diff options
author | tv <tv@krebsco.de> | 2023-03-02 09:20:37 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2023-03-02 09:20:37 +0100 |
commit | 03a9448a0922fcf158c4357922bed689245105e3 (patch) | |
tree | 7dbedf90d0443bd1e375aac61f63735f43e64984 | |
parent | 177fd1eeec05f0821f1ccc63733b3e0fd5aed7b6 (diff) | |
parent | 8639d428c2e9f2190ec4e4b5dd931f24a4166f36 (diff) |
Merge remote-tracking branch 'prism/master' into head
55 files changed, 1057 insertions, 896 deletions
diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix index cfc05b636..d72b167b6 100644 --- a/kartei/lass/prism.nix +++ b/kartei/lass/prism.nix @@ -21,7 +21,7 @@ rec { 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - cgit CNAME ${config.krebs.hosts.prism.nets.internet.ip4.addr} + cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} @@ -38,6 +38,7 @@ rec { mail 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + schrott 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix index 75f5b7fc9..796f0fd33 100644 --- a/kartei/mic92/default.nix +++ b/kartei/mic92/default.nix @@ -51,24 +51,6 @@ in { }; }; }; - herbert = { - owner = config.krebs.users.mic92; - nets = rec { - retiolum = { - aliases = [ "herbert.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA7ZINr8YxVwHtcOR+ySpc9UjnJWsFXlOyu3CnrJ8IrY+mPA25UmNZ - stXd8QbJuxpad9HyPs294uW8UmXttEZzIwAlikVHasM5IQHVltudTTFvv7s3YFWd - /lgpHbo8zOA2mafx+Sr02Fy/lHjk6BTf8IOzdJIpUHZL/P+FUl9baBwGLmtbEvPh - fbvtf5QryBjJ9nRnb+wsPVpeFE/LncIMK/bYQsyE01T5QDu/muAaeYPbgm6FqaQH - OJ4oEHsarWBvU1qzgz/IRz0BHHeTrbbP3AG/glTwL02Z1mtTXSjME7cfk7ZRM5Cj - jXAqnqu2m1B08Kii+zYp4BPZDmPLT5gq+QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; rauter = { owner = config.krebs.users.mic92; nets = rec { @@ -161,19 +143,20 @@ in { ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAt/dCDTvJU5jugP+5pk2CNM8X6cOnFonJv2eS253nsmKI97T9FSUa - QDt417MoqAJNEeZw7o4ve1fmdZmtfKgmXYdDJi2HSJCJoKY6FUgVOKevtzGg4akl - 4mKTy2z59CxyIbA41MHyLq18W3NLabQ41NpWGBRt9jvHQpZfd+wI8t5IIzdvFrKo - JSOFRbzEBL5//Hc3N/443cUg4IMyDBTemS7/jaZ2/Mn+PVZAdoIPLEZjFeWewmTF - Jd8Bsc2thzAREYHYnawhq3PLJSebMJd91pCdkD0NB0i59VKORcQTFady3fzE9+w4 - RSTqAdBTUDuxzU/B8g1dp89/qW+fVPiFuB5Pf7D9t2DgxTDAeSXMiId/4Hwa0B1G - QCnCedz0Qk2UdId16BTS8DSq8Pd9fawU6qCmPY6ahSiw5ZQ6odMvDISb480cKj41 - pslLjhIItTk3WEs8MwnQCzweNABuCK7GzT7CNaYm3f9pznBlOB+KfoZ6mrlzKkEK - u+gFJXTFym0ZF0wheXO7FCJ1jp4LFHqKGS3zWQyT7isjLsbcQzpOe8/FdiFlQvlG - vltL+5JjcahAMHc/ba+pRa5rSy8ebqf68fg4jlkT94Za13bCIHdK5w7eAXR3s/9z - H2wZmhvajUIZAxQSgFUy+7kKWOIkWqFkGPIdmbdwTaHC88OWshvRv8ECAwEAAQ== + MIICCgKCAgEAvanhJvtvqnTGblOF9Dy7Un3vaLAJHGeu9z8YMARFh6ENe+duILp0 + IDjJMZc7F3J01RbkjkfbzPiXmHN532MBcbKnp0Z5eUld/XmDdNCc3ekTifrYs2em + eJKFrx2Vhsx924PZ8cOOf7P+JuqJNQzMiy7ohATjpMLU9If1tjqSyV+/lGjbjckN + /e88XtG7Z4Cu5LdbD5Ajb4Rzp9gL0ae4aNw+2nX3wMJLYEjOcmBYuMzBcLYzVnZw + YrtgN9RV8md9gdb2B/Fj1PdJGDyjdiuGRE9LnloC3dpMSkmhbNm9DthsThaWMUn1 + DyrtHrJoyNTO8OvyTfWK7EqKqZcZ+0gaTmtec5VCYWSCpb/CWLmHL3ydTyzNhtRA + 9ZFRwPQUdBsYQ/G/xtGrMQf5T/FdqUj3bD5pGlw6vheabBkD8a8Bt7WB52fzWWb0 + MZZlxyWiHoIim83LI8Qa5WHkJ7jZkV8XdrwsA7hkJpVikJIbWsdzwQVWBVvz5WiF + 0z1vi/cb5EYe3MRRshhG5VpTHBJzDRmvkdbKqrWi8dFEzJGkr0NPflmVKYAIBnRI + xLemDSacswrvY1x9cdzCsNI92SkYxCvsVI27DCeeF5cfkApkZ0YcnOJm+3joTgpP + uF8mQiPsyavyuBg4QWWPwGJosDRbycmHEzGDRLoizSkAQX5c+rvCvVECAwEAAQ== -----END RSA PUBLIC KEY----- ''; + tinc.pubkey_ed25519 = "5ZhQyLQ2RLTkKvFCN38dfmqfjZOnZmm19Vr1eiOVlID"; }; }; aenderpad = { @@ -294,32 +277,6 @@ in { }; }; }; - sauron = { - owner = config.krebs.users.mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.75"; - ip6.addr = "2001:630:3c1:164:d65d:64ff:feb0:e8a8"; - aliases = [ "sauron.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.194"; - aliases = [ "sauron.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAxmCryT4ZEhPOvdZhWhYZsRS7sz1njSh2ozh6iwXRXhjRjZ9tYZVQ - GoYc6ADnWCnb9SGpPe1WqwFMblfKofnXCvC4wLQaFsch1GIMPhujosJ4Te84BHi1 - XKqyompotE2F7iWYPE6i6UAdRK2dCapfCbiDBOjMhCnmmhM1oY5Bv/fBtx3/2N7E - W+iN6LG2t9cKibs8qrLzFtJIfWn8uXU9dkdhX3d9guCdplGOn/NT/Aq3ayvA+/Mf - 74oJVJgBT5M1rTH2+u+MU+kC+x2UD+jjXEjS55owFWsEM1jI4rGra+dpsDuzdGdG - 67wl9JlpDBy4Tkf2Bl3CQWZHsWDsR6jCqwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "Z5+fArxMfP8oLqlHpXadkGc9ROOPHBqugAMD2czmNlJ"; - }; - }; - }; bill = { owner = config.krebs.users.mic92; nets = rec { @@ -435,73 +392,6 @@ in { }; }; }; - harsha = { - owner = config.krebs.users.mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.184"; - aliases = [ - "harsha.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA9VVG+kwSXDmjLuNCT6Mp9xTCj9IdzgjWxkExEH/Jd9kgVNXRa+39 - P8OQuHXi9fC/51363hh7ThggneIxOs2R4fZDyUcWfzv13aik34U0e+tYjhWXig+o - MClkK4/uhLrsk370MQVevpjYW23S5d+pThOm84xIchvjR9nqzp6E3jzjhyeQwHJg - dM48y7XT2+7hLvOkkEQ8xLcd35J228wVSilsSYhye1D2+ThRDbjjEkKXnIeOmU5h - TPNvn+U0lVdwUDYlS+XUhNl3awRdfzTYlPvUhTWv9zwSxS5EQjvgMqC/3/fQod2K - zyYdPwCwEyrksr9JvJF/t+oCw4hf3V4iOwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - redha = { - owner = config.krebs.users.mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.188"; - aliases = [ - "redha.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAx7STxTTPMxXugweHpUGOeLUrrTSCt7j5l+fjNtArIygOGKEiAC5O - s0G4WHK2IcrNnv7pxS09S5mnXywi51aAL+G2fKzcU3YgLFuoUN4Kk5LohMvBynEE - a3kZK2/D+LMeFfpK2RWBPjLnulN29ke11Iot42TC6+NIMWiZh/Y2T0mKirUJQGsH - RV3zRlR7YfIOdR1AZ5S+qrmPF8hLb7O08TTXrHo8NQk5NAVUS89OYcn1pc9hnf/e - FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm - mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "oRGc9V9G9GFsY1bZIaJamoDEAZU2kphlpxXOMBxI2GN"; - }; - }; - }; - - grandalf = { - owner = config.krebs.users.mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.187"; - aliases = [ - "grandalf.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAn1wLOI8DluJAKvscyImoyG0gjxyVC1/Ky8A63YO7INy0SYBg3wU7 - XPSbix5VJZdADQ382LWg31ORYjnDg40c49gCGLfR6+awgd+Rb0sb4eAz07XENXJC - qc70oQrrXLi8HIfeckCsJHe514LJOMA3pU+muaMShOiSygoTiTlEH6RRrkC8HROL - 2/V7Hm2Sg7YS+MY8bI/x61MIagfkQKH2eFyqGG54Y80bIhm5SohMkiANu78GdngI - jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/ - /btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "dzjT09UeUGJCbUFrBo+FtbnXrsxFQnmqmJw7tjpJQJL"; - }; - }; - }; doctor = { owner = config.krebs.users.mic92; diff --git a/kartei/palo/default.nix b/kartei/palo/default.nix index 9d35c3808..6fc9a594f 100644 --- a/kartei/palo/default.nix +++ b/kartei/palo/default.nix @@ -17,13 +17,28 @@ let in { hosts = mapAttrs hostDefaults { - sterni = { + sol = { owner = config.krebs.users.palo; nets = { retiolum = { tinc.port = 720; - aliases = [ "sterni.r" ]; - tinc.pubkey = builtins.readFile ./retiolum.pub; + aliases = [ "sol.