Merge remote-tracking branch 'cloudkrebs/master'
This commit is contained in:
commit
8e93530796
@ -84,6 +84,7 @@ let
|
||||
imp = mkMerge [
|
||||
{ krebs = import ./lass { inherit lib; }; }
|
||||
{ krebs = import ./makefu { inherit lib; }; }
|
||||
{ krebs = import ./miefda { inherit lib; }; }
|
||||
{ krebs = import ./mv { inherit lib; }; }
|
||||
{ krebs = import ./shared { inherit lib; }; }
|
||||
{ krebs = import ./tv { inherit lib; }; }
|
||||
|
@ -4,6 +4,37 @@ with lib;
|
||||
|
||||
{
|
||||
hosts = {
|
||||
dishfire = {
|
||||
cores = 4;
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["144.76.172.188"];
|
||||
aliases = [
|
||||
"dishfire.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.133.99"];
|
||||
addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"];
|
||||
aliases = [
|
||||
"dishfire.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
|
||||
Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
|
||||
uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
|
||||
R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
|
||||
vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
|
||||
HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
|
||||
};
|
||||
echelon = {
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
@ -190,32 +221,46 @@ with lib;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
|
||||
};
|
||||
schnabel-ap = {
|
||||
helios = {
|
||||
cores = 2;
|
||||
nets = {
|
||||
gg23 = {
|
||||
addrs4 = ["10.23.1.20"];
|
||||
aliases = ["schnabel-ap.gg23"];
|
||||
};
|
||||
};
|
||||
};
|
||||
Reichsfunk-ap = {
|
||||
nets = {
|
||||
gg23 = {
|
||||
addrs4 = ["10.23.1.10"];
|
||||
aliases = ["Reichsfunk-ap.gg23"];
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.0.3"];
|
||||
addrs6 = ["42:0:0:0:0:0:0:7105"];
|
||||
aliases = [
|
||||
"helios.retiolum"
|
||||
"cgit.helios.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y
|
||||
Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq
|
||||
5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I
|
||||
oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB
|
||||
hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP
|
||||
Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7";
|
||||
};
|
||||
|
||||
};
|
||||
users = {
|
||||
lass = {
|
||||
pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
|
||||
mail = "lass@mors.retiolum";
|
||||
};
|
||||
uriel = {
|
||||
pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
|
||||
lass-uriel = {
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
|
||||
mail = "lass@uriel.retiolum";
|
||||
};
|
||||
lass-helios = {
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios";
|
||||
mail = "lass@helios.retiolum";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
39
krebs/3modules/miefda/default.nix
Normal file
39
krebs/3modules/miefda/default.nix
Normal file
@ -0,0 +1,39 @@
|
||||
{ lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
hosts = {
|
||||
bobby = {
|
||||
cores = 4;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.111.112"];
|
||||
addrs6 = ["42:0:0:0:0:0:111:112"];
|
||||
aliases = [
|
||||
"bobby.retiolum"
|
||||
"cgit.bobby.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
|
||||
uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
|
||||
Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
|
||||
0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
|
||||
jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
|
||||
cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
#ssh.privkey.path = <secrets/ssh.ed25519>;
|
||||
#ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
|
||||
};
|
||||
};
|
||||
users = {
|
||||
miefda = {
|
||||
mail = "miefda@miefda.de";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos";
