From 4a2af184e6846f80b139357c6230558cd8785b10 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Wed, 28 Feb 2018 19:54:11 +0000
Subject: [PATCH 01/55] j vim: unsure changes
---
jeschli/2configs/vim.nix | 118 ++++++++++++++++++++-------------------
1 file changed, 62 insertions(+), 56 deletions(-)
diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix
index 1a2231a86..ddf0f9195 100644
--- a/jeschli/2configs/vim.nix
+++ b/jeschli/2configs/vim.nix
@@ -16,72 +16,78 @@ let
owner = "mxw";
repo = "vim-jsx";
rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a";
- sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a";
+ sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a";
};
};
in {
-# {
environment.systemPackages = [
(pkgs.vim_configurable.customize {
name = "vim";
-
- vimrcConfig.customRC = ''
- set nocompatible
-
- :imap jk <Esc>
- :vmap v v
- :map gr :GoRun<Enter>
- :nnoremap <S-TAB> :bnext<CR>
- :nnoremap <C-TAB> <c-w><c-w>
- :map nf :NERDTreeToggle<CR>
- set autowrite
- set number
- set ruler
- set path+=**
- set wildmenu
-
- noremap x "_x
- set clipboard=unnamedplus
-
- let g:jsx_ext_required = 0
-
- let g:go_list_type = "quickfix"
- let g:go_test_timeout = '10s'
- let g:go_fmt_command = "goimports"
- let g:go_snippet_case_type = "camelcase"
- let g:go_highlight_types = 1
- let g:go_highlight_fields = 1
- let g:go_highlight_functions = 1
- let g:go_highlight_methods = 1
- let g:go_highlight_extra_types = 1
- autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
- let g:rehash256 = 1
- let g:molokai_original = 1
- colorscheme molokai
- let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck']
- let g:go_metalinter_autosave = 1
- " let g:go_metalinter_autosave_enabled = ['vet', 'golint']
- " let g:go_def_mode = 'godef'
- " let g:go_decls_includes = "func,type"
-
-
- " Trigger configuration. Do not use <tab> if you use https://github.com/Valloric/YouCompleteMe.
- let g:UltiSnipsExpandTrigger="<c-e>"
- let g:UltiSnipsJumpForwardTrigger="<c-t>"
- let g:UltiSnipsJumpBackwardTrigger="<c-q>"
-
- " If you want :UltiSnipsEdit to split your window.
- let g:UltiSnipsEditSplit="vertical"
-
- if has('persistent_undo') "check if your vim version supports it
- set undofile "turn on the feature
- set undodir=$HOME/.vim/undo "directory where the undo files will be stored
- endif
+ vimrcConfig.customRC = let
+ colorscheme = ''colorscheme molokai'';
+ setStatements = ''
+ set autowrite
+ set clipboard=unnamedplus
+ set nocompatible
+ set path+=**
+ set ruler
+ set undodir=$HOME/.vim/undo "directory where the undo files will be stored
+ set undofile "turn on the feature
+ set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
+ set wildmenu
+ set listchars=trail:¶
+ '';
+ remapStatements = ''
+ imap jk <Esc>
+ map gr :GoRun<Enter> " Map gr to execute go run
+ map nf :NERDTreeToggle<CR>
+ nnoremap <C-TAB> <c-w><c-w>
+ nnoremap <S-TAB> :bnext<CR>
+ noremap x "_x
+ vmap v v
+ '';
+ settingsForGo = ''
+ let g:go_decls_includes = "func,type"
+ let g:go_def_mode = 'godef'
+ let g:go_fmt_command = "goimports"
+ let g:go_highlight_extra_types = 1
+ let g:go_highlight_fields = 1
+ let g:go_highlight_functions = 1
+ let g:go_highlight_methods = 1
+ let g:go_highlight_types = 1
+ let g:go_list_type = "quickfix"
+ let g:go_metalinter_autosave = 1
+ let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck']
+ let g:syntastic_go_checkers = ['go', 'golint', 'errcheck']
+ let g:go_snippet_case_type = "camelcase"
+ let g:go_test_timeout = '10s'
+ let g:jsx_ext_required = 0
+ let g:molokai_original = 1
+ let g:rehash256 = 1
+ '';
+ settingsForElm = ''
+ let g:polyglot_disabled = ['elm']
+ let g:elm_detailed_complete = 1
+ let g:elm_format_autosave = 1
+ let g:elm_syntastic_show_warnings = 1
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
vimrcConfig.vam.pluginDictionaries = [
- { names = [ "undotree" "molokai" "Syntastic" "ctrlp" "surround" "snipmate" "nerdtree" "easymotion"]; }
+ {
+ names = [
+ "ctrlp"
+ "easymotion"
+ "molokai"
+ "nerdtree"
+ "snipmate"
+ "surround"
+ "Syntastic"
+ "undotree"
+ "elm-vim"
+ "youcompleteme"
+ ];
+ }
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
{ names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode
{ names = [ "vim-javascript" ]; ft_regex = "^js\$"; }
From 7a53169d3ab17125c9966eea54482aeb89b0433a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 6 Mar 2018 21:12:30 +0100
Subject: [PATCH 02/55] kops: init at 1.0.0
---
krebs/5pkgs/simple/kops.nix | 7 +++++++
1 file changed, 7 insertions(+)
create mode 100644 krebs/5pkgs/simple/kops.nix
diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix
new file mode 100644
index 000000000..a6c82f3ca
--- /dev/null
+++ b/krebs/5pkgs/simple/kops.nix
@@ -0,0 +1,7 @@
+{ fetchgit, ... }:
+
+fetchgit {
+ url = https://cgit.krebsco.de/kops;
+ rev = "refs/tags/v1.0.0";
+ sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb";
+}
From 5fdbd513406ce6a4caef35f60a446cc15104d9ee Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 13 Mar 2018 21:30:04 +0100
Subject: [PATCH 03/55] buildbot-all: remove deploy test (currently broken)
---
krebs/2configs/buildbot-all.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index 5ea78f227..d85cde175 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -5,6 +5,5 @@ with import <stockholm/lib>;
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
- krebs.ci.tests = [ "deploy" ];
}
From 53c3b2b80593569d736bcced56f97b995f246997 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 13 Mar 2018 21:30:36 +0100
Subject: [PATCH 04/55] l: make spf header more restrictive
---
krebs/3modules/lass/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index e269d1fa1..dbdf70008 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -89,7 +89,7 @@ with import <stockholm/lib>;
60 IN NS ns16.ovh.net.
60 IN NS dns16.ovh.net.
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- 60 IN TXT v=spf1 mx -all
+ 60 IN TXT v=spf1 mx a:lassul.us -all
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
From 666f030b10d8c8ad3ea92fce5c20e013df598cb8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 13 Mar 2018 21:31:02 +0100
Subject: [PATCH 05/55] l helios.r: fix displayManager setup
---
lass/1systems/helios/config.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index c4d99cb2c..c4a171d86 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -131,7 +131,7 @@ with import <stockholm/lib>;
];
services.xserver.displayManager.sessionCommands = ''
- ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
+ ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
'';
networking.hostName = lib.mkForce "BLN02NB0162";
From d5a7a288ba51b6cc21529f610fcfecd90d2664ea Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 13 Mar 2018 21:31:30 +0100
Subject: [PATCH 06/55] l mors.r: minimize deploy script
---
lass/1systems/mors/config.nix | 24 ++----------------------
1 file changed, 2 insertions(+), 22 deletions(-)
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index cbb71ab24..f77bc64c2 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -170,31 +170,11 @@ with import <stockholm/lib>;
export PATH=${makeBinPath [
pkgs.bash
pkgs.coreutils
- pkgs.nix
- (pkgs.writeDashBin "is-git-crypt-locked" ''
- magic=$(dd status=none if="$1" skip=1 bs=1 count=8)
- test "$magic" = GITCRYPT
- '')
+ pkgs.nixUnstable
]}
cd ~/stockholm
export SYSTEM="$1"
- if is-git-crypt-locked ~/secrets/ready; then
- echo 'secrets are crypted' >&2
- exit 23
- else
- exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
- fi
- '';
- predeploy = pkgs.writeDash "predeploy" ''
- set -eu
- export PATH=${makeBinPath [
- pkgs.bash
- pkgs.coreutils
- pkgs.nix
- ]}
- cd ~/stockholm
- export SYSTEM="$1"
- exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate'
+ exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
'';
};
From fbf87b0f7eedc029c111a98662b2e639888d45db Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 13 Mar 2018 21:39:24 +0100
Subject: [PATCH 07/55] l: add allygator@lassul.us mail
---
lass/2configs/exim-smarthost.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index ae652722a..4455d2761 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -78,6 +78,7 @@ with import <stockholm/lib>;
{ from = "github@lassul.us"; to = lass.mail; }
{ from = "ovh@lassul.us"; to = lass.mail; }
{ from = "hetzner@lassul.us"; to = lass.mail; }
+ { from = "allygator@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
From 099bf40e49688ab8946a5b88ac974458eee69469 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 13 Mar 2018 22:39:38 +0100
Subject: [PATCH 08/55] l: add c-base to msmtprc
---
lass/2configs/mail.nix | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 03d39ef75..ebe873cf9 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -8,6 +8,16 @@ let
logfile ~/.msmtp.log
account prism
host prism.r
+ account c-base
+ from lassulus@c-base.org
+ host c-mail.c-base.org
+ port 465
+ tls on
+ tls_starttls off
+ tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4
+ auth on
+ user lassulus
+ passwordeval pass show c-base/pass
account default: prism
'';
From 7bc8fc7a44969387621425b1c10c8391e56ba087 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 13 Mar 2018 22:40:46 +0100
Subject: [PATCH 09/55] l mail: add more mailboxes
---
lass/2configs/mail.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index ebe873cf9..278ec0ff3 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -46,9 +46,11 @@ let
];
dezentrale = [ "to:dezentrale.space" ];
dhl = [ "to:dhl@lassul.us" ];
+ eloop = [ "to:eloop.org" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
+ lugs = [ "to:lugs@lug-s.org" ];
nix-devel = [ "to:nix-devel@googlegroups.com" ];
patreon = [ "to:patreon@lassul.us" ];
paypal = [ "to:paypal@lassul.us" ];
From 92f8c5f94b88cd837bc77200e70e7fd9f2af88d2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 15 Mar 2018 19:33:43 +0100
Subject: [PATCH 10/55] l mail: update pubkey
---
lass/2configs/mail.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 278ec0ff3..b9682c5ee 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -77,7 +77,7 @@ let
# gpg
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
set pgp_use_gpg_agent = yes
- set pgp_sign_as = 0x976A7E4D
+ set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D
set crypt_autosign = yes
set crypt_replyencrypt = yes
set crypt_verify_sig = yes
From 8766727e01f8892b5adab38096264028878d2803 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 18 Mar 2018 21:31:03 +0100
Subject: [PATCH 11/55] electron-cash: RIP
---
krebs/5pkgs/simple/electron-cash/default.nix | 64 --------------------
1 file changed, 64 deletions(-)
delete mode 100644 krebs/5pkgs/simple/electron-cash/default.nix
diff --git a/krebs/5pkgs/simple/electron-cash/default.nix b/krebs/5pkgs/simple/electron-cash/default.nix
deleted file mode 100644
index e51136c60..000000000
--- a/krebs/5pkgs/simple/electron-cash/default.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{ stdenv, fetchFromGitHub, python2Packages }:
-
-python2Packages.buildPythonApplication rec {
- name = "electron-cash-${src.rev}";
-
- src = fetchFromGitHub {
- owner = "fyookball";
- repo = "electrum";
- rev = "a2245ea";
- sha256 = "1a0ym94azfd1yn97n2jcky344ajbj2amr9l6jpx30pqxndffpbgv";
- };
-
- propagatedBuildInputs = with python2Packages; [
- dns
- ecdsa
- jsonrpclib
- pbkdf2
- pyaes
- pycrypto
- pyqt4
- pysocks
- qrcode
- requests
- tlslite
-
- # plugins
- keepkey
- trezor
- ];
-
- preBuild = ''
- sed -i 's,usr_share = .*,usr_share = "'$out'/share",g' setup.py
- pyrcc4 icons.qrc -o gui/qt/icons_rc.py
- # Recording the creation timestamps introduces indeterminism to the build
- sed -i '/Created: .*/d' gui/qt/icons_rc.py
- '';
-
- postInstall = ''
- # Despite setting usr_share above, these files are installed under
- # $out/nix ...