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxrvdMSAcOJXM1TbIIDZ+zPojrcRG3RVMfPC2/0DasRpBFSuS+L60 + mQEs0l0ptAL6Sbr4+9gfaHkdETfYpeKB4Q4lCPahMq88YfTyB1f3tEOqW3vP22nC + Z+Yf+W/sTLWVRoDoS/Eok6wS95R1IQ74vr37YXdbJTD/eeX6sAJkn2I2RV5PD6Bu + lHsMuunAj+PyhAgqb2P393h7FN4exL0xM6UbHbgsd9OSp5qKTjZE3jeOyWmounK1 + 7n+8pyRjI0VE47ontnj/GANwpsxRFFtRGmG/S5KhUBXMv7wZr/vaVETRphAu+KhT + NqdclmGkQlB/YBodzJID7C21Zz4b33kcn12TU3nc6AL5u9j3sU2sEu/22fAZBWLV + yOZ9l/Qe4aJkIbdL70Gvp9G8m7+M4vkdM+e/nA5cZT0N9ArI2D5ltJRd7VLVzxef + Y0t/bS9bVOcNt2Sgd81Ubg0OmF2paHGGboAAMqXhf3afwCMyXcDsP6sgPXOIEu7Q + hjuo5rg6Fu8eK9edAAQ2afl52GiFUawzjHbjGANwVyea1JTQ3uR6eBtxGOEaYpkr + vbl75CxLwE0YA0L3VwhJTNLMVldTrUi2M76QedjzyePkJHMijHT5+0nqTlsmjcNg + uv89Mh9shNKdqulfGjTAFyKjTCuUe/rCprJ5CeZWBaEuQKYkcZuMkJsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "qCJvjlNz5YNOz5IEiwGaoK3InSVCL76uNl+xVBUa/AP"; }; }; }; diff --git a/kartei/palo/retiolum.pub b/kartei/palo/retiolum.pub deleted file mode 100644 index 65284d51d..000000000 --- a/kartei/palo/retiolum.pub +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE -8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4 -oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/ -ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD -ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ -ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu -MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL -rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo -sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1 -EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH -yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 9849937d5..70307a96b 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -26,4 +26,8 @@ boot.isContainer = true; networking.useDHCP = false; + krebs.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM20tYHHvwIgrJZzR35ATzH9AlTrM1enNKEQJ7IP6lBh"; + }; } diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix index 620e6249e..b27fc3737 100644 --- a/krebs/1systems/news/config.nix +++ b/krebs/1systems/news/config.nix @@ -17,13 +17,8 @@ boot.isContainer = true; networking.useDHCP = lib.mkForce true; - krebs.bindfs = { - "/var/lib/brockman" = { - source = "/var/state/brockman"; - options = [ - "-m ${toString config.users.users.brockman.uid}:${toString config.users.users.nginx.uid}" - ]; - clearTarget = true; - }; + krebs.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBVZomw68WDQy0HsHhNbWK1KpzaR5aRUG1oioE7IgCv"; }; } diff --git a/krebs/2configs/hotdog-host.nix b/krebs/2configs/hotdog-host.nix new file mode 100644 index 000000000..95d70376b --- /dev/null +++ b/krebs/2configs/hotdog-host.nix @@ -0,0 +1,9 @@ +{ + krebs.sync-containers3.containers.hotdog = { + sshKey = "${toString <secrets>}/hotdog.sync.key"; + }; + containers.hotdog.bindMounts."