|
||||
};
|
||||
};
|
||||
}
|
@ -1 +0,0 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors
|
@ -1 +0,0 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel
|
45
lass/1systems/dishfire.nix
Normal file
45
lass/1systems/dishfire.nix
Normal file
@ -0,0 +1,45 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
../2configs/base.nix
|
||||
../2configs/git.nix
|
||||
../2configs/websites/fritz.nix
|
||||
{
|
||||
boot.loader.grub = {
|
||||
device = "/dev/vda";
|
||||
splashImage = null;
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix"
|
||||
"ehci_pci"
|
||||
"uhci_hcd"
|
||||
"virtio_pci"
|
||||
"virtio_blk"
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/mapper/pool-nix";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/vda1";
|
||||
fsType = "ext4";
|
||||
};
|
||||
}
|
||||
{
|
||||
networking.dhcpcd.allowInterfaces = [
|
||||
"enp*"
|
||||
"eth*"
|
||||
];
|
||||
}
|
||||
{
|
||||
sound.enable = false;
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.dishfire;
|
||||
}
|
73
lass/1systems/helios.nix
Normal file
73
lass/1systems/helios.nix
Normal file
@ -0,0 +1,73 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
{
|
||||
imports = [
|
||||
../2configs/baseX.nix
|
||||
../2configs/browsers.nix
|
||||
../2configs/programs.nix
|
||||
../2configs/git.nix
|
||||
#{
|
||||
# users.extraUsers = {
|
||||
# root = {
|
||||
# openssh.authorizedKeys.keys = map readFile [
|
||||
# ../../krebs/Zpubkeys/uriel.ssh.pub
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
#}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.helios;
|
||||
|
||||
networking.wireless.enable = true;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
boot = {
|
||||
loader.grub.enable = true;
|
||||
loader.grub.version = 2;
|
||||
loader.grub.device = "/dev/sda";
|
||||
|
||||
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
|
||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||
#kernelModules = [ "kvm-intel" "msr" ];
|
||||
kernelModules = [ "msr" ];
|
||||
};
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/pool/nix";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
};
|
||||
|
||||
#services.udev.extraRules = ''
|
||||
# SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
|
||||
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
|
||||
#'';
|
||||
|
||||
services.xserver = {
|
||||
videoDriver = "intel";
|
||||
vaapiDrivers = [ pkgs.vaapiIntel ];
|
||||
deviceSection = ''
|
||||
Option "AccelMethod" "sna"
|
||||
BusID "PCI:0:2:0"
|
||||
'';
|
||||
};
|
||||
|
||||
services.xserver.synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
accelFactor = "0.035";
|
||||
additionalOptions = ''
|
||||
Option "FingerHigh" "60"
|
||||
Option "FingerLow" "60"
|
||||
'';
|
||||
};
|
||||
}
|
@ -17,7 +17,6 @@
|
||||
#../2configs/ircd.nix
|
||||
../2configs/chromium-patched.nix
|
||||
../2configs/git.nix
|
||||
../2configs/retiolum.nix
|
||||
#../2configs/wordpress.nix
|
||||
../2configs/bitlbee.nix
|
||||
../2configs/firefoxPatched.nix
|
||||
@ -25,6 +24,7 @@
|
||||
../2configs/teamviewer.nix
|
||||
../2configs/libvirt.nix
|
||||
../2configs/fetchWallpaper.nix
|
||||
../2configs/buildbot-standalone.nix
|
||||
{
|
||||
#risk of rain port
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
@ -32,51 +32,70 @@
|
||||
];
|
||||
}
|
||||
{
|
||||
#wordpress-test
|
||||
#imports = singleton (sitesGenerators.createWordpress "testserver.de");
|
||||
#static-nginx-test
|
||||
imports = [
|
||||
../3modules/wordpress_nginx.nix
|
||||
../3modules/static_nginx.nix
|
||||
];
|
||||
lass.wordpress."testserver.de" = {
|
||||
multiSite = {
|
||||
"1" = "testserver.de";
|
||||
"2" = "bla.testserver.de";
|
||||
};
|
||||
};
|
||||
|
||||
services.mysql = {
|
||||
lass.staticPage."testserver.de" = {
