouse.amgp b/lass/2configs/antimicrox/mouse.amgp new file mode 100644 index 000000000..313e598de --- /dev/null +++ b/lass/2configs/antimicrox/mouse.amgp @@ -0,0 +1,272 @@ +<?xml version="1.0" encoding="UTF-8"?> +<gamecontroller configversion="19" appversion="3.3.2"> + <!--The SDL name for a joystick is included for informational purposes only.--> + <sdlname>XInput Controller</sdlname> + <!--The Unique ID for a joystick is included for informational purposes only.--> + <uniqueID>030000005e0400008e020000010100001118654</uniqueID> + <stickAxisAssociation index="2" xAxis="3" yAxis="4"/> + <stickAxisAssociation index="1" xAxis="1" yAxis="2"/> + <vdpadButtonAssociations index="1"> + <vdpadButtonAssociation axis="0" button="12" direction="1"/> + <vdpadButtonAssociation axis="0" button="13" direction="4"/> + <vdpadButtonAssociation axis="0" button="14" direction="8"/> + <vdpadButtonAssociation axis="0" button="15" direction="2"/> + </vdpadButtonAssociations> + <names> + <controlstickname index="2">Stick 2</controlstickname> + <controlstickname index="1">Stick 1</controlstickname> + </names> + <sets> + <set index="1"> + <stick index="2"> + <deadZone>1</deadZone> + <maxZone>29501</maxZone> + <modifierZone>1412</modifierZone> + <diagonalRange>90</diagonalRange> + <stickbutton index="7"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + <accelerationmultiplier>4</accelerationmultiplier> + <startaccelmultiplier>20</startaccelmultiplier> + <minaccelthreshold>3</minaccelthreshold> + <extraaccelerationcurve>easeoutquad</extraaccelerationcurve> + <slots> + <slot> + <code>3</code> + <mode>mousemovement</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="6"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + </stickbutton> + <stickbutton index="5"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + <accelerationmultiplier>4</accelerationmultiplier> + <startaccelmultiplier>20</startaccelmultiplier> + <minaccelthreshold>3</minaccelthreshold> + <extraaccelerationcurve>easeoutquad</extraaccelerationcurve> + <slots> + <slot> + <code>2</code> + <mode>mousemovement</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="4"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + </stickbutton> + <stickbutton index="3"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + <accelerationmultiplier>4</accelerationmultiplier> + <startaccelmultiplier>20</startaccelmultiplier> + <minaccelthreshold>3</minaccelthreshold> + <extraaccelerationcurve>easeoutquad</extraaccelerationcurve> + <slots> + <slot> + <code>4</code> + <mode>mousemovement</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="2"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + </stickbutton> + <stickbutton index="1"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + <accelerationmultiplier>4</accelerationmultiplier> + <startaccelmultiplier>20</startaccelmultiplier> + <minaccelthreshold>3</minaccelthreshold> + <extraaccelerationcurve>easeoutquad</extraaccelerationcurve> + <slots> + <slot> + <code>1</code> + <mode>mousemovement</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="8"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + </stickbutton> + </stick> + <stick index="1"> + <deadZone>2578</deadZone> + <maxZone>30799</maxZone> + <stickbutton index="7"> + <mouseacceleration>linear</mouseacceleration> + <slots> + <slot> + <code>6</code> + <mode>mousebutton</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="6"> + <mouseacceleration>linear</mouseacceleration> + </stickbutton> + <stickbutton index="5"> + <mouseacceleration>linear</mouseacceleration> + <slots> + <slot> + <code>5</code> + <mode>mousebutton</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="4"> + <mouseacceleration>linear</mouseacceleration> + </stickbutton> + <stickbutton index="3"> + <mouseacceleration>linear</mouseacceleration> + <slots> + <slot> + <code>7</code> + <mode>mousebutton</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="2"> + <mouseacceleration>linear</mouseacceleration> + </stickbutton> + <stickbutton