Merge remote-tracking branch 'mors/master' into mors-staging
This commit is contained in:
commit
bff3b50ddd
14
modules/cloudkrebs/networking.nix
Normal file
14
modules/cloudkrebs/networking.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{...}:
|
||||||
|
{
|
||||||
|
networking.hostName = "cloudkrebs";
|
||||||
|
networking.interfaces.enp2s1.ip4 = [
|
||||||
|
{
|
||||||
|
address = "104.167.113.104";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
networking.defaultGateway = "104.167.113.1";
|
||||||
|
networking.nameservers = [
|
||||||
|
"8.8.8.8"
|
||||||
|
];
|
||||||
|
}
|
14
modules/common/krebs-keys.nix
Normal file
14
modules/common/krebs-keys.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# alle public keys der krebsminister fuer R in krebs repos
|
||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
with import ../lass/sshkeys.nix {
|
||||||
|
config.sshKeys.lass.pub = config.sshKeys.lass.pub;
|
||||||
|
config.sshKeys.uriel.pub = config.sshKeys.uriel.pub;
|
||||||
|
};
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./sshkeys.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config.sshKeys.tv.pub = "ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
|
||||||
|
}
|
36
modules/common/krebs-repos.nix
Normal file
36
modules/common/krebs-repos.nix
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (lib) mkDefault;
|
||||||
|
|
||||||
|
mkSecureRepo = name:
|
||||||
|
{ inherit name;
|
||||||
|
value = {
|
||||||
|
users = {
|
||||||
|
lass = mkDefault "R";
|
||||||
|
tv = mkDefault "R";
|
||||||
|
makefu = mkDefault "R";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
mkRepo = name:
|
||||||
|
{ inherit name;
|
||||||
|
value = {
|
||||||
|
users = {
|
||||||
|
lass = mkDefault "R";
|
||||||
|
tv = mkDefault "R";
|
||||||
|
makefu = mkDefault "R";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
in {
|
||||||
|
services.gitolite.repos =
|
||||||
|
(lib.listToAttrs (map mkSecureRepo [ "brain" ])) //
|
||||||
|
(lib.listToAttrs (map mkRepo [
|
||||||
|
"painload"
|
||||||
|
"services"
|
||||||
|
"hosts"
|
||||||
|
]));
|
||||||
|
}
|
|
@ -24,6 +24,7 @@
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
git
|
git
|
||||||
most
|
most
|
||||||
|
rxvt_unicode.terminfo
|
||||||
|
|
||||||
#network
|
#network
|
||||||
iptables
|
iptables
|
||||||
|
@ -68,124 +69,6 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
dataDir = "/home/gitolite";
|
dataDir = "/home/gitolite";
|
||||||
adminPubkey = config.sshKeys.lass.pub;
|
adminPubkey = config.sshKeys.lass.pub;
