From bfc2aa3b236813945ca4f2b5d683d51c82e983b7 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 21 Jul 2016 10:38:41 +0200 Subject: m 2 hw/tp-x2x0: disable touchpad via synaptics --- makefu/2configs/hw/tp-x2x0.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index c10ec1314..9047cfb66 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -12,6 +12,12 @@ with config.krebs.lib; zramSwap.enable = true; zramSwap.numDevices = 2; + # enable synaptics so we can easily disable the touchpad + # enable the touchpad with `synclient TouchpadOff=0` + services.xserver.synaptics = { + enable = true; + additionalOptions = ''Option "TouchpadOff" "1"''; + }; hardware.trackpoint = { enable = true; sensitivity = 220; @@ -19,7 +25,6 @@ with config.krebs.lib; emulateWheel = true; }; - services.tlp.enable = true; services.tlp.extraConfig = '' # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery -- cgit v1.3.1 From 864e711114b048e875f0d73eeefdca436eebea00 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 21 Jul 2016 16:19:07 +0200 Subject: k 3 nginx: add ssl.force_encryption --- krebs/3modules/nginx.nix | 13 +++++++++++++ makefu/2configs/bepasty-dual.nix | 6 ++---- 2 files changed, 15 insertions(+), 4 deletions(-) (limited to 'makefu/2configs') diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index fc7fcca6f..25dfb5d6a 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -73,6 +73,14 @@ let type = bool; default = true; }; + force_encryption = mkOption { + type = bool; + default = false; + description = '' + redirect all `http` traffic to the same domain but with ssl + protocol. + ''; + }; protocols = mkOption { type = listOf (enum [ "SSLv2" "SSLv3" "TLSv1" "TLSv1.1" "TLSv1.2" ]); default = [ "TLSv1.1" "TLSv1.2" ]; @@ -122,6 +130,11 @@ let server_name ${toString (unique server-names)}; ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen} ${optionalString ssl.enable (indent '' + ${optionalString ssl.force_encryption '' + if ($scheme = http){ + return 301 https://$server_name$request_uri; + } + ''} listen 443 ssl; ssl_certificate ${ssl.certificate}; ssl_certificate_key ${ssl.certificate_key}; diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index f675c4ac8..4b5389c32 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -45,6 +45,7 @@ in { #certificate = "${sec}/wildcard.krebsco.de.crt"; #certificate_key = "${sec}/wildcard.krebsco.de.key"; ciphers = "RC4:HIGH:!aNULL:!MD5" ; + force_encryption = true; }; locations = singleton ( nameValuePair "/.well-known/acme-challenge" '' root ${acmechall}/${ext-dom}/; @@ -54,10 +55,7 @@ in { ssl_session_timeout 10m; ssl_verify_client off; proxy_ssl_session_reuse off; - - if ($scheme = http){ - return 301 https://$server_name$request_uri; - }''; + ''; }; defaultPermissions = "read"; secretKey = secKey; -- cgit v1.3.1 From fa3896135414b2634e6d912a2647aba7bea3ac2d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 22 Jul 2016 12:35:06 +0200 Subject: m 2 zsh-user: use absolute path to gpg-connect-agent --- makefu/2configs/zsh-user.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 99c1315e1..a3286b7fd 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -22,7 +22,7 @@ in bindkey "\e[3~" delete-char zstyle ':completion:*' menu select - gpg-connect-agent updatestartuptty /bye >/dev/null + ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null GPG_TTY=$(tty) export GPG_TTY unset SSH_AGENT_PID -- cgit v1.3.1 From b1569158057042aa50e6816e38f0305bab8e5f9c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jul 2016 12:58:54 +0200 Subject: makefu: pornocauster -> x --- krebs/3modules/makefu/default.nix | 16 ++++--- lass/2configs/buildbot-standalone.nix | 2 +- makefu/1systems/pornocauster.nix | 81 ----------------------------------- makefu/1systems/wbob.nix | 2 +- makefu/1systems/x.nix | 73 +++++++++++++++++++++++++++++++ makefu/2configs/tinc/siem.nix | 12 ++++++ 6 files changed, 96 insertions(+), 