Merge remote-tracking branch 'enklave/master'
This commit is contained in:
lassulus
commit
b9380d6aba
|
|
@ -1,173 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
# bln config file
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
<stockholm/jeschli>
|
||||
<stockholm/jeschli/2configs/virtualbox.nix>
|
||||
<stockholm/jeschli/2configs/urxvt.nix>
|
||||
<stockholm/jeschli/2configs/emacs.nix>
|
||||
<stockholm/jeschli/2configs/xdg.nix>
|
||||
<stockholm/jeschli/2configs/xserver>
|
||||
# <stockholm/jeschli/1systems/bln/dcso-vpn.nix>
|
||||
<stockholm/jeschli/2configs/officevpn.nix>
|
||||
];
|
||||
|
||||
# boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.efi.efiSysMountPoint = "/boot";
|
||||
boot.loader.grub = {
|
||||
devices = [ "nodev" ];
|
||||
efiSupport = true;
|
||||
enable = true;
|
||||
extraEntries = ''
|
||||
menuentry "Debian" {
|
||||
insmod ext2
|
||||
insmod chain
|
||||
chainloader /EFI/debian/grubx64.efi
|
||||
}
|
||||
'';
|
||||
version = 2;
|
||||
};
|
||||
|
||||
jeschliFontSize = 20;
|
||||
|
||||
environment.shellAliases = {
|
||||
n = "nix-shell";
|
||||
gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
|
||||
gh = "cd /home/markus/go/src/github.com";
|
||||
stocki = pkgs.writeDash "deploy" ''
|
||||
cd ~/stockholm
|
||||
LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"'
|
||||
'';
|
||||
};
|
||||
networking.hostName = lib.mkForce "BLN02NB0232";
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
# Setup Packages
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
|
||||
environment.systemPackages = with pkgs; [
|
||||
termite
|
||||
# system helper
|
||||
ag
|
||||
copyq
|
||||
dmenu
|
||||
git
|
||||
tig
|
||||
i3lock
|
||||
keepass
|
||||
networkmanagerapplet
|
||||
rsync
|
||||
terminator
|
||||
tmux
|
||||
wget
|
||||
rxvt_unicode
|
||||
# editors
|
||||
emacs
|
||||
# databases
|
||||
sqlite
|
||||
# internet
|
||||
thunderbird
|
||||
chromium
|
||||
google-chrome
|
||||
# programming languages
|
||||
elmPackages.elm
|
||||
go
|
||||
gcc
|
||||
ghc
|
||||
python35
|
||||
python35Packages.pip
|
||||
# go tools
|
||||
golint
|
||||
gotools
|
||||
# dev tools
|
||||
gnumake
|
||||
jetbrains.pycharm-professional
|
||||
jetbrains.webstorm
|
||||
jetbrains.goland
|
||||
jetbrains.datagrip
|
||||
texlive.combined.scheme-full
|
||||
pandoc
|
||||
redis
|
||||
vagrant
|
||||
# document viewer
|
||||
zathura
|
||||
|
||||
samba
|
||||
];
|
||||
|
||||
|
||||
programs.bash.enableCompletion = true;
|
||||
programs.vim.defaultEditor = true;
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
services.printing.enable = true;
|
||||
services.printing.drivers = [ pkgs.postscript-lexmark ];
|
||||
|
||||
services.redis.enable = true;
|
||||
|
||||
services.xserver = {
|
||||
|
||||
desktopManager.session = lib.mkForce [];
|
||||
|
||||
enable = true;
|
||||
display = 11;
|
||||
tty = 11;
|
||||
|
||||
dpi = 200;
|
||||
|
