Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
e6486980dd
@ -71,6 +71,7 @@ in {
|
|||||||
<stockholm/makefu/2configs/mqtt.nix>
|
<stockholm/makefu/2configs/mqtt.nix>
|
||||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||||
<stockholm/makefu/2configs/deployment/google-muell.nix>
|
<stockholm/makefu/2configs/deployment/google-muell.nix>
|
||||||
|
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||||
|
|
||||||
|
|
||||||
# security
|
# security
|
||||||
@ -119,7 +120,6 @@ in {
|
|||||||
services.sabnzbd.enable = true;
|
services.sabnzbd.enable = true;
|
||||||
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
|
||||||
makefu.ps3netsrv = {
|
makefu.ps3netsrv = {
|
||||||
enable = true;
|
enable = true;
|
||||||
servedir = "/media/cryptX/emu/ps3";
|
servedir = "/media/cryptX/emu/ps3";
|
||||||
|
@ -6,34 +6,34 @@
|
|||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
<stockholm/makefu>
|
<stockholm/makefu>
|
||||||
|
|
||||||
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
|
# <stockholm/makefu/2configs/hw/vbox-guest.nix>
|
||||||
{ ## Guest Extensions are currently broken
|
{ # until virtualbox-image is fixed
|
||||||
virtualisation.virtualbox.guest.enable = lib.mkForce true;
|
imports = [
|
||||||
|
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||||
|
];
|
||||||
|
boot.loader.grub.device = "/dev/sda";
|
||||||
}
|
}
|
||||||
<stockholm/makefu/2configs/main-laptop.nix>
|
<stockholm/makefu/2configs/main-laptop.nix>
|
||||||
# <secrets/extra-hosts.nix>
|
# <secrets/extra-hosts.nix>
|
||||||
|
|
||||||
# environment
|
# environment
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||||
|
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||||
|
|
||||||
];
|
];
|
||||||
# workaround for https://github.com/NixOS/nixpkgs/issues/16641
|
|
||||||
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
# allow sdev to deploy self
|
# allow sdev to deploy self
|
||||||
users.extraUsers = {
|
users.extraUsers = {
|
||||||
root = {
|
root = {
|
||||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
|
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
# corefonts
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs;[
|
environment.systemPackages = with pkgs;[
|
||||||
ppp xclip
|
ppp xclip
|
||||||
get
|
get
|
||||||
passwdqc-utils
|
passwdqc-utils
|
||||||
docker
|
|
||||||
gnupg
|
gnupg
|
||||||
populate
|
populate
|
||||||
(pkgs.writeScriptBin "tor-browser" ''
|
(pkgs.writeScriptBin "tor-browser" ''
|
||||||
@ -42,18 +42,11 @@
|
|||||||
'')
|
'')
|
||||||
];
|
];
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
25
|
25
|
||||||
80
|
80
|
||||||
8010
|
8010
|
||||||
];
|
];
|
||||||
|
|
||||||
fileSystems."/media/share" = {
|
|
||||||
fsType = "vboxsf";
|
|
||||||
device = "share";
|
|
||||||
options = [ "rw" "uid=9001" "gid=9001" "nofail" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -9,33 +9,8 @@
|
|||||||
imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
|
imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
|
||||||
boot.loader.grub.device = "/dev/sda";
|
boot.loader.grub.device = "/dev/sda";
|
||||||
}
|
}
|
||||||
|
# <stockholm/makefu/2configs/hw/vbox-guest.nix>
|
||||||
{ ## Virtualbox guest is broken on newer kernel
|
|
||||||
# virtualisation.virtualbox.guest.enable = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
# {
|
|
||||||
# imports = [
|
|
||||||
# <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
|
|
||||||
# ];
|
|
||||||
# virtualbox.baseImageSize = 35 * 1024;
|
|
||||||
# fileSystems."/media/share" = {
|
|
||||||
# fsType = "vboxsf";
|
|
||||||
# device = "share";
|
|
||||||
# options = [ "rw" "uid=9001" "gid=9001" ];
|
|
||||||
# };
|
|
||||||
# }
|
|
||||||
|
|
||||||
# {
|
|
||||||
# imports = [
|
|
||||||
# <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
# <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
||||||
# ];
|
|
||||||
# fileSystems."/nix" = {
|
|
||||||
# device ="/dev/disk/by-label/nixstore";
|
|
||||||
# fsType = "ext4";
|
|
||||||
# };
|
|
||||||
# }
|
|
||||||
|
|
||||||
|
|
||||||
# base gui
|
# base gui
|
||||||
# <stockholm/makefu/2configs/main-laptop.nix>
|
# <stockholm/makefu/2configs/main-laptop.nix>
|
||||||
@ -79,14 +54,8 @@
|
|||||||
];
|
];
|
||||||
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
|
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
# allow vbob to deploy self
|
# allow vbob to deploy self
|
||||||
users.extraUsers = {
|
users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
|
||||||
root = {
|
|
