Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2017-11-28 20:28:35 +01:00
commit 7180f25b35
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
15 changed files with 201 additions and 385 deletions

View File

@ -30,7 +30,7 @@ in
MIBDIRS = pkgs.fetchgit { MIBDIRS = pkgs.fetchgit {
url = "http://git.shackspace.de/makefu/modem-mibs.git"; url = "http://git.shackspace.de/makefu/modem-mibs.git";
sha256 = sha256 =
"a4244aa43ddd6e3ef9e64bb80f4ee952f68232aa008d3da9c78e3b627e5675c8"; "1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k";
}; # extra mibs like ADSL }; # extra mibs like ADSL
}; };
services.telegraf = { services.telegraf = {

View File

@ -132,38 +132,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
}; };
archprism = rec {
cores = 4;
nets = rec {
retiolum = {
via = internet;
ip4.addr = "10.243.0.104";
ip6.addr = "42::fa17";
aliases = [
"archprism.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
internet = {
ip4.addr = "213.239.205.240";
aliases = [
"archprism.i"
];
ssh.port = 45621;
};
};
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
};
domsen-nas = { domsen-nas = {
ci = false; ci = false;
external = true; external = true;
@ -374,6 +342,47 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL";
}; };
littleT = {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.133.77";
ip6.addr = "42:0:0:0:0:0:717:7137";
aliases = [
"littleT.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF
/m2ZWpKDZyKx17GXQwm8n0NgyvcemvoCVGqSHIsbxvLB6aBF6ZLkeKyx1mZioEDY
1MWR+yr42dFn+6uVTxJhLPmOxgX0D3pWe31UycoAMSWf4eAhmFIEFUvQCAW43arO
ni1TFSsaHOCxOaLVd/r7tSO0aT72WbOat84zWccwBZXvpqt/V6/o1MGB28JwZ92G
sBMjsCsoiciSg9aAzMCdjOYdM+RSwHEHI9xMineJgZFAbQqwTvK9axyvleJvgaWR
M9906r/17tlqJ/hZ0IwA6X+OT4w/JNGruy/5phxHvZmDgvXmYD9hf2a6JmjOMPp/
Zn6zYCDYgSYugwJ7GI39GG7f+3Xpmre87O6g6WSaMWCfdOaAeYnj+glP5+YvTLpT
+cdN9HweV27wShRozJAqTGZbD0Nfs+EXd0J/q6kP43lwv6wyZdmXCShPF2NzBlEY
xdtWKhRYKC1cs0Z2nK+XGEyznNzp1f8NC5qvTguj4kDMhoOd6WXwk460HF49Tf/c
aGQTGzgEVMAI7phTJubEmxdBooedvPFamS5wpHTmOt9dZ3qbpCgThaMblVvUu/lm
7pkPgc60Y2RAk/Rvyy5A8AaxBXPRBNwVkM5TY/5TW+S1zY09600ZCC2GE27qGT9v
k4GHabO42n3wTHk+APodzKDBbEazhOp5Oclg4nNKqgg+IrmheB91oEqBXlfyDj8B
idVoUvbH9WPwBqdh7hoqzrHDur5wCFBphrkjEe98o5iFFFi2C8W04H7iqe+nFqvJ
y/vzKk5kbfpjov71EEje+hNUCLTWF7sjgT4Z2z8LuqjpIq+d2i5dASfTqj4VBs6D
SeiHyyAfCHG/03I9E5eizCCd98Tr30yhu3IKsdFFXsVwxHVFenq2Y1ca7uypCk+i
mDC5q5WQFEK/8SSO25i1teWBawfNVVVI/A1b676VJyafS9ebJs8TmXYRbE6rcBzH
PssdHNwbtEwhbGdQhgQ2pqQg1SIZM3zvjcpgzL9QP29tulubJ05keaw/4p/Yg/mB
ivF8EAIefXYYVxYkRQsHox7UQpSCzjOtj7gvc0KdJxshSLuryM0LxP+gk+x6JPX5
Ht8x+oE7iL0cqBsIenc/e0XdTZ+4zrBY5hWbGH8a8VJqEYs54WRJhzQf1jzNaCbS
8328MpRF5lXujv61aveg0i4pvczznlSV7wXmmwNAdhvSUTh34tCpRqabpCJdlRBt
NvVuij6guPKt4XV1TxXNsPCfib1vYjvwX8gUE4UhL69VmM8OBaC3XdroMfNvz9YW
5ObxDGIEiP53Jp8hiWId0AI/XF5Ct3Gh2wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
};
iso = { iso = {
ci = false; ci = false;
cores = 1; cores = 1;
@ -555,10 +564,6 @@ with import <stockholm/lib>;
fritz = { fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
}; };
archprism-repo-sync = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
mail = "lass@prism.r";
};
prism-repo-sync = { prism-repo-sync = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
mail = "lass@prism.r"; mail = "lass@prism.r";

