From 67dc10646904d8286ad0a4ac8fecda99893827fd Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Tue, 9 Oct 2018 21:12:36 +0200
Subject: [PATCH] Revert "remove nin"
This reverts commit 62314e64c259bc6bae39e2bd29ecec2c5e5ea262.
---
krebs/3modules/default.nix | 1 +
krebs/3modules/nin/default.nix | 111 ++++++
lass/1systems/prism/config.nix | 8 +
nin/0tests/dummysecrets/hashedPasswords.nix | 1 +
nin/0tests/dummysecrets/ssh.id_ed25519 | 0
nin/1systems/axon/config.nix | 132 ++++++++
nin/1systems/hiawatha/config.nix | 126 +++++++
nin/1systems/onondaga/config.nix | 23 ++
nin/2configs/ableton.nix | 20 ++
nin/2configs/copyq.nix | 38 +++
nin/2configs/default.nix | 173 ++++++++++
nin/2configs/games.nix | 70 ++++
nin/2configs/git.nix | 60 ++++
nin/2configs/im.nix | 19 ++
nin/2configs/retiolum.nix | 28 ++
nin/2configs/skype.nix | 27 ++
nin/2configs/termite.nix | 22 ++
nin/2configs/vim.nix | 355 ++++++++++++++++++++
nin/2configs/weechat.nix | 21 ++
nin/default.nix | 7 +
nin/krops.nix | 35 ++
21 files changed, 1277 insertions(+)
create mode 100644 krebs/3modules/nin/default.nix
create mode 100644 nin/0tests/dummysecrets/hashedPasswords.nix
create mode 100644 nin/0tests/dummysecrets/ssh.id_ed25519
create mode 100644 nin/1systems/axon/config.nix
create mode 100644 nin/1systems/hiawatha/config.nix
create mode 100644 nin/1systems/onondaga/config.nix
create mode 100644 nin/2configs/ableton.nix
create mode 100644 nin/2configs/copyq.nix
create mode 100644 nin/2configs/default.nix
create mode 100644 nin/2configs/games.nix
create mode 100644 nin/2configs/git.nix
create mode 100644 nin/2configs/im.nix
create mode 100644 nin/2configs/retiolum.nix
create mode 100644 nin/2configs/skype.nix
create mode 100644 nin/2configs/termite.nix
create mode 100644 nin/2configs/vim.nix
create mode 100644 nin/2configs/weechat.nix
create mode 100644 nin/default.nix
create mode 100644 nin/krops.nix
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e8c5e0457..6307649e3 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -111,6 +111,7 @@ let
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
+ { krebs = import ./nin { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
{
krebs.dns.providers = {
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
new file mode 100644
index 000000000..1531a2c89
--- /dev/null
+++ b/krebs/3modules/nin/default.nix
@@ -0,0 +1,111 @@
+{ config, ... }:
+
+with import <stockholm/lib>;
+
+{
+ hosts = mapAttrs (_: recursiveUpdate {
+ owner = config.krebs.users.nin;
+ ci = true;
+ }) {
+ hiawatha = {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.132.96";
+ ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
+ aliases = [
+ "hiawatha.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
+ Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
+ iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
+ UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
+ lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
+ yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
+ };
+ axon= {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.134.66";
+ ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
+ aliases = [
+ "axon.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
+ glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
+ KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
+ L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
+ VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
+ PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
+ X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
+ m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
+ OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
+ LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
+ /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
+ MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
+ 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
+ ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
+ 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
+ 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
+ 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
+ FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
+ buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
+ hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
+ yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
+ ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
+ };
+ onondaga = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.132.55";
+ ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
+ aliases = [
+ "onondaga.r"
+ "cgit.onondaga.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
+ OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
+ htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
+ xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
+ kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
+ hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
+ };
+
+ };
+ users = {
+ nin = {
+ mail = "nin@axon.r";
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
+ };
+ nin_h = {
+ mail = "nin@hiawatha.r";
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
+ };
+ };
+}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 808f35b24..bf7de6fc5 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -57,6 +57,13 @@ with import <stockholm/lib>;
config.krebs.users.makefu.pubkey
];
};
+ users.users.nin = {
+ uid = genid "nin";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.nin.pubkey
+ ];
+ };
users.extraUsers.dritter = {
uid = genid "dritter";
isNormalUser = true;
@@ -112,6 +119,7 @@ with import <stockholm/lib>;
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ config.krebs.users.nin.pubkey
];
};
autoStart = true;
diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/nin/0tests/dummysecrets/hashedPasswords.nix
@@ -0,0 +1 @@
+{}
diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519
new file mode 100644
index 000000000..e69de29bb
diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix
new file mode 100644
index 000000000..5e81afdbd
--- /dev/null
+++ b/nin/1systems/axon/config.nix
@@ -0,0 +1,132 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ imports = [
+ <stockholm/nin>
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ #../2configs/copyq.nix
+ <stockholm/nin/2configs/ableton.nix>
+ <stockholm/nin/2configs/games.nix>
+ <stockholm/nin/2configs/git.nix>
+ <stockholm/nin/2configs/retiolum.nix>
+ <stockholm/nin/2configs/termite.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.axon;
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/pool/root";
+ fsType = "ext4";
+ };
+
+ fileSystems."/tmp" =
+ { device = "tmpfs";
+ fsType = "tmpfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/sda1";
+ fsType = "ext2";
+ };
+
+ boot.initrd.luks.devices.crypted.device = "/dev/sda2";
+ boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+ # Use the GRUB 2 boot loader.
