From 5fde514b88336b3ed00d41ef2e72ad4e2da23deb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 17:50:33 +0100 Subject: l 3: add fetchWallpaper.nix --- lass/3modules/default.nix | 1 + lass/3modules/fetchWallpaper.nix | 89 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 lass/3modules/fetchWallpaper.nix (limited to 'lass') diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 0dcad971c..5fa5160ee 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -8,5 +8,6 @@ _: ./urxvtd.nix ./xresources.nix ./wordpress_nginx.nix + ./fetchWallpaper.nix ]; } diff --git a/lass/3modules/fetchWallpaper.nix b/lass/3modules/fetchWallpaper.nix new file mode 100644 index 000000000..9baebedbd --- /dev/null +++ b/lass/3modules/fetchWallpaper.nix @@ -0,0 +1,89 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.lass.fetchWallpaper; + + out = { + options.lass.fetchWallpaper = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "fetch wallpaper"; + predicate = mkOption { + type = with types; nullOr path; + default = null; + }; + url = mkOption { + type = types.str; + }; + timerConfig = mkOption { + type = types.unspecified; + default = { + OnCalendar = "*:00,10,20,30,40,50"; + }; + }; + stateDir = mkOption { + type = types.str; + default = "/tmp/wallpaper"; + }; + display = mkOption { + type = types.str; + default = ":11"; + }; + }; + + fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" '' + #! ${pkgs.bash}/bin/bash + ${if (cfg.predicate == null) then "" else '' + ${cfg.predicate} + if [ $? -ne 0 ]; then + echo "predicate failed" + exit 23 + fi + ''} + mkdir -p ${shell.escape cfg.stateDir} + curl -s -o ${shell.escape cfg.stateDir}/wallpaper -z ${shell.escape cfg.stateDir}/wallpaper ${shell.escape cfg.url} + feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper + ''; + + imp = { + users.extraUsers.fetchWallpaper = { + name = "fetchWallpaper"; + uid = 3332383611; #genid fetchWallpaper + description = "fetchWallpaper user"; + home = "/var/empty"; + }; + + systemd.timers.fetchWallpaper = { + description = "fetch wallpaper timer"; + wantedBy = [ "timers.target" ]; + + timerConfig = cfg.timerConfig; + }; + systemd.services.fetchWallpaper = { + description = "fetch wallpaper"; + after = [ "network.target" ]; + + path = with pkgs; [ + curl + feh + ]; + + environment = { + URL = cfg.url; + DISPLAY = cfg.display; + }; + + restartIfChanged = true; + + serviceConfig = { + Type = "simple"; + ExecStart = fetchWallpaperScript; + User = "fetchWallpaper"; + }; + }; + }; +in out -- cgit v1.2.3 From 576483bc63e1c6e5531f90ebd2133a29a7923943 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 17:56:49 +0100 Subject: l 2 base: remove video permission for gm --- lass/2configs/base.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass') diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 61023057b..fa5ee4f19 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -17,6 +17,7 @@ with lib; root = { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.uriel.pubkey ]; }; mainUser = { @@ -30,6 +31,7 @@ with lib; ]; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.uriel.pubkey ]; }; }; -- cgit v1.2.3 From 866c9f69d9e6233fd2f39a8dbee4e7facf365d55 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 17:58:21 +0100 Subject: l 1 prism: add juiceSSH key for chat --- lass/1systems/prism.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 599f4704e..d65f4a185 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -116,6 +116,11 @@ in { { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} ]; } + { + users.users.chat.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH" + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 1e81cb2151336859eed949bb6d8a17a93960bf10 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 17:58:58 +0100 Subject: l 1 prism: set timezone to Europe/Berlin --- lass/1systems/prism.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index d65f4a185..fe9967837 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -121,6 +121,9 @@ in { "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH" ]; } + { + time.timeZone = "Europe/Berlin"; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From e59542f12d269f4f10b1f32f2f58e3c26c27585a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:04:51 +0100 Subject: l 2: add teamviewer.nix --- lass/2configs/teamviewer.nix | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 lass/2configs/teamviewer.nix (limited to 'lass') diff --git a/lass/2configs/teamviewer.nix b/lass/2configs/teamviewer.nix new file mode 100644 index 000000000..48053d7db --- /dev/null +++ b/lass/2configs/teamviewer.