View File

@ -1,328 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
ip = config.krebs.build.host.nets.internet.ip4.addr;
in {
imports = [
<stockholm/lass>
{
networking.interfaces.et0.ip4 = [
{
address = ip;
prefixLength = 24;
}
];
networking.defaultGateway = "213.239.205.225";
networking.nameservers = [
"8.8.8.8"
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
'';
}
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-smarthost.nix>
#<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/bitlbee.nix>
<stockholm/lass/2configs/weechat.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/radio.nix>
<stockholm/lass/2configs/repo-sync.nix>
<stockholm/lass/2configs/binary-cache/server.nix>
<stockholm/lass/2configs/iodined.nix>
<stockholm/lass/2configs/libvirt.nix>
<stockholm/lass/2configs/hfos.nix>
<stockholm/lass/2configs/monitoring/server.nix>
<stockholm/lass/2configs/monitoring/monit-alarms.nix>
<stockholm/lass/2configs/paste.nix>
<stockholm/lass/2configs/syncthing.nix>
#<stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
#<stockholm/lass/2configs/reaktor-krebs.nix>
#{
# lass.pyload.enable = true;
#}
{
imports = [
<stockholm/lass/2configs/bepasty.nix>
];
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
return 403;
}
'';
}
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
# Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
# Docs: man:tmpfiles.d(5)
# man:systemd-tmpfiles(8)
# Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
# Main PID: 19272 (code=exited, status=1/FAILURE)
#
# Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
# Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
# Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
# warning: error(s) occured while switching to the new configuration
lock.gid = 10001;
};
}
{
boot.loader.grub = {
devices = [
"/dev/sda"
"/dev/sdb"
];
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
];
fileSystems."/" = {
device = "/dev/pool/nix";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36";
};
fileSystems."/var/download" = {
device = "/dev/pool/download";
};
fileSystems."/srv/http" = {
device = "/dev/pool/http";
};
fileSystems."/srv/o.ubikmedia.de-data" = {
device = "/dev/pool/owncloud-ubik-data";
};
fileSystems."/bku" = {
device = "/dev/pool/bku";
};
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
}
{
sound.enable = false;
}
{
nixpkgs.config.allowUnfree = true;
}
{
#stuff for juhulian
users.extraUsers.juhulian = {
name = "juhulian";
uid = 1339;
home = "/home/juhulian";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
}
{
environment.systemPackages = [
pkgs.perlPackages.Plack
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
];
}
{
time.timeZone = "Europe/Berlin";
}
{
imports = [
<stockholm/lass/2configs/websites/domsen.nix>
<stockholm/lass/2configs/websites/lassulus.nix>
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
{
services.tor = {
enable = true;
};
}
{
lass.ejabberd = {
enable = true;
hosts = [ "lassul.us" ];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
];
}
{
imports = [
<stockholm/lass/2configs/realwallpaper.nix>
];
services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
alias /var/realwallpaper/realwallpaper.png;
'';
}
{
environment.systemPackages = with pkgs; [
mk_sql_pair
];
}
{
users.users.tv = {
uid = genid "tv";
inherit (config.krebs.users.tv) home;
group = "users";
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
};
users.users.makefu = {
uid = genid "makefu";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey
];
};
users.users.nin = {
uid = genid "nin";
inherit (config.krebs.users.nin) home;
group = "users";
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
extraGroups = [
"libvirtd"
];
};
}
{
krebs.repo-sync.timerConfig = {
OnBootSec = "15min";
OnUnitInactiveSec = "90min";
RandomizedDelaySec = "30min";
};
krebs.repo-sync.repos.stockholm.timerConfig = {
OnBootSec = "5min";
OnUnitInactiveSec = "2min";
RandomizedDelaySec = "2min";
};
}
{
lass.usershadow = {
enable = true;
};
}
#{
# krebs.Reaktor.prism = {
# nickname = "Reaktor|lass";
# channels = [ "#retiolum" ];
# extraEnviron = {
# REAKTOR_HOST = "ni.r";
# };
# plugins = with pkgs.ReaktorPlugins; [
# sed-plugin
# ];
# };
#}
{
#stuff for dritter
users.extraUsers.dritter = {
name = "dritter";
uid = genid "dritter";
home = "/home/dritter";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
"download"
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
];
};
}
{
#hotdog
containers.hotdog = {
config = { ... }: {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.1";
localAddress = "10.233.2.2";
};
}
{
#kaepsele
containers.kaepsele = {
config = { ... }: {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
tv.pubkey
];
};
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.3";
localAddress = "10.233.2.4";
};
}
{
#onondaga
containers.onondaga = {
config = { ... }: {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.nin.pubkey
];
};
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.4";
localAddress = "10.233.2.5";
};
}
];
krebs.build.host = config.krebs.hosts.archprism;
}

