summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/coaxmetal/config.nix44
-rw-r--r--lass/1systems/coaxmetal/physical.nix1
-rw-r--r--lass/1systems/daedalus/config.nix1
-rw-r--r--lass/1systems/green/config.nix2
-rw-r--r--lass/1systems/icarus/physical.nix11
-rw-r--r--lass/1systems/prism/config.nix1
-rw-r--r--lass/1systems/uriel/config.nix1
-rw-r--r--lass/1systems/xerxes/config.nix5
-rw-r--r--lass/2configs/bitcoin.nix27
-rw-r--r--lass/2configs/ciko.nix1
-rw-r--r--lass/2configs/default.nix5
-rw-r--r--lass/2configs/elster.nix1
-rw-r--r--lass/2configs/games.nix1
-rw-r--r--lass/2configs/gg23.nix2
-rw-r--r--lass/2configs/htop.nix1
-rw-r--r--lass/2configs/mpv.nix2
-rw-r--r--lass/2configs/pass.nix2
-rw-r--r--lass/2configs/power-action.nix9
-rw-r--r--lass/2configs/review.nix14
-rw-r--r--lass/2configs/websites/domsen.nix45
-rw-r--r--lass/2configs/websites/lassulus.nix1
-rw-r--r--lass/2configs/wine.nix3
-rw-r--r--lass/2configs/xonsh.nix7
-rw-r--r--lass/3modules/browsers.nix13
-rw-r--r--lass/3modules/xjail.nix1
-rw-r--r--lass/5pkgs/tdlib-purple/default.nix22
26 files changed, 162 insertions, 61 deletions
diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix
index 3e0b1674a..227c5e1e9 100644
--- a/lass/1systems/coaxmetal/config.nix
+++ b/lass/1systems/coaxmetal/config.nix
@@ -16,38 +16,54 @@
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/nfs-dl.nix>
+ # <stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/bitcoin.nix>
+
+ <stockholm/lass/2configs/xonsh.nix>
+ <stockholm/lass/2configs/review.nix>
+ <stockholm/lass/2configs/dunst.nix>
+ # <stockholm/krebs/2configs/ircd.nix>
];
krebs.build.host = config.krebs.hosts.coaxmetal;
- environment.shellAliases = {
- deploy = pkgs.writeDash "deploy" ''
+ environment.systemPackages = with pkgs; [
+ brain
+ bank
+ l-gen-secrets
+ (pkgs.writeDashBin "deploy" ''
set -eu
export SYSTEM="$1"
$(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
- '';
- usb-tether-on = pkgs.writeDash "usb-tether-on" ''
+ '')
+ (pkgs.writeDashBin "usb-tether-on" ''
adb shell su -c service call connectivity 33 i32 1 s16 text
- '';
- usb-tether-off = pkgs.writeDash "usb-tether-off" ''
+ '')
+ (pkgs.writeDashBin "usb-tether-off" ''
adb shell su -c service call connectivity 33 i32 0 s16 text
- '';
- };
+ '')
+ ];
programs.adb.enable = true;
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
- # config.General.Disable = "Headset";
- extraConfig = ''
- [General]
- Disable = Headset
- '';
};
hardware.pulseaudio.package = pkgs.pulseaudioFull;
+
+ lass.browser.config = {
+ dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
+ ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; };
+ fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
+ };
+
+ nix.trustedUsers = [ "root" "lass" ];
+
+ services.tor = {
+ enable = true;
+ client.enable = true;
+ };
}
diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix
index c94740c54..3632ffd3e 100644
--- a/lass/1systems/coaxmetal/physical.nix
+++ b/lass/1systems/coaxmetal/physical.nix
@@ -7,6 +7,7 @@
networking.hostId = "e0c335ea";
boot.zfs.requestEncryptionCredentials = true;
+ boot.zfs.enableUnstable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
enable = true;
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index d84502b3f..b84ce6acf 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -19,6 +19,7 @@ with import <stockholm/lib>;
"networkmanager"
];
useDefaultShell = true;
+ isNormalUser = true;
};
networking.networkmanager.enable = true;
networking.wireless.enable = mkForce false;
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index fbd2d223f..d7bf62b40 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -23,7 +23,7 @@ with import <stockholm/lib>;
users.users.mainUser.openssh.authorizedKeys.keys = [
config.krebs.users.lass-android.pubkey
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel
];
krebs.bindfs = {
diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix
index 837872bf5..0b1aff4a8 100644
--- a/lass/1systems/icarus/physical.nix
