From 716fcbf2821415b787d698cb2f6d5002ffe4644a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 11:20:32 +0200 Subject: tv git: allow all users to fetch public repos --- tv/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv') diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 4bc971370..fd3875410 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -101,7 +101,7 @@ let perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional repo.public { - user = [ lass makefu ]; + user = attrValues config.krebs.users; repo = [ repo ]; perm = fetch; } ++ -- cgit v1.2.3 From 552e2cd918dbc41058ea97e7ee8001cc209582c9 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 11:24:28 +0200 Subject: tv xserver: inherit (config.krebs.build) user --- tv/2configs/xserver/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'tv') diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index c41c0a81e..7a76530be 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -1,8 +1,7 @@ { config, pkgs, ... }@args: with config.krebs.lib; let - # TODO krebs.build.user - user = config.users.users.tv; + user = config.krebs.build.user; in { environment.systemPackages = [ -- cgit v1.2.3 From a774642d29dcc3a668abf9bbe13e88ee786b5d1d Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 11:46:24 +0200 Subject: tv pkgs.cr: %@ -> $@ --- tv/5pkgs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv') diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index affb535ef..040a6ff3d 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -10,7 +10,7 @@ --ssl-version-min=tls1 \ --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \ --disk-cache-size=50000000 \ - "%@" + "$@" ''; ejabberd = pkgs.callPackage ./ejabberd { erlang = pkgs.erlangR16; -- cgit v1.2.3 From ad816aaa281094fc4fde1755de618440a5a1df28 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 11:47:46 +0200 Subject: tv pkgs.ff: drop sudo --- tv/5pkgs/default.nix | 4 +++- tv/5pkgs/ff/default.nix | 12 ------------ 2 files changed, 3 insertions(+), 13 deletions(-) delete mode 100644 tv/5pkgs/ff/default.nix (limited to 'tv') diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 040a6ff3d..0b28747d5 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -15,7 +15,9 @@ ejabberd = pkgs.callPackage ./ejabberd { erlang = pkgs.erlangR16; }; - ff = pkgs.callPackage ./ff {}; + ff = pkgs.writeDashBin "ff" '' + exec ${pkgs.firefoxWrapper}/bin/firefox "$@" + ''; gnupg = if elem config.krebs.build.host.name ["xu" "wu"] then super.gnupg21 diff --git a/tv/5pkgs/ff/default.nix b/tv/5pkgs/ff/default.nix deleted file mode 100644 index b1d2c579a..000000000 --- a/tv/5pkgs/ff/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: - -# TODO use krebs.setuid -# This requires that we can create setuid executables that can only be accessed -# by a single user. [per-user-setuid] - -# using bash for %q -pkgs.writeBashBin "ff" '' - exec /var/setuid-wrappers/sudo -u ff -i < Date: Sat, 23 Jul 2016 12:18:46 +0200 Subject: tv ssh: init --- tv/1systems/zu.nix | 32 -------------------------------- tv/2configs/default.nix | 8 +------- tv/2configs/ssh.nix | 25 +++++++++++++++++++++++++ 3 files changed, 26 insertions(+), 39 deletions(-) create mode 100644 tv/2configs/ssh.nix (limited to 'tv') diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index bfc018cc3..645c60315 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -194,36 +194,4 @@ with config.krebs.lib; # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; - -#/* -#{ host api.doraemon.sg.zalora.net | awk '{print$4" api.zalora.sg"}'; -# host bob.live.sg.zalora.net | awk '{print$4" bob.zalora.sg"}'; -# host www.live.sg.zalora.net | awk '{print$4" www.zalora.sg costa.zalora.sg"}'; } -#*/ -# networking.extraHosts = optionalString (1 == 1) '' -#54.255.133.72 api.zalora.sg -#52.77.12.194 bob.zalora.sg -#52.74.232.49 www.zalora.sg costa.zalora.sg -# ''; - - - #services.elasticsearch.enable = true; - #services.kibana.enable = true; - #services.logstash.enable = true; - - environment.etc."ssh/ssh_config".text = mkForce '' - AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} - - ${optionalString config.programs.ssh.setXAuthLocation '' - XAuthLocation ${pkgs.xorg.xauth}/bin/xauth - ''} - - ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"} - - # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) - #PubkeyAcceptedKeyTypes +ssh-dss - - ${config.programs.ssh.extraConfig} - ''; - } diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 04009f54d..8a14a2465 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -28,6 +28,7 @@ with config.krebs.lib; ./audit.nix ./backup.nix ./nginx + ./ssh.nix ./vim.nix { # stockholm dependencies @@ -140,13 +141,6 @@ with config.krebs.lib; fi ''; }; - - programs.ssh = { - extraConfig = '' - UseRoaming no - ''; - startAgent = false; - }; } { diff --git a/tv/2configs/ssh.nix