diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix
index 8a12d6f24..e48b3e32a 100644
--- a/kartei/krebs/default.nix
+++ b/kartei/krebs/default.nix
@@ -233,29 +233,6 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR";
};
- arcadeomat = {
- ci = true;
- nets = {
- retiolum = {
- ip4.addr = "10.243.77.67";
- aliases = [
- "arcadeomat.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb
- HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7
- apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg
- 4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk
- 7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH
- 8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB
- -----END RSA PUBLIC KEY-----
- Ed25519PublicKey = n/HMlgTTyLa0fcXqSBO/G6sVOUYh2yZ5PfU4vLI9CJO
- '';
- };
- };
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOu6EVN3928qWiWszqBUzOjeQJRvFozTBl4xAhBP/Ymc";
- };
wolf = {
ci = true;
nets = {
diff --git a/kartei/lass/blue.nix b/kartei/lass/blue.nix
index ddec9553d..b3ce1af44 100644
--- a/kartei/lass/blue.nix
+++ b/kartei/lass/blue.nix
@@ -1,5 +1,6 @@
{ r6, w6, ... }:
{
+ ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.0.77";
diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix
index bad2311e6..e6c296c75 100644
--- a/kartei/makefu/default.nix
+++ b/kartei/makefu/default.nix
@@ -9,6 +9,7 @@
hostDefaults = hostName: host: foldl' recursiveUpdate {} [
{
+ ci = false;
owner = config.krebs.users.makefu;
}
# Retiolum defaults
@@ -60,13 +61,11 @@
in {
hosts = mapAttrs hostDefaults {
cake = rec {
- ci = false;
nets = {
retiolum.ip4.addr = "10.243.136.236";
};
};
crapi = rec { # raspi1
- ci = false;
nets = {
retiolum.ip4.addr = "10.243.136.237";
};
@@ -83,25 +82,21 @@ in {
};
studio = rec {
- ci = false;
nets = {
retiolum.ip4.addr = "10.243.227.163";
};
};
fileleech = rec {
- ci = false;
nets = {
retiolum.ip4.addr = "10.243.113.98";
};
};
tsp = {
- ci = true;
nets = {
retiolum.ip4.addr = "10.243.0.212";
};
};
x = {
- ci = true;
syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
nets = {
retiolum.ip4.addr = "10.243.0.91";
@@ -113,14 +108,12 @@ in {
};
filepimp = rec {
- ci = false;
nets = {
retiolum.ip4.addr = "10.243.153.102";
};
};
omo = rec {
- ci = true;
syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
nets = {
wiregrill = {
@@ -143,7 +136,6 @@ in {
};
};
wbob = rec {
- ci = true;
nets = {
retiolum = {
ip4.addr = "10.243.214.15";
@@ -163,7 +155,6 @@ in {
};
latte = rec {
- ci = true;
extraZones = {
"krebsco.de" = ''
latte.euer IN A ${nets.internet.ip4.addr}
@@ -201,7 +192,6 @@ in {
};
};
gum = rec {
- ci = true;
extraZones = {
"krebsco.de" = ''
rss.euer IN A ${nets.internet.ip4.addr}
@@ -305,7 +295,6 @@ in {
};
sdev = rec {
- ci = true;
nets = {
retiolum.ip4.addr = "10.243.83.237";
};
diff --git a/kartei/xkey/default.nix b/kartei/xkey/default.nix
index 9f80288f6..153f75aa8 100644
--- a/kartei/xkey/default.nix
+++ b/kartei/xkey/default.nix
@@ -92,7 +92,7 @@ in
nets = {
retiolum = {
ip4.addr = "10.243.161.1";
- aliases = [ "sicily.xkey.r" "mukke.r" ];
+ aliases = [ "sicily.xkey.r" "mukke.r" "bie.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg
diff --git a/krebs/1systems/arcadeomat/config.nix b/krebs/1systems/arcadeomat/config.nix
deleted file mode 100644
index 7439e687e..000000000
--- a/krebs/1systems/arcadeomat/config.nix
+++ /dev/null
@@ -1,82 +0,0 @@
-{ config,lib, pkgs, ... }:
-let
- shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
- ext-if = "et0";
- external-mac = "52:54:b0:0b:af:fe";
- mainUser = "krebs";
-
-in
-{
- imports = [
- ./hw.nix
- ../../../krebs
- ../../../krebs/2configs
-
- #../../../krebs/2configs/binary-cache/nixos.nix
- #../../../krebs/2configs/binary-cache/prism.nix
-
- ../../../krebs/2configs/shack/ssh-keys.nix
- ../../../krebs/2configs/save-diskspace.nix
- ../../../krebs/2configs/shack/prometheus/node.nix
-
- ];
- # use your own binary cache, fallback use cache.nixos.org (which is used by
- # apt-cacher-ng in first place)
-
- # local discovery in shackspace
- nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
- krebs.tinc.retiolum.extraConfig = "TCPOnly = yes";
-
-
- #networking = {
- # firewall.enable = false;
- # firewall.allowedTCPPorts = [ 8088 8086 8083 ];
- # interfaces."${ext-if}".ipv4.addresses = [
- # {
- # address = shack-ip;
- # prefixLength = 20;
- # }
- # ];
-
- # defaultGateway = "10.42.0.1";
- # nameservers = [ "10.42.0.100" "10.42.0.200" ];
- #};
-
- #####################
- # uninteresting stuff
- #####################
- krebs.build.host = config.krebs.hosts.arcadeomat;
- users.users."${mainUser}" = {
- uid = 9001;
- extraGroups = [ "audio" "video" ];
- isNormalUser = true;
- };
-
-
- time.timeZone = "Europe/Berlin";
-
- # avahi
- services.avahi = {
- enable = true;
- wideArea = false;
- };
- environment.systemPackages = with pkgs;[ glxinfo sdlmame ];
- nixpkgs.config.allowUnfree = true;
- hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_340;
- boot.kernelPackages = pkgs.linuxPackages_5_4;
-
- services.xserver = {
- videoDrivers = [ "nvidia" ];
- enable = true;
- windowManager = {
- awesome.enable = true;
- awesome.noArgb = true;
- awesome.luaModules = [ pkgs.luaPackages.vicious ];
- };
- displayManager.defaultSession = lib.mkDefault "none+awesome";
- displayManager.autoLogin = {
- enable = true;
- user = mainUser;
- };
- };
-}
diff --git a/krebs/1systems/arcadeomat/hw.nix b/krebs/1systems/arcadeomat/hw.nix
deleted file mode 100644
index b24deeecb..000000000
--- a/krebs/1systems/arcadeomat/hw.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
- imports =
- [ (modulesPath + "/installer/scan/not-detected.nix")
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usbhid" "sd_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-amd" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/0aae456e-0548-4917-a282-11d5d4e403cf";
- fsType = "ext4";
- };
-
- swapDevices = [ ];
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.device = "/dev/sda";
- boot.loader.grub.copyKernels = true;
-
-}
diff --git a/krebs/2configs/agenda.html b/krebs/2configs/agenda.html
new file mode 100644
index 000000000..9ccfc241c
--- /dev/null
+++ b/krebs/2configs/agenda.html
@@ -0,0 +1,91 @@
+
+
+
+ Agenda
+
+
+
+
+
+
+
+
+
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 61b44fc27..0f7ab0adf 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -28,7 +28,7 @@ let
amt=$2
unit=$3
printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
- ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
+ ${pkgs.hledger}/bin/hledger -f "$state_file" bal -N -O csv \
| ${pkgs.coreutils}/bin/tail +2 \
| ${pkgs.miller}/bin/mlr --icsv --opprint cat \
| ${pkgs.gnugrep}/bin/grep "$_from"
@@ -483,113 +483,49 @@ in {
''}'';
};
- services.nginx = {
- virtualHosts."agenda.r" = {
- serverAliases = [ "kri.r" ];
- locations."= /index.html".extraConfig = ''
- alias ${pkgs.writeText "agenda.html" ''
-
-
-
- Agenda
-
-
-
-
-
-
-
-
-
- ''};
- '';
- locations."/agenda.json".extraConfig = ''
- proxy_set_header Host $host;
- proxy_pass http://localhost:8009;
- '';
- extraConfig = ''
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- '';
+ krebs.htgen.bedger = {
+ port = 8011;
+ user = {
+ name = "reaktor2";
+ home = stateDir;
};
+ script = ''. ${pkgs.writers.writeDash "bedger" ''
+ case "$Method" in
+ "GET")
+ printf 'HTTP/1.1 200 OK\r\n'
+ printf 'Connection: close\r\n'
+ printf '\r\n'
+ ${pkgs.hledger}/bin/hledger -f ${stateDir}/ledger bal -N -O json
+ exit
+ ;;
+ esac
+ ''}'';
+ };
+
+ services.nginx.virtualHosts."hotdog.r" = {
+ locations."/bedger.json".extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_pass http://localhost:8011;
+ '';
+ extraConfig = ''
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ '';
};
systemd.services.reaktor2-r.serviceConfig.DynamicUser = mkForce false;
@@ -597,7 +533,7 @@ in {
krebs.reaktor2 = {
hackint = {
hostname = "irc.hackint.org";
- nick = "reaktor2|krebs";
+ nick = "reaktor";
plugins = [
{
plugin = "register";
@@ -617,7 +553,7 @@ in {
port = "6697";
};
r = {
- nick = "reaktor2|krebs";
+ nick = "reaktor";
sendDelaySec = null;
plugins = [
{
diff --git a/krebs/5pkgs/simple/htgen-paste/src/htgen-paste b/krebs/5pkgs/simple/htgen-paste/src/htgen-paste
index 74266e53a..9d57d07ee 100644
--- a/krebs/5pkgs/simple/htgen-paste/src/htgen-paste
+++ b/krebs/5pkgs/simple/htgen-paste/src/htgen-paste
@@ -22,7 +22,17 @@ case "$Method $abs_path" in
printf 'Connection: close\r\n'
printf 'Content-Length: %d\r\n' $(wc -c < $item)
printf '\r\n'
- cat $item
+ cat "$item"
+ exit
+ fi
+ ;;
+ "DELETE /"[0-9a-z]*)
+ if item=$(find_item ${abs_path#/}); then
+ printf 'HTTP/1.1 200 OK\r\n'
+ printf 'Server: %s\r\n' "$Server"
+ printf 'Connection: close\r\n'
+ printf '\r\n'
+ rm "$item"
exit
fi
;;
diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix
index 544abb3a3..5364a37dc 100644
--- a/krebs/5pkgs/simple/realwallpaper/default.nix
