From f55307fd73af235069744dd5155fda0bc73fe613 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Sep 2023 12:26:31 +0200 Subject: lass: migrate away --- lass/1systems/aergia/config.nix | 167 --------------- lass/1systems/aergia/disk.nix | 63 ------ lass/1systems/aergia/install.sh | 3 - lass/1systems/aergia/physical.nix | 117 ----------- lass/1systems/aergia/source.nix | 21 -- lass/1systems/blue/config.nix | 22 -- lass/1systems/blue/physical.nix | 7 - lass/1systems/blue/source.nix | 17 -- lass/1systems/coaxmetal/config.nix | 63 ------ lass/1systems/coaxmetal/physical.nix | 59 ------ lass/1systems/coaxmetal/source.nix | 21 -- lass/1systems/daedalus/config.nix | 115 ----------- lass/1systems/daedalus/physical.nix | 24 --- lass/1systems/dishfire/config.nix | 13 -- lass/1systems/dishfire/physical.nix | 21 -- lass/1systems/echelon/config.nix | 17 -- lass/1systems/echelon/physical.nix | 33 --- lass/1systems/green/config.nix | 75 ------- lass/1systems/green/physical.nix | 7 - lass/1systems/green/source.nix | 6 - lass/1systems/hilum/config.nix | 33 --- lass/1systems/hilum/disk.nix | 43 ---- lass/1systems/hilum/flash-stick.sh | 43 ---- lass/1systems/hilum/physical.nix | 53 ----- lass/1systems/icarus/config.nix | 30 --- lass/1systems/icarus/physical.nix | 49 ----- lass/1systems/lasspi/config.nix | 25 --- lass/1systems/lasspi/physical.nix | 45 ----- lass/1systems/littleT/config.nix | 30 --- lass/1systems/littleT/physical.nix | 25 --- lass/1systems/mors/config.nix | 167 --------------- lass/1systems/mors/physical.nix | 48 ----- lass/1systems/mors/source.nix | 21 -- lass/1systems/neoprism/config.nix | 51 ----- lass/1systems/neoprism/disk.nix | 118 ----------- lass/1systems/neoprism/physical.nix | 79 -------- lass/1systems/orange/config.nix | 25 --- lass/1systems/orange/physical.nix | 7 - lass/1systems/prism/backup.nix | 37 ---- lass/1systems/prism/config.nix | 380 ----------------------------------- lass/1systems/prism/physical.nix | 107 ---------- lass/1systems/radio/config.nix | 24 --- lass/1systems/radio/physical.nix | 7 - lass/1systems/radio/source.nix | 6 - lass/1systems/shodan/config.nix | 28 --- lass/1systems/shodan/physical.nix | 45 ----- lass/1systems/skynet/config.nix | 41 ---- lass/1systems/skynet/physical.nix | 29 --- lass/1systems/styx/config.nix | 116 ----------- lass/1systems/styx/physical.nix | 38 ---- lass/1systems/ubik/config.nix | 276 ------------------------- lass/1systems/ubik/physical.nix | 7 - lass/1systems/wizard/config.nix | 287 -------------------------- lass/1systems/wizard/generate-iso.sh | 7 - lass/1systems/wizard/run-vm.sh | 7 - lass/1systems/wizard/test.nix | 10 - lass/1systems/xerxes/config.nix | 76 ------- lass/1systems/xerxes/physical.nix | 73 ------- lass/1systems/yellow/config.nix | 45 ----- lass/1systems/yellow/physical.nix | 7 - 60 files changed, 3416 deletions(-) delete mode 100644 lass/1systems/aergia/config.nix delete mode 100644 lass/1systems/aergia/disk.nix delete mode 100644 lass/1systems/aergia/install.sh delete mode 100644 lass/1systems/aergia/physical.nix delete mode 100644 lass/1systems/aergia/source.nix delete mode 100644 lass/1systems/blue/config.nix delete mode 100644 lass/1systems/blue/physical.nix delete mode 100644 lass/1systems/blue/source.nix delete mode 100644 lass/1systems/coaxmetal/config.nix delete mode 100644 lass/1systems/coaxmetal/physical.nix delete mode 100644 lass/1systems/coaxmetal/source.nix delete mode 100644 lass/1systems/daedalus/config.nix delete mode 100644 lass/1systems/daedalus/physical.nix delete mode 100644 lass/1systems/dishfire/config.nix delete mode 100644 lass/1systems/dishfire/physical.nix delete mode 100644 lass/1systems/echelon/config.nix delete mode 100644 lass/1systems/echelon/physical.nix delete mode 100644 lass/1systems/green/config.nix delete mode 100644 lass/1systems/green/physical.nix delete mode 100644 lass/1systems/green/source.nix delete mode 100644 lass/1systems/hilum/config.nix delete mode 100644 lass/1systems/hilum/disk.nix delete mode 100755 lass/1systems/hilum/flash-stick.sh delete mode 100644 lass/1systems/hilum/physical.nix delete mode 100644 lass/1systems/icarus/config.nix delete mode 100644 lass/1systems/icarus/physical.nix delete mode 100644 lass/1systems/lasspi/config.nix delete mode 100644 lass/1systems/lasspi/physical.nix delete mode 100644 lass/1systems/littleT/config.nix delete mode 100644 lass/1systems/littleT/physical.nix delete mode 100644 lass/1systems/mors/config.nix delete mode 100644 lass/1systems/mors/physical.nix delete mode 100644 lass/1systems/mors/source.nix delete mode 100644 lass/1systems/neoprism/config.nix delete mode 100644 lass/1systems/neoprism/disk.nix delete mode 100644 lass/1systems/neoprism/physical.nix delete mode 100644 lass/1systems/orange/config.nix delete mode 100644 lass/1systems/orange/physical.nix delete mode 100644 lass/1systems/prism/backup.nix delete mode 100644 lass/1systems/prism/config.nix delete mode 100644 lass/1systems/prism/physical.nix delete mode 100644 lass/1systems/radio/config.nix delete mode 100644 lass/1systems/radio/physical.nix delete mode 100644 lass/1systems/radio/source.nix delete mode 100644 lass/1systems/shodan/config.nix delete mode 100644 lass/1systems/shodan/physical.nix delete mode 100644 lass/1systems/skynet/config.nix delete mode 100644 lass/1systems/skynet/physical.nix delete mode 100644 lass/1systems/styx/config.nix delete mode 100644 lass/1systems/styx/physical.nix delete mode 100644 lass/1systems/ubik/config.nix delete mode 100644 lass/1systems/ubik/physical.nix delete mode 100644 lass/1systems/wizard/config.nix delete mode 100755 lass/1systems/wizard/generate-iso.sh delete mode 100755 lass/1systems/wizard/run-vm.sh delete mode 100644 lass/1systems/wizard/test.nix delete mode 100644 lass/1systems/xerxes/config.nix delete mode 100644 lass/1systems/xerxes/physical.nix delete mode 100644 lass/1systems/yellow/config.nix delete mode 100644 lass/1systems/yellow/physical.nix (limited to 'lass/1systems') diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix deleted file mode 100644 index 9b7409bc..00000000 --- a/lass/1systems/aergia/config.