summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ci.nix2
-rw-r--r--jeschli/krops.nix2
-rw-r--r--krebs/3modules/buildbot/master.nix2
-rw-r--r--krebs/3modules/buildbot/slave.nix2
-rw-r--r--krebs/3modules/ci.nix11
-rw-r--r--krebs/3modules/fetchWallpaper.nix9
-rw-r--r--krebs/default.nix16
-rw-r--r--krebs/krops.nix44
-rw-r--r--lass/2configs/binary-cache/server.nix9
-rw-r--r--lass/2configs/blue-host.nix19
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/fetchWallpaper.nix1
-rw-r--r--lass/2configs/mail.nix1
-rw-r--r--lass/2configs/radio.nix17
-rw-r--r--lass/krops.nix2
-rw-r--r--makefu/krops.nix12
m---------submodules/krops0
-rw-r--r--tv/1systems/querel/config.nix3
-rw-r--r--tv/2configs/urlwatch.nix5
-rw-r--r--tv/2configs/xp-332.nix4
-rw-r--r--tv/2configs/xserver/Xresources.nix5
-rw-r--r--tv/2configs/xserver/default.nix9
-rw-r--r--tv/3modules/default.nix1
-rw-r--r--tv/3modules/dnsmasq.nix57
-rw-r--r--tv/5pkgs/simple/disko.nix13
-rwxr-xr-xtv/5pkgs/simple/fzmenu/bin/otpmenu41
-rwxr-xr-xtv/5pkgs/simple/fzmenu/bin/passmenu41
-rw-r--r--tv/5pkgs/simple/fzmenu/default.nix34
-rw-r--r--tv/5pkgs/simple/otpmenu.nix15
-rw-r--r--tv/5pkgs/simple/xmonad-tv/default.nix89
-rw-r--r--tv/default.nix10
-rw-r--r--tv/krops.nix2
32 files changed, 350 insertions, 129 deletions
diff --git a/ci.nix b/ci.nix
index 631c3dc41..a383a0631 100644
--- a/ci.nix
+++ b/ci.nix
@@ -16,6 +16,6 @@ let
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
build = host: owner:
- ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build/${host}";});
+ ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";});
in mapAttrs (n: h: build n h.owner.name) ci-systems
diff --git a/jeschli/krops.nix b/jeschli/krops.nix
index d45d57c63..989abcdd0 100644
--- a/jeschli/krops.nix
+++ b/jeschli/krops.nix
@@ -6,7 +6,7 @@
;
source = { test }: lib.evalSource [
- krebs-source
+ (krebs-source { test = test; })
{
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
secrets = if test then {
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index 209dbe980..8995753ac 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -362,7 +362,7 @@ let
# normally we should write buildbot.tac by our own
# ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir}
- chmod 700 -R ${workdir}
+ chmod 700 ${workdir}
chown buildbotMaster:buildbotMaster -R ${workdir}
'';
ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start --nodaemon ${workdir}";
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index 544f9c4e0..c15169fba 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -166,7 +166,7 @@ let
echo ${description} > ${workdir}/info/host
chown buildbotSlave:buildbotSlave -R ${workdir}
- chmod 700 -R ${workdir}
+ chmod 700 ${workdir}
'';
ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}";
ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}";
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index 4cfe598d6..a47dbe611 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -26,8 +26,15 @@ let
hostname = config.networking.hostName;
getJobs = pkgs.writeDash "get_jobs" ''
- nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null
- nix-instantiate --quiet -Q --eval --strict --json ./ci.nix
