Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
8ff5c5e992
@ -38,7 +38,7 @@
|
||||
|
||||
networking.hostName = "BLN02NB0154"; # Define your hostname.
|
||||
networking.networkmanager.enable = true;
|
||||
#networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
|
||||
# Select internationalisation properties.
|
||||
# i18n = {
|
||||
@ -54,7 +54,11 @@
|
||||
# List packages installed in system profile. To search by name, run:
|
||||
# $ nix-env -qaP | grep wget
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
environment.shellAliases = { n = "nix-shell"; };
|
||||
environment.shellAliases = {
|
||||
n = "nix-shell";
|
||||
gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
|
||||
gh = "cd /home/markus/go/src/github.com";
|
||||
};
|
||||
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
|
||||
environment.systemPackages = with pkgs; [
|
||||
# system helper
|
||||
@ -62,6 +66,7 @@
|
||||
copyq
|
||||
dmenu
|
||||
git
|
||||
tig
|
||||
i3lock
|
||||
keepass
|
||||
networkmanagerapplet
|
||||
@ -72,6 +77,8 @@
|
||||
rxvt_unicode
|
||||
# editors
|
||||
emacs
|
||||
# databases
|
||||
sqlite
|
||||
# internet
|
||||
thunderbird
|
||||
hipchat
|
||||
@ -91,6 +98,7 @@
|
||||
jetbrains.pycharm-professional
|
||||
jetbrains.webstorm
|
||||
jetbrains.goland
|
||||
jetbrains.datagrip
|
||||
texlive.combined.scheme-full
|
||||
pandoc
|
||||
redis
|
||||
|
@ -96,7 +96,7 @@
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
# services.xserver.layout = "us";
|
||||
services.xserver.layout = "us";
|
||||
# services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
# Enable touchpad support.
|
||||
|
@ -28,7 +28,7 @@ with import <stockholm/lib>;
|
||||
|
||||
URxvt*scrollBar: false
|
||||
URxvt*urgentOnBell: true
|
||||
URxvt*font: xft:DejaVu Sans Mono:pixelsize=20
|
||||
URxvt*font: xft:DejaVu Sans Mono:pixelsize=12
|
||||
URXvt*faceSize: 12
|
||||
'';
|
||||
}
|
||||
|
@ -10,7 +10,7 @@ in
|
||||
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
|
||||
nixpkgs.git = {
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
ref = "f9390d6";
|
||||
ref = "d83c808";
|
||||
};
|
||||
secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
|
||||
|
@ -20,10 +20,5 @@
|
||||
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
krebs.repo-sync.repos.stockholm.timerConfig = {
|
||||
OnBootSec = "5min";
|
||||
OnUnitInactiveSec = "2min";
|
||||
RandomizedDelaySec = "2min";
|
||||
};
|
||||
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
|
||||
}
|
||||
|
@ -1,10 +1,6 @@
|
||||
with import <stockholm/lib>;
|
||||
{ lib, config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
<stockholm/krebs/2configs/repo-sync.nix>
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
|
||||
krebs.ci.enable = true;
|
||||
krebs.ci.treeStableTimer = 1;
|
||||
|
@ -161,7 +161,7 @@ let
|
||||
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
|
||||
set -efux
|
||||
#remove garbage from old versions
|
||||
rm -r ${workdir}
|
||||
rm -rf ${workdir}
|
||||
mkdir -p ${workdir}/info
|
||||
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
|
||||
echo ${contact} > ${workdir}/info/admin
|
||||
|
@ -31,6 +31,47 @@ with import <stockholm/lib>;
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
|
||||
};
|
||||
axon= {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.134.66";
|
||||
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
|
||||
aliases = [
|
||||
"axon.retiolum"
|
||||
"axon.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
|
||||
glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
|
||||
KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
|
||||
L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
|
||||
VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
|
||||
PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
|
||||
X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
|
||||
