Merge branch 'master' of gum:stockholm
This commit is contained in:
commit
64aa4f6912
@ -133,6 +133,7 @@ with config.krebs.lib;
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b";
|
||||||
};
|
};
|
||||||
cloudkrebs = {
|
cloudkrebs = {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
|
@ -32,7 +32,7 @@ with config.krebs.lib;
|
|||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
addrs4 = ["10.243.0.84"];
|
addrs4 = ["10.243.0.84"];
|
||||||
addrs6 = ["42:ff6b:5f0b:460d:2cee:4d05:73f7:5566/128"];
|
addrs6 = ["42:ff6b:5f0b:460d:2cee:4d05:73f7:5566"];
|
||||||
aliases = [
|
aliases = [
|
||||||
"darth.retiolum"
|
"darth.retiolum"
|
||||||
"darth.r"
|
"darth.r"
|
||||||
@ -383,7 +383,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
addrs4 = ["10.243.231.219"];
|
addrs4 = ["10.243.231.219"];
|
||||||
addrs6 = ["42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72/128"];
|
addrs6 = ["42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72"];
|
||||||
aliases = [
|
aliases = [
|
||||||
"nukular.r"
|
"nukular.r"
|
||||||
];
|
];
|
||||||
@ -543,6 +543,29 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
senderechner = rec {
|
||||||
|
cores = 2;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
addrs4 = ["10.243.0.163"];
|
||||||
|
addrs6 = ["42:b67b:5752:a730:5f28:d80d:6b37:5bda/128"];
|
||||||
|
aliases = [
|
||||||
|
"senderechner.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
|
||||||
|
lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
|
||||||
|
rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
|
||||||
|
inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
|
||||||
|
BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
|
||||||
|
OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
muhbaasu = rec {
|
muhbaasu = rec {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = {
|
nets = {
|
||||||
|
@ -169,6 +169,7 @@ with config.krebs.lib;
|
|||||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
|
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
|
||||||
};
|
};
|
||||||
mu = {
|
mu = {
|
||||||
|
cores = 2;
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
addrs4 = ["10.243.20.1"];
|
addrs4 = ["10.243.20.1"];
|
||||||
@ -189,6 +190,8 @@ with config.krebs.lib;
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu";
|
||||||
};
|
};
|
||||||
nomic = {
|
nomic = {
|
||||||
cores = 2;
|
cores = 2;
|
||||||
@ -387,7 +390,7 @@ with config.krebs.lib;
|
|||||||
-----END PGP PUBLIC KEY BLOCK-----
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
'';
|
'';
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
|
||||||
uid = 1337; # TODO use default
|
uid = 1337; # TODO use default and document what has to be done (for vv)
|
||||||
};
|
};
|
||||||
tv-nomic = {
|
tv-nomic = {
|
||||||
inherit (tv) mail;
|
inherit (tv) mail;
|
||||||
@ -397,5 +400,9 @@ with config.krebs.lib;
|
|||||||
inherit (tv) mail;
|
inherit (tv) mail;
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
|
||||||
};
|
};
|
||||||
|
vv = {
|
||||||
|
mail = "vv@mu.r";
|
||||||
|
uid = 2000; # TODO use default
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -186,10 +186,16 @@ types // rec {
|
|||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
||||||
# TODO
|
addr = either addr4 addr6;
|
||||||
addr = str;
|
addr4 = mkOptionType {
|
||||||
addr4 = str;
|
name = "IPv4 address";
|
||||||
addr6 = str;
|
check = let