|
||||||
#commonHooks = [
|
|
||||||
# (pkgs.writeText "irc-announce" ''
|
|
||||||
# #! /bin/sh
|
|
||||||
# set -euf
|
|
||||||
|
|
||||||
# config_file="$GL_ADMIN_BASE/conf/irc-announce.conf"
|
|
||||||
# if test -f "$config_file"; then
|
|
||||||
# . "$config_file"
|
|
||||||
# fi
|
|
||||||
|
|
||||||
# # XXX when changing IRC_CHANNEL or IRC_SERVER/_PORT, don't forget to update
|
|
||||||
# # any relevant gitolite LOCAL_CODE!
|
|
||||||
# # CAVEAT we hope that IRC_NICK is unique
|
|
||||||
# IRC_NICK="''${IRC_NICK-gl$GL_TID}"
|
|
||||||
# IRC_CHANNEL="''${IRC_CHANNEL-#retiolum}"
|
|
||||||
# IRC_SERVER="''${IRC_SERVER-ire.retiolum}"
|
|
||||||
# IRC_PORT="''${IRC_PORT-6667}"
|
|
||||||
|
|
||||||
# # for privmsg_cat below
|
|
||||||
# export IRC_CHANNEL
|
|
||||||
|
|
||||||
# # collect users that are mentioned in the gitolite configuration
|
|
||||||
# interested_users="$(perl -e '
|
|
||||||
# do "gl-conf";
|
|
||||||
# print join(" ", keys%{ $one_repo{$ENV{"GL_REPO"}} });
|
|
||||||
# ')"
|
|
||||||
|
|
||||||
# # CAVEAT beware of real TABs in grep pattern!
|
|
||||||
# # CAVEAT there will never be more than 42 relevant log entries!
|
|
||||||
# log="$(tail -n 42 "$GL_LOGFILE" | grep "^[^ ]* $GL_TID ")"
|
|
||||||
# update_log="$(echo "$log" | grep "^[^ ]* $GL_TID update")"
|
|
||||||
|
|
||||||
# # (debug output)
|
|
||||||
# env | sed 's/^/env: /'
|
|
||||||
# echo "$log" | sed 's/^/log: /'
|
|
||||||
|
|
||||||
# # see http://gitolite.com/gitolite/dev-notes.html#lff
|
|
||||||
# reponame=$(echo "$update_log" | cut -f 4)
|
|
||||||
# username=$(echo "$update_log" | cut -f 5)
|
|
||||||
# ref_name=$(echo "$update_log" | cut -f 7 | sed 's|^refs/heads/||')
|
|
||||||
# old_sha=$(echo "$update_log" | cut -f 8)
|
|
||||||
# new_sha=$(echo "$update_log" | cut -f 9)
|
|
||||||
|
|
||||||
# # check if new branch is created
|
|
||||||
# if test $old_sha = 0000000000000000000000000000000000000000; then
|
|
||||||
# # TODO what should we really show?
|
|
||||||
# old_sha=$new_sha^
|
|
||||||
# fi
|
|
||||||
|
|
||||||
# #
|
|
||||||
# git_log="$(git log $old_sha..$new_sha --pretty=oneline --abbrev-commit)"
|
|
||||||
# commit_count=$(echo "$git_log" | wc -l)
|
|
||||||
|
|
||||||
# # echo2 and cat2 are used output to both, stdout and stderr
|
|
||||||
# # This is used to see what we send to the irc server. (debug output)
|
|
||||||
# echo2() { echo "$*"; echo "$*" >&2; }
|
|
||||||
# cat2() { tee /dev/stderr; }
|
|
||||||
|
|
||||||
# # privmsg_cat transforms stdin to a privmsg
|
|
||||||
# privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
|
|
||||||
|
|
||||||
# # ircin is used to feed the output of netcat back to the "irc client"
|
|
||||||
# # so we can implement expect-like behavior with sed^_^
|
|
||||||
# # XXX mkselfdestructingtmpfifo would be nice instead of this cruft
|
|
||||||
# tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
|
|
||||||
# cd "$tmpdir"
|
|
||||||
# mkfifo ircin
|
|
||||||
# trap "
|
|
||||||
# rm ircin
|
|
||||||
# cd '$OLDPWD'
|
|
||||||
# rmdir '$tmpdir'
|
|
||||||
# trap - EXIT INT QUIT
|
|
||||||
# " EXIT INT QUIT
|
|
||||||
|
|
||||||
# #
|
|
||||||
# #
|
|
||||||
# #
|
|
||||||
# {
|
|
||||||
# echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
|
|
||||||
# echo2 "NICK $IRC_NICK"
|
|
||||||
|
|
||||||
# # wait for MODE message
|
|
||||||
# sed -n '/^:[^ ]* MODE /q'
|
|
||||||
|
|
||||||
# echo2 "JOIN $IRC_CHANNEL"
|
|
||||||
|
|
||||||
# echo "$interested_users" \
|
|
||||||
# | tr ' ' '\n' \
|
|
||||||
# | grep -v "^$GL_USER" \
|
|
||||||
# | sed 's/$/: poke/' \
|
|
||||||
# | privmsg_cat \
|
|
||||||
# | cat2
|
|
||||||
|
|
||||||
# printf '[13%s] %s pushed %s new commit%s to 6%s %s\n' \
|
|
||||||
# "$reponame" \
|
|
||||||
# "$username" \
|
|
||||||
# "$commit_count" \
|
|
||||||
# "$(test $commit_count = 1 || echo s)" \
|
