diff options
author | makefu <github@syntax-fehler.de> | 2015-09-23 11:57:27 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2015-09-23 11:57:27 +0200 |
commit | b88363ce1a4ecc420f2c7684c9c74949cd2b5db4 (patch) | |
tree | 2da33dd2e421d498b3172e46234242e1c76370a1 | |
parent | bb0ec5e74b6ca0737bc49408f00f8918710872a6 (diff) | |
parent | e3222a7e7096d155da507ef41bbb2002ff4aed89 (diff) |
Merge remote-tracking branch 'cloudkrebs/master' into pre-merge
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | krebs/3modules/default.nix | 164 | ||||
-rw-r--r-- | krebs/4lib/infest/1prepare | 74 | ||||
-rw-r--r-- | krebs/4lib/infest/2install-nix | 57 | ||||
-rw-r--r-- | krebs/4lib/infest/3install-nix-tools | 9 | ||||
-rw-r--r-- | krebs/4lib/infest/4finalize | 65 | ||||
-rw-r--r-- | krebs/4lib/types.nix | 2 | ||||
-rw-r--r-- | krebs/5pkgs/cac/default.nix | 3 | ||||
-rw-r--r-- | krebs/Zhosts/echelon | 12 | ||||
-rw-r--r-- | krebs/Zhosts/xu | 13 | ||||
-rw-r--r-- | lass/1systems/echelon.nix | 45 | ||||
-rw-r--r-- | lass/1systems/mors.nix | 1 | ||||
-rw-r--r-- | lass/1systems/uriel.nix | 2 | ||||
-rw-r--r-- | lass/2configs/base.nix | 11 | ||||
-rw-r--r-- | lass/2configs/browsers.nix | 43 | ||||
-rw-r--r-- | lass/2configs/chromium-patched.nix | 16 | ||||
-rw-r--r-- | lass/2configs/desktop-base.nix | 1 | ||||
-rw-r--r-- | lass/2configs/retiolum.nix | 2 | ||||
-rw-r--r-- | lass/2configs/steam.nix | 19 | ||||
-rw-r--r-- | lass/2configs/virtualbox.nix | 1 | ||||
-rw-r--r-- | lass/2configs/zsh.nix | 126 | ||||
-rw-r--r-- | lass/4lib/default.nix | 4 | ||||
-rw-r--r-- | lass/5pkgs/default.nix | 2 |
23 files changed, 640 insertions, 36 deletions
@@ -21,6 +21,10 @@ else ifdef system deploy:;@ make eval system=$(system) get=config.krebs.build.script filter=json | sh +.PHONY: infest +infest:;@ + make eval system=$(system) get=config.krebs.build.infest filter=json | sh + .PHONY: eval eval: @ diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 140045b93..0ffdec5f8 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -59,8 +59,6 @@ let --exclude .graveyard \ --exclude old \ --rsync-path="mkdir -p \"$2\" && rsync" \ - --usermap=\*:0 \ - --groupmap=\*:0 \ --delete-excluded \ -vrLptgoD \ "$src" "$dst" @@ -123,6 +121,112 @@ let exec "$profile"/bin/switch-to-configuration switch EOF + + ''; + }; + infest = mkOption { + type = types.str; + default = '' + #! /bin/sh + set -efux + + target=${escapeShellArg cfg.build.target} + + push(){( + src=$1/ + dst=$target:/mnt$2 + rsync \ + --exclude .git \ + --exclude .graveyard \ + --exclude old \ + --rsync-path="mkdir -p \"/mnt$2\" && rsync" \ + --delete-excluded \ + -vrLptgoD \ + "$src" "$dst" + )} + + cat krebs/4lib/infest/1prepare | ssh "$target" + cat krebs/4lib/infest/2install-nix | ssh "$target" + + ${concatStrings (mapAttrsToList (name: { url, rev, ... }: + optionalString (rev == null) '' + push ${toString (map escapeShellArg [ + "${url}" + "/root/src/${name}" + ])} + '') config.deps)} + + ssh -S none "$target" /bin/sh <<\EOF + set -efux + + fetch(){( + url=$1 + rev=$2 + dst=$3 + mkdir -p "$dst" + cd "$dst" + if ! test -e .git; then + git init + fi + if ! cur_url=$(git config remote.origin.url 2>/dev/null); then + git