b/tv/2configs/ssh.nix new file mode 100644 index 000000000..7bf583426 --- /dev/null +++ b/tv/2configs/ssh.nix @@ -0,0 +1,25 @@ +{ config, pkgs, ... }: + +with config.krebs.lib; + +{ + # Override NixOS's "Allow DSA keys for now." + environment.etc."ssh/ssh_config".text = mkForce '' + AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} + + ${optionalString config.programs.ssh.setXAuthLocation '' + XAuthLocation ${pkgs.xorg.xauth}/bin/xauth + ''} + + ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"} + + ${config.programs.ssh.extraConfig} + ''; + + programs.ssh = { + extraConfig = '' + UseRoaming no + ''; + startAgent = false; + }; +} -- cgit v1.2.3 From 5f0e7c6dd05022ac6f0ba1dd51594070a93068ba Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 12:58:03 +0200 Subject: tv x220: enableAllFirmware --- tv/1systems/alnus.nix | 1 - tv/1systems/xu.nix | 5 ----- tv/1systems/zu.nix | 5 ----- tv/2configs/hw/x220.nix | 3 +++ 4 files changed, 3 insertions(+), 11 deletions(-) (limited to 'tv') diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus.nix index 360390c09..a9646b588 100644 --- a/tv/1systems/alnus.nix +++ b/tv/1systems/alnus.nix @@ -53,7 +53,6 @@ with config.krebs.lib; }; hardware = { - enableAllFirmware = true; opengl.driSupport32Bit = true; pulseaudio.enable = true; }; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index b832470d0..fec0a02c5 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -155,11 +155,6 @@ with config.krebs.lib; nixpkgs.config.chromium.enablePepperFlash = true; - #hardware.bumblebee.enable = true; - #hardware.bumblebee.group = "video"; - hardware.enableAllFirmware = true; - #hardware.opengl.driSupport32Bit = true; - environment.systemPackages = with pkgs; [ ethtool tinc_pre diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 645c60315..c0d51436a 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -161,11 +161,6 @@ with config.krebs.lib; nixpkgs.config.chromium.enablePepperFlash = true; - #hardware.bumblebee.enable = true; - #hardware.bumblebee.group = "video"; - hardware.enableAllFirmware = true; - #hardware.opengl.driSupport32Bit = true; - environment.systemPackages = with pkgs; [ ethtool tinc_pre diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 9b3dd122a..c5a3485a2 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -10,6 +10,9 @@ networking.wireless.enable = true; + # Required for Centrino. + hardware.enableAllFirmware = true; + hardware.trackpoint = { enable = true; sensitivity = 220; -- cgit v1.2.3 From ce32d546deb0bab0fc664d65abe458fee34a5123 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:11:33 +0200 Subject: tv bash: init --- tv/2configs/bash.nix | 37 +++++++++++++++++++++++++++++++++++++ tv/2configs/default.nix | 37 +------------------------------------ 2 files changed, 38 insertions(+), 36 deletions(-) create mode 100644 tv/2configs/bash.nix (limited to 'tv') diff --git a/tv/2configs/bash.nix b/tv/2configs/bash.nix new file mode 100644 index 000000000..fe87aa8d7 --- /dev/null +++ b/tv/2configs/bash.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +{ + programs.bash = { + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; + promptInit = '' + case $UID in + 0) + PS1='\[\e[1;31m\]\w\[\e[0m\] ' + ;; + ${toString config.krebs.build.user.uid}) + PS1='\[\e[1;32m\]\w\[\e[0m\] ' + ;; + *) + PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' + ;; + esac + if test -n "$SSH_CLIENT"; then + PS1='\[\e[35m\]\h'" $PS1" + fi + if test -n "$SSH_AGENT_PID"; then + PS1="ssh-agent[$SSH_AGENT_PID] $PS1" + fi + ''; + }; +} diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 8a14a2465..c77c9cea9 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -27,6 +27,7 @@ with config.krebs.lib; ./audit.nix ./backup.nix + ./bash.nix ./nginx ./ssh.nix ./vim.nix @@ -105,42 +106,6 @@ with config.krebs.lib; environment.variables = { NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; }; - - programs.bash = { - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - - ${readFile ./bash_completion.sh} - - # TODO source bridge - ''; - promptInit = '' - case $UID in - 0) - PS1='\[\e[1;31m\]\w\[\e[0m\] ' - ;; - ${toString config.krebs.users.tv.uid}) - PS1='\[\e[1;32m\]\w\[\e[0m\] ' - ;; - *) - PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' - ;; - esac - if test -n "$SSH_CLIENT"; then - PS1='\[\e[35m\]\h'" $PS1" - fi - if test -n "$SSH_AGENT_PID"; then - PS1="ssh-agent[$SSH_AGENT_PID] $PS1" - fi - ''; - }; } { -- cgit v1.2.3 From 268303de888591f4b98dc610f89707cd3cfe3ef7 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:11:50 +0200 Subject: tv sshd: init --- tv/2configs/default.nix | 11 +---------- tv/2configs/sshd.nix | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 10 deletions(-) create mode 100644 tv/2configs/sshd.nix (limited to 'tv') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index c77c9cea9..7992c90cb 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -30,6 +30,7 @@ with config.krebs.lib; ./bash.nix ./nginx ./ssh.nix + ./sshd.nix ./vim.nix { # stockholm dependencies @@ -135,16 +136,6 @@ with config.krebs.lib; ''; } - { - services.openssh = { - enable = true; - hostKeys = [ - { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - tv.iptables.input-internet-accept-tcp = singleton "ssh"; - } - { environment.systemPackages = [ pkgs.get diff --git a/tv/2configs/sshd.nix b/tv/2configs/sshd.nix new file mode 100644 index 000000000..943f32fe9 --- /dev/null +++ b/tv/2configs/sshd.