diff options
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/base.nix | 9 | ||||
-rw-r--r-- | lass/2configs/bitlbee.nix | 15 | ||||
-rw-r--r-- | lass/2configs/browsers.nix | 93 | ||||
-rw-r--r-- | lass/2configs/chromium-patched.nix | 16 | ||||
-rw-r--r-- | lass/2configs/new-repos.nix | 13 | ||||
-rw-r--r-- | lass/2configs/retiolum.nix | 2 | ||||
-rw-r--r-- | lass/2configs/texlive.nix | 2 | ||||
-rw-r--r-- | lass/2configs/virtualbox.nix | 2 |
8 files changed, 81 insertions, 71 deletions
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 095c7660c..d44a19c1e 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -39,12 +39,20 @@ with lib; krebs = { enable = true; search-domain = "retiolum"; + exim-retiolum.enable = true; + build.deps.nixpkgs = { + url = https://github.com/Lassulus/nixpkgs; + rev = "58a82ff50b8605b88a8f66481d8c85bf8ab53be3"; + }; }; nix.useChroot = true; users.mutableUsers = false; + #why is this on in the first place? + services.ntp.enable = false; + boot.tmpOnTmpfs = true; # see tmpfiles.d(5) systemd.tmpfiles.rules = [ @@ -134,6 +142,7 @@ with lib; { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-i retiolum"; target = "REJECT"; precedence = -10000; } ]; }; }; diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix new file mode 100644 index 000000000..3a0080402 --- /dev/null +++ b/lass/2configs/bitlbee.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: + +let + lpkgs = import ../5pkgs { inherit pkgs; }; +in { + + imports = [ + ../3modules/bitlbee.nix + ]; + + config.lass.bitlbee = { + enable = true; + bitlbeePkg = lpkgs.bitlbee; + }; +} diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 8aecea925..9849c829a 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,67 +1,50 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: let + inherit (import ../4lib { inherit pkgs lib; }) simpleScript; + mainUser = config.users.extraUsers.mainUser; + createBrowserUser = name: extraGroups: packages: + { + users.extraUsers = { + ${name} = { + inherit name; + inherit extraGroups; + home = "/home/${name}"; + useDefaultShell = true; + createHome = true; + }; + }; + lass.per-user.${name}.packages = packages; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(${name}) NOPASSWD: ALL + ''; + environment.systemPackages = [ + (simpleScript name '' + sudo -u ${name} -i chromium $@ + '') + ]; + }; in { - nixpkgs.config.packageOverrides = pkgs : { - chromium = pkgs.chromium.override { - pulseSupport = true; - }; - }; - - environment.systemPackages = with pkgs; [ - firefox + imports = [ + ../3modules/per-user.nix + ] ++ [ + ( createBrowserUser "ff" [ "audio" ] [ pkgs.firefox ] ) + ( createBrowserUser "cr" [ "audio" ] [ pkgs.chromium ] ) + ( createBrowserUser "fb" [ ] [ pkgs.chromium ] ) + ( createBrowserUser "gm" [ ] [ pkgs.chromium ] ) + ( createBrowserUser "flash" [ ] [ pkgs.flash ] ) ]; - users.extraUsers = { - firefox = { - name = "firefox"; - description = "user for running firefox"; - home = "/home/firefox"; - useDefaultShell = true; - extraGroups = [ "audio" ]; - createHome = true; - }; - chromium = { - name = "chromium"; - description = "user for running chromium"; - home = "/home/chromium"; - useDefaultShell = true; - extraGroups = [ "audio" ]; - createHome = true; - }; - facebook = { - name = "facebook"; - description = "user for running facebook in chromium"; - home = "/home/facebook"; - useDefaultShell = true; - extraGroups = [ "audio" ]; - createHome = true; - }; - google = { - name = "google"; - description = "user for running google+/gmail in chromium"; - home = "/home/google"; - useDefaultShell = true; - createHome = true; + nixpkgs.config.packageOverrides = pkgs : { + flash = pkgs.chromium.override { + pulseSupport = true; + enablePepperFlash = true; }; - flash = { - name = "flash"; - description = "user for running flash stuff"; - home = "/home/flash"; - useDefaultShell = true; - extraGroups = [ "audio" ]; - createHome = true; + chromium = pkgs.chromium.override { + pulseSupport = true; }; }; - - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(firefox) NOPASSWD: ALL - ${mainUser.name} ALL=(chromium) NOPASSWD: ALL - ${mainUser.name} ALL=(facebook) NOPASSWD: ALL - ${mainUser.name} ALL=(google) NOPASSWD: ALL - ${mainUser.name} ALL=(flash) NOPASSWD: ALL - ''; } diff --git a/lass/2configs/chromium-patched.nix b/lass/2configs/chromium-patched.nix index 715181778..d9d7760dd 100644 --- a/lass/2configs/chromium-patched.nix +++ b/lass/2configs/chromium-patched.nix @@ -37,12 +37,12 @@ let in { environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy; - environment.systemPackages = [ - #pkgs.chromium - (pkgs.lib.overrideDerivation pkgs.chromium (attrs: { - buildCommand = attrs.buildCommand + '' - touch $out/TEST123 - ''; - })) - ]; + #environment.systemPackages = [ + # #pkgs.chromium + # (pkgs.lib.overrideDerivation pkgs.chromium (attrs: { + # buildCommand = attrs.buildCommand + '' + # touch $out/TEST123 + # ''; + # })) + #]; } diff --git a/lass/2configs/new-repos.nix b/lass/2configs/new-repos.nix index 64e9a7f14..026f9a665 100644 --- a/lass/2configs/new-repos.nix +++ b/lass/2configs/new-repos.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: with import ../../tv/4lib { inherit lib pkgs; }; + let out = { @@ -8,14 +9,14 @@ let enable = true; root-title = "public repositories at ${config.krebs.build.host.name}"; root-desc = "keep calm and engage"; - inherit repos rules; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; }; }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) ( + repos = public-repos // - optionalAttrs config.krebs.build.host.secure restricted-repos - ); + optionalAttrs config.krebs.build.host.secure restricted-repos; rules = concatMap make-rules (attrValues repos); @@ -50,8 +51,8 @@ let }; }; - make-restricted-repo = name: { desc ? null, ... }: { - inherit name desc; + make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: { + inherit name collaborators desc; public = false; }; diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 2d583a88a..7c7f2b4d4 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -22,6 +22,8 @@ "fastpoke" "cloudkrebs" "pigstarter" + "gum" + "flap" ]; }; } diff --git a/lass/2configs/texlive.nix b/lass/2configs/texlive.nix index 295df31cd..18d72297d 100644 --- a/lass/2configs/texlive.nix +++ b/lass/2configs/texlive.nix @@ -2,6 +2,6 @@ { environment.systemPackages = with pkgs; [ - (pkgs.texLiveAggregationFun { paths = [ pkgs.texLive pkgs.texLiveFull ]; }) + texLive ]; } diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index 026203124..ad7ac1429 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -4,7 +4,7 @@ let mainUser = config.users.extraUsers.mainUser; in { - services.virtualboxHost.enable = true; + virtualisation.virtualbox.host.enable = true; users.extraUsers = { virtual = { |