diff options
author | makefu <github@syntax-fehler.de> | 2018-04-05 23:21:53 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2018-04-05 23:21:53 +0200 |
commit | 54c104e1e1f59906ddf855d6993de14d07a093dc (patch) | |
tree | cc271ff3806fac4176997a1e51ef03b454e1a6e4 /lass | |
parent | 241973f2ec1f4fcf217c37fd102feba82bc0b66e (diff) | |
parent | 1dd03483619d00d1afc6a278ded0cca6cff2d9ed (diff) |
Merge remote-tracking branch 'lass/master' into staging
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/mors/config.nix | 9 | ||||
-rw-r--r-- | lass/2configs/browsers.nix | 7 | ||||
-rw-r--r-- | lass/2configs/network-manager.nix | 8 | ||||
-rw-r--r-- | lass/2configs/reaktor-coders.nix | 2 | ||||
-rw-r--r-- | lass/2configs/repo-sync.nix | 15 | ||||
-rw-r--r-- | lass/2configs/virtualbox.nix | 2 | ||||
-rw-r--r-- | lass/5pkgs/custom/xmonad-lass/default.nix | 4 | ||||
-rw-r--r-- | lass/5pkgs/default.nix | 1 | ||||
-rw-r--r-- | lass/5pkgs/generate-secrets/default.nix | 46 | ||||
-rw-r--r-- | lass/kops.nix | 35 |
10 files changed, 118 insertions, 11 deletions
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f77bc64c2..cd259d0fe 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -140,6 +140,7 @@ with import <stockholm/lib>; dpass dnsutils + generate-secrets ]; #TODO: fix this shit @@ -167,14 +168,8 @@ with import <stockholm/lib>; environment.shellAliases = { deploy = pkgs.writeDash "deploy" '' set -eu - export PATH=${makeBinPath [ - pkgs.bash - pkgs.coreutils - pkgs.nixUnstable - ]} - cd ~/stockholm export SYSTEM="$1" - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' + $(nix-build $HOME/stockholm/lass/kops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; }; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 91ee08bfd..3030d8faf 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -26,7 +26,12 @@ let lass.xjail.${name} = { inherit script groups dpi; }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; + environment.systemPackages = [ + config.lass.xjail-bins.${name} + (pkgs.writeDashBin "cx-${name}" '' + DISPLAY=:${toString (genid_signed name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip + '') + ]; lass.browser.paths.${name} = { path = config.lass.xjail-bins.${name}; inherit precedence; diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix index c4f757de1..5b890b591 100644 --- a/lass/2configs/network-manager.nix +++ b/lass/2configs/network-manager.nix @@ -14,7 +14,13 @@ RestartSec = "5"; }; }; - networking.networkmanager.enable = true; + networking.networkmanager = { + enable = true; + unmanaged = [ + "docker*" + "vboxnet*" + ]; + }; users.users.mainUser = { extraGroups = [ "networkmanager" ]; packages = with pkgs; [ diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 2541df3a6..5fa1611ae 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -84,7 +84,7 @@ with import <stockholm/lib>; (buildSimpleReaktorPlugin "ping" { pattern = "^!ping (?P<args>.*)$$"; script = pkgs.writeDash "ping" '' - exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 + exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 ''; }) ]; diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 98dbdc227..ad44c67e1 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -61,6 +61,21 @@ let origin.url = "http://cgit.lassul.us/${name}"; mirror.url = "${mirror}${name}"; }; + makefu-staging = { + origin.url = "http://cgit.gum/${name}"; + origin.ref = "heads/staging"; + mirror.url = "${mirror}${name}"; + }; + tv-staging = { + origin.url = "http://cgit.ni.r/${name}"; + origin.ref = "heads/staging"; + mirror.url = "${mirror}${name}"; + }; + nin-staging = { + origin.url = "http://cgit.onondaga.r/${name}"; + origin.ref = "heads/staging"; + mirror.url = "${mirror}${name}"; + }; }; latest = { url = "${mirror}${name}"; diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index f7d196057..8171def2d 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -6,6 +6,8 @@ let in { #services.virtualboxHost.enable = true; virtualisation.virtualbox.host.enable = true; + nixpkgs.config.virtualbox.enableExtensionPack = true; + virtualisation.virtualbox.host.enableHardening = false; users.extraUsers = { virtual = { diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index e658897da..18cb25b5b 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -147,6 +147,10 @@ myKeyMap = export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" ''}") + , ("M4-<Insert>", spawn "${pkgs.writeDash "paste" '' + ${pkgs.coreutils}/bin/sleep 0.1 + ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f - + ''}") , ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1") , ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 28482eb91..fd6a555d4 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -31,7 +31,6 @@ in { fi ${self.coreutils}/bin/rm $tmp ''; - rtl8814au = callPackage ./custom/rtl8814au { kernel = self.linux; }; } // mapAttrs (_: flip callPackage {}) diff --git a/lass/5pkgs/generate-secrets/default.nix b/lass/5pkgs/generate-secrets/default.nix new file mode 100644 index 000000000..5a4afe7c5 --- /dev/null +++ b/lass/5pkgs/generate-secrets/default.nix @@ -0,0 +1,46 @@ +{ pkgs }: +pkgs.writeDashBin "generate-secrets" '' + HOSTNAME="$1" + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) + HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null + + ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null + ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null + ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null + cat <<EOF > $TMPDIR/hashedPasswords.nix + { + root = "$HASHED_PASSWORD"; + mainUser = "$HASHED_PASSWORD"; + } + EOF + + cd $TMPDIR + for x in *; do + ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null + done + echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/hosts/$HOSTNAME/pass > /dev/null + + cat <<EOF + $HOSTNAME = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.changeme"; + ip6.addr = "42:0:0:0:0:0:0:changeme"; + aliases = [ + "$HOSTNAME.r" + ]; + tinc.pubkey = ${"''"} + $(cat $TMPDIR/retiolum.rsa_key.pub) + ${"''"}; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; + }; + EOF + + rm -rf $TMPDIR +'' + diff --git a/lass/kops.nix b/lass/kops.nix new file mode 100644 index 000000000..9d0ab911a --- /dev/null +++ b/lass/kops.nix @@ -0,0 +1,35 @@ +{ name }: let + inherit (import ../krebs/kops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; + secrets = if test then { + file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.kops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.kops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src"; + }; +} |