From bfad3f16b16c9d132f9af7a48ede69b3ddb6bedc Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Mon, 2 Nov 2015 10:28:56 +0100
Subject: [PATCH 01/39] krebs nix-install: softcode using target-path
---
krebs/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/default.nix b/krebs/default.nix
index 31a7f7d04..175b02050 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -178,7 +178,7 @@ let out = {
nix-path =
lib.concatStringsSep ":"
- (lib.mapAttrsToList (name: _: "${name}=/root/${name}")
+ (lib.mapAttrsToList (name: src: "${name}=${src.target-path}")
(config.krebs.build.source.dir //
config.krebs.build.source.git));
in ''
From ed86c7f44e16cd70693ca78ecdcc620fc8c66495 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Mon, 2 Nov 2015 10:17:30 +0100
Subject: [PATCH 02/39] wu: {/root => /var/src}/{nixpkgs,stockholm}
---
tv/1systems/wu.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 85fba1d8a..b12e7df93 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -12,6 +12,7 @@ with lib;
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
+ target-path = "/var/src/nixpkgs";
};
dir.secrets = {
host = config.krebs.hosts.wu;
@@ -20,6 +21,7 @@ with lib;
dir.stockholm = {
host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
+ target-path = "/var/src/stockholm";
};
};
From 62e7c137187eed2abc39b78fe7d8ddfc7606aae5 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Mon, 2 Nov 2015 13:48:40 +0100
Subject: [PATCH 03/39] krebs.init: talk about ssh.privkey.path
---
krebs/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/default.nix b/krebs/default.nix
index 175b02050..bfd6175d9 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -84,6 +84,7 @@ let out = {
cat<<EOF
# put following into config.krebs.hosts.$system:
+ ssh.privkey.path = <secrets/ssh.$key_type>;
ssh.pubkey = $(echo $pubkey | jq -R .);
EOF
'';
From 9b985720ea761aea900f18249b179dbd0345c83f Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Mon, 2 Nov 2015 13:51:03 +0100
Subject: [PATCH 04/39] nomic: fix ssh.{priv,pub}key
---
krebs/3modules/tv/default.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 4c295dffe..302d1a92c 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -158,7 +158,8 @@ with lib;
};
};
secure = true;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILn7C3LxAs9kUynENdRNgQs4qjrhNDfXzlHTpVJt6e09";
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMPMh3nHxVcPqM+LrkK7eYxNJY1ShBXOTg1vlSR45wx";
};
ok = {
nets = {
From 1ddbdddc696316986b07376a7fc5e33aaf228e89 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 5 Nov 2015 00:31:14 +0100
Subject: [PATCH 05/39] tv vim: set et ts=2 sts=2 sw=2
---
tv/2configs/vim.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 8c6c9fb45..14f086e5c 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -50,6 +50,8 @@ let
set wildmenu
set wildmode=longest,full
+ set et ts=2 sts=2 sw=2
+
filetype plugin indent on
set t_Co=256
From 8995bdd5fc7ea8ef54b4e30ceb50825ba23054ba Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 5 Nov 2015 08:27:11 +0100
Subject: [PATCH 06/39] k Zhosts gum: remove paste.krebsco.de alias
---
krebs/Zhosts/gum | 1 -
1 file changed, 1 deletion(-)
diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum
index f1eaa4eab..d43bb0d08 100644
--- a/krebs/Zhosts/gum
+++ b/krebs/Zhosts/gum
@@ -2,7 +2,6 @@ Address= 195.154.108.70
Address= 195.154.108.70 53
Subnet = 10.243.0.211
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
-Aliases = paste
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
From 31816a8e7010fab9504f2d13e786723e086d177f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 5 Nov 2015 12:13:20 +0100
Subject: [PATCH 07/39] update collectd targets
---
shared/1systems/wolf.nix | 2 +-
shared/2configs/collectd-base.nix | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 73552e705..60d1e8ce8 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -27,7 +27,7 @@ with lib;
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "e916273209560b302ab231606babf5ce1c481f08";
+ rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
};
dir.secrets = {
host = config.krebs.current.host;
diff --git a/shared/2configs/collectd-base.nix b/shared/2configs/collectd-base.nix
index b2ec40b28..3b792bf23 100644
--- a/shared/2configs/collectd-base.nix
+++ b/shared/2configs/collectd-base.nix
@@ -9,7 +9,7 @@ let
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
Import "collectd_connect_time"
<Module collectd_connect_time>
- target "heidi.retiolum:8080" "localhost" "google.com" "google.de" "omo.retiolum" "gum.retiolum" "gum.krebsco.de"
+ target "localhost:22" "google.com" "google.de" "gum.retiolum:22" "gum.krebsco.de" "heidi.shack:22" "10.42.0.1:22" "heise.de" "t-online.de"
interval 10
</Module>
</Plugin>
@@ -18,7 +18,7 @@ let
LoadPlugin write_graphite
<Plugin "write_graphite">
<Carbon>
- Host "heidi.retiolum"
+ Host "heidi.shack"
Port "2003"
Prefix "retiolum."
EscapeCharacter "_"
From 4050b21d16f9b7d0de9515526cac9a7b65993fef Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 5 Nov 2015 12:27:50 +0100
Subject: [PATCH 08/39] k 5 translate-shell: init at 0.9.0.9
---
krebs/5pkgs/translate-shell/default.nix | 43 +++++++++++++++++++++++++
1 file changed, 43 insertions(+)
create mode 100644 krebs/5pkgs/translate-shell/default.nix
diff --git a/krebs/5pkgs/translate-shell/default.nix b/krebs/5pkgs/translate-shell/default.nix
new file mode 100644
index 000000000..00ab226e5
--- /dev/null
+++ b/krebs/5pkgs/translate-shell/default.nix
@@ -0,0 +1,43 @@
+{stdenv, fetchurl,pkgs,... }:
+let
+ s =
+ rec {
+ baseName="translate-shell";
+ version="0.9.0.9";
+ name="${baseName}-${version}";
+ url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz;
+ sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34";
+ };
+ searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [
+ fribidi
+ gawk
+ bash
+ curl
+ less
+ ];
+ buildInputs = [
+ pkgs.makeWrapper
+ ];
+in
+stdenv.mkDerivation {
+ inherit (s) name version;
+ inherit buildInputs;
+ src = fetchurl {
+ inherit (s) url sha256;
+ };
+ # TODO: maybe mplayer
+ installPhase = ''
+ mkdir -p $out/bin
+ make PREFIX=$out install
+ wrapProgram $out/bin/trans --suffix PATH : "${searchpath}"
+ '';
+
+ meta = {
+ inherit (s) version;
+ description = ''translate using google api'';
+ license = stdenv.lib.licenses.free;
+ maintainers = [stdenv.lib.maintainers.makefu];
+ platforms = stdenv.lib.platforms.linux ;
+ };
+}
+
From 699822f572162e4ddcc0fa7f5690142cba1c8c5d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 5 Nov 2015 12:28:25 +0100
Subject: [PATCH 09/39] m 1 wry: use new import layout for CAC from tv
---
makefu/1systems/wry.nix | 7 +++++--
makefu/2configs/headless.nix | 4 ++--
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index c90b84451..90710c857 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -8,7 +8,8 @@ let