/var/lib" = { + hostPath = "/var/lib/sync-containers3/hotdog/state"; + isReadOnly = false; + }; +} diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix index 07674c86e..71793e518 100644 --- a/krebs/2configs/news-host.nix +++ b/krebs/2configs/news-host.nix @@ -1,10 +1,5 @@ { - krebs.sync-containers.containers.news = { - peers = [ - "shodan" - "mors" - "styx" - ]; - format = "plain"; + krebs.sync-containers3.containers.news = { + sshKey = "${toString <secrets>}/news.sync.key"; }; } diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index d6c6371da..9d9470727 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -74,7 +74,7 @@ limits.identlen = 100; history.enabled = false; }; - systemd.services.brockman.bindsTo = [ "ergo.service" ]; + systemd.services.brockman.bindsTo = [ "ergochat.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; krebs.brockman = { @@ -87,6 +87,7 @@ nick = "brockman"; extraChannels = [ "#all" ]; }; + statePath = "/var/state/brockman/brockman.json"; bots = {}; }; }; diff --git a/krebs/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix index 4a00b23ab..ed147b30e 100644 --- a/krebs/3modules/sync-containers3.nix +++ b/krebs/3modules/sync-containers3.nix @@ -104,7 +104,9 @@ in { consul lock sync_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-sync" '' set -efux if /run/wrappers/bin/ping -c 1 ${ctr.name}.r; then - nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 container_sync@${ctr.name}.r:disk "$HOME"/disk + nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 --inplace --sparse container_sync@${ctr.name}.r:disk "$HOME"/disk.rsync + touch "$HOME"/incomplete + nice --adjustment=30 rsync --inplace "$HOME"/disk.rsync "$HOME"/disk rm -f "$HOME"/incomplete fi ''} diff --git a/krebs/5pkgs/simple/fzfmenu/default.nix b/krebs/5pkgs/simple/fzfmenu/default.nix index 4527ad90b..fe5d5e27a 100644 --- a/krebs/5pkgs/simple/fzfmenu/default.nix +++ b/krebs/5pkgs/simple/fzfmenu/default.nix @@ -48,10 +48,11 @@ pkgs.writeDashBin "fzfmenu" '' exec 4>&1 export FZFMENU_INPUT_FD=3 export FZFMENU_OUTPUT_FD=4 - exec ${pkgs.rxvt-unicode}/bin/urxvt \ - -name ${cfg.appName} \ - -title ${shell.escape cfg.windowTitle} \ - -e "$0" "$@" + exec ${pkgs.alacritty}/bin/alacritty \ + --config-file /var/theme/config/alacritty.yaml \ + --class ${cfg.appName} \ + --title ${shell.escape cfg.windowTitle} \ + --command "$0" "$@" else exec 0<&''${FZFMENU_INPUT_FD-0} exec 1>&''${FZFMENU_OUTPUT_FD-1} diff --git a/krebs/5pkgs/simple/pager.nix b/krebs/5pkgs/simple/pager.nix index 506ef2eb3..952b5ee1e 100644 --- a/krebs/5pkgs/simple/pager.nix +++ b/krebs/5pkgs/simple/pager.nix @@ -33,8 +33,6 @@ pkgs.symlinkJoin { -ti vt340 \ -xrm '*geometry: 32x10' \ -xrm '*internalBorder: 2' \ - -xrm '*background: #050505' \ - -xrm '*foreground: #d0d7d0' \ -e ${pkgs.haskellPackages.pager}/bin/pager "$@" '') pkgs.haskellPackages.pager diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix index ed5bbcf12..6992db4a5 100644 --- a/lass/1systems/aergia/config.nix +++ b/lass/1systems/aergia/config.nix @@ -26,6 +26,7 @@ <stockholm/lass/2configs/dunst.nix> <stockholm/lass/2configs/print.nix> <stockholm/lass/2configs/br.nix> + <stockholm/lass/2configs/c-base.nix> ]; system.stateVersion = "22.11"; @@ -47,11 +48,6 @@ }; hardware.pulseaudio.package = pkgs.pulseaudioFull; - lass.browser.config = { - fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; - qt = { browser = "qutebrowser"; groups = [ "audio" "video" ]; hidden = true; }; - }; - nix.trustedUsers = [ "root" "lass" ]; # nix.extraOptions = '' diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index de5f7540e..023639083 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -3,6 +3,7 @@ imports = [ ./config.nix (modulesPath + "/installer/scan/not-detected.nix") + <stockholm/lass/2configs/antimicrox> ]; disko.devices = import ./disk.nix; @@ -20,15 +21,41 @@ boot.kernelParams = [ # Enable energy savings during sleep "mem_sleep_default=deep" - "initcall_blacklist=acpi_cpufreq_init" + + # use less power with pstate + "amd_pstate=passive" # for ryzenadj -i "iomem=relaxed" + + # suspend + "resume_offset=178345675" ]; - # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html - # On recent AMD CPUs this can be more energy efficient. - boot.kernelModules = [ "amd-pstate" "kvm-amd" ]; + boot.kernelModules = [ + # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html + # On recent AMD CPUs this can be more energy efficient. + "amd-pstate" + "kvm-amd" + + # needed for zenstates + "msr" + + # zenpower + "zenpower" + ]; + + boot.extraModulePackages = [ + (config.boot.kernelPackages.zenpower.overrideAttrs (old: { + src = pkgs.fetchFromGitea { + domain = "git.exozy.me"; + owner = "a"; + repo = "zenpower3"; + rev = "c176fdb0d5bcba6ba2aba99ea36812e40f47751f"; + hash = "sha256-d2WH8Zv7F0phZmEKcDiaak9On+Mo9bAFhMulT/N5FWI="; + }; + })) + ]; # hardware.cpu.amd.updateMicrocode = true; @@ -36,7 +63,16 @@ "amdgpu" ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "thunderbolt" + "xhci_pci" + "usbhid" + ]; + + boot.initrd.kernelModules = [ + "amdgpu" + ]; environment.systemPackages = [ pkgs.vulkan-tools @@ -54,7 +90,13 @@ hardware.video.hidpi.enable = lib.mkDefault true; # corectrl - programs.corectrl.enable = true; + programs.corectrl = { + enable = true; + gpuOverclock = { + enable = true; + ppfeaturemask = "0xffffffff"; + }; + }; users.users.mainUser.extraGroups = [ "corectrl" ]; # use newer ryzenadj @@ -72,7 +114,7 @@ # keyboard quirks services.xserver.displayManager.sessionCommands = '' - xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert + ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert ''; services.udev.extraHwdb = /* sh */ '' # disable back buttons @@ -82,5 +124,20 @@ ''; # ignore power key - services.logind.extraConfig = "HandlePowerKey=ignore"; + + # update cpu microcode + hardware.cpu.amd.updateMicrocode = true; + + # suspend to disk + swapDevices = [{ + device = "/swapfile"; + }]; + boot.resumeDevice = "/dev/mapper/aergia1"; + services.logind.lidSwitch = "suspend-then-hibernate"; + services.logind.extraConfig = '' + HandlePowerKey=hibernate + ''; + + # firefox touchscreen support + environment.sessionVariables.MOZ_USE_XINPUT2 = "1"; } diff --git a/lass/1systems/coaxmeta |