+++ b/krebs/5pkgs/simple/realwallpaper/default.nix
@@ -275,7 +275,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
} ./get_constellations.py} ${pkgs.fetchurl {
url = "https://raw.githubusercontent.com/ofrohn/d3-celestial/d2e20e104b86429d90ac8227a5b021262b45d75a/data/constellations.lines.json";
sha256 = "0g71fdrnxvxd6pcqvihj2q9iaynrl7px45kzw6qm1kymynz6ckr9";
- }} > constellations.arcs
+ }} > constellations.arcs || : # seems like astropy doesn't want to convert from icrs to itrs anymore
xplanet --num_times 1 --geometry $xplanet_out_size \
--output xplanet-krebs-stars-output.png --projection merc \
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 20bfd0ec4..4ae0716ea 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,10 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "b12803b6d90e2e583429bb79b859ca53c348b39a",
- "date": "2023-07-24T08:16:24+02:00",
- "path": "/nix/store/786lhas0jmp3nihbb28pbp7sm1sjzsy7-nixpkgs",
- "sha256": "1l9sa8hd242xrb2j18mj4f62f3cw0bf5pafp58gdl0jkl61dpapr",
+ "rev": "2a9d660ff0f7ffde9d73be328ee6e6f10ef66b28",
+ "date": "2023-07-28T14:55:37+02:00",
+ "path": "/nix/store/38nmp3rkbjic5dm6g9qp4ldwi7pr602p-nixpkgs",
+ "sha256": "0c2x3bcal4kyxgf6i408622zqvxamz986h11z8zjvd7gc8y4wxn7",
+ "hash": "sha256-x3ZOPGLvtC0/+iFAg9Kvqm/8hTAIkGjc634SqtgaXTA=",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 4ceb87230..55e54ec64 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,10 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "98da3dd0de6660d4abed7bb74e748694bd803413",
- "date": "2023-07-12T12:54:32+08:00",
- "path": "/nix/store/h9ncvz7aq1aqhjmxngnnhwaw359prh2g-nixpkgs",
- "sha256": "0qzflsmxfgqz07jlx7njfsq752n1la8a6007mmx7rvqspp30g6j1",
+ "rev": "48e82fe1b1c863ee26a33ce9bd39621d2ada0a33",
+ "date": "2023-07-28T18:34:19+03:00",
+ "path": "/nix/store/pgqfg8ip3lv0lr6mpwh558npz3c1wwcr-nixpkgs",
+ "sha256": "0d7na9ygda2r7gs3gbixd9gvcxgdv84993cilkj86bcwbpbg4vp5",
+ "hash": "sha256-5W7y1l2cLYPkpJGNlAja7XW2X2o9rjf0O1mo9nxS9jQ=",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index fb28fb029..2da93b8fd 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }: let
- vpnIp = "85.202.81.161";
+ vpnPort = 1637;
+ torrentport = 56709; # port forwarded in airvpn webinterface
in {
imports = [
@@ -18,99 +19,22 @@ in {
networking.useHostResolvConf = false;
networking.useNetworkd = true;
- services.openvpn.servers.nordvpn.config = ''
- client
- dev tun
- proto udp
- remote ${vpnIp} 1194
- resolv-retry infinite
- remote-random
- nobind
- tun-mtu 1500
- tun-mtu-extra 32
- mssfix 1450
- persist-key
- persist-tun
- ping 15
- ping-restart 15
- ping-timer-rem
- reneg-sec 0
- comp-lzo no
-
- remote-cert-tls server
-
- auth-user-pass ${toString }
- verb 3
- pull
- fast-io
- cipher AES-256-CBC
- auth SHA512
-
-
- -----BEGIN CERTIFICATE-----
- MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
- MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
- MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
- BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
- hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
- kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
- XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
- eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
- skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
- MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
- 37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
- hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
- Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
- WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
- MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
- LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
- SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
- nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
- k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
- DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
- pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
- k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
- +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
- NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
- wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
- VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
- PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
- -----END CERTIFICATE-----
-
- key-direction 1
-
- #
- # 2048 bit OpenVPN static key
- #
- -----BEGIN OpenVPN Static key V1-----
- e685bdaf659a25a200e2b9e39e51ff03
- 0fc72cf1ce07232bd8b2be5e6c670143
- f51e937e670eee09d4f2ea5a6e4e6996
- 5db852c275351b86fc4ca892d78ae002
- d6f70d029bd79c4d1c26cf14e9588033
- cf639f8a74809f29f72b9d58f9b8f5fe
- fc7938eade40e9fed6cb92184abb2cc1
- 0eb1a296df243b251df0643d53724cdb
- 5a92a1d6cb817804c4a9319b57d53be5
- 80815bcfcb2df55018cc83fc43bc7ff8
- 2d51f9b88364776ee9d12fc85cc7ea5b
- 9741c4f598c485316db066d52db4540e
- 212e1518a9bd4828219e24b20d88f598
- a196c9de96012090e333519ae18d3509
- 9427e7b372d348d352dc4c85e18cd4b9
- 3f8a56ddb2e64eb67adfc9b337157ff4
- -----END OpenVPN Static key V1-----
-
- '';
+ networking.wg-quick.interfaces.airvpn.configFile = "/var/src/secrets/airvpn.conf";
+ services.transmission.settings.peer-port = torrentport;
+ # only allow traffic through openvpn
krebs.iptables = {
enable = true;
+ tables.filter.INPUT.rules = [
+ { predicate = "-i airvpn -p tcp --dport ${toString torrentport}"; target = "ACCEPT"; }
+ { predicate = "-i airvpn -p udp --dport ${toString torrentport}"; target = "ACCEPT"; }
+ ];
tables.filter.OUTPUT = {
policy = "DROP";
rules = [
{ predicate = "-o lo"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; }
- { predicate = "-o tun0"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport ${toString vpnPort}"; target = "ACCEPT"; }
+ { predicate = "-o airvpn"; target = "ACCEPT"; }
{ predicate = "-o retiolum"; target = "ACCEPT"; }
{ v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; }
{ v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; }
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index a7b0c372c..f77aa258b 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -51,6 +51,18 @@
#enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true
+ # fancy mv which interactively gets the second argument if not given
+ function mv() {
+ if [[ "$#" -ne 1 ]] || [[ ! -e "$1" ]]; then
+ command mv -v "$@"
+ return
+ fi
+
+ newfilename="$1"
+ vared newfilename
+ command mv -v -- "$1" "$newfilename"
+ }
+
#beautiful colors
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
diff --git a/makefu/0tests/data/secrets/airdcpp-makefu.pw b/makefu/0tests/data/secrets/airdcpp-makefu.pw
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/auth.nix b/makefu/0tests/data/secrets/auth.nix
deleted file mode 100644
index 92d5c34a8..000000000
--- a/makefu/0tests/data/secrets/auth.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- user = "password";
-}
diff --git a/makefu/0tests/data/secrets/bepasty-secret.nix b/makefu/0tests/data/secrets/bepasty-secret.nix
deleted file mode 100644
index f5e704702..000000000
--- a/makefu/0tests/data/secrets/bepasty-secret.nix
+++ /dev/null
@@ -1 +0,0 @@
-"derp"
diff --git a/makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname b/makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname
deleted file mode 100644
index 2ae3807f1..000000000
--- a/makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname
+++ /dev/null
@@ -1 +0,0 @@
-dickbutt2342.onion
diff --git a/makefu/0tests/data/secrets/bureautomation/citadel.nix b/makefu/0tests/data/secrets/bureautomation/citadel.nix
deleted file mode 100644
index b4433109c..000000000
--- a/makefu/0tests/data/secrets/bureautomation/citadel.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- MATRIX_TOKEN="a";
- MATRIX_ID="b";
-}
diff --git a/makefu/0tests/data/secrets/daemon-pw b/makefu/0tests/data/secrets/daemon-pw
deleted file mode 100644
index e16c76dff..000000000
--- a/makefu/0tests/data/secrets/daemon-pw
+++ /dev/null
@@ -1 +0,0 @@
-""
diff --git a/makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix b/makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix
deleted file mode 100644
index 0967ef424..000000000
--- a/makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix
+++ /dev/null
@@ -1 +0,0 @@
-{}
diff --git a/makefu/0tests/data/secrets/dl.gum-auth.nix b/makefu/0tests/data/secrets/dl.gum-auth.nix
deleted file mode 100644
index 2c63c0851..000000000
--- a/makefu/0tests/data/secrets/dl.gum-auth.nix
+++ /dev/null
@@ -1,2 +0,0 @@
-{
-}
diff --git a/makefu/0tests/data/secrets/ebk-notify.yml b/makefu/0tests/data/secrets/ebk-notify.yml
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/extra-hosts.nix b/makefu/0tests/data/secrets/extra-hosts.nix
deleted file mode 100644
index e16c76dff..000000000
--- a/makefu/0tests/data/secrets/extra-hosts.nix
+++ /dev/null
@@ -1 +0,0 @@
-""
