2 lass: re-add all configs
This commit is contained in:
parent
670cfaf39a
commit
c3e295b56e
136
2configs/lass/base.nix
Normal file
136
2configs/lass/base.nix
Normal file
|
@ -0,0 +1,136 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
imports = [
|
||||
./sshkeys.nix
|
||||
../../3modules/lass/iptables.nix
|
||||
{
|
||||
users.extraUsers =
|
||||
mapAttrs (_: h: { hashedPassword = h; })
|
||||
(import /root/src/secrets/hashedPasswords.nix);
|
||||
}
|
||||
|
||||
];
|
||||
|
||||
nix.useChroot = true;
|
||||
|
||||
users.mutableUsers = false;
|
||||
|
||||
boot.tmpOnTmpfs = true;
|
||||
# see tmpfiles.d(5)
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /tmp 1777 root root - -"
|
||||
];
|
||||
|
||||
# multiple-definition-problem when defining environment.variables.EDITOR
|
||||
environment.extraInit = ''
|
||||
EDITOR=vim
|
||||
PAGER=most
|
||||
'';
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
git
|
||||
most
|
||||
rxvt_unicode.terminfo
|
||||
|
||||
#network
|
||||
iptables
|
||||
];
|
||||
|
||||
programs.bash = {
|
||||
enableCompletion = true;
|
||||
interactiveShellInit = ''
|
||||
HISTCONTROL='erasedups:ignorespace'
|
||||
HISTSIZE=65536
|
||||
HISTFILESIZE=$HISTSIZE
|
||||
|
||||
shopt -s checkhash
|
||||
shopt -s histappend histreedit histverify
|
||||
shopt -s no_empty_cmd_completion
|
||||
complete -d cd
|
||||
|
||||
#fancy colors
|
||||
if [ -e ~/LS_COLORS ]; then
|
||||
eval $(dircolors ~/LS_COLORS)
|
||||
fi
|
||||
|
||||
if [ -e /etc/nixos/dotfiles/link ]; then
|
||||
/etc/nixos/dotfiles/link
|
||||
fi
|
||||
'';
|
||||
promptInit = ''
|
||||
if test $UID = 0; then
|
||||
PS1='\[\033[1;31m\]\w\[\033[0m\] '
|
||||
elif test $UID = 1337; then
|
||||
PS1='\[\033[1;32m\]\w\[\033[0m\] '
|
||||
else
|
||||
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
|
||||
fi
|
||||
if test -n "$SSH_CLIENT"; then
|
||||
PS1='\[\033[35m\]\h'" $PS1"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
security.setuidPrograms = [
|
||||
"sendmail"
|
||||
];
|
||||
|
||||
services.gitolite = {
|
||||
enable = true;
|
||||
dataDir = "/home/gitolite";
|
||||
adminPubkey = config.sshKeys.lass.pub;
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
hostKeys = [
|
||||
# XXX bits here make no science
|
||||
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
||||
];
|
||||
};
|
||||
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=1G
|
||||
RuntimeMaxUse=128M
|
||||
'';
|
||||
|
||||
lass.iptables = {
|
||||
enable = true;
|
||||
tables = {
|
||||
filter.INPUT.policy = "DROP";
|
||||
filter.FORWARD.policy = "DROP";
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-i lo"; target = "ACCEPT"; }
|
||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
||||
{ predicate = "-p icmp"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
#Networking.firewall = {
|
||||
# enable = true;
|
||||
|
||||
# allowedTCPPorts = [
|
||||
# 22
|
||||
# ];
|
||||
|
||||
# extraCommands = ''
|
||||
# iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
|
||||
# iptables -A INPUT -j ACCEPT -i lo
|
||||
# #http://serverfault.com/questions/84963/why-not-block-icmp
|
||||
# iptables -A INPUT -j ACCEPT -p icmp
|
||||
|
||||
# #TODO: fix Retiolum firewall
|
||||
# #iptables -N RETIOLUM
|
||||
# #iptables -A INPUT -j RETIOLUM -i retiolum
|
||||
# #iptables -A RETIOLUM -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
|
||||
# #iptables -A RETIOLUM -j REJECT -p tcp --reject-with tcp-reset
|
||||
# #iptables -A RETIOLUM -j REJECT -p udp --reject-with icmp-port-unreachable
|
||||
# #iptables -A RETIOLUM -j REJECT --reject-with icmp-proto-unreachable
|
||||
# #iptables -A RETIOLUM -j REJECT
|
||||
# '';
|
||||
#};
|
||||
}
|
13
2configs/lass/binary-caches.nix
Normal file
13
2configs/lass/binary-caches.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
nix.sshServe.enable = true;
|
||||
nix.sshServe.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel"
|
||||
];
|
