Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2019-09-25 15:21:03 +02:00
commit be19e6a618
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
18 changed files with 249 additions and 21 deletions

View File

@ -638,6 +638,46 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
};
hilum = {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.20.123";
ip6.addr = r6 "005b";
aliases = [
"hilum.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb
pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi
V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c
SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh
4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE
saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz
vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY
8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ
wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3
RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh
Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl
87b8jfJNXlKFW+EBxBxN2uECAwEAAQ==
-----END PUBLIC KEY-----
'';
};
wiregrill = {
ip6.addr = w6 "005b";
aliases = [
"hilum.w"
];
wireguard.pubkey = ''
0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw=
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w";
syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC";
};
};
users = rec {
lass = lass-blue;

View File

@ -110,8 +110,12 @@ let
hostsArchive = mkOption {
type = types.package;
default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} ''
${pkgs.coreutils}/bin/ln -s ${tinc.config.hostsPackage} hosts
${pkgs.gnutar}/bin/tar -hcjf $out hosts
cp \
--no-preserve=mode \
--recursive \
${tinc.config.hostsPackage} \
hosts
${pkgs.gnutar}/bin/tar -cjf $out hosts
'';
readOnly = true;
};

View File

@ -6,19 +6,10 @@ with import <stockholm/lib>;
version = "1.1.0";
sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
};
"18.09" = {
version = "2.2.0";
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
};
"19.03" = {
version = "2.2.0";
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
};
"19.09" = {
version = "2.2.0";
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
};
}.${versions.majorMinor version};
}.${versions.majorMinor version} or {
version = "2.2.0";
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
};
in mkDerivation {
pname = "blessings";

View File

@ -0,0 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "d484f2b7fc0834a068e8ace851faa449a03963f5",
"date": "2019-09-20T22:58:43+02:00",
"sha256": "0jk93ikryi2hqc30l2n5i4vlgmklrlzb8cf7b3sg1q3k70q344jn",
"fetchSubmodules": false
}

View File

@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "8a30e242181410931bcd0384f7147b6f1ce286a2",
"date": "2019-09-10T08:24:01-04:00",
"sha256": "0574zwcgy3pqjcxli4948sd3sy6h0qw6fvsm4r530gqj41gpwf6b",
"rev": "021d733ea3f87b8c9232020b4e606d08eaca160b",
"date": "2019-09-20T08:20:21+02:00",
"sha256": "13600nzrakvg2hsfg5yr7x0jp9m762nvjyddf07q60d3m7vx9jxy",
"fetchSubmodules": false
}

View File

@ -0,0 +1,9 @@
#!/bin/sh
dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs-channels \
--rev refs/heads/nixos-unstable' \
> $dir/nixpkgs-unstable.json
newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs-unstable: $oldrev -> $newrev"

View File

@ -0,0 +1,28 @@
{ config, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/syncthing.nix>
];
krebs.build.host = config.krebs.hosts.hilum;
boot.loader.grub.extraEntries = ''
menuentry "grml" {
iso_path=/isos/grml.iso
export iso_path
search --set=root --file $iso_path
loopback loop $iso_path
root=(loop)
configfile /boot/grub/loopback.cfg
loopback --delete loop
}
'';
}

View File

@ -0,0 +1,35 @@
{ lib, pkgs, ... }:
{
imports = [
./config.nix
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0";
boot.loader.grub.efiInstallAsRemovable = true;
fileSystems."/" =
{ device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2";
fsType = "ext4";
};
boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2B9E-5131";
fsType = "vfat";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

View File

@ -54,7 +54,7 @@ with import <stockholm/lib>;
folders = {
the_playlist = {
path = "/home/lass/tmp/the_playlist";
peers = [ "mors" "phone" "prism" ];
peers = [ "mors" "phone" "prism" "xerxes" ];
};
free_music = {
id = "mu9mn-zgvsw";

View File

@ -31,7 +31,15 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
];
packages = [
(pkgs.writeDashBin "kick-routing" ''
/run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
'')
];
};
security.sudo.extraConfig = ''
riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
'';
# TODO write function for proxy_pass (ssl/nonssl)