m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
|
||||
OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
|
||||
LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
|
||||
/F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
|
||||
MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
|
||||
7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
|
||||
ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
|
||||
1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
|
||||
29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
|
||||
4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
|
||||
FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
|
||||
buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
|
||||
hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
|
||||
yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
|
||||
ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
|
||||
};
|
||||
onondaga = {
|
||||
cores = 1;
|
||||
@ -63,6 +104,10 @@ with import <stockholm/lib>;
|
||||
};
|
||||
users = {
|
||||
nin = {
|
||||
mail = "nin@axon.retiolum";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
|
||||
};
|
||||
nin_h = {
|
||||
mail = "nin@hiawatha.retiolum";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
|
||||
};
|
||||
|
@ -1,9 +1,15 @@
|
||||
{ pkgs, fetchFromGitHub, ... }:
|
||||
{ stdenv, pkgs, fetchPypi, ... }:
|
||||
with pkgs.python3Packages;
|
||||
buildPythonPackage rec {
|
||||
pname = "internetarchive";
|
||||
version = "1.7.3";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
requests
|
||||
jsonpatch
|
||||
@ -14,8 +20,9 @@ buildPythonPackage rec {
|
||||
backports_csv
|
||||
];
|
||||
|
||||
# check only works when cloned from git repo
|
||||
# check only works when cloned from git repo
|
||||
doCheck = false;
|
||||
|
||||
checkInputs = [
|
||||
pytest
|
||||
responses
|
||||
@ -25,14 +32,8 @@ buildPythonPackage rec {
|
||||
sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py
|
||||
'';
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g";
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "python library and cli for uploading files to internet archive";
|
||||
license = licenses.agpl3;
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -17,6 +17,6 @@ in
|
||||
stockholm.file = toString <stockholm>;
|
||||
nixpkgs.git = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13
|
||||
ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04
|
||||
};
|
||||
}
|
||||
|
@ -41,6 +41,7 @@ with import <stockholm/lib>;
|
||||
skype
|
||||
wine
|
||||
];
|
||||
nixpkgs.config.firefox.enableAdobeFlash = true;
|
||||
services.xserver.enable = true;
|
||||
services.xserver.displayManager.lightdm.enable = true;
|
||||
services.xserver.desktopManager.plasma5.enable = true;
|
||||
|
@ -43,6 +43,7 @@
|
||||
networking.dhcpcd.allowInterfaces = [
|
||||
"enp*"
|
||||
"eth*"
|
||||
"ens*"
|
||||
];
|
||||
}
|
||||
{
|
||||
|
@ -30,6 +30,7 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/otp-ssh.nix>
|
||||
<stockholm/lass/2configs/c-base.nix>
|
||||
<stockholm/lass/2configs/br.nix>
|
||||
<stockholm/lass/2configs/ableton.nix>
|
||||
{
|
||||
#risk of rain port
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
@ -69,10 +70,6 @@ with import <stockholm/lib>;
|
||||
pkgs.ovh-zone
|
||||
];
|
||||
}
|
||||
{
|
||||
#ps vita stuff
|
||||
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
||||
}
|
||||
{
|
||||
services.tor = {
|
||||
enable = true;
|
||||
|
@ -184,14 +184,17 @@ in {
|
||||
}
|
||||
{
|
||||
#hotdog
|
||||
systemd.services."container@hotdog".reloadIfChanged = mkForce false;
|
||||
containers.hotdog = {
|
||||
config = { ... }: {
|
||||
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = true;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.1";
|
||||
@ -200,8 +203,10 @@ in {
|
||||
}
|
||||
{
|
||||
#kaepsele
|
||||
