From 406754183b5b28b1093aedc73925224d9fdd0028 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 17 Aug 2015 14:38:32 +0200 Subject: lass 2 base: reject on retiolum --- lass/2configs/base.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 095c7660..66f86ec7 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -134,6 +134,7 @@ with lib; { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-i retiolum"; target = "REJECT"; precedence = -10000; } ]; }; }; -- cgit v1.2.3 From ca4f1e08d54b39623f716e4ff0a49aaa74acb206 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 17 Aug 2015 14:39:14 +0200 Subject: lass 2 base: (re)enable mail --- lass/2configs/base.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 66f86ec7..581e990e 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -39,6 +39,7 @@ with lib; krebs = { enable = true; search-domain = "retiolum"; + exim-retiolum.enable = true; }; nix.useChroot = true; -- cgit v1.2.3 From ee74d4e5b866d36e9d54a9cbfe033155ae3356d8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Aug 2015 16:09:24 +0200 Subject: Zhosts: specify ports in new format --- lass/2configs/retiolum.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 2d583a88..7c7f2b4d 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -22,6 +22,8 @@ "fastpoke" "cloudkrebs" "pigstarter" + "gum" + "flap" ]; }; } -- cgit v1.2.3 From 5113b24959e52fdab7b40a2f5674af56044cf94d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Aug 2015 16:49:37 +0200 Subject: lass 2 base: disable ntp --- lass/2configs/base.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 581e990e..256c29ab 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -46,6 +46,9 @@ with lib; users.mutableUsers = false; + #why is this on in the first place? + services.ntp.enable = false; + boot.tmpOnTmpfs = true; # see tmpfiles.d(5) systemd.tmpfiles.rules = [ -- cgit v1.2.3 From 8247a5a618d6b0fc3688077fe36508b8bf88dcc3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Aug 2015 16:51:51 +0200 Subject: lass 2: add bitlbee --- lass/2configs/bitlbee.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 lass/2configs/bitlbee.nix (limited to 'lass/2configs') diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix new file mode 100644 index 00000000..3a008040 --- /dev/null +++ b/lass/2configs/bitlbee.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: + +let + lpkgs = import ../5pkgs { inherit pkgs; }; +in { + + imports = [ + ../3modules/bitlbee.nix + ]; + + config.lass.bitlbee = { + enable = true; + bitlbeePkg = lpkgs.bitlbee; + }; +} -- cgit v1.2.3 From 2db4f7f0af42800aa7a9ae7fc70cd1f1a5d03dab Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Aug 2015 13:21:42 +0200 Subject: lass 2 new-repos: allow secret collaborateurs --- lass/2configs/new-repos.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/new-repos.nix b/lass/2configs/new-repos.nix index 64e9a7f1..026f9a66 100644 --- a/lass/2configs/new-repos.nix +++ b/lass/2configs/new-repos.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: with import ../../tv/4lib { inherit lib pkgs; }; + let out = { @@ -8,14 +9,14 @@ let enable = true; root-title = "public repositories at ${config.krebs.build.host.name}"; root-desc = "keep calm and engage"; - inherit repos rules; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; }; }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) ( + repos = public-repos // - optionalAttrs config.krebs.build.host.secure restricted-repos - ); + optionalAttrs config.krebs.build.host.secure restricted-repos; rules = concatMap make-rules (attrValues repos); @@ -50,8 +51,8 @@ let }; }; - make-restricted-repo = name: { desc ? null, ... }: { - inherit name desc; + make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: { + inherit name collaborators desc; public = false; }; -- cgit v1.2.3 From 75aad3ac9680a5fb6fcf9f8002639cf64935bf45 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Aug 2015 15:50:39 +0200 Subject: lass: move nixpkgs.rev to base --- lass/2configs/base.