summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--default.nix38
-rw-r--r--krebs/3modules/lass/default.nix4
-rw-r--r--krebs/3modules/tv/default.nix5
-rw-r--r--krebs/4lib/default.nix11
-rw-r--r--krebs/4lib/git.nix42
-rw-r--r--krebs/5pkgs/git-hooks/default.nix168
-rw-r--r--krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix16
-rw-r--r--krebs/5pkgs/push/default.nix7
-rw-r--r--lass/1systems/mors.nix1
-rw-r--r--lass/1systems/prism.nix5
-rw-r--r--lass/2configs/base.nix8
-rw-r--r--lass/2configs/downloading.nix12
-rw-r--r--lass/2configs/ts3.nix19
-rw-r--r--null/default.nix1
-rw-r--r--tv/1systems/cd.nix29
-rw-r--r--tv/1systems/mkdir.nix15
-rw-r--r--tv/1systems/nomic.nix14
-rw-r--r--tv/1systems/rmdir.nix14
-rw-r--r--tv/1systems/wu.nix144
-rw-r--r--tv/1systems/xu.nix148
-rw-r--r--tv/2configs/default.nix85
-rw-r--r--tv/2configs/git.nix22
-rw-r--r--tv/2configs/vim.nix4
-rw-r--r--tv/2configs/xserver/default.nix7
-rw-r--r--tv/2configs/z.nix40
-rw-r--r--tv/4lib/default.nix11
-rw-r--r--tv/4lib/git.nix202
-rw-r--r--tv/4lib/modules.nix21
-rw-r--r--tv/5pkgs/default.nix10
-rw-r--r--tv/5pkgs/xmonad-tv/Main.hs6
-rw-r--r--tv/5pkgs/xmonad-tv/Util/Font.hs123
-rw-r--r--tv/5pkgs/xmonad-tv/Util/Pager.hs172
-rw-r--r--tv/5pkgs/xmonad-tv/Util/Rhombus.hs369
-rw-r--r--tv/5pkgs/xmonad-tv/Util/Shutdown.hs53
-rw-r--r--tv/5pkgs/xmonad-tv/Util/Submap.hs31
-rw-r--r--tv/5pkgs/xmonad-tv/Util/XUtils.hs47
-rw-r--r--tv/5pkgs/xmonad-tv/xmonad.cabal6
37 files changed, 394 insertions, 1516 deletions
diff --git a/default.nix b/default.nix
index ac748c286..1637aa464 100644
--- a/default.nix
+++ b/default.nix
@@ -13,40 +13,36 @@ let stockholm = {
krebs = import ./krebs (args // { inherit lib stockholm; });
- lib =
- let
- lib = import <nixpkgs/lib>;
- klib = import ./krebs/4lib { inherit lib; };
- #ulib = import (./. + "/${current-user-name}/4lib") { lib = lib // klib; };
- ulib = {}; # TODO
- in
- builtins // lib // klib // ulib // rec {
- # TODO move this stuff
+ lib = let
+ nlib = import <nixpkgs/lib>;
+ klib = import (slib.kpath "4lib") { lib = nlib; };
+ slib = rec {
stockholm-path = ./.;
nspath = ns: p: stockholm-path + "/${ns}/${p}";
+ kpath = nspath "krebs";
+ upath = nspath current-user-name;
};
+ ulib = let p = slib.upath "4lib"; in
+ nlib.optionalAttrs (klib.dir.has-default-nix p)
+ (import p { lib = nlib // klib; });
+ in nlib // klib // slib // ulib // builtins;
inherit (eval {}) pkgs;
- kpath = lib.nspath "krebs";
- upath = lib.nspath current-user-name;
-
base-module = { config, ... }: {
- imports = builtins.filter builtins.pathExists (lib.concatLists [
- (map (f: f "2configs") [ upath ])
- (map (f: f "3modules") [ kpath upath ])
+ imports = builtins.filter lib.dir.has-default-nix (lib.concatLists [
+ (map (f: f "2configs") [ lib.upath ])
+ (map (f: f "3modules") [ lib.kpath lib.upath ])
]);
krebs.current.enable = true;
krebs.current.host = config.krebs.hosts.${current-host-name};
krebs.current.user = config.krebs.users.${current-user-name};
- nixpkgs.config.packageOverrides = pkgs:
- let
- kpkgs = import (kpath "5pkgs") { inherit lib pkgs; };
- upkgs = import (upath "5pkgs") { inherit lib; pkgs = pkgs // kpkgs; };
- in
- kpkgs // upkgs;
+ nixpkgs.config.packageOverrides = pkgs: let
+ kpkgs = import (lib.kpath "5pkgs") { inherit lib pkgs; };
+ upkgs = import (lib.upath "5pkgs") { inherit lib; pkgs = pkgs // kpkgs; };
+ in kpkgs // upkgs;
};
eval = config: import <nixpkgs/nixos/lib/eval-config.nix> {
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 0be166255..2ad4353bd 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -96,8 +96,8 @@ in {
'';
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKVjJrM7fHfHpvZXEA3hmX4JliHl6h6Q8AGOPcu+9fF";
+ ssh.privkey.path = <secrets/ssh.id_rsa>;
+ ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
};
fastpoke = {
