Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
be19e6a618
@ -638,6 +638,46 @@ in {
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
|
||||
};
|
||||
hilum = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.20.123";
|
||||
ip6.addr = r6 "005b";
|
||||
aliases = [
|
||||
"hilum.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb
|
||||
pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi
|
||||
V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c
|
||||
SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh
|
||||
4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE
|
||||
saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz
|
||||
vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY
|
||||
8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ
|
||||
wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3
|
||||
RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh
|
||||
Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl
|
||||
87b8jfJNXlKFW+EBxBxN2uECAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
wiregrill = {
|
||||
ip6.addr = w6 "005b";
|
||||
aliases = [
|
||||
"hilum.w"
|
||||
];
|
||||
wireguard.pubkey = ''
|
||||
0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw=
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w";
|
||||
syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC";
|
||||
};
|
||||
};
|
||||
users = rec {
|
||||
lass = lass-blue;
|
||||
|
@ -110,8 +110,12 @@ let
|
||||
hostsArchive = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} ''
|
||||
${pkgs.coreutils}/bin/ln -s ${tinc.config.hostsPackage} hosts
|
||||
${pkgs.gnutar}/bin/tar -hcjf $out hosts
|
||||
cp \
|
||||
--no-preserve=mode \
|
||||
--recursive \
|
||||
${tinc.config.hostsPackage} \
|
||||
hosts
|
||||
${pkgs.gnutar}/bin/tar -cjf $out hosts
|
||||
'';
|
||||
readOnly = true;
|
||||
};
|
||||
|
@ -6,19 +6,10 @@ with import <stockholm/lib>;
|
||||
version = "1.1.0";
|
||||
sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
|
||||
};
|
||||
"18.09" = {
|
||||
}.${versions.majorMinor version} or {
|
||||
version = "2.2.0";
|
||||
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
|
||||
};
|
||||
"19.03" = {
|
||||
version = "2.2.0";
|
||||
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
|
||||
};
|
||||
"19.09" = {
|
||||
version = "2.2.0";
|
||||
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
|
||||
};
|
||||
}.${versions.majorMinor version};
|
||||
|
||||
in mkDerivation {
|
||||
pname = "blessings";
|
||||
|
7
krebs/nixpkgs-unstable.json
Normal file
7
krebs/nixpkgs-unstable.json
Normal file
@ -0,0 +1,7 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs-channels",
|
||||
"rev": "d484f2b7fc0834a068e8ace851faa449a03963f5",
|
||||
"date": "2019-09-20T22:58:43+02:00",
|
||||
"sha256": "0jk93ikryi2hqc30l2n5i4vlgmklrlzb8cf7b3sg1q3k70q344jn",
|
||||
"fetchSubmodules": false
|
||||
}
|
@ -1,7 +1,7 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs-channels",
|
||||
"rev": "8a30e242181410931bcd0384f7147b6f1ce286a2",
|
||||
"date": "2019-09-10T08:24:01-04:00",
|
||||
"sha256": "0574zwcgy3pqjcxli4948sd3sy6h0qw6fvsm4r530gqj41gpwf6b",
|
||||
"rev": "021d733ea3f87b8c9232020b4e606d08eaca160b",
|
||||
"date": "2019-09-20T08:20:21+02:00",
|
||||
"sha256": "13600nzrakvg2hsfg5yr7x0jp9m762nvjyddf07q60d3m7vx9jxy",
|
||||
"fetchSubmodules": false
|
||||
}
|
||||
|
9
krebs/update-nixpkgs-unstable.sh
Executable file
9
krebs/update-nixpkgs-unstable.sh
Executable file
@ -0,0 +1,9 @@
|
||||
#!/bin/sh
|
||||
dir=$(dirname $0)
|
||||
oldrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
||||
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
|
||||
--url https://github.com/NixOS/nixpkgs-channels \
|
||||
--rev refs/heads/nixos-unstable' \
|
||||
> $dir/nixpkgs-unstable.json
|
||||
newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
||||
git commit $dir/nixpkgs.json -m "nixpkgs-unstable: $oldrev -> $newrev"
|
28
lass/1systems/hilum/config.nix
Normal file
28
lass/1systems/hilum/config.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/baseX.nix>
|
||||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/network-manager.nix>
|
||||
<stockholm/lass/2configs/mail.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.hilum;
|
||||
|
||||
boot.loader.grub.extraEntries = ''
|
||||
menuentry "grml" {
|
||||
iso_path=/isos/grml.iso
|
||||
export iso_path
|
||||
search --set=root --file $iso_path
|
||||
loopback loop $iso_path
|
||||
root=(loop)
|
||||
configfile /boot/grub/loopback.cfg
|
||||
loopback --delete loop
|
||||
}
|
||||
'';
|
||||
}
|
35
lass/1systems/hilum/physical.nix
Normal file
35
lass/1systems/hilum/physical.nix
Normal file
@ -0,0 +1,35 @@
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.efiSupport = true;
|
||||
boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0";
|
||||
boot.loader.grub.efiInstallAsRemovable = true;
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4";
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/2B9E-5131";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
}
|
@ -54,7 +54,7 @@ with import <stockholm/lib>;
|
||||
folders = {
|
||||
the_playlist = {
|
||||
path = "/home/lass/tmp/the_playlist";