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 256c29ab..d44a19c1 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -40,6 +40,10 @@ with lib; enable = true; search-domain = "retiolum"; exim-retiolum.enable = true; + build.deps.nixpkgs = { + url = https://github.com/Lassulus/nixpkgs; + rev = "58a82ff50b8605b88a8f66481d8c85bf8ab53be3"; + }; }; nix.useChroot = true; -- cgit v1.2.3 From 8063be1b3798a3aa8f488dd7025adc6adcdf013b Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Aug 2015 15:51:08 +0200 Subject: install only texLive --- lass/2configs/texlive.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/texlive.nix b/lass/2configs/texlive.nix index 295df31c..18d72297 100644 --- a/lass/2configs/texlive.nix +++ b/lass/2configs/texlive.nix @@ -2,6 +2,6 @@ { environment.systemPackages = with pkgs; [ - (pkgs.texLiveAggregationFun { paths = [ pkgs.texLive pkgs.texLiveFull ]; }) + texLive ]; } -- cgit v1.2.3 From 36c79341f75bd13b78ce86383bec6c19b86fc25a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Aug 2015 15:51:45 +0200 Subject: lass 2 virtualbox: new api call --- lass/2configs/virtualbox.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index 02620312..ad7ac142 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -4,7 +4,7 @@ let mainUser = config.users.extraUsers.mainUser; in { - services.virtualboxHost.enable = true; + virtualisation.virtualbox.host.enable = true; users.extraUsers = { virtual = { -- cgit v1.2.3 From ecae9b59753c13ea5bff57a6f7c44086c77844d6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 28 Aug 2015 16:31:05 +0200 Subject: lass 2 browsers: refactor --- lass/2configs/browsers.nix | 93 +++++++++++++++++++--------------------------- 1 file changed, 38 insertions(+), 55 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 8aecea92..9849c829 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,67 +1,50 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: let + inherit (import ../4lib { inherit pkgs lib; }) simpleScript; + mainUser = config.users.extraUsers.mainUser; + createBrowserUser = name: extraGroups: packages: + { + users.extraUsers = { + ${name} = { + inherit name; + inherit extraGroups; + home = "/home/${name}"; + useDefaultShell = true; + createHome = true; + }; + }; + lass.per-user.${name}.packages = packages; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(${name}) NOPASSWD: ALL + ''; + environment.systemPackages = [ + (simpleScript name '' + sudo -u ${name} -i chromium $@ + '') + ]; + }; in { - nixpkgs.config.packageOverrides = pkgs : { - chromium = pkgs.chromium.override { - pulseSupport = true; - }; - }; - - environment.systemPackages = with pkgs; [ - firefox + imports = [ + ../3modules/per-user.nix + ] ++ [ + ( createBrowserUser "ff" [ "audio" ] [ pkgs.firefox ] ) + ( createBrowserUser "cr" [ "audio" ] [ pkgs.chromium ] ) + ( createBrowserUser "fb" [ ] [ pkgs.chromium ] ) + ( createBrowserUser "gm" [ ] [ pkgs.chromium ] ) + ( createBrowserUser "flash" [ ] [ pkgs.flash ] ) ]; - users.extraUsers = { - firefox = { - name = "firefox"; - description = "user for running firefox"; - home = "/home/firefox"; - useDefaultShell = true; - extraGroups = [ "audio" ]; - createHome = true; - }; - chromium = { - name = "chromium"; - description = "user for running chromium"; - home = "/home/chromium"; - useDefaultShell = true; - extraGroups = [ "audio" ]; - createHome = true; - }; - facebook = { - name = "facebook"; - description = "user for running facebook in chromium"; - home = "/home/facebook"; - useDefaultShell = true; - extraGroups = [ "audio" ]; - createHome = true; - }; - google = { - name = "google"; - description = "user for running google+/gmail in chromium"; - home = "/home/google"; - useDefaultShell = true; - createHome = true; + nixpkgs.config.packageOverrides = pkgs : { + flash = pkgs.chromium.override { + pulseSupport = true; + enablePepperFlash = true; }; - flash = { - name = "flash"; - description = "user for running flash stuff"; - home = "/home/flash"; - useDefaultShell = true; - extraGroups = [ "audio" ]; - createHome = true; + chromium = pkgs.chromium.override { + pulseSupport = true; }; }; - - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(firefox) NOPASSWD: ALL - ${mainUser.name} ALL=(chromium) NOPASSWD: ALL - ${mainUser.name} ALL=(facebook) NOPASSWD: ALL - ${mainUser.name} ALL=(google) NOPASSWD: ALL - ${mainUser.name} ALL=(flash) NOPASSWD: ALL - ''; } -- cgit v1.2.3