||||
nix.binaryCaches = [
|
||||
#"scp://nix-ssh@mors"
|
||||
#"scp://nix-ssh@uriel"
|
||||
];
|
||||
}
|
13
2configs/lass/bird.nix
Normal file
13
2configs/lass/bird.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
config.services.bird = {
|
||||
enable = true;
|
||||
config = ''
|
||||
router id 192.168.122.1;
|
||||
protocol device {
|
||||
scan time 10;
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
17
2configs/lass/bitcoin.nix
Normal file
17
2configs/lass/bitcoin.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
electrum
|
||||
];
|
||||
|
||||
users.extraUsers = {
|
||||
bitcoin = {
|
||||
name = "bitcoin";
|
||||
description = "user for bitcoin stuff";
|
||||
home = "/home/bitcoin";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
}
|
67
2configs/lass/browsers.nix
Normal file
67
2configs/lass/browsers.nix
Normal file
|
@ -0,0 +1,67 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
|
||||
in {
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs : {
|
||||
chromium = pkgs.chromium.override {
|
||||
pulseSupport = true;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
firefox
|
||||
];
|
||||
|
||||
users.extraUsers = {
|
||||
firefox = {
|
||||
name = "firefox";
|
||||
description = "user for running firefox";
|
||||
home = "/home/firefox";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "audio" ];
|
||||
createHome = true;
|
||||
};
|
||||
chromium = {
|
||||
name = "chromium";
|
||||
description = "user for running chromium";
|
||||
home = "/home/chromium";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "audio" ];
|
||||
createHome = true;
|
||||
};
|
||||
facebook = {
|
||||
name = "facebook";
|
||||
description = "user for running facebook in chromium";
|
||||
home = "/home/facebook";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "audio" ];
|
||||
createHome = true;
|
||||
};
|
||||
google = {
|
||||
name = "google";
|
||||
description = "user for running google+/gmail in chromium";
|
||||
home = "/home/google";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
flash = {
|
||||
name = "flash";
|
||||
description = "user for running flash stuff";
|
||||
home = "/home/flash";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "audio" ];
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(firefox) NOPASSWD: ALL
|
||||
${mainUser.name} ALL=(chromium) NOPASSWD: ALL
|
||||
${mainUser.name} ALL=(facebook) NOPASSWD: ALL
|
||||
${mainUser.name} ALL=(google) NOPASSWD: ALL
|
||||
${mainUser.name} ALL=(flash) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
48
2configs/lass/chromium-patched.nix
Normal file
48
2configs/lass/chromium-patched.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
#settings to test:
|
||||
#
|
||||
#"ForceEphemeralProfiles": true,
|
||||
let
|
||||
masterPolicy = pkgs.writeText "master.json" ''
|
||||
{
|
||||
"PasswordManagerEnabled": false,
|
||||
"DefaultGeolocationSetting": 2,
|
||||
"RestoreOnStartup": 1,
|
||||
"AutoFillEnabled": false,
|
||||
"BackgroundModeEnabled": false,
|
||||
"DefaultBrowserSettingEnabled": false,
|
||||
"SafeBrowsingEnabled": false,
|
||||
"ExtensionInstallForcelist": [
|
||||
"cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx",
|
||||
"ihlenndgcmojhcghmfjfneahoeklbjjh;https://clients2.google.com/service/update2/crx"
|
||||
]
|
||||
}
|
||||
'';
|
||||
|
||||
master_preferences = pkgs.writeText "master_preferences" ''
|
||||
{
|
||||
"browser": {
|
||||
"custom_chrome_frame": true
|
||||
},
|
||||
|
||||
"extensions": {
|
||||
"theme": {
|
||||
"id": "",
|
||||
"use_system": true
|
||||
}
|
||||
}
|
||||
}
|
||||
'';
|
||||
in {
|
||||
environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy;
|
||||
|
||||
environment.systemPackages = [
|
||||
#pkgs.chromium
|
||||
(pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
|
||||
buildCommand = attrs.buildCommand + ''
|
||||
touch $out/TEST123
|
||||
'';
|
||||
}))
|
||||
];
|
||||
}
|
65
2configs/lass/desktop-base.nix