||||
videoDrivers = [ "nvidia" ];
|
||||
synaptics = {
|
||||
enable = false;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
users.extraUsers.jeschli = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["docker" "vboxusers" "audio"];
|
||||
uid = 1000;
|
||||
};
|
||||
|
||||
system.stateVersion = "17.09";
|
||||
# Gogland Debugger workaround
|
||||
# nixpkgs.config.packageOverrides = super: {
|
||||
# idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: {
|
||||
# postFixup = ''
|
||||
# interp="$(cat $NIX_CC/nix-support/dynamic-linker)"
|
||||
# patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
|
||||
# chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
|
||||
# '';
|
||||
# });
|
||||
# };
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
# DCSO Certificates
|
||||
security.pki.certificateFiles = [
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
|
||||
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
|
||||
];
|
||||
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
krebs.build.host = config.krebs.hosts.bln;
|
||||
|
||||
networking.interfaces.enp0s31f6.ipv4.addresses = [
|
||||
{ address = "10.99.23.2"; prefixLength = 24; }
|
||||
];
|
||||
|
||||
}
|
||||
|
|
@ -1,44 +0,0 @@
|
|||
with import <stockholm/lib>;
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
|
||||
users.extraUsers = {
|
||||
dcsovpn = rec {
|
||||
name = "dcsovpn";
|
||||
uid = genid "dcsovpn";
|
||||
description = "user for running dcso openvpn";
|
||||
home = "/home/${name}";
|
||||
};
|
||||
};
|
||||
|
||||
users.extraGroups.dcsovpn.gid = genid "dcsovpn";
|
||||
|
||||
services.openvpn.servers = {
|
||||
dcso = {
|
||||
config = ''
|
||||
client
|
||||
dev tun
|
||||
tun-mtu 1356
|
||||
mssfix
|
||||
proto udp
|
||||
float
|
||||
remote 217.111.55.41 1194
|
||||
nobind
|
||||
user dcsovpn
|
||||
group dcsovpn
|
||||
persist-key
|
||||
persist-tun
|
||||
ca ${toString <secrets/dcsovpn/ca.pem>}
|
||||
cert ${toString <secrets/dcsovpn/cert.pem>}
|
||||
key ${toString <secrets/dcsovpn/cert.key>}
|
||||
verb 3
|
||||
mute 20
|
||||
auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
|
||||
route-method exe
|
||||
route-delay 2
|
||||
'';
|
||||
updateResolvConf = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sr_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/25534522-5748-4dcc-a5ca-80a3ac70f59d";
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/496c8889-96db-446d-9bac-60d4347faeac";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/disk/by-uuid/2785adf5-a99e-49d7-86d6-99f393f457ea";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/927E-01A0";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 8;
|
||||
powerManagement.cpuFreqGovernor = "powersave";
|
||||
|
||||
hardware.pulseaudio.enable = true;
|
||||
}
|
||||
|
|
@ -37,6 +37,11 @@
|
|||
cd ~/stockholm
|
||||
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="brauerei"'