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ # Define on which hard drive you want to install Grub.
+ boot.loader.grub.device = "/dev/sda";
+
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+
+ # Enable CUPS to print documents.
+ # services.printing.enable = true;
+
+ # nin config
+ time.timeZone = "Europe/Berlin";
+ services.xserver = {
+ enable = true;
+
+ displayManager.lightdm.enable = true;
+ };
+
+ networking.networkmanager.enable = true;
+ #networking.wireless.enable = true;
+
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ };
+
+ hardware.bluetooth.enable = true;
+
+ hardware.opengl.driSupport32Bit = true;
+
+ #nixpkgs.config.steam.java = true;
+
+ environment.systemPackages = with pkgs; [
+ atom
+ chromium
+ firefox
+ git
+ htop
+ keepassx
+ lmms
+ networkmanagerapplet
+ openvpn
+ python
+ ruby
+ steam
+ taskwarrior
+ thunderbird
+ vim
+ virtmanager
+ ];
+
+ nixpkgs.config = {
+
+ allowUnfree = true;
+
+ };
+
+ #services.logind.extraConfig = "HandleLidSwitch=ignore";
+
+ services.xserver.synaptics = {
+ enable = true;
+ };
+
+ services.xserver.displayManager.sessionCommands = ''
+ ${pkgs.xorg.xhost}/bin/xhost + local:
+ '';
+
+ services.xserver.desktopManager.xfce = let
+ xbindConfig = pkgs.writeText "xbindkeysrc" ''
+ "${pkgs.pass}/bin/passmenu --type"
+ Control + p
+ '';
+ in {
+ enable = true;
+ extraSessionCommands = ''
+ ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
+ '';
+ };
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+ system.stateVersion = "17.03";
+
+}
diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix
new file mode 100644
index 000000000..a09eed958
--- /dev/null
+++ b/nin/1systems/hiawatha/config.nix
@@ -0,0 +1,126 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ imports = [
+ <stockholm/nin>
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ #../2configs/copyq.nix
+ <stockholm/nin/2configs/games.nix>
+ <stockholm/nin/2configs/git.nix>
+ <stockholm/nin/2configs/retiolum.nix>
+ <stockholm/nin/2configs/termite.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.hiawatha;
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e";
+ fsType = "ext4";
+ };
+
+ fileSystems."/tmp" =
+ { device = "tmpfs";
+ fsType = "tmpfs";
+ };
+
+ fileSystems."/home" =
+ { device = "/dev/fam/home";
+ };
+
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010";
+ fsType = "ext2";
+ };
+
+ boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+ # Use the GRUB 2 boot loader.
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ # Define on which hard drive you want to install Grub.
+ boot.loader.grub.device = "/dev/sda";
+
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+
+ # Enable CUPS to print documents.