Normal file
65
2configs/lass/desktop-base.nix
Normal file
|
@ -0,0 +1,65 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
in {
|
||||
imports = [
|
||||
./base.nix
|
||||
];
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
virtualisation.libvirtd.enable = true;
|
||||
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
};
|
||||
|
||||
programs.ssh.startAgent = false;
|
||||
|
||||
security.setuidPrograms = [ "slock" ];
|
||||
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = [ pkgs.foomatic_filters ];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
||||
powertop
|
||||
|
||||
#window manager stuff
|
||||
haskellPackages.xmobar
|
||||
haskellPackages.yeganesh
|
||||
dmenu2
|
||||
xlibs.fontschumachermisc
|
||||
];
|
||||
|
||||
fonts.fonts = [
|
||||
pkgs.xlibs.fontschumachermisc
|
||||
];
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
|
||||
windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [
|
||||
X11-xshape
|
||||
];
|
||||
windowManager.xmonad.enable = true;
|
||||
windowManager.xmonad.enableContribAndExtras = true;
|
||||
windowManager.default = "xmonad";
|
||||
desktopManager.default = "none";
|
||||
desktopManager.xterm.enable = false;
|
||||
displayManager.slim.enable = true;
|
||||
displayManager.auto.enable = true;
|
||||
displayManager.auto.user = mainUser.name;
|
||||
|
||||
layout = "us,de";
|
||||
xkbModel = "evdev";
|
||||
xkbVariant = "altgr-intl,nodeadkeys";
|
||||
xkbOptions = "grp:caps_toggle";
|
||||
|
||||
};
|
||||
|
||||
}
|
20
2configs/lass/elster.nix
Normal file
20
2configs/lass/elster.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
|
||||
in {
|
||||
users.extraUsers = {
|
||||
elster = {
|
||||
name = "elster";
|
||||
description = "user for running elster-online";
|
||||
home = "/home/elster";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [];
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(elster) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
25
2configs/lass/games.nix
Normal file
25
2configs/lass/games.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
|
||||
in {
|
||||
environment.systemPackages = with pkgs; [
|
||||
dwarf_fortress
|
||||
];
|
||||
|
||||
users.extraUsers = {
|
||||
games = {
|
||||
name = "games";
|
||||
description = "user playing games";
|
||||
home = "/home/games";
|
||||
extraGroups = [ "audio" "video" "input" ];
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
};
|
||||
};
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(games) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
130
2configs/lass/git-repos.nix
Normal file
130
2configs/lass/git-repos.nix
Normal file
|
@ -0,0 +1,130 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (builtins) map readFile;
|
||||
inherit (lib) concatMap listToAttrs;
|
||||
# TODO lib should already include our stuff
|
||||
inherit (import ../../4lib/tv { inherit lib pkgs; }) addNames git;
|
||||
|
||||
x-repos = [
|
||||
(krebs-private "brain")
|
||||
|
||||
(public "painload")
|
||||
(public "shitment")
|
||||
(public "wai-middleware-time")
|
||||
(public "web-routes-wai-custom")
|
||||
|
||||
(secret "pass")
|
||||
|
||||
(tv-lass "emse-drywall")
|
||||
(tv-lass "emse-hsdb")
|
||||
];
|
||||
|
||||
users = addNames {
|
||||
tv = { pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; };
|
||||
lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; };
|
||||
uriel = { pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; };
|
||||
makefu = { pubkey = readFile ../../Zpubkeys/makefu.ssh.pub; };
|
||||
};
|
||||
|
||||
repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) x-repos);
|
||||
|
||||
rules = concatMap ({ rules, ... }: rules) x-repos;
|
||||
|
||||
krebs-private = repo-name:
|
||||
rec {
|
||||
repo = {
|
||||
name = repo-name;
|
||||
hooks = {
|
||||
post-receive = git.irc-announce {
|
||||
nick = config.networking.hostName; # TODO make this the default
|
||||
channel = "#retiolum";
|
