summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/base.nix9
-rw-r--r--lass/2configs/bitlbee.nix15
-rw-r--r--lass/2configs/browsers.nix93
-rw-r--r--lass/2configs/chromium-patched.nix16
-rw-r--r--lass/2configs/new-repos.nix13
-rw-r--r--lass/2configs/retiolum.nix2
-rw-r--r--lass/2configs/texlive.nix2
-rw-r--r--lass/2configs/virtualbox.nix2
8 files changed, 81 insertions, 71 deletions
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 095c7660c..d44a19c1e 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -39,12 +39,20 @@ with lib;
krebs = {
enable = true;
search-domain = "retiolum";
+ exim-retiolum.enable = true;
+ build.deps.nixpkgs = {
+ url = https://github.com/Lassulus/nixpkgs;
+ rev = "58a82ff50b8605b88a8f66481d8c85bf8ab53be3";
+ };
};
nix.useChroot = true;
users.mutableUsers = false;
+ #why is this on in the first place?
+ services.ntp.enable = false;
+
boot.tmpOnTmpfs = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
@@ -134,6 +142,7 @@ with lib;
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
+ { predicate = "-i retiolum"; target = "REJECT"; precedence = -10000; }
];
};
};
diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
new file mode 100644
index 000000000..3a0080402
--- /dev/null
+++ b/lass/2configs/bitlbee.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+
+let
+ lpkgs = import ../5pkgs { inherit pkgs; };
+in {
+
+ imports = [
+ ../3modules/bitlbee.nix
+ ];
+
+ config.lass.bitlbee = {
+ enable = true;
+ bitlbeePkg = lpkgs.bitlbee;
+ };
+}
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 8aecea925..9849c829a 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -1,67 +1,50 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
let
+ inherit (import ../4lib { inherit pkgs lib; }) simpleScript;
+
mainUser = config.users.extraUsers.mainUser;
+ createBrowserUser = name: extraGroups: packages:
+ {
+ users.extraUsers = {
+ ${name} = {
+ inherit name;
+ inherit extraGroups;
+ home = "/home/${name}";
+ useDefaultShell = true;
+ createHome = true;
+ };
+ };
+ lass.per-user.${name}.packages = packages;
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
+ '';
+ environment.systemPackages = [
+ (simpleScript name ''
+ sudo -u ${name} -i chromium $@
+ '')
+ ];
+ };
in {
- nixpkgs.config.packageOverrides = pkgs : {
- chromium = pkgs.chromium.override {
- pulseSupport = true;
- };
- };
-
- environment.systemPackages = with pkgs; [
- firefox
+ imports = [
+ ../3modules/per-user.nix
+ ] ++ [
+ ( createBrowserUser "ff" [ "audio" ] [ pkgs.firefox ] )
+ ( createBrowserUser "cr" [ "audio" ] [ pkgs.chromium ] )
+ ( createBrowserUser "fb" [ ] [ pkgs.chromium ] )
+ ( createBrowserUser "gm" [ ] [ pkgs.chromium ] )
+ ( createBrowserUser "flash" [ ] [ pkgs.flash ] )
];
- users.extraUsers = {
- firefox = {
- name = "firefox";
- description = "user for running firefox";
- home = "/home/firefox";
- useDefaultShell = true;
- extraGroups = [ "audio" ];
- createHome = true;
- };
- chromium = {
- name = "chromium";
- description = "user for running chromium";
- home = "/home/chromium";
- useDefaultShell = true;
- extraGroups = [ "audio" ];
- createHome = true;
- };
- facebook = {
- name = "facebook";
- description = "user for running facebook in chromium";
- home = "/home/facebook";
- useDefaultShell = true;
- extraGroups = [ "audio" ];
- createHome = true;
- };
- google = {
- name = "google";
- description = "user for running google+/gmail in chromium";
- home = "/home/google";
- useDefaultShell = true;
- createHome = true;
+ nixpkgs.config.packageOverrides = pkgs : {
+ flash = pkgs.chromium.override {
+ pulseSupport = true;
+ enablePepperFlash = true;
};
- flash = {
- name = "flash";
- description = "user for running flash stuff";
- home = "/home/flash";
- useDefaultShell = true;
- extraGroups = [ "audio" ];
- createHome = true;
+ chromium = pkgs.chromium.override {
+ pulseSupport = true;
};
};
-
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(firefox) NOPASSWD: ALL
- ${mainUser.name} ALL=(chromium) NOPASSWD: ALL
- ${mainUser.name} ALL=(facebook) NOPASSWD: ALL
- ${mainUser.name} ALL=(google) NOPASSWD: ALL
- ${mainUser.name} ALL=(flash) NOPASSWD: ALL
- '';
}
diff --git a/lass/2configs/chromium-patched.nix b/lass/2configs/chromium-patched.nix
index 715181778..d9d7760dd 100644
--- a/lass/2configs/chromium-patched.nix
+++ b/lass/2configs/chromium-patched.nix
@@ -37,12 +37,12 @@ let
in {
environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy;
- environment.systemPackages = [
- #pkgs.chromium
- (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
- buildCommand = attrs.buildCommand + ''
- touch $out/TEST123
- '';
- }))
- ];
+ #environment.systemPackages = [
+ # #pkgs.chromium
+ # (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
+ # buildCommand = attrs.buildCommand + ''
+ # touch $out/TEST123
+ # '';
+ # }))
+ #];
}
diff --git a/lass/2configs/new-repos.nix b/lass/2configs/new-repos.nix
index 64e9a7f14..026f9a665 100644
--- a/lass/2configs/new-repos.nix
+++ b/lass/2configs/new-repos.nix
@@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }:
with import ../../tv/4lib { inherit lib pkgs; };
+
let
out = {
@@ -8,14 +9,14 @@ let
enable = true;
root-title = "public repositories at ${config.krebs.build.host.name}";
root-desc = "keep calm and engage";
- inherit repos rules;
+ repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
+ rules = rules;
};
};
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) (
+ repos =
public-repos //
- optionalAttrs config.krebs.build.host.secure restricted-repos
- );
+ optionalAttrs config.krebs.build.host.secure restricted-repos;
rules = concatMap make-rules (attrValues repos);
@@ -50,8 +51,8 @@ let
};
};
- make-restricted-repo = name: { desc ? null, ... }: {
- inherit name desc;
+ make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: {
+ inherit name collaborators desc;
public = false;
};
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index 2d583a88a..7c7f2b4d4 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -22,6 +22,8 @@
"fastpoke"
"cloudkrebs"
"pigstarter"
+ "gum"
+ "flap"
];
};
}
diff --git a/lass/2configs/texlive.nix b/lass/2configs/texlive.nix
index 295df31cd..18d72297d 100644
--- a/lass/2configs/texlive.nix
+++ b/lass/2configs/texlive.nix
@@ -2,6 +2,6 @@
{
environment.systemPackages = with pkgs; [
- (pkgs.texLiveAggregationFun { paths = [ pkgs.texLive pkgs.texLiveFull ]; })
+ texLive
];
}
diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix
index 026203124..ad7ac1429 100644
--- a/lass/2configs/virtualbox.nix
+++ b/lass/2configs/virtualbox.nix
@@ -4,7 +4,7 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
- services.virtualboxHost.enable = true;
+ virtualisation.virtualbox.host.enable = true;
users.extraUsers = {
virtual = {