+ # services.printing.enable = true;
+
+ fileSystems."/home/nin/.local/share/Steam" = {
+ device = "/dev/fam/steam";
+ };
+
+ # nin config
+ time.timeZone = "Europe/Berlin";
+ services.xserver.enable = true;
+
+ networking.networkmanager.enable = true;
+ #networking.wireless.enable = true;
+
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ };
+
+ hardware.bluetooth.enable = true;
+
+ hardware.opengl.driSupport32Bit = true;
+
+ #nixpkgs.config.steam.java = true;
+
+ environment.systemPackages = with pkgs; [
+ firefox
+ git
+ lmms
+ networkmanagerapplet
+ python
+ steam
+ thunderbird
+ vim
+ virtmanager
+ ];
+
+ nixpkgs.config = {
+
+ allowUnfree = true;
+
+ };
+
+ #services.logind.extraConfig = "HandleLidSwitch=ignore";
+
+ services.xserver.synaptics = {
+ enable = true;
+ };
+
+
+ services.xserver.desktopManager.xfce = let
+ xbindConfig = pkgs.writeText "xbindkeysrc" ''
+ "${pkgs.pass}/bin/passmenu --type"
+ Control + p
+ '';
+ in {
+ enable = true;
+ extraSessionCommands = ''
+ ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
+ '';
+ };
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+ system.stateVersion = "17.03";
+
+}
diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix
new file mode 100644
index 000000000..3cd0773ae
--- /dev/null
+++ b/nin/1systems/onondaga/config.nix
@@ -0,0 +1,23 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/nin>
+ <stockholm/nin/2configs/retiolum.nix>
+ <stockholm/nin/2configs/weechat.nix>
+ <stockholm/nin/2configs/git.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.onondaga;
+
+ boot.isContainer = true;
+ networking.useDHCP = false;
+
+ time.timeZone = "Europe/Amsterdam";
+
+ services.openssh.enable = true;
+}
diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix
new file mode 100644
index 000000000..343a9089d
--- /dev/null
+++ b/nin/2configs/ableton.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, ... }: let
+ mainUser = config.users.extraUsers.nin;
+in {
+ users.users= {
+ ableton = {
+ isNormalUser = true;
+ extraGroups = [
+ "audio"
+ "video"
+ ];
+ packages = [
+ pkgs.wine
+ pkgs.winetricks
+ ];
+ };
+ };
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(ableton) NOPASSWD: ALL
+ '';
+}
diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix
new file mode 100644
index 000000000..0616c4025
--- /dev/null
+++ b/nin/2configs/copyq.nix
@@ -0,0 +1,38 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+ copyqConfig = pkgs.writeDash "copyq-config" ''
+ ${pkgs.copyq}/bin/copyq config check_clipboard true
+ ${pkgs.copyq}/bin/copyq config check_selection true
+ ${pkgs.copyq}/bin/copyq config copy_clipboard true
+ ${pkgs.copyq}/bin/copyq config copy_selection true
+
+ ${pkgs.copyq}/bin/copyq config activate_closes true
+ ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
+ ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
+ ${pkgs.copyq}/bin/copyq config disable_tray true
+ ${pkgs.copyq}/bin/copyq config hide_tabs true
+ ${pkgs.copyq}/bin/copyq config hide_toolbar true
+ ${pkgs.copyq}/bin/copyq config item_popup_interval true
+ ${pkgs.copyq}/bin/copyq config maxitems 1000
+ ${pkgs.copyq}/bin/copyq config move true
+ ${pkgs.copyq}/bin/copyq config text_wrap true
+ '';
+in {
+ systemd.user.services.copyq = {
+ after = [ "graphical.target" ];
+ wants = [ "graphical.target" ];
+ wantedBy = [ "default.target" ];
+ environment = {
+ DISPLAY = ":0";
+ };
+ serviceConfig = {
+ SyslogIdentifier = "copyq";
+ ExecStart = "${pkgs.copyq}/bin/copyq";
+ ExecStartPost = copyqConfig;
+ Restart = "always";
+ RestartSec = "2s";
+ StartLimitBurst = 0;
+ };
+ };
+}
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix
new file mode 100644
index 000000000..62f499a2d
--- /dev/null
+++ b/nin/2configs/default.nix
@@ -0,0 +1,173 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+ imports = [
+ ../2configs/vim.nix
+ <stockholm/krebs/2configs/binary-cache/nixos.nix>
+ <stockholm/krebs/2configs/binary-cache/prism.nix>
+ {
+ users.extraUsers =
+ mapAttrs (_: h: { hashedPassword = h; })
+ (import <secrets/hashedPasswords.nix>);
+ }
+ {
+ users.users = {
+ root = {
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.nin.pubkey
+ config.krebs.users.nin_h.pubkey
+ ];
+ };
+ nin = {
+ name = "nin";
+ uid = 1337;
+ home = "/home/nin";
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ extraGroups = [
+ "audio"
+ "fuse"
+ ];
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.nin.pubkey
+ config.krebs.users.nin_h.pubkey
+ ];
+ };
+ };
+ }
+ {
+ environment.variables = {
+ NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
+ };
+ }
+ (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
+ environment.variables = {
+ CURL_CA_BUNDLE = ca-bundle;
+ GIT_SSL_CAINFO = ca-bundle;
+ SSL_CERT_FILE = ca-bundle;
+ };
+ })
+ ];
+
+ networking.hostName = config.krebs.build.host.name;
+ nix.maxJobs = config.krebs.build.host.cores;
+
+ krebs = {
+ enable = true;
+ search-domain = "r";
+ build = {
+ user = config.krebs.users.nin;
+ };
+ };
+
+ nix.useSandbox = true;
+
+ users.mutableUsers = false;
+
+ services.timesyncd.enable = true;
+
+ #why is this on in the first place?