||||
server = "ire.retiolum";
|
||||
};
|
||||
};
|
||||
};
|
||||
rules = with git; with users; [
|
||||
{ user = lass;
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
}
|
||||
{ user = [ tv makefu uriel ];
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
public = repo-name:
|
||||
rec {
|
||||
repo = {
|
||||
name = repo-name;
|
||||
hooks = {
|
||||
post-receive = git.irc-announce {
|
||||
nick = config.networking.hostName; # TODO make this the default
|
||||
channel = "#retiolum";
|
||||
server = "ire.retiolum";
|
||||
};
|
||||
};
|
||||
public = true;
|
||||
};
|
||||
rules = with git; with users; [
|
||||
{ user = lass;
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
}
|
||||
{ user = [ tv makefu uriel ];
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
secret = repo-name:
|
||||
rec {
|
||||
repo = {
|
||||
name = repo-name;
|
||||
hooks = {};
|
||||
};
|
||||
rules = with git; with users; [
|
||||
{ user = lass;
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
}
|
||||
{ user = [ uriel ];
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
tv-lass = repo-name:
|
||||
rec {
|
||||
repo = {
|
||||
name = repo-name;
|
||||
hooks = {};
|
||||
};
|
||||
rules = with git; with users; [
|
||||
{ user = lass;
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
}
|
||||
{ user = [ tv ];
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../3modules/tv/git.nix
|
||||
];
|
||||
|
||||
tv.git = {
|
||||
enable = true;
|
||||
inherit repos rules users;
|
||||
};
|
||||
}
|
173
2configs/lass/gitolite-base.nix
Normal file
173
2configs/lass/gitolite-base.nix
Normal file
|
@ -0,0 +1,173 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
services.gitolite = {
|
||||
mutable = false;
|
||||
keys = {
|
||||
lass = config.sshKeys.lass.pub;
|
||||
uriel = config.sshKeys.uriel.pub;
|
||||
};
|
||||
rc = ''
|
||||
%RC = (
|
||||
UMASK => 0077,
|
||||
GIT_CONFIG_KEYS => "",
|
||||
LOG_EXTRA => 1,
|
||||
ROLES => {
|
||||
READERS => 1,
|
||||
WRITERS => 1,
|
||||
},
|
||||
LOCAL_CODE => "$ENV{HOME}/.gitolite",
|
||||
ENABLE => [
|
||||
'help',
|
||||
'desc',
|
||||
'info',
|
||||
'perms',
|
||||
'writable',
|
||||
'ssh-authkeys',
|
||||
'git-config',
|
||||
'daemon',
|
||||
'gitweb',
|
||||
'repo-specific-hooks',
|
||||
],
|
||||
);
|
||||
1;
|
||||
'';
|
||||
|
||||
repoSpecificHooks = {
|
||||
irc-announce = ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
|
||||
config_file="$GL_ADMIN_BASE/conf/irc-announce.conf"
|
||||
if test -f "$config_file"; then
|
||||
. "$config_file"
|
||||
fi
|
||||
|
||||
# XXX when changing IRC_CHANNEL or IRC_SERVER/_PORT, don't forget to update
|
||||
# any relevant gitolite LOCAL_CODE!
|
||||
# CAVEAT we hope that IRC_NICK is unique
|
||||
IRC_NICK="''${IRC_NICK-gl$GL_TID}"
|
||||
IRC_CHANNEL="''${IRC_CHANNEL-#retiolum}"
|
||||
IRC_SERVER="''${IRC_SERVER-ire.retiolum}"
|
||||
IRC_PORT="''${IRC_PORT-6667}"
|
||||
|
||||
# for privmsg_cat below
|
||||
export IRC_CHANNEL
|
||||
|
||||
# collect users that are mentioned in the gitolite configuration
|
||||
interested_users="$(perl -e '
|
||||
do "gl-conf";
|
||||
print join(" ", keys%{ $one_repo{$ENV{"GL_REPO"}} });
|
||||
')"
|
||||
|
||||
# CAVEAT beware of real TABs in grep pattern!
|
||||
# CAVEAT there will never be more than 42 relevant log entries!
|
||||
tab=$(printf '\x09')
|
||||
log="$(tail -n 42 "$GL_LOGFILE" | grep "^[^$tab]*$tab$GL_TID$tab" || :)"
|
||||
|
||||
update_log="$(echo "$log" | grep "^[^$tab]*$tab$GL_TID''${tab}update")"
|
||||
|
||||
# (debug output)
|
||||
env | sed 's/^/env: /'
|
||||
echo "$log" | sed 's/^/log: /'
|
||||
|
||||
# see http://gitolite.com/gitolite/dev-notes.html#lff
|
||||
reponame=$(echo "$update_log" | cut -f 4)
|
||||
username=$(echo "$update_log" | cut -f 5)
|
||||
ref_name=$(echo "$update_log" | cut -f 7 | sed 's|^refs/heads/||')
|
||||
old_sha=$(echo "$update_log" | cut -f 8)
|
||||
new_sha=$(echo "$update_log" | cut -f 9)