|
||||
'';
|
||||
deploy = pkgs.writeDash "deploy" ''
|
||||
set -eu
|
||||
export SYSTEM="$1"
|
||||
$(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
|
||||
'';
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
|
@ -138,6 +143,14 @@
|
|||
isNormalUser = true;
|
||||
uid = 1001; # TODO genid
|
||||
};
|
||||
users.users.dev = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
|
||||
|
|
|
|||
|
|
@ -222,7 +222,7 @@ myKeys conf = Map.fromList $
|
|||
pagerConfig :: PagerConfig
|
||||
pagerConfig = def
|
||||
{ pc_font = myFont
|
||||
, pc_cellwidth = 256
|
||||
, pc_cellwidth = 100
|
||||
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
|
||||
--, pc_borderwidth = 1
|
||||
--, pc_matchcolor = "#f0b000"
|
||||
|
|
|
|||
|
|
@ -7,43 +7,6 @@ with import <stockholm/lib>;
|
|||
owner = config.krebs.users.jeschli;
|
||||
ci = true;
|
||||
}) {
|
||||
bln = {
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.27.28";
|
||||
ip6.addr = "42::28";
|
||||
aliases = [
|
||||
"bln.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIECgKCBAEAwoN2f6iyQ1Wnk4rZVqhovny8VpwWvC9buE+NoedRaxmWmA5QIP02
|
||||
BLwTWFKnbiKOQiYN+a4m/JKs0fFOjYCa2EKhqWWKwdEIN4wJTq8zrjzIaa2rdz+8
|
||||
tamE+8rSYDE+RbJ6Gs3SUDfwcxJT6FXCi3JYoirdhAssLSwTf9d5IsfXvkKMabky
|
||||
FpY9Im51utmIR8UmYL4Ti7dEaOxif+5Hgl1LuitC8e2IIZJhXJprK9tJk9J0LRWt
|
||||
PUM31IG1+A2hNBzs5hferLmmwFvYF1sJ22NtFepxVyOLaLcLEFKWHyU+14qEMSgL
|
||||
acsu0lgVZ4A1TY6vVBmawfVCzUzRfalNIty1x+qDA4MB1RQ4W7ivWCjd/+wirSyc
|
||||
BLxCvriXRdUwPIRoHy0kNMmS83HGm2iv2IrHUrcH8lyJvMys216J2lCF2arRVnBn
|
||||
lArObfR3mXgd/YoANmZ4cinLAjLCjCjXfOe39+pvTFph6WnDt4gOO+tQlnCk19Fa
|
||||
NoiK1THcuZiFVE+4CAXVmstNqYKSMgw+Upw7/t6iUzur98iwKpcicomhJjGVVtbg
|
||||
2iDf4lYVrUyb7iPns2T4EzAuHk7iESktEASU5creSbWYRu/4uyhuNlUoiCpVOEKg
|
||||
H9jkrLlCpQGv/GmgdH9oj35Dsv5TINauCT2jjWV65wcKAlvyafy5UtLyF4HBRHaM
|
||||
2xyxC9gxr8bmeOFyOnHVJQvpkeLxyaRp/VppjCTzr82TQvpZd5a+tISIbDGfqX1o
|
||||
cEyPsowb3KHNtW9DqRBp+80fPGnQHsNjVXbJb37wjpnR/ePg/XyENbZF/OQEsjqt
|
||||
bki8hZQXKJAFyx1bq/2A1q4ocx7JlJKynL4szG1unHbSPKNH2OOVvoezuP7e+lXU
|
||||
gnzrSbe9lPIOp4Vu1HjWOi6tNWZFoZrSHVIK+VGxm+wm/HoS+Enj4Yq+vRvU3luv
|
||||
UllR5KHHK2970RbFEUE0zaVMZjQn5KgJjFXfqfrCztp0wZ5CQo+tRFPq35llaIQ2
|
||||
0WyT2IZlxt1Xr2IpOM0DpO4SJnivZT/wdZN7upzsUPf4a9suztpA3KcKAKqH0OM5
|
||||
fv2/LXspc73vACAOZ9qDJnwp8bFrMOaQdAL1oPpOLB3yYTDA3E20IAQ6OKoSy1Nl
|
||||
B4coqo1gBCcMrWwVFYAuc5J4itXJ0SSj67+WUnuDzPm88LI3g+AO0r1m6k6YdA58
|
||||
SeNxYPMLYNLRg86rsjKjXu+QyvBsd04O/QvIxpTFCtdjbUXNS1H4++/inYZSwWPp
|
||||
U0lN9erLJbwr4WqU/Mn6J+jKijXwmCSiF5if5baszMsOL/0u9yFt6OcaLyehE3sJ
|
||||
eAo00n9phSna0lxtbtRnh/Gd4D7rFcX33wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
brauerei = {
|
||||
nets = {
|
||||
retiolum = {
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit c27a9416e8ee04d708b11b48f8cf1a055c0cc079
|
||||
Subproject commit 0660cc1a1169e799bda356c6fadb245a96345816
|
||||
Loading…
Reference in New Issue
Block a user