summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
authornin <nineinchnade@gmail.com>2017-03-07 16:27:15 +0100
committernin <nineinchnade@gmail.com>2017-03-07 16:27:15 +0100
commit2edd8ca37b5c134b697315fd7ab603807760e6d6 (patch)
tree4fa4df81774907b797d04707028406788d7297e1 /lass/2configs
parent01868340e25ffb05ea8b784c5cdf47c251157dfb (diff)
parentc05db2409061f721ba454f4bf79e635ee13a6f11 (diff)
Merge remote-tracking branch 'prism/newest'
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/baseX.nix18
-rw-r--r--lass/2configs/binary-cache/client.nix10
-rw-r--r--lass/2configs/browsers.nix4
-rw-r--r--lass/2configs/default.nix5
-rw-r--r--lass/2configs/exim-smarthost.nix3
-rw-r--r--lass/2configs/games.nix1
-rw-r--r--lass/2configs/git.nix1
-rw-r--r--lass/2configs/hfos.nix1
-rw-r--r--lass/2configs/livestream.nix12
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/programs.nix1
-rw-r--r--lass/2configs/security-workarounds.nix8
-rw-r--r--lass/2configs/termite.nix22
-rw-r--r--lass/2configs/vim.nix1
-rw-r--r--lass/2configs/websites/util.nix7
-rw-r--r--lass/2configs/xresources.nix55
16 files changed, 133 insertions, 18 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 539fdc875..275b93f26 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -8,6 +8,8 @@ in {
./power-action.nix
./screenlock.nix
./copyq.nix
+ ./xresources.nix
+ ./livestream.nix
{
hardware.pulseaudio = {
enable = true;
@@ -32,15 +34,15 @@ in {
programs.ssh.startAgent = false;
- security.setuidPrograms = [ "slock" ];
-
services.printing = {
enable = true;
- drivers = [ pkgs.foomatic_filters ];
+ drivers = [
+ pkgs.foomatic_filters
+ pkgs.gutenprint
+ ];
};
environment.systemPackages = with pkgs; [
-
acpi
dic
dmenu
@@ -76,7 +78,13 @@ in {
enable = true;
desktopManager.xterm.enable = false;
- displayManager.slim.enable = true;
+ desktopManager.default = "none";
+ displayManager.lightdm.enable = true;
+ displayManager.lightdm.autoLogin = {
+ enable = true;
+ user = "lass";
+ };
+ windowManager.default = "xmonad";
windowManager.session = [{
name = "xmonad";
start = ''
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
index 108ff7a1e..9dba5fbfb 100644
--- a/lass/2configs/binary-cache/client.nix
+++ b/lass/2configs/binary-cache/client.nix
@@ -2,8 +2,14 @@
{
nix = {
- binaryCaches = ["http://cache.prism.r"];
- binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
+ binaryCaches = [
+ "http://cache.prism.r"
+ "https://cache.nixos.org/"
+ ];
+ binaryCachePublicKeys = [
+ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+ ];
};
}
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 88ee70802..6c381863c 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -20,7 +20,7 @@ let
createChromiumUser = name: extraGroups:
let
bin = pkgs.writeScriptBin name ''
- /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
+ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
'';
in {
users.extraUsers.${name} = {
@@ -43,7 +43,7 @@ let
createFirefoxUser = name: extraGroups:
let
bin = pkgs.writeScriptBin name ''
- /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
+ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
'';
in {
users.extraUsers.${name} = {
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 8100a433f..3e7881fb4 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -1,5 +1,4 @@
-{ config, lib, pkgs, ... }:
-
+{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
@@ -11,6 +10,7 @@ with import <stockholm/lib>;
../2configs/vim.nix
../2configs/monitoring/client.nix
./backups.nix
+ ./security-workarounds.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
@@ -135,6 +135,7 @@ with import <stockholm/lib>;
#neat utils
krebspaste
+ mosh
pciutils
pop
psmisc
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index d120dfcad..3353cdac0 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -8,11 +8,12 @@ with import <stockholm/lib>;
dkim = [
{ domain = "lassul.us"; }
];
+ primary_hostname = "lassul.us";
sender_domains = [
"lassul.us"
"aidsballs.de"
];
- relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
config.krebs.hosts.helios
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 58051560a..d114a826d 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -84,5 +84,6 @@ in {
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 10666"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 10666"; target = "ACCEPT"; }
];
