Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
47ade5b208
|
@ -202,6 +202,7 @@ with import <stockholm/lib>;
|
||||||
"mors.retiolum"
|
"mors.retiolum"
|
||||||
"mors.r"
|
"mors.r"
|
||||||
"cgit.mors.retiolum"
|
"cgit.mors.retiolum"
|
||||||
|
"cgit.mors.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
@ -273,6 +274,33 @@ with import <stockholm/lib>;
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
|
||||||
};
|
};
|
||||||
|
icarus = {
|
||||||
|
cores = 2;
|
||||||
|
nets = rec {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.133.114";
|
||||||
|
ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1214";
|
||||||
|
aliases = [
|
||||||
|
"icarus.retiolum"
|
||||||
|
"icarus.r"
|
||||||
|
"cgit.icarus.retiolum"
|
||||||
|
"cgit.icarus.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr
|
||||||
|
Q4CeN+pi2SZHEOiRm3jO8sOkGlv4I1WGs/nOu5Beb4/8wFH6wbm4cqXTqH/qFwCK
|
||||||
|
7+9Bke8TUaoDj9E4ol9eyOx6u8Cto3ZRAUi6m1ilrfs1szFGS5ZX7mxI73uhki6t
|
||||||
|
k6Zb5sa9G8WLcLPIN7tk3Nd0kofd/smwxSN0mXoTgbAf1DZ3Fnkgox/M5VnwpPW7
|
||||||
|
zLzbWNFyLIgDGbQ5vZBlJW7c4O0KrMlftvEQ80GeZXaKNt6UK7LSAQ4Njn+8sXTt
|
||||||
|
gl0Dx29bSPU3L8udj0Vu6ul7CiQ5bZzUCQIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
|
@ -294,6 +322,10 @@ with import <stockholm/lib>;
|
||||||
pubkey = builtins.readFile ./ssh/shodan.rsa;
|
pubkey = builtins.readFile ./ssh/shodan.rsa;
|
||||||
pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
|
pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
|
||||||
};
|
};
|
||||||
|
lass-icarus = {
|
||||||
|
mail = "lass@icarus.retiolum";
|
||||||
|
pubkey = builtins.readFile ./ssh/icarus.rsa;
|
||||||
|
};
|
||||||
fritz = {
|
fritz = {
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
|
||||||
};
|
};
|
||||||
|
|
1
krebs/3modules/lass/ssh/icarus.rsa
Normal file
1
krebs/3modules/lass/ssh/icarus.rsa
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus
|
|
@ -30,6 +30,7 @@ with import <stockholm/lib>;
|
||||||
networking.wireless.enable = true;
|
networking.wireless.enable = true;
|
||||||
hardware.pulseaudio = {
|
hardware.pulseaudio = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
systemWide = true;
|
||||||
};
|
};
|
||||||
users.users.ferret = {
|
users.users.ferret = {
|
||||||
uid = genid "ferret";
|
uid = genid "ferret";
|
||||||
|
|
59
lass/1systems/icarus.nix
Normal file
59
lass/1systems/icarus.nix
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../.
|
||||||
|
../2configs/retiolum.nix
|
||||||
|
../2configs/hw/tp-x220.nix
|
||||||
|
../2configs/baseX.nix
|
||||||
|
../2configs/git.nix
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
|
../2configs/browsers.nix
|
||||||
|
../2configs/programs.nix
|
||||||
|
../2configs/fetchWallpaper.nix
|
||||||
|
../2configs/backups.nix
|
||||||
|
#{
|
||||||
|
# users.extraUsers = {
|
||||||
|
# root = {
|
||||||
|
# openssh.authorizedKeys.keys = map readFile [
|
||||||
|
# ../../krebs/Zpubkeys/uriel.ssh.pub
|
||||||
|
# ];
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
#}
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.icarus;
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader.grub.enable = true;
|
||||||
|
loader.grub.version = 2;
|
||||||
|
loader.grub.device = "/dev/sda";
|
||||||
|
|
||||||
|
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
|
||||||
|
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||||
|
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||||
|
#kernelModules = [ "kvm-intel" "msr" ];
|
||||||
|
};
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/pool/nix";
|
||||||
|
fsType = "btrfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/sda1";
|
||||||
|
};
|
||||||
|
"/tmp" = {
|
||||||
|
device = "tmpfs";
|
||||||
|
fsType = "tmpfs";
|
||||||
|
options = ["nosuid" "nodev" "noatime"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
|
||||||
|
'';
|
||||||
|
}
|
|
@ -68,11 +68,19 @@ with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
krebs.nginx = {
|
krebs.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
servers.default.locations = [
|
servers.default = {
|
||||||
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
|
server-names = [
|
||||||
alias /home/$1/public_html$2;
|
"localhost"
|
||||||
'')
|
"${config.krebs.build.host.name}"
|
||||||
];
|
"${config.krebs.build.host.name}.r"
|
||||||
|
"${config.krebs.build.host.name}.retiolum"
|
||||||
|
];
|
||||||
|
locations = [
|
||||||
|
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
|
||||||
|
alias /home/$1/public_html$2;
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
|
|
@ -230,6 +230,7 @@ in {
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation.libvirtd.enable = true;
|
||||||
|
users.users.mainUser.extraGroups = [ "libvirtd" ];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -102,7 +102,7 @@ in {
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
|
for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
|
||||||
addShell(f,name="build-{}".format(i),env=env_lass,
|
addShell(f,name="build-{}".format(i),env=env_lass,
|
||||||
command=nixshell + \
|
command=nixshell + \
|
||||||
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
|
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
|
||||||
|
|
|
@ -32,6 +32,7 @@ with import <stockholm/lib>;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
|
"audio"
|
||||||
"fuse"
|
"fuse"
|
||||||
];
|
];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
|
|
|
@ -75,7 +75,7 @@ let
|
||||||
with git // config.krebs.users;
|
with git // config.krebs.users;
|
||||||
repo:
|
repo:
|
||||||
singleton {
|
singleton {
|
||||||
user = [ lass lass-uriel ];
|
user = [ lass lass-shodan ];
|
||||||
repo = [ repo ];
|
repo = [ repo ];
|
||||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||||
} ++
|
} ++
|
||||||
|
|
|
@ -14,8 +14,8 @@ in {
|
||||||
krebs.power-action = {
|
krebs.power-action = {
|
||||||
enable = true;
|
enable = true;
|
||||||
plans.low-battery = {
|
plans.low-battery = {
|
||||||
upperLimit = 30;
|
upperLimit = 10;
|
||||||
lowerLimit = 25;
|
lowerLimit = 15;
|
||||||
charging = false;
|
charging = false;
|
||||||
action = pkgs.writeDash "warn-low-battery" ''
|
action = pkgs.writeDash "warn-low-battery" ''
|
||||||
${speak "power level low"}
|
${speak "power level low"}
|
||||||
|
|
|
@ -16,6 +16,7 @@ in {
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
config.krebs.users.lass-shodan.pubkey
|
config.krebs.users.lass-shodan.pubkey
|
||||||
|
config.krebs.users.lass-icarus.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -118,4 +118,5 @@
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
users.users.${config.krebs.build.user.name}.shell = "/run/current-system/sw/bin/zsh";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user