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - - - - - - - - - - - - - - - - # - - - - - - # steam-deck like experience https://github.com/Jovian-Experiments/Jovian-NixOS - { - imports = [ - "${builtins.fetchTarball "https://github.com/Jovian-Experiments/Jovian-NixOS/archive/master.tar.gz"}/modules" - ]; - jovian.steam.enable = true; - } - { # autorandrs - services.autorandr = { - enable = true; - hooks.postswitch.reset_usb = '' - echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized - ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert - ''; - profiles = { - default = { - fingerprint = { - eDP = "00ffffffffffff00288931000100000016200104805932780a0dc9a05747982712484c0000000101010101010101010101010101010108700088a1401360c820a300d9870000001ead4a0088a1401360c820a30020c23100001e000000fd0016480f5a1e000a202020202020000000fc0047504431303031480a2020202000cf"; - }; - config = { - eDP = { - enable = true; - primary = true; - position = "0x0"; - mode = "2560x1600"; - rate = "60.01"; - transform = [ - [ 0.750000 0.000000 0.000000 ] - [ 0.000000 0.750000 0.000000 ] - [ 0.000000 0.000000 1.000000 ] - ]; - # scale = { - # x = 0.599991; - # y = 0.599991; - # }; - }; - }; - }; - docked2 = { - fingerprint = { - eDP = config.services.autorandr.profiles.default.fingerprint.eDP; - DisplayPort-8 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c5a8780a070384d4030203500b9882100001af4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000009"; - DisplayPort-7 = "00ffffffffffff0020a32f00010000000c190103807341780acf74a3574cb02309484c21080081c0814081800101010101010101010104740030f2705a80b0588a00501d7400001e023a801871382d40582c4500501d7400001e000000fc00484953454e53450a2020202020000000fd00324b0f451e000a2020202020200172020333714f5f5e5d01020400101113001f2021222909070715075057070083010000e200f96d030c002000183c200060010203662150b051001b304070360056005300001e011d8018711c1620582c2500c48e2100009e011d007251d01e206e285500c48e2100001800000000000000000000000000000000000000000000ea"; - }; - config = { - DisplayPort-7 = { - enable = true; - position = "2560x0"; - mode = "1920x1080"; - rate = "60.00"; - }; - DisplayPort-8 = config.services.autorandr.profiles.docked1.config.DisplayPort-1; - eDP = config.services.autorandr.profiles.docked1.config.eDP; - }; - }; - docked1 = { - fingerprint = { - eDP = config.services.autorandr.profiles.default.fingerprint.eDP; - DisplayPort-1 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c000000000000000000000000000000000000f4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000040"; - }; - config = { - DisplayPort-1 = { - enable = true; - primary = true; - position = "0x0"; - mode = "2560x1440"; - rate = "165.08"; - }; - eDP = config.services.autorandr.profiles.default.config.eDP // { - primary = false; - position = "640x1440"; - }; - }; - }; - docked1_hack = { - fingerprint = { - eDP = config.services.autorandr.profiles.default.fingerprint.eDP; - HDMI-A-0 = "00ffffffffffff0010ac31d14c3346300f20010380462878ea26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030901ee63c000a20202020202001db020346f14d030212110113042f141f05103f2309070783010000e200ea67030c001000383c67d85dc4017888006d1a0000020b3090e607622c622ce305c000e606050162622c40e7006aa0a0675008209804b9882100001a6fc200a0a0a05550302035001d4e3100001a000000000000000000000000000000000000000000fc"; - }; - config = { - HDMI-A-0 = { - enable = true; - primary = true; - position = "0x0"; - mode = "2560x1440"; - rate = "165.08"; - }; - eDP = config.services.autorandr.profiles.default.config.eDP // { - primary = false; - position = "640x1440"; - }; - }; - }; - }; - }; - } - ]; - - system.stateVersion = "22.11"; - - krebs.build.host = config.krebs.hosts.aergia; - - environment.systemPackages = with pkgs; [ - brain - bank - l-gen-secrets - generate-secrets - nixpkgs-review - pipenv - ]; - - programs.adb.enable = true; - - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - }; - hardware.pulseaudio.package = pkgs.pulseaudioFull; - - nix.trustedUsers = [ "root" "lass" ]; - - # nix.extraOptions = '' - # extra-experimental-features = nix-command flakes - # ''; - - services.tor = { - enable = true; - client.enable = true; - }; - - documentation.nixos.enable = true; - boot.binfmt.emulatedSystems = [ - "aarch64-linux" - ]; - - boot.cleanTmpDir = true; - programs.noisetorch.enable = true; -} diff --git a/lass/1systems/aergia/disk.nix b/lass/1systems/aergia/disk.nix deleted file mode 100644 index 233b320e..00000000 --- a/lass/1systems/aergia/disk.