diff options
| author | makefu <github@syntax-fehler.de> | 2018-12-19 14:10:21 +0100 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2018-12-19 14:10:21 +0100 |
| commit | b7529f97e118f1b4da91acae2c21a06eae6e5638 (patch) | |
| tree | b368295e641d65b7303cb987be85f80c3c62cd9b | |
| parent | 5299bd93a0240580bc1aec377436c44273f144e5 (diff) | |
| parent | dc79107558105a3b6afb558f194965fcb3867542 (diff) | |
Merge remote-tracking branch 'lass/master'
31 files changed, 156 insertions, 86 deletions
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 02d28ddc..39922e2e 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -289,6 +289,31 @@ in { }; }; }; + qubasa = { + owner = config.krebs.users.qubasa; + nets = { + retiolum = { + ip4.addr = "10.243.29.175"; + aliases = [ "qubasa.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ioASTOx6Vndp316u89Z + f+9WgfyVGw9deP2pQjoHnsPjBqRrsDCQGFO/U1ILQn0AWskQpHWHRir7Q6cI90jm + 8MqqGVymVFbeYbrOLHLjp+2fle9iU9DfST4O76TQwF/3elLf3tpGFS8EB+qF3Ig7 + aVOf5TuHPWWj6VtGTuWW9I8MsPnNykyRstlWXEztIs2zQrc0cO1IGd1QVarDGqTs + KR4Zm7PvF7U193NzPLaH6jcdjF37FETLrNxAu88M+YnvXBp4oRHeJmvBloazpH0v + aSb3+vNRlViMSlf9ImpAHlFRyvYYDAWlIY0nyeNUJna1ImGloSStLtBAhFAwc65j + kmrXeK3TVAoGZQOvSbjFmI/nBgfHEOnz/9aRVHGUNoQ/nAM6UhALFEZV6sdjX6W4 + 3p670DEO5fiI3fqqErkscbv8zSEjfmxV4YGMXVMw8Ub87fGwQEF17uDLeqD0k9AB + 7umwrWP53YffauAqinma0I6RcLRVRfJ2vhyBH1mKwAAW55WU6DpBTydy46kxy/Oz + k9Cnxw7oMydUAAdnf5Axgs+dcx43lnXvGsoHi4lZycYhqtPe2YI152HAbGfmrixV + Slzh8aiinBkLYW2VzJNTRmHvB3njjeua4/guXwe00G7MIs3UDMIieJNcVxb+E07v + vF2rqhqU9b+1MQRhIPsBf4cCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; }; users = { Mic92 = { @@ -301,6 +326,9 @@ in { }; sokratess = { }; + qubasa = { + mail = "luis.nixos@gmail.com"; + }; }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1eac198f..9d1d56ad 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -8,7 +8,7 @@ with import <stockholm/lib>; }; r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; - w6 = ip: (krebs.genipv6 "wirelum" "lass" ip).address; + w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; in { dns.providers = { @@ -89,7 +89,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { via = internet; ip4.addr = "10.244.1.1"; ip6.addr = w6 "1"; @@ -98,7 +98,11 @@ in { ]; wireguard = { pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; - subnets = [ "10.244.1.0/24" "42:1::/32" ]; + subnets = [ + "10.244.1.0/24" + (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR + (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR + ]; }; }; }; @@ -191,7 +195,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "dea7"; aliases = [ "mors.w" @@ -224,7 +228,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "50da"; aliases = [ "shodan.w" @@ -257,7 +261,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "1205"; aliases = [ "icarus.w" @@ -419,7 +423,7 @@ in { -----END PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "3110"; aliases = [ "yellow.w" @@ -456,7 +460,7 @@ in { -----END PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "b1ce"; aliases = [ "blue.w" @@ -469,7 +473,7 @@ in { }; phone = { nets = { - wirelum = { + wiregrill = { ip4.addr = "10.244.1.2"; ip6.addr = w6 "a"; aliases = [ @@ -506,7 +510,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "012f"; aliases = [ "morpheus.w" diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 0683492b..a20801b1 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -1,12 +1,30 @@ with import <stockholm/lib>; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host ({ - owner = config.krebs.users.tv; - } // optionalAttrs (host.nets?retiolum) { - nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address; - }); + hostDefaults = hostName: host: foldl' recursiveUpdate {} [ + { + owner = config.krebs.users.tv; + } + (optionalAttrs (host.nets?retiolum) { + nets.retiolum = { + ip6.addr = + (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address; + }; + }) + (let + pubkey-path = ./wiregrill + "/${hostName}.pub"; + in optionalAttrs (pathExists pubkey-path) { + nets.wiregrill = { + aliases = [ + "${hostName}.w" + ]; + ip6.addr = + (krebs.genipv6 "wiregrill" "tv" { inherit hostName; }).address; + wireguard.pubkey = readFile pubkey-path; + }; + }) + host + ]; in { dns.providers = { @@ -103,6 +121,9 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill.wireguard.subnets = [ + (krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR + ]; }; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb"; }; diff --git a/krebs/3modules/tv/wiregrill/alnus.pub b/krebs/3modules/tv/wiregrill/alnus.pub new file mode 100644 index 00000000..de85e54d --- /dev/null +++ b/krebs/3modules/tv/wiregrill/alnus.pub @@ -0,0 +1 @@ +w7+6kMf1P3Ka0kXXY4CCbr80TrWPYpe/zd13yuvz9SE= diff --git a/krebs/3modules/tv/wiregrill/mu.pub b/krebs/3modules/tv/wiregrill/mu.pub new file mode 100644 index 00000000..18edc898 --- /dev/null +++ b/krebs/3modules/tv/wiregrill/mu.pub @@ -0,0 +1 @@ +4bboT+cZM1BYvNho9oKbO0MFnPFTvmASR+1IdV4/fwQ= diff --git a/krebs/3modules/tv/wiregrill/ni.pub b/krebs/3modules/tv/wiregrill/ni.pub new file mode 100644 index 00000000..257b2983 --- /dev/null +++ b/krebs/3modules/tv/wiregrill/ni.pub @@ -0,0 +1 @@ +KiIiwkuin+E4FXqFajJjnoGKkHW3H3FzIx5EQrF1+lw= diff --git a/krebs/3modules/tv/wiregrill/nomic.pub b/krebs/3modules/tv/wiregrill/nomic.pub new file mode 100644 index 00000000..be9c94be --- /dev/null +++ b/krebs/3modules/tv/wiregrill/nomic.pub @@ -0,0 +1 @@ +UgvgarDtuSvbciNx5SU2NDbctb9/OTQ9Kr8H/O3931A= diff --git a/krebs/3modules/tv/wiregrill/querel.pub b/krebs/3modules/tv/wiregrill/querel.pub new file mode 100644 index 00000000..2273cf99 --- /dev/null +++ b/krebs/3modules/tv/wiregrill/querel.pub @@ -0,0 +1 @@ +sxaqrsqcDgdM3+QH6mxzqDs3SLWgm7J8AytpIbRZ2n0= diff --git a/krebs/3modules/tv/wiregrill/wu.pub b/krebs/3modules/tv/wiregrill/wu.pub new file mode 100644 index 00000000..0d25d9de --- /dev/null +++ b/krebs/3modules/tv/wiregrill/wu.pub @@ -0,0 +1 @@ +68bL6l3/sjbirva80tm0Dw6/PJu1S95nJC58gWCh42E= diff --git a/krebs/3modules/tv/wiregrill/xu.pub b/krebs/3modules/tv/wiregrill/xu.pub new file mode 100644 index 00000000..ba0c7dd0 --- /dev/null +++ b/krebs/3modules/tv/wiregrill/xu.pub @@ -0,0 +1 @@ +XU76RFN0jG/YjffAPg3e3VuHF/iKMvVoRhHmixvLL1s= diff --git a/krebs/3modules/tv/wiregrill/zu.pub b/krebs/3modules/tv/wiregrill/zu.pub new file mode 100644 index 00000000..0238dd65 --- /dev/null +++ b/krebs/3modules/tv/wiregrill/zu.pub @@ -0,0 +1 @@ +WrILdnsketejrJuYM/sLEh89GdSVbddv8BG/D3sW7kw= diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 2f28cc0d..7fe143c3 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -6,6 +6,7 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/blue-host.nix> ]; networking.networkmanager.enable = true; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 962a77cc..6c454b4a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -298,15 +298,15 @@ with import <stockholm/lib>; } { imports = [ - <stockholm/lass/2configs/wirelum.nix> + <stockholm/lass/2configs/wiregrill.nix> ]; krebs.iptables.tables.nat.PREROUTING.rules = [ { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } { v4 = false; precedence = 1000; predicate = "-s 42:1::/32"; target = "ACCEPT"; } ]; krebs.iptables.tables.filter.FORWARD.rules = [ - { precedence = 1000; predicate = "-i wirelum -o retiolum"; target = "ACCEPT"; } - { precedence = 1000; predicate = "-i retiolum -o wirelum"; target = "ACCEPT"; } + { precedence = 1000; predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; } + { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; } diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 13a8b3e4..4b806af7 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -5,7 +5,6 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/power-action.nix> { diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 859a2a1b..1b6a1d59 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -64,6 +64,7 @@ in { dic dmenu font-size + fzfmenu gitAndTools.qgit git-preview gnome3.dconf diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 9cf294af..718a92e9 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -7,6 +7,7 @@ let "daedalus" "skynet" "prism" + "littleT" ]; remote_hosts = filter (h: h != config.networking.hostName) all_hosts; diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 6dc2b121..cdd77e84 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -22,9 +22,9 @@ with (import <stockholm/lib>); krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-i wirelum -p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";} - { predicate = "-i wirelum -p tcp --dport 9999"; target = "ACCEPT";} + { predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";} ]; systemd.services.chat = let diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index dea32d4d..62a42baf 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -10,7 +10,7 @@ with import <stockholm/lib>; ./zsh.nix ./htop.nix ./security-workarounds.nix - ./wirelum.nix + ./wiregrill.