in {
imports = [
# TODO: copy this config or move to krebs
- ../../tv/2configs/CAC-CentOS-7-64bit.nix
+ ../../tv/2configs/hw/CAC.nix
+ ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/unstable-sources.nix
../2configs/headless.nix
@@ -23,6 +24,8 @@ in {
# other nginx
../2configs/nginx/euer.wiki.nix
+ ../2configs/nginx/euer.blog.nix
+
# collectd
../2configs/collectd/collectd-base.nix
];
@@ -71,5 +74,5 @@ in {
nameservers = [ "8.8.8.8" ];
};
-
+ environment.systemPackages = [ pkgs.translate-shell ];
}
diff --git a/makefu/2configs/headless.nix b/makefu/2configs/headless.nix
index 33847c5e1..772ca3771 100644
--- a/makefu/2configs/headless.nix
+++ b/makefu/2configs/headless.nix
@@ -1,4 +1,4 @@
-_:
+{lib,... }:
{
- sound.enable = false;
+ sound.enable = lib.mkForce false;
}
From f02a96efb22d10b529483a7e14301cd46b58a40d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 5 Nov 2015 12:31:09 +0100
Subject: [PATCH 10/39] m 2 nginx/euer*: prepare folders if they do not exist
---
makefu/2configs/nginx/euer.blog.nix | 34 +++++++++++++++++++++++++----
makefu/2configs/nginx/euer.wiki.nix | 13 ++++++-----
2 files changed, 38 insertions(+), 9 deletions(-)
diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix
index e97050ec4..c6724c617 100644
--- a/makefu/2configs/nginx/euer.blog.nix
+++ b/makefu/2configs/nginx/euer.blog.nix
@@ -5,14 +5,40 @@ let
sec = toString <secrets>;
ssl_cert = "${sec}/wildcard.krebsco.de.crt";
ssl_key = "${sec}/wildcard.krebsco.de.key";
- hostname = krebs.build.host.name;
+ hostname = config.krebs.build.host.name;
+ user = config.services.nginx.user;
+ group = config.services.nginx.group;
+ external-ip = head config.krebs.build.host.nets.internet.addrs4;
+ internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+ base-dir = "/var/www/blog.euer";
in {
+ # Prepare Blog directory
+ systemd.services.prepare-euer-blog = {
+ wantedBy = [ "local-fs.target" ];
+ before = [ "nginx.service" ];
+ serviceConfig = {
+ # do nothing if the base dir already exists
+ ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
+ #!/bin/sh
+ if ! test -d "${base-dir}" ;then
+ mkdir -p "${base-dir}"
+ chown ${user}:${group} "${base-dir}"
+ chmod 700 "${base-dir}"
+ fi
+ '';
+ Type = "oneshot";
+ RemainAfterExit = "yes";
+ TimeoutSec = "0";
+ };
+ };
+
krebs.nginx = {
enable = mkDefault true;
servers = {
euer-blog = {
- listen = [ "80" "443 ssl" ];
- server-names = [ "euer.krebsco.de" "euer.blog.krebsco.de" "blog.${hostname}" ];
+ listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
+ "${internal-ip}:80" "${internal-ip}:443 ssl" ];
+ server-names = [ "euer.krebsco.de" "blog.euer.krebsco.de" "blog.${hostname}" ];
extraConfig = ''
gzip on;
gzip_buffers 4 32k;
@@ -22,7 +48,7 @@ in {
default_type text/plain;
'';
locations = singleton (nameValuePair "/" ''
- root /var/www/euer.blog/;
+ root ${base-dir};
'');
};
};
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index fbcfe2047..2b5fa6ead 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -51,18 +51,21 @@ in {
serviceConfig = {
ExecStart = pkgs.writeScript "prepare-tw-service" ''
#!/bin/sh
- mkdir -p "${wiki-dir}" "${backup-dir}"
+ if ! test -d "${base-dir}" ;then
+ mkdir -p "${wiki-dir}" "${backup-dir}"
- # write the base configuration
- cat > "${base-cfg}" <<EOF
+ # write the base configuration
+ cat > "${base-cfg}" <<EOF
[users]
$(cat "${tw-pass-file}")
[directories]
backupdir = ${backup-dir}
savedir = ${wiki-dir}
EOF
- chown -R ${user}:${group} "${base-dir}"
- chmod 700 -R "${base-dir}"
+
+ chown -R ${user}:${group} "${base-dir}"
+ chmod 700 -R "${base-dir}"
+ fi
'';
Type = "oneshot";
RemainAfterExit = "yes";
From 2e785e6be5516a7df34ce999a8cd03a3e608bd5f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 5 Nov 2015 12:31:54 +0100
Subject: [PATCH 11/39] k 3 makefu: wry handles blog and wiki
---
krebs/3modules/makefu/default.nix | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 2d33b9275..194676265 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -164,6 +164,7 @@ with lib;
dc = "makefu"; #dc = "cac";
extraZones = {
"krebsco.de" = ''
+ euer IN A ${head nets.internet.addrs4}
wiki.euer IN A ${head nets.internet.addrs4}
wry IN A ${head nets.internet.addrs4}
io IN NS wry.krebsco.de.
@@ -191,6 +192,9 @@ with lib;
"paste.retiolum"
"wry.retiolum"
"wiki.makefu.retiolum"
+ "wiki.wry.retiolum"
+ "blog.makefu.retiolum"
+ "blog.wry.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -216,7 +220,6 @@ with lib;
extraZones = {
"krebsco.de" = ''
- euer IN A ${head nets.internet.addrs4}
share.euer IN A ${head nets.internet.addrs4}
gum IN A ${head nets.internet.addrs4}
'';
From 77e36a7a196e378881150b01c370c35625f08946 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 5 Nov 2015 16:13:10 +0100
Subject: [PATCH 12/39] krebs 5 krebspaste: initial commit
---
krebs/5pkgs/bepasty-client-cli/default.nix | 22 ++++++++++++++++++++++
krebs/5pkgs/krebspaste/default.nix | 9 +++++++++
2 files changed, 31 insertions(+)
create mode 100644 krebs/5pkgs/bepasty-client-cli/default.nix
create mode 100644 krebs/5pkgs/krebspaste/default.nix
diff --git a/krebs/5pkgs/bepasty-client-cli/default.nix b/krebs/5pkgs/bepasty-client-cli/default.nix
new file mode 100644
index 000000000..990f99af6
--- /dev/null
+++ b/krebs/5pkgs/bepasty-client-cli/default.nix
@@ -0,0 +1,22 @@
+{ lib, pkgs, pythonPackages, fetchurl, ... }:
+
+with pythonPackages; buildPythonPackage rec {
+ name = "bepasty-client-cli-${version}";
+ version = "0.3.0";
+ propagatedBuildInputs = [
+ python_magic
+ click
+ requests2
+ ];
+
+ src = fetchurl {
+ url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz";
+ sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw";
+ };
+
+ meta = {
+ homepage = https://github.com/bepasty/bepasty-client-cli;
+ description = "CLI client for bepasty-server";
+ license = lib.licenses.bsd2;
+ };
+}
diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix
new file mode 100644
index 000000000..13920ad08
--- /dev/null
+++ b/krebs/5pkgs/krebspaste/default.nix
@@ -0,0 +1,9 @@
+{ writeScriptBin, pkgs }:
+
+# TODO: add krebs CA to toolchain, remove --insecure
+# TODO: use `wrapProgram --add-flags` instead?
+
+writeScriptBin "krebspaste" ''
+ #! /bin/sh
+ exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --insecure --url http://paste.retiolum "$@"
+''
From 12597b1febb0bc47cf98529a12e5fc6af1d8f5a4 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 5 Nov 2015 16:21:09 +0100
Subject: [PATCH 13/39] k 5 krebspaste: resolve TODO, retiolum is always secure
---
krebs/5pkgs/krebspaste/default.nix | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix
index 13920ad08..fb318af83 100644
--- a/krebs/5pkgs/krebspaste/default.nix
+++ b/krebs/5pkgs/krebspaste/default.nix
@@ -1,9 +1,7 @@
{ writeScriptBin, pkgs }:
-# TODO: add krebs CA to toolchain, remove --insecure
# TODO: use `wrapProgram --add-flags` instead?
-
writeScriptBin "krebspaste" ''
#! /bin/sh
- exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --insecure --url http://paste.retiolum "$@"
+ exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
''
From 5ec7cd4ad5ce3f40ca13b5b92d258b84409cd43b Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Fri, 6 Nov 2015 10:47:18 +0100
Subject: [PATCH 14/39] tv vim: isk, INTs, and comments
---
tv/2configs/vim.nix | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 14f086e5c..295c78aff 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -66,9 +66,10 @@ let
au BufRead,BufNewFile *.nix so ${pkgs.writeText "nix.vim" ''
setf nix
+ set isk=@,48-57,_,192-255,-,'
" Ref <nix/src/libexpr/lexer.l>
- syn match INT /[0-9]\+/
+ syn match INT /\<[0-9]\+\>/
syn match PATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match HPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match SPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
@@ -80,7 +81,7 @@ let
hi link URI Constant
syn match String /"\([^"]\|\\\"\)*"/
- syn match Comment /\s#.*/
+ syn match Comment /\(^\|\s\)#.*/
''}
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
From e8ad43c082e54151517c45c4825e31354803e4c8 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 6 Nov 2015 10:59:40 +0100
Subject: [PATCH 15/39] k 4 makefu: add filepimp
---
krebs/3modules/makefu/default.nix | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 2d33b9275..a9279b027 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -210,6 +210,30 @@ with lib;
};
};
};
+ filepimp = rec {
+ cores = 1;
+ dc = "makefu"; #nas
+
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.153.102"];
+ addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"];
+ aliases = [
+ "filepimp.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
+ BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
+ i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
+ 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
+ u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
+ OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
gum = rec {
cores = 1;
dc = "online.net"; #root-server
From 2dcb2918d1cd159d9282096ef3b5cecc4239bfbc Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 6 Nov 2015 11:01:49 +0100
Subject: [PATCH 16/39] m 1,2: refactor, remove overhead for fs/hw, add
filepimp
---
makefu/1systems/filepimp.nix | 41 ++++++++++++++++++++
makefu/1systems/pnp.nix | 2 +
makefu/1systems/repunit.nix | 15 +------
makefu/2configs/fs/cac-boot-partition.nix | 2 -
makefu/2configs/fs/sda-crypto-root.nix | 4 +-
makefu/2configs/fs/single-partition-ext4.nix | 10 +++++
makefu/2configs/fs/vm-single-partition.nix | 15 ++-----
makefu/2configs/hw/tp-x2x0.nix | 2 +
8 files changed, 61 insertions(+), 30 deletions(-)
create mode 100644 makefu/1systems/filepimp.nix
create mode 100644 makefu/2configs/fs/single-partition-ext4.nix
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
new file mode 100644
index 000000000..fabecec83
--- /dev/null
+++ b/makefu/1systems/filepimp.nix
@@ -0,0 +1,41 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/base.nix
+ ../2configs/fs/vm-single-partition.nix
+ ../2configs/fs/single-partition-ext4.nix
+ ../2configs/tinc-basic-retiolum.nix
+ ../2configs/base-sources.nix
+ ];
+ krebs.build.host = config.krebs.hosts.filepimp;
+ krebs.build.user = config.krebs.users.makefu;
+ krebs.build.target = "root@filepimp";
+
+ # AMD N54L
+ boot = {
+ loader.grub.device = "/dev/sda";
+
+ initrd.availableKernelModules = [
+ "usb_storage"
+ "ahci"
+ "xhci_hcd"
+ "ata_piix"
+ "uhci_hcd"
+ "ehci_pci"
+ ];
+
+ kernelModules = [ ];
+ extraModulePackages = [ ];
+ };
+
+ hardware.enableAllFirmware = true;
+ hardware.cpu.amd.updateMicrocode = true;
+
+ networking.firewall.allowPing = true;
+}
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 9c7be3b79..27c5ff2e1 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -14,6 +14,8 @@
../2configs/headless.nix
# HW/FS
+
+ # enables virtio kernel modules in initrd
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/fs/vm-single-partition.nix
diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix
index d98ff17c1..2e132f308 100644
--- a/makefu/1systems/repunit.nix
+++ b/makefu/1systems/repunit.nix
@@ -9,26 +9,13 @@
[ # Include the results of the hardware scan.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/base.nix
+ ../2configs/base-sources.nix
../2configs/cgit-retiolum.nix
];
krebs.build.host = config.krebs.hosts.repunit;
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@repunit";
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- #url = https://github.com/makefu/nixpkgs;
- rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
- };
- secrets = {
- url = "/home/makefu/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
- };
-
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
diff --git a/makefu/2configs/fs/cac-boot-partition.nix b/makefu/2configs/fs/cac-boot-partition.nix
index fdf4b89d8..cec004582 100644
--- a/makefu/2configs/fs/cac-boot-partition.nix
+++ b/makefu/2configs/fs/cac-boot-partition.nix
@@ -18,6 +18,4 @@ with lib;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
- hardware.cpu.amd.updateMicrocode = true;
-
}
diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix
index 54db87547..2bfe26960 100644
--- a/makefu/2configs/fs/sda-crypto-root.nix
+++ b/makefu/2configs/fs/sda-crypto-root.nix
@@ -6,8 +6,8 @@
with lib;
{
boot = {
- loader.grub.enable =true;
- loader.grub.version =2;
+ loader.grub.enable = true;
+ loader.grub.version = 2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
diff --git a/makefu/2configs/fs/single-partition-ext4.nix b/makefu/2configs/fs/single-partition-ext4.nix
new file mode 100644
index 000000000..1970c949f
--- /dev/null
+++ b/makefu/2configs/fs/single-partition-ext4.nix
@@ -0,0 +1,10 @@
+{config, ...}:
+{
+ boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true;
+ boot.loader.grub.version = 2;
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/nixos";
+ fsType = "ext4";
+ };
+}
diff --git a/makefu/2configs/fs/vm-single-partition.nix b/makefu/2configs/fs/vm-single-partition.nix
index 78a5e7175..27e28cb68 100644
--- a/makefu/2configs/fs/vm-single-partition.nix
+++ b/makefu/2configs/fs/vm-single-partition.nix
@@ -3,18 +3,9 @@
# vda1 ext4 (label nixos) -> only root partition
with lib;
{
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
+ imports = [
+ ./single-partition-ext4.nix
+ ];
boot.loader.grub.device = "/dev/vda";
- fileSystems."/" = {
- device = "/dev/disk/by-label/nixos";
- fsType = "ext4";
- };
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
- hardware.cpu.amd.updateMicrocode = true;
-
-
}
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index aa2fc2050..047895ce6 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -8,6 +8,8 @@ with lib;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
+ hardware.cpu.intel.updateMicrocode = true;
+
zramSwap.enable = true;
zramSwap.numDevices = 2;
From a2a3838e41db2260e84e377c158482309b9d0123 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Fri, 6 Nov 2015 12:04:34 +0100
Subject: [PATCH 17/39] tv vim: match strings harder!
---
tv/2configs/vim.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 295c78aff..04b1480c1 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -80,7 +80,7 @@ let
hi link SPATH Constant
hi link URI Constant
- syn match String /"\([^"]\|\\\"\)*"/
+ syn match String /"\([^\\"]\|\\.\)*"/
syn match Comment /\(^\|\s\)#.*/
''}
From 4f12837d0934ef1cc376669b2d00d6a821f662e2 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Fri, 6 Nov 2015 19:35:05 +0100
Subject: [PATCH 18/39] tv base: RIP old vim
---
tv/2configs/base.nix | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/tv/2configs/base.nix b/tv/2configs/base.nix
index 41159690d..a74ce3297 100644
--- a/tv/2configs/base.nix
+++ b/tv/2configs/base.nix
@@ -68,22 +68,6 @@ with lib;
nix.useChroot = true;
}
- {
- # oldvim
- environment.systemPackages = with pkgs; [
- vim
- ];
-
- environment.etc."vim/vimrc".text = ''
- set nocp
- '';
-
- environment.etc."vim/vim${majmin pkgs.vim.version}".source =
- "${pkgs.vim}/share/vim/vim${majmin pkgs.vim.version}";
-
- environment.variables.EDITOR = mkForce "vim";
- environment.variables.VIM = "/etc/vim";
- }
{
environment.systemPackages = with pkgs; [
rxvt_unicode.terminfo
From f58d024f48604be48f5fe117196fc68fffc020e9 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Fri, 6 Nov 2015 19:45:50 +0100
Subject: [PATCH 19/39] tv: add users.tv_{wu,nomic}.pubkey
---
krebs/3modules/tv/default.nix | 14 +++++++++++---
krebs/Zpubkeys/tv_wu.ssh.pub | 1 -
2 files changed, 11 insertions(+), 4 deletions(-)
delete mode 100644 krebs/Zpubkeys/tv_wu.ssh.pub
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 302d1a92c..6c943de8f 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -280,14 +280,22 @@ with lib;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw";
};
};
- users = addNames {
+ users = addNames rec {
mv = {
mail = "mv@cd.retiolum";
- pubkey = readFile ../../Zpubkeys/mv_vod.ssh.pub;
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
};
tv = {
mail = "tv@wu.retiolum";
- pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
+ };
+ tv_nomic = {
+ inherit (tv) mail;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2";
+ };
+ tv_xu = {