index="1"> + <mouseacceleration>linear</mouseacceleration> + <slots> + <slot> + <code>4</code> + <mode>mousebutton</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="8"> + <mouseacceleration>linear</mouseacceleration> + </stickbutton> + </stick> + <dpad index="1"> + <dpadbutton index="6"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + </dpadbutton> + <dpadbutton index="4"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + <slots> + <slot> + <code>0x1000017</code> + <mode>keyboard</mode> + </slot> + </slots> + </dpadbutton> + <dpadbutton index="3"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + </dpadbutton> + <dpadbutton index="2"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + <slots> + <slot> + <code>0x1000011</code> + <mode>keyboard</mode> + </slot> + </slots> + </dpadbutton> + <dpadbutton index="1"> + <wheelspeedx>10</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + <slots> + <slot> + <code>0x1000016</code> + <mode>keyboard</mode> + </slot> + </slots> + </dpadbutton> + <dpadbutton index="12"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + </dpadbutton> + <dpadbutton index="9"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + </dpadbutton> + <dpadbutton index="8"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + <slots> + <slot> + <code>0x1000010</code> + <mode>keyboard</mode> + </slot> + </slots> + </dpadbutton> + </dpad> + <trigger index="6"> + <deadZone>2000</deadZone> + <throttle>positivehalf</throttle> + <triggerbutton index="1"> + <mousespeedx>100</mousespeedx> + <mousespeedy>100</mousespeedy> + </triggerbutton> + <triggerbutton index="2"> + <mousespeedx>100</mousespeedx> + <mousespeedy>100</mousespeedy> + <slots> + <slot> + <code>250</code> + <mode>mousespeedmod</mode> + </slot> + </slots> + </triggerbutton> + </trigger> + <trigger index="5"> + <throttle>positivehalf</throttle> + </trigger> + <button index="11"> + <slots> + <slot> + <code>1</code> + <mode>mousebutton</mode> + </slot> + </slots> + </button> + <button index="5"> + <slots> + <slot> + <code>1</code> + <mode>mousebutton</mode> + </slot> + </slots> + </button> + <button index="3"> + <slots> + <slot> + <code>2</code> + <mode>mousebutton</mode> + </slot> + </slots> + </button> + <button index="2"> + <slots> + <slot> + <code>3</code> + <mode>mousebutton</mode> + </slot> + </slots> + </button> + <button index="1"> + <slots> + <slot> + <code>1</code> + <mode>mousebutton</mode> + </slot> + </slots> + </button> + </set> + </sets> +</gamecontroller> diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 2e28d48b6..79777429a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -95,7 +95,7 @@ in { (pkgs.writeDashBin "screenshot" '' set -efu - ${pkgs.flameshot}/bin/flameshot + ${pkgs.flameshot}/bin/flameshot gui ${pkgs.klem}/bin/klem '') ]; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 00a5d2db0..ea6fb644b 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,12 +1,8 @@ { config, lib, pkgs, ... }: { - lass.browser.config = { - cr = { groups = [ "audio" "video" ]; precedence = 9; }; - }; - programs.chromium = { - enable = true; - extensions = [ - "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - ]; - }; + programs.firefox.nativeMessagingHosts.tridactyl = true; + environment.variables.BROWSER = "${pkgs.firefox}/bin/firefox"; + environment.systemPackages = [ + pkgs.firefox + ]; } diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix index fa41f6634..2c148dcdd 100644 --- a/lass/2configs/jitsi.nix +++ b/lass/2configs/jitsi.nix @@ -8,6 +8,16 @@ enableWelcomePage = true; requireDisplayName = true; analytics.disabled = true; + startAudioOnly = true; + channelLastN = 4; + stunServers = [ + # - https://www.kuketz-blog.de/jitsi-meet-server-einstellungen-fuer-einen-datenschutzfreundlichen-betrieb/ + { urls = "turn:turn.matrix.org:3478?transport=udp"; } + { urls = "turn:turn.matrix.org:3478?transport=tcp"; } + # - services.coturn: + #{ urls = "turn:turn.