summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2023-02-02 17:03:15 +0100
committertv <tv@krebsco.de>2023-02-02 17:03:15 +0100
commit3c1a1f0f09e1789ebda529e597c1bb8b7bc7d0c4 (patch)
treee041536cd96726fb87adc15fbe95f1eabd280ba9
parentfc00990f712663688e5aea85624cb9317e9f4128 (diff)
parent46ae6fc00c3e1aee5bc5db846ec91e30c430f0f1 (diff)
Merge remote-tracking branch 'prism/master' into head
-rw-r--r--kartei/krebs/default.nix19
-rw-r--r--kartei/lass/aergia.nix39
-rw-r--r--kartei/lass/orange.nix38
-rw-r--r--kartei/lass/ubik.nix38
-rw-r--r--kartei/mic92/default.nix1
-rw-r--r--krebs/2configs/reaktor2.nix4
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/sync-containers3.nix (renamed from lass/3modules/sync-containers3.nix)4
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rw-r--r--lass/1systems/aergia/config.nix76
-rw-r--r--lass/1systems/aergia/disk.nix64
-rw-r--r--lass/1systems/aergia/install.sh3
-rw-r--r--lass/1systems/aergia/physical.nix86
-rw-r--r--lass/1systems/aergia/source.nix21
-rw-r--r--lass/1systems/green/config.nix2
-rw-r--r--lass/1systems/hilum/disk.nix53
-rwxr-xr-xlass/1systems/hilum/flash-stick.sh37
-rw-r--r--lass/1systems/hilum/physical.nix43
-rw-r--r--lass/1systems/mors/config.nix28
-rw-r--r--lass/1systems/neoprism/config.nix6
-rw-r--r--lass/1systems/orange/config.nix21
-rw-r--r--lass/1systems/orange/physical.nix7
-rw-r--r--lass/1systems/radio/config.nix2
-rw-r--r--lass/1systems/ubik/config.nix33
-rw-r--r--lass/1systems/ubik/physical.nix7
-rw-r--r--lass/1systems/yellow/config.nix2
-rw-r--r--lass/2configs/gg23.nix6
-rw-r--r--lass/2configs/green-host.nix6
-rw-r--r--lass/2configs/mail.nix66
-rw-r--r--lass/2configs/orange-host.nix15
-rw-r--r--lass/2configs/radio/container-host.nix2
-rw-r--r--lass/2configs/red-host.nix2
-rw-r--r--lass/2configs/ubik-host.nix26
-rw-r--r--lass/2configs/xmonad.nix11
-rw-r--r--lass/2configs/yellow-host.nix2
-rw-r--r--lass/2configs/yubikey.nix10
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/5pkgs/install-system/default.nix19
-rw-r--r--lass/5pkgs/unimenu/default.nix91
-rw-r--r--makefu/2configs/binary-cache/gum.nix6
-rw-r--r--makefu/2configs/binary-cache/lass.nix6
-rw-r--r--makefu/2configs/binary-cache/nixos.nix6
-rw-r--r--makefu/2configs/default.nix2
-rw-r--r--makefu/2configs/minimal.nix4
45 files changed, 812 insertions, 120 deletions
diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix
index 7419ba13f..414b66e9f 100644
--- a/kartei/krebs/default.nix
+++ b/kartei/krebs/default.nix
@@ -50,15 +50,20 @@ in {
aliases = [ "filebitch.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA8ZSLsOlPy9Vd8XdEcIoP8H3rztsbB0McTYPGhUaZ6/aqcD/MBSQa
- FT9NZS0+N0Pev7y90As6Rj5Wrom92xlThcFPaX0Dzmzz+7363M4qtlrtmmWkx2FX
- VDrPOYbe4hGGOCsPNOTNJkcW4zs2Ym5YKbZeXHfnuqCW+yuhKBCgO9slc740jkHZ
- 5xuv5zbU3ZMRk1H8xi4+cQcHqh+1PY75lJxVSNvrbe5pvGxm9yVdp235b49ohDRU
- UfUjXmymPlnfJgTOMxmHwl+UmwYR4Yw2CZKXTjbJe5HjbykleTwUb1qyijM8suJf
