summaryrefslogtreecommitdiffstats
path: root/makefu/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-10-27 15:02:39 +0200
committertv <tv@krebsco.de>2018-10-27 15:02:39 +0200
commit212bc39249f9792cbedf2e9a6b3fed90c52c63e7 (patch)
treede2a5cf0be852b8beb8317481649460194f40d5b /makefu/2configs
parent34e1f09bf5e233bee78ee63166d2a1d9944a51f9 (diff)
parent24f4e8dcf0eca55378fa018a9ed980625222653d (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/2configs')
-rw-r--r--makefu/2configs/dcpp/airdcpp.nix48
-rw-r--r--makefu/2configs/default.nix107
-rw-r--r--makefu/2configs/home-manager/cli.nix12
-rw-r--r--makefu/2configs/home-manager/default.nix7
-rw-r--r--makefu/2configs/home-manager/desktop.nix31
-rw-r--r--makefu/2configs/home-manager/mail.nix46
-rw-r--r--makefu/2configs/minimal.nix88
7 files changed, 245 insertions, 94 deletions
diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix
new file mode 100644
index 000000000..fe05effd9
--- /dev/null
+++ b/makefu/2configs/dcpp/airdcpp.nix
@@ -0,0 +1,48 @@
+{ config, ... }:
+{
+ krebs.airdcpp = {
+ enable = true;
+ extraGroups = [ "download" ];
+ web.port = 5600;
+ web.users.makefu.password = builtins.readFile <secrets/airdcpp-makefu.pw>; # watch out for newline!
+ hubs."krebshub" =
+ { Nick = "makefu-${config.krebs.build.host.name}";
+ Password = builtins.readFile <secrets/krebshub.pw>;
+ Server = "adcs://hub.nsupdate.info:411";
+ AutoConnect = true;
+ };
+ dcpp = {
+ shares = {
+ # Incoming must be writeable!
+ incoming = { path = config.makefu.dl-dir + "/finished/dcpp"; incoming = true; };
+ audiobooks.path = config.makefu.dl-dir + "/finished/audiobooks";
+ };
+ Nick = "makefu";
+ DownloadSpeed = "1000";
+ UploadSpeed = "1000";
+ };
+ };
+ networking.firewall.allowedTCPPorts =
+ [ config.krebs.airdcpp.dcpp.InPort
+ config.krebs.airdcpp.dcpp.TLSPort
+ ];
+ networking.firewall.allowedUDPPorts = [ config.krebs.airdcpp.dcpp.UDPPort ];
+
+ services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" =
+ { proxyPass = "http://localhost:${toString config.krebs.airdcpp.web.port}/";
+
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ gzip_types text/plain application/javascript;
+
+ # Proxy websockets
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ '';
+ };
+
+}
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 6192a92a5..61cba86d9 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -10,24 +10,11 @@ with import <stockholm/lib>;
}
./editor/vim.nix
./binary-cache/nixos.nix
+ ./minimal.nix
];
- boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
-
- programs.command-not-found.enable = false;
-
- nix.package = pkgs.nixUnstable;
-
- nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
- krebs = {
- enable = true;
-
- dns.providers.lan = "hosts";
- search-domain = "r";
- build.user = config.krebs.users.makefu;
- };
-
- users.extraUsers = {
+ # users are super important
+ users.users = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
};
@@ -37,80 +24,39 @@ with import <stockholm/lib>;
home = "/home/makefu";
createHome = true;
useDefaultShell = true;
- extraGroups = [
- "wheel"
- ];
+ extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
};
};
- networking.hostName = config.krebs.build.host.name;
- nix.maxJobs = 2;
- nix.buildCores = config.krebs.build.host.cores;
+ boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
- time.timeZone = "Europe/Berlin";
+ nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
+ krebs = {
+ enable = true;
- programs.ssh = {
- startAgent = false;
+ dns.providers.lan = "hosts";
+ search-domain = "r";