|
||||||
# "$(hostname)" \
|
|
||||||
# "$ref_name" \
|
|
||||||
# | privmsg_cat \
|
|
||||||
# | cat2
|
|
||||||
|
|
||||||
# echo "$git_log" \
|
|
||||||
# | sed 's/^/14/;s/ / /' \
|
|
||||||
# | privmsg_cat \
|
|
||||||
# | cat2
|
|
||||||
|
|
||||||
# echo2 "PART $IRC_CHANNEL"
|
|
||||||
|
|
||||||
# # wait for PART confirmation
|
|
||||||
# sed -n '/:'"$IRC_NICK"'![^ ]* PART /q'
|
|
||||||
|
|
||||||
# echo2 'QUIT :Gone to have lunch'
|
|
||||||
# } < ircin \
|
|
||||||
# | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
|
|
||||||
# '')
|
|
||||||
#];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
|
@ -211,10 +94,10 @@
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
|
iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
|
||||||
iptables -A INPUT -j ACCEPT -i lo
|
iptables -A INPUT -j ACCEPT -i lo
|
||||||
|
iptables -A INPUT -j ACCEPT -p icmp
|
||||||
|
|
||||||
#iptables -N Retiolum
|
#iptables -N Retiolum
|
||||||
iptables -A INPUT -j Retiolum -i retiolum
|
iptables -A INPUT -j Retiolum -i retiolum
|
||||||
iptables -A Retiolum -j ACCEPT -p icmp
|
|
||||||
iptables -A Retiolum -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
|
iptables -A Retiolum -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
|
||||||
iptables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset
|
iptables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset
|
||||||
iptables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable
|
iptables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable
|
||||||
|
|
|
@ -13,7 +13,7 @@ in {
|
||||||
name = "games";
|
name = "games";
|
||||||
description = "user playing games";
|
description = "user playing games";
|
||||||
home = "/home/games";
|
home = "/home/games";
|
||||||
extraGroups = [ "audio" ];
|
extraGroups = [ "audio" "video" ];
|
||||||
createHome = true;
|
createHome = true;
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
};
|
};
|
||||||
|
|
173
modules/lass/gitolite-base.nix
Normal file
173
modules/lass/gitolite-base.nix
Normal file
|
@ -0,0 +1,173 @@
|
||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.gitolite = {
|
||||||
|
mutable = false;
|
||||||
|
keys = {
|
||||||
|
lass = config.sshKeys.lass.pub;
|
||||||
|
uriel = config.sshKeys.uriel.pub;
|
||||||
|
};
|
||||||
|
rc = ''
|
||||||
|
%RC = (
|
||||||
|
UMASK => 0077,
|
||||||
|
GIT_CONFIG_KEYS => "",
|
||||||
|
LOG_EXTRA => 1,
|
||||||
|
ROLES => {
|
||||||
|
READERS => 1,
|
||||||
|
WRITERS => 1,
|
||||||
|
},
|
||||||
|
LOCAL_CODE => "$ENV{HOME}/.gitolite",
|
||||||
|
ENABLE => [
|
||||||
|
'help',
|
||||||
|
'desc',
|
||||||
|
'info',
|
||||||
|
'perms',
|
||||||
|
'writable',
|
||||||
|
'ssh-authkeys',
|
||||||
|
'git-config',
|
||||||
|
'daemon',
|
||||||
|
'gitweb',
|
||||||
|
'repo-specific-hooks',
|
||||||
|
],
|
||||||
|
);
|
||||||
|
1;
|
||||||
|
'';
|
||||||
|
|
||||||
|
repoSpecificHooks = {
|
||||||
|
irc-announce = ''
|
||||||
|
#! /bin/sh
|
||||||
|
set -euf
|
||||||
|
|
||||||
|
config_file="$GL_ADMIN_BASE/conf/irc-announce.conf"
|
||||||
|
if test -f "$config_file"; then
|
||||||
|
. "$config_file"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# XXX when changing IRC_CHANNEL or IRC_SERVER/_PORT, don't forget to update
|
||||||
|
# any relevant gitolite LOCAL_CODE!
|
||||||
|
# CAVEAT we hope that IRC_NICK is unique
|
||||||
|
IRC_NICK="''${IRC_NICK-gl$GL_TID}"
|
||||||
|
IRC_CHANNEL="''${IRC_CHANNEL-#retiolum}"
|
||||||
|
IRC_SERVER="''${IRC_SERVER-ire.retiolum}"
|
||||||
|
IRC_PORT="''${IRC_PORT-6667}"
|
||||||
|
|
||||||
|
# for privmsg_cat below
|
||||||
|
export IRC_CHANNEL
|
||||||
|
|
||||||
|
# collect users that are mentioned in the gitolite configuration
|
||||||
|
interested_users="$(perl -e '
|
||||||
|
do "gl-conf";
|
||||||
|
print join(" ", keys%{ $one_repo{$ENV{"GL_REPO"}} });
|
||||||
|
')"