systemd.services."container@kaepsele".reloadIfChanged = mkForce false;
|
||||
containers.kaepsele = {
|
||||
config = { ... }: {
|
||||
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
@ -209,6 +214,7 @@ in {
|
||||
tv.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = true;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.3";
|
||||
@ -217,8 +223,10 @@ in {
|
||||
}
|
||||
{
|
||||
#onondaga
|
||||
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
|
||||
containers.onondaga = {
|
||||
config = { ... }: {
|
||||
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
@ -226,6 +234,7 @@ in {
|
||||
config.krebs.users.nin.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = true;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.5";
|
||||
@ -302,6 +311,13 @@ in {
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
krebs.repo-sync.repos.stockholm.timerConfig = {
|
||||
OnBootSec = "5min";
|
||||
OnUnitInactiveSec = "2min";
|
||||
RandomizedDelaySec = "2min";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.prism;
|
||||
|
@ -20,6 +20,17 @@ let
|
||||
'';
|
||||
in {
|
||||
|
||||
services.bitlbee = {
|
||||
enable = true;
|
||||
portNumber = 6666;
|
||||
plugins = [
|
||||
pkgs.bitlbee-facebook
|
||||
pkgs.bitlbee-steam
|
||||
pkgs.bitlbee-discord
|
||||
];
|
||||
libpurple_plugins = [ pkgs.telegram-purple ];
|
||||
};
|
||||
|
||||
users.extraUsers.chat = {
|
||||
home = "/home/chat";
|
||||
uid = genid "chat";
|
||||
@ -46,6 +57,10 @@ in {
|
||||
|
||||
restartIfChanged = false;
|
||||
|
||||
path = [
|
||||
pkgs.rxvt_unicode.terminfo
|
||||
];
|
||||
|
||||
serviceConfig = {
|
||||
User = "chat";
|
||||
RemainAfterExit = true;
|
||||
|
20
lass/2configs/ableton.nix
Normal file
20
lass/2configs/ableton.nix
Normal file
@ -0,0 +1,20 @@
|
||||
{ config, pkgs, ... }: let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
in {
|
||||
users.users= {
|
||||
ableton = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
];
|
||||
packages = [
|
||||
pkgs.wine
|
||||
pkgs.winetricks
|
||||
];
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(ableton) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
@ -11,24 +11,6 @@ with import <stockholm/lib>;
|
||||
key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
|
||||
};
|
||||
};
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
resolveLocalQueries = false;
|
||||
extraConfig = ''
|
||||
server=127.1.0.1
|
||||
#no-resolv
|
||||
cache-size=1000
|
||||
min-cache-ttl=3600
|
||||
bind-dynamic
|
||||
all-servers
|
||||
dnssec
|
||||
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
|
||||
rebind-domain-ok=/onion/
|
||||
server=/.onion/127.0.0.1#9053
|
||||
port=53
|
||||
'';
|
||||
};
|
||||
networking.extraResolvconfConf = ''
|
||||
name_servers='127.0.0.1'
|
||||
'';
|
||||
services.resolved.enable = true;
|
||||
services.resolved.fallbackDns = [ "127.1.0.1" ];
|
||||
}
|
||||
|
18
lass/2configs/rebuild-on-boot.nix
Normal file
18
lass/2configs/rebuild-on-boot.nix
Normal file
@ -0,0 +1,18 @@
|
||||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
systemd.services.rebuild-on-boot = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
NIX_REMOTE = "daemon";
|
||||
HOME = "/var/empty";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = pkgs.writeScript "rebuild" ''
|
||||
#!${pkgs.bash}/bin/bash
|
||||
(/run/current-system/sw/bin/nixos-rebuild -I /var/src switch) &
|
||||
'';
|
||||
ExecStop = "${pkgs.coreutils}/bin/sleep 10";
|
||||
};
|
||||
};
|
||||
}
|
@ -5,4 +5,6 @@ with import <stockholm/lib>;
|
||||
boot.extraModprobeConfig = ''
|
||||
install dccp /run/current-system/sw/bin/false
|
||||
'';
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
}
|
||||
|
@ -10,7 +10,7 @@ in
|
||||
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
|
||||
nixpkgs.git = {
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
ref = "3aec59c";
|
||||
