diff options
author | lassulus <git@lassul.us> | 2023-07-09 11:32:26 +0200 |
---|---|---|
committer | lassulus <git@lassul.us> | 2023-07-09 11:32:26 +0200 |
commit | 305b9e1deee5d9b2d48ff01f647471fdd9ee766c (patch) | |
tree | d428676c99fff445126a1d689e6a557dd9a78a91 | |
parent | 581665cc9f3c3e8e281ae0fc513fec903cc17b7c (diff) | |
parent | a4ace2b0b35331be531795a351401bc6ca8d827c (diff) |
Merge remote-tracking branch 'ni/master'
-rw-r--r-- | kartei/tv/hosts/wu.nix | 25 | ||||
-rw-r--r-- | kartei/tv/wiregrill/wu.pub | 1 | ||||
-rw-r--r-- | krebs/1systems/puyak/config.nix | 2 | ||||
-rw-r--r-- | krebs/1systems/wolf/config.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/exim-smarthost.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/shack/prometheus/unifi.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/acl.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/iana-etc.nix | 9 | ||||
-rw-r--r-- | krebs/3modules/permown.nix | 16 | ||||
-rw-r--r-- | krebs/5pkgs/haskell/email-header.nix | 4 | ||||
-rw-r--r-- | krebs/5pkgs/simple/netcup/default.nix | 2 | ||||
-rw-r--r-- | lib/pure.nix | 4 | ||||
-rw-r--r-- | makefu/3modules/snapraid.nix | 2 | ||||
-rw-r--r-- | tv/1systems/wu/config.nix | 42 | ||||
l--------- | tv/1systems/wu/lib | 1 | ||||
-rw-r--r-- | tv/2configs/backup.nix | 29 | ||||
-rw-r--r-- | tv/2configs/default.nix | 7 | ||||
-rw-r--r-- | tv/2configs/exim-smarthost.nix | 1 | ||||
-rw-r--r-- | tv/2configs/hw/w110er.nix | 70 | ||||
-rw-r--r-- | tv/2configs/nets/hkw.nix | 13 | ||||
-rw-r--r-- | tv/2configs/xserver/default.nix | 6 |
21 files changed, 26 insertions, 214 deletions
diff --git a/kartei/tv/hosts/wu.nix b/kartei/tv/hosts/wu.nix deleted file mode 100644 index d03886f14..000000000 --- a/kartei/tv/hosts/wu.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - ci = true; - nets = { - retiolum = { - ip4.addr = "10.243.13.37"; - aliases = [ - "wu.r" - "cgit.wu.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn - M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg - GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT - KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4 - 4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik - AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "urVOEGxTkBedkpszPH0XRCRMk+Fc2U9IneYMFDqGoIB"; - }; - }; - secure = true; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; -} diff --git a/kartei/tv/wiregrill/wu.pub b/kartei/tv/wiregrill/wu.pub deleted file mode 100644 index 0d25d9de9..000000000 --- a/kartei/tv/wiregrill/wu.pub +++ /dev/null @@ -1 +0,0 @@ -68bL6l3/sjbirva80tm0Dw6/PJu1S95nJC58gWCh42E= diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 931ebe70b..a4f22d39c 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -113,6 +113,8 @@ ]; krebs.build.host = config.krebs.hosts.puyak; + krebs.hosts.puyak.ssh.privkey.path = <secrets/ssh.id_ed25519>; + sound.enable = false; boot = { loader.systemd-boot.enable = true; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 12ce4db3e..2415bd32f 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -51,6 +51,7 @@ in # uninteresting stuff ##################### krebs.build.host = config.krebs.hosts.wolf; + krebs.hosts.wolf.ssh.privkey.path = <secrets/ssh.id_ed25519>; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index c2f6b4dc0..2842e10d4 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -42,6 +42,7 @@ in { "makefu@krebsco.de" = makefu; "spam@krebsco.de" = spam-ml; "tv@krebsco.de" = tv; + "xkey@krebsco.de" = { mail = "lennart@cope.cool"; }; # XXX These are no internet aliases # XXX exim-retiolum hosts should be able to relay to retiolum addresses "lass@retiolum" = lass; diff --git a/krebs/2configs/shack/prometheus/unifi.nix b/krebs/2configs/shack/prometheus/unifi.nix index 401ecb024..34e47add9 100644 --- a/krebs/2configs/shack/prometheus/unifi.nix +++ b/krebs/2configs/shack/prometheus/unifi.nix @@ -5,6 +5,6 @@ unifiAddress = "https://unifi.shack:8443/"; unifiInsecure = true; unifiUsername = "prometheus"; # needed manual login after setup to confirm the password - unifiPassword = lib.replaceChars ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>); + unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>); }; } diff --git a/krebs/3modules/acl.nix b/krebs/3modules/acl.nix index d23706499..05f7e824b 100644 --- a/krebs/3modules/acl.nix +++ b/krebs/3modules/acl.nix @@ -33,7 +33,7 @@ in { default = {}; }; config = { - systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceChars ["/"] ["_"] path}" { + systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceStrings ["/"] ["_"] path}" { wantedBy = [ "multi-user.target" ]; path = [ pkgs.acl diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix index 3195f71d9..dabe2f8aa 100644 --- a/krebs/3modules/iana-etc.nix +++ b/krebs/3modules/iana-etc.nix @@ -1,5 +1,6 @@ -{ config, pkgs, lib, ... }: -with lib; { +{ config, lib, pkgs, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; +in with lib; { options.krebs.iana-etc.services = mkOption { default = {}; @@ -7,7 +8,7 @@ with lib; { options = { port = mkOption { default = config._module.args.name; - type = types.addCheck types.str (test "[1-9][0-9]*"); + type = types.addCheck types.str (slib.test "[1-9][0-9]*"); }; } // genAttrs ["tcp" "udp"] (protocol: mkOption { default = null; @@ -30,7 +31,7 @@ with lib; { (proto: let line = "${entry.${proto}.name} ${entry.port}/${proto}"; in /* sh */ '' - echo ${shell.escape line} + echo ${slib.shell.escape line} '') (filter (proto: entry.${proto} != null) ["tcp" "udp"])} '') (attrValues config.krebs.iana-etc.services)} diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix index 3ebbc44fe..ae8702978 100644 --- a/krebs/3modules/permown.nix +++ b/krebs/3modules/permown.nix @@ -1,4 +1,6 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; +in with lib; { options.krebs.permown = mkOption { @@ -16,7 +18,7 @@ with lib; { group = mkOption { apply = x: if x == null then "" else x; default = null; - type = types.nullOr types.groupname; + type = types.nullOr slib.types.groupname; }; keepGoing = mkOption { default = false; @@ -28,15 +30,15 @@ with lib; { ''; }; owner = mkOption { - type = types.username; + type = slib.types.username; }; path = mkOption { default = config._module.args.name; - type = types.absolute-pathname; + type = slib.types.absolute-pathname; }; umask = mkOption { default = "0027"; - type = types.file-mode; + type = slib.types.file-mode; }; }; })); @@ -48,11 +50,11 @@ with lib; { system.activationScripts.permown = let mkdir = plan: /* sh */ '' - ${pkgs.coreutils}/bin/mkdir -p ${shell.escape plan.path} + ${pkgs.coreutils}/bin/mkdir -p ${slib.shell.escape plan.path} ''; in concatMapStrings mkdir plans; - systemd.services = genAttrs' plans (plan: let + systemd.services = slib.genAttrs' plans (plan: let continuable = command: if plan.keepGoing then /* sh */ "{ ${command}; } || :" diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix index e1e9d423f..f8ce03f39 100644 --- a/krebs/5pkgs/haskell/email-header.nix +++ b/krebs/5pkgs/haskell/email-header.nix @@ -18,9 +18,9 @@ let sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; }; }.