summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/2configs/buildbot-all.nix1
-rw-r--r--krebs/2configs/hw/x220.nix2
-rw-r--r--krebs/3modules/ci.nix48
-rw-r--r--krebs/3modules/iptables.nix9
-rw-r--r--krebs/3modules/nin/default.nix45
-rw-r--r--krebs/5pkgs/simple/bitlbee-discord/default.nix29
-rw-r--r--krebs/5pkgs/writers.nix46
-rw-r--r--krebs/6tests/default.nix6
-rw-r--r--krebs/6tests/deploy.nix18
-rw-r--r--krebs/source.nix2
-rw-r--r--lass/1systems/helios/config.nix2
-rw-r--r--lass/1systems/mors/config.nix1
-rw-r--r--lass/1systems/prism/config.nix3
-rw-r--r--lass/2configs/IM.nix57
-rw-r--r--lass/2configs/ableton.nix20
-rw-r--r--lass/2configs/baseX.nix2
-rw-r--r--lass/2configs/bitlbee.nix12
-rw-r--r--lass/2configs/default.nix4
-rw-r--r--lass/2configs/exim-smarthost.nix5
-rw-r--r--lass/2configs/reaktor-coders.nix4
-rw-r--r--lass/2configs/vim.nix1
-rw-r--r--lass/2configs/weechat.nix47
-rw-r--r--lass/3modules/news.nix2
-rw-r--r--lass/5pkgs/xmonad-lass.nix10
-rw-r--r--lass/source.nix2
-rw-r--r--nin/1systems/axon/config.nix117
-rw-r--r--nin/1systems/axon/source.nix4
-rw-r--r--nin/2configs/default.nix2
-rw-r--r--nin/2configs/git.nix2
29 files changed, 392 insertions, 111 deletions
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index 8a647012f..ca994e996 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -9,5 +9,6 @@ with import <stockholm/lib>;
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
+ krebs.ci.tests = [ "deploy" ];
}
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index 44743b87d..90a1a111f 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -23,7 +23,7 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau
];
- security.rngd.enable = true;
+ security.rngd.enable = mkDefault true;
services.xserver = {
videoDriver = "intel";
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index b56f5c543..bb19f0602 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -24,6 +24,13 @@ in
List of hosts that should be build
'';
};
+ tests = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ description = ''
+ List of tests that should be build
+ '';
+ };
};
config = mkIf cfg.enable {
@@ -56,14 +63,14 @@ in
'';
scheduler = {
build-scheduler = ''
- # build all hosts
sched.append(
schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=${toString cfg.treeStableTimer}*60,
name="build-all-branches",
builderNames=[
- "build-hosts"
+ ${optionalString (cfg.hosts != []) ''"hosts",''}
+ ${optionalString (cfg.tests != []) ''"tests",''}
]
)
)
@@ -73,7 +80,8 @@ in
schedulers.ForceScheduler(
name="force",
builderNames=[
- "build-hosts"
+ ${optionalString (cfg.hosts != []) ''"hosts",''}
+ ${optionalString (cfg.tests != []) ''"tests",''}
]
)
)
@@ -91,7 +99,7 @@ in
factory.addStep(steps.ShellCommand(**kwargs))
'';
builder = {
- build-hosts = ''
+ hosts = mkIf (cfg.hosts != []) ''
f = util.BuildFactory()
f.addStep(grab_repo)
@@ -120,12 +128,42 @@ in
bu.append(
util.BuilderConfig(
- name="build-hosts",
+ name="hosts",
slavenames=slavenames,
factory=f
)
)
+ '';
+ tests = mkIf (cfg.tests != []) ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+ def run_test(test):
+ addShell(f,
+ name="{}".format(test),
+ env={
+ "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ },
+ command=[
+ "nix-build", "-I", "stockholm=.", "krebs/6tests",
+ "-A", "{}".format(test)
+ ],
+ timeout=90001
+ )
+
+ ${concatMapStringsSep "\n" (test:
+ "run_test(\"${test}\")"
+ ) cfg.tests}
+
+ bu.append(
+ util.BuilderConfig(
+ name="tests",
+ slavenames=slavenames,
+ factory=f
+ )
+ )
'';
};
enable = true;
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index d64ed86de..6298a05a5 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -61,6 +61,15 @@ let
};
};
})));
+ default = {
+ filter.INPUT.policy = "ACCEPT";
+ filter.FORWARD.policy = "ACCEPT";
+ filter.OUTPUT.policy = "ACCEPT";
+ nat.PREROUTING.policy = "ACCEPT";
+ nat.INPUT.policy = "ACCEPT";
+ nat.OUTPUT.policy = "ACCEPT";
+ nat.POSTROUTING.policy = "ACCEPT";