|
||||||
|
IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in
|
||||||
|
concatMapStringsSep "." (const d) (range 1 4);
|
||||||
|
in x: match IPv4address != null;
|
||||||
|
merge = mergeOneOption;
|
||||||
|
};
|
||||||
|
addr6 = str; # TODO
|
||||||
|
|
||||||
pgp-pubkey = str;
|
pgp-pubkey = str;
|
||||||
|
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }:
|
{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "exim-4.86.2";
|
name = "exim-4.87";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/${name}.tar.bz2";
|
url = "http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/${name}.tar.bz2";
|
||||||
sha256 = "1cvfcc1hi60lydv8h3a2rxlfc0v2nflwpvzjj7h7cdsqs2pxwmkp";
|
sha256 = "1jbxn13shq90kpn0s73qpjnx5xm8jrpwhcwwgqw5s6sdzw6iwsbl";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = [ coreutils db openssl pcre perl pkgconfig ];
|
buildInputs = [ coreutils db openssl pcre perl pkgconfig ];
|
||||||
|
@ -33,7 +33,6 @@ in {
|
|||||||
|
|
||||||
dmenu
|
dmenu
|
||||||
gitAndTools.qgit
|
gitAndTools.qgit
|
||||||
mpv
|
|
||||||
much
|
much
|
||||||
pavucontrol
|
pavucontrol
|
||||||
powertop
|
powertop
|
||||||
@ -44,6 +43,9 @@ in {
|
|||||||
xsel
|
xsel
|
||||||
zathura
|
zathura
|
||||||
|
|
||||||
|
mpv
|
||||||
|
mpv-poll
|
||||||
|
yt-next
|
||||||
#window manager stuff
|
#window manager stuff
|
||||||
#haskellPackages.xmobar
|
#haskellPackages.xmobar
|
||||||
#haskellPackages.yeganesh
|
#haskellPackages.yeganesh
|
||||||
|
@ -45,24 +45,6 @@ let
|
|||||||
instanceid = mkOption {
|
instanceid = mkOption {
|
||||||
type = str;
|
type = str;
|
||||||
};
|
};
|
||||||
ssl = mkOption {
|
|
||||||
type = with types; submodule ({
|
|
||||||
options = {
|
|
||||||
enable = mkEnableOption "ssl";
|
|
||||||
certificate = mkOption {
|
|
||||||
type = str;
|
|
||||||
};
|
|
||||||
certificate_key = mkOption {
|
|
||||||
type = str;
|
|
||||||
};
|
|
||||||
ciphers = mkOption {
|
|
||||||
type = str;
|
|
||||||
default = "AES128+EECDH:AES128+EDH";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
});
|
|
||||||
default = {};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
default = {};
|
default = {};
|
||||||
@ -72,7 +54,7 @@ let
|
|||||||
group = config.services.nginx.group;
|
group = config.services.nginx.group;
|
||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
|
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
|
||||||
server-names = [
|
server-names = [
|
||||||
"${domain}"
|
"${domain}"
|
||||||
"www.${domain}"
|
"www.${domain}"
|
||||||
@ -116,16 +98,7 @@ let
|
|||||||
|
|
||||||
error_page 403 /core/templates/403.php;
|
error_page 403 /core/templates/403.php;
|
||||||
error_page 404 /core/templates/404.php;
|
error_page 404 /core/templates/404.php;
|
||||||
${if ssl.enable then ''
|
|
||||||
ssl_certificate ${ssl.certificate};
|
|
||||||
ssl_certificate_key ${ssl.certificate_key};
|
|
||||||
'' else ""}
|
|
||||||
'';
|
'';
|
||||||
listen = (if ssl.enable then
|
|
||||||
[ "80" "443 ssl" ]
|
|
||||||
else
|
|
||||||
"80"
|
|
||||||
);
|
|
||||||
});
|
});
|
||||||
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
|
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
|
||||||
listen = ${folder}/phpfpm.pool
|
listen = ${folder}/phpfpm.pool
|
||||||
|
@ -42,10 +42,6 @@ let
|
|||||||
certificate_key = mkOption {
|
certificate_key = mkOption {
|
||||||
type = str;
|
type = str;
|
||||||
};
|
};
|
||||||