|
||||
|
||||
# check if new branch is created
|
||||
if test $old_sha = 0000000000000000000000000000000000000000; then
|
||||
# TODO what should we really show?
|
||||
old_sha=$new_sha^
|
||||
fi
|
||||
|
||||
#
|
||||
git_log="$(git log $old_sha..$new_sha --pretty=oneline --abbrev-commit)"
|
||||
commit_count=$(echo "$git_log" | wc -l)
|
||||
|
||||
# echo2 and cat2 are used output to both, stdout and stderr
|
||||
# This is used to see what we send to the irc server. (debug output)
|
||||
echo2() { echo "$*"; echo "$*" >&2; }
|
||||
cat2() { tee /dev/stderr; }
|
||||
|
||||
# privmsg_cat transforms stdin to a privmsg
|
||||
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
|
||||
|
||||
# ircin is used to feed the output of netcat back to the "irc client"
|
||||
# so we can implement expect-like behavior with sed^_^
|
||||
# XXX mkselfdestructingtmpfifo would be nice instead of this cruft
|
||||
tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
|
||||
cd "$tmpdir"
|
||||
mkfifo ircin
|
||||
trap "
|
||||
rm ircin
|
||||
cd '$OLDPWD'
|
||||
rmdir '$tmpdir'
|
||||
trap - EXIT INT QUIT
|
||||
" EXIT INT QUIT
|
||||
|
||||
#
|
||||
#
|
||||
#
|
||||
{
|
||||
echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
|
||||
echo2 "NICK $IRC_NICK"
|
||||
|
||||
# wait for MODE message
|
||||
sed -n '/^:[^ ]* MODE /q'
|
||||
|
||||
echo2 "JOIN $IRC_CHANNEL"
|
||||
|
||||
echo "$interested_users" \
|
||||
| tr ' ' '\n' \
|
||||
| grep -v "^$GL_USER" \
|
||||
| sed 's/$/: poke/' \
|
||||
| privmsg_cat \
|
||||
| cat2
|
||||
|
||||
printf '[\x0313%s\x03] %s pushed %s new commit%s to \x036%s %s\x03\n' \
|
||||
"$reponame" \
|
||||
"$username" \
|
||||
"$commit_count" \
|
||||
"$(test $commit_count = 1 || echo s)" \
|
||||
"$(hostname)" \
|
||||
"$ref_name" \
|
||||
| privmsg_cat \
|
||||
| cat2
|
||||
|
||||
echo "$git_log" \
|
||||
| sed 's/^/\x0314/;s/ /\x03 /' \
|
||||
| privmsg_cat \
|
||||
| cat2
|
||||
|
||||
echo2 "PART $IRC_CHANNEL"
|
||||
|
||||
# wait for PART confirmation
|
||||
sed -n '/:'"$IRC_NICK"'![^ ]* PART /q'
|
||||
|
||||
echo2 'QUIT :Gone to have lunch'
|
||||
} < ircin \
|
||||
| nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
|
||||
'';
|
||||
};
|
||||
customFiles = [
|
||||
{
|
||||
path = ".gitolite/conf/irc-announce.conf";
|
||||
file = ''
|
||||
IRC_NICK="$(hostname)$GL_TID"
|
||||
case "$GL_REPO" in
|
||||
brain|painload|services|load-env|config)
|
||||
IRC_CHANNEL='#retiolum'
|
||||
;;
|
||||
*)
|
||||
IRC_CHANNEL='&testing'
|
||||
;;
|
||||
esac
|
||||
'';
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
88
2configs/lass/ircd.nix
Normal file
88
2configs/lass/ircd.nix
Normal file
|
@ -0,0 +1,88 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
config.services.charybdis = {
|
||||
enable = true;
|
||||
config = ''
|
||||
serverinfo {
|
||||
name = "ire.irc.retiolum";
|
||||
sid = "4z3";
|
||||
description = "miep!";
|
||||
network_name = "irc.retiolum";
|
||||
network_desc = "Retiolum IRC Network";
|
||||
hub = yes;
|
||||
|
||||
vhost = "0.0.0.0";
|
||||
vhost6 = "::";
|
||||
|
||||
#ssl_private_key = "etc/ssl.key";
|
||||
#ssl_cert = "etc/ssl.cert";
|
||||
#ssl_dh_params = "etc/dh.pem";
|
||||
#ssld_count = 1;
|
||||
|
||||
default_max_clients = 10000;
|
||||
#nicklen = 30;
|
||||
};
|
||||
|
||||
listen {
|
||||
defer_accept = yes;
|
||||
|
||||
/* If you want to listen on a specific IP only, specify host.
