| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Even though gopass is more complex than pass, it's also less fragile
because it's written in a reasonably type-safe language rather than
being a giant shell script that relies on lots of external commands.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
| |
A lot of trash has accumulated in /tmp on some of the machines, so let's
clean it up.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
| |
The whole package actually, including the ncurses UI and web interface.
Not that I really need the UI/web stuff right now, but it might come in
handy later.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
| |
The parent commit actually introduced an eval error with meshuggah,
because the machine defined permitRootLogin.
Setting these values to priority 1000 (which is what mkDefault does)
makes sure that setting the value somewhere else always takes
precedence (unless of course it has a value >= 1000).
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
| |
It's been ages since I needed to authenticate to SSHd via a password, so
let's actually make sure we only use pubkey auth by default. If we need
more than that we can still change the value to something else on a per-
machine basis.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
| |
The new machine (shakti) is going to use Firefox, so let's make sure
this is machine-specific.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
| |
Unfortunately people still tend to use RAR archives for whatever reason.
The unfreeAndNonDistributablePkgs is a bit wrong here though, because
Ark and unrar *are* actually redistributable. This needs to be fixed in
nixpkgs though.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
| |
This module adds udev rules for MTP devices, so in theory we do not need
it. However I can remember one occasion where this was needed, but I
don't remember exactly why. So let's better err on our side rather than
causing problems for the users.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
| |
This is clearly something that is specific to the actual hardware, so
even though both brawndo and tyree share the same CPU vendor, we will
have a third managed machine that is going to be different.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
| |
This is no longer enabled by default since
NixOS/nixpkgs@a43e33d0e48b2284ac3a2222d7f1965cef66f5e2.
Those machines are desktop machines/laptops where users expect to have
support for sound ;-)
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The config.patch doesn't apply for Gajim 1.0 anymore anyway, so let's
throw everything away, including my custom config in order to start with
a new abomination.
With the new approach, I'm going to patch the configuration defaults
*directly* into Gajim, because one of the problems with the old approach
was that whenever specifics about a configuration value has changed, I
didn't get noticed by a patch failure.
So in the end the config I was ending up was a big mess.
I'm going to start this with a new unpatched version and someday get to
a patched version that I'm staisfied with... hopefully ;-)
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
| |
I very rarely use this and if I want to I can still use nix run to bring
it in and it has been a lazy package anyway.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
| |
It doesn't seem to be maintained anymore.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
| |
This one is an old leftover from where I ran patched versions of NixOps,
but nowadays it is already in <nixpkgs>, so no need to keep it around.
Other than that, with Hydra now running in restricted eval mode it will
run into an eval error.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
| |
I'm testing every fart that I push to nixpkgs, so why don't I test it
here as well? Dammit!
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
| |
This was more or less accidentally leaked to PATH and got removed in
NixOS/nixpkgs@71a8dbb956f5735030cd3982263d72f1bffdae23, so let's add it
in again.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
| |
Since NixOS/nixpkgs@a43e33d0e48b2284ac3a2222d7f1965cef66f5e2 this is no
longer enabled by default so in order to, for example, restore card
volumes we need to have this enabled.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
| |
This reverts commit 9dc27c57880db6469865dc2e6aaf295665c681a3.
The patch already was from upstream master and it found its way into the
new release, so we no longer need it.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
| |
We're using "out_to_x = false" because we only want output to stdout,
unfortunately since conky version 1.10.7, this causes a segfault which
is tracked in upstream issue brndnmtthws/conky#454.
The patch I'm using here was submitted and merged upstream in
brndnmtthws/conky#455 and it's not yet part of a release yet.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
| |
I no longer use Chromium on a regular basis, so let's open URLs in
Firefox instead.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We no longer use the legacy SSH store protocol for taalo but the new
ssh-ng protocol, which makes the implementation of taalo-build a LOT
less clunky.
It also didn't make sense to have this as a NixOS module when we after
all just emit a static store path without any stuff depending on
configuration options.
The new implementation basically just wraps nix-build and nix-store -r
along with the right NIX_REMOTE variable.