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ lib, ... }: -{ - disk = { - main = { - type = "disk"; - device = "/dev/nvme0n1"; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "boot"; - start = "0"; - end = "1M"; - part-type = "primary"; - flags = ["bios_grub"]; - } - { - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - fs-type = "fat32"; - bootable = true; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - } - { - name = "root"; - start = "1GiB"; - end = "100%"; - content = { - type = "luks"; - name = "aergia1"; - content = { - type = "btrfs"; - extraArgs = "-f"; # Override existing partition - subvolumes = { - # Subvolume name is different from mountpoint - "/rootfs" = { - mountpoint = "/"; - }; - # Mountpoints inferred from subvolume name - "/home" = { - mountOptions = []; - mountpoint = "/home"; - }; - "/nix" = { - mountOptions = []; - mountpoint = "/nix"; - }; - }; - }; - }; - } - ]; - }; - }; - }; -} - diff --git a/lass/1systems/aergia/install.sh b/lass/1systems/aergia/install.sh deleted file mode 100644 index 0e4f0ab4..00000000 --- a/lass/1systems/aergia/install.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -target=$1 diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix deleted file mode 100644 index e76460d2..00000000 --- a/lass/1systems/aergia/physical.nix +++ /dev/null @@ -1,117 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - imports = [ - ./config.nix - (modulesPath + "/installer/scan/not-detected.nix") - - ]; - disko.devices = import ./disk.nix; - - networking.hostId = "deadbeef"; - # boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub = { - enable = true; - device = "/dev/nvme0n1"; - efiSupport = true; - efiInstallAsRemovable = true; - }; - - # boot.kernelPackages = pkgs.linuxPackages_latest; - - boot.kernelParams = [ - # use less power with pstate - "amd_pstate=passive" - - # suspend - "resume_offset=178345675" - ]; - - boot.kernelModules = [ - # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html - # On recent AMD CPUs this can be more energy efficient. - "amd-pstate" - "kvm-amd" - ]; - - # hardware.cpu.amd.updateMicrocode = true; - - services.xserver.videoDrivers = [ - "amdgpu" - ]; - - boot.initrd.availableKernelModules = [ - "nvme" - "thunderbolt" - "xhci_pci" - "usbhid" - ]; - - boot.initrd.kernelModules = [ - "amdgpu" - ]; - - environment.systemPackages = [ - pkgs.vulkan-tools - (pkgs.writers.writeDashBin "set_tdp" '' - set -efux - watt=$1 - value=$(( $watt * 1000 )) - ${pkgs.ryzenadj}/bin/ryzenadj --stapm-limit="$value" --fast-limit="$value" --slow-limit="$value" - '') - ]; - - # corectrl - programs.corectrl = { - enable = true; - gpuOverclock = { - enable = true; - ppfeaturemask = "0xffffffff"; - }; - }; - users.users.mainUser.extraGroups = [ "corectrl" ]; - - # keyboard quirks - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert - ''; - services.udev.extraHwdb = /* sh */ '' - # disable back buttons - evdev:input:b0003v2F24p0135* # /dev/input/event2 - KEYBOARD_KEY_70026=reserved - KEYBOARD_KEY_70027=reserved - ''; - - # update cpu microcode - hardware.cpu.amd.updateMicrocode = true; - - hardware.opengl.enable = true; - hardware.opengl.extraPackages = [ - pkgs.amdvlk - pkgs.rocm-opencl-icd - pkgs.rocm-opencl-runtime - ]; - - # suspend to disk - swapDevices = [{ - device = "/swapfile"; - }]; - boot.resumeDevice = "/dev/mapper/aergia1"; - services.logind.lidSwitch = "suspend-then-hibernate"; - services.logind.extraConfig = '' - HandlePowerKey=hibernate - ''; - # systemd.sleep.extraConfig = '' - # HibernateDelaySec=1800 - # ''; - - # firefox touchscreen support - environment.sessionVariables.MOZ_USE_XINPUT2 = "1"; - - # enable thunderbolt - services.hardware.bolt.enable = true; - - # reinit usb after docking station connect - services.udev.extraRules = '' - SUBSYSTEM=="drm", ACTION=="change", RUN+="${pkgs.dash}/bin/dash -c 'echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized'" - ''; -} diff --git a/lass/1systems/aergia/source.nix b/lass/1systems/aergia/source.nix deleted file mode 100644 index abbf26c7..00000000 --- a/lass/1systems/aergia/source.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, pkgs, test, ... }: let - npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; -in { - nixpkgs = (if test then lib.mkForce ({ derivation = let - rev = npkgs.rev; - sha256 = npkgs.sha256; - in '' - with import (builtins.fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; - sha256 = "${sha256}"; - }) {}; - pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = "${rev}"; - sha256 = "${sha256}"; - } - ''; }) else { - git.ref = lib.mkForce npkgs.rev; - }); -} diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix deleted file mode 100644 index c4286cca..00000000 --- a/lass/1systems/blue/config.nix +++ /dev/null @@ -1,22 +0,0 @@ -with import ; -{ config, lib, pkgs, ... }: -{ - imports = [ - - - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.blue; - - networking.nameservers = [ "1.1.1.1" ]; - - time.timeZone = "Europe/Berlin"; - users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ]; -} diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix deleted file mode 100644 index b6aa3a89..00000000 --- a/lass/1systems/blue/physical.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - boot.isContainer = true; - networking.useDHCP = false; -} diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix deleted file mode 100644 index 0b2bf5f5..00000000 --- a/lass/1systems/blue/source.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, pkgs, test, ... }: -if test then {} else { - nixpkgs = lib.mkIf (! test) (lib.mkForce { - file = { - path = toString (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; - sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - }); - useChecksum = true; - }; - }); - nixpkgs-unstable = lib.mkForce { - file.path = "/var/empty"; - }; -} diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix deleted file mode 100644 index 7fd76974..00000000 --- a/lass/1systems/coaxmetal/config.