- mv $out/lib/python2.7/site-packages/nix/store"/"*/share $out
- rm -rf $out/lib/python2.7/site-packages/nix
-
- substituteInPlace $out/share/applications/electron.desktop \
- --replace "Exec=electrum %u" "Exec=$out/bin/electrum %u"
- '';
-
- doInstallCheck = true;
- installCheckPhase = ''
- $out/bin/electrum help >/dev/null
- '';
-
- meta = with stdenv.lib; {
- description = "A lightweight Bitcoin wallet";
- longDescription = ''
- An easy-to-use Bitcoin client featuring wallets generated from
- mnemonic seeds (in addition to other, more advanced, wallet options)
- and the ability to perform transactions without downloading a copy
- of the blockchain.
- '';
- homepage = https://electrum.org/;
- license = licenses.mit;
- };
-}
From f4562cf068ee880cfd7a06c7efc6cc19ab8ae729 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 18 Mar 2018 21:34:11 +0100
Subject: [PATCH 12/55] l security: use default kernel
---
lass/2configs/security-workarounds.nix | 2 --
1 file changed, 2 deletions(-)
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
index c3d07d5fe..537c8a59b 100644
--- a/lass/2configs/security-workarounds.nix
+++ b/lass/2configs/security-workarounds.nix
@@ -5,6 +5,4 @@ with import <stockholm/lib>;
boot.extraModprobeConfig = ''
install dccp /run/current-system/sw/bin/false
'';
-
- boot.kernelPackages = pkgs.linuxPackages_latest;
}
From 768d9a94967a502e497aada07cafd9521bd08d8e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 18 Mar 2018 21:35:27 +0100
Subject: [PATCH 13/55] l websites domsen: more domains
---
lass/2configs/websites/domsen.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 9ece2af77..7a72499c9 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -49,6 +49,7 @@ in {
"www.ubikmedia.eu"
"www.youthtube.xyz"
"www.ubikmedia.de"
+ "www.joemisch.com"
"www.weirdwednesday.de"
"aldona2.ubikmedia.de"
@@ -63,6 +64,7 @@ in {
"weirdwednesday.ubikmedia.de"
"freemonkey.ubikmedia.de"
"jarugadesign.ubikmedia.de"
+ "crypto4art.ubikmedia.de"
])
];
From 8a0e77e2bbe8147e81ccbf1039a6590369b6100d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 18 Mar 2018 21:57:45 +0100
Subject: [PATCH 14/55] l: add cabal
---
krebs/3modules/lass/default.nix | 41 +++++++++++++++++++++++++++++++++
lass/1systems/cabal/config.nix | 35 ++++++++++++++++++++++++++++
lass/1systems/cabal/source.nix | 4 ++++
3 files changed, 80 insertions(+)
create mode 100644 lass/1systems/cabal/config.nix
create mode 100644 lass/1systems/cabal/source.nix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index dbdf70008..0c3e68c39 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -618,6 +618,47 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
};
+ cabal = {
+ cores = 2;
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.1.4";
+ ip6.addr = "42::1:4";
+ aliases = [
+ "cabal.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
+ SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
+ rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
+ qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
+ LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
+ rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
+ 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
+ fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
+ yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
+ kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
+ KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
+ TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
+ oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
+ TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
+ 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD
+ rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
+ 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
+ luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
+ w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
+ 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
+ K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
+ ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
+ };
};
users = {
lass = {
diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix
new file mode 100644
index 000000000..7eba86c52
--- /dev/null
+++ b/lass/1systems/cabal/config.nix
@@ -0,0 +1,35 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/stock-x220.nix>
+
+ <stockholm/lass/2configs/mouse.nix>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/baseX.nix>
+ <stockholm/lass/2configs/browsers.nix>
+ <stockholm/lass/2configs/programs.nix>
+ <stockholm/lass/2configs/fetchWallpaper.nix>
+ <stockholm/lass/2configs/backups.nix>
+ <stockholm/lass/2configs/games.nix>
+ <stockholm/lass/2configs/bitcoin.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.cabal;
+
+ #fileSystems = {
+ # "/bku" = {
+ # device = "/dev/mapper/pool-bku";
+ # fsType = "btrfs";
+ # options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ # };
+ #};
+
+ #services.udev.extraRules = ''
+ # SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
+ # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+ #'';
+}
diff --git a/lass/1systems/cabal/source.nix b/lass/1systems/cabal/source.nix
new file mode 100644
index 000000000..5d9507f3d
--- /dev/null
+++ b/lass/1systems/cabal/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/lass/source.nix> {
+ name = "cabal";
+ secure = true;
+}
From fa724ceab0f5f10b253d806326b7c917814412eb Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 18 Mar 2018 22:03:25 +0100
Subject: [PATCH 15/55] l: use xlockmore as lockscreen
---
lass/1systems/helios/config.nix | 2 --
lass/3modules/screenlock.nix | 4 ++--
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index c4a171d86..e64cfbe79 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -168,8 +168,6 @@ with import <stockholm/lib>;
'')
];
- lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
-
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix
index e16ce9868..29c3861f2 100644
--- a/lass/3modules/screenlock.nix
+++ b/lass/3modules/screenlock.nix
@@ -14,7 +14,7 @@ let
enable = mkEnableOption "screenlock";
command = mkOption {
type = types.str;
- default = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
+ default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1";
};
};
@@ -28,7 +28,7 @@ let
serviceConfig = {
SyslogIdentifier = "screenlock";
ExecStart = cfg.command;
- Type = "forking";
+ Type = "simple";
User = "lass";
};
};
From 1334ab82d0f987c3551ed49d67869bc528f5bd07 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 18 Mar 2018 22:12:55 +0100
Subject: [PATCH 16/55] l websites fritz: simplify msmtprc
---
lass/2configs/websites/fritz.nix | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index aa57a9857..14d6ce9ec 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -12,9 +12,8 @@ let
;
msmtprc = pkgs.writeText "msmtprc" ''
- account localhost
+ account default
host localhost
- account default: localhost
'';
sendmail = pkgs.writeDash "msmtp" ''
From bd4def24bfbd8f034032e3a6e89ce4dd88d6930e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 18 Mar 2018 22:36:44 +0100
Subject: [PATCH 17/55] nixpkgs: c5bc83b -> c665fcc
---
krebs/source.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/source.nix b/krebs/source.nix
index 7e0ea7e47..733601a21 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -24,7 +24,7 @@ in
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27
+ ref = "c665fcca9e7be8cd06c1f3c5bbe2b00d4c8f2a92"; # nixos-17.09 @ 2018-03-18
};
}
override
From 390375cd8a0c745eb6b4df93f3f6f3e5f2985c90 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 20 Mar 2018 15:17:36 +0100
Subject: [PATCH 18/55] j: dirty merge again
---
jeschli/1systems/bln/config.nix | 85 ++++++-------------
.../1systems/bln/hardware-configuration.nix | 22 ++---
jeschli/2configs/virtualbox.nix | 2 +-
jeschli/source.nix | 2 +-
4 files changed, 38 insertions(+), 73 deletions(-)
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index 9c491c8a1..885307b7a 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -12,54 +12,25 @@
./hardware-configuration.nix
# ./dcso-vpn.nix
];
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # boot.loader.grub.efiSupport = true;
- # boot.loader.grub.efiInstallAsRemovable = true;
- # boot.loader.efi.efiSysMountPoint = "/boot/efi";
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
- boot.loader.grub.extraEntries = ''
- menuentry "Debian GNU/Linux, kernel 4.9.0-4-amd64" {
- search --set=drive1 --fs-uuid f169fd32-bf96-4da0-bc34-294249ffa606
- linux ($drive1)/vmlinuz-4.9.0-4-amd64 root=/dev/mapper/pool-debian ro
- initrd ($drive1)/initrd.img-4.9.0-4-amd64
- }
- '';
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/disk/by-uuid/cba5d550-c3c8-423e-a913-14b5210bdd32";
- preLVM = true;
- allowDiscards = true;
- }
- ];
-
- networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname.