remote add origin "$url" + elif test "$cur_url" != "$url"; then + git remote set-url origin "$url" + fi + if test "$(git rev-parse --verify HEAD 2>/dev/null)" != "$rev"; then + git fetch origin + git checkout "$rev" -- . + git checkout -q "$rev" + git submodule init + git submodule update + fi + git clean -dxf + )} + + ${concatStrings (mapAttrsToList (name: { url, rev, ... }: + optionalString (rev != null) '' + fetch ${toString (map escapeShellArg [ + url + rev + "/mnt/root/src/${name}" + ])} + '') config.deps)} + + export PATH=/root/.nix-profile/bin:/root/.nix-profile/sbin:$PATH + + sed < "$(type -p nixos-install)" > nixos-install ' + /^echo "building the system configuration..."/,/--set -A system/{ + s/.*/# &/ + s@.*--set -A system.*@&\n${concatStringsSep " " [ + "NIX_PATH=/mnt/root/src/" + "nix-env" + "-Q" + "-p /nix/var/nix/profiles/system" + "-f \"<stockholm>\"" + "--set" + "-A system" + "--argstr user-name ${escapeShellArg cfg.build.user.name}" + "--argstr system-name ${escapeShellArg cfg.build.host.name}" + ]}@ + } + ' + + sed -i 's/^nixpkgs=.*$/#&/' nixos-install + + + chmod +x nixos-install + + echo {} > /root/dummy.nix + + echo build system... + profile=/nix/var/nix/profiles/system + NIXOS_CONFIG=/root/dummy.nix \ + ./nixos-install -I /root/src/ + #nl -bp nixos-install + + EOF + + cat krebs/4lib/infest/4finalize | ssh "$target" ''; }; host = mkOption { @@ -219,6 +323,37 @@ let lass-imp = { hosts = addNames { + echelon = { + cores = 4; + dc = "lass"; #dc = "cac"; + nets = rec { + internet = { + addrs4 = ["162.248.8.63"]; + aliases = [ + "echelon.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.206.103"]; + addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"]; + aliases = [ + "echelon.retiolum" + "cgit.echelon.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA92ybhDahtGybpAkUNlG5Elxw05MVY4Pg7yK0dQugB4nVq+pnmi78 + DOMeIciecMHmJM8n9UlUU0eWZVCgHeVd23d6J0hTHCv24p24uHEGGy7XlO/dPJ6A + IjROYU0l8c03pipdJ3cDBx6riArSglwmZJ7xH/Iw0BUhRZrPqbtijY7EcG2wc+8K + N9N9mBofVMl4EcBiDR/eecK+ro8OkeOmYPtYgFJLvxTYXiPIhOxMAlkOY2fpin/t + cgFLUFuN4ag751XjjcNpVovVq95vdg+VhKrrNVWZjJt03owW81BzoryY6CD2kIPq + UxK89zEdeYOUT7AxaT/5V5v41IvGFZxCzwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; cloudkrebs = { cores = 1; dc = "lass"; #dc = "cac"; @@ -683,6 +818,31 @@ let }; secure = true; }; + xu = { + cores = 4; + # TODO xu is mobile, so dc means "home data center" + dc = "tv"; #dc = "gg23"; + nets = { + retiolum = { + addrs4 = ["10.243.13.38"]; + addrs6 = ["42:0:0:0:0:0:0:1338"]; + aliases = [ + "xu.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAl3l7IWbfbkVgaJFM3s9g2UCh2rmqoTba16Of7NNWMj05L/hIkUsQ + uc43/QzidWh/4gEaq5MQ7JpLyzVBQYRJkNlPRF/Z07KdLBskAZCjDYdYue9BrziX + 8s2Irs2+FNbCK2LqtrPhbcXQJvixsk6vjl2OBpWTDUcDEsk+D1YQilxdtyUzCUkw + mmRo/mzNsLZsYlSgZ6El/ZLkRdtexAzGxJ0DrukpDR0uqXXkp7jUaxRCZ+Cwanvj + 4I1Hu5aHzWB7KJ1SIvpX3a4f+mun1gh3TPqWP5PUqJok1PSuScz6P2UGaLZZyH63 + 4o+9nGJPuzb9bpMVRaVGtKXd39jwY7mbqwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + }; }; users = addNames { mv = { diff --git a/krebs/4lib/infest/1prepare b/krebs/4lib/infest/1prepare new file mode 100644 index 000000000..07c00c3a5 --- /dev/null +++ b/krebs/4lib/infest/1prepare @@ -0,0 +1,74 @@ +#! /bin/sh +set -efu + +prepare() {( + if test -e /etc/os-release; then + . /etc/os-release + case $ID in + centos) + case $VERSION_ID in + 7) + prepare_centos7 "$@" + exit + ;; + esac + ;; + esac + fi + echo "$0 prepare: unknown OS" >&2 + exit -1 +)} + +prepare_centos7() { + type bzip2 2>/dev/null || yum install -y bzip2 + type git 2>/dev/null || yum install -y git + type rsync 2>/dev/null || yum install -y rsync + if ! getent group nixbld >/dev/null; then + groupadd -g 30000 -r nixbld + fi + for i in `seq 1 10`; do + if ! getent passwd nixbld$i 2>/dev/null; then + useradd \ + -c "CentOS Nix build user $i" \ + -d /var/empty \ + -g 30000 \ + -G 30000 \ + -l \ + -M \ + -s /sbin/nologin \ + -u $(expr 30000 + $i) \ + nixbld$i + rm -f /var/spool/mail/nixbld$i + fi + done + + # + # mount install directory + # + + if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt type xfs'; then + mkdir -p /newshit + mount --bind /newshit /mnt + fi + + if ! mount | grep -Fq '/dev/sda1 on /mnt/boot type xfs'; then + mkdir -p /mnt/boot + mount /dev/sda1 /mnt/boot + fi + + mount | grep 'on /mnt\>' >&2 + + # + # prepare install directory + # + + mkdir -p /mnt/etc/nixos + mkdir -m 0555 -p /mnt/var/empty + + if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/root type xfs'; then + mkdir -p /mnt/root + mount --bind /root /mnt/root + fi +} + +prepare "$@" diff --git a/krebs/4lib/infest/2install-nix b/krebs/4lib/infest/2install-nix new file mode 100644 index 000000000..3021c1143 --- /dev/null +++ b/krebs/4lib/infest/2install-nix @@ -0,0 +1,57 @@ +#! /bin/sh +set -efu + +nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2 +nix_sha256="504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4" + +install-nix() {( + + # install nix on host (cf. https://nixos.org/nix/install) + if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then + ( + verify() { + printf '%s %s\n' $nix_sha256 $(basename $nix_url) | sha256sum -c + } + if ! verify; then + curl -C - -O "$nix_url" + verify + fi + ) + nix_src_dir=$(basename $nix_url .tar.bz2) + tar jxf $nix_src_dir.tar.bz2 + mkdir -v -m 0755 -p /nix + $nix_src_dir/install + fi + + #TODO: make this general or move to 1prepare + if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then + mkdir -p /mnt/nix + mount --bind /nix /mnt/nix + fi + + . /root/.nix-profile/etc/profile.d/nix.sh + + for i in \ + bash \ + coreutils \ + # This line intentionally left blank. + do + if ! nix-env -q $i | grep -q .; then + nix-env -iA nixpkgs.pkgs.$i + fi + done + + # install nixos-install + if ! type nixos-install 2>/dev/null; then + nixpkgs_expr='import <nixpkgs> { system = builtins.currentSystem; }' + nixpkgs_path=$(find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d) + nix-env \ + --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \ + --arg pkgs "$nixpkgs_expr" \ + --arg modulesPath 'throw "no modulesPath"' \ + -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \ + -iA config.system.build.nixos-install + fi +)} + +install-nix "$@" diff --git a/krebs/4lib/infest/3install-nix-tools b/krebs/4lib/infest/3install-nix-tools new file mode 100644 index 000000000..59fa6f14a --- /dev/null +++ b/krebs/4lib/infest/3install-nix-tools @@ -0,0 +1,9 @@ +#! /bin/sh +set -efu + +install-nix-tools() {( + + +)} + +install-nix-tools "$@" diff --git a/krebs/4lib/infest/4finalize b/krebs/4lib/infest/4finalize new file mode 100644 index 000000000..d095fa31b --- /dev/null +++ b/krebs/4lib/infest/4finalize @@ -0,0 +1,65 @@ +#! /bin/sh +set -eux +{ + umount /mnt/nix || [ $? -eq 32 ] + umount /mnt/boot || [ $? -eq 32 ] + umount /mnt/root || [ $? -eq 32 ] + umount /mnt || [ $? -eq 32 ] + umount /boot || [ $? -eq 32 ] + + PATH=$(for i in /nix/store/*coreutils*/bin; do :; done; echo $i) + export PATH + + mkdir /oldshit + + mv /bin /oldshit/ + mv /newshit/bin / + + # TODO ensure /boot is empty + rmdir /newshit/boot + + # skip /dev + rmdir /newshit/dev + + mv /etc /oldshit/ + mv /newshit/etc / + + # skip /nix (it's already there) + rmdir /newshit/nix + + # skip /proc + rmdir /newshit/proc + + # skip /run + rmdir /newshit/run + + # skip /sys + rmdir /newshit/sys + + # skip /root + rmdir /newshit/root + + # skip /tmp + # TODO rmdir /newshit/tmp + + mv /home /oldshit/ + mv /newshit/home / + + mv /usr /oldshit/ + mv /newshit/usr / + + mv /var /oldshit/ + mv /newshit/var / + + mv /lib /oldshit/ + mv /lib64 /oldshit/ + mv /sbin /oldshit/ + mv /srv /oldshit/ + mv /opt /oldshit/ + + + mv /newshit /root/ # TODO this one shoult be empty + mv /oldshit /root/ + + sync +} diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 4e123e723..f6b4bd8b1 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -67,7 +67,7 @@ types // rec { options = { config = mkOption { type = str; - apply = _: '' + default = '' ${optionalString (net-config.via != null) (concatMapStringsSep "\n" (a: "Address = ${a}") net-config.via.addrs)} ${concatMapStringsSep "\n" (a: "Subnet = ${a}") net-config.addrs} diff --git a/krebs/5pkgs/cac/default.nix b/krebs/5pkgs/cac/default.nix index eff523048..838eddd2f 100644 --- a/krebs/5pkgs/cac/default.nix +++ b/krebs/5pkgs/cac/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, coreutils, curl, gnused, jq, ncurses, sshpass, ... }: +{ stdenv, fetchgit, coreutils, curl, gnused, inotifyTools, jq, ncurses, sshpass, ... }: stdenv.mkDerivation { name = "cac"; @@ -20,6 +20,7 @@ stdenv.mkDerivation { coreutils curl gnused + inotifyTools jq ncurses sshpass diff --git a/krebs/Zhosts/echelon b/krebs/Zhosts/echelon new file mode 100644 index 000000000..9d1c324fd --- /dev/null +++ b/krebs/Zhosts/echelon @@ -0,0 +1,12 @@ +Address = 168.235.156.81 +Subnet = 10.243.206.103 +Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f763 + +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA92ybhDahtGybpAkUNlG5Elxw05MVY4Pg7yK0dQugB4nVq+pnmi78 +DOMeIciecMHmJM8n9UlUU0eWZVCgHeVd23d6J0hTHCv24p24uHEGGy7XlO/dPJ6A +IjROYU0l8c03pipdJ3cDBx6riArSglwmZJ7xH/Iw0BUhRZrPqbtijY7EcG2wc+8K +N9N9mBofVMl4EcBiDR/eecK+ro8OkeOmYPtYgFJLvxTYXiPIhOxMAlkOY2fpin/t +cgFLUFuN4ag751XjjcNpVovVq95vdg+VhKrrNVWZjJt03owW81BzoryY6CD2kIPq +UxK89zEdeYOUT7AxaT/5V5v41IvGFZxCzwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/Zhosts/xu b/krebs/Zhosts/xu new file mode 100644 index 000000000..688e4a340 --- /dev/null +++ b/krebs/Zhosts/xu @@ -0,0 +1,13 @@ + +Subnet = 10.243.13.38 +Subnet = 42:0:0:0:0:0:0:1338 +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAl3l7IWbfbkVgaJFM3s9g2UCh2rmqoTba16Of7NNWMj05L/hIkUsQ +uc43/QzidWh/4gEaq5MQ7JpLyzVBQYRJkNlPRF/Z07KdLBskAZCjDYdYue9BrziX +8s2Irs2+FNbCK2LqtrPhbcXQJvixsk6vjl2OBpWTDUcDEsk+D1YQilxdtyUzCUkw +mmRo/mzNsLZsYlSgZ6El/ZLkRdtexAzGxJ0DrukpDR0uqXXkp7jUaxRCZ+Cwanvj +4I1Hu5aHzWB7KJ1SIvpX3a4f+mun1gh3TPqWP5PUqJok1PSuScz6P2UGaLZZyH63 +4o+9nGJPuzb9bpMVRaVGtKXd39jwY7mbqwIDAQAB +-----END RSA PUBLIC KEY----- + + diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix new file mode 100644 index 000000000..92976366f --- /dev/null +++ b/lass/1systems/echelon.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; + inherit (lib) head; + + ip = (head config.krebs.hosts.echelon.nets.internet.addrs4); +in { + imports = [ + ../../tv/2configs/CAC-Developer-2.nix + ../../tv/2configs/CAC-CentOS-7-64bit.nix + ../2configs/base.nix + ../2configs/retiolum.nix + { + networking.interfaces.enp2s1.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = getDefaultGateway ip; + networking.nameservers = [ + "8.8.8.8" + ]; + + } + ]; + + krebs.build = { + user = config.krebs.users.lass; + target = "root@${ip}"; + host = config.krebs.hosts.echelon; + deps = { + secrets = { + url = "/home/lass/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; + }; + + networking.hostName = "echelon"; + +} diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index d07fe14d9..4724fd3e3 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -171,6 +171,7 @@ }; environment.systemPackages = with pkgs; [ + cac ]; #TODO: fix this shit diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 7c3d08123..bb98975e4 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -16,7 +16,7 @@ with builtins; users.extraUsers = { root = { openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/uriel.ssh.pub + ../../krebs/Zpubkeys/uriel.ssh.pub ]; }; }; diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index d44a19c1e..6774845c0 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -5,6 +5,7 @@ with lib; imports = [ ../3modules/iptables.nix ../2configs/vim.nix + ../2configs/zsh.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) @@ -14,7 +15,7 @@ with lib; users.extraUsers = { root = { openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/lass.ssh.pub + ../../krebs/Zpubkeys/lass.ssh.pub ]; }; mainUser = { @@ -29,7 +30,7 @@ with lib; "wheel" ]; openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/lass.ssh.pub + ../../krebs/Zpubkeys/lass.ssh.pub ]; }; }; @@ -42,7 +43,7 @@ with lib; exim-retiolum.enable = true; build.deps.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "58a82ff50b8605b88a8f66481d8c85bf8ab53be3"; + rev = "e74d0e7ff83c16846a81e1173543f180ad565076"; }; }; @@ -147,4 +148,8 @@ with lib; }; }; + networking.dhcpcd.extraConfig = '' + noipv4ll + ''; + } diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 9849c829a..4fe06b729 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -4,7 +4,7 @@ let inherit (import ../4lib { inherit pkgs lib; }) simpleScript; mainUser = config.users.extraUsers.mainUser; - createBrowserUser = name: extraGroups: packages: + createChromiumUser = name: extraGroups: packages: { users.extraUsers = { ${name} = { @@ -26,16 +26,47 @@ let ]; }; + createFirefoxUser = name: extraGroups: packages: + { + users.extraUsers = { + ${name} = { + inherit name; + inherit extraGroups; + home = "/home/${name}"; + useDefaultShell = true; + createHome = true; + }; + }; + lass.per-user.