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - - - - - - - - - - - - - - - - - # - ]; - - krebs.build.host = config.krebs.hosts.coaxmetal; - - environment.systemPackages = with pkgs; [ - brain - bank - l-gen-secrets - (pkgs.writeDashBin "deploy" '' - set -eu - export SYSTEM="$1" - $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - '') - (pkgs.writeDashBin "usb-tether-on" '' - adb shell su -c service call connectivity 33 i32 1 s16 text - '') - (pkgs.writeDashBin "usb-tether-off" '' - adb shell su -c service call connectivity 33 i32 0 s16 text - '') - ]; - - programs.adb.enable = true; - - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - }; - hardware.pulseaudio.package = pkgs.pulseaudioFull; - - nix.trustedUsers = [ "root" "lass" ]; - - services.tor = { - enable = true; - client.enable = true; - }; - - documentation.nixos.enable = true; -} diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix deleted file mode 100644 index 6be04730..00000000 --- a/lass/1systems/coaxmetal/physical.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - imports = [ - ./config.nix - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - networking.hostId = "e0c335ea"; - boot.zfs.requestEncryptionCredentials = true; - boot.zfs.enableUnstable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub = { - enable = true; - # device = "/dev/disk/by-id/nvme-WDC_PC_SN730_SDBQNTY-1T00-1001_205349800040"; - device = "nodev"; - efiSupport = true; - # efiInstallAsRemovable = true; - }; - - services.xserver.videoDrivers = [ - "amdgpu" - ]; - - hardware.opengl.extraPackages = [ pkgs.amdvlk ]; - environment.variables.VK_ICD_FILENAMES = - "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; - - boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-amd" ]; - - fileSystems."/" = { - device = "zpool/root/root"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "zpool/root/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/50A7-1889"; - fsType = "vfat"; - }; - - services.logind.lidSwitch = "ignore"; - services.logind.lidSwitchDocked = "ignore"; - - # Mouse stuff - services.xserver.libinput.enable = lib.mkForce false; - services.xserver.synaptics.enable = true; - - services.xserver.displayManager.sessionCommands = '' - xinput disable 'ETPS/2 Elantech Touchpad' - xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation' 1 - xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Button' 2 - xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Axes' 6 7 4 5 - ''; -} diff --git a/lass/1systems/coaxmetal/source.nix b/lass/1systems/coaxmetal/source.nix deleted file mode 100644 index abbf26c7..00000000 --- a/lass/1systems/coaxmetal/source.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, pkgs, test, ... }: let - npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; -in { - nixpkgs = (if test then lib.mkForce ({ derivation = let - rev = npkgs.rev; - sha256 = npkgs.sha256; - in '' - with import (builtins.fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; - sha256 = "${sha256}"; - }) {}; - pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = "${rev}"; - sha256 = "${sha256}"; - } - ''; }) else { - git.ref = lib.mkForce npkgs.rev; - }); -} diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix deleted file mode 100644 index c34dc0ac..00000000 --- a/lass/1systems/daedalus/config.nix +++ /dev/null @@ -1,115 +0,0 @@ -with import ; -{ config, pkgs, ... }: - -{ - imports = [ - - - - - # - { - # bubsy config - users.users.bubsy = { - uid = genid "bubsy"; - home = "/home/bubsy"; - group = "users"; - createHome = true; - extraGroups = [ - "audio" - "networkmanager" - "pipewire" - # "plugdev" - ]; - useDefaultShell = true; - isNormalUser = true; - }; - networking.networkmanager.enable = true; - networking.wireless.enable = mkForce false; - # programs.chromium = { - # enable = true; - # extensions = [ - # "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - # ]; - # }; - environment.systemPackages = with pkgs; [ - ark - pavucontrol - #firefox - chromium - hexchat - networkmanagerapplet - libreoffice - audacity - zathura - skypeforlinux - wine - geeqie - vlc - zsnes - telegram-desktop - ]; - # services.udev.packages = [ pkgs.ledger-udev-rules ]; - nixpkgs.config.firefox.enableAdobeFlash = true; - services.xserver.enable = true; - services.xserver.displayManager.lightdm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - services.tlp.enable = lib.mkForce false; - services.xserver.layout = "de"; - } - { - users = { - groups.plugdev = {}; - users = { - bitcoin = { - name = "bitcoin"; - description = "user for bitcoin stuff"; - home = "/home/bitcoin"; - isNormalUser = true; - useDefaultShell = true; - createHome = true; - extraGroups = [ - "audio" - "networkmanager" - "plugdev" - ]; - packages = [ - pkgs.electrum - pkgs.electron-cash - pkgs.ledger-live-desktop - ]; - }; - }; - }; - hardware.ledger.enable = true; - security.sudo.extraConfig = '' - bubsy ALL=(bitcoin) NOPASSWD: ALL - ''; - } - { - #remote control - environment.systemPackages = with pkgs; [ - x11vnc - # torbrowser - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } - ]; - } - ]; - - time.timeZone = "Europe/Berlin"; - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - - krebs.build.host = config.krebs.hosts.daedalus; -} diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix deleted file mode 100644 index d10ced7d..00000000 --- a/lass/1systems/daedalus/physical.