diff options
Diffstat (limited to 'lass/1systems')
| -rw-r--r-- | lass/1systems/blue/source.nix | 6 | ||||
| -rw-r--r-- | lass/1systems/daedalus/config.nix | 3 | ||||
| -rw-r--r-- | lass/1systems/hilum/config.nix | 32 | ||||
| -rw-r--r-- | lass/1systems/hilum/physical.nix | 35 | ||||
| -rw-r--r-- | lass/1systems/icarus/config.nix | 11 | ||||
| -rw-r--r-- | lass/1systems/iso.nix | 2 | ||||
| -rw-r--r-- | lass/1systems/morpheus/config.nix | 41 | ||||
| -rw-r--r-- | lass/1systems/morpheus/physical.nix | 32 | ||||
| -rw-r--r-- | lass/1systems/mors/config.nix | 3 | ||||
| -rw-r--r-- | lass/1systems/prism/config.nix | 79 | ||||
| -rw-r--r-- | lass/1systems/prism/physical.nix | 5 | ||||
| -rw-r--r-- | lass/1systems/shodan/config.nix | 87 | ||||
| -rw-r--r-- | lass/1systems/shodan/physical.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/uriel/physical.nix | 2 | ||||
| -rw-r--r-- | lass/1systems/xerxes/config.nix | 107 | ||||
| -rw-r--r-- | lass/1systems/xerxes/physical.nix | 82 | ||||
| -rw-r--r-- | lass/1systems/yellow/config.nix | 2 |
17 files changed, 395 insertions, 135 deletions
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 21f3a8bd..1a98fc05 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,6 +1,6 @@ -{ lib, pkgs, ... }: +{ lib, pkgs, test, ... }: { - nixpkgs = lib.mkForce { + nixpkgs = lib.mkIf (! test) (lib.mkForce { file = { path = toString (pkgs.fetchFromGitHub { owner = "nixos"; @@ -10,5 +10,5 @@ }); useChecksum = true; }; - }; + }); } diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index df886803..bd559944 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -34,6 +34,7 @@ with import <stockholm/lib>; ]; }; environment.systemPackages = with pkgs; [ + ark pavucontrol #firefox chromium @@ -58,7 +59,7 @@ with import <stockholm/lib>; krebs.per-user.bitcoin.packages = [ pkgs.electrum pkgs.electron-cash - pkgs.altcoins.litecoin + pkgs.litecoin ]; users.extraUsers = { bitcoin = { diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix new file mode 100644 index 00000000..f57d275d --- /dev/null +++ b/lass/1systems/hilum/config.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: +{ + imports = [ + <stockholm/lass> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/network-manager.nix> + <stockholm/lass/2configs/mail.nix> + <stockholm/lass/2configs/syncthing.nix> + ]; + + krebs.build.host = config.krebs.hosts.hilum; + + boot.loader.grub = { + extraEntries = '' + submenu isos { + source /grub/autoiso.cfg + } + ''; + extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation { + name = "autoiso.cfg"; + src = pkgs.grub2.src; + phases = [ "unpackPhase" "installPhase" ]; + installPhase = '' + cp docs/autoiso.cfg $out + ''; + }); + }; +} diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix new file mode 100644 index 00000000..f8bab57d --- /dev/null +++ b/lass/1systems/hilum/physical.nix @@ -0,0 +1,35 @@ +{ lib, pkgs, ... }: + +{ + imports = [ + ./config.nix + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0"; + boot.loader.grub.efiInstallAsRemovable = true; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2B9E-5131"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index d8c8699a..86727700 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { imports = [ @@ -14,20 +14,13 @@ <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/games.nix> <stockholm/lass/2configs/bitcoin.nix> - <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/wine.nix> - <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/nfs-dl.nix> - <stockholm/lass/2configs/prism-share.nix> + #<stockholm/lass/2configs/prism-share.nix> <stockholm/lass/2configs/ssh-cryptsetup.nix> ]; krebs.build.host = config.krebs.hosts.icarus; - - environment.systemPackages = with pkgs; [ - macchanger - dpass - ]; programs.adb.enable = true; } diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index a814cc6b..a7b9f21b 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -52,8 +52,6 @@ with import <stockholm/lib>; root = { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.lass-shodan.pubkey - config.krebs.users.lass-icarus.pubkey ]; }; }; diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix deleted file mode 100644 index cab267d5..00000000 --- a/lass/1systems/morpheus/config.