Merge remote-tracking branch 'cd/master'

This commit is contained in:
lassulus 2015-10-31 00:13:32 +01:00
commit 5b4a340624
30 changed files with 565 additions and 118 deletions

View file

@ -24,8 +24,8 @@ with lib;
};
imports = [
../2configs/CAC-Developer-2.nix
../2configs/CAC-CentOS-7-64bit.nix
../2configs/hw/CAC-Developer-2.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/base.nix
#../2configs/consul-server.nix
../2configs/exim-smarthost.nix

View file

@ -37,8 +37,8 @@ in
};
imports = [
../2configs/CAC-Developer-1.nix
../2configs/CAC-CentOS-7-64bit.nix
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/consul-server.nix
../2configs/exim-smarthost.nix

View file

@ -24,7 +24,7 @@ with lib;
};
imports = [
../2configs/AO753.nix
../2configs/hw/AO753.nix
../2configs/base.nix
#../2configs/consul-server.nix
../2configs/git.nix
@ -87,13 +87,6 @@ with lib;
swapDevices = [ ];
nix = {
buildCores = 2;
maxJobs = 2;
daemonIONiceLevel = 1;
daemonNiceLevel = 1;
};
# TODO base
boot.tmpOnTmpfs = true;

View file

@ -37,8 +37,8 @@ in
};
imports = [
../2configs/CAC-Developer-1.nix
../2configs/CAC-CentOS-7-64bit.nix
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/consul-server.nix
../2configs/exim-smarthost.nix

View file

@ -24,7 +24,7 @@ with lib;
};
imports = [
../2configs/w110er.nix
../2configs/hw/w110er.nix
../2configs/base.nix
#../2configs/consul-client.nix
../2configs/git.nix
@ -389,6 +389,4 @@ with lib;
services.tor.enable = true;
services.virtualboxHost.enable = true;
# TODO w110er if xserver is enabled
services.xserver.vaapiDrivers = [ pkgs.vaapiIntel ];
}