+ environment.shellAliases = {
+ n = "nix-shell";
+ gd = "cd /home/jeschli/go/src/gitlab.dcso.lolcat";
+ gh = "cd /home/jeschli/go/src/github.com";
+ stocki = pkgs.writeDash "deploy" ''
+ cd ~/stockholm
+ LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"'
+ '';
+ };
+ networking.hostName = lib.mkForce "BLN02NB0232"; # Define your hostname.
networking.networkmanager.enable = true;
- # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
-
- # Select internationalisation properties.
- # i18n = {
- # consoleFont = "Lat2-Terminus16";
- # consoleKeyMap = "us";
- # defaultLocale = "en_US.UTF-8";
- # };
-
# Set your time zone.
time.timeZone = "Europe/Berlin";
-
-
- # List packages installed in system profile. To search by name, run:
- # $ nix-env -qaP | grep wget
+ # Setup Packages
nixpkgs.config.allowUnfree = true;
- environment.shellAliases = {
- n = "nix-shell";
- gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
- gh = "cd /home/markus/go/src/github.com";
- };
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
environment.systemPackages = with pkgs; [
# system helper
@@ -108,9 +79,6 @@
];
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
programs.bash.enableCompletion = true;
programs.vim.defaultEditor = true;
# programs.mtr.enable = true;
@@ -132,33 +100,26 @@
services.printing.drivers = [ pkgs.postscript-lexmark ];
# Enable the X11 windowing system.
services.xserver.enable = true;
+ services.xserver.videoDrivers = [ "nvidia" ];
# services.xserver.xrandrHeads = [
# { output = "eDP1"; }
# { output = "DP-2-2-8"; primary = true; }
# { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; }
# ];
- # services.xserver.layout = "us";
- # services.xserver.xkbOptions = "eurosign:e";
-
- # Enable touchpad support.
- # services.xserver.libinput.enable = true;
-
- # Enable the KDE Desktop Environment.
-# services.xserver.displayManager.lightdm.enable = true;
services.xserver.windowManager.xmonad.enable = true;
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
-# services.xserver.desktopManager.gnome3.enable = true;
- # services.xserver.displayManager.gdm.enable = true;
services.xserver.displayManager.sddm.enable = true;
- #services.xserver.desktopManager.plasma5.enable = true;
+# services.xserver.desktopManager.gnome3.enable = true;
+ services.xserver.dpi = 100;
+ fonts.fontconfig.dpi = 100;
+
# services.xserver.displayManager.sessionCommands = ''
# (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off
#'';
- # Define a user account. Don't forget to set a password with ‘passwd’.
- users.extraUsers.markus = {
+ users.extraUsers.jeschli = {
isNormalUser = true;
- extraGroups = ["docker"];
+ extraGroups = ["docker" "vboxusers"];
uid = 1000;
};
@@ -179,7 +140,7 @@
# });
# };
-# virtualisation.docker.enable = true;
+ virtualisation.docker.enable = true;
# DCSO Certificates
@@ -191,6 +152,8 @@
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ # VBOX certs
+ ./services.bundled.crt
];
hardware.bluetooth.enable = true;
diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix
index 714162271..2b354190c 100644
--- a/jeschli/1systems/bln/hardware-configuration.nix
+++ b/jeschli/1systems/bln/hardware-configuration.nix
@@ -8,27 +8,29 @@
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
+ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sr_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
+ boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/25534522-5748-4dcc-a5ca-80a3ac70f59d";
+
fileSystems."/" =
- { device = "/dev/disk/by-uuid/02144ea4-947d-440e-bbf9-99cab0dccf05";
+ { device = "/dev/disk/by-uuid/496c8889-96db-446d-9bac-60d4347faeac";
+ fsType = "ext4";
+ };
+
+ fileSystems."/home" =
+ { device = "/dev/disk/by-uuid/2785adf5-a99e-49d7-86d6-99f393f457ea";
fsType = "ext4";
};
fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/f169fd32-bf96-4da0-bc34-294249ffa606";
- fsType = "ext2";
- };
-
- fileSystems."/home" =
- { device = "/dev/disk/by-uuid/68ef2163-7b3d-4dbb-add9-d3543ad7c738";
- fsType = "ext4";
+ { device = "/dev/disk/by-uuid/927E-01A0";
+ fsType = "vfat";
};
swapDevices = [ ];
- nix.maxJobs = lib.mkDefault 4;
+ nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = "powersave";
}
diff --git a/jeschli/2configs/virtualbox.nix b/jeschli/2configs/virtualbox.nix
index b2cb851a1..c9bb8c41f 100644
--- a/jeschli/2configs/virtualbox.nix
+++ b/jeschli/2configs/virtualbox.nix
@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
- mainUser = config.users.extraUsers.markus;
+ mainUser = config.users.extraUsers.jeschli;
in {
#services.virtualboxHost.enable = true;
diff --git a/jeschli/source.nix b/jeschli/source.nix
index 382dd61bc..d5cc32a9f 100644
--- a/jeschli/source.nix
+++ b/jeschli/source.nix
@@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "0653b73";
+ ref = "395fe7f";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
From 36aaeb793bd19fdc0662d29f242c07abf54a849c Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 20 Mar 2018 16:06:34 +0100
Subject: [PATCH 19/55] bln: fix config again
---
jeschli/1systems/bln/config.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index 6142933f5..407e913c0 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -19,8 +19,8 @@
jeschliFontSize = 20;
# Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
+# boot.loader.grub.enable = true;
+# boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
From 0c04595ddfdd25b7d5cbb508609d731736a2f00e Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 20 Mar 2018 16:37:12 +0100
Subject: [PATCH 20/55] jeschli bln: config cosmetics
---
jeschli/1systems/bln/config.nix | 75 +++++++++------------------------
1 file changed, 20 insertions(+), 55 deletions(-)
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index 407e913c0..6098f8cfe 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -1,30 +1,18 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
{ config, lib, pkgs, ... }:
# bln config file
{
imports =
- [ # Include the results of the hardware scan.
- <stockholm/jeschli>
+ [ <stockholm/jeschli>
<stockholm/jeschli/2configs/virtualbox.nix>
<stockholm/jeschli/2configs/urxvt.nix>
./hardware-configuration.nix
- # ./dcso-vpn.nix
];
- # Use the systemd-boot EFI boot loader.
+
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
jeschliFontSize = 20;
- # Use the GRUB 2 boot loader.
-# boot.loader.grub.enable = true;
-# boot.loader.grub.version = 2;
- # boot.loader.grub.efiSupport = true;
- # boot.loader.grub.efiInstallAsRemovable = true;
- # boot.loader.efi.efiSysMountPoint = "/boot/efi";
- # Define on which hard drive you want to install Grub.
+
environment.shellAliases = {
n = "nix-shell";
gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
@@ -34,10 +22,12 @@
LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"'
'';
};
- networking.hostName = lib.mkForce "BLN02NB0232"; # Define your hostname.
+ networking.hostName = lib.mkForce "BLN02NB0232";
networking.networkmanager.enable = true;
+
# Set your time zone.
time.timeZone = "Europe/Berlin";
+
# Setup Packages
nixpkgs.config.allowUnfree = true;
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
@@ -61,7 +51,7 @@
emacs
# databases
sqlite
- # internet
+ # internet
thunderbird
hipchat
chromium
@@ -92,67 +82,42 @@
programs.bash.enableCompletion = true;
programs.vim.defaultEditor = true;
- # programs.mtr.enable = true;
- # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
- # List services that you want to enable:
-
- # Enable the OpenSSH daemon.
services.openssh.enable = true;
- # Open ports in the firewall.
- # networking.firewall.allowedTCPPorts = [ ... ];
- # networking.firewall.allowedUDPPorts = [ ... ];
- # Or disable the firewall altogether.
- # networking.firewall.enable = false;
-
# Enable CUPS to print documents.
services.printing.enable = true;
services.printing.drivers = [ pkgs.postscript-lexmark ];
+
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
- # services.xserver.xrandrHeads = [
- # { output = "eDP1"; }
- # { output = "DP-2-2-8"; primary = true; }
- # { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; }
- # ];
+
services.xserver.windowManager.xmonad.enable = true;
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
services.xserver.displayManager.sddm.enable = true;
-# services.xserver.desktopManager.gnome3.enable = true;
services.xserver.dpi = 100;
fonts.fontconfig.dpi = 100;
-# services.xserver.displayManager.sessionCommands = ''
-# (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off
-#'';
-
users.extraUsers.jeschli = {
isNormalUser = true;
extraGroups = ["docker" "vboxusers"];
uid = 1000;
};
- # This value determines the NixOS release with which your system is to be
- # compatible, in order to avoid breaking some software such as database
- # servers. You should change this only after NixOS release notes say you
- # should.
- system.stateVersion = "17.09"; # Did you read the comment?