+ inherit (tv) mail;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
};
};
}
diff --git a/krebs/Zpubkeys/tv_wu.ssh.pub b/krebs/Zpubkeys/tv_wu.ssh.pub
deleted file mode 100644
index b6e2634e8..000000000
--- a/krebs/Zpubkeys/tv_wu.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu
From b54f00c6954a0b44abb52289332c748f95d796d3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 6 Nov 2015 21:29:49 +0100
Subject: [PATCH 20/39] tv modules: add per-user
---
tv/3modules/default.nix | 1 +
tv/3modules/per-user.nix | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 36 insertions(+)
create mode 100644 tv/3modules/per-user.nix
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index bb10d8261..3a75d6e43 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -5,5 +5,6 @@ _:
./consul.nix
./ejabberd.nix
./iptables.nix
+ ./per-user.nix
];
}
diff --git a/tv/3modules/per-user.nix b/tv/3modules/per-user.nix
new file mode 100644
index 000000000..8d21a01d9
--- /dev/null
+++ b/tv/3modules/per-user.nix
@@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.tv.per-user;
+
+ out = {
+ options.tv.per-user = api;
+ config = imp;
+ };
+
+ api = mkOption {
+ type = with types; attrsOf (submodule {
+ options = {
+ packages = mkOption {
+ type = listOf path;
+ default = [];
+ };
+ };
+ });
+ default = {};
+ };
+
+ imp = {
+ environment = {
+ etc = flip mapAttrs' cfg (name: { packages, ... }: {
+ name = "per-user/${name}";
+ value.source = pkgs.symlinkJoin "per-user.${name}" packages;
+ });
+ profiles = ["/etc/per-user/$LOGNAME"];
+ };
+ };
+
+in out
From a0c068d6ec5d1cc6b1c58fe9af379b638a346220 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 6 Nov 2015 21:37:58 +0100
Subject: [PATCH 21/39] {tv => krebs} per-user
---
krebs/3modules/default.nix | 1 +
{tv => krebs}/3modules/per-user.nix | 4 ++--
tv/3modules/default.nix | 1 -
3 files changed, 3 insertions(+), 3 deletions(-)
rename {tv => krebs}/3modules/per-user.nix (89%)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 2b5fc478c..438836f52 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -15,6 +15,7 @@ let
./git.nix
./iptables.nix
./nginx.nix
+ ./per-user.nix
./Reaktor.nix
./retiolum-bootstrap.nix
./realwallpaper.nix
diff --git a/tv/3modules/per-user.nix b/krebs/3modules/per-user.nix
similarity index 89%
rename from tv/3modules/per-user.nix
rename to krebs/3modules/per-user.nix
index 8d21a01d9..ee213deda 100644
--- a/tv/3modules/per-user.nix
+++ b/krebs/3modules/per-user.nix
@@ -3,10 +3,10 @@
with lib;
let
- cfg = config.tv.per-user;
+ cfg = config.krebs.per-user;
out = {
- options.tv.per-user = api;
+ options.krebs.per-user = api;
config = imp;
};
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index 3a75d6e43..bb10d8261 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -5,6 +5,5 @@ _:
./consul.nix
./ejabberd.nix
./iptables.nix
- ./per-user.nix
];
}
From bad79f7f1270c01343b3c308f5a2cf390dac014c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 6 Nov 2015 21:53:21 +0100
Subject: [PATCH 22/39] tv: init user z
---
tv/1systems/wu.nix | 11 +--------
tv/1systems/xu.nix | 11 +--------
tv/2configs/base.nix | 3 +++
tv/2configs/xserver/default.nix | 8 -------
tv/2configs/z.nix | 40 +++++++++++++++++++++++++++++++++
5 files changed, 45 insertions(+), 28 deletions(-)
create mode 100644 tv/2configs/z.nix
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index b12e7df93..fe6a5f303 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -32,6 +32,7 @@ with lib;
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver
+ ../2configs/z.nix
{
environment.systemPackages = with pkgs; [
@@ -287,16 +288,6 @@ with lib;
onion = {
uid = 6660010;
};
-
- zalora = {
- uid = 1000301;
- extraGroups = [
- "audio"
- # TODO remove vboxusers when hardening is active
- "vboxusers"
- "video"
- ];
- };
};
security.sudo.extraConfig =
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index e2cc2c06a..eb8c7c784 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -30,6 +30,7 @@ with lib;
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver
+ ../2configs/z.nix
{
environment.systemPackages = with pkgs; [
@@ -286,16 +287,6 @@ with lib;
onion = {
uid = 6660010;
};
-
- zalora = {
- uid = 1000301;
- extraGroups = [
- "audio"
- # TODO remove vboxusers when hardening is active
- "vboxusers"
- "video"
- ];
- };
};
security.sudo.extraConfig =
diff --git a/tv/2configs/base.nix b/tv/2configs/base.nix
index a74ce3297..4beece5ef 100644
--- a/tv/2configs/base.nix
+++ b/tv/2configs/base.nix
@@ -22,6 +22,9 @@ with lib;
mapAttrs (_: h: { hashedPassword = h; })
(import <secrets/hashedPasswords.nix>);
}
+ {
+ users.groups.subusers.gid = 1093178926; # genid subusers
+ }
{
users.defaultUserShell = "/run/current-system/sw/bin/bash";
users.mutableUsers = false;
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 4d2fe9e45..df00203be 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -70,14 +70,6 @@ let
ExecStart = "${xserver}/bin/xserver";
};
};
-
- programs.bash.interactiveShellInit = ''
- case ''${XMONAD_SPAWN_WORKSPACE-} in
- za|zh|zj|zs)
- exec sudo -u zalora -i
- ;;
- esac
- '';
};
xmonad-environment = {
diff --git a/tv/2configs/z.nix b/tv/2configs/z.nix
new file mode 100644
index 000000000..e5494ecc9
--- /dev/null
+++ b/tv/2configs/z.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ krebs.per-user.z.packages = [
+ (pkgs.writeScriptBin "cr" ''
+ #! /bin/sh
+ set -efu
+ export LC_TIME=de_DE.utf8
+ exec ${pkgs.chromium}/bin/chromium \
+ --ssl-version-min=tls1 \
+ --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
+ --disk-cache-size=50000000 \
+ "%@"
+ '')
+ ];
+
+ programs.bash.interactiveShellInit = ''
+ case ''${XMONAD_SPAWN_WORKSPACE-} in
+ za|zh|zj|zs)
+ exec sudo -u z -i
+ ;;
+ esac
+ '';
+
+ security.sudo.extraConfig = "tv ALL=(z) NOPASSWD: ALL";
+
+ users.users.z = {
+ extraGroups = [
+ "audio"
+ "vboxusers"
+ "video"
+ ];
+ group = "subusers";
+ home = "/home/z";
+ uid = 3043726074; # genid z
+ useDefaultShell = true;
+ };
+}
From 3c75c59794d6b67c34d9a8857ca3fb64c649507c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 6 Nov 2015 21:54:53 +0100
Subject: [PATCH 23/39] tv: set environment.profileRelativeEnvVars.PATH
---
tv/2configs/base.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tv/2configs/base.nix b/tv/2configs/base.nix
index 4beece5ef..38cc1eefe 100644
--- a/tv/2configs/base.nix
+++ b/tv/2configs/base.nix
@@ -72,6 +72,8 @@ with lib;
nix.useChroot = true;
}
{
+ environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
+
environment.systemPackages = with pkgs; [
rxvt_unicode.terminfo
];
From 28fad6e2fc3aa45a9d1b5fad8810bbc7c78a5dc6 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 6 Nov 2015 21:55:08 +0100
Subject: [PATCH 24/39] tv base: drop redundant with builtins
---
tv/2configs/base.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/tv/2configs/base.nix b/tv/2configs/base.nix
index 38cc1eefe..b74b721cb 100644
--- a/tv/2configs/base.nix
+++ b/tv/2configs/base.nix
@@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
-with builtins;
with lib;
{
From 0bf6e55f77cffb4ca65c6926eea7bc77140574a5 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 6 Nov 2015 21:55:38 +0100
Subject: [PATCH 25/39] tv base: tv@xu can root
---
tv/2configs/base.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/tv/2configs/base.nix b/tv/2configs/base.nix
index b74b721cb..d3f4eed0d 100644
--- a/tv/2configs/base.nix
+++ b/tv/2configs/base.nix
@@ -33,6 +33,7 @@ with lib;
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
+ config.krebs.users.tv_xu.pubkey
];
};
tv = {
From f559b19bec61730c537cdd76233304e66c3f497a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 6 Nov 2015 22:05:36 +0100
Subject: [PATCH 26/39] stockholm: import default user config
---
default.nix | 5 ++++-
tv/1systems/cd.nix | 1 -
tv/1systems/mkdir.nix | 1 -
tv/1systems/nomic.nix | 1 -
tv/1systems/rmdir.nix | 1 -
tv/1systems/wu.nix | 1 -
tv/1systems/xu.nix | 1 -
tv/2configs/{base.nix => default.nix} | 0
8 files changed, 4 insertions(+), 7 deletions(-)
rename tv/2configs/{base.nix => default.nix} (100%)
diff --git a/default.nix b/default.nix
index 472d7597d..ac748c286 100644
--- a/default.nix
+++ b/default.nix
@@ -32,7 +32,10 @@ let stockholm = {
upath = lib.nspath current-user-name;
base-module = { config, ... }: {
- imports = map (f: f "3modules") [ kpath upath ];
+ imports = builtins.filter builtins.pathExists (lib.concatLists [
+ (map (f: f "2configs") [ upath ])
+ (map (f: f "3modules") [ kpath upath ])
+ ]);
krebs.current.enable = true;
krebs.current.host = config.krebs.hosts.${current-host-name};
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 1122e6a19..3f496fefb 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -26,7 +26,6 @@ with lib;
imports = [
../2configs/hw/CAC-Developer-2.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
#../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix
diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix
index e8e354197..64896daf4 100644
--- a/tv/1systems/mkdir.nix
+++ b/tv/1systems/mkdir.nix
@@ -39,7 +39,6 @@ in
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index df45b8177..495c765f3 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -25,7 +25,6 @@ with lib;
imports = [
../2configs/hw/AO753.nix
- ../2configs/base.nix
#../2configs/consul-server.nix
../2configs/git.nix
{
diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix
index e24ef64fc..62340b88c 100644
