summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-07-09 11:32:26 +0200
committerlassulus <git@lassul.us>2023-07-09 11:32:26 +0200
commit305b9e1deee5d9b2d48ff01f647471fdd9ee766c (patch)
treed428676c99fff445126a1d689e6a557dd9a78a91
parent581665cc9f3c3e8e281ae0fc513fec903cc17b7c (diff)
parenta4ace2b0b35331be531795a351401bc6ca8d827c (diff)
Merge remote-tracking branch 'ni/master'
-rw-r--r--kartei/tv/hosts/wu.nix25
-rw-r--r--kartei/tv/wiregrill/wu.pub1
-rw-r--r--krebs/1systems/puyak/config.nix2
-rw-r--r--krebs/1systems/wolf/config.nix1
-rw-r--r--krebs/2configs/exim-smarthost.nix1
-rw-r--r--krebs/2configs/shack/prometheus/unifi.nix2
-rw-r--r--krebs/3modules/acl.nix2
-rw-r--r--krebs/3modules/iana-etc.nix9
-rw-r--r--krebs/3modules/permown.nix16
-rw-r--r--krebs/5pkgs/haskell/email-header.nix4
-rw-r--r--krebs/5pkgs/simple/netcup/default.nix2
-rw-r--r--lib/pure.nix4
-rw-r--r--makefu/3modules/snapraid.nix2
-rw-r--r--tv/1systems/wu/config.nix42
l---------tv/1systems/wu/lib1
-rw-r--r--tv/2configs/backup.nix29
-rw-r--r--tv/2configs/default.nix7
-rw-r--r--tv/2configs/exim-smarthost.nix1
-rw-r--r--tv/2configs/hw/w110er.nix70
-rw-r--r--tv/2configs/nets/hkw.nix13
-rw-r--r--tv/2configs/xserver/default.nix6
21 files changed, 26 insertions, 214 deletions
diff --git a/kartei/tv/hosts/wu.nix b/kartei/tv/hosts/wu.nix
deleted file mode 100644
index d03886f14..000000000
--- a/kartei/tv/hosts/wu.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{
- ci = true;
- nets = {
- retiolum = {
- ip4.addr = "10.243.13.37";
- aliases = [
- "wu.r"
- "cgit.wu.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
- M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
- GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
- KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
- 4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
- AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "urVOEGxTkBedkpszPH0XRCRMk+Fc2U9IneYMFDqGoIB";
- };
- };
- secure = true;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
-}
diff --git a/kartei/tv/wiregrill/wu.pub b/kartei/tv/wiregrill/wu.pub
deleted file mode 100644
index 0d25d9de9..000000000
--- a/kartei/tv/wiregrill/wu.pub
+++ /dev/null
@@ -1 +0,0 @@
-68bL6l3/sjbirva80tm0Dw6/PJu1S95nJC58gWCh42E=
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 931ebe70b..a4f22d39c 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -113,6 +113,8 @@
];
krebs.build.host = config.krebs.hosts.puyak;
+ krebs.hosts.puyak.ssh.privkey.path = <secrets/ssh.id_ed25519>;
+
sound.enable = false;
boot = {
loader.systemd-boot.enable = true;
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 12ce4db3e..2415bd32f 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -51,6 +51,7 @@ in
# uninteresting stuff
#####################
krebs.build.host = config.krebs.hosts.wolf;
+ krebs.hosts.wolf.ssh.privkey.path = <secrets/ssh.id_ed25519>;
boot.initrd.availableKernelModules = [
"ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk"
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
index c2f6b4dc0..2842e10d4 100644
--- a/krebs/2configs/exim-smarthost.nix
+++ b/krebs/2configs/exim-smarthost.nix
@@ -42,6 +42,7 @@ in {
"makefu@krebsco.de" = makefu;
"spam@krebsco.de" = spam-ml;
"tv@krebsco.de" = tv;
+ "xkey@krebsco.de" = { mail = "lennart@cope.cool"; };
# XXX These are no internet aliases
# XXX exim-retiolum hosts should be able to relay to retiolum addresses
"lass@retiolum" = lass;
diff --git a/krebs/2configs/shack/prometheus/unifi.nix b/krebs/2configs/shack/prometheus/unifi.nix
index 401ecb024..34e47add9 100644
--- a/krebs/2configs/shack/prometheus/unifi.nix
+++ b/krebs/2configs/shack/prometheus/unifi.nix
@@ -5,6 +5,6 @@
unifiAddress = "https://unifi.shack:8443/";
unifiInsecure = true;
unifiUsername = "prometheus"; # needed manual login after setup to confirm the password
