Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
8c667f09c0
@ -2,15 +2,15 @@
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
imports =
|
||||
[
|
||||
./hardware-configuration.nix
|
||||
<stockholm/jeschli>
|
||||
<home-manager/nixos>
|
||||
<stockholm/jeschli/2configs/urxvt.nix>
|
||||
<stockholm/jeschli/2configs/emacs.nix>
|
||||
# <stockholm/jeschli/2configs/emacs.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.bolide;
|
||||
@ -29,7 +29,8 @@
|
||||
allowDiscards = true;
|
||||
} ];
|
||||
# networking.hostName = "bolide"; # Define your hostname.
|
||||
networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
# Select internationalisation properties.
|
||||
# i18n = {
|
||||
@ -52,6 +53,8 @@
|
||||
};
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
home-manager
|
||||
|
||||
wget vim
|
||||
# system helper
|
||||
ag
|
||||
@ -92,6 +95,22 @@
|
||||
zathura
|
||||
];
|
||||
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.jeschli = {
|
||||
home.stateVersion = "19.03";
|
||||
};
|
||||
|
||||
home-manager.users.jeschli.home.file = {
|
||||
".emacs.d" = {
|
||||
source = pkgs.fetchFromGitHub {
|
||||
owner = "jeschli";
|
||||
repo = "emacs.d";
|
||||
rev = "8ed6c40";
|
||||
sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0";
|
||||
};
|
||||
recursive = true;
|
||||
};
|
||||
};
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
# programs.bash.enableCompletion = true;
|
||||
@ -103,36 +122,37 @@
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
# networking.firewall.enable = false;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
# services.printing.enable = true;
|
||||
services.xserver = {
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
# services.xserver.layout = "us";
|
||||
# services.xserver.xkbOptions = "eurosign:e";
|
||||
enable = true;
|
||||
|
||||
services.xserver.displayManager.sddm.enable = true;
|
||||
services.xserver.windowManager.xmonad.enable = true;
|
||||
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
||||
# Enable touchpad support.
|
||||
# services.xserver.libinput.enable = true;
|
||||
desktopManager = {
|
||||
xfce.enable = true;
|
||||
gnome3.enable = true;
|
||||
};
|
||||
# # Don't install feh into systemPackages
|
||||
# # refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
|
||||
# desktopManager.session = lib.mkForce [];
|
||||
#
|
||||
# enable = true;
|
||||
# display = 11;
|
||||
# tty = 11;
|
||||
#
|
||||
# dpi = 96;
|
||||
|
||||
# Enable the KDE Desktop Environment.
|
||||
# services.xserver.displayManager.sddm.enable = true;
|
||||
# services.xserver.desktopManager.plasma5.enable = true;
|
||||
videoDrivers = [ "nvidia" ];
|
||||
};
|
||||
|
||||
services.xserver.windowManager.i3.enable = true;
|
||||
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
users.extraUsers.jeschli = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["docker" "vboxusers" "audio"];
|
||||
uid = 1000;
|
||||
};
|
||||
|
||||
hardware.pulseaudio.enable = true;
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
|
@ -29,4 +29,5 @@
|
||||
|
||||
nix.maxJobs = lib.mkDefault 8;
|
||||
powerManagement.cpuFreqGovernor = "powersave";
|
||||
hardware.pulseaudio.enable = true;
|
||||
}
|
||||
|
171
jeschli/1systems/bolide/home.nix
Normal file
171
jeschli/1systems/bolide/home.nix
Normal file
@ -0,0 +1,171 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
home.file = {
|
||||
".emacs.d" = {
|
||||
source = pkgs.fetchFromGitHub {
|
||||
owner = "jeschli";
|
||||
repo = "emacs.d";
|
||||
rev = "8ed6c40";
|
||||
sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0";
|
||||
};
|
||||
recursive = true;
|
||||
};
|
||||
".config/i3/config".text = ''