--- a/tv/1systems/rmdir.nix
+++ b/tv/1systems/rmdir.nix
@@ -39,7 +39,6 @@ in
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index fe6a5f303..8f714ec6b 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -27,7 +27,6 @@ with lib;
imports = [
../2configs/hw/w110er.nix
- ../2configs/base.nix
#../2configs/consul-client.nix
../2configs/git.nix
../2configs/mail-client.nix
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index eb8c7c784..6f673ce9c 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -25,7 +25,6 @@ with lib;
imports = [
../2configs/hw/x220.nix
- ../2configs/base.nix
#../2configs/consul-client.nix
../2configs/git.nix
../2configs/mail-client.nix
diff --git a/tv/2configs/base.nix b/tv/2configs/default.nix
similarity index 100%
rename from tv/2configs/base.nix
rename to tv/2configs/default.nix
From 4d93a8215f08cbea0bbcb8c668f2bbc9600016da Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 6 Nov 2015 22:16:59 +0100
Subject: [PATCH 27/39] krebs.build.source.dir.host defaults to current.host
---
krebs/3modules/build.nix | 5 ++++-
tv/1systems/cd.nix | 2 --
tv/1systems/mkdir.nix | 2 --
tv/1systems/nomic.nix | 2 --
tv/1systems/rmdir.nix | 2 --
tv/1systems/wu.nix | 2 --
tv/1systems/xu.nix | 2 --
7 files changed, 4 insertions(+), 13 deletions(-)
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 1205e192b..7f004cd81 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -29,10 +29,13 @@ let
};
options.krebs.build.source.dir = mkOption {
- type = types.attrsOf (types.submodule ({ config, ... }: {
+ type = let
+ default-host = config.krebs.current.host;
+ in types.attrsOf (types.submodule ({ config, ... }: {
options = {
host = mkOption {
type = types.host;
+ default = default-host;
};
path = mkOption {
type = types.str;
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 3f496fefb..126c6feb5 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -14,11 +14,9 @@ with lib;
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
};
dir.secrets = {
- host = config.krebs.hosts.wu;
path = "/home/tv/secrets/cd";
};
dir.stockholm = {
- host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix
index 64896daf4..55d83f8f3 100644
--- a/tv/1systems/mkdir.nix
+++ b/tv/1systems/mkdir.nix
@@ -27,11 +27,9 @@ in
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
};
dir.secrets = {
- host = config.krebs.hosts.wu;
path = "/home/tv/secrets/mkdir";
};
dir.stockholm = {
- host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 495c765f3..c2bb4dc78 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -14,11 +14,9 @@ with lib;
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
};
dir.secrets = {
- host = config.krebs.hosts.wu;
path = "/home/tv/secrets/nomic";
};
dir.stockholm = {
- host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix
index 62340b88c..53f14d7df 100644
--- a/tv/1systems/rmdir.nix
+++ b/tv/1systems/rmdir.nix
@@ -27,11 +27,9 @@ in
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
};
dir.secrets = {
- host = config.krebs.hosts.wu;
path = "/home/tv/secrets/rmdir";
};
dir.stockholm = {
- host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 8f714ec6b..33292c608 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -15,11 +15,9 @@ with lib;
target-path = "/var/src/nixpkgs";
};
dir.secrets = {
- host = config.krebs.hosts.wu;
path = "/home/tv/secrets/wu";
};
dir.stockholm = {
- host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
target-path = "/var/src/stockholm";
};
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 6f673ce9c..607f89aea 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -14,11 +14,9 @@ with lib;
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
};
dir.secrets = {
- host = config.krebs.hosts.wu;
path = "/home/tv/secrets/xu";
};
dir.stockholm = {
- host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
From bae469d2a64165a42d93cdb31e231fa75e9813a5 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 6 Nov 2015 22:36:01 +0100
Subject: [PATCH 28/39] tv: condense krebs.build
---
tv/1systems/mkdir.nix | 14 --------------
tv/1systems/nomic.nix | 14 --------------
tv/1systems/rmdir.nix | 14 --------------
tv/1systems/wu.nix | 18 ------------------
tv/1systems/xu.nix | 16 ----------------
tv/2configs/default.nix | 19 +++++++++++++++++++
6 files changed, 19 insertions(+), 76 deletions(-)
diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix
index 55d83f8f3..6ae4f80e8 100644
--- a/tv/1systems/mkdir.nix
+++ b/tv/1systems/mkdir.nix
@@ -17,23 +17,9 @@ in
{
krebs.build.host = config.krebs.hosts.mkdir;
- krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@${primary-addr4}";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- path = "/home/tv/secrets/mkdir";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index c2bb4dc78..0c6c935a3 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -4,23 +4,9 @@ with lib;
{
krebs.build.host = config.krebs.hosts.nomic;
- krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@nomic.gg23";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- path = "/home/tv/secrets/nomic";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/AO753.nix
#../2configs/consul-server.nix
diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix
index 53f14d7df..1f1d975c9 100644
--- a/tv/1systems/rmdir.nix
+++ b/tv/1systems/rmdir.nix
@@ -17,23 +17,9 @@ in
{
krebs.build.host = config.krebs.hosts.rmdir;
- krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@rmdir.internet";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- path = "/home/tv/secrets/rmdir";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 33292c608..26a603e9b 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -4,24 +4,6 @@ with lib;
{
krebs.build.host = config.krebs.hosts.wu;
- krebs.build.user = config.krebs.users.tv;
-
- krebs.build.target = "root@wu";
-
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- target-path = "/var/src/nixpkgs";
- };
- dir.secrets = {
- path = "/home/tv/secrets/wu";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- target-path = "/var/src/stockholm";
- };
- };
imports = [
../2configs/hw/w110er.nix
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 607f89aea..65220fe3e 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -4,22 +4,6 @@ with lib;
{
krebs.build.host = config.krebs.hosts.xu;
- krebs.build.user = config.krebs.users.tv;
-
- krebs.build.target = "root@xu";
-
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- path = "/home/tv/secrets/xu";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- };
- };
imports = [
../2configs/hw/x220.nix
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index d3f4eed0d..d31862b60 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -5,6 +5,25 @@ with lib;
{
krebs.enable = true;
+ krebs.build = {
+ user = config.krebs.users.tv;
+ target = mkDefault "root@${config.krebs.build.host.name}";
+ source = {
+ git.nixpkgs = {
+ url = mkDefault https://github.com/NixOS/nixpkgs;
+ rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613";
+ target-path = mkDefault "/var/src/nixpkgs";
+ };
+ dir.secrets = {
+ path = mkDefault "/home/tv/secrets/${config.krebs.build.host.name}";
+ };
+ dir.stockholm = {
+ path = mkDefault "/home/tv/stockholm";
+ target-path = mkDefault "/var/src/stockholm";
+ };
+ };
+ };
+
networking.hostName = config.krebs.build.host.name;
imports = [
From 288324507c03548286f37e1810cebb22813b8001 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 6 Nov 2015 23:54:27 +0100
Subject: [PATCH 29/39] m 2: base -> default, rm base-sources
---
makefu/1systems/filepimp.nix | 5 +---
makefu/1systems/gum.nix | 8 +-----
makefu/1systems/pnp.nix | 4 ---
makefu/1systems/pornocauster.nix | 22 +++++++--------
makefu/1systems/repunit.nix | 4 ---
makefu/1systems/tsp.nix | 11 --------
makefu/1systems/wry.nix | 8 ++----
makefu/2configs/base-sources.nix | 21 ---------------
makefu/2configs/{base.nix => default.nix} | 33 ++++++++++++++++++++---
makefu/2configs/unstable-sources.nix | 16 ++---------
10 files changed, 47 insertions(+), 85 deletions(-)
delete mode 100644 makefu/2configs/base-sources.nix
rename makefu/2configs/{base.nix => default.nix} (73%)
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index fabecec83..fb1a57552 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -7,15 +7,12 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/base.nix
+ ../2configs/default.nix
../2configs/fs/vm-single-partition.nix
../2configs/fs/single-partition-ext4.nix
../2configs/tinc-basic-retiolum.nix
- ../2configs/base-sources.nix
];
krebs.build.host = config.krebs.hosts.filepimp;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@filepimp";
# AMD N54L
boot = {
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index c4fa064b3..85cf4c533 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -7,8 +7,6 @@ let
in {
imports = [
# TODO: copy this config or move to krebs
- ../2configs/base.nix
- ../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
# ../2configs/iodined.nix
@@ -17,11 +15,7 @@ in {
../2configs/Reaktor/simpleExtend.nix
];
- krebs.build = {
- user = config.krebs.users.makefu;
- target = "root@gum.krebsco.de";
- host = config.krebs.hosts.gum;
- };
+ krebs.build.host = config.krebs.hosts.gum;
krebs.Reaktor.enable = true;
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 27c5ff2e1..161bfa3e9 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -8,8 +8,6 @@
imports =
[ # Include the results of the hardware scan.
