summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/echelon.nix45
-rw-r--r--lass/1systems/mors.nix1
-rw-r--r--lass/1systems/uriel.nix2
-rw-r--r--lass/2configs/base.nix11
-rw-r--r--lass/2configs/browsers.nix43
-rw-r--r--lass/2configs/chromium-patched.nix16
-rw-r--r--lass/2configs/desktop-base.nix1
-rw-r--r--lass/2configs/retiolum.nix2
-rw-r--r--lass/2configs/steam.nix19
-rw-r--r--lass/2configs/virtualbox.nix1
-rw-r--r--lass/2configs/zsh.nix126
-rw-r--r--lass/4lib/default.nix4
-rw-r--r--lass/5pkgs/default.nix2
13 files changed, 241 insertions, 32 deletions
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
new file mode 100644
index 000000000..92976366f
--- /dev/null
+++ b/lass/1systems/echelon.nix
@@ -0,0 +1,45 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
+ inherit (lib) head;
+
+ ip = (head config.krebs.hosts.echelon.nets.internet.addrs4);
+in {
+ imports = [
+ ../../tv/2configs/CAC-Developer-2.nix
+ ../../tv/2configs/CAC-CentOS-7-64bit.nix
+ ../2configs/base.nix
+ ../2configs/retiolum.nix
+ {
+ networking.interfaces.enp2s1.ip4 = [
+ {
+ address = ip;
+ prefixLength = 24;
+ }
+ ];
+ networking.defaultGateway = getDefaultGateway ip;
+ networking.nameservers = [
+ "8.8.8.8"
+ ];
+
+ }
+ ];
+
+ krebs.build = {
+ user = config.krebs.users.lass;
+ target = "root@${ip}";
+ host = config.krebs.hosts.echelon;
+ deps = {
+ secrets = {
+ url = "/home/lass/secrets/${config.krebs.build.host.name}";
+ };
+ stockholm = {
+ url = toString ../..;
+ };
+ };
+ };
+
+ networking.hostName = "echelon";
+
+}
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index d07fe14d9..4724fd3e3 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -171,6 +171,7 @@
};
environment.systemPackages = with pkgs; [
+ cac
];
#TODO: fix this shit
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 7c3d08123..bb98975e4 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -16,7 +16,7 @@ with builtins;
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = map readFile [
- ../../Zpubkeys/uriel.ssh.pub
+ ../../krebs/Zpubkeys/uriel.ssh.pub
];
};
};
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index d44a19c1e..6774845c0 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -5,6 +5,7 @@ with lib;
imports = [
../3modules/iptables.nix
../2configs/vim.nix
+ ../2configs/zsh.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
@@ -14,7 +15,7 @@ with lib;
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = map readFile [
- ../../Zpubkeys/lass.ssh.pub
+ ../../krebs/Zpubkeys/lass.ssh.pub
];
};
mainUser = {
@@ -29,7 +30,7 @@ with lib;
"wheel"
];
openssh.authorizedKeys.keys = map readFile [
- ../../Zpubkeys/lass.ssh.pub
+ ../../krebs/Zpubkeys/lass.ssh.pub
];
};
};
@@ -42,7 +43,7 @@ with lib;
exim-retiolum.enable = true;
build.deps.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
- rev = "58a82ff50b8605b88a8f66481d8c85bf8ab53be3";
+ rev = "e74d0e7ff83c16846a81e1173543f180ad565076";
};
};
@@ -147,4 +148,8 @@ with lib;
};
};
+ networking.dhcpcd.extraConfig = ''
+ noipv4ll
+ '';
+
}
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 9849c829a..4fe06b729 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -4,7 +4,7 @@ let
inherit (import ../4lib { inherit pkgs lib; }) simpleScript;
mainUser = config.users.extraUsers.mainUser;
- createBrowserUser = name: extraGroups: packages:
+ createChromiumUser = name: extraGroups: packages:
{
users.extraUsers = {
${name} = {
@@ -26,16 +26,47 @@ let
];
};