ref = "d202e30";
|
||||
};
|
||||
secrets = getAttr builder {
|
||||
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
|
||||
|
@ -71,7 +71,10 @@ in {
|
||||
'') allDisks);
|
||||
fileSystems = let
|
||||
xfsmount = name: dev:
|
||||
{ "/media/${name}" = { device = dev; fsType = "xfs"; }; };
|
||||
{ "/media/${name}" = {
|
||||
device = dev; fsType = "xfs";
|
||||
options = [ "nofail" ];
|
||||
}; };
|
||||
in
|
||||
# (xfsmount "j0" (part1 jDisk0)) //
|
||||
(xfsmount "j1" (part1 jDisk1)) //
|
||||
|
@ -108,16 +108,35 @@ in {
|
||||
# };
|
||||
#}
|
||||
{ # wireguard server
|
||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
|
||||
# TODO: networking.nat
|
||||
|
||||
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
# conf.all.proxy_arp =1
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 51820 ];
|
||||
extraCommands = ''
|
||||
iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
|
||||
'';
|
||||
};
|
||||
|
||||
networking.wireguard.interfaces.wg0 = {
|
||||
ips = [ "10.244.0.1/24" ];
|
||||
listenPort = 51820;
|
||||
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
||||
allowedIPsAsRoutes = true;
|
||||
peers = [{
|
||||
# allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||
peers = [
|
||||
{
|
||||
# x
|
||||
allowedIPs = [ "10.244.0.2/32" ];
|
||||
publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
|
||||
}];
|
||||
}
|
||||
{
|
||||
# vbob
|
||||
allowedIPs = [ "10.244.0.3/32" ];
|
||||
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -143,7 +143,10 @@ in {
|
||||
];
|
||||
fileSystems = let
|
||||
cryptMount = name:
|
||||
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
|
||||
{ "/media/${name}" = {
|
||||
device = "/dev/mapper/${name}"; fsType = "xfs";
|
||||
options = [ "nofail" ];
|
||||
};};
|
||||
in cryptMount "crypt0"
|
||||
// cryptMount "crypt1"
|
||||
// cryptMount "crypt2"
|
||||
|
@ -7,7 +7,8 @@
|
||||
<stockholm/makefu>
|
||||
{
|
||||
imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
virtualisation.virtualbox.guest.enable = true;
|
||||
}
|
||||
# {
|
||||
# imports = [
|
||||
@ -49,6 +50,27 @@
|
||||
|
||||
# environment
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
(let
|
||||
gum-ip = config.krebs.hosts.gum.nets.internet.ip4.addr;
|
||||
gateway = "10.0.2.2";
|
||||
in {
|
||||
# make sure the route to gum gets added after the network is online
|
||||
systemd.services.wireguard-wg0.after = [ "network-online.target" ];
|
||||
networking.wireguard.interfaces.wg0 = {
|
||||
ips = [ "10.244.0.3/24" ];
|
||||
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
||||
# explicit route via eth0 to gum
|
||||
preSetup = ["${pkgs.iproute}/bin/ip route add ${gum-ip} via ${gateway}"];
|
||||
peers = [
|
||||
{ # gum
|
||||
endpoint = "${gum-ip}:51820";
|
||||
allowedIPs = [ "0.0.0.0/0" "10.244.0.0/24" ];
|
||||
publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
})
|
||||
|
||||
];
|
||||
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
|
||||
@ -90,5 +112,5 @@
|
||||
8010
|
||||
];
|
||||
|
||||
|
||||
systemd.services."serial-getty@ttyS0".enable = true;
|
||||
}
|
||||
|
@ -11,6 +11,9 @@ with import <stockholm/lib>;
|
||||
./vim.nix
|
||||
./binary-cache/nixos.nix
|
||||
];
|
||||
|
||||
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
||||
|
||||
programs.command-not-found.enable = false;
|
||||
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
|
||||
krebs = {
|
||||
|
@ -1,6 +1,7 @@
|
||||
{
|
||||
imports = [
|
||||
./android-pentest.nix
|
||||
./consoles.nix
|
||||
./core.nix
|
||||
./core-gui.nix
|
||||
./dev.nix
|
||||
|
9
makefu/2configs/tools/consoles.nix
Normal file
9
makefu/2configs/tools/consoles.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
users.users.makefu.packages = with pkgs; [
|
||||
opl-utils
|
||||
hdl-dump
|
||||
bin2iso
|
||||
cue2pops
|
||||
];
|
||||
}
|
@ -21,6 +21,9 @@
|
||||
gen-oath-safe