||||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.shellAliases = {
|
environment.shellAliases = {
|
||||||
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
|
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
|
||||||
@ -98,16 +67,18 @@
|
|||||||
ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
|
ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
|
||||||
ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
|
ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
# for forticlient
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs;[
|
environment.systemPackages = with pkgs;[
|
||||||
fortclientsslvpn ppp xclip
|
fortclientsslvpn ppp xclip
|
||||||
get
|
get
|
||||||
logstash
|
logstash
|
||||||
# docker
|
|
||||||
#devpi-web
|
#devpi-web
|
||||||
#devpi-client
|
#devpi-client
|
||||||
ansible
|
ansible
|
||||||
];
|
];
|
||||||
# virtualisation.docker.enable = true;
|
|
||||||
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
@ -115,6 +86,6 @@
|
|||||||
80
|
80
|
||||||
8010
|
8010
|
||||||
];
|
];
|
||||||
|
# required for qemu
|
||||||
systemd.services."serial-getty@ttyS0".enable = true;
|
systemd.services."serial-getty@ttyS0".enable = true;
|
||||||
}
|
}
|
||||||
|
@ -40,7 +40,7 @@ with import <stockholm/lib>;
|
|||||||
# Virtualization
|
# Virtualization
|
||||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||||
<stockholm/makefu/2configs/virtualisation/virtualbox.nix>
|
# <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [ 8080 ];
|
networking.firewall.allowedTCPPorts = [ 8080 ];
|
||||||
networking.nat = {
|
networking.nat = {
|
||||||
@ -60,7 +60,7 @@ with import <stockholm/lib>;
|
|||||||
# Hardware
|
# Hardware
|
||||||
<stockholm/makefu/2configs/hw/tp-x230.nix>
|
<stockholm/makefu/2configs/hw/tp-x230.nix>
|
||||||
# <stockholm/makefu/2configs/hw/tpm.nix>
|
# <stockholm/makefu/2configs/hw/tpm.nix>
|
||||||
<stockholm/makefu/2configs/hw/rtl8812au.nix>
|
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
|
||||||
<stockholm/makefu/2configs/hw/network-manager.nix>
|
<stockholm/makefu/2configs/hw/network-manager.nix>
|
||||||
<stockholm/makefu/2configs/hw/stk1160.nix>
|
<stockholm/makefu/2configs/hw/stk1160.nix>
|
||||||
# <stockholm/makefu/2configs/rad1o.nix>
|
# <stockholm/makefu/2configs/rad1o.nix>
|
||||||
@ -78,6 +78,38 @@ with import <stockholm/lib>;
|
|||||||
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
|
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
|
||||||
# <stockholm/makefu/2configs/lanparty/samba.nix>
|
# <stockholm/makefu/2configs/lanparty/samba.nix>
|
||||||
# <stockholm/makefu/2configs/lanparty/mumble-server.nix>
|
# <stockholm/makefu/2configs/lanparty/mumble-server.nix>
|
||||||
|
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
||||||
|
|
||||||
|
{
|
||||||
|
networking.wireguard.interfaces.wg0 = {
|
||||||
|
ips = [ "10.244.0.2/24" ];
|
||||||
|
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
||||||
|
allowedIPsAsRoutes = true;
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# gum
|
||||||
|
endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820";
|
||||||
|
allowedIPs = [ "10.244.0.0/24" ];
|
||||||
|
publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
|
||||||
|
}
|
||||||
|
#{
|
||||||
|
# # vbob
|
||||||
|
# allowedIPs = [ "10.244.0.3/32" ];
|
||||||
|
# publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
|
||||||
|
#}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
{ # auto-mounting
|
||||||
|
services.udisks2.enable = true;
|
||||||
|
services.devmon.enable = true;
|
||||||
|
# services.gnome3.gvfs.enable = true;
|
||||||
|
users.users.makefu.packages = with pkgs;[
|
||||||
|
gvfs pcmanfm lxmenu-data
|
||||||
|
];
|
||||||
|
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
|
||||||
|
}
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
16
makefu/2configs/hw/vbox-guest.nix
Normal file
16
makefu/2configs/hw/vbox-guest.nix
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
{ lib, ...}:
|
||||||
|
{
|
||||||
|
## Guest Extensions are currently broken
|
||||||
|
imports = [
|
||||||
|
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
|
||||||
|
];
|
||||||
|
virtualisation.virtualbox.guest.enable = true;
|
||||||
|
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
|
||||||
|
|
||||||
|
fileSystems."/media/share" = {
|
||||||
|
fsType = "vboxsf";
|
||||||
|
device = "share";
|
||||||
|
options = [ "rw" "uid=9001" "gid=9001" "nofail" ];
|
||||||
|
};
|
||||||
|
# virtualbox.baseImageSize = 35 * 1024;
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user