|
||||
#sslEnable = true;
|
||||
#certificate = "${toString <secrets>}/testserver.de/server.cert";
|
||||
#certificate_key = "${toString <secrets>}/testserver.de/server.pem";
|
||||
ssl = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
rootPassword = "<secrets>/mysql_rootPassword";
|
||||
certificate = "${toString <secrets>}/testserver.de/server.cert";
|
||||
certificate_key = "${toString <secrets>}/testserver.de/server.pem";
|
||||
};
|
||||
};
|
||||
networking.extraHosts = ''
|
||||
10.243.0.2 testserver.de
|
||||
'';
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
||||
];
|
||||
}
|
||||
{
|
||||
#owncloud-test
|
||||
#imports = singleton (sitesGenerators.createWordpress "testserver.de");
|
||||
imports = [
|
||||
../3modules/owncloud_nginx.nix
|
||||
];
|
||||
lass.owncloud."owncloud-test.de" = {
|
||||
};
|
||||
#{
|
||||
# #wordpress-test
|
||||
# #imports = singleton (sitesGenerators.createWordpress "testserver.de");
|
||||
# imports = [
|
||||
# ../3modules/wordpress_nginx.nix
|
||||
# ];
|
||||
# lass.wordpress."testserver.de" = {
|
||||
# multiSite = {
|
||||
# "1" = "testserver.de";
|
||||
# "2" = "bla.testserver.de";
|
||||
# };
|
||||
# };
|
||||
|
||||
# services.mysql = {
|
||||
# enable = true;
|
||||
# package = pkgs.mariadb;
|
||||
# rootPassword = "<secrets>/mysql_rootPassword";
|
||||
# };
|
||||
networking.extraHosts = ''
|
||||
10.243.0.2 owncloud-test.de
|
||||
'';
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
||||
];
|
||||
}
|
||||
# networking.extraHosts = ''
|
||||
# 10.243.0.2 testserver.de
|
||||
# '';
|
||||
# krebs.iptables.tables.filter.INPUT.rules = [
|
||||
# { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
||||
# ];
|
||||
#}
|
||||
#{
|
||||
# #owncloud-test
|
||||
# #imports = singleton (sitesGenerators.createWordpress "testserver.de");
|
||||
# imports = [
|
||||
# ../3modules/owncloud_nginx.nix
|
||||
# ];
|
||||
# lass.owncloud."owncloud-test.de" = {
|
||||
# };
|
||||
|
||||
# #services.mysql = {
|
||||
# # enable = true;
|
||||
# # package = pkgs.mariadb;
|
||||
# # rootPassword = "<secrets>/mysql_rootPassword";
|
||||
# #};
|
||||
# networking.extraHosts = ''
|
||||
# 10.243.0.2 owncloud-test.de
|
||||
# '';
|
||||
# krebs.iptables.tables.filter.INPUT.rules = [
|
||||
# { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
||||
# ];
|
||||
#}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.mors;
|
||||
@ -207,7 +226,7 @@
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
cac
|
||||
cac-api
|
||||
sshpass
|
||||
get
|
||||
teamspeak_client
|
||||
|
@ -13,6 +13,7 @@ with builtins;
|
||||
../2configs/retiolum.nix
|
||||
../2configs/bitlbee.nix
|
||||
../2configs/weechat.nix
|
||||
../2configs/skype.nix
|
||||
{
|
||||
users.extraUsers = {
|
||||
root = {
|
||||
|
@ -17,7 +17,8 @@ with lib;
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.uriel.pubkey
|
||||
config.krebs.users.lass-uriel.pubkey
|
||||
config.krebs.users.lass-helios.pubkey
|
||||
];
|
||||
};
|
||||
mainUser = {
|
||||
@ -31,7 +32,7 @@ with lib;
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.uriel.pubkey
|
||||
config.krebs.users.lass-uriel.pubkey
|
||||
];
|
||||
};
|
||||
};
|
||||
@ -47,20 +48,21 @@ with lib;
|
||||
exim-retiolum.enable = true;
|
||||
build = {
|
||||
user = config.krebs.users.lass;
|
||||
source = {
|
||||
git.nixpkgs = {
|
||||
source = mapAttrs (_: mkDefault) ({
|
||||
nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
|
||||
nixpkgs = symlink:stockholm/nixpkgs;
|
||||
secrets = "/home/lass/secrets/${config.krebs.build.host.name}";
|
||||
#secrets-common = "/home/lass/secrets/common";
|
||||
stockholm = "/home/lass/stockholm";
|
||||
stockholm-user = "symlink:stockholm/lass";
|
||||
upstream-nixpkgs = {
|
||||