- unifiPassword = lib.replaceChars ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>);
+ unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>);
};
}
diff --git a/krebs/3modules/acl.nix b/krebs/3modules/acl.nix
index d23706499..05f7e824b 100644
--- a/krebs/3modules/acl.nix
+++ b/krebs/3modules/acl.nix
@@ -33,7 +33,7 @@ in {
default = {};
};
config = {
- systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceChars ["/"] ["_"] path}" {
+ systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceStrings ["/"] ["_"] path}" {
wantedBy = [ "multi-user.target" ];
path = [
pkgs.acl
diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix
index 3195f71d9..dabe2f8aa 100644
--- a/krebs/3modules/iana-etc.nix
+++ b/krebs/3modules/iana-etc.nix
@@ -1,5 +1,6 @@
-{ config, pkgs, lib, ... }:
-with lib; {
+{ config, lib, pkgs, ... }: let
+ slib = import ../../lib/pure.nix { inherit lib; };
+in with lib; {
options.krebs.iana-etc.services = mkOption {
default = {};
@@ -7,7 +8,7 @@ with lib; {
options = {
port = mkOption {
default = config._module.args.name;
- type = types.addCheck types.str (test "[1-9][0-9]*");
+ type = types.addCheck types.str (slib.test "[1-9][0-9]*");
};
} // genAttrs ["tcp" "udp"] (protocol: mkOption {
default = null;
@@ -30,7 +31,7 @@ with lib; {
(proto: let
line = "${entry.${proto}.name} ${entry.port}/${proto}";
in /* sh */ ''
- echo ${shell.escape line}
+ echo ${slib.shell.escape line}
'')
(filter (proto: entry.${proto} != null) ["tcp" "udp"])}
'') (attrValues config.krebs.iana-etc.services)}
diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix
index 3ebbc44fe..ae8702978 100644
--- a/krebs/3modules/permown.nix
+++ b/krebs/3modules/permown.nix
@@ -1,4 +1,6 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, ... }: let
+ slib = import ../../lib/pure.nix { inherit lib; };
+in
with lib; {
options.krebs.permown = mkOption {
@@ -16,7 +18,7 @@ with lib; {
group = mkOption {
apply = x: if x == null then "" else x;
default = null;
- type = types.nullOr types.groupname;
+ type = types.nullOr slib.types.groupname;
};
keepGoing = mkOption {
default = false;
@@ -28,15 +30,15 @@ with lib; {
'';
};
owner = mkOption {
- type = types.username;
+ type = slib.types.username;
};
path = mkOption {
default = config._module.args.name;
- type = types.absolute-pathname;
+ type = slib.types.absolute-pathname;
};
umask = mkOption {
default = "0027";
- type = types.file-mode;
+ type = slib.types.file-mode;
};
};
}));
@@ -48,11 +50,11 @@ with lib; {
system.activationScripts.permown = let
mkdir = plan: /* sh */ ''
- ${pkgs.coreutils}/bin/mkdir -p ${shell.escape plan.path}
+ ${pkgs.coreutils}/bin/mkdir -p ${slib.shell.escape plan.path}
'';
in concatMapStrings mkdir plans;
- systemd.services = genAttrs' plans (plan: let
+ systemd.services = slib.genAttrs' plans (plan: let
continuable = command:
if plan.keepGoing
then /* sh */ "{ ${command}; } || :"
diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix
index e1e9d423f..f8ce03f39 100644
--- a/krebs/5pkgs/haskell/email-header.nix
+++ b/krebs/5pkgs/haskell/email-header.nix
@@ -18,9 +18,9 @@ let
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
};
}.${versions.majorMinor version} or {
- version = "0.4.1-tv2";
+ version = "0.4.2-tv1";
rev = "refs/tags/v${cfg.version}";
- sha256 = "1yg4b5318lpviwgjs4kdcqg8cwfnxxfcdckcjq12r2nnj2k4ms2d";
+ sha256 = "JZfqvkbb/1t0q1iWmZHmmCN2Vr+QKTiq4LVncrG+xMU=";
};
in mkDerivation {
diff --git a/krebs/5pkgs/simple/netcup/default.nix b/krebs/5pkgs/simple/netcup/default.nix
index 408672eff..750e9cfa9 100644
--- a/krebs/5pkgs/simple/netcup/default.nix
+++ b/krebs/5pkgs/simple/netcup/default.nix
@@ -3,7 +3,7 @@ with stockholm.lib;
let
readJSON = path: fromJSON (readFile path);
- sed.escape = replaceChars ["/"] ["\\/"]; # close enough
+ sed.escape = replaceStrings ["/"] ["\\/"]; # close enough
