diff options
| author | tv <tv@krebsco.de> | 2021-02-18 20:25:47 +0100 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2021-02-18 20:25:47 +0100 |
| commit | f9bc618fada82326ed371b131eaed34d21626ae9 (patch) | |
| tree | c48156ed3dc16594907c3744b14fcdafd2409206 | |
| parent | 9365aff352d99b7506bafbef6682de7bfb00df27 (diff) | |
| parent | 8b7477926d0b7c1ac3d92d07e6934f9e593ea9ff (diff) | |
Merge remote-tracking branch 'prism/master'
46 files changed, 1132 insertions, 276 deletions
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 789fc2f2..0de07a02 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,6 +5,8 @@ 6667 6669 ]; + systemd.services.charybdis.serviceConfig.LimitNOFILE = 16384; + krebs.charybdis = { enable = true; motd = '' @@ -15,7 +17,7 @@ serverinfo { name = "${config.krebs.build.host.name}.irc.r"; sid = "1as"; - description = "miep!"; + description = "irc!"; network_name = "irc.r"; vhost = "0.0.0.0"; @@ -26,7 +28,7 @@ #ssl_dh_params = "etc/dh.pem"; #ssld_count = 1; - default_max_clients = 100000; + default_max_clients = 2048; #nicklen = 30; }; @@ -38,12 +40,12 @@ */ host = "0.0.0.0"; port = 6667; - sslport = 6697; + #sslport = 6697; /* Listen on IPv6 (if you used host= above). */ host = "::"; port = 6667; - sslport = 6697; + #sslport = 6697; }; class "users" { @@ -53,9 +55,9 @@ number_per_ip_global = 4096; cidr_ipv4_bitlen = 24; cidr_ipv6_bitlen = 64; - number_per_cidr = 65536; - max_number = 100000; - sendq = 10 megabyte; + number_per_cidr = 65535; + max_number = 65535; + sendq = 1000 megabyte; }; privset "op" { @@ -91,7 +93,7 @@ use_knock = yes; knock_delay = 5 minutes; knock_delay_channel = 1 minute; - max_chans_per_user = 15; + max_chans_per_user = 150; max_bans = 100; max_bans_large = 500; default_split_user_count = 0; diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 3bf99143..ce4e8340 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -39,10 +39,12 @@ }; }; - krebs.reaktor2.news = { + krebs.reaktor2.news = let + name = "candyman"; + in { hostname = "localhost"; port = "6667"; - nick = "brockman-helper"; + nick = name; plugins = [ { plugin = "register"; @@ -60,23 +62,23 @@ hooks.PRIVMSG = [ { activate = "match"; - pattern = "^brockman-helper:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$"; + pattern = "^${name}:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$"; command = 1; arguments = [2]; commands = { add-reddit.filename = pkgs.writeDash "add-reddit" '' set -euf if [ "$#" -ne 1 ]; then - echo 'usage: brockman-helper: add-reddit $reddit_channel' + echo 'usage: ${name}: add-reddit $reddit_channel' exit 1 fi reddit_channel=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Telegram&username=$reddit_channel&format=Mrss" + echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Reddit&context=single&r=$reddit_channel&format=Atom" ''; add-telegram.filename = pkgs.writeDash "add-telegram" '' set -euf if [ "$#" -ne 1 ]; then - echo 'usage: brockman-helper: add-telegram $telegram_user' + echo 'usage: ${name}: add-telegram $telegram_user' exit 1 fi telegram_user=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') @@ -85,7 +87,7 @@ add-youtube.filename = pkgs.writeDash "add-youtube" '' set -euf if [ "$#" -ne 1 ]; then - echo 'usage: brockman-helper: add-youtube $nick $channelid' + echo 'usage: ${name}: add-youtube $nick $channelid' exit 1 fi youtube_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') @@ -95,7 +97,7 @@ search.filename = pkgs.writeDash "search" '' set -euf if [ "$#" -ne 1 ]; then - echo 'usage: brockman-helper: search $searchterm' + echo 'usage: ${name}: search $searchterm' exit 1 fi searchterm=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index d546564c..53d6e6f4 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -1,5 +1,11 @@ { config, pkgs, lib, ... }: let + unstable = import (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../nixpkgs-unstable.json).rev; + sha256 = (lib.importJSON ../../../nixpkgs-unstable.json).sha256; + }) {}; in { services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; @@ -40,6 +46,9 @@ in { { enable = true; autoExtraComponents = true; + package = unstable.home-assistant.overrideAttrs (old: { + doInstallCheck = false; + }); config = { homeassistant = { name = "Glados"; diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 32aa3489..9b2ed4a7 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -29,6 +29,7 @@ in { PrivateTmp = true; RuntimeDirectory = "brockman"; WorkingDirectory = "%t/brockman"; + RestartSec = 5; }; }; }; diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 29d0b27f..306ab34e 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -97,6 +97,27 @@ in { }; }; }; + dimitriosxps = { + owner = config.krebs.users.mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.189"; + aliases = [ + "dimitriosxps.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAz9aKIhzk8+ZNBQmU054yc1yTdMyaw1aqWXYyQZoCmFaBIlMvF8I0 + dd+56cGjK8O7KkEhheDL/ijj9cCcxbqHSTktXz47ScyTaN63h13+MBUIUzDwSO4E + 9fRUUn3lbZenhGoON7hlaHb/qAR0yLxip0Tw77bcq4hvKleD74NnAJILPoP1KRDY + O5vs8C8wpdJUtnlsfkAa058wDI+7GNPb0cs0/pBQVR2GUGb1xqVJ5obO/lFKOJ/e + DKemnlg736cEaIF6v9M+w4VmL8mNudDy6RxA6/xIErP5Ru2aK5lH5UBHVCwdLLCy + 8y3It9Tgji3G9nOFbhaeKDjeIAJ8sG+WjQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; donna = { owner = config.krebs.users.mic92; nets = rec { @@ -453,6 +474,51 @@ in { }; }; }; + + redha = { + owner = config.krebs.users.mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.188"; + aliases = [ + "redha.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAx7STxTTPMxXugweHpUGOeLUrrTSCt7j5l+fjNtArIygOGKEiAC5O + s0G4WHK2IcrNnv7pxS09S5mnXywi51aAL+G2fKzcU3YgLFuoUN4Kk5LohMvBynEE + a3kZK2/D+LMeFfpK2RWBPjLnulN29ke11Iot42TC6+NIMWiZh/Y2T0mKirUJQGsH + RV3zRlR7YfIOdR1AZ5S+qrmPF8hLb7O08TTXrHo8NQk5NAVUS89OYcn1pc9hnf/e + FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm + mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + grandalf = { + owner = config.krebs.users.mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.187"; + aliases = [ + "grandalf.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAn1wLOI8DluJAKvscyImoyG0gjxyVC1/Ky8A63YO7INy0SYBg3wU7 + XPSbix5VJZdADQ382LWg31ORYjnDg40c49gCGLfR6+awgd+Rb0sb4eAz07XENXJC + qc70oQrrXLi8HIfeckCsJHe514LJOMA3pU+muaMShOiSygoTiTlEH6RRrkC8HROL + 2/V7Hm2Sg7YS+MY8bI/x61MIagfkQKH2eFyqGG54Y80bIhm5SohMkiANu78GdngI + jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/ + /btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eva = { owner = config.krebs.users.mic92; nets = rec { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index c5cf5cb1..6978c0b4 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -125,7 +125,6 @@ in { ip6.addr = r6 "1e1"; aliases = [ "uriel.r" - "cgit.uriel.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -151,7 +150,6 @@ in { ip6.addr = r6 "dea7"; aliases = [ "mors.r" - "cgit.mors.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -185,7 +183,6 @@ in { ip6.addr = r6 "50da"; aliases = [ "shodan.r" - "cgit.shodan.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -220,7 +217,6 @@ in { ip6.addr = r6 "1205"; aliases = [ "icarus.r" - "cgit.icarus.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -254,7 +250,6 @@ in { ip6.addr = r6 "daed"; aliases = [ "daedalus.r" - "cgit.daedalus.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -286,7 +281,6 @@ in { ip6.addr = r6 "5ce7"; aliases = [ "skynet.r" - "cgit.skynet.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -688,11 +682,53 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU "; syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN"; }; + + coaxmetal = { + cores = 16; + nets = { + retiolum = { + ip4.addr = "10.243.0.17"; + ip6.addr = r6 "17"; + aliases = [ + "coaxmetal.