dc = "lass";
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 6c943de8f..6fd1c4224 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -159,7 +159,7 @@ with lib;
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMPMh3nHxVcPqM+LrkK7eYxNJY1ShBXOTg1vlSR45wx";
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
};
ok = {
nets = {
@@ -277,7 +277,8 @@ with lib;
};
};
secure = true;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw";
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
};
};
users = addNames rec {
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index 396307c22..1cabeae27 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -3,7 +3,7 @@
with builtins;
with lib;
-rec {
+let out = rec {
eq = x: y: x == y;
@@ -14,7 +14,10 @@ rec {
types = import ./types.nix { inherit lib; };
+ dir.has-default-nix = path: pathExists (path + "/default.nix");
+
dns = import ./dns.nix { inherit lib; };
+ git = import ./git.nix { lib = lib // out; };
listset = import ./listset.nix { inherit lib; };
shell = import ./shell.nix { inherit lib; };
tree = import ./tree.nix { inherit lib; };
@@ -28,4 +31,8 @@ rec {
subdirsOf = path:
mapAttrs (name: _: path + "/${name}")
(filterAttrs (_: eq "directory") (readDir path));
-}
+
+ mapAttrValues = f: mapAttrs (_: f);
+ setAttr = name: value: set: set // { ${name} = value; };
+
+}; in out
diff --git a/krebs/4lib/git.nix b/krebs/4lib/git.nix
new file mode 100644
index 000000000..d50ba2018
--- /dev/null
+++ b/krebs/4lib/git.nix
@@ -0,0 +1,42 @@
+{ lib, ... }:
+
+let
+ inherit (lib) addNames escapeShellArg makeSearchPath optionalString;
+
+ commands = addNames {
+ git-receive-pack = {};
+ git-upload-pack = {};
+ };
+
+ receive-modes = addNames {
+ fast-forward = {};
+ non-fast-forward = {};
+ create = {};
+ delete = {};
+ merge = {}; # TODO implement in git.nix
+ };
+
+ permissions = {
+ fetch = {
+ allow-commands = [
+ commands.git-upload-pack
+ ];
+ };
+
+ push = ref: extra-modes: {
+ allow-commands = [
+ commands.git-receive-pack
+ commands.git-upload-pack
+ ];
+ allow-receive-ref = ref;
+ allow-receive-modes = [ receive-modes.fast-forward ] ++ extra-modes;
+ };
+ };
+
+ refs = {
+ master = "refs/heads/master";
+ all-heads = "refs/heads/*";
+ };
+
+in
+commands // receive-modes // permissions // refs
diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix
new file mode 100644
index 000000000..5697c31be
--- /dev/null
+++ b/krebs/5pkgs/git-hooks/default.nix
@@ -0,0 +1,168 @@
+{ lib, pkgs, ... }:
+
+with lib;
+
+let
+ out = {
+ inherit irc-announce;
+ };
+
+ # TODO irc-announce should return a derivation
+ irc-announce = { nick, channel, server, port ? 6667, verbose ? false }: ''
+ #! /bin/sh
+ set -euf
+
+ export PATH=${makeSearchPath "bin" (with pkgs; [
+ coreutils
+ git
+ gnused
+ ])}
+
+ green() { printf '\x0303,99%s\x0F' "$1"; }
+ red() { printf '\x0304,99%s\x0F' "$1"; }
+ orange() { printf '\x0307,99%s\x0F' "$1"; }
+ pink() { printf '\x0313,99%s\x0F' "$1"; }
+ gray() { printf '\x0314,99%s\x0F' "$1"; }
+
+ unset message
+ add_message() {
+ message="''${message+$message
+ }$*"
+ }
+
+ nick=${escapeShellArg nick}
+ channel=${escapeShellArg channel}
+ server=${escapeShellArg server}
+ port=${toString port}
+
+ host=$nick
+ cgit_endpoint=http://cgit.$host
+
+ empty=0000000000000000000000000000000000000000
+
+ while read oldrev newrev ref; do
+
+ if [ $oldrev = $empty ]; then
+ receive_mode=create
+ elif [ $newrev = $empty ]; then
+ receive_mode=delete
+ elif [ "$(git merge-base $oldrev $newrev)" = $oldrev ]; then
+ receive_mode=fast-forward
+ else
+ receive_mode=non-fast-forward
+ fi
+
+ h=$(echo $ref | sed 's:^refs/heads/::')
+
+ # empty_tree=$(git hash-object -t tree /dev/null)
+ empty_tree=4b825dc6
+
+ id=$(echo $newrev | cut -b-7)
+ id2=$(echo $oldrev | cut -b-7)
+ if [ $newrev = $empty ]; then id=$empty_tree; fi