390
tv/1systems/xu.nix Normal file
View file

@ -0,0 +1,390 @@
{ config, lib, pkgs, ... }:
with lib;
{
krebs.build.host = config.krebs.hosts.xu;
krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@xu";
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "e57024f821c94caf5684964474073649b8b6356b";
};
dir.secrets = {
host = config.krebs.hosts.wu;
path = "/home/tv/secrets/xu";
};
dir.stockholm = {
host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
imports = [
../2configs/hw/x220.nix
../2configs/base.nix
#../2configs/consul-client.nix
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver
{
environment.systemPackages = with pkgs; [
# stockholm
genid
gnumake
hashPassword
lentil
parallel
(pkgs.writeScriptBin "im" ''
#! ${pkgs.bash}/bin/bash
export PATH=${makeSearchPath "bin" (with pkgs; [
tmux
gnugrep
weechat
])}
if tmux list-sessions -F\#S | grep -q '^im''$'; then
exec tmux attach -t im
else
exec tmux new -s im weechat
fi
'')
# root
cryptsetup
ntp # ntpate
# tv
bc
bind # dig
#cac
dic
ff
file
gitAndTools.qgit #xserver
gnupg21
haskellPackages.hledger
htop
jq
manpages
mkpasswd
mpv #xserver
netcat
nix-repl
nmap
nq
p7zip
pavucontrol #xserver
posix_man_pages
#pssh
qrencode
sxiv #xserver
texLive
tmux
zathura #xserver
#ack
#apache-httpd
#ascii
#emacs
#es
#esniper
#gcc
#gptfdisk
#graphviz
#haskellPackages.cabal2nix
#haskellPackages.ghc
#haskellPackages.shake
#hdparm
#i7z
#iftop
#imagemagick
#inotifyTools
#iodine
#iotop
#lshw
#lsof
#minicom
#mtools
#ncmpc
#neovim
#nethogs
#nix-prefetch-scripts #cvs bug
#openssl
#openswan
#parted
#perl
#powertop
#ppp
#proot
#pythonPackages.arandr
#pythonPackages.youtube-dl
#racket
#rxvt_unicode-with-plugins
#scrot
#sec
#silver-searcher
#sloccount
#smartmontools
#socat
#sshpass
#strongswan
#sysdig
#sysstat
#tcpdump
#tlsdate
#unetbootin
#utillinuxCurses
#wvdial
#xdotool
#xkill
#xl2tpd
#xsel
];
}
{
tv.iptables = {
enable = true;
input-internet-accept-new-tcp = [
"ssh"
"http"
"tinc"
"smtp"
];
};
}
{
krebs.exim-retiolum.enable = true;
}
{
krebs.nginx = {
enable = true;
servers.default.locations = [
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
alias /home/$1/public_html$2;
'')
];
};
}
{
krebs.retiolum = {
enable = true;
connectTo = [
"cd"
"gum"
"pigstarter"
];
};
}
{
users.extraGroups = {
tv.gid = 1337;
slaves.gid = 3799582008; # genid slaves
};
users.extraUsers =
mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
inherit name;
home = "/home/${name}";
createHome = true;
useDefaultShell = true;
group = "tv";
extraGroups = ["slaves"] ++ extraGroups;
}) {
ff = {
uid = 13378001;
extraGroups = [
"audio"
"video"
];
};
cr = {
uid = 13378002;
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
fa = {
uid = 2300001;
};
rl = {
uid = 2300002;
};
tief = {
uid = 2300702;
};
btc-bitcoind = {
uid = 2301001;
};
btc-electrum = {
uid = 2301002;
};
ltc-litecoind = {
uid = 2301101;
};
eth = {
uid = 2302001;
};
emse-hsdb = {
uid = 4200101;
};
wine = {
uid = 13370400;
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
df = {
uid = 13370401;
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
xr = {
uid = 13370061;
extraGroups = [
"audio"
"video"
];
};
"23" = {
uid = 13370023;
};
electrum = {
uid = 13370102;
};
skype = {
uid = 6660001;
extraGroups = [
"audio"
];
};
onion = {
uid = 6660010;
};
zalora = {
uid = 1000301;
extraGroups = [
"audio"
# TODO remove vboxusers when hardening is active
"vboxusers"
"video"
];
};
};
security.sudo.extraConfig =
let
isSlave = u: elem "slaves" u.extraGroups;
masterOf = u: u.group;
slaves = filterAttrs (_: isSlave) config.users.extraUsers;
toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
in
concatMapStringsSep "\n" toSudoers (attrValues slaves);
}
];
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "xts" ];
devices = [
{ name = "xuca"; device = "/dev/sda2"; }
];
};
fileSystems = {
"/" = {
device = "/dev/mapper/xuvga-root";
fsType = "btrfs";
options = "defaults,noatime,ssd,compress=lzo";
};
"/home" = {
device = "/dev/mapper/xuvga-home";
fsType = "btrfs";
options = "defaults,noatime,ssd,compress=lzo";
};
"/boot" = {
device = "/dev/sda1";
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = "nosuid,nodev,noatime";
};
};
nixpkgs.config.chromium.enablePepperFlash = true;
nixpkgs.config.allowUnfree = true;
#hardware.bumblebee.enable = true;
#hardware.bumblebee.group = "video";
hardware.enableAllFirmware = true;
#hardware.opengl.driSupport32Bit = true;
hardware.pulseaudio.enable = true;
environment.systemPackages = with pkgs; [
#xlibs.fontschumachermisc
#slock
ethtool
#firefoxWrapper # with plugins
#chromiumDevWrapper
tinc
iptables
#jack2
gptfdisk
];
security.setuidPrograms = [
"sendmail" # for cron
#"slock"
];
services.printing.enable = true;
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
];
#virtualisation.libvirtd.enable = true;
#services.bitlbee.enable = true;
#services.tor.client.enable = true;
#services.tor.enable = true;
#services.virtualboxHost.enable = true;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09";
}

View file

@ -1,47 +0,0 @@
_:
{
boot.loader.grub = {
device = "/dev/sda";
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
];
fileSystems."/" = {
device = "/dev/centos/root";
fsType = "xfs";
};
fileSystems."/boot" = {
device = "/dev/sda1";
fsType = "xfs";
};
swapDevices = [
{ device = "/dev/centos/swap"; }
];
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
# Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
# Docs: man:tmpfiles.d(5)
# man:systemd-tmpfiles(8)
# Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
# Main PID: 19272 (code=exited, status=1/FAILURE)
#
# Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
# Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
# Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
# warning: error(s) occured while switching to the new configuration
lock.gid = 10001;
};
}

View file

@ -1,6 +0,0 @@
_:
{
nix.maxJobs = 1;
sound.enable = false;
}

View file

@ -1,6 +0,0 @@
_:
{
nix.maxJobs = 2;
sound.enable = false;
}

View file

@ -1,4 +0,0 @@
{ ... }:
{
}

View file

@ -0,0 +1,20 @@
_:
{
boot.loader.grub = {
device = "/dev/sda";
};
fileSystems = {
"/" = {
device = "/dev/centos/root";
fsType = "xfs";
};
"/boot" = {
device = "/dev/sda1";
fsType = "xfs";
};
};
swapDevices = [
{ device = "/dev/centos/swap"; }
];
}