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - imports = [ - ./config.nix - - - ]; - - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/backups" = { - device = "/dev/pool/backup"; - fsType = "ext4"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - ''; -} diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix deleted file mode 100644 index 279cad10..00000000 --- a/lass/1systems/dishfire/config.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - - ]; - - krebs.build.host = config.krebs.hosts.dishfire; -} diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix deleted file mode 100644 index ca013132..00000000 --- a/lass/1systems/dishfire/physical.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ - ./config.nix - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - boot.loader.grub.devices = [ "/dev/sda" ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd"; - fsType = "ext4"; - }; - - swapDevices = [ ]; -} diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix deleted file mode 100644 index eacdff78..00000000 --- a/lass/1systems/echelon/config.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, pkgs, ... }: -{ - imports = [ - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.echelon; - - boot.tmpOnTmpfs = true; - -} - diff --git a/lass/1systems/echelon/physical.nix b/lass/1systems/echelon/physical.nix deleted file mode 100644 index fbacc392..00000000 --- a/lass/1systems/echelon/physical.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - imports = [ - ./config.nix - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.efiInstallAsRemovable = true; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.initrd.luks.devices.luksroot.device = "/dev/sda3"; - - networking.useDHCP = false; - networking.interfaces.ens18.useDHCP = true; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/5186edb1-9234-48ae-8679-61facb56b818"; - fsType = "xfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/56D1-34A0"; - fsType = "vfat"; - }; - -} diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix deleted file mode 100644 index 81b8b909..00000000 --- a/lass/1systems/green/config.nix +++ /dev/null @@ -1,75 +0,0 @@ -with import ; -{ config, lib, pkgs, ... }: -{ - imports = [ - - - - - - - - - - - - - - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.green; - - krebs.sync-containers3.inContainer = { - enable = true; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y"; - }; - - systemd.tmpfiles.rules = [ - "d /home/lass/.local/share 0700 lass users -" - "d /home/lass/.local 0700 lass users -" - "d /home/lass/.config 0700 lass users -" - - "d /var/state/lass_mail 0700 lass users -" - "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail" - - "d /var/state/lass_ssh 0700 lass users -" - "L+ /home/lass/.ssh - - - - ../../var/state/lass_ssh" - "d /var/state/lass_gpg 0700 lass users -" - "L+ /home/lass/.gnupg - - - - ../../var/state/lass_gpg" - "d /var/state/lass_sync 0700 lass users -" - "L+ /home/lass/sync - - - - ../../var/state/lass_sync" - - "d /var/state/git 0700 git nogroup -" - "L+ /var/lib/git - - - - ../../var/state/git" - ]; - - users.users.mainUser.openssh.authorizedKeys.keys = [ - config.krebs.users.lass-android.pubkey - config.krebs.users.lass-tablet.pubkey - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgpZwye6yavIs3gUIYvSi70spDa0apL2yHR0ASW74z8" # weechat ssh tunnel - ]; - - krebs.iptables.tables.nat.PREROUTING.rules = [ - { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; } - ]; - - # workaround for ssh access from yubikey via android - services.openssh.extraConfig = '' - HostKeyAlgorithms +ssh-rsa - PubkeyAcceptedAlgorithms +ssh-rsa - ''; - - services.dovecot2 = { - enable = true; - mailLocation = "maildir:~/Maildir"; - }; - - networking.firewall.allowedTCPPorts = [ 143 ]; -} diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix deleted file mode 100644 index 8577daf3..00000000 --- a/lass/1systems/green/physical.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - boot.isContainer = true; - networking.useDHCP = true; -} diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix deleted file mode 100644 index 4acdb0c2..00000000 --- a/lass/1systems/green/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ lib, pkgs, test, ... }: let - npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; -in if test then {} else { - nixpkgs.git.ref = lib.mkForce npkgs.rev; - nixpkgs-unstable = lib.mkForce { file = "/var/empty"; }; -} diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix deleted file mode 100644 index 953b5d0d..00000000 --- a/lass/1systems/hilum/config.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, pkgs, ... }: -{ - imports = [ - - - - - - ]; - - krebs.build.host = config.krebs.hosts.hilum; - - boot.loader.grub = { - extraEntries = '' - submenu isos { - source /grub/autoiso.cfg - } - ''; - extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation { - name = "autoiso.cfg"; - src = pkgs.grub2.src; - phases = [ "unpackPhase" "installPhase" ]; - installPhase = '' - cp docs/autoiso.cfg $out - ''; - }); - }; - - services.logind.lidSwitch = "ignore"; - services.logind.lidSwitchDocked = "ignore"; - - boot.tmpOnTmpfs = true; -} diff --git a/lass/1systems/hilum/disk.nix b/lass/1systems/hilum/disk.nix deleted file mode 100644 index b5199d43..00000000 --- a/lass/1systems/hilum/disk.