url = https://github.com/Lassulus/nixpkgs;
|
||||
rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119";
|
||||
};
|
||||
dir.secrets = {
|
||||
host = config.krebs.hosts.mors;
|
||||
path = "/home/lass/secrets/${config.krebs.build.host.name}";
|
||||
};
|
||||
dir.stockholm = {
|
||||
host = config.krebs.hosts.mors;
|
||||
path = "/home/lass/stockholm";
|
||||
};
|
||||
rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
|
||||
dev = "/home/lass/src/nixpkgs";
|
||||
};
|
||||
} // optionalAttrs config.krebs.build.host.secure {
|
||||
#secrets-master = "/home/lass/secrets/master";
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
@ -89,6 +91,7 @@ with lib;
|
||||
git
|
||||
jq
|
||||
parallel
|
||||
proot
|
||||
|
||||
#style
|
||||
most
|
||||
@ -176,4 +179,10 @@ with lib;
|
||||
noipv4ll
|
||||
'';
|
||||
|
||||
#CVE-2016-0777 and CVE-2016-0778 workaround
|
||||
#https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
|
||||
programs.ssh.extraConfig = ''
|
||||
UseRoaming no
|
||||
'';
|
||||
|
||||
}
|
||||
|
@ -31,6 +31,7 @@ in {
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
||||
dmenu
|
||||
gitAndTools.qgit
|
||||
mpv
|
||||
much
|
||||
|
@ -1,6 +1,8 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
in {
|
||||
environment.systemPackages = with pkgs; [
|
||||
electrum
|
||||
];
|
||||
@ -14,4 +16,7 @@
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
||||
|
@ -54,8 +54,6 @@ in {
|
||||
];
|
||||
|
||||
imports = [
|
||||
../3modules/per-user.nix
|
||||
] ++ [
|
||||
( createFirefoxUser "ff" [ "audio" ] [ ] )
|
||||
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
|
||||
( createChromiumUser "fb" [ ] [ pkgs.chromium ] )
|
||||
|
78
lass/2configs/buildbot-standalone.nix
Normal file
78
lass/2configs/buildbot-standalone.nix
Normal file
@ -0,0 +1,78 @@
|
||||
{ lib, config, pkgs, ... }:
|
||||
{
|
||||
#networking.firewall.allowedTCPPorts = [ 8010 9989 ];
|
||||
krebs.buildbot.master = {
|
||||
slaves = {
|
||||
testslave = "lasspass";
|
||||
};
|
||||
change_source.stockholm = ''
|
||||
stockholm_repo = 'http://cgit.mors/stockholm'
|
||||
cs.append(changes.GitPoller(
|
||||
stockholm_repo,
|
||||
workdir='stockholm-poller', branch='master',
|
||||
project='stockholm',
|
||||
pollinterval=120))
|
||||
'';
|
||||
scheduler = {
|
||||
force-scheduler = ''
|
||||
sched.append(schedulers.ForceScheduler(
|
||||
name="force",
|
||||
builderNames=["fast-tests"]))
|
||||
'';
|
||||
fast-tests-scheduler = ''
|
||||
# test the master real quick
|
||||
sched.append(schedulers.SingleBranchScheduler(
|
||||
change_filter=util.ChangeFilter(branch="master"),
|
||||
name="fast-master-test",
|
||||
builderNames=["fast-tests"]))
|
||||
'';
|
||||
};
|
||||
builder_pre = ''
|
||||
# prepare grab_repo step for stockholm
|
||||
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
|
||||
|
||||
env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"}
|
||||
|
||||
# prepare nix-shell
|
||||
# the dependencies which are used by the test script
|
||||
deps = [ "gnumake", "jq","nix","rsync" ]
|
||||
# TODO: --pure , prepare ENV in nix-shell command:
|
||||
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
|
||||
nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
|
||||
|
||||
# prepare addShell function
|
||||
def addShell(factory,**kwargs):
|
||||
factory.addStep(steps.ShellCommand(**kwargs))
|
||||
'';
|
||||
builder = {
|
||||
fast-tests = ''
|
||||
f = util.BuildFactory()
|
||||
f.addStep(grab_repo)
|
||||
addShell(f,name="mors-eval",env=env,
|
||||
command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
|
||||
|
||||
bu.append(util.BuilderConfig(name="fast-tests",
|
||||
slavenames=slavenames,
|
||||
factory=f))
|
||||
'';
|
||||
};
|
||||
enable = true;
|
||||
web.enable = true;
|
||||
irc = {
