From 572528a87a844f55cc517bc8df32140bacd0a7d8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 8 Sep 2016 21:04:18 +0200 Subject: l 2 backups: uriel -> shodan --- lass/2configs/backups.nix | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix index 7d3046d43..916e08219 100644 --- a/lass/2configs/backups.nix +++ b/lass/2configs/backups.nix @@ -23,10 +23,10 @@ with config.krebs.lib; dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; }; startAt = "03:05"; }; - dishfire-http-uriel = { + dishfire-http-shodan = { method = "pull"; src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-http"; }; + dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-http"; }; startAt = "03:10"; }; dishfire-sql-prism = { @@ -41,10 +41,10 @@ with config.krebs.lib; dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; }; startAt = "03:20"; }; - dishfire-sql-uriel = { + dishfire-sql-shodan = { method = "pull"; src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; }; + dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-sql"; }; startAt = "03:25"; }; prism-bitlbee-mors = { @@ -53,10 +53,10 @@ with config.krebs.lib; dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; }; startAt = "03:25"; }; - prism-bitlbee-uriel = { + prism-bitlbee-shodan = { method = "pull"; src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; }; - dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-bitlbee"; }; + dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-bitlbee"; }; startAt = "03:25"; }; prism-chat-mors = { @@ -65,10 +65,10 @@ with config.krebs.lib; dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; }; startAt = "03:30"; }; - prism-chat-uriel = { + prism-chat-shodan = { method = "pull"; src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; - dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; }; + dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-chat"; }; startAt = "03:35"; }; prism-sql-mors = { @@ -77,10 +77,10 @@ with config.krebs.lib; dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; }; startAt = "03:40"; }; - prism-sql-uriel = { + prism-sql-shodan = { method = "pull"; src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; }; + dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-sql_dumps"; }; startAt = "03:45"; }; prism-http-mors = { @@ -89,22 +89,22 @@ with config.krebs.lib; dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; }; startAt = "03:50"; }; - prism-http-uriel = { + prism-http-shodan = { method = "pull"; src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; }; + dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-http"; }; startAt = "03:55"; }; - uriel-home-mors = { + shodan-home-mors = { method = "pull"; - src = { host = config.krebs.hosts.uriel; path = "/home"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; }; + src = { host = config.krebs.hosts.shodan; path = "/home"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/shodan-home"; }; startAt = "04:00"; }; - mors-home-uriel = { + mors-home-shodan = { method = "push"; src = { host = config.krebs.hosts.mors; path = "/home"; }; - dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; }; + dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; }; startAt = "05:00"; }; dishfire-http-helios = { -- cgit v1.2.3 From b02eec11b6ff2dca11bbdefc396dd7bbbe202b0d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 8 Sep 2016 21:05:35 +0200 Subject: l 2: remove uriel from authorizedKeys --- lass/2configs/default.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 5575b7e7b..af3ed1d36 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -21,7 +21,6 @@ with config.krebs.lib; root = { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.lass-uriel.pubkey config.krebs.users.lass-shodan.pubkey ]; }; @@ -37,7 +36,6 @@ with config.krebs.lib; ]; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.lass-uriel.pubkey config.krebs.users.lass-shodan.pubkey ]; }; -- cgit v1.2.3 From 88dd0cbc7d6e9dc40cf70699d8b89804fdbd6788 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 8 Sep 2016 21:06:50 +0200 Subject: l 2 websites: set uploadsize limit to 100m --- lass/2configs/websites/domsen.nix | 3 +++ lass/2configs/websites/util.nix | 1 + 2 files changed, 4 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index d5ad38c07..f500b8261 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -132,6 +132,9 @@ in { extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so