From c9a69def55f6e13ce13e60713b5369007fe4d7d0 Mon Sep 17 00:00:00 2001 From: Adrian Kummerlaender Date: Fri, 28 Sep 2018 13:44:53 +0200 Subject: Separate desktop and server software --- host/asterix.nix | 2 +- host/obelix.nix | 2 +- .../asset/T-TeleSec_GlobalRoot_Class_2.pem | 23 --- host/software/asset/dir_colors | 218 --------------------- host/software/desktop.nix | 42 ---- .../desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem | 23 +++ host/software/desktop/default.nix | 42 ++++ host/software/desktop/kit.vpn.nix | 27 +++ host/software/fish.nix | 76 ------- host/software/kit.vpn.nix | 27 --- 10 files changed, 94 insertions(+), 388 deletions(-) delete mode 100644 host/software/asset/T-TeleSec_GlobalRoot_Class_2.pem delete mode 100644 host/software/asset/dir_colors delete mode 100644 host/software/desktop.nix create mode 100644 host/software/desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem create mode 100644 host/software/desktop/default.nix create mode 100644 host/software/desktop/kit.vpn.nix delete mode 100644 host/software/fish.nix delete mode 100644 host/software/kit.vpn.nix (limited to 'host') diff --git a/host/asterix.nix b/host/asterix.nix index 0d078e9..0c29feb 100644 --- a/host/asterix.nix +++ b/host/asterix.nix @@ -1,7 +1,7 @@ { imports = [ ./hardware/asterix.nix - ./software/desktop.nix + ./software/desktop ]; boot = { diff --git a/host/obelix.nix b/host/obelix.nix index 8eea35e..8c06132 100644 --- a/host/obelix.nix +++ b/host/obelix.nix @@ -3,7 +3,7 @@ { imports = [ ./hardware/obelix.nix - ./software/desktop.nix + ./software/desktop ]; boot = { diff --git a/host/software/asset/T-TeleSec_GlobalRoot_Class_2.pem b/host/software/asset/T-TeleSec_GlobalRoot_Class_2.pem deleted file mode 100644 index 374b050..0000000 --- a/host/software/asset/T-TeleSec_GlobalRoot_Class_2.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx -KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd -BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl -YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 -OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy -aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 -ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd -AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC -FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi -1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq -jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ -wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj -QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ -WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy -NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC -uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw -IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 -g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN -9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP -BSeOE6Fuwg== ------END CERTIFICATE----- diff --git a/host/software/asset/dir_colors b/host/software/asset/dir_colors deleted file mode 100644 index bbe79d9..0000000 --- a/host/software/asset/dir_colors +++ /dev/null @@ -1,218 +0,0 @@ -# Configuration file for dircolors, a utility to help you set the -# LS_COLORS environment variable used by GNU ls with the --color option. -# Copyright (C) 1996-2015 Free Software Foundation, Inc. -# Copying and distribution of this file, with or without modification, -# are permitted provided the copyright notice and this notice are preserved. -# The keywords COLOR, OPTIONS, and EIGHTBIT (honored by the -# slackware version of dircolors) are recognized but ignored. -# Below, there should be one TERM entry for each termtype that is colorizable -TERM Eterm -TERM ansi -TERM color-xterm -TERM con132x25 -TERM con132x30 -TERM con132x43 -TERM con132x60 -TERM con80x25 -TERM con80x28 -TERM con80x30 -TERM con80x43 -TERM con80x50 -TERM con80x60 -TERM cons25 -TERM console -TERM cygwin -TERM dtterm -TERM eterm-color -TERM gnome -TERM gnome-256color -TERM hurd -TERM jfbterm -TERM konsole -TERM kterm -TERM linux -TERM linux-c -TERM mach-color -TERM mach-gnu-color -TERM mlterm -TERM putty -TERM putty-256color -TERM rxvt -TERM rxvt-256color -TERM rxvt-cygwin -TERM rxvt-cygwin-native -TERM rxvt-unicode -TERM rxvt-unicode-256color -TERM rxvt-unicode256 -TERM screen -TERM screen-256color -TERM screen-256color-bce -TERM screen-bce -TERM screen-w -TERM screen.Eterm -TERM screen.rxvt -TERM screen.linux -TERM st -TERM st-256color -TERM terminator -TERM vt100 -TERM xterm -TERM xterm-16color -TERM xterm-256color -TERM xterm-88color -TERM