|
||||
enable = true;
|
||||
nick = "buildbot-lass";
|
||||
server = "cd.retiolum";
|
||||
channels = [ "retiolum" ];
|
||||
allowForce = true;
|
||||
};
|
||||
};
|
||||
|
||||
krebs.buildbot.slave = {
|
||||
enable = true;
|
||||
masterhost = "localhost";
|
||||
username = "testslave";
|
||||
password = "lasspass";
|
||||
packages = with pkgs;[ git nix ];
|
||||
extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
|
||||
};
|
||||
}
|
@ -69,12 +69,12 @@ let
|
||||
with git // config.krebs.users;
|
||||
repo:
|
||||
singleton {
|
||||
user = lass;
|
||||
user = [ lass lass-helios lass-uriel ];
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
} ++
|
||||
optional repo.public {
|
||||
user = [ tv makefu uriel ];
|
||||
user = [ tv makefu miefda ];
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
} ++
|
||||
|
@ -161,7 +161,7 @@ let
|
||||
torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news
|
||||
torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news
|
||||
travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news
|
||||
truther|http://truthernews.wordpress.com/feed/|#news
|
||||
#truther|http://truthernews.wordpress.com/feed/|#news
|
||||
un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news
|
||||
un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news
|
||||
un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news
|
||||
|
33
lass/2configs/websites/fritz.nix
Normal file
33
lass/2configs/websites/fritz.nix
Normal file
@ -0,0 +1,33 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
imports = [
|
||||
../../3modules/static_nginx.nix
|
||||
../../3modules/owncloud_nginx.nix
|
||||
../../3modules/wordpress_nginx.nix
|
||||
];
|
||||
|
||||
lass.staticPage = {
|
||||
"biostase.de" = {};
|
||||
"gs-maubach.de" = {};
|
||||
"spielwaren-kern.de" = {};
|
||||
"societyofsimtech.de" = {};
|
||||
"ttf-kleinaspach.de" = {};
|
||||
"edsn.de" = {};
|
||||
"eab.berkeley.edu" = {};
|
||||
"habsys.de" = {};
|
||||
};
|
||||
|
||||
#lass.owncloud = {
|
||||
# "o.ubikmedia.de" = {
|
||||
# instanceid = "oc8n8ddbftgh";
|
||||
# };
|
||||
#};
|
||||
|
||||
#services.mysql = {
|
||||
# enable = true;
|
||||
# package = pkgs.mariadb;
|
||||
# rootPassword = toString (<secrets/mysql_rootPassword>);
|
||||
#};
|
||||
}
|
@ -8,5 +8,11 @@
|
||||
lass.staticPage = {
|
||||
"wohnprojekt-rhh.de" = {};
|
||||
};
|
||||
|
||||
users.users.laura = {
|
||||
home = "/srv/http/wohnprojekt-rhh.de";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -44,7 +44,7 @@ let
|
||||
"slock"
|
||||
];
|
||||
|
||||
systemd.services.display-manager = mkForce {};
|
||||
systemd.services.display-manager.enable = false;
|
||||
|
||||
services.xserver.enable = true;
|
||||
|
||||
@ -93,9 +93,11 @@ let
|
||||
xmonad-start = pkgs.writeScriptBin "xmonad" ''
|
||||
#! ${pkgs.bash}/bin/bash
|
||||
set -efu
|
||||
export PATH; PATH=${makeSearchPath "bin" ([
|
||||
export PATH; PATH=${makeSearchPath "bin" [
|
||||
pkgs.alsaUtils
|
||||
pkgs.pulseaudioLight
|
||||
pkgs.rxvt_unicode
|
||||
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
|
||||
]}:/var/setuid-wrappers
|
||||
settle() {(
|
||||
# Use PATH for a clean journal
|
||||
command=''${1##*/}
|
||||
|
@ -46,8 +46,22 @@ let
|
||||
type = str;
|
||||
};
|
||||
ssl = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
type = with types; submodule ({
|
||||
options = {
|
||||
enable = mkEnableOption "ssl";
|
||||
certificate = mkOption {
|
||||
type = str;
|
||||
};
|
||||
certificate_key = mkOption {
|
||||
type = str;
|
||||
};
|
||||
ciphers = mkOption {
|
||||
type = str;
|
||||
default = "AES128+EECDH:AES128+EDH";
|
||||
};
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
}));
|
||||
@ -58,7 +72,7 @@ let
|
||||
group = config.services.nginx.group;