|
||||
|
||||
set $mod Mod4
|
||||
|
||||
font pango:monospace 8
|
||||
|
||||
floating_modifier $mod
|
||||
|
||||
bindsym $mod+Return exec i3-sensible-terminal
|
||||
|
||||
bindsym $mod+Shift+q kill
|
||||
|
||||
bindsym $mod+d exec rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run
|
||||
|
||||
bindsym $mod+x exec rofi -modi window -show window -auto-select
|
||||
|
||||
# switch to last used window
|
||||
bindsym $mod+Tab exec rofi -show window& sleep 0.15 && xdotool key Down
|
||||
|
||||
# change focus
|
||||
bindsym $mod+j focus left
|
||||
bindsym $mod+k focus down
|
||||
bindsym $mod+l focus up
|
||||
bindsym $mod+semicolon focus right
|
||||
|
||||
# alternatively, you can use the cursor keys:
|
||||
bindsym $mod+Left focus left
|
||||
bindsym $mod+Down focus down
|
||||
bindsym $mod+Up focus up
|
||||
bindsym $mod+Right focus right
|
||||
|
||||
# Resizing windows by 10 in i3 using keyboard only
|
||||
bindsym $mod+Ctrl+Shift+Right resize shrink width 10 px or 10 ppt
|
||||
bindsym $mod+Ctrl+Shift+Up resize grow height 10 px or 10 ppt
|
||||
bindsym $mod+Ctrl+Shift+Down resize shrink height 10 px or 10 ppt
|
||||
bindsym $mod+Ctrl+Shift+Left resize grow width 10 px or 10 ppt
|
||||
|
||||
# move focused window
|
||||
bindsym $mod+Shift+j move left
|
||||
bindsym $mod+Shift+k move down
|
||||
bindsym $mod+Shift+l move up
|
||||
bindsym $mod+Shift+semicolon move right
|
||||
|
||||
# alternatively, you can use the cursor keys:
|
||||
bindsym $mod+Shift+Left move left
|
||||
bindsym $mod+Shift+Down move down
|
||||
bindsym $mod+Shift+Up move up
|
||||
bindsym $mod+Shift+Right move right
|
||||
|
||||
# split in horizontal orientation
|
||||
bindsym $mod+h split h
|
||||
|
||||
# split in vertical orientation
|
||||
bindsym $mod+v split v
|
||||
|
||||
# enter fullscreen mode for the focused container
|
||||
bindsym $mod+f fullscreen toggle
|
||||
|
||||
# change container layout (stacked, tabbed, toggle split)
|
||||
bindsym $mod+s layout stacking
|
||||
bindsym $mod+w layout tabbed
|
||||
bindsym $mod+e layout toggle split
|
||||
|
||||
# toggle tiling / floating
|
||||
bindsym $mod+Shift+space floating toggle
|
||||
|
||||
# change focus between tiling / floating windows
|
||||
bindsym $mod+space focus mode_toggle
|
||||
|
||||
# focus the parent container
|
||||
bindsym $mod+a focus parent
|
||||
|
||||
# focus the child container
|
||||
#bindsym $mod+d focus child
|
||||
|
||||
# Define names for default workspaces for which we configure key bindings later on.
|
||||
# We use variables to avoid repeating the names in multiple places.
|
||||
set $ws1 "1"
|
||||
set $ws2 "2"
|
||||
set $ws3 "3"
|
||||
set $ws4 "4"
|
||||
set $ws5 "5"
|
||||
set $ws6 "6"
|
||||
set $ws7 "7"
|
||||
set $ws8 "8"
|
||||
set $ws9 "9"
|
||||
set $ws10 "10"
|
||||
|
||||
# switch to workspace
|
||||
bindsym $mod+1 workspace $ws1
|
||||
bindsym $mod+2 workspace $ws2
|
||||
bindsym $mod+3 workspace $ws3
|
||||
bindsym $mod+4 workspace $ws4
|
||||
bindsym $mod+5 workspace $ws5
|
||||
bindsym $mod+6 workspace $ws6
|
||||
bindsym $mod+7 workspace $ws7
|
||||
bindsym $mod+8 workspace $ws8
|
||||
bindsym $mod+9 workspace $ws9
|
||||
bindsym $mod+0 workspace $ws10
|
||||
|
||||
# move focused container to workspace
|
||||
bindsym $mod+Shift+1 move container to workspace $ws1
|
||||
bindsym $mod+Shift+2 move container to workspace $ws2
|
||||
bindsym $mod+Shift+3 move container to workspace $ws3
|
||||
bindsym $mod+Shift+4 move container to workspace $ws4
|
||||
bindsym $mod+Shift+5 move container to workspace $ws5
|
||||
bindsym $mod+Shift+6 move container to workspace $ws6
|
||||
bindsym $mod+Shift+7 move container to workspace $ws7
|
||||
bindsym $mod+Shift+8 move container to workspace $ws8
|
||||
bindsym $mod+Shift+9 move container to workspace $ws9
|
||||
bindsym $mod+Shift+0 move container to workspace $ws10
|
||||
|
||||
# reload the configuration file
|
||||
bindsym $mod+Shift+c reload
|
||||
# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
|
||||
bindsym $mod+Shift+r restart
|
||||
# exit i3 (logs you out of your X session)
|
||||
bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'"
|
||||
|
||||
bindsym $mod+p exec i3-sensible-pager
|
||||
|
||||
# resize window (you can also use the mouse for that)
|
||||
mode "resize" {
|
||||
# These bindings trigger as soon as you enter the resize mode
|
||||
|
||||
# Pressing left will shrink the window’s width.
|
||||
# Pressing right will grow the window’s width.
|
||||
# Pressing up will shrink the window’s height.
|
||||
# Pressing down will grow the window’s height.
|
||||
bindsym j resize shrink width 10 px or 10 ppt
|
||||
bindsym k resize grow height 10 px or 10 ppt
|
||||
bindsym l resize shrink height 10 px or 10 ppt
|
||||
bindsym semicolon resize grow width 10 px or 10 ppt
|
||||
|
||||
# same bindings, but for the arrow keys
|
||||
bindsym Left resize shrink width 10 px or 10 ppt
|
||||
bindsym Down resize grow height 10 px or 10 ppt
|
||||
bindsym Up resize shrink height 10 px or 10 ppt
|
||||
bindsym Right resize grow width 10 px or 10 ppt
|
||||
|
||||
# back to normal: Enter or Escape or $mod+r
|
||||
bindsym Return mode "default"
|
||||
bindsym Escape mode "default"
|
||||
bindsym $mod+r mode "default"
|
||||
}
|
||||
|
||||
bindsym $mod+r mode "resize"
|
||||
|
||||
# Start i3bar to display a workspace bar (plus the system information i3status
|
||||
# finds out, if available)
|
||||
bar {
|
||||
position top
|
||||
status_command i3status
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
@ -1,19 +1,17 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
xmonad-jeschli = pkgs.callPackage <stockholm/jeschli/5pkgs/simple/xmonad-jeschli> { inherit config; };
|
||||
mainUser = config.krebs.build.user.name;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
<stockholm/jeschli>
|
||||
./hardware-configuration.nix
|
||||
<home-manager/nixos>
|
||||
<stockholm/jeschli/2configs/urxvt.nix>
|
||||
# <stockholm/jeschli/2configs/emacs.nix>
|
||||
# <stockholm/jeschli/2configs/xdg.nix>
|
||||
# <stockholm/jeschli/2configs/xserver>
|
||||
<stockholm/jeschli/2configs/steam.nix>
|
||||
<stockholm/jeschli/2configs/virtualbox.nix>
|
||||
];
|
||||
|
||||
];
|
||||
krebs.build.host = config.krebs.hosts.brauerei;
|
||||
# Use the GRUB 2 boot loader.
|
||||
boot.loader.grub.enable = true;
|
||||
@ -54,7 +52,10 @@ in
|
||||
copyq
|
||||
curl
|
||||
dmenu
|
||||
rofi
|
||||
xdotool
|
||||
