diff options
author | tv <tv@krebsco.de> | 2017-03-05 00:28:32 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-03-05 00:28:32 +0100 |
commit | 4499cc406560963d65b016075ba2df6451c834cd (patch) | |
tree | ffea19187190a105e7b0caf617a0215c02c281da /lass/2configs | |
parent | d7761aed6559adba3cfa61d822165c42c90fc276 (diff) | |
parent | 39fd77b84c7c14d6460722721726b378bdab7acd (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs')
27 files changed, 310 insertions, 336 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 2933ca0e4..275b93f26 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -1,13 +1,15 @@ { config, pkgs, ... }: - +with import <stockholm/lib>; let - mainUser = config.users.extraUsers.mainUser; + user = config.krebs.build.user; in { imports = [ - ./xserver ./mpv.nix ./power-action.nix ./screenlock.nix + ./copyq.nix + ./xresources.nix + ./livestream.nix { hardware.pulseaudio = { enable = true; @@ -32,15 +34,15 @@ in { programs.ssh.startAgent = false; - security.setuidPrograms = [ "slock" ]; - services.printing = { enable = true; - drivers = [ pkgs.foomatic_filters ]; + drivers = [ + pkgs.foomatic_filters + pkgs.gutenprint + ]; }; environment.systemPackages = with pkgs; [ - acpi dic dmenu @@ -66,37 +68,37 @@ in { youtube-tools rxvt_unicode - #window manager stuff - #haskellPackages.xmobar - #haskellPackages.yeganesh - #dmenu2 - #xlibs.fontschumachermisc ]; - #fonts.fonts = [ - # pkgs.xlibs.fontschumachermisc - #]; - - #services.xserver = { - # enable = true; - - # windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [ - # X11-xshape - # ]; - # windowManager.xmonad.enable = true; - # windowManager.xmonad.enableContribAndExtras = true; - # windowManager.default = "xmonad"; - # desktopManager.default = "none"; - # desktopManager.xterm.enable = false; - # displayManager.slim.enable = true; - # displayManager.auto.enable = true; - # displayManager.auto.user = mainUser.name; - - # layout = "us"; - # xkbModel = "evdev"; - # xkbVariant = "altgr-intl"; - # xkbOptions = "caps:backspace"; - #}; + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + services.xserver = { + enable = true; + + desktopManager.xterm.enable = false; + desktopManager.default = "none"; + displayManager.lightdm.enable = true; + displayManager.lightdm.autoLogin = { + enable = true; + user = "lass"; + }; + windowManager.default = "xmonad"; + windowManager.session = [{ + name = "xmonad"; + start = '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: + ${pkgs.xmonad-lass}/bin/xmonad & + waitPID=$! + ''; + }]; + + layout = "us"; + xkbModel = "evdev"; + xkbVariant = "altgr-intl"; + xkbOptions = "caps:backspace"; + }; services.logind.extraConfig = '' HandleLidSwitch=ignore @@ -107,4 +109,6 @@ in { twoFingerScroll = true; accelFactor = "0.035"; }; + + services.urxvtd.enable = true; } diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix index 108ff7a1e..9dba5fbfb 100644 --- a/lass/2configs/binary-cache/client.nix +++ b/lass/2configs/binary-cache/client.nix @@ -2,8 +2,14 @@ { nix = { - binaryCaches = ["http://cache.prism.r"]; - binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + binaryCaches = [ + "http://cache.prism.r" + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; }; } diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 88ee70802..6c381863c 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -20,7 +20,7 @@ let createChromiumUser = name: extraGroups: let bin = pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ ''; in { users.extraUsers.${name} = { @@ -43,7 +43,7 @@ let createFirefoxUser = name: extraGroups: let bin = pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ ''; in { users.extraUsers.${name} = { diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index cd11254d6..2bd3e9914 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -216,7 +216,7 @@ in { enable = true; nick = "buildbot-lass"; server = "ni.r"; - channels = [ { channel = "retiolum"; } ]; + channels = [ { channel = "retiolum"; } { channel = "noise"; } ]; allowForce = true; }; }; diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix new file mode 100644 index 000000000..0616c4025 --- /dev/null +++ b/lass/2configs/copyq.nix @@ -0,0 +1,38 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +let + copyqConfig = pkgs.writeDash "copyq-config" '' + ${pkgs.copyq}/bin/copyq config check_clipboard true + ${pkgs.copyq}/bin/copyq config check_selection true + ${pkgs.copyq}/bin/copyq config copy_clipboard true + ${pkgs.copyq}/bin/copyq config copy_selection true + + ${pkgs.copyq}/bin/copyq config activate_closes true + ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 + ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard + ${pkgs.copyq}/bin/copyq config disable_tray true + ${pkgs.copyq}/bin/copyq config hide_tabs true + ${pkgs.copyq}/bin/copyq config hide_toolbar true + ${pkgs.copyq}/bin/copyq config item_popup_interval true + ${pkgs.copyq}/bin/copyq config maxitems 1000 + ${pkgs.copyq}/bin/copyq config move true + ${pkgs.copyq}/bin/copyq config text_wrap true + ''; +in { + systemd.user.services.copyq = { + after = [ "graphical.target" ]; + wants = [ "graphical.target" ]; + wantedBy = [ "default.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + SyslogIdentifier = "copyq"; + ExecStart = "${pkgs.copyq}/bin/copyq"; + ExecStartPost = copyqConfig; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + }; + }; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index d1810c00c..3e7881fb4 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -1,5 +1,4 @@ -{ config, lib, pkgs, ... }: - +{ config, pkgs, ... }: with import <stockholm/lib>; { imports = [ @@ -11,6 +10,7 @@ with import <stockholm/lib>; ../2configs/vim.nix ../2configs/monitoring/client.nix ./backups.nix + ./security-workarounds.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) @@ -62,6 +62,12 @@ with import <stockholm/lib>; pkgs.pythonPackages.python ]; } + { + services.dnscrypt-proxy.enable = true; + networking.extraResolvconfConf = '' + name_servers='127.0.0.1' + ''; + } ]; networking.hostName = config.krebs.build.host.name; @@ -129,6 +135,7 @@ with import <stockholm/lib>; #neat utils krebspaste + mosh pciutils pop psmisc @@ -155,6 +162,7 @@ with import <stockholm/lib>; shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion complete -d cd + LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS ''; promptInit = '' if test $UID = 0; then @@ -202,6 +210,7 @@ with import <stockholm/lib>; filter.INPUT.rules = [ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index d120dfcad..3353cdac0 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -8,11 +8,12 @@ with import <stockholm/lib>; dkim = [ { domain = "lassul.us"; } ]; + primary_hostname = "lassul.us"; sender_domains = [ "lassul.us" "aidsballs.de" ]; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors config.krebs.hosts.uriel config.krebs.hosts.helios diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index 29f321994..971be9588 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -9,9 +9,5 @@ in { url = "prism/wallpaper.png"; maxTime = 10; }; - systemd.services.fetchWallpaper = { - after = [ "xmonad.service" ]; - wantedBy = [ "xmonad.service" ]; - }; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 1bcb8c676..d114a826d 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -11,7 +11,6 @@ let DOOM_DIR=''${DOOM_DIR:-~/doom/} ${vdoom} \ -file $DOOM_DIR/lib/brutalv20.pk3 \ - -file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \ "$@" ''; doom1 = pkgs.writeDashBin "doom1" '' @@ -31,6 +30,31 @@ let ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" ''; + doomservercfg = pkgs.writeText "doomserver.cfg" '' + skill 7 + #survival true + #sv_maxlives 4 + #sv_norespawn true + #sv_weapondrop true + no_jump true + #sv_noweaponspawn true + sv_sharekeys true + sv_survivalcountdowntime 1 + sv_noteamselect true + sv_updatemaster false + #sv_coop_loseinventory true + #cl_startasspectator false + #lms_spectatorview false + ''; + + vdoomserver = pkgs.writeDashBin "vdoomserver" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + + ${pkgs.zandronum-bin}/bin/zandronum-server \ + +exec ${doomservercfg} \ + "$@" + ''; + in { environment.systemPackages = with pkgs; [ dwarf_fortress @@ -38,6 +62,7 @@ in { doom2 vdoom1 vdoom2 + vdoomserver ]; users.extraUsers = { @@ -56,4 +81,9 @@ in { security.sudo.extraConfig = '' ${mainUser.name} ALL=(games) NOPASSWD: ALL ''; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 10666"; target = "ACCEPT"; } + { predicate = "-p udp --dport 10666"; target = "ACCEPT"; } + ]; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index bdd65ce09..3e1b2c6e3 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -5,6 +5,7 @@ with import <stockholm/lib>; let out = { + services.nginx.enable = true; krebs.git = { enable = true; cgit = { diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index 7d4d544aa..a28a6a5d2 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -8,7 +8,6 @@ with import <stockholm/lib>; extraGroups = [ "libvirtd" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex" - config.krebs.users.lass.pubkey ]; }; @@ -32,4 +31,10 @@ with import <stockholm/lib>; { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } ]; + + krebs.iptables.tables.nat.OUTPUT.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; } + ]; + + systemd.services.krebs-iptables.after = [ "libvirtd.service" ]; } diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix index d551cd44e..1e75271ca 100644 --- a/lass/2configs/hw/tp-x220.nix +++ b/lass/2configs/hw/tp-x220.nix @@ -48,4 +48,9 @@ with import <stockholm/lib>; ]; security.rngd.enable = true; + + services.xserver.synaptics = { + enable = true; + additionalOptions = ''Option "TouchpadOff" "1"''; + }; } diff --git a/lass/2configs/livestream.nix b/lass/2configs/livestream.nix new file mode 100644 index 000000000..c877a8c0a --- /dev/null +++ b/lass/2configs/livestream.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; + +let + + stream = pkgs.writeDashBin "stream" '' + ${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@" + ''; + +in { + environment.systemPackages = [ stream ]; +} diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix new file mode 100644 index 000000000..65b91a745 --- /dev/null +++ b/lass/2configs/monitoring/monit-alarms.nix @@ -0,0 +1,44 @@ +{pkgs, config, ...}: +with import <stockholm/lib>; +let + echoToIrc = msg: + pkgs.writeDash "echo_irc" '' + set -euf + export LOGNAME=prism-alarm + ${pkgs.irc-announce}/bin/irc-announce \ + ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null + ''; + +in { + krebs.monit = { + enable = true; + http.enable = true; + alarms = { + nirwanabluete = { + test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'"; + alarm = echoToIrc "test nirwanabluete failed"; + }; + ubik = { + test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'"; + alarm = echoToIrc "test ubik failed"; + }; + cac-panel = { + test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'"; + alarm = echoToIrc "test cac-panel failed"; + }; + radio = { + test = pkgs.writeBash "check_stream" '' + ${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \ + | ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \ + | ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}" + ''; + alarm = echoToIrc "test radio failed"; + }; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } + ]; +} + diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix index bbae4511e..b6ccf9cc1 100644 --- a/lass/2configs/monitoring/server.nix +++ b/lass/2configs/monitoring/server.nix @@ -29,7 +29,7 @@ with import <stockholm/lib>; data="$(${pkgs.jq}/bin/jq -r .message)" export LOGNAME=prism-alarm ${pkgs.irc-announce}/bin/irc-announce \ - ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null + ni.r 6667 prism-alarm \#noise "$data" >/dev/null ''; in { enable = true; diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index aef9dd8b4..9c3eafffd 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "f7b7d8e"; + ref = "5b0c9d4"; }; } diff --git a/lass/2configs/screenlock.nix b/lass/2configs/screenlock.nix index 237127f69..b5bc4ee2a 100644 --- a/lass/2configs/screenlock.nix +++ b/lass/2configs/screenlock.nix @@ -5,7 +5,7 @@ before = [ "sleep.target" ]; wantedBy = [ "sleep.target" ]; environment = { - DISPLAY = ":${toString config.services.xserver.display}"; + DISPLAY = ":0"; }; serviceConfig = { SyslogIdentifier = "screenlock"; diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix new file mode 100644 index 000000000..537c8a59b --- /dev/null +++ b/lass/2configs/security-workarounds.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + # http://seclists.org/oss-sec/2017/q1/471 + boot.extraModprobeConfig = '' + install dccp /run/current-system/sw/bin/false + ''; +} diff --git a/lass/2configs/termite.nix b/lass/2configs/termite.nix new file mode 100644 index 000000000..245b89e9c --- /dev/null +++ b/lass/2configs/termite.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; + +{ + environment.systemPackages = [ + pkgs.termite + ]; + + krebs.per-user.lass.packages = let + termitecfg = pkgs.writeTextFile { + name = "termite-config"; + destination = "/etc/xdg/termite/config"; + text = '' + [colors] + foreground = #d0d7d0 + background = #000000 + ''; + }; + in [ + termitecfg + ]; +} diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index c3eac8f38..4e0af0dc7 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -25,7 +25,7 @@ let set hlsearch set incsearch set mouse=a - set noruler + set ruler set pastetoggle=<INS> set runtimepath=${extra-runtimepath},$VIMRUNTIME set shortmess+=I @@ -66,6 +66,7 @@ let "Syntastic config let g:syntastic_python_checkers=['flake8'] + let g:syntastic_python_flake8_post_args='--ignore=E501' nmap <esc>q :buffer nmap <M-q> :buffer diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 024d2eeb2..3a8979427 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -110,7 +110,10 @@ in { ''; enableSSL = true; - extraConfig = "listen 80;"; + extraConfig = '' + listen 80; + listen [::]:80; + ''; sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem"; sslCertificateKey = "/var/lib/acme/lassul.us/key.pem"; }; @@ -123,7 +126,10 @@ in { root /var/lib/acme/acme-challenges; ''; enableSSL = true; - extraConfig = "listen 80;"; + extraConfig = '' + listen 80; + listen [::]:80; + ''; sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; }; diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 6e236ab63..6d14de731 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -17,7 +17,10 @@ rec { services.nginx.virtualHosts.${domain} = { enableACME = true; enableSSL = true; - extraConfig = "listen 80;"; + extraConfig = '' + listen 80; + listen [::]:80; + ''; serverAliases = domains; locations."/".extraConfig = '' root /srv/http/${domain}; @@ -29,12 +32,14 @@ rec { let domain = head domains; in { + services.phpfpm.phpPackage = pkgs.php56; services.nginx.virtualHosts."${domain}" = { enableACME = true; enableSSL = true; serverAliases = domains; extraConfig = '' listen 80; + listen [::]:80; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; @@ -148,6 +153,8 @@ rec { serverAliases = domains; extraConfig = '' listen 80; + listen [::]:80; + root /srv/http/${domain}/; index index.php; access_log /tmp/nginx_acc.log; @@ -175,10 +182,10 @@ rec { user = nginx group = nginx pm = dynamic - pm.max_children = 5 - pm.start_servers = 2 + pm.max_children = 15 + pm.start_servers = 3 pm.min_spare_servers = 1 - pm.max_spare_servers = 3 + pm.max_spare_servers = 10 listen.owner = nginx listen.group = nginx php_admin_value[error_log] = 'stderr' diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix deleted file mode 100644 index 0c409ca87..000000000 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - inherit (import <stockholm/lib>) - genid - ; - inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) - ssl - servePage - ; -in { - imports = [ - ( ssl [ "wohnprojekt-rhh.de" ]) - ( servePage [ "wohnprojekt-rhh.de" ]) - ]; - - users.users.laura = { - home = "/srv/http/wohnprojekt-rhh.de"; - createHome = true; - useDefaultShell = true; - }; -} - diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix new file mode 100644 index 000000000..35dbe2044 --- /dev/null +++ b/lass/2configs/xresources.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + +with import <stockholm/lib>; + +let + + xresources = pkgs.writeText "Xresources" '' + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*SaveLines: 4096 + URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + + ! ref https://github.com/muennich/urxvt-perls + URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl + URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select + URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select + URxvt.url-select.underline: true + URxvt.keysym.M-u: perl:url-select:select_next + URxvt.keysym.M-Escape: perl:keyboard-select:activate + URxvt.keysym.M-s: perl:keyboard-select:search + + URxvt.intensityStyles: false + + URxvt*background: #000000 + URxvt*foreground: #d0d7d0 + + URxvt*cursorColor: #f042b0 + URxvt*cursorColor2: #f0b000 + URxvt*cursorBlink: off + + URxvt*.pointerBlank: true + URxvt*.pointerBlankDelay: 987654321 + URxvt*.pointerColor: #f042b0 + URxvt*.pointerColor2: #050505 + ''; + +in { + systemd.user.services.xresources = { + description = "xresources"; + wantedBy = [ "default.target" ]; + + environment = { + DISPLAY = ":0"; + }; + + restartIfChanged = true; + + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}"; + Restart = "on-failure"; + }; + }; +} diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix deleted file mode 100644 index 3049774f8..000000000 --- a/lass/2configs/xserver/Xresources.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -pkgs.writeText "Xresources" '' - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* - URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* - - ! ref https://github.com/muennich/urxvt-perls - URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl - URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select - URxvt.url-select.underline: true - URxvt |