PATH = makeBinPath [
coreutils
curl
diff --git a/lib/pure.nix b/lib/pure.nix
index bb2d586f6..3329db022 100644
--- a/lib/pure.nix
+++ b/lib/pure.nix
@@ -26,7 +26,7 @@ let
krops = import ../submodules/krops/lib;
shell = import ./shell.nix { inherit (stockholm) lib; };
systemd = {
- encodeName = replaceChars ["/"] ["\\x2f"];
+ encodeName = replaceStrings ["/"] ["\\x2f"];
};
types = nixpkgs-lib.types // import ./types.nix { lib = stockholm.lib; };
uri = import ./uri.nix { inherit (stockholm) lib; };
@@ -79,7 +79,7 @@ let
string = toJSON x; # close enough
}.${type} or reject;
- indent = replaceChars ["\n"] ["\n "];
+ indent = replaceStrings ["\n"] ["\n "];
stripAttr = converge (filterAttrsRecursive (n: v: v != {} && v != null));
diff --git a/makefu/3modules/snapraid.nix b/makefu/3modules/snapraid.nix
index 1a2c08475..25254c142 100644
--- a/makefu/3modules/snapraid.nix
+++ b/makefu/3modules/snapraid.nix
@@ -4,7 +4,7 @@ with import <stockholm/lib>;
let
# returns dirname without / , used as disk name
- dname = dir: replaceChars ["/"] [""] (head (reverseList (splitString "/" dir)));
+ dname = dir: replaceStrings ["/"] [""] (head (reverseList (splitString "/" dir)));
snapraid-conf = ''
# Disks
${concatMapStringsSep "\n" (d: "disk ${dname d} ${d}") cfg.disks}
diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix
deleted file mode 100644
index 4d45f6d40..000000000
--- a/tv/1systems/wu/config.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-with import ../lib;
-{ config, pkgs, ... }: {
- krebs.build.host = config.krebs.hosts.wu;
-
- imports = [
- <stockholm/tv>
- <stockholm/tv/2configs/hw/w110er.nix>
- <stockholm/tv/2configs/exim-retiolum.nix>
- <stockholm/tv/2configs/pulse.nix>
- <stockholm/tv/2configs/retiolum.nix>
- <stockholm/tv/2configs/xserver>
- ];
-
- boot.initrd.luks.devices.wuca.device = "/dev/sda2";
-
- fileSystems = {
- "/" = {
- device = "/dev/mapper/wuvga-root";
- fsType = "ext4";
- };
- "/bku" = {
- device = "/dev/mapper/wuvga-bku";
- fsType = "ext4";
- };
- "/home" = {
- device = "/dev/mapper/wuvga-home";
- fsType = "ext4";
- };
- "/boot" = {
- device = "/dev/sda1";
- };
- };
-
- networking.wireless.enable = true;
- networking.wireless.interfaces = [
- "wlp3s0"
- ];
- networking.interfaces.enp4s0f2.useDHCP = true;
- networking.interfaces.wlp3s0.useDHCP = true;
- networking.useDHCP = false;
-
-}
diff --git a/tv/1systems/wu/lib b/tv/1systems/wu/lib
deleted file mode 120000
index dc598c56d..000000000
--- a/tv/1systems/wu/lib
+++ /dev/null
@@ -1 +0,0 @@
-../lib \ No newline at end of file
diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix
index c8ab73b50..56c04c4e3 100644
--- a/tv/2configs/backup.nix
+++ b/tv/2configs/backup.nix
@@ -9,12 +9,6 @@ with import ./lib;
yearly = { format = "%Y"; };
};
}) {
- bu-home-wu = {
- method = "push";
- src = { host = config.krebs.hosts.bu; path = "/home"; };
- dst = { host = config.krebs.hosts.wu; path = "/bku/bu-home"; };
- startAt = "05:15";
- };
bu-home-xu = {
method = "push";
src = { host = config.krebs.hosts.bu; path = "/home"; };
@@ -45,18 +39,6 @@ with import ./lib;
dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; };
startAt = "22:00";
};
- wu-home-xu = {
- method = "push";
- src = { host = config.krebs.hosts.wu; path = "/home"; };
- dst = { host = config.krebs.hosts.xu; path = "/bku/wu-home"; };
- startAt = "05:00";
- };
- wu-home-zu = {
- method = "push";
- src = { host = config.krebs.hosts.wu; path = "/home"; };
- dst = { host = config.krebs.hosts.zu; path = "/bku/wu-home"; };
- startAt = "05:20";
- };
xu-home-bu = {
method = "push";
src = { host = config.krebs.hosts.xu; path = "/home"; };
@@ -69,12 +51,6 @@ with import ./lib;
dst = { host = config.krebs.hosts.nomic; path = "/fs/cis3hG/bku/xu-home"; };
startAt = "05:20";
};
- xu-home-wu = {
- method = "push";
- src = { host = config.krebs.hosts.xu; path = "/home"; };