git
|
||||
gnupg
|
||||
i3lock
|
||||
keepass
|
||||
networkmanagerapplet
|
||||
@ -92,9 +93,11 @@ in
|
||||
})
|
||||
# dev tools
|
||||
gnumake
|
||||
jetbrains.clion
|
||||
jetbrains.goland
|
||||
jetbrains.pycharm-professional
|
||||
jetbrains.webstorm
|
||||
vscode
|
||||
# document viewer
|
||||
evince
|
||||
zathura
|
||||
@ -105,7 +108,6 @@ in
|
||||
cargo
|
||||
rustracer
|
||||
rustup
|
||||
vscode
|
||||
# orga tools
|
||||
taskwarrior
|
||||
# xorg
|
||||
@ -120,6 +122,24 @@ in
|
||||
# programs.mtr.enable = true;
|
||||
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.jeschli = {
|
||||
home.stateVersion = "19.03";
|
||||
};
|
||||
# home-manager.enable = true;
|
||||
|
||||
home-manager.users.jeschli.home.file = {
|
||||
".emacs.d" = {
|
||||
source = pkgs.fetchFromGitHub {
|
||||
owner = "jeschli";
|
||||
repo = "emacs.d";
|
||||
rev = "8ed6c40";
|
||||
sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0";
|
||||
};
|
||||
recursive = true;
|
||||
};
|
||||
};
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
@ -155,6 +175,11 @@ in
|
||||
extraGroups = ["docker" "vboxusers" "audio"];
|
||||
uid = 1000;
|
||||
};
|
||||
users.extraUsers.blafoo = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["audio"];
|
||||
uid = 1002;
|
||||
};
|
||||
users.extraUsers.jamie = {
|
||||
isNormalUser = true;
|
||||
uid = 1001; # TODO genid
|
||||
|
@ -49,7 +49,7 @@
|
||||
listenPort = 53589;
|
||||
organisations.lass.users = [ "jeschli" ];
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 53589 ];
|
||||
networking.firewall.allowedTCPPorts = [ 53589 8001 ];
|
||||
}
|
||||
];
|
||||
|
||||
|
@ -2,7 +2,7 @@
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
./vim.nix
|
||||
# ./vim.nix
|
||||
./retiolum.nix
|
||||
./zsh.nix
|
||||
<stockholm/lass/2configs/security-workarounds.nix>
|
||||
@ -56,7 +56,7 @@ with import <stockholm/lib>;
|
||||
usbutils
|
||||
# logify
|
||||
goify
|
||||
|
||||
vim
|
||||
#unpack stuff
|
||||
p7zip
|
||||
unzip
|
||||
|
@ -60,7 +60,7 @@ let
|
||||
with git // config.krebs.users;
|
||||
repo:
|
||||
singleton {
|
||||
user = [ jeschli jeschli-brauerei];
|
||||
user = [ jeschli jeschli-brauerei jeschli-bolide];
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
} ++
|
||||
|
9
jeschli/2configs/home-manager/default.nix
Normal file
9
jeschli/2configs/home-manager/default.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{
|
||||
imports = [
|
||||
<home-manager/nixos>
|
||||
];
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.jeschli = {
|
||||
home.stateVersion = "19.03";
|
||||
};
|
||||
}
|
@ -15,6 +15,12 @@
|
||||
file = "${lib.getEnv "HOME"}/secrets/${name}";
|
||||
};
|
||||
}
|
||||
{
|
||||
home-manager.git = {
|
||||
url = https://github.com/rycee/home-manager;
|
||||
ref = "2ccbf43";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
in {
|
||||
|
0
krebs/0tests/data/secrets/shackspace-gitlab-ci
Normal file
0
krebs/0tests/data/secrets/shackspace-gitlab-ci
Normal file
@ -11,83 +11,44 @@ in
|
||||
<stockholm/krebs>
|
||||
<stockholm/krebs/2configs>
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
<stockholm/krebs/2configs/collectd-base.nix>
|
||||
<stockholm/krebs/2configs/stats/wolf-client.nix>
|
||||
|
||||
<stockholm/krebs/2configs/graphite.nix>
|
||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||
<stockholm/krebs/2configs/binary-cache/prism.nix>
|
||||
|
||||
# handle the worlddomination map via coap
|
||||
<stockholm/krebs/2configs/shack/worlddomination.nix>
|
||||
|
||||
# drivedroid.shack for shackphone
|
||||
<stockholm/krebs/2configs/shack/drivedroid.nix>
|
||||
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
|
||||
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
|
||||
# Say if muell will be collected
|
||||
<stockholm/krebs/2configs/shack/muell_caller.nix>
|
||||
<stockholm/krebs/2configs/shack/radioactive.nix>
|
||||
<stockholm/krebs/2configs/shack/share.nix>
|
||||
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
|
||||
{
|
||||
systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate
|
||||
systemd.services.telegraf.environment = {
|
||||
MIBDIRS = pkgs.fetchgit {
|
||||
url = "http://git.shackspace.de/makefu/modem-mibs.git";
|
||||
sha256 =
|
||||
"1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k";
|
||||
}; # extra mibs like ADSL
|
||||
};
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
inputs = {
|
||||
snmp = {
|
||||
agents = [ "10.0.1.3:161" ];
|
||||
version = 2;
|
||||
community = "shack";
|
||||
name = "snmp";
|
||||
field = [
|
||||
{
|
||||
name = "hostname";
|
||||
oid = "RFC1213-MIB::sysName.0";
|
||||
is_tag = true;
|
||||
}
|
||||
{
|
||||
name = "load-percent"; #cisco
|
||||
oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9";
|
||||
}
|
||||
{
|
||||
name = "uptime";
|
||||
oid = "DISMAN-EVENT-MIB::sysUpTimeInstance";
|
||||
}
|
||||
];
|
||||
table = [{
|
||||
name = "snmp";
|
||||
inherit_tags = [ "hostname" ];
|
||||
oid = "IF-MIB::ifXTable";
|
||||
field = [{
|
||||
name = "ifName";
|
||||
oid = "IF-MIB::ifName";
|
||||
is_tag = true;
|
||||
}];
|
||||
}];
|
||||
};
|
||||
};
|
||||
outputs = {
|
||||
influxdb = {
|
||||
urls = [ "http://${influx-host}:8086" ];
|
||||
database = "telegraf";
|
||||
write_consistency = "any";
|
||||
timeout = "5s";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
# create samba share for anonymous usage with the laser and 3d printer pc
|
||||
<stockholm/krebs/2configs/shack/share.nix>
|
||||
|
||||
# mobile.lounge.mpd.shack
|
||||
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
|
||||
# connect to git.shackspace.de as group runner for rz
|
||||
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
|
||||
|
||||
# Statistics collection and visualization
|
||||
<stockholm/krebs/2configs/graphite.nix>
|
||||
## Collect data from mqtt.shack and store in graphite database
|
||||
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
|
||||
## Collect radioactive data and put into graphite
|
||||
<stockholm/krebs/2configs/shack/radioactive.nix>
|
||||
## Collect local statistics via collectd and send to collectd
|
||||
<stockholm/krebs/2configs/stats/wolf-client.nix>
|
||||
## write collectd statistics to wolf.shack
|
||||
<stockholm/krebs/2configs/collectd-base.nix>
|
||||
{ services.influxdb.enable = true; }
|
||||
|
||||
<stockholm/krebs/2configs/shack/netbox.nix>
|
||||
];
|
||||
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
||||