- eXRyma8VGILcY6K/HmE4nz7ESAlI1c+QlwIDAQAB
+ MIICCgKCAgEA8S3eYZB/z1oT8SlSeHXdHVlSZE1Z15KA2Icd/qLnopqIj9qi8rGa
+ TVptxNPAnI6ohLw3MnFix2fZCizHremrIV5lObSB/hYfqJZq73/Og3zb7GO25cl+
+ bb/ApgmTHKjrI0xJPnRxC4Wl0KawEFfX+J3pS0ty9JHN7VNHfPzCnd3NO/LplY+9
+ hxsV6Oegt4+X4onv7/5xjd/PYe7CsA3BvKGqtLwznEg/fZdm/e2UJv2U/ddk2MUU
+ JwDpQ3n4WYSv4ltY6TcTP1CiFHNOzaPV4AxUROimvI8natuTC+Yapv/J5DDowatX
+ Fo51GXXptTr3lASHNfonWDBTmhkELp3uS48MYO6z/fxLNqS4Un7q845sEN4GQQXL
+ StdUQEDp7+ycui2zHG7GHfbGqK5qZ1/hVU8sofnlfIGlfgwcMN4NHjhS5GifQGPC
+ Fuwx5e/r06HI9FaC5BM6muouaFiGWkK2Xb/coSZb7eoXffVIyiX1didrlwCYzI5b
+ K/KMQRsJu1mhAjUrlxxvtW5Y2yj+kP70Kz9FaPAIlWirMK+EQFCToK63CbCO5X2y
+ 5Pxkomg/KCeZ9grBSugnI2i6WqYeyOTGHM45VugxhU39mgBxzcIVjDy+UKVh/ILS
+ 3IYJVNzCFcbDueHp+G56ClCT1HYYPuAieFhawzwAQ7jUN3mhvdOr5fUCAwEAAQ==
-----END RSA PUBLIC KEY-----
- Ed25519PublicKey = NPjEmo1dkxNS2Xm7qUyWhLKdFYF4MnhIM79NPQELWHC
'';
+ tinc.pubkey_ed25519 = "D5TYSZW9OAkdnvQ/NL98UgheRC2Zg4SMNZ8M4/KwdeL";
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
diff --git a/kartei/lass/aergia.nix b/kartei/lass/aergia.nix
new file mode 100644
index 000000000..d186f912c
--- /dev/null
+++ b/kartei/lass/aergia.nix
@@ -0,0 +1,39 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.1";
+ ip6.addr = r6 "ae12";
+ aliases = [
+ "aergia.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAqLtEUExq0qmXbi3aykdoW1WIneePfmm1SnFxCVcEBecJ1z326cNl
+ EIhYFSzhctwui0vG1dscmNMXHJ0rRQ0QHks1kp/x2MNMlun3Wl8Md9PQrTRGqZOf
+ ltdlNKzn8QbqcQQa9BYMgnFRzhbzzsSO3q5xqncJJ8qSxxWy/boIR9fO+OI/aUfe
+ rVLVHj/i5TTAmov5johqQZOyb7ydEbLiTbaaPSo1H/I/as0iv2jaDRdoVBL5/r+q
+ JvYFfhcdePjpwjRVNohdRwPquyM2ut91e2UyxD5N5eUoQBn+Xr18f6CQlyfJmMrc
+ /oGL+DScrDzFQ/ezCzks3O02dWAmgJsU6odUyNqtdU2x+0lhSqTRH0IXfdkj5n3k
+ K5U340/84e8Bn/1BJQoaGpBZJbK8RHdZd/0r+9+aXcI5tm2YAGaPPYzgLUYg06NZ
+ fMES28iByiCecIPci4vUZ50oOQFGQYaBNA12JC4TRbL/EfLlaax9bRAaUQr7qIXS
+ OBmKrC8eN9QO53T2d2w8Llk5d1rwq0TE3lyJEFLt7sqrHvlBFJ4fpeC+JqZAObqf
+ AJlCvFrqDYXBPzuNC2cZQX9QJ4FlGBpOObGg5KtkY0hPUyBO96OMxIDQ2+Jqc7F0
+ isAUVvn23h6i3m77jRE1AGFyIC/ReMaCH70/83AJQxRpTkzKcF98xU8CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "Jb8RJkm+ufh8o0acM31P2BolEUneYFB4xbtyoLQywLG";
+ };
+ wiregrill = {
+ ip6.addr = w6 "ae12";
+ aliases = [
+ "aergia.w"
+ ];
+ wireguard.pubkey = ''
+ h2GFkqW1ThHpDiALrLkJEsR5NU1lXHvwk0Kers1vIxg=
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAGcqlL5fcxT3iCTlOm5rNPGKZmx1SEDWS71d3Tvbs/";
+ syncthing.id = "K5G46ZC-AKEG3WE-MQTG6MB-PC3ZA7O-C2BOKW6-KCXTSEW-RWHKP4B-Q7FCRQ7";
+}
diff --git a/kartei/lass/orange.nix b/kartei/lass/orange.nix
new file mode 100644
index 000000000..7f656c260
--- /dev/null
+++ b/kartei/lass/orange.nix
@@ -0,0 +1,38 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.15";
+ ip6.addr = r6 "012a";
+ aliases = [
+ "orange.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAlnHedIf4f3/6Wfl5PSSz+7KvdIMkygp5m/U270sdPBh46MqYa8cn