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, disk, keyFile, ... }: -{ - disk = { - main = { - type = "disk"; - device = disk; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "boot"; - start = "0"; - end = "1M"; - flags = ["bios_grub"]; - } - { - name = "ESP"; - start = "1M"; - end = "50%"; - bootable = true; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - } - { - name = "root"; - start = "50%"; - end = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - } - ]; - }; - }; - }; -} - diff --git a/lass/1systems/hilum/flash-stick.sh b/lass/1systems/hilum/flash-stick.sh deleted file mode 100755 index 9846ea08..00000000 --- a/lass/1systems/hilum/flash-stick.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh -set -efux - -disk=$1 - -cd "$(dirname "$0")" -export NIXPKGS_ALLOW_UNFREE=1 -(umask 077; pass show admin/hilum/luks > /tmp/hilum.luks) -trap 'rm -f /tmp/hilum.luks' EXIT -echo "$disk" > /tmp/hilum-disk -trap 'rm -f /tmp/hilum-disk' EXIT - -stockholm_root=$(git rev-parse --show-toplevel) -ssh root@localhost -t -- $(nix-build \ - --no-out-link \ - -I nixpkgs=/var/src/nixpkgs \ - -I stockholm="$stockholm_root" \ - -I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \ - -E "with import {}; (pkgs.nixos [ - { - luksPassFile = \"/tmp/hilum.luks\"; - mainDisk = \"$disk\"; - disko.rootMountPoint = \"/mnt/hilum\"; - } - ./physical.nix - ]).disko" -) -rm -f /tmp/hilum.luks -$(nix-build \ - --no-out-link \ - -I nixpkgs=/var/src/nixpkgs \ - "$stockholm_root"/lass/krops.nix -A populate \ - --argstr name hilum \ - --argstr target "root@localhost/mnt/hilum/var/src" \ - --arg force true -) -ssh root@localhost << SSH -set -efux -mkdir -p /mnt/hilum/etc -NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-bootloader --no-root-password --root /mnt/hilum -I /var/src -nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader -umount -Rv /mnt/hilum -SSH diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix deleted file mode 100644 index 9caf8e53..00000000 --- a/lass/1systems/hilum/physical.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./config.nix - - { - # nice hack to carry around state passed impurely at the beginning - options.mainDisk = let - tryFile = path: default: - if lib.elem (builtins.baseNameOf path) (lib.attrNames (builtins.readDir (builtins.dirOf path))) then - builtins.readFile path - else - default - ; - in lib.mkOption { - type = lib.types.str; - default = tryFile "/etc/hilum-disk" (tryFile "/tmp/hilum-disk" "/dev/sdz"); - }; - config.environment.etc.hilum-disk.text = config.mainDisk; - } - { - options.luksPassFile = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - }; - } - ]; - - disko.devices = import ./disk.nix { - inherit lib; - disk = config.mainDisk; - keyFile = config.luksPassFile; - }; - - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.loader.grub.enable = true; - boot.loader.grub.efiSupport = true; - boot.loader.grub.device = config.mainDisk; - boot.loader.grub.efiInstallAsRemovable = true; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - #weird bug with nixos-enter - services.logrotate.enable = false; -} diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix deleted file mode 100644 index e789b09d..00000000 --- a/lass/1systems/icarus/config.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -{ - imports = [ - - - - - - - - - - - - - - - # - - - - ]; - - krebs.build.host = config.krebs.hosts.icarus; - - - environment.systemPackages = [ pkgs.chromium ]; -} diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix deleted file mode 100644 index 0b1aff4a..00000000 --- a/lass/1systems/icarus/physical.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ - ./config.nix - # - # - - - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.efiInstallAsRemovable = true; - boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6"; - boot.initrd.luks.devices.ssd.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6-part3"; - - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/298eb635-8db2-4c15-a73d-2e0d6afa10e8"; - fsType = "xfs"; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/eec94bef-e745-4d95-ad17-4df728f5fd31"; - fsType = "xfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/D975-2CAB"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - ''; - - services.logind.lidSwitch = "ignore"; -} diff --git a/lass/1systems/lasspi/config.nix b/lass/1systems/lasspi/config.nix deleted file mode 100644 index d2207627..00000000 --- a/lass/1systems/lasspi/config.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: -let -in -{ - imports = [ - - - - ]; - - krebs.build.host = config.krebs.hosts.lasspi; - - networking = { - networkmanager = { - enable = true; - }; - }; - environment.systemPackages = with pkgs; [ - vim - rxvt-unicode-unwrapped.terminfo - ]; - services.openssh.enable = true; - - system.stateVersion = "22.05"; -} diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix deleted file mode 100644 index 07efb5ca..00000000 --- a/lass/1systems/lasspi/physical.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ./config.nix - ]; - - boot = { - # kernelPackages = pkgs.linuxPackages_rpi4; - tmpOnTmpfs = true; - initrd.availableKernelModules = [ "usbhid" "usb_storage" "xhci_pci" ]; - # ttyAMA0 is the serial console broken out to the GPIO - kernelParams = [ - "8250.nr_uarts=1" - "console=ttyAMA0,115200" - "console=tty1" - # Some gui programs need this - "cma=128M" - ]; - }; - - # boot.loader.raspberryPi = { - # enable = true; - # version = 4; - # # uboot.enable = true; - # }; - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; - - # Required for the Wireless firmware - hardware.enableRedistributableFirmware = true; - - networking.interfaces.eth0.useDHCP = true; - - # Assuming this is installed on top of the disk image. - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - }; - - powerManagement.cpuFreqGovernor = "ondemand"; -} diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix deleted file mode 100644 index adf8aeeb..00000000 --- a/lass/1systems/littleT/config.nix +++ /dev/null @@ -1,30 +0,0 @@ -with import ; -{ config, pkgs, ... }: - -{ - imports = [ - - - - - - - ]; - - networking.networkmanager.enable = true; - networking.wireless.enable = mkForce false; - time.timeZone = "Europe/Berlin"; - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - - krebs.build.host = config.krebs.hosts.littleT; -} diff --git a/lass/1systems/littleT/physical.nix b/lass/1systems/littleT/physical.nix deleted file mode 100644 index 550f058a..00000000 --- a/lass/1systems/littleT/physical.