+ services.nscd.enable = false;
+
+ boot.tmpOnTmpfs = true;
+ # see tmpfiles.d(5)
+ systemd.tmpfiles.rules = [
+ "d /tmp 1777 root root - -"
+ ];
+
+ # multiple-definition-problem when defining environment.variables.EDITOR
+ environment.extraInit = ''
+ EDITOR=vim
+ '';
+
+ nixpkgs.config.allowUnfree = true;
+
+ environment.shellAliases = {
+ gs = "git status";
+ };
+
+ environment.systemPackages = with pkgs; [
+ #stockholm
+ git
+ gnumake
+ jq
+ proot
+ pavucontrol
+ populate
+ p7zip
+ termite
+ unzip
+ unrar
+ hashPassword
+ ];
+
+ programs.bash = {
+ enableCompletion = true;
+ interactiveShellInit = ''
+ HISTCONTROL='erasedups:ignorespace'
+ HISTSIZE=65536
+ HISTFILESIZE=$HISTSIZE
+
+ shopt -s checkhash
+ shopt -s histappend histreedit histverify
+ shopt -s no_empty_cmd_completion
+ complete -d cd
+ '';
+ promptInit = ''
+ if test $UID = 0; then
+ PS1='\[\033[1;31m\]$PWD\[\033[0m\] '
+ elif test $UID = 1337; then
+ PS1='\[\033[1;32m\]$PWD\[\033[0m\] '
+ else
+ PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] '
+ fi
+ if test -n "$SSH_CLIENT"; then
+ PS1='\[\033[35m\]\h'" $PS1"
+ fi
+ '';
+ };
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ # XXX bits here make no science
+ { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+
+ krebs.iptables = {
+ enable = true;
+ tables = {
+ nat.PREROUTING.rules = [
+ { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
+ { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
+ ];
+ nat.OUTPUT.rules = [
+ { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
+ ];
+ filter.INPUT.policy = "DROP";
+ filter.FORWARD.policy = "DROP";
+ filter.INPUT.rules = [
+ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
+ { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+ { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
+ { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
+ { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
+ { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
+ { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
+ { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
+ ];
+ };
+ };
+
+ networking.dhcpcd.extraConfig = ''
+ noipv4ll
+ '';
+}
diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix
new file mode 100644
index 000000000..15e17238d
--- /dev/null
+++ b/nin/2configs/games.nix
@@ -0,0 +1,70 @@
+{ config, pkgs, ... }:
+
+let
+ mainUser = config.users.extraUsers.mainUser;
+ vdoom = pkgs.writeDash "vdoom" ''
+ ${pkgs.zandronum}/bin/zandronum \
+ -fov 120 \
+ "$@"
+ '';
+ doom = pkgs.writeDash "doom" ''
+ DOOM_DIR=''${DOOM_DIR:-~/doom/}
+ ${vdoom} \
+ -file $DOOM_DIR/lib/brutalv20.pk3 \
+ "$@"
+ '';
+ doom1 = pkgs.writeDashBin "doom1" ''
+ DOOM_DIR=''${DOOM_DIR:-~/doom/}
+ ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
+ '';
+ doom2 = pkgs.writeDashBin "doom2" ''
+ DOOM_DIR=''${DOOM_DIR:-~/doom/}
+ ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
+ '';
+ vdoom1 = pkgs.writeDashBin "vdoom1" ''
+ DOOM_DIR=''${DOOM_DIR:-~/doom/}
+ ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
+ '';
+ vdoom2 = pkgs.writeDashBin "vdoom2" ''
+ DOOM_DIR=''${DOOM_DIR:-~/doom/}
+ ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
+ '';
+
+ doomservercfg = pkgs.writeText "doomserver.cfg" ''
+ skill 7
+ #survival true
+ #sv_maxlives 4
+ #sv_norespawn true
+ #sv_weapondrop true
+ no_jump true
+ #sv_noweaponspawn true
+ sv_sharekeys true
+ sv_survivalcountdowntime 1
+ sv_noteamselect true
+ sv_updatemaster false
+ #sv_coop_loseinventory true
+ #cl_startasspectator false
+ #lms_spectatorview false