+ if [ $oldrev = $empty ]; then id2=$empty_tree; fi
+
+ case $receive_mode in
+ create)
+ link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h"
+ ;;
+ delete)
+ link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)"
+ ;;
+ fast-forward|non-fast-forward)
+ link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2"
+ ;;
+ esac
+
+ #$host $GIT_SSH_REPO $ref $link
+ add_message $(pink push) $link $(gray "($receive_mode)")
+
+ ${optionalString verbose ''
+ add_message "$(
+ git log \
+ --format="$(orange %h) %s $(gray '(%ar)')" \
+ --reverse \
+ $id2..$id
+
+ git diff --stat $id2..$id \
+ | sed '$!s/\(+*\)\(-*\)$/'$(green '\1')$(red '\2')'/'
+ )"
+ ''}
+
+ done
+
+ if test -n "''${message-}"; then
+ exec ${irc-announce-script} \
+ "$server" \
+ "$port" \
+ "$nick" \
+ "$channel" \
+ "$message"
+ fi
+ '';
+
+ irc-announce-script = pkgs.writeScript "irc-announce-script" ''
+ #! /bin/sh
+ set -euf
+
+ export PATH=${makeSearchPath "bin" (with pkgs; [
+ coreutils
+ gawk
+ gnused
+ netcat
+ nettools
+ ])}
+
+ IRC_SERVER=$1
+ IRC_PORT=$2
+ IRC_NICK=$3$$
+ IRC_CHANNEL=$4
+ message=$5
+
+ export IRC_CHANNEL # for privmsg_cat
+
+ # echo2 and cat2 are used output to both, stdout and stderr
+ # This is used to see what we send to the irc server. (debug output)
+ echo2() { echo "$*"; echo "$*" >&2; }
+ cat2() { tee /dev/stderr; }
+
+ # privmsg_cat transforms stdin to a privmsg
+ privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
+
+ # ircin is used to feed the output of netcat back to the "irc client"
+ # so we can implement expect-like behavior with sed^_^
+ # XXX mkselfdestructingtmpfifo would be nice instead of this cruft
+ tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
+ cd "$tmpdir"
+ mkfifo ircin
+ trap "
+ rm ircin
+ cd '$OLDPWD'
+ rmdir '$tmpdir'
+ trap - EXIT INT QUIT
+ " EXIT INT QUIT
+
+ {
+ echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
+ echo2 "NICK $IRC_NICK"
+
+ # wait for MODE message
+ sed -n '/^:[^ ]* MODE /q'
+
+ echo2 "JOIN $IRC_CHANNEL"
+
+ printf '%s' "$message" \
+ | privmsg_cat \
+ | cat2
+
+ echo2 "PART $IRC_CHANNEL"
+
+ # wait for PART confirmation
+ sed -n '/:'"$IRC_NICK"'![^ ]* PART /q'
+
+ echo2 'QUIT :Gone to have lunch'
+ } < ircin \
+ | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
+ '';
+
+in out
diff --git a/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix b/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix
new file mode 100644
index 000000000..5c6f068e7
--- /dev/null
+++ b/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix
@@ -0,0 +1,16 @@
+{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape
+, xmonad, xmonad-contrib
+}:
+mkDerivation {
+ pname = "xmonad-stockholm";
+ version = "1.0.0";
+ src = fetchgit {
+ url = "http://cgit.cd/xmonad-stockholm";
+ sha256 = "35dda5d16acc90af94ae2fae10ab5cc2d5b450c3f1ff2e7f515ac53877269abf";
+ rev = "2dbefe42fc5cfe9093465bf3e22ba8f82feeef6e";
+ };
+ libraryHaskellDepends = [
+ base containers X11 X11-xshape xmonad xmonad-contrib
+ ];
+ license = stdenv.lib.licenses.mit;
+}
diff --git a/krebs/5pkgs/push/default.nix b/krebs/5pkgs/push/default.nix
index 410b43465..bc5c030a0 100644
--- a/krebs/5pkgs/push/default.nix
+++ b/krebs/5pkgs/push/default.nix
@@ -9,12 +9,12 @@
, ... }:
stdenv.mkDerivation {
- name = "push-1.1.0";
+ name = "push-1.1.1";
src = fetchgit {
url = http://cgit.cd.retiolum/push;
- rev = "c5f4bda5bd00bad7778bbd5a9af8d476de0de920";
- sha256 = "d335b644b791214263cee5c6659538c8e45326531b0588e5e7eb3bd9ef969800";
+ rev = "ea8b76569c6b226fe148e559477669b095408472";
+ sha256 = "c305a1515d30603f6ed825d44487e863fdc7d90400620ceaf2c335a3b5d1e221";
};
phases = [
@@ -45,4 +45,3 @@ stdenv.mkDerivation {
chmod +x $out/bin/push
'';
}
-