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 4935268a..25dac0ac 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -126,6 +126,7 @@ in { { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } { from = "akayguen@freemonkey.art"; to ="akayguen"; } { from = "bui@freemonkey.art"; to ="bui"; } + { from = "kontakt@alewis.de"; to ="klabusterbeere"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -134,6 +135,7 @@ in { "jla-trading.com" "ubikmedia.eu" "ubikmedia.de" + "alewis.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; @@ -204,5 +206,12 @@ in { createHome = true; }; + users.users.klabusterbeere = { + uid = genid_uint31 "klabusterbeere"; + home = "/home/klabusterbeere"; + useDefaultShell = true; + createHome = true; + }; + } diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix new file mode 100644 index 00000000..0183bd4e --- /dev/null +++ b/lass/2configs/wiregrill.nix @@ -0,0 +1,44 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: let + + self = config.krebs.build.host.nets.wiregrill; + isRouter = !isNull self.via; + +in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { + #hack for modprobe inside containers + systemd.services."wireguard-wiregrill".path = mkIf config.boot.isContainer (mkBefore [ + (pkgs.writeDashBin "modprobe" ":") + ]); + + boot.kernel.sysctl = mkIf isRouter { + "net.ipv6.conf.all.forwarding" = 1; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [ + { precedence = 1000; predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; } + ]; + + networking.wireguard.interfaces.wiregrill = { + ips = + (optional (!isNull self.ip4) self.ip4.addr) ++ + (optional (!isNull self.ip6) self.ip6.addr); + listenPort = 51820; + privateKeyFile = (toString <secrets>) + "/wiregrill.key"; + allowedIPsAsRoutes = true; + peers = mapAttrsToList + (_: host: { + allowedIPs = if isRouter then + (optional (!isNull host.nets.wiregrill.ip4) host.nets.wiregrill.ip4.addr) ++ + (optional (!isNull host.nets.wiregrill.ip6) host.nets.wiregrill.ip6.addr) + else + host.nets.wiregrill.wireguard.subnets + ; + endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}"); + persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61; + publicKey = (replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey); + }) + (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts); + }; +} diff --git a/lass/2configs/wirelum.nix b/lass/2configs/wirelum.nix deleted file mode 100644 index cd8a20c6..00000000 --- a/lass/2configs/wirelum.nix +++ /dev/null @@ -1,44 +0,0 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let - - self = config.krebs.build.host.nets.wirelum; - isRouter = !isNull self.via; - -in mkIf (hasAttr "wirelum" config.krebs.build.host.nets) { - #hack for modprobe inside containers - systemd.services."wireguard-wirelum".path = mkIf config.boot.isContainer (mkBefore [ - (pkgs.writeDashBin "modprobe" ":") - ]); - - boot.kernel.sysctl = mkIf isRouter { - "net.ipv6.conf.all.forwarding" = 1; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [ - { precedence = 1000; predicate = "-i wirelum -o wirelum"; target = "ACCEPT"; } - ]; - - networking.wireguard.interfaces.wirelum = { - ips = - (optional (!isNull self.ip4) self.ip4.addr) ++ - (optional (!isNull self.ip6) self.ip6.addr); - listenPort = 51820; - privateKeyFile = (toString <secrets>) + "/wirelum.key"; - allowedIPsAsRoutes = true; - peers = mapAttrsToList - (_: host: { - allowedIPs = if isRouter then - (optional (!isNull host.nets.wirelum.ip4) host.nets.wirelum.ip4.addr) ++ - (optional (!isNull host.nets.wirelum.ip6) host.nets.wirelum.ip6.addr) - else - host.nets.wirelum.wireguard.subnets - ; - endpoint = mkIf (!isNull host.nets.wirelum.via) (host.nets.wirelum.via.ip4.addr + ":${toString host.nets.wirelum.wireguard.port}"); - persistentKeepalive = mkIf (!isNull host.nets.wirelum.via) 61; - publicKey = host.nets.wirelum.wireguard.pubkey; - }) - (filterAttrs (_: h: hasAttr "wirelum" h.nets) config.krebs.hosts); - }; -} diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix index 5997dca0..85b05064 100644 --- a/lass/5pkgs/l-gen-secrets/default.nix +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -8,8 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" '' ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null - ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wirelum.key - ${pkgs.coreutils}/bin/cat $TMPDIR/wirelum.