${name}.packages = packages; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(${name}) NOPASSWD: ALL + ''; + environment.systemPackages = [ + (simpleScript name '' + sudo -u ${name} -i firefox $@ + '') + ]; + }; + + #TODO: abstract this + in { + environment.systemPackages = [ + (simpleScript "browser-select" '' + BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu) + $BROWSER $@ + '') + ]; + imports = [ ../3modules/per-user.nix ] ++ [ - ( createBrowserUser "ff" [ "audio" ] [ pkgs.firefox ] ) - ( createBrowserUser "cr" [ "audio" ] [ pkgs.chromium ] ) - ( createBrowserUser "fb" [ ] [ pkgs.chromium ] ) - ( createBrowserUser "gm" [ ] [ pkgs.chromium ] ) - ( createBrowserUser "flash" [ ] [ pkgs.flash ] ) + ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] ) + ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) + ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) + ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) + ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) ]; nixpkgs.config.packageOverrides = pkgs : { diff --git a/lass/2configs/chromium-patched.nix b/lass/2configs/chromium-patched.nix index 715181778..d9d7760dd 100644 --- a/lass/2configs/chromium-patched.nix +++ b/lass/2configs/chromium-patched.nix @@ -37,12 +37,12 @@ let in { environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy; - environment.systemPackages = [ - #pkgs.chromium - (pkgs.lib.overrideDerivation pkgs.chromium (attrs: { - buildCommand = attrs.buildCommand + '' - touch $out/TEST123 - ''; - })) - ]; + #environment.systemPackages = [ + # #pkgs.chromium + # (pkgs.lib.overrideDerivation pkgs.chromium (attrs: { + # buildCommand = attrs.buildCommand + '' + # touch $out/TEST123 + # ''; + # })) + #]; } diff --git a/lass/2configs/desktop-base.nix b/lass/2configs/desktop-base.nix index 9b98e4a8b..52c29d7e8 100644 --- a/lass/2configs/desktop-base.nix +++ b/lass/2configs/desktop-base.nix @@ -58,6 +58,7 @@ in { layout = "us"; xkbModel = "evdev"; xkbVariant = "altgr-intl"; + xkbOptions = "caps:backspace"; }; } diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 7c7f2b4d4..17cd1d822 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -17,7 +17,7 @@ krebs.retiolum = { enable = true; - hosts = ../../Zhosts; + hosts = ../../krebs/Zhosts; connectTo = [ "fastpoke" "cloudkrebs" diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index 7d088fc6a..bd895e156 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -16,15 +16,14 @@ environment.systemPackages = with pkgs; [ steam ]; - networking.firewall = { - allowedUDPPorts = [ - 27031 - 27036 - ]; - allowedTCPPorts = [ - 27036 - 27037 - ]; + lass.