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index b0b8ff573..7db3f8333 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -156,6 +156,7 @@
get
genid
teamspeak_client
+ hashPassword
];
#TODO: fix this shit
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 570cdfb7c..87334c3c2 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -8,6 +8,8 @@ in {
imports = [
../2configs/base.nix
../2configs/downloading.nix
+ ../2configs/git.nix
+ ../2configs/ts3.nix
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
@@ -82,6 +84,9 @@ in {
#workaround for server dying after 6-7h
boot.kernelPackages = pkgs.linuxPackages_4_2;
}
+ {
+ nixpkgs.config.allowUnfree = true;
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 057af7bc4..11bc4f089 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -15,8 +15,8 @@ with lib;
{
users.extraUsers = {
root = {
- openssh.authorizedKeys.keys = map readFile [
- ../../krebs/Zpubkeys/lass.ssh.pub
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
];
};
mainUser = {
@@ -28,8 +28,8 @@ with lib;
useDefaultShell = true;
extraGroups = [
];
- openssh.authorizedKeys.keys = map readFile [
- ../../krebs/Zpubkeys/lass.ssh.pub
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
];
};
};
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 553a3a557..e80b74007 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }:
with lib;
-{
+
+let
+ rpc-password = import <secrets/transmission-pw.nix>;
+in {
imports = [
../3modules/folderPerms.nix
];
@@ -15,8 +18,8 @@ with lib;
extraGroups = [
"download"
];
- openssh.authorizedKeys.keys = map readFile [
- ../../krebs/Zpubkeys/lass.ssh.pub
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
];
};
@@ -46,8 +49,7 @@ with lib;
rpc-authentication-required = true;
rpc-whitelist-enabled = false;
rpc-username = "download";
- #add rpc-password in secrets
- rpc-password = "test123";
+ inherit rpc-password;
peer-port = 51413;
};
};
diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix
new file mode 100644
index 000000000..5b92d0919
--- /dev/null
+++ b/lass/2configs/ts3.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+
+{
+ services.teamspeak3 = {
+ enable = true;
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ #voice port
+ { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 9987"; target = "ACCEPT"; }
+ ##file transfer port
+ #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; }
+ #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; }
+ ##query port
+ #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; }
+ #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; }
+ ];
+}
diff --git a/null/default.nix b/null/default.nix
new file mode 100644
index 000000000..2eb33a153
--- /dev/null
+++ b/null/default.nix
@@ -0,0 +1 @@
+_:{}
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 126c6feb5..8c2a9ae43 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -4,23 +4,8 @@ with lib;
{
krebs.build.host = config.krebs.hosts.cd;
- krebs.build.user = config.krebs.users.tv;
-
krebs.build.target = "root@cd.internet";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- path = "/home/tv/secrets/cd";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/CAC-Developer-2.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
@@ -115,7 +100,6 @@ with lib;
iftop
iotop
iptables
- mutt # for mv
nethogs
ntp # ntpate
rxvt_unicode.terminfo
@@ -126,17 +110,4 @@ with lib;
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
-
- users.extraUsers = {
- mv = {
- uid = 1338;
- group = "users";
- home = "/home/mv";
- createHome = true;
- useDefaultShell = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.mv.pubkey
- ];
- };
- };
}
diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix
index 55d83f8f3..9d8a0bcfa 100644
--- a/tv/1systems/mkdir.nix
+++ b/tv/1systems/mkdir.nix
@@ -17,23 +17,8 @@ in
{
krebs.build.host = config.krebs.hosts.mkdir;