+ createFirefoxUser = name: extraGroups: packages:
+ {
+ users.extraUsers = {
+ ${name} = {
+ inherit name;
+ inherit extraGroups;
+ home = "/home/${name}";
+ useDefaultShell = true;
+ createHome = true;
+ };
+ };
+ lass.per-user.${name}.packages = packages;
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
+ '';
+ environment.systemPackages = [
+ (simpleScript name ''
+ sudo -u ${name} -i firefox $@
+ '')
+ ];
+ };
+
+ #TODO: abstract this
+
in {
+ environment.systemPackages = [
+ (simpleScript "browser-select" ''
+ BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu)
+ $BROWSER $@
+ '')
+ ];
+
imports = [
../3modules/per-user.nix
] ++ [
- ( createBrowserUser "ff" [ "audio" ] [ pkgs.firefox ] )
- ( createBrowserUser "cr" [ "audio" ] [ pkgs.chromium ] )
- ( createBrowserUser "fb" [ ] [ pkgs.chromium ] )
- ( createBrowserUser "gm" [ ] [ pkgs.chromium ] )
- ( createBrowserUser "flash" [ ] [ pkgs.flash ] )
+ ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
+ ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
+ ( createChromiumUser "fb" [ ] [ pkgs.chromium ] )
+ ( createChromiumUser "gm" [ ] [ pkgs.chromium ] )
+ ( createChromiumUser "flash" [ ] [ pkgs.flash ] )
];
nixpkgs.config.packageOverrides = pkgs : {
diff --git a/lass/2configs/chromium-patched.nix b/lass/2configs/chromium-patched.nix
index 715181778..d9d7760dd 100644
--- a/lass/2configs/chromium-patched.nix
+++ b/lass/2configs/chromium-patched.nix
@@ -37,12 +37,12 @@ let
in {
environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy;
- environment.systemPackages = [
- #pkgs.chromium
- (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
- buildCommand = attrs.buildCommand + ''
- touch $out/TEST123
- '';
- }))
- ];
+ #environment.systemPackages = [
+ # #pkgs.chromium
+ # (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
+ # buildCommand = attrs.buildCommand + ''
+ # touch $out/TEST123
+ # '';
+ # }))
+ #];
}
diff --git a/lass/2configs/desktop-base.nix b/lass/2configs/desktop-base.nix
index 9b98e4a8b..52c29d7e8 100644
--- a/lass/2configs/desktop-base.nix
+++ b/lass/2configs/desktop-base.nix
@@ -58,6 +58,7 @@ in {
layout = "us";
xkbModel = "evdev";
xkbVariant = "altgr-intl";
+ xkbOptions = "caps:backspace";
};
}
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index 7c7f2b4d4..17cd1d822 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -17,7 +17,7 @@
krebs.retiolum = {
enable = true;
- hosts = ../../Zhosts;
+ hosts = ../../krebs/Zhosts;
connectTo = [
"fastpoke"
"cloudkrebs"
diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix
index 7d088fc6a..bd895e156 100644
--- a/lass/2configs/steam.nix
+++ b/lass/2configs/steam.nix
@@ -16,15 +16,14 @@
environment.systemPackages = with pkgs; [
steam
];
- networking.firewall = {
- allowedUDPPorts = [
- 27031
- 27036
- ];
- allowedTCPPorts = [
- 27036
- 27037
- ];
+ lass.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 27031"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 27036"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 27031"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 27036"; target = "ACCEPT"; }
+ ];
+ };
};
-
}
diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix
index ad7ac1429..9769cd68d 100644
--- a/lass/2configs/virtualbox.nix
+++ b/lass/2configs/virtualbox.nix
@@ -4,7 +4,6 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
- virtualisation.virtualbox.host.enable = true;
users.extraUsers = {
virtual = {
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