+ OfPq40LcbWIZqAVex7mP+fK7vq8LTIr+sCKvzY46o3ZLbQQ7cCtQi02GFnSAPhVT
+ 4XEmPn9dX/nRmI8xQqzh5jRMpgeOKE+xY6QfgkERD9mflkJi5dGYCOVW1UUK7pHR
+ 7giCrUiLuQbUeIz+G7KOeIRHxU8dwD8it1Jk6KxdM3MW6HwFsuqZu0qjbBPKhTEe
+ fgzSTDtZEGmcQw5vA/RwjxoRvKYThbK/lLoVJItFAhUCWUJA8bJuIanwzPfOF0JO
+ xWkxiY3ntvn5ykbvhF6LoHE+kEfcBJzBfRFRSXV5qU5wW1FC4AQylUDrest/qXQh
+ DY8boUqK/hi/MlC2ciPH+DlBOi5wduWty8F0KqNzjg1IIEOk8H+z9hgBDbdJnYHH
+ MBjYOZ3MFpoNb2VCJTE7dlIarVdH1OOO2KkzX/GGW7wGQK94iqLHjBcGl15GcGOz
+ EOivq+783VOtzZGS4jd8D0OcCo725FzhuWi6KR5QTljwrd5C1gGFoAW7RCsUiveZ
+ 0by9aB+G2DWmSRWZsmPnnbYo6yPvp+WR2yfPu1pKwjyNsmAgTYm4bkwRIvODb6Xk
+ ShgawP5V8RDp+hUmr27KgJvUJnQbVeJf9SO1pT7IfNOjLwHv26iOo7UCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "dVIOgHjuKLDJ+QB+sDjL9Pk3pXs8wKo+gemGvNG3z1H";
+ };
+ wiregrill = {
+ ip6.addr = w6 "012a";
+ aliases = [
+ "orange.w"
+ ];
+ wireguard.pubkey = ''
+ NP8zM9+ocwsHhY9Rn6tFqIU1FR8JidqtDs7IKpl3yU8=
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnHnTPPwMW1Oy3DBuaT4fG5ryhWmVS9Y8Sw0ezUGuLn";
+}
diff --git a/kartei/lass/ubik.nix b/kartei/lass/ubik.nix
new file mode 100644
index 000000000..94a4a8b05
--- /dev/null
+++ b/kartei/lass/ubik.nix
@@ -0,0 +1,38 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.12";
+ ip6.addr = r6 "0b1c";
+ aliases = [
+ "ubik.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAnWJKDrDmmGZbwVeaBhvOdTR4nsumo1yzOR2Iu+SMTOH6fbgJM5cW
+ WtlgPhrdOMrBYR956SBiBNkvsdczRrOF7F6hvXyDwwoGdWGsZXzaTMJlNAYjP5Y4
+ fbJlDq8/QV/SvVFGeu4XP3g2yuU/aNu/4FkU4jlysX+8wo9qGpIFPLpLvqfuU247
+ jHCatNzHfLK60fx7yt57iDhuX2plyFfQVX7xPTxudfGZKD7rEDEnKX4Ghd5dUkOA
+ z0lr0B1AOrkZgrnajU0ZmkjnNy8lrylCWDOnEPhJdao53gL4XFmUcZaR4uFsWuS7
+ V1VM+VivuMTAXRUnJScyLap2mo6dcr9h11kas70c/R7tI2pGmxlNk9t2uYy/jQnC
+ WmyzNCcqpPSfKikx5sRVAVIuv2wtAKYDuZg+1D4YEfeklA0+ZZlHO43NnRnIoKeO
+ Za0SNUE6vtd/EPoiifMkOWtHaO0LppgOxMTk8OgUxR6dcTmbuL0Roz3aY0rSW3EG
+ +li3yjS3YAtMtvhQwuqooVrkBFrcGQLjTnAfCeUHbCjZidGAHnqhESA+Aj+LKx32
+ 0ALQY439xAs6Vf3rICs93cO4Yxa8W1F5sHE6ANOGU+jCmSkCWI2hdHGbckD3L0AQ
+ NBJ+jyXm0kFfVgqRS2i17JPz2ZZxhAHw3KH13Ef1KI4tMdzCvFSayW0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "BcbZOID7dipWNH0/uowqCF7Ivqm4QktMoz11Yv249tG";
+ };
+ wiregrill = {
+ ip6.addr = w6 "0b1c";
+ aliases = [
+ "ubik.w"
+ ];
+ wireguard.pubkey = ''
+ JakWwg7Rq76jjzLFWPBQJPpzRHbIEbb46VLsSUOKI2I=
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlqW8zqJpjbva0NTty9Ex7R/Jk2emDxHJNpaM3WPt5L";
+}
diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix
index 178cf27a2..75f5b7fc9 100644
--- a/kartei/mic92/default.nix
+++ b/kartei/mic92/default.nix
@@ -107,6 +107,7 @@ in {
"eve.r"
"tts.r"
"flood.r"
+ "warez.r"
"navidrome.r"
];
tinc.pubkey = ''
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 11aaf876a..39039cc11 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -52,7 +52,7 @@ let
};
confuse = {
- pattern = "^!confuse (.*)$";
+ pattern = "!confuse (.*)$";
activate = "match";
arguments = [1];
command = {
@@ -90,7 +90,7 @@ let
