summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/nin/default.nix111
-rw-r--r--nin/0tests/dummysecrets/hashedPasswords.nix1
-rw-r--r--nin/0tests/dummysecrets/ssh.id_ed255190
-rw-r--r--nin/1systems/axon/config.nix132
-rw-r--r--nin/1systems/hiawatha/config.nix126
-rw-r--r--nin/1systems/onondaga/config.nix23
-rw-r--r--nin/2configs/ableton.nix20
-rw-r--r--nin/2configs/copyq.nix38
-rw-r--r--nin/2configs/default.nix173
-rw-r--r--nin/2configs/games.nix70
-rw-r--r--nin/2configs/git.nix60
-rw-r--r--nin/2configs/im.nix19
-rw-r--r--nin/2configs/retiolum.nix28
-rw-r--r--nin/2configs/skype.nix27
-rw-r--r--nin/2configs/termite.nix22
-rw-r--r--nin/2configs/vim.nix355
-rw-r--r--nin/2configs/weechat.nix21
-rw-r--r--nin/default.nix7
-rw-r--r--nin/krops.nix35
20 files changed, 0 insertions, 1269 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index aa06a883d..f3180722d 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -102,7 +102,6 @@ let
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
- { krebs = import ./nin { inherit config; }; }
{ krebs = import ./external/palo.nix { inherit config; }; }
{ krebs = import ./external/mic92.nix { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
deleted file mode 100644
index 1531a2c89..000000000
--- a/krebs/3modules/nin/default.nix
+++ /dev/null
@@ -1,111 +0,0 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-
-{
- hosts = mapAttrs (_: recursiveUpdate {
- owner = config.krebs.users.nin;
- ci = true;
- }) {
- hiawatha = {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.132.96";
- ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
- aliases = [
- "hiawatha.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
- Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
- iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
- UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
- lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
- yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
- };
- axon= {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.134.66";
- ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
- aliases = [
- "axon.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
- glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
- KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
- L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
- VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
- PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
- X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
- m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
- OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
- LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
- /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
- MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
- 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
- ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
- 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
- 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
- 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
- FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
- buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
- hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
- yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
- ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
- };
- onondaga = {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.132.55";
- ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
- aliases = [
- "onondaga.r"
- "cgit.onondaga.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
- OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
- htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
- xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
- kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
- hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
- };
-
- };
- users = {
- nin = {
- mail = "nin@axon.r";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
- };
- nin_h = {
- mail = "nin@hiawatha.r";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
- };
- };
-}
diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix
deleted file mode 100644
index 0967ef424..000000000
--- a/nin/0tests/dummysecrets/hashedPasswords.nix
+++ /dev/null
@@ -1 +0,0 @@
-{}
diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519
deleted file mode 100644
index e69de29bb..000000000
--- a/nin/0tests/dummysecrets/ssh.id_ed25519
+++ /dev/null
diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix
deleted file mode 100644
index 5e81afdbd..000000000
--- a/nin/1systems/axon/config.nix
+++ /dev/null
@@ -1,132 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- imports = [
- <stockholm/nin>
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- #../2configs/copyq.nix
- <stockholm/nin/2configs/ableton.nix>
- <stockholm/nin/2configs/games.nix>
- <stockholm/nin/2configs/git.nix>
- <stockholm/nin/2configs/retiolum.nix>
- <stockholm/nin/2configs/termite.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.axon;