new file mode 100644
index 000000000..646e816fd
--- /dev/null
+++ b/lass/2configs/zsh.nix
@@ -0,0 +1,126 @@
+{ config, lib, pkgs, ... }:
+{
+ programs.zsh = {
+ enable = true;
+ shellInit = ''
+ #disable config wizard
+ zsh-newuser-install() { :; }
+ '';
+ interactiveShellInit = ''
+ HISTFILE=~/.histfile
+ HISTSIZE=1000000
+ SAVEHIST=100000
+ #unsetopt nomatch
+ setopt autocd extendedglob
+ bindkey -e
+ zstyle :compinstall filename '/home/lass/.zshrc'
+
+ #history magic
+ bindkey "" up-line-or-local-history
+ bindkey "" down-line-or-local-history
+
+ up-line-or-local-history() {
+ zle set-local-history 1
+ zle up-line-or-history
+ zle set-local-history 0
+ }
+ zle -N up-line-or-local-history
+ down-line-or-local-history() {
+ zle set-local-history 1
+ zle down-line-or-history
+ zle set-local-history 0
+ }
+ zle -N down-line-or-local-history
+
+ setopt share_history
+ setopt hist_ignore_dups
+ # setopt inc_append_history
+ bindkey '^R' history-incremental-search-backward
+
+ #C-x C-e open line in editor
+ autoload -z edit-command-line
+ zle -N edit-command-line
+ bindkey "^X^E" edit-command-line
+
+ #completion magic
+ fpath=(~/.zsh/completions $fpath)
+ autoload -Uz compinit
+ compinit
+ zstyle ':completion:*' menu select
+
+ #enable automatic rehashing of $PATH
+ zstyle ':completion:*' rehash true
+
+
+ #eval $( dircolors -b ~/.LS_COLORS )
+
+ #exports
+ export EDITOR='vim'
+ export MANPAGER='most'
+ export PAGER='vim -'
+ # export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -'
+
+ #beautiful colors
+ alias ls='ls --color'
+ zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
+
+ #emacs bindings
+ bindkey "[7~" beginning-of-line
+ bindkey "[8~" end-of-line
+ bindkey "Oc" emacs-forward-word
+ bindkey "Od" emacs-backward-word
+
+ #aliases
+ alias ll='ls -l'
+ alias la='ls -la'
+ alias pinginet='ping 8.8.8.8'
+ alias du='du -hd1'
+ alias qiv="qiv -f -m"
+ alias zshres="source ~/.zshrc"
+
+ #fancy window title magic
+ case $TERM in
+ (*xterm* | *rxvt*)
+
+ # Write some info to terminal title.
+ # This is seen when the shell prompts for input.
+ function precmd {
+ print -Pn "\e]0;%(1j,%j job%(2j|s|); ,)%~\a"
+ }
+ # Write command and args to terminal title.
+ # This is seen while the shell waits for a command to complete.
+ function preexec {
+ printf "\033]0;%s\a" "$1"
+ }
+ ;;
+ esac
+ '';
+ promptInit = ''
+ autoload -U promptinit
+ promptinit
+
+ error='%(?..%F{red}%?%f )'
+
+ case $UID in
+ 0)
+ username='%F{red}root%f'
+ ;;
+ 1337)
+ username=""
+ ;;
+ *)
+ username='%F{blue}%n%f'
+ ;;
+ esac
+
+ if test -n "$SSH_CLIENT"; then
+ PROMPT="$error$username@%F{magenta}%M%f %~ "
+ else
+ PROMPT="$error$username %~ "
+ fi
+
+
+ '';
+ };
+ users.defaultUserShell = "/run/current-system/sw/bin/zsh";
+}
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
index 21a083d1a..2e493177d 100644
--- a/lass/4lib/default.nix
+++ b/lass/4lib/default.nix
@@ -17,4 +17,8 @@ krebs // rec {
ln -s ${pkgs.writeScript name content} $out/bin/${name}
'';
};
+
+ getDefaultGateway = ip:
+ concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
+
}
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index c776262ff..6df35b905 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -2,10 +2,8 @@
let
inherit (pkgs) callPackage;
- kpkgs = import ../../krebs/5pkgs { inherit pkgs; };
in
-kpkgs //
rec {
bitlbee-dev = callPackage ./bitlbee-dev.nix {};
bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; };