};
confuse_hackint = {
- pattern = "^!confuse (.*)$";
+ pattern = "!confuse (.*)$";
activate = "match";
arguments = [1];
command = {
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index bff7e135f..6d763afed 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -53,6 +53,7 @@ let
./sitemap.nix
./ssl.nix
./sync-containers.nix
+ ./sync-containers3.nix
./systemd.nix
./tinc.nix
./tinc_graphs.nix
diff --git a/lass/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix
index 5188f270d..4a00b23ab 100644
--- a/lass/3modules/sync-containers3.nix
+++ b/krebs/3modules/sync-containers3.nix
@@ -1,8 +1,8 @@
{ config, lib, pkgs, ... }: let
- cfg = config.lass.sync-containers3;
+ cfg = config.krebs.sync-containers3;
slib = pkgs.stockholm.lib;
in {
- options.lass.sync-containers3 = {
+ options.krebs.sync-containers3 = {
inContainer = {
enable = lib.mkEnableOption "container config for syncing";
pubkey = lib.mkOption {
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 6af475a29..96c23d47c 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "befc83905c965adfd33e5cae49acb0351f6e0404",
- "date": "2023-01-13T18:32:21+01:00",
- "path": "/nix/store/bwpp6fchhfw699jn9hsdypyc7ggb72gx-nixpkgs",
- "sha256": "0m0ik7z06q3rshhhrg2p0vsrkf2jnqcq5gq1q6wb9g291rhyk6h2",
+ "rev": "2caf4ef5005ecc68141ecb4aac271079f7371c44",
+ "date": "2023-01-30T22:55:03+01:00",
+ "path": "/nix/store/mkif1y61ndjfi6fl2hzm7gmgqn40rchn-nixpkgs",
+ "sha256": "1f8d0v4q687r4z3qpg54asglgi3v07ac75hzxzxl0qxjyh0asdz3",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index fd6aeb114..20b1237dc 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f",
- "date": "2023-01-15T13:38:37-03:00",
- "path": "/nix/store/mn2dwzki0d159fl09y87jrvyvcjgyy03-nixpkgs",
- "sha256": "0w3ysrhbqhgr1qnh0r9miyqd7yf7vsd4wcd21dffwjlb99lynla8",
+ "rev": "0218941ea68b4c625533bead7bbb94ccce52dceb",
+ "date": "2023-01-31T16:39:44+08:00",
+ "path": "/nix/store/82grl4czg5pgacsa93nqssf5m7qrmmna-nixpkgs",
+ "sha256": "0vwszpqs1x9sgnabvj3413mvcrj7k2ix4wv4hfvw6nmp6k4z6ic1",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix
new file mode 100644
index 000000000..ed5bbcf12
--- /dev/null
+++ b/lass/1systems/aergia/config.nix
@@ -0,0 +1,76 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/lass>
+
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/baseX.nix>
+ <stockholm/lass/2configs/pipewire.nix>
+ <stockholm/lass/2configs/browsers.nix>
+ <stockholm/lass/2configs/programs.nix>
+ <stockholm/lass/2configs/network-manager.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/sync/sync.nix>
+ <stockholm/lass/2configs/games.nix>
+ <stockholm/lass/2configs/steam.nix>
+ <stockholm/lass/2configs/wine.nix>
+ <stockholm/lass/2configs/fetchWallpaper.nix>
+ <stockholm/lass/2configs/yellow-mounts/samba.nix>
+ <stockholm/lass/2configs/pass.nix>
+ <stockholm/lass/2configs/mail.nix>
+ <stockholm/lass/2configs/bitcoin.nix>