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA + xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK + gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU + WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek + ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32 + G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F + G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO + IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX + K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE + 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly + bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo + l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "17"; + aliases = [ + "coaxmetal.w" + ]; + wireguard.pubkey = '' + lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38= + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET "; + syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ"; + }; + }; users = rec { - lass = lass-blue; + lass = lass-yubikey; lass-yubikey = { - mail = lass.mail; + mail = "lass@lassul.us"; pubkey = builtins.readFile ./ssh/yubikey.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp; }; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 2cb70eec..c8e1e038 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -197,6 +197,15 @@ in { wg.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} + + meet.euer IN A ${nets.internet.ip4.addr} + work.euer IN A ${nets.internet.ip4.addr} + admin.work.euer IN A ${nets.internet.ip4.addr} + push.work.euer IN A ${nets.internet.ip4.addr} + api.work.euer IN A ${nets.internet.ip4.addr} + maps.work.euer IN A ${nets.internet.ip4.addr} + play.work.euer IN A ${nets.internet.ip4.addr} + ul.work.euer IN A ${nets.internet.ip4.addr} ''; }; cores = 8; diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix deleted file mode 100644 index 5f1166a2..00000000 --- a/krebs/5pkgs/haskell/brockman.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring -, case-insensitive, conduit, containers, directory, feed, filepath -, hslogger, html-entity, http-client, irc-conduit, lens, network -, optparse-applicative, random, safe, stdenv, text, time, timerep -, wreq -, fetchFromGitHub -}: -mkDerivation rec { - pname = "brockman"; - version = "3.2.3"; - src = fetchFromGitHub { - owner = "kmein"; - repo = "brockman"; - rev = version; - sha256 = "1qbjbf0l1ikfzmvky4cnvv7nlcwi2in4afliifh618j0a4f7j427"; - }; - isLibrary = false; - isExecutable = true; - executableHaskellDepends = [ - aeson aeson-pretty base bloomfilter bytestring case-insensitive - conduit containers directory feed filepath hslogger html-entity - http-client irc-conduit lens network optparse-applicative random - safe text time timerep wreq - ]; - license = stdenv.lib.licenses.mit; -} diff --git a/krebs/5pkgs/haskell/brockman/default.nix b/krebs/5pkgs/haskell/brockman/default.nix new file mode 100644 index 00000000..92051a02 --- /dev/null +++ b/krebs/5pkgs/haskell/brockman/default.nix @@ -0,0 +1,26 @@ +{ mkDerivation, aeson, aeson-pretty, base, bytestring +, case-insensitive, conduit, containers, directory, feed, filepath +, hashable, hslogger, html-entity, http-client, irc-conduit, lens +, lrucache, lrucaching, network, optparse-applicative, random, safe +, stdenv, text, time, timerep, wreq +, fetchFromGitHub +}: +mkDerivation rec { + pname = "brockman"; + version = "3.4.0"; + src = fetchFromGitHub { + owner = "kmein"; + repo = "brockman"; + rev = version; + sha256 = "02nval6a9xcddj6znzxvcb8g6klzjydj1lb4ych64i9mr4a8jvic"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + aeson aeson-pretty base bytestring case-insensitive conduit + containers directory feed filepath hashable hslogger html-entity + http-client irc-conduit lens lrucache lrucaching network + optparse-applicative random safe text time timerep wreq + ]; + license = stdenv.lib.licenses.mit; +} diff --git a/krebs/5pkgs/simple/rss-bridge/default.nix b/krebs/5pkgs/simple/rss-bridge/default.nix index 13ad9d69..bbe5c1bd 100644 --- a/krebs/5pkgs/simple/rss-bridge/default.nix +++ b/krebs/5pkgs/simple/rss-bridge/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "rss-bridge"; - version = "2020-11-10"; + version = "unstable-2021-01-10"; src = fetchFromGitHub { owner = "RSS-Bridge"; repo = "rss-bridge"; - rev = version; - sha256 = "00cp61lqvhi7b7j0rglsqg3l7cg8s9b8vq098bgvg5dygyi44hyv"; + rev = "98352845a14b9f2eb8925ad7a04a5f6cc6a5af06"; + sha256 = "1nv1f6f17cn057k9mydd3a0bmj2xa5k410fdq7nhw5b7msyxy2qv"; }; patchPhase = '' diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 321fafac..57d30799 