sendmail_path = "${sendmail} -t -i" always_populate_raw_post_data = -1 + upload_max_filesize = 100M + post_max_size = 100M + file_uploads = on ''; } '' cat ${pkgs.php}/etc/php-recommended.ini > $out diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 330d8ba86..467229c0c 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -188,6 +188,7 @@ rec { error_log /tmp/nginx_err.log; error_page 404 /404.html; error_page 500 502 503 504 /50x.html; + client_max_body_size 100m; ''; locations = [ (nameValuePair "/" '' -- cgit v1.2.3 From c298a6769dbb05ecb760049836e73c55703c23ee Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 8 Sep 2016 21:23:51 +0200 Subject: l 2 websites domsen: enable dovecot2 with pam auth --- lass/2configs/websites/domsen.nix | 71 ++++++++++++++++++++++++++++++++++----- 1 file changed, 62 insertions(+), 9 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index f500b8261..2f93c1f9c 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -1,9 +1,11 @@ { config, pkgs, lib, ... }: let + inherit (import { config = {}; inherit lib; }) genid - ; + genid_signed + ; inherit (import {inherit lib pkgs;}) ssl servePage @@ -20,6 +22,25 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; + check-password = pkgs.writeDash "check-password" '' + read pw + + file="/home/$PAM_USER/.shadow" + + #check if shadow file exists + test -e "$file" || exit 123 + + hash="$(${pkgs.coreutils}/bin/head -1 $file)" + salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')" + + calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)" + if [ "$calc_hash" == $hash ]; then + exit 0 + else + exit 1 + fi + ''; + in { imports = [ ./sqlBackup.nix @@ -143,21 +164,53 @@ in { # MAIL STUFF # TODO: make into its own module - services.dovecot2 = { - enable = true; - mailLocation = "maildir:~/Mail"; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport pop3"; target = "ACCEPT"; } - { predicate = "-p tcp --dport imap"; target = "ACCEPT"; } - ]; + services.dovecot2 = { + enable = true; + mailLocation = "maildir:~/Mail"; + sslServerCert = "/var/lib/acme/lassul.us/fullchain.pem"; + sslServerKey = "/var/lib/acme/lassul.us/key.pem"; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport pop3s"; target = "ACCEPT"; } + { predicate = "-p tcp --dport imaps"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 465"; target = "ACCEPT"; } + ]; + + security.pam.services.exim.text = '' + auth required pam_env.so + auth sufficient pam_exec.so debug expose_authtok ${check-password} + auth sufficient pam_unix.so likeauth nullok + auth required pam_deny.so + account required pam_unix.so + password required pam_cracklib.so retry=3 type= + password sufficient pam_unix.so nullok use_authtok md5shadow + password required pam_deny.so + session required pam_limits.so + session required pam_unix.so + ''; + krebs.exim-smarthost = { + authenticators.PLAIN = '' + driver = plaintext + server_prompts = : + server_condition = "''${if pam{$auth2:$auth3}{yes}{no}}" + server_set_id = $auth2 + ''; + authenticators.LOGIN = '' + driver = plaintext + server_prompts = "Username:: : Password::" + server_condition = "''${if pam{$auth1:$auth2}{yes}{no}}" + server_set_id = $auth1 + ''; internet-aliases = [ { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } + { from = "testuser@lassul.us"; to = "testuser"; } ]; system-aliases = [ ]; + ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; + ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; users.users.domsen = { -- cgit v1.2.3 From f9148e16d478bdf6339d194cd9c8770ff244e759 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Sep 2016 00:04:48 +0200 Subject: l 2: add iodined.nix & import in prism --- lass/2configs/iodined.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 lass/2configs/iodined.nix (limited to 'lass/2configs') diff --git a/lass/2configs/iodined.nix b/lass/2configs/iodined.nix new file mode 100644 index 000000000..3108a6b23 --- /dev/null +++ b/lass/2configs/iodined.nix @@ -0,0 +1,20 @@ +{ pkgs, config, ... }: + +let + # TODO: make this a parameter + domain = "io.lassul.us"; + pw = import ; +in { + + services.iodined = { + enable = true; + domain = domain; + ip = "172.16.10.1/24"; + extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 54"; target = "ACCEPT";} + ]; + +} -- cgit v1.2.3 From ab3a0b86066a440215d4a5104468a480832eaa2b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Sep 2016 00:13:56 +0200 Subject: l 2 tests: add iodinepw.nix to dummy-secrets --- lass/2configs/tests/dummy-secrets/iodinepw.nix | 1 + 1 file changed, 1 insertion(+) create mode 100644 lass/2configs/tests/dummy-secrets/iodinepw.nix (limited to 'lass/2configs') diff --git a/lass/2configs/tests/dummy-secrets/iodinepw.nix b/lass/2configs/tests/dummy-secrets/iodinepw.nix new file mode 100644 index 000000000..f5e704702 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/iodinepw.nix @@ -0,0 +1 @@ +"derp" -- cgit v1.2.3 From fbadb5cd59158305a2358e2a240f2fda6666894c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 1 Oct 2016 02:16:47 +0200 Subject: l 2 iodined: add -c to running command --- lass/2configs/iodined.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/iodined.nix b/lass/2configs/iodined.nix index 3108a6b23..a02dab97c 100644 --- a/lass/2configs/iodined.nix +++ b/lass/2configs/iodined.nix @@ -10,7 +10,7 @@ in { enable = true; domain = domain; ip = "172.16.10.1/24"; - extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; + extraConfig = "-c -P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; }; krebs.iptables.tables.filter.INPUT.rules = [ -- cgit v1.2.3 From 8c618dd3f0e282a4b9235c66202b05dccff158d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 1 Oct 2016 02:17:17 +0200 Subject: l 2 iodined: open the correct port --- lass/2configs/iodined.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/iodined.nix b/lass/2configs/iodined.nix index a02dab97c..ff254f39d 100644 --- a/lass/2configs/iodined.nix +++ b/lass/2configs/iodined.nix @@ -14,7 +14,7 @@ in { }; krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 54"; target = "ACCEPT";} + { predicate = "-p udp --dport 53"; target = "ACCEPT";} ]; } -- cgit v1.2.3 From 836f1d3277e97945d0029c7458ab548eb41722dd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 1 Oct 2016 02:51:26 +0200 Subject: l 2 nixpkgs: 3fb009d -> 8a89481 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 9e3fe888c..879da19bb 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/lassulus/nixpkgs; - ref = "3fb009d94e70f5d1151f4ec239a90d2de1979a74"; + ref = "8a8948167324f67d26a1c7ddc8e387128332b622"; }; } -- cgit v1.2.3 From 6ebb34aac192037c7d65e736c9ad48ad693aa894 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:37:12 +0200 Subject: l 2 browsers: refactor, generate more stuff --- lass/2configs/browsers.nix | 70 +++++++++++++++++++++++++++++++--------------- 1 file changed, 47 insertions(+), 23 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index ea79053ce..90f420674 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,11 +1,28 @@ { config, lib, pkgs, ... }: +with config.krebs.lib; let - inherit (config.krebs.lib) genid; mainUser = config.users.extraUsers.mainUser; - createChromiumUser = name: extraGroups: packages: - { + + browser-select = pkgs.writeScriptBin "browser-select" '' + BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu) + case $BROWSER in + ${concatMapStringsSep "\n" (n: '' + ${n}) + export BIN=${config.lass.browser.paths.${n}}/bin/${n} + ;; + '') (attrNames config.lass.browser.paths)} + esac + $BIN "$@" + ''; + + createChromiumUser = name: extraGroups: + let + bin = pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ + ''; + in { users.extraUsers.${name} = { inherit name; inherit extraGroups; @@ -14,19 +31,21 @@ let useDefaultShell = true; createHome = true; }; - krebs.per-user.${name}.packages = packages; + lass.browser.paths.${name} = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i chromium $@ - '') + bin ]; }; - createFirefoxUser = name: extraGroups: packages: - { + createFirefoxUser = name: extraGroups: + let + bin = pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + ''; + in { users.extraUsers.${name} = { inherit name; inherit extraGroups; @@ -35,14 +54,12 @@ let useDefaultShell = true; createHome = true; }; - krebs.per-user.${name}.packages = packages; + lass.browser.paths.