ciphers = mkOption {
|
|
||||||
type = str;
|
|
||||||
default = "AES128+EECDH:AES128+EDH";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
default = {};
|
default = {};
|
||||||
@ -74,16 +70,7 @@ let
|
|||||||
deny all;
|
deny all;
|
||||||
'')
|
'')
|
||||||
];
|
];
|
||||||
|
inherit ssl;
|
||||||
listen = (if ssl.enable then
|
|
||||||
[ "80" "443 ssl" ]
|
|
||||||
else
|
|
||||||
"80"
|
|
||||||
);
|
|
||||||
extraConfig = (if ssl.enable then ''
|
|
||||||
ssl_certificate ${ssl.certificate};
|
|
||||||
ssl_certificate_key ${ssl.certificate_key};
|
|
||||||
'' else "");
|
|
||||||
|
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
@ -8,8 +8,10 @@
|
|||||||
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
|
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
|
||||||
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
|
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
|
||||||
};
|
};
|
||||||
|
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
|
||||||
xmonad-lass =
|
xmonad-lass =
|
||||||
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
|
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
|
||||||
pkgs.haskellPackages.callPackage src {};
|
pkgs.haskellPackages.callPackage src {};
|
||||||
|
yt-next = pkgs.callPackage ./yt-next/default.nix {};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
40
lass/5pkgs/mpv-poll/default.nix
Normal file
40
lass/5pkgs/mpv-poll/default.nix
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
pkgs.writeScriptBin "mpv-poll" ''
|
||||||
|
#! ${pkgs.bash}/bin/bash
|
||||||
|
|
||||||
|
pl=$1
|
||||||
|
hist=''${HISTORY:-"./mpv_history"}
|
||||||
|
mpv_options=''${MPV_OPTIONS:-""}
|
||||||
|
|
||||||
|
lastYT=""
|
||||||
|
|
||||||
|
play_video () {
|
||||||
|
toPlay=$1
|
||||||
|
echo $toPlay >> $hist
|
||||||
|
mpv $mpv_options $toPlay
|
||||||
|
}
|
||||||
|
|
||||||
|
if ! [ -e $hist ]; then
|
||||||
|
touch $hist
|
||||||
|
fi
|
||||||
|
|
||||||
|
while :
|
||||||
|
do
|
||||||
|
if [ -s $pl ]; then
|
||||||
|
toPlay=$(head -1 $pl)
|
||||||
|
sed -i '1d' $pl
|
||||||
|
if $(echo $toPlay | grep -Eq 'https?://(www.)?youtube.com/watch'); then
|
||||||
|
lastYT=$toPlay
|
||||||
|
fi
|
||||||
|
play_video $toPlay
|
||||||
|
else
|
||||||
|
if [ -n "$lastYT" ]; then
|
||||||
|
next=$(yt-next $lastYT)
|
||||||
|
lastYT=$next
|
||||||
|
play_video $next
|
||||||
|
fi
|
||||||
|
sleep 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
''
|
13
lass/5pkgs/yt-next/default.nix
Normal file
13
lass/5pkgs/yt-next/default.nix
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
pkgs.writeScriptBin "yt-next" ''
|
||||||
|
#! ${pkgs.bash}/bin/bash
|
||||||
|
|
||||||
|
vid=$1
|
||||||
|
num=''${NUM:-1}
|
||||||
|
|
||||||
|
curl -Ls $1 \
|
||||||
|
| grep 'href="/watch?v=' \
|
||||||
|
| head -n$num \
|
||||||
|
| sed 's,.*href="\([^"]*\)".*,https://youtube.com\1,'
|
||||||
|
''
|
@ -14,11 +14,23 @@ in {
|
|||||||
../2configs/fs/single-partition-ext4.nix
|
../2configs/fs/single-partition-ext4.nix
|
||||||
../2configs/zsh-user.nix
|
../2configs/zsh-user.nix
|
||||||
../2configs/smart-monitor.nix
|
../2configs/smart-monitor.nix
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
|
../2configs/virtualization.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
networking.firewall.allowedUDPPorts = [ 80 655 67 ];
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 655 ];
|
||||||
|
