From 060a8f28fa1fc648bdf66afb31a5d1efac868837 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 28 Jul 2023 22:24:15 +0200 Subject: makefu: move out to own repo, add vacation-note --- makefu/1systems/cake/config.nix | 38 --- makefu/1systems/cake/hardware-config.nix | 15 -- makefu/1systems/cake/source.nix | 6 - makefu/1systems/crapi/README | 4 - makefu/1systems/crapi/config.nix | 15 -- makefu/1systems/crapi/hardware-config.nix | 39 --- makefu/1systems/crapi/source.nix | 3 - makefu/1systems/darth/config.nix | 76 ------ makefu/1systems/darth/source.nix | 3 - makefu/1systems/drop/config.nix | 40 ---- makefu/1systems/drop/source.nix | 4 - makefu/1systems/fileleech/config.nix | 174 -------------- makefu/1systems/fileleech/source.nix | 4 - makefu/1systems/filepimp/config.nix | 22 -- makefu/1systems/filepimp/hw.nix | 83 ------- makefu/1systems/filepimp/source.nix | 4 - makefu/1systems/firecracker/config.nix | 25 -- makefu/1systems/firecracker/hardware-config.nix | 30 --- makefu/1systems/firecracker/source.nix | 4 - makefu/1systems/gum/config.nix | 261 -------------------- makefu/1systems/gum/hetzner/default.nix | 116 --------- makefu/1systems/gum/hetznercloud/default.nix | 50 ---- makefu/1systems/gum/hetznercloud/doit | 13 - makefu/1systems/gum/hetznercloud/network.nix | 36 --- makefu/1systems/gum/hetznercloud/sfdisk.part | 6 - makefu/1systems/gum/rescue.txt | 15 -- makefu/1systems/gum/source.nix | 6 - makefu/1systems/hardware/tsp-disk.json | 23 -- makefu/1systems/iso/config.nix | 72 ------ makefu/1systems/iso/justdoit.nix | 120 ---------- makefu/1systems/iso/source.nix | 3 - makefu/1systems/iso/target-config.nix | 46 ---- makefu/1systems/kexec/config.nix | 25 -- makefu/1systems/kexec/source.nix | 3 - makefu/1systems/latte/1blu/default.nix | 50 ---- makefu/1systems/latte/1blu/network.nix | 32 --- makefu/1systems/latte/config.nix | 67 ------ makefu/1systems/latte/source.nix | 5 - makefu/1systems/minicake/config.nix | 27 --- makefu/1systems/omo/config.nix | 194 --------------- makefu/1systems/omo/hw/omo.nix | 126 ---------- makefu/1systems/omo/hw/tsp-tools.nix | 11 - makefu/1systems/omo/hw/tsp.nix | 41 ---- makefu/1systems/omo/hw/vaapi.nix | 17 -- makefu/1systems/omo/source.nix | 6 - makefu/1systems/pnp/config.nix | 50 ---- makefu/1systems/pnp/source.nix | 3 - makefu/1systems/repunit/config.nix | 40 ---- makefu/1systems/repunit/source.nix | 3 - makefu/1systems/sdcard/config.nix | 40 ---- makefu/1systems/sdcard/kernel.nix | 15 -- makefu/1systems/sdcard/source.nix | 3 - makefu/1systems/sdev/config.nix | 54 ----- makefu/1systems/sdev/source.nix | 7 - makefu/1systems/shack-autoinstall/config.nix | 49 ---- .../1systems/shack-autoinstall/grub-partition.sh | 5 - makefu/1systems/shack-autoinstall/shack-config.nix | 231 ------------------ makefu/1systems/shack-autoinstall/source.nix | 3 - .../1systems/shack-autoinstall/uefi-partition.sh | 24 -- makefu/1systems/shoney/config.nix | 62 ----- makefu/1systems/shoney/source.nix | 3 - makefu/1systems/snake/config.nix | 26 -- makefu/1systems/snake/disk.nix | 64 ----- makefu/1systems/snake/hardware-config.nix | 24 -- makefu/1systems/snake/sound.nix | 51 ---- makefu/1systems/snake/source.nix | 6 - makefu/1systems/snake/wifi.nix | 6 - makefu/1systems/studio/config.nix | 76 ------ makefu/1systems/studio/source.nix | 4 - makefu/1systems/tsp/config.nix | 45 ---- makefu/1systems/tsp/hardware.nix | 9 - makefu/1systems/tsp/source.nix | 6 - makefu/1systems/vbob/config.nix | 91 ------- makefu/1systems/vbob/source.nix | 4 - makefu/1systems/wbob/config.nix | 139 ----------- makefu/1systems/wbob/nuc/default.nix | 23 -- makefu/1systems/wbob/source.nix | 6 - makefu/1systems/wry/config.nix | 54 ----- makefu/1systems/wry/source.nix | 3 - makefu/1systems/x/config.nix | 265 --------------------- makefu/1systems/x/source.nix | 12 - makefu/1systems/x/x13/battery.nix | 6 - makefu/1systems/x/x13/default.nix | 46 ---- makefu/1systems/x/x13/disk.nix | 67 ------ makefu/1systems/x/x13/input.nix | 48 ---- makefu/1systems/x/x13/toggle_brightness | 8 - makefu/1systems/x/x13/zfs.nix | 34 --- makefu/1systems/x/x230/default.nix | 19 -- 88 files changed, 3694 deletions(-) delete mode 100644 makefu/1systems/cake/config.nix delete mode 100644 makefu/1systems/cake/hardware-config.nix delete mode 100644 makefu/1systems/cake/source.nix delete mode 100644 makefu/1systems/crapi/README delete mode 100644 makefu/1systems/crapi/config.nix delete mode 100644 makefu/1systems/crapi/hardware-config.nix delete mode 100644 makefu/1systems/crapi/source.nix delete mode 100644 makefu/1systems/darth/config.nix delete mode 100644 makefu/1systems/darth/source.nix delete mode 100644 makefu/1systems/drop/config.nix delete mode 100644 makefu/1systems/drop/source.nix delete mode 100644 makefu/1systems/fileleech/config.nix delete mode 100644 makefu/1systems/fileleech/source.nix delete mode 100644 makefu/1systems/filepimp/config.nix delete mode 100644 makefu/1systems/filepimp/hw.nix delete mode 100644 makefu/1systems/filepimp/source.nix delete mode 100644 makefu/1systems/firecracker/config.nix delete mode 100644 makefu/1systems/firecracker/hardware-config.nix delete mode 100644 makefu/1systems/firecracker/source.nix delete mode 100644 makefu/1systems/gum/config.nix delete