mb: add p1nk.r

2019-04-26 20:11:30 +02:00 · 2019-04-26 20:11:30 +02:00 · 3dc61a8f2d
commit 3dc61a8f2d
parent 7653f7d9f3
3 changed files with 278 additions and 0 deletions
--- a/krebs/3modules/mb/default.nix
+++ b/krebs/3modules/mb/default.nix
@ -37,6 +37,32 @@ in {
        };
      };
    };
+    p1nk = {
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.42.42";
+          aliases = [
+            "p1nk.r"
+          ];
+          tinc.pubkey = ''
+            ----BEGIN PUBLIC KEY-----
+            MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5YVML71oW3iJrzZKuX48
+            AKrGitO5zNvsAHOI8BVsGfZTyxAAZgG4OaDX45kr27K39NcBU43LdDD0I1yjNvGe
+            zAoL5MIiCPD/QR1kAvLmgpMUSqOVvrk+uoGLVt6dOGvxlOiG1AAaN0gA8Q0B/jZV
+            4tZlBpZ7MX9xeK10wqVT56msN69P3EzKQn1uoVRrBxEnNvI1iqmmkgMLcrFVJFBQ
+            888Uuw9Hx5MO7ES/ATe8mt0zReUGvn91jYVVsPpmAopWnjCol271gflY0RomFXKy
+            XaIuvbeF+3otF0+MNqJfm4IsAKJjvl92pjVX0f0eBCSPCYR7D1EtgQrqflLkZKZ8
+            jBGDlgpsFWt/Omz1BYcuGZU/djM4+SNxr4YRYMi3lMix3s2PmHvm304I7eEEBlC9
+            qy1jq/sLaf8mHJrF6Htl7W5WS/Famkwv/VreI92iHrhsmIDiX7OIbXzYDCxT/PQa
+            6uCm/3jIbcHG/ZHZ12H6thkafK0Aoe009+p1n+5Y7V2oNvYe3KzZTnCN5t6z1QHZ
+            V5iypsd6lNDzlodjleTgGK8FmHGRPRdq1wb3eOLE8mWZj7ygDT50FwaC8FzAcHgC
+            bLN/zlHvCbYmk9IJhktO3B6wtMrZl60+XCpb5rTulM94RirifFYsnTIDJApI11yb
+            3AYi5dQXHjab/lvj6917xa0CAwEAAQ==
+            -----END PUBLIC KEY-----
+          '';
+        };
+      };
+    };
  };
  users = {
    mb = {
--- a/mb/1systems/p1nk/configuration.nix
+++ b/mb/1systems/p1nk/configuration.nix
@ -0,0 +1,223 @@
+{ config, pkgs, callPackage, ... }: let
+  unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
+in {
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      <stockholm/mb>
+    ];
+
+  krebs.build.host = config.krebs.hosts.p1nk;
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.luks.devices = [
+    {
+      name = "root";
+      device = "/dev/disk/by-uuid/0392257b-f6cf-484d-8c46-e20aab4fddb7";
+      preLVM = true;
+      allowDiscards = true;
+    }
+  ];
+  fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
+  fileSystems."/mnt/public" = {
+    device = "//192.168.88.252/public";
+    fsType = "cifs";
+    options = let
+      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+    in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
+  };
+
+  networking.wireless.enable = true;
+
+  i18n = {
+    consoleFont = "Lat2-Terminus16";
+    consoleKeyMap = "de";
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  time.timeZone = "Europe/Berlin";
+
+  fonts = {
+    enableCoreFonts = true;
+    enableGhostscriptFonts = true;
+    fonts = with pkgs; [
+      anonymousPro
+      corefonts
+      dejavu_fonts
+      envypn-font
+      fira
+      gentium
+      gohufont
+      inconsolata
+      liberation_ttf
+      powerline-fonts
+      source-code-pro
+      terminus_font
+      ttf_bitstream_vera
+      ubuntu_font_family
+      unifont
+      unstable.cherry
+      xorg.fontbitstream100dpi
+      xorg.fontbitstream75dpi
+      xorg.fontbitstreamtype1
+    ];
+  };
+
+  nixpkgs.config.packageOverrides = super: {
+    openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; };
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [
+    adapta-gtk-theme
+    aircrackng
+    ag
+    arandr
+    binutils
+    chromium
+    cifs-utils
+    curl
+    evince
+    exfat
+    feh
+    file
+    firefox
+    freetype
+    gimp
+    git
+    gnupg
+    graphite2
+    hicolor_icon_theme
+    htop
+    i3lock
+    jq
+    keepassx2
+    kvm
+    lxappearance
+    man-pages
+    moc
+    mpv
+    mpvc
+    mupdf
+    ncdu
+    nmap
+    openvpn
+    pass
+    p7zip
+    powertop
+    ranger
+    rofi
+    sshfs
+    tcpdump
+    tmux
+    traceroute
+    tree
+    unstable.alacritty
+    unstable.ponyc
+    unstable.sublime3
+    youtube-dl
+    vim
+    virt-viewer
+    virtmanager
+    vulnix
+    wcalc
+    wget
+    xz
+  ];
+
+  environment.shellAliases = {
+    ll = "ls -alh";
+    ls = "ls --color=tty";
+  };
+
+  virtualisation.libvirtd.enable = true;
+  virtualisation.kvmgt.enable = true;
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+
+  services.xserver = {
+    enable = true;
+    layout = "de";
+    xkbOptions = "neo";
+    libinput.enable = true;
+    desktopManager = {
+      default = "xfce";
+      xterm.enable = false;
+      xfce = {
+        enable = true;
+        noDesktop = true;
+        enableXfwm = false;
+      };
+    };
+    windowManager.ratpoison.enable = true;
+  };
+
+  services.openssh.enable = true;
+  services.openssh.passwordAuthentication = false;
+
+  networking.networkmanager.enable = false;
+  networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
+  networking.enableIPv6 = false;
+
+  programs.fish = {
+    enable = true;
+    shellInit = ''
+      function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
+          if begin
+              set -q SSH_AGENT_PID
+              and kill -0 $SSH_AGENT_PID
+              and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
+          end
+              echo "ssh-agent running on pid $SSH_AGENT_PID"
+          else
+              eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
+          end
+          set -l identity $HOME/.ssh/id_rsa
+          set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
+          ssh-add -l | grep -q $fingerprint
+            or ssh-add $identity
+      end
+    '';
+    promptInit = ''
+      function fish_prompt --description 'Write out the prompt'
+          set -l color_cwd
+          set -l suffix
+          set -l nix_shell_info (
+              if test "$IN_NIX_SHELL" != ""
+                 echo -n " <nix-shell>"
+              end
+          )
+          switch "$USER"
+              case root toor
+                  if set -q fish_color_cwd_root
+                      set color_cwd $fish_color_cwd_root
+                  else
+                      set color_cwd $fish_color_cwd
+                  end
+                  set suffix '#'
+              case '*'
+                  set color_cwd $fish_color_cwd
+                  set suffix '>'
+          end
+
+          echo -n -s "$USER" @ (set_color magenta) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
+      end
+    '';
+  };
+
+  nix.maxJobs = 4;
+  nix.buildCores = 4;
+  system.autoUpgrade.enable = false;
+  system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
+  system.stateVersion = "19.03";
+
+}
--- a/mb/1systems/p1nk/hardware-configuration.nix
+++ b/mb/1systems/p1nk/hardware-configuration.nix
@ -0,0 +1,29 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/4cc2add6-ed19-4685-bbd9-b992bd8d51fb";
+      fsType = "btrfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/9F87-AEAA";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 4;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}