|
||||||
|
|
||||||
|
# CAVEAT beware of real TABs in grep pattern!
|
||||||
|
# CAVEAT there will never be more than 42 relevant log entries!
|
||||||
|
tab=$(printf '\x09')
|
||||||
|
log="$(tail -n 42 "$GL_LOGFILE" | grep "^[^$tab]*$tab$GL_TID$tab" || :)"
|
||||||
|
|
||||||
|
update_log="$(echo "$log" | grep "^[^$tab]*$tab$GL_TID''${tab}update")"
|
||||||
|
|
||||||
|
# (debug output)
|
||||||
|
env | sed 's/^/env: /'
|
||||||
|
echo "$log" | sed 's/^/log: /'
|
||||||
|
|
||||||
|
# see http://gitolite.com/gitolite/dev-notes.html#lff
|
||||||
|
reponame=$(echo "$update_log" | cut -f 4)
|
||||||
|
username=$(echo "$update_log" | cut -f 5)
|
||||||
|
ref_name=$(echo "$update_log" | cut -f 7 | sed 's|^refs/heads/||')
|
||||||
|
old_sha=$(echo "$update_log" | cut -f 8)
|
||||||
|
new_sha=$(echo "$update_log" | cut -f 9)
|
||||||
|
|
||||||
|
# check if new branch is created
|
||||||
|
if test $old_sha = 0000000000000000000000000000000000000000; then
|
||||||
|
# TODO what should we really show?
|
||||||
|
old_sha=$new_sha^
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
git_log="$(git log $old_sha..$new_sha --pretty=oneline --abbrev-commit)"
|
||||||
|
commit_count=$(echo "$git_log" | wc -l)
|
||||||
|
|
||||||
|
# echo2 and cat2 are used output to both, stdout and stderr
|
||||||
|
# This is used to see what we send to the irc server. (debug output)
|
||||||
|
echo2() { echo "$*"; echo "$*" >&2; }
|
||||||
|
cat2() { tee /dev/stderr; }
|
||||||
|
|
||||||
|
# privmsg_cat transforms stdin to a privmsg
|
||||||
|
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
|
||||||
|
|
||||||
|
# ircin is used to feed the output of netcat back to the "irc client"
|
||||||
|
# so we can implement expect-like behavior with sed^_^
|
||||||
|
# XXX mkselfdestructingtmpfifo would be nice instead of this cruft
|
||||||
|
tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
|
||||||
|
cd "$tmpdir"
|
||||||
|
mkfifo ircin
|
||||||
|
trap "
|
||||||
|
rm ircin
|
||||||
|
cd '$OLDPWD'
|
||||||
|
rmdir '$tmpdir'
|
||||||
|
trap - EXIT INT QUIT
|
||||||
|
" EXIT INT QUIT
|
||||||
|
|
||||||
|
#
|
||||||
|
#
|
||||||
|
#
|
||||||
|
{
|
||||||
|
echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
|
||||||
|
echo2 "NICK $IRC_NICK"
|
||||||
|
|
||||||
|
# wait for MODE message
|
||||||
|
sed -n '/^:[^ ]* MODE /q'
|
||||||
|
|
||||||
|
echo2 "JOIN $IRC_CHANNEL"
|
||||||
|
|
||||||
|
echo "$interested_users" \
|
||||||
|
| tr ' ' '\n' \
|
||||||
|
| grep -v "^$GL_USER" \
|
||||||
|
| sed 's/$/: poke/' \
|
||||||
|
| privmsg_cat \
|
||||||
|
| cat2
|
||||||
|
|
||||||
|
printf '[\x0313%s\x03] %s pushed %s new commit%s to \x036%s %s\x03\n' \
|
||||||
|
"$reponame" \
|
||||||
|
"$username" \
|
||||||
|
"$commit_count" \
|
||||||
|
"$(test $commit_count = 1 || echo s)" \
|
||||||
|
"$(hostname)" \
|
||||||
|
"$ref_name" \
|
||||||
|
| privmsg_cat \
|
||||||
|
| cat2
|
||||||
|
|
||||||
|
echo "$git_log" \
|
||||||
|
| sed 's/^/\x0314/;s/ /\x03 /' \
|
||||||
|
| privmsg_cat \
|
||||||
|
| cat2
|
||||||
|
|
||||||
|
echo2 "PART $IRC_CHANNEL"
|
||||||
|
|
||||||
|
# wait for PART confirmation
|
||||||
|
sed -n '/:'"$IRC_NICK"'![^ ]* PART /q'
|
||||||
|
|
||||||
|
echo2 'QUIT :Gone to have lunch'
|
||||||
|
} < ircin \
|
||||||
|
| nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
customFiles = [
|
||||||
|
{
|
||||||
|
path = ".gitolite/conf/irc-announce.conf";
|
||||||
|
file = ''
|
||||||
|
IRC_NICK="$(hostname)$GL_TID"
|
||||||
|
case "$GL_REPO" in
|
||||||
|
brain|painload|services|load-env|config)
|
||||||
|
IRC_CHANNEL='#retiolum'