}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index bdd65ce09..3e1b2c6e3 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -5,6 +5,7 @@ with import <stockholm/lib>;
let
out = {
+ services.nginx.enable = true;
krebs.git = {
enable = true;
cgit = {
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix
index dcd50dd7b..a28a6a5d2 100644
--- a/lass/2configs/hfos.nix
+++ b/lass/2configs/hfos.nix
@@ -8,7 +8,6 @@ with import <stockholm/lib>;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
- config.krebs.users.lass.pubkey
];
};
diff --git a/lass/2configs/livestream.nix b/lass/2configs/livestream.nix
new file mode 100644
index 000000000..c877a8c0a
--- /dev/null
+++ b/lass/2configs/livestream.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+let
+
+ stream = pkgs.writeDashBin "stream" ''
+ ${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@"
+ '';
+
+in {
+ environment.systemPackages = [ stream ];
+}
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index ad39848b6..9c3eafffd 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "6651c72";
+ ref = "5b0c9d4";
};
}
diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix
index 6cf23deaf..241d263f8 100644
--- a/lass/2configs/programs.nix
+++ b/lass/2configs/programs.nix
@@ -12,7 +12,6 @@
pavucontrol
pv
pwgen
- python34Packages.livestreamer
remmina
silver-searcher
wget
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
new file mode 100644
index 000000000..537c8a59b
--- /dev/null
+++ b/lass/2configs/security-workarounds.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ # http://seclists.org/oss-sec/2017/q1/471
+ boot.extraModprobeConfig = ''
+ install dccp /run/current-system/sw/bin/false
+ '';
+}
diff --git a/lass/2configs/termite.nix b/lass/2configs/termite.nix
new file mode 100644
index 000000000..245b89e9c
--- /dev/null
+++ b/lass/2configs/termite.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ environment.systemPackages = [
+ pkgs.termite
+ ];
+
+ krebs.per-user.lass.packages = let
+ termitecfg = pkgs.writeTextFile {
+ name = "termite-config";
+ destination = "/etc/xdg/termite/config";
+ text = ''
+ [colors]
+ foreground = #d0d7d0
+ background = #000000
+ '';
+ };
+ in [
+ termitecfg
+ ];
+}
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index 4d6dfe366..4e0af0dc7 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -66,6 +66,7 @@ let
"Syntastic config
let g:syntastic_python_checkers=['flake8']
+ let g:syntastic_python_flake8_post_args='--ignore=E501'
nmap <esc>q :buffer
nmap <M-q> :buffer
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index d596e9db9..6d14de731 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -32,6 +32,7 @@ rec {
let
domain = head domains;
in {
+ services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
enableSSL = true;
@@ -181,10 +182,10 @@ rec {
user = nginx
group = nginx
pm = dynamic
- pm.max_children = 5
- pm.start_servers = 2
+ pm.max_children = 15
+ pm.start_servers = 3
pm.min_spare_servers = 1
- pm.max_spare_servers = 3
+ pm.max_spare_servers = 10
listen.owner = nginx
listen.group = nginx
php_admin_value[error_log] = 'stderr'
diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix
new file mode 100644
index 000000000..35dbe2044
--- /dev/null
+++ b/lass/2configs/xresources.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+
+ xresources = pkgs.writeText "Xresources" ''
+ URxvt*scrollBar: false
+ URxvt*urgentOnBell: true
+ URxvt*SaveLines: 4096
+ URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
+ URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
+
+ ! ref https://github.com/muennich/urxvt-perls
+ URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
+ URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
+ URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
+ URxvt.url-select.underline: true
+ URxvt.keysym.M-u: perl:url-select:select_next
+ URxvt.keysym.M-Escape: perl:keyboard-select:activate
+ URxvt.keysym.M-s: perl:keyboard-select:search
+
+ URxvt.intensityStyles: false
+
+ URxvt*background: #000000
+ URxvt*foreground: #d0d7d0
+
+ URxvt*cursorColor: #f042b0
+ URxvt*cursorColor2: #f0b000
+ URxvt*cursorBlink: off
+
+ URxvt*.pointerBlank: true
+ URxvt*.pointerBlankDelay: 987654321
+ URxvt*.pointerColor: #f042b0
+ URxvt*.pointerColor2: #050505
+ '';
+
+in {
+ systemd.user.services.xresources = {
+ description = "xresources";
+ wantedBy = [ "default.target" ];
+
+ environment = {
+ DISPLAY = ":0";
+ };
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
+ Restart = "on-failure";
+ };
+ };
+}