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/pool/root";
- fsType = "ext4";
- };
-
- fileSystems."/tmp" =
- { device = "tmpfs";
- fsType = "tmpfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/sda1";
- fsType = "ext2";
- };
-
- boot.initrd.luks.devices.crypted.device = "/dev/sda2";
- boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda";
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
-
- # nin config
- time.timeZone = "Europe/Berlin";
- services.xserver = {
- enable = true;
-
- displayManager.lightdm.enable = true;
- };
-
- networking.networkmanager.enable = true;
- #networking.wireless.enable = true;
-
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
-
- hardware.bluetooth.enable = true;
-
- hardware.opengl.driSupport32Bit = true;
-
- #nixpkgs.config.steam.java = true;
-
- environment.systemPackages = with pkgs; [
- atom
- chromium
- firefox
- git
- htop
- keepassx
- lmms
- networkmanagerapplet
- openvpn
- python
- ruby
- steam
- taskwarrior
- thunderbird
- vim
- virtmanager
- ];
-
- nixpkgs.config = {
-
- allowUnfree = true;
-
- };
-
- #services.logind.extraConfig = "HandleLidSwitch=ignore";
-
- services.xserver.synaptics = {
- enable = true;
- };
-
- services.xserver.displayManager.sessionCommands = ''
- ${pkgs.xorg.xhost}/bin/xhost + local:
- '';
-
- services.xserver.desktopManager.xfce = let
- xbindConfig = pkgs.writeText "xbindkeysrc" ''
- "${pkgs.pass}/bin/passmenu --type"
- Control + p
- '';
- in {
- enable = true;
- extraSessionCommands = ''
- ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
- '';
- };
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "17.03";
-
-}
diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix
deleted file mode 100644
index a09eed958..000000000
--- a/nin/1systems/hiawatha/config.nix
+++ /dev/null
@@ -1,126 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- imports = [
- <stockholm/nin>
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- #../2configs/copyq.nix
- <stockholm/nin/2configs/games.nix>
- <stockholm/nin/2configs/git.nix>
- <stockholm/nin/2configs/retiolum.nix>
- <stockholm/nin/2configs/termite.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.hiawatha;
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e";
- fsType = "ext4";
- };
-
- fileSystems."/tmp" =
- { device = "tmpfs";
- fsType = "tmpfs";
- };
-
- fileSystems."/home" =
- { device = "/dev/fam/home";
- };
-
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010";
- fsType = "ext2";
- };
-
- boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
- boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda";
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
-
- fileSystems."/home/nin/.local/share/Steam" = {
- device = "/dev/fam/steam";
- };
-
- # nin config
- time.timeZone = "Europe/Berlin";
- services.xserver.enable = true;
-
- networking.networkmanager.enable = true;
- #networking.wireless.enable = true;
-
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
-
- hardware.bluetooth.enable = true;
-
- hardware.opengl.driSupport32Bit = true;
-
- #nixpkgs.config.steam.java = true;
-
- environment.systemPackages = with pkgs; [
- firefox
- git
- lmms
- networkmanagerapplet
- python
- steam
- thunderbird
- vim
- virtmanager
- ];
-
- nixpkgs.config = {
-
- allowUnfree = true;
-
- };
-
- #services.logind.extraConfig = "HandleLidSwitch=ignore";
-
- services.xserver.synaptics = {
- enable = true;
- };
-
-
- services.xserver.desktopManager.xfce = let
- xbindConfig = pkgs.writeText "xbindkeysrc" ''
- "${pkgs.pass}/bin/passmenu --type"
- Control + p
- '';
- in {
- enable = true;
- extraSessionCommands = ''
- ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
- '';
- };
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "17.03";
-
-}
diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix
deleted file mode 100644
index 3cd0773ae..000000000
--- a/nin/1systems/onondaga/config.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/nin>
- <stockholm/nin/2configs/retiolum.nix>
- <stockholm/nin/2configs/weechat.nix>
- <stockholm/nin/2configs/git.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.onondaga;
-
- boot.isContainer = true;
- networking.useDHCP = false;
-
- time.timeZone = "Europe/Amsterdam";
-
- services.openssh.enable = true;
-}
diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix
deleted file mode 100644
index 343a9089d..000000000
--- a/nin/2configs/ableton.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, pkgs, ... }: let
- mainUser = config.users.extraUsers.nin;
-in {
- users.users= {
- ableton = {
- isNormalUser = true;
- extraGroups = [
- "audio"
- "video"
- ];
- packages = [
- pkgs.wine
- pkgs.winetricks
- ];
- };
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(ableton) NOPASSWD: ALL
- '';
-}
diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix
deleted file mode 100644
index 0616c4025..000000000
--- a/nin/2configs/copyq.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-let
- copyqConfig = pkgs.writeDash "copyq-config" ''
- ${pkgs.copyq}/bin/copyq config check_clipboard true
- ${pkgs.copyq}/bin/copyq config check_selection true