+ set -efu
+ ${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix >&2
+ json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)"
+ echo "$json" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \
+ | while read -r host builder; do
+ gcroot=${shell.escape profileRoot}/$host-builder
+ ${pkgs.nix}/bin/nix-env -p "$gcroot" --set "$builder"
+ done
+ echo "$json"
'';
profileRoot = "/nix/var/nix/profiles/ci";
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index f67188122..5a5065565 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -38,11 +38,6 @@ let
'';
default = {};
};
- maxTime = mkOption {
- type = types.int;
- default = 0;
- description = "Time to wait before download is aborted";
- };
};
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
@@ -51,8 +46,8 @@ let
mkdir -p ${cfg.stateDir}
chmod o+rx ${cfg.stateDir}
cd ${cfg.stateDir}
- (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || :
- feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
+ (curl -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || :
+ feh --no-fehbg --bg-scale wallpaper
'';
imp = {
diff --git a/krebs/default.nix b/krebs/default.nix
index d99f60aaa..7ec791529 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -1,12 +1,14 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
{
+
imports = [
./3modules
- {
- nixpkgs.config.packageOverrides =
- import ../submodules/nix-writers/pkgs pkgs;
- }
];
- nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
+
+ nixpkgs = {
+ overlays = [
+ (import ./5pkgs)
+ (import ../submodules/nix-writers/pkgs)
+ ];
+ };
+
}
diff --git a/krebs/krops.nix b/krebs/krops.nix
index 763e76b83..ab7524941 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -7,15 +7,27 @@
# TODO document why pkgs should be used like this
pkgs = import "${krops}/pkgs" {};
- krebs-source = {
- nixpkgs.git = {
- ref = (lib.importJSON ./nixpkgs.json).rev;
- url = https://github.com/NixOS/nixpkgs;
+ krebs-source = { test ? false }: rec {
+ nixpkgs = if test then {
+ file = {
+ path = toString (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = (lib.importJSON ./nixpkgs.json).rev;
+ sha256 = (lib.importJSON ./nixpkgs.json).sha256;
+ });
+ useChecksum = true;
+ };
+ } else {
+ git = {
+ ref = (lib.importJSON ./nixpkgs.json).rev;
+ url = https://github.com/NixOS/nixpkgs;
+ };
};
stockholm.file = toString ../.;
stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" ''
set -efu
- cd ${lib.escapeShellArg krebs-source.stockholm.file}
+ cd ${lib.escapeShellArg stockholm.file}
V=$(${pkgs.coreutils}/bin/date +%y.%m)
if test -d .git; then
V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty)
@@ -28,21 +40,17 @@
};
source ={ test }: lib.evalSource [
- krebs-source
+ (krebs-source { test = test; })
{
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
- secrets =
- if test
- then {
- file = toString <stockholm/krebs/0tests/data/secrets>;
- }
- else {
- pass = {
- dir = "${lib.getEnv "HOME"}/brain";
- name = "krebs-secrets/${name}";
- };
- }
- ;
+ secrets = if test then {
+ file = toString <stockholm/krebs/0tests/data/secrets>;
+ } else {
+ pass = {
+ dir = "${lib.getEnv "HOME"}/brain";
+ name = "krebs-secrets/${name}";