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - imports = [ - ./config.nix - - ]; - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/5B2E-3734"; - fsType = "vfat"; - }; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.efiInstallAsRemovable = true; - boot.loader.grub.device = "nodev"; - networking.hostId = "584248c6"; - - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.kernelModules = [ "kvm-intel" ]; - -} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix deleted file mode 100644 index 23f8a118..00000000 --- a/lass/1systems/mors/config.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -{ - imports = [ - - - - - - - - - - - - - - - - - - - - - - - - # - - - - - - - - - - # - # - - - - { - krebs.iptables.tables.filter.INPUT.rules = [ - #risk of rain - { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } - #quake3 - { predicate = "-p tcp --dport 27950:27965"; target = "ACCEPT"; } - { predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; } - ]; - } - { - services.nginx = { - enable = true; - virtualHosts.default = { - default = true; - serverAliases = [ - "localhost" - "${config.krebs.build.host.name}" - "${config.krebs.build.host.name}.r" - ]; - locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' - alias /home/$1/public_html$2; - ''; - }; - }; - } - { - services.redis.enable = true; - } - { - environment.systemPackages = [ - pkgs.ovh-zone - pkgs.bank - pkgs.adb-sync - pkgs.transgui - ]; - } - { - services.tor = { - enable = true; - client.enable = true; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.mors; - - environment.systemPackages = with pkgs; [ - acronym - brain - cac-api - sshpass - get - hashPassword - urban - mk_sql_pair - remmina - transmission - - macchanger - - dnsutils - woeusb - (pkgs.writeDashBin "play-on" '' - HOST=$(echo 'styx\nshodan' | fzfmenu) - ssh -t "$HOST" -- mpv "$@" - '') - ]; - - #TODO: fix this shit - ##fprint stuff - ##sudo fprintd-enroll $USER to save fingerprints - #services.fprintd.enable = true; - #security.pam.services.sudo.fprintAuth = true; - - users.extraGroups = { - loot = { - members = [ - config.users.extraUsers.mainUser.name - "firefox" - "chromium" - "google" - "virtual" - ]; - }; - }; - - krebs.repo-sync.timerConfig = { - OnCalendar = "00:37"; - }; - - nixpkgs.config.android_sdk.accept_license = true; - programs.adb.enable = true; - - - services.earlyoom = { - enable = true; - freeMemThreshold = 5; - }; - - - # It may leak your data, but look how FAST it is!1!! - # https://make-linux-fast-again.com/ - boot.kernelParams = [ - "noibrs" - "noibpb" - "nopti" - "nospectre_v2" - "nospectre_v1" - "l1tf=off" - "nospec_store_bypass_disable" - "no_stf_barrier" - "mds=off" - "mitigations=off" - ]; - - boot.binfmt.emulatedSystems = [ - "aarch64-linux" - ]; - - nix.trustedUsers = [ "root" "lass" ]; - - services.nscd.enableNsncd = true; - -} diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix deleted file mode 100644 index 2ffbf88c..00000000 --- a/lass/1systems/mors/physical.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - imports = [ - ./config.nix - - - ]; - - boot.kernelParams = [ "acpi_backlight=native" ]; - - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home/virtual" = { - device = "/dev/mapper/pool-virtual"; - fsType = "ext4"; - }; - "/backups" = { - device = "/dev/pool/backup"; - fsType = "ext4"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:37:15:d9", NAME="et0" - ''; - - #TODO activationScripts seem broken, fix them! - #activationScripts - #split up and move into base - system.activationScripts.powertopTunables = '' - #Runtime PMs - echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' - ''; -} diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix deleted file mode 100644 index abbf26c7..00000000 --- a/lass/1systems/mors/source.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, pkgs, test, ... }: let - npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; -in { - nixpkgs = (if test then lib.mkForce ({ derivation = let - rev = npkgs.rev; - sha256 = npkgs.sha256; - in '' - with import (builtins.fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; - sha256 = "${sha256}"; - }) {}; - pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = "${rev}"; - sha256 = "${sha256}"; - } - ''; }) else { - git.ref = lib.mkForce npkgs.rev; - }); -} diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix deleted file mode 100644 index 79402959..00000000 --- a/lass/1systems/neoprism/config.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - - - - # sync-containers - - - - - - - - # other containers - - - # proxying of services - - - - ]; - - krebs.build.host = config.krebs.hosts.neoprism; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.acme.acceptTerms = true; - security.acme.defaults.email = "acme@lassul.us"; - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - - enableReload = true; - - virtualHosts.default = { - default = true; - locations."