+++ b/lass/1systems/icarus/physical.nix
@@ -45,16 +45,5 @@
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
- services.thinkfan.enable = true;
- services.thinkfan.levels = ''
- (0, 0, 55)
- (1, 48, 60)
- (2, 50, 61)
- (3, 52, 63)
- (6, 60, 85)
- (7, 80, 90)
- (127, 89, 32767)
- '';
-
services.logind.lidSwitch = "ignore";
}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 25d688696..89a386139 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -345,6 +345,7 @@ with import <stockholm/lib>;
home = "/var/download";
useDefaultShell = true;
uid = genid "download";
+ isSystemUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-android.pubkey
diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix
index b50dc63f5..c3ce8fced 100644
--- a/lass/1systems/uriel/config.nix
+++ b/lass/1systems/uriel/config.nix
@@ -23,6 +23,7 @@ with import <stockholm/lib>;
"networkmanager"
];
useDefaultShell = true;
+ isNormalUser = true;
};
networking.networkmanager.enable = true;
hardware.pulseaudio = {
diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix
index 22c80b4da..bf818a9b2 100644
--- a/lass/1systems/xerxes/config.nix
+++ b/lass/1systems/xerxes/config.nix
@@ -81,11 +81,6 @@
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
- # config.General.Disable = "Headset";
- extraConfig = ''
- [General]
- Disable = Headset
- '';
};
hardware.pulseaudio.package = pkgs.pulseaudioFull;
# hardware.pulseaudio.configFile = pkgs.writeText "default.pa" ''
diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix
index 9f6fd3bf0..9aa97a8ce 100644
--- a/lass/2configs/bitcoin.nix
+++ b/lass/2configs/bitcoin.nix
@@ -4,12 +4,6 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
- krebs.per-user.bch.packages = [
- pkgs.electron-cash
- ];
- krebs.per-user.bitcoin.packages = [
- pkgs.electrum
- ];
users.extraUsers = {
bch = {
name = "bch";
@@ -17,6 +11,8 @@ in {
home = "/home/bch";
useDefaultShell = true;
createHome = true;
+ packages = [ pkgs.electron-cash ];
+ isNormalUser = true;
};
bitcoin = {
name = "bitcoin";
@@ -24,10 +20,25 @@ in {
home = "/home/bitcoin";
useDefaultShell = true;
createHome = true;
+ packages = [ pkgs.electrum ];
+ isNormalUser = true;
+ };
+ monero = {
+ name = "monero";
+ description = "user for monero stuff";
+ home = "/home/monero";
+ useDefaultShell = true;
+ createHome = true;
+ packages = [
+ pkgs.monero
+ pkgs.monero-gui
+ ];
+ isNormalUser = true;
};
};
security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
- ${mainUser.name} ALL=(bch) NOPASSWD: ALL
+ ${mainUser.name} ALL=(bch) ALL
+ ${mainUser.name} ALL=(bitcoin) ALL
+ ${mainUser.name} ALL=(monero) ALL
'';
}
diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix
index 3d87fb620..f32f062ff 100644
--- a/lass/2configs/ciko.nix
+++ b/lass/2configs/ciko.nix
@@ -10,6 +10,7 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr"
];
+ isNormalUser = true;
};
system.activationScripts.user-shadow = ''
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 7b6f01148..193f4bef1 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -32,6 +32,7 @@ with import <stockholm/lib>;
group = "users";
createHome = true;
useDefaultShell = true;
+ isNormalUser = true;
extraGroups = [
"audio"
"fuse"
@@ -88,9 +89,7 @@ with import <stockholm/lib>;
services.timesyncd.enable = mkForce true;
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -"
- ];
+ boot.tmpOnTmpfs = true;
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
diff --git a/lass/2configs/elster.nix b/lass/2configs/elster.nix
index e3a88c789..5d68def35 100644
--- a/lass/2configs/elster.nix
+++ b/lass/2configs/elster.nix
@@ -12,6 +12,7 @@ in {
useDefaultShell = true;
extraGroups = [];
createHome = true;
+ isNormalUser = true;
};
};
krebs.per-user.elster.packages = [
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 67f250ef3..829773b87 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -78,6 +78,7 @@ in {
# vdoomserver
retroarchBare
];
+ isNormalUser = true;
};
};
diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix
index 3d4c1e306..89ccae408 100644
--- a/lass/2configs/gg23.nix
+++ b/lass/2configs/gg23.nix
@@ -8,6 +8,8 @@ with import <stockholm/lib>;
prefixLength = 24;
}];
+ networking.domain = "gg23";
+
services.dhcpd4 = {
enable = true;
interfaces = [ "int0" ];
diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix
index d9307347e..629d74235 100644
--- a/lass/2configs/htop.nix
+++ b/lass/2configs/htop.nix
@@ -3,7 +3,6 @@
with import <stockholm/lib>;
{
- security.hideProcessInformation = true;
nixpkgs.config.packageOverrides = super: {
htop = pkgs.symlinkJoin {
name = "htop";
diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix
index 210551a62..7512787fe 100644
--- a/lass/2configs/mpv.nix
+++ b/lass/2configs/mpv.nix
@@ -80,7 +80,7 @@ let
name = "mpv";
paths = [
(pkgs.writeDashBin "mpv" ''
- exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@"
+ exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config "$@" # TODO renable autosub when subliminal is in 21.05 again
'')
pkgs.mpv
];
diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
index 6b2a0142a..48070ea06 100644
--- a/lass/2configs/pass.nix
+++ b/lass/2configs/pass.nix
@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
- users.users.lass.packages = with pkgs; [
+ users.users.mainUser.packages = with pkgs; [
(pass.withExtensions (ext: [ ext.pass-otp ]))
gnupg
];
diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix
index c7bdb525d..648ffc784 100644
--- a/lass/2configs/power-action.nix
+++ b/lass/2configs/power-action.nix
@@ -32,9 +32,12 @@ in {
user = "lass";
};
- users.users.power-action.extraGroups = [
- "audio"
- ];
+ users.users.power-action = {
+ isNormalUser = true;
+ extraGroups = [
+ "audio"
+ ];
+ };
security.sudo.extraConfig = ''
${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend}
diff --git a/lass/2configs/review.nix b/lass/2configs/review.nix
new file mode 100644
index 000000000..658f32084
--- /dev/null
+++ b/lass/2configs/review.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+
+let
+ mainUser = config.users.extraUsers.mainUser;
+in {
+
+ users.users.review = {
+ isNormalUser = true;
+ packages = [ pkgs.nixpkgs-review ];
+ };
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(review) NOPASSWD: ALL
+ '';
+}
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index c43c8c902..e603f49da 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -170,6 +170,7 @@ in {
home = "/home/UBIK-SFTP";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.xanf = {
@@ -178,6 +179,7 @@ in {
home = "/home/xanf";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.domsen = {
@@ -185,8 +187,9 @@ in {
description = "maintenance acc for domsen";
home = "/home/domsen";
useDefaultShell = true;
- extraGroups = [ "nginx" "download" ];
+ extraGroups = [ "syncthing" "download" "xanf" ];
createHome = true;
+ isNormalUser = true;
};
users.users.bruno = {
@@ -194,6 +197,7 @@ in {
home = "/home/bruno";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.jla-trading = {
@@ -201,6 +205,7 @@ in {
home = "/home/jla-trading";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.jms = {
@@ -208,6 +213,7 @@ in {
home = "/home/jms";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.ms = {
@@ -215,6 +221,7 @@ in {
home = "/home/ms";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.testuser = {
@@ -222,20 +229,23 @@ in {
home = "/home/testuser";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
- users.users.akayguen = {
- uid = genid_uint31 "akayguen";
- home = "/home/akayguen";
- useDefaultShell = true;
- createHome = true;
- };
+ #users.users.akayguen = {
+ # uid = genid_uint31 "akayguen";
+ # home = "/home/akayguen";
+ # useDefaultShell = true;
+ # createHome = true;
+ # isNormalUser = true;
+ #};
users.users.bui = {
uid = genid_uint31 "bui";
home = "/home/bui";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.klabusterbeere = {
@@ -243,6 +253,7 @@ in {
