From f811bc0144b7268031a960d85e0dfee35d5e8fed Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 26 Jul 2015 14:03:39 +0200 Subject: 1 tv wu: systemPackages += ff --- 1systems/tv/wu.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to '1systems') diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix index 37264635b..f542581ba 100644 --- a/1systems/tv/wu.nix +++ b/1systems/tv/wu.nix @@ -29,6 +29,12 @@ in Zpkgs.genid Zpkgs.hashPassword Zpkgs.lentil + (pkgs.writeScriptBin "ff" '' + #! ${pkgs.bash}/bin/bash + exec sudo -u ff -i < Date: Sun, 26 Jul 2015 14:17:39 +0200 Subject: 1 tv wu: systemPackages += im -= weechat --- 1systems/tv/wu.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to '1systems') diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix index f542581ba..192b65b9d 100644 --- a/1systems/tv/wu.nix +++ b/1systems/tv/wu.nix @@ -35,6 +35,19 @@ in exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@") EOF '') + (pkgs.writeScriptBin "im" '' + #! ${pkgs.bash}/bin/bash + export PATH=${makeSearchPath "bin" (with pkgs; [ + tmux + gnugrep + weechat + ])} + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') # root cryptsetup @@ -62,7 +75,6 @@ in sxiv texLive tmux - weechat zathura Zpkgs.dic -- cgit v1.2.3 From 09ab49dfcab63a3a7d8c19c58f320ab294daa50f Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 26 Jul 2015 18:18:41 +0200 Subject: use new krebs config for hostname --- 1systems/makefu/pnp.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to '1systems') diff --git a/1systems/makefu/pnp.nix b/1systems/makefu/pnp.nix index 7e4ccf2c1..1019c4d70 100644 --- a/1systems/makefu/pnp.nix +++ b/1systems/makefu/pnp.nix @@ -11,7 +11,8 @@ ../../2configs/makefu/base.nix ../../2configs/makefu/cgit-retiolum.nix ]; - krebs.enable = true; + krebs.build.host = config.krebs.hosts.pnp; + boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; @@ -39,14 +40,8 @@ ]; }; - nix.maxJobs = 2; - networking.hostName = "pnp"; # Define your hostname. - # $ nix-env -qaP | grep wget environment.systemPackages = with pkgs; [ - wget - git - gnumake jq ]; } -- cgit v1.2.3 From 0057d3a1916b2438ca7a113b9d2977ba0808054e Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 27 Jul 2015 00:49:06 +0200 Subject: 1 tv wu: simplify users --- 1systems/tv/wu.nix | 76 +++++++----------------------------------------------- 1 file changed, 10 insertions(+), 66 deletions(-) (limited to '1systems') diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix index 192b65b9d..9228e65ca 100644 --- a/1systems/tv/wu.nix +++ b/1systems/tv/wu.nix @@ -169,19 +169,21 @@ in } { users.extraGroups = { - tv-sub.gid = 1337; + tv.gid = 1337; + slaves.gid = 3799582008; # genid slaves }; users.extraUsers = - mapAttrs (name: user: user // { + mapAttrs (name: user@{ extraGroups ? [], ... }: user // { inherit name; home = "/home/${name}"; createHome = true; useDefaultShell = true; + group = "tv"; + extraGroups = ["slaves"] ++ extraGroups; }) { ff = { uid = 13378001; - group = "tv-sub"; extraGroups = [ "audio" "video" @@ -190,17 +192,6 @@ in cr = { uid = 13378002; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - vimb = { - uid = 13378003; - group = "tv-sub"; extraGroups = [ "audio" "video" @@ -210,47 +201,38 @@ in fa = { uid = 2300001; - group = "tv-sub"; }; rl = { uid = 2300002; - group = "tv-sub"; }; tief = { uid = 2300702; - group = "tv-sub"; }; btc-bitcoind = { uid = 2301001; - group = "tv-sub"; }; btc-electrum = { uid = 2301002; - group = "tv-sub"; }; ltc-litecoind = { uid = 2301101; - group = "tv-sub"; }; eth = { uid = 2302001; - group = "tv-sub"; }; emse-hsdb = { uid = 4200101; - group = "tv-sub"; }; wine = { uid = 13370400; - group = "tv-sub"; extraGroups = [ "audio" "video" @@ -258,21 +240,8 @@ in ]; }; - # dwarffortress df = { uid = 13370401; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - # XXX visudo: Warning: Runas_Alias `FTL' referenced but not defined - FTL = { - uid = 13370402; - #group = "tv-sub"; extraGroups = [ "audio" "video" @@ -280,14 +249,8 @@ in ]; }; - freeciv = { - uid = 13370403; - group = "tv-sub"; - }; - xr = { uid = 13370061; - group = "tv-sub"; extraGroups = [ "audio" "video" @@ -296,26 +259,14 @@ in "23" = { uid = 13370023; - group = "tv-sub"; }; electrum = { uid = 13370102; - group = "tv-sub"; - }; - - Reaktor = { - uid = 4230010; - group = "tv-sub"; - }; - - gitolite = { - uid = 7700; }; skype = { uid = 6660001; - group = "tv-sub"; extraGroups = [ "audio" ]; @@ -323,12 +274,10 @@ in onion = { uid = 6660010; - group = "tv-sub"; }; zalora = { uid = 1000301; - group = "tv-sub"; extraGroups = [ "audio" # TODO remove vboxusers when hardening is active @@ -340,17 +289,12 @@ in security.sudo.extraConfig = let - inherit (import ../../4lib/tv { inherit lib pkgs; }) - isSuffixOf; - - hasMaster = { group ? "", ... }: - isSuffixOf "-sub" group; - - masterOf = user : removeSuffix "-sub" user.group; + isSlave = u: elem "slaves" u.extraGroups; + masterOf = u: u.group; + slaves = filterAttrs (_: isSlave) config.users.extraUsers; + toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL"; in - concatStringsSep "\n" - (map (u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL") - (filter hasMaster (attrValues config.users.extraUsers))); + concatMapStringsSep "\n" toSudoers (attrValues slaves); } ]; -- cgit v1.2.3 From afb6afff1d0f81d8a0dcfd94fa8e46a849bb094f Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 27 Jul 2015 02:02:34 +0200 Subject: * tv -> tv * --- 1systems/tv/cd.nix | 127 ---------------- 1systems/tv/mkdir.nix | 67 --------- 1systems/tv/nomic.nix | 100 ------------- 1systems/tv/rmdir.nix | 68 --------- 1systems/tv/wu.nix | 393 -------------------------------------------------- 5 files changed, 755 deletions(-) delete mode 100644 1systems/tv/cd.nix delete mode 100644 1systems/tv/mkdir.nix delete mode 100644 1systems/tv/nomic.nix delete mode 100644 1systems/tv/rmdir.nix delete mode 100644 1systems/tv/wu.nix (limited to '1systems') diff --git a/1systems/tv/cd.nix b/1systems/tv/cd.nix deleted file mode 100644 index 6913508b5..000000000 --- a/1systems/tv/cd.nix +++ /dev/null @@ -1,127 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - Zpkgs = import ../../Zpkgs/tv { inherit pkgs; }; -in - -{ - krebs.build.host = config.krebs.hosts.cd; - - imports = [ - ../../2configs/tv/CAC-Developer-2.nix - ../../2configs/tv/CAC-CentOS-7-64bit.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-server.nix - ../../2configs/tv/exim-smarthost.nix - ../../2configs/tv/git.nix - { - imports = [ ../../2configs/tv/charybdis.nix ]; - tv.charybdis = { - enable = true; - sslCert = ../../Zcerts/charybdis_cd.crt.pem; - }; - } - { - tv.ejabberd = { - enable = true; - hosts = [ "jabber.viljetic.de" ]; - }; - } - { - krebs.github-hosts-sync.enable = true; - tv.iptables.input-internet-accept-new-tcp = - singleton config.krebs.github-hosts-sync.port; - } - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "tinc" - "smtp" - "xmpp-client" - "xmpp-server" - ]; - input-retiolum-accept-new-tcp = [ - "http" - ]; - }; - } - { - tv.iptables.input-internet-accept-new-tcp = singleton "http"; - krebs.nginx.servers.cgit.server-names = singleton "cgit.cd.viljetic.de"; - } - { - # TODO make public_html also available to cd, cd.retiolum (AKA default) - tv.iptables.input-internet-accept-new-tcp = singleton "http"; - krebs.nginx.servers.public_html = { - server-names = singleton "cd.viljetic.de"; - locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - ''); - }; - } - { - krebs.nginx.servers.viljetic = { - server-names = singleton "viljetic.de"; - # TODO directly set root (instead via location) - locations = singleton (nameValuePair "/" '' - root ${Zpkgs.viljetic-pages}; - ''); - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "fastpoke" - "pigstarter" - "ire" - ]; - }; - } - ]; - - networking.interfaces.enp2s1.ip4 = [ - { - address = "162.219.7.216"; - prefixLength = 24; - } - ]; - networking.defaultGateway = "162.219.7.1"; - networking.nameservers = [ - "8.8.8.8" - ]; - - environment.systemPackages = with pkgs; [ - git # required for ./deploy, clone_or_update - htop - iftop - iotop - iptables - mutt # for mv - nethogs - rxvt_unicode.terminfo - tcpdump - ]; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - users.extraUsers = { - mv = { - uid = 1338; - group = "users"; - home = "/home/mv"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.mv.pubkey - ]; - }; - }; -} diff --git a/1systems/tv/mkdir.nix b/1systems/tv/mkdir.nix deleted file mode 100644 index 7542ad0ce..000000000 --- a/1systems/tv/mkdir.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - krebs.build.host = config.krebs.hosts.mkdir; - - imports = [ - ../../2configs/tv/CAC-Developer-1.nix - ../../2configs/tv/CAC-CentOS-7-64bit.