xterm-color -TERM xterm-debian -TERM xterm-termite -TERM xterm-kitty -# Below are the color init strings for the basic file types. A color init -# string consists of one or more of the following numeric codes: -# Attribute codes: -# 00=none 01=bold 04=underscore 05=blink 07=reverse 08=concealed -# Text color codes: -# 30=black 31=red 32=green 33=yellow 34=blue 35=magenta 36=cyan 37=white -# Background color codes: -# 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white -#NORMAL 00 # no color code at all -#FILE 00 # regular file: use no color at all -RESET 0 # reset to "normal" color -DIR 00;32 # directory -LINK 01;36 # symbolic link. (If you set this to 'target' instead of a - # numerical value, the color is as for the file pointed to.) -MULTIHARDLINK 00 # regular file with more than one link -FIFO 40;33 # pipe -SOCK 01;35 # socket -DOOR 01;35 # door -BLK 40;33;01 # block device driver -CHR 40;33;01 # character device driver -ORPHAN 40;31;01 # symlink to nonexistent file, or non-stat'able file ... -MISSING 00 # ... and the files they point to -SETUID 37;41 # file that is setuid (u+s) -SETGID 30;43 # file that is setgid (g+s) -CAPABILITY 30;41 # file with capability -STICKY_OTHER_WRITABLE 30;42 # dir that is sticky and other-writable (+t,o+w) -OTHER_WRITABLE 34;42 # dir that is other-writable (o+w) and not sticky -STICKY 37;44 # dir with the sticky bit set (+t) and not other-writable -# This is for files with execute permission: -EXEC 01;32 -# List any file extensions like '.gz' or '.tar' that you would like ls -# to colorize below. Put the extension, a space, and the color init string. -# (and any comments you want to add after a '#') -# If you use DOS-style suffixes, you may want to uncomment the following: -#.cmd 01;32 # executables (bright green) -#.exe 01;32 -#.com 01;32 -#.btm 01;32 -#.bat 01;32 -# Or if you want to colorize scripts even if they do not have the -# executable bit actually set. -#.sh 01;32 -#.csh 01;32 - # archives or compressed (bright red) -.tar 01;31 -.tgz 01;31 -.arc 01;31 -.arj 01;31 -.taz 01;31 -.lha 01;31 -.lz4 01;31 -.lzh 01;31 -.lzma 01;31 -.tlz 01;31 -.txz 01;31 -.tzo 01;31 -.t7z 01;31 -.zip 01;31 -.z 01;31 -.Z 01;31 -.dz 01;31 -.gz 01;31 -.lrz 01;31 -.lz 01;31 -.lzo 01;31 -.xz 01;31 -.bz2 01;31 -.bz 01;31 -.tbz 01;31 -.tbz2 01;31 -.tz 01;31 -.deb 01;31 -.rpm 01;31 -.jar 01;31 -.war 01;31 -.ear 01;31 -.sar 01;31 -.rar 01;31 -.alz 01;31 -.ace 01;31 -.zoo 01;31 -.cpio 01;31 -.7z 01;31 -.rz 01;31 -.cab 01;31 -# image formats -.jpg 01;35 -.jpeg 01;35 -.gif 01;35 -.bmp 01;35 -.pbm 01;35 -.pgm 01;35 -.ppm 01;35 -.tga 01;35 -.xbm 01;35 -.xpm 01;35 -.tif 01;35 -.tiff 01;35 -.png 01;35 -.svg 01;35 -.svgz 01;35 -.mng 01;35 -.pcx 01;35 -.mov 01;35 -.mpg 01;35 -.mpeg 01;35 -.m2v 01;35 -.mkv 01;35 -.webm 01;35 -.ogm 01;35 -.mp4 01;35 -.m4v 01;35 -.mp4v 01;35 -.vob 01;35 -.qt 01;35 -.nuv 01;35 -.wmv 01;35 -.asf 01;35 -.rm 01;35 -.rmvb 01;35 -.flc 01;35 -.avi 01;35 -.fli 01;35 -.flv 01;35 -.gl 01;35 -.dl 01;35 -.xcf 01;35 -.xwd 01;35 -.yuv 01;35 -.cgm 01;35 -.emf 01;35 -# http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions -.ogv 01;35 -.ogx 01;35 -# audio formats -.aac 00;36 -.au 00;36 -.flac 00;36 -.m4a 00;36 -.mid 00;36 -.midi 00;36 -.mka 00;36 -.mp3 00;36 -.mpc 00;36 -.ogg 00;36 -.ra 00;36 -.wav 00;36 -# http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions -.oga 00;36 -.opus 00;36 -.spx 00;36 -.xspf 00;36 diff --git a/host/software/desktop.nix b/host/software/desktop.nix deleted file mode 100644 index 501a561..0000000 --- a/host/software/desktop.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ pkgs, ... }: - -{ - imports = [ - ./kit.vpn.nix - ]; - - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - - sound.enable = true; - hardware = { - opengl.driSupport32Bit = true; - pulseaudio = { - enable = true; - support32Bit = true; - }; - }; - - services = { - journald = { - extraConfig = ''Storage=volatile''; - }; - - xserver = { - enable = true; - layout = "de"; - xkbOptions = "caps:escape"; - - displayManager.slim = { - enable = true; - autoLogin = true; - defaultUser = "common"; - }; - - desktopManager.default = "none"; - }; - }; - - environment.systemPackages = with pkgs; [ - hdparm ntfs3g - ]; -} diff --git a/host/software/desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem b/host/software/desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem new file mode 100644 index 0000000..374b050 --- /dev/null +++ b/host/software/desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd +AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC +FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi +1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq +jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ +wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ +WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy +NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC +uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw +IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 +g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP +BSeOE6Fuwg== +-----END CERTIFICATE----- diff --git a/host/software/desktop/default.nix b/host/software/desktop/default.nix new file mode 100644 index 0000000..501a561 --- /dev/null +++ b/host/software/desktop/default.nix @@ -0,0 +1,42 @@ +{ pkgs, ... }: + +{ + imports = [ + ./kit.vpn.nix + ]; + + fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; + + sound.enable = true; + hardware = { + opengl.driSupport32Bit = true; + pulseaudio = { + enable = true; + support32Bit = true; + }; + }; + + services = { + journald = { + extraConfig = ''Storage=volatile''; + }; + + xserver = { + enable = true; + layout = "de"; + xkbOptions = "caps:escape"; + + displayManager.slim = { + enable = true; + autoLogin = true; + defaultUser = "common"; + }; + + desktopManager.default = "none"; + }; + }; + + environment.systemPackages = with pkgs; [ + hdparm ntfs3g + ]; +} diff --git a/host/software/desktop/kit.vpn.nix b/host/software/desktop/kit.vpn.nix new file mode 100644 index 0000000..726356d --- /dev/null +++ b/host/software/desktop/kit.vpn.nix @@ -0,0 +1,27 @@ +{ pkgs, ... }: + +{ + services.openvpn.servers = { + KIT = { + # adapted from https://www.scc.kit.edu/scc/net/openvpn/os/debian/kit.ovpn + config = '' + client + remote 141.52.8.20 + port 1194 + dev tun + proto udp + auth-user-pass + nobind + comp-lzo no + tls-version-min 1.2 + ca ${./asset/T-TeleSec_GlobalRoot_Class_2.pem} + verify-x509-name "C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, OU=Steinbuch Centre for Computing, CN=ovpn.scc.kit.edu" subject + cipher AES-256-CBC + auth SHA384 + verb 3 + script-security 2 + ''; + autoStart = false; + }; + }; +} diff --git a/host/software/fish.nix b/host/software/fish.nix deleted file mode 100644 index d1e46c9..0000000 --- a/host/software/fish.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ pkgs, ... }: - -{ - programs.fish = { - enable = true; - - shellInit = '' - set fish_greeting "" - ''; - - interactiveShellInit = '' - eval (dircolors -c ${./asset/dir_colors}) - - set fish_color_normal white - set fish_color_command magenta --bold - set fish_color_param green - set fish_color_error brred - set fish_color_operator cyan - set fish_color_comment white - set fish_color_cwd green - set fish_color_quote brown - set fish_color_autosuggestion 555 - set fish_color_redirection white - ''; - - promptInit = '' - function fish_prompt - set last_status $status - - if not set -q __fish_prompt_normal - set -g __fish_prompt_normal (set_color normal) - end - - switch $USER - case root - if not set -q __fish_prompt_cwd - if set -q fish_color_cwd_root - set -g __fish_prompt_cwd (set_color $fish_color_cwd_root) - else - set -g __fish_prompt_cwd (set_color $fish_color_cwd) - end - end - - case '*' - if not set -q __fish_prompt_cwd - set -g __fish_prompt_cwd (set_color $fish_color_cwd) - end - end - - echo -n -s 'λ ' "$__fish_prompt_cwd" (prompt_pwd) "$__fish_prompt_normal" - - if test $IN_NIX_SHELL - if test $NIX_SHELL_NAME - echo -n -s ' (' $NIX_SHELL_NAME ')' - else - echo -n -s ' (nix-shell)' - end - end - - if test $last_status -gt 0 - set_color $fish_color_cwd_root - echo -n -s ' ● ' - set_color normal - else - echo -n -s ' ● ' - end - end - - function fish_right_prompt - set_color $fish_color_autosuggestion - date '+%H:%M:%S' - set_color normal - end - ''; - }; -} diff --git a/host/software/kit.vpn.nix b/host/software/kit.vpn.nix deleted file mode 100644 index 726356d..0000000 --- a/host/software/kit.vpn.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: - -{ - services.openvpn.servers = { - KIT = { - # adapted from https://www.scc.kit.edu/scc/net/openvpn/os/debian/kit.ovpn - config = '' - client - remote 141.52.8.20 - port 1194 - dev tun - proto udp - auth-user-pass - nobind - comp-lzo no - tls-version-min 1.2 - ca ${./asset/T-TeleSec_GlobalRoot_Class_2.pem} - verify-x509-name "C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, OU=Steinbuch Centre for Computing, CN=ovpn.scc.kit.edu" subject - cipher AES-256-CBC - auth SHA384 - verb 3 - script-security 2 - ''; - autoStart = false; - }; - }; -} -- cgit v1.2.3