diff options
Diffstat (limited to 'lass/2configs')
| -rw-r--r-- | lass/2configs/base.nix | 12 | ||||
| -rw-r--r-- | lass/2configs/browsers.nix | 38 | ||||
| -rw-r--r-- | lass/2configs/desktop-base.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/downloading.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/fastpoke-pages.nix | 6 | ||||
| -rw-r--r-- | lass/2configs/mors/repos.nix | 87 | ||||
| -rw-r--r-- | lass/2configs/new-repos.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/privoxy-retiolum.nix | 21 | ||||
| -rw-r--r-- | lass/2configs/privoxy.nix | 15 | ||||
| -rw-r--r-- | lass/2configs/realwallpaper-server.nix | 32 | ||||
| -rw-r--r-- | lass/2configs/realwallpaper.nix | 9 | ||||
| -rw-r--r-- | lass/2configs/retiolum.nix | 5 | ||||
| -rw-r--r-- | lass/2configs/steam.nix | 4 | ||||
| -rw-r--r-- | lass/2configs/virtualbox.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/weechat.nix | 22 | ||||
| -rw-r--r-- | lass/2configs/wordpress.nix | 4 |
16 files changed, 138 insertions, 125 deletions
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 46435649b..43c4f4e34 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -3,14 +3,13 @@ with lib; { imports = [ - ../3modules/iptables.nix ../2configs/vim.nix ../2configs/zsh.nix ../2configs/mc.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) - (import /root/src/secrets/hashedPasswords.nix); + (import /root/secrets/hashedPasswords.nix); } { users.extraUsers = { @@ -45,7 +44,7 @@ with lib; build.source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "68bd8e4a9dc247726ae89cc8739574261718e328"; + rev = "e916273209560b302ab231606babf5ce1c481f08"; }; }; }; @@ -71,7 +70,12 @@ with lib; ''; environment.systemPackages = with pkgs; [ + #stockholm git + jq + parallel + + #style most rxvt_unicode.terminfo @@ -137,7 +141,7 @@ with lib; RuntimeMaxUse=128M ''; - lass.iptables = { + krebs.iptables = { enable = true; tables = { filter.INPUT.policy = "DROP"; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index f37dace2c..5a1857973 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -6,14 +6,12 @@ let mainUser = config.users.extraUsers.mainUser; createChromiumUser = name: extraGroups: packages: { - users.extraUsers = { - ${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - useDefaultShell = true; - createHome = true; - }; + users.extraUsers.${name} = { + inherit name; + inherit extraGroups; + home = "/home/${name}"; + useDefaultShell = true; + createHome = true; }; lass.per-user.${name}.packages = packages; security.sudo.extraConfig = '' @@ -28,14 +26,12 @@ let createFirefoxUser = name: extraGroups: packages: { - users.extraUsers = { - ${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - useDefaultShell = true; - createHome = true; - }; + users.extraUsers.${name} = { + inherit name; + inherit extraGroups; + home = "/home/${name}"; + useDefaultShell = true; + createHome = true; }; lass.per-user.${name}.packages = packages; security.sudo.extraConfig = '' @@ -66,16 +62,16 @@ in { ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) - ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) + # ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) ]; nixpkgs.config.packageOverrides = pkgs : { flash = pkgs.chromium.override { - pulseSupport = true; + # pulseSupport = true; enablePepperFlash = true; }; - chromium = pkgs.chromium.override { - pulseSupport = true; - }; + #chromium = pkgs.chromium.override { + # pulseSupport = true; + #}; }; } diff --git a/lass/2configs/desktop-base.nix b/lass/2configs/desktop-base.nix index 8ae768ca9..ed84edefa 100644 --- a/lass/2configs/desktop-base.nix +++ b/lass/2configs/desktop-base.nix @@ -34,6 +34,8 @@ in { haskellPackages.yeganesh dmenu2 xlibs.fontschumachermisc + + sxiv ]; fonts.fonts = [ diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index e6d31a6c4..5052da5c8 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -2,7 +2,6 @@ { imports = [ - ../3modules/iptables.nix ../3modules/folderPerms.nix ]; @@ -47,7 +46,7 @@ }; }; - lass.iptables = { + krebs.iptables = { enable = true; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } diff --git a/lass/2configs/fastpoke-pages.nix b/lass/2configs/fastpoke-pages.nix index 1c8106a88..0470865b6 100644 --- a/lass/2configs/fastpoke-pages.nix +++ b/lass/2configs/fastpoke-pages.nix @@ -29,9 +29,7 @@ let }; in { - imports = [ - ../3modules/iptables.nix - ] ++ map createStaticPage [ + imports = map createStaticPage [ "habsys.de" "pixelpocket.de" "karlaskop.de" @@ -39,7 +37,7 @@ in { "apanowicz.de" ]; - lass.iptables = { + krebs.iptables = { tables = { filter.INPUT.rules = [ { predicate = "-p tcp --dport http"; target = "ACCEPT"; } diff --git a/lass/2configs/mors/repos.nix b/lass/2configs/mors/repos.nix deleted file mode 100644 index 1f7f33456..000000000 --- a/lass/2configs/mors/repos.