diff --git a/makefu/0tests/data/secrets/grafana_security.nix b/makefu/0tests/data/secrets/grafana_security.nix
deleted file mode 100644
index f9096b7cf..000000000
--- a/makefu/0tests/data/secrets/grafana_security.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- adminUser = "dick";
- adminPassword = "butt";
-}
-
diff --git a/makefu/0tests/data/secrets/ham/nextcloud-calendar b/makefu/0tests/data/secrets/ham/nextcloud-calendar
deleted file mode 100644
index 18b159112..000000000
--- a/makefu/0tests/data/secrets/ham/nextcloud-calendar
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- username = "bob";
- password = "rob";
-}
-
diff --git a/makefu/0tests/data/secrets/hashedPasswords.nix b/makefu/0tests/data/secrets/hashedPasswords.nix
deleted file mode 100644
index 0967ef424..000000000
--- a/makefu/0tests/data/secrets/hashedPasswords.nix
+++ /dev/null
@@ -1 +0,0 @@
-{}
diff --git a/makefu/0tests/data/secrets/hass/adbkey b/makefu/0tests/data/secrets/hass/adbkey
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/hass/citadel-bot.json b/makefu/0tests/data/secrets/hass/citadel-bot.json
deleted file mode 100644
index 0967ef424..000000000
--- a/makefu/0tests/data/secrets/hass/citadel-bot.json
+++ /dev/null
@@ -1 +0,0 @@
-{}
diff --git a/makefu/0tests/data/secrets/hass/darksky.apikey b/makefu/0tests/data/secrets/hass/darksky.apikey
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/hass/router.nix b/makefu/0tests/data/secrets/hass/router.nix
deleted file mode 100644
index e16c76dff..000000000
--- a/makefu/0tests/data/secrets/hass/router.nix
+++ /dev/null
@@ -1 +0,0 @@
-""
diff --git a/makefu/0tests/data/secrets/hass/telegram-bot.json b/makefu/0tests/data/secrets/hass/telegram-bot.json
deleted file mode 100644
index 1e1857df9..000000000
--- a/makefu/0tests/data/secrets/hass/telegram-bot.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "platform": "polling",
- "api_key": "1:A",
- "allowed_chat_ids": [ 0, 1 ]
-}
diff --git a/makefu/0tests/data/secrets/hass/tile.nix b/makefu/0tests/data/secrets/hass/tile.nix
deleted file mode 100644
index cbcf433f7..000000000
--- a/makefu/0tests/data/secrets/hass/tile.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- username = "lol";
- password = "wut";
-}
diff --git a/makefu/0tests/data/secrets/hass/voicerss.apikey b/makefu/0tests/data/secrets/hass/voicerss.apikey
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/hetzner.smb b/makefu/0tests/data/secrets/hetzner.smb
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/id_nixBuild b/makefu/0tests/data/secrets/id_nixBuild
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/iodinepw.nix b/makefu/0tests/data/secrets/iodinepw.nix
deleted file mode 100644
index f5e704702..000000000
--- a/makefu/0tests/data/secrets/iodinepw.nix
+++ /dev/null
@@ -1 +0,0 @@
-"derp"
diff --git a/makefu/0tests/data/secrets/kibana-auth.nix b/makefu/0tests/data/secrets/kibana-auth.nix
deleted file mode 100644
index 80e8f44c1..000000000
--- a/makefu/0tests/data/secrets/kibana-auth.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- "dick" = "butt";
-}
-
diff --git a/makefu/0tests/data/secrets/krebshub.pw b/makefu/0tests/data/secrets/krebshub.pw
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/lego-binaergewitter b/makefu/0tests/data/secrets/lego-binaergewitter
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/mediawikibot-config.json b/makefu/0tests/data/secrets/mediawikibot-config.json
deleted file mode 100644
index 0967ef424..000000000
--- a/makefu/0tests/data/secrets/mediawikibot-config.json
+++ /dev/null
@@ -1 +0,0 @@
-{}
diff --git a/makefu/0tests/data/secrets/mqtt/hass b/makefu/0tests/data/secrets/mqtt/hass
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/mqtt/sensor b/makefu/0tests/data/secrets/mqtt/sensor
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/mqtt/stats b/makefu/0tests/data/secrets/mqtt/stats
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/mysql_rootPassword b/makefu/0tests/data/secrets/mysql_rootPassword
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/netdata-stream.conf b/makefu/0tests/data/secrets/netdata-stream.conf
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/nixos-community b/makefu/0tests/data/secrets/nixos-community
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/nsupdate-cache.nix b/makefu/0tests/data/secrets/nsupdate-cache.nix
deleted file mode 100644
index f5e704702..000000000
--- a/makefu/0tests/data/secrets/nsupdate-cache.nix
+++ /dev/null
@@ -1 +0,0 @@
-"derp"
diff --git a/makefu/0tests/data/secrets/nsupdate-data.nix b/makefu/0tests/data/secrets/nsupdate-data.nix
deleted file mode 100644
index e76c0e87e..000000000
--- a/makefu/0tests/data/secrets/nsupdate-data.nix
+++ /dev/null
@@ -1 +0,0 @@
-{ "lol" = "wut"; }
diff --git a/makefu/0tests/data/secrets/nsupdate-hub.nix b/makefu/0tests/data/secrets/nsupdate-hub.nix
deleted file mode 100644
index e76c0e87e..000000000
--- a/makefu/0tests/data/secrets/nsupdate-hub.nix
+++ /dev/null
@@ -1 +0,0 @@
-{ "lol" = "wut"; }
diff --git a/makefu/0tests/data/secrets/nsupdate-search.nix b/makefu/0tests/data/secrets/nsupdate-search.nix
deleted file mode 100644
index a9646aeb7..000000000
--- a/makefu/0tests/data/secrets/nsupdate-search.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "dick.nsupdate.info" = "butt";
-}
diff --git a/makefu/0tests/data/secrets/photoprism.nix b/makefu/0tests/data/secrets/photoprism.nix
deleted file mode 100644
index 17811ec5f..000000000
--- a/makefu/0tests/data/secrets/photoprism.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- db.username = "photoprism";
- db.password = "photoprism";
-}
diff --git a/makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv b/makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/retiolum.rsa_key.priv b/makefu/0tests/data/secrets/retiolum.rsa_key.priv
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/retiolum.rsa_key.pub b/makefu/0tests/data/secrets/retiolum.rsa_key.pub
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/sambacred b/makefu/0tests/data/secrets/sambacred
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix b/makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix
deleted file mode 100644
index 963e6db8b..000000000
--- a/makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix
+++ /dev/null
@@ -1 +0,0 @@
-"lol"
diff --git a/makefu/0tests/data/secrets/signal/messenger.nix b/makefu/0tests/data/secrets/signal/messenger.nix
deleted file mode 100644
index b43bb3897..000000000
--- a/makefu/0tests/data/secrets/signal/messenger.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- number = "+1dotdotdot";
- home = "group.ABCDE";
- felix = "group.ABCDE";
-
-}
diff --git a/makefu/0tests/data/secrets/ssh.id_ed25519 b/makefu/0tests/data/secrets/ssh.id_ed25519
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/ssh.makefu.id_rsa b/makefu/0tests/data/secrets/ssh.makefu.id_rsa
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub b/makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/ssh_host_ed25519_key b/makefu/0tests/data/secrets/ssh_host_ed25519_key
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/ssh_host_rsa_key b/makefu/0tests/data/secrets/ssh_host_rsa_key
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/syncthing.cert b/makefu/0tests/data/secrets/syncthing.cert
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/syncthing.key b/makefu/0tests/data/secrets/syncthing.key
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/tinc.krebsco.de.crt b/makefu/0tests/data/secrets/tinc.krebsco.de.crt
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/tinc.krebsco.de.key b/makefu/0tests/data/secrets/tinc.krebsco.de.key
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/tonie.env b/makefu/0tests/data/secrets/tonie.env
deleted file mode 100644
index 94d6c469a..000000000
--- a/makefu/0tests/data/secrets/tonie.env
+++ /dev/null
@@ -1,2 +0,0 @@
-TONIE_AUDIO_MATCH_USER=
-TONIE_AUDIO_MATCH_PASS=
diff --git a/makefu/0tests/data/secrets/tw-pass.ini b/makefu/0tests/data/secrets/tw-pass.ini
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/uhub.sql b/makefu/0tests/data/secrets/uhub.sql
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/wbobPassword.nix b/makefu/0tests/data/secrets/wbobPassword.nix
deleted file mode 100644
index 0479c0770..000000000
--- a/makefu/0tests/data/secrets/wbobPassword.nix
+++ /dev/null
@@ -1 +0,0 @@
-"$6$lol"
diff --git a/makefu/0tests/data/secrets/wildcard.krebsco.de.crt b/makefu/0tests/data/secrets/wildcard.krebsco.de.crt
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/wildcard.krebsco.de.key b/makefu/0tests/data/secrets/wildcard.krebsco.de.key
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/0tests/data/secrets/zigbee2mqtt.nix b/makefu/0tests/data/secrets/zigbee2mqtt.nix
deleted file mode 100644
index c67ff3865..000000000
--- a/makefu/0tests/data/secrets/zigbee2mqtt.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- mqtt.password = "hass";