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + services.teamviewer.enable = true; +} -- cgit v1.2.3 From c8b82b0336f0913c70b5d1e51b0c1194ba9570d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:05:19 +0100 Subject: l 2: add libvirt.nix --- lass/2configs/libvirt.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 lass/2configs/libvirt.nix (limited to 'lass') diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix new file mode 100644 index 000000000..368722e77 --- /dev/null +++ b/lass/2configs/libvirt.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + +in { + virtualisation.libvirtd.enable = true; + + users.extraUsers = { + libvirt = { + uid = 358821352; # genid libvirt + description = "user for running libvirt stuff"; + home = "/home/libvirt"; + useDefaultShell = true; + extraGroups = [ "libvirtd" "audio" ]; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(libvirt) NOPASSWD: ALL + ''; +} -- cgit v1.2.3 From 717c6f4adec48ac65050c693fd0722cd93355e81 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:20:50 +0100 Subject: l 3: add nginx site modules --- lass/3modules/owncloud_nginx.nix | 215 ++++++++++++++++++++++++++++++++++++++ lass/3modules/static_nginx.nix | 49 +++++++++ lass/3modules/wordpress_nginx.nix | 66 ++++++++++-- 3 files changed, 319 insertions(+), 11 deletions(-) create mode 100644 lass/3modules/owncloud_nginx.nix create mode 100644 lass/3modules/static_nginx.nix (limited to 'lass') diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix new file mode 100644 index 000000000..a0db87b0b --- /dev/null +++ b/lass/3modules/owncloud_nginx.nix @@ -0,0 +1,215 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.lass.owncloud; + + out = { + options.lass.owncloud = api; + config = imp; + }; + + api = mkOption { + type = with types; attrsOf (submodule ({ config, ... }: { + options = { + domain = mkOption { + type = str; + default = config._module.args.name; + }; + dataDir = mkOption { + type = str; + default = "${config.folder}/data"; + }; + dbUser = mkOption { + type = str; + default = replaceStrings ["."] ["_"] config.domain; + }; + dbName = mkOption { + type = str; + default = replaceStrings ["."] ["_"] config.domain; + }; + dbType = mkOption { + # TODO: check for valid dbType + type = str; + default = "mysql"; + }; + folder = mkOption { + type = str; + default = "/srv/http/${config.domain}"; + }; + auto = mkOption { + type = bool; + default = false; + }; + instanceid = mkOption { + type = str; + }; + ssl = mkOption { + type = bool; + default = false; + }; + }; + })); + default = {}; + }; + + user = config.services.nginx.user; + group = config.services.nginx.group; + + imp = { + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: { + server-names = [ + "${domain}" + "www.${domain}" + ]; + locations = [ + (nameValuePair "/" '' + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + + try_files $uri $uri/ /index.php; + '') + (nameValuePair "~ \.php$" '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi.conf; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_pass unix:${folder}/phpfpm.pool; + '') + (nameValuePair "~ /\\." '' + deny all; + '') + ]; + extraConfig = '' + root ${folder}/; + #index index.php; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + + # set max upload size + client_max_body_size 10G; + fastcgi_buffers 64 4K; + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + ''; + }); + services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: '' + listen = ${folder}/phpfpm.pool + user = ${user} + group = ${group} + pm = dynamic + pm.max_children = 5 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + listen.owner = ${user} + listen.group = ${group} + # errors to journal + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''); + #systemd.services = flip mapAttrs' cfg (name: { domain, folder, dbName, dbUser, dbType, dataDir, instanceid, ... }: { + # name = "owncloudInit-${name}"; + # value = { + # path = [ + # pkgs.mysql + # pkgs.su + # pkgs.gawk + # pkgs.jq + # ]; + # requiredBy = [ "nginx.service" ]; + # serviceConfig = let + # php.define = name: value: + # "define(${php.newdoc name}, ${php.newdoc value});"; + # php.toString = x: + # "'${x}'"; + # php.newdoc = s: + # let b = "EOF${builtins.hashString "sha256" s}"; in + # ''<<<'${b}' + # ${s} + # ${b} + # ''; + # in { + # Type = "oneshot"; + # ExecStart = pkgs.writeScript "wordpressInit" '' + # #!