mode 100644 makefu/1systems/gum/hetzner/default.nix delete mode 100644 makefu/1systems/gum/hetznercloud/default.nix delete mode 100644 makefu/1systems/gum/hetznercloud/doit delete mode 100644 makefu/1systems/gum/hetznercloud/network.nix delete mode 100644 makefu/1systems/gum/hetznercloud/sfdisk.part delete mode 100644 makefu/1systems/gum/rescue.txt delete mode 100644 makefu/1systems/gum/source.nix delete mode 100644 makefu/1systems/hardware/tsp-disk.json delete mode 100644 makefu/1systems/iso/config.nix delete mode 100644 makefu/1systems/iso/justdoit.nix delete mode 100644 makefu/1systems/iso/source.nix delete mode 100644 makefu/1systems/iso/target-config.nix delete mode 100644 makefu/1systems/kexec/config.nix delete mode 100644 makefu/1systems/kexec/source.nix delete mode 100644 makefu/1systems/latte/1blu/default.nix delete mode 100644 makefu/1systems/latte/1blu/network.nix delete mode 100644 makefu/1systems/latte/config.nix delete mode 100644 makefu/1systems/latte/source.nix delete mode 100644 makefu/1systems/minicake/config.nix delete mode 100644 makefu/1systems/omo/config.nix delete mode 100644 makefu/1systems/omo/hw/omo.nix delete mode 100644 makefu/1systems/omo/hw/tsp-tools.nix delete mode 100644 makefu/1systems/omo/hw/tsp.nix delete mode 100644 makefu/1systems/omo/hw/vaapi.nix delete mode 100644 makefu/1systems/omo/source.nix delete mode 100644 makefu/1systems/pnp/config.nix delete mode 100644 makefu/1systems/pnp/source.nix delete mode 100644 makefu/1systems/repunit/config.nix delete mode 100644 makefu/1systems/repunit/source.nix delete mode 100644 makefu/1systems/sdcard/config.nix delete mode 100644 makefu/1systems/sdcard/kernel.nix delete mode 100644 makefu/1systems/sdcard/source.nix delete mode 100644 makefu/1systems/sdev/config.nix delete mode 100644 makefu/1systems/sdev/source.nix delete mode 100644 makefu/1systems/shack-autoinstall/config.nix delete mode 100644 makefu/1systems/shack-autoinstall/grub-partition.sh delete mode 100644 makefu/1systems/shack-autoinstall/shack-config.nix delete mode 100644 makefu/1systems/shack-autoinstall/source.nix delete mode 100644 makefu/1systems/shack-autoinstall/uefi-partition.sh delete mode 100644 makefu/1systems/shoney/config.nix delete mode 100644 makefu/1systems/shoney/source.nix delete mode 100644 makefu/1systems/snake/config.nix delete mode 100644 makefu/1systems/snake/disk.nix delete mode 100644 makefu/1systems/snake/hardware-config.nix delete mode 100644 makefu/1systems/snake/sound.nix delete mode 100644 makefu/1systems/snake/source.nix delete mode 100644 makefu/1systems/snake/wifi.nix delete mode 100644 makefu/1systems/studio/config.nix delete mode 100644 makefu/1systems/studio/source.nix delete mode 100644 makefu/1systems/tsp/config.nix delete mode 100644 makefu/1systems/tsp/hardware.nix delete mode 100644 makefu/1systems/tsp/source.nix delete mode 100644 makefu/1systems/vbob/config.nix delete mode 100644 makefu/1systems/vbob/source.nix delete mode 100644 makefu/1systems/wbob/config.nix delete mode 100644 makefu/1systems/wbob/nuc/default.nix delete mode 100644 makefu/1systems/wbob/source.nix delete mode 100644 makefu/1systems/wry/config.nix delete mode 100644 makefu/1systems/wry/source.nix delete mode 100644 makefu/1systems/x/config.nix delete mode 100644 makefu/1systems/x/source.nix delete mode 100644 makefu/1systems/x/x13/battery.nix delete mode 100644 makefu/1systems/x/x13/default.nix delete mode 100644 makefu/1systems/x/x13/disk.nix delete mode 100644 makefu/1systems/x/x13/input.nix delete mode 100644 makefu/1systems/x/x13/toggle_brightness delete mode 100644 makefu/1systems/x/x13/zfs.nix delete mode 100644 makefu/1systems/x/x230/default.nix (limited to 'makefu/1systems') diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix deleted file mode 100644 index b9550cb2..00000000 --- a/makefu/1systems/cake/config.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ... }: -let - primaryInterface = "eth0"; -in { - imports = [ - - ./hardware-config.nix - - - #./hardware-config.nix - { environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];} - # - - # - # - # - # - # configure your hw: - # - - # directly use the alsa device instead of attaching to pulse - - - - - ]; - krebs = { - enable = true; - tinc.retiolum.enable = true; - build.host = config.krebs.hosts.cake; - }; - # ensure disk usage is limited - services.journald.extraConfig = "Storage=volatile"; - networking.firewall.trustedInterfaces = [ primaryInterface ]; - documentation.info.enable = false; - documentation.man.enable = false; - documentation.nixos.enable = false; -} diff --git a/makefu/1systems/cake/hardware-config.nix b/makefu/1systems/cake/hardware-config.nix deleted file mode 100644 index 932aa192..00000000 --- a/makefu/1systems/cake/hardware-config.