# Base
- ../2configs/base.nix
- ../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
@@ -45,8 +43,6 @@
};
krebs.build.host = config.krebs.hosts.pnp;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@pnp";
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 97cf86a4e..8624cb2d1 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -6,12 +6,8 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/base.nix
../2configs/main-laptop.nix #< base-gui
- # configures sources
- ../2configs/base-sources.nix
-
# Krebs
../2configs/tinc-basic-retiolum.nix
#../2configs/disable_v6.nix
@@ -23,7 +19,8 @@
../2configs/exim-retiolum.nix
../2configs/mail-client.nix
#../2configs/virtualization.nix
- ../2configs/virtualization-virtualbox.nix
+ ../2configs/virtualization.nix
+ #../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
# services
@@ -34,16 +31,19 @@
../2configs/hw/tp-x220.nix
# mount points
../2configs/fs/sda-crypto-root-home.nix
+ # ../2configs/mediawiki.nix
+ #../2configs/wordpress.nix
];
- krebs.Reaktor.enable = true;
- krebs.Reaktor.debug = true;
- krebs.Reaktor.nickname = "makefu|r";
+ #krebs.Reaktor.enable = true;
+ #krebs.Reaktor.nickname = "makefu|r";
krebs.build.host = config.krebs.hosts.pornocauster;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@pornocauster";
- environment.systemPackages = with pkgs;[ get ];
+ environment.systemPackages = with pkgs;[
+ get
+ virtmanager
+ gnome3.dconf
+ ];
services.logind.extraConfig = "HandleLidSwitch=ignore";
# configure pulseAudio to provide a HDMI sink as well
diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix
index 2e132f308..a069cc36f 100644
--- a/makefu/1systems/repunit.nix
+++ b/makefu/1systems/repunit.nix
@@ -8,13 +8,9 @@
imports =
[ # Include the results of the hardware scan.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- ../2configs/base.nix
- ../2configs/base-sources.nix
../2configs/cgit-retiolum.nix
];
krebs.build.host = config.krebs.hosts.repunit;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@repunit";
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index 3c2bb2eda..990db65d2 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -6,7 +6,6 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/base.nix
../2configs/base-gui.nix
../2configs/tinc-basic-retiolum.nix
../2configs/fs/sda-crypto-root.nix
@@ -21,19 +20,9 @@
];
# not working in vm
krebs.build.host = config.krebs.hosts.tsp;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@tsp";
-
networking.firewall.allowedTCPPorts = [
25
];
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- #url = https://github.com/makefu/nixpkgs;
- rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
- };
- };
}
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 90710c857..ba94972fb 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -10,7 +10,6 @@ in {
# TODO: copy this config or move to krebs
../../tv/2configs/hw/CAC.nix
../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
../2configs/unstable-sources.nix
../2configs/headless.nix
../2configs/tinc-basic-retiolum.nix
@@ -30,11 +29,7 @@ in {
../2configs/collectd/collectd-base.nix
];
- krebs.build = {
- user = config.krebs.users.makefu;
- target = "root@wry";
- host = config.krebs.hosts.wry;
- };
+ krebs.build.host = config.krebs.hosts.wry;
krebs.Reaktor.enable = true;
@@ -62,6 +57,7 @@ in {
};
};
};
+
networking = {
firewall.allowPing = true;
firewall.allowedTCPPorts = [ 53 80 443 ];
diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix
deleted file mode 100644
index 65c6e8e76..000000000
--- a/makefu/2configs/base-sources.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- system.stateVersion = "15.09";
- krebs.build.source = {
- git.nixpkgs = {
- #url = https://github.com/NixOS/nixpkgs;
- url = https://github.com/makefu/nixpkgs;
- rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine
- };
-
- dir.secrets = {
- host = config.krebs.hosts.pornocauster;
- path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
- };
- dir.stockholm = {
- host = config.krebs.hosts.pornocauster;
- path = toString ../.. ;
- };
- };
-}
diff --git a/makefu/2configs/base.nix b/makefu/2configs/default.nix
similarity index 73%
rename from makefu/2configs/base.nix
rename to makefu/2configs/default.nix
index 4e38c27f8..3d9174788 100644
--- a/makefu/2configs/base.nix
+++ b/makefu/2configs/default.nix
@@ -2,6 +2,8 @@
with lib;
{
+ system.stateVersion = "15.09";
+
imports = [
{
users.extraUsers =
@@ -10,10 +12,36 @@ with lib;
}
./vim.nix
];
- krebs.enable = true;
- krebs.search-domain = "retiolum";
+ krebs = {
+ enable = true;
+ search-domain = "retiolum";
+ build = {
+ target = mkDefault "root@${config.krebs.build.host.name}";
+ user = config.krebs.users.makefu;
+ source = {
+ git.nixpkgs = {
+ #url = https://github.com/NixOS/nixpkgs;
+ url = mkDefault https://github.com/makefu/nixpkgs;
+ rev = mkDefault "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picking
+ target-path = "/var/src/nixpkgs";
+ };
+
+ dir.secrets = {
+ host = config.krebs.hosts.pornocauster;
+ path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
+ };
+
+ dir.stockholm = {
+ host = config.krebs.hosts.pornocauster;
+ path = "/home/makefu/stockholm" ;
+ target-path = "/var/src/stockholm";
+ };
+ };
+ };
+ };
+
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
@@ -56,7 +84,6 @@ with lib;
environment.systemPackages = with pkgs; [
jq
git
- vim
gnumake
rxvt_unicode.terminfo
htop
diff --git a/makefu/2configs/unstable-sources.nix b/makefu/2configs/unstable-sources.nix
index 7bd5f50cb..7a9a8a81c 100644
--- a/makefu/2configs/unstable-sources.nix
+++ b/makefu/2configs/unstable-sources.nix
@@ -1,20 +1,8 @@
-{ config, lib, pkgs, ... }:
+_:
{
- system.stateVersion = "15.09";
- krebs.build.source = {
- git.nixpkgs = {
+ krebs.build.source.git.nixpkgs = {
url = https://github.com/makefu/nixpkgs;
rev = "15b5bbfbd1c8a55e7d9e05dd9058dc102fac04fe"; # cherry-picked collectd
};
-
- dir.secrets = {
- host = config.krebs.hosts.pornocauster;
- path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
- };
- dir.stockholm = {
- host = config.krebs.hosts.pornocauster;
- path = toString ../.. ;
- };
- };
}
From 1d8be110e1559e804d44dfdb3c5b584efa4561a8 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Sat, 7 Nov 2015 09:43:05 +0100
Subject: [PATCH 30/39] nomic: bump ssh key
---
krebs/3modules/tv/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 6c943de8f..56b4abe00 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -159,7 +159,7 @@ with lib;
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMPMh3nHxVcPqM+LrkK7eYxNJY1ShBXOTg1vlSR45wx";
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
};
ok = {
nets = {
From d590cf26cd8fa33ed4140bef7a5d689c76455625 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Sat, 7 Nov 2015 09:45:43 +0100
Subject: [PATCH 31/39] xu: bump ssh key
---
krebs/3modules/tv/default.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 56b4abe00..6fd1c4224 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -277,7 +277,8 @@ with lib;
};
};
secure = true;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw";
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
};
};
users = addNames rec {