networking.firewall.checkReversePath = false;
|
||||||
|
#networking.firewall.enable = false;
|
||||||
# virtualisation.nova.enableSingleNode = true;
|
# virtualisation.nova.enableSingleNode = true;
|
||||||
krebs.retiolum.enable = true;
|
krebs.retiolum.enable = true;
|
||||||
|
|
||||||
|
boot.kernelModules = [ "coretemp" "f71882fg" ];
|
||||||
|
|
||||||
|
hardware.enableAllFirmware = true;
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
networking.wireless.enable = true;
|
||||||
|
|
||||||
# TODO smartd omo darth gum all-in-one
|
# TODO smartd omo darth gum all-in-one
|
||||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
|
@ -41,6 +41,8 @@ in {
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
makefu.taskserver.enable = true;
|
||||||
|
|
||||||
krebs.nginx.servers.cgit = {
|
krebs.nginx.servers.cgit = {
|
||||||
server-names = [ "cgit.euer.krebsco.de" ];
|
server-names = [ "cgit.euer.krebsco.de" ];
|
||||||
listen = [ "${external-ip}:80" "${internal-ip}:80" ];
|
listen = [ "${external-ip}:80" "${internal-ip}:80" ];
|
||||||
@ -86,6 +88,8 @@ in {
|
|||||||
21032
|
21032
|
||||||
# tinc-retiolum
|
# tinc-retiolum
|
||||||
21031
|
21031
|
||||||
|
# taskserver
|
||||||
|
53589
|
||||||
];
|
];
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
# tinc
|
# tinc
|
||||||
|
@ -44,16 +44,21 @@ in {
|
|||||||
../2configs/smart-monitor.nix
|
../2configs/smart-monitor.nix
|
||||||
../2configs/mail-client.nix
|
../2configs/mail-client.nix
|
||||||
../2configs/share-user-sftp.nix
|
../2configs/share-user-sftp.nix
|
||||||
|
../2configs/graphite-standalone.nix
|
||||||
../2configs/omo-share.nix
|
../2configs/omo-share.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.retiolum.enable = true;
|
krebs.retiolum.enable = true;
|
||||||
networking.firewall.trustedInterfaces = [ "enp3s0" ];
|
networking.firewall.trustedInterfaces = [ "enp3s0" ];
|
||||||
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
|
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
|
||||||
# tcp:80 - nginx for sharing files
|
# tcp:80 - nginx for sharing files
|
||||||
# tcp:655 udp:655 - tinc
|
# tcp:655 udp:655 - tinc
|
||||||
# tcp:8080 - sabnzbd
|
# tcp:8111 - graphite
|
||||||
|
# tcp:9090 - sabnzbd
|
||||||
|
# tcp:9200 - elasticsearch
|
||||||
|
# tcp:5601 - kibana
|
||||||
networking.firewall.allowedUDPPorts = [ 655 ];
|
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||||
networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
|
networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
|
||||||
|
|
||||||
# services.openssh.allowSFTP = false;
|
# services.openssh.allowSFTP = false;
|
||||||
|
|
||||||
|
@ -10,16 +10,6 @@
|
|||||||
#
|
#
|
||||||
# if this is not enough, check out main-laptop.nix
|
# if this is not enough, check out main-laptop.nix
|
||||||
|
|
||||||
## TODO: .Xdefaults:
|
|
||||||
# URxvt*termName: rxvt
|
|
||||||
# URxvt.scrollBar : false
|
|
||||||
# URxvt*scrollBar_right: false
|
|
||||||
# URxvt*borderLess: false
|
|
||||||
# URxvt.foreground: white
|
|
||||||
# URxvt.background: black
|
|
||||||
# URxvt.urgentOnBell: true
|
|
||||||
# URxvt.visualBell: false
|
|
||||||
# URxvt.font : xft:Terminus
|
|
||||||
|
|
||||||
with config.krebs.lib;
|
with config.krebs.lib;
|
||||||
let
|
let
|
||||||
@ -83,7 +73,9 @@ in
|
|||||||
XTerm*FaceName : Terminus:pixelsize=14
|
XTerm*FaceName : Terminus:pixelsize=14
|
||||||
|
|