View File

@ -37,6 +37,9 @@ with import <stockholm/lib>;
networkmanagerapplet networkmanagerapplet
libreoffice libreoffice
audacity audacity
zathura
skype
wine
]; ];
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.displayManager.lightdm.enable = true; services.xserver.displayManager.lightdm.enable = true;
@ -52,8 +55,10 @@ with import <stockholm/lib>;
name = "bitcoin"; name = "bitcoin";
description = "user for bitcoin stuff"; description = "user for bitcoin stuff";
home = "/home/bitcoin"; home = "/home/bitcoin";
isNormalUser = true;
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
extraGroups = [ "audio" ];
}; };
}; };
security.sudo.extraConfig = '' security.sudo.extraConfig = ''

View File

@ -10,7 +10,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/pass.nix> <stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/otp-ssh.nix> <stockholm/lass/2configs/otp-ssh.nix>
<stockholm/lass/2configs/git.nix> # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
#<stockholm/lass/2configs/git.nix>
<stockholm/lass/2configs/dcso-vpn.nix> <stockholm/lass/2configs/dcso-vpn.nix>
{ # automatic hardware detection { # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
@ -68,6 +69,16 @@ with import <stockholm/lib>;
repo = [ config.krebs.git.repos.stockholm ]; repo = [ config.krebs.git.repos.stockholm ];
perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ]; perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ];
} }
{
lass.umts = {
enable = true;
modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09";
initstrings = ''
Init1 = AT+CFUN=1
Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
'';
};
}
]; ];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
@ -100,11 +111,16 @@ with import <stockholm/lib>;
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.xrandrHeads = [ services.xserver.xrandrHeads = [
{ output = "DP-0.8"; }
{ output = "DP-4"; monitorConfig = ''Option "Rotate" "right"''; }
{ output = "DP-2"; primary = true; } { output = "DP-2"; primary = true; }
{ output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
{ output = "DP-0"; }
]; ];
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
${pkgs.systemd}/bin/systemctl start xresources.service
'';
networking.hostName = lib.mkForce "BLN02NB0162"; networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [ security.pki.certificateFiles = [
@ -123,8 +139,6 @@ with import <stockholm/lib>;
programs.adb.enable = true; programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ]; users.users.mainUser.extraGroups = [ "adbusers" ];
services.printing = { services.printing.drivers = [ pkgs.postscript-lexmark ];
enable = true;
drivers = [ pkgs.postscript-lexmark ];
};
} }

View File

@ -0,0 +1,84 @@
with import <stockholm/lib>;
{ config, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/backups.nix>
<stockholm/lass/2configs/steam.nix>
{
users.users.blacky = {
uid = genid "blacky";
home = "/home/blacky";
group = "users";
createHome = true;
extraGroups = [
"audio"
"networkmanager"
"video"
];
useDefaultShell = true;
};
networking.networkmanager.enable = true;
networking.wireless.enable = mkForce false;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
environment.systemPackages = with pkgs; [
pavucontrol
chromium
hexchat
networkmanagerapplet
vlc
];
services.xserver.enable = true;
services.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
services.xserver.layout = "de";
users.mutableUsers = mkForce true;
services.xserver.synaptics.enable = true;
}
{
#remote control
environment.systemPackages = with pkgs; [
x11vnc
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }
];
}
];
time.timeZone = "Europe/Berlin";
hardware.trackpoint = {
enable = true;
sensitivity = 220;
speed = 0;
emulateWheel = true;
};
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
krebs.build.host = config.krebs.hosts.littleT;
#fileSystems = {
# "/bku" = {
# device = "/dev/mapper/pool-bku";
# fsType = "btrfs";
# options = ["defaults" "noatime" "ssd" "compress=lzo"];
# };
#};
#services.udev.extraRules = ''
# SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
#'';
}

View File

@ -1,3 +1,4 @@
import <stockholm/lass/source.nix> { import <stockholm/lass/source.nix> {
name = "archprism"; name = "littleT";
secure = true;
} }