# apt-cacher-ng in first place)
|
||||
|
||||
services.influxdb.enable = true;
|
||||
|
||||
# local discovery in shackspace
|
||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
||||
@ -156,10 +117,10 @@ in
|
||||
# fallout of ipv6calypse
|
||||
networking.extraHosts = ''
|
||||
hass.shack 10.42.2.191
|
||||
heidi.shack 10.42.2.135
|
||||
'';
|
||||
|
||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users."0x4a6f".pubkey
|
||||
config.krebs.users.ulrich.pubkey
|
||||
config.krebs.users.raute.pubkey
|
||||
config.krebs.users.makefu-omo.pubkey
|
||||
|
21
krebs/2configs/shack/gitlab-runner.nix
Normal file
21
krebs/2configs/shack/gitlab-runner.nix
Normal file
@ -0,0 +1,21 @@
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
runner-src = builtins.fetchTarball {
|
||||
url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/master/nixos-gitlab-runner-master.tar.gz";
|
||||
sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi";
|
||||
};
|
||||
in
|
||||
{
|
||||
systemd.services.gitlab-runner.path = [
|
||||
"/run/wrappers" # /run/wrappers/bin/su
|
||||
"/" # /bin/sh
|
||||
];
|
||||
imports = [
|
||||
"${runner-src}/gitlab-runner.nix"
|
||||
];
|
||||
services.gitlab-runner2.enable = true;
|
||||
## registrationConfigurationFile contains:
|
||||
# CI_SERVER_URL=<CI server URL>
|
||||
# REGISTRATION_TOKEN=<registration secret>
|
||||
services.gitlab-runner2.registrationConfigFile = <secrets/shackspace-gitlab-ci>;
|
||||
}
|
39
krebs/2configs/shack/netbox.nix
Normal file
39
krebs/2configs/shack/netbox.nix
Normal file
@ -0,0 +1,39 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = [ pkgs.docker-compose ];
|
||||
virtualisation.docker.enable = true;
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."netbox.shack".locations."/".proxyPass = "http://localhost:18080";
|
||||
};
|
||||
# we store the netbox config there:
|
||||
# state = [ "/var/lib/netbox" ];
|
||||
systemd.services.backup-netbox = {
|
||||
after = [ "netbox-docker-compose.service" ];
|
||||
startAt = "daily";
|
||||
path = with pkgs; [ docker-compose docker gzip coreutils ];
|
||||
script = ''
|
||||
cd /var/lib/netbox
|
||||
mkdir -p backup
|
||||
docker-compose exec -T -upostgres postgres pg_dumpall \
|
||||
| gzip > backup/netdata_$(date -Iseconds).dump.gz
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.netbox-docker-compose = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" "docker.service" ];
|
||||
environment.VERSION = "v2.5.13";
|
||||
serviceConfig = {
|
||||
WorkingDirectory = "/var/lib/netbox";
|
||||
# TODO: grep -q NAPALM_SECRET env/netbox.env
|
||||
# TODO: grep -q NAPALM_SECRET netbox-netprod-importer/switches.yml
|
||||
ExecStartPre = "${pkgs.docker-compose}/bin/docker-compose pull";
|
||||
ExecStart = "${pkgs.docker-compose}/bin/docker-compose up";
|
||||
Restart = "always";
|
||||
RestartSec = "10";
|
||||
StartLimitIntervalSec = 60;
|
||||
StartLimitBurst = 3;
|
||||
};
|
||||
};
|
||||
}
|
37
krebs/3modules/external/default.nix
vendored
37
krebs/3modules/external/default.nix
vendored
@ -43,6 +43,31 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
wilde = {
|
||||
owner = config.krebs.users.kmein;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.2.4";
|
||||
aliases = [ "wilde.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk
|
||||
g/V58MATljj+2bmOuOuPui/AUYHEZX759lHW4MgLjYdNbZEoVq8UgkxNk0KPGlSg
|
||||
2lsJ7FneCU7jBSE2iLT1aHuNFFa56KzSThFUl6Nj6Vyg5ghSmDF2tikurtG2q+Ay
|
||||
uxf5/yEhFUPc1ZxmvJDqVHMeW5RZkuKXH00C7yN+gdcPuuFEFq+OtHNkBVmaxu7L
|
||||
a8Q6b/QbrwQJAR9FAcm5WSQIj2brv50qnD8pZrU4loVu8dseQIicWkRowC0bzjAo
|
||||
IHZTbF/S+CK0u0/q395sWRQJISkD+WAZKz5qOGHc4djJHBR3PWgHWBnRdkYqlQYM
|
||||
C9zA/n4I+Y2BEfTWtgkD2g0dDssNGP5dlgFScGmRclR9pJ/7dsIbIeo9C72c6q3q
|
||||
sg0EIWggQ8xyWrUTXIMoDXt37htlTSnTgjGsuwRzjotAEMJmgynWRf3br3yYChrq
|
||||
10Exq8Lej+iOuKbdAXlwjKEk0qwN7JWft3OzVc2DMtKf7rcZQkBoLfWKzaCTQ4xo
|
||||
1Y7d4OlcjbgrkLwHltTaShyosm8kbttdeinyBG1xqQcK11pMO43GFj8om+uKrz57
|
||||
lQUVipu6H3WIVGnvLmr0e9MQfThpC1em/7Aq2exn1JNUHhCdEho/mK2x/doiiI+0
|
||||
QAD64zPmuo9wsHnSMR2oKs0CAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
dpdkm = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = rec {
|
||||
@ -241,6 +266,13 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
rilke = {
|
||||
owner = config.krebs.users.kmein;
|
||||
nets.wiregrill = {
|
||||
aliases = [ "rilke.w" ];
|
||||
wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ=";
|
||||
};
|
||||
};
|
||||
rock = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = {
|
||||
@ -487,10 +519,13 @@ in {
|
||||
mail = "shackspace.de@myvdr.de";
|
||||
pubkey = ssh-for "ulrich";
|
||||
};
|
||||
"0x4a6f" = {
|
||||
mail = "0x4a6f@shackspace.de";
|
||||
pubkey = ssh-for "0x4a6f";
|
||||
};
|
||||
miaoski = {
|
||||
};
|
||||
filly = {
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
6
krebs/3modules/external/palo.nix
vendored
6
krebs/3modules/external/palo.nix
vendored
@ -34,7 +34,10 @@ in {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.23.3";
|
||||
tinc.port = 720;
|
||||
aliases = [ "kruck.r" ];
|
||||
aliases = [
|
||||
"kruck.r"
|
||||
"video.kruck.r"
|
||||
];
|
||||
tinc.pubkey = tinc-for "palo";
|
||||
};
|
||||
};
|
||||
@ -49,6 +52,7 @@ in {
|
||||
tinc.pubkey = tinc-for "palo";
|
||||
};
|
||||
};
|
||||
syncthing.id = "FLY7DHI-TJLEQBJ-JZNC4YV-NBX53Z2-ZBRWADL-BKSFXYZ-L4FMDVH-MOSEVAQ";
|
||||
};
|
||||
workhorse = {
|
||||
owner = config.krebs.users.palo;
|
||||
|
1
krebs/3modules/external/ssh/0x4a6f.pub
vendored
Normal file
1
krebs/3modules/external/ssh/0x4a6f.pub
vendored
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMoQSUz0wcV8tnTKsYO3sO6XG6EHap8R63ihfMHkxPS
|
@ -35,6 +35,7 @@ in {
|
||||
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
||||
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
io 60 IN NS ions.lassul.us.
|
||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
|
@ -143,11 +143,19 @@ in {
|
||||
ci = true;
|
||||
cores = 4;
|
||||
nets = {
|
||||
lan = {
|
||||
ip4.addr = "192.168.8.11";
|
||||
aliases = [
|
||||
"wbob.lan"
|
||||
"log.wbob.lan"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.214.15";
|
||||
aliases = [
|
||||
"wbob.r"
|
||||
"hydra.wbob.r"
|
||||
"log.wbob.r"
|
||||
];
|
||||
};
|
||||
};
|
||||
@ -182,6 +190,7 @@ in {
|
||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||
wikisearch IN A ${nets.internet.ip4.addr}
|
||||
io IN NS gum.krebsco.de.
|
||||
mediengewitter IN CNAME over.dose.io.