+ };
+ };
}
];
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index 220e41d0a..86158c468 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -20,7 +20,14 @@
services.nginx = {
enable = true;
virtualHosts.nix-serve = {
- serverAliases = [ "cache.prism.r" "cache.krebsco.de" "cache.lassul.us" ];
+ serverAliases = [ "cache.prism.r" ];
+ locations."/".extraConfig = ''
+ proxy_pass http://localhost:${toString config.services.nix-serve.port};
+ '';
+ };
+ virtualHosts."cache.krebsco.de" = {
+ serverAliases = [ "cache.lassul.us" ];
+ enableACME = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'';
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index be9f68c08..fba996743 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -23,6 +23,12 @@ in {
'';
}
];
+
+ system.activationScripts.containerPermissions = ''
+ mkdir -p /var/lib/containers
+ chmod 711 /var/lib/containers
+ '';
+
containers.blue = {
config = { ... }: {
environment.systemPackages = [
@@ -74,6 +80,10 @@ in {
source = "/var/lib/containers/.blue",
host = "${host}.r",
targetdir = "/var/lib/containers/.blue",
+ rsync = {
+ owner = true,
+ group = true,
+ };
ssh = {
binary = "${pkgs.openssh}/bin/ssh";
identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
@@ -89,14 +99,15 @@ in {
environment.systemPackages = [
(pkgs.writeDashBin "start-blue" ''
set -ef
- if ping -c1 blue.r >/dev/null; then
- echo 'blue is already running. bailing out'
- exit 23
- fi
if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then
${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue
fi
nixos-container start blue
+ nixos-container run blue -- nixos-rebuild -I /var/src dry-build
+ if ping -c1 blue.r >/dev/null; then
+ echo 'blue is already running. bailing out'
+ exit 23
+ fi
nixos-container run blue -- nixos-rebuild -I /var/src switch
'')
];
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index bf43ee7d1..9bb70d1c2 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -92,6 +92,7 @@ with import <stockholm/lib>;
{ from = "ccc@lassul.us"; to = lass.mail; }
{ from = "neocron@lassul.us"; to = lass.mail; }
{ from = "osmocom@lassul.us"; to = lass.mail; }
+ { from = "lesswrong@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index e756c3424..065ee9c42 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -7,7 +7,6 @@ in {
enable = true;
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
url = "prism/realwallpaper-krebs.png";
- maxTime = 10;
};
}
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index b5bbea750..9ea91ae19 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -47,6 +47,7 @@ let
];
dezentrale = [ "to:dezentrale.space" ];
dhl = [ "to:dhl@lassul.us" ];
+ dn42 = [ "to:dn42@lists.nox.tf" ];
eloop = [ "to:eloop.org" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index bf6855804..85faded14 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -62,8 +62,23 @@ in {
extraConfig = ''
audio_output {
type "shout"
+ encoding "lame"
+ name "the_playlist_mp3"
+ host "localhost"
+ port "8000"
+ mount "/radio.mp3"
+ password "${source-password}"
+ bitrate "128"
+
+ format "44100:16:2"
+
+ user "source"
+ genre "good music"
+ }
+ audio_output {
+ type "shout"