home = "/home/klabusterbeere";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.kasia = {
@@ -250,6 +261,7 @@ in {
home = "/home/kasia";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.XANF_TEAM = {
@@ -258,6 +270,25 @@ in {
home = "/home/XANF_TEAM";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
+ };
+
+ users.users.dif = {
+ uid = genid_uint31 "dif";
+ home = "/home/dif";
+ useDefaultShell = true;
+ extraGroups = [ "xanf" ];
+ createHome = true;
+ isNormalUser = true;
+ };
+
+ users.users.lavafilms = {
+ uid = genid_uint31 "lavafilms";
+ home = "/home/lavafilms";
+ useDefaultShell = true;
+ extraGroups = [ "xanf" ];
+ createHome = true;
+ isNormalUser = true;
};
users.groups.xanf = {};
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 17df71310..bb983b78e 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -97,6 +97,7 @@ in {
home = "/srv/http/lassul.us";
useDefaultShell = true;
createHome = true;
+ isSystemUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-mors.pubkey
diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix
index 5cb019c13..5476624c9 100644
--- a/lass/2configs/wine.nix
+++ b/lass/2configs/wine.nix
@@ -14,8 +14,9 @@ in {
];
createHome = true;
packages = [
- pkgs.wineMinimal
+ pkgs.wineWowPackages.stable
];
+ isNormalUser = true;
};
};
security.sudo.extraConfig = ''
diff --git a/lass/2configs/xonsh.nix b/lass/2configs/xonsh.nix
new file mode 100644
index 000000000..23ed28847
--- /dev/null
+++ b/lass/2configs/xonsh.nix
@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+{
+ environment.systemPackages = [
+ pkgs.xonsh
+ pkgs.xonsh2
+ ];
+}
diff --git a/lass/3modules/browsers.nix b/lass/3modules/browsers.nix
index 0c77d4da8..4171abdb6 100644
--- a/lass/3modules/browsers.nix
+++ b/lass/3modules/browsers.nix
@@ -5,7 +5,9 @@ let
cfg = config.lass.browser;
browserScripts = {
- chromium = "${pkgs.chromium}/bin/chromium";
+ brave = "${pkgs.brave}/bin/brave";
+ chrome = "${pkgs.google-chrome}/bin/chrome";
+ chromium = "${pkgs.ungoogled-chromium}/bin/chromium";
firefox = "${pkgs.firefox.override {
extraNativeMessagingHosts = [ pkgs.tridactyl-native ];
}}/bin/firefox";
@@ -14,8 +16,9 @@ let
browser-select = let
sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
+ (filter (x: ! x.value.hidden)
(mapAttrsToList (name: value: { inherit name value; })
- cfg.config);
+ cfg.config));
in if (lib.length sortedPaths) > 1 then
pkgs.writeScriptBin "browser-select" ''
BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
@@ -48,6 +51,10 @@ in {
type = types.str;
default = config._module.args.name;
};
+ hidden = mkOption {
+ type = types.bool;
+ default = false;
+ };
precedence = mkOption {
type = types.int;
default = 0;
@@ -58,7 +65,7 @@ in {
};
browser = mkOption {
type = types.enum (attrNames browserScripts);
- default = "chromium";
+ default = "brave";
};
groups = mkOption {
type = types.listOf types.str;
diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix
index 37f90ee1c..526e12db7 100644
--- a/lass/3modules/xjail.nix
+++ b/lass/3modules/xjail.nix
@@ -147,6 +147,7 @@ with import <stockholm/lib>;
useDefaultShell = true;
createHome = true;
extraGroups = cfg.groups;
+ isNormalUser = true;
}
) config.lass.xjail;
diff --git a/lass/5pkgs/tdlib-purple/default.nix b/lass/5pkgs/tdlib-purple/default.nix
index 54841588e..d7937da58 100644
--- a/lass/5pkgs/tdlib-purple/default.nix
+++ b/lass/5pkgs/tdlib-purple/default.nix
@@ -1,6 +1,24 @@
-{ stdenv, fetchFromGitHub, cmake, tdlib, pidgin, libwebp, libtgvoip } :
+{ stdenv, pkgs, fetchFromGitHub, cmake, pidgin, libwebp, libtgvoip } :
-stdenv.mkDerivation rec {
+let
+
+ tdlib = stdenv.mkDerivation rec {
+ version = "1.6.0";
+ pname = "tdlib";
+
+ src = fetchFromGitHub {
+ owner = "tdlib";
+ repo = "td";
+ rev = "v${version}";
+ sha256 = "0zlzpl6fgszg18kwycyyyrnkm255dvc6fkq0b0y32m5wvwwl36cv";
+ };
+
+ buildInputs = with pkgs; [ gperf openssl readline zlib ];
+ nativeBuildInputs = [ pkgs.cmake ];
+
+ };
+
+in stdenv.mkDerivation rec {
pname = "tdlib-purple";
version = "0.7.8";