+ '';
+
+ vdoomserver = pkgs.writeDashBin "vdoomserver" ''
+ DOOM_DIR=''${DOOM_DIR:-~/doom/}
+
+ ${pkgs.zandronum}/bin/zandronum-server \
+ +exec ${doomservercfg} \
+ "$@"
+ '';
+
+in {
+ environment.systemPackages = with pkgs; [
+ dwarf_fortress
+ doom1
+ doom2
+ vdoom1
+ vdoom2
+ vdoomserver
+ ];
+
+ hardware.pulseaudio.support32Bit = true;
+
+}
diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix
new file mode 100644
index 000000000..aed4a9f48
--- /dev/null
+++ b/nin/2configs/git.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+
+ out = {
+ services.nginx.enable = true;
+ krebs.git = {
+ enable = true;
+ cgit = {
+ settings = {
+ root-title = "public repositories at ${config.krebs.build.host.name}";
+ root-desc = "keep calm and engage";
+ };
+ };
+ repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
+ rules = rules;
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
+ ];
+ };
+
+ repos = public-repos;
+
+ rules = concatMap make-rules (attrValues repos);
+
+ public-repos = mapAttrs make-public-repo {
+ stockholm = {
+ cgit.desc = "take all the computers hostage, they'll love you!";
+ };
+ };
+
+ make-public-repo = name: { cgit ? {}, ... }: {
+ inherit cgit name;
+ public = true;
+ };
+
+ make-rules =
+ with git // config.krebs.users;
+ repo:
+ singleton {
+ user = [ nin nin_h ];
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ } ++
+ optional repo.public {
+ user = attrValues config.krebs.users;
+ repo = [ repo ];
+ perm = fetch;
+ } ++
+ optional (length (repo.collaborators or []) > 0) {
+ user = repo.collaborators;
+ repo = [ repo ];
+ perm = fetch;
+ };
+
+in out
diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix
new file mode 100644
index 000000000..b078dbd53
--- /dev/null
+++ b/nin/2configs/im.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ environment.systemPackages = with pkgs; [
+ (pkgs.writeDashBin "im" ''
+ export PATH=${makeSearchPath "bin" (with pkgs; [
+ tmux
+ gnugrep
+ weechat
+ ])}
+ ssh chat@onondaga
+ if tmux list-sessions -F\#S | grep -q '^im''$'; then
+ exec tmux attach -t im
+ else
+ exec tmux new -s im weechat
+ fi
+ '')
+ ];
+}
diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix
new file mode 100644
index 000000000..821e3cc00
--- /dev/null
+++ b/nin/2configs/retiolum.nix
@@ -0,0 +1,28 @@
+{ ... }:
+
+{
+
+ krebs.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
+ ];
+ };
+ };
+
+ krebs.tinc.retiolum = {
+ enable = true;
+ connectTo = [
+ "prism"
+ "pigstarter"
+ "gum"
+ "flap"
+ ];
+ };
+
+ nixpkgs.config.packageOverrides = pkgs: {
+ tinc = pkgs.tinc_pre;
+ };
+}
diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix
new file mode 100644
index 000000000..621dfae82
--- /dev/null
+++ b/nin/2configs/skype.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+let
+ mainUser = config.users.extraUsers.nin;
+ inherit (import <stockholm/lib>) genid;
+
+in {
+ users.extraUsers = {
+ skype = {
+ name = "skype";
+ uid = genid "skype";
+ description = "user for running skype";
+ home = "/home/skype";
+ useDefaultShell = true;
+ extraGroups = [ "audio" "video" ];
+ createHome = true;
+ };
+ };
+
+ krebs.per-user.skype.packages = [
+ pkgs.skype
+ ];
+
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(skype) NOPASSWD: ALL
+ '';
+}
diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix
new file mode 100644
index 000000000..942446b01
--- /dev/null
+++ b/nin/2configs/termite.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+{
+ environment.systemPackages = [
+ pkgs.termite
+ ];
+