||||||
URxvt*termName: rxvt
|
URxvt*termName: rxvt
|
||||||
URxvt.scrollBar : False
|
URxvt*saveLines: 10000
|
||||||
|
URxvt*loginShell: false
|
||||||
|
URxvt.scrollBar : false
|
||||||
URxvt*scrollBar_right: false
|
URxvt*scrollBar_right: false
|
||||||
URxvt*borderLess: false
|
URxvt*borderLess: false
|
||||||
URxvt.foreground: white
|
URxvt.foreground: white
|
||||||
|
@ -19,7 +19,7 @@ with config.krebs.lib;
|
|||||||
"/home" = {
|
"/home" = {
|
||||||
device = "/dev/mapper/main-home";
|
device = "/dev/mapper/main-home";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
options="defaults,discard";
|
options = [ "defaults" "discard" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -18,12 +18,12 @@ with config.krebs.lib;
|
|||||||
"/" = {
|
"/" = {
|
||||||
device = "/dev/mapper/luksroot";
|
device = "/dev/mapper/luksroot";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
options="defaults,discard";
|
options = [ "defaults" "discard" ];
|
||||||
};
|
};
|
||||||
"/boot" = {
|
"/boot" = {
|
||||||
device = "/dev/disk/by-label/nixboot";
|
device = "/dev/disk/by-label/nixboot";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
options="defaults,discard";
|
options = [ "defaults" "discard" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -23,6 +23,7 @@ with config.krebs.lib;
|
|||||||
services.tlp.enable = true;
|
services.tlp.enable = true;
|
||||||
services.tlp.extraConfig = ''
|
services.tlp.extraConfig = ''
|
||||||
START_CHARGE_THRESH_BAT0=80
|
START_CHARGE_THRESH_BAT0=80
|
||||||
|
STOP_CHARGE_THRESH_BAT0=95
|
||||||
|
|
||||||
CPU_SCALING_GOVERNOR_ON_AC=performance
|
CPU_SCALING_GOVERNOR_ON_AC=performance
|
||||||
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
|
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
|
||||||
|
@ -7,7 +7,7 @@ with config.krebs.lib;
|
|||||||
gnupg
|
gnupg
|
||||||
imapfilter
|
imapfilter
|
||||||
msmtp
|
msmtp
|
||||||
mutt-kz
|
mutt
|
||||||
notmuch
|
notmuch
|
||||||
offlineimap
|
offlineimap
|
||||||
openssl
|
openssl
|
||||||
|
15
makefu/2configs/nginx/public_html.nix
Normal file
15
makefu/2configs/nginx/public_html.nix
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
|
||||||
|
{
|
||||||
|
krebs.nginx = {
|
||||||
|
enable = true;
|
||||||
|
servers.default.locations = [
|
||||||
|
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
|
||||||
|
alias /home/$1/public_html$2;
|
||||||
|
autoindex on;
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
@ -48,6 +48,13 @@ in {
|
|||||||
browseable = "yes";
|
browseable = "yes";
|
||||||
"guest ok" = "yes";
|
"guest ok" = "yes";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
emu = {
|
||||||
|
path = "/media/crypt1/emu";
|
||||||
|
"read only" = "yes";
|
||||||
|
browseable = "yes";
|
||||||
|
"guest ok" = "yes";
|
||||||
|
};
|
||||||
usenet = {
|
usenet = {
|
||||||
path = "/media/crypt0/usenet/dst";
|
path = "/media/crypt0/usenet/dst";
|
||||||
"read only" = "yes";
|
"read only" = "yes";
|
||||||
|
@ -4,6 +4,7 @@ _:
|
|||||||
imports = [
|
imports = [
|
||||||
./snapraid.nix
|
./snapraid.nix
|
||||||
./umts.nix
|
./umts.nix
|
||||||
|
./taskserver.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
60
makefu/3modules/taskserver.nix
Normal file
60
makefu/3modules/taskserver.nix
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
let
|
||||||
|
cfg = config.makefu.taskserver;
|
||||||
|
|
||||||
|
out = {
|
||||||
|