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wirelum.pub + ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wiregrill.key + ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wiregrill.pub cat <<EOF > $TMPDIR/hashedPasswords.nix { root = "$HASHED_PASSWORD"; @@ -37,13 +37,13 @@ pkgs.writeDashBin "l-gen-secrets" '' $(cat $TMPDIR/retiolum.rsa_key.pub) ${"''"}; }; - wirelum = { + wiregrill = { ip6.addr = (wip6 "changeme").address; aliases = [ "$HOSTNAME.w" ]; wireguard.pubkey = ${"''"} - $(cat $TMPDIR/wirelum.pub) + $(cat $TMPDIR/wiregrill.pub) ${"''"}; }; }; diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index 1d3f398e..22a23fce 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -16,12 +16,12 @@ let { normalize-ip6-addr (appendZeros addressLength netPrefix); netHash = toString { retiolum = 0; - wirelum = 1; + wiregrill = 1; }.${netname}; netPrefix = "42:${netHash}"; netPrefixLength = { retiolum = 32; - wirelum = 32; + wiregrill = 32; }.${netname}; inherit subnetname; diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index 001ad0bc..949a98b2 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -8,10 +8,6 @@ with import <stockholm/lib>; <stockholm/tv/2configs/retiolum.nix> ]; - # TODO remove non-hardware stuff from ../2configs/hw/x220.nix - # networking.wireless.enable collides with networkmanager - networking.wireless.enable = mkForce false; - boot = { initrd = { availableKernelModules = [ "ahci" ]; diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index a653ce40..f1cd7d67 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -5,6 +5,7 @@ with import <stockholm/lib>; <stockholm/tv> <stockholm/tv/2configs/br.nix> <stockholm/tv/2configs/exim-retiolum.nix> + <stockholm/tv/2configs/hw/x220.nix> <stockholm/tv/2configs/retiolum.nix> ]; @@ -13,10 +14,7 @@ with import <stockholm/lib>; tv.x0vncserver.enable = true; - # hardware configuration - boot.initrd.luks.devices.muca = { - device = "/dev/disk/by-uuid/7b24a931-40b6-44a6-ba22-c805cf164e91"; - }; + boot.initrd.luks.devices.muca.device = "/dev/sda2"; boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; boot.initrd.availableKernelModules = [ "ahci" ]; boot.kernelModules = [ "fbcon" "kvm-intel" ]; @@ -34,7 +32,7 @@ with import <stockholm/lib>; options = [ "defaults" "discard" ]; }; "/boot" = { - device = "/dev/disk/by-uuid/CEB1-9743"; + device = "/dev/sda1"; fsType = "vfat"; }; }; diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix index 996a5e7e..a89f07e8 100644 --- a/tv/1systems/nomic/config.nix +++ b/tv/1systems/nomic/config.nix @@ -64,4 +64,6 @@ with import <stockholm/lib>; gnupg tmux ]; + + networking.wireless.enable = true; } diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index 17eeff5d..4c491d65 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -41,6 +41,8 @@ with import <stockholm/lib>; }; }; + networking.wireless.enable = true; + services.printing.enable = true; services.udev.extraRules = '' diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 5421cab9..b9c76cf4 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -147,6 +147,8 @@ with import <stockholm/lib>; gptfdisk ]; + networking.wireless.enable = true; + #services.bitlbee.enable = true; #services.tor.client.enable = true; #services.tor.enable = true; diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix index 414d2f22..bbfcfafc 100644 --- a/tv/1systems/zu/config.nix +++ b/tv/1systems/zu/config.nix @@ -44,6 +44,8 @@ with import <stockholm/lib>; }; }; + networking.wireless.enable = true; + services.printing.enable = true; #services.bitlbee.enable = true; diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix index 8625078d..4df5e097 100644 --- a/tv/2configs/hw/AO753.nix +++ b/tv/2configs/hw/AO753.nix @@ -25,8 +25,6 @@ with import <stockholm/lib>; config.boot.kernelPackages.broadcom_sta ]; - networking.wireless.enable = true; - nix = { buildCores = 2; maxJobs = 2; diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 38a89cfc..35e7d894 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -26,8 +26,6 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.wireless.enable = true; - # Required for Centrino. hardware.enableRedistributableFirmware = true; |