${name} = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i firefox $@ - '') + bin ]; }; @@ -50,19 +67,26 @@ let in { + lass.browser.select = browser-select; + environment.systemPackages = [ - (pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "ff\ncr\nwk\nfb\ngm\nflash" | dmenu) - $BROWSER $@ - '') + browser-select ]; imports = [ - ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] ) - ( createChromiumUser "cr" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "wk" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "fb" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "gm" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "com" [ "video" "audio" ] [ pkgs.chromium ] ) + { + options.lass.browser.select = mkOption { + type = types.path; + }; + options.lass.browser.paths = mkOption { + type = with types; attrsOf path; + }; + } + ( createFirefoxUser "ff" [ "audio" ] ) + ( createChromiumUser "cr" [ "video" "audio" ] ) + ( createChromiumUser "wk" [ "video" "audio" ] ) + ( createChromiumUser "fb" [ "video" "audio" ] ) + ( createChromiumUser "gm" [ "video" "audio" ] ) + ( createChromiumUser "com" [ "video" "audio" ] ) ]; } -- cgit v1.2.3 From 840ba63835cd2f1074073b5d1d0c6aab0d85c1ca Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:38:05 +0200 Subject: l 2 nixpkgs: 3fb009d -> 0c022c4 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 9e3fe888c..069d80198 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/lassulus/nixpkgs; - ref = "3fb009d94e70f5d1151f4ec239a90d2de1979a74"; + ref = "0c022c45df220159233d591eadcd85118dd70345"; }; } -- cgit v1.2.3 From 987404fb08b3cac4e90ffaa9a70d148c4c5265ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:41:03 +0200 Subject: l 2: useChroot -> useSandbox --- lass/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index af3ed1d36..1babf6011 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -67,7 +67,7 @@ with config.krebs.lib; }; }; - nix.useChroot = true; + nix.useSandbox = true; users.mutableUsers = false; -- cgit v1.2.3 From b5fcc74ba347802eb70dba5e2e597eb95166a74f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:42:08 +0200 Subject: l 2: add populate to pkgs --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 1babf6011..83f8265b0 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -97,6 +97,7 @@ with config.krebs.lib; jq parallel proot + populate #style most -- cgit v1.2.3 From c1118810c7c26f5066def864b317e27b943789a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:42:37 +0200 Subject: l 2: remove obsolete bashrc code --- lass/2configs/default.nix | 9 --------- 1 file changed, 9 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 83f8265b0..0b7ca8eaa 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -142,15 +142,6 @@ with config.krebs.lib; shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion complete -d cd - - #fancy colors - if [ -e ~/LS_COLORS ]; then - eval $(dircolors ~/LS_COLORS) - fi - - if [ -e /etc/nixos/dotfiles/link ]; then - /etc/nixos/dotfiles/link - fi ''; promptInit = '' if test $UID = 0; then -- cgit v1.2.3 From 2d7dc45179a18a27e84bbfaf65c6301980bcf2cc Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:43:12 +0200 Subject: l 2 iodined: iodined -> iodine.server --- lass/2configs/iodined.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/iodined.nix b/lass/2configs/iodined.nix index 3108a6b23..52f6e9b87 100644 --- a/lass/2configs/iodined.nix +++ b/lass/2configs/iodined.nix @@ -6,7 +6,7 @@ let pw = import ; in { - services.iodined = { + services.iodine.server = { enable = true; domain = domain; ip = "172.16.10.1/24"; -- cgit v1.2.3 From 51ba4971f8b6aa69cf8ba27b5ffa1fce2503caca Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:45:28 +0200 Subject: l 2 xserver: use browser-select directly --- lass/2configs/xserver/Xresources.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix index 5d3661706..0f04540c3 100644 --- a/lass/2configs/xserver/Xresources.nix +++ b/lass/2configs/xserver/Xresources.nix @@ -11,7 +11,7 @@ pkgs.writeText "Xresources" '' ! ref https://github.com/muennich/urxvt-perls URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - URxvt.url-select.launcher: browser-select + URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select URxvt.url-select.underline: true URxvt.keysym.M-u: perl:url-select:select_next URxvt.keysym.M-Escape: perl:keyboard-select:activate -- cgit v1.2.3 From 9686baf42b5ff7ab67870ec82058afe3aaa2b0b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:46:28 +0200 Subject: l 2 xserver: copy tv's config --- lass/2configs/xserver/default.nix | 223 ++++++++++++++++---------------------- 1 file changed, 96 insertions(+), 127 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 73b148bf7..0f9b1f84a 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -1,143 +1,112 @@ -{ config, lib, pkgs, ... }@args: - +{ config, pkgs, ... }@args: with config.krebs.lib; - let - # TODO krebs.build.user - user = config.users.users.mainUser; - - out = { - services.xserver = { - display = 11; - tty = 11; - - synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - }; - - #keyboard stuff - layout = "us"; - xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; + user = config.krebs.build.user; +in { + + environment.systemPackages = [ + pkgs.gitAndTools.qgit + pkgs.mpv + pkgs.sxiv + pkgs.xsel + pkgs.zathura + ]; + + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + services.xserver = { + enable = true; + display = 11; + tty = 11; + + synaptics = { + enable = true; + twoFingerScroll = true; + accelFactor = "0.035"; }; - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; + layout = "us"; + xkbVariant = "altgr-intl"; + xkbOptions = "caps:backspace"; + }; - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - serviceConfig = { - ExecReload = need-reload "urxvtd.service"; - ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = user.name; - }; - }; + systemd.services.display-manager.enable = false; - krebs.per-user.lass.packages = [ - pkgs.rxvt_unicode_with-plugins - ]; + systemd.services.xmonad = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; - systemd.services.display-manager.enable = false; + XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & + ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} & + ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & + wait + ''; - services.xserver.enable = true; + XMONAD_STATE = "/tmp/xmonad.state"; - systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = xmonad-environment; - restartIfChanged = true; - serviceConfig = { - ExecStart = "${xmonad-start}/bin/xmonad"; - ExecStop = "${xmonad-stop}/bin/xmonad-stop"; - User = user.name; - WorkingDirectory = user.home; - }; + # XXX JSON is close enough :) + XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ + "dashboard" # we start here + ]); }; - - systemd.services.xserver = { - after = [ - "systemd-udev-settle.service" - "local-fs.target" - "acpid.service" - ]; - reloadIfChanged = true; - environment = xserver-environment; - serviceConfig = { - ExecReload = need-reload "xserver.service"; - ExecStart = "${xserver}/bin/xserver"; - }; + serviceConfig = { + SyslogIdentifier = "xmonad"; + ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; + ExecStop = pkgs.writeScript "xmonad-stop" '' + #! /bin/sh + ${pkgs.xmonad-lass}/bin/xmonad --shutdown + ${pkgs.coreutils}/bin/sleep 2s + ''; + User = user.name; + WorkingDirectory = user.home; }; }; - xmonad-environment = { - DISPLAY = ":${toString config.services.xserver.display}"; - XMONAD_STATE = "/tmp/xmonad.state"; - - # XXX JSON is close enough :) - XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ - "dashboard" - ]); + systemd.services.xserver = { + after = [ + "systemd-udev-settle.service" + "local-fs.target" + "acpid.service" + ]; + reloadIfChanged = true; + environment = { + XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. + XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. + LD_LIBRARY_PATH = concatStringsSep ":" ( + [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); + }; + serviceConfig = { + SyslogIdentifier = "xserver"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = toString [ + "${pkgs.xorg.xorgserver}/bin/X" + ":${toString config.services.xserver.display}" + "vt${toString config.services.xserver.tty}" + "-config ${import ./xserver.conf.nix args}" + "-logfile /dev/null -logverbose 0 -verbose 3" + "-nolisten tcp" + "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" + ]; + }; }; - xmonad-start = pkgs.writeScriptBin "xmonad" '' - #! ${pkgs.bash}/bin/bash - set -efu - export PATH; PATH=${makeSearchPath "bin" ([ - pkgs.rxvt_unicode - ] ++ config.environment.systemPackages)}:/var/setuid-wrappers - settle() {( - # Use PATH for a clean journal - command=''${1##*/} - PATH=''${1%/*}; export PATH - shift - until "$command" "$@"; do - ${pkgs.coreutils}/bin/sleep 1 - done - )&} - settle ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - settle ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} - settle ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' - exec ${pkgs.xmonad-lass}/bin/xmonad - ''; - - xmonad-stop = pkgs.writeScriptBin "xmonad-stop" '' - #! /bin/sh - ${pkgs.xmonad-lass}/bin/xmonad --shutdown - ${pkgs.coreutils}/bin/sleep 2s - ''; - - xserver-environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] - ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + serviceConfig = { + SyslogIdentifier = "urxvtd"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = user.name; + }; }; - - xserver = pkgs.writeScriptBin "xserver" '' - #! /bin/sh - set -efu - exec ${pkgs.xorg.xorgserver.out}/bin/X \ - :${toString config.services.xserver.display} \ - vt${toString config.services.xserver.tty} \ - -config ${import ./xserver.conf.nix args} \ - -logfile /var/log/X.