2017-07-20 21:40:58 +00:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
<stockholm/krebs>
|
|
|
|
<stockholm/krebs/2configs>
|
|
|
|
<stockholm/krebs/2configs/secret-passwords.nix>
|
2017-07-23 14:37:39 +00:00
|
|
|
<stockholm/krebs/2configs/hw/x220.nix>
|
2017-07-22 13:21:29 +00:00
|
|
|
|
2017-08-05 10:02:08 +00:00
|
|
|
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
2017-07-29 17:41:59 +00:00
|
|
|
<stockholm/krebs/2configs/binary-cache/prism.nix>
|
2017-09-03 22:16:54 +00:00
|
|
|
<stockholm/krebs/2configs/go.nix>
|
|
|
|
<stockholm/krebs/2configs/ircd.nix>
|
|
|
|
<stockholm/krebs/2configs/news.nix>
|
2017-09-08 22:19:51 +00:00
|
|
|
<stockholm/krebs/2configs/news-spam.nix>
|
2019-11-25 12:26:32 +00:00
|
|
|
<stockholm/krebs/2configs/shack/ssh-keys.nix>
|
2019-06-19 17:19:39 +00:00
|
|
|
<stockholm/krebs/2configs/shack/prometheus/node.nix>
|
2019-10-13 00:30:57 +00:00
|
|
|
<stockholm/krebs/2configs/shack/prometheus/server.nix>
|
2020-07-22 14:25:00 +00:00
|
|
|
<stockholm/krebs/2configs/shack/prometheus/blackbox.nix>
|
2019-10-13 00:30:57 +00:00
|
|
|
<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
|
2020-09-14 09:13:03 +00:00
|
|
|
<stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
|
2019-07-07 21:15:55 +00:00
|
|
|
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
|
2019-09-02 11:56:03 +00:00
|
|
|
|
|
|
|
## Collect local statistics via collectd and send to collectd
|
|
|
|
<stockholm/krebs/2configs/stats/shack-client.nix>
|
|
|
|
<stockholm/krebs/2configs/stats/shack-debugging.nix>
|
2017-07-20 21:40:58 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
krebs.build.host = config.krebs.hosts.puyak;
|
2017-07-28 11:31:04 +00:00
|
|
|
sound.enable = false;
|
2017-07-20 21:40:58 +00:00
|
|
|
|
|
|
|
boot = {
|
|
|
|
loader.systemd-boot.enable = true;
|
|
|
|
loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
2020-06-15 09:08:31 +00:00
|
|
|
initrd.luks.devices.luksroot.device = "/dev/sda3";
|
2017-07-20 21:40:58 +00:00
|
|
|
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
|
|
|
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
2017-09-30 23:32:36 +00:00
|
|
|
|
|
|
|
kernelModules = [ "kvm-intel" ];
|
|
|
|
extraModprobeConfig = ''
|
|
|
|
options thinkpad_acpi fan_control=1
|
|
|
|
'';
|
2017-07-20 21:40:58 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
fileSystems = {
|
|
|
|
"/" = {
|
|
|
|
device = "/dev/mapper/pool-root";
|
|
|
|
fsType = "btrfs";
|
|
|
|
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
|
|
|
};
|
|
|
|
"/boot" = {
|
|
|
|
device = "/dev/sda2";
|
|
|
|
};
|
2017-07-22 20:09:44 +00:00
|
|
|
"/bku" = {
|
|
|
|
device = "/dev/mapper/pool-bku";
|
|
|
|
fsType = "btrfs";
|
|
|
|
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
|
|
|
};
|
2017-07-20 21:40:58 +00:00
|
|
|
"/home" = {
|
|
|
|
device = "/dev/mapper/pool-home";
|
|
|
|
fsType = "btrfs";
|
|
|
|
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
|
|
|
};
|
|
|
|
"/tmp" = {
|
|
|
|
device = "tmpfs";
|
|
|
|
fsType = "tmpfs";
|
|
|
|
options = ["nosuid" "nodev" "noatime"];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2019-06-19 17:19:39 +00:00
|
|
|
services.logind.lidSwitch = "ignore";
|
2019-07-07 21:15:55 +00:00
|
|
|
services.logind.lidSwitchExternalPower = "ignore";
|
|
|
|
|
|
|
|
|
2017-07-20 21:40:58 +00:00
|
|
|
services.udev.extraRules = ''
|
|
|
|
SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
|
|
|
|
SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
|
|
|
|
'';
|
|
|
|
|
2017-09-08 23:37:56 +00:00
|
|
|
environment.systemPackages = [ pkgs.zsh ];
|
2017-09-25 22:24:30 +00:00
|
|
|
|
|
|
|
system.activationScripts."disengage fancontrol" = ''
|
|
|
|
echo level disengaged > /proc/acpi/ibm/fan
|
|
|
|
'';
|
2019-05-10 19:03:36 +00:00
|
|
|
|
2017-09-08 23:16:06 +00:00
|
|
|
users.users.joerg = {
|
2020-08-20 20:16:50 +00:00
|
|
|
openssh.authorizedKeys.keys = [ config.krebs.users.mic92.pubkey ];
|
2017-09-08 23:16:06 +00:00
|
|
|
isNormalUser = true;
|
|
|
|
shell = "/run/current-system/sw/bin/zsh";
|
|
|
|
};
|
2017-09-11 18:10:07 +00:00
|
|
|
networking.firewall.allowedTCPPorts = [ 5901 ];
|
2017-07-20 21:40:58 +00:00
|
|
|
}
|