summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2016-06-30 21:51:09 +0200
committerlassulus <lass@aidsballs.de>2016-06-30 21:51:09 +0200
commitb3fa9cbd7e4bc8fe950aed139d857a2f14775b94 (patch)
tree223af7528e038008bf8de4252dc986910f380f13
parenteac3b2f4b46c9046205bc2507cd8fab3840929bb (diff)
parent4d63548868ec4806d62d82337bb278e6dd34f21e (diff)
Merge remote-tracking branch 'cd/master'
-rw-r--r--krebs/3modules/default.nix2
-rw-r--r--krebs/3modules/miefda/default.nix39
-rw-r--r--krebs/3modules/mv/default.nix39
-rw-r--r--krebs/4lib/default.nix4
-rw-r--r--krebs/5pkgs/builders.nix66
-rw-r--r--miefda/1systems/bobby.nix102
-rw-r--r--miefda/2configs/git.nix91
-rw-r--r--miefda/2configs/hardware-configuration.nix23
-rw-r--r--miefda/2configs/miefda.nix8
-rw-r--r--miefda/2configs/tinc-basic-retiolum.nix14
-rw-r--r--miefda/2configs/tlp.nix25
-rw-r--r--miefda/2configs/x220t.nix27
-rw-r--r--miefda/default.nix6
-rw-r--r--mv/1systems/stro.nix245
-rw-r--r--mv/2configs/bash_completion.sh779
-rw-r--r--mv/2configs/default.nix197
-rw-r--r--mv/2configs/git.nix62
-rw-r--r--mv/2configs/hw/x220.nix77
-rw-r--r--mv/2configs/mail-client.nix13
-rw-r--r--mv/2configs/smartd.nix17
-rw-r--r--mv/2configs/vim.nix123
-rw-r--r--mv/2configs/xserver/Xresources.nix215
-rw-r--r--mv/2configs/xserver/default.nix153
-rw-r--r--mv/2configs/xserver/xserver.conf.nix40
-rw-r--r--mv/3modules/default.nix7
-rw-r--r--mv/3modules/iptables.nix125
-rw-r--r--mv/5pkgs/default.nix24
-rw-r--r--mv/5pkgs/xmonad-tv/.gitignore1
-rw-r--r--mv/5pkgs/xmonad-tv/Main.hs277
-rw-r--r--mv/5pkgs/xmonad-tv/Makefile6
-rw-r--r--mv/5pkgs/xmonad-tv/xmonad.cabal17
-rw-r--r--tv/2configs/audit.nix9
-rw-r--r--tv/2configs/default.nix3
-rw-r--r--tv/2configs/vim.nix354
34 files changed, 266 insertions, 2924 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index c114b74df..a38d2b227 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -91,8 +91,6 @@ let
imp = lib.mkMerge [
{ krebs = import ./lass { inherit config lib; }; }
{ krebs = import ./makefu { inherit config lib; }; }
- { krebs = import ./miefda { inherit config lib; }; }
- { krebs = import ./mv { inherit config lib; }; }
{ krebs = import ./shared { inherit config lib; }; }
{ krebs = import ./tv { inherit config lib; }; }
{
diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix
deleted file mode 100644
index a03f7ff4d..000000000
--- a/krebs/3modules/miefda/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, lib, ... }:
-
-with config.krebs.lib;
-
-{
- hosts = mapAttrs (_: setAttr "owner" config.krebs.users.miefda) {
- bobby = {
- cores = 4;
- nets = {
- retiolum = {
- ip4.addr = "10.243.111.112";
- ip6.addr = "42:0:0:0:0:0:111:112";
- aliases = [
- "bobby.retiolum"
- "cgit.bobby.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
- uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
- Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
- 0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
- jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
- cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- #ssh.privkey.path = <secrets/ssh.ed25519>;
- #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