+ };
};
};
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
index aab568352..1a0999b8d 100644
--- a/krebs/3modules/nin/default.nix
+++ b/krebs/3modules/nin/default.nix
@@ -32,6 +32,47 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
};
+ axon= {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.134.66";
+ ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
+ aliases = [
+ "axon.retiolum"
+ "axon.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
+ glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
+ KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
+ L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
+ VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
+ PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
+ X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
+ m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
+ OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
+ LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
+ /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
+ MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
+ 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
+ ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
+ 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
+ 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
+ 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
+ FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
+ buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
+ hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
+ yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
+ ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
+ };
onondaga = {
cores = 1;
nets = {
@@ -63,6 +104,10 @@ with import <stockholm/lib>;
};
users = {
nin = {
+ mail = "nin@axon.retiolum";
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
+ };
+ nin_h = {
mail = "nin@hiawatha.retiolum";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
};
diff --git a/krebs/5pkgs/simple/bitlbee-discord/default.nix b/krebs/5pkgs/simple/bitlbee-discord/default.nix
new file mode 100644
index 000000000..c01b87d6b
--- /dev/null
+++ b/krebs/5pkgs/simple/bitlbee-discord/default.nix
@@ -0,0 +1,29 @@
+{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoreconfHook, pkgconfig, glib }:
+
+with stdenv.lib;
+stdenv.mkDerivation rec {
+ name = "bitlbee-discord-2017-12-27";
+
+ src = fetchFromGitHub {
+ rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182";
+ owner = "sm00th";
+ repo = "bitlbee-discord";
+ sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95";
+ };
+
+ nativeBuildInputs = [ autoreconfHook pkgconfig ];
+ buildInputs = [ bitlbee glib ];
+
+ preConfigure = ''
+ export BITLBEE_PLUGINDIR=$out/lib/bitlbee
+ ./autogen.sh
+ '';
+
+ meta = {
+ description = "Bitlbee plugin for Discord";
+
+ homepage = https://github.com/sm00th/bitlbee-discord;
+ license = licenses.gpl2Plus;
+ platforms = stdenv.lib.platforms.linux;
+ };
+}
diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix
index 6e67ed699..a48fc0f87 100644
--- a/krebs/5pkgs/writers.nix
+++ b/krebs/5pkgs/writers.nix
@@ -283,27 +283,33 @@ with import <stockholm/lib>;
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
'');
- writePython2 = name: text:
- assert (with types; either absolute-pathname filename).check name;
- pkgs.writeOut (baseNameOf name) {
- ${optionalString (types.absolute-pathname.check name) name} = {
- check = pkgs.writeDash "python2check.sh" ''
- exec ${pkgs.python2}/bin/python -m py_compile "$1"
- '';
- inherit text;
- };
- };
+ writePython2 = deps:
+ let
+ py = pkgs.python2.withPackages(ps: attrVals deps ps);
+ in
+ pkgs.makeScriptWriter {
+ interpreter = "${py}/bin/python";
+ check = pkgs.writeDash "python2check.sh" ''
+ exec ${pkgs.python2Packages.flake8}/bin/flake8 --show-source "$1"
+ '';
+ };
- writePython3 = name: text:
- assert (with types; either absolute-pathname filename).check name;
