Merge remote-tracking branch 'prism/master'

2022-03-18 16:52:49 +01:00 · 2022-03-18 16:52:49 +01:00 · 60bdd171f5
commit 60bdd171f5
parent 519648574e b1068cadc4
12 changed files with 238 additions and 14 deletions
--- a/krebs/3modules/external/kmein.nix
+++ b/krebs/3modules/external/kmein.nix
@ -125,6 +125,7 @@ in
          "grocy.kmein.r"
          "moodle.kmein.r"
          "radio.kmein.r"
+          "home.kmein.r"
        ];
        tinc.pubkey = ''
          -----BEGIN RSA PUBLIC KEY-----
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@ -146,7 +146,6 @@ in {
      owner = config.krebs.users.mic92;
      nets = rec {
        retiolum = {
-          ip4.addr = "10.243.29.177";
          aliases = [ "herbert.r" ];
          tinc.pubkey = ''
            -----BEGIN RSA PUBLIC KEY-----
@ -163,6 +162,9 @@ in {
    };
    eve = {
      owner = config.krebs.users.mic92;
+      extraZones."krebsco.de" = ''
+        mukke     IN CNAME eve.thalheim.io.
+      '';
      nets = rec {
        internet = {
          # eve.thalheim.io
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@ -154,6 +154,8 @@ in {
        "krebsco.de" = ''
          latte.euer     IN A      ${nets.internet.ip4.addr}
          rss.euer          IN A      ${nets.internet.ip4.addr}
+          o.euer            IN A      ${nets.internet.ip4.addr}
+          bw.euer           IN A      ${nets.internet.ip4.addr}
        '';
      };
      cores = 4;
@ -217,7 +219,6 @@ in {
          mon.euer          IN A      ${nets.internet.ip4.addr}
          netdata.euer      IN A      ${nets.internet.ip4.addr}
          nixos.unstable    IN CNAME  krebscode.github.io.
-          o.euer            IN A      ${nets.internet.ip4.addr}
          photostore        IN A      ${nets.internet.ip4.addr}
          pigstarter        IN CNAME  makefu.github.io.
          share.euer        IN A      ${nets.internet.ip4.addr}
@ -233,14 +234,13 @@ in {
          maps.work.euer    IN A      ${nets.internet.ip4.addr}
          play.work.euer    IN A      ${nets.internet.ip4.addr}
          ul.work.euer      IN A      ${nets.internet.ip4.addr}
-          bw.euer           IN A      ${nets.internet.ip4.addr}
        '';
      };
      cores = 8;
      nets = rec {
        internet = {
-          ip4.addr = "144.76.26.247";
-          ip6.addr = "2a01:4f8:191:12f6::2";
+          ip4.addr = "142.132.189.140";
+          ip6.addr = "fe80::9400:1ff:fe24:33f4";
          aliases = [
            "gum.i"
          ];
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@ -1,9 +1,9 @@
 {
  "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "4275a321beab5a71872fb7a5fe5da511bb2bec73",
-  "date": "2022-02-23T13:42:45-08:00",
-  "path": "/nix/store/g521qhbql6116naa3fjgga6dm0r24ynx-nixpkgs",
-  "sha256": "1p3pn7767ifbg08nmgjd93iqk0z87z4lv29ypalj9idwd3chsm69",
+  "rev": "47cd6702934434dd02bc53a67dbce3e5493e33a2",
+  "date": "2022-03-04T16:09:08+01:00",
+  "path": "/nix/store/xbb640k873m7nmchdrnijl0f9n540ys6-nixpkgs",
+  "sha256": "1rvp9gx7n0gppc86bcysaybw79zl3y8yninsgz6rawdjprzvg7y6",
  "fetchLFS": false,
  "fetchSubmodules": false,
  "deepClone": false,
--- a/lass/1systems/coaxmetal/config.nix
+++ b/lass/1systems/coaxmetal/config.nix
@ -66,4 +66,6 @@
    enable = true;
    client.enable = true;
  };
+
+  documentation.nixos.enable = true;
 }
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@ -221,4 +221,7 @@ with import <stockholm/lib>;
  time.timeZone = mkDefault"Europe/Berlin";