|
||||
cdrtools
|
||||
stockholm
|
||||
# nix related
|
||||
nix-repl
|
||||
nix-index
|
||||
# git-related
|
||||
tig
|
||||
];
|
||||
|
@ -5,5 +5,5 @@
|
||||
mosh
|
||||
];
|
||||
|
||||
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
||||
# boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
||||
}
|
||||
|
28
makefu/5pkgs/bin2iso/default.nix
Normal file
28
makefu/5pkgs/bin2iso/default.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ stdenv, lib, pkgs, fetchurl }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bin2iso";
|
||||
version = "1.9b";
|
||||
_dlver = builtins.replaceStrings ["."] [""] version;
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://users.eastlink.ca/~doiron/${pname}/linux/${pname}${_dlver}_linux.c";
|
||||
sha256 = "0gg4hbzlm83nnbccy79dnxbwpn7lxl3fb87ka36mlclikvknm2hy";
|
||||
};
|
||||
|
||||
unpackPhase = "true";
|
||||
|
||||
buildPhase =''
|
||||
gcc -Wall -o $pname $src
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
install -Dm755 $pname $out/bin/$pname
|
||||
'';
|
||||
|
||||
meta = {
|
||||
homepage = http://users.eastlink.ca/~doiron/bin2iso/ ;
|
||||
description = "converts bin+cue to iso";
|
||||
license = lib.licenses.gpl3;
|
||||
};
|
||||
}
|
24
makefu/5pkgs/cue2pops/default.nix
Normal file
24
makefu/5pkgs/cue2pops/default.nix
Normal file
@ -0,0 +1,24 @@
|
||||
{ stdenv, lib, pkgs, fetchFromGitHub }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "cue2pops";
|
||||
version = "2";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "makefu";
|
||||
repo = "cue2pops-linux";
|
||||
rev = "541863a";
|
||||
sha256 = "05w84726g3k33rz0wwb9v77g7xh4cnhy9sxlpilf775nli9bynrk";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
install -Dm755 $pname $out/bin/$pname
|
||||
'';
|
||||
|
||||
meta = {
|
||||
homepage = http://users.eastlink.ca/~doiron/bin2iso/ ;
|
||||
description = "converts bin+cue to iso";
|
||||
license = lib.licenses.gpl3;
|
||||
};
|
||||
}
|
@ -1,7 +1,6 @@
|
||||
{ coreutils, makeWrapper, openssl, libcaca, qrencode, fetchFromGitHub, yubikey-manager, python, stdenv, ... }:
|
||||
|
||||
builtins.trace "Warning: HTOP mode of gen-oath-safe is currently broken"
|
||||
stdenv.mkDerivation {
|
||||
stdenv.mkDerivation {
|
||||
name = "gen-oath-safe-2017-06-30";
|
||||
src = fetchFromGitHub {
|
||||
owner = "mcepl";
|
||||
@ -24,7 +23,7 @@ builtins.trace "Warning: HTOP mode of gen-oath-safe is currently broken"
|
||||
coreutils
|
||||
openssl
|
||||
qrencode
|
||||
#yubikey-manager
|
||||
yubikey-manager
|
||||
libcaca
|
||||
python
|
||||
];
|
||||
|
33
makefu/5pkgs/hdl-dump/default.nix
Normal file
33
makefu/5pkgs/hdl-dump/default.nix
Normal file
@ -0,0 +1,33 @@
|
||||
{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "hdl-dump";
|
||||
version = "75df8d7";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "AKuHAK";
|
||||
repo = "hdl-dump";
|
||||
rev = version;
|
||||
sha256 = "10jjr6p5yn0c182x17m7q68jmf8gizcny7wjxw7z5yh0fv5s48z4";
|
||||
};
|
||||
|
||||
buildInputs = [ upx wine ];
|
||||
|
||||
makeFlags = [ "RELEASE=yes" ];
|
||||
|
||||
# uses wine, currently broken
|
||||
#postBuild = ''
|
||||
# make -C gui
|
||||
#'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cp hdl_dump $out/bin
|
||||
'';
|
||||
|
||||
meta = {
|
||||
homepage = https://github.com/AKuHAK/hdl-dump ;
|
||||
description = "copy isos to psx hdd";
|
||||
license = lib.licenses.gpl2;
|
||||
};
|
||||
}
|
27
makefu/5pkgs/opl-utils/default.nix
Normal file
27
makefu/5pkgs/opl-utils/default.nix
Normal file
@ -0,0 +1,27 @@
|
||||
{ stdenv, lib, pkgs, fetchFromGitHub }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "opl-utils";
|
||||
version = "881c0d2";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ifcaro";
|
||||
repo = "open-ps2-loader";
|
||||
rev = version;
|
||||
sha256 = "1c2hgbyp5hymyq60mrk7g0m3gi00wqx165pdwwwb740q0qig07d1";
|
||||
};
|