/bin/sh + # set -euf + # oc_secrets=${shell.escape "${toString }/${domain}/oc-secrets"} + # db_password=$(cat ${shell.escape "${toString }/${domain}/sql-db-pw"}) + # get_secret() { + # echo "'$1' => $(jq -r ."$1" "$oc_secrets" | to_php_string)," + # } + # to_php_string() { + # echo "base64_decode('$(base64)')" + # } + # { + # cat ${toString } + # password=$(cat ${shell.escape (toString ())}) + # # TODO passwordhash=$(su nobody_oc -c mysql <<< "SELECT PASSWORD($(toSqlString <<< "$password"));") + # # TODO as package pkgs.sqlHashPassword + # # TODO not using mysql + # # SET SESSION sql_mode = 'NO_BACKSLASH_ESCAPES'; + # passwordhash=$(su nobody_oc -c 'mysql -u nobody --silent' <<< "SELECT PASSWORD('$db_password');") + # user=${shell.escape dbUser}@localhost + # database=${shell.escape dbName} + # cat << EOF + # CREATE DATABASE IF NOT EXISTS $database; + # GRANT USAGE ON *.* TO $user IDENTIFIED BY PASSWORD '$passwordhash'; + # GRANT ALL PRIVILEGES ON $database.* TO $user; + # FLUSH PRIVILEGES; + # EOF + # } | mysql -u root -p + # # TODO nix2php for wp-config.php + # mkdir -p ${folder}/config + # cat > ${folder}/config/config.php << EOF + # 'localhost', + # 'dbtableprefix' => 'oc_', + # 'dbpassword' => '$db_password', + # 'installed' => 'true', + # 'trusted_domains' => + # array ( + # 0 => '${domain}', + # ), + # 'overwrite.cli.url' => 'http://${domain}', + + # ${concatStringsSep "\n" (mapAttrsToList (name: value: + # "'${name}' => $(printf '%s' ${shell.escape value} | to_php_string)," + # ) { + # instanceid = instanceid; + # datadirectory = dataDir; + # dbtype = dbType; + # dbname = dbName; + # dbuser = dbUser; + # })} + + # ${concatMapStringsSep "\n" (key: "$(get_secret ${shell.escape key})") [ + # "secret" + # "passwordsalt" + # ]} + # ); + # EOF + # ''; + # }; + # }; + #}); + users.users.nobody_oc = { + uid = 1651469147; # genid nobody_oc + useDefaultShell = true; + }; + }; + +in out diff --git a/lass/3modules/static_nginx.nix b/lass/3modules/static_nginx.nix new file mode 100644 index 000000000..cc2641af2 --- /dev/null +++ b/lass/3modules/static_nginx.nix @@ -0,0 +1,49 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.lass.staticPage; + + out = { + options.lass.staticPage = api; + config = imp; + }; + + api = mkOption { + type = with types; attrsOf (submodule ({ config, ... }: { + options = { + domain = mkOption { + type = str; + default = config._module.args.name; + }; + folder = mkOption { + type = str; + default = "/srv/http/${config.domain}"; + }; + }; + })); + default = {}; + }; + + user = config.services.nginx.user; + group = config.services.nginx.group; + + imp = { + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: { + server-names = [ + "${domain}" + "www.${domain}" + ]; + locations = [ + (nameValuePair "/" '' + root ${folder}; + '') + (nameValuePair "~ /\\." '' + deny all; + '') + ]; + }); + }; + +in out diff --git a/lass/3modules/wordpress_nginx.nix b/lass/3modules/wordpress_nginx.nix index 65170698f..2f31f6e02 100644 --- a/lass/3modules/wordpress_nginx.nix +++ b/lass/3modules/wordpress_nginx.nix @@ -45,35 +45,70 @@ let type = bool; default = false; }; + multiSite = mkOption { + type = attrsOf str; + default = {}; + example = { + "0" = "bla.testsite.de"; + "1" = "test.testsite.de"; + }; + }; }; })); default = {}; }; - dataFolder = "/srv/http"; user = config.services.nginx.user; group = config.services.nginx.group; imp = { - krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, ... }: { + #services.nginx.appendConfig = mkIf (cfg.multiSite != {}) '' + # map $http_host $blogid { + # ${concatStringsSep "\n" (mapAttrsToList (n: v: indent "v n;") multiSite)} + # } + #''; + + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, multiSite, ... }: { server-names = [ "${domain}" "www.${domain}" ]; - locations = [ + #(mkIf (multiSite != {}) + #) + locations = (if (multiSite != {}) then + [ + (nameValuePair "~ ^/files/(.*)$" '' + try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ; + '') + (nameValuePair "^~ /blogs.dir" '' + internal; + alias ${folder}/wp-content/blogs.dir ; + access_log off; log_not_found off; expires max; + '') + ] + else + [] + ) ++ + [ (nameValuePair "/" '' try_files $uri $uri/ /index.php?