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, lib, ... }: -{ - environment.systemPackages = [ pkgs.libraspberrypi ]; - imports = [ ]; - boot.kernelPackages = pkgs.linuxPackages_rpi4; - fileSystems = { - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - }; - hardware.raspberry-pi."4".fkms-3d.enable = true; - hardware.raspberry-pi."4".audio.enable = true; -} diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix deleted file mode 100644 index 8fc2fff2..00000000 --- a/makefu/1systems/cake/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - name="cake"; - full = true; - home-manager = true; - hw = true; -} diff --git a/makefu/1systems/crapi/README b/makefu/1systems/crapi/README deleted file mode 100644 index 9278c764..00000000 --- a/makefu/1systems/crapi/README +++ /dev/null @@ -1,4 +0,0 @@ -1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard -2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate -3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix -5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=% diff --git a/makefu/1systems/crapi/config.nix b/makefu/1systems/crapi/config.nix deleted file mode 100644 index e7c6c366..00000000 --- a/makefu/1systems/crapi/config.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - imports = [ - - ./hardware-config.nix - - - - - ]; - krebs.build.host = config.krebs.hosts.crapi; - - services.openssh.enable = true; - -} diff --git a/makefu/1systems/crapi/hardware-config.nix b/makefu/1systems/crapi/hardware-config.nix deleted file mode 100644 index bba31dab..00000000 --- a/makefu/1systems/crapi/hardware-config.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ pkgs, lib, ... }: -{ - #raspi1 - boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ]; - - boot.loader.grub.enable = false; - boot.loader.raspberryPi.enable = true; - boot.loader.raspberryPi.version = 1; - boot.loader.raspberryPi.uboot.enable = true; - boot.loader.raspberryPi.uboot.configurationLimit = 1; - boot.loader.generationsDir.enable = lib.mkDefault false; - hardware.enableRedistributableFirmware = true; - boot.cleanTmpDir = true; - environment.systemPackages = [ pkgs.raspberrypi-tools ]; - boot.kernelPackages = pkgs.linuxPackages_rpi; - - nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; - nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-label/NIXOS_BOOT"; - fsType = "vfat"; - }; - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - }; - }; - - system.activationScripts.create-swap = '' - if [ ! -e /swapfile ]; then - fallocate -l 2G /swapfile - mkswap /swapfile - chmod 600 /swapfile - fi - ''; - swapDevices = [ { device = "/swapfile"; size = 4096; } ]; -} diff --git a/makefu/1systems/crapi/source.nix b/makefu/1systems/crapi/source.nix deleted file mode 100644 index 4a4359ee..00000000 --- a/makefu/1systems/crapi/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - arm6 = true; -} diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix deleted file mode 100644 index 4e71d142..00000000 --- a/makefu/1systems/darth/config.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import ; -let - # all the good stuff resides in /data - - byid = dev: "/dev/disk/by-id/" + dev; - rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN"; - bootPart = rootDisk + "-part1"; - rootPart = rootDisk + "-part2"; - - allDisks = [ rootDisk ]; # auxDisk -in { - imports = [ - - - - - - - # - - - - - # - - - - # lan party - - - - - - ]; - - - - #networking.firewall.enable = false; - makefu.server.primary-itf = "enp0s25"; - # krebs.hidden-ssh.enable = true; - boot.kernelModules = [ "coretemp" "f71882fg" ]; - hardware.enableRedistributableFirmware = true; - nixpkgs.config.allowUnfree = true; - networking = { - wireless.enable = true; - firewall = { - allowPing = true; - logRefusedConnections = false; - # trustedInterfaces = [ "eno1" ]; - allowedUDPPorts = [ 80 655 1655 67 ]; - allowedTCPPorts = [ 80 655 1655 ]; - }; - # fallback connection to the internal virtual network - # interfaces.virbr3.ip4 = [{ - # address = "10.8.8.2"; - # prefixLength = 24; - # }]; - }; - - # TODO smartd omo darth gum all-in-one - services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - - boot.loader.grub.device = rootDisk; - boot.initrd.luks.devices = [ - { name = "luksroot"; - device = rootPart; - allowDiscards = true; - keyFileSize = 4096; - keyFile = "/dev/sdb"; - } - ]; - - krebs.build.host = config.krebs.hosts.darth; -} diff --git a/makefu/1systems/darth/source.nix b/makefu/1systems/darth/source.nix deleted file mode 100644 index a8d7368a..00000000 --- a/makefu/1systems/darth/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="darth"; -} diff --git a/makefu/1systems/drop/config.nix b/makefu/1systems/drop/config.nix deleted file mode 100644 index 2757db8c..00000000 --- a/makefu/1systems/drop/config.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, pkgs, ... }: -let - external-ip = "45.55.145.62"; - default-gw = "45.55.128.1"; - prefixLength = 18; -in { - imports = [ - - - - - ]; - krebs = { - enable = true; - tinc.retiolum.enable = true; - build.host = config.krebs.hosts.drop; - }; - - boot.loader.grub.device = "/dev/vda"; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; - fileSystems."/" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - - networking = { - firewall = { - allowPing = true; - logRefusedConnections = false; - allowedTCPPorts = [ ]; - allowedUDPPorts = [ 655 ]; - }; - interfaces.enp0s3.ipv4.addresses = [{ - address = external-ip; - inherit prefixLength; - }]; - defaultGateway = default-gw; - nameservers = [ "8.8.8.8" ]; - }; -} diff --git a/makefu/1systems/drop/source.nix b/makefu/1systems/drop/source.nix deleted file mode 100644 index a6bc834b..00000000 --- a/makefu/1systems/drop/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - name="drop"; - torrent = true; -} diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix deleted file mode 100644 index 7e9dea9e..00000000 --- a/makefu/1systems/fileleech/config.nix +++ /dev/null @@ -1,174 +0,0 @@ -{ config, pkgs, lib, ... }: -let - toMapper = id: "/media/crypt${builtins.toString id}"; - byid = dev: "/dev/disk/by-id/" + dev; - keyFile = byid "usb-Intuix_DiskOnKey_09A07360336198F8-0:0"; - rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; - rootPartition = rootDisk + "-part3"; - - dataDisks = let - idpart = dev: byid dev + "-part1"; - in [ - { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";} - { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";} - { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";} - { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";} - { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";} - { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";} - { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";} - { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity - ]; - - disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks; -in { - imports = [ - - - - - - - # - # - # - # - - ]; - systemd.services.grafana.serviceConfig.LimitNOFILE=10032; - systemd.services.graphiteApi.serviceConfig.LimitNOFILE=10032; - systemd.services.carbonCache.serviceConfig.LimitNOFILE=10032; - makefu.server.primary-itf = "enp8s0f0"; - krebs = { - enable = true; - build.host = config.krebs.hosts.fileleech; - }; - # git clone https://github.com/makefu/docker-pyload - # docker build . - # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload - - virtualisation.docker.enable = true; # for pyload - networking.firewall.allowPing = true; - networking.firewall.logRefusedConnections = false; - networking.firewall.allowedTCPPorts = [ - 51412 # torrent - 8112 # rutorrent-web - 8113 # pyload - 8080 # sabnzbd - 9090 # sabnzbd-ssl - 655 # tinc - 21 # ftp - ]; - services.nginx.virtualHosts._download = { - default = true; - root = config.makefu.dl-dir; - extraConfig = '' - autoindex on; - ''; - basicAuth = import ; - }; - networking.firewall.allowedUDPPorts = [ - 655 # tinc - 51412 # torrent - ]; - - services.vsftpd.enable = true; - services.vsftpd.localUsers = true; - services.vsftpd.userlist = [ "download" ]; - services.vsftpd.userlistEnable = true; - # services.vsftpd.chrootlocalUser = true; - - services.sabnzbd.enable = true; - systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - - # TODO use users.motd and pam.services.sshd.showMotd - services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" '' - Services: - ssh://download@fileleech - ssh via filebitch - ftp://download@fileleech - access to ${config.makefu.dl-dir} - http://fileleech:8112 - rutorrent - http://fileleech:8113 - pyload - https://fileleech:9090 - sabnzb - ''; in "Banner ${banner}"; - - boot.initrd.luks = { - devices = let - usbkey = name: device: { - inherit name device keyFile; - keyFileSize = 4096; - allowDiscards = true; - }; - in builtins.map (x: usbkey x.name x.device) disks; - }; - environment.systemPackages = with pkgs;[ mergerfs ]; - - fileSystems = let - cryptMount = name: - { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; - in cryptMount "crypt0" - // cryptMount "crypt1" - // cryptMount "crypt2" - // cryptMount "crypt3" - // cryptMount "crypt4" - // cryptMount "crypt5" - // cryptMount "crypt6" - // cryptMount "crypt7" - - # this entry sometimes creates issues - // { "/media/cryptX" = { - device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 4 5 6 ]); - fsType = "mergerfs"; - noCheck = true; - options = [ "defaults" "nofail" "allow_other" "nonempty" ]; }; - } - - ; - makefu.dl-dir = "/media/cryptX"; - users.users.download = { - useDefaultShell = true; - # name = "download"; - # createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.makefu.pubkey - config.krebs.users.lass.pubkey - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch" - ]; - }; - makefu.snapraid = { - enable = true; - disks = map toMapper [ 0 1 2 3 4 5 6 ]; - parity = toMapper 7; - }; - networking.nameservers = [ "8.8.8.8" ]; - # SPF - networking.defaultGateway = "151.217.176.1"; - networking.interfaces.enp6s0f0.ipv4.addresses = [{ - address = "151.217.178.63"; - prefixLength = 22; - }]; - - # Gigabit - networking.interfaces.enp8s0f1.ipv4.addresses = [{ - address = "192.168.126.1"; - prefixLength = 24; - }]; - - #interfaces.enp6s0f1.ip4 = [{ - # address = external-ip; - # prefixLength = 22; - #}]; - - boot.loader.grub.device = rootDisk; - - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "aacraid" "usb_storage" "usbhid" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - # http://blog.hackathon.de/using-unsupported-sfp-modules-with-linux.html - boot.extraModprobeConfig = '' - options ixgbe allow_unsupported_sfp=1 - ''; -} diff --git a/makefu/1systems/fileleech/source.nix b/makefu/1systems/fileleech/source.nix deleted file mode 100644 index b6951a27..00000000 --- a/makefu/1systems/fileleech/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - name = "fileleech"; - torrent = true; -} diff --git a/makefu/1systems/filepimp/config.nix b/makefu/1systems/filepimp/config.nix deleted file mode 100644 index 3edfffb7..00000000 --- a/makefu/1systems/filepimp/config.