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-server.nix - ../../2configs/tv/exim-smarthost.nix - ../../2configs/tv/git.nix - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "tinc" - "smtp" - ]; - input-retiolum-accept-new-tcp = [ - "http" - ]; - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "cd" - "fastpoke" - "pigstarter" - "ire" - ]; - }; - } - ]; - - networking.interfaces.enp2s1.ip4 = [ - { - address = "162.248.167.241"; # TODO - prefixLength = 24; - } - ]; - networking.defaultGateway = "162.248.167.1"; - networking.nameservers = [ - "8.8.8.8" - ]; - - environment.systemPackages = with pkgs; [ - git # required for ./deploy, clone_or_update - htop - iftop - iotop - iptables - nethogs - rxvt_unicode.terminfo - tcpdump - ]; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; -} diff --git a/1systems/tv/nomic.nix b/1systems/tv/nomic.nix deleted file mode 100644 index cd6e02596..000000000 --- a/1systems/tv/nomic.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - krebs.build.host = config.krebs.hosts.nomic; - - imports = [ - ../../2configs/tv/AO753.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-server.nix - ../../2configs/tv/exim-retiolum.nix - ../../2configs/tv/git.nix - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "http" - "tinc" - "smtp" - ]; - }; - } - { - krebs.nginx = { - enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "gum" - "pigstarter" - ]; - }; - } - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha1" "xts" ]; - devices = [ - { - name = "luks1"; - device = "/dev/disk/by-uuid/cac73902-1023-4906-8e95-3a8b245337d4"; - } - ]; - }; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/de4780fc-0473-4708-81df-299b7383274c"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/be3a1d80-3157-4d7c-86cc-ef01b64eff5e"; - fsType = "ext4"; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/9db9c8ff-51da-4cbd-9f0a-0cd3333bbaff"; - fsType = "btrfs"; - }; - - swapDevices = [ ]; - - nix = { - buildCores = 2; - maxJobs = 2; - daemonIONiceLevel = 1; - daemonNiceLevel = 1; - }; - - # TODO base - boot.tmpOnTmpfs = true; - - environment.systemPackages = with pkgs; [ - (writeScriptBin "play" '' - #! /bin/sh - set -euf - mpv() { exec ${mpv}/bin/mpv "$@"; } - case $1 in - deepmix) mpv http://deepmix.ru/deepmix128.pls;; - groovesalad) mpv http://somafm.com/play/groovesalad;; - ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;; - *) - echo "$0: bad argument: $*" >&2 - exit 23 - esac - '') - rxvt_unicode.terminfo - tmux - ]; -} diff --git a/1systems/tv/rmdir.nix b/1systems/tv/rmdir.nix deleted file mode 100644 index 9233014ba..000000000 --- a/1systems/tv/rmdir.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - krebs.build.host = config.krebs.hosts.rmdir; - - imports = [ - ../../2configs/tv/CAC-Developer-1.nix - ../../2configs/tv/CAC-CentOS-7-64bit.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-server.nix - ../../2configs/tv/exim-smarthost.nix - ../../2configs/tv/git.nix - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "tinc" - "smtp" - ]; - input-retiolum-accept-new-tcp = [ - "http" - ]; - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "cd" - "mkdir" - "fastpoke" - "pigstarter" - "ire" - ]; - }; - } - ]; - - networking.interfaces.enp2s1.ip4 = [ - { - address = "167.88.44.94"; - prefixLength = 24; - } - ]; - networking.defaultGateway = "167.88.44.1"; - networking.nameservers = [ - "8.8.8.8" - ]; - - environment.systemPackages = with pkgs; [ - git # required for ./deploy, clone_or_update - htop - iftop - iotop - iptables - nethogs - rxvt_unicode.terminfo - tcpdump - ]; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; -} diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix deleted file mode 100644 index 9228e65ca..000000000 --- a/1systems/tv/wu.nix +++ /dev/null @@ -1,393 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - Zpkgs = import ../../Zpkgs/tv { inherit pkgs; }; -in - -{ - krebs.build.host = config.krebs.hosts.wu; - - imports = [ - ../../2configs/tv/w110er.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-client.nix - ../../2configs/tv/exim-retiolum.nix - ../../2configs/tv/git.nix - ../../2configs/tv/mail-client.nix - ../../2configs/tv/xserver.nix - ../../2configs/tv/synaptics.nix # TODO w110er if xserver is enabled - ../../2configs/tv/urlwatch.nix - { - environment.systemPackages = with pkgs; [ - - # stockholm - git - gnumake - parallel - Zpkgs.genid - Zpkgs.hashPassword - Zpkgs.lentil - (pkgs.writeScriptBin "ff" '' - #! ${pkgs.bash}/bin/bash - exec sudo -u ff -i <