+ krebs.per-user.nin.packages = let
+ termitecfg = pkgs.writeTextFile {
+ name = "termite-config";
+ destination = "/etc/xdg/termite/config";
+ text = ''
+ [colors]
+ foreground = #d0d7d0
+ background = #000000
+ '';
+ };
+ in [
+ termitecfg
+ ];
+
+}
diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix
new file mode 100644
index 000000000..7b5d37611
--- /dev/null
+++ b/nin/2configs/vim.nix
@@ -0,0 +1,355 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ out = {
+ environment.systemPackages = [
+ vim
+ pkgs.pythonPackages.flake8
+ ];
+
+ environment.etc.vimrc.source = vimrc;
+
+ environment.variables.EDITOR = mkForce "vim";
+ environment.variables.VIMINIT = ":so /etc/vimrc";
+ };
+
+ vimrc = pkgs.writeText "vimrc" ''
+ set nocompatible
+
+ set autoindent
+ set backspace=indent,eol,start
+ set backup
+ set backupdir=${dirs.backupdir}/
+ set directory=${dirs.swapdir}//
+ set hlsearch
+ set incsearch
+ set laststatus=2
+ set mouse=a
+ set noruler
+ set pastetoggle=<INS>
+ set runtimepath=${extra-runtimepath},$VIMRUNTIME
+ set shortmess+=I
+ set showcmd
+ set showmatch
+ set ttimeoutlen=0
+ set undodir=${dirs.undodir}
+ set undofile
+ set undolevels=1000000
+ set undoreload=1000000
+ set viminfo='20,<1000,s100,h,n${files.viminfo}
+ set visualbell
+ set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
+ set wildmenu
+ set wildmode=longest,full
+
+ set et ts=2 sts=2 sw=2
+
+ filetype plugin indent on
+
+ set t_Co=256
+ colorscheme hack
+ syntax on
+
+ au Syntax * syn match Garbage containedin=ALL /\s\+$/
+ \ | syn match TabStop containedin=ALL /\t\+/
+ \ | syn keyword Todo containedin=ALL TODO
+
+ au BufRead,BufNewFile *.hs so ${hs.vim}
+
+ au BufRead,BufNewFile *.nix so ${nix.vim}
+
+ au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
+
+ "Syntastic config
+ let g:syntastic_python_checkers=['flake8']
+
+ nmap <esc>q :buffer
+ nmap <M-q> :buffer
+
+ cnoremap <C-A> <Home>
+
+ noremap <C-c> :q<cr>
+ vnoremap < <gv
+ vnoremap > >gv
+
+ nnoremap <esc>[5^ :tabp<cr>
+ nnoremap <esc>[6^ :tabn<cr>
+ nnoremap <esc>[5@ :tabm -1<cr>
+ nnoremap <esc>[6@ :tabm +1<cr>
+
+ nnoremap <f1> :tabp<cr>
+ nnoremap <f2> :tabn<cr>
+ inoremap <f1> <esc>:tabp<cr>
+ inoremap <f2> <esc>:tabn<cr>
+
+ " <C-{Up,Down,Right,Left>
+ noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
+ noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
+ noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
+ noremap <esc>Od <nop> | noremap! <esc>Od <nop>
+ " <[C]S-{Up,Down,Right,Left>
+ noremap <esc>[a <nop> | noremap! <esc>[a <nop>
+ noremap <esc>[b <nop> | noremap! <esc>[b <nop>
+ noremap <esc>[c <nop> | noremap! <esc>[c <nop>
+ noremap <esc>[d <nop> | noremap! <esc>[d <nop>
+ vnoremap u <nop>
+ '';
+
+ extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
+ pkgs.vimPlugins.Syntastic
+ pkgs.vimPlugins.undotree
+ pkgs.vimPlugins.airline
+ (pkgs.vimUtils.buildVimPlugin {
+ name = "file-line-1.0";
+ src = pkgs.fetchgit {
+ url = git://github.com/bogado/file-line;
+ rev = "refs/tags/1.0";
+ sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
+ };
+ })
+ ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+ name = "hack";
+ in {
+ name = "vim-color-${name}-1.0.2";
+ destination = "/colors/${name}.vim";
+ text = /* vim */ ''
+ set background=dark
+ hi clear
+ if exists("syntax_on")
+ syntax clear
+ endif
+
+ let colors_name = ${toJSON name}
+
+ hi Normal ctermbg=235
+ hi Comment ctermfg=242
+ hi Constant ctermfg=062
+ hi Identifier ctermfg=068
+ hi Function ctermfg=041
+ hi Statement ctermfg=167
