Merge remote-tracking branch 'cd/master'

author: tv <tv@shackspace.de> 2015-11-07 09:48:06 +0100
committer: tv <tv@shackspace.de> 2015-11-07 09:48:06 +0100
commit: 8ad05d0f40debdb2dc41aef2db24f77f539f4328 (patch)
tree: 50c71257fa56bd1d4a67c3ef23cc10620fd387ff /tv/2configs
parent: d590cf26cd8fa33ed4140bef7a5d689c76455625 (diff)
parent: bae469d2a64165a42d93cdb31e231fa75e9813a5 (diff)
3 files changed, 65 insertions, 9 deletions
diff --git a/tv/2configs/base.nix b/tv/2configs/default.nix
index a74ce329..d31862b6 100644
--- a/tv/2configs/base.nix
+++ b/tv/2configs/default.nix
@@ -1,11 +1,29 @@
 { config, lib, pkgs, ... }:
 
-with builtins;
 with lib;
 
 {
   krebs.enable = true;
 
+  krebs.build = {
+    user = config.krebs.users.tv;
+    target = mkDefault "root@${config.krebs.build.host.name}";
+    source = {
+      git.nixpkgs = {
+        url = mkDefault https://github.com/NixOS/nixpkgs;
+        rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613";
+        target-path = mkDefault "/var/src/nixpkgs";
+      };
+      dir.secrets = {
+        path = mkDefault "/home/tv/secrets/${config.krebs.build.host.name}";
+      };
+      dir.stockholm = {
+        path = mkDefault "/home/tv/stockholm";
+        target-path = mkDefault "/var/src/stockholm";
+      };
+    };
+  };
+
   networking.hostName = config.krebs.build.host.name;
 
   imports = [
@@ -23,6 +41,9 @@ with lib;
                  (import <secrets/hashedPasswords.nix>);
     }
     {
+      users.groups.subusers.gid = 1093178926; # genid subusers
+    }
+    {
       users.defaultUserShell = "/run/current-system/sw/bin/bash";
       users.mutableUsers = false;
     }
@@ -31,6 +52,7 @@ with lib;
         root = {
           openssh.authorizedKeys.keys = [
             config.krebs.users.tv.pubkey
+            config.krebs.users.tv_xu.pubkey
           ];
         };
         tv = {
@@ -69,6 +91,8 @@ with lib;
       nix.useChroot = true;
     }
     {
+      environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
+
       environment.systemPackages = with pkgs; [
         rxvt_unicode.terminfo
       ];
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 4d2fe9e4..df00203b 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -70,14 +70,6 @@ let
         ExecStart = "${xserver}/bin/xserver";
       };
     };
-
-    programs.bash.interactiveShellInit = ''
-      case ''${XMONAD_SPAWN_WORKSPACE-} in
-        za|zh|zj|zs)
-          exec sudo -u zalora -i
-        ;;
-      esac
-    '';
   };
 
   xmonad-environment = {
diff --git a/tv/2configs/z.nix b/tv/2configs/z.nix
new file mode 100644
index 00000000..e5494ecc
--- /dev/null
+++ b/tv/2configs/z.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  krebs.per-user.z.packages = [
+    (pkgs.writeScriptBin "cr" ''
+      #! /bin/sh
+      set -efu
+      export LC_TIME=de_DE.utf8
+      exec ${pkgs.chromium}/bin/chromium \
+          --ssl-version-min=tls1 \
+          --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
+          --disk-cache-size=50000000 \
+          "%@"
+    '')
+  ];
+
+  programs.bash.interactiveShellInit = ''
+    case ''${XMONAD_SPAWN_WORKSPACE-} in
+      za|zh|zj|zs)
+        exec sudo -u z -i
+      ;;
+    esac
+  '';
+
+  security.sudo.extraConfig = "tv ALL=(z) NOPASSWD: ALL";
+
+  users.users.z = {
+    extraGroups = [
+      "audio"
+      "vboxusers"
+      "video"
+    ];
+    group = "subusers";
+    home = "/home/z";
+    uid = 3043726074; # genid z
+    useDefaultShell = true;
+  };
+}
author	tv <tv@shackspace.de>	2015-11-07 09:48:06 +0100
committer	tv <tv@shackspace.de>	2015-11-07 09:48:06 +0100
commit	8ad05d0f40debdb2dc41aef2db24f77f539f4328 (patch)
tree	50c71257fa56bd1d4a67c3ef23cc10620fd387ff /tv/2configs
parent	d590cf26cd8fa33ed4140bef7a5d689c76455625 (diff)
parent	bae469d2a64165a42d93cdb31e231fa75e9813a5 (diff)