- mqtt.username = "hass";
- zigbee.network_key = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ];
-}
-
diff --git a/makefu/0tests/data/wg-thierry.key b/makefu/0tests/data/wg-thierry.key
deleted file mode 100644
index e69de29bb..000000000
diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
deleted file mode 100644
index b9550cb2e..000000000
--- a/makefu/1systems/cake/config.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- primaryInterface = "eth0";
-in {
- imports = [
-
- ./hardware-config.nix
-
-
- #./hardware-config.nix
- { environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];}
- #
-
- #
- #
- #
- #
- # configure your hw:
- #
-
- # directly use the alsa device instead of attaching to pulse
-
-
-
-
- ];
- krebs = {
- enable = true;
- tinc.retiolum.enable = true;
- build.host = config.krebs.hosts.cake;
- };
- # ensure disk usage is limited
- services.journald.extraConfig = "Storage=volatile";
- networking.firewall.trustedInterfaces = [ primaryInterface ];
- documentation.info.enable = false;
- documentation.man.enable = false;
- documentation.nixos.enable = false;
-}
diff --git a/makefu/1systems/cake/hardware-config.nix b/makefu/1systems/cake/hardware-config.nix
deleted file mode 100644
index 932aa1929..000000000
--- a/makefu/1systems/cake/hardware-config.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ pkgs, lib, ... }:
-{
- environment.systemPackages = [ pkgs.libraspberrypi ];
- imports = [ ];
- boot.kernelPackages = pkgs.linuxPackages_rpi4;
- fileSystems = {
- "/" = {
- device = "/dev/disk/by-label/NIXOS_SD";
- fsType = "ext4";
- options = [ "noatime" ];
- };
- };
- hardware.raspberry-pi."4".fkms-3d.enable = true;
- hardware.raspberry-pi."4".audio.enable = true;
-}
diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix
deleted file mode 100644
index 8fc2fff2d..000000000
--- a/makefu/1systems/cake/source.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- name="cake";
- full = true;
- home-manager = true;
- hw = true;
-}
diff --git a/makefu/1systems/crapi/README b/makefu/1systems/crapi/README
deleted file mode 100644
index 9278c764a..000000000
--- a/makefu/1systems/crapi/README
+++ /dev/null
@@ -1,4 +0,0 @@
-1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard
-2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate
-3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix
-5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%
diff --git a/makefu/1systems/crapi/config.nix b/makefu/1systems/crapi/config.nix
deleted file mode 100644
index e7c6c3666..000000000
--- a/makefu/1systems/crapi/config.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, pkgs, lib, ... }:
-{
- imports = [
-
- ./hardware-config.nix
-
-
-
-
- ];
- krebs.build.host = config.krebs.hosts.crapi;
-
- services.openssh.enable = true;
-
-}
diff --git a/makefu/1systems/crapi/hardware-config.nix b/makefu/1systems/crapi/hardware-config.nix
deleted file mode 100644
index bba31dabd..000000000
--- a/makefu/1systems/crapi/hardware-config.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ pkgs, lib, ... }:
-{
- #raspi1
- boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ];
-
- boot.loader.grub.enable = false;
- boot.loader.raspberryPi.enable = true;
- boot.loader.raspberryPi.version = 1;
- boot.loader.raspberryPi.uboot.enable = true;
- boot.loader.raspberryPi.uboot.configurationLimit = 1;
- boot.loader.generationsDir.enable = lib.mkDefault false;
- hardware.enableRedistributableFirmware = true;
- boot.cleanTmpDir = true;
- environment.systemPackages = [ pkgs.raspberrypi-tools ];
- boot.kernelPackages = pkgs.linuxPackages_rpi;
-
- nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
- nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
-
- fileSystems = {
- "/boot" = {
- device = "/dev/disk/by-label/NIXOS_BOOT";
- fsType = "vfat";
- };
- "/" = {
- device = "/dev/disk/by-label/NIXOS_SD";
- fsType = "ext4";
- };
- };
-
- system.activationScripts.create-swap = ''
- if [ ! -e /swapfile ]; then
- fallocate -l 2G /swapfile
- mkswap /swapfile
- chmod 600 /swapfile
- fi
- '';
- swapDevices = [ { device = "/swapfile"; size = 4096; } ];
-}
diff --git a/makefu/1systems/crapi/source.nix b/makefu/1systems/crapi/source.nix
deleted file mode 100644
index 4a4359ee6..000000000
--- a/makefu/1systems/crapi/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- arm6 = true;
-}
diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix
deleted file mode 100644
index 4e71d1426..000000000
--- a/makefu/1systems/darth/config.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with import ;
-let
- # all the good stuff resides in /data
-
- byid = dev: "/dev/disk/by-id/" + dev;
- rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN";
- bootPart = rootDisk + "-part1";
- rootPart = rootDisk + "-part2";
-
- allDisks = [ rootDisk ]; # auxDisk
-in {
- imports = [
-
-
-
-
-
-
- #
-
-
-
-
- #
-
-
-
- # lan party
-
-
-
-
-
- ];
-
-
-
- #networking.firewall.enable = false;
- makefu.server.primary-itf = "enp0s25";
- # krebs.hidden-ssh.enable = true;
- boot.kernelModules = [ "coretemp" "f71882fg" ];
- hardware.enableRedistributableFirmware = true;
- nixpkgs.config.allowUnfree = true;
- networking = {
- wireless.enable = true;
- firewall = {
- allowPing = true;
- logRefusedConnections = false;
- # trustedInterfaces = [ "eno1" ];
- allowedUDPPorts = [ 80 655 1655 67 ];
- allowedTCPPorts = [ 80 655 1655 ];
- };
- # fallback connection to the internal virtual network
- # interfaces.virbr3.ip4 = [{
- # address = "10.8.8.2";
- # prefixLength = 24;
- # }];
- };
-
- # TODO smartd omo darth gum all-in-one
- services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
-
- boot.loader.grub.device = rootDisk;
- boot.initrd.luks.devices = [
- { name = "luksroot";
- device = rootPart;
- allowDiscards = true;
- keyFileSize = 4096;
- keyFile = "/dev/sdb";
- }
- ];
-
- krebs.build.host = config.krebs.hosts.darth;
-}
diff --git a/makefu/1systems/darth/source.nix b/makefu/1systems/darth/source.nix
deleted file mode 100644
index a8d7368ab..000000000
--- a/makefu/1systems/darth/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- name="darth";
-}
diff --git a/makefu/1systems/drop/config.nix b/makefu/1systems/drop/config.nix
deleted file mode 100644
index 2757db8cc..000000000
--- a/makefu/1systems/drop/config.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, pkgs, ... }:
-let
- external-ip = "45.55.145.62";
- default-gw = "45.55.128.1";
- prefixLength = 18;
-in {
- imports = [
-
-
-
-
- ];
- krebs = {
- enable = true;
- tinc.retiolum.enable = true;
- build.host = config.krebs.hosts.drop;
- };
-
- boot.loader.grub.device = "/dev/vda";
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
- fileSystems."/" = {
- device = "/dev/vda1";
- fsType = "ext4";
- };
-
- networking = {
- firewall = {
- allowPing = true;
- logRefusedConnections = false;
- allowedTCPPorts = [ ];
- allowedUDPPorts = [ 655 ];
- };
- interfaces.enp0s3.ipv4.addresses = [{
- address = external-ip;
- inherit prefixLength;
- }];
- defaultGateway = default-gw;
- nameservers = [ "8.8.8.8" ];
- };
-}
diff --git a/makefu/1systems/drop/source.nix b/makefu/1systems/drop/source.nix
deleted file mode 100644
index a6bc834b0..000000000
--- a/makefu/1systems/drop/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- name="drop";
- torrent = true;
-}
diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix
deleted file mode 100644
index 7e9dea9ec..000000000
--- a/makefu/1systems/fileleech/config.nix
+++ /dev/null
@@ -1,174 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
- toMapper = id: "/media/crypt${builtins.toString id}";
- byid = dev: "/dev/disk/by-id/" + dev;
- keyFile = byid "usb-Intuix_DiskOnKey_09A07360336198F8-0:0";
- rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
- rootPartition = rootDisk + "-part3";
-
- dataDisks = let
- idpart = dev: byid dev + "-part1";
- in [
- { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";}
- { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";}
- { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";}
- { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";}
- { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";}
- { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";}
- { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";}
- { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity
- ];
-
- disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks;
-in {
- imports = [
-
-
-
-
-
-
- #
- #
- #
- #
-
- ];
- systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
- systemd.services.graphiteApi.serviceConfig.LimitNOFILE=10032;
- systemd.services.carbonCache.serviceConfig.LimitNOFILE=10032;
- makefu.server.primary-itf = "enp8s0f0";
- krebs = {
- enable = true;
- build.host = config.krebs.hosts.fileleech;
- };
- # git clone https://github.com/makefu/docker-pyload
- # docker build .
- # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload
-
- virtualisation.docker.enable = true; # for pyload
- networking.firewall.allowPing = true;
- networking.firewall.logRefusedConnections = false;
- networking.firewall.allowedTCPPorts = [
- 51412 # torrent
- 8112 # rutorrent-web
- 8113 # pyload
- 8080 # sabnzbd
- 9090 # sabnzbd-ssl
- 655 # tinc
- 21 # ftp
- ];
- services.nginx.virtualHosts._download = {
- default = true;
- root = config.makefu.dl-dir;
- extraConfig = ''
- autoindex on;
- '';
- basicAuth = import ;
- };
- networking.firewall.allowedUDPPorts = [
- 655 # tinc
- 51412 # torrent
- ];
-
- services.vsftpd.enable = true;
- services.vsftpd.localUsers = true;
- services.vsftpd.userlist = [ "download" ];
- services.vsftpd.userlistEnable = true;
- # services.vsftpd.chrootlocalUser = true;
-
- services.sabnzbd.enable = true;
- systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
-
- # TODO use users.motd and pam.services.sshd.showMotd
- services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" ''
- Services:
- ssh://download@fileleech - ssh via filebitch
- ftp://download@fileleech - access to ${config.makefu.dl-dir}
- http://fileleech:8112 - rutorrent
- http://fileleech:8113 - pyload
- https://fileleech:9090 - sabnzb
- ''; in "Banner ${banner}";
-
- boot.initrd.luks = {
- devices = let
- usbkey = name: device: {
- inherit name device keyFile;
- keyFileSize = 4096;
- allowDiscards = true;
- };
- in builtins.map (x: usbkey x.name x.device) disks;
- };
- environment.systemPackages = with pkgs;[ mergerfs ];
-
- fileSystems = let
- cryptMount = name:
- { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
- in cryptMount "crypt0"
- // cryptMount "crypt1"
- // cryptMount "crypt2"
- // cryptMount "crypt3"
- // cryptMount "crypt4"
- // cryptMount "crypt5"
- // cryptMount "crypt6"
- // cryptMount "crypt7"
-
- # this entry sometimes creates issues
- // { "/media/cryptX" = {
- device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 4 5 6 ]);
- fsType = "mergerfs";
- noCheck = true;
- options = [ "defaults" "nofail" "allow_other" "nonempty" ]; };
- }
-
- ;
- makefu.dl-dir = "/media/cryptX";
- users.users.download = {
- useDefaultShell = true;
- # name = "download";
- # createHome = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.makefu.pubkey
- config.krebs.users.lass.pubkey
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch"
- ];
- };
- makefu.snapraid = {
- enable = true;
- disks = map toMapper [ 0 1 2 3 4 5 6 ];
- parity = toMapper 7;
- };
- networking.nameservers = [ "8.8.8.8" ];
- # SPF
- networking.defaultGateway = "151.217.176.1";
- networking.interfaces.enp6s0f0.ipv4.addresses = [{
- address = "151.217.178.63";
- prefixLength = 22;
- }];
-
- # Gigabit
- networking.interfaces.enp8s0f1.ipv4.addresses = [{
- address = "192.168.126.1";
- prefixLength = 24;
- }];
-
- #interfaces.enp6s0f1.ip4 = [{
- # address = external-ip;
- # prefixLength = 22;
- #}];
-
- boot.loader.grub.device = rootDisk;
-
- boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "aacraid" "usb_storage" "usbhid" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- # http://blog.hackathon.de/using-unsupported-sfp-modules-with-linux.html
- boot.extraModprobeConfig = ''
- options ixgbe allow_unsupported_sfp=1
- '';
-}
diff --git a/makefu/1systems/fileleech/source.nix b/makefu/1systems/fileleech/source.nix
deleted file mode 100644
index b6951a273..000000000
--- a/makefu/1systems/fileleech/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- name = "fileleech";
- torrent = true;
-}
diff --git a/makefu/1systems/filepimp/config.nix b/makefu/1systems/filepimp/config.nix
deleted file mode 100644
index 3edfffb78..000000000
--- a/makefu/1systems/filepimp/config.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, pkgs, lib, ... }:
-# nix-shell -p wol --run 'wol C8:CB:B8:CF:E4:DC --passwd=CA-FE-BA-BE-13-37'
-let
- itf = config.makefu.server.primary-itf;
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hw.nix
-
-
-
-
-
-
- ];
-
- krebs.build.host = config.krebs.hosts.filepimp;
-
- networking.firewall.trustedInterfaces = [ itf ];
- networking.interfaces.${itf}.wakeOnLan.enable = true;
-
-}
diff --git a/makefu/1systems/filepimp/hw.nix b/makefu/1systems/filepimp/hw.nix
deleted file mode 100644
index 6f02d9b1b..000000000
--- a/makefu/1systems/filepimp/hw.nix
+++ /dev/null
@@ -1,83 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
- byid = dev: "/dev/disk/by-id/" + dev;
- part1 = disk: disk + "-part1";
- rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890";
- primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc
- # N54L Chassis:
- # ____________________
- # |______FRONT_______|
- # | [ ]|
- # | [ d1 d0 d3 d4 ]|
- # |___[_____________]|
- jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA";
-
- # transfer to omo
- jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
- jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363";
- jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA";
- allDisks = [ rootDisk jDisk0 jDisk1 jDisk2 jDisk3 ];
-in {
- boot = {
- loader.grub.device = rootDisk;
-
- initrd.availableKernelModules = [
- "ahci"
- "ohci_pci"
- "ehci_pci"
- "pata_atiixp"
- "usb_storage"
- "usbhid"
- ];
-
- kernelModules = [ "kvm-amd" ];
- extraModulePackages = [ ];
- };
- makefu.server.primary-itf = primary-interface;
-
- hardware.enableRedistributableFirmware = true;
- hardware.cpu.amd.updateMicrocode = true;
-
- zramSwap.enable = true;
-
- makefu.snapraid = let
- toMedia = name: "/media/" + name;
- in {
- enable = true;
- # todo combine creation when enabling the mount point
- disks = map toMedia [
- "j0"
- "j1"
- "j2"
- ];
- parity = toMedia "par0";
- };
- # TODO: refactor, copy-paste from omo
- services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
- powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
- ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
- ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
- ${pkgs.hdparm}/sbin/hdparm -y ${disk}
- '') allDisks);
- fileSystems = let
- xfsmount = name: dev:
- { "/media/${name}" = {
- device = dev; fsType = "xfs";
- options = [ "nofail" ];
- }; };
- tomedia = id: "/media/${id}";
- in
- (xfsmount "j0" (part1 jDisk0)) //
- (xfsmount "j1" (part1 jDisk1)) //
- (xfsmount "j2" (part1 jDisk2)) //
- (xfsmount "par0" (part1 jDisk3)) //
- { "/media/jX" = {
- device = (lib.concatMapStringsSep ":" (d: (tomedia d)) ["j0" "j1" "j2" ]);
- fsType = "mergerfs";
- noCheck = true;
- options = [ "defaults" "allow_other" "nofail" "nonempty" ];
- };
- };
- environment.systemPackages = [ pkgs.mergerfs ];
-}
diff --git a/makefu/1systems/filepimp/source.nix b/makefu/1systems/filepimp/source.nix
deleted file mode 100644
index 9930f0e42..000000000
--- a/makefu/1systems/filepimp/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- name="filepimp";
- home-manager = true;
-}
diff --git a/makefu/1systems/firecracker/config.nix b/makefu/1systems/firecracker/config.nix
deleted file mode 100644
index 87f500287..000000000
--- a/makefu/1systems/firecracker/config.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- primaryInterface = "eth0";
-in {
- imports = [
-
- ./hardware-config.nix
- #
- { environment.systemPackages = with pkgs;[ rsync screen curl git ];}
-
- #
-# configure your hw:
-#
- ];
- krebs = {
- enable = true;
- tinc.retiolum.enable = true;
- build.host = config.krebs.hosts.firecracker;
- };
- networking.firewall.trustedInterfaces = [ primaryInterface ];
- documentation.info.enable = false;
- documentation.man.enable = false;
- services.nixosManual.enable = false;
- sound.enable = false;
-}
diff --git a/makefu/1systems/firecracker/hardware-config.nix b/makefu/1systems/firecracker/hardware-config.nix
deleted file mode 100644
index b821a3375..000000000
--- a/makefu/1systems/firecracker/hardware-config.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ pkgs, lib, ... }:
-{
- boot.kernelParams = lib.mkForce ["console=ttyS2,1500000n8" "earlycon=uart8250,mmio32,0xff1a0000" "earlyprintk"];
- boot.loader.grub.enable = false;
- boot.loader.generic-extlinux-compatible.enable = true;
- boot.loader.generic-extlinux-compatible.configurationLimit = 1;