- krebs.build.user = config.krebs.users.tv;
-
krebs.build.target = "root@${primary-addr4}";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- path = "/home/tv/secrets/mkdir";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index c2bb4dc78..0c6c935a3 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -4,23 +4,9 @@ with lib;
{
krebs.build.host = config.krebs.hosts.nomic;
- krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@nomic.gg23";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- path = "/home/tv/secrets/nomic";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/AO753.nix
#../2configs/consul-server.nix
diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix
index 53f14d7df..1f1d975c9 100644
--- a/tv/1systems/rmdir.nix
+++ b/tv/1systems/rmdir.nix
@@ -17,23 +17,9 @@ in
{
krebs.build.host = config.krebs.hosts.rmdir;
- krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@rmdir.internet";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- path = "/home/tv/secrets/rmdir";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 33292c608..3fa5481e2 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -4,24 +4,6 @@ with lib;
{
krebs.build.host = config.krebs.hosts.wu;
- krebs.build.user = config.krebs.users.tv;
-
- krebs.build.target = "root@wu";
-
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- target-path = "/var/src/nixpkgs";
- };
- dir.secrets = {
- path = "/home/tv/secrets/wu";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- target-path = "/var/src/stockholm";
- };
- };
imports = [
../2configs/hw/w110er.nix
@@ -29,7 +11,6 @@ with lib;
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver
- ../2configs/z.nix
{
environment.systemPackages = with pkgs; [
@@ -62,31 +43,24 @@ with lib;
bind # dig
cac
dic
- ff
file
get
- gitAndTools.qgit
gnupg21
haskellPackages.hledger
htop
jq
manpages
mkpasswd
- mpv
netcat
nix-repl
nmap
nq
p7zip
- pavucontrol
posix_man_pages
- pssh
push
qrencode
- sxiv
texLive
tmux
- zathura
#ack
#apache-httpd
@@ -145,6 +119,8 @@ with lib;
#xkill
#xl2tpd
#xsel
+
+ unison
];
}
{
@@ -180,122 +156,6 @@ with lib;
];
};
}
- {
- users.extraGroups = {
- tv.gid = 1337;
- slaves.gid = 3799582008; # genid slaves
- };
-
- users.extraUsers =
- mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
- inherit name;
- home = "/home/${name}";
- createHome = true;
- useDefaultShell = true;
- group = "tv";
- extraGroups = ["slaves"] ++ extraGroups;
- }) {
- ff = {
- uid = 13378001;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- cr = {
- uid = 13378002;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- fa = {
- uid = 2300001;
- };
-
- rl = {
- uid = 2300002;
- };
-
- tief = {
- uid = 2300702;
- };
-
- btc-bitcoind = {
- uid = 2301001;
- };
-
- btc-electrum = {
- uid = 2301002;
- };
-
- ltc-litecoind = {
- uid = 2301101;
- };
-
- eth = {
- uid = 2302001;
- };
-
- emse-hsdb = {
- uid = 4200101;
- };
-
- wine = {
- uid = 13370400;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- df = {
- uid = 13370401;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- xr = {
- uid = 13370061;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- "23" = {
- uid = 13370023;
- };
-
- electrum = {
- uid = 13370102;
- };
-
- skype = {
- uid = 6660001;
- extraGroups = [
- "audio"
- ];
- };
-
- onion = {
- uid = 6660010;
- };
- };
-
- security.sudo.extraConfig =
- let
- isSlave = u: elem "slaves" u.extraGroups;
- masterOf = u: u.group;
- slaves = filterAttrs (_: isSlave) config.users.extraUsers;
- toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
- in
- concatMapStringsSep "\n" toSudoers (attrValues slaves);
- }
];
boot.initrd.luks = {
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 607f89aea..94656ab61 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -4,22 +4,9 @@ with lib;
{
krebs.build.host = co