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
IRC_CHANNEL='&testing'
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -6,4 +6,6 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
config.sshKeys.lass.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
|
config.sshKeys.lass.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
|
||||||
|
|
||||||
|
config.sshKeys.uriel.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,31 +31,10 @@ in
|
||||||
|
|
||||||
URxvt.intensityStyles: false
|
URxvt.intensityStyles: false
|
||||||
|
|
||||||
!solarized colors
|
URxvt*background: #000000
|
||||||
URxvt*fading: 5
|
URxvt*foreground: #ffffff
|
||||||
URxvt*background: #002b36
|
|
||||||
URxvt*foreground: #657b83
|
!change unreadable blue
|
||||||
URxvt*fadeColor: #002b36
|
|
||||||
URxvt*cursorColor: #93a1a1
|
|
||||||
URxvt*pointerColorBackground: #586e75
|
|
||||||
URxvt*pointerColorForeground: #93a1a1
|
|
||||||
URxvt*colorUL: #859900
|
|
||||||
URxvt*colorBD: #268bd2
|
|
||||||
URxvt*color0: #073642
|
|
||||||
URxvt*color8: #002b36
|
|
||||||
URxvt*color1: #dc322f
|
|
||||||
URxvt*color9: #cb4b16
|
|
||||||
URxvt*color2: #859900
|
|
||||||
URxvt*color10: #586e75
|
|
||||||
URxvt*color3: #b58900
|
|
||||||
URxvt*color11: #657b83
|
|
||||||
URxvt*color4: #268bd2
|
URxvt*color4: #268bd2
|
||||||
URxvt*color12: #839496
|
|
||||||
URxvt*color5: #d33682
|
|
||||||
URxvt*color13: #6c71c4
|
|
||||||
URxvt*color6: #2aa198
|
|
||||||
URxvt*color14: #93a1a1
|
|
||||||
URxvt*color7: #eee8d5
|
|
||||||
URxvt*color15: #fdf6e3
|
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,20 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
|
customPlugins.mustang2 = pkgs.vimUtils.buildVimPlugin {
|
||||||
|
name = "Mustang2";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "croaker";
|
||||||
|
repo = "mustang-vim";
|
||||||
|
rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
|
||||||
|
sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
in {
|
||||||
(vim_configurable.customize {
|
|
||||||
|
environment.systemPackages = [
|
||||||
|
(pkgs.vim_configurable.customize {
|
||||||
name = "vim";
|
name = "vim";
|
||||||
|
|
||||||
vimrcConfig.customRC = ''
|
vimrcConfig.customRC = ''
|
||||||
|
@ -12,7 +23,7 @@
|
||||||
syntax on
|
syntax on
|
||||||
" TODO autoload colorscheme file
|
" TODO autoload colorscheme file
|
||||||
set background=dark
|
set background=dark
|
||||||
colorscheme solarized
|
colorscheme mustang
|
||||||
filetype off
|
filetype off
|
||||||
filetype plugin indent on
|
filetype plugin indent on
|
||||||
|
|
||||||
|
@ -47,8 +58,6 @@
|
||||||
|
|
||||||
"Tabwidth
|
"Tabwidth
|
||||||
set ts=2 sts=2 sw=2 et
|
set ts=2 sts=2 sw=2 et
|
||||||
autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
|
|
||||||
autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
|
|
||||||
|
|
||||||
" create Backup/tmp/undo dirs
|
" create Backup/tmp/undo dirs
|
||||||
function! InitBackupDir()
|
function! InitBackupDir()
|
||||||
|
@ -79,15 +88,29 @@
|
||||||
set viminfo='20,<1000,s100,h,n~/.vim/tmp/info
|
set viminfo='20,<1000,s100,h,n~/.vim/tmp/info
|
||||||
set undodir=$HOME/.vim/undo
|
set undodir=$HOME/.vim/undo
|
||||||
set undofile
|
set undofile
|
||||||
|
|
||||||
|
" highlight whitespaces
|
||||||
|
highlight ExtraWhitespace ctermbg=red guibg=red
|
||||||
|
match ExtraWhitespace /\s\+$/
|
||||||
|
autocmd BufWinEnter * match ExtraWhitespace /\s\+$/
|
||||||
|
autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@<!$/
|
||||||
|
autocmd InsertLeave * match ExtraWhitespace /\s\+$/
|
||||||
|