$args; '') (nameValuePair "~ \.php$" '' - fastcgi_pass unix:${dataFolder}/${domain}/phpfpm.pool; + fastcgi_pass unix:${folder}/phpfpm.pool; include ${pkgs.nginx}/conf/fastcgi.conf; '') (nameValuePair "~ /\\." '' deny all; '') + #Directives to send expires headers and turn off 404 error logging. + (nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" '' + access_log off; + log_not_found off; + expires max; + '') ]; extraConfig = '' - root ${dataFolder}/${domain}/; + root ${folder}/; index index.php; access_log /tmp/nginx_acc.log; error_log /tmp/nginx_err.log; @@ -81,8 +116,8 @@ let error_page 500 502 503 504 /50x.html; ''; }); - services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, ... }: '' - listen = ${dataFolder}/${domain}/phpfpm.pool + services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: '' + listen = ${folder}/phpfpm.pool user = ${user} group = ${group} pm = dynamic @@ -97,7 +132,7 @@ let php_admin_flag[log_errors] = on catch_workers_output = yes ''); - systemd.services = flip mapAttrs' cfg (name: { domain, folder, charset, collate, dbName, dbUser, debug, ... }: { + systemd.services = flip mapAttrs' cfg (name: { domain, folder, charset, collate, dbName, dbUser, debug, multiSite, ... }: { name = "wordpressInit-${name}"; value = { path = [ @@ -175,6 +210,13 @@ let ]} \$table_prefix = 'wp_'; + + ${if (multiSite != {}) then + "define('WP_ALLOW_MULTISITE', true);" + else + "" + } + define('WP_DEBUG', ${toJSON debug}); if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); @@ -186,10 +228,12 @@ let }; }; }); - users.users.nobody2 = { - uid = 125816384; # genid nobody2 - useDefaultShell = true; + users.users.nobody2 = mkDefault { + uid = mkDefault 125816384; # genid nobody2 + useDefaultShell = mkDefault true; }; }; + indent = replaceChars ["\n"] ["\n "]; + in out -- cgit v1.2.3 From ec8cd8502dd3439cf7c9f1069d875d0291a51130 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:21:50 +0100 Subject: l 2: add websites --- lass/2configs/websites/domsen.nix | 35 +++++++++++++++++++++++++++ lass/2configs/websites/wohnprojekt-rhh.de.nix | 12 +++++++++ 2 files changed, 47 insertions(+) create mode 100644 lass/2configs/websites/domsen.nix create mode 100644 lass/2configs/websites/wohnprojekt-rhh.de.nix (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix new file mode 100644 index 000000000..109c216c0 --- /dev/null +++ b/lass/2configs/websites/domsen.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../../3modules/static_nginx.nix + ../../3modules/owncloud_nginx.nix + ../../3modules/wordpress_nginx.nix + ]; + + lass.staticPage = { + "karlaskop.de" = {}; + "makeup.apanowicz.de" = {}; + "pixelpocket.de" = {}; + "reich-gebaeudereinigung.de" = {}; + }; + + lass.owncloud = { + "o.ubikmedia.de" = { + instanceid = "oc8n8ddbftgh"; + }; + }; + + services.mysql = { + enable = true; + package = pkgs.mariadb; + rootPassword = toString (); + }; + + #lass.wordpress = { + # "ubikmedia.de" = { + # }; + #}; + +} + diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix new file mode 100644 index 000000000..cd31450c5 --- /dev/null +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +{ + imports = [ + ../../3modules/static_nginx.nix + ]; + + lass.staticPage = { + "wohnprojekt-rhh.de" = {}; + }; +} + -- cgit v1.2.3 From 75ab577d4922f3b57a890af668b9c0fb405a50b0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:22:09 +0100 Subject: l 1 mors: import stuff --- lass/1systems/mors.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 7b91fa6be..4ba9df6f9 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -22,6 +22,9 @@ ../2configs/bitlbee.nix ../2configs/firefoxPatched.nix ../2configs/skype.nix + ../2configs/teamviewer.nix + ../2configs/libvirt.nix + ../2configs/fetchWallpaper.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ -- cgit v1.2.3 From 24105297bd9ff8af57befeb56f4ef42d439a531d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:22:47 +0100 Subject: l 1 prism: activate websites --- lass/1systems/prism.