From a3f6dcb75ce73f57e1053054cf70667c2daef22d Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Sat, 7 Nov 2015 10:04:46 +0100
Subject: [PATCH 32/39] tv: move X-based tools to xserver
---
tv/1systems/wu.nix | 7 -------
tv/1systems/xu.nix | 8 +-------
tv/2configs/xserver/default.nix | 6 ++++++
3 files changed, 7 insertions(+), 14 deletions(-)
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 26a603e9b..ee529f3dc 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -44,31 +44,24 @@ with lib;
bind # dig
cac
dic
- ff
file
get
- gitAndTools.qgit
gnupg21
haskellPackages.hledger
htop
jq
manpages
mkpasswd
- mpv
netcat
nix-repl
nmap
nq
p7zip
- pavucontrol
posix_man_pages
- pssh
push
qrencode
- sxiv
texLive
tmux
- zathura
#ack
#apache-httpd
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 65220fe3e..32688aaed 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -44,29 +44,23 @@ with lib;
bind # dig
#cac
dic
- ff
file
- gitAndTools.qgit #xserver
gnupg21
haskellPackages.hledger
htop
jq
manpages
mkpasswd
- mpv #xserver
netcat
nix-repl
nmap
nq
p7zip
- pavucontrol #xserver
+ pass
posix_man_pages
- #pssh
qrencode
- sxiv #xserver
texLive
tmux
- zathura #xserver
#ack
#apache-httpd
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index df00203be..7a48db6b8 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -34,7 +34,13 @@ let
};
environment.systemPackages = [
+ pkgs.ff
+ pkgs.gitAndTools.qgit
+ pkgs.mpv
+ pkgs.pavucontrol
pkgs.slock
+ pkgs.sxiv
+ pkgs.zathura
];
security.setuidPrograms = [
From e57ce8bc98ba3d90b0044d90f4bff10475354fd1 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 7 Nov 2015 19:21:01 +0100
Subject: [PATCH 33/39] xu nixpkgs: c44a593 -> 7ae05ed
---
tv/1systems/xu.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 65220fe3e..d9aec4070 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -5,6 +5,9 @@ with lib;
{
krebs.build.host = config.krebs.hosts.xu;
+ krebs.build.source.git.nixpkgs.rev =
+ "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a";
+
imports = [
../2configs/hw/x220.nix
#../2configs/consul-client.nix
From e35e3b5eb05cea1e3c033423c2f6ee4e0a511817 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 7 Nov 2015 19:24:25 +0100
Subject: [PATCH 34/39] tv: mv user xr to sub
---
tv/1systems/wu.nix | 11 +++--------
tv/1systems/xu.nix | 9 +--------
tv/2configs/sub/xr.nix | 22 ++++++++++++++++++++++
tv/2configs/xserver/default.nix | 1 +
tv/2configs/z.nix | 11 +----------
tv/5pkgs/default.nix | 10 ++++++++++
6 files changed, 38 insertions(+), 26 deletions(-)
create mode 100644 tv/2configs/sub/xr.nix
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index ee529f3dc..2c0098c1c 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -12,6 +12,7 @@ with lib;
../2configs/mail-client.nix
../2configs/xserver
../2configs/z.nix
+ ../2configs/sub/xr.nix
{
environment.systemPackages = with pkgs; [
@@ -120,6 +121,8 @@ with lib;
#xkill
#xl2tpd
#xsel
+
+ unison
];
}
{
@@ -234,14 +237,6 @@ with lib;
];
};
- xr = {
- uid = 13370061;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
"23" = {
uid = 13370023;
};
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 20e0e9681..57f318ad0 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -15,6 +15,7 @@ with lib;
../2configs/mail-client.nix
../2configs/xserver
../2configs/z.nix
+ ../2configs/sub/xr.nix
{
environment.systemPackages = with pkgs; [
@@ -239,14 +240,6 @@ with lib;
];
};
- xr = {
- uid = 13370061;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
"23" = {
uid = 13370023;
};
diff --git a/tv/2configs/sub/xr.nix b/tv/2configs/sub/xr.nix
new file mode 100644
index 000000000..6c9cbb93e
--- /dev/null
+++ b/tv/2configs/sub/xr.nix
@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ krebs.per-user.xr.packages = [
+ pkgs.cr
+ ];
+
+ security.sudo.extraConfig = "tv ALL=(xr) NOPASSWD: ALL";
+
+ users.users.xr = {
+ extraGroups = [
+ "audio"
+ "video"
+ ];
+ group = "subusers";
+ home = "/home/xr";
+ uid = 1660006127; # genid xr
+ useDefaultShell = true;
+ };
+}
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 7a48db6b8..afc2d699c 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -40,6 +40,7 @@ let
pkgs.pavucontrol
pkgs.slock
pkgs.sxiv
+ pkgs.xsel
pkgs.zathura
];
diff --git a/tv/2configs/z.nix b/tv/2configs/z.nix
index e5494ecc9..3acd168d4 100644
--- a/tv/2configs/z.nix
+++ b/tv/2configs/z.nix
@@ -4,16 +4,7 @@ with lib;
{
krebs.per-user.z.packages = [
- (pkgs.writeScriptBin "cr" ''
- #! /bin/sh
- set -efu
- export LC_TIME=de_DE.utf8
- exec ${pkgs.chromium}/bin/chromium \
- --ssl-version-min=tls1 \
- --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
- --disk-cache-size=50000000 \
- "%@"
- '')
+ pkgs.cr
];
programs.bash.interactiveShellInit = ''
diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index 1ca5e70a2..2108d972c 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -1,6 +1,16 @@
{ pkgs, ... }:
{
+ cr = pkgs.writeScriptBin "cr" ''
+ #! /bin/sh
+ set -efu
+ export LC_TIME=de_DE.utf8
+ exec ${pkgs.chromium}/bin/chromium \
+ --ssl-version-min=tls1 \
+ --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
+ --disk-cache-size=50000000 \
+ "%@"
+ '';
ff = pkgs.callPackage ./ff {};
viljetic-pages = pkgs.callPackage ./viljetic-pages {};
xmonad-tv =
From b166b6c29d2cfd39348073b9873da13a1581ad61 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Sat, 7 Nov 2015 19:27:47 +0100
Subject: [PATCH 35/39] xu: add unison
---
tv/1systems/xu.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 57f318ad0..168eafcc7 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -122,6 +122,8 @@ with lib;
#xkill
#xl2tpd
#xsel
+
+ unison
];
}
{
From 60faa6e3cf3b592a4aad71b246fbe2abdd699b9c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 8 Nov 2015 11:53:29 +0100
Subject: [PATCH 36/39] tv: remove legacy users
---
tv/1systems/cd.nix | 14 -----
tv/1systems/wu.nix | 110 --------------------------------------
tv/1systems/xu.nix | 113 ----------------------------------------
tv/2configs/default.nix | 43 ++++-----------
tv/2configs/sub/xr.nix | 22 --------
tv/2configs/z.nix | 31 -----------
6 files changed, 9 insertions(+), 324 deletions(-)
delete mode 100644 tv/2configs/sub/xr.nix
delete mode 100644 tv/2configs/z.nix
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 126c6feb5..10c87b2c6 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -115,7 +115,6 @@ with lib;
iftop
iotop
iptables
- mutt # for mv
nethogs
ntp # ntpate
rxvt_unicode.terminfo
@@ -126,17 +125,4 @@ with lib;
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
-
- users.extraUsers = {
- mv = {
- uid = 1338;
- group = "users";
- home = "/home/mv";
- createHome = true;
- useDefaultShell = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.mv.pubkey
- ];
- };
- };
}
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 2c0098c1c..3fa5481e2 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -11,8 +11,6 @@ with lib;
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver
- ../2configs/z.nix
- ../2configs/sub/xr.nix
{
environment.systemPackages = with pkgs; [
@@ -158,114 +156,6 @@ with lib;
];
};
}
- {
- users.extraGroups = {
- tv.gid = 1337;
- slaves.gid = 3799582008; # genid slaves
- };
-
- users.extraUsers =
- mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
- inherit name;
- home = "/home/${name}";