|
||||
|
||||
imp = {
|
||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
|
||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
|
||||
server-names = [
|
||||
"${domain}"
|
||||
"www.${domain}"
|
||||
@ -102,7 +116,16 @@ let
|
||||
|
||||
error_page 403 /core/templates/403.php;
|
||||
error_page 404 /core/templates/404.php;
|
||||
${if ssl.enable then ''
|
||||
ssl_certificate ${ssl.certificate};
|
||||
ssl_certificate_key ${ssl.certificate_key};
|
||||
'' else ""}
|
||||
'';
|
||||
listen = (if ssl.enable then
|
||||
[ "80" "443 ssl" ]
|
||||
else
|
||||
"80"
|
||||
);
|
||||
});
|
||||
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
|
||||
listen = ${folder}/phpfpm.pool
|
||||
|
@ -21,6 +21,35 @@ let
|
||||
type = str;
|
||||
default = "/srv/http/${config.domain}";
|
||||
};
|
||||
#sslEnable = mkEnableOption "ssl";
|
||||
#certificate = mkOption {
|
||||
# type = str;
|
||||
#};
|
||||
#certificate_key = mkOption {
|
||||
# type = str;
|
||||
#};
|
||||
#ciphers = mkOption {
|
||||
# type = str;
|
||||
# default = "AES128+EECDH:AES128+EDH";
|
||||
#};
|
||||
ssl = mkOption {
|
||||
type = with types; submodule ({
|
||||
options = {
|
||||
enable = mkEnableOption "ssl";
|
||||
certificate = mkOption {
|
||||
type = str;
|
||||
};
|
||||
certificate_key = mkOption {
|
||||
type = str;
|
||||
};
|
||||
ciphers = mkOption {
|
||||
type = str;
|
||||
default = "AES128+EECDH:AES128+EDH";
|
||||
};
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
@ -29,8 +58,10 @@ let
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
|
||||
imp = {
|
||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
|
||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
|
||||
server-names = [
|
||||
"${domain}"
|
||||
"www.${domain}"
|
||||
@ -43,6 +74,17 @@ let
|
||||
deny all;
|
||||
'')
|
||||
];
|
||||
|
||||
listen = (if ssl.enable then
|
||||
[ "80" "443 ssl" ]
|
||||
else
|
||||
"80"
|
||||
);
|
||||
extraConfig = (if ssl.enable then ''
|
||||
ssl_certificate ${ssl.certificate};
|
||||
ssl_certificate_key ${ssl.certificate_key};
|
||||
'' else "");
|
||||
|
||||
});
|
||||
};
|
||||
|
||||
|
@ -53,6 +53,23 @@ let
|
||||
"1" = "test.testsite.de";
|
||||
};
|
||||
};
|
||||
ssl = mkOption {
|
||||
type = with types; submodule ({
|
||||
options = {
|
||||
enable = mkEnableOption "ssl";
|
||||
certificate = mkOption {
|
||||
type = str;
|
||||
};
|
||||
certificate_key = mkOption {
|
||||
type = str;
|
||||
};
|
||||
ciphers = mkOption {
|
||||
type = str;
|
||||
default = "AES128+EECDH:AES128+EDH";
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
@ -68,7 +85,7 @@ let
|
||||
# }
|
||||
#'';
|
||||
|
||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, multiSite, ... }: {
|
||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, multiSite, ssl, ... }: {
|
||||
server-names = [
|
||||
"${domain}"
|
||||
"www.${domain}"
|
||||
@ -114,7 +131,17 @@ let
|
||||
error_log /tmp/nginx_err.log;
|
||||
error_page 404 /404.html;
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
${if ssl.enable then ''
|
||||
ssl_certificate ${ssl.certificate};
|
||||
ssl_certificate_key ${ssl.certificate_key};
|
||||
'' else ""}
|
||||
|
||||
'';
|
||||
listen = (if ssl.enable then
|
||||
[ "80" "443 ssl" ]
|
||||
else
|
||||
"80"
|
||||
);
|
||||
});
|
||||
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
|
||||
listen = ${folder}/phpfpm.pool
|
||||
|
102
miefda/1systems/bobby.nix
Normal file
102
miefda/1systems/bobby.nix
Normal file
@ -0,0 +1,102 @@
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
|
||||
../2configs/miefda.nix
|
||||
../2configs/tlp.nix
|
||||
../2configs/x220t.nix
|
||||
../2configs/hardware-configuration.nix
|
||||
../2configs/tinc-basic-retiolum.nix
|
||||
../2configs/git.nix
|
||||
];