encoding "ogg"
- name "the_playlist"
+ name "the_playlist_ogg"
host "localhost"
port "8000"
mount "/radio.ogg"
diff --git a/lass/krops.nix b/lass/krops.nix
index c2669c8f2..d64454ea5 100644
--- a/lass/krops.nix
+++ b/lass/krops.nix
@@ -12,7 +12,7 @@
;
source = { test }: lib.evalSource [
- krebs-source
+ (krebs-source { test = test; })
{
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
secrets = if test then {
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 2b43d541d..6c510eba3 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -23,7 +23,17 @@
{
# nixos-18.09 @ 2018-09-18
# + uhub/sqlite: 5dd7610401747
- nixpkgs = if test || host-src.full then {
+ nixpkgs = if test then {
+ file = {
+ path = toString (pkgs.fetchFromGitHub {
+ owner = "makefu";
+ repo = "nixpkgs";
+ rev = nixpkgs-src.rev;
+ sha256 = nixpkgs-src.sha256;
+ });
+ useChecksum = true;
+ };
+ } else if host-src.full then {
git.ref = nixpkgs-src.rev;
git.url = nixpkgs-src.url;
} else if host-src.arm6 then {
diff --git a/submodules/krops b/submodules/krops
-Subproject 4ce5dae7bceb635e96a9f8d5658a1bd2aada4f6
+Subproject 6f49342b2d5973478f1f5eb6f8d6307059e7bcf
diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix
index 01d67b5f5..6e7944cdf 100644
--- a/tv/1systems/querel/config.nix
+++ b/tv/1systems/querel/config.nix
@@ -25,7 +25,6 @@ with import <stockholm/lib>;
};
environment.systemPackages = with pkgs; [
- chromium
firefoxWrapper
gimp
kate
@@ -63,8 +62,6 @@ with import <stockholm/lib>;
networking.networkmanager.enable = true;
- nixpkgs.config.chromium.enablePepperFlash = true;
-
programs.ssh.startAgent = false;
services.xserver.enable = true;
diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index 77947dafa..7467e8e67 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -27,11 +27,6 @@ in {
# 2014-09-24 ref https://github.com/4z3/xintmap
http://www.mathstat.dal.ca/~selinger/quipper/
- ## other
-
- https://nixos.org/channels/nixos-18.03/git-revision
- https://nixos.org/channels/nixos-unstable/git-revision
-
## 2014-10-17
## TODO update ~/src/login/default.nix
#http://hackage.haskell.org/package/bcrypt
diff --git a/tv/2configs/xp-332.nix b/tv/2configs/xp-332.nix
index 627401dc6..4a0b0ae16 100644
--- a/tv/2configs/xp-332.nix
+++ b/tv/2configs/xp-332.nix
@@ -11,7 +11,7 @@ with import <stockholm/lib>;
hardware.sane = {
enable = true;
extraBackends = [
- pkgs.utsushi
+ pkgs.utsushi-customized
];
};
@@ -19,7 +19,7 @@ with import <stockholm/lib>;
elem (parseDrvName pkg.name).name [ "imagescan-plugin-networkscan" ];
nixpkgs.overlays = singleton (self: super: {
- utsushi = super.utsushi.override {
+ utsushi-customized = self.utsushi.override {
guiSupport = false;
jpegSupport = false;
networkSupport = true;
diff --git a/tv/2configs/xserver/Xresources.nix b/tv/2configs/xserver/Xresources.nix
index 1d4044480..d032efc7d 100644
--- a/tv/2configs/xserver/Xresources.nix
+++ b/tv/2configs/xserver/Xresources.nix
@@ -50,4 +50,9 @@ pkgs.writeText "Xresources" /* xdefaults */ ''
root-urxvt*foreground: #e0c0c0
root-urxvt*BorderColor: #400000
root-urxvt*color0: #800000
+
+ fzmenu-urxvt*background: rgb:42/23/42
+ fzmenu-urxvt*externalBorder: 1
+ fzmenu-urxvt*geometry: 70x9