- ${pkgs.copyq}/bin/copyq config copy_clipboard true
- ${pkgs.copyq}/bin/copyq config copy_selection true
-
- ${pkgs.copyq}/bin/copyq config activate_closes true
- ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
- ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
- ${pkgs.copyq}/bin/copyq config disable_tray true
- ${pkgs.copyq}/bin/copyq config hide_tabs true
- ${pkgs.copyq}/bin/copyq config hide_toolbar true
- ${pkgs.copyq}/bin/copyq config item_popup_interval true
- ${pkgs.copyq}/bin/copyq config maxitems 1000
- ${pkgs.copyq}/bin/copyq config move true
- ${pkgs.copyq}/bin/copyq config text_wrap true
- '';
-in {
- systemd.user.services.copyq = {
- after = [ "graphical.target" ];
- wants = [ "graphical.target" ];
- wantedBy = [ "default.target" ];
- environment = {
- DISPLAY = ":0";
- };
- serviceConfig = {
- SyslogIdentifier = "copyq";
- ExecStart = "${pkgs.copyq}/bin/copyq";
- ExecStartPost = copyqConfig;
- Restart = "always";
- RestartSec = "2s";
- StartLimitBurst = 0;
- };
- };
-}
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix
deleted file mode 100644
index 250383ca8..000000000
--- a/nin/2configs/default.nix
+++ /dev/null
@@ -1,173 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-{
- imports = [
- ../2configs/vim.nix
- <stockholm/krebs/2configs/binary-cache/nixos.nix>
- <stockholm/krebs/2configs/binary-cache/prism.nix>
- {
- users.extraUsers =
- mapAttrs (_: h: { hashedPassword = h; })
- (import <secrets/hashedPasswords.nix>);
- }
- {
- users.users = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- config.krebs.users.nin_h.pubkey
- ];
- };
- nin = {
- name = "nin";
- uid = 1337;
- home = "/home/nin";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "fuse"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- config.krebs.users.nin_h.pubkey
- ];
- };
- };
- }
- {
- environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- }
- (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
- environment.variables = {
- CURL_CA_BUNDLE = ca-bundle;
- GIT_SSL_CAINFO = ca-bundle;
- SSL_CERT_FILE = ca-bundle;
- };
- })
- ];
-
- networking.hostName = config.krebs.build.host.name;
- nix.maxJobs = config.krebs.build.host.cores;
-
- krebs = {
- enable = true;
- dns.search-domain = "r";
- build = {
- user = config.krebs.users.nin;
- };
- };
-
- nix.useSandbox = true;
-
- users.mutableUsers = false;
-
- services.timesyncd.enable = true;
-
- #why is this on in the first place?
- services.nscd.enable = false;
-
- boot.tmpOnTmpfs = true;
- # see tmpfiles.d(5)
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -"
- ];
-
- # multiple-definition-problem when defining environment.variables.EDITOR
- environment.extraInit = ''
- EDITOR=vim
- '';
-
- nixpkgs.config.allowUnfree = true;
-
- environment.shellAliases = {
- gs = "git status";
- };
-
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- gnumake
- jq
- proot
- pavucontrol
- populate
- p7zip
- termite
- unzip
- unrar
- hashPassword
- ];
-
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=65536
- HISTFILESIZE=$HISTSIZE
-
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- complete -d cd
- '';
- promptInit = ''
- if test $UID = 0; then
- PS1='\[\033[1;31m\]$PWD\[\033[0m\] '
- elif test $UID = 1337; then
- PS1='\[\033[1;32m\]$PWD\[\033[0m\] '
- else
- PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] '
- fi
- if test -n "$SSH_CLIENT"; then
- PS1='\[\033[35m\]\h'" $PS1"
- fi
- '';
- };
-
- services.openssh = {
- enable = true;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- krebs.iptables = {
- enable = true;
- tables = {
- nat.PREROUTING.rules = [
- { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
- { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
- ];
- nat.OUTPUT.rules = [
- { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
- ];
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
- { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
- { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
- { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
- { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
- { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
- { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
- ];
- };
- };
-
- networking.dhcpcd.extraConfig = ''
- noipv4ll
- '';
-}
diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix
deleted file mode 100644
index 15e17238d..000000000
--- a/nin/2configs/games.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
- vdoom = pkgs.writeDash "vdoom" ''
- ${pkgs.zandronum}/bin/zandronum \
- -fov 120 \
- "$@"
- '';
- doom = pkgs.writeDash "doom" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} \
- -file $DOOM_DIR/lib/brutalv20.pk3 \
- "$@"
- '';
- doom1 = pkgs.writeDashBin "doom1" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
- '';
- doom2 = pkgs.writeDashBin "doom2" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
- '';
- vdoom1 = pkgs.writeDashBin "vdoom1" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
- '';
- vdoom2 = pkgs.writeDashBin "vdoom2" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
- '';
-