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ ... }: - -{ - imports = [ - ../lass/gitolite-base.nix - ../common/krebs-keys.nix - ../common/krebs-repos.nix - ]; - - services.gitolite = { - repos = { - - config = { - users = { - lass = "RW+"; - uriel = "R"; - tv = "R"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - pass = { - users = { - lass = "RW+"; - uriel = "R"; - }; - }; - - load-env = { - users = { - lass = "RW+"; - uriel = "R"; - tv = "R"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - emse-drywall = { - users = { - lass = "RW+"; - uriel = "R"; - tv = "R"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - emse-hsdb = { - users = { - lass = "RW+"; - uriel = "R"; - tv = "R"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - brain = { - users = { - lass = "RW+"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - #hooks.post-receive = irc-announce; - }; - - painload = { - users = { - lass = "RW+"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - services = { - users = { - lass = "RW+"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - xmonad-config = { - users = { - lass = "RW+"; - uriel = "R"; - }; - }; - - }; - }; -} diff --git a/lass/2configs/new-repos.nix b/lass/2configs/new-repos.nix index 026f9a665..3d293d654 100644 --- a/lass/2configs/new-repos.nix +++ b/lass/2configs/new-repos.nix @@ -47,6 +47,7 @@ let nick = config.krebs.build.host.name; channel = "#retiolum"; server = "cd.retiolum"; + verbose = config.krebs.build.host.name == "cloudkrebs"; }; }; }; diff --git a/lass/2configs/privoxy-retiolum.nix b/lass/2configs/privoxy-retiolum.nix new file mode 100644 index 000000000..3a3641ad8 --- /dev/null +++ b/lass/2configs/privoxy-retiolum.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: + +let + r_ip = (head config.krebs.build.host.nets.retiolum.addrs4); + inherit (lib) head; + +in { + imports = [ + ./privoxy.nix + ]; + + services.privoxy.listenAddress = "${r_ip}:8118"; + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 8118"; target = "ACCEPT"; } + ]; + }; + }; +} diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix new file mode 100644 index 000000000..bf5f6e206 --- /dev/null +++ b/lass/2configs/privoxy.nix @@ -0,0 +1,15 @@ +{ config, ... }: + +{ + services.privoxy = { + enable = true; + extraConfig = '' + #use polipo + forward / localhost:8123 + + #route .onion through tor + forward-socks4a .onion localhost:9050 + ''; + }; + services.polipo.enable = true; +} diff --git a/lass/2configs/realwallpaper-server.nix b/lass/2configs/realwallpaper-server.nix new file mode 100644 index 000000000..7340fc7ca --- /dev/null +++ b/lass/2configs/realwallpaper-server.nix @@ -0,0 +1,32 @@ +{ config, lib, ... }: + +let + hostname = config.krebs.build.host.name; + inherit (lib) + nameValuePair + ; + +in { + imports = [ + ./realwallpaper.nix + ]; + + krebs.nginx.servers.wallpaper = { + server-names = [ + hostname + ]; + locations = [ + (nameValuePair "/wallpaper.png" '' + root /tmp/; + '') + ]; + }; + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + }; +} diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix new file mode 100644 index 000000000..f1c8861e1 --- /dev/null +++ b/lass/2configs/realwallpaper.nix @@ -0,0 +1,9 @@ +{ config, ... }: + +{ + imports = [ + ../3modules/realwallpaper.nix + ]; + + lass.realwallpaper.enable = true; +} diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index d7df15027..7f0bcc5e8 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -1,11 +1,8 @@ { ... }: { - imports = [ - ../3modules/iptables.nix - ]; - lass.iptables = { + krebs.iptables = { tables = { filter.INPUT.rules = [ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index bd895e156..225ddd308 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -16,7 +16,9 @@ environment.systemPackages = with pkgs; [ steam ]; - lass.iptables = { + + #ports for inhome streaming + krebs.iptables = { tables = { filter.INPUT.rules = [ { predicate = "-p tcp --dport 27031"; target = "ACCEPT"; } diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index 9769cd68d..f7d196057 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -4,6 +4,8 @@ let mainUser = config.users.extraUsers.mainUser; in { + #services.virtualboxHost.enable = true; + virtualisation.virtualbox.host.enable = true; users.extraUsers = { virtual = { diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix new file mode 100644 index 000000000..cfcc1a2f6 --- /dev/null +++ b/lass/2configs/weechat.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + imports = [ + ../3modules/per-user.nix + ]; + + lass.per-user.chat.packages = [ + pkgs.weechat + pkgs.tmux + ]; + + users.extraUsers.chat = { + home = "/home/chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = map readFile [ + ../../krebs/Zpubkeys/lass.ssh.pub + ]; + }; +} diff --git a/lass/2configs/wordpress.nix b/lass/2configs/wordpress.nix index 9458deb38..bd59080d9 100644 --- a/lass/2configs/wordpress.nix +++ b/lass/2configs/wordpress.nix @@ -8,10 +8,10 @@ config = { imports = [ - ../3modules/iptables.nix + ../../krebs/3modules/iptables.nix ]; - lass.iptables = { + krebs.iptables = { enable = true; tables = { filter.INPUT.policy = "DROP"; |