View file

@ -2,7 +2,7 @@
{
imports = [
../2configs/smartd.nix
../smartd.nix
];
boot.loader.grub = {
@ -25,6 +25,13 @@
networking.wireless.enable = true;
nix = {
buildCores = 2;
maxJobs = 2;
daemonIONiceLevel = 1;
daemonNiceLevel = 1;
};
services.logind.extraConfig = ''
HandleHibernateKey=ignore
HandleLidSwitch=ignore

View file

@ -0,0 +1,8 @@
_:
{
imports = [ ./CAC.nix ];
nix = {
buildCores = 1;
maxJobs = 1;
};
}

View file

@ -0,0 +1,8 @@
_:
{
imports = [ ./CAC.nix ];
nix = {
buildCores = 2;
maxJobs = 2;
};
}

13
tv/2configs/hw/CAC.nix Normal file
View file

@ -0,0 +1,13 @@
_:
{
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
];
boot.loader.grub.splashImage = null;
nix = {
daemonIONiceLevel = 1;
daemonNiceLevel = 1;
};
sound.enable = false;
}

View file

@ -2,7 +2,7 @@
{
imports = [
../2configs/smartd.nix
../smartd.nix
];
boot.extraModprobeConfig = ''
@ -31,6 +31,10 @@
HandleSuspendKey=ignore
'';
services.xserver = {
vaapiDrivers = [ pkgs.vaapiIntel ];
};
system.activationScripts.powertopTunables = ''
echo 1 > /sys/module/snd_hda_intel/parameters/power_save
echo 1500 > /proc/sys/vm/dirty_writeback_centisecs

60
tv/2configs/hw/x220.nix Normal file
View file

@ -0,0 +1,60 @@
{ pkgs, ... }:
{
imports = [
../smartd.nix
];
boot.initrd.availableKernelModules = [ "ahci" ];
boot.kernelModules = [ "kvm-intel" ];
boot.loader.gummiboot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.wireless.enable = true;
#hardware.enableAllFirmware = true;
#nixpkgs.config.allowUnfree = true;
#zramSwap.enable = true;
#zramSwap.numDevices = 2;
hardware.trackpoint = {
enable = true;
sensitivity = 220;
speed = 0;
emulateWheel = true;
};
services.tlp.enable = true;
services.tlp.extraConfig = ''
START_CHARGE_THRESH_BAT0=80
'';
nix = {
buildCores = 2;
maxJobs = 2;
daemonIONiceLevel = 1;
daemonNiceLevel = 1;
};
services.logind.extraConfig = ''
HandleHibernateKey=ignore
HandleLidSwitch=ignore
HandlePowerKey=ignore
HandleSuspendKey=ignore
'';
services.xserver = {
videoDriver = "intel";
vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
deviceSection = ''
Option "AccelMethod" "sna"
'';
};
#services.xserver.displayManager.sessionCommands =''
# xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
# xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2
# xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
#'';
}

View file

@ -70,10 +70,15 @@ let
ExecStart = "${xserver}/bin/xserver";
};
};
};
xmonad-pkg = pkgs.haskellPackages.callPackage xmonad-src {};
xmonad-src = pkgs.writeNixFromCabal "xmonad.nix" ./xmonad;
programs.bash.interactiveShellInit = ''
case ''${XMONAD_SPAWN_WORKSPACE-} in
za|zh|zj|zs)
exec sudo -u zalora -i
;;
esac
'';
};
xmonad-environment = {
DISPLAY = ":${toString config.services.xserver.display}";
@ -89,7 +94,7 @@ let
"im"
"mail"
"stockholm"
"za" "zj" "zs"
"za" "zh" "zj" "zs"
]);
};
@ -111,17 +116,12 @@ let
settle ${pkgs.xorg.xhost}/bin/xhost +LOCAL:
settle ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args}
settle ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c'
if test -e "$XMONAD_STATE"; then
IFS=''$'\n'
exec ${xmonad-pkg}/bin/xmonad --resume $(< "$XMONAD_STATE")
else
exec ${xmonad-pkg}/bin/xmonad
fi
exec ${pkgs.xmonad-tv}/bin/xmonad
'';
xmonad-stop = pkgs.writeScriptBin "xmonad-stop" ''
#! /bin/sh
exec ${xmonad-pkg}/bin/xmonad --shutdown
exec ${pkgs.xmonad-tv}/bin/xmonad --shutdown
'';
xserver-environment = {