-
+ system.stateVersion = "17.09";
# Gogland Debugger workaround
-# nixpkgs.config.packageOverrides = super: {
-# idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: {
-# postFixup = ''
-# interp="$(cat $NIX_CC/nix-support/dynamic-linker)"
-# patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
-# chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
-# '';
-# });
-# };
+ # nixpkgs.config.packageOverrides = super: {
+ # idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: {
+ # postFixup = ''
+ # interp="$(cat $NIX_CC/nix-support/dynamic-linker)"
+ # patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
+ # chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
+ # '';
+ # });
+ # };
virtualisation.docker.enable = true;
-
# DCSO Certificates
security.pki.certificateFiles = [
@@ -165,7 +130,7 @@
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
# VBOX certs
./services.bundled.crt
- ];
+ ];
hardware.bluetooth.enable = true;
krebs.build.host = config.krebs.hosts.bln;
From 44843b90627eb95ab98955e6ea51171706b30aca Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 20 Mar 2018 16:42:35 +0100
Subject: [PATCH 21/55] j bln: -VBOX certs
---
jeschli/1systems/bln/config.nix | 2 --
1 file changed, 2 deletions(-)
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index 6098f8cfe..75f083a05 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -128,8 +128,6 @@
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
- # VBOX certs
- ./services.bundled.crt
];
hardware.bluetooth.enable = true;
From 86cb23a682b6453544942646080c6c62d488e617 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 20 Mar 2018 17:38:26 +0100
Subject: [PATCH 22/55] j: add my-emacs
---
jeschli/1systems/bln/config.nix | 1 +
jeschli/2configs/emacs.nix | 58 +++++++++++++++++++++++++++++++++
2 files changed, 59 insertions(+)
create mode 100644 jeschli/2configs/emacs.nix
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index 75f083a05..c9a7a34e2 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -5,6 +5,7 @@
[ <stockholm/jeschli>
<stockholm/jeschli/2configs/virtualbox.nix>
<stockholm/jeschli/2configs/urxvt.nix>
+ <stockholm/jeschli/2configs/emacs.nix>
./hardware-configuration.nix
];
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
new file mode 100644
index 000000000..3c1d6ba06
--- /dev/null
+++ b/jeschli/2configs/emacs.nix
@@ -0,0 +1,58 @@
+{ config, pkgs, ... }:
+
+let
+ emacsFile = ''
+(require 'package) ;; You might already have this line
+(let* ((no-ssl (and (memq system-type '(windows-nt ms-dos))
+ (not (gnutls-available-p))))
+ (url (concat (if no-ssl "http" "https") "://melpa.org/packages/")))
+ (add-to-list 'package-archives (cons "melpa" url) t)
+ (add-to-list 'package-archives
+ '("org" . "http://orgmode.org/elpa/") t)
+)
+(when (< emacs-major-version 24)
+ ;; For important compatibility libraries like cl-lib
+ (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/")))
+
+(package-initialize)
+
+;; Evil Mode
+(add-to-list 'load-path "~/.emacs.d/evil")
+(require 'evil)
+(evil-mode 1)
+(require 'evil-org)
+
+
+
+(custom-set-variables
+ ;; custom-set-variables was added by Custom.
+ ;; If you edit it by hand, you could mess it up, so be careful.
+ ;; Your init file should contain only one such instance.
+ ;; If there is more than one, they won't work right.
+ '(inhibit-startup-screen t)
+ '(org-agenda-files nil)
+ '(package-selected-packages
+ (quote
+ (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme))))
+(custom-set-faces
+ ;; custom-set-faces was added by Custom.
+ ;; If you edit it by hand, you could mess it up, so be careful.
+ ;; Your init file should contain only one such instance.
+ ;; If there is more than one, they won't work right.
+ )
+
+(tool-bar-mode -1) ; Disable the button bar atop screen
+(scroll-bar-mode -1) ; Disable scroll bar
+(setq inhibit-startup-screen t) ; Disable startup screen with graphics
+(setq-default indent-tabs-mode nil) ; Use spaces instead of tabs
+(setq tab-width 2) ; Four spaces is a tab
+(setq visible-bell nil) ; Disable annoying visual bell graphic
+(setq ring-bell-function 'ignore) ; Disable super annoying audio bell
+ '';
+ dotEmacs = pkgs.writeText "dot-emacs" emacsFile;
+ myEmacs = pkgs.writeDashBin "my-emacs" ''emacs -q -l ${dotEmacs}'';
+in {
+ environment.systemPackages = [
+ myEmacs
+ ];
+}
From 917db24b3f0f3da858d5575ca20fdaeafc007c20 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 20 Mar 2018 17:39:11 +0100
Subject: [PATCH 23/55] j bln: hardware-configuration cosmetics
---
jeschli/1systems/bln/hardware-configuration.nix | 3 ---
1 file changed, 3 deletions(-)
diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix
index 2b354190c..b774bfc19 100644
--- a/jeschli/1systems/bln/hardware-configuration.nix
+++ b/jeschli/1systems/bln/hardware-configuration.nix
@@ -1,6 +1,3 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
From c16e7b2ceae1d42d961f9e2aa66ec2bf32ac489b Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 20 Mar 2018 20:12:13 +0100
Subject: [PATCH 24/55] default.nix: add debug code
---
default.nix | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/default.nix b/default.nix
index 52e8924cd..cab55d40a 100644
--- a/default.nix
+++ b/default.nix
@@ -3,3 +3,20 @@ import <nixpkgs/nixos/lib/eval-config.nix> {
(import <nixpkgs/nixos/lib/from-env.nix> "NIXOS_CONFIG" <nixos-config>)
];
}
+//
+{
+ lib = import ./lib;
+ systems = with import ./lib; let
+ ns = getEnv "LOGNAME";
+ in
+ genAttrs
+ (attrNames (filterAttrs (_: eq "directory") (readDir (<stockholm> + "/${ns}/1systems"))))
+ (name: let
+ config = import (<stockholm> + "/${ns}/1systems/${name}/config.nix");
+ source = import (<stockholm> + "/${ns}/1systems/${name}/source.nix");
+ in import <nixpkgs/nixos/lib/eval-config.nix> {
+ modules = [ config ];
+ } // {
+ inherit source;
+ });
+}
From 117ca7ba1c7709fd4249b5e64d06731a302eb970 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 20 Mar 2018 20:14:51 +0100
Subject: [PATCH 25/55] j brauerei: +emacs
---
jeschli/1systems/brauerei/config.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index eb2bb11d2..1203720a5 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -5,6 +5,7 @@
<stockholm/jeschli>
./hardware-configuration.nix
<stockholm/jeschli/2configs/urxvt.nix>
+ <stockholm/jeschli/2configs/emacs.nix>
];
krebs.build.host = config.krebs.hosts.brauerei;
From a94da8573103f3a7ccaf836c6126041dc351b623 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 20 Mar 2018 20:16:12 +0100
Subject: [PATCH 26/55] j brauerei: *emacs with magit
---
jeschli/2configs/emacs.nix | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index 3c1d6ba06..b616acfae 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -50,7 +50,12 @@ let
(setq ring-bell-function 'ignore) ; Disable super annoying audio bell
'';
dotEmacs = pkgs.writeText "dot-emacs" emacsFile;
- myEmacs = pkgs.writeDashBin "my-emacs" ''emacs -q -l ${dotEmacs}'';
+ emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
+ magit
+ ]));
+ myEmacs = pkgs.writeDashBin "my-emacs" ''
+ exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@"
+ '';
in {
environment.systemPackages = [
myEmacs
From 87528e2ab6085a1a0fadcd1aa00870834c878c27 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Wed, 21 Mar 2018 08:59:35 +0100
Subject: [PATCH 27/55] j emacs: cosmetics
---
jeschli/2configs/emacs.nix | 103 +++++++++++++++++++------------------
1 file changed, 54 insertions(+), 49 deletions(-)
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index b616acfae..05e977844 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -1,58 +1,63 @@
{ config, pkgs, ... }:
let
+ packageRepos = ''
+ (require 'package) ;; You might already have this line
+ (let* ((no-ssl (and (memq system-type '(windows-nt ms-dos))
+ (not (gnutls-available-p))))
+ (url (concat (if no-ssl "http" "https") "://melpa.org/packages/")))
+ (add-to-list 'package-archives (cons "melpa" url) t)
+ (add-to-list 'package-archives
+ '("org" . "http://orgmode.org/elpa/") t)
+ )
+ (when (< emacs-major-version 24)
+ ;; For important compatibility libraries like cl-lib
+ (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/")))
+ (package-initialize)
+ '';
+ evilMode = ''
+ ;; Evil Mode
+ (add-to-list 'load-path "~/.emacs.d/evil")
+ (require 'evil)
+ (evil-mode 1)
+ (require 'evil-org)
+ '';
+ windowCosmetics = ''
+ (tool-bar-mode -1) ; Disable the button bar atop screen
+ (scroll-bar-mode -1) ; Disable scroll bar
+ (setq inhibit-startup-screen t) ; Disable startup screen with graphics
+ (setq-default indent-tabs-mode nil) ; Use spaces instead of tabs
+ (setq tab-width 2) ; Four spaces is a tab
+ (setq visible-bell nil) ; Disable annoying visual bell graphic
+ (setq ring-bell-function 'ignore) ; Disable super annoying audio bell
+ '';
emacsFile = ''
-(require 'package) ;; You might already have this line
-(let* ((no-ssl (and (memq system-type '(windows-nt ms-dos))
- (not (gnutls-available-p))))
- (url (concat (if no-ssl "http" "https") "://melpa.org/packages/")))
- (add-to-list 'package-archives (cons "melpa" url) t)
- (add-to-list 'package-archives
- '("org" . "http://orgmode.org/elpa/") t)
-)
-(when (< emacs-major-version 24)
- ;; For important compatibility libraries like cl-lib
- (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/")))
-
-(package-initialize)
-
-;; Evil Mode
-(add-to-list 'load-path "~/.emacs.d/evil")
-(require 'evil)
-(evil-mode 1)
-(require 'evil-org)
-
-
-
-(custom-set-variables
- ;; custom-set-variables was added by Custom.
- ;; If you edit it by hand, you could mess it up, so be careful.
- ;; Your init file should contain only one such instance.
- ;; If there is more than one, they won't work right.
- '(inhibit-startup-screen t)
- '(org-agenda-files nil)
- '(package-selected-packages
- (quote
- (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme))))
-(custom-set-faces
- ;; custom-set-faces was added by Custom.
- ;; If you edit it by hand, you could mess it up, so be careful.
- ;; Your init file should contain only one such instance.
