diff options
| author | makefu <github@syntax-fehler.de> | 2017-08-05 12:01:07 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2017-08-05 12:01:07 +0200 |
| commit | f1124bd208306b2cfe32e1b85ccb810455453483 (patch) | |
| tree | b286db06b459e2d24409c3b4fd02eb0ea7d88a82 /tv | |
| parent | 7db5d59018f4096b0cc39afa59df53b6a1fa9353 (diff) | |
| parent | 1310375624b7fbcb6c165a032edc9d3ef336d57b (diff) | |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'tv')
| -rw-r--r-- | tv/1systems/alnus/config.nix | 6 | ||||
| -rw-r--r-- | tv/1systems/mu/config.nix | 33 | ||||
| -rw-r--r-- | tv/1systems/nomic/config.nix | 9 | ||||
| -rw-r--r-- | tv/1systems/test/source.nix | 3 | ||||
| -rw-r--r-- | tv/1systems/wu/config.nix | 112 | ||||
| -rw-r--r-- | tv/1systems/xu/config.nix | 23 | ||||
| -rw-r--r-- | tv/1systems/zu/config.nix | 127 | ||||
| -rw-r--r-- | tv/2configs/default.nix | 23 | ||||
| -rw-r--r-- | tv/2configs/nginx/public_html.nix | 1 | ||||
| -rw-r--r-- | tv/2configs/retiolum.nix | 3 | ||||
| -rw-r--r-- | tv/2configs/vim.nix | 4 | ||||
| -rw-r--r-- | tv/3modules/default.nix | 1 | ||||
| -rw-r--r-- | tv/3modules/x0vncserver.nix | 52 | ||||
| -rw-r--r-- | tv/5pkgs/simple/djbdns/default.nix | 20 |
14 files changed, 83 insertions, 334 deletions
diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index dd9e594f..71302d59 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -1,8 +1,6 @@ -{ config, pkgs, ... }: - with import <stockholm/lib>; +{ config, pkgs, ... }: { -{ imports = [ <stockholm/tv> <stockholm/tv/2configs/hw/x220.nix> @@ -81,8 +79,6 @@ with import <stockholm/lib>; }; }; - swapDevices =[ ]; - users.users.dv = { inherit (config.krebs.users.dv) home uid; isNormalUser = true; diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 4c6d1632..08948187 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -1,8 +1,6 @@ -{ config, pkgs, ... }: - with import <stockholm/lib>; +{ config, pkgs, ... }: { -{ imports = [ <stockholm/krebs> <stockholm/tv/2configs> @@ -14,15 +12,7 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.mu; krebs.build.user = mkForce config.krebs.users.vv; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" - - # for jack - KERNEL=="rtc0", GROUP="audio" - KERNEL=="hpet", GROUP="audio" - ''; - + tv.x0vncserver.enable = true; # hardware configuration boot.initrd.luks.devices = [ @@ -33,10 +23,6 @@ with import <stockholm/lib>; boot.kernelModules = [ "fbcon" "kvm-intel" ]; boot.extraModulePackages = [ ]; - boot.extraModprobeConfig = '' - options kvm_intel nested=1 - ''; - fileSystems = { "/" = { device = "/dev/vgmu1/nixroot"; @@ -50,15 +36,8 @@ with import <stockholm/lib>; "/boot" = { device = "/dev/sda1"; }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = [ "nosuid" "nodev" "noatime" ]; - }; }; - swapDevices =[ ]; - nixpkgs.config.allowUnfree = true; hardware.opengl.driSupport32Bit = true; @@ -66,8 +45,8 @@ with import <stockholm/lib>; hardware.enableRedistributableFirmware = true; - boot.loader.gummiboot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; networking.networkmanager.enable = true; @@ -97,7 +76,6 @@ with import <stockholm/lib>; programs.ssh.startAgent = false; security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron slock.source = "${pkgs.slock}/bin/slock"; }; @@ -152,9 +130,4 @@ with import <stockholm/lib>; "networkmanager" ]; }; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; } diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix index d0144986..996a5e7e 100644 --- a/tv/1systems/nomic/config.nix +++ b/tv/1systems/nomic/config.nix @@ -1,8 +1,6 @@ -{ config, lib, pkgs, ... }: - with import <stockholm/lib>; +{ config, pkgs, ... }: { -{ krebs.build.host = config.krebs.hosts.nomic; imports = [ @@ -50,11 +48,6 @@ with import <stockholm/lib>; fsType = "btrfs"; }; - swapDevices = [ ]; - - # TODO base - boot.tmpOnTmpfs = true; - environment.systemPackages = with pkgs; [ (writeDashBin "play" '' set -euf diff --git a/tv/1systems/test/source.nix b/tv/1systems/test/source.nix deleted file mode 100644 index f756b858..00000000 --- a/tv/1systems/test/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/tv/source.nix> { - name = "test"; -} diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index 1e28cc78..79b5aa26 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -1,8 +1,6 @@ -{ config, lib, pkgs, ... }: - with import <stockholm/lib>; +{ config, pkgs, ... }: { -{ krebs.build.host = config.krebs.hosts.wu; imports = [ @@ -17,91 +15,6 @@ with import <stockholm/lib>; <stockholm/tv/2configs/pulse.nix> <stockholm/tv/2configs/retiolum.nix> <stockholm/tv/2configs/xserver> - { - environment.systemPackages = with pkgs; [ - # root - cryptsetup - - # tv - bc - bind # dig - cac-api - dic - file - get - gnupg1compat - haskellPackages.hledger - jq - mkpasswd - netcat - nix-repl - nmap - p7zip - push - qrencode - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #neovim - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } ]; boot.initrd.luks = { @@ -130,11 +43,6 @@ with import <stockholm/lib>; "/boot" = { device = "/dev/sda1"; }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; }; krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name; @@ -143,24 +51,8 @@ with import <stockholm/lib>; hardware.enableRedistributableFirmware= true; hardware.opengl.driSupport32Bit = true; - environment.systemPackages = with pkgs; [ - ethtool - tinc_pre - iptables - #jack2 - ]; - - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - }; - services.printing.enable = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" @@ -169,6 +61,4 @@ with import <stockholm/lib>; KERNEL=="rtc0", GROUP="audio" KERNEL=="hpet", GROUP="audio" ''; - - virtualisation.virtualbox.host.enable = true; } diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 2bffdddb..0abd544c 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -1,8 +1,6 @@ -{ config, lib, pkgs, ... }: - with import <stockholm/lib>; +{ config, pkgs, ... }: { -{ krebs.build.host = config.krebs.hosts.xu; imports = [ @@ -13,6 +11,7 @@ with import <stockholm/lib>; <stockholm/tv/2configs/gitrepos.nix> <stockholm/tv/2configs/mail-client.nix> <stockholm/tv/2configs/man.nix> + <stockholm/tv/2configs/nginx/krebs-pages.nix> <stockholm/tv/2configs/nginx/public_html.nix> <stockholm/tv/2configs/pulse.nix> <stockholm/tv/2configs/retiolum.nix> @@ -136,11 +135,6 @@ with import <stockholm/lib>; "/boot" = { device = "/dev/sda1"; }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; }; environment.systemPackages = with pkgs; [ @@ -152,23 +146,14 @@ with import <stockholm/lib>; gptfdisk ]; - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - }; - services.printing.enable = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - #services.bitlbee.enable = true; #services.tor.client.enable = true; #services.tor.enable = true; - #services.virtualboxHost.enable = true; - # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; + + virtualisation.virtualbox.host.enable = true; } diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix index d2aab8c5..414d2f22 100644 --- a/tv/1systems/zu/config.nix +++ b/tv/1systems/zu/config.nix @@ -1,17 +1,9 @@ -{ config, lib, pkgs, ... }: - with import <stockholm/lib>; +{ config, pkgs, ... }: { -{ krebs.build.host = config.krebs.hosts.zu; imports = [ - { - options.tv.test.sercret-file = mkOption { - type = types.secret-file; - default = {}; - }; - } <stockholm/tv> <stockholm/tv/2configs/hw/x220.nix> <stockholm/tv/2configs/exim-retiolum.nix> @@ -22,93 +14,6 @@ with import <stockholm/lib>; <stockholm/tv/2configs/pulse.nix> <stockholm/tv/2configs/retiolum.nix> <stockholm/tv/2configs/xserver> - { - environment.systemPackages = with pkgs; [ - - # root - cryptsetup - - # tv - bc - bind # dig - cac-api - dic - file - gnupg1compat - haskellPackages.hledger - jq - mkpasswd - netcat - nix-repl - nmap - p7zip - pass - q - qrencode - # XXX fails at systemd.services.dbus.unitConfig - #texlive - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } ]; boot.initrd.luks = { @@ -124,6 +29,11 @@ with import <stockholm/lib>; fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; + "/bku" = { + device = "/dev/mapper/zuvga-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; "/home" = { device = "/dev/mapper/zuvga-home"; fsType = "btrfs"; @@ -132,38 +42,13 @@ with import <stockholm/lib>; "/boot" = { device = "/dev/sda1"; }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - environment.systemPackages = with pkgs; [ - ethtool - tinc_pre - iptables - #jack2 - - gptfdisk - ]; - - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron }; services.printing.enable = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - #services.bitlbee.enable = true; #services.tor.client.enable = true; #services.tor.enable = true; - #services.virtualboxHost.enable = true; - # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index b5931109..730b055a 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -1,9 +1,8 @@ with import <stockholm/lib>; -{ config, lib, pkgs, ... }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "tv"; -in { +{ config, pkgs, ... }: { + + boot.tmpOnTmpfs = true; + krebs.enable = true; krebs.build.user = config.krebs.users.tv; @@ -22,16 +21,6 @@ in { ./vim.nix ./xdg.nix { - # stockholm dependencies - environment.systemPackages = with pkgs; [ - git - gnumake - hashPassword - populate - whatsupnix - ]; - } - { users = { defaultUserShell = "/run/current-system/sw/bin/bash"; mutableUsers = false; @@ -47,7 +36,7 @@ in { { security.hideProcessInformation = true; security.sudo.extraConfig = '' - Defaults env_keep+="SSH_CLIENT" + Defaults env_keep+="SSH_CLIENT XMONAD_SPAWN_WORKSPACE" Defaults mailto="${config.krebs.users.tv.mail}" Defaults !lecture ''; @@ -142,6 +131,8 @@ in { { environment.systemPackages = [ pkgs.get + pkgs.git + pkgs.hashPassword pkgs.htop pkgs.kpaste pkgs.krebspaste diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix index a686d281..cc7a3989 100644 --- a/tv/2configs/nginx/public_html.nix +++ b/tv/2configs/nginx/public_html.nix @@ -9,6 +9,7 @@ with import <stockholm/lib>; serverAliases = [ "localhost" "${config.krebs.build.host.name}" + "${config.krebs.build.host.name}.gg23" "${config.krebs.build.host.name}.r" ]; locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix index a914dad4..9940b102 100644 --- a/tv/2configs/retiolum.nix +++ b/tv/2configs/retiolum.nix @@ -10,6 +10,9 @@ with import <stockholm/lib>; "ni" "prism" ]; + extraConfig = '' + LocalDiscovery = yes + ''; tincPackage = pkgs.tinc_pre; }; tv.iptables.input-internet-accept-tcp = singleton "tinc"; diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index f0b1cf52..ca471864 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -70,6 +70,8 @@ let { hi diffSubname ctermfg=207 hi diffAdded ctermfg=010 hi diffRemoved ctermfg=009 + + hi Search cterm=NONE ctermbg=216 ''; }))) ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let @@ -227,7 +229,7 @@ let { lua = {}; sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; sh.extraStart = concatStringsSep ''\|'' [ - ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'' + ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'' ''[a-z]*Phase[ \t\r\n]*='' ]; yaml = {}; diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 397ee8e8..83dc212a 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -6,5 +6,6 @@ _: ./ejabberd ./hosts.nix ./iptables.nix + ./x0vncserver.nix ]; } diff --git a/tv/3modules/x0vncserver.nix b/tv/3modules/x0vncserver.nix new file mode 100644 index 00000000..44fed590 --- /dev/null +++ b/tv/3modules/x0vncserver.nix @@ -0,0 +1,52 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: let + + cfg = config.tv.x0vncserver; + +in { + options.tv.x0vncserver = { + display = mkOption { + default = ":${toString config.services.xserver.display}"; + type = types.str; + }; + enable = mkEnableOption "tv.x0vncserver"; + pwfile = mkOption { + default = { + owner = cfg.user; + path = "${cfg.user.home}/.vncpasswd"; + source-path = toString <secrets> + "/vncpasswd"; + }; + description = '' + Use vncpasswd to edit pwfile. + See: nix-shell -p tigervnc --run 'man vncpasswd' + ''; + type = types.secret-file; + }; + rfbport = mkOption { + default = 5900; + type = types.int; + }; + user = mkOption { + default = config.krebs.build.user; + type = types.user; + }; + }; + config = mkIf cfg.enable { + krebs.secret.files = { + x0vncserver-pwfile = cfg.pwfile; + }; + systemd.services.x0vncserver = { + after = [ "graphical.target" "secret.service" ]; + requires = [ "graphical.target" "secret.service" ]; + serviceConfig = { + ExecStart = "${pkgs.tigervnc}/bin/x0vncserver ${toString [ + "-display ${cfg.display}" + "-passwordfile ${cfg.pwfile.path}" + "-rfbport ${toString cfg.rfbport}" + ]}"; + User = cfg.user.name; + }; + }; + tv.iptables.input-retiolum-accept-tcp = singleton (toString cfg.rfbport); + }; +} diff --git a/tv/5pkgs/simple/djbdns/default.nix b/tv/5pkgs/simple/djbdns/default.nix deleted file mode 100644 index ad5a530b..00000000 --- a/tv/5pkgs/simple/djbdns/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ coreutils, gawk, fetchurl, stdenv, ... }: - -with stdenv.lib; - -stdenv.mkDerivation rec { - name = "djbdns-1.05"; - src = fetchurl { - url = "http://cr.yp.to/djbdns/djbdns-1.05.tar.gz"; - sha256 = "0j3baf92vkczr5fxww7rp1b7gmczxmmgrqc8w2dy7kgk09m85k9w"; - }; - configurePhase = '' - echo $out > conf-home - echo gcc -O2 -include errno.h > conf-cc - ''; - patchPhase = '' - sed -i 's:c("/","etc","dnsroots.global",-1,-1,0644);:// &:' hier.c - sed -i '1s@^@PATH=${makeBinPath [ coreutils gawk ]}\n@' dnstracesort.sh - ''; - installTargets = "setup check"; -} |