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index fe9967837..95c55533c 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -124,6 +124,15 @@ in { { time.timeZone = "Europe/Berlin"; } + { + imports = [ + ../2configs/websites/wohnprojekt-rhh.de.nix + ../2configs/websites/domsen.nix + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 43613fa6fca279301fcf0d014c0c9f71f394d9a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:23:32 +0100 Subject: l 2 base: nixpkgs 8d1ce12 -> 363c843 --- lass/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index fa5ee4f19..40f4e12c7 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -50,7 +50,7 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "8d1ce129361312334bf914ce0d27e463cb0bb21b"; + rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251"; }; dir.secrets = { host = config.krebs.hosts.mors; -- cgit v1.2.3 From d567f9374529bf3fb2517ff270f8f0c973605722 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:24:32 +0100 Subject: l 2 browsers: use writeScriptBin --- lass/2configs/browsers.nix | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) (limited to 'lass') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 849778a7a..580db8b2c 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,16 +1,6 @@ { config, lib, pkgs, ... }: let - simpleScript = name: content: - pkgs.stdenv.mkDerivation { - inherit name; - phases = [ "installPhase" ]; - installPhase = '' - mkdir -p $out/bin - ln -s ${pkgs.writeScript name content} $out/bin/${name} - ''; - }; - mainUser = config.users.extraUsers.mainUser; createChromiumUser = name: extraGroups: packages: { @@ -26,8 +16,8 @@ let ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (simpleScript name '' - sudo -u ${name} -i chromium $@ + (pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i chromium $@ '') ]; }; @@ -46,8 +36,8 @@ let ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (simpleScript name '' - sudo -u ${name} -i firefox $@ + (pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i firefox $@ '') ]; }; @@ -57,7 +47,7 @@ let in { environment.systemPackages = [ - (simpleScript "browser-select" '' + (pkgs.writeScriptBin "browser-select" '' BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu) $BROWSER $@ '') -- cgit v1.2.3 From f913904eba26b0819c7ed02c69ee09fb310f8478 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:25:08 +0100 Subject: l 2 browsers: activate flash browser --- lass/2configs/browsers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 580db8b2c..d36801863 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -60,7 +60,7 @@ in { ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) - # ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) + ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) ]; nixpkgs.config.packageOverrides = pkgs : { -- cgit v1.2.3 From e5d46002e5aded1780c3a00a28866a5569978335 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:25:37 +0100 Subject: l 2 elster: use chromium package --- lass/2configs/elster.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/2configs/elster.nix b/lass/2configs/elster.nix index 1edd01896..e3a88c789 100644 --- a/lass/2configs/elster.nix +++ b/lass/2configs/elster.nix @@ -14,6 +14,9 @@ in { createHome = true; }; }; + krebs.per-user.elster.packages = [ + pkgs.chromium + ]; security.sudo.extraConfig = '' ${mainUser.name} ALL=(elster) NOPASSWD: ALL ''; -- cgit v1.2.3 From bd25fd61c8eaa780e827419760accd47140f9236 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:27:17 +0100 Subject: l 2: add fetchWallpaper.nix --- lass/2configs/fetchWallpaper.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 lass/2configs/fetchWallpaper.nix (limited to 'lass') diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix new file mode 100644 index 000000000..effbd6c85 --- /dev/null +++ b/lass/2configs/fetchWallpaper.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +let + +in { + lass.fetchWallpaper = { + enable = true; + url = "echelon/wallpaper.png"; + }; +} + -- cgit v1.2.3 From 8bb93b93fdacdcca75176392ad9f66dd3b2dc6dc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:27:45 +0100 Subject: l 2 xserver: remove xmobar --- lass/2configs/xserver/default.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index ceccf5fee..da337f6a7 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -108,7 +108,6 @@ let pkgs.rxvt_unicode pkgs.i3lock pkgs.haskellPackages.yeganesh - pkgs.haskellPackages.xmobar pkgs.dmenu ] ++ config.environment.systemPackages)}:/var/setuid-wrappers settle() {( -- cgit v1.2.3 From 1b9a044b44d12096dbad27db3a44d5c911ec9eb4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 19:37:13 +0100 Subject: l 3 fetchWallpaper -> k 3 fetchWallpaper --- lass/2configs/fetchWallpaper.nix | 2 +- lass/3modules/default.nix | 1 - lass/3modules/fetchWallpaper.nix | 89 ---------------------------------------- 3 files changed, 1 insertion(+), 91 deletions(-) delete mode 100644 lass/3modules/fetchWallpaper.nix (limited to 'lass') diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index effbd6c85..9c27706cb 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -3,7 +3,7 @@ let in { - lass.fetchWallpaper = { + krebs.fetchWallpaper = { enable = true; url = "echelon/wallpaper.png"; }; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 5fa5160ee..0dcad971c 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -8,6 +8,5 @@ _: ./urxvtd.nix ./xresources.nix ./wordpress_nginx.nix - ./fetchWallpaper.nix ]; } diff --git a/lass/3modules/fetchWallpaper.nix b/lass/3modules/fetchWallpaper.nix deleted file mode 100644 index 9baebedbd..000000000 --- a/lass/3modules/fetchWallpaper.