${domainName}:3479?transport=udp"; } + #{ urls = "turn:turn.${domainName}:3479?transport=tcp"; } + ]; }; interfaceConfig = { SHOW_JITSI_WATERMARK = false; @@ -17,6 +27,10 @@ }; }; + services.jitsi-videobridge.config = { + org.jitsi.videobridge.TRUST_BWE = false; + }; + krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; } { predicate = "-p udp --dport 10000"; target = "ACCEPT"; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index f5b2e22b7..0adef8f8c 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -93,8 +93,6 @@ let tag-new-mails = pkgs.writeDashBin "nm-tag-init" '' ${pkgs.notmuch}/bin/notmuch new ${lib.concatMapStringsSep "\n" (i: '' - '') (lib.mapAttrsToList lib.nameValuePair mailboxes)} - ${lib.concatMapStringsSep "\n" (i: '' mkdir -p "$HOME/Maildir/.${i.name}/cur" for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files 'tag:inbox and (${lib.concatMapStringsSep " or " (f: "${f}") i.value})'); do if test -e "$mail"; then @@ -186,7 +184,9 @@ let "<enter-command>unset wait_key<enter> \ <shell-escape>${pkgs.writeDash "muchsync" '' set -efu - ${pkgs.muchsync}/bin/muchsync -F lass@green.r + until ${pkgs.muchsync}/bin/muchsync -F lass@green.r; do + sleep 1 + done ''}<enter> \ 'run muchsync to green.r' diff --git a/lass/2configs/mumble-reminder.nix b/lass/2configs/mumble-reminder.nix index fe75a96a6..c4cc60dc5 100644 --- a/lass/2configs/mumble-reminder.nix +++ b/lass/2configs/mumble-reminder.nix @@ -23,7 +23,7 @@ Kois Faulaffen Schraubenziegen - Nachtigalle + Nachtigallen Okapis Stachelschweine Kurzschwanzkängurus @@ -49,7 +49,7 @@ pattern = "^nerv nicht$"; activate = "match"; command = { - filename = pkgs.writeDash "add_remind" '' + filename = pkgs.writeDash "del_remind" '' ${pkgs.gnused}/bin/sed -i "/$_from/d" /var/lib/reaktor2-mumble-reminder/users echo "okok, Ich werde $_from nich mehr errinern" ''; @@ -80,7 +80,7 @@ in { }; systemd.services.mumble-reminder-nixos = { description = "weekly reminder for nixos mumble"; - startAt = "Thu *-*-* 19:00:00 Europe/Berlin"; + startAt = "Thu *-*-* 17:00:00 Europe/Berlin"; serviceConfig = { ExecStart = pkgs.writers.writeDash "mumble_reminder" '' animals=' diff --git a/lass/2configs/print.nix b/lass/2configs/print.nix index c2b3e8377..5769f9b15 100644 --- a/lass/2configs/print.nix +++ b/lass/2configs/print.nix @@ -6,5 +6,19 @@ pkgs.foomatic-filters pkgs.gutenprint ]; + browsing = true; + browsedConf = '' + BrowseDNSSDSubTypes _cups,_print + BrowseLocalProtocols all + BrowseRemoteProtocols all + CreateIPPPrinterQueues All + + BrowseProtocols all + ''; + }; + services.avahi = { + enable = true; + openFirewall = true; + nssmdns = true; }; } diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix index 88ea7ba59..02c551a2b 100644 --- a/lass/2configs/xdg-open.nix +++ b/lass/2configs/xdg-open.nix @@ -1,12 +1,13 @@ { config, pkgs, lib, ... }: with import <stockholm/lib>; let xdg-open-wrapper = pkgs.writeDashBin "xdg-open" '' - /run/wrappers/bin/sudo -u lass ${xdg-open} "$@" + exec ${xdg-open}/bin/xdg-open "$@" >> /tmp/xdg-debug.log 2>&1 ''; - xdg-open = pkgs.writeBash "xdg-open" '' - set -e + xdg-open = pkgs.writeBashBin "xdg-open" '' + set -xe FILE="$1" + PATH=/run/current-system/sw/bin mime= case "$FILE" in @@ -35,15 +36,13 @@ case "$mime" in special/mailaddress) - urxvtc --execute vim "$FILE" ;; - ${optionalString (hasAttr "browser" config.lass) '' + alacritty --execute vim "$FILE" ;; text/html) - ${config.lass.browser.select}/bin/browser-select "$FILE" ;; + firefox "$FILE" ;; text/xml) - ${config.lass.browser.select}/bin/browser-select "$FILE" ;; - ''} + firefox "$FILE" ;; text/*) - urxvtc --execute vim "$FILE" ;; + alacritty --execute vim "$FILE" ;; image/*) sxiv "$FILE" ;; application/x-bittorrent) @@ -51,17 +50,18 @@ application/pdf) zathura "$FILE" ;; inode/directory) - sudo -u lass -i urxvtc --execute mc "$FILE" ;; + alacritty --execute mc "$FILE" ;; *) # open dmenu and ask for program to open with - $(dmenu_path | dmenu) "$FILE";; + runner=$(print -rC1 -- ''${(ko)commands} | dmenu) + exec $runner "$FILE";; esac ''; in { environment.systemPackages = [ xdg-open-wrapper ]; security.sudo.extraConfig = '' - cr ALL=(lass) NOPASSWD: ${xdg-open} * - ff ALL=(lass) NOPASSWD: ${xdg-open} * + cr ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open * + ff ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open * ''; } diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index b506e026d..1789725d1 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -159,14 +159,14 @@ myKeyMap = ${pkgs.clipmenu}/bin/clipmenu ''}") - , ("M4-<F2>", windows copyToAll) - - , ("M4-<F4>", spawn "${pkgs.nm-dmenu}/bin/nm-dmenu") , ("M4-<Insert>", spawn "${pkgs.writeDash "paste" '' ${pkgs.coreutils}/bin/sleep 0.4 ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f - ''}") + , ("M4-<F1>", spawn "/run/current-system/sw/bin/gamepad_mouse_toggle") + , ("M4-<F2>", windows copyToAll) + , ("M4-<F4>", spawn "${pkgs.nm-dmenu}/bin/nm-dmenu") , ("M4-<F5>", spawn "${pkgs.acpilight}/bin/xbacklight -set 1") , ("M4-<F6>", spawn "${pkgs.acpilight}/bin/xbacklight -set 10") , ("M4-<F7>", spawn "${pkgs.acpilight}/bin/xbacklight -set 33") diff --git a/lass/3modules/browsers.nix b/lass/3modules/browsers.nix deleted file mode 100644 index 4171abdb6..000000000 --- a/lass/3modules/browsers.nix +++ /dev/null @@ -1,94 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; -let - - cfg = config.lass.browser; - - browserScripts = { - brave = "${pkgs.brave}/bin/brave"; - chrome = "${pkgs.google-chrome}/bin/chrome"; - chromium = "${pkgs.ungoogled-chromium}/bin/chromium"; - firefox = "${pkgs.firefox.override { - extraNativeMessagingHosts = [ pkgs.tridactyl-native ]; - }}/bin/firefox"; - qutebrowser = "${pkgs.qutebrowser}/bin/qutebrowser"; - }; - - browser-select = let - sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) - (filter (x: ! x.value.hidden) - (mapAttrsToList (name: value: { inherit name value; }) - cfg.config)); - in if (lib.length sortedPaths) > 1 then - pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) - case $BROWSER in - ${concatMapStringsSep "\n" (n: '' - ${n.name}) - export BIN=${config.lass.xjail-bins.${n.name}}/bin/${n.name} - ;; - '') (sortedPaths)} - esac - $BIN "$@" - '' - else - let - name = (lib.head sortedPaths).name; - in pkgs.writeScriptBin "browser-select" '' - ${config.lass.xjail-bins.${name}}/bin/${name} "$@" - '' - ; - -in { - options.lass.browser = { - select = mkOption { - type = types.path; - }; - config = mkOption { - type = types.attrsOf (types.submodule ({ config, ... }: { - options = { - name = mkOption { - type = types.str; - default = config._module.args.name; - }; - hidden = mkOption { - type = types.bool; - default = false; - }; - precedence = mkOption { - type = types.int; - default = 0; - }; - user = mkOption { - type = types.str; - default = config._module.args.name; - }; - browser = mkOption { - type = types.enum (attrNames browserScripts); - default = "brave"; - }; - groups = mkOption { - type = types.listOf types.str; - default = []; - }; - }; - })); - default = {}; - }; - }; - - config = (mkIf (cfg.config != {}) { - lass.xjail = mapAttrs' (name: browser: - nameValuePair name { - script = browserScripts.${browser.browser}; - groups = browser.groups; - } - ) cfg.config; - environment.systemPackages = (map (browser: - config.lass.xjail-bins.${browser.name} - ) (attrValues cfg.config)) ++ [ - browser-select - ]; - lass.browser.select = browser-select; - }); -} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 3a0b1306c..0e1a794ca 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -12,8 +12,6 @@ _: ./pyload.nix ./screenlock.nix ./usershadow.nix - ./xjail.nix ./autowifi.nix - ./browsers.nix ]; } diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix deleted file mode 100644 index 08a28b8e3..000000000 --- a/lass/3modules/xjail.