options.makefu.taskserver = api;
|
||||||
|
config = lib.mkIf cfg.enable imp;
|
||||||
|
};
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "taskserver";
|
||||||
|
|
||||||
|
workingDir = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/var/lib/taskserver";
|
||||||
|
};
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.taskserver;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = {
|
||||||
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
systemd.services.taskserver = {
|
||||||
|
description = "taskd server";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
restartIfChanged = true;
|
||||||
|
unitConfig = {
|
||||||
|
Documentation = "http://taskwarrior.org/docs/#taskd" ;
|
||||||
|
# https://taskwarrior.org/docs/taskserver/configure.html
|
||||||
|
ConditionPathExists = "${cfg.workingDir}/config";
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}";
|
||||||
|
WorkingDirectory = cfg.workingDir;
|
||||||
|
PrivateTmp = true;
|
||||||
|
InaccessibleDirectories = "/home /boot /opt /mnt /media";
|
||||||
|
User = "taskd";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.taskd = {
|
||||||
|
uid = genid "taskd";
|
||||||
|
home = cfg.workingDir;
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
users.groups.taskd.gid = genid "taskd";
|
||||||
|
};
|
||||||
|
|
||||||
|
in
|
||||||
|
out
|
||||||
|
|
30
makefu/4lib/default.nix
Normal file
30
makefu/4lib/default.nix
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
addDefaultTime = bku-entry: recursiveUpdate {
|
||||||
|
snapshots = {
|
||||||
|
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||||
|
weekly = { format = "%YW%W"; retain = 4; };
|
||||||
|
monthly = { format = "%Y-%m"; retain = 12; };
|
||||||
|
yearly = { format = "%Y"; };
|
||||||
|
};
|
||||||
|
startAt = "5:23";
|
||||||
|
} bku-entry;
|
||||||
|
|
||||||
|
backup-host = config.krebs.hosts.omo;
|
||||||
|
backup-path = "/media/backup";
|
||||||
|
in {
|
||||||
|
bku = {
|
||||||
|
inherit addDefaultTime;
|
||||||
|
simplePath = addDefaultTime (path: {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.build.host; inherit path; };
|
||||||
|
dst = {
|
||||||
|
host = backup-host;
|
||||||
|
path = backup-path ++ config.krebs.build.host.name
|
||||||
|
++ builtins.replaceStrings ["/"] ["-"] path;
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
}
|
@ -9,9 +9,10 @@ in
|
|||||||
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
|
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
|
||||||
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
|
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
|
||||||
awesomecfg = callPackage ./awesomecfg {};
|
awesomecfg = callPackage ./awesomecfg {};
|
||||||
nodemcu-uploader = callPackage ./nodemcu-uploader {};
|
|
||||||
mycube-flask = callPackage ./mycube-flask {};
|
mycube-flask = callPackage ./mycube-flask {};
|
||||||
|
nodemcu-uploader = callPackage ./nodemcu-uploader {};
|
||||||
tw-upload-plugin = callPackage ./tw-upload-plugin {};
|
tw-upload-plugin = callPackage ./tw-upload-plugin {};
|
||||||
inherit (callPackage ./devpi {}) devpi-web devpi-server;
|
inherit (callPackage ./devpi {}) devpi-web devpi-server;
|
||||||
|
taskserver = callPackage ./taskserver {};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -10,8 +10,8 @@ with pkgs.pythonPackages;buildPythonPackage rec {
|
|||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "makefu";