With Nix 1.2 this can also be done with the new "nix build" command
using the --store option, but unfortunately "nix build" doesn't yet have
the same functionality as nix-build.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Profpatsch, @bendlas
|
| |
|
|
|
|
|
|
|
|
| |
This really makes sense for an end user system, so let's actually add it
to the system path. It seems that it also needs unzip and other
archivers in $PATH but I haven't actually verified if that's really the
case, because the Nix expression for ark already contains those
archivers.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
| |
This has changed in NixOS/nixpkgs@93c54acf97077567e8d6135a36f191e872b2
so that there's now an assertion to set a default.
For all the profiles I've set this properly but managed to forget it for
brawndo and tyree, which is now the case.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
| |
I'm no longer employed by RedMoon Studios, so while I still receive
email on this address, it makes more sense to move on to nix.build :-)
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
| |
The previous GnuPG key (4DFD43EC834B6901BDA2BAAC1DE8E48E57DB5436) was
subject to the ROCA vulnerability, so I had to revoke it.
For details about this vulnerability, please visit:
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
It's a fast and less verbose alternative to find and while it won't
replace find entirely for me it certainly will be useful for less
complicated stuff or simple one-liners.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Reverts adding kmix as introduced in
e49eca5c0c9c27352825c455d3e1b8a938245755.
This causes two mixer icons to show up in the tray, which is kinda
redundant.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @dwenola, @BrokkoliBerta
|
| |
|
|
|
|
|
|
|
|
| |
This has been introduced by NixOS/nixpkgs@c4c187ed7226e2132c13070444d0,
thanks to @pshendry.
IMHO it makes more sense to use this instead of simple-scan, because the
managed machines run KDE while simple-scan is a Gnome application.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
Actually this is the only one workstation where I use gpodder, so let's
move it there and also don't make it a lazy package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
I might move to Firefox as my primary browser again. Apart from that, I
regularily use it anyway, so having it as a lazy package doesn't make
sense.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Both machines are using Plasma along with a few common KDE applications,
so let's actually be more aggressive about deduplicating the options,
because after all whenever these machines start to deviate more from
each other, we can still either override those options or move them out.
I've also cleaned up a few packages, so instead of having mpv *and* vlc
we now have mpv and bomi for both machines. The latter is mostly about
figuring out whether it's actually a good GUI video player, as it is
basically a front-end for mpv.
With this unification this means that some packages which are generally
useful, such as okular and gwenview are now not only available to tyree
but brawndo as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @dwenola, @BrokkoliBerta
|
| |
|
|
|
|
|
| |
I tend to use it more frequently than I thought I would and it's quite
small, so let's make it the default for my workstations.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
I'm not going to use this a lot, so let's not clutter up the closure
size with it, even though the package is actually quite small.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
| |
Since version 4.0 of xpdf, the UI has vastly changed and the
configuration setting I'm using in this module no longer is necessary
for me. So let's drop the module altogether until I'm getting used to
the new xpdf and find new things I don't like :-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is in reaction to upstream commit
NixOS/nixpkgs@e34ce9d1c551fb43742aada6bb43ccb1a52e64a1.
One of the changes in GnuPG 2.1.23 is that the main binary is now called
gpg instead of gpg2. See the full release announcement here:
https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000412.html
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit 224a63100f6233fda762c72818cad57173411802 and
85f3d5340e53e2624f65248740ed04cb1f5e94e9.
Since the last staging merge done in commit
NixOS/nixpkgs@740d76371e6c1c76bae4801fc5b736a796c1ebbe we have systemd
version 234, which already has the change this patch has addressed.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
| |
This is exactly the same patch/implementation as I've added for my
machines in 85f3d5340e53e2624f65248740ed04cb1f5e94e9.
I wanted to delay this a bit until I have tested it by myself, which I
have by now.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
I don't use anything that's machine specific within my Vim
configuration (and even if, we can pass it via the callPackage
arguments) so it's kinda pointless that it's a module instead of a plain
package (override).
This makes it also easier to nix-build the package without the need to
go through the module system.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This dissolves the user.aszlig.system.kernel module, which was not only
to stay on the latest bleeding edge kernel but also to enable BFQ. The
latter has been factored out already a while ago already.
Originally, I had a fully custom kernel config for mmrnmhrm and dnyarri,
but it's no longer the case and thus the user.aszlig.system.kernel
module is now no longer needed.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream issue is systemd/systemd#3879 and this bug has annoyed me
for a while now. I've also opened a pull request (NixOS/systemd#12) to
the NixOS fork of systemd, but this is pending since almost a month now
and the bug is still annoying as fuck, so let's patch it in vuizvui.
