Merge remote-tracking branch 'lass/master'

krebs/3modules/lass/default.nix

@@ -202,6 +202,7 @@ with import <stockholm/lib>;
             "mors.retiolum"
             "mors.r"
             "cgit.mors.retiolum"
+            "cgit.mors.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -273,6 +274,33 @@ with import <stockholm/lib>;
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
     };
+    icarus = {
+      cores = 2;
+      nets = rec {
+        retiolum = {
+          ip4.addr = "10.243.133.114";
+          ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1214";
+          aliases = [
+            "icarus.retiolum"
+            "icarus.r"
+            "cgit.icarus.retiolum"
+            "cgit.icarus.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr
+            Q4CeN+pi2SZHEOiRm3jO8sOkGlv4I1WGs/nOu5Beb4/8wFH6wbm4cqXTqH/qFwCK
+            7+9Bke8TUaoDj9E4ol9eyOx6u8Cto3ZRAUi6m1ilrfs1szFGS5ZX7mxI73uhki6t
+            k6Zb5sa9G8WLcLPIN7tk3Nd0kofd/smwxSN0mXoTgbAf1DZ3Fnkgox/M5VnwpPW7
+            zLzbWNFyLIgDGbQ5vZBlJW7c4O0KrMlftvEQ80GeZXaKNt6UK7LSAQ4Njn+8sXTt
+            gl0Dx29bSPU3L8udj0Vu6ul7CiQ5bZzUCQIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
+    };
 
   };
   users = {
@@ -294,6 +322,10 @@ with import <stockholm/lib>;
       pubkey = builtins.readFile ./ssh/shodan.rsa;
       pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
     };
+    lass-icarus = {
+      mail = "lass@icarus.retiolum";
+      pubkey = builtins.readFile ./ssh/icarus.rsa;
+    };
     fritz = {
       pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
     };

krebs/3modules/lass/ssh/icarus.rsa

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus

lass/1systems/helios.nix

@@ -30,6 +30,7 @@ with import <stockholm/lib>;
       networking.wireless.enable = true;
       hardware.pulseaudio = {
         enable = true;
+        systemWide = true;
       };
       users.users.ferret = {
         uid = genid "ferret";

lass/1systems/icarus.nix

@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+  imports = [
+    ../.
+    ../2configs/retiolum.nix
+    ../2configs/hw/tp-x220.nix
+    ../2configs/baseX.nix
+    ../2configs/git.nix
+    ../2configs/exim-retiolum.nix
+    ../2configs/browsers.nix
+    ../2configs/programs.nix
+    ../2configs/fetchWallpaper.nix
+    ../2configs/backups.nix
+    #{
+    #  users.extraUsers = {
+    #    root = {
+    #      openssh.authorizedKeys.keys = map readFile [
+    #        ../../krebs/Zpubkeys/uriel.ssh.pub
+    #      ];
+    #    };
+    #  };
+    #}
+  ];
+
+  krebs.build.host = config.krebs.hosts.icarus;
+
+  boot = {
+    loader.grub.enable = true;
+    loader.grub.version = 2;
+    loader.grub.device = "/dev/sda";
+
+    initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+    initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+    initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+    #kernelModules = [ "kvm-intel" "msr" ];
+  };
+  fileSystems = {
+    "/" = {
+      device = "/dev/pool/nix";
+      fsType = "btrfs";
+    };
+
+    "/boot" = {
+      device = "/dev/sda1";
+    };
+    "/tmp" = {
+      device = "tmpfs";
+      fsType = "tmpfs";
+      options = ["nosuid" "nodev" "noatime"];
+    };
+  };
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
+    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+  '';
+}

lass/1systems/mors.nix

@@ -68,11 +68,19 @@ with import <stockholm/lib>;
     {
       krebs.nginx = {
         enable = true;
-        servers.default.locations = [
-          (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
-            alias /home/$1/public_html$2;
-          '')
-        ];
+        servers.default = {
+          server-names = [
+            "localhost"
+            "${config.krebs.build.host.name}"
+            "${config.krebs.build.host.name}.r"
+            "${config.krebs.build.host.name}.retiolum"
+          ];
+          locations = [
+            (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
+              alias /home/$1/public_html$2;
+            '')
+          ];
+        };
       };
     }
     {

lass/1systems/prism.nix

@@ -230,6 +230,7 @@ in {
     }
     {
       virtualisation.libvirtd.enable = true;
+      users.users.mainUser.extraGroups = [ "libvirtd" ];
     }
   ];
 

lass/2configs/buildbot-standalone.nix

@@ -102,7 +102,7 @@ in {
                     ]
             )
 
-        for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
+        for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
             addShell(f,name="build-{}".format(i),env=env_lass,
                 command=nixshell + \
                     ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \

lass/2configs/default.nix

@@ -32,6 +32,7 @@ with import <stockholm/lib>;
           createHome = true;
           useDefaultShell = true;
           extraGroups = [
+            "audio"
             "fuse"
           ];
           openssh.authorizedKeys.keys = [

lass/2configs/git.nix

@@ -75,7 +75,7 @@ let
     with git // config.krebs.users;
     repo:
       singleton {
-        user = [ lass lass-uriel ];
+        user = [ lass lass-shodan ];
         repo = [ repo ];
         perm = push "refs/*" [ non-fast-forward create delete merge ];
       } ++

lass/2configs/power-action.nix

@@ -14,8 +14,8 @@ in {
   krebs.power-action = {
     enable = true;
     plans.low-battery = {
-      upperLimit = 30;
-      lowerLimit = 25;
+      upperLimit = 10;
+      lowerLimit = 15;
       charging = false;
       action = pkgs.writeDash "warn-low-battery" ''
         ${speak "power level low"}

lass/2configs/weechat.nix

@@ -16,6 +16,7 @@ in {
     openssh.authorizedKeys.keys = [
       config.krebs.users.lass.pubkey
       config.krebs.users.lass-shodan.pubkey
+      config.krebs.users.lass-icarus.pubkey
     ];
   };
 

lass/2configs/zsh.nix

@@ -118,4 +118,5 @@
       fi
     '';
   };
+  users.users.${config.krebs.build.user.name}.shell = "/run/current-system/sw/bin/zsh";
 }