- ;; If there is more than one, they won't work right.
- )
-
-(tool-bar-mode -1) ; Disable the button bar atop screen
-(scroll-bar-mode -1) ; Disable scroll bar
-(setq inhibit-startup-screen t) ; Disable startup screen with graphics
-(setq-default indent-tabs-mode nil) ; Use spaces instead of tabs
-(setq tab-width 2) ; Four spaces is a tab
-(setq visible-bell nil) ; Disable annoying visual bell graphic
-(setq ring-bell-function 'ignore) ; Disable super annoying audio bell
+ ${packageRepos}
+ ${evilMode}
+ ${windowCosmetics}
+ (custom-set-variables
+ ;; custom-set-variables was added by Custom.
+ ;; If you edit it by hand, you could mess it up, so be careful.
+ ;; Your init file should contain only one such instance.
+ ;; If there is more than one, they won't work right.
+ '(inhibit-startup-screen t)
+ '(org-agenda-files nil)
+ '(package-selected-packages
+ (quote
+ (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme))))
+ (custom-set-faces
+ ;; custom-set-faces was added by Custom.
+ ;; If you edit it by hand, you could mess it up, so be careful.
+ ;; Your init file should contain only one such instance.
+ ;; If there is more than one, they won't work right.
+ )
'';
dotEmacs = pkgs.writeText "dot-emacs" emacsFile;
- emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
- magit
- ]));
+ emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [
+ epkgs.melpaStablePackages.magit
+ epkgs.melpaPackages.mmm-mode
+ epkgs.melpaPackages.nix-mode
+ ]);
myEmacs = pkgs.writeDashBin "my-emacs" ''
exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@"
'';
From 26eb236cd9cce469be2a7cb227083742e037fac8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 18 Mar 2018 17:22:14 +0100
Subject: [PATCH 28/55] nixpkgs: c5bc83b -> 2a32f6b (18.03)
---
krebs/source.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/source.nix b/krebs/source.nix
index 733601a21..e12175b66 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -24,7 +24,7 @@ in
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "c665fcca9e7be8cd06c1f3c5bbe2b00d4c8f2a92"; # nixos-17.09 @ 2018-03-18
+ ref = "2a32f6bc0ccfbe8f158a40b96d828fbba921fd54"; # nixos-18.03 # 2018-03-16
};
}
override
From e5f3827fc84ba1c769c1422d92fa93ebcb0fc5d1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 18 Mar 2018 17:31:59 +0100
Subject: [PATCH 29/55] os-release: follow renamed modules
---
krebs/3modules/os-release.nix | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix
index 8f71a357f..5fbfe6614 100644
--- a/krebs/3modules/os-release.nix
+++ b/krebs/3modules/os-release.nix
@@ -1,8 +1,11 @@
{ config, ... }:
with import <stockholm/lib>;
let
- nixos-version-id = "${config.system.nixosVersion}";
- nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})";
+ nixos-version-id = if (hasAttr "nixos" config.system) then
+ "${config.system.nixos.version}" else "${config.system.nixosVersion}";
+ nixos-codeName = if (hasAttr "nixos" config.system) then
+ "${config.system.nixos.codeName}" else "${config.system.nixosCodeName}";
+ nixos-version = "${nixos-version-id} (${nixos-codeName})";
nixos-pretty-name = "NixOS ${nixos-version}";
stockholm-version-id = let
From 84adc28a3b70bd6a93c79d36f0247393d801b32b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 18 Mar 2018 17:36:46 +0100
Subject: [PATCH 30/55] l privoxy: RIP polipo
---
lass/2configs/privoxy.nix | 5 -----
1 file changed, 5 deletions(-)
diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix
index 33e8d1e46..e0a086421 100644
--- a/lass/2configs/privoxy.nix
+++ b/lass/2configs/privoxy.nix
@@ -3,10 +3,5 @@
{
services.privoxy = {
enable = true;
- extraConfig = ''
- #use polipo
- forward / localhost:8123
- '';
};
- services.polipo.enable = true;
}
From f859b7d7f8fe0c9968c961711ec7a6578a4d36a2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 18 Mar 2018 20:51:52 +0100
Subject: [PATCH 31/55] nixpkgs: 2a32f6b -> 0e7c9b3
---
krebs/source.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/source.nix b/krebs/source.nix
index e12175b66..f275460e1 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -24,7 +24,7 @@ in
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "2a32f6bc0ccfbe8f158a40b96d828fbba921fd54"; # nixos-18.03 # 2018-03-16
+ ref = "0e7c9b32817e5cbe61212d47a6cf9bcd71789322"; # nixos-18.03 # 2018-03-18
};
}
override
From 7303238443b3a76af6d12df1992ee499d98a7902 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Thu, 22 Mar 2018 16:19:29 +0100
Subject: [PATCH 32/55] j emacs: +orgMode +evil-org
---
jeschli/2configs/emacs.nix | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index 05e977844..3eced793c 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -21,6 +21,10 @@ let
(require 'evil)
(evil-mode 1)
(require 'evil-org)
+ (add-hook 'org-mode-hook 'evil-org-mode)
+ (evil-org-set-key-theme '(navigation insert textobjects additional calendar))
+ (require 'evil-org-agenda)
+ (evil-org-agenda-set-keys)
'';
windowCosmetics = ''
(tool-bar-mode -1) ; Disable the button bar atop screen
@@ -31,6 +35,16 @@ let
(setq visible-bell nil) ; Disable annoying visual bell graphic
(setq ring-bell-function 'ignore) ; Disable super annoying audio bell
'';
+ orgMode = ''
+ (add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode))
+ (global-set-key "\C-cl" 'org-store-link)
+ (global-set-key "\C-ca" 'org-agenda)
+ (global-set-key "\C-cb" 'org-iswitchb)
+ (if (boundp 'org-user-agenda-files)
+ (setq org-agenda-files org-user-agenda-files)
+ (setq org-agenda-files (quote ("~/projects/notes")))
+ )
+ '';
emacsFile = ''
${packageRepos}
${evilMode}
@@ -45,12 +59,7 @@ let
'(package-selected-packages
(quote
(smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme))))
- (custom-set-faces
- ;; custom-set-faces was added by Custom.
- ;; If you edit it by hand, you could mess it up, so be careful.
- ;; Your init file should contain only one such instance.
- ;; If there is more than one, they won't work right.
- )
+ ${orgMode}
'';
dotEmacs = pkgs.writeText "dot-emacs" emacsFile;
emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [
From e7f3880de27ff00ac5d0a18899dc271675fdc2d0 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Sat, 24 Mar 2018 10:30:03 +0000
Subject: [PATCH 33/55] j bolide: +emacs
---
jeschli/1systems/bolide/config.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix
index 83640801f..699a85b58 100644
--- a/jeschli/1systems/bolide/config.nix
+++ b/jeschli/1systems/bolide/config.nix
@@ -10,6 +10,7 @@
./hardware-configuration.nix
<stockholm/jeschli>
<stockholm/jeschli/2configs/urxvt.nix>
+ <stockholm/jeschli/2configs/emacs.nix>
];
krebs.build.host = config.krebs.hosts.bolide;
From e80c081eb7d720fb5584f24b0f38b5d6e61ac41e Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Sat, 24 Mar 2018 10:30:30 +0000
Subject: [PATCH 34/55] j emacs: +go-mode -evil-mode
---
jeschli/2configs/emacs.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index 3eced793c..d9e6c854a 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -47,7 +47,6 @@ let
'';
emacsFile = ''
${packageRepos}
- ${evilMode}
${windowCosmetics}
(custom-set-variables
;; custom-set-variables was added by Custom.