|
||||
'';
|
||||
};
|
||||
cores = 8;
|
||||
@ -196,13 +205,13 @@ in {
|
||||
};
|
||||
wiregrill = {
|
||||
via = internet;
|
||||
ip4.addr = "10.244.245.1";
|
||||
ip6.addr = w6 "1";
|
||||
wireguard = {
|
||||
subnets = [
|
||||
(krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
|
||||
wireguard.port = 51821;
|
||||
wireguard.subnets = [
|
||||
(krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
|
||||
];
|
||||
};
|
||||
"10.244.245.0/24" # required for routing directly to gum via rockit
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
@ -247,7 +256,6 @@ in {
|
||||
cores = 1;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
mediengewitter IN A ${nets.internet.ip4.addr}
|
||||
flap IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
@ -281,6 +289,10 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
rockit = rec { # router@home
|
||||
cores = 1;
|
||||
nets.wiregrill.ip4.addr = "10.244.245.2";
|
||||
};
|
||||
|
||||
senderechner = rec {
|
||||
cores = 2;
|
||||
|
@ -1 +1 @@
|
||||
yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=
|
||||
A7UPKSUaCZaJ9hXv6X4jvcZ+5X+PlS1EmCwxlLBAKH0=
|
||||
|
1
krebs/3modules/makefu/wiregrill/rockit.pub
Normal file
1
krebs/3modules/makefu/wiregrill/rockit.pub
Normal file
@ -0,0 +1 @@
|
||||
YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc=
|
@ -3,7 +3,6 @@ with import <stockholm/lib>;
|
||||
|
||||
hostDefaults = hostName: host: flip recursiveUpdate host {
|
||||
ci = true;
|
||||
monitoring = true;
|
||||
owner = config.krebs.users.mb;
|
||||
};
|
||||
|
||||
@ -63,6 +62,59 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
gr33n = {
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.42.123";
|
||||
aliases = [
|
||||
"gr33n.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqecLfk8TlGFF7JJpv8
|
||||
kjLFNgoNfu9FYRMNG4GSxWL5w+49n6b+GC5ciOC+RJ+N56jfB9JYE0MtbuOmkY5M
|
||||
JUphuvgOCNhTbBJsjnmG9n02evpxZn9HWypNC3oQCvY2K7vHpIxGKR5PyTVKPO0P
|
||||
OOYKAbCLD9F2bmuLaBQ/dFXFQxfu3tjvJI9mYDWBpSkh1mYeMZLw2xxnRZLs0bEO
|
||||
ZWdzxCh9UM/mgb4WYuNED9+sz7MSsaMPAqquarFCguUxhjp6rElGFcNWjXaxA5zt
|
||||
JGS6VompUViVSHjSaQ5/3VRKoIQjr4NOFYQqLpmB5S2OpiggV6I9OpB7QUGlvcYd
|
||||
I3j+1AeK11HuEyPqSwxjNCCrI12bSIo3685BPHbl+AMhWGhzrCkAGcOCbAefreXQ
|
||||
5v4SaKUIDlCYhN+vyNdlu2jvqQlxfJrPAfBt+jJBK6gMcAEKc7P/Oj4B9Fsl331X
|
||||
s0kWH5G9t6OhO/Of8/kb2/P+YEbM6zi1QQdZAOr6Cg0y4cMt9zxLWknaM4yEDAXH
|
||||
oSM33PTv9DOvBjfxRXqOHqOHRq5ayqZdIFgfLUlPTdbWRkhNzjG8f7k7p32m20A6
|
||||
Kal+OF//I2c9E9vKFzyepyTcnwi3B8+cFJ74+XYaNApdwHSb1BU/+c3O9RJExZGV
|
||||
jtTSbSJHU5esECtAuXy1XH8CAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
sunsh1n3 = {
|
||||
ci = false;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.42.142";
|
||||
aliases = [
|
||||
"sunsh1n3.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo2VCqp6mUbyo3n+1XpKf
|
||||
QavpgRYQyv9wAZzYSYHjxThuLmNb/wERPbWJFMZfAGuku0blKWJISSgFWd9YL7dU
|
||||
pZQZxfqo/9xnS/r0xIKrKSsBiTZt7JZmTQzj1ri11TIO0S1QPjIP5HsxlZZAw0nz
|
||||
idEDlKmgWs74FPdezlXqvJyEUKDqL/ZQBtdhZZIDMkSJnCdBzXxKwv+uLVE46ZBf
|
||||
4HrtQjcj+dyVMogMIoseAgf5lS6V3pyCM7/NHZFxrIxoIAxSsUoB59i2EbK6aUK5
|
||||
yuiWHI6ZHToxN2K/0SX96hzxcwrUmdk49tTHBY0Zhn2ku6NjQPU3LuxgIwrSaSJD
|
||||
/KWh6XkqR7EsCVN0AIsLvFelI2ckSyNyAlnYbMAHDt7GwHlNp4Lsy+x4ZQ6m0xTY
|
||||
Z+/jt6sfoMiulPcwWEpqNCCf5A65lF77DldQhH3qYrdQ756n/kOqSfQtPCnVNYXy
|
||||
LlN5rKCOgxKxxtKkwMUif2OM9RPHpM7wS09Rvek6zpL9ymhU5THF7UylLKxKGjYj
|
||||
6dTooyRVQRJdrwIYLrJIy0MfGyYiGAJxf/C0KOOZnJPCW2b51+bo5Zh+BhKZYN8H
|
||||
C2DEGc8+4h5hX1TAaUfTpfVm3mMTh8H2m9N8Pdl5ji+A0m0IwHDLQyaoskcxSjvU
|
||||
9IxYLfkSD6AJqasnHlz0L08CAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
users = {
|
||||
mb = {
|
||||
|
@ -24,7 +24,7 @@ let
|
||||
getApiKey = pkgs.writeDash "getAPIKey" ''
|
||||
${pkgs.libxml2}/bin/xmllint \
|
||||
--xpath 'string(configuration/gui/apikey)'\
|
||||
${scfg.dataDir}/config.xml
|
||||
${scfg.configDir}/config.xml
|
||||
'';
|
||||
|
||||
updateConfig = pkgs.writeDash "merge-syncthing-config" ''
|
||||
@ -47,14 +47,20 @@ let
|
||||
}
|
||||
|
||||
old_config=$(_curl /system/config)
|
||||
patch=${shell.escape (toJSON {
|
||||
new_config=${shell.escape (toJSON {
|
||||
inherit devices folders;
|
||||
})}
|
||||
new_config=$(${pkgs.jq}/bin/jq -en \
|
||||
--argjson old_config "$old_config" \
|
||||
--argjson patch "$patch" \
|
||||
--argjson new_config "$new_config" \
|
||||
'
|
||||
$old_config * $patch
|
||||
$old_config * $new_config
|
||||
${optionalString (!kcfg.overridePeers) ''
|
||||
* { devices: $old_config.devices }
|
||||
''}
|
||||
${optionalString (!kcfg.overrideFolders) ''
|
||||
* { folders: $old_config.folders }
|
||||
''}
|
||||
'
|
||||
)
|
||||
echo $new_config | _curl /system/config -d @-
|
||||
@ -68,11 +74,6 @@ in
|
||||
|
||||
enable = mkEnableOption "syncthing-init";
|
||||
|
||||
id = mkOption {
|
||||
type = types.str;
|
||||
default = config.krebs.build.host.name;
|
||||
};
|
||||
|
||||
cert = mkOption {
|
||||
type = types.nullOr types.absolute-pathname;
|
||||
default = null;
|
||||
@ -83,6 +84,13 @@ in
|
||||
default = null;
|
||||
};
|
||||
|
||||
overridePeers = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to delete the peers which are not configured via the peers option
|
||||
'';
|
||||
};
|
||||
peers = mkOption {
|
||||
default = {};
|
||||
type = types.attrsOf (types.submodule ({
|
||||
@ -103,6 +111,13 @@ in
|
||||
}));
|
||||
};
|
||||
|
||||
overrideFolders = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to delete the folders which are not configured via the peers option
|
||||
'';
|
||||
};
|
||||
folders = mkOption {
|
||||
default = {};
|
||||
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||
@ -163,14 +178,14 @@ in
|
||||
systemd.services.syncthing = mkIf (kcfg.cert != null || kcfg.key != null) {
|
||||
preStart = ''
|
||||
${optionalString (kcfg.cert != null) ''
|
||||
cp ${toString kcfg.cert} ${scfg.dataDir}/cert.pem
|
||||
chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/cert.pem
|
||||
chmod 400 ${scfg.dataDir}/cert.pem
|
||||
cp ${toString kcfg.cert} ${scfg.configDir}/cert.pem
|
||||
chown ${scfg.user}:${scfg.group} ${scfg.configDir}/cert.pem
|
||||
chmod 400 ${scfg.configDir}/cert.pem
|
||||
''}
|
||||
${optionalString (kcfg.key != null) ''
|
||||
