Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2018-02-16 22:40:19 +01:00
commit e6486980dd
5 changed files with 68 additions and 56 deletions

View File

@ -71,6 +71,7 @@ in {
<stockholm/makefu/2configs/mqtt.nix> <stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix> <stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
# security # security
@ -119,7 +120,6 @@ in {
services.sabnzbd.enable = true; services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
virtualisation.docker.enable = true;
makefu.ps3netsrv = { makefu.ps3netsrv = {
enable = true; enable = true;
servedir = "/media/cryptX/emu/ps3"; servedir = "/media/cryptX/emu/ps3";

View File

@ -6,34 +6,34 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
<stockholm/makefu> <stockholm/makefu>
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>) # <stockholm/makefu/2configs/hw/vbox-guest.nix>
{ ## Guest Extensions are currently broken { # until virtualbox-image is fixed
virtualisation.virtualbox.guest.enable = lib.mkForce true; imports = [
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
];
boot.loader.grub.device = "/dev/sda";
} }
<stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix> # <secrets/extra-hosts.nix>
# environment # environment
<stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
]; ];
# workaround for https://github.com/NixOS/nixpkgs/issues/16641
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
nixpkgs.config.allowUnfree = true;
# allow sdev to deploy self # allow sdev to deploy self
users.extraUsers = { users.extraUsers = {
root = { root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
}; };
}; };
# corefonts
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[ environment.systemPackages = with pkgs;[
ppp xclip ppp xclip
get get
passwdqc-utils passwdqc-utils
docker
gnupg gnupg
populate populate
(pkgs.writeScriptBin "tor-browser" '' (pkgs.writeScriptBin "tor-browser" ''
@ -42,18 +42,11 @@
'') '')
]; ];
virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
25 25
80 80
8010 8010
]; ];
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = [ "rw" "uid=9001" "gid=9001" "nofail" ];
};
} }

View File

@ -9,33 +9,8 @@
imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ]; imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
} }
# <stockholm/makefu/2configs/hw/vbox-guest.nix>
{ ## Virtualbox guest is broken on newer kernel
# virtualisation.virtualbox.guest.enable = true;
}
# {
# imports = [
# <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
# ];
# virtualbox.baseImageSize = 35 * 1024;
# fileSystems."/media/share" = {
# fsType = "vboxsf";
# device = "share";
# options = [ "rw" "uid=9001" "gid=9001" ];
# };
# }
# {
# imports = [
# <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
# ];
# fileSystems."/nix" = {
# device ="/dev/disk/by-label/nixstore";
# fsType = "ext4";
# };
# }
# base gui # base gui
# <stockholm/makefu/2configs/main-laptop.nix> # <stockholm/makefu/2configs/main-laptop.nix>
@ -79,14 +54,8 @@
]; ];
networking.extraHosts = import (toString <secrets/extra-hosts.nix>); networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
nixpkgs.config.allowUnfree = true;
# allow vbob to deploy self # allow vbob to deploy self
users.extraUsers = { users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
environment.shellAliases = { environment.shellAliases = {
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
@ -98,16 +67,18 @@
ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
''; '';
# for forticlient
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[ environment.systemPackages = with pkgs;[
fortclientsslvpn ppp xclip fortclientsslvpn ppp xclip
get get
logstash logstash
# docker
#devpi-web #devpi-web
#devpi-client #devpi-client
ansible ansible
]; ];
# virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
@ -115,6 +86,6 @@
80 80
8010 8010
]; ];
# required for qemu
systemd.services."serial-getty@ttyS0".enable = true; systemd.services."serial-getty@ttyS0".enable = true;
} }

View File

@ -40,7 +40,7 @@ with import <stockholm/lib>;
# Virtualization # Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/virtualbox.nix> # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
{ {
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [ 8080 ];
networking.nat = { networking.nat = {
@ -60,7 +60,7 @@ with import <stockholm/lib>;
# Hardware # Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix> <stockholm/makefu/2configs/hw/tp-x230.nix>
# <stockholm/makefu/2configs/hw/tpm.nix> # <stockholm/makefu/2configs/hw/tpm.nix>
<stockholm/makefu/2configs/hw/rtl8812au.nix> # <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix> <stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix> <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix> # <stockholm/makefu/2configs/rad1o.nix>
@ -78,6 +78,38 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix> # <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
# <stockholm/makefu/2configs/lanparty/samba.nix> # <stockholm/makefu/2configs/lanparty/samba.nix>
# <stockholm/makefu/2configs/lanparty/mumble-server.nix> # <stockholm/makefu/2configs/lanparty/mumble-server.nix>
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
{
networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.0.2/24" ];
privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true;
peers = [
{
# gum
endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820";
allowedIPs = [ "10.244.0.0/24" ];
publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
}
#{
# # vbob
# allowedIPs = [ "10.244.0.3/32" ];
# publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
#}
];
};
}
{ # auto-mounting
services.udisks2.enable = true;
services.devmon.enable = true;
# services.gnome3.gvfs.enable = true;
users.users.makefu.packages = with pkgs;[
gvfs pcmanfm lxmenu-data
];
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
}
]; ];

View File

@ -0,0 +1,16 @@
{ lib, ...}:
{
## Guest Extensions are currently broken
imports = [
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
];
virtualisation.virtualbox.guest.enable = true;
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = [ "rw" "uid=9001" "gid=9001" "nofail" ];
};
# virtualbox.baseImageSize = 35 * 1024;
}