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import <stockholm/lib>; -{ - options.lass.xjail = mkOption { - type = types.attrsOf (types.submodule ({ config, ...}: { - options = { - name = mkOption { - type = types.str; - default = config._module.args.name; - }; - user = mkOption { - type = types.str; - default = config.name; - }; - groups = mkOption { - type = types.listOf types.str; - default = []; - }; - from = mkOption { - type = types.str; - default = "lass"; - }; - display = mkOption { - type = types.str; - default = toString (genid_uint31 config._module.args.name); - }; - dpi = mkOption { - type = types.int; - default = 90; - }; - extraXephyrArgs = mkOption { - type = types.str; - default = ""; - }; - extraVglrunArgs = mkOption { - type = types.str; - default = ""; - }; - script = mkOption { - type = types.path; - default = pkgs.writeScript "echo_lol" "echo lol"; - }; - wm = mkOption { - #TODO find type - type = types.str; - defaultText = "‹script›"; - default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" { - executables.xmonad = { - extra-depends = [ - "containers" - "unix" - "xmonad" - ]; - text = /* haskell */ '' - module Main where - import XMonad - import Data.Monoid - import System.Posix.Process (executeFile) - import qualified Data.Map as Map - - main :: IO () - main = do - xmonad def - { workspaces = [ "1" ] - , layoutHook = myLayoutHook - , keys = myKeys - , normalBorderColor = "#000000" - , focusedBorderColor = "#000000" - , handleEventHook = myEventHook - } - - myEventHook :: Event -> X All - - myEventHook (ConfigureEvent { ev_event_type = 22 }) = do - spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1" - return (All True) - - myEventHook _ = do - return (All True) - - myLayoutHook = Full - myKeys _ = Map.fromList [] - ''; - }; - }}/bin/xmonad"; - }; - }; - })); - default = {}; - }; - - options.lass.xjail-bins = mkOption { - type = types.attrsOf types.path; - }; - - # implementation - config = let - scripts = mapAttrs' (name: cfg: - let - newOrExisting = pkgs.writeDash "${cfg.name}-existing" '' - DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr - if test $? -eq 0; then - echo using existing xephyr - ${sudo_} "$@" - else - echo starting new xephyr - ${xephyr_} "$@" - fi - ''; - xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" '' - ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} & - XEPHYR_PID=$! - DISPLAY=:${cfg.display} ${cfg.wm} & - WM_PID=$! - ${sudo_} "$@" - ${pkgs.coreutils}/bin/kill $WM_PID - ${pkgs.coreutils}/bin/kill $XEPHYR_PID - ''; - # TODO fix xephyr which doesn't honor resizes anymore - sudo_ = pkgs.writeDash "${cfg.name}-sudo" '' - #/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@" - ${pkgs.systemd}/bin/machinectl shell -E DISPLAY=:0 --uid=${cfg.name} .host ${cfg.script} "$@" - ''; - in nameValuePair name { - existing = newOrExisting; - xephyr = xephyr_; - sudo = sudo_; - } - ) config.lass.xjail; - in { - - users.users = mapAttrs' (_: cfg: - nameValuePair cfg.name { - uid = genid_uint31 cfg.name; - home = "/home/${cfg.name}"; - useDefaultShell = true; - createHome = true; - extraGroups = cfg.groups; - isNormalUser = true; - } - ) config.lass.xjail; - - users.groups = mapAttrs' (_: cfg: - nameValuePair cfg.name { - members = [ - cfg.name - cfg.from - ]; - } - ) config.lass.xjail; - - security.polkit.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: '' - polkit.addRule(function(action, subject) { - if ( - subject.user == "${cfg.from}" && - action.id == "org.freedesktop.machine1.host-shell" && - action.lookup("user") == "${cfg.user}" && - action.lookup("program") == "${cfg.script}" && - true - ) { - return polkit.Result.YES; - } - }); - '') config.lass.xjail)); - - lass.xjail-bins = mapAttrs' (name: cfg: - nameValuePair name (pkgs.writeScriptBin cfg.name '' - ${scripts.${name}.sudo} "$@" - '') - ) config.lass.xjail; - }; -} |