@@ -66,6 +65,7 @@ let
epkgs.melpaStablePackages.magit
epkgs.melpaPackages.mmm-mode
epkgs.melpaPackages.nix-mode
+ epkgs.melpaPackages.go-mode
]);
myEmacs = pkgs.writeDashBin "my-emacs" ''
exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@"
From b27dfa5a37b1345d36b57aa24b940287293418e0 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 23 Mar 2018 20:53:23 +0100
Subject: [PATCH 35/55] 0e7c9b3 -> 48856a9
---
krebs/source.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/source.nix b/krebs/source.nix
index f275460e1..0bd797a16 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -24,7 +24,7 @@ in
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "0e7c9b32817e5cbe61212d47a6cf9bcd71789322"; # nixos-18.03 # 2018-03-18
+ ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24
};
}
override
From 4851f6b43ff2eebecf5f1dc6a808225ee1af0f08 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Sat, 24 Mar 2018 12:08:14 +0100
Subject: [PATCH 36/55] j nixpkgs: follow krebs
---
jeschli/source.nix | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/jeschli/source.nix b/jeschli/source.nix
index 91ff5514f..29cf9d818 100644
--- a/jeschli/source.nix
+++ b/jeschli/source.nix
@@ -13,10 +13,7 @@ in
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
- nixpkgs.git = {
- url = https://github.com/nixos/nixpkgs;
- ref = "395fe7f";
- };
+ nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
secrets.file = getAttr builder {
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
jeschli = "${getEnv "HOME"}/secrets/${name}";
From d810727b985bbdce57ae2de515111949c141c3bd Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 24 Mar 2018 12:19:52 +0100
Subject: [PATCH 37/55] exim: krebs.setuid -> security.wrappers
---
krebs/3modules/exim.nix | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix
index cfcbbc438..274a943b1 100644
--- a/krebs/3modules/exim.nix
+++ b/krebs/3modules/exim.nix
@@ -50,15 +50,9 @@ in {
'';
systemPackages = [ pkgs.exim ];
};
- krebs.setuid = {
- exim = {
- filename = "${pkgs.exim}/bin/exim";
- mode = "4111";
- };
- sendmail = {
- filename = "${pkgs.exim}/bin/exim";
- mode = "4111";
- };
+ security.wrappers = {
+ exim.source = "${pkgs.exim}/bin/exim";
+ sendmail.source = "${pkgs.exim}/bin/exim";
};
systemd.services.exim = {
restartTriggers = [
From 6a94383764130a9a28a990d4e1e4413b0bbf3d06 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 26 Mar 2018 13:00:23 +0200
Subject: [PATCH 38/55] tv xmonad: add passmenu
---
tv/5pkgs/simple/xmonad-tv/default.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix
index 94c70153d..d474b7edd 100644
--- a/tv/5pkgs/simple/xmonad-tv/default.nix
+++ b/tv/5pkgs/simple/xmonad-tv/default.nix
@@ -133,6 +133,8 @@ myKeys conf = Map.fromList $
[ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing)
, ((_4S , xK_c ), kill)
+ , ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing)
+
, ((_4 , xK_x ), chooseAction spawnTermAt)
, ((_4C , xK_x ), spawnRootTerm)
From f76401ef002851cca81218de3d879b4829668ebe Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 27 Mar 2018 20:06:23 +0200
Subject: [PATCH 39/55] tv pkgs: init font-size
---
tv/5pkgs/simple/font-size.nix | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100644 tv/5pkgs/simple/font-size.nix
diff --git a/tv/5pkgs/simple/font-size.nix b/tv/5pkgs/simple/font-size.nix
new file mode 100644
index 000000000..21097ed6a
--- /dev/null
+++ b/tv/5pkgs/simple/font-size.nix
@@ -0,0 +1,26 @@
+{ writeDashBin }:
+writeDashBin "font-size" ''
+ set -efu
+
+ # set_font NORMAL_FONT BOLD_FONT
+ set_font() {
+ printf '\033]710;%s\007' "$1"
+ printf '\033]711;%s\007' "$2"
+ }
+
+ case ''${1-} in
+ '''|0|--reset)
+ set_font \
+ -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 \
+ -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 \
+ ;;
+ [1-9]|[1-9][0-9]|[1-9][0-9][0-9])
+ set_font \
+ xft:Monospace:size=$1 \
+ xft:Monospace:size=$1:bold \
+ ;;
+ *)
+ echo "$0: bad argument: $1" >&2
+ exit 1
+ esac
+''
From bd70fe17cbe4f99b2c5027e7b23f96cf92317a61 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 27 Mar 2018 20:06:48 +0200
Subject: [PATCH 40/55] tv xserver: systemPackages += font-size
---
tv/2configs/xserver/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 7ba78b974..6ef8a8768 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -11,6 +11,7 @@ in {
environment.systemPackages = [
pkgs.ff
+ pkgs.font-size
pkgs.gitAndTools.qgit
pkgs.mpv
pkgs.sxiv
From 5f9622bbdae0a9a459fd6a70cc9a3147f382162b Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 27 Mar 2018 20:46:56 +0200
Subject: [PATCH 41/55] haskellPackages.nix-diff: RIP
---
krebs/5pkgs/haskell/nix-diff/default.nix | 25 --------
.../5pkgs/haskell/nix-diff/nixos-system.patch | 18 ------
krebs/5pkgs/simple/stockholm/default.nix | 60 -------------------
tv/2configs/urlwatch.nix | 5 --
4 files changed, 108 deletions(-)
delete mode 100644 krebs/5pkgs/haskell/nix-diff/default.nix
delete mode 100644 krebs/5pkgs/haskell/nix-diff/nixos-system.patch
diff --git a/krebs/5pkgs/haskell/nix-diff/default.nix b/krebs/5pkgs/haskell/nix-diff/default.nix
deleted file mode 100644
index df0315048..000000000
--- a/krebs/5pkgs/haskell/nix-diff/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl
-, nix-derivation, optparse-generic, stdenv, system-filepath, text
-, unix, vector
-}:
-mkDerivation {
- pname = "nix-diff";
- version = "1.0.0-krebs1";
- src = fetchgit {
- url = "https://github.com/Gabriel439/nix-diff";
- sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k";
- rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d";
- };
- patches = [
- ./nixos-system.patch
- ];
- isLibrary = false;
- isExecutable = true;
- executableHaskellDepends = [
- attoparsec base containers Diff mtl nix-derivation optparse-generic
- system-filepath text unix vector
- ];
- homepage = "https://github.com/Gabriel439/nix-diff";
- description = "Explain why two Nix derivations differ";
- license = stdenv.lib.licenses.bsd3;
-}
diff --git a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch
deleted file mode 100644
index 03e186aa9..000000000
--- a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff --git a/src/Main.hs b/src/Main.hs
-index 959ab8e..d3b6077 100644
---- a/src/Main.hs
-+++ b/src/Main.hs
-@@ -95,7 +95,12 @@ pathToText path =
- underneath `/nix/store`, but this is the overwhelmingly common use case
- -}
- derivationName :: FilePath -> Text
--derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText
-+derivationName p =
-+ if Data.Text.isPrefixOf "nixos-system" s
-+ then "nixos-system"
-+ else s
-+ where
-+ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p
-
- -- | Group input derivations by their name
- groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text))
diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix
index 4d15e7ac2..9afe79510 100644
--- a/krebs/5pkgs/simple/stockholm/default.nix
+++ b/krebs/5pkgs/simple/stockholm/default.nix
@@ -9,7 +9,6 @@
#
cmds.deploy = pkgs.withGetopt {
- diff = { default = /* sh */ "false"; switch = true; };
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
source_file = {
@@ -25,65 +24,6 @@
. ${init.env}
. ${init.proxy "deploy" opts}
- if \test ${opts.diff.ref} = true; then
-
- system_profile=/nix/var/nix/profiles/system
- system_drv_cur=/etc/system.drv
-
- system_drv_new=$(
- ${pkgs.nix}/bin/nix-instantiate \
- -Q \
- -I "$target_path" \
- -E '
- (import <nixpkgs/nixos/lib/eval-config.nix> {
- modules = [ <nixos-config> ];
- }).config.system.build.toplevel
- '
- )
-
- if \test -e "$system_drv_cur"; then
-
- system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur")
- system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new")
-
- if \test "$system_drv_cur_c" = "$system_drv_new_c"; then
- echo "$0: system up to date" >&2
- exit 0
- fi
-
- system_drv_cur=$system_drv_cur_c \
- system_drv_new=$system_drv_new_c \
- ${pkgs.utillinux}/bin/script \
- --command '
- ${pkgs.haskellPackages.nix-diff}/bin/nix-diff \
- "$system_drv_cur" "$system_drv_new"
- ' \
- --quiet \
- --return \
- /dev/null
-
- printf 'deploy? [N/y] ' >&2
- read -r REPLY
- if \test "$REPLY" != y; then
- echo "$0: abort!" >&2
- exit 1
- fi
- else
- echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2
- fi
-
- new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new")
-
- ${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system"
- PATH=${lib.makeBinPath [
- pkgs.systemd
- ]} \
- "$system_profile"/bin/switch-to-configuration switch
-
- ${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur"
- exit
- fi
-
# Use system's nixos-rebuild, which is not self-contained
export PATH=/run/current-system/sw/bin
exec ${utils.with-whatsupnix} \
diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index 509257c48..897def8c9 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -13,11 +13,6 @@ with import <stockholm/lib>;
http://www.exim.org/
- {
- url = https://api.github.com/repos/Gabriel439/nix-diff/git/refs/heads/master;
- filter = "system:${pkgs.jq}/bin/jq -r .object.sha";
- }
-
# ref src/nixpkgs/pkgs/tools/admin/sec/default.nix
{
url = https://api.github.com/repos/simple-evcorr/sec/tags;
From 2cc1d9a54eaf512a2fddb57990df3462931990a4 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 27 Mar 2018 21:32:14 +0200
Subject: [PATCH 42/55] writeC: use binutils-unwrapped
---
krebs/5pkgs/writers.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix
index a48fc0f87..23773e17f 100644
--- a/krebs/5pkgs/writers.nix
+++ b/krebs/5pkgs/writers.nix
@@ -57,7 +57,7 @@ with import <stockholm/lib>;
passAsFile = [ "text" ];
} /* sh */ ''
PATH=${makeBinPath (with pkgs; [
- binutils
+ binutils-unwrapped
coreutils
gcc
])}
From 7e62c44607f193d3c9740f7c56df976b0db3c417 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 27 Mar 2018 21:35:27 +0200
Subject: [PATCH 43/55] Revert "exim: krebs.setuid -> security.wrappers"
This reverts commit d810727b985bbdce57ae2de515111949c141c3bd.