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -{ - imports = [ - <stockholm/lass> - - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/power-action.nix> - <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/games.nix> - <stockholm/lass/2configs/steam.nix> - ]; - - krebs.build.host = config.krebs.hosts.morpheus; - - networking.wireless.enable = false; - networking.networkmanager.enable = true; - - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - - nixpkgs.config.packageOverrides = super: { - steam = super.steam.override { - withPrimus = true; - extraPkgs = p: with p; [ - glxinfo - nettools - bumblebee - ]; - }; - }; - - - services.xserver.desktopManager.default = "none"; - services.xserver.displayManager.lightdm.autoLogin = { - enable = true; - user = "lass"; - timeout = 5; - }; -} diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix deleted file mode 100644 index 0f08acb2..00000000 --- a/lass/1systems/morpheus/physical.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib, ... }: -{ - imports = [ - <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ./config.nix - ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostId = "60ce7e88"; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2009"'' ]; - - hardware.bumblebee.enable = true; - hardware.bumblebee.group = "video"; - - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/DF3B-4528"; - fsType = "vfat"; - }; - - nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 5076beee..03ff4213 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -54,7 +54,7 @@ with import <stockholm/lib>; folders = { the_playlist = { path = "/home/lass/tmp/the_playlist"; - peers = [ "mors" "phone" "prism" ]; + peers = [ "mors" "phone" "prism" "xerxes" ]; }; free_music = { id = "mu9mn-zgvsw"; @@ -129,7 +129,6 @@ with import <stockholm/lib>; cac-api sshpass get - teamspeak_client hashPassword urban mk_sql_pair diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index eec8e34b..f4c011dc 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -31,7 +31,15 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" ]; + packages = [ + (pkgs.writeDashBin "kick-routing" '' + /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service + '') + ]; }; + security.sudo.extraConfig = '' + riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service + ''; # TODO write function for proxy_pass (ssl/nonssl) @@ -57,6 +65,13 @@ with import <stockholm/lib>; config.krebs.users.makefu.pubkey ]; }; + users.users.nin = { + uid = genid "nin"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; users.extraUsers.dritter = { uid = genid_uint31 "dritter"; isNormalUser = true; @@ -109,6 +124,26 @@ with import <stockholm/lib>; localAddress = "10.233.2.2"; }; } + { + #onondaga + systemd.services."container@onondaga".reloadIfChanged = mkForce false; + containers.onondaga = { + config = { ... }: { + imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ]; + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + config.krebs.users.nin.pubkey + ]; + }; + autoStart = true; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.5"; + localAddress = "10.233.2.6"; + }; + } <stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/ts3.nix> <stockholm/lass/2configs/privoxy-retiolum.nix> @@ -149,7 +184,7 @@ with import <stockholm/lib>; imports = [ <stockholm/lass/2configs/realwallpaper.nix> ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + services.nginx.virtualHosts."lassul.us".locations."= /wallpaper.png".extraConfig = '' alias /var/realwallpaper/realwallpaper.png; ''; } @@ -226,41 +261,6 @@ with import <stockholm/lib>; hostAddress = "10.233.2.3"; localAddress = "10.233.2.4"; }; - services.nginx.virtualHosts."rote-allez-fraktion.