+ # <stockholm/lass/2configs/xonsh.nix>
+ <stockholm/lass/2configs/review.nix>
+ <stockholm/lass/2configs/dunst.nix>
+ <stockholm/lass/2configs/print.nix>
+ <stockholm/lass/2configs/br.nix>
+ ];
+
+ system.stateVersion = "22.11";
+
+ krebs.build.host = config.krebs.hosts.aergia;
+
+ environment.systemPackages = with pkgs; [
+ brain
+ bank
+ l-gen-secrets
+ generate-secrets
+ ];
+
+ programs.adb.enable = true;
+
+ hardware.bluetooth = {
+ enable = true;
+ powerOnBoot = true;
+ };
+ hardware.pulseaudio.package = pkgs.pulseaudioFull;
+
+ lass.browser.config = {
+ fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
+ qt = { browser = "qutebrowser"; groups = [ "audio" "video" ]; hidden = true; };
+ };
+
+ nix.trustedUsers = [ "root" "lass" ];
+
+ # nix.extraOptions = ''
+ # extra-experimental-features = nix-command flakes
+ # '';
+
+ services.tor = {
+ enable = true;
+ client.enable = true;
+ };
+
+ documentation.nixos.enable = true;
+ boot.binfmt.emulatedSystems = [
+ "aarch64-linux"
+ ];
+
+ boot.cleanTmpDir = true;
+
+ # vbox
+ virtualisation.virtualbox.host.enable = true;
+ users.users.mainUser.extraGroups = [ "vboxusers" ];
+}
diff --git a/lass/1systems/aergia/disk.nix b/lass/1systems/aergia/disk.nix
new file mode 100644
index 000000000..0ae0892ee
--- /dev/null
+++ b/lass/1systems/aergia/disk.nix
@@ -0,0 +1,64 @@
+{ lib, ... }:
+{
+ disk = {
+ main = {
+ type = "disk";
+ device = "/dev/nvme0n1";
+ content = {
+ type = "table";
+ format = "gpt";
+ partitions = [
+ {
+ name = "boot";
+ type = "partition";
+ start = "0";
+ end = "1M";
+ part-type = "primary";
+ flags = ["bios_grub"];
+ }
+ {
+ type = "partition";
+ name = "ESP";
+ start = "1MiB";
+ end = "1GiB";
+ fs-type = "fat32";
+ bootable = true;
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ };
+ }
+ {
+ name = "root";
+ type = "partition";
+ start = "1GiB";
+ end = "100%";
+ content = {
+ type = "luks";
+ name = "aergia1";
+ content = {
+ type = "btrfs";
+ extraArgs = "-f"; # Override existing partition
+ subvolumes = {
+ # Subvolume name is different from mountpoint
+ "/rootfs" = {
+ mountpoint = "/";
+ };
+ # Mountpoints inferred from subvolume name
+ "/home" = {
+ mountOptions = [];
+ };
+ "/nix" = {
+ mountOptions = [];
+ };
+ };
+ };
+ };
+ }
+ ];
+ };
+ };
+ };
+}
+
diff --git a/lass/1systems/aergia/install.sh b/lass/1systems/aergia/install.sh
new file mode 100644
index 000000000..0e4f0ab4c
--- /dev/null
+++ b/lass/1systems/aergia/install.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+target=$1
diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix
new file mode 100644
index 000000000..de5f7540e
--- /dev/null
+++ b/lass/1systems/aergia/physical.nix
@@ -0,0 +1,86 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+ imports = [
+ ./config.nix
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+ disko.devices = import ./disk.nix;
+
+ networking.hostId = "deadbeef";
