From 8f6dc4a1316ff6812a248923a974e044576583fe Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 13 Nov 2018 20:55:04 +0100 Subject: ejabberd: replaced by upstream --- tv/3modules/ejabberd/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'tv/3modules') diff --git a/tv/3modules/ejabberd/config.nix b/tv/3modules/ejabberd/config.nix index 68bcfa34..a0631e22 100644 --- a/tv/3modules/ejabberd/config.nix +++ b/tv/3modules/ejabberd/config.nix @@ -87,7 +87,6 @@ in /* yaml */ '' mod_configure: {} mod_disco: {} mod_echo: {} - mod_irc: {} mod_bosh: {} mod_last: {} mod_offline: -- cgit v1.2.3 From 2be0042d4288a5eae3b28c0d2db2fb855e8a82fe Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 26 Nov 2018 14:49:13 +0100 Subject: tv dnsmasq service: init --- tv/3modules/default.nix | 1 + tv/3modules/dnsmasq.nix | 57 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 tv/3modules/dnsmasq.nix (limited to 'tv/3modules') diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 493cc8b7..6172feb0 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -1,6 +1,7 @@ { imports = [ ./charybdis + ./dnsmasq.nix ./ejabberd ./hosts.nix ./iptables.nix diff --git a/tv/3modules/dnsmasq.nix b/tv/3modules/dnsmasq.nix new file mode 100644 index 00000000..ec927f98 --- /dev/null +++ b/tv/3modules/dnsmasq.nix @@ -0,0 +1,57 @@ +with import ; +{ config, ... }: let + cfg = config.tv.dnsmasq; +in { + + options.tv.dnsmasq = { + enable = mkEnableOption "tv.dnsmasq"; + dhcp-range = mkOption { + type = types.str; + }; + interface = mkOption { + type = types.str; + }; + address = mkOption { + type = types.str; + }; + prefixLength = mkOption { + type = types.addCheck types.int (x: x >= 0 && x <= 32); + }; + }; + + config = mkIf cfg.enable (mkMerge [ + { + networking.dhcpcd.denyInterfaces = [ cfg.interface ]; + services.dnsmasq.resolveLocalQueries = false; + networking.interfaces.${cfg.interface} = { + ipv4.addresses = singleton { + address = cfg.address; + prefixLength = cfg.prefixLength; + }; + }; + services.dnsmasq.enable = true; + services.dnsmasq.extraConfig = '' + dhcp-range=${cfg.dhcp-range} + interface=${cfg.interface} + ''; + tv.iptables.extra.filter.INPUT = [ + "-i ${cfg.interface} -p tcp -m tcp --dport bootps -j ACCEPT" + "-i ${cfg.interface} -p udp -m udp --dport bootps -j ACCEPT" + "-i ${cfg.interface} -p tcp -m tcp --dport domain -j ACCEPT" + "-i ${cfg.interface} -p udp -m udp --dport domain -j ACCEPT" + ]; + } + { + # enable forwarding + boot.kernel.sysctl."net.ipv4.ip_forward" = true; + tv.iptables.extra.filter.FORWARD = [ + "-m state --state RELATED,ESTABLISHED -j ACCEPT" + "-i ${cfg.interface} -j ACCEPT" + ]; + tv.iptables.extra.nat.POSTROUTING = [ + "-j MASQUERADE" + ]; + } + ]); + +} -- cgit v1.2.3 From 9f4d207bb72f4808ef60560e70a811c321bebabe Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 15:35:37 +0100 Subject: tv slock service: init --- tv/3modules/default.nix | 1 + tv/3modules/slock.nix | 71 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 tv/3modules/slock.nix (limited to 'tv/3modules') diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 6172feb0..f53a58e9 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -6,6 +6,7 @@ ./hosts.nix ./iptables.nix ./nixpkgs-overlays.nix + ./slock.nix ./x0vncserver.nix ]; } diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix new file mode 100644 index 00000000..1c84b1e9 --- /dev/null +++ b/tv/3modules/slock.nix @@ -0,0 +1,71 @@ +with import ; +{ config, pkgs, ... }: let + cfg = config.tv.slock; +in { + options.tv.slock = { + enable = mkEnableOption "tv.slock"; + package = mkOption { + default = pkgs.execBin "slock" rec { + filename = "${pkgs.systemd}/bin/systemctl"; + argv = [ filename "start" "slock-${cfg.user.name}.service" ]; + }; + type = types.package; + }; + user = mkOption { + type = types.user; + }; + }; + config = mkIf cfg.enable { + security.polkit.extraConfig = /* js */ '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units" && + action.lookup("unit") == "slock-${cfg.user.name}.service" && + subject.user == ${toJSON cfg.user.name}) { + return polkit.Result.YES; + } + }); + ''; + systemd.services."slock-${cfg.user.name}" = { + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" { + passAsFile = ["text"]; + text = /* c */ '' + #include + #include + + static struct spwd entry = { + .sp_namp = "", + .sp_pwdp = + ${toC config.users.users.${cfg.user.name}.hashedPassword}, + .sp_lstchg = 0, + .sp_min = 0, + .sp_max = 0, + .sp_warn = 0, + .sp_inact = 0, + .sp_expire = 0, + .sp_flag = 0, + }; + + extern struct spwd *getspnam(const char *name) { return &entry; } + extern int setgroups(size_t size, const gid_t *list) { return 0; } + extern int setgid(gid_t gid) { return 0; } + extern int setuid(uid_t uid) { return 0; } + ''; + } /* sh */ '' + gcc -Wall -shared -o $out -xc "$textPath" + ''; + }; + restartIfChanged = false; + serviceConfig = { + ExecStart = "${pkgs.slock}/bin/slock"; + OOMScoreAdjust = -1000; + Restart = "on-failure"; + RestartSec = "100ms"; + StartLimitBurst = 0; + SyslogIdentifier = "slock"; + User = cfg.user.name; + }; + }; + }; +} -- cgit v1.2.3