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, lib, ... }: -# nix-shell -p wol --run 'wol C8:CB:B8:CF:E4:DC --passwd=CA-FE-BA-BE-13-37' -let - itf = config.makefu.server.primary-itf; -in { - imports = - [ # Include the results of the hardware scan. - ./hw.nix - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.filepimp; - - networking.firewall.trustedInterfaces = [ itf ]; - networking.interfaces.${itf}.wakeOnLan.enable = true; - -} diff --git a/makefu/1systems/filepimp/hw.nix b/makefu/1systems/filepimp/hw.nix deleted file mode 100644 index 6f02d9b1..00000000 --- a/makefu/1systems/filepimp/hw.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - byid = dev: "/dev/disk/by-id/" + dev; - part1 = disk: disk + "-part1"; - rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890"; - primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc - # N54L Chassis: - # ____________________ - # |______FRONT_______| - # | [ ]| - # | [ d1 d0 d3 d4 ]| - # |___[_____________]| - jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA"; - - # transfer to omo - jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; - jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363"; - jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA"; - allDisks = [ rootDisk jDisk0 jDisk1 jDisk2 jDisk3 ]; -in { - boot = { - loader.grub.device = rootDisk; - - initrd.availableKernelModules = [ - "ahci" - "ohci_pci" - "ehci_pci" - "pata_atiixp" - "usb_storage" - "usbhid" - ]; - - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; - }; - makefu.server.primary-itf = primary-interface; - - hardware.enableRedistributableFirmware = true; - hardware.cpu.amd.updateMicrocode = true; - - zramSwap.enable = true; - - makefu.snapraid = let - toMedia = name: "/media/" + name; - in { - enable = true; - # todo combine creation when enabling the mount point - disks = map toMedia [ - "j0" - "j1" - "j2" - ]; - parity = toMedia "par0"; - }; - # TODO: refactor, copy-paste from omo - services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' - ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} - ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} - ${pkgs.hdparm}/sbin/hdparm -y ${disk} - '') allDisks); - fileSystems = let - xfsmount = name: dev: - { "/media/${name}" = { - device = dev; fsType = "xfs"; - options = [ "nofail" ]; - }; }; - tomedia = id: "/media/${id}"; - in - (xfsmount "j0" (part1 jDisk0)) // - (xfsmount "j1" (part1 jDisk1)) // - (xfsmount "j2" (part1 jDisk2)) // - (xfsmount "par0" (part1 jDisk3)) // - { "/media/jX" = { - device = (lib.concatMapStringsSep ":" (d: (tomedia d)) ["j0" "j1" "j2" ]); - fsType = "mergerfs"; - noCheck = true; - options = [ "defaults" "allow_other" "nofail" "nonempty" ]; - }; - }; - environment.systemPackages = [ pkgs.mergerfs ]; -} diff --git a/makefu/1systems/filepimp/source.nix b/makefu/1systems/filepimp/source.nix deleted file mode 100644 index 9930f0e4..00000000 --- a/makefu/1systems/filepimp/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - name="filepimp"; - home-manager = true; -} diff --git a/makefu/1systems/firecracker/config.nix b/makefu/1systems/firecracker/config.nix deleted file mode 100644 index 87f50028..00000000 --- a/makefu/1systems/firecracker/config.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: -let - primaryInterface = "eth0"; -in { - imports = [ - - ./hardware-config.nix - # - { environment.systemPackages = with pkgs;[ rsync screen curl git ];} - - # -# configure your hw: -# - ]; - krebs = { - enable = true; - tinc.retiolum.enable = true; - build.host = config.krebs.hosts.firecracker; - }; - networking.firewall.trustedInterfaces = [ primaryInterface ]; - documentation.info.enable = false; - documentation.man.enable = false; - services.nixosManual.enable = false; - sound.enable = false; -} diff --git a/makefu/1systems/firecracker/hardware-config.nix b/makefu/1systems/firecracker/hardware-config.nix deleted file mode 100644 index b821a337..00000000 --- a/makefu/1systems/firecracker/hardware-config.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, lib, ... }: -{ - boot.kernelParams = lib.mkForce ["console=ttyS2,1500000n8" "earlycon=uart8250,mmio32,0xff1a0000" "earlyprintk"]; - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; - boot.loader.generic-extlinux-compatible.configurationLimit = 1; - boot.loader.generationsDir.enable = lib.mkDefault false; - boot.supportedFilesystems = lib.mkForce [ "vfat" ]; - - boot.tmpOnTmpfs = lib.mkForce false; - boot.cleanTmpDir = true; - hardware.enableRedistributableFirmware = true; - - ## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747 - boot.kernelPackages = pkgs.linuxPackages_latest; - networking.wireless.enable = true; - # File systems configuration for using the installer's partition layout - swapDevices = [ { device = "/var/swap"; size = 4096; } ]; - fileSystems = { - "/boot" = { - device = "/dev/disk/by-label/NIXOS_BOOT"; - fsType = "vfat"; - }; - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - }; - }; - -} diff --git a/makefu/1systems/firecracker/source.nix b/makefu/1systems/firecracker/source.nix deleted file mode 100644 index 