summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2018-04-05 23:21:53 +0200
committermakefu <github@syntax-fehler.de>2018-04-05 23:21:53 +0200
commit54c104e1e1f59906ddf855d6993de14d07a093dc (patch)
treecc271ff3806fac4176997a1e51ef03b454e1a6e4 /lass
parent241973f2ec1f4fcf217c37fd102feba82bc0b66e (diff)
parent1dd03483619d00d1afc6a278ded0cca6cff2d9ed (diff)
Merge remote-tracking branch 'lass/master' into staging
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/mors/config.nix9
-rw-r--r--lass/2configs/browsers.nix7
-rw-r--r--lass/2configs/network-manager.nix8
-rw-r--r--lass/2configs/reaktor-coders.nix2
-rw-r--r--lass/2configs/repo-sync.nix15
-rw-r--r--lass/2configs/virtualbox.nix2
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix4
-rw-r--r--lass/5pkgs/default.nix1
-rw-r--r--lass/5pkgs/generate-secrets/default.nix46
-rw-r--r--lass/kops.nix35
10 files changed, 118 insertions, 11 deletions
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index f77bc64c2..cd259d0fe 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -140,6 +140,7 @@ with import <stockholm/lib>;
dpass
dnsutils
+ generate-secrets
];
#TODO: fix this shit
@@ -167,14 +168,8 @@ with import <stockholm/lib>;
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
- export PATH=${makeBinPath [
- pkgs.bash
- pkgs.coreutils
- pkgs.nixUnstable
- ]}
- cd ~/stockholm
export SYSTEM="$1"
- exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
+ $(nix-build $HOME/stockholm/lass/kops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
};
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 91ee08bfd..3030d8faf 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -26,7 +26,12 @@ let
lass.xjail.${name} = {
inherit script groups dpi;
};
- environment.systemPackages = [ config.lass.xjail-bins.${name} ];
+ environment.systemPackages = [
+ config.lass.xjail-bins.${name}
+ (pkgs.writeDashBin "cx-${name}" ''
+ DISPLAY=:${toString (genid_signed name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip
+ '')
+ ];
lass.browser.paths.${name} = {
path = config.lass.xjail-bins.${name};
inherit precedence;
diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix
index c4f757de1..5b890b591 100644
--- a/lass/2configs/network-manager.nix
+++ b/lass/2configs/network-manager.nix
@@ -14,7 +14,13 @@
RestartSec = "5";
};
};
- networking.networkmanager.enable = true;
+ networking.networkmanager = {
+ enable = true;
+ unmanaged = [
+ "docker*"
+ "vboxnet*"
+ ];
+ };
users.users.mainUser = {
extraGroups = [ "networkmanager" ];
packages = with pkgs; [
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 2541df3a6..5fa1611ae 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -84,7 +84,7 @@ with import <stockholm/lib>;
(buildSimpleReaktorPlugin "ping" {
pattern = "^!ping (?P<args>.*)$$";
script = pkgs.writeDash "ping" ''
- exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
+ exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
'';
})
];
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index 98dbdc227..ad44c67e1 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -61,6 +61,21 @@ let
origin.url = "http://cgit.lassul.us/${name}";
mirror.url = "${mirror}${name}";
};
+ makefu-staging = {
+ origin.url = "http://cgit.gum/${name}";
+ origin.ref = "heads/staging";
+ mirror.url = "${mirror}${name}";
+ };
+ tv-staging = {
+ origin.url = "http://cgit.ni.r/${name}";
+ origin.ref = "heads/staging";
+ mirror.url = "${mirror}${name}";
+ };
+ nin-staging = {
+ origin.url = "http://cgit.onondaga.r/${name}";
+ origin.ref = "heads/staging";
+ mirror.url = "${mirror}${name}";
+ };
};
latest = {
url = "${mirror}${name}";
diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix
index f7d196057..8171def2d 100644
--- a/lass/2configs/virtualbox.nix
+++ b/lass/2configs/virtualbox.nix
@@ -6,6 +6,8 @@ let
in {
#services.virtualboxHost.enable = true;
virtualisation.virtualbox.host.enable = true;
+ nixpkgs.config.virtualbox.enableExtensionPack = true;
+ virtualisation.virtualbox.host.enableHardening = false;
users.extraUsers = {
virtual = {
diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index e658897da..18cb25b5b 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -147,6 +147,10 @@ myKeyMap =
export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
''}")
+ , ("M4-<Insert>", spawn "${pkgs.writeDash "paste" ''
+ ${pkgs.coreutils}/bin/sleep 0.1
+ ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f -
+ ''}")
, ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1")
, ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 28482eb91..fd6a555d4 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -31,7 +31,6 @@ in {
fi
${self.coreutils}/bin/rm $tmp
'';
- rtl8814au = callPackage ./custom/rtl8814au { kernel = self.linux; };
}
// mapAttrs (_: flip callPackage {})
diff --git a/lass/5pkgs/generate-secrets/default.nix b/lass/5pkgs/generate-secrets/default.nix
new file mode 100644
index 000000000..5a4afe7c5
--- /dev/null
+++ b/lass/5pkgs/generate-secrets/default.nix
@@ -0,0 +1,46 @@
+{ pkgs }:
+pkgs.writeDashBin "generate-secrets" ''
+ HOSTNAME="$1"
+ TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
+ PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
+ HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
+
+ ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
+ ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
+ ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
+ cat <<EOF > $TMPDIR/hashedPasswords.nix
+ {
+ root = "$HASHED_PASSWORD";
+ mainUser = "$HASHED_PASSWORD";
+ }
+ EOF
+
+ cd $TMPDIR
+ for x in *; do
+ ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null
+ done
+ echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/hosts/$HOSTNAME/pass > /dev/null
+
+ cat <<EOF
+ $HOSTNAME = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.changeme";
+ ip6.addr = "42:0:0:0:0:0:0:changeme";
+ aliases = [
+ "$HOSTNAME.r"
+ ];
+ tinc.pubkey = ${"''"}
+ $(cat $TMPDIR/retiolum.rsa_key.pub)
+ ${"''"};
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
+ };
+ EOF
+
+ rm -rf $TMPDIR
+''
+
diff --git a/lass/kops.nix b/lass/kops.nix
new file mode 100644
index 000000000..9d0ab911a
--- /dev/null
+++ b/lass/kops.nix
@@ -0,0 +1,35 @@
+{ name }: let
+ inherit (import ../krebs/kops.nix { inherit name; })
+ krebs-source
+ lib
+ pkgs
+ ;
+
+ source = { test }: lib.evalSource [
+ krebs-source
+ {
+ nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
+ secrets = if test then {
+ file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets";
+ } else {
+ pass = {
+ dir = "${lib.getEnv "HOME"}/.password-store";
+ name = "hosts/${name}";
+ };
+ };
+ }
+ ];
+
+in {
+ # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
+ deploy = pkgs.kops.writeDeploy "${name}-deploy" {
+ source = source { test = false; };
+ target = "root@${name}/var/src";
+ };
+
+ # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test)
+ test = pkgs.kops.writeTest "${name}-test" {
+ source = source { test = true; };
+ target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src";
+ };
+}