---
krebs/3modules/exim.nix | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix
index 274a943b1..cfcbbc438 100644
--- a/krebs/3modules/exim.nix
+++ b/krebs/3modules/exim.nix
@@ -50,9 +50,15 @@ in {
'';
systemPackages = [ pkgs.exim ];
};
- security.wrappers = {
- exim.source = "${pkgs.exim}/bin/exim";
- sendmail.source = "${pkgs.exim}/bin/exim";
+ krebs.setuid = {
+ exim = {
+ filename = "${pkgs.exim}/bin/exim";
+ mode = "4111";
+ };
+ sendmail = {
+ filename = "${pkgs.exim}/bin/exim";
+ mode = "4111";
+ };
};
systemd.services.exim = {
restartTriggers = [
From 9c1e215dd500458d37832f234ecb33f455ed4c64 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 28 Mar 2018 21:08:35 +0200
Subject: [PATCH 44/55] l xephyrify: handle resize
---
lass/5pkgs/xephyrify/default.nix | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix
index 8b18ea949..f1711891c 100644
--- a/lass/5pkgs/xephyrify/default.nix
+++ b/lass/5pkgs/xephyrify/default.nix
@@ -2,15 +2,18 @@
let
- minimalXmonad = writeHaskell "minimalXmonad" {
+ xephyrify-xmonad = writeHaskell "xephyrify-xmonad" {
executables.xmonad = {
extra-depends = [
"containers"
+ "unix"
"xmonad"
];
text = /* haskell */ ''
module Main where
import XMonad
+ import Data.Monoid
+ import System.Posix.Process (executeFile)
import qualified Data.Map as Map
main :: IO ()
@@ -21,8 +24,18 @@ let
, keys = myKeys
, normalBorderColor = "#000000"
, focusedBorderColor = "#000000"
+ , handleEventHook = myEventHook
}
+ myEventHook :: Event -> X All
+
+ myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
+ spawn "${xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
+ return (All True)
+
+ myEventHook _ = do
+ return (All True)
+
myLayoutHook = Full
myKeys _ = Map.fromList []
'';
From 28e1b8d3a51e2405ecc60b04e321f1f7dba364ad Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 28 Mar 2018 21:11:51 +0200
Subject: [PATCH 45/55] l xephyrify: change ownership of socket if wanted
---
lass/5pkgs/xephyrify/default.nix | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix
index f1711891c..8d6036843 100644
--- a/lass/5pkgs/xephyrify/default.nix
+++ b/lass/5pkgs/xephyrify/default.nix
@@ -43,13 +43,20 @@ let
};
in writeDashBin "xephyrify" ''
- NDISPLAY=:$(${coreutils}/bin/shuf -i 100-65536 -n 1)
+ NDISPLAY=''${NDISPLAY:-$(${coreutils}/bin/shuf -i 100-65536 -n 1)}
echo "using DISPLAY $NDISPLAY"
- ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable $NDISPLAY &
+ ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -dpi 60 -nolisten local :$NDISPLAY &
+ if test -n $DROP_TO_USER; then
+ sleep 1
+ ls /tmp/.X11-unix/
+ id
+ ${coreutils}/bin/chgrp "$DROP_TO_USER" "/tmp/.X11-unix/X$NDISPLAY"
+ ${coreutils}/bin/chmod 770 "/tmp/.X11-unix/X$NDISPLAY"
+ fi
XEPHYR_PID=$!
- DISPLAY=$NDISPLAY ${minimalXmonad}/bin/xmonad &
+ DISPLAY=:$NDISPLAY ${xephyrify-xmonad}/bin/xmonad &
XMONAD_PID=$!
- DISPLAY=$NDISPLAY ${virtualgl}/bin/vglrun "$@"
+ DISPLAY=:$NDISPLAY ${virtualgl}/bin/vglrun "$@"
kill $XMONAD_PID
kill $XEPHYR_PID
''
From 92540f5cf1628cfaceee6c19f08b3c13b05cf6b4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 28 Mar 2018 21:12:53 +0200
Subject: [PATCH 46/55] l xjails: init
---
lass/3modules/default.nix | 1 +
lass/3modules/xjail.nix | 87 +++++++++++++++++++++++++++++++++++++++
2 files changed, 88 insertions(+)
create mode 100644 lass/3modules/xjail.nix
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index fd77b2262..0c10e1ec2 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -11,6 +11,7 @@ _:
./screenlock.nix
./umts.nix
./usershadow.nix
+ ./xjail.nix
./xserver
];
}
diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix
new file mode 100644
index 000000000..af851760b
--- /dev/null
+++ b/lass/3modules/xjail.nix
@@ -0,0 +1,87 @@
+{ config, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+ options.lass.xjail = mkOption {
+ type = types.attrsOf (types.submodule ({ config, ...}: {
+ options = {
+ user = mkOption {
+ type = types.string;
+ default = "nobody";
+ };
+ groups = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ };
+ name = mkOption {
+ type = types.string;
+ default = config._module.args.name;
+ };
+ display = mkOption {
+ type = types.string;
+ default = toString (genid_signed config._module.args.name);
+ };
+ script = mkOption {
+ type = types.path;
+ default = pkgs.writeScript "echo_lol" "echo lol";
+ };
+ from = mkOption {
+ type = types.string;
+ default = "lass";
+ };
+ };
+ }));
+ default = {};
+ };
+
+ options.lass.xjail-bins = mkOption {
+ type = types.attrsOf types.path;
+ };
+
+ # implementation
+ config = {
+
+ users.users = mapAttrs' (_: cfg:
+ nameValuePair cfg.name {
+ uid = genid cfg.name;
+ home = "/home/${cfg.name}";
+ useDefaultShell = true;
+ createHome = true;
+ extraGroups = cfg.groups;
+ }
+ ) config.lass.xjail;
+
+ users.groups = mapAttrs' (_: cfg:
+ nameValuePair cfg.name {
+ members = [
+ cfg.name
+ cfg.from
+ ];
+ }
+ ) config.lass.xjail;
+
+ security.sudo.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg:
+ # TODO allow just the right script with sudo
+ "${cfg.from} ALL=(${cfg.name}) NOPASSWD: ALL"
+ ) config.lass.xjail));
+
+ lass.xjail-bins = mapAttrs' (name: cfg:
+ let
+ sudo-wrapper = pkgs.writeScript name ''
+ /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@"
+ '';
+ in nameValuePair name (pkgs.writeScriptBin cfg.name ''
+ export NDISPLAY=${cfg.display}
+ DISPLAY=:$NDISPLAY ${pkgs.xorg.xrandr}/bin/xrandr
+ if test $? -eq 0; then
+ echo xephyr already running
+ export DISPLAY=:$NDISPLAY
+ ${sudo-wrapper} "$@"
+ else
+ echo xephyr not running
+ DROP_TO_USER=${cfg.name} ${pkgs.xephyrify}/bin/xephyrify ${sudo-wrapper} "$@"
+ fi
+ '')
+ ) config.lass.xjail;
+ };
+}
From 30068c17c9c8dc807feab2856b40012c3fffcce4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 28 Mar 2018 21:13:57 +0200
Subject: [PATCH 47/55] l browsers: use xjails
---
lass/2configs/browsers.nix | 77 ++++++++++++++++++--------------------
1 file changed, 37 insertions(+), 40 deletions(-)
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index cbbd54b6b..153c386cf 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -21,58 +21,55 @@ let
$BIN "$@"
'';
- createChromiumUser = name: extraGroups: precedence:
- let
- bin = pkgs.writeScriptBin name ''
- /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
- '';
- in {
- users.extraUsers.${name} = {
- inherit name;
- inherit extraGroups;
- home = "/home/${name}";
- uid = genid name;
- useDefaultShell = true;
- createHome = true;
+ createChromiumUser = name: groups: precedence:
+ {
+ lass.xjail.${name} = {
+ user = name;
+ script = pkgs.writeDash name ''
+ ${pkgs.chromium}/bin/chromium "$@"
+ '';
+ inherit groups;
};
+ environment.systemPackages = [ config.lass.xjail-bins.${name} ];
lass.browser.paths.${name} = {
- path = bin;
+ path = config.lass.xjail-bins.${name};
inherit precedence;
};
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
- '';
- environment.systemPackages = [
- bin
- ];
};
- createFirefoxUser = name: extraGroups: precedence:
- let
- bin = pkgs.writeScriptBin name ''
- /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@
- '';
- in {
- users.extraUsers.${name} = {
- inherit name;
- inherit extraGroups;
- home = "/home/${name}";
- uid = genid name;
- useDefaultShell = true;
- createHome = true;
+ createFirefoxUser = name: groups: precedence:
+ {
+ lass.xjail.${name} = {
+ user = name;
+ script = pkgs.writeDash name ''
+ ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@"
+ '';
+ inherit groups;
};
+ environment.systemPackages = [ config.lass.xjail-bins.${name} ];
lass.browser.paths.${name} = {
- path = bin;
+ path = config.lass.xjail-bins.${name};
inherit precedence;
};
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
- '';
- environment.systemPackages = [
- bin
- ];
};
+ createQuteUser = name: groups: precedence:
+ {
+ lass.xjail.${name} = {
+ user = name;
+ script = pkgs.writeDash name ''
+ ${pkgs.qutebrowser}/bin/qutebrowser "$@"
+ '';
+ inherit groups;
+ };
+ environment.systemPackages = [ config.lass.xjail-bins.${name} ];
+ lass.browser.paths.${name} = {
+ path = config.lass.xjail-bins.${name};
+ inherit precedence;
+ };
+ };
+
+
#TODO: abstract this
in {
From e7b4686c7ac46e08a526e5d74eb6cd45af23b1da Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 28 Mar 2018 21:15:20 +0200
Subject: [PATCH 48/55] l browsers: remove video group from most users
---
lass/2configs/browsers.nix | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 153c386cf..351f15154 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -108,11 +108,11 @@ in {
};
}
( createFirefoxUser "ff" [ "audio" ] 10 )
- ( createChromiumUser "cr" [ "video" "audio" ] 9 )
+ ( createChromiumUser "cr" [ "audio" ] 9 )
( createChromiumUser "gm" [ "video" "audio" ] 8 )
- ( createChromiumUser "wk" [ "video" "audio" ] 0 )
- ( createChromiumUser "fb" [ "video" "audio" ] 0 )
- ( createChromiumUser "com" [ "video" "audio" ] 0 )
+ ( createChromiumUser "wk" [ "audio" ] 0 )
+ ( createChromiumUser "fb" [ "audio" ] 0 )
+ ( createChromiumUser "com" [ "audio" ] 0 )
( createChromiumUser "fin" [] (-1) )
];
}
From 1b050f22d44711c4f296c6bba371528d0cf44cf9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 28 Mar 2018 21:15:42 +0200
Subject: [PATCH 49/55] l browsers: add qb
---
lass/2configs/browsers.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 351f15154..75a86db6a 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -107,6 +107,7 @@ in {
}));
};
}
+ ( createQuteUser "qb" [ "audio" ] 20 )
( createFirefoxUser "ff" [ "audio" ] 10 )
( createChromiumUser "cr" [ "audio" ] 9 )
( createChromiumUser "gm" [ "video" "audio" ] 8 )