|
||||
|
||||
# Use the GRUB 2 boot loader.
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
# Define on which hard drive you want to install Grub.
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
||||
networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n = {
|
||||
# consoleFont = "Lat2-Terminus16";
|
||||
consoleKeyMap = "us";
|
||||
# defaultLocale = "en_US.UTF-8";
|
||||
};
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
# List packages installed in system profile. To search by name, run:
|
||||
# $ nix-env -qaP | grep wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget chromium
|
||||
];
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
services.printing.enable = true;
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
services.xserver.layout = "us";
|
||||
# services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
# Enable the KDE Desktop Environment.
|
||||
#services.xserver.displayManager.kdm.enable = true;
|
||||
services.xserver.desktopManager = {
|
||||
xfce.enable = true;
|
||||
xterm.enable= false;
|
||||
};
|
||||
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
users.extraUsers.miefda = {
|
||||
isNormalUser = true;
|
||||
initialPassword= "welcome";
|
||||
uid = 1000;
|
||||
extraGroups= [
|
||||
"wheel"
|
||||
];
|
||||
};
|
||||
|
||||
# The NixOS release to be compatible with for stateful data such as databases.
|
||||
system.stateVersion = "15.09";
|
||||
|
||||
|
||||
networking.hostName = config.krebs.build.host.name;
|
||||
|
||||
krebs = {
|
||||
enable = true;
|
||||
search-domain = "retiolum";
|
||||
build = {
|
||||
host = config.krebs.hosts.bobby;
|
||||
user = config.krebs.users.miefda;
|
||||
source = {
|
||||
git.nixpkgs = {
|
||||
url = https://github.com/Lassulus/nixpkgs;
|
||||
rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251";
|
||||
target-path = "/var/src/nixpkgs";
|
||||
};
|
||||
dir.secrets = {
|
||||
host = config.krebs.hosts.bobby;
|
||||
path = "/home/miefda/secrets/${config.krebs.build.host.name}";
|
||||
};
|
||||
dir.stockholm = {
|
||||
host = config.krebs.hosts.bobby;
|
||||
path = "/home/miefda/gits/stockholm";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
87
miefda/2configs/git.nix
Normal file
87
miefda/2configs/git.nix
Normal file
@ -0,0 +1,87 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
out = {
|
||||
krebs.git = {
|
||||
enable = true;
|
||||
root-title = "public repositories at ${config.krebs.build.host.name}";
|
||||
root-desc = "keep calm and engage";
|
||||
repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
|
||||
rules = rules;
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
|
||||
repos =
|
||||
public-repos //
|
||||
optionalAttrs config.krebs.build.host.secure restricted-repos;
|
||||
|
||||
rules = concatMap make-rules (attrValues repos);
|
||||
|
||||
public-repos = mapAttrs make-public-repo {
|
||||
painload = {};
|
||||
stockholm = {
|
||||
desc = "take all the computers hostage, they'll love you!";
|
||||
};
|
||||
#wai-middleware-time = {};
|
||||
#web-routes-wai-custom = {};
|
||||
#go = {};
|
||||
#newsbot-js = {};
|
||||
#kimsufi-check = {};
|
||||
#realwallpaper = {};
|
||||
};
|
||||
|
||||
restricted-repos = mapAttrs make-restricted-repo (
|
||||
{
|
||||
brain = {
|
||||
collaborators = with config.krebs.users; [ tv makefu ];
|
||||
};
|
||||
} //
|
||||
import <secrets/repos.nix> { inherit config lib pkgs; }
|
||||
);
|
||||
|
||||
make-public-repo = name: { desc ? null, ... }: {
|
||||
inherit name desc;