cp ${toString kcfg.key} ${scfg.dataDir}/key.pem
|
||||
chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/key.pem
|
||||
chmod 400 ${scfg.dataDir}/key.pem
|
||||
cp ${toString kcfg.key} ${scfg.configDir}/key.pem
|
||||
chown ${scfg.user}:${scfg.group} ${scfg.configDir}/key.pem
|
||||
chmod 400 ${scfg.configDir}/key.pem
|
||||
''}
|
||||
'';
|
||||
};
|
||||
|
@ -1,5 +1,4 @@
|
||||
{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft
|
||||
, X11-xshape, xmonad, xmonad-contrib
|
||||
{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft , X11-xshape, xmonad, xmonad-contrib
|
||||
}:
|
||||
mkDerivation rec {
|
||||
pname = "xmonad-stockholm";
|
||||
|
@ -50,7 +50,7 @@
|
||||
{
|
||||
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
|
||||
secrets = if test then {
|
||||
file = toString <stockholm/krebs/0tests/data/secrets>;
|
||||
file = toString ./0tests/data/secrets;
|
||||
} else {
|
||||
pass = {
|
||||
dir = "${lib.getEnv "HOME"}/brain";
|
||||
|
@ -1,7 +1,7 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs-channels",
|
||||
"rev": "cf3e277dd0bd710af0df667e9364f4bd80c72713",
|
||||
"date": "2019-04-24T23:55:21+02:00",
|
||||
"sha256": "1abyadl3sxf67yi65758hq6hf2j07afgp1fmkk7kd94dadx6r6f4",
|
||||
"rev": "d77e3bd661354ea775a8cacc97bb59ddde513c09",
|
||||
"date": "2019-06-18T23:08:17+02:00",
|
||||
"sha256": "1m82zs00n6nc0pkdpmd9amm013qxwksjfhzcm6gck3p469q7n866",
|
||||
"fetchSubmodules": false
|
||||
}
|
||||
|
@ -57,6 +57,8 @@ with import <stockholm/lib>;
|
||||
{
|
||||
krebs.per-user.bitcoin.packages = [
|
||||
pkgs.electrum
|
||||
pkgs.electron-cash
|
||||
pkgs.altcoins.litecoin
|
||||
];
|
||||
users.extraUsers = {
|
||||
bitcoin = {
|
||||
|
@ -49,14 +49,31 @@ with import <stockholm/lib>;
|
||||
];
|
||||
}
|
||||
{
|
||||
krebs.syncthing.folders."the_playlist" = {
|
||||
path = "/home/lass/tmp/the_playlist";
|
||||
peers = [ "mors" "phone" "prism" ];
|
||||
krebs.syncthing = {
|
||||
peers.schasch.addresses = [ "schasch.r:22000" ];
|
||||
folders = {
|
||||
the_playlist = {
|
||||
path = "/home/lass/tmp/the_playlist";
|
||||
peers = [ "mors" "phone" "prism" ];
|
||||
};
|
||||
free_music = {
|
||||
id = "mu9mn-zgvsw";
|
||||
path = "/home/lass/tmp/free_music";
|
||||
peers = [ "mors" "schasch" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
krebs.permown."/home/lass/tmp/the_playlist" = {
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
krebs.permown = {
|
||||
"/home/lass/tmp/free_music" = {
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
};
|
||||
"/home/lass/tmp/the_playlist" = {
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
|
@ -22,7 +22,7 @@
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:72:f4:88", NAME="wl0"
|
||||
SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:c4:7a:f1", NAME="et0"
|
||||
'';
|
||||
|
||||
|
@ -195,6 +195,7 @@ with import <stockholm/lib>;
|
||||
};
|
||||
}
|
||||
<stockholm/lass/2configs/minecraft.nix>
|
||||
<stockholm/lass/2configs/codimd.nix>
|
||||
{
|
||||
services.taskserver = {
|
||||
enable = true;
|
||||
@ -382,7 +383,7 @@ with import <stockholm/lib>;
|
||||
'';
|
||||
|
||||
fileSystems."/export/download" = {
|
||||
device = "/var/lib/containers/yellow/var/download";
|
||||
device = "/var/lib/containers/yellow/var/download/finished";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
services.nfs.server = {
|
||||
@ -395,6 +396,12 @@ with import <stockholm/lib>;
|
||||
statdPort = 4000;
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
|
||||
{ predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
|
||||
{ predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
|
||||
{ predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
|
||||
@ -456,4 +463,10 @@ with import <stockholm/lib>;
|
||||
enable = true;
|
||||
freeMemThreshold = 5;
|
||||
};
|
||||
|
||||
# prism rsa hack
|
||||
services.openssh.hostKeys = [{
|
||||
path = toString <secrets> + "ssh.id_rsa";
|
||||
type = "rsa";
|
||||
}];
|
||||
}
|
||||
|
@ -66,7 +66,6 @@ in {
|
||||
extensions = [
|
||||
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
|
||||
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
|
||||
"liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold
|
||||
];
|
||||
};
|
||||
|
||||
|
28
lass/2configs/codimd.nix
Normal file
28
lass/2configs/codimd.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
services.nginx.virtualHosts.codimd = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
serverName = "codi.lassul.us";
|
||||
locations."/".extraConfig = ''
|
||||
client_max_body_size 4G;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://localhost:3091;
|
||||
'';
|
||||
};
|
||||
|
||||
services.codimd = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
db = {
|
||||
dialect = "sqlite";
|
||||
storage = "/var/lib/codimd/db.codimd.sqlite";
|
||||
useCDN = false;
|
||||
};
|
||||
port = 3091;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -103,6 +103,9 @@ with import <stockholm/lib>;
|
||||
{ from = "lobsters@lassul.us"; to = lass.mail; }
|
||||
{ from = "fysitech@lassul.us"; to = lass.mail; }
|
||||
{ from = "threema@lassul.us"; to = lass.mail; }
|
||||
{ from = "ubisoft@lassul.us"; to = lass.mail; }
|
||||
{ from = "kottezeller@lassul.us"; to = lass.mail; }
|
||||
{ from = "pie@lassul.us"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
|
@ -15,6 +15,8 @@
|
||||
};
|
||||
};
|
||||
networking.networkmanager = {
|
||||
ethernet.macAddress = "random";
|
||||
wifi.macAddress = "random";
|
||||
enable = true;
|
||||
unmanaged = [
|
||||
"docker*"
|
||||
|
@ -97,12 +97,17 @@ in {
|
||||
|
||||
services.icecast = {
|
||||
enable = true;
|
||||
hostname = "config.krebs.build.host.name";
|
||||
hostname = "radio.lassul.us";
|
||||
admin.password = admin-password;
|
||||
extraConf = ''
|
||||
<authentication>
|
||||
<source-password>${source-password}</source-password>
|
||||
</authentication>
|
||||
<mount>
|
||||
<mount-name>/radio.mp3</mount-name>
|
||||
<password>${source-password}</password>
|
||||
</mount>
|
||||
<mount>
|
||||
<mount-name>/radio.ogg</mount-name>
|
||||
<password>${source-password}</password>
|
||||
</mount>
|
||||
'';
|
||||
};
|
||||
|
||||
@ -194,8 +199,8 @@ in {
|
||||
workdir = config.krebs.reaktor2.the_playlist.stateDir;