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.lass.fetchWallpaper; - - out = { - options.lass.fetchWallpaper = api; - config = mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "fetch wallpaper"; - predicate = mkOption { - type = with types; nullOr path; - default = null; - }; - url = mkOption { - type = types.str; - }; - timerConfig = mkOption { - type = types.unspecified; - default = { - OnCalendar = "*:00,10,20,30,40,50"; - }; - }; - stateDir = mkOption { - type = types.str; - default = "/tmp/wallpaper"; - }; - display = mkOption { - type = types.str; - default = ":11"; - }; - }; - - fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" '' - #! ${pkgs.bash}/bin/bash - ${if (cfg.predicate == null) then "" else '' - ${cfg.predicate} - if [ $? -ne 0 ]; then - echo "predicate failed" - exit 23 - fi - ''} - mkdir -p ${shell.escape cfg.stateDir} - curl -s -o ${shell.escape cfg.stateDir}/wallpaper -z ${shell.escape cfg.stateDir}/wallpaper ${shell.escape cfg.url} - feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper - ''; - - imp = { - users.extraUsers.fetchWallpaper = { - name = "fetchWallpaper"; - uid = 3332383611; #genid fetchWallpaper - description = "fetchWallpaper user"; - home = "/var/empty"; - }; - - systemd.timers.fetchWallpaper = { - description = "fetch wallpaper timer"; - wantedBy = [ "timers.target" ]; - - timerConfig = cfg.timerConfig; - }; - systemd.services.fetchWallpaper = { - description = "fetch wallpaper"; - after = [ "network.target" ]; - - path = with pkgs; [ - curl - feh - ]; - - environment = { - URL = cfg.url; - DISPLAY = cfg.display; - }; - - restartIfChanged = true; - - serviceConfig = { - Type = "simple"; - ExecStart = fetchWallpaperScript; - User = "fetchWallpaper"; - }; - }; - }; -in out -- cgit v1.2.3 From c0786aee72507e08ab61b5e9391afb4e7fba76fa Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 19:40:44 +0100 Subject: l 5 xmonad-lass: deactivate yeganesh, workspace0 --- lass/5pkgs/xmonad-lass/Main.hs | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index 10a3c5638..ce5afe33a 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -49,6 +49,7 @@ import XMonad.Stockholm.Pager import XMonad.Stockholm.Rhombus import XMonad.Stockholm.Shutdown + myTerm :: String myTerm = "urxvtc" @@ -65,6 +66,7 @@ main = getArgs >>= \case mainNoArgs :: IO () mainNoArgs = do + workspaces0 <- getWorkspaces0 xmonad' -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } -- urgencyConfig { remindWhen = Every 1 } @@ -74,6 +76,7 @@ mainNoArgs = do $ defaultConfig { terminal = myTerm , modMask = mod4Mask + , workspaces = workspaces0 , layoutHook = smartBorders $ myLayoutHook -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent --, handleEventHook = handleTimerEvent @@ -100,16 +103,26 @@ xmonad' conf = do hPutStrLn stderr (displaySomeException e) xmonad conf +getWorkspaces0 :: IO [String] +getWorkspaces0 = + try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case + Left e -> warn (displaySomeException e) + Right p -> try (readFile p) >>= \case + Left e -> warn (displaySomeException e) + Right x -> case readEither x of + Left e -> warn e + Right y -> return y + where + warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return [] displaySomeException :: SomeException -> String displaySomeException = displayException myKeyMap = - [ ("M4-", spawn "i3lock -i ~/lock.png -u" ) + [ ("M4-", spawn "/var/setuid-wrappers/slock") , ("M4-p", spawn "passmenu --type") - , ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"") - -- , ("M4-r", io (readProcess "yeganesh" ["-x"] "" >>= putStrLn ) ) + --, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"") , ("", spawn "pactl -- set-sink-volume 0 +4%") , ("", spawn "pactl -- set-sink-volume 0 -4%") , ("", gridselectWorkspace myWSConfig W.view) -- cgit v1.2.3