- doomservercfg = pkgs.writeText "doomserver.cfg" ''
- skill 7
- #survival true
- #sv_maxlives 4
- #sv_norespawn true
- #sv_weapondrop true
- no_jump true
- #sv_noweaponspawn true
- sv_sharekeys true
- sv_survivalcountdowntime 1
- sv_noteamselect true
- sv_updatemaster false
- #sv_coop_loseinventory true
- #cl_startasspectator false
- #lms_spectatorview false
- '';
-
- vdoomserver = pkgs.writeDashBin "vdoomserver" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
-
- ${pkgs.zandronum}/bin/zandronum-server \
- +exec ${doomservercfg} \
- "$@"
- '';
-
-in {
- environment.systemPackages = with pkgs; [
- dwarf_fortress
- doom1
- doom2
- vdoom1
- vdoom2
- vdoomserver
- ];
-
- hardware.pulseaudio.support32Bit = true;
-
-}
diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix
deleted file mode 100644
index aed4a9f48..000000000
--- a/nin/2configs/git.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
-
- out = {
- services.nginx.enable = true;
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "public repositories at ${config.krebs.build.host.name}";
- root-desc = "keep calm and engage";
- };
- };
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
- rules = rules;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
-
- repos = public-repos;
-
- rules = concatMap make-rules (attrValues repos);
-
- public-repos = mapAttrs make-public-repo {
- stockholm = {
- cgit.desc = "take all the computers hostage, they'll love you!";
- };
- };
-
- make-public-repo = name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = true;
- };
-
- make-rules =
- with git // config.krebs.users;
- repo:
- singleton {
- user = [ nin nin_h ];
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional repo.public {
- user = attrValues config.krebs.users;
- repo = [ repo ];
- perm = fetch;
- } ++
- optional (length (repo.collaborators or []) > 0) {
- user = repo.collaborators;
- repo = [ repo ];
- perm = fetch;
- };
-
-in out
diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix
deleted file mode 100644
index b078dbd53..000000000
--- a/nin/2configs/im.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-{
- environment.systemPackages = with pkgs; [
- (pkgs.writeDashBin "im" ''
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- ssh chat@onondaga
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
- ];
-}
diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix
deleted file mode 100644
index 821e3cc00..000000000
--- a/nin/2configs/retiolum.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ ... }:
-
-{
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
- { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
- ];
- };
- };
-
- krebs.tinc.retiolum = {
- enable = true;
- connectTo = [
- "prism"
- "pigstarter"
- "gum"
- "flap"
- ];
- };
-
- nixpkgs.config.packageOverrides = pkgs: {
- tinc = pkgs.tinc_pre;
- };
-}
diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix
deleted file mode 100644
index 621dfae82..000000000
--- a/nin/2configs/skype.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.nin;
- inherit (import <stockholm/lib>) genid;
-
-in {
- users.extraUsers = {
- skype = {
- name = "skype";
- uid = genid "skype";
- description = "user for running skype";
- home = "/home/skype";
- useDefaultShell = true;
- extraGroups = [ "audio" "video" ];
- createHome = true;
- };
- };
-
- krebs.per-user.skype.packages = [
- pkgs.skype
- ];
-
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(skype) NOPASSWD: ALL
- '';
-}
diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix
deleted file mode 100644
index 942446b01..000000000
--- a/nin/2configs/termite.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- environment.systemPackages = [
- pkgs.termite
- ];
-
- krebs.per-user.nin.packages = let
- termitecfg = pkgs.writeTextFile {
- name = "termite-config";
- destination = "/etc/xdg/termite/config";
- text = ''
- [colors]
- foreground = #d0d7d0
- background = #000000
- '';
- };
- in [
- termitecfg
- ];
-
-}
diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix
deleted file mode 100644
index 7b5d37611..000000000
--- a/nin/2configs/vim.nix
+++ /dev/null
@@ -1,355 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- out = {
- environment.systemPackages = [
- vim
- pkgs.pythonPackages.flake8
- ];
-
- environment.etc.vimrc.source = vimrc;
-
- environment.variables.EDITOR = mkForce "vim";
- environment.variables.VIMINIT = ":so /etc/vimrc";
- };
-
- vimrc = pkgs.writeText "vimrc" ''
- set nocompatible
-
- set autoindent
- set backspace=indent,eol,start
- set backup
- set backupdir=${dirs.backupdir}/
- set directory=${dirs.swapdir}//
- set hlsearch
- set incsearch
- set laststatus=2
- set mouse=a
- set noruler
- set pastetoggle=<INS>
- set runtimepath=${extra-runtimepath},$VIMRUNTIME
- set shortmess+=I
- set showcmd
- set showmatch
- set ttimeoutlen=0
- set undodir=${dirs.undodir}
- set undofile
- set undolevels=1000000
- set undoreload=1000000
- set viminfo='20,<1000,s100,h,n${files.viminfo}
- set visualbell
- set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
- set wildmenu
- set wildmode=longest,full
-