summaryrefslogtreecommitdiffstats
path: root/tv/2configs/default.nix
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-11-09 02:37:13 +0100
committerlassulus <lass@aidsballs.de>2015-11-09 02:37:13 +0100
commit3d7790601ef2b32bf6b72f829137fd18d9874fd3 (patch)
tree02b5af9d30d27c5ddac360ae1fa13e0e20d5c20c /tv/2configs/default.nix
parent9ff1f770f6f3703fad34ef4ce2d24116d84a5665 (diff)
parent610a3ce59c2ba0e58205305a85e9cb86e680d481 (diff)
Merge remote-tracking branch 'cd/master'
Diffstat (limited to 'tv/2configs/default.nix')
-rw-r--r--tv/2configs/default.nix171
1 files changed, 171 insertions, 0 deletions
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
new file mode 100644
index 000000000..6ed1c65f9
--- /dev/null
+++ b/tv/2configs/default.nix
@@ -0,0 +1,171 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ krebs.enable = true;
+
+ krebs.build = {
+ user = config.krebs.users.tv;
+ target = mkDefault "root@${config.krebs.build.host.name}";
+ source = {
+ git.nixpkgs = {
+ url = mkDefault https://github.com/NixOS/nixpkgs;
+ rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613";
+ target-path = mkDefault "/var/src/nixpkgs";
+ };
+ dir.secrets = {
+ path = mkDefault "/home/tv/secrets/${config.krebs.build.host.name}";
+ };
+ dir.stockholm = {
+ path = mkDefault "/home/tv/stockholm";
+ target-path = mkDefault "/var/src/stockholm";
+ };
+ };
+ };
+
+ networking.hostName = config.krebs.build.host.name;
+
+ imports = [
+ <secrets>
+ ./vim.nix
+ {
+ # stockholm dependencies
+ environment.systemPackages = with pkgs; [
+ git
+ ];
+ }
+ {
+ users = {
+ defaultUserShell = "/run/current-system/sw/bin/bash";
+ mutableUsers = false;
+ users = {
+ tv = {
+ isNormalUser = true;
+ uid = 1337;
+ };
+ };
+ };
+ }
+ {
+ security.sudo.extraConfig = ''
+ Defaults mailto="${config.krebs.users.tv.mail}"
+ '';
+ time.timeZone = "Europe/Berlin";
+ }
+ {
+ # TODO check if both are required:
+ nix.chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
+
+ nix.trustedBinaryCaches = [
+ "https://cache.nixos.org"
+ "http://cache.nixos.org"
+ "http://hydra.nixos.org"
+ ];
+
+ nix.useChroot = true;
+ }
+ {
+ environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
+
+ environment.systemPackages = with pkgs; [
+ rxvt_unicode.terminfo
+ ];
+
+ environment.shellAliases = mkForce {
+ # alias cal='cal -m3'
+ gp = "${pkgs.pari}/bin/gp -q";
+ df = "df -h";
+ du = "du -h";
+ # alias grep='grep --color=auto'
+
+ # TODO alias cannot contain #\'
+ # "ps?" = "ps ax | head -n 1;ps ax | fgrep -v ' grep --color=auto ' | grep";
+
+ # alias la='ls -lA'
+ lAtr = "ls -lAtr";
+ # alias ll='ls -l'
+ ls = "ls -h --color=auto --group-directories-first";
+ dmesg = "dmesg -L --reltime";
+ view = "vim -R";
+ };
+
+ environment.variables = {
+ NIX_PATH =
+ with config.krebs.build.source; with dir; with git;
+ mkForce (concatStringsSep ":" [
+ "nixpkgs=${nixpkgs.target-path}"
+ "secrets=${stockholm.target-path}/null"
+ ]);
+ };
+
+ programs.bash = {
+ interactiveShellInit = ''
+ HISTCONTROL='erasedups:ignorespace'
+ HISTSIZE=65536
+ HISTFILESIZE=$HISTSIZE
+
+ shopt -s checkhash
+ shopt -s histappend histreedit histverify
+ shopt -s no_empty_cmd_completion
+ complete -d cd
+
+ ${readFile ./bash_completion.sh}
+
+ # TODO source bridge
+ '';
+ promptInit = ''
+ case $UID in
+ 0)
+ PS1='\[\e[1;31m\]\w\[\e[0m\] '
+ ;;
+ 1337)
+ PS1='\[\e[1;32m\]\w\[\e[0m\] '
+ ;;
+ *)
+ PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] '
+ ;;
+ esac
+ if test -n "$SSH_CLIENT"; then
+ PS1='\[\e[35m\]\h'" $PS1"
+ fi
+ if test -n "$SSH_AGENT_PID"; then
+ PS1="ssh-agent[$SSH_AGENT_PID] $PS1"
+ fi
+ '';
+ };
+
+ programs.ssh.startAgent = false;
+ }
+
+ {
+ services.cron.enable = false;
+ services.nscd.enable = false;
+ services.ntp.enable = false;
+ }
+
+ {
+ boot.kernel.sysctl = {
+ # Enable IPv6 Privacy Extensions
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+ }
+
+ {
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+ }
+
+ {
+ # TODO: exim
+ security.setuidPrograms = [
+ "sendmail" # for sudo
+ ];
+ }
+ ];
+}