autocmd BufWinLeave * call clearmatches()
|
||||||
|
|
||||||
|
"ft specific stuff
|
||||||
|
autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
|
||||||
|
autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
|
||||||
|
|
||||||
|
"esc timeout
|
||||||
|
set timeoutlen=1000 ttimeoutlen=0
|
||||||
'';
|
'';
|
||||||
|
|
||||||
vimrcConfig.vam.knownPlugins = vimPlugins;
|
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
|
||||||
vimrcConfig.vam.pluginDictionaries = [
|
vimrcConfig.vam.pluginDictionaries = [
|
||||||
{ name = "Gundo"; }
|
{ names = [ "Gundo" "commentary" "mustang2" ]; }
|
||||||
{ name = "commentary"; }
|
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
||||||
{ name = "vim-addon-nix"; }
|
|
||||||
{ name = "colors-solarized"; }
|
|
||||||
];
|
];
|
||||||
|
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,7 @@ in {
|
||||||
description = "user for running VirtualBox";
|
description = "user for running VirtualBox";
|
||||||
home = "/home/virtual";
|
home = "/home/virtual";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
extraGroups = [ "vboxusers" ];
|
extraGroups = [ "vboxusers" "audio" ];
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -13,7 +13,7 @@ in {
|
||||||
description = "user for running wine";
|
description = "user for running wine";
|
||||||
home = "/home/wine";
|
home = "/home/wine";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
extraGroups = [];
|
extraGroups = [ "audio" ];
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -24,10 +24,12 @@
|
||||||
../lass/binary-caches.nix
|
../lass/binary-caches.nix
|
||||||
../lass/ircd.nix
|
../lass/ircd.nix
|
||||||
../../secrets/mors-pw.nix
|
../../secrets/mors-pw.nix
|
||||||
|
./repos.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
url = "https://github.com/Lassulus/nixpkgs";
|
url = "https://github.com/Lassulus/nixpkgs";
|
||||||
rev = "eba85883a07a9fc414d7860f8d6fee4d9f09b2ac";
|
rev = "b74c8eeb73a75eb61148c190df4733474a99a205";
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.hostName = "mors";
|
networking.hostName = "mors";
|
||||||
|
@ -54,8 +56,6 @@
|
||||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||||
#kernelModules = [ "kvm-intel" "msr" ];
|
#kernelModules = [ "kvm-intel" "msr" ];
|
||||||
kernelModules = [ "msr" ];
|
kernelModules = [ "msr" ];
|
||||||
extraModprobeConfig = ''
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
"/" = {
|
"/" = {
|
||||||
|
@ -145,7 +145,6 @@
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.xserver = {
|
services.xserver = {
|
||||||
|
|
||||||
videoDriver = "intel";
|
videoDriver = "intel";
|
||||||
vaapiDrivers = [ pkgs.vaapiIntel ];
|
vaapiDrivers = [ pkgs.vaapiIntel ];
|
||||||
deviceSection = ''
|
deviceSection = ''
|
||||||
|
|
78
modules/mors/repos.nix
Normal file
78
modules/mors/repos.nix
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../lass/gitolite-base.nix
|
||||||
|
../common/krebs-keys.nix
|
||||||
|
../common/krebs-repos.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
services.gitolite = {
|
||||||
|
repos = {
|
||||||
|
|
||||||
|
config = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
uriel = "R";
|
||||||
|
tv = "R";
|
||||||
|
};
|
||||||
|
extraConfig = "option hook.post-receive = irc-announce";
|
||||||
|
};
|
||||||
|
|
||||||
|
pass = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
uriel = "R";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
load-env = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
uriel = "R";
|
||||||
|
tv = "R";
|
||||||
|
};
|
||||||
|
extraConfig = "option hook.post-receive = irc-announce";