|
||||
* host definitions apply only to the following port line.
|
||||
*/
|
||||
host = "0.0.0.0";
|
||||
port = 6667;
|
||||
sslport = 6697;
|
||||
|
||||
/* Listen on IPv6 (if you used host= above). */
|
||||
host = "::";
|
||||
port = 6667;
|
||||
sslport = 9999;
|
||||
};
|
||||
|
||||
class "users" {
|
||||
ping_time = 2 minutes;
|
||||
number_per_ident = 200;
|
||||
number_per_ip = 200;
|
||||
number_per_ip_global = 500;
|
||||
cidr_ipv4_bitlen = 24;
|
||||
cidr_ipv6_bitlen = 64;
|
||||
number_per_cidr = 9000;
|
||||
max_number = 10000;
|
||||
sendq = 400 kbytes;
|
||||
};
|
||||
|
||||
exempt {
|
||||
ip = "127.0.0.1";
|
||||
};
|
||||
|
||||
auth {
|
||||
user = "*@*";
|
||||
class = "users";
|
||||
flags = exceed_limit;
|
||||
};
|
||||
|
||||
channel {
|
||||
use_invex = yes;
|
||||
use_except = yes;
|
||||
use_forward = yes;
|
||||
use_knock = yes;
|
||||
knock_delay = 5 minutes;
|
||||
knock_delay_channel = 1 minute;
|
||||
max_chans_per_user = 15;
|
||||
max_bans = 100;
|
||||
max_bans_large = 500;
|
||||
default_split_user_count = 0;
|
||||
default_split_server_count = 0;
|
||||
no_create_on_split = no;
|
||||
no_join_on_split = no;
|
||||
burst_topicwho = yes;
|
||||
kick_on_split_riding = no;
|
||||
only_ascii_channels = no;
|
||||
resv_forcepart = yes;
|
||||
channel_target_change = yes;
|
||||
disable_local_channels = no;
|
||||
};
|
||||
'';
|
||||
};
|
||||
}
|
87
2configs/lass/mors/repos.nix
Normal file
87
2configs/lass/mors/repos.nix
Normal file
|
@ -0,0 +1,87 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../lass/gitolite-base.nix
|
||||
../common/krebs-keys.nix
|
||||
../common/krebs-repos.nix
|
||||
];
|
||||
|
||||
services.gitolite = {
|
||||
repos = {
|
||||
|
||||
config = {
|
||||
users = {
|
||||
lass = "RW+";
|
||||
uriel = "R";
|
||||
tv = "R";
|
||||
};
|
||||
extraConfig = "option hook.post-receive = irc-announce";
|
||||
};
|
||||
|
||||
pass = {
|
||||
users = {
|
||||
lass = "RW+";
|
||||
uriel = "R";
|
||||
};
|
||||
};
|
||||
|
||||
load-env = {
|
||||
users = {
|
||||
lass = "RW+";
|
||||
uriel = "R";
|
||||
tv = "R";
|
||||
};
|
||||
extraConfig = "option hook.post-receive = irc-announce";
|
||||
};
|
||||
|
||||
emse-drywall = {
|
||||
users = {
|
||||
lass = "RW+";
|
||||
uriel = "R";
|
||||
tv = "R";
|
||||
};
|
||||
extraConfig = "option hook.post-receive = irc-announce";
|
||||
};
|
||||
|
||||
emse-hsdb = {
|
||||
users = {
|
||||
lass = "RW+";
|
||||
uriel = "R";
|
||||
tv = "R";
|
||||
};
|
||||
extraConfig = "option hook.post-receive = irc-announce";
|
||||
};
|
||||
|
||||
brain = {
|
||||
users = {
|
||||
lass = "RW+";
|
||||
};
|
||||
extraConfig = "option hook.post-receive = irc-announce";
|
||||
#hooks.post-receive = irc-announce;
|
||||
};
|
||||
|
||||
painload = {
|
||||
users = {
|
||||
lass = "RW+";
|
||||
};
|
||||
extraConfig = "option hook.post-receive = irc-announce";
|
||||
};
|
||||
|
||||
services = {
|
||||
users = {
|
||||
lass = "RW+";
|
||||
};
|
||||
extraConfig = "option hook.post-receive = irc-announce";
|
||||
};
|
||||
|
||||
xmonad-config = {
|
||||
users = {
|
||||
lass = "RW+";
|
||||
uriel = "R";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
}
|
21
2configs/lass/mors/retiolum.nix
Normal file
21
2configs/lass/mors/retiolum.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../tv/retiolum
|
||||
];
|
||||
|
||||
tv.retiolum = {
|
||||
enable = true;
|
||||
hosts = <retiolum-hosts>;
|
||||
privateKeyFile = "/etc/nixos/secrets/mors.retiolum.rsa_key.priv";
|
||||
connectTo = [
|
||||
"fastpoke"
|
||||
"gum"
|
||||
"ire"
|
||||
];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 655 ];
|
||||
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||