- dst = { host = config.krebs.hosts.wu; path = "/bku/xu-home"; };
- startAt = "06:00";
- };
xu-home-zu = {
method = "push";
src = { host = config.krebs.hosts.xu; path = "/home"; };
@@ -129,10 +105,5 @@ with import ./lib;
src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; };
dst = { host = config.krebs.hosts.xu; path = "/bku/xu-test-pull"; };
};
- xu-test-push-wu = {
- method = "push";
- src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; };
- dst = { host = config.krebs.hosts.wu; path = "/bku/xu-test-push"; };
- };
};
}
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 53b11c620..a8d840c15 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -130,11 +130,4 @@ with import ./lib;
];
}
];
-
- nixpkgs.overlays =
- mkAfter (optional config.hardware.video.hidpi.enable (self: super: {
- alacritty-tv = super.alacritty-tv.override {
- variant = "hidpi";
- };
- }));
}
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index e905536df..6750d9a85 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -15,7 +15,6 @@ with import ./lib;
];
relay_from_hosts = concatMap (host: host.nets.retiolum.addrs) [
config.krebs.hosts.nomic
- config.krebs.hosts.wu
config.krebs.hosts.xu
];
internet-aliases = with config.krebs.users; [
diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix
deleted file mode 100644
index bf749a98a..000000000
--- a/tv/2configs/hw/w110er.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-with import ./lib;
-{ pkgs, ... }: {
- imports = [
- ../smartd.nix
- {
- # nvidia doesn't build despite
- # https://github.com/NixOS/nixpkgs/issues/33284
- #hardware.bumblebee.enable = true;
- #hardware.bumblebee.group = "video";
- #hardware.enableRedistributableFirmware= true;
- #krebs.nixpkgs.allowUnfreePredicate = pkg: any (eq (packageName pkg)) [
- # "nvidia-x11"
- # "nvidia-persistenced"
- # "nvidia-settings"
- #];
- }
-
- {
- nix.buildCores = 4;
- nix.maxJobs = 4;
- }
- (if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then {
- nix.daemonCPUSchedPolicy = "batch";
- nix.daemonIOSchedPriority = 1;
- } else {
- nix.daemonIONiceLevel = 1;
- nix.daemonNiceLevel = 1;
- })
- ];
-
- boot.extraModprobeConfig = ''
- options kvm_intel nested=1
- '';
-
- boot.initrd.availableKernelModules = [ "ahci" ];
- boot.kernelModules = [ "kvm-intel" ];
-
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- hardware.enableRedistributableFirmware = true;
-
- hardware.opengl.driSupport32Bit = true;
- hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
-
- networking.wireless.enable = true;
-
- services.logind.extraConfig = ''
- HandleHibernateKey=ignore
- HandleLidSwitch=ignore
- HandlePowerKey=ignore
- HandleSuspendKey=ignore
- '';
-
- system.activationScripts.powertopTunables = ''
- echo 1 > /sys/module/snd_hda_intel/parameters/power_save
- echo 1500 > /proc/sys/vm/dirty_writeback_centisecs
- (cd /sys/bus/pci/devices
- for i in *; do
- echo auto > $i/power/control # defaults to 'on'
- done)
- '';
-
- services.xserver = {
- videoDriver = "intel";
- };
-
- tv.hw.screens.primary.width = 1366;
- tv.hw.screens.primary.height = 768;
-}
diff --git a/tv/2configs/nets/hkw.nix b/tv/2configs/nets/hkw.nix
index c3acde1fb..51a8a7366 100644
--- a/tv/2configs/nets/hkw.nix
+++ b/tv/2configs/nets/hkw.nix
@@ -38,19 +38,6 @@
];
};
};
- wu = {
- nets.hkw = {
- ip4 = {
- addr = "10.23.1.37";
- prefix = "10.23.1.0/24";
- };
- aliases = [
- "wu.hkw"
- "cache.wu.hkw"
- ];
- ssh.port = 11423;
- };
- };
xu = {
nets.hkw = {
ip4 = {
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index f10ccb10e..9b9d86f58 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -52,12 +52,6 @@ in {
enable = true;
display = mkForce 11;
tty = mkForce 11;
-
- synaptics = {
- enable = true;
- twoFingerScroll = true;
- accelFactor = "0.035";
- };
};
systemd.services.display-manager.enable = false;