- createHome = true;
- useDefaultShell = true;
- group = "tv";
- extraGroups = ["slaves"] ++ extraGroups;
- }) {
- ff = {
- uid = 13378001;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- cr = {
- uid = 13378002;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- fa = {
- uid = 2300001;
- };
-
- rl = {
- uid = 2300002;
- };
-
- tief = {
- uid = 2300702;
- };
-
- btc-bitcoind = {
- uid = 2301001;
- };
-
- btc-electrum = {
- uid = 2301002;
- };
-
- ltc-litecoind = {
- uid = 2301101;
- };
-
- eth = {
- uid = 2302001;
- };
-
- emse-hsdb = {
- uid = 4200101;
- };
-
- wine = {
- uid = 13370400;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- df = {
- uid = 13370401;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- "23" = {
- uid = 13370023;
- };
-
- electrum = {
- uid = 13370102;
- };
-
- skype = {
- uid = 6660001;
- extraGroups = [
- "audio"
- ];
- };
-
- onion = {
- uid = 6660010;
- };
- };
-
- security.sudo.extraConfig =
- let
- isSlave = u: elem "slaves" u.extraGroups;
- masterOf = u: u.group;
- slaves = filterAttrs (_: isSlave) config.users.extraUsers;
- toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
- in
- concatMapStringsSep "\n" toSudoers (attrValues slaves);
- }
];
boot.initrd.luks = {
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 168eafcc7..1a9dddb55 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -14,8 +14,6 @@ with lib;
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver
- ../2configs/z.nix
- ../2configs/sub/xr.nix
{
environment.systemPackages = with pkgs; [
@@ -160,117 +158,6 @@ with lib;
];
};
}
- {
- users.extraGroups = {
- tv.gid = 1337;
- slaves.gid = 3799582008; # genid slaves
- };
-
- users.extraUsers =
- mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
- inherit name;
- home = "/home/${name}";
- createHome = true;
- useDefaultShell = true;
- group = "tv";
- extraGroups = ["slaves"] ++ extraGroups;
- }) {
- ff = {
- uid = 13378001;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- cr = {
- uid = 13378002;
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- fa = {
- uid = 2300001;
- };
-
- rl = {
- uid = 2300002;
- };
-
- tief = {
- uid = 2300702;
- };
-
- btc-bitcoind = {
- uid = 2301001;
- };
-
- btc-electrum = {
- uid = 2301002;
- };
-
- ltc-litecoind = {
- uid = 2301101;
- };
-
- eth = {
- uid = 2302001;
- };
-
- emse-hsdb = {
- uid = 4200101;
- };
-
- wine = {
- uid = 13370400;
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- df = {
- uid = 13370401;
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- "23" = {
- uid = 13370023;
- };
-
- electrum = {
- uid = 13370102;
- };
-
- skype = {
- uid = 6660001;
- extraGroups = [
- "audio"
- ];
- };
-
- onion = {
- uid = 6660010;
- };
- };
-
- security.sudo.extraConfig =
- let
- isSlave = u: elem "slaves" u.extraGroups;
- masterOf = u: u.group;
- slaves = filterAttrs (_: isSlave) config.users.extraUsers;
- toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
- in
- concatMapStringsSep "\n" toSudoers (attrValues slaves);
- }
];
boot.initrd.luks = {
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index d31862b60..688f8f9cf 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -27,6 +27,7 @@ with lib;
networking.hostName = config.krebs.build.host.name;
imports = [
+ <secrets>
./vim.nix
{
# stockholm dependencies
@@ -35,40 +36,14 @@ with lib;
];
}
{
- # TODO never put hashedPassword into the store
- users.extraUsers =
- mapAttrs (_: h: { hashedPassword = h; })
- (import <secrets/hashedPasswords.nix>);
- }
- {
- users.groups.subusers.gid = 1093178926; # genid subusers
- }
- {
- users.defaultUserShell = "/run/current-system/sw/bin/bash";
- users.mutableUsers = false;
- }
- {
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.tv.pubkey
- config.krebs.users.tv_xu.pubkey
- ];
- };
- tv = {
- uid = 1337;
- group = "users";
- home = "/home/tv";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "video"
- "wheel"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.tv.pubkey
- ];
+ users = {
+ defaultUserShell = "/run/current-system/sw/bin/bash";
+ mutableUsers = false;
+ users = {
+ tv = {
+ isNormalUser = true;
+ uid = 1337;
+ };
};
};
}
diff --git a/tv/2configs/sub/xr.nix b/tv/2configs/sub/xr.nix
deleted file mode 100644
index 6c9cbb93e..000000000
--- a/tv/2configs/sub/xr.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- krebs.per-user.xr.packages = [
- pkgs.cr
- ];
-
- security.sudo.extraConfig = "tv ALL=(xr) NOPASSWD: ALL";
-
- users.users.xr = {
- extraGroups = [
- "audio"
- "video"
- ];
- group = "subusers";
- home = "/home/xr";
- uid = 1660006127; # genid xr
- useDefaultShell = true;
- };
-}
diff --git a/tv/2configs/z.nix b/tv/2configs/z.nix
deleted file mode 100644
index 3acd168d4..000000000
--- a/tv/2configs/z.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- krebs.per-user.z.packages = [
- pkgs.cr
- ];
-
- programs.bash.interactiveShellInit = ''
- case ''${XMONAD_SPAWN_WORKSPACE-} in
- za|zh|zj|zs)
- exec sudo -u z -i
- ;;
- esac
- '';
-
- security.sudo.extraConfig = "tv ALL=(z) NOPASSWD: ALL";
-
- users.users.z = {
- extraGroups = [
- "audio"
- "vboxusers"
- "video"
- ];
- group = "subusers";
- home = "/home/z";
- uid = 3043726074; # genid z
- useDefaultShell = true;
- };
-}
From 0faad027e7e241edbe842cf6a54aad606d00adf7 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 8 Nov 2015 12:28:53 +0100
Subject: [PATCH 37/39] tv configs: set NIX_PATH
---
tv/2configs/default.nix | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 688f8f9cf..6ed1c65f9 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -90,6 +90,15 @@ with lib;
view = "vim -R";
};
+ environment.variables = {
+ NIX_PATH =
+ with config.krebs.build.source; with dir; with git;
+ mkForce (concatStringsSep ":" [
+ "nixpkgs=${nixpkgs.target-path}"
+ "secrets=${stockholm.target-path}/null"
+ ]);
+ };
+
programs.bash = {
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
From e734aa21ee0a2a015ae3c0c54681cca7891d5e38 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 8 Nov 2015 12:40:53 +0100
Subject: [PATCH 38/39] add null module
---
null/default.nix | 1 +
1 file changed, 1 insertion(+)
create mode 100644 null/default.nix
diff --git a/null/default.nix b/null/default.nix
new file mode 100644
index 000000000..2eb33a153
--- /dev/null
+++ b/null/default.nix
@@ -0,0 +1 @@
+_:{}
From 610a3ce59c2ba0e58205305a85e9cb86e680d481 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 8 Nov 2015 12:46:56 +0100
Subject: [PATCH 39/39] push: 1.1.0 -> 1.1.1
---
krebs/5pkgs/push/default.nix | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/krebs/5pkgs/push/default.nix b/krebs/5pkgs/push/default.nix
index 410b43465..bc5c030a0 100644
--- a/krebs/5pkgs/push/default.nix
+++ b/krebs/5pkgs/push/default.nix
@@ -9,12 +9,12 @@
, ... }:
stdenv.mkDerivation {
- name = "push-1.1.0";
+ name = "push-1.1.1";
src = fetchgit {
url = http://cgit.cd.retiolum/push;
- rev = "c5f4bda5bd00bad7778bbd5a9af8d476de0de920";
- sha256 = "d335b644b791214263cee5c6659538c8e45326531b0588e5e7eb3bd9ef969800";
+ rev = "ea8b76569c6b226fe148e559477669b095408472";
+ sha256 = "c305a1515d30603f6ed825d44487e863fdc7d90400620ceaf2c335a3b5d1e221";
};
phases = [
@@ -45,4 +45,3 @@ stdenv.mkDerivation {
chmod +x $out/bin/push
'';
}
-