22c40039..00000000 --- a/makefu/1systems/firecracker/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - name="cake"; - full = true; -} diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix deleted file mode 100644 index f40f113b..00000000 --- a/makefu/1systems/gum/config.nix +++ /dev/null @@ -1,261 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - ext-if = config.makefu.server.primary-itf; - allDisks = [ "/dev/sda" "/dev/sdb" ]; -in { - imports = [ - - ./hetznercloud - { - # wait for mount - systemd.services.rtorrent.wantedBy = lib.mkForce []; - systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce []; - systemd.services.samba-smbd.wantedBy = lib.mkForce []; - } - { - users.users.lass = { - uid = 19002; - isNormalUser = true; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - makefu.pubkey - ]; - }; - } - - - - - - # - - - # - - - - # Security - - - # Tools - - - - # - - - - - # - - # networking - # - # - # - # - - { # bonus retiolum config for connecting more hosts - krebs.tinc.retiolum = { - #extraConfig = lib.mkForce '' - # ListenAddress = ${external-ip} 53 - # ListenAddress = ${external-ip} 655 - # ListenAddress = ${external-ip} 21031 - # StrictSubnets = yes - # LocalDiscovery = no - #''; - connectTo = [ - "prism" "ni" "enklave" "eve" "dishfire" - ]; - }; - networking.firewall = { - allowedTCPPorts = - [ - 53 - 655 - 21031 - ]; - allowedUDPPorts = - [ - 53 - 655 - 21031 - ]; - }; - } - - # ci - # - - - ### systemdUltras ### - - - ###### Shack ##### - # - # - - - - - - - # services - # postgres backend - # - # - { krebs.exim.enable = mkDefault true; } - - - # sharing - # samba sahre - - # - - { nixpkgs.config.allowUnfree = true; } - # - ## - # - # - # - - - ## network - # - # - - { makefu.backup.server.repo = "/var/backup/borg"; } - - - - - - { # recent changes mediawiki bot - networking.firewall.allowedUDPPorts = [ 5005 5006 ]; - } - # Removed until move: no extra mails - # - # Removed until move: avoid letsencrypt ban - ### Web - - # postgres backend - # postgres backend - - - - #postgres backend - ### Moving owncloud data dir to /media/cloud/nextcloud-data - { - users.users.nextcloud.extraGroups = [ "download" ]; - # nextcloud-setup fails as it cannot set permissions for nextcloud - systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1"; - systemd.tmpfiles.rules = [ - "L /var/lib/nextcloud/data - - - - /media/cloud/nextcloud-data" - "L /var/backup - - - - /media/cloud/gum-backup" - ]; - #fileSystems."/var/lib/nextcloud/data" = { - # device = "/media/cloud/nextcloud-data"; - # options = [ "bind" ]; - #}; - #fileSystems."/var/backup" = { - # device = "/media/cloud/gum-backup"; - # options = [ "bind" ]; - #}; - } - - - # - - - - - ## - # - # - - # - # - - # - # - # - # - # - - - # - - - # - - - # - - - - - # - - # - - # sharing - - { krebs.airdcpp.dcpp.shares = { - download.path = config.makefu.dl-dir + "/finished"; - sorted.path = config.makefu.dl-dir + "/sorted"; - }; - } - - - ## Temporary: - # - # - # - - # krebs infrastructure services - # - ]; - - # makefu.dl-dir = "/var/download"; - makefu.dl-dir = "/media/cloud/download/finished"; - - services.openssh.hostKeys = lib.mkForce [ - { bits = 4096; path = (toString ); type = "rsa"; } - { path = (toString ); type = "ed25519"; } ]; - ###### stable - security.acme.certs."cgit.euer.krebsco.de" = { - email = "letsencrypt@syntax-fehler.de"; - webroot = "/var/lib/acme/acme-challenge"; - group = "nginx"; - }; - services.nginx.virtualHosts."cgit" = { - serverAliases = [ "cgit.euer.krebsco.de" ]; - addSSL = true; - sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem"; - locations."/.well-known/acme-challenge".extraConfig = '' - root /var/lib/acme/acme-challenge; - ''; - }; - - krebs.build.host = config.krebs.hosts.gum; - - # Network - networking = { - firewall = { - allowedTCPPorts = [ - 80 443 - 28967 # storj - ]; - allowPing = true; - logRefusedConnections = false; - }; - nameservers = [ "8.8.8.8" ]; - }; - users.users.makefu.extraGroups = [ "download" "nginx" ]; - state = [ "/home/makefu/.weechat" ]; -} diff --git a/makefu/1systems/gum/hetzner/default.nix b/makefu/1systems/gum/hetzner/default.nix deleted file mode 100644 index 7d445879..00000000 --- a/makefu/1systems/gum/hetzner/default.nix +++ /dev/null @@ -1,116 +0,0 @@ -{ config, ... }: -let - external-mac = "50:46:5d:9f:63:6b"; - main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; - sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; - external-gw = "144.76.26.225"; - # single partition, label "nixos" - # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate - - - # static - external-ip = "144.76.26.247"; - external-ip6 = "2a01:4f8:191:12f6::2"; - external-gw6 = "fe80::1"; - external-netmask = 27; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly -in { - imports = [ - - { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; } - - ]; - makefu.server.primary-itf = ext-if; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - networking = { - interfaces."${ext-if}" = { - ipv4.addresses = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - ipv6.addresses = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - defaultGateway6 = { address = external-gw6; interface = ext-if; }; - defaultGateway = external-gw; - }; - boot.kernelParams = [ ]; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ main-disk ]; - boot.initrd.