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +{ + services.openssh = { + enable = true; + hostKeys = [ + { + type = "ed25519"; + path = "/etc/ssh/ssh_host_ed25519_key"; + } + ]; + }; + tv.iptables.input-internet-accept-tcp = singleton "ssh"; +} -- cgit v1.2.3 From b6dfed56ddb161907988e0bcbc923de0c5b226dd Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:19:44 +0200 Subject: tv xdg: init --- tv/2configs/default.nix | 11 +---------- tv/2configs/xdg.nix | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 10 deletions(-) create mode 100644 tv/2configs/xdg.nix (limited to 'tv') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 7992c90cb..0e463212e 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -32,6 +32,7 @@ with config.krebs.lib; ./ssh.nix ./sshd.nix ./vim.nix + ./xdg.nix { # stockholm dependencies environment.systemPackages = with pkgs; [ @@ -144,15 +145,5 @@ with config.krebs.lib; pkgs.push ]; } - - { - systemd.tmpfiles.rules = let - forUsers = flip map users; - isUser = { name, group, ... }: - name == "root" || hasSuffix "users" group; - users = filter isUser (mapAttrsToList (_: id) config.users.users); - in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -"); - environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME"; - } ]; } diff --git a/tv/2configs/xdg.nix b/tv/2configs/xdg.nix new file mode 100644 index 000000000..f05ec5431 --- /dev/null +++ b/tv/2configs/xdg.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +{ + environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME"; + + systemd.tmpfiles.rules = let + forUsers = flip map users; + isUser = { name, group, ... }: + name == "root" || hasSuffix "users" group; + users = filter isUser (mapAttrsToList (_: id) config.users.users); + in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -"); +} -- cgit v1.2.3 From ccb34ca338bec3219c0d25e1a5518548ce7ec898 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:29:39 +0200 Subject: mv: reinit --- tv/2configs/exim-smarthost.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv') diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 351b54da1..cade6fa7b 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -20,7 +20,7 @@ with config.krebs.lib; ]; internet-aliases = with config.krebs.users; [ { from = "postmaster@viljetic.de"; to = tv.mail; } # RFC 822 - { from = "mirko@viljetic.de"; to = mv.mail; } + { from = "mirko@viljetic.de"; to = mv-cd.mail; } { from = "tomislav@viljetic.de"; to = tv.mail; } { from = "tv@destroy.dyn.shackspace.de"; to = tv.mail; } { from = "tv@viljetic.de"; to = tv.mail; } -- cgit v1.2.3 From 20142392d8f2dbf95c5629b588d3cf1d94be791c Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:41:06 +0200 Subject: tv pkgs: with lib --- tv/5pkgs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tv') diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 0b28747d5..baa1531ab 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,5 +1,5 @@ -{ pkgs, ... }: - +{ config, pkgs, ... }: +with config.krebs.lib; { nixpkgs.config.packageOverrides = { # TODO use XDG_RUNTIME_DIR? -- cgit v1.2.3 From 751afae363d1f5492d4a54a7b3f334499d32fb5b Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:46:36 +0200 Subject: tv pkgs: packageOverride with super This is part of 0c7a44139fba572487fe853310b6d88a6ffa21c3. --- tv/5pkgs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv') diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index baa1531ab..3590ad572 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: with config.krebs.lib; { - nixpkgs.config.packageOverrides = { + nixpkgs.config.packageOverrides = super: { # TODO use XDG_RUNTIME_DIR? cr = pkgs.writeDashBin "cr" '' set -efu -- cgit v1.2.3 From c546bc8c2dc1ec0fa120c79df3de4d977ce322ed Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 14:22:55 +0200 Subject: tv nixpkgs: 8bf31d7 -> 2568ee3 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 0e463212e..db1bfe5a2 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with config.krebs.lib; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f"; + ref = "2568ee3d73bdebd6bab6739adf8a900f3429c8e6"; }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/4d100000.lock: No such file or directory (2)