+ fzmenu-urxvt*internalBorder: 1
''
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index dbfa804d2..199ffcaf8 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -63,6 +63,11 @@ in {
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
+ FZMENU_FZF_DEFAULT_OPTS = toString [
+ "--color=dark,border:126,bg+:090"
+ "--inline-info"
+ ];
+
XMONAD_CACHE_DIR = cfg.cacheDir;
XMONAD_CONFIG_DIR = cfg.configDir;
XMONAD_DATA_DIR = cfg.dataDir;
@@ -95,8 +100,8 @@ in {
"\${XMONAD_CONFIG_DIR}"
"\${XMONAD_DATA_DIR}"
]}";
- ExecStart = "${pkgs.xmonad-tv}/bin/xmonad";
- ExecStop = "${pkgs.xmonad-tv}/bin/xmonad --shutdown";
+ ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem}";
+ ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem} --shutdown $MAINPID";
User = cfg.user.name;
WorkingDirectory = cfg.user.home;
};
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index 493cc8b72..6172feb03 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -1,6 +1,7 @@
{
imports = [
./charybdis
+ ./dnsmasq.nix
./ejabberd
./hosts.nix
./iptables.nix
diff --git a/tv/3modules/dnsmasq.nix b/tv/3modules/dnsmasq.nix
new file mode 100644
index 000000000..ec927f98a
--- /dev/null
+++ b/tv/3modules/dnsmasq.nix
@@ -0,0 +1,57 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+ cfg = config.tv.dnsmasq;
+in {
+
+ options.tv.dnsmasq = {
+ enable = mkEnableOption "tv.dnsmasq";
+ dhcp-range = mkOption {
+ type = types.str;
+ };
+ interface = mkOption {
+ type = types.str;
+ };
+ address = mkOption {
+ type = types.str;
+ };
+ prefixLength = mkOption {
+ type = types.addCheck types.int (x: x >= 0 && x <= 32);
+ };
+ };
+
+ config = mkIf cfg.enable (mkMerge [
+ {
+ networking.dhcpcd.denyInterfaces = [ cfg.interface ];
+ services.dnsmasq.resolveLocalQueries = false;
+ networking.interfaces.${cfg.interface} = {
+ ipv4.addresses = singleton {
+ address = cfg.address;
+ prefixLength = cfg.prefixLength;
+ };
+ };
+ services.dnsmasq.enable = true;
+ services.dnsmasq.extraConfig = ''
+ dhcp-range=${cfg.dhcp-range}
+ interface=${cfg.interface}
+ '';
+ tv.iptables.extra.filter.INPUT = [
+ "-i ${cfg.interface} -p tcp -m tcp --dport bootps -j ACCEPT"
+ "-i ${cfg.interface} -p udp -m udp --dport bootps -j ACCEPT"
+ "-i ${cfg.interface} -p tcp -m tcp --dport domain -j ACCEPT"
+ "-i ${cfg.interface} -p udp -m udp --dport domain -j ACCEPT"
+ ];
+ }
+ {
+ # enable forwarding
+ boot.kernel.sysctl."net.ipv4.ip_forward" = true;
+ tv.iptables.extra.filter.FORWARD = [
+ "-m state --state RELATED,ESTABLISHED -j ACCEPT"
+ "-i ${cfg.interface} -j ACCEPT"
+ ];
+ tv.iptables.extra.nat.POSTROUTING = [
+ "-j MASQUERADE"
+ ];
+ }
+ ]);
+
+}
diff --git a/tv/5pkgs/simple/disko.nix b/tv/5pkgs/simple/disko.nix
new file mode 100644
index 000000000..de8f1df22
--- /dev/null
+++ b/tv/5pkgs/simple/disko.nix
@@ -0,0 +1,13 @@
+{ fetchgit }:
+
+let
+ src = fetchgit {
+ url = https://cgit.krebsco.de/disko;
+ rev = "16cd458af06d3caf687eb7d80ca3df26b71fe28c";
+ sha256 = "16cd458af06d3caf687eb7d80ca3df26b71fe28c";
+ };
+in
+
+{
+ lib = import "${src}/lib";
+}
diff --git a/tv/5pkgs/simple/fzmenu/bin/otpmenu b/tv/5pkgs/simple/fzmenu/bin/otpmenu
new file mode 100755
index 000000000..ad8a0fda9