- boot.loader.generationsDir.enable = lib.mkDefault false;
- boot.supportedFilesystems = lib.mkForce [ "vfat" ];
-
- boot.tmpOnTmpfs = lib.mkForce false;
- boot.cleanTmpDir = true;
- hardware.enableRedistributableFirmware = true;
-
- ## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747
- boot.kernelPackages = pkgs.linuxPackages_latest;
- networking.wireless.enable = true;
- # File systems configuration for using the installer's partition layout
- swapDevices = [ { device = "/var/swap"; size = 4096; } ];
- fileSystems = {
- "/boot" = {
- device = "/dev/disk/by-label/NIXOS_BOOT";
- fsType = "vfat";
- };
- "/" = {
- device = "/dev/disk/by-label/NIXOS_SD";
- fsType = "ext4";
- };
- };
-
-}
diff --git a/makefu/1systems/firecracker/source.nix b/makefu/1systems/firecracker/source.nix
deleted file mode 100644
index 22c40039e..000000000
--- a/makefu/1systems/firecracker/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- name="cake";
- full = true;
-}
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
deleted file mode 100644
index f40f113bb..000000000
--- a/makefu/1systems/gum/config.nix
+++ /dev/null
@@ -1,261 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import ;
-let
- external-ip = config.krebs.build.host.nets.internet.ip4.addr;
- ext-if = config.makefu.server.primary-itf;
- allDisks = [ "/dev/sda" "/dev/sdb" ];
-in {
- imports = [
-
- ./hetznercloud
- {
- # wait for mount
- systemd.services.rtorrent.wantedBy = lib.mkForce [];
- systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce [];
- systemd.services.samba-smbd.wantedBy = lib.mkForce [];
- }
- {
- users.users.lass = {
- uid = 19002;
- isNormalUser = true;
- createHome = true;
- useDefaultShell = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- lass.pubkey
- makefu.pubkey
- ];
- };
- }
-
-
-
-
-
- #
-
-
- #
-
-
-
- # Security
-
-
- # Tools
-
-
-
- #
-
-
-
-
- #
-
- # networking
- #
- #
- #
- #
-
- { # bonus retiolum config for connecting more hosts
- krebs.tinc.retiolum = {
- #extraConfig = lib.mkForce ''
- # ListenAddress = ${external-ip} 53
- # ListenAddress = ${external-ip} 655
- # ListenAddress = ${external-ip} 21031
- # StrictSubnets = yes
- # LocalDiscovery = no
- #'';
- connectTo = [
- "prism" "ni" "enklave" "eve" "dishfire"
- ];
- };
- networking.firewall = {
- allowedTCPPorts =
- [
- 53
- 655
- 21031
- ];
- allowedUDPPorts =
- [
- 53
- 655
- 21031
- ];
- };
- }
-
- # ci
- #
-
-
- ### systemdUltras ###
-
-
- ###### Shack #####
- #
- #
-
-
-
-
-
-
- # services
- # postgres backend
- #
- #
- { krebs.exim.enable = mkDefault true; }
-
-
- # sharing
- # samba sahre
-
- #
-
- { nixpkgs.config.allowUnfree = true; }
- #
- ##
- #
- #
- #
-
-
- ## network
- #
- #
-
- { makefu.backup.server.repo = "/var/backup/borg"; }
-
-
-
-
-
- { # recent changes mediawiki bot
- networking.firewall.allowedUDPPorts = [ 5005 5006 ];
- }
- # Removed until move: no extra mails
- #
- # Removed until move: avoid letsencrypt ban
- ### Web
-
- # postgres backend
- # postgres backend
-
-
-
- #postgres backend
- ### Moving owncloud data dir to /media/cloud/nextcloud-data
- {
- users.users.nextcloud.extraGroups = [ "download" ];
- # nextcloud-setup fails as it cannot set permissions for nextcloud
- systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1";
- systemd.tmpfiles.rules = [
- "L /var/lib/nextcloud/data - - - - /media/cloud/nextcloud-data"
- "L /var/backup - - - - /media/cloud/gum-backup"
- ];
- #fileSystems."/var/lib/nextcloud/data" = {
- # device = "/media/cloud/nextcloud-data";
- # options = [ "bind" ];
- #};
- #fileSystems."/var/backup" = {
- # device = "/media/cloud/gum-backup";
- # options = [ "bind" ];
- #};
- }
-
-
- #
-
-
-
-
- ##
- #
- #
-
- #
- #
-
- #
- #
- #
- #
- #
-
-
- #
-
-
- #
-
-
- #
-
-
-
-
- #
-
- #
-
- # sharing
-
- { krebs.airdcpp.dcpp.shares = {
- download.path = config.makefu.dl-dir + "/finished";
- sorted.path = config.makefu.dl-dir + "/sorted";
- };
- }
-
-
- ## Temporary:
- #
- #
- #
-
- # krebs infrastructure services
- #
- ];
-
- # makefu.dl-dir = "/var/download";
- makefu.dl-dir = "/media/cloud/download/finished";
-
- services.openssh.hostKeys = lib.mkForce [
- { bits = 4096; path = (toString ); type = "rsa"; }
- { path = (toString ); type = "ed25519"; } ];
- ###### stable
- security.acme.certs."cgit.euer.krebsco.de" = {
- email = "letsencrypt@syntax-fehler.de";
- webroot = "/var/lib/acme/acme-challenge";
- group = "nginx";
- };
- services.nginx.virtualHosts."cgit" = {
- serverAliases = [ "cgit.euer.krebsco.de" ];
- addSSL = true;
- sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
- sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
- locations."/.well-known/acme-challenge".extraConfig = ''
- root /var/lib/acme/acme-challenge;
- '';
- };
-
- krebs.build.host = config.krebs.hosts.gum;
-
- # Network
- networking = {
- firewall = {
- allowedTCPPorts = [
- 80 443
- 28967 # storj
- ];
- allowPing = true;
- logRefusedConnections = false;
- };
- nameservers = [ "8.8.8.8" ];
- };
- users.users.makefu.extraGroups = [ "download" "nginx" ];
- state = [ "/home/makefu/.weechat" ];
-}
diff --git a/makefu/1systems/gum/hetzner/default.nix b/makefu/1systems/gum/hetzner/default.nix
deleted file mode 100644
index 7d445879a..000000000
--- a/makefu/1systems/gum/hetzner/default.nix
+++ /dev/null
@@ -1,116 +0,0 @@
-{ config, ... }:
-let
- external-mac = "50:46:5d:9f:63:6b";
- main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
- sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
- external-gw = "144.76.26.225";
- # single partition, label "nixos"
- # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
-
-
- # static
- external-ip = "144.76.26.247";
- external-ip6 = "2a01:4f8:191:12f6::2";
- external-gw6 = "fe80::1";
- external-netmask = 27;
- external-netmask6 = 64;
- internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
- ext-if = "et0"; # gets renamed on the fly
-in {
- imports = [
-
- { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; }
-
- ];
- makefu.server.primary-itf = ext-if;
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
- '';
- networking = {
- interfaces."${ext-if}" = {
- ipv4.addresses = [{
- address = external-ip;
- prefixLength = external-netmask;
- }];
- ipv6.addresses = [{
- address = external-ip6;
- prefixLength = external-netmask6;
- }];
- };
- defaultGateway6 = { address = external-gw6; interface = ext-if; };
- defaultGateway = external-gw;
- };
- boot.kernelParams = [ ];
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.devices = [ main-disk ];
- boot.initrd.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" ];
- boot.initrd.availableKernelModules = [
- "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
- "xhci_pci" "ehci_pci" "ahci" "sd_mod"
- ];
- boot.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" "kvm-intel" ];
- hardware.enableRedistributableFirmware = true;
- fileSystems."/" = {
- device = "/dev/nixos/root";
- fsType = "ext4";
- };
- fileSystems."/var/lib" = {
- device = "/dev/nixos/lib";
- fsType = "ext4";
- };
- fileSystems."/var/log" = {
- device = "/dev/nixos/log";
- fsType = "ext4";
- };
- fileSystems."/var/download" = {
- device = "/dev/nixos/download";
- fsType = "ext4";
- };
- fileSystems."/var/www/binaergewitter" = {
- device = "/dev/nixos/binaergewitter";
- fsType = "ext4";
- options = [ "nofail" ];
- };
- fileSystems."/var/lib/nextcloud/data" = {
- device = "/dev/nixos/nextcloud";
- fsType = "ext4";
- options = [ "nofail" ];
- };
- fileSystems."/var/lib/borgbackup" = {
- device = "/dev/nixos/backup";
- fsType = "ext4";
- };
- fileSystems."/boot" = {
- device = "/dev/sda2";
- fsType = "vfat";
- };
- # parted -s -a optimal "$disk" \
- # mklabel gpt \
- # mkpart no-fs 0 1024KiB \
- # set 1 bios_grub on \
- # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
- # mkpart primary 1025MiB 100%
- # parted -s -a optimal "/dev/sdb" \
- # mklabel gpt \
- # mkpart primary 1M 100%
-
- #mkfs.vfat /dev/sda2
- #pvcreate /dev/sda3
- #pvcreate /dev/sdb1
- #vgcreate nixos /dev/sda3 /dev/sdb1
- #lvcreate -L 120G -m 1 -n root nixos
- #lvcreate -L 50G -m 1 -n lib nixos
- #lvcreate -L 100G -n download nixos