|
||||
hooks.PRIVMSG = [
|
||||
{
|
||||
activate = "match";
|
||||
pattern = ''!([^ ]+)(?:\s*(.*))?'';
|
||||
#activate = "match";
|
||||
pattern = "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$";
|
||||
command = 1;
|
||||
arguments = [2];
|
||||
commands = {
|
||||
@ -218,6 +223,11 @@ in {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://localhost:8000;
|
||||
'';
|
||||
locations."/recent".extraConfig = ''
|
||||
|
@ -20,8 +20,10 @@
|
||||
"prism"
|
||||
"gum"
|
||||
"ni"
|
||||
"dishfire"
|
||||
];
|
||||
extraConfig = ''
|
||||
LocalDiscovery = yes
|
||||
'';
|
||||
};
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
|
@ -1,5 +1,7 @@
|
||||
{ config, pkgs, ... }: with import <stockholm/lib>; let
|
||||
peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
|
||||
all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
|
||||
own_peers = filterAttrs (n: v: v.owner.name == "lass") all_peers;
|
||||
mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
|
||||
in {
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
@ -14,8 +16,8 @@ in {
|
||||
enable = true;
|
||||
cert = toString <secrets/syncthing.cert>;
|
||||
key = toString <secrets/syncthing.key>;
|
||||
peers = peers;
|
||||
folders."/home/lass/sync".peers = attrNames peers;
|
||||
peers = mk_peers all_peers;
|
||||
folders."/home/lass/sync".peers = attrNames (filterAttrs (n: v: n != "phone") own_peers);
|
||||
};
|
||||
|
||||
system.activationScripts.syncthing-home = ''
|
||||
@ -23,8 +25,9 @@ in {
|
||||
'';
|
||||
|
||||
krebs.permown."/home/lass/sync" = {
|
||||
file-mode = "u+rw,g+rw";
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
umask = "0002";
|
||||
};
|
||||
}
|
||||
|
@ -11,6 +11,9 @@ let
|
||||
(hiPrio (pkgs.python3.withPackages (ps: [
|
||||
ps.python-language-server
|
||||
ps.pyls-isort
|
||||
ps.pyflakes
|
||||
ps.flake8
|
||||
ps.yapf
|
||||
])))
|
||||
];
|
||||
|
||||
@ -72,10 +75,6 @@ let
|
||||
|
||||
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
|
||||
|
||||
"Syntastic config
|
||||
"let g:syntastic_python_checkers=['flake8']
|
||||
"let g:syntastic_python_flake8_post_args='--ignore=E501'
|
||||
|
||||
nnoremap <F5> :call LanguageClient_contextMenu()<CR>
|
||||
set hidden
|
||||
let g:LanguageClient_serverCommands = {
|
||||
@ -83,7 +82,10 @@ let
|
||||
\ 'go': ['~/go/bin/go-langserver']
|
||||
\ }
|
||||
|
||||
let g:LanguageClient_diagnosticsDisplay = { 2: { "signText": "W" } }
|
||||
let g:LanguageClient_diagnosticsDisplay = {
|
||||
\ 1: { "signText": "E" },
|
||||
\ 2: { "signText": "W" }
|
||||
\ }
|
||||
|
||||
nmap <esc>q :buffer
|
||||
nmap <M-q> :buffer
|
||||
@ -126,7 +128,6 @@ let
|
||||
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
||||
pkgs.vimPlugins.ack-vim
|
||||
pkgs.vimPlugins.Gundo
|
||||
#pkgs.vimPlugins.Syntastic
|
||||
pkgs.vimPlugins.undotree
|
||||
pkgs.vimPlugins.vim-go
|
||||
pkgs.vimPlugins.fzf-vim
|
||||
|
@ -26,6 +26,7 @@ in {
|
||||
./default.nix
|
||||
./sqlBackup.nix
|
||||
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
|
||||
(servePage [ "jarugadesign.de" "www.jarugadesign.de" ])
|
||||
(servePage [
|
||||
"freemonkey.art"
|
||||
"www.freemonkey.art"
|
||||
@ -93,6 +94,7 @@ in {
|
||||
hostName = "o.xanf.org";
|
||||
config = {
|
||||
adminpassFile = toString <secrets> + "/nextcloud_pw";
|
||||
overwriteProtocol = "https";
|
||||
};
|
||||
https = true;
|
||||
nginx.enable = true;
|
||||
@ -141,6 +143,7 @@ in {
|
||||
{ from = "akayguen@freemonkey.art"; to ="akayguen"; }
|
||||
{ from = "bui@freemonkey.art"; to ="bui"; }
|
||||
{ from = "kontakt@alewis.de"; to ="klabusterbeere"; }
|
||||
{ from = "hallo@jarugadesign.de"; to ="kasia"; }
|
||||
|
||||
{ from = "testuser@lassul.us"; to = "testuser"; }
|
||||
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
|
||||
@ -150,6 +153,7 @@ in {
|
||||
"ubikmedia.eu"
|
||||
"ubikmedia.de"
|
||||
"alewis.de"
|
||||
"jarugadesign.de"
|
||||
];
|
||||
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
|
||||
ssl_key = "/var/lib/acme/lassul.us/key.pem";
|
||||
@ -234,7 +238,18 @@ in {
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
krebs.on-failure.plans.restic-backups-domsen = {};
|
||||
users.users.kasia = {
|
||||
uid = genid_uint31 "kasia";
|
||||
home = "/home/kasia";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
krebs.on-failure.plans.restic-backups-domsen = {
|
||||
journalctl = {
|
||||
lines = 1000;
|
||||
};
|
||||
};
|
||||
services.restic.backups.domsen = {
|
||||
initialize = true;
|
||||
extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
|
||||
@ -247,11 +262,41 @@ in {
|
||||
"/home/ms/Mail"
|
||||
"/home/klabusterbeere/Mail"
|
||||
"/home/jms/Mail"
|
||||
"/home/kasia/Mail"
|
||||
"/home/bruno/Mail"
|
||||
"/home/akayguen/Mail"
|
||||
"/backups/sql_dumps"
|
||||
];
|
||||
};
|
||||
|
||||
boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576";
|
||||
krebs.permown = {
|
||||
"/srv/http/ubikmedia.de" = {
|
||||
owner = "domsen";
|
||||
group = "nginx";
|
||||
umask = "0007";
|
||||
};
|
||||
"/srv/http/o.ubikmedia.de" = {
|
||||
owner = "domsen";
|
||||
group = "nginx";
|
||||
umask = "0007";
|
||||
};
|
||||
"/srv/http/freemonkey.art" = {
|
||||
owner = "domsen";
|
||||
group = "nginx";
|
||||
umask = "0002";
|
||||
};
|
||||
"/srv/http/jarugadesign.de" = {
|
||||
owner = "domsen";
|
||||
group = "nginx";
|
||||
umask = "0002";
|
||||
};
|
||||
"/srv/http/reich-gebaeudereinigung.de" = {
|
||||
owner = "domsen";
|
||||
group = "nginx";
|
||||
umask = "0002";
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
130
mb/1systems/gr33n/configuration.nix
Normal file
130
mb/1systems/gr33n/configuration.nix
Normal file
@ -0,0 +1,130 @@
|
||||
{ config, pkgs, callPackage, ... }: let
|
||||
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
|
||||
in {
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
<stockholm/mb>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.gr33n;
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
|
||||
fileSystems."/mnt/public" = {
|
||||
device = "//192.168.0.4/public";
|
||||
fsType = "cifs";
|
||||
options = let
|
||||
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
|
||||
in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
|