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" ]; - boot.initrd.availableKernelModules = [ - "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" - "xhci_pci" "ehci_pci" "ahci" "sd_mod" - ]; - boot.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" "kvm-intel" ]; - hardware.enableRedistributableFirmware = true; - fileSystems."/" = { - device = "/dev/nixos/root"; - fsType = "ext4"; - }; - fileSystems."/var/lib" = { - device = "/dev/nixos/lib"; - fsType = "ext4"; - }; - fileSystems."/var/log" = { - device = "/dev/nixos/log"; - fsType = "ext4"; - }; - fileSystems."/var/download" = { - device = "/dev/nixos/download"; - fsType = "ext4"; - }; - fileSystems."/var/www/binaergewitter" = { - device = "/dev/nixos/binaergewitter"; - fsType = "ext4"; - options = [ "nofail" ]; - }; - fileSystems."/var/lib/nextcloud/data" = { - device = "/dev/nixos/nextcloud"; - fsType = "ext4"; - options = [ "nofail" ]; - }; - fileSystems."/var/lib/borgbackup" = { - device = "/dev/nixos/backup"; - fsType = "ext4"; - }; - fileSystems."/boot" = { - device = "/dev/sda2"; - fsType = "vfat"; - }; - # parted -s -a optimal "$disk" \ - # mklabel gpt \ - # mkpart no-fs 0 1024KiB \ - # set 1 bios_grub on \ - # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ - # mkpart primary 1025MiB 100% - # parted -s -a optimal "/dev/sdb" \ - # mklabel gpt \ - # mkpart primary 1M 100% - - #mkfs.vfat /dev/sda2 - #pvcreate /dev/sda3 - #pvcreate /dev/sdb1 - #vgcreate nixos /dev/sda3 /dev/sdb1 - #lvcreate -L 120G -m 1 -n root nixos - #lvcreate -L 50G -m 1 -n lib nixos - #lvcreate -L 100G -n download nixos - #lvcreate -L 100G -n backup nixos - #mkfs.ext4 /dev/mapper/nixos-root - #mkfs.ext4 /dev/mapper/nixos-lib - #mkfs.ext4 /dev/mapper/nixos-download - #mkfs.ext4 /dev/mapper/nixos-borgbackup - #mount /dev/mapper/nixos-root /mnt - #mkdir /mnt/boot - #mount /dev/sda2 /mnt/boot - #mkdir -p /mnt/var/src - #touch /mnt/var/src/.populate - -} diff --git a/makefu/1systems/gum/hetznercloud/default.nix b/makefu/1systems/gum/hetznercloud/default.nix deleted file mode 100644 index cfcd894a..00000000 --- a/makefu/1systems/gum/hetznercloud/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - - imports = - [ ./network.nix - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - # Disk - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/nix" = - { device = "rpool/nix"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - boot.loader.grub.device = "/dev/sda"; - - networking.hostId = "3150697b"; # required for zfs use - boot.tmpOnTmpfs = true; - boot.supportedFilesystems = [ "zfs" ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.copyKernels = true; - boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues - boot.kernelParams = [ - "boot.shell_on_fail" - "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues - ]; -} diff --git a/makefu/1systems/gum/hetznercloud/doit b/makefu/1systems/gum/hetznercloud/doit deleted file mode 100644 index 45798587..00000000 --- a/makefu/1systems/gum/hetznercloud/doit +++ /dev/null @@ -1,13 +0,0 @@ -ROOT_DEVICE=/dev/sda2 -NIXOS_BOOT=/dev/sda1 - -zpool create -o ashift=12 -o altroot=/mnt rpool $ROOT_DEVICE -zfs create -o mountpoint=legacy rpool/root -zfs create -o mountpoint=legacy rpool/home -zfs create -o mountpoint=legacy rpool/nix -mount -t zfs rpool/root /mnt -mkdir /mnt/{home,nix,boot} -mount -t zfs rpool/home /mnt/home -mount -t zfs rpool/nix /mnt/nix -mount $NIXOS_BOOT /mnt/boot/ - diff --git a/makefu/1systems/gum/hetznercloud/network.nix b/makefu/1systems/gum/hetznercloud/network.nix deleted file mode 100644 index 5159cf57..00000000 --- a/makefu/1systems/gum/hetznercloud/network.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -let - external-mac = "96:00:01:24:33:f4"; - external-gw = "172.31.1.1"; - external-ip = "142.132.189.140"; - external-ip6 = "2a01:4f8:1c17:5cdf::2"; - external-gw6 = "fe80::1"; - external-netmask = 32; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly -in -{ - makefu.server.primary-itf = ext-if; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - networking = { - enableIPv6 = true; - nat.enableIPv6 = true; - interfaces."${ext-if}" = { - useDHCP = true; - ipv6.addresses = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - #ipv4.addresses = [{ - # address = external-ip; - # prefixLength = external-netmask; - #}]; - defaultGateway6 = { address = external-gw6; interface = ext-if; }; - #defaultGateway = external-gw; - nameservers = [ "1.1.1.1" ]; - }; -} diff --git a/makefu/1systems/gum/hetznercloud/sfdisk.part b/makefu/1systems/gum/hetznercloud/sfdisk.part deleted file mode 100644 index fb375b15..00000000 --- a/makefu/1systems/gum/hetznercloud/sfdisk.part +++ /dev/null @@ -1,6 +0,0 @@ -label: gpt -device: /dev/sda -unit: sectors -1 : size=524288 type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 -4 : size=4096 type=21686148-6449-6E6F-744E-656564454649 -2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt deleted file mode 100644 index 0a3ed96e..00000000 --- a/makefu/1systems/gum/rescue.txt +++ /dev/null @@ -1,15 +0,0 @@ -ssh gum.i -o StrictHostKeyChecking=no - -mount /dev/mapper/nixos-root /mnt -mount /dev/sda2 /mnt/boot - -chroot-prepare /mnt -chroot /mnt /bin/sh - - -journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub) -# ... activating ... - -export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin -/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate -/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix deleted file mode 100644 index 43586ede..00000000 --- a/makefu/1systems/gum/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - name="gum"; - torrent = true; - clever_kexec = true; - home-manager = true; -} diff --git a/makefu/1systems/hardware/tsp-disk.json b/makefu/1systems/hardware/tsp-disk.json deleted file mode 100644 index 5a4bd26a..00000000 --- a/makefu/1systems/hardware/tsp-disk.