From 22f33b8e99cf9ffe575905370df736ddc3517338 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 28 Mar 2018 21:16:03 +0200
Subject: [PATCH 50/55] reaktor-plugins sed: limit output
---
.../5pkgs/simple/Reaktor/scripts/sed-plugin.py | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
index da8e2f726..51ac7a071 100644
--- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
+++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
@@ -18,20 +18,27 @@ def is_regex(line):
myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$')
return myre.match(line)
+
line = argv[1]
if is_regex(line):
last = d.get(usr, None)
if last:
from subprocess import Popen, PIPE
- p = Popen(['sed', line], stdin=PIPE, stdout=PIPE)
+ p = Popen(['sed', line], stdin=PIPE, stdout=PIPE, stderr=PIPE)
so, se = p.communicate(bytes("{}\n".format(last), "UTF-8"))
if p.returncode:
- print("something went wrong when trying to process your regex: {}".format(se.decode()))
+ print("something went wrong when trying to process your regex: {}".format(line.strip()))
ret = so.decode()
- print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip()))
- if ret:
- d[usr] = ret
+ if len(ret) > 512:
+ print('message to long, skipped')
+ elif len(ret.split('\n')) > 5:
+ print('to many lines, skipped')
+ else:
+ if last.strip() != ret.strip():
+ print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip()))
+ if ret:
+ d[usr] = ret
else:
print("no last message")
From 1710530cae5189cdc779212084ea3091fefc275b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 29 Mar 2018 14:10:23 +0200
Subject: [PATCH 51/55] writers writeC: 17.09 workaround
---
krebs/5pkgs/writers.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix
index 23773e17f..1939bf854 100644
--- a/krebs/5pkgs/writers.nix
+++ b/krebs/5pkgs/writers.nix
@@ -57,7 +57,8 @@ with import <stockholm/lib>;
passAsFile = [ "text" ];
} /* sh */ ''
PATH=${makeBinPath (with pkgs; [
- binutils-unwrapped
+ # TODO remove if everyone migrated to 18.03
+ (if hasAttr "binutils-unwrapped" pkgs then binutils-unwrapped else binutils)
coreutils
gcc
])}
From 23e797744017d984d67ba66d879e35913bbac4d7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 29 Mar 2018 16:39:08 +0200
Subject: [PATCH 52/55] l mail: track neomutt name change
---
lass/2configs/mail.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index b9682c5ee..81db59617 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -75,7 +75,7 @@ let
muttrc = pkgs.writeText "muttrc" ''
# gpg
- source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
+ source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc
set pgp_use_gpg_agent = yes
set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D
set crypt_autosign = yes
@@ -195,7 +195,7 @@ let
name = "mutt";
paths = [
(pkgs.writeDashBin "mutt" ''
- exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@
+ exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@
'')
pkgs.neomutt
];
From a75858a8ced30f9ed46e282e75a3cdccd515abd7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Apr 2018 14:11:14 +0200
Subject: [PATCH 53/55] nixpkgs: 48856a9 -> b6ddb99
---
krebs/source.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/source.nix b/krebs/source.nix
index 0bd797a16..e5fb6c5e1 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -24,7 +24,7 @@ in
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24
+ ref = "b6ddb9913f2b8206837e0f137db907bdefb9275e"; # nixos-18.03 # 2018-03-24
};
}
override
From 0f47b98e81755494df19325e91974f8d9d2c8617 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Apr 2018 16:17:45 +0200
Subject: [PATCH 54/55] l xjail: add working GPU acceleration
---
lass/3modules/xjail.nix | 121 ++++++++++++++++++++++++++++++++--------
1 file changed, 99 insertions(+), 22 deletions(-)
diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix
index af851760b..325ebcc99 100644
--- a/lass/3modules/xjail.nix
+++ b/lass/3modules/xjail.nix
@@ -1,33 +1,88 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
{
options.lass.xjail = mkOption {
type = types.attrsOf (types.submodule ({ config, ...}: {
options = {
+ name = mkOption {
+ type = types.string;
+ default = config._module.args.name;
+ };
user = mkOption {
type = types.string;
- default = "nobody";
+ default = config.name;
};
groups = mkOption {
type = types.listOf types.str;
default = [];
};
- name = mkOption {
+ from = mkOption {
type = types.string;
- default = config._module.args.name;
+ default = "lass";
};
display = mkOption {
type = types.string;
default = toString (genid_signed config._module.args.name);
};
+ dpi = mkOption {
+ type = types.int;
+ default = 90;
+ };
+ extraXephyrArgs = mkOption {
+ type = types.str;
+ default = "";
+ };
+ extraVglrunArgs = mkOption {
+ type = types.str;
+ default = "";
+ };
script = mkOption {
type = types.path;
default = pkgs.writeScript "echo_lol" "echo lol";
};
- from = mkOption {
+ wm = mkOption {
+ #TODO find type
type = types.string;
- default = "lass";
+ default = "${pkgs.writeHaskell "xephyrify-xmonad" {
+ executables.xmonad = {
+ extra-depends = [
+ "containers"
+ "unix"
+ "xmonad"
+ ];
+ text = /* haskell */ ''
+ module Main where
+ import XMonad
+ import Data.Monoid
+ import System.Posix.Process (executeFile)
+ import qualified Data.Map as Map
+
+ main :: IO ()
+ main = do
+ xmonad def
+ { workspaces = [ "1" ]
+ , layoutHook = myLayoutHook
+ , keys = myKeys
+ , normalBorderColor = "#000000"
+ , focusedBorderColor = "#000000"
+ , handleEventHook = myEventHook
+ }
+
+ myEventHook :: Event -> X All
+
+ myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
+ spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
+ return (All True)
+
+ myEventHook _ = do
+ return (All True)
+
+ myLayoutHook = Full
+ myKeys _ = Map.fromList []
+ '';
+ };
+ }}/bin/xmonad";
};
};
}));
@@ -39,7 +94,42 @@ with import <stockholm/lib>;
};
# implementation
- config = {
+ config = let
+ scripts = mapAttrs' (name: cfg:
+ let
+ newOrExisting = pkgs.writeDash "${cfg.name}-existing" ''
+ DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr
+ if test $? -eq 0; then
+ echo using existing xephyr
+ ${sudo_} "$@"
+ else
+ echo starting new xephyr
+ ${xephyr_} "$@"
+ fi
+ '';
+ xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" ''
+ ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} &
+ XEPHYR_PID=$!
+ DISPLAY=:${cfg.display} ${cfg.wm} &
+ WM_PID=$!
+ ${sudo_} "$@"
+ ${pkgs.coreutils}/bin/kill $WM_PID
+ ${pkgs.coreutils}/bin/kill $XEPHYR_PID
+ '';
+ sudo_ = pkgs.writeDash "${cfg.name}-sudo" ''
+ /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@"
+ '';
+ vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" ''
+ DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@"
+ '';
+ in nameValuePair name {
+ existing = newOrExisting;
+ xephyr = xephyr_;
+ sudo = sudo_;
+ vglrun = vglrun_;
+ }
+ ) config.lass.xjail;
+ in {
users.users = mapAttrs' (_: cfg:
nameValuePair cfg.name {
@@ -66,21 +156,8 @@ with import <stockholm/lib>;
) config.lass.xjail));
lass.xjail-bins = mapAttrs' (name: cfg:
- let
- sudo-wrapper = pkgs.writeScript name ''
- /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@"
- '';
- in nameValuePair name (pkgs.writeScriptBin cfg.name ''
- export NDISPLAY=${cfg.display}
- DISPLAY=:$NDISPLAY ${pkgs.xorg.xrandr}/bin/xrandr
- if test $? -eq 0; then
- echo xephyr already running
- export DISPLAY=:$NDISPLAY
- ${sudo-wrapper} "$@"
- else
- echo xephyr not running
- DROP_TO_USER=${cfg.name} ${pkgs.xephyrify}/bin/xephyrify ${sudo-wrapper} "$@"
- fi
+ nameValuePair name (pkgs.writeScriptBin cfg.name ''
+ ${scripts.${name}.existing} "$@"
'')
) config.lass.xjail;
};
From 1a5b58c828409ce9bf1639f3f26ebeb142e0148a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Apr 2018 16:19:28 +0200
Subject: [PATCH 55/55] l browsers: use new xjail interface
---
lass/2configs/browsers.nix | 50 ++++++++++----------------------------
1 file changed, 13 insertions(+), 37 deletions(-)
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 75a86db6a..91ee08bfd 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -21,14 +21,10 @@ let
$BIN "$@"
'';
- createChromiumUser = name: groups: precedence:
+ createUser = script: name: groups: precedence: dpi:
{
lass.xjail.${name} = {
- user = name;
- script = pkgs.writeDash name ''
- ${pkgs.chromium}/bin/chromium "$@"
- '';
- inherit groups;
+ inherit script groups dpi;
};
environment.systemPackages = [ config.lass.xjail-bins.${name} ];
lass.browser.paths.${name} = {
@@ -37,40 +33,20 @@ let
};
};
+ createChromiumUser = name: groups: precedence:
+ createUser (pkgs.writeDash name ''
+ ${pkgs.chromium}/bin/chromium "$@"
+ '') name groups precedence 80;
+
createFirefoxUser = name: groups: precedence:
- {
- lass.xjail.${name} = {
- user = name;
- script = pkgs.writeDash name ''
- ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@"
- '';
- inherit groups;
- };
- environment.systemPackages = [ config.lass.xjail-bins.${name} ];
- lass.browser.paths.${name} = {
- path = config.lass.xjail-bins.${name};
- inherit precedence;
- };
- };
+ createUser (pkgs.writeDash name ''
+ ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@"
+ '') name groups precedence 80;
createQuteUser = name: groups: precedence:
- {
- lass.xjail.${name} = {
- user = name;
- script = pkgs.writeDash name ''
- ${pkgs.qutebrowser}/bin/qutebrowser "$@"
- '';
- inherit groups;
- };
- environment.systemPackages = [ config.lass.xjail-bins.${name} ];
- lass.browser.paths.${name} = {
- path = config.lass.xjail-bins.${name};
- inherit precedence;
- };
- };
-
-
- #TODO: abstract this
+ createUser (pkgs.writeDash name ''
+ ${pkgs.qutebrowser}/bin/qutebrowser "$@"
+ '') name groups precedence 60;
in {