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - extraConfig = '' - proxy_set_header Host rote-allez-fraktion.de; - proxy_pass http://10.233.2.4; - ''; - }; - }; - } - { - imports = [ <stockholm/lass/2configs/backup.nix> ]; - lass.restic = genAttrs [ - "daedalus" - "icarus" - "littleT" - "mors" - "shodan" - "skynet" - ] (dest: { - dirs = [ - "/home/chat/.weechat" - "/bku/sql_dumps" - ]; - passwordFile = (toString <secrets>) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/prism"; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }); } { users.users.download.openssh.authorizedKeys.keys = [ @@ -344,7 +344,7 @@ with import <stockholm/lib>; services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' if ($scheme != "https") { - rewrite ^ https://$host$uri permanent; + rewrite ^ https://$host$request_uri permanent; } auth_basic "Restricted Content"; auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' @@ -364,13 +364,8 @@ with import <stockholm/lib>; uid = genid "download"; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey - lass-shodan.pubkey - lass-icarus.pubkey - lass-daedalus.pubkey - lass-helios.pubkey lass-android.pubkey makefu.pubkey - wine-mors.pubkey ]; }; }; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 9a84e9d6..7458f5ff 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -20,6 +20,11 @@ fsType = "ext4"; }; + fileSystems."/backups" = { + device = "tank/backups"; + fsType = "zfs"; + }; + fileSystems."/srv/http" = { device = "tank/srv-http"; fsType = "zfs"; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 5de87d79..ad510283 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -17,6 +17,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/green-host.nix> <stockholm/lass/2configs/ssh-cryptsetup.nix> + <stockholm/lass/2configs/nfs-dl.nix> ]; krebs.build.host = config.krebs.hosts.shodan; @@ -24,4 +25,90 @@ with import <stockholm/lib>; services.logind.extraConfig = '' HandleLidSwitch=ignore ''; + + #media center + users.users.media = { + isNormalUser = true; + uid = genid_uint31 "media"; + extraGroups = [ "video" "audio" ]; + }; + + services.xserver.displayManager.lightdm.autoLogin = { + enable = true; + user = "media"; + }; + + #hass + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 1883"; target = "ACCEPT"; } + # zerotierone + { predicate = "-p udp --dport 9993"; target = "ACCEPT"; } + ]; + + services.home-assistant = let + tasmota_s20 = name: topic: { + platform = "mqtt"; + inherit name; + state_topic = "stat/${topic}/POWER"; + command_topic = "cmnd/${topic}/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + }; + in { + enable = true; + package = pkgs.home-assistant.override { + python3 = pkgs.python36; + #extraComponents = [ + # (pkgs.fetchgit { + # url = "https://github.com/marcschumacher/dwd_pollen"; + # rev = "0.1"; + # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p"; + # }) + #]; + }; + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + elevation = 247; + }; + sun.elevation = 66; + discovery = {}; + frontend = { }; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "gg23"; + password = "gg23-mqtt"; + keepalive = 60; + protocol = 3.1; + }; + sensor = [ + ]; + switch = [ + (tasmota_s20 "Drucker Strom" "drucker") + (tasmota_s20 "Bett Licht" "bett") + ]; + device_tracker = [ + { + platform = "luci"; + } + ]; + }; + }; + + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + users.gg23 = { + password = "gg23-mqtt"; + acl = [ "topic readwrite #" ]; + }; + }; + environment.systemPackages = [ pkgs.mosquitto ]; } diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 41508127..7cfeba93 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -13,7 +13,6 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; }; fileSystems = { "/" = { diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix index 9ac3468a..2d21f00d 100644 --- a/lass/1systems/uriel/physical.nix +++ b/lass/1systems/uriel/physical.nix @@ -3,7 +3,7 @@ ./config.nix ]; - hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; boot = { #kernelParams = [ # "acpi.brightness_switch_enabled=0" diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix new file mode 100644 index 00000000..8630d0f4 --- /dev/null +++ b/lass/1systems/xerxes/config.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/network-manager.nix> + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/games.nix> + <stockholm/lass/2configs/steam.nix> + <stockholm/lass/2configs/wine.