}
|
10
2configs/lass/pass.nix
Normal file
10
2configs/lass/pass.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
pass
|
||||
gnupg1
|
||||
];
|
||||
|
||||
services.xserver.startGnuPGAgent = true;
|
||||
}
|
24
2configs/lass/programs.nix
Normal file
24
2configs/lass/programs.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
## TODO sort and split up
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
aria2
|
||||
gnupg1compat
|
||||
htop
|
||||
i3lock
|
||||
mc
|
||||
mosh
|
||||
mpv
|
||||
pass
|
||||
pavucontrol
|
||||
pv
|
||||
pwgen
|
||||
python34Packages.livestreamer
|
||||
remmina
|
||||
silver-searcher
|
||||
wget
|
||||
xsel
|
||||
youtube-dl
|
||||
];
|
||||
}
|
11
2configs/lass/sshkeys.nix
Normal file
11
2configs/lass/sshkeys.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../3modules/lass/sshkeys.nix
|
||||
];
|
||||
|
||||
config.sshKeys.lass.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
|
||||
|
||||
config.sshKeys.uriel.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
|
||||
}
|
29
2configs/lass/steam.nix
Normal file
29
2configs/lass/steam.nix
Normal file
|
@ -0,0 +1,29 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
imports = [
|
||||
./games.nix
|
||||
];
|
||||
#
|
||||
# Steam stuff
|
||||
# source: https://nixos.org/wiki/Talk:Steam
|
||||
#
|
||||
##TODO: make steam module
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
steam
|
||||
];
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [
|
||||
27031
|
||||
27036
|
||||
];
|
||||
allowedTCPPorts = [
|
||||
27036
|
||||
27037
|
||||
];
|
||||
};
|
||||
|
||||
}
|
7
2configs/lass/texlive.nix
Normal file
7
2configs/lass/texlive.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
(pkgs.texLiveAggregationFun { paths = [ pkgs.texLive pkgs.texLiveFull ]; })
|
||||
];
|
||||
}
|
40
2configs/lass/urxvt.nix
Normal file
40
2configs/lass/urxvt.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (config.users.extraUsers) mainUser;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../3modules/lass/urxvtd.nix
|
||||
../../3modules/lass/xresources.nix
|
||||
];
|
||||
|
||||
services.urxvtd = {
|
||||
enable = true;
|
||||
users = [ mainUser.name ];
|
||||
urxvtPackage = pkgs.rxvt_unicode_with-plugins;
|
||||
};
|
||||
services.xresources.enable = true;
|
||||
services.xresources.resources.urxvt = ''
|
||||
URxvt*scrollBar: false
|
||||
URxvt*urgentOnBell: true
|
||||
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
|
||||
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
|
||||
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
|
||||
URxvt.url-select.launcher: browser-select
|
||||
URxvt.url-select.underline: true
|
||||
URxvt.keysym.M-u: perl:url-select:select_next
|
||||
URxvt.keysym.M-Escape: perl:keyboard-select:activate
|
||||
URxvt.keysym.M-s: perl:keyboard-select:search
|
||||
|
||||
URxvt.intensityStyles: false
|
||||
|
||||
URxvt*background: #000000
|
||||
URxvt*foreground: #ffffff
|
||||
|
||||
!change unreadable blue
|
||||
URxvt*color4: #268bd2
|
||||
'';
|
||||
}
|
118
2configs/lass/vim.nix
Normal file
118
2configs/lass/vim.nix
Normal file
|
@ -0,0 +1,118 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
customPlugins.mustang2 = pkgs.vimUtils.buildVimPlugin {
|
||||
name = "Mustang2";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "croaker";
|
||||
repo = "mustang-vim";
|
||||
rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
|
||||
sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
|
||||
};
|
||||
};
|
||||
|
||||
in {
|
||||
|
||||
environment.systemPackages = [
|
||||
(pkgs.vim_configurable.customize {
|
||||
name = "vim";
|
||||
|
||||
vimrcConfig.customRC = ''
|