|
||||
public = true;
|
||||
hooks = {
|
||||
post-receive = pkgs.git-hooks.irc-announce {
|
||||
# TODO make nick = config.krebs.build.host.name the default
|
||||
nick = config.krebs.build.host.name;
|
||||
channel = "#retiolum";
|
||||
server = "cd.retiolum";
|
||||
verbose = config.krebs.build.host.name == "bobby";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: {
|
||||
inherit name collaborators desc;
|
||||
public = false;
|
||||
};
|
||||
|
||||
make-rules =
|
||||
with git // config.krebs.users;
|
||||
repo:
|
||||
singleton {
|
||||
user = miefda;
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
} ++
|
||||
optional repo.public {
|
||||
user = [ lass tv makefu uriel ];
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
} ++
|
||||
optional (length (repo.collaborators or []) > 0) {
|
||||
user = repo.collaborators;
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
};
|
||||
|
||||
in out
|
23
miefda/2configs/hardware-configuration.nix
Normal file
23
miefda/2configs/hardware-configuration.nix
Normal file
@ -0,0 +1,23 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usb_storage" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/4db70ae3-1ff9-43d7-8fcc-83264761a0bb";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = 4;
|
||||
}
|
8
miefda/2configs/miefda.nix
Normal file
8
miefda/2configs/miefda.nix
Normal file
@ -0,0 +1,8 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
|
||||
#networking.wicd.enable = true;
|
||||
|
||||
}
|
14
miefda/2configs/tinc-basic-retiolum.nix
Normal file
14
miefda/2configs/tinc-basic-retiolum.nix
Normal file
@ -0,0 +1,14 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
krebs.retiolum = {
|
||||
enable = true;
|
||||
connectTo = [
|
||||
"gum"
|
||||
"pigstarter"
|
||||
"prism"
|
||||
"ire"
|
||||
];
|
||||
};
|
||||
}
|
25
miefda/2configs/tlp.nix
Normal file
25
miefda/2configs/tlp.nix
Normal file
@ -0,0 +1,25 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
zramSwap.enable = true;
|
||||
zramSwap.numDevices = 2;
|
||||
|
||||
hardware.trackpoint = {
|
||||
enable = true;
|
||||
sensitivity = 220;
|
||||
speed = 220;
|
||||
emulateWheel = true;
|
||||
};
|
||||
|
||||
|
||||
services.tlp.enable = true;
|
||||
services.tlp.extraConfig = ''
|
||||
START_CHARGE_THRESH_BAT0=80
|
||||
'';
|
||||
}
|
27
miefda/2configs/x220t.nix
Normal file
27
miefda/2configs/x220t.nix
Normal file
@ -0,0 +1,27 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
|
||||
services.xserver = {
|
||||
xkbVariant = "altgr-intl";
|
||||
videoDriver = "intel";
|
||||
# vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
|
||||
deviceSection = ''
|
||||
Option "AccelMethod" "sna"
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
|
||||
services.xserver.displayManager.sessionCommands =''
|
||||
xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
|
||||
xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2
|
||||
xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
|
||||
# xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200
|
||||
'';
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
|
||||
}
|
1
miefda/5pkgs/default.nix
Normal file
1
miefda/5pkgs/default.nix
Normal file
@ -0,0 +1 @@
|
||||
_:{}
|
@ -95,7 +95,7 @@ let
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
} ++
|
||||
optional repo.public {
|
||||
user = [ lass makefu uriel ];
|
||||
user = [ lass makefu ];
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
} ++
|
||||
|
Loading…
Reference in New Issue
Block a user