= /etc/os-release".extraConfig = '' - default_type text/plain; - alias /etc/os-release; - ''; - locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge"; - }; - }; -} diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix deleted file mode 100644 index c5bd44c9..00000000 --- a/lass/1systems/neoprism/disk.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ lib, ... }: -{ - disk = (lib.genAttrs [ "/dev/nvme0n1" "/dev/nvme1n1" ] (disk: { - type = "disk"; - device = disk; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - }; - ESP = { - size = "1G"; - content = { - type = "mdraid"; - name = "boot"; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; - }; - }; - }; - }; - })) // { - hdd1 = { - type = "disk"; - device = "/dev/sda"; - content = { - type = "zfs"; - pool = "tank"; - }; - }; - }; - mdadm = { - boot = { - type = "mdadm"; - level = 1; - metadata = "1.0"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - }; - zpool = { - zroot = { - type = "zpool"; - mode = "mirror"; - mountpoint = "/"; - rootFsOptions = { - }; - datasets.reserved = { - type = "zfs_fs"; - options.refreservation = "1G"; - }; - }; - tank = { - type = "zpool"; - datasets = { - reserved = { - type = "zfs_fs"; - options.refreservation = "1G"; - }; - containers = { - type = "zfs_fs"; - mountpoint = "/var/lib/containers"; - options = { - canmount = "noauto"; - }; - }; - home = { - type = "zfs_fs"; - mountpoint = "/home"; - options = { - canmount = "noauto"; - }; - }; - srv = { - type = "zfs_fs"; - mountpoint = "/srv"; - options = { - canmount = "noauto"; - }; - }; - libvirt = { - type = "zfs_fs"; - mountpoint = "/var/lib/libvirt"; - options = { - canmount = "noauto"; - }; - }; - # encrypted = { - # type = "zfs_fs"; - # options = { - # canmount = "noauto"; - # mountpoint = "none"; - # encryption = "aes-256-gcm"; - # keyformat = "passphrase"; - # keylocation = "prompt"; - # }; - # }; - # "encrypted/download" = { - # type = "zfs_fs"; - # mountpoint = "/var/download"; - # options = { - # canmount = "noauto"; - # }; - # }; - }; - }; - }; -} diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix deleted file mode 100644 index cc7734f3..00000000 --- a/lass/1systems/neoprism/physical.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - imports = [ - ./config.nix - - ]; - - disko.devices = import ./disk.nix; - networking.hostId = "9c0a74ac"; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.devices = [ - config.disko.devices.disk."/dev/nvme0n1".device - config.disko.devices.disk."/dev/nvme1n1".device - ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; - boot.kernelModules = [ "kvm-amd" ]; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - # networking config - networking.useNetworkd = true; - systemd.network = { - enable = true; - config = { - networkConfig.SpeedMeter = true; - }; - # netdevs.ext-br.netdevConfig = { - # Kind = "bridge"; - # Name = "ext-br"; - # MACAddress = "a8:a1:59:0f:2d:69"; - # }; - # networks.ext-br = { - # name = "ext-br"; - # address = [ - # "95.217.192.59/26" - # "2a01:4f9:4a:4f1a::1/64" - # ]; - # gateway = [ - # "95.217.192.1" - # "fe80::1" - # ]; - # }; - networks.eth0 = { - #bridge = [ "ext-br" ]; - matchConfig.Name = "eth0"; - address = [ - "95.217.192.59/26" - "2a01:4f9:4a:4f1a::1/64" - ]; - gateway = [ - "95.217.192.1" - "fe80::1" - ]; - }; - }; - - networking.useDHCP = false; - # boot.initrd.network = { - # enable = true; - # ssh = { - # enable = true; - # authorizedKeys = [ config.krebs.users.lass.pubkey ]; - # port = 2222; - # hostKeys = [ - # () - # () - # ]; - # }; - # }; - # boot.kernelParams = [ - # "net.ifnames=0" - # "ip=dhcp" - # "boot.trace" - # ]; -} diff --git a/lass/1systems/orange/config.nix b/lass/1systems/orange/config.nix deleted file mode 100644 index 47867c31..00000000 --- a/lass/1systems/orange/config.nix +++ /dev/null @@ -1,25 +0,0 @@ -with import ; -{ config, lib, pkgs, ... }: -{ - imports = [ - - - - - - ]; - - krebs.build.host = config.krebs.hosts.orange; - - services.nginx.enable = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.acme = { - acceptTerms = true; - defaults.email = "acme@lassul.us"; - }; - - krebs.sync-containers3.inContainer = { - enable = true; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWzKuXrwQopBc1mzb2VpljmwAs7Y8bRl9a8hBXLC+l"; - }; -} diff --git a/lass/1systems/orange/physical.nix b/lass/1systems/orange/physical.nix deleted file mode 100644 index 8577daf3..00000000 --- a/lass/1systems/orange/physical.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - boot.isContainer = true; - networking.useDHCP = true; -} diff --git a/lass/1systems/prism/backup.nix b/lass/1systems/prism/backup.nix deleted file mode 100644 index 52b4142b..00000000 --- a/lass/1systems/prism/backup.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services.postgresqlBackup.enable = true; - - systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ]; - - services.borgbackup.jobs.hetzner = { - paths = [ - "/var/backup" - ]; - exclude = [ - "*.pyc" - ]; - repo = "u364341@u364341.your-storagebox.de:/./hetzner"; - encryption.mode = "none"; - compression = "auto,zstd"; - startAt = "daily"; - # TODO: change backup key - environment.BORG_RSH = "ssh -oPort=23 -i ${toString + "/borgbackup.ssh.id25519"}"; - preHook = '' - set -x - ''; - - postHook = '' - cat > /var/log/telegraf/borgbackup-job-hetzner.service <