||||
};
|
||||
|
||||
i18n = {
|
||||
consoleFont = "Lat2-Terminus16";
|
||||
consoleKeyMap = "de";
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
nixpkgs.config.packageOverrides = super: {
|
||||
openvpn = super.openvpn.override {
|
||||
pkcs11Support = true;
|
||||
useSystemd = false;
|
||||
};
|
||||
};
|
||||
|
||||
environment.shellAliases = {
|
||||
ll = "ls -alh";
|
||||
ls = "ls --color=tty";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
curl
|
||||
fish
|
||||
git
|
||||
htop
|
||||
nmap
|
||||
ranger
|
||||
tcpdump
|
||||
tmux
|
||||
traceroute
|
||||
tree
|
||||
vim
|
||||
wcalc
|
||||
wget
|
||||
xz
|
||||
];
|
||||
|
||||
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
|
||||
sound.enable = false;
|
||||
|
||||
services.openssh.enable = true;
|
||||
services.openssh.passwordAuthentication = false;
|
||||
|
||||
networking.wireless.enable = false;
|
||||
networking.networkmanager.enable = false;
|
||||
krebs.iptables.enable = true;
|
||||
networking.enableIPv6 = false;
|
||||
|
||||
programs.fish = {
|
||||
enable = true;
|
||||
shellInit = ''
|
||||
function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
|
||||
if begin
|
||||
set -q SSH_AGENT_PID
|
||||
and kill -0 $SSH_AGENT_PID
|
||||
and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
|
||||
end
|
||||
echo "ssh-agent running on pid $SSH_AGENT_PID"
|
||||
else
|
||||
eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
|
||||
end
|
||||
set -l identity $HOME/.ssh/id_rsa
|
||||
set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
|
||||
ssh-add -l | grep -q $fingerprint
|
||||
or ssh-add $identity
|
||||
end
|
||||
'';
|
||||
promptInit = ''
|
||||
function fish_prompt --description 'Write out the prompt'
|
||||
set -l color_cwd
|
||||
set -l suffix
|
||||
set -l nix_shell_info (
|
||||
if test "$IN_NIX_SHELL" != ""
|
||||
echo -n " <nix-shell>"
|
||||
end
|
||||
)
|
||||
switch "$USER"
|
||||
case root toor
|
||||
if set -q fish_color_cwd_root
|
||||
set color_cwd $fish_color_cwd_root
|
||||
else
|
||||
set color_cwd $fish_color_cwd
|
||||
end
|
||||
set suffix '#'
|
||||
case '*'
|
||||
set color_cwd $fish_color_cwd
|
||||
set suffix '>'
|
||||
end
|
||||
|
||||
echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
|
||||
end
|
||||
'';
|
||||
};
|
||||
|
||||
nix.buildCores = 4;
|
||||
system.autoUpgrade.enable = false;
|
||||
system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
|
||||
system.stateVersion = "19.03";
|
||||
|
||||
}
|
37
mb/1systems/gr33n/hardware-configuration.nix
Normal file
37
mb/1systems/gr33n/hardware-configuration.nix
Normal file
@ -0,0 +1,37 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
boot.initrd.mdadmConf = ''
|
||||
ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 name=gr33n:0 UUID=5b715fd9:0be6bfa6:19f07db4:c16836d6
|
||||
devices=/dev/sda1,/dev/sdb1,/dev/sdc1,/dev/sdd1
|
||||
'';
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/a9f2c19b-f60f-450c-87f1-146a54c4198b";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/storage" =
|
||||
{ device = "/dev/disk/by-label/storage";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/93EB-BCA3";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
}
|
@ -27,15 +27,13 @@ in {
|
||||
|
||||
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
|
||||
fileSystems."/mnt/public" = {
|
||||
device = "//192.168.88.252/public";
|
||||
device = "//192.168.0.4/public";
|
||||
fsType = "cifs";
|
||||
options = let
|
||||
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
|
||||
in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
|
||||
};
|
||||
|
||||
#networking.hostName = "0r4n93";
|
||||
networking.wireless.enable = false;
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n = {
|
||||
@ -132,7 +130,6 @@ in {
|
||||
vulnix
|
||||
wcalc
|
||||
wget
|
||||
wireshark-gtk
|
||||
xz
|
||||
];
|
||||
|
||||
@ -151,6 +148,8 @@ in {
|
||||
|
||||
sound.enable = true;
|
||||
hardware.pulseaudio.enable = true;
|
||||
hardware.pulseaudio.support32Bit = true;
|
||||
nixpkgs.config.pulseaudio = true;
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
@ -173,7 +172,9 @@ in {
|
||||
#services.openssh.permitRootLogin = "yes";
|
||||
services.openssh.passwordAuthentication = false;
|
||||
|
||||
networking.wireless.enable = false;
|
||||
networking.networkmanager.enable = false;
|
||||
krebs.iptables.enable = true;
|
||||
#networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
|
||||
networking.enableIPv6 = false;
|
||||
|
||||
|
@ -22,14 +22,13 @@ in {
|
||||
];
|
||||
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
|
||||
fileSystems."/mnt/public" = {
|
||||
device = "//192.168.88.252/public";
|
||||
device = "//192.168.0.4/public";
|
||||
fsType = "cifs";
|
||||
options = let
|
||||
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
|
||||
in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
|
||||
};
|
||||
|
||||
networking.wireless.enable = true;
|
||||
|
||||
i18n = {
|
||||
consoleFont = "Lat2-Terminus16";
|
||||
@ -143,11 +142,12 @@ in {
|
||||
|
||||
sound.enable = true;
|
||||
hardware.pulseaudio.enable = true;
|
||||
hardware.pulseaudio.support32Bit = true;
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
layout = "de";
|
||||
xkbOptions = "neo";
|
||||
xkbOptions = "nodeadkeys";
|
||||
libinput.enable = true;
|
||||
desktopManager = {
|
||||
default = "xfce";
|
||||
@ -164,7 +164,9 @@ in {
|
||||
services.openssh.enable = true;
|
||||
services.openssh.passwordAuthentication = false;
|
||||
|
||||
krebs.iptables.enable = true;
|
||||
networking.networkmanager.enable = false;
|
||||
networking.wireless.enable = true;
|
||||
networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
|
||||
networking.enableIPv6 = false;
|
||||
|
||||
|
@ -49,7 +49,7 @@ with import <stockholm/lib>;
|
||||
build.user = config.krebs.users.mb;
|
||||
};
|
||||
|
||||
users.mutableUsers = false;
|
||||
users.mutableUsers = true;
|
||||
|
||||
services.timesyncd.enable = mkForce true;
|
||||
|
||||
@ -67,6 +67,7 @@ with import <stockholm/lib>;
|
||||
environment.systemPackages = with pkgs; [
|
||||
#stockholm
|
||||
git
|
||||
git-preview
|
||||
gnumake
|
||||
jq
|
||||
parallel
|
||||
|
Loading…
Reference in New Issue
Block a user