||||
|
||||
|
||||
preBuild = "cd pc/";
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cp */bin/* $out/bin
|
||||
'';
|
||||
|
||||
meta = {
|
||||
homepage = https://github.com/ifcaro/Open-PS2-Loader;
|
||||
description = "open-ps2-loader utils (opl2iso,iso2opl,genvmc)";
|
||||
license = lib.licenses.afl3;
|
||||
};
|
||||
}
|
@ -13,8 +13,9 @@ let
|
||||
then "buildbot"
|
||||
else "makefu";
|
||||
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
|
||||
ref = "3874de4"; # unstable @ 2017-12-08
|
||||
ref = "0f19bee"; # nixos-17.09 @ 2018-01-05
|
||||
# + do_sqlite3 ruby: 55a952be5b5
|
||||
# + signal: 0f19beef3
|
||||
|
||||
in
|
||||
evalSource (toString _file) [
|
||||
|
117
nin/1systems/axon/config.nix
Normal file
117
nin/1systems/axon/config.nix
Normal file
@ -0,0 +1,117 @@
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
<stockholm/nin>
|
||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
#../2configs/copyq.nix
|
||||
<stockholm/nin/2configs/games.nix>
|
||||
<stockholm/nin/2configs/git.nix>
|
||||
<stockholm/nin/2configs/retiolum.nix>
|
||||
<stockholm/nin/2configs/termite.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.axon;
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/pool/root";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/tmp" =
|
||||
{ device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/sda1";
|
||||
fsType = "ext2";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices.crypted.device = "/dev/sda2";
|
||||
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
# Use the GRUB 2 boot loader.
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
# Define on which hard drive you want to install Grub.
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
# services.printing.enable = true;
|
||||
|
||||
# nin config
|
||||
time.timeZone = "Europe/Berlin";
|
||||
services.xserver.enable = true;
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
#networking.wireless.enable = true;
|
||||
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
};
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
|
||||
#nixpkgs.config.steam.java = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
firefox
|
||||
git
|
||||
lmms
|
||||
networkmanagerapplet
|
||||
python
|
||||
steam
|
||||
thunderbird
|
||||
vim
|
||||
virtmanager
|
||||
];
|
||||
|
||||
nixpkgs.config = {
|
||||
|
||||
allowUnfree = true;
|
||||
|
||||
};
|
||||
|
||||
#services.logind.extraConfig = "HandleLidSwitch=ignore";
|
||||
|
||||
services.xserver.synaptics = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
|
||||
services.xserver.desktopManager.xfce = let
|
||||
xbindConfig = pkgs.writeText "xbindkeysrc" ''
|
||||
"${pkgs.pass}/bin/passmenu --type"
|
||||
Control + p
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
extraSessionCommands = ''
|
||||
${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
|
||||
'';
|
||||
};
|
||||
|
||||
# The NixOS release to be compatible with for stateful data such as databases.
|
||||
system.stateVersion = "17.03";
|
||||
|
||||
}
|
4
nin/1systems/axon/source.nix
Normal file
4
nin/1systems/axon/source.nix
Normal file
@ -0,0 +1,4 @@
|
||||
import <stockholm/nin/source.nix> {
|
||||
name = "axon";
|
||||
secure = true;
|
||||
}
|
@ -16,6 +16,7 @@ with import <stockholm/lib>;
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.nin.pubkey
|
||||
config.krebs.users.nin_h.pubkey
|
||||
];
|
||||
};
|
||||
nin = {
|
||||
@ -31,6 +32,7 @@ with import <stockholm/lib>;
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.nin.pubkey
|
||||
config.krebs.users.nin_h.pubkey
|
||||
];
|
||||
};
|
||||
};
|
||||
|
@ -53,7 +53,7 @@ let
|
||||
with git // config.krebs.users;
|
||||
repo:
|
||||
singleton {
|
||||
user = [ nin ];
|
||||
user = [ nin nin_h ];
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
} ++
|
||||
|
Loading…
Reference in New Issue
Block a user