From 1604ecfc706d2921248d0c9ac7cef02274842272 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Apr 2018 12:02:31 +0200 Subject: l virtualbox: enable usb passthrough --- lass/2configs/virtualbox.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass') diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index f7d19605..8171def2 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -6,6 +6,8 @@ let in { #services.virtualboxHost.enable = true; virtualisation.virtualbox.host.enable = true; + nixpkgs.config.virtualbox.enableExtensionPack = true; + virtualisation.virtualbox.host.enableHardening = false; users.extraUsers = { virtual = { -- cgit v1.2.3 From f07930259080716fd8e325aae457d4bfaaecb99b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:35:25 +0200 Subject: l browsers: add cx- command for copy & paste --- lass/2configs/browsers.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 91ee08bf..3030d8fa 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -26,7 +26,12 @@ let lass.xjail.${name} = { inherit script groups dpi; }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; + environment.systemPackages = [ + config.lass.xjail-bins.${name} + (pkgs.writeDashBin "cx-${name}" '' + DISPLAY=:${toString (genid_signed name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip + '') + ]; lass.browser.paths.${name} = { path = config.lass.xjail-bins.${name}; inherit precedence; -- cgit v1.2.3 From 19895a67ff9b9fd7d2511dede24ccf84061b9904 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:36:19 +0200 Subject: l network-manager: don't manager docker & virtualbox --- lass/2configs/network-manager.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix index c4f757de..5b890b59 100644 --- a/lass/2configs/network-manager.nix +++ b/lass/2configs/network-manager.nix @@ -14,7 +14,13 @@ RestartSec = "5"; }; }; - networking.networkmanager.enable = true; + networking.networkmanager = { + enable = true; + unmanaged = [ + "docker*" + "vboxnet*" + ]; + }; users.users.mainUser = { extraGroups = [ "networkmanager" ]; packages = with pkgs; [ -- cgit v1.2.3 From f316bb1f31d481dcad90a8b4f4cda0c27208cca4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:36:57 +0200 Subject: l reaktor-coders: use correct ping path --- lass/2configs/reaktor-coders.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 2541df3a..5fa1611a 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -84,7 +84,7 @@ with import ; (buildSimpleReaktorPlugin "ping" { pattern = "^!ping (?P.*)$$"; script = pkgs.writeDash "ping" '' - exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 + exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 ''; }) ]; -- cgit v1.2.3 From 2e5d4ac778aa3a9f2eeea31369a9147a4bafd73e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:38:31 +0200 Subject: l repo-sync: sync staging branches --- lass/2configs/repo-sync.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lass') diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 98dbdc22..ad44c67e 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -61,6 +61,21 @@ let origin.url = "http://cgit.lassul.us/${name}"; mirror.url = "${mirror}${name}"; }; + makefu-staging = { + origin.url = "http://cgit.gum/${name}"; + origin.ref = "heads/staging"; + mirror.url = "${mirror}${name}"; + }; + tv-staging = { + origin.url = "http://cgit.ni.r/${name}"; + origin.ref = "heads/staging"; + mirror.url = "${mirror}${name}"; + }; + nin-staging = { + origin.url = "http://cgit.onondaga.r/${name}"; + origin.ref = "heads/staging"; + mirror.url = "${mirror}${name}"; + }; }; latest = { url = "${mirror}${name}"; -- cgit v1.2.3 From 833cec6deb24d1600131bbef97427d328bd9b106 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:39:20 +0200 Subject: l xmonad: add insert command --- lass/5pkgs/custom/xmonad-lass/default.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass') diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index e658897d..18cb25b5 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -147,6 +147,10 @@ myKeyMap = export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" ''}") + , ("M4-", spawn "${pkgs.writeDash "paste" '' + ${pkgs.coreutils}/bin/sleep 0.1 + ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f - + ''}") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") -- cgit v1.2.3 From 8f6976f36525fb77e58438981822721e1bc17450 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:39:58 +0200 Subject: l: remove deprecated rtl8814au --- lass/5pkgs/default.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 28482eb9..fd6a555d 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -31,7 +31,6 @@ in { fi ${self.coreutils}/bin/rm $tmp ''; - rtl8814au = callPackage ./custom/rtl8814au { kernel = self.linux; }; } // mapAttrs (_: flip callPackage {}) -- cgit v1.2.3 From 665ea5674e0d99f51379d24829436773b9dc2769 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:44:34 +0200 Subject: l: add generate-secrets --- lass/1systems/mors/config.nix | 1 + lass/5pkgs/generate-secrets/default.nix | 46 +++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 lass/5pkgs/generate-secrets/default.nix (limited to 'lass') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f77bc64c..8e805baf 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -140,6 +140,7 @@ with import ; dpass dnsutils + generate-secrets ]; #TODO: fix this shit diff --git a/lass/5pkgs/generate-secrets/default.nix b/lass/5pkgs/generate-secrets/default.nix new file mode 100644 index 00000000..5a4afe7c --- /dev/null +++ b/lass/5pkgs/generate-secrets/default.nix @@ -0,0 +1,46 @@ +{ pkgs }: +pkgs.writeDashBin "generate-secrets" '' + HOSTNAME="$1" + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) + HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null + + ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null + ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null + ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null + cat < $TMPDIR/hashedPasswords.nix + { + root = "$HASHED_PASSWORD"; + mainUser = "$HASHED_PASSWORD"; + } + EOF + + cd $TMPDIR + for x in *; do + ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null + done + echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/hosts/$HOSTNAME/pass > /dev/null + + cat <; + ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; + }; + EOF + + rm -rf $TMPDIR +'' + -- cgit v1.2.3 From 1dd03483619d00d1afc6a278ded0cca6cff2d9ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 19:31:39 +0200 Subject: add minimal working kops for stockholm --- lass/1systems/mors/config.nix | 8 +------- lass/kops.nix | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 7 deletions(-) create mode 100644 lass/kops.nix (limited to 'lass') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 8e805baf..cd259d0f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -168,14 +168,8 @@ with import ; environment.shellAliases = { deploy = pkgs.writeDash "deploy" '' set -eu - export PATH=${makeBinPath [ - pkgs.bash - pkgs.coreutils - pkgs.nixUnstable - ]} - cd ~/stockholm export SYSTEM="$1" - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' + $(nix-build $HOME/stockholm/lass/kops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; }; diff --git a/lass/kops.nix b/lass/kops.nix new file mode 100644 index 00000000..9d0ab911 --- /dev/null +++ b/lass/kops.nix @@ -0,0 +1,35 @@ +{ name }: let + inherit (import ../krebs/kops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; + secrets = if test then { + file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.kops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.kops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src"; + }; +} -- cgit v1.2.3