+ # boot.loader.efi.canTouchEfiVariables = true;
+ boot.loader.grub = {
+ enable = true;
+ device = "/dev/nvme0n1";
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ };
+
+ boot.kernelPackages = pkgs.linuxPackages_latest;
+
+ boot.kernelParams = [
+ # Enable energy savings during sleep
+ "mem_sleep_default=deep"
+ "initcall_blacklist=acpi_cpufreq_init"
+
+ # for ryzenadj -i
+ "iomem=relaxed"
+ ];
+
+ # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html
+ # On recent AMD CPUs this can be more energy efficient.
+ boot.kernelModules = [ "amd-pstate" "kvm-amd" ];
+
+ # hardware.cpu.amd.updateMicrocode = true;
+
+ services.xserver.videoDrivers = [
+ "amdgpu"
+ ];
+
+ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
+
+ environment.systemPackages = [
+ pkgs.vulkan-tools
+ pkgs.ryzenadj
+ (pkgs.writers.writeDashBin "set_tdp" ''
+ set -efux
+ watt=$1
+ value=$(( $watt * 1000 ))
+ ${pkgs.ryzenadj}/bin/ryzenadj --stapm-limit="$value" --fast-limit="$value" --slow-limit="$value"
+ '')
+ ];
+
+ # textsize
+ services.xserver.dpi = 200;
+ hardware.video.hidpi.enable = lib.mkDefault true;
+
+ # corectrl
+ programs.corectrl.enable = true;
+ users.users.mainUser.extraGroups = [ "corectrl" ];
+
+ # use newer ryzenadj
+ nixpkgs.config.packageOverrides = super: {
+ ryzenadj = super.ryzenadj.overrideAttrs (old: {
+ version = "unstable-2023-01-15";
+ src = pkgs.fetchFromGitHub {
+ owner = "FlyGoat";
+ repo = "RyzenAdj";
+ rev = "1052fb52b2c0e23ac4cd868c4e74d4a9510be57c"; # unstable on 2023-01-15
+ sha256 = "sha256-/IxkbQ1XrBrBVrsR4EdV6cbrFr1m+lGwz+rYBqxYG1k=";
+ };
+ });
+ };
+
+ # keyboard quirks
+ services.xserver.displayManager.sessionCommands = ''
+ xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert
+ '';
+ services.udev.extraHwdb = /* sh */ ''
+ # disable back buttons
+ evdev:input:b0003v2F24p0135* # /dev/input/event2
+ KEYBOARD_KEY_70026=reserved
+ KEYBOARD_KEY_70027=reserved
+ '';
+
+ # ignore power key
+ services.logind.extraConfig = "HandlePowerKey=ignore";
+}
diff --git a/lass/1systems/aergia/source.nix b/lass/1systems/aergia/source.nix
new file mode 100644
index 000000000..abbf26c75
--- /dev/null
+++ b/lass/1systems/aergia/source.nix
@@ -0,0 +1,21 @@
+{ lib, pkgs, test, ... }: let
+ npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
+in {
+ nixpkgs = (if test then lib.mkForce ({ derivation = let
+ rev = npkgs.rev;
+ sha256 = npkgs.sha256;
+ in ''
+ with import (builtins.fetchTarball {
+ url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
+ sha256 = "${sha256}";
+ }) {};
+ pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = "${rev}";
+ sha256 = "${sha256}";
+ }
+ ''; }) else {
+ git.ref = lib.mkForce npkgs.rev;
+ });
+}
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index cd38c3585..077f7b3fa 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -27,7 +27,7 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.green;