  system.stateVersion = mkDefault "20.03";
+
+  # disable doc usually
+  documentation.nixos.enable = mkDefault false;
 }
--- a/lass/3modules/nichtparasoup.nix
+++ b/lass/3modules/nichtparasoup.nix
@ -24,7 +24,120 @@ with import <stockholm/lib>;
        [Sites]
        SoupIO: everyone
        Pr0gramm: new,top
-        Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,educationalgifs,EngineeringPorn,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected
+        Reddit: ${lib.concatStringsSep "," [
+          "2healthbars"
+          "abandonedporn"
+          "animalsbeingderps"
+          "ANormalDayInRussia"
+          "assholedesign"
+          "AwesomeOffBrands"
+          "bizarrebuildings"
+          "bonehurtingjuice"
+          "boottoobig"
+          "bossfight"
+          "bravofotogeschichten"
+          "breathinginformation"
+          "buddhistmemes"
+          "cablefail"
+          "cableporn"
+          "catastrophicfailure"
+          "chairsunderwater"
+          "clevercomebacks"
+          "confusingperspective"
+          "conni"
+          "crappydesign"
+          "cursedcomments"
+          "desirepath"
+          "doenerverbrechen"
+          "dontdeadopeninside"
+          "educationalgifs"
+          "EngineeringPorn"
+          "eyebleach"
+          "forbiddensnacks"
+          "funnyanimals"
+          "gifs"
+          "Gittertiere"
+          "goodboomerhumor"
+          "grssk"
+          "halthoch"
+          "hmm"
+          "hmmm"
+          "holdmybeer"
+          "holup"
+          "iamatotalpieceofshit"
+          "ichbin40undlustig"
+          "idiotsincars"
+          "illegallysmolcats"
+          "infokriegerkutschen"
+          "instagramreality"
+          "instant_regret"
+          "itrunsdoom"
+          "itsaunixsystem"
+          "kamikazebywords"
+          "keming"
+          "kidsarefuckingstupid"
+          "kitchenconfidential"
+          "laughingbuddha"
+          "LiminalSpace"
+          "loadingicon"
+          "MachinePorn"
+          "mallninjashit"
+          "michaelbaygifs"
+          "mildlyinfuriating"
+          "miscatculations"
+          "natureisfuckinglit"
+          "nononoyesno"
+          "notinteresting"
+          "notliketheothergirls"
+          "oddlysatisfying"
+          "ofcoursethatsathing"
+          "okbuddylinux"
+          "OSHA"
+          "PeopleFuckingDying"
+          "Perfectfit"
+          "perfectloops"
+          "PerfectTiming"
+          "picsofunusualbirds"
+          "PixelArt"
+          "pizzacrimes"
+          "prequelmemes"
+          "Prisonwallet"
+          "reactiongifs"
+          "RealFakeDoors"
+          "reallifedoodles"
+          "RetroFuturism"
+          "robotsbeingjerks"
+          "SchizophreniaRides"
+          "scriptedasiangifs"
+          "shitposting"
+          "shittyfoodporn"
+          "shittyrobots"
+          "softwaregore"
+          "specializedtools"
+          "spicypillows"
+          "StallmanWasRight"
+          "startledcats"
+          "startrekstabilized"
+          "stupidfood"
+          "techsupportgore"
+          "thathappened"
+          "ThingsCutInHalfPorn"
+          "totallynotrobots"
+          "trippinthroughtime"
+          "Unexpected"
+          "urbanexploration"
+          "wasletztepreis"
+          "wellthatsucks"
+          "wertekinder"
+          "wewantplates"
+          "whatcouldgowrong"
+          "whatsthisbug"
+          "whatsthisplant"
+          "whatswrongwithyourdog"
+          "whenthe"
+          "yesyesyesyesno"
+          "youseeingthisshit"
+        ]}
        NineGag: geeky,wtf,hot,trending
        Instagram: nature,wtf
        Fourchan: sci
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@ -8,7 +8,7 @@ let
 in {
  imports = [
      <stockholm/makefu>
-      ./hardware-config.nix
+      ./hetznercloud
      {
        users.users.lass = {
          uid = 19002;
@ -42,7 +42,7 @@ in {
      <stockholm/makefu/2configs/tools/core.nix>
      <stockholm/makefu/2configs/tools/dev.nix>
      <stockholm/makefu/2configs/tools/sec.nix>
-      <stockholm/makefu/2configs/tools/desktop.nix>
+      #<stockholm/makefu/2configs/tools/desktop.nix>