View File

@ -20,6 +20,11 @@
fsType = "ext4";
};
fileSystems."/backups" = {
device = "tank/backups";
fsType = "zfs";
};
fileSystems."/srv/http" = {
device = "tank/srv-http";
fsType = "zfs";

View File

@ -17,6 +17,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/green-host.nix>
<stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/nfs-dl.nix>
];
krebs.build.host = config.krebs.hosts.shodan;
@ -24,4 +25,90 @@ with import <stockholm/lib>;
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
#media center
users.users.media = {
isNormalUser = true;
uid = genid_uint31 "media";
extraGroups = [ "video" "audio" ];
};
services.xserver.displayManager.lightdm.autoLogin = {
enable = true;
user = "media";
};
#hass
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 1883"; target = "ACCEPT"; }
# zerotierone
{ predicate = "-p udp --dport 9993"; target = "ACCEPT"; }
];
services.home-assistant = let
tasmota_s20 = name: topic: {
platform = "mqtt";
inherit name;
state_topic = "stat/${topic}/POWER";
command_topic = "cmnd/${topic}/POWER";
payload_on = "ON";
payload_off = "OFF";
};
in {
enable = true;
package = pkgs.home-assistant.override {
python3 = pkgs.python36;
#extraComponents = [
# (pkgs.fetchgit {
# url = "https://github.com/marcschumacher/dwd_pollen";
# rev = "0.1";
# sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p";
# })
#];
};
config = {
homeassistant = {
name = "Home"; time_zone = "Europe/Berlin";
latitude = "48.7687";
longitude = "9.2478";
elevation = 247;
};
sun.elevation = 66;
discovery = {};
frontend = { };
mqtt = {
broker = "localhost";
port = 1883;
client_id = "home-assistant";
username = "gg23";
password = "gg23-mqtt";
keepalive = 60;
protocol = 3.1;
};
sensor = [
];
switch = [
(tasmota_s20 "Drucker Strom" "drucker")
(tasmota_s20 "Bett Licht" "bett")
];
device_tracker = [
{
platform = "luci";
}
];
};
};
services.mosquitto = {
enable = true;
host = "0.0.0.0";
allowAnonymous = false;
checkPasswords = true;
users.gg23 = {
password = "gg23-mqtt";
acl = [ "topic readwrite #" ];
};
};
environment.systemPackages = [ pkgs.mosquitto ];
}

View File

@ -13,7 +13,6 @@
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
};
fileSystems = {
"/" = {

View File

@ -6,6 +6,7 @@ with import <stockholm/lib>;
useDefaultShell = true;
home = "/backups";
createHome = true;
group = "syncthing";
openssh.authorizedKeys.keys = with config.krebs.hosts; [
blue.ssh.pubkey
];

View File

@ -59,6 +59,7 @@ in {
environment.systemPackages = with pkgs; [
acpi
acpilight
ag
cabal2nix
cholerab
@ -72,6 +73,7 @@ in {
lm_sensors
ncdu
nix-index
nix-review
nmap
pavucontrol
powertop
@ -79,9 +81,10 @@ in {
sxiv
taskwarrior
termite
transgui
wirelesstools
xclip
xephyrify
xorg.xbacklight
xorg.xhost
xsel
zathura
@ -94,6 +97,12 @@ in {
xlibs.fontschumachermisc
];
services.udev.extraRules = ''
SUBSYSTEM=="backlight", ACTION=="add", \
RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", \
RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
'';
services.xserver = {
enable = true;
layout = "us";

View File

@ -3,6 +3,7 @@
./charybdis
./dnsmasq.nix
./ejabberd
./focus.nix
./hosts.nix
./iptables.nix
./slock.nix

4
tv/3modules/focus.nix Normal file
View File

@ -0,0 +1,4 @@
with import <stockholm/lib>;
{
options.tv.focus.enable = mkEnableOption "tv.focus";
}