+ hi PreProc ctermfg=167
+ hi Type ctermfg=041
+ hi Delimiter ctermfg=251
+ hi Special ctermfg=062
+
+ hi Garbage ctermbg=088
+ hi TabStop ctermbg=016
+ hi Todo ctermfg=174 ctermbg=NONE
+
+ hi NixCode ctermfg=148
+ hi NixData ctermfg=149
+ hi NixQuote ctermfg=150
+
+ hi diffNewFile ctermfg=207
+ hi diffFile ctermfg=207
+ hi diffLine ctermfg=207
+ hi diffSubname ctermfg=207
+ hi diffAdded ctermfg=010
+ hi diffRemoved ctermfg=009
+ '';
+ })))
+ ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+ name = "vim";
+ in {
+ name = "vim-syntax-${name}-1.0.0";
+ destination = "/syntax/${name}.vim";
+ text = /* vim */ ''
+ ${concatMapStringsSep "\n" (s: /* vim */ ''
+ syn keyword vimColor${s} ${s}
+ \ containedin=ALLBUT,vimComment,vimLineComment
+ hi vimColor${s} ctermfg=${s}
+ '') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
+ '';
+ })))
+ ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+ name = "showsyntax";
+ in {
+ name = "vim-plugin-${name}-1.0.0";
+ destination = "/plugin/${name}.vim";
+ text = /* vim */ ''
+ if exists('g:loaded_showsyntax')
+ finish
+ endif
+ let g:loaded_showsyntax = 0
+
+ fu! ShowSyntax()
+ let id = synID(line("."), col("."), 1)
+ let name = synIDattr(id, "name")
+ let transName = synIDattr(synIDtrans(id),"name")
+ if name != transName
+ let name .= " (" . transName . ")"
+ endif
+ echo "Syntax: " . name
+ endfu
+
+ command! -n=0 -bar ShowSyntax :call ShowSyntax()
+ '';
+ })))
+ ];
+
+ dirs = {
+ backupdir = "$HOME/.cache/vim/backup";
+ swapdir = "$HOME/.cache/vim/swap";
+ undodir = "$HOME/.cache/vim/undo";
+ };
+ files = {
+ viminfo = "$HOME/.cache/vim/info";
+ };
+
+ mkdirs = let
+ dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
+ in assert out != ""; out;
+ alldirs = attrValues dirs ++ map dirOf (attrValues files);
+ in unique (sort lessThan alldirs);
+
+ vim = pkgs.writeDashBin "vim" ''
+ set -efu
+ (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
+ exec ${pkgs.vim}/bin/vim "$@"
+ '';
+
+
+ hs.vim = pkgs.writeText "hs.vim" ''
+ syn region String start=+\[[[:alnum:]]*|+ end=+|]+
+
+ hi link ConId Identifier
+ hi link VarId Identifier
+ hi link hsDelimiter Delimiter
+ '';
+
+ nix.vim = pkgs.writeText "nix.vim" ''
+ setf nix
+
+ " Ref <nix/src/libexpr/lexer.l>
+ syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
+ syn match NixINT /\<[0-9]\+\>/
+ syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
+ syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
+ syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
+ syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
+ syn region NixSTRING
+ \ matchgroup=NixSTRING
+ \ start='"'
+ \ skip='\\"'
+ \ end='"'
+ syn region NixIND_STRING
+ \ matchgroup=NixIND_STRING
+ \ start="'''"
+ \ skip="'''\('\|[$]\|\\[nrt]\)"
+ \ end="'''"
+
+ syn match NixOther /[():/;=.,?\[\]]/
+
+ syn match NixCommentMatch /\(^\|\s\)#.*/
+ syn region NixCommentRegion start="/\*" end="\*/"
+
+ hi link NixCode Statement
+ hi link NixData Constant
+ hi link NixComment Comment
+
+ hi link NixCommentMatch NixComment
+ hi link NixCommentRegion NixComment
+ hi link NixID NixCode
+ hi link NixINT NixData
+ hi link NixPATH NixData
+ hi link NixHPATH NixData
+ hi link NixSPATH NixData
+ hi link NixURI NixData
+ hi link NixSTRING NixData
+ hi link NixIND_STRING NixData
+
+ hi link NixEnter NixCode
+ hi link NixOther NixCode
+ hi link NixQuote NixData
+
+ syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
+ syn cluster nix_ind_strings contains=NixIND_STRING
+ syn cluster nix_strings contains=NixSTRING
+
+ ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
+ startAlts = filter isString [
+ ''/\* ${lang} \*/''
+ extraStart
+ ];
+ sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
+ in /* vim */ ''
+ syn include @nix_${lang}_syntax syntax/${lang}.vim
+ unlet b:current_syntax
+
+ syn match nix_${lang}_sigil
+ \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
+ \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
+ \ transparent
+
+ syn region nix_${lang}_region_STRING
+ \ matchgroup=NixSTRING
+ \ start='"'
+ \ skip='\\"'
+ \ end='"'
+ \ contained
+ \ contains=@nix_${lang}_syntax
+ \ transparent
+
+ syn region nix_${lang}_region_IND_STRING
+ \ matchgroup=NixIND_STRING
+ \ start="'''"
+ \ skip="'''\('\|[$]\|\\[nrt]\)"
+ \ end="'''"
+ \ contained
+ \ contains=@nix_${lang}_syntax
+ \ transparent
+
+ syn cluster nix_ind_strings
+ \ add=nix_${lang}_region_IND_STRING
+
+ syn cluster nix_strings
+ \ add=nix_${lang}_region_STRING
+
+ syn cluster nix_has_dollar_curly
+ \ add=@nix_${lang}_syntax
+ '') {
+ c = {};
+ cabal = {};
+ haskell = {};
+ sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
+ vim.extraStart =
+ ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
+ })}
+
+ " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
+ syn clear shVarAssign
+
+ syn region nixINSIDE_DOLLAR_CURLY
+ \ matchgroup=NixEnter
+ \ start="[$]{"
+ \ end="}"
+ \ contains=TOP
+ \ containedin=@nix_has_dollar_curly
+ \ transparent
+
+ syn region nix_inside_curly
+ \ matchgroup=NixEnter
+ \ start="{"
+ \ end="}"
+ \ contains=TOP
+ \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
+ \ transparent
+
+ syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
+ \ containedin=@nix_ind_strings
+ \ contained
+
+ syn match NixQuote /\\./he=s+1
+ \ containedin=@nix_strings
+ \ contained
+
+ syn sync fromstart
+
+ let b:current_syntax = "nix"
+
+ set isk=@,48-57,_,192-255,-,'
+ set bg=dark
+ '';
+in
+out
diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix
new file mode 100644
index 000000000..6c0fb313e
--- /dev/null
+++ b/nin/2configs/weechat.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (import <stockholm/lib>) genid;
+in {
+ krebs.per-user.chat.packages = with pkgs; [
+ mosh
+ weechat
+ tmux
+ ];
+
+ users.extraUsers.chat = {
+ home = "/home/chat";
+ uid = genid "chat";
+ useDefaultShell = true;
+ createHome = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.nin.pubkey
+ ];
+ };
+}
diff --git a/nin/default.nix b/nin/default.nix
new file mode 100644
index 000000000..c31d6d949
--- /dev/null
+++ b/nin/default.nix
@@ -0,0 +1,7 @@
+_:
+{
+ imports = [
+ ../krebs
+ ./2configs
+ ];
+}
diff --git a/nin/krops.nix b/nin/krops.nix
new file mode 100644
index 000000000..d0074840a
--- /dev/null
+++ b/nin/krops.nix
@@ -0,0 +1,35 @@
+{ name }: let
+ inherit (import ../krebs/krops.nix { inherit name; })
+ krebs-source
+ lib
+ pkgs
+ ;
+
+ source = { test }: lib.evalSource [
+ krebs-source
+ {
+ nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
+ secrets = if test then {
+ file = toString ./0tests/dummysecrets;
+ } else {
+ pass = {
+ dir = "${lib.getEnv "HOME"}/.password-store";
+ name = "hosts/${name}";
+ };
+ };
+ }
+ ];
+
+in {
+ # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
+ deploy = pkgs.krops.writeDeploy "${name}-deploy" {
+ source = source { test = false; };
+ target = "root@${name}/var/src";
+ };
+
+ # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
+ test = { target }: pkgs.krops.writeTest "${name}-test" {
+ inherit target;
+ source = source { test = true; };
+ };
+}