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/nfs-dl.nix> + <stockholm/lass/2configs/pass.nix> + <stockholm/lass/2configs/mail.nix> + ]; + + krebs.build.host = config.krebs.hosts.xerxes; + + environment.shellAliases = { + deploy = pkgs.writeDash "deploy" '' + set -eu + export SYSTEM="$1" + $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + ''; + usb-tether-on = pkgs.writeDash "usb-tether-on" '' + adb shell su -c service call connectivity 33 i32 1 s16 text + ''; + usb-tether-off = pkgs.writeDash "usb-tether-off" '' + adb shell su -c service call connectivity 33 i32 0 s16 text + ''; + }; + + services.xserver = { + displayManager.lightdm.autoLogin.enable = true; + displayManager.lightdm.autoLogin.user = "lass"; + }; + + krebs.syncthing = { + folders = { + the_playlist = { + path = "/home/lass/tmp/the_playlist"; + peers = [ "mors" "phone" "prism" "xerxes" ]; + }; + }; + }; + krebs.permown = { + "/home/lass/tmp/the_playlist" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; + }; + + boot.blacklistedKernelModules = [ "xpad" ]; + systemd.services.xboxdrv = { + wantedBy = [ "multi-user.target" ]; + script = '' + ${pkgs.xboxdrv.overrideAttrs(o: { + patches = [ (pkgs.fetchurl { + url = "https://patch-diff.githubusercontent.com/raw/xboxdrv/xboxdrv/pull/251.patch"; + sha256 = "17784y20mxqrlhgvwvszh8lprxrvgmb7ah9dknmbhj5jhkjl8wq5"; + }) ]; + })}/bin/xboxdrv --type xbox360 --dbus disabled -D + ''; + }; + + programs.adb.enable = true; + + services.logind.lidSwitch = "suspend"; + lass.screenlock.enable = lib.mkForce false; + + systemd.services.suspend-again = { + after = [ "suspend.target" ]; + requiredBy = [ "suspend.target" ]; + # environment = { + # DISPLAY = ":${toString config.services.xserver.display}"; + # }; + serviceConfig = { + ExecStart = pkgs.writeDash "suspend-again" '' + ${pkgs.gnugrep}/bin/grep -q closed /proc/acpi/button/lid/LID0/state + if [ "$?" -eq 0 ]; then + echo 'wakeup with closed lid' + ${pkgs.systemd}/bin/systemctl suspend + fi + ''; + Type = "simple"; + }; + }; + + hardware.bluetooth.enable = true; + hardware.pulseaudio.package = pkgs.pulseaudioFull; + # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" '' + # load-module module-bluetooth-policy + # load-module module-bluetooth-discover + # ## module fails to load with + # ## module-bluez5-device.c: Failed to get device path from module arguments + # ## module.c: Failed to load module "module-bluez5-device" (argument: ""): initialization failed. + # # load-module module-bluez5-device + # # load-module module-bluez5-discover + # ''; +} diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix new file mode 100644 index 00000000..77cf2206 --- /dev/null +++ b/lass/1systems/xerxes/physical.nix @@ -0,0 +1,82 @@ +{ pkgs, lib, ... }: +{ + imports = [ + ./config.nix + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.zfs.enableUnstable = true; + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + efiSupport = true; + }; + boot.loader.efi.canTouchEfiVariables = true; + + boot.blacklistedKernelModules = [ + "sdhci_pci" + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.initrd.luks.devices.crypted.device = "/dev/sda3"; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + boot.kernelParams = [ + "fbcon=rotate:1" + "boot.shell_on_fail" + ]; + + fileSystems."/" = { + device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "rpool/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/E749-784C"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + boot.extraModprobeConfig = '' + options zfs zfs_arc_max=107374182 + ''; + + nix.maxJobs = lib.mkDefault 4; + + networking.hostId = "9b0a74ac"; + networking.networkmanager.enable = true; + + hardware.opengl.enable = true; + + services.tlp.enable = true; + services.tlp.extraConfig = '' + CPU_SCALING_GOVERNOR_ON_AC=ondemand + CPU_SCALING_GOVERNOR_ON_BAT=powersave + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 + ''; + + services.logind.extraConfig = '' + HandlePowerKey=suspend + IdleAction=suspend + IdleActionSec=300 + ''; + + services.xserver = { + videoDrivers = [ "intel" ]; + displayManager.sessionCommands = '' + echo nonono > /tmp/xxyy + (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1) + ''; + }; +} diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index cda0d0a3..d049bdee 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -47,7 +47,7 @@ with import <stockholm/lib>; }; virtualHosts.default = { default = true; - locations."/Nginx-Fancyindex-Theme-dark" = { + locations."=/Nginx-Fancyindex-Theme-dark" = { extraConfig = '' alias ${pkgs.fetchFromGitHub { owner = "Naereen"; |