      <stockholm/makefu/2configs/zsh-user.nix>
      <stockholm/makefu/2configs/mosh.nix>
@ -109,7 +109,6 @@ in {
      <stockholm/makefu/2configs/share/gum.nix> # samba sahre
      <stockholm/makefu/2configs/torrent/rtorrent.nix>
      # <stockholm/makefu/2configs/sickbeard>
-      <stockholm/makefu/2configs/bitwarden.nix>

      { nixpkgs.config.allowUnfree = true; }
      #<stockholm/makefu/2configs/retroshare.nix>
@ -189,7 +188,7 @@ in {
    ];

  # makefu.dl-dir = "/var/download";
-  makefu.dl-dir = "/media/cloud/download";
+  makefu.dl-dir = "/media/cloud/download/finished";

  services.openssh.hostKeys = lib.mkForce [
    { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
--- a/makefu/1systems/gum/hetznercloud/default.nix
+++ b/makefu/1systems/gum/hetznercloud/default.nix
@ -0,0 +1,50 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+
+  imports =
+    [ ./network.nix
+      (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  # Disk
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "rpool/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "rpool/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "rpool/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/sda1";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+  boot.loader.grub.device = "/dev/sda";
+
+  networking.hostId = "3150697b"; # required for zfs use
+  boot.tmpOnTmpfs = true;
+  boot.supportedFilesystems = [ "zfs" ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.copyKernels = true;
+  boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
+  boot.kernelParams = [
+    "boot.shell_on_fail"
+    "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+  ];
+}
--- a/makefu/1systems/gum/hetznercloud/doit
+++ b/makefu/1systems/gum/hetznercloud/doit
@ -0,0 +1,13 @@
+ROOT_DEVICE=/dev/sda2
+NIXOS_BOOT=/dev/sda1
+
+zpool create -o ashift=12 -o altroot=/mnt rpool $ROOT_DEVICE
+zfs create -o mountpoint=legacy rpool/root
+zfs create -o mountpoint=legacy rpool/home
+zfs create -o mountpoint=legacy rpool/nix
+mount -t zfs rpool/root /mnt
+mkdir /mnt/{home,nix,boot}
+mount -t zfs rpool/home /mnt/home
+mount -t zfs rpool/nix /mnt/nix
+mount $NIXOS_BOOT /mnt/boot/
+
--- a/makefu/1systems/gum/hetznercloud/network.nix
+++ b/makefu/1systems/gum/hetznercloud/network.nix
@ -0,0 +1,35 @@
+{ config, lib, pkgs, modulesPath, ... }:
+let
+  external-mac = "96:00:01:24:33:f4";
+  external-gw = "172.31.1.1";
+  external-ip = "142.132.189.140";
+  external-ip6 = "2a01:4f8:1c17:5cdf::2/64";
+  external-gw6 = "fe80::1";
+  external-netmask = 32;
+  external-netmask6 = 64;
+  internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+  ext-if = "et0"; # gets renamed on the fly
+in
+{
+  makefu.server.primary-itf = ext-if;
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
+  '';
+  networking = {
+    interfaces."${ext-if}" = {
+      useDHCP = true;
+    };
+    #ipv4.addresses = [{
+    #  address = external-ip;
+    #  prefixLength = external-netmask;
+    #}];
+    #ipv6.addresses = [{
+    #    address = external-ip6;
+    #    prefixLength = external-netmask6;
+    #  }];
+    #};
+    #defaultGateway6 = { address = external-gw6; interface = ext-if; };
+    #defaultGateway = external-gw;
+    nameservers = [ "1.1.1.1" ];
+  };
+}
--- a/makefu/1systems/gum/hetznercloud/sfdisk.part
+++ b/makefu/1systems/gum/hetznercloud/sfdisk.part
@ -0,0 +1,6 @@
+label: gpt
+device: /dev/sda
+unit: sectors
+1 : size=524288 type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
+4 : size=4096 type=21686148-6449-6E6F-744E-656564454649
+2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4