tv querel: init

krebs/3modules/tv/default.nix

@@ -254,6 +254,36 @@ with import <stockholm/lib>;
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
     };
+    querel = {
+      ci = true;
+      cores = 2;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.22.22";
+          ip6.addr = "42::2222";
+          aliases = [
+            "querel.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIICCgKCAgEArv9eB8acpUhJwRaLY9kGeM7DEPvInVvoduEbec10p4Y2PFx2MjSz
+            2OhyxFRkONC4EMV9oVTKD+NRtpbRGZGLYD8ZPB622SvccgB0XnL6ZZfie1feSgrn
+            bPyVnX8EnEgtx9IQckHyaxWgtyrluJnY2CbLkCYgD+50KFT12rdHyAa3+QoYU65x
+            ACQo28i9xIpsl6dm7iWBb+ecHc7fST35OqWywtVxSpHPe1nvwaYm1p3rqqtkCGVh
+            iXE5ruAscri7Dskc5dGR1p7LquhBaebuylH6sfRKA6kre05+/IkXi+JLeAmAtJ+W
+            xezYlecEvxhguql9ZmSYAYkR4KknZb56KtvCnm29o0evvEpsaYcbtgq1D0JhoGyk
+            4DixS5e+5dg470icVKxPfz1AzejxrTUTtMlI28qjAIx1FcmCBGM+T6yHs/MhNGbf
+            aqUmN+FwtsJ2QWFYqu9zjxxyAfrAw+gqHm0LnsKK1ttwF/2fYCTRLowY+ItB3axs
+            UVq7DQxyunyYalKGX2RSJ5BHczREHrfgX43HCSlcAuMuow9jHLOjzul0A49rSZ9E
+            vOPqbjrki0KEEQj0HN3Ax4UVqZ6mPWaTQzuup+bPQ/2Sjkx6COzMSAPmKo4l6DkA
+            J++ZonpnOCUkwCeCU6qJgMuHeXn0uh117Ypj/3J9eKYMO/RTSs3x8l0CAwEAAQ==
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFM2GdL9yOjSBmYBE07ClywNOADc/zxqXwZuWd7Mael root@querel.r";
+    };
     xu = {
       binary-cache = {
         pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
@@ -339,6 +369,8 @@ with import <stockholm/lib>;
     dv = {
       mail = "dv@alnus.r";
     };
+    itak = {
+    };
     mv-ni = {
       mail = "mv@ni.r";
       pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";

tv/1systems/querel/config.nix

@@ -0,0 +1,95 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: {
+
+  imports = [
+    <stockholm/krebs>
+    <stockholm/tv/2configs>
+    <stockholm/tv/3modules>
+    <stockholm/tv/2configs/retiolum.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.querel;
+  krebs.build.user = mkForce config.krebs.users.itak;
+
+  boot.initrd.availableKernelModules = [ "ahci" ];
+  boot.initrd.luks = {
+    cryptoModules = [ "aes" "sha512" "xts" ];
+    devices.querel-luks1 = {
+      allowDiscards = true;
+      device = "/dev/sda2";
+    };
+  };
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.loader = {
+    efi.canTouchEfiVariables = true;
+    systemd-boot.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    firefoxWrapper
+    gimp
+    kate
+    libreoffice
+    (pkgs.pidgin-with-plugins.override {
+      plugins = [ pkgs.pidginotr ];
+    })
+    sxiv
+    texlive.combined.scheme-full
+    vim
+    zathura
+  ];
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/mapper/querel-root";
+      fsType = "ext4";
+      options = [ "defaults" "discard" ];
+    };
+    "/home" = {
+      device = "/dev/mapper/querel-home";
+      fsType = "ext4";
+      options = [ "defaults" "discard" ];
+    };
+    "/boot" = {
+      device = "/dev/sda1";
+    };
+  };
+
+  hardware.enableRedistributableFirmware = true;
+  hardware.pulseaudio.enable = true;
+
+  i18n.defaultLocale = "de_DE.UTF-8";
+
+  networking.networkmanager.enable = true;
+
+  programs.ssh.startAgent = false;
+
+  services.printing = {
+    enable = true;
+  };
+
+  services.xserver.enable = true;
+  services.xserver.layout = "de";
+  services.xserver.xkbOptions = "eurosign:e";
+
+  services.xserver.synaptics = {
+    enable = true;
+    twoFingerScroll = true;
+  };
+
+  services.xserver.desktopManager.plasma5.enable = true;
+  services.xserver.displayManager.auto = {
+    enable = true;
+    user = "itak";
+  };
+
+  users.users.itak = {
+    inherit (config.krebs.users.itak) home uid;
+    isNormalUser = true;
+    extraGroups = [
+      "audio"
+      "video"
+      "networkmanager"
+    ];
+  };
+}

tv/1systems/querel/source.nix

@@ -0,0 +1,3 @@
+import <stockholm/tv/source.nix> {
+  name = "querel";
+}