- pkgs.writeOut (baseNameOf name) {
- ${optionalString (types.absolute-pathname.check name) name} = {
- check = pkgs.writeDash "python3check.sh" ''
- exec ${pkgs.python3}/bin/python -m py_compile "$textPath"
- '';
- inherit text;
- };
- };
+ writePython2Bin = d: name:
+ pkgs.writePython2 d "/bin/${name}";
+
+ writePython3 = deps:
+ let
+ py = pkgs.python3.withPackages(ps: attrVals deps ps);
+ in
+ pkgs.makeScriptWriter {
+ interpreter = "${py}/bin/python";
+ check = pkgs.writeDash "python3check.sh" ''
+ exec ${pkgs.python3Packages.flake8}/bin/flake8 --show-source "$1"
+ '';
+ };
+
+ writePython3Bin = d: name:
+ pkgs.writePython3 d "/bin/${name}";
writeSed = pkgs.makeScriptWriter {
interpreter = "${pkgs.gnused}/bin/sed -f";
diff --git a/krebs/6tests/default.nix b/krebs/6tests/default.nix
new file mode 100644
index 000000000..c0ca00296
--- /dev/null
+++ b/krebs/6tests/default.nix
@@ -0,0 +1,6 @@
+with import <stockholm/lib>;
+{ ... }:
+
+{
+ deploy = import ./deploy.nix;
+}
diff --git a/krebs/6tests/deploy.nix b/krebs/6tests/deploy.nix
index 842bbc22a..156e9239f 100644
--- a/krebs/6tests/deploy.nix
+++ b/krebs/6tests/deploy.nix
@@ -1,7 +1,8 @@
with import <stockholm/lib>;
-import <nixpkgs/nixos/tests/make-test.nix> ({ pkgs, ... }:
+import <nixpkgs/nixos/tests/make-test.nix> ({ ... }:
let
+ pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; };
test-config = <stockholm/krebs/6tests/data/test-config.nix>;
privKey = ''
-----BEGIN OPENSSH PRIVATE KEY-----
@@ -41,15 +42,12 @@ let
cd ${<stockholm>}
export NIX_PATH=stockholm=${<stockholm>}:nixpkgs=${<nixpkgs>}:$NIX_PATH
exec >&2
- : ${minimalSystem}
source=${pkgs.writeJSON "source.json" populate-source}
- cat > /tmp/derp <<EOF
- builtins.fromJSON (builtins.readFile "$source")
- EOF
LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source"
+ # TODO: make deploy work
#LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \
# --force-populate \
- # --source=/tmp/derp \
+ # --source=${./data/test-source.nix} \
# --system=server \
'';
minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
@@ -70,22 +68,20 @@ in {
imports = [ test-config ];
environment.variables = {
NIX_PATH = mkForce "nixpkgs=${<nixpkgs>}";
- #LOL = minimalSystem;
};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [
pubKey
];
- #virtualisation.writableStore = true;
virtualisation.pathsInNixDB = [
minimalSystem
- pkgs.stockholm
];
+ environment.systemPackages = [ pkgs.git ];
};
client =
- { config, pkgs, ... }: { };
-
+ { config, pkgs, ... }:
+ { };
};
testScript = ''
diff --git a/krebs/source.nix b/krebs/source.nix
index 8fbdce284..b952aa2a2 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -17,6 +17,6 @@ in
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13
+ ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04
};
}
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index 8bd9735a9..fc30a3478 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -120,8 +120,6 @@ with import <stockholm/lib>;
];
};
- programs.ssh.startAgent = lib.mkForce true;
-
services.tlp.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index ad133802f..8c7c39a6f 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -30,6 +30,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/otp-ssh.nix>
<stockholm/lass/2configs/c-base.nix>
<stockholm/lass/2configs/br.nix>
+ <stockholm/lass/2configs/ableton.nix>
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 1cca76331..593a1fc9c 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -234,8 +234,7 @@ in {
}
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/ts3.nix>
- <stockholm/lass/2configs/bitlbee.nix>
- <stockholm/lass/2configs/weechat.nix>
+ <stockholm/lass/2configs/IM.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/radio.nix>
<stockholm/lass/2configs/repo-sync.nix>
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
new file mode 100644
index 000000000..b94cb0634
--- /dev/null
+++ b/lass/2configs/IM.nix
@@ -0,0 +1,57 @@