|
||||
peers = [ "mors" "phone" "prism" ];
|
||||
peers = [ "mors" "phone" "prism" "xerxes" ];
|
||||
};
|
||||
free_music = {
|
||||
id = "mu9mn-zgvsw";
|
||||
|
@ -31,7 +31,15 @@ with import <stockholm/lib>;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
|
||||
];
|
||||
packages = [
|
||||
(pkgs.writeDashBin "kick-routing" ''
|
||||
/run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
|
||||
'')
|
||||
];
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
|
||||
'';
|
||||
|
||||
# TODO write function for proxy_pass (ssl/nonssl)
|
||||
|
||||
|
@ -20,6 +20,11 @@
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/backups" = {
|
||||
device = "tank/backups";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/srv/http" = {
|
||||
device = "tank/srv-http";
|
||||
fsType = "zfs";
|
||||
|
@ -17,6 +17,7 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
<stockholm/lass/2configs/green-host.nix>
|
||||
<stockholm/lass/2configs/ssh-cryptsetup.nix>
|
||||
<stockholm/lass/2configs/nfs-dl.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.shodan;
|
||||
@ -24,4 +25,90 @@ with import <stockholm/lib>;
|
||||
services.logind.extraConfig = ''
|
||||
HandleLidSwitch=ignore
|
||||
'';
|
||||
|
||||
#media center
|
||||
users.users.media = {
|
||||
isNormalUser = true;
|
||||
uid = genid_uint31 "media";
|
||||
extraGroups = [ "video" "audio" ];
|
||||
};
|
||||
|
||||
services.xserver.displayManager.lightdm.autoLogin = {
|
||||
enable = true;
|
||||
user = "media";
|
||||
};
|
||||
|
||||
#hass
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport 1883"; target = "ACCEPT"; }
|
||||
# zerotierone
|
||||
{ predicate = "-p udp --dport 9993"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
services.home-assistant = let
|
||||
tasmota_s20 = name: topic: {
|
||||
platform = "mqtt";
|
||||
inherit name;
|
||||
state_topic = "stat/${topic}/POWER";
|
||||
command_topic = "cmnd/${topic}/POWER";
|
||||
payload_on = "ON";
|
||||
payload_off = "OFF";
|
||||
};
|
||||
in {
|
||||
enable = true;
|
||||
package = pkgs.home-assistant.override {
|
||||
python3 = pkgs.python36;
|
||||
#extraComponents = [
|
||||
# (pkgs.fetchgit {
|
||||
# url = "https://github.com/marcschumacher/dwd_pollen";
|
||||
# rev = "0.1";
|
||||
# sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p";
|
||||
# })
|
||||
#];
|
||||
};
|
||||
config = {
|
||||
homeassistant = {
|
||||
name = "Home"; time_zone = "Europe/Berlin";
|
||||
latitude = "48.7687";
|
||||
longitude = "9.2478";
|
||||
elevation = 247;
|
||||
};
|
||||
sun.elevation = 66;
|
||||
discovery = {};
|
||||
frontend = { };
|
||||
mqtt = {
|
||||
broker = "localhost";
|
||||
port = 1883;
|
||||
client_id = "home-assistant";
|
||||
username = "gg23";
|
||||
password = "gg23-mqtt";
|
||||
keepalive = 60;
|
||||
protocol = 3.1;
|
||||
};
|
||||
sensor = [
|
||||
];
|
||||
switch = [
|
||||
(tasmota_s20 "Drucker Strom" "drucker")
|
||||
(tasmota_s20 "Bett Licht" "bett")
|
||||
];
|
||||
device_tracker = [
|
||||
{
|
||||
platform = "luci";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.mosquitto = {
|
||||
enable = true;
|
||||
host = "0.0.0.0";
|
||||
allowAnonymous = false;
|
||||
checkPasswords = true;
|
||||
users.gg23 = {
|
||||
password = "gg23-mqtt";
|
||||
acl = [ "topic readwrite #" ];
|
||||
};
|
||||
};
|
||||
environment.systemPackages = [ pkgs.mosquitto ];
|
||||
}
|
||||
|
@ -13,7 +13,6 @@
|
||||
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
|
||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||
#kernelModules = [ "kvm-intel" "msr" ];
|
||||
};
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
|
@ -6,6 +6,7 @@ with import <stockholm/lib>;
|
||||
useDefaultShell = true;
|
||||
home = "/backups";
|
||||
createHome = true;
|
||||
group = "syncthing";
|
||||
openssh.authorizedKeys.keys = with config.krebs.hosts; [
|
||||
blue.ssh.pubkey
|
||||
];
|
||||
|
@ -59,6 +59,7 @@ in {
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
acpi
|
||||
acpilight
|
||||
ag
|
||||
cabal2nix
|
||||
cholerab
|
||||
@ -72,6 +73,7 @@ in {
|
||||
lm_sensors
|
||||
ncdu
|
||||
nix-index
|
||||
nix-review
|
||||
nmap
|
||||
pavucontrol
|
||||
powertop
|
||||
@ -79,9 +81,10 @@ in {
|
||||
sxiv
|
||||
taskwarrior
|
||||
termite
|
||||
transgui
|
||||
wirelesstools
|
||||
xclip
|
||||
xephyrify
|
||||
xorg.xbacklight
|
||||
xorg.xhost
|
||||
xsel
|
||||
zathura
|
||||
@ -94,6 +97,12 @@ in {
|
||||
xlibs.fontschumachermisc
|
||||
];
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="backlight", ACTION=="add", \
|
||||
RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", \
|
||||
RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
|
||||
'';
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
layout = "us";
|
||||
|
@ -3,6 +3,7 @@
|
||||
./charybdis
|
||||
./dnsmasq.nix
|
||||
./ejabberd
|
||||
./focus.nix
|
||||
./hosts.nix
|
||||
./iptables.nix
|
||||
./slock.nix
|
||||
|
4
tv/3modules/focus.nix
Normal file
4
tv/3modules/focus.nix
Normal file
@ -0,0 +1,4 @@
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
options.tv.focus.enable = mkEnableOption "tv.focus";
|
||||
}
|
Loading…
Reference in New Issue
Block a user