Merge branch 'master' of gum.krebsco.de:stockholm
This commit is contained in:
commit
66b7a76a26
@ -169,6 +169,7 @@ with config.krebs.lib;
|
||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
|
||||
};
|
||||
mu = {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.20.1"];
|
||||
@ -189,6 +190,8 @@ with config.krebs.lib;
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu";
|
||||
};
|
||||
nomic = {
|
||||
cores = 2;
|
||||
@ -387,7 +390,7 @@ with config.krebs.lib;
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
'';
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
|
||||
uid = 1337; # TODO use default
|
||||
uid = 1337; # TODO use default and document what has to be done (for vv)
|
||||
};
|
||||
tv-nomic = {
|
||||
inherit (tv) mail;
|
||||
@ -397,5 +400,9 @@ with config.krebs.lib;
|
||||
inherit (tv) mail;
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
|
||||
};
|
||||
vv = {
|
||||
mail = "vv@mu.r";
|
||||
uid = 2000; # TODO use default
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -44,16 +44,21 @@ in {
|
||||
../2configs/smart-monitor.nix
|
||||
../2configs/mail-client.nix
|
||||
../2configs/share-user-sftp.nix
|
||||
../2configs/graphite-standalone.nix
|
||||
../2configs/omo-share.nix
|
||||
];
|
||||
|
||||
krebs.retiolum.enable = true;
|
||||
networking.firewall.trustedInterfaces = [ "enp3s0" ];
|
||||
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
|
||||
# tcp:80 - nginx for sharing files
|
||||
# tcp:655 udp:655 - tinc
|
||||
# tcp:8080 - sabnzbd
|
||||
# tcp:8111 - graphite
|
||||
# tcp:9090 - sabnzbd
|
||||
# tcp:9200 - elasticsearch
|
||||
# tcp:5601 - kibana
|
||||
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
|
||||
|
||||
# services.openssh.allowSFTP = false;
|
||||
|
||||
|
@ -7,7 +7,7 @@ with config.krebs.lib;
|
||||
gnupg
|
||||
imapfilter
|
||||
msmtp
|
||||
mutt-kz
|
||||
mutt
|
||||
notmuch
|
||||
offlineimap
|
||||
openssl
|
||||
|
30
makefu/4lib/default.nix
Normal file
30
makefu/4lib/default.nix
Normal file
@ -0,0 +1,30 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
addDefaultTime = bku-entry: recursiveUpdate {
|
||||
snapshots = {
|
||||
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||
weekly = { format = "%YW%W"; retain = 4; };
|
||||
monthly = { format = "%Y-%m"; retain = 12; };
|
||||
yearly = { format = "%Y"; };
|
||||
};
|
||||
startAt = "5:23";
|
||||
} bku-entry;
|
||||
|
||||
backup-host = config.krebs.hosts.omo;
|
||||
backup-path = "/media/backup";
|
||||
in {
|
||||
bku = {
|
||||
inherit addDefaultTime;
|
||||
simplePath = addDefaultTime (path: {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.build.host; inherit path; };
|
||||
dst = {
|
||||
host = backup-host;
|
||||
path = backup-path ++ config.krebs.build.host.name
|
||||
++ builtins.replaceStrings ["/"] ["-"] path;
|
||||
};
|
||||
});
|
||||
};
|
||||
}
|
169
tv/1systems/mu.nix
Normal file
169
tv/1systems/mu.nix
Normal file
@ -0,0 +1,169 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../krebs
|
||||
../2configs
|
||||
../3modules
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/retiolum.nix
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.mu;
|
||||
krebs.build.user = mkForce config.krebs.users.vv;
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0"
|
||||
|
||||
# for jack
|
||||
KERNEL=="rtc0", GROUP="audio"
|
||||
KERNEL=="hpet", GROUP="audio"
|
||||
'';
|
||||
|
||||
|
||||
# hardware configuration
|
||||
boot.initrd.luks.devices = [
|
||||
{ name = "vgmu1"; device = "/dev/sda2"; }
|
||||
];
|
||||
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
|
||||
boot.initrd.availableKernelModules = [ "ahci" ];
|
||||
boot.kernelModules = [ "fbcon" "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
boot.extraModprobeConfig = ''
|
||||
options kvm_intel nested=1
|
||||
'';
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/vgmu1/nixroot";
|
||||
fsType = "ext4";
|
||||
options = [ "defaults" "noatime" ];
|
||||
};
|
||||
"/home" = {
|
||||
device = "/dev/vgmu1/home";
|
||||
options = [ "defaults" "noatime" ];
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
"/tmp" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = [ "nosuid" "nodev" "noatime" ];
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices =[ ];
|
||||
|
||||
nixpkgs.config.firefox.enableAdobeFlash = true;
|
||||
nixpkgs.config.chromium.enablePepperFlash = true;
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
|
||||
hardware.pulseaudio.enable = true;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
|
||||
boot.loader.gummiboot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
slock
|
||||
tinc
|
||||
iptables
|
||||
vim
|
||||
gimp
|
||||
xsane
|
||||
firefoxWrapper
|
||||
chromiumDev
|
||||
skype
|
||||
libreoffice
|
||||
kde4.l10n.de
|
||||
kde4.plasma-nm
|
||||
pidgin-with-plugins
|
||||
pidginotr
|
||||
|
||||
kde4.print_manager
|
||||
#foomatic_filters
|
||||
#gutenprint
|
||||
#cups_pdf_filter
|
||||
#ghostscript
|
||||
];
|
||||
|
||||
|
||||
i18n.defaultLocale = "de_DE.UTF-8";
|
||||
|
||||
programs.ssh.startAgent = false;
|
||||
|
||||
security.setuidPrograms = [
|
||||
"sendmail" # for cron
|
||||
"slock"
|
||||
];
|
||||
|
||||
security.pam.loginLimits = [
|
||||
# for jack
|
||||
{ domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
|
||||
{ domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
|
||||
];
|
||||
|
||||
fonts.fonts = [
|
||||
pkgs.xlibs.fontschumachermisc
|
||||
];
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
services.printing = {
|
||||
enable = true;
|
||||
#drivers = [
|
||||
# #pkgs.foomatic_filters
|
||||
# #pkgs.gutenprint
|
||||
# #pkgs.cups_pdf_filter
|
||||
# #pkgs.ghostscript
|
||||
#];
|
||||
#cupsdConf = ''
|
||||
# LogLevel debug2
|
||||
#'';
|
||||
};
|
||||
|
||||
services.xserver.enable = true;
|
||||
services.xserver.layout = "de";
|
||||
services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
# TODO this is host specific
|
||||
services.xserver.synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
};
|
||||
|
||||
services.xserver.desktopManager.kde4.enable = true;
|
||||
services.xserver.displayManager.auto = {
|
||||
enable = true;
|
||||
user = "vv";
|
||||
};
|
||||
|
||||
users.users.vv = {
|
||||
inherit (config.krebs.users.vv) home uid;
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"networkmanager"
|
||||
];
|
||||
};
|
||||
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=1G
|
||||
RuntimeMaxUse=128M
|
||||
'';
|
||||
|
||||
# see tmpfiles.d(5)
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
|
||||
];
|
||||
}
|
Loading…
Reference in New Issue
Block a user