+with (import <stockholm/lib>);
+{ config, lib, pkgs, ... }:
+
+let
+ tmux = pkgs.writeDash "tmux" ''
+ exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
+ set-option -g prefix `
+ unbind-key C-b
+ bind ` send-prefix
+
+ set-option -g status off
+ set-option -g default-terminal screen-256color
+
+ #use session instead of windows
+ bind-key c new-session
+ bind-key p switch-client -p
+ bind-key n switch-client -n
+ bind-key C-s switch-client -l
+ ''} "$@"
+ '';
+in {
+
+ users.extraUsers.chat = {
+ home = "/home/chat";
+ uid = genid "chat";
+ useDefaultShell = true;
+ createHome = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ lass.pubkey
+ lass-shodan.pubkey
+ lass-icarus.pubkey
+ lass-android.pubkey
+ ];
+ };
+
+ # mosh
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
+ { predicate = "-p tcp --dport 9999"; target = "ACCEPT";}
+ ];
+
+ systemd.services.chat = {
+ description = "chat environment setup";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ restartIfChanged = false;
+
+ serviceConfig = {
+ User = "chat";
+ RemainAfterExit = true;
+ Type = "oneshot";
+ ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
+ ExecStop = "${tmux} kill-session -t IM";
+ };
+ };
+}
diff --git a/lass/2configs/ableton.nix b/lass/2configs/ableton.nix
new file mode 100644
index 000000000..9d6f481b0
--- /dev/null
+++ b/lass/2configs/ableton.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, ... }: let
+ mainUser = config.users.extraUsers.mainUser;
+in {
+ users.users= {
+ ableton = {
+ isNormalUser = true;
+ extraGroups = [
+ "audio"
+ "video"
+ ];
+ packages = [
+ pkgs.wine
+ pkgs.winetricks
+ ];
+ };
+ };
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(ableton) NOPASSWD: ALL
+ '';
+}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 6f5533b0d..59ea0ecb7 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -53,7 +53,7 @@ in {
time.timeZone = "Europe/Berlin";
- programs.ssh.startAgent = false;
+ programs.ssh.startAgent = true;
services.openssh.forwardX11 = true;
services.printing = {
diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
deleted file mode 100644
index b23628dc5..000000000
--- a/lass/2configs/bitlbee.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- services.bitlbee = {
- enable = true;
- portNumber = 6666;
- plugins = [
- pkgs.bitlbee-facebook
- pkgs.bitlbee-steam
- ];
- };
-}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 0e00dc2fd..c68aee330 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -1,5 +1,5 @@
-{ config, pkgs, ... }:
with import <stockholm/lib>;
+{ config, pkgs, ... }:
{
imports = [
../2configs/binary-cache/client.nix
@@ -78,7 +78,7 @@ with import <stockholm/lib>;
users.mutableUsers = false;
- services.timesyncd.enable = true;
+ services.timesyncd.enable = mkForce true;
#why is this on in the first place?
services.nscd.enable = false;
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 2d848773f..94191fcb7 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -49,6 +49,11 @@ with import <stockholm/lib>;
{ from = "aliexpress@lassul.us"; to = lass.mail; }
{ from = "business@lassul.us"; to = lass.mail; }
{ from = "payeer@lassul.us"; to = lass.mail; }
+ { from = "github@lassul.us"; to = lass.mail; }
+ { from = "bitwala@lassul.us"; to = lass.mail; }
+ { from = "bitstamp@lassul.us"; to = lass.mail; }
+ { from = "bitcoin.de@lassul.us"; to = lass.mail; }
+ { from = "ableton@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 61cc7cfe0..2541df3a6 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -21,6 +21,7 @@ with import <stockholm/lib>;
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \'';
in [
+ sed-plugin
url-title
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
@@ -64,8 +65,7 @@ with import <stockholm/lib>;
})
(buildSimpleReaktorPlugin "random-unicorn-porn" {
pattern = "^!rup$$";
- script = pkgs.writePython2 "rup" ''
- #!${pkgs.python2}/bin/python
+ script = pkgs.writePython2 [] "rup" ''
t1 = """
_.