|
owner = "makefu";
|
||||||
repo = "mycube-flask";
|
repo = "mycube-flask";
|
||||||
rev = "5f5260a";
|
rev = "48dc6857";
|
||||||
sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh";
|
sha256 = "1ax1vz6m5982l1mmp9vmywn9nw9p9h4m3ss74zazyspxq1wjim0v";
|
||||||
};
|
};
|
||||||
meta = {
|
meta = {
|
||||||
homepage = https://github.com/makefu/mycube-flask;
|
homepage = https://github.com/makefu/mycube-flask;
|
||||||
|
43
makefu/5pkgs/taskserver/default.nix
Normal file
43
makefu/5pkgs/taskserver/default.nix
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
{ stdenv, fetchurl, cmake, libuuid, gnutls, makeWrapper }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
name = "taskserver-${version}";
|
||||||
|
version = "1.1.0";
|
||||||
|
|
||||||
|
enableParallelBuilding = true;
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "http://www.taskwarrior.org/download/taskd-${version}.tar.gz";
|
||||||
|
sha256 = "1d110q9vw8g5syzihxymik7hd27z1592wkpz55kya6lphzk8i13v";
|
||||||
|
};
|
||||||
|
|
||||||
|
patchPhase = ''
|
||||||
|
pkipath=$out/share/taskd/pki
|
||||||
|
mkdir -p $pkipath
|
||||||
|
cp -r pki/* $pkipath
|
||||||
|
echo "patching paths in pki/generate"
|
||||||
|
sed -i "s#^\.#$pkipath#" $pkipath/generate
|
||||||
|
for f in $pkipath/generate* ;do
|
||||||
|
i=$(basename $f)
|
||||||
|
echo patching $i
|
||||||
|
sed -i \
|
||||||
|
-e 's/which/type -p/g' \
|
||||||
|
-e 's#^\. ./vars#if test -e ./vars;then . ./vars; else echo "cannot find ./vars - copy the template from '$pkipath'/vars into the working directory";exit 1; fi#' $f
|
||||||
|
|
||||||
|
echo wrapping $i
|
||||||
|
makeWrapper $pkipath/$i $out/bin/taskd-pki-$i \
|
||||||
|
--prefix PATH : ${gnutls}/bin/
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
|
||||||
|
buildInputs = [ makeWrapper ];
|
||||||
|
nativeBuildInputs = [ cmake libuuid gnutls ];
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
description = "Server for synchronising Taskwarrior clients";
|
||||||
|
homepage = http://taskwarrior.org;
|
||||||
|
license = stdenv.lib.licenses.mit;
|
||||||
|
platforms = stdenv.lib.platforms.linux;
|
||||||
|
maintainers = with stdenv.lib.maintainers; [ matthiasbeyer makefu ];
|
||||||
|
};
|
||||||
|
}
|
169
tv/1systems/mu.nix
Normal file
169
tv/1systems/mu.nix
Normal file
@ -0,0 +1,169 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../../krebs
|
||||||
|
../2configs
|
||||||
|
../3modules
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
|
../2configs/retiolum.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.mu;
|
||||||
|
krebs.build.user = mkForce config.krebs.users.vv;
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0"
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0"
|
||||||
|
|
||||||
|
# for jack
|
||||||
|
KERNEL=="rtc0", GROUP="audio"
|
||||||
|
KERNEL=="hpet", GROUP="audio"
|
||||||
|
'';
|
||||||
|
|
||||||
|
|
||||||
|
# hardware configuration
|
||||||
|
boot.initrd.luks.devices = [
|
||||||
|
{ name = "vgmu1"; device = "/dev/sda2"; }
|
||||||
|
];
|
||||||
|
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
|
||||||
|
boot.initrd.availableKernelModules = [ "ahci" ];
|
||||||
|
boot.kernelModules = [ "fbcon" "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
boot.extraModprobeConfig = ''
|
||||||
|
options kvm_intel nested=1
|
||||||
|
'';
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/vgmu1/nixroot";
|
||||||
|
fsType = "ext4";
|
||||||
|
options = [ "defaults" "noatime" ];
|
||||||
|
};
|
||||||
|
"/home" = {
|
||||||
|
device = "/dev/vgmu1/home";
|
||||||
|
options = [ "defaults" "noatime" ];
|
||||||
|
};
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/sda1";
|
||||||
|
};
|
||||||
|
"/tmp" = {
|
||||||
|
device = "tmpfs";
|
||||||
|
fsType = "tmpfs";
|
||||||
|
options = [ "nosuid" "nodev" "noatime" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =[ ];
|
||||||
|
|
||||||
|
nixpkgs.config.firefox.enableAdobeFlash = true;
|
||||||
|
nixpkgs.config.chromium.enablePepperFlash = true;
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
hardware.opengl.driSupport32Bit = true;
|
||||||
|
|
||||||
|
hardware.pulseaudio.enable = true;
|
||||||
|
|
||||||
|
hardware.enableAllFirmware = true;
|
||||||
|
|
||||||
|
boot.loader.gummiboot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking.networkmanager.enable = true;
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
slock
|
||||||
|
tinc
|
||||||
|
iptables
|
||||||
|
vim
|
||||||
|
gimp
|
||||||
|
xsane
|
||||||
|
firefoxWrapper
|
||||||
|
chromiumDev
|
||||||
|
skype
|
||||||
|
libreoffice
|
||||||
|
kde4.l10n.de
|
||||||
|
kde4.plasma-nm
|
||||||
|
pidgin-with-plugins
|
||||||
|
pidginotr
|
||||||
|
|
||||||
|
kde4.print_manager
|
||||||
|
#foomatic_filters
|
||||||
|
#gutenprint
|
||||||
|
#cups_pdf_filter
|
||||||
|
#ghostscript
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
|
i18n.defaultLocale = "de_DE.UTF-8";
|
||||||
|
|
||||||
|
programs.ssh.startAgent = false;
|
||||||
|
|
||||||
|
security.setuidPrograms = [
|
||||||
|
"sendmail" # for cron
|
||||||
|
"slock"
|
||||||
|
];
|
||||||
|
|
||||||
|
security.pam.loginLimits = [
|
||||||
|
# for jack
|
||||||
|
{ domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
|
||||||
|
{ domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
fonts.fonts = [
|
||||||
|
pkgs.xlibs.fontschumachermisc
|
||||||
|
];
|
||||||
|
|
||||||
|
# Enable CUPS to print documents.
|
||||||
|
services.printing = {
|
||||||
|
enable = true;
|
||||||
|
#drivers = [
|
||||||
|
# #pkgs.foomatic_filters
|
||||||
|
# #pkgs.gutenprint
|
||||||
|
# #pkgs.cups_pdf_filter
|
||||||
|
# #pkgs.ghostscript
|
||||||
|
#];
|
||||||
|
#cupsdConf = ''
|
||||||
|
# LogLevel debug2
|
||||||
|
#'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.xserver.enable = true;
|
||||||
|
services.xserver.layout = "de";
|
||||||
|
services.xserver.xkbOptions = "eurosign:e";
|
||||||
|
|
||||||
|
# TODO this is host specific
|
||||||
|
services.xserver.synaptics = {
|
||||||
|
enable = true;
|
||||||
|
twoFingerScroll = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.xserver.desktopManager.kde4.enable = true;
|
||||||
|
services.xserver.displayManager.auto = {
|
||||||
|
enable = true;
|
||||||
|
user = "vv";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.vv = {
|
||||||
|
inherit (config.krebs.users.vv) home uid;
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [
|
||||||
|
"audio"
|
||||||
|
"video"
|
||||||
|
"networkmanager"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.journald.extraConfig = ''
|
||||||
|
SystemMaxUse=1G
|
||||||
|
RuntimeMaxUse=128M
|
||||||
|
'';
|
||||||
|
|
||||||
|
# see tmpfiles.d(5)
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
|
||||||
|
];
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user