View file

@ -1,16 +0,0 @@
module Util.Debunk
( printToErrors
) where
import XMonad
import System.FilePath ( (</>) )
import Control.Exception ( bracket )
import System.IO ( hPrint, stderr, openFile, hClose, IOMode( AppendMode ) )
printToErrors x = do
dir <- getXMonadDir
let base = dir </> "xmonad"
err = base ++ ".errors"
bracket (openFile err AppendMode) hClose $ \h -> hPrint h x

View file

@ -3,4 +3,7 @@
{
ff = pkgs.callPackage ./ff {};
viljetic-pages = pkgs.callPackage ./viljetic-pages {};
xmonad-tv =
let src = pkgs.writeNixFromCabal "xmonad-tv.nix" ./xmonad-tv; in
pkgs.haskellPackages.callPackage src {};
}

View file

@ -1,4 +1,5 @@
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE ScopedTypeVariables #-}
@ -8,7 +9,9 @@ module Main where
import Control.Exception
import Text.Read (readEither)
import XMonad
import System.Environment (getArgs, getEnv)
import System.IO (hPutStrLn, stderr)
import System.Environment (getArgs, withArgs, getEnv, getEnvironment)
import System.Posix.Process (executeFile)
import XMonad.Prompt (defaultXPConfig)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
, removeEmptyWorkspace)
@ -34,7 +37,6 @@ import XMonad.Layout.PerWorkspace (onWorkspace)
--import XMonad.Actions.Submap
import Util.Pager
import Util.Rhombus
import Util.Debunk
import Util.Shutdown
@ -55,7 +57,7 @@ main = getArgs >>= \case
mainNoArgs :: IO ()
mainNoArgs = do
workspaces0 <- getWorkspaces0
xmonad
xmonad'
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
-- urgencyConfig { remindWhen = Every 1 }
-- $ withUrgencyHook borderUrgencyHook "magenta"
@ -81,6 +83,17 @@ mainNoArgs = do
(FixedColumn 1 20 80 10 ||| Full)
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
xmonad' conf = do
path <- getEnv "XMONAD_STATE"
try (readFile path) >>= \case
Right content -> do
hPutStrLn stderr ("resuming from " ++ path)
withArgs ("--resume" : lines content) (xmonad conf)
Left e -> do
hPutStrLn stderr (displaySomeException e)
xmonad conf
getWorkspaces0 :: IO [String]
getWorkspaces0 =
try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
@ -91,7 +104,7 @@ getWorkspaces0 =
Left e -> warn e
Right y -> return y
where
warn msg = putStrLn ("getWorkspaces0: " ++ msg) >> return []
warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
displaySomeException :: SomeException -> String
displaySomeException = displayException
@ -100,8 +113,11 @@ displaySomeException = displayException
spawnTermAt :: String -> X ()
--spawnTermAt _ = floatNext True >> spawn myTerm
--spawnTermAt "ff" = floatNext True >> spawn myTerm
spawnTermAt _ = spawn myTerm
--spawnTermAt _ = spawn myTerm
spawnTermAt ws = do
env <- liftIO getEnvironment
let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env
xfork (executeFile "urxvtc" True [] (Just env')) >> return ()
myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
myKeys conf = Map.fromList $
@ -119,7 +135,7 @@ myKeys conf = Map.fromList $
, ((0 , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
, ((_S , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
, ((_C , xK_Menu ), toggleWS)
, ((_4 , xK_Menu ), rhombus horseConfig (liftIO . printToErrors) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] )
, ((_4 , xK_Menu ), rhombus horseConfig (liftIO . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] )
-- %! Rotate through the available layout algorithms
, ((_4 , xK_space ), sendMessage NextLayout)

View file

@ -0,0 +1,6 @@
.PHONY: ghci
ghci: shell.nix
nix-shell --command 'exec ghci -Wall'
shell.nix: xmonad.cabal
cabal2nix --shell . > $@

View file

@ -18,7 +18,6 @@ import XMonad.Util.Font
import XMonad.Util.Image ( drawIcon )
import XMonad.Util.XUtils
import Util.Debunk
import Util.Submap
import Util.XUtils
import Util.Font

View file

@ -48,6 +48,6 @@ shutdown = do
s <- gets (\s -> (wsData s : extState s))
_ <- io $ do
path <- getEnv "XMONAD_STATE"
writeFile path (concatMap (++"\n") s)
writeFile path (unlines s)
exitSuccess
return ()

View file

@ -10,6 +10,7 @@ Executable xmonad
base,
containers,
filepath,
unix,
X11,
X11-xshape,
xmonad,