I'm not yet porting this to other machines yet, because I want to test
whether this actually really solves my problem (even though it's exactly
what the upstream bug describes) or whether we need to patch something
else as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @devhell (uses networkd as well)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two other occasions where packageOverrides are still in use,
one of them is @sternenseemann's fliewatuet machine and another one is
@devhell's package profile.
I've replaced every other occurence of packageOverrides and replaced it
with overlays and checked the store path hash after evaluation.
The reason why I left @sternenseemann's fliewatuet alone was that for
I wasn't quite sure whether "bluez = pkgs.bluez5" is still needed or
intentional to pin it to version 5. Because if it's not the case the
packageOverrides can just be dropped because bluez is already bluez5 in
upstream <nixpkgs>.
For @devhell's package profile, I did the conversion, but the store path
turned out to be a different one than what it was prior to the change.
I did take a quick look at the requisites of the drv and found that sox
was one of the different paths that led to the change in the final store
path.
This obviously needs to be tested and/or investigated first.
Other than that, the main reason why I'm moving everything to overlays
is that it's the replacement for packageOverrides and also has a better
way to pass through chains of overrides than packageOverrides had.
My guess is that after NixOS 17.09, the old packageOverrides function
will be removed, so let's make sure we're ready for that.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @devhell, @sternenseemann
|
| |
|
|
|
|
|
| |
Now that the scheduler is in mainline, I think there is nothing now to
stop us from unleashing it to end users :-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
| |
Not everybody likes to have the latest release canidate kernel, so we
now have an option called vuizvui.system.kernel.bfq.enable, which *only*
enables the BFQ scheduler per default.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @devhell
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I previously wrote that patch in a hurry, so I thought it would be
enough to set CONFIG_DEFAULT_IOSCHED to "bfq". But in block/elevator.c
the actual default for blk-mq is a constant and can't be configured via
CONFIG_DEFAULT_IOSCHED.
So we're now patching just that constant and nothing more.
Also, I've enabled CONFIG_DM_MQ_DEFAULT, because the DM devices need to
be switched to blk-mq as well and for example on dnyarri I'm actually
using the device mapper for LUKS.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
This option does no longer exist in current Nix 1.12 and has been
removed in NixOS/nix@0afeb7f51e3465c7c27bc5a83017e9ffde8c6725.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
The mainline kernel only allows switching schedulers via sysfs and for
each individual device. I don't want to do that so let's do this with a
small patch so we can set BFQ as the default blk-MQ scheduler.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
We're using kernel 4.12 and the BFQ scheduler is included there as a
blk-BQ scheduler, so instead of the patch, let's just use a config where
we set BFQ to be used as the default scheduler.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
Nix 1.12 already contains "nix repl" and as I'm using Nix 1.12 on all of
my machines the nix-repl package is obsolete.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new version of the "TRAVIC-Sign" extension that's used by the
Santander bank now relies on native messaging, so it's much much easier
for us to sandbox and also easier to integrate.
For more information about native messaging see:
https://developer.chrome.com/extensions/nativeMessaging
So the upstream only contains a Firefox extension, but it doesn't
deviate very much (at least since the new non-XUL API) from the Chromium
extension API, so we only need to patch the manifest (where we also
constrain the sites that the extension is allowed to run) and refer to
the Wine wrapper in the native messaging host configuration file.
Right now, the Chromium version that we have in <nixpkgs> still refers
to /usr/share/chromium/extensions in order to search for system-provided
extensions, so we need to fix that as well.
In our workstation profiles we now no longer have the santander package
in lazyPackages, because it's also no longer a binary.
Previously the main reason why I added it to lazyPackages was that the
whole santander package had a closure size of several hundred megabytes
because of the Wine prefix. The latter now is essentially empty.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The way xrandrHeads are addressed has changed with the following
upstream merge commit:
NixOS/nixpkgs@9dca737d6269759745c9e68ea462446cde4d9be9
Now xrandrHeads are no longer a list of strings but a list of attribute
sets, but we new do have even more information about a particular head.
So apart from fixing this, we new also set --primary whenever applicable
in "xreset".
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