|
||||||
|
};
|
||||||
|
|
||||||
|
emse-hsdb = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
uriel = "R";
|
||||||
|
tv = "R";
|
||||||
|
};
|
||||||
|
extraConfig = "option hook.post-receive = irc-announce";
|
||||||
|
};
|
||||||
|
|
||||||
|
brain = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
};
|
||||||
|
extraConfig = "option hook.post-receive = irc-announce";
|
||||||
|
#hooks.post-receive = irc-announce;
|
||||||
|
};
|
||||||
|
|
||||||
|
painload = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
};
|
||||||
|
extraConfig = "option hook.post-receive = irc-announce";
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
};
|
||||||
|
extraConfig = "option hook.post-receive = irc-announce";
|
||||||
|
};
|
||||||
|
|
||||||
|
xmonad-config = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
uriel = "R";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -16,13 +16,14 @@
|
||||||
../../secrets/uriel-pw.nix
|
../../secrets/uriel-pw.nix
|
||||||
../lass/sshkeys.nix
|
../lass/sshkeys.nix
|
||||||
../lass/bird.nix
|
../lass/bird.nix
|
||||||
|
./repos.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
url = "https://github.com/Lassulus/nixpkgs";
|
url = "https://github.com/Lassulus/nixpkgs";
|
||||||
rev = "b42ecfb8c61e514bf7733b4ab0982d3e7e27dacb";
|
rev = "b74c8eeb73a75eb61148c190df4733474a99a205";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
networking.hostName = "uriel";
|
networking.hostName = "uriel";
|
||||||
networking.wireless.enable = true;
|
networking.wireless.enable = true;
|
||||||
nix.maxJobs = 2;
|
nix.maxJobs = 2;
|
||||||
|
@ -104,6 +105,7 @@
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
#users.extraGroups = {
|
#users.extraGroups = {
|
||||||
# loot = {
|
# loot = {
|
||||||
# members = [
|
# members = [
|
||||||
|
|
78
modules/uriel/repos.nix
Normal file
78
modules/uriel/repos.nix
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../lass/gitolite-base.nix
|
||||||
|
../common/krebs-keys.nix
|
||||||
|
../common/krebs-repos.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
services.gitolite = {
|
||||||
|
repos = {
|
||||||
|
|
||||||
|
config = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
uriel = "R";
|
||||||
|
tv = "R";
|
||||||
|
};
|
||||||
|
extraConfig = "option hook.post-receive = irc-announce";
|
||||||
|
};
|
||||||
|
|
||||||
|
pass = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
uriel = "R";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
load-env = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
uriel = "R";
|
||||||
|
tv = "R";
|
||||||
|
};
|
||||||
|
extraConfig = "option hook.post-receive = irc-announce";
|
||||||
|
};
|
||||||
|
|
||||||
|
emse-hsdb = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
uriel = "R";
|
||||||
|
tv = "R";
|
||||||
|
};
|
||||||
|
extraConfig = "option hook.post-receive = irc-announce";
|
||||||
|
};
|
||||||
|
|
||||||
|
brain = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
};
|
||||||
|
extraConfig = "option hook.post-receive = irc-announce";
|
||||||
|
#hooks.post-receive = irc-announce;
|
||||||
|
};
|
||||||
|
|
||||||
|
painload = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
};
|
||||||
|
extraConfig = "option hook.post-receive = irc-announce";
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
};
|
||||||
|
extraConfig = "option hook.post-receive = irc-announce";
|
||||||
|
};
|
||||||
|
|
||||||
|
xmonad-config = {
|
||||||
|
users = {
|
||||||
|
lass = "RW+";
|
||||||
|
uriel = "R";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue