summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-03-05 00:28:32 +0100
committertv <tv@krebsco.de>2017-03-05 00:28:32 +0100
commit4499cc406560963d65b016075ba2df6451c834cd (patch)
treeffea19187190a105e7b0caf617a0215c02c281da /lass/2configs
parentd7761aed6559adba3cfa61d822165c42c90fc276 (diff)
parent39fd77b84c7c14d6460722721726b378bdab7acd (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/baseX.nix76
-rw-r--r--lass/2configs/binary-cache/client.nix10
-rw-r--r--lass/2configs/browsers.nix4
-rw-r--r--lass/2configs/buildbot-standalone.nix2
-rw-r--r--lass/2configs/copyq.nix38
-rw-r--r--lass/2configs/default.nix13
-rw-r--r--lass/2configs/exim-smarthost.nix3
-rw-r--r--lass/2configs/fetchWallpaper.nix4
-rw-r--r--lass/2configs/games.nix32
-rw-r--r--lass/2configs/git.nix1
-rw-r--r--lass/2configs/hfos.nix7
-rw-r--r--lass/2configs/hw/tp-x220.nix5
-rw-r--r--lass/2configs/livestream.nix12
-rw-r--r--lass/2configs/monitoring/monit-alarms.nix44
-rw-r--r--lass/2configs/monitoring/server.nix2
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/screenlock.nix2
-rw-r--r--lass/2configs/security-workarounds.nix8
-rw-r--r--lass/2configs/termite.nix22
-rw-r--r--lass/2configs/vim.nix3
-rw-r--r--lass/2configs/websites/lassulus.nix10
-rw-r--r--lass/2configs/websites/util.nix15
-rw-r--r--lass/2configs/websites/wohnprojekt-rhh.de.nix23
-rw-r--r--lass/2configs/xresources.nix55
-rw-r--r--lass/2configs/xserver/Xresources.nix66
-rw-r--r--lass/2configs/xserver/default.nix147
-rw-r--r--lass/2configs/xserver/xserver.conf.nix40
27 files changed, 310 insertions, 336 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 2933ca0e4..275b93f26 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -1,13 +1,15 @@
{ config, pkgs, ... }:
-
+with import <stockholm/lib>;
let
- mainUser = config.users.extraUsers.mainUser;
+ user = config.krebs.build.user;
in {
imports = [
- ./xserver
./mpv.nix
./power-action.nix
./screenlock.nix
+ ./copyq.nix
+ ./xresources.nix
+ ./livestream.nix
{
hardware.pulseaudio = {
enable = true;
@@ -32,15 +34,15 @@ in {
programs.ssh.startAgent = false;
- security.setuidPrograms = [ "slock" ];
-
services.printing = {
enable = true;
- drivers = [ pkgs.foomatic_filters ];
+ drivers = [
+ pkgs.foomatic_filters
+ pkgs.gutenprint
+ ];
};
environment.systemPackages = with pkgs; [
-
acpi
dic
dmenu
@@ -66,37 +68,37 @@ in {
youtube-tools
rxvt_unicode
- #window manager stuff
- #haskellPackages.xmobar
- #haskellPackages.yeganesh
- #dmenu2
- #xlibs.fontschumachermisc
];
- #fonts.fonts = [
- # pkgs.xlibs.fontschumachermisc
- #];
-
- #services.xserver = {
- # enable = true;
-
- # windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [
- # X11-xshape
- # ];
- # windowManager.xmonad.enable = true;
- # windowManager.xmonad.enableContribAndExtras = true;
- # windowManager.default = "xmonad";
- # desktopManager.default = "none";
- # desktopManager.xterm.enable = false;
- # displayManager.slim.enable = true;
- # displayManager.auto.enable = true;
- # displayManager.auto.user = mainUser.name;
-
- # layout = "us";
- # xkbModel = "evdev";
- # xkbVariant = "altgr-intl";
- # xkbOptions = "caps:backspace";
- #};
+ fonts.fonts = [
+ pkgs.xlibs.fontschumachermisc
+ ];
+
+ services.xserver = {
+ enable = true;
+
+ desktopManager.xterm.enable = false;
+ desktopManager.default = "none";
+ displayManager.lightdm.enable = true;
+ displayManager.lightdm.autoLogin = {
+ enable = true;
+ user = "lass";
+ };
+ windowManager.default = "xmonad";
+ windowManager.session = [{
+ name = "xmonad";
+ start = ''
+ ${pkgs.xorg.xhost}/bin/xhost +LOCAL:
+ ${pkgs.xmonad-lass}/bin/xmonad &
+ waitPID=$!
+ '';
+ }];
+
+ layout = "us";
+ xkbModel = "evdev";
+ xkbVariant = "altgr-intl";
+ xkbOptions = "caps:backspace";
+ };
services.logind.extraConfig = ''
HandleLidSwitch=ignore
@@ -107,4 +109,6 @@ in {
twoFingerScroll = true;
accelFactor = "0.035";
};
+
+ services.urxvtd.enable = true;
}
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
index 108ff7a1e..9dba5fbfb 100644
--- a/lass/2configs/binary-cache/client.nix
+++ b/lass/2configs/binary-cache/client.nix
@@ -2,8 +2,14 @@
{
nix = {
- binaryCaches = ["http://cache.prism.r"];
- binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
+ binaryCaches = [
+ "http://cache.prism.r"
+ "https://cache.nixos.org/"
+ ];
+ binaryCachePublicKeys = [
+ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+ ];
};
}
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 88ee70802..6c381863c 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -20,7 +20,7 @@ let
createChromiumUser = name: extraGroups:
let
bin = pkgs.writeScriptBin name ''
- /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
+ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
'';
in {
users.extraUsers.${name} = {
@@ -43,7 +43,7 @@ let
createFirefoxUser = name: extraGroups:
let
bin = pkgs.writeScriptBin name ''
- /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
+ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
'';
in {
users.extraUsers.${name} = {
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index cd11254d6..2bd3e9914 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -216,7 +216,7 @@ in {
enable = true;
nick = "buildbot-lass";
server = "ni.r";
- channels = [ { channel = "retiolum"; } ];
+ channels = [ { channel = "retiolum"; } { channel = "noise"; } ];
allowForce = true;
};
};
diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix
new file mode 100644
index 000000000..0616c4025
--- /dev/null
+++ b/lass/2configs/copyq.nix
@@ -0,0 +1,38 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+ copyqConfig = pkgs.writeDash "copyq-config" ''
+ ${pkgs.copyq}/bin/copyq config check_clipboard true
+ ${pkgs.copyq}/bin/copyq config check_selection true
+ ${pkgs.copyq}/bin/copyq config copy_clipboard true
+ ${pkgs.copyq}/bin/copyq config copy_selection true
+
+ ${pkgs.copyq}/bin/copyq config activate_closes true
+ ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
+ ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
+ ${pkgs.copyq}/bin/copyq config disable_tray true
+ ${pkgs.copyq}/bin/copyq config hide_tabs true
+ ${pkgs.copyq}/bin/copyq config hide_toolbar true
+ ${pkgs.copyq}/bin/copyq config item_popup_interval true
+ ${pkgs.copyq}/bin/copyq config maxitems 1000
+ ${pkgs.copyq}/bin/copyq config move true
+ ${pkgs.copyq}/bin/copyq config text_wrap true
+ '';
+in {
+ systemd.user.services.copyq = {
+ after = [ "graphical.target" ];
+ wants = [ "graphical.target" ];
+ wantedBy = [ "default.target" ];
+ environment = {
+ DISPLAY = ":0";
+ };
+ serviceConfig = {
+ SyslogIdentifier = "copyq";
+ ExecStart = "${pkgs.copyq}/bin/copyq";
+ ExecStartPost = copyqConfig;
+ Restart = "always";
+ RestartSec = "2s";
+ StartLimitBurst = 0;
+ };
+ };
+}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index d1810c00c..3e7881fb4 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -1,5 +1,4 @@
-{ config, lib, pkgs, ... }:
-
+{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
@@ -11,6 +10,7 @@ with import <stockholm/lib>;
../2configs/vim.nix
../2configs/monitoring/client.nix
./backups.nix
+ ./security-workarounds.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
@@ -62,6 +62,12 @@ with import <stockholm/lib>;
pkgs.pythonPackages.python
];
}
+ {
+ services.dnscrypt-proxy.enable = true;
+ networking.extraResolvconfConf = ''
+ name_servers='127.0.0.1'
+ '';
+ }
];
networking.hostName = config.krebs.build.host.name;
@@ -129,6 +135,7 @@ with import <stockholm/lib>;
#neat utils
krebspaste
+ mosh
pciutils
pop
psmisc
@@ -155,6 +162,7 @@ with import <stockholm/lib>;
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
+ LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
'';
promptInit = ''
if test $UID = 0; then
@@ -202,6 +210,7 @@ with import <stockholm/lib>;
filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+ { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index d120dfcad..3353cdac0 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -8,11 +8,12 @@ with import <stockholm/lib>;
dkim = [
{ domain = "lassul.us"; }
];
+ primary_hostname = "lassul.us";
sender_domains = [
"lassul.us"
"aidsballs.de"
];
- relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
config.krebs.hosts.helios
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index 29f321994..971be9588 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -9,9 +9,5 @@ in {
url = "prism/wallpaper.png";
maxTime = 10;
};
- systemd.services.fetchWallpaper = {
- after = [ "xmonad.service" ];
- wantedBy = [ "xmonad.service" ];
- };
}
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 1bcb8c676..d114a826d 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -11,7 +11,6 @@ let
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${vdoom} \
-file $DOOM_DIR/lib/brutalv20.pk3 \
- -file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \
"$@"
'';
doom1 = pkgs.writeDashBin "doom1" ''
@@ -31,6 +30,31 @@ let
${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
'';
+ doomservercfg = pkgs.writeText "doomserver.cfg" ''
+ skill 7
+ #survival true
+ #sv_maxlives 4
+ #sv_norespawn true
+ #sv_weapondrop true
+ no_jump true
+ #sv_noweaponspawn true
+ sv_sharekeys true
+ sv_survivalcountdowntime 1
+ sv_noteamselect true
+ sv_updatemaster false
+ #sv_coop_loseinventory true
+ #cl_startasspectator false
+ #lms_spectatorview false
+ '';
+
+ vdoomserver = pkgs.writeDashBin "vdoomserver" ''
+ DOOM_DIR=''${DOOM_DIR:-~/doom/}
+
+ ${pkgs.zandronum-bin}/bin/zandronum-server \
+ +exec ${doomservercfg} \
+ "$@"
+ '';
+
in {
environment.systemPackages = with pkgs; [
dwarf_fortress
@@ -38,6 +62,7 @@ in {
doom2
vdoom1
vdoom2
+ vdoomserver
];
users.extraUsers = {
@@ -56,4 +81,9 @@ in {
security.sudo.extraConfig = ''
${mainUser.name} ALL=(games) NOPASSWD: ALL
'';
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 10666"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 10666"; target = "ACCEPT"; }
+ ];
}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index bdd65ce09..3e1b2c6e3 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -5,6 +5,7 @@ with import <stockholm/lib>;
let
out = {
+ services.nginx.enable = true;
krebs.git = {
enable = true;
cgit = {
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix
index 7d4d544aa..a28a6a5d2 100644
--- a/lass/2configs/hfos.nix
+++ b/lass/2configs/hfos.nix
@@ -8,7 +8,6 @@ with import <stockholm/lib>;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
- config.krebs.users.lass.pubkey
];
};
@@ -32,4 +31,10 @@ with import <stockholm/lib>;
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
];
+
+ krebs.iptables.tables.nat.OUTPUT.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
+ ];
+
+ systemd.services.krebs-iptables.after = [ "libvirtd.service" ];
}
diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix
index d551cd44e..1e75271ca 100644
--- a/lass/2configs/hw/tp-x220.nix
+++ b/lass/2configs/hw/tp-x220.nix
@@ -48,4 +48,9 @@ with import <stockholm/lib>;
];
security.rngd.enable = true;
+
+ services.xserver.synaptics = {
+ enable = true;
+ additionalOptions = ''Option "TouchpadOff" "1"'';
+ };
}
diff --git a/lass/2configs/livestream.nix b/lass/2configs/livestream.nix
new file mode 100644
index 000000000..c877a8c0a
--- /dev/null
+++ b/lass/2configs/livestream.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+let
+
+ stream = pkgs.writeDashBin "stream" ''
+ ${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@"
+ '';
+
+in {
+ environment.systemPackages = [ stream ];
+}
diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix
new file mode 100644
index 000000000..65b91a745
--- /dev/null
+++ b/lass/2configs/monitoring/monit-alarms.nix
@@ -0,0 +1,44 @@
+{pkgs, config, ...}:
+with import <stockholm/lib>;
+let
+ echoToIrc = msg:
+ pkgs.writeDash "echo_irc" ''
+ set -euf
+ export LOGNAME=prism-alarm
+ ${pkgs.irc-announce}/bin/irc-announce \
+ ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
+ '';
+
+in {
+ krebs.monit = {
+ enable = true;
+ http.enable = true;
+ alarms = {
+ nirwanabluete = {
+ test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'";
+ alarm = echoToIrc "test nirwanabluete failed";
+ };
+ ubik = {
+ test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'";
+ alarm = echoToIrc "test ubik failed";
+ };
+ cac-panel = {
+ test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'";
+ alarm = echoToIrc "test cac-panel failed";
+ };
+ radio = {
+ test = pkgs.writeBash "check_stream" ''
+ ${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \
+ | ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \
+ | ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}"
+ '';
+ alarm = echoToIrc "test radio failed";
+ };
+ };
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
+ ];
+}
+
diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix
index bbae4511e..b6ccf9cc1 100644
--- a/lass/2configs/monitoring/server.nix
+++ b/lass/2configs/monitoring/server.nix
@@ -29,7 +29,7 @@ with import <stockholm/lib>;
data="$(${pkgs.jq}/bin/jq -r .message)"
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
- ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null
+ ni.r 6667 prism-alarm \#noise "$data" >/dev/null
'';
in {
enable = true;
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index aef9dd8b4..9c3eafffd 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "f7b7d8e";
+ ref = "5b0c9d4";
};
}
diff --git a/lass/2configs/screenlock.nix b/lass/2configs/screenlock.nix
index 237127f69..b5bc4ee2a 100644
--- a/lass/2configs/screenlock.nix
+++ b/lass/2configs/screenlock.nix
@@ -5,7 +5,7 @@
before = [ "sleep.target" ];
wantedBy = [ "sleep.target" ];
environment = {
- DISPLAY = ":${toString config.services.xserver.display}";
+ DISPLAY = ":0";
};
serviceConfig = {
SyslogIdentifier = "screenlock";
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
new file mode 100644
index 000000000..537c8a59b
--- /dev/null
+++ b/lass/2configs/security-workarounds.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ # http://seclists.org/oss-sec/2017/q1/471
+ boot.extraModprobeConfig = ''
+ install dccp /run/current-system/sw/bin/false
+ '';
+}
diff --git a/lass/2configs/termite.nix b/lass/2configs/termite.nix
new file mode 100644
index 000000000..245b89e9c
--- /dev/null
+++ b/lass/2configs/termite.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ environment.systemPackages = [
+ pkgs.termite
+ ];
+
+ krebs.per-user.lass.packages = let
+ termitecfg = pkgs.writeTextFile {
+ name = "termite-config";
+ destination = "/etc/xdg/termite/config";
+ text = ''
+ [colors]
+ foreground = #d0d7d0
+ background = #000000
+ '';
+ };
+ in [
+ termitecfg
+ ];
+}
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index c3eac8f38..4e0af0dc7 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -25,7 +25,7 @@ let
set hlsearch
set incsearch
set mouse=a
- set noruler
+ set ruler
set pastetoggle=<INS>
set runtimepath=${extra-runtimepath},$VIMRUNTIME
set shortmess+=I
@@ -66,6 +66,7 @@ let
"Syntastic config
let g:syntastic_python_checkers=['flake8']
+ let g:syntastic_python_flake8_post_args='--ignore=E501'
nmap <esc>q :buffer
nmap <M-q> :buffer
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 024d2eeb2..3a8979427 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -110,7 +110,10 @@ in {
'';
enableSSL = true;
- extraConfig = "listen 80;";
+ extraConfig = ''
+ listen 80;
+ listen [::]:80;
+ '';
sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/lassul.us/key.pem";
};
@@ -123,7 +126,10 @@ in {
root /var/lib/acme/acme-challenges;
'';
enableSSL = true;
- extraConfig = "listen 80;";
+ extraConfig = ''
+ listen 80;
+ listen [::]:80;
+ '';
sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
};
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 6e236ab63..6d14de731 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -17,7 +17,10 @@ rec {
services.nginx.virtualHosts.${domain} = {
enableACME = true;
enableSSL = true;
- extraConfig = "listen 80;";
+ extraConfig = ''
+ listen 80;
+ listen [::]:80;
+ '';
serverAliases = domains;
locations."/".extraConfig = ''
root /srv/http/${domain};
@@ -29,12 +32,14 @@ rec {
let
domain = head domains;
in {
+ services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
enableSSL = true;
serverAliases = domains;
extraConfig = ''
listen 80;
+ listen [::]:80;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
@@ -148,6 +153,8 @@ rec {
serverAliases = domains;
extraConfig = ''
listen 80;
+ listen [::]:80;
+
root /srv/http/${domain}/;
index index.php;
access_log /tmp/nginx_acc.log;
@@ -175,10 +182,10 @@ rec {
user = nginx
group = nginx
pm = dynamic
- pm.max_children = 5
- pm.start_servers = 2
+ pm.max_children = 15
+ pm.start_servers = 3
pm.min_spare_servers = 1
- pm.max_spare_servers = 3
+ pm.max_spare_servers = 10
listen.owner = nginx
listen.group = nginx
php_admin_value[error_log] = 'stderr'
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
deleted file mode 100644
index 0c409ca87..000000000
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
- inherit (import <stockholm/lib>)
- genid
- ;
- inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- ssl
- servePage
- ;
-in {
- imports = [
- ( ssl [ "wohnprojekt-rhh.de" ])
- ( servePage [ "wohnprojekt-rhh.de" ])
- ];
-
- users.users.laura = {
- home = "/srv/http/wohnprojekt-rhh.de";
- createHome = true;
- useDefaultShell = true;
- };
-}
-
diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix
new file mode 100644
index 000000000..35dbe2044
--- /dev/null
+++ b/lass/2configs/xresources.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+
+ xresources = pkgs.writeText "Xresources" ''
+ URxvt*scrollBar: false
+ URxvt*urgentOnBell: true
+ URxvt*SaveLines: 4096
+ URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
+ URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
+
+ ! ref https://github.com/muennich/urxvt-perls
+ URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
+ URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
+ URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
+ URxvt.url-select.underline: true
+ URxvt.keysym.M-u: perl:url-select:select_next
+ URxvt.keysym.M-Escape: perl:keyboard-select:activate
+ URxvt.keysym.M-s: perl:keyboard-select:search
+
+ URxvt.intensityStyles: false
+
+ URxvt*background: #000000
+ URxvt*foreground: #d0d7d0
+
+ URxvt*cursorColor: #f042b0
+ URxvt*cursorColor2: #f0b000
+ URxvt*cursorBlink: off
+
+ URxvt*.pointerBlank: true
+ URxvt*.pointerBlankDelay: 987654321
+ URxvt*.pointerColor: #f042b0
+ URxvt*.pointerColor2: #050505
+ '';
+
+in {
+ systemd.user.services.xresources = {
+ description = "xresources";
+ wantedBy = [ "default.target" ];
+
+ environment = {
+ DISPLAY = ":0";
+ };
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
+ Restart = "on-failure";
+ };
+ };
+}
diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix
deleted file mode 100644
index 3049774f8..000000000
--- a/lass/2configs/xserver/Xresources.nix
+++ /dev/null
@@ -1,66 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-pkgs.writeText "Xresources" ''
- URxvt*scrollBar: false
- URxvt*urgentOnBell: true
- URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
- URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
-
- ! ref https://github.com/muennich/urxvt-perls
- URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
- URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
- URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
- URxvt.url-select.underline: true
- URxvt