diff options
| author | tv <tv@krebsco.de> | 2016-10-13 20:33:45 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2016-10-13 20:33:45 +0200 |
| commit | 65165f422d8e08f29ec269a3ce98e7ebfa22c622 (patch) | |
| tree | 13d15f63626129c439840a4b406e3fe4e693096f /lass/2configs | |
| parent | 38d26c551cf3c53151120646a893a13990b21c5c (diff) | |
| parent | 8458ffd7a00a3e4c734755de7d72f95458d1bb52 (diff) | |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs')
| -rw-r--r-- | lass/2configs/browsers.nix | 70 | ||||
| -rw-r--r-- | lass/2configs/default.nix | 12 | ||||
| -rw-r--r-- | lass/2configs/iodined.nix | 6 | ||||
| -rw-r--r-- | lass/2configs/nixpkgs.nix | 4 | ||||
| -rw-r--r-- | lass/2configs/websites/domsen.nix | 22 | ||||
| -rw-r--r-- | lass/2configs/websites/util.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/xserver/Xresources.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/xserver/default.nix | 223 | ||||
| -rw-r--r-- | lass/2configs/zsh.nix | 1 |
9 files changed, 156 insertions, 186 deletions
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index ea79053ce..90f420674 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,11 +1,28 @@ { config, lib, pkgs, ... }: +with config.krebs.lib; let - inherit (config.krebs.lib) genid; mainUser = config.users.extraUsers.mainUser; - createChromiumUser = name: extraGroups: packages: - { + + browser-select = pkgs.writeScriptBin "browser-select" '' + BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu) + case $BROWSER in + ${concatMapStringsSep "\n" (n: '' + ${n}) + export BIN=${config.lass.browser.paths.${n}}/bin/${n} + ;; + '') (attrNames config.lass.browser.paths)} + esac + $BIN "$@" + ''; + + createChromiumUser = name: extraGroups: + let + bin = pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ + ''; + in { users.extraUsers.${name} = { inherit name; inherit extraGroups; @@ -14,19 +31,21 @@ let useDefaultShell = true; createHome = true; }; - krebs.per-user.${name}.packages = packages; + lass.browser.paths.${name} = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i chromium $@ - '') + bin ]; }; - createFirefoxUser = name: extraGroups: packages: - { + createFirefoxUser = name: extraGroups: + let + bin = pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + ''; + in { users.extraUsers.${name} = { inherit name; inherit extraGroups; @@ -35,14 +54,12 @@ let useDefaultShell = true; createHome = true; }; - krebs.per-user.${name}.packages = packages; + lass.browser.paths.${name} = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i firefox $@ - '') + bin ]; }; @@ -50,19 +67,26 @@ let in { + lass.browser.select = browser-select; + environment.systemPackages = [ - (pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "ff\ncr\nwk\nfb\ngm\nflash" | dmenu) - $BROWSER $@ - '') + browser-select ]; imports = [ - ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] ) - ( createChromiumUser "cr" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "wk" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "fb" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "gm" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "com" [ "video" "audio" ] [ pkgs.chromium ] ) + { + options.lass.browser.select = mkOption { + type = types.path; + }; + options.lass.browser.paths = mkOption { + type = with types; attrsOf path; + }; + } + ( createFirefoxUser "ff" [ "audio" ] ) + ( createChromiumUser "cr" [ "video" "audio" ] ) + ( createChromiumUser "wk" [ "video" "audio" ] ) + ( createChromiumUser "fb" [ "video" "audio" ] ) + ( createChromiumUser "gm" [ "video" "audio" ] ) + ( createChromiumUser "com" [ "video" "audio" ] ) ]; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index af3ed1d36..0b7ca8eaa 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -67,7 +67,7 @@ with config.krebs.lib; }; }; - nix.useChroot = true; + nix.useSandbox = true; users.mutableUsers = false; @@ -97,6 +97,7 @@ with config.krebs.lib; jq parallel proot + populate #style most @@ -141,15 +142,6 @@ with config.krebs.lib; shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion complete -d cd - - #fancy colors - if [ -e ~/LS_COLORS ]; then - eval $(dircolors ~/LS_COLORS) - fi - - if [ -e /etc/nixos/dotfiles/link ]; then - /etc/nixos/dotfiles/link - fi ''; promptInit = '' if test $UID = 0; then diff --git a/lass/2configs/iodined.nix b/lass/2configs/iodined.nix index 3108a6b23..f67e2ae86 100644 --- a/lass/2configs/iodined.nix +++ b/lass/2configs/iodined.nix @@ -6,15 +6,15 @@ let pw = import <secrets/iodinepw.nix>; in { - services.iodined = { + services.iodine.server = { enable = true; domain = domain; ip = "172.16.10.1/24"; - extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; + extraConfig = "-c -P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; }; krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 54"; target = "ACCEPT";} + { predicate = "-p udp --dport 53"; target = "ACCEPT";} ]; } diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 9e3fe888c..6e9138b61 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -2,7 +2,7 @@ { krebs.build.source.nixpkgs.git = { - url = https://github.com/lassulus/nixpkgs; - ref = "3fb009d94e70f5d1151f4ec239a90d2de1979a74"; + url = https://github.com/nixos/nixpkgs; + ref = "354fd3728952c229fee4f2924737c601d7ab4725"; }; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2f93c1f9c..e05f40d97 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -143,23 +143,11 @@ in { }; }; - - #services.phpfpm.phpOptions = '' - # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - # sendmail_path = ${sendmail} -t - #''; - services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - options = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = "${sendmail} -t -i" - always_populate_raw_post_data = -1 - upload_max_filesize = 100M - post_max_size = 100M - file_uploads = on - ''; - } '' - cat ${pkgs.php}/etc/php-recommended.ini > $out - echo "$options" >> $out + services.phpfpm.phpOptions = '' + sendmail_path = ${sendmail} -t + upload_max_filesize = 100M + post_max_size = 100M + file_uploads = on ''; # MAIL STUFF diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 467229c0c..23f417195 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -167,7 +167,6 @@ rec { pm.max_spare_servers = 3 listen.owner = nginx listen.group = nginx - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes @@ -220,7 +219,6 @@ rec { pm.max_spare_servers = 3 listen.owner = nginx listen.group = nginx - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix index 5d3661706..0f04540c3 100644 --- a/lass/2configs/xserver/Xresources.nix +++ b/lass/2configs/xserver/Xresources.nix @@ -11,7 +11,7 @@ pkgs.writeText "Xresources" '' ! ref https://github.com/muennich/urxvt-perls URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - URxvt.url-select.launcher: browser-select + URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select URxvt.url-select.underline: true URxvt.keysym.M-u: perl:url-select:select_next URxvt.keysym.M-Escape: perl:keyboard-select:activate diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 73b148bf7..0f9b1f84a 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -1,143 +1,112 @@ -{ config, lib, pkgs, ... }@args: - +{ config, pkgs, ... }@args: with config.krebs.lib; - let - # TODO krebs.build.user - user = config.users.users.mainUser; - - out = { - services.xserver = { - display = 11; - tty = 11; - - synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - }; - - #keyboard stuff - layout = "us"; - xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; + user = config.krebs.build.user; +in { + + environment.systemPackages = [ + pkgs.gitAndTools.qgit + pkgs.mpv + pkgs.sxiv + pkgs.xsel + pkgs.zathura + ]; + + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + services.xserver = { + enable = true; + display = 11; + tty = 11; + + synaptics = { + enable = true; + twoFingerScroll = true; + accelFactor = "0.035"; }; - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; + layout = "us"; + xkbVariant = "altgr-intl"; + xkbOptions = "caps:backspace"; + }; - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - serviceConfig = { - ExecReload = need-reload "urxvtd.service"; - ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = user.name; - }; - }; + systemd.services.display-manager.enable = false; - krebs.per-user.lass.packages = [ - pkgs.rxvt_unicode_with-plugins - ]; + systemd.services.xmonad = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; - systemd.services.display-manager.enable = false; + XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & + ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} & + ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & + wait + ''; - services.xserver.enable = true; + XMONAD_STATE = "/tmp/xmonad.state"; - systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = xmonad-environment; - restartIfChanged = true; - serviceConfig = { - ExecStart = "${xmonad-start}/bin/xmonad"; - ExecStop = "${xmonad-stop}/bin/xmonad-stop"; - User = user.name; - WorkingDirectory = user.home; - }; + # XXX JSON is close enough :) + XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ + "dashboard" # we start here + ]); }; - - systemd.services.xserver = { - after = [ - "systemd-udev-settle.service" - "local-fs.target" - "acpid.service" - ]; - reloadIfChanged = true; - environment = xserver-environment; - serviceConfig = { - ExecReload = need-reload "xserver.service"; - ExecStart = "${xserver}/bin/xserver"; - }; + serviceConfig = { + SyslogIdentifier = "xmonad"; + ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; + ExecStop = pkgs.writeScript "xmonad-stop" '' + #! /bin/sh + ${pkgs.xmonad-lass}/bin/xmonad --shutdown + ${pkgs.coreutils}/bin/sleep 2s + ''; + User = user.name; + WorkingDirectory = user.home; }; }; - xmonad-environment = { - DISPLAY = ":${toString config.services.xserver.display}"; - XMONAD_STATE = "/tmp/xmonad.state"; - - # XXX JSON is close enough :) - XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ - "dashboard" - ]); + systemd.services.xserver = { + after = [ + "systemd-udev-settle.service" + "local-fs.target" + "acpid.service" + ]; + reloadIfChanged = true; + environment = { + XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. + XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. + LD_LIBRARY_PATH = concatStringsSep ":" ( + [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); + }; + serviceConfig = { + SyslogIdentifier = "xserver"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = toString [ + "${pkgs.xorg.xorgserver}/bin/X" + ":${toString config.services.xserver.display}" + "vt${toString config.services.xserver.tty}" + "-config ${import ./xserver.conf.nix args}" + "-logfile /dev/null -logverbose 0 -verbose 3" + "-nolisten tcp" + "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" + ]; + }; }; - xmonad-start = pkgs.writeScriptBin "xmonad" '' - #! ${pkgs.bash}/bin/bash - set -efu - export PATH; PATH=${makeSearchPath "bin" ([ - pkgs.rxvt_unicode - ] ++ config.environment.systemPackages)}:/var/setuid-wrappers - settle() {( - # Use PATH for a clean journal - command=''${1##*/} - PATH=''${1%/*}; export PATH - shift - until "$command" "$@"; do - ${pkgs.coreutils}/bin/sleep 1 - done - )&} - settle ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - settle ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} - settle ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' - exec ${pkgs.xmonad-lass}/bin/xmonad - ''; - - xmonad-stop = pkgs.writeScriptBin "xmonad-stop" '' - #! /bin/sh - ${pkgs.xmonad-lass}/bin/xmonad --shutdown - ${pkgs.coreutils}/bin/sleep 2s - ''; - - xserver-environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] - ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + serviceConfig = { + SyslogIdentifier = "urxvtd"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = user.name; + }; }; - - xserver = pkgs.writeScriptBin "xserver" '' - #! /bin/sh - set -efu - exec ${pkgs.xorg.xorgserver.out}/bin/X \ - :${toString config.services.xserver.display} \ - vt${toString config.services.xserver.tty} \ - -config ${import ./xserver.conf.nix args} \ - -logfile /var/log/X.${toString config.services.xserver.display}.log \ - -nolisten tcp \ - -xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb \ - ''; - - need-reload = s: let - pkg = pkgs.writeScriptBin "need-reload" '' - #! /bin/sh - echo "$*" - ''; - in "${pkg}/bin/need-reload ${s}"; - -in out +} diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index b221d7677..aa159be07 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -118,5 +118,4 @@ fi ''; }; - users.defaultUserShell = "/run/current-system/sw/bin/zsh"; } |