diff options
Diffstat (limited to 'lass')
| -rw-r--r-- | lass/1systems/mors/config.nix | 2 | ||||
| -rw-r--r-- | lass/1systems/prism/config.nix | 9 | ||||
| -rw-r--r-- | lass/1systems/xerxes/config.nix | 40 | ||||
| -rw-r--r-- | lass/1systems/xerxes/source.nix | 11 | ||||
| -rw-r--r-- | lass/2configs/browsers.nix | 43 | ||||
| -rw-r--r-- | lass/2configs/default.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/hw/gpd-pocket.nix | 29 | ||||
| -rw-r--r-- | lass/source.nix | 2 |
8 files changed, 122 insertions, 15 deletions
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index fee43f8cd..ad133802f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -179,7 +179,7 @@ with import <stockholm/lib>; echo 'secrets are crypted' >&2 exit 23 else - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' + exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"' fi ''; predeploy = pkgs.writeDash "predeploy" '' diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b18abf509..87270b8b8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -287,6 +287,15 @@ in { } <stockholm/krebs/2configs/reaktor-krebs.nix> <stockholm/lass/2configs/dcso-dev.nix> + { + krebs.git.rules = [ + { + user = [ config.krebs.users.jeschli ]; + repo = [ config.krebs.git.repos.stockholm ]; + perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ]; + } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix new file mode 100644 index 000000000..0669748f5 --- /dev/null +++ b/lass/1systems/xerxes/config.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/hw/gpd-pocket.nix> + <stockholm/lass/2configs/boot/stock-x220.nix> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + ]; + + krebs.build.host = config.krebs.hosts.xerxes; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0" + ''; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/16C8-D053"; + fsType = "vfat"; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ]; + networking.wireless.enable = true; +} diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix new file mode 100644 index 000000000..11f5bf796 --- /dev/null +++ b/lass/1systems/xerxes/source.nix @@ -0,0 +1,11 @@ +with import <stockholm/lib>; +import <stockholm/lass/source.nix> { + name = "xerxes"; + secure = true; + override = { + nixpkgs.git = mkForce { + url = https://github.com/lassulus/nixpkgs; + ref = "3eccd0b"; + }; + }; +} diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 6c381863c..a858d3fec 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -5,19 +5,23 @@ let mainUser = config.users.extraUsers.mainUser; - browser-select = pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu) + browser-select = let + sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) + (mapAttrsToList (name: value: { inherit name value; }) + config.lass.browser.paths); + in pkgs.writeScriptBin "browser-select" '' + BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) case $BROWSER in ${concatMapStringsSep "\n" (n: '' - ${n}) - export BIN=${config.lass.browser.paths.${n}}/bin/${n} + ${n.name}) + export BIN=${n.value.path}/bin/${n.name} ;; - '') (attrNames config.lass.browser.paths)} + '') (sortedPaths)} esac $BIN "$@" ''; - createChromiumUser = name: extraGroups: + createChromiumUser = name: extraGroups: precedence: let bin = pkgs.writeScriptBin name '' /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ @@ -31,7 +35,7 @@ let useDefaultShell = true; createHome = true; }; - lass.browser.paths.${name} = bin; + lass.browser.paths.${name}.path = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; @@ -40,7 +44,7 @@ let ]; }; - createFirefoxUser = name: extraGroups: + createFirefoxUser = name: extraGroups: precedence: let bin = pkgs.writeScriptBin name '' /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ @@ -54,7 +58,10 @@ let useDefaultShell = true; createHome = true; }; - lass.browser.paths.${name} = bin; + lass.browser.paths.${name} = { + path = bin; + inherit precedence; + }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; @@ -79,14 +86,24 @@ in { type = types.path; }; options.lass.browser.paths = mkOption { - type = with types; attrsOf path; + type = types.attrsOf (types.submodule ({ + options = { + path = mkOption { + type = types.path; + }; + precedence = mkOption { + type = types.int; + default = 0; + }; + }; + })); }; } - ( createFirefoxUser "ff" [ "audio" ] ) - ( createChromiumUser "cr" [ "video" "audio" ] ) + ( createFirefoxUser "ff" [ "audio" ] 10 ) + ( createChromiumUser "cr" [ "video" "audio" ] 9 ) + ( createChromiumUser "gm" [ "video" "audio" ] 8 ) ( createChromiumUser "wk" [ "video" "audio" ] ) ( createChromiumUser "fb" [ "video" "audio" ] ) - ( createChromiumUser "gm" [ "video" "audio" ] ) ( createChromiumUser "com" [ "video" "audio" ] ) ]; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f8b750093..0e00dc2fd 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -22,6 +22,7 @@ with import <stockholm/lib>; config.krebs.users.lass.pubkey config.krebs.users.lass-shodan.pubkey config.krebs.users.lass-icarus.pubkey + config.krebs.users.lass-xerxes.pubkey ]; }; mainUser = { diff --git a/lass/2configs/hw/gpd-pocket.nix b/lass/2configs/hw/gpd-pocket.nix new file mode 100644 index 000000000..193c12c13 --- /dev/null +++ b/lass/2configs/hw/gpd-pocket.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: + +let + dummy_firmware = pkgs.writeTextFile { + name = "brcmfmac4356-pcie.txt"; + text = builtins.readFile ./brcmfmac4356-pcie.txt; + destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt"; + }; +in { + #imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ]; + hardware.firmware = [ dummy_firmware ]; + hardware.enableRedistributableFirmware = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" "sdhci_pci" ]; + boot.kernelPackages = pkgs.linuxPackages_4_14; + boot.kernelParams = [ + "fbcon=rotate:1" + ]; + services.tlp.enable = true; + services.xserver.displayManager.sessionCommands = '' + (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) + ''; + services.xserver.dpi = 200; + fonts.fontconfig.dpi = 200; + lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola"; + lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola"; + lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol"; +} diff --git a/lass/source.nix b/lass/source.nix index 292b92a9e..b60a6cb6c 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "f9390d6"; + ref = "b4a0c01"; }; secrets.file = getAttr builder { buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; |