- #lvcreate -L 100G -n backup nixos
- #mkfs.ext4 /dev/mapper/nixos-root
- #mkfs.ext4 /dev/mapper/nixos-lib
- #mkfs.ext4 /dev/mapper/nixos-download
- #mkfs.ext4 /dev/mapper/nixos-borgbackup
- #mount /dev/mapper/nixos-root /mnt
- #mkdir /mnt/boot
- #mount /dev/sda2 /mnt/boot
- #mkdir -p /mnt/var/src
- #touch /mnt/var/src/.populate
-
-}
diff --git a/makefu/1systems/gum/hetznercloud/default.nix b/makefu/1systems/gum/hetznercloud/default.nix
deleted file mode 100644
index cfcd894af..000000000
--- a/makefu/1systems/gum/hetznercloud/default.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-{
-
- imports =
- [ ./network.nix
- (modulesPath + "/profiles/qemu-guest.nix")
- ];
-
- # Disk
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "rpool/root";
- fsType = "zfs";
- };
-
- fileSystems."/home" =
- { device = "rpool/home";
- fsType = "zfs";
- };
-
- fileSystems."/nix" =
- { device = "rpool/nix";
- fsType = "zfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/sda1";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
- boot.loader.grub.device = "/dev/sda";
-
- networking.hostId = "3150697b"; # required for zfs use
- boot.tmpOnTmpfs = true;
- boot.supportedFilesystems = [ "zfs" ];
-
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.copyKernels = true;
- boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
- boot.kernelParams = [
- "boot.shell_on_fail"
- "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
- ];
-}
diff --git a/makefu/1systems/gum/hetznercloud/doit b/makefu/1systems/gum/hetznercloud/doit
deleted file mode 100644
index 45798587a..000000000
--- a/makefu/1systems/gum/hetznercloud/doit
+++ /dev/null
@@ -1,13 +0,0 @@
-ROOT_DEVICE=/dev/sda2
-NIXOS_BOOT=/dev/sda1
-
-zpool create -o ashift=12 -o altroot=/mnt rpool $ROOT_DEVICE
-zfs create -o mountpoint=legacy rpool/root
-zfs create -o mountpoint=legacy rpool/home
-zfs create -o mountpoint=legacy rpool/nix
-mount -t zfs rpool/root /mnt
-mkdir /mnt/{home,nix,boot}
-mount -t zfs rpool/home /mnt/home
-mount -t zfs rpool/nix /mnt/nix
-mount $NIXOS_BOOT /mnt/boot/
-
diff --git a/makefu/1systems/gum/hetznercloud/network.nix b/makefu/1systems/gum/hetznercloud/network.nix
deleted file mode 100644
index 5159cf570..000000000
--- a/makefu/1systems/gum/hetznercloud/network.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-let
- external-mac = "96:00:01:24:33:f4";
- external-gw = "172.31.1.1";
- external-ip = "142.132.189.140";
- external-ip6 = "2a01:4f8:1c17:5cdf::2";
- external-gw6 = "fe80::1";
- external-netmask = 32;
- external-netmask6 = 64;
- internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
- ext-if = "et0"; # gets renamed on the fly
-in
-{
- makefu.server.primary-itf = ext-if;
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
- '';
- networking = {
- enableIPv6 = true;
- nat.enableIPv6 = true;
- interfaces."${ext-if}" = {
- useDHCP = true;
- ipv6.addresses = [{
- address = external-ip6;
- prefixLength = external-netmask6;
- }];
- };
- #ipv4.addresses = [{
- # address = external-ip;
- # prefixLength = external-netmask;
- #}];
- defaultGateway6 = { address = external-gw6; interface = ext-if; };
- #defaultGateway = external-gw;
- nameservers = [ "1.1.1.1" ];
- };
-}
diff --git a/makefu/1systems/gum/hetznercloud/sfdisk.part b/makefu/1systems/gum/hetznercloud/sfdisk.part
deleted file mode 100644
index fb375b15a..000000000
--- a/makefu/1systems/gum/hetznercloud/sfdisk.part
+++ /dev/null
@@ -1,6 +0,0 @@
-label: gpt
-device: /dev/sda
-unit: sectors
-1 : size=524288 type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
-4 : size=4096 type=21686148-6449-6E6F-744E-656564454649
-2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt
deleted file mode 100644
index 0a3ed96ee..000000000
--- a/makefu/1systems/gum/rescue.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-ssh gum.i -o StrictHostKeyChecking=no
-
-mount /dev/mapper/nixos-root /mnt
-mount /dev/sda2 /mnt/boot
-
-chroot-prepare /mnt
-chroot /mnt /bin/sh
-
-
-journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
-# ... activating ...
-
-export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
-/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
-/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild
diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix
deleted file mode 100644
index 43586ede4..000000000
--- a/makefu/1systems/gum/source.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- name="gum";
- torrent = true;
- clever_kexec = true;
- home-manager = true;
-}
diff --git a/makefu/1systems/hardware/tsp-disk.json b/makefu/1systems/hardware/tsp-disk.json
deleted file mode 100644
index 5a4bd26ab..000000000
--- a/makefu/1systems/hardware/tsp-disk.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "type": "devices",
- "content": {
- "sda": {
- "type": "table",
- "format": "msdos",
- "partitions": [
- { "type": "partition",
- "part-type": "primary",
- "start": "1M",
- "end": "100%",
- "bootable": true,
- "content": {
- "type": "filesystem",
- "format": "ext4",
- "mountpoint": "/"
- }
- }
- ]
- }
- }
-}
-
diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix
deleted file mode 100644
index 207121236..000000000
--- a/makefu/1systems/iso/config.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with import ;
-{
- imports = [
- #
-
-
- #
- ./justdoit.nix
- {
- environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" ''
- #!/bin/sh
- ip addr add 178.254.30.202/255.255.252.0 dev ens3
- ip route add default via 178.254.28.1
- echo nameserver 1.1.1.1 > /etc/resolv.conf
- '')];
- kexec.justdoit = {
- bootSize = 512;
- rootDevice = "/dev/vda";
- bootType = "vfat";
- luksEncrypt = false;
- uefi = false;
- };
- }
- ];
- # boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
- # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
- # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
- #krebs.build.host = { cores = 0; };
- isoImage.isoBaseName = lib.mkForce "stockholm";
- #krebs.hidden-ssh.enable = true;
- # environment.systemPackages = with pkgs; [
- # aria2
- # ddrescue
- # ];
- environment.extraInit = ''
- EDITOR=vim
- '';
- # iso-specific
- services.openssh = {
- enable = true;
- hostKeys = [
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
- # enable ssh in the iso boot process
- systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
- # hack `tee` behavior
- nixpkgs.config.packageOverrides = super: {
- irc-announce = super.callPackage {
- pkgs = pkgs // {
- coreutils = pkgs.symlinkJoin {
- name = "coreutils-hack";
- paths = [
- pkgs.coreutils
- (pkgs.writeDashBin "tee" ''
- if test "$1" = /dev/stderr; then
- while read -r line; do
- echo "$line"
- echo "$line" >&2
- done
- else
- ${super.coreutils}/bin/tee "$@"
- fi
- '')
- ];
- };
- };
- };
- };
-}
diff --git a/makefu/1systems/iso/justdoit.nix b/makefu/1systems/iso/justdoit.nix
deleted file mode 100644
index 0ce90494b..000000000
--- a/makefu/1systems/iso/justdoit.nix
+++ /dev/null
@@ -1,120 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-let
- cfg = config.kexec.justdoit;
- x = if cfg.nvme then "p" else "";
-in {
- options = {
- kexec.justdoit = {
- rootDevice = mkOption {
- type = types.str;
- default = "/dev/sda";
- description = "the root block device that justdoit will nuke from orbit and force nixos onto";
- };
- bootSize = mkOption {
- type = types.int;
- default = 256;
- description = "size of /boot in mb";
- };
- bootType = mkOption {
- type = types.enum [ "ext4" "vfat" "zfs" ];
- default = "ext4";
- };
- swapSize = mkOption {
- type = types.int;
- default = 1024;
- description = "size of swap in mb";
- };
- poolName = mkOption {
- type = types.str;
- default = "tank";
- description = "zfs pool name";
- };
- luksEncrypt = mkOption {
- type = types.bool;
- default = false;
- description = "encrypt all of zfs and swap";
- };
- uefi = mkOption {
- type = types.bool;
- default = false;
- description = "create a uefi install";
- };
- nvme = mkOption {
- type = types.bool;
- default = false;
- description = "rootDevice is nvme";
- };
- };
- };
- config = let
- mkBootTable = {
- ext4 = "mkfs.ext4 $NIXOS_BOOT -L NIXOS_BOOT";
- vfat = "mkfs.vfat $NIXOS_BOOT -n NIXOS_BOOT";