+ build.user = config.krebs.users.makefu;
};
- services.openssh.enable = true;
- nix.useSandbox = true;
- users.mutableUsers = false;
- boot.tmpOnTmpfs = true;
- networking.firewall.rejectPackets = true;
- networking.firewall.allowPing = true;
+ boot.tmpOnTmpfs = true;
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
- nix.nixPath = [ "/var/src" ];
- environment.variables = let
- ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- in {
- NIX_PATH = mkForce "/var/src";
- EDITOR = mkForce "vim";
- CURL_CA_BUNDLE = ca-bundle;
- GIT_SSL_CAINFO = ca-bundle;
- SSL_CERT_FILE = ca-bundle;
- };
environment.systemPackages = with pkgs; [
jq
git
- get
gnumake
rxvt_unicode.terminfo
htop
];
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=900001
- HISTFILESIZE=$HISTSIZE
-
- PYTHONSTARTUP="~/.pythonrc";
-
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- '';
-
- promptInit = ''
- case $UID in
- 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;;
- 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;;
- *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;;
- esac
- if test -n "$SSH_CLIENT"; then
- PS1='\[\033[35m\]\h'" $PS1"
- fi
- '';
- };
+ programs.bash.enableCompletion = true;
environment.shellAliases = {
# TODO: see .aliases
@@ -126,12 +72,6 @@ with import <stockholm/lib>;
tinc = pkgs.tinc_pre;
};
- networking.timeServers = [
- "pool.ntp.org"
- "time.windows.com"
- "time.apple.com"
- "time.nist.gov"
- ];
nix.extraOptions = ''
auto-optimise-store = true
@@ -145,26 +85,5 @@ with import <stockholm/lib>;
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
- # Enable IPv6 Privacy Extensions
- boot.kernel.sysctl = {
- "net.ipv6.conf.all.use_tempaddr" = 2;
- "net.ipv6.conf.default.use_tempaddr" = 2;
- };
- i18n = {
- consoleKeyMap = "us";
- defaultLocale = "en_US.UTF-8";
- };
- # suppress chrome autit event messages
- security.audit = {
- rules = [
- "-a task,never"
- ];
- };
- system.activationScripts.state = optionalString (config.state != []) ''
- cat << EOF
- This machine is burdened with state:
- ${concatMapStringsSep "\n" (d: "* ${d}") config.state}
- EOF
- '';
}
diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix
new file mode 100644
index 000000000..1efc4d2bf
--- /dev/null
+++ b/makefu/2configs/home-manager/cli.nix
@@ -0,0 +1,12 @@
+{
+ home-manager.users.makefu = {
+ services.gpg-agent = {
+ defaultCacheTtl = 900;
+ maxCacheTtl = 7200;
+ defaultCacheTtlSsh = 3600;
+ maxCacheTtlSsh = 86400;
+ enableSshSupport = true;
+ };
+ programs.fzf.enable = true; # alt-c
+ };
+}
diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix
new file mode 100644
index 000000000..e75ee6262
--- /dev/null
+++ b/makefu/2configs/home-manager/default.nix
@@ -0,0 +1,7 @@
+{
+ imports = [
+ <home-manager/nixos>
+ ];
+ home-manager.users.makefu = {
+ };
+}
diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix
new file mode 100644
index 000000000..c2f854d47
--- /dev/null
+++ b/makefu/2configs/home-manager/desktop.nix
@@ -0,0 +1,31 @@
+{pkgs, ... }: {
+ home-manager.users.makefu = {
+ programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
+ services.network-manager-applet.enable = true;
+ services.blueman-applet.enable = true;
+ services.pasystray.enable = true;
+
+ systemd.user.services.network-manager-applet.Service.Environment = ''
+ XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
+ '';
+ systemd.user.services.clipit = {
+ Unit = {
+ Description = "clipboard manager";
+ After = [ "graphical-session-pre.target" ];
+ PartOf = [ "graphical-session.target" ];
+ };
+
+ Install = {