||||
set nocompatible
|
||||
set t_Co=16
|
||||
syntax on
|
||||
" TODO autoload colorscheme file
|
||||
set background=dark
|
||||
colorscheme mustang
|
||||
filetype off
|
||||
filetype plugin indent on
|
||||
|
||||
imap <F1> <nop>
|
||||
|
||||
set mouse=a
|
||||
set ruler
|
||||
set showmatch
|
||||
set backspace=2
|
||||
set visualbell
|
||||
set encoding=utf8
|
||||
set showcmd
|
||||
set wildmenu
|
||||
|
||||
set title
|
||||
set titleold=
|
||||
set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
|
||||
|
||||
set autoindent
|
||||
|
||||
set ttyfast
|
||||
|
||||
set pastetoggle=<INS>
|
||||
|
||||
|
||||
" Force Saving Files that Require Root Permission
|
||||
command! W silent w !sudo tee "%" >/dev/null
|
||||
|
||||
nnoremap <C-c> :q<Return>
|
||||
vnoremap < <gv
|
||||
vnoremap > >gv
|
||||
|
||||
nmap <esc>q :buffer
|
||||
|
||||
"Tabwidth
|
||||
set ts=2 sts=2 sw=2 et
|
||||
|
||||
" create Backup/tmp/undo dirs
|
||||
function! InitBackupDir()
|
||||
let l:parent = $HOME . '/.vim/'
|
||||
let l:backup = l:parent . 'backups/'
|
||||
let l:tmpdir = l:parent . 'tmp/'
|
||||
let l:undodi = l:parent . 'undo/'
|
||||
|
||||
if !isdirectory(l:parent)
|
||||
call mkdir(l:parent)
|
||||
endif
|
||||
if !isdirectory(l:backup)
|
||||
call mkdir(l:backup)
|
||||
endif
|
||||
if !isdirectory(l:tmpdir)
|
||||
call mkdir(l:tmpdir)
|
||||
endif
|
||||
if !isdirectory(l:undodi)
|
||||
call mkdir(l:undodi)
|
||||
endif
|
||||
endfunction
|
||||
call InitBackupDir()
|
||||
|
||||
" Backups & Files
|
||||
set backup
|
||||
set backupdir=~/.vim/backups
|
||||
set directory=~/.vim/tmp//
|
||||
set viminfo='20,<1000,s100,h,n~/.vim/tmp/info
|
||||
set undodir=$HOME/.vim/undo
|
||||
set undofile
|
||||
|
||||
" highlight whitespaces
|
||||
highlight ExtraWhitespace ctermbg=red guibg=red
|
||||
match ExtraWhitespace /\s\+$/
|
||||
autocmd BufWinEnter * match ExtraWhitespace /\s\+$/
|
||||
autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@<!$/
|
||||
autocmd InsertLeave * match ExtraWhitespace /\s\+$/
|
||||
autocmd BufWinLeave * call clearmatches()
|
||||
|
||||
"ft specific stuff
|
||||
autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
|
||||
autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
|
||||
|
||||
"esc timeout
|
||||
set timeoutlen=1000 ttimeoutlen=0
|
||||
'';
|
||||
|
||||
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
|
||||
vimrcConfig.vam.pluginDictionaries = [
|
||||
{ names = [ "Gundo" "commentary" "mustang2" ]; }
|
||||
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
||||
];
|
||||
|
||||
})
|
||||
];
|
||||
}
|
22
2configs/lass/virtualbox.nix
Normal file
22
2configs/lass/virtualbox.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
|
||||
in {
|
||||
services.virtualboxHost.enable = true;
|
||||
|
||||
users.extraUsers = {
|
||||
virtual = {
|
||||
name = "virtual";
|
||||
description = "user for running VirtualBox";
|
||||
home = "/home/virtual";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "vboxusers" "audio" ];
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(virtual) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
23
2configs/lass/wine.nix
Normal file
23
2configs/lass/wine.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
|
||||
in {
|
||||
environment.systemPackages = with pkgs; [
|
||||
wineUnstable
|
||||
];
|
||||
users.extraUsers = {
|
||||
wine = {
|
||||
name = "wine";
|
||||
description = "user for running wine";
|
||||
home = "/home/wine";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "audio" ];
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(wine) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
Loading…
Reference in a new issue