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport 27031"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 27036"; target = "ACCEPT"; } + { predicate = "-p udp --dport 27031"; target = "ACCEPT"; } + { predicate = "-p udp --dport 27036"; target = "ACCEPT"; } + ]; + }; }; - } diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index ad7ac1429..9769cd68d 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -4,7 +4,6 @@ let mainUser = config.users.extraUsers.mainUser; in { - virtualisation.virtualbox.host.enable = true; users.extraUsers = { virtual = { diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix new file mode 100644 index 000000000..646e816fd --- /dev/null +++ b/lass/2configs/zsh.nix @@ -0,0 +1,126 @@ +{ config, lib, pkgs, ... }: +{ + programs.zsh = { + enable = true; + shellInit = '' + #disable config wizard + zsh-newuser-install() { :; } + ''; + interactiveShellInit = '' + HISTFILE=~/.histfile + HISTSIZE=1000000 + SAVEHIST=100000 + #unsetopt nomatch + setopt autocd extendedglob + bindkey -e + zstyle :compinstall filename '/home/lass/.zshrc' + + #history magic + bindkey "[A" up-line-or-local-history + bindkey "[B" down-line-or-local-history + + up-line-or-local-history() { + zle set-local-history 1 + zle up-line-or-history + zle set-local-history 0 + } + zle -N up-line-or-local-history + down-line-or-local-history() { + zle set-local-history 1 + zle down-line-or-history + zle set-local-history 0 + } + zle -N down-line-or-local-history + + setopt share_history + setopt hist_ignore_dups + # setopt inc_append_history + bindkey '^R' history-incremental-search-backward + + #C-x C-e open line in editor + autoload -z edit-command-line + zle -N edit-command-line + bindkey "^X^E" edit-command-line + + #completion magic + fpath=(~/.zsh/completions $fpath) + autoload -Uz compinit + compinit + zstyle ':completion:*' menu select + + #enable automatic rehashing of $PATH + zstyle ':completion:*' rehash true + + + #eval $( dircolors -b ~/.LS_COLORS ) + + #exports + export EDITOR='vim' + export MANPAGER='most' + export PAGER='vim -' + # export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -' + + #beautiful colors + alias ls='ls --color' + zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} + + #emacs bindings + bindkey "[7~" beginning-of-line + bindkey "[8~" end-of-line + bindkey "Oc" emacs-forward-word + bindkey "Od" emacs-backward-word + + #aliases + alias ll='ls -l' + alias la='ls -la' + alias pinginet='ping 8.8.8.8' + alias du='du -hd1' + alias qiv="qiv -f -m" + alias zshres="source ~/.zshrc" + + #fancy window title magic + case $TERM in + (*xterm* | *rxvt*) + + # Write some info to terminal title. + # This is seen when the shell prompts for input. + function precmd { + print -Pn "\e]0;%(1j,%j job%(2j|s|); ,)%~\a" + } + # Write command and args to terminal title. + # This is seen while the shell waits for a command to complete. + function preexec { + printf "\033]0;%s\a" "$1" + } + ;; + esac + ''; + promptInit = '' + autoload -U promptinit + promptinit + + error='%(?..%F{red}%?%f )' + + case $UID in + 0) + username='%F{red}root%f' + ;; + 1337) + username="" + ;; + *) + username='%F{blue}%n%f' + ;; + esac + + if test -n "$SSH_CLIENT"; then + PROMPT="$error$username@%F{magenta}%M%f %~ " + else + PROMPT="$error$username %~ " + fi + + + ''; + }; + users.defaultUserShell = "/run/current-system/sw/bin/zsh"; +} diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 21a083d1a..2e493177d 100644 --- a/lass/4lib/default.nix +++ b/ |