${toString config.services.xserver.display}.log \ - -nolisten tcp \ - -xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb \ - ''; - - need-reload = s: let - pkg = pkgs.writeScriptBin "need-reload" '' - #! /bin/sh - echo "$*" - ''; - in "${pkg}/bin/need-reload ${s}"; - -in out +} -- cgit v1.2.3 From ef4e7dc4ba76ce990577ba800d31c9ba56ecde48 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:48:52 +0200 Subject: l 2 zsh: disable zsh as defaultShell urxvt terminfo is missing if connection is made via ssh --- lass/2configs/zsh.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index b221d7677..aa159be07 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -118,5 +118,4 @@ fi ''; }; - users.defaultUserShell = "/run/current-system/sw/bin/zsh"; } -- cgit v1.2.3 From 88bb31e8d2ca330c14d4a6e843d7cd7b1909d815 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:50:42 +0200 Subject: l 2 websites domsen: use new phpOptions --- lass/2configs/websites/domsen.nix | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2f93c1f9c..0723e9ab9 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -144,22 +144,13 @@ in { }; - #services.phpfpm.phpOptions = '' - # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - # sendmail_path = ${sendmail} -t - #''; - services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - options = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = "${sendmail} -t -i" - always_populate_raw_post_data = -1 - upload_max_filesize = 100M - post_max_size = 100M - file_uploads = on - ''; - } '' - cat ${pkgs.php}/etc/php-recommended.ini > $out - echo "$options" >> $out + services.phpfpm.phpOptions = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = ${sendmail} -t + always_populate_raw_post_data = -1 + upload_max_filesize = 100M + post_max_size = 100M + file_uploads = on ''; # MAIL STUFF -- cgit v1.2.3 From 49ad272f65e310344e7a209050c54c1acedbedb8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Oct 2016 09:41:12 +0200 Subject: l 2 nixpkgs: change url to github/nixos --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 069d80198..09462e624 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -2,7 +2,7 @@ { krebs.build.source.nixpkgs.git = { - url = https://github.com/lassulus/nixpkgs; + url = https://github.com/nixos/nixpkgs; ref = "0c022c45df220159233d591eadcd85118dd70345"; }; } -- cgit v1.2.3 From 76a2187972ca8c0b7566aba78affdd032d8a1343 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Oct 2016 12:14:57 +0200 Subject: remove comments from php config, phpfpm error --- lass/2configs/websites/util.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 467229c0c..23f417195 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -167,7 +167,6 @@ rec { pm.max_spare_servers = 3 listen.owner = nginx listen.group = nginx - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes @@ -220,7 +219,6 @@ rec { pm.max_spare_servers = 3 listen.owner = nginx listen.group = nginx - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes -- cgit v1.2.3 From 1c4bf63ed89d93fb13d98c5a0a12fc00387bbadd Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Oct 2016 12:34:49 +0200 Subject: l 2 websites domsen: disable apcu --- lass/2configs/websites/domsen.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 0723e9ab9..e05f40d97 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -143,11 +143,8 @@ in { }; }; - services.phpfpm.phpOptions = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so sendmail_path = ${sendmail} -t - always_populate_raw_post_data = -1 upload_max_filesize = 100M post_max_size = 100M file_uploads = on -- cgit v1.2.3 From 8458ffd7a00a3e4c734755de7d72f95458d1bb52 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 13 Oct 2016 19:45:21 +0200 Subject: l 2 nixpkgs: 0c022c4 -> 354fd37 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 09462e624..6e9138b61 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0c022c45df220159233d591eadcd85118dd70345"; + ref = "354fd3728952c229fee4f2924737c601d7ab4725"; }; } -- cgit v1.2.3