- lass.sync-containers3.inContainer = {
+ krebs.sync-containers3.inContainer = {
enable = true;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y";
};
diff --git a/lass/1systems/hilum/disk.nix b/lass/1systems/hilum/disk.nix
new file mode 100644
index 000000000..926401648
--- /dev/null
+++ b/lass/1systems/hilum/disk.nix
@@ -0,0 +1,53 @@
+{ lib, disk, keyFile, ... }:
+{
+ disk = {
+ main = {
+ type = "disk";
+ device = disk;
+ content = {
+ type = "table";
+ format = "gpt";
+ partitions = [
+ {
+ name = "boot";
+ type = "partition";
+ start = "0";
+ end = "1M";
+ part-type = "primary";
+ flags = ["bios_grub"];
+ }
+ {
+ type = "partition";
+ name = "ESP";
+ start = "1MiB";
+ end = "50%";
+ fs-type = "fat32";
+ bootable = true;
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ };
+ }
+ {
+ name = "root";
+ type = "partition";
+ start = "50%";
+ end = "100%";
+ content = {
+ type = "luks";
+ name = "hilum_luks";
+ keyFile = keyFile;
+ content = {
+ type = "filesystem";
+ format = "xfs";
+ mountpoint = "/";
+ };
+ };
+ }
+ ];
+ };
+ };
+ };
+}
+
diff --git a/lass/1systems/hilum/flash-stick.sh b/lass/1systems/hilum/flash-stick.sh
new file mode 100755
index 000000000..17a5fc580
--- /dev/null
+++ b/lass/1systems/hilum/flash-stick.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+set -efux
+
+disk=$1
+
+export NIXPKGS_ALLOW_UNFREE=1
+(umask 077; pass show admin/hilum/luks > /tmp/hilum.luks)
+trap 'rm -f /tmp/hilum.luks' EXIT
+stockholm_root=$(git rev-parse --show-toplevel)
+ssh root@localhost -t -- $(nix-build \
+ --no-out-link \
+ -I nixpkgs=/var/src/nixpkgs \
+ -I stockholm="$stockholm_root" \
+ -I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \
+ -E "with import <nixpkgs> {}; (pkgs.nixos [
+ {
+ luksPassFile = \"/tmp/hilum.luks\";
+ mainDisk = \"$disk\";
+ disko.rootMountPoint = \"/mnt/hilum\";
+ }
+ ./physical.nix
+ ]).disko"
+)
+rm -f /tmp/hilum.luks
+$(nix-build \
+ --no-out-link \
+ -I nixpkgs=/var/src/nixpkgs \
+ "$stockholm_root"/lass/krops.nix -A populate \
+ --argstr name hilum \
+ --argstr target "root@localhost/mnt/hilum/var/src" \
+ --arg force true
+)
+ssh root@localhost << SSH
+NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-root-password --root /mnt/hilum -I /var/src
+nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader
+umount -Rv /mnt/hilum
+SSH
diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix
index f8bab57d6..6f160062d 100644
--- a/lass/1systems/hilum/physical.nix
+++ b/lass/1systems/hilum/physical.nix
@@ -1,11 +1,38 @@
-{ lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
{
imports = [
./config.nix
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ {
+ # nice hack to carry around state passed impurely at the beginning
+ options.mainDisk = let
+ tryFile = path: default:
+ if lib.elem (builtins.baseNameOf path) (lib.attrNames (builtins.readDir (builtins.dirOf path))) then
+ builtins.readFile path
+ else
+ de