- };
- };
- users = {
- miefda = {
- mail = "miefda@miefda.de";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos";
- };
- };
-}
diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix
deleted file mode 100644
index 20118c61f..000000000
--- a/krebs/3modules/mv/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, ... }:
-
-with config.krebs.lib;
-
-{
- hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) {
- stro = {
- cores = 4;
- nets = {
- retiolum = {
- ip4.addr = "10.243.111.111";
- ip6.addr = "42:0:0:0:0:0:111:111";
- aliases = [
- "stro.retiolum"
- "cgit.stro.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA0vIzLyoetOyi3R7qOh3gjSvUVjPEdqCvd0NEevDCIhhFy0nIbZ/b
- vnuk3EUeTb6e384J8fKB4agig0JeR3JjtDvtjy5g9Cdy2nrU71w8wqU0etmv2PTb
- FjbCFfeBXn0N3U7gXwjZGCvjAXa1a4jGb4R2iYBYGG3aY4reCN8B8Ah81h+S0oLg
- ZJJfaBmWM5vNRFEI5X4CLaVnwtsoZuXIjYStgNn/9Mg/Y6NQS0H0H+HFeyhigAqG
- oYGqNar/2QqPU176V/FwrD30F3qJV1uyzuPta7hmdfOxqYjZ/jqdPSRYtlunYYcq
- XbH5oYmzO9NEeVWzjdac/DiV2OP8HufoYwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
- };
- };
- users = {
- mv-stro = {
- mail = "mv@stro.retiolum";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxM34g1GUm5EtU00DAOlGSx8MsCWunhGTrozurj460QT7EdUbZvj0AcrQC0lP9kaZyhX+KueTjmLC+ICsnlHYeg4zoSEnSAUkccuyZxfgynVc4wrpfNAc1nHjDhDb/ulnC+8wNxvxUpI0XlBgu/Y7AbbChZj3ofv6uGGHJKfG3uSyCkt9VTCi1KwydHpe9P252N8NbopnbnkT0EMkRHruh7ICEKr4/ivmUL/IUrbFicEeCy4SeRAl8+00x4WqqvbBPzgdXn0AIjKLvus3dBoQubJNpUoXnyXJbElnit5a7QcgZJNLMbV0kf9zzCGduxkADzHkAFB9D4PuSMYt62iy12QlGbm80A9ncuwaSyJf7hPTvNbU8VyCblyfRz/SCaudUrfk5Xbxxu26FHi4hZqr3IUQt4T8pD8JWYGl4n2ZKnD8hHz/jrmNBK8h9d+VFafU9t1hRxlFsW1AhMEM+kfWClyhfTcKBKbml2a657lgUEVmlZt+18kwwsivM1QhHNTgxn5urRXRkh1VQ40UQroVuV1OUmvAngyAthF441VPGc5z7kEI+D4qjmUjSy6k4dvEy/RGfsAgJCf63zilRuUbL68f2OpxE8aeZZUXPvgdLml284pry7+C5sjlnCDoJfCj/yhdVx6mU9pWUd/Q97CLQewbsYhMzsqlBlIkXuipkDQ== mv@stro";
- };
- };
-}
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index afff17296..296748333 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -58,6 +58,10 @@ let out = rec {
genAttrs' = names: f: listToAttrs (map f names);
+ getAttrs = names: set:
+ listToAttrs (map (name: nameValuePair name set.${name})
+ (filter (flip hasAttr set) names));
+
setAttr = name: value: set: set // { ${name} = value; };
optionalTrace = c: msg: x: if c then trace msg x else x;
diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix
index 924e0c086..dcd49fc10 100644
--- a/krebs/5pkgs/builders.nix
+++ b/krebs/5pkgs/builders.nix
@@ -74,33 +74,59 @@ rec {
writeOut = name: specs0:
let
- specs = mapAttrsToList (path0: spec0: rec {
- path = guard {
- type = types.pathname;
- value = path0;
- };
- var = "file_${hashString "sha1" path}";
- text = spec0.text;
- executable = guard {
- type = types.bool;
- value = spec0.executable or false;
+ writers.link =
+ { path
+ , link
+ }:
+ assert path == "" || types.absolute-pathname.check path;
+ assert types.package.check link;
+ {
+ install = /* sh */ ''
+ ${optionalString (dirOf path != "/") /* sh */ ''
+ ${pkgs.coreutils}/bin/mkdir -p $out${dirOf path}
+ ''}
+ ${pkgs.coreutils}/bin/ln -s ${link} $out${path}
+ '';
};
- mode = guard {
- type = types.file-mode;
- value = spec0.mode or (if executable then "0755" else "0644");
+
+ writers.text =
+ { path
+ , executable ? false
+ , mode ? if executable then "0755" else "0644"
+ , text
+ }:
+ assert path == "" || types.absolute-pathname.check path;
+ assert types.bool.check executable;
+ assert types.file-mode.check mode;
+ rec {
+ var = "file_${hashString "sha1" path}";
+ val = text;
+ install = /* sh */ ''
+ ${pkgs.coreutils}/bin/install -m ${mode} -D ''$${var}Path $out${path}
+ '';
};
- }) specs0;
- filevars = genAttrs' specs (spec: nameValuePair spec.var spec.text);
+ write = spec: writers.${spec.type} (removeAttrs spec ["type"]);
+
+ specs =
+ mapAttrsToList
+ (path: spec: let
+ known-types = [ "link" "text" ];
+ found-types = attrNames (getAttrs known-types spec);
+ type = assert length found-types == 1; head found-types;
+ in spec // { inherit path type; })
+ specs0;
+
+ files = map write specs;
+
+ filevars = genAttrs' (filter (hasAttr "var") files)
+ (spec: nameValuePair spec.var spec.val);
env = filevars // { passAsFile = attrNames filevars; };
in
pkgs.runCommand name env /* sh */ ''
set -efu
- PATH=${makeBinPath [pkgs.coreutils]}
- ${concatMapStrings (spec: /* sh */ ''
- install -m ${spec.mode} -D ''$${spec.var}Path $out${spec.path}
- '') specs}
+ ${concatMapStringsSep "\n" (getAttr "install") files}
'';
writeHaskell =
@@ -213,4 +239,6 @@ rec {
(name: path: pkgs.runCommand name {} /* sh */ ''
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
'');
+
+ writeSed = makeScriptWriter "${pkgs.gnused}/bin/sed -f";
}
diff --git a/miefda/1systems/bobby.nix b/miefda/1systems/bobby.nix
deleted file mode 100644
index b85e686b5..000000000
--- a/miefda/1systems/bobby.nix
+++ /dev/null
@@ -1,102 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
- imports =
- [ # Include the results of the hardware scan.
- ../.
- ../2configs/miefda.nix
- ../2configs/tlp.nix
- ../2configs/x220t.nix
- ../2configs/hardware-configuration.nix
- ../2configs/tinc-basic-retiolum.nix
- ../2configs/git.nix
- ];
-
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda";
-
- networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
-
- # Select internationalisation properties.
- i18n = {
- # consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "us";
- # defaultLocale = "en_US.UTF-8";
- };
-
- # Set your time zone.
- time.timeZone = "Europe/Amsterdam";
-
- # List packages installed in system profile. To search by name, run:
- # $ nix-env -qaP | grep wget
- environment.systemPackages = with pkgs; [
- wget chromium
- ];
-
- # List services that you want to enable:
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- # Enable CUPS to print documents.
- services.printing.enable = true;
-
- # Enable the X11 windowing system.
- services.xserver.enable = true;
- services.xserver.layout = "us";
- # services.xserver.xkbOptions = "eurosign:e";
-
- # Enable the KDE Desktop Environment.
- #services.xserver.displayManager.kdm.enable = true;
- services.xserver.desktopManager = {
- xfce.enable = true;
- xterm.enable= false;
- };
-
- # Define a user account. Don't forget to set a password with ‘passwd’.
- users.extraUsers.miefda = {
- isNormalUser = true;
- initialPassword= "welcome";
- uid = 1000;
- extraGroups= [
- "wheel"
- ];
- };
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "15.09";
-
-
- networking.hostName = config.krebs.build.host.name;
-
- krebs = {
- enable = true;
- search-domain = "retiolum";
- build = {
- host = config.krebs.hosts.bobby;
- user = config.krebs.users.miefda;
- source = {
- git.nixpkgs = {
- url = https://github.com/Lassulus/nixpkgs;
- rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251";
- target-path = "/var/src/nixpkgs";
- };
- dir.secrets = {
- host = config.krebs.hosts.bobby;
- path = "/home/miefda/secrets/${config.krebs.build.host.name}";
- };
- dir.stockholm = {
- host = config.krebs.hosts.bobby;
- path = "/home/miefda/gits/stockholm";
- };
- };
- };
- };
-}
diff --git a/miefda/2configs/git.nix b/miefda/2configs/git.nix
deleted file mode 100644
index 51679d2a5..000000000
--- a/miefda/2configs/git.nix
+++ /dev/null
@@ -1,91 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
-
- out = {
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "public repositories at ${config.krebs.build.host.name}";
- root-desc = "keep calm and engage";
- };
- };
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
- rules = rules;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
-
- repos =
- public-repos //
- optionalAttrs config.krebs.build.host.secure restricted-repos;
-
- rules = concatMap make-rules (attrValues repos);
-
- public-repos = mapAttrs make-public-repo {
- painload = {};
- stockholm = {
- cgit.desc = "take all the computers hostage, they'll love you!";
- };
- #wai-middleware-time = {};
- #web-routes-wai-custom = {};
- #go = {};
- #newsbot-js = {};
- #kimsufi-check = {};
- #realwallpaper = {};
- };
-
- restricted-repos = mapAttrs make-restricted-repo (
- {
- brain = {
- collaborators = with config.krebs.users; [ tv makefu ];
- };
- } //
- import <secrets/repos.nix> { inherit config lib pkgs; }
- );
-
- make-public-repo = name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = true;
- hooks = {
- post-receive = pkgs.git-hooks.irc-announce {
- # TODO make nick = config.krebs.build.host.name the default
- nick = config.krebs.build.host.name;
- channel = "#retiolum";
- server = "cd.retiolum";
- verbose = config.krebs.build.host.name == "bobby";
- };
- };
- };
-
- make-restricted-repo = name: { collaborators ? [], ... }: {
- inherit collaborators name;
- public = false;
- };
-
- make-rules =
- with git // config.krebs.users;
- repo:
- singleton {
- user = miefda;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional repo.public {
- user = [ lass tv makefu uriel ];
- repo = [ repo ];
- perm = fetch;
- } ++
- optional (length (repo.collaborators or []) > 0) {
- user = repo.collaborators;
- repo = [ repo ];
- perm = fetch;
- };
-
-in out
diff --git a/miefda/2configs/hardware-configuration.nix b/miefda/2configs/hardware-configuration.nix
deleted file mode 100644
index 3eb1f43fe..000000000
--- a/miefda/2configs/hardware-configuration.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usb_storage" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/4db70ae3-1ff9-43d7-8fcc-83264761a0bb";
- fsType = "ext4";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = 4;
-}
diff --git a/miefda/2configs/miefda.nix b/miefda/2configs/miefda.nix
deleted file mode 100644
index f17e8aa34..000000000
--- a/miefda/2configs/miefda.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-{
-
- #networking.wicd.enable = true;
-
-}
diff --git a/miefda/2configs/tinc-basic-retiolum.nix b/miefda/2configs/tinc-basic-retiolum.nix
deleted file mode 100644
index f82fd6b03..000000000
--- a/miefda/2configs/tinc-basic-retiolum.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-{
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "gum"
- "pigstarter"
- "prism"
- "ire"
- ];
- };
-}
diff --git a/miefda/2configs/tlp.nix b/miefda/2configs/tlp.nix
deleted file mode 100644
index 32f4f2ee7..000000000
--- a/miefda/2configs/tlp.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-{
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
- hardware.cpu.intel.updateMicrocode = true;
-
- zramSwap.enable = true;
- zramSwap.numDevices = 2;
-
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 220;
- emulateWheel = true;
- };
-
-
- services.tlp.enable = true;
- services.tlp.extraConfig = ''
- START_CHARGE_THRESH_BAT0=80
- '';
-}
diff --git a/miefda/2configs/x220t.nix b/miefda/2configs/x220t.nix
deleted file mode 100644
index 2d128e533..000000000
--- a/miefda/2configs/x220t.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-{
-
- services.xserver = {
- xkbVariant = "altgr-intl";
- videoDriver = "intel";
- # vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- '';
- };
-
-
-
- services.xserver.displayManager.sessionCommands =''
- xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
- xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2
- xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
- # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200
- '';
-
- hardware.bluetooth.enable = true;
-
-
-}
diff --git a/miefda/default.nix b/miefda/default.nix
deleted file mode 100644
index 7f275c2eb..000000000
--- a/miefda/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-_:
-{
- imports = [
- ../krebs
- ];
-}
diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix
deleted file mode 100644
index 520bf14eb..000000000
--- a/mv/1systems/stro.nix
+++ /dev/null
@@ -1,245 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-{
- krebs.build.host = config.krebs.hosts.stro;
-
- krebs.build.source.git.nixpkgs.rev =
- "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a";
-
- imports = [
- ../.
- ../2configs/hw/x220.nix
- ../2configs/git.nix
- ../2configs/mail-client.nix
- ../2configs/xserver
- {
- environment.systemPackages = with pkgs; [
-
- # stockholm
- genid
- gnumake
- hashPassword
- lentil
- parallel
- (pkgs.writeScriptBin "im" ''
- #! ${pkgs.bash}/bin/bash
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
-
- # root
- cryptsetup
- ntp # ntpate
-
- # tv
- bc
- bind # dig
- #cac
- dic
- file
- gnupg21
- haskellPackages.hledger
- htop
- jq
- manpages
- mkpasswd
- netcat
- nix-repl
- nmap
- p7zip
- pass
- posix_man_pages
- qrencode
- texLive
- tmux
-
- #ack
- #apache-httpd
- #ascii
- #emacs
- #es
- #esniper
- #gcc
- #gptfdisk
- #graphviz
- #haskellPackages.cabal2nix
- #haskellPackages.ghc
- #haskellPackages.shake
- #hdparm
- #i7z
- #iftop
- #imagemagick
- #inotifyTools
- #iodine
- #iotop
- #lshw
- #lsof
- #minicom
- #mtools
- #ncmpc
- #nethogs
- #nix-prefetch-scripts #cvs bug
- #openssl
- #openswan
- #parted
- #perl
- #powertop
- #ppp
- #proot
- #pythonPackages.arandr
- #pythonPackages.youtube-dl
- #racket
- #rxvt_unicode-with-plugins
- #scrot
- #sec
- #silver-searcher
- #sloccount
- #smartmontools
- #socat
- #sshpass
- #strongswan
- #sysdig
- #sysstat
- #tcpdump
- #tlsdate
- #unetbootin
- #utillinuxCurses
- #wvdial
- #xdotool
- #xkill
- #xl2tpd
- #xsel
-
- unison
- ];
- }
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "http"
- "tinc"
- "smtp"
- ];
- };
- }
- {
- krebs.exim-retiolum.enable = true;
- }
- {
- krebs.nginx = {
- enable = true;
- servers.default.locations = [
- (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '')
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "cd"
- "gum"
- "wry"
- ];
- };
- }
- ];
-
- boot.initrd.luks = {
- cryptoModules = [ "aes" "sha512" "xts" ];
- devices = [
- { name = "xuca"; device = "/dev/sda2"; }
- ];
- };
-
- fileSystems = {
- "/" = {
- device = "/dev/mapper/xuvga-root";
- fsType = "btrfs";
- options = "defaults,noatime,ssd,compress=lzo";
- };
- "/home" = {
- device = "/dev/mapper/xuvga-home";
- fsType = "btrfs";
- options = "defaults,noatime,ssd,compress=lzo";
- };
- "/boot" = {
- device = "/dev/sda1";
- };
- "/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = "nosuid,nodev,noatime";
- };
- };
-
- nixpkgs.config.chromium.enablePepperFlash = true;
-
- #nixpkgs.config.allowUnfreePredicate = pkg:
- # pkgs.lib.hasPrefix "virtualbox" pkg.name;
-
- #nixpkgs.config.allowUnfree = true;
- #hardware.bumblebee.enable = true;
- #hardware.bumblebee.group = "video";
- hardware.enableAllFirmware = true;
- #hardware.opengl.driSupport32Bit = true;
- hardware.pulseaudio.enable = true;
-
- environment.systemPackages = with pkgs; [
- #xlibs.fontschumachermisc
- #slock
- ethtool
- #firefoxWrapper # with plugins
- #chromiumDevWrapper
- tinc
- iptables
- #jack2
-
- gptfdisk
- ];
-
- security.setuidPrograms = [
- "sendmail" # for cron
- ];
-
- services.bitlbee.enable = true;
- services.printing.enable = true;
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- # see tmpfiles.d(5)
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -" # does this work with mounted /tmp?
- ];
-
- #virtualisation.libvirtd.enable = true;
-
- #services.bitlbee.enable = true;
- #services.tor.client.enable = true;
- #services.tor.enable = true;
-
- #nixpkgs.config.virtualbox.enableExtensionPack = true;
-
- # XXX Enable for maximum slowness:
- virtualisation.virtualbox.host.enable = true;
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.st