90 deletions(-) delete mode 100644 makefu/1systems/pornocauster.nix create mode 100644 makefu/1systems/x.nix create mode 100644 makefu/2configs/tinc/siem.nix (limited to 'makefu/2configs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index a878f50ee..dffb6b0a1 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -126,15 +126,15 @@ with config.krebs.lib; }; }; }; - pornocauster = { + x = { cores = 2; nets = { retiolum = { ip4.addr = "10.243.0.91"; ip6.addr = "42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"; aliases = [ - "pornocauster.retiolum" - "pornocauster.r" + "x.retiolum" + "x.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -167,7 +167,7 @@ with config.krebs.lib; }; }; ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster"; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x"; }; @@ -441,8 +441,9 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; shoney = rec { cores = 1; - nets = { + nets = rec { siem = { + via = internet; ip4.addr = "10.8.10.1"; ip4.prefix = "10.8.10.0/24"; aliases = [ @@ -459,6 +460,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB L+xhIsiMXQIo2hv8aOUnf/7Ac9DXNR83GwIDAQAB -----END RSA PUBLIC KEY----- ''; + tinc.port = 1655; }; internet = { ip4.addr = "64.137.234.215"; @@ -790,8 +792,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; users = rec { makefu = { - mail = "makefu@pornocauster.retiolum"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster"; + mail = "makefu@x.retiolum"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x"; pgp.pubkeys.default = builtins.readFile ./default.pgp; pgp.pubkeys.brain = builtins.readFile ./brain.pgp; }; diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 7c7693ab7..766fd715e 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -95,7 +95,7 @@ in { method=build \ system={}".format(i)]) - for i in [ "pornocauster", "wry", "vbob", "wbob", "shoney" ]: + for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: addShell(f,name="build-{}".format(i),env=env_makefu, command=nixshell + \ ["make \ diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix deleted file mode 100644 index b683e5630..000000000 --- a/makefu/1systems/pornocauster.nix +++ /dev/null @@ -1,81 +0,0 @@ -# -# -# -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ../. - ../2configs/main-laptop.nix #< base-gui + zsh - ../2configs/laptop-utils.nix - - # Krebs - #../2configs/disable_v6.nix - - - # applications - - ../2configs/exim-retiolum.nix - ../2configs/mail-client.nix - ../2configs/printer.nix - ../2configs/virtualization.nix - ../2configs/virtualization-virtualbox.nix - ../2configs/wwan.nix - - # services - ../2configs/git/brain-retiolum.nix - ../2configs/tor.nix - ../2configs/steam.nix - # ../2configs/buildbot-standalone.nix - - # hardware specifics are in here - ../2configs/hw/tp-x220.nix - ../2configs/hw/rtl8812au.nix - # mount points - ../2configs/fs/sda-crypto-root-home.nix - # ../2configs/mediawiki.nix - #../2configs/wordpress.nix - ../2configs/nginx/public_html.nix - - ../2configs/tinc/retiolum.nix - # temporary modules - ../2configs/temp/share-samba.nix - # ../2configs/temp/elkstack.nix - # ../2configs/temp/sabnzbd.nix - ]; - - services.tinc.networks.siem = { - name = "makefu"; - extraConfig = '' - ConnectTo = sdarth - ConnectTo = sjump - ''; - }; - - krebs.nginx = { - default404 = false; - servers.default.listen = [ "80 default_server" ]; - servers.default.server-names = [ "_" ]; - }; - - environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; - - virtualisation.docker.enable = true; - - # configure pulseAudio to provide a HDMI sink as well - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 80 24800 ]; - networking.firewall.allowedUDPPorts = [ 665 ]; - - krebs.build.host = config.krebs.hosts.pornocauster; - krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; - - krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; - - networking.extraHosts = '' - 192.168.1.11 omo.local - ''; - # hard dependency because otherwise the device will not be unlocked - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; -} diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index e8e0b091f..ff593ab35 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -66,7 +66,7 @@ in { client = { enable = true; screenName = "wbob"; - serverAddress = "pornocauster.r"; + serverAddress = "x.r"; }; }; } diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix new file mode 100644 index 000000000..d41edfa46 --- /dev/null +++ b/makefu/1systems/x.nix @@ -0,0 +1,73 @@ +# +# +# +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../. + ../2configs/main-laptop.nix #< base-gui + zsh + ../2configs/laptop-utils.nix + + # Krebs + #../2configs/disable_v6.nix + + + # applications + + ../2configs/exim-retiolum.nix + ../2configs/mail-client.nix + ../2configs/printer.nix + ../2configs/virtualization.nix + ../2configs/virtualization-virtualbox.nix + ../2configs/wwan.nix + + # services + ../2configs/git/brain-retiolum.nix + ../2configs/tor.nix + ../2configs/steam.nix + # ../2configs/buildbot-standalone.nix + + # hardware specifics are in here + ../2configs/hw/tp-x220.nix + ../2configs/hw/rtl8812au.nix + # mount points + ../2configs/fs/sda-crypto-root-home.nix + # ../2configs/mediawiki.nix + #../2configs/wordpress.nix + ../2configs/nginx/public_html.nix + + ../2configs/tinc/retiolum.nix + # temporary modules + ../2configs/temp/share-samba.nix + # ../2configs/temp/elkstack.nix + # ../2configs/temp/sabnzbd.nix + ../2configs/tinc/siem.nix + ]; + krebs.nginx = { + default404 = false; + servers.default.listen = [ "80 default_server" ]; + servers.default.server-names = [ "_" ]; + }; + + environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; + + virtualisation.docker.enable = true; + + # configure pulseAudio to provide a HDMI sink as well + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ 80 24800 26061 ]; + networking.firewall.allowedUDPPorts = [ 665 26061 ]; + + krebs.build.host = config.krebs.hosts.x; + krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; + + krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; + + networking.extraHosts = '' + 192.168.1.11 omo.local + ''; + # hard dependency because otherwise the device will not be unlocked + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; +} diff --git a/makefu/2configs/tinc/siem.nix b/makefu/2configs/tinc/siem.nix new file mode 100644 index 000000000..fae72590f --- /dev/null +++ b/makefu/2configs/tinc/siem.nix @@ -0,0 +1,12 @@ +{lib, config, ... }: +{ + # TODO do not know why we need to force it, port is only set via default to 655 + krebs.build.host.nets.siem.tinc.port = lib.mkForce 1655; + + networking.firewall.allowedUDPPorts = [ 1665 ]; + networking.firewall.allowedTCPPorts = [ 1655 ]; + krebs.tinc.siem = { + enable = true; + connectTo = [ "shoney" ]; + }; +} -- cgit v1.3.1 From 64f0e746992f9ab1395a917f43af09a86add70b6 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jul 2016 13:02:06 +0200 Subject: m 1 omo: enable ps3netsrv --- makefu/1systems/omo.nix | 5 ++++- makefu/2configs/nginx/euer.wiki.nix | 38 ++++++++++++++++++++++++++++--------- 2 files changed, 33 insertions(+), 10 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index ead8f49b6..699cdb2e1 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -74,7 +74,10 @@ in { systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; virtualisation.docker.enable = true; - + makefu.ps3netsrv = { + enable = true; + servedir = "/media/cryptX/emu/ps3"; + }; # HDD Array stuff services.smartd.devices = builtins.map (x: { device = x; }) allDisks; diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 10985c833..655dee7b2 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -3,8 +3,15 @@ with config.krebs.lib; let sec = toString ; - ssl_cert = "${sec}/wildcard.krebsco.de.crt"; - ssl_key = "${sec}/wildcard.krebsco.de.key"; + ext-dom = "wiki.euer.krebsco.de"; + acmepath = "/var/lib/acme/"; + acmechall = acmepath + "/challenges/"; + + #ssl_cert = "${sec}/wildcard.krebsco.de.crt"; + #ssl_key = "${sec}/wildcard.krebsco.de.key"; + ssl_cert = "${acmepath}/${ext-dom}/fullchain.pem"; + ssl_key = "${acmepath}/${ext-dom}/key.pem"; + user = config.services.nginx.user; group = config.services.nginx.group; fpm-socket = "/var/run/php5-fpm.sock"; @@ -80,22 +87,23 @@ in { listen = [ "${external-ip}:80" "${external-ip}:443 ssl" "${internal-ip}:80" "${internal-ip}:443 ssl" ]; server-names = [ - "wiki.euer.krebsco.de" + ext-dom "wiki.makefu.retiolum" "wiki.makefu" ]; + ssl = { + enable = true; + # these certs will be needed if acme has not yet created certificates: + certificate = ssl_cert; + certificate_key = ssl_key; + force_encryption = true; + }; extraConfig = '' gzip on; gzip_buffers 4 32k; gzip_types text/plain application/x-javascript text/css; - ssl_certificate ${ssl_cert}; - ssl_certificate_key ${ssl_key}; default_type text/plain; - if ($scheme = http){ - return 301 https://$server_name$request_uri; - } - ''; locations = [ (nameValuePair "/" '' @@ -111,8 +119,20 @@ in { include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; '') + (nameValuePair "/.well-known/acme-challenge" '' + root ${acmechall}/${ext-dom}/; + '') + ]; }; }; }; + security.acme.certs."${ext-dom}" = { + email = "acme@syntax-fehler.de"; + webroot = "${acmechall}/${ext-dom}/"; + group = "nginx"; + allowKeysForGroup = true; + postRun = "systemctl reload nginx.service"; + extraDomains."${ext-dom}" = null ; + }; } -- cgit v1.3.1 From e215b30483a4275ac831c6def9c27b004d4d6887 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 2 Aug 2016 11:49:24 +0200 Subject: m 2 base-gui: xhost +local: --- makefu/2configs/base-gui.nix | 5 ++++- makefu/2configs/fetchWallpaper.nix | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index f7d6991c5..a028e5073 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -87,5 +87,8 @@ in URxvt.url-select.underline: true URxvt.searchable-scrollback: CM-s ''; - in "cat ${xdefaultsfile} | xrdb -merge"; + in '' + cat ${xdefaultsfile} | xrdb -merge + ${pkgs.xorg.xhost}/bin/xhost +local: + ''; } diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix index 786df6d40..fb74919c4 100644 --- a/makefu/2configs/fetchWallpaper.nix +++ b/makefu/2configs/fetchWallpaper.nix @@ -3,7 +3,7 @@ { krebs.fetchWallpaper = { enable = true; - display = ":0"; + display = ":0.0"; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; timerConfig = { OnCalendar = "*:0/30"; -- cgit v1.3.1 From 278e34c393988b3e039c7e47bbb73eb8adb978f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 2 Aug 2016 11:50:16 +0200 Subject: m 2 main-laptop: add power-action --- makefu/2configs/main-laptop.nix | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 3cc91b630..92cc1fc43 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -16,6 +16,44 @@ with config.krebs.lib; users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; + krebs.power-action = let + speak = "${pkgs.espeak}/bin/espeak"; + whisper = text: ''${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}"''; + note = "${pkgs.libnotify}/bin/notify-send"; + in { + enable = true; + plans.low-battery = { + upperLimit = 25; + lowerLimit = 15; + charging = false; + action = whisper "power level low, please plug me in"; + }; + plans.nag-harder = { + upperLimit = 15; + lowerLimit = 5; + action = pkgs.writeDash "crit-speak" '' + ${whisper "Power level critical, do something"} + ${note} Battery -u critical -t 600000 "Power level critical, do something!" + ''; + }; + plans.last-chance = { + upperLimit = 5; + lowerLimit = 3; + charging = false; + action = pkgs.writeDash "suspend-wrapper" '' + ${note} Battery -u crit "You've had your chance, suspend in 5 seconds" + ${concatMapStringsSep "\n" (i: '' + ${note} -u critical -t 1000 ${toString i} + ${speak} ${toString i} & + sleep 1 + '') + [ 5 4 3 2 1 ]} + /var/setuid-wrappers/sudo ${pkgs.systemd}/bin/systemctl suspend + ''; + }; + }; + users.users.power-action.extraGroups = [ "audio" ]; + security.sudo.extraConfig = "${config.krebs.power-action.user.name} ALL= (root) NOPASSWD: ${pkgs.systemd}/bin/systemctl suspend"; services.redshift = { enable = true; -- cgit v1.3.1 From 9ef2790f099115a4759ae7ae45945a4d85ad097d Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 2 Aug 2016 11:50:53 +0200 Subject: m 2 tinc/siem: add krebs dns provider --- makefu/2configs/tinc/siem.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/tinc/siem.nix b/makefu/2configs/tinc/siem.nix index fae72590f..8f17f1a0a 100644 --- a/makefu/2configs/tinc/siem.nix +++ b/makefu/2configs/tinc/siem.nix @@ -2,7 +2,7 @@ { # TODO do not know why we need to force it, port is only set via default to 655 krebs.build.host.nets.siem.tinc.port = lib.mkForce 1655; - + krebs.dns.providers.siem = "hosts"; networking.firewall.allowedUDPPorts = [ 1665 ]; networking.firewall.allowedTCPPorts = [ 1655 ]; krebs.tinc.siem = { -- cgit v1.3.1 From 4719eb8d581dc6462e8531959c6e841e51c4f0d7 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 2 Aug 2016 15:40:41 +0200 Subject: m 2 main-laptop: remove obsolete display --- makefu/2configs/base-gui.nix | 2 +- makefu/2configs/main-laptop.nix | 27 +++++++++++++++++++-------- 2 files changed, 20 insertions(+), 9 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index a028e5073..b039c12ca 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -55,7 +55,7 @@ in hardware.pulseaudio = { enable = true; - # systemWide = true; + systemWide = true; }; services.xserver.displayManager.sessionCommands = let xdefaultsfile = pkgs.writeText "Xdefaults" '' diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 92cc1fc43..9d5b06f70 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -6,7 +6,10 @@ # TODO split generic desktop stuff and laptop-specifics like lidswitching with config.krebs.lib; -{ +let + window-manager = "awesome"; + user = config.krebs.build.user.name; +in { imports = [ ./base-gui.nix ./fetchWallpaper.nix @@ -17,23 +20,32 @@ with config.krebs.lib; users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; krebs.power-action = let - speak = "${pkgs.espeak}/bin/espeak"; - whisper = text: ''${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}"''; - note = "${pkgs.libnotify}/bin/notify-send"; + #speak = "XDG_RUNTIME_DIR=/run/user/$(id -u) ${pkgs.espeak}/bin/espeak"; # when run as user + speak = "${pkgs.espeak}/bin/espeak"; # systemwide pulse + whisper = text: ''${speak} -v +whisper -s 110 "${text}"''; + + note = pkgs.writeDash "note-as-user" '' + eval "export $(egrep -z DBUS_SESSION_BUS_ADDRESS /proc/$(${pkgs.procps}/bin/pgrep -u ${user} ${window-manager})/environ)" + ${pkgs.libnotify}/bin/notify-send "$@"; + ''; in { enable = true; + inherit user; plans.low-battery = { upperLimit = 25; lowerLimit = 15; charging = false; - action = whisper "power level low, please plug me in"; + action = pkgs.writeDash "low-speak" '' + ${whisper "power level low, please plug me in"} + ''; }; plans.nag-harder = { upperLimit = 15; lowerLimit = 5; + charging = false; action = pkgs.writeDash "crit-speak" '' + ${note} Battery -u critical -t 60000 "Power level critical, do something!" ${whisper "Power level critical, do something"} - ${note} Battery -u critical -t 600000 "Power level critical, do something!" ''; }; plans.last-chance = { @@ -52,8 +64,7 @@ with config.krebs.lib; ''; }; }; - users.users.power-action.extraGroups = [ "audio" ]; - security.sudo.extraConfig = "${config.krebs.power-action.user.name} ALL= (root) NOPASSWD: ${pkgs.systemd}/bin/systemctl suspend"; + security.sudo.extraConfig = "${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${pkgs.systemd}/bin/systemctl suspend"; services.redshift = { enable = true; -- cgit v1.3.1