summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-02-02 09:16:32 +0100
committertv <tv@krebsco.de>2019-02-02 09:16:32 +0100
commitbca298e1a8582f5704e1e154ead6d1f866ac3206 (patch)
tree7ca3a33bc72108b392b35d8c014df0ceda33e75e /lass
parenta09bf933da2d31645872f1e2332507da98fb6a00 (diff)
parente2ae92445cc439203427a58720fc394cf1ca4b44 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/blue/source.nix14
-rw-r--r--lass/1systems/mors/config.nix1
-rw-r--r--lass/2configs/hardening.nix11
-rw-r--r--lass/2configs/radio.nix61
-rw-r--r--lass/2configs/reaktor-coders.nix46
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix3
6 files changed, 77 insertions, 59 deletions
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index a32c3a82..a52771a4 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,13 +1,19 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
- derivation = ''
- with import <nixpkgs> {};
+ derivation = let
+ rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
+ in ''
+ with import (builtins.fetchTarball {
+ url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
+ sha256 = "${sha256}";
+ }) {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
- rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}";
- sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}";
+ rev = "${rev}";
+ sha256 = "${sha256}";
}
'';
};
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index b6565dc6..f35ebff5 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -36,6 +36,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/hardening.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
diff --git a/lass/2configs/hardening.nix b/lass/2configs/hardening.nix
new file mode 100644
index 00000000..aee4bf06
--- /dev/null
+++ b/lass/2configs/hardening.nix
@@ -0,0 +1,11 @@
+{ pkgs, lib, ... }:
+with lib;
+{
+ security.chromiumSuidSandbox.enable = true;
+ security.lockKernelModules = false;
+ boot.kernel.sysctl."user.max_user_namespaces" = 63414;
+
+ imports = [
+ <nixpkgs/nixos/modules/profiles/hardened.nix>
+ ];
+}
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 987632cd..f88b2627 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -170,32 +170,45 @@ in {
};
};
- krebs.Reaktor.playlist = {
- nickname = "the_playlist|r";
- channels = [
- "#the_playlist"
- "#krebs"
- ];
- extraEnviron = {
- REAKTOR_HOST = "irc.freenode.org";
- };
- plugins = with pkgs.ReaktorPlugins; [
- (buildSimpleReaktorPlugin "skip" {
- script = "${skip_track}/bin/skip_track";
- pattern = "^skip$";
- })
- (buildSimpleReaktorPlugin "current" {
- script = "${print_current}/bin/print_current";
- pattern = "^current$";
- })
- (buildSimpleReaktorPlugin "suggest" {
- script = "${pkgs.writeDash "suggest" ''
- echo "$@" >> $HOME/playlist_suggest
- ''}";
- pattern = "^suggest: (?P<args>.*)$";
- })
+ krebs.reaktor2.the_playlist = {
+ hostname = "irc.freenode.org";
+ port = "6697";
+ useTLS = true;
+ nick = "the_playlist";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#the_playlist"
+ "#krebs"
+ ];
+ };
+ }
+ {
+ plugin = "system";
+ config = {
+ workdir = config.krebs.reaktor2.the_playlist.stateDir;
+ hooks.PRIVMSG = [
+ {
+ activate = "match";
+ pattern = ''!([^ ]+)(?:\s*(.*))?'';
+ command = 1;
+ arguments = [2];
+ commands = {
+ skip.filename = "${skip_track}/bin/skip_track";
+ current.filename = "${print_current}/bin/print_current";
+ suggest.filename = pkgs.writeDash "suggest" ''
+ echo "$@" >> playlist_suggest
+ '';
+ };
+ }
+ ];
+ };
+ }
];
};
+
services.nginx = {
enable = true;
virtualHosts."radio.lassul.us" = {
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 44d9d686..4baec197 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -32,6 +32,7 @@ in {
pattern = ''@([^ ]+) (.*)$'';
command = 1;
arguments = [2];
+ env.HOME = config.krebs.reaktor2.coders.stateDir;
commands = let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
@@ -46,36 +47,21 @@ in {
-e "$@"
'';
in {
- pl = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-pl" ''
- ${lambdabotWrapper} "@pl $1"
- '';
- };
- type = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-type" ''
- ${lambdabotWrapper} "@type $1"
- '';
- };
- "let" = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-let" ''
- ${lambdabotWrapper} "@let $1"
- '';
- };
- run = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-run" ''
- ${lambdabotWrapper} "@run $1"
- '';
- };
- kind = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-kind" ''
- ${lambdabotWrapper} "@kind $1"
- '';
- };
+ pl.filename = pkgs.writeDash "lambdabot-pl" ''
+ ${lambdabotWrapper} "@pl $1"
+ '';
+ type.filename = pkgs.writeDash "lambdabot-type" ''
+ ${lambdabotWrapper} "@type $1"
+ '';
+ "let".filename = pkgs.writeDash "lambdabot-let" ''
+ ${lambdabotWrapper} "@let $1"
+ '';
+ run.filename = pkgs.writeDash "lambdabot-run" ''
+ ${lambdabotWrapper} "@run $1"
+ '';
+ kind.filename = pkgs.writeDash "lambdabot-kind" ''
+ ${lambdabotWrapper} "@kind $1"
+ '';
};
}
{
diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index 483e37bc..1f2e7110 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -41,6 +41,7 @@ import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize)
import XMonad.Layout.NoBorders (smartBorders)
+import XMonad.Layout.MouseResizableTile (mouseResizableTile)
import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
@@ -93,7 +94,7 @@ main' = do
myLayoutHook = defLayout
where
- defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
+ defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeOne
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 00:29:49 +0000