- zfs = "";
- };
- in lib.mkIf true {
- system.build.justdoit = pkgs.writeScriptBin "justdoit" ''
- #!${pkgs.stdenv.shell}
- set -e
- vgchange -a n
- wipefs -a ${cfg.rootDevice}
- dd if=/dev/zero of=${cfg.rootDevice} bs=512 count=10000
- sfdisk ${cfg.rootDevice} < /mnt/etc/nixos/generated.nix < /etc/resolv.conf
- '')];
-
- # minimal
- boot.supportedFilesystems = [ "zfs" ];
- programs.command-not-found.enable = false;
- time.timeZone = "Europe/Berlin";
- programs.ssh.startAgent = false;
- nix.useSandbox = true;
- users.mutableUsers = false;
- networking.firewall.rejectPackets = true;
- networking.firewall.allowPing = true;
- services.openssh.enable = true;
- i18n = {
- consoleKeyMap = "us";
- defaultLocale = "en_US.UTF-8";
- };
- boot.kernel.sysctl = {
- "net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2";
- "net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2";
- };
-}
diff --git a/makefu/1systems/kexec/config.nix b/makefu/1systems/kexec/config.nix
deleted file mode 100644
index 5bf19f978..000000000
--- a/makefu/1systems/kexec/config.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with import ;
-{
- imports = [
-
- #
-
-
- ];
- # cd ~/stockholm ; nix-build '' -A config.system.build.kexec_tarball -j 4 -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso
-
- krebs.build.host = config.krebs.hosts.iso;
- krebs.hidden-ssh.enable = true;
- environment.extraInit = ''
- EDITOR=vim
- '';
- services.openssh = {
- enable = true;
- hostKeys = [
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
- systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
-}
diff --git a/makefu/1systems/kexec/source.nix b/makefu/1systems/kexec/source.nix
deleted file mode 100644
index 6bef8ada9..000000000
--- a/makefu/1systems/kexec/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- name="iso";
-}
diff --git a/makefu/1systems/latte/1blu/default.nix b/makefu/1systems/latte/1blu/default.nix
deleted file mode 100644
index 50cd9204d..000000000
--- a/makefu/1systems/latte/1blu/default.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-{
-
- imports =
- [ ./network.nix
- (modulesPath + "/profiles/qemu-guest.nix")
- ];
-
- # Disk
- boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "tank/root";
- fsType = "zfs";
- };
-
- fileSystems."/home" =
- { device = "tank/home";
- fsType = "zfs";
- };
-
- fileSystems."/nix" =
- { device = "tank/nix";
- fsType = "zfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/AEF3-A486";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
- boot.loader.grub.device = "/dev/vda";
-
- networking.hostId = "3150697c"; # required for zfs use
- boot.tmpOnTmpfs = true;
- boot.supportedFilesystems = [ "zfs" ];
-
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.copyKernels = true;
- boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
- boot.kernelParams = [
- "boot.shell_on_fail"
- "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
- ];
-}
diff --git a/makefu/1systems/latte/1blu/network.nix b/makefu/1systems/latte/1blu/network.nix
deleted file mode 100644
index 0a0eac972..000000000
--- a/makefu/1systems/latte/1blu/network.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-let
- external-mac = "c4:37:72:55:4e:1c";
- external-gw = "178.254.28.1";
- external-ip = "178.254.30.202";
- external-ip6 = "2a00:6800:3:18c::2";
- external-gw6 = "2a00:6800:3::1";
- external-netmask = 22;
- external-netmask6 = 64;
- internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
- ext-if = "et0"; # gets renamed on the fly
-in
-{
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
- '';
- networking = {
- interfaces."${ext-if}" = {
- ipv4.addresses = [{
- address = external-ip;
- prefixLength = external-netmask;
- }];
- ipv6.addresses = [{
- address = external-ip6;
- prefixLength = external-netmask6;
- }];
- };
- defaultGateway6 = { address = external-gw6; interface = ext-if; };
- defaultGateway = external-gw;
- nameservers = [ "1.1.1.1" ];
- };
-}
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
deleted file mode 100644
index 9a242a41b..000000000
--- a/makefu/1systems/latte/config.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-
- # external-ip = config.krebs.build.host.nets.internet.ip4.addr;
- # internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
- # default-gw = "185.215.224.1";
- # prefixLength = 24;
- # external-mac = "46:5b:fc:f4:44:c9";
- # ext-if = "et0";
-in {
-
- imports = [
- ./1blu
-
-
- # common
-
-
-
-
- # Security
-
-
- # Tools
-
-
-
- # NixOS Build
-
-
- # Storage
-
- #
-
-
- # torrent is managed by gum
- #
-
- ## Web
-
- # local usage:
-
-
-
- # Supervision
-
-
- # Krebs
-
-
- # backup
-
-
- # migrated:
- #
-
-
- ];
- krebs = {
- enable = true;
- build.host = config.krebs.hosts.latte;
- };
-
- makefu.dl-dir = "/media/cloud/download";
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-}
diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix
deleted file mode 100644
index 41abecf36..000000000
--- a/makefu/1systems/latte/source.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- name = "latte";
- torrent = true;
- home-manager = true;
-}
diff --git a/makefu/1systems/minicake/config.nix b/makefu/1systems/minicake/config.nix
deleted file mode 100644
index fe66679ad..000000000
--- a/makefu/1systems/minicake/config.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config,nixpkgsPath, pkgs, lib, ... }:
-{
- krebs = {
- enable = true;
-
- dns.providers.lan = "hosts";
- build.user = config.krebs.users.makefu;
- };
- imports = [
- (nixpkgsPath + "/nixos/modules/profiles/minimal.nix")
- (nixpkgsPath + "/nixos/modules/profiles/installation-device.nix")
- ];
-
- # cifs-utils fails to cross-compile
- # Let's simplify this by removing all unneeded filesystems from the image.
- boot.supportedFilesystems = lib.mkForce [ "vfat" ];
-
- boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
-
-
- users.users = {
- root = {
- openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
- };
- };
- services.openssh.enable = true;
-}
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
deleted file mode 100644
index 224e170dd..000000000
--- a/makefu/1systems/omo/config.nix
+++ /dev/null
@@ -1,194 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, lib, ... }:
-let
- primaryInterface = config.makefu.server.primary-itf;
-in {
- imports =
- [
- ./hw/omo.nix
- #./hw/tsp.nix
-
-
-
-
- # x11 forwarding
- {
- services.openssh.forwardX11 = true;
- users.users.makefu.packages = [
- pkgs.tinymediamanager
- ];
- }
- { environment.systemPackages = [ pkgs.youtube-dl2kodi pkgs.youtube-dl]; }
-
-
-
-
-
-
- #
-
-
-
-
- { makefu.backup.server.repo = "/media/cryptX/backup/borg"; }
-
-
- #
-
-
-
-
-
-
-
- #
- #
-
-
- #
-
-
-
-
-
-
-
- #
- #{ krebs.airdcpp.dcpp.shares = let
- # d = path: "/media/cryptX/${path}";
- # in {
- # emu.path = d "emu";
- # audiobooks.path = lib.mkForce (d "audiobooks");
- # incoming.path = lib.mkForce (d "torrent");
- # anime.path = d "anime";
- # };
- # krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp";
- #}
- {
- # copy config from to /var/lib/sabnzbd/
- #services.sabnzbd.enable = true;
- #systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- }
- #
-
-
- # statistics
- #
- # Logging
- #influx + grafana
-
- #
- # logs to influx
-
-
- #
-
-
-
- # services
- {
- services.nginx.enable = true;
- networking.firewall.allowedTCPPorts = [ 80 8123 ];
- }
- #
-
- # TODO:
-
-
-
-
-
-
- #
-
- #
- #
-
-
- {
- makefu.ps3netsrv = {
- enable = true;
- servedir = "/media/cryptX/emu/ps3";
- };
- users.users.makefu.packages = [ pkgs.pkgrename ];
- }
-
-
- {
- hardware.pulseaudio.systemWide = true;
- makefu.mpd.musicDirectory = "/media/cryptX/music";
- }
-
- # security
-
- #
-
- #
- {
- #krebs.rtorrent = {
- # downloadDir = lib.mkForce "/media/cryptX/torrent";
- # extraConfig = ''
- # upload_rate = 500
- # '';
- #};
- }
-
- #
- #
- #
-
- ## as long as pyload is not in nixpkgs:
- # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
-
- # Temporary:
- #
-
-
- ];
- makefu.full-populate = true;
- nixpkgs.config.allowUnfree = true;
- users.users.share.isNormalUser = true;
- users.groups.share = {
- gid = (import