View File

@ -29,7 +29,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/otp-ssh.nix> <stockholm/lass/2configs/otp-ssh.nix>
<stockholm/lass/2configs/c-base.nix> <stockholm/lass/2configs/c-base.nix>
<stockholm/tv/2configs/br.nix> <stockholm/lass/2configs/br.nix>
{ {
#risk of rain port #risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
@ -135,6 +135,8 @@ with import <stockholm/lib>;
macchanger macchanger
dpass dpass
dnsutils
]; ];
#TODO: fix this shit #TODO: fix this shit
@ -192,4 +194,8 @@ with import <stockholm/lib>;
exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate' exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate'
''; '';
}; };
#nix.package = pkgs.nixUnstable;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ];
} }

View File

@ -67,6 +67,11 @@ in {
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
swapDevices = [ swapDevices = [
{ label = "swap1"; } { label = "swap1"; }
{ label = "swap2"; } { label = "swap2"; }
@ -220,8 +225,8 @@ in {
}; };
enableTun = true; enableTun = true;
privateNetwork = true; privateNetwork = true;
hostAddress = "10.233.2.4"; hostAddress = "10.233.2.5";
localAddress = "10.233.2.5"; localAddress = "10.233.2.6";
}; };
} }
<stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/exim-smarthost.nix>

View File

@ -74,21 +74,20 @@ in {
pavucontrol pavucontrol
powertop powertop
push push
rxvt_unicode
screengrab
slock slock
sxiv sxiv
termite
xclip xclip
xorg.xbacklight xorg.xbacklight
xorg.xhost xorg.xhost
xsel xsel
youtube-tools
yt-next
zathura zathura
mpv-poll cabal2nix
yt-next
youtube-tools
rxvt_unicode
termite
]; ];
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs; [

View File

@ -46,6 +46,8 @@ with import <stockholm/lib>;
{ from = "apple@lassul.us"; to = lass.mail; } { from = "apple@lassul.us"; to = lass.mail; }
{ from = "coinbase@lassul.us"; to = lass.mail; } { from = "coinbase@lassul.us"; to = lass.mail; }
{ from = "tomtop@lassul.us"; to = lass.mail; } { from = "tomtop@lassul.us"; to = lass.mail; }
{ from = "aliexpress@lassul.us"; to = lass.mail; }
{ from = "business@lassul.us"; to = lass.mail; }
]; ];
system-aliases = [ system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; } { from = "mailer-daemon"; to = "postmaster"; }

View File

@ -98,8 +98,13 @@ let
noremap <esc>[c <nop> | noremap! <esc>[c <nop> noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop> noremap <esc>[d <nop> | noremap! <esc>[d <nop>
" search with ack
let g:ackprg = 'ag --vimgrep' let g:ackprg = 'ag --vimgrep'
cnoreabbrev Ack Ack! cnoreabbrev Ack Ack!
" copy/paste from/to xclipboard
noremap x "_x
set clipboard=unnamedplus
''; '';
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [

View File

@ -147,12 +147,29 @@ in {
in '' in ''
alias ${initscript}; alias ${initscript};
''; '';
locations."/pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
'';
}; };
security.acme.certs."cgit.lassul.us" = {
email = "lassulus@gmail.com";
webroot = "/var/lib/acme/acme-challenges";
plugins = [
"account_key.json"
"key.pem"
"fullchain.pem"
];
group = "nginx";
allowKeysForGroup = true;
};
services.nginx.virtualHosts.cgit = { services.nginx.virtualHosts.cgit = {
serverName = "cgit.lassul.us"; serverName = "cgit.lassul.us";
addSSL = true; addSSL = true;
enableACME = true; sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
}; };
users.users.blog = { users.users.blog = {

View File

@ -20,5 +20,7 @@
xml2json = pkgs.callPackage ./xml2json/default.nix {}; xml2json = pkgs.callPackage ./xml2json/default.nix {};
xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; }; xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; };
yt-next = pkgs.callPackage ./yt-next/default.nix {}; yt-next = pkgs.callPackage ./yt-next/default.nix {};
screengrab = pkgs.writeDashBin "screengrab" "${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -s 1024x768 -i :0.0 -c:v huffyuv $1";
}; };
} }

View File

@ -25,7 +25,6 @@ import Data.List (isInfixOf)
import System.Environment (getArgs, withArgs) import System.Environment (getArgs, withArgs)
import System.IO (hPutStrLn, stderr) import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile) import System.Posix.Process (executeFile)
import Text.Read (readEither)
import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CopyWindow (copy, kill1)
import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)