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "f217c0ea7c148ddc0103347051555c7c252dcafb", - "date": "2021-01-21T09:50:34+01:00", - "path": "/nix/store/8srlzkkvbvlg4g585g9iyzd3ryiilm8a-nixpkgs", - "sha256": "0cyksxg2lnzxd0pss09rmmk2c2axz0lf9wvgvfng59nwf8dpq2kf", + "rev": "8c8731330b53ba0061686f36f10f101e662a4717", + "date": "2021-02-08T20:46:59+01:00", + "path": "/nix/store/agilvsqqdsqx36wf4zkq5gnhnab47qpd-nixpkgs", + "sha256": "0ak4d254myq6cl3d7jkq6n0apxabvwjz62zdw9habnrqg8asl8gk", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 97afb10f..8670999e 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "a058d005b3cbb370bf171ebce01839dd6ff52222", - "date": "2021-01-23T17:41:51-05:00", - "path": "/nix/store/6ps307ghgrp10q3mwgw4lq143pmz0h25-nixpkgs", - "sha256": "154mpqw0ya31hzgz9hggg1rb26yx8d00rsj9l90ndsdldrssgvbb", + "rev": "2394284537b89471c87065b040d3dedd8b5907fe", + "date": "2021-02-10T23:24:22+01:00", + "path": "/nix/store/rqgraycidchn5wc5mki5sqj8bl5cpx78-nixpkgs", + "sha256": "1j7vp735is5d32mbrgavpxi3fbnsm6d99a01ap8gn30n5ysd14sl", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix new file mode 100644 index 00000000..3e0b1674 --- /dev/null +++ b/lass/1systems/coaxmetal/config.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/network-manager.nix> + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/sync/sync.nix> + <stockholm/lass/2configs/games.nix> + <stockholm/lass/2configs/steam.nix> + <stockholm/lass/2configs/wine.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/nfs-dl.nix> + <stockholm/lass/2configs/pass.nix> + <stockholm/lass/2configs/mail.nix> + <stockholm/lass/2configs/bitcoin.nix> + ]; + + krebs.build.host = config.krebs.hosts.coaxmetal; + + environment.shellAliases = { + deploy = pkgs.writeDash "deploy" '' + set -eu + export SYSTEM="$1" + $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + ''; + usb-tether-on = pkgs.writeDash "usb-tether-on" '' + adb shell su -c service call connectivity 33 i32 1 s16 text + ''; + usb-tether-off = pkgs.writeDash "usb-tether-off" '' + adb shell su -c service call connectivity 33 i32 0 s16 text + ''; + }; + + programs.adb.enable = true; + + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + # config.General.Disable = "Headset"; + extraConfig = '' + [General] + Disable = Headset + ''; + }; + hardware.pulseaudio.package = pkgs.pulseaudioFull; +} diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix new file mode 100644 index 00000000..c94740c5 --- /dev/null +++ b/lass/1systems/coaxmetal/physical.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, modulesPath, ... }: +{ + imports = [ + ./config.nix + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + networking.hostId = "e0c335ea"; + boot.zfs.requestEncryptionCredentials = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub = { + enable = true; + # device = "/dev/disk/by-id/nvme-WDC_PC_SN730_SDBQNTY-1T00-1001_205349800040"; + device = "nodev"; + efiSupport = true; + # efiInstallAsRemovable = true; + }; + + services.xserver.videoDrivers = [ + "amdgpu" + ]; + + hardware.opengl.extraPackages = [ pkgs.amdvlk ]; + # is required for amd graphics support ( xorg wont boot otherwise ) + boot.kernelPackages = pkgs.linuxPackages_latest; + environment.variables.VK_ICD_FILENAMES = + "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; + + boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-amd" ]; + + fileSystems."/" = { + device = "zpool/root/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "zpool/root/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/50A7-1889"; + fsType = "vfat"; + }; + + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; + boot.extraModprobeConfig = '' + options psmouse proto=imps + ''; +} diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 1afad003..178a5adf 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -152,10 +152,11 @@ with import <stockholm/lib>; krebs.iptables = { enable = true; tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } - { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir + { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic + { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin ]; }; @@ -265,4 +266,9 @@ with import <stockholm/lib>; ''; }; }; + + services.jellyfin = { + enable = true; + |