+ WantedBy = [ "graphical-session.target" ];
+ };
+
+ Service = {
+ Environment = ''
+ XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
+ '';
+ ExecStart = "${pkgs.clipit}/bin/clipit";
+ Restart = "on-abort";
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/home-manager/mail.nix b/makefu/2configs/home-manager/mail.nix
new file mode 100644
index 000000000..ce7ae4f4d
--- /dev/null
+++ b/makefu/2configs/home-manager/mail.nix
@@ -0,0 +1,46 @@
+{
+ home-manager.users.makefu = {
+ accounts.email.accounts.syntaxfehler = {
+ address = "felix.richter@syntax-fehler.de";
+ userName = "Felix.Richter@syntax-fehler.de";
+ imap = {
+ host = "syntax-fehler.de";
+ tls = {
+ enable = true;
+ };
+ };
+ smtp = {
+ host = "syntax-fehler.de";
+ tls = {
+ enable = true;
+ };
+ };
+ msmtp.enable = true;
+ notmuch.enable = true;
+ offlineimap = {
+ enable = true;
+ postSyncHookCommand = "notmuch new";
+ extraConfig.remote = {
+ holdconnectionopen = true;
+ idlefolders = "['INBOX']";
+ };
+ };
+ primary = true;
+ realName = "Felix Richter";
+ passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg";
+ };
+ programs.offlineimap.enable = true;
+ programs.offlineimap.extraConfig = {
+ mbnames = {
+ filename = "~/.mutt/muttrc.mailboxes";
+ header = "'mailboxes '";
+ peritem = "'+%(accountname)s/%(foldername)s'";
+ sep = "' '";
+ footer = "'\\n'";
+ };
+ general = {
+ ui = "TTY.TTYUI";
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix
new file mode 100644
index 000000000..d764e5624
--- /dev/null
+++ b/makefu/2configs/minimal.nix
@@ -0,0 +1,88 @@
+{ lib, pkgs, config, ... }:
+# minimal subset of sane configuration for stockholm
+{
+ # nobody needs this
+ programs.command-not-found.enable = false;
+
+ # the only true timezone (even after the the removal of DST)
+ time.timeZone = "Europe/Berlin";
+
+ networking.hostName = config.krebs.build.host.name;
+ nix.buildCores = config.krebs.build.host.cores;
+
+ # we use gpg if necessary (or nothing at all)
+ programs.ssh.startAgent = false;
+
+ # all boxes look the same
+ nix.useSandbox = true;
+ # we configure users via nix
+ users.mutableUsers = false;
+
+ # sane firewalling
+ networking.firewall.rejectPackets = true;
+ networking.firewall.allowPing = true;
+
+ # openssh all the way down
+ services.openssh.enable = true;
+
+ # we use stockholm via populate
+ nix.nixPath = [ "/var/src" ];
+
+ environment.variables = let
+ ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ in {
+ NIX_PATH = lib.mkForce "/var/src";
+ EDITOR = lib.mkForce "vim";
+ CURL_CA_BUNDLE = ca-bundle;
+ GIT_SSL_CAINFO = ca-bundle;
+ SSL_CERT_FILE = ca-bundle;
+ };
+
+ programs.bash = {
+ interactiveShellInit = ''
+ HISTCONTROL='erasedups:ignorespace'
+ HISTSIZE=900001
+ HISTFILESIZE=$HISTSIZE
+
+ shopt -s checkhash
+ shopt -s histappend histreedit histverify
+ shopt -s no_empty_cmd_completion
+ '';
+
+ promptInit = ''
+ case $UID in
+ 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;;
+ 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;;
+ *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;;
+ esac
+ if test -n "$SSH_CLIENT"; then
+ PS1='\[\033[35m\]\h'" $PS1"
+ fi
+ '';
+ };
+
+ # trust the cool guys
+ networking.timeServers = [
+ "pool.ntp.org"
+ "time.nist.gov"
+ ];
+
+ # the only locale you will ever need
+ i18n = {
+ consoleKeyMap = "us";
+ defaultLocale = "en_US.UTF-8";
+ };
+
+ # suppress chrome autit event messages
+ security.audit = {
+ rules = [
+ "-a task,never"
+ ];
+ };
+
+ # Enable IPv6 Privacy Extensions
+ boot.kernel.sysctl = {
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+}