;=',_ ()
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index f6c736fbc..5fe9e1450 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -103,7 +103,6 @@ let
cnoreabbrev Ack Ack!
" copy/paste from/to xclipboard
- noremap x "_x
set clipboard=unnamedplus
'';
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
deleted file mode 100644
index d5496ac09..000000000
--- a/lass/2configs/weechat.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- inherit (import <stockholm/lib>) genid;
-in {
- krebs.per-user.chat.packages = with pkgs; [
- mosh
- weechat
- ];
-
- users.extraUsers.chat = {
- home = "/home/chat";
- uid = genid "chat";
- useDefaultShell = true;
- createHome = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- lass.pubkey
- lass-shodan.pubkey
- lass-icarus.pubkey
- lass-android.pubkey
- ];
- };
-
- # mosh
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
- ];
-
- #systemd.services.chat = {
- # description = "chat environment setup";
- # after = [ "network.target" ];
- # wantedBy = [ "multi-user.target" ];
-
- # path = with pkgs; [
- # weechat
- # tmux
- # ];
-
- # restartIfChanged = true;
-
- # serviceConfig = {
- # User = "chat";
- # Restart = "always";
- # ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat";
- # };
- #};
-}
diff --git a/lass/3modules/news.nix b/lass/3modules/news.nix
index 06b80df8d..b6061736c 100644
--- a/lass/3modules/news.nix
+++ b/lass/3modules/news.nix
@@ -38,7 +38,7 @@ let
};
ircServer = mkOption {
type = types.str;
- default = "echelon.r";
+ default = "localhost";
description = "to which server the bot should connect";
};
};
diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index d3f76903d..2dd352bd4 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -66,7 +66,7 @@ main' = do
{ terminal = myTerm
, modMask = mod4Mask
, layoutHook = smartBorders $ myLayoutHook
- , manageHook = placeHook (smart (1,0)) <+> floatNextHook
+ , manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks
, startupHook =
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
(\path -> forkFile path [] Nothing)
@@ -80,6 +80,14 @@ myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
+floatHooks = composeAll . concat $
+ [ [ title =? t --> doFloat | t <- myTitleFloats]
+ , [ className =? c --> doFloat | c <- myClassFloats ] ]
+ where
+ myTitleFloats = [] -- for the KDE "open link" popup from konsole
+ myClassFloats = ["Pinentry"] -- for gpg passphrase entry
+
+
myKeyMap :: [([Char], X ())]
myKeyMap =
[ ("M4-<F11>", spawn "${config.lass.screenlock.command}")
diff --git a/lass/source.nix b/lass/source.nix
index 473dd2cf2..a6314694c 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "3aec59c";
+ ref = "0b30c1d";
};
secrets = getAttr builder {
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix
new file mode 100644
index 000000000..c5f38c1f3
--- /dev/null
+++ b/nin/1systems/axon/config.nix
@@ -0,0 +1,117 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ imports = [
+ <stockholm/nin>
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ #../2configs/copyq.nix
+ <stockholm/nin/2configs/games.nix>
+ <stockholm/nin/2configs/git.nix>
+ <stockholm/nin/2configs/retiolum.nix>
+ <stockholm/nin/2configs/termite.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.axon;
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/pool/root";
+ fsType = "ext4";
+ };
+
+ fileSystems."/tmp" =
+ { device = "tmpfs";
+ fsType = "tmpfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/sda1";
+ fsType = "ext2";
+ };
+
+ boot.initrd.luks.devices.crypted.device = "/dev/sda2";
+ boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+
+ swapDevices = [ ];