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "type": "devices", - "content": { - "sda": { - "type": "table", - "format": "msdos", - "partitions": [ - { "type": "partition", - "part-type": "primary", - "start": "1M", - "end": "100%", - "bootable": true, - "content": { - "type": "filesystem", - "format": "ext4", - "mountpoint": "/" - } - } - ] - } - } -} - diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix deleted file mode 100644 index 20712123..00000000 --- a/makefu/1systems/iso/config.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import ; -{ - imports = [ - # - - - # - ./justdoit.nix - { - environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" '' - #!/bin/sh - ip addr add 178.254.30.202/255.255.252.0 dev ens3 - ip route add default via 178.254.28.1 - echo nameserver 1.1.1.1 > /etc/resolv.conf - '')]; - kexec.justdoit = { - bootSize = 512; - rootDevice = "/dev/vda"; - bootType = "vfat"; - luksEncrypt = false; - uefi = false; - }; - } - ]; - # boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now - # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos - #krebs.build.host = { cores = 0; }; - isoImage.isoBaseName = lib.mkForce "stockholm"; - #krebs.hidden-ssh.enable = true; - # environment.systemPackages = with pkgs; [ - # aria2 - # ddrescue - # ]; - environment.extraInit = '' - EDITOR=vim - ''; - # iso-specific - services.openssh = { - enable = true; - hostKeys = [ - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - # enable ssh in the iso boot process - systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; - # hack `tee` behavior - nixpkgs.config.packageOverrides = super: { - irc-announce = super.callPackage { - pkgs = pkgs // { - coreutils = pkgs.symlinkJoin { - name = "coreutils-hack"; - paths = [ - pkgs.coreutils - (pkgs.writeDashBin "tee" '' - if test "$1" = /dev/stderr; then - while read -r line; do - echo "$line" - echo "$line" >&2 - done - else - ${super.coreutils}/bin/tee "$@" - fi - '') - ]; - }; - }; - }; - }; -} diff --git a/makefu/1systems/iso/justdoit.nix b/makefu/1systems/iso/justdoit.nix deleted file mode 100644 index 0ce90494..00000000 --- a/makefu/1systems/iso/justdoit.nix +++ /dev/null @@ -1,120 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - cfg = config.kexec.justdoit; - x = if cfg.nvme then "p" else ""; -in { - options = { - kexec.justdoit = { - rootDevice = mkOption { - type = types.str; - default = "/dev/sda"; - description = "the root block device that justdoit will nuke from orbit and force nixos onto"; - }; - bootSize = mkOption { - type = types.int; - default = 256; - description = "size of /boot in mb"; - }; - bootType = mkOption { - type = types.enum [ "ext4" "vfat" "zfs" ]; - default = "ext4"; - }; - swapSize = mkOption { - type = types.int; - default = 1024; - description = "size of swap in mb"; - }; - poolName = mkOption { - type = types.str; - default = "tank"; - description = "zfs pool name"; - }; - luksEncrypt = mkOption { - type = types.bool; - default = false; - description = "encrypt all of zfs and swap"; - }; - uefi = mkOption { - type = types.bool; - default = false; - description = "create a uefi install"; - }; - nvme = mkOption { - type = types.bool; - default = false; - description = "rootDevice is nvme"; - }; - }; - }; - config = let - mkBootTable = { - ext4 = "mkfs.ext4 $NIXOS_BOOT -L NIXOS_BOOT"; - vfat = "mkfs.vfat $NIXOS_BOOT -n NIXOS_BOOT"; - zfs = ""; - }; - in lib.mkIf true { - system.build.justdoit = pkgs.writeScriptBin "justdoit" '' - #!${pkgs.stdenv.shell} - set -e - vgchange -a n - wipefs -a ${cfg.rootDevice} - dd if=/dev/zero of=${cfg.rootDevice} bs=512 count=10000 - sfdisk ${cfg.rootDevice} < /mnt/etc/nixos/generated.nix < /etc/resolv.conf - '')]; - - # minimal - boot.supportedFilesystems = [ "zfs" ]; - programs.command-not-found.enable = false; - time.timeZone = "Europe/Berlin"; - programs.ssh.startAgent = false; - nix.useSandbox = true; - users.mutableUsers = false; - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; - services.openssh.enable = true; - i18n = { - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; - boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2"; - "net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2"; - }; -} diff --git a/makefu/1systems/kexec/config.nix b/makefu/1systems/kexec/config.nix deleted file mode 100644 index 5bf19f97..00000000 --- a/makefu/1systems/kexec/config.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import ; -{ - imports = [ - - # -