--- /dev/null
+++ b/tv/5pkgs/simple/fzmenu/bin/otpmenu
@@ -0,0 +1,41 @@
+#! /bin/sh
+set -efu
+
+#PATH=
+
+case ${FZMENU_PHASE-0} in
+ 0)
+ export FZMENU_PHASE=1
+ exec setsid -f urxvt -name fzmenu-urxvt -e dash "$0"
+ ;;
+ 1)
+ if result=$(
+ FZF_DEFAULT_OPTS=${FZMENU_FZF_DEFAULT_OPTS-}
+ if test -n "$FZF_DEFAULT_OPTS"; then
+ export FZF_DEFAULT_OPTS
+ fi
+ pass git ls-files '*/otp.gpg' | \
+ sed '
+
+ s/\/otp\.gpg$//
+ ' |
+ exec fzf \
+ --history=/dev/null \
+ --no-sort \
+ --prompt='OTP: ' \
+ )
+ then
+ export FZMENU_PHASE=2
+ export FZMENU_RESULT="$result"
+ setsid -f "$0"
+ fi
+ ;;
+ 2)
+ pass=$(pass otp code "$FZMENU_RESULT/otp")
+ printf %s "$pass" |
+ xdotool type -f -
+ ;;
+ *)
+ echo "$0: error: bad phase: $FZMENU_PHASE" >&2
+ exit -1
+esac
diff --git a/tv/5pkgs/simple/fzmenu/bin/passmenu b/tv/5pkgs/simple/fzmenu/bin/passmenu
new file mode 100755
index 000000000..00b36c3af
--- /dev/null
+++ b/tv/5pkgs/simple/fzmenu/bin/passmenu
@@ -0,0 +1,41 @@
+#! /bin/sh
+set -efu
+
+#PATH=
+
+case ${FZMENU_PHASE-0} in
+ 0)
+ export FZMENU_PHASE=1
+ exec setsid -f urxvt -name fzmenu-urxvt -e dash "$0"
+ ;;
+ 1)
+ if result=$(
+ FZF_DEFAULT_OPTS=${FZMENU_FZF_DEFAULT_OPTS-}
+ if test -n "$FZF_DEFAULT_OPTS"; then
+ export FZF_DEFAULT_OPTS
+ fi
+ pass git ls-files '*/*.gpg' | \
+ sed '
+ /\/otp\.gpg$:/d
+ s/\.gpg$//
+ ' |
+ exec fzf \
+ --history=/dev/null \
+ --no-sort \
+ --prompt='pass: ' \
+ )
+ then
+ export FZMENU_PHASE=2
+ export FZMENU_RESULT="$result"
+ setsid -f "$0"
+ fi
+ ;;
+ 2)
+ pass=$(pass show "$FZMENU_RESULT")
+ printf %s "$pass" |
+ xdotool type -f -
+ ;;
+ *)
+ echo "$0: error: bad phase: $FZMENU_PHASE" >&2
+ exit -1
+esac
diff --git a/tv/5pkgs/simple/fzmenu/default.nix b/tv/5pkgs/simple/fzmenu/default.nix
new file mode 100644
index 000000000..c49c903c6
--- /dev/null
+++ b/tv/5pkgs/simple/fzmenu/default.nix
@@ -0,0 +1,34 @@
+{ coreutils, dash, gnused, fzf, pass, runCommand, rxvt_unicode, stdenv, utillinux, xdotool }:
+
+runCommand "fzmenu" {
+} /* sh */ ''
+ mkdir $out
+
+ cp -r ${./bin} $out/bin
+
+ substituteInPlace $out/bin/otpmenu \
+ --replace '#! /bin/sh' '#! ${dash}/bin/dash' \
+ --replace '#PATH=' PATH=${stdenv.lib.makeBinPath [
+ coreutils
+ dash
+ fzf
+ gnused
+ pass
+ rxvt_unicode
+ utillinux
+ xdotool
+ ]}
+
+ substituteInPlace $out/bin/passmenu \
+ --replace '#! /bin/sh' '#! ${dash}/bin/dash' \
+ --replace '#PATH=' PATH=${stdenv.lib.makeBinPath [
+ coreutils
+ dash
+ fzf
+ gnused
+ pass
+ rxvt_unicode
+ utillinux
+ xdotool
+ ]}
+''
diff --git a/tv/5pkgs/simple/otpmenu.nix b/tv/5pkgs/simple/otpmenu.nix
deleted file mode 100644
index b35e1601f..000000000
--- a/tv/5pkgs/simple/otpmenu.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ dmenu, gnused, pass, writeDashBin, xdotool }:
-
-writeDashBin "otpmenu" ''
- set -efu
-
- x=$(
- ${pass}/bin/pass git ls-files '*/otp.gpg' \
- | ${gnused}/bin/sed 's:/otp\.gpg$::' \
- | ${dmenu}/bin/dmenu -f -p OTP
- )
-
- otp=$(${pass}/bin/pass otp code "$x/otp")
-
- printf %s "$otp" | ${xdotool}/bin/xdotool type -f -
-''
diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix
index 1168f10c8..ab4be91f3 100644
--- a/tv/5pkgs/simple/xmonad-tv/default.nix
+++ b/