diff options
Diffstat (limited to 'lass/2configs')
| -rw-r--r-- | lass/2configs/baseX.nix | 6 | ||||
| -rw-r--r-- | lass/2configs/blue-host.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/blue.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/browsers.nix | 6 | ||||
| -rw-r--r-- | lass/2configs/default.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/exim-smarthost.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/games.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/git.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/mail.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/mouse.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/radio.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/websites/domsen.nix | 8 | ||||
| -rw-r--r-- | lass/2configs/websites/lassulus.nix | 6 | ||||
| -rw-r--r-- | lass/2configs/wiregrill.nix | 44 |
14 files changed, 72 insertions, 14 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index d781f8c7..1b6a1d59 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,7 +9,6 @@ in { ./power-action.nix ./copyq.nix ./urxvt.nix - ./network-manager.nix { hardware.pulseaudio = { enable = true; @@ -65,6 +64,7 @@ in { dic dmenu font-size + fzfmenu gitAndTools.qgit git-preview gnome3.dconf @@ -97,9 +97,9 @@ in { enable = true; layout = "us"; display = mkForce 0; - xkbModel = "evdev"; xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; + xkbOptions = "caps:escape"; + libinput.enable = true; displayManager.lightdm.enable = true; windowManager.default = "xmonad"; windowManager.session = [{ diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 9cf294af..718a92e9 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -7,6 +7,7 @@ let "daedalus" "skynet" "prism" + "littleT" ]; remote_hosts = filter (h: h != config.networking.hostName) all_hosts; diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 4d4a92eb..cdd77e84 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -22,7 +22,9 @@ with (import <stockholm/lib>); krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";} + { predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";} ]; systemd.services.chat = let diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 425e0ee1..d214e224 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -45,7 +45,7 @@ let createFirefoxUser = name: groups: precedence: createUser (pkgs.writeDash name '' - ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + ${pkgs.firefox}/bin/firefox "$@" '') name groups precedence 80; createQuteUser = name: groups: precedence: @@ -89,8 +89,8 @@ in { })); }; } - ( createQuteUser "qb" [ "audio" ] 20 ) - ( createFirefoxUser "ff" [ "audio" ] 10 ) + ( createFirefoxUser "ff" [ "audio" ] 11 ) + ( createQuteUser "qb" [ "audio" ] 10 ) ( createChromiumUser "cr" [ "audio" "video" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) ( createChromiumUser "wk" [ "audio" ] 0 ) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index a4311317..62a42baf 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -10,6 +10,7 @@ with import <stockholm/lib>; ./zsh.nix ./htop.nix ./security-workarounds.nix + ./wiregrill.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 1ee45bb4..1acfe505 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -94,6 +94,7 @@ with import <stockholm/lib>; { from = "osmocom@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; } { from = "nordvpn@lassul.us"; to = lass.mail; } + { from = "csv-direct@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 49602898..62e3f6d5 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -57,6 +57,7 @@ let in { environment.systemPackages = with pkgs; [ + dolphinEmu doom1 doom2 vdoom1 diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 62173e33..7650f429 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -154,7 +154,7 @@ let public = true; }; - make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? false, hooks ? {}, ... }: { + make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? true, hooks ? {}, ... }: { inherit admins collaborators name; public = false; hooks = { diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 36e797a9..21b9d7b4 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -82,7 +82,7 @@ let source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc set pgp_use_gpg_agent = yes set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D - set crypt_autosign = yes + set crypt_autosign = no set crypt_replyencrypt = yes set crypt_verify_sig = yes set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f" diff --git a/lass/2configs/mouse.nix b/lass/2configs/mouse.nix index 098809d6..f5f9319e 100644 --- a/lass/2configs/mouse.nix +++ b/lass/2configs/mouse.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { hardware.trackpoint = { enable = true; @@ -7,6 +7,7 @@ emulateWheel = true; }; + services.xserver.libinput.enable = lib.mkForce false; services.xserver.synaptics = { enable = true; horizEdgeScroll = false; diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 85faded1..987632cd 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -5,7 +5,6 @@ with import <stockholm/lib>; let name = "radio"; mainUser = config.users.extraUsers.mainUser; - inherit (import <stockholm/lib>) genid; admin-password = import <secrets/icecast-admin-pw>; source-password = import <secrets/icecast-source-pw>; @@ -31,7 +30,7 @@ in { "${name}" = rec { inherit name; group = name; - uid = genid name; + uid = genid_uint31 name; description = "radio manager"; home = "/home/${name}"; useDefaultShell = true; diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 4935268a..ce7df4bf 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -126,6 +126,7 @@ in { { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } { from = "akayguen@freemonkey.art"; to ="akayguen"; } { from = "bui@freemonkey.art"; to ="bui"; } + { from = "kontakt@alewis.de"; to ="klabusterbeere"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -204,5 +205,12 @@ in { createHome = true; }; + users.users.klabusterbeere = { + uid = genid_uint31 "klabusterbeere"; + home = "/home/klabusterbeere"; + useDefaultShell = true; + createHome = true; + }; + } diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 6470d86f..17af0d00 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -3,7 +3,7 @@ with lib; let inherit (import <stockholm/lib>) - genid + genid_uint31 ; in { @@ -22,7 +22,7 @@ in { krebs.tinc_graphs.enable = true; users.users.lass-stuff = { - uid = genid "lass-stuff"; + uid = genid_uint31 "lass-stuff"; description = "lassul.us blog cgi stuff"; home = "/var/empty"; }; @@ -124,7 +124,7 @@ in { }; users.users.blog = { - uid = genid "blog"; + uid = genid_uint31 "blog"; description = "lassul.us blog deployment"; home = "/srv/http/lassul.us"; useDefaultShell = true; diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix new file mode 100644 index 00000000..b2ee35df --- /dev/null +++ b/lass/2configs/wiregrill.nix @@ -0,0 +1,44 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: let + + self = config.krebs.build.host.nets.wiregrill; + isRouter = !isNull self.via; + +in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { + #hack for modprobe inside containers + systemd.services."wireguard-wiregrill".path = mkIf config.boot.isContainer (mkBefore [ + (pkgs.writeDashBin "modprobe" ":") + ]); + + boot.kernel.sysctl = mkIf isRouter { + "net.ipv6.conf.all.forwarding" = 1; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [ + { precedence = 1000; predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; } + ]; + + networking.wireguard.interfaces.wiregrill = { + ips = + (optional (!isNull self.ip4) self.ip4.addr) ++ + (optional (!isNull self.ip6) self.ip6.addr); + listenPort = 51820; + privateKeyFile = (toString <secrets>) + "/wiregrill.key"; + allowedIPsAsRoutes = true; + peers = mapAttrsToList + (_: host: { + allowedIPs = if isRouter then + (optional (!isNull host.nets.wiregrill.ip4) host.nets.wiregrill.ip4.addr) ++ + (optional (!isNull host.nets.wiregrill.ip6) host.nets.wiregrill.ip6.addr) + else + host.nets.wiregrill.wireguard.subnets + ; + endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}"); + persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61; + publicKey = host.nets.wiregrill.wireguard.pubkey; + }) + (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts); + }; +} |