${versions.majorMinor version} or { - version = "0.4.1-tv2"; + version = "0.4.2-tv1"; rev = "refs/tags/v${cfg.version}"; - sha256 = "1yg4b5318lpviwgjs4kdcqg8cwfnxxfcdckcjq12r2nnj2k4ms2d"; + sha256 = "JZfqvkbb/1t0q1iWmZHmmCN2Vr+QKTiq4LVncrG+xMU="; }; in mkDerivation { diff --git a/krebs/5pkgs/simple/netcup/default.nix b/krebs/5pkgs/simple/netcup/default.nix index 408672eff..750e9cfa9 100644 --- a/krebs/5pkgs/simple/netcup/default.nix +++ b/krebs/5pkgs/simple/netcup/default.nix @@ -3,7 +3,7 @@ with stockholm.lib; let readJSON = path: fromJSON (readFile path); - sed.escape = replaceChars ["/"] ["\\/"]; # close enough + sed.escape = replaceStrings ["/"] ["\\/"]; # close enough PATH = makeBinPath [ coreutils curl diff --git a/lib/pure.nix b/lib/pure.nix index bb2d586f6..3329db022 100644 --- a/lib/pure.nix +++ b/lib/pure.nix @@ -26,7 +26,7 @@ let krops = import ../submodules/krops/lib; shell = import ./shell.nix { inherit (stockholm) lib; }; systemd = { - encodeName = replaceChars ["/"] ["\\x2f"]; + encodeName = replaceStrings ["/"] ["\\x2f"]; }; types = nixpkgs-lib.types // import ./types.nix { lib = stockholm.lib; }; uri = import ./uri.nix { inherit (stockholm) lib; }; @@ -79,7 +79,7 @@ let string = toJSON x; # close enough }.${type} or reject; - indent = replaceChars ["\n"] ["\n "]; + indent = replaceStrings ["\n"] ["\n "]; stripAttr = converge (filterAttrsRecursive (n: v: v != {} && v != null)); diff --git a/makefu/3modules/snapraid.nix b/makefu/3modules/snapraid.nix index 1a2c08475..25254c142 100644 --- a/makefu/3modules/snapraid.nix +++ b/makefu/3modules/snapraid.nix @@ -4,7 +4,7 @@ with import <stockholm/lib>; let # returns dirname without / , used as disk name - dname = dir: replaceChars ["/"] [""] (head (reverseList (splitString "/" dir))); + dname = dir: replaceStrings ["/"] [""] (head (reverseList (splitString "/" dir))); snapraid-conf = '' # Disks ${concatMapStringsSep "\n" (d: "disk ${dname d} ${d}") cfg.disks} diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix deleted file mode 100644 index 4d45f6d40..000000000 --- a/tv/1systems/wu/config.nix +++ /dev/null @@ -1,42 +0,0 @@ -with import ../lib; -{ config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.wu; - - imports = [ - <stockholm/tv> - <stockholm/tv/2configs/hw/w110er.nix> - <stockholm/tv/2configs/exim-retiolum.nix> - <stockholm/tv/2configs/pulse.nix> - <stockholm/tv/2configs/retiolum.nix> - <stockholm/tv/2configs/xserver> - ]; - - boot.initrd.luks.devices.wuca.device = "/dev/sda2"; - - fileSystems = { - "/" = { - device = "/dev/mapper/wuvga-root"; - fsType = "ext4"; - }; - "/bku" = { - device = "/dev/mapper/wuvga-bku"; - fsType = "ext4"; - }; - "/home" = { - device = "/dev/mapper/wuvga-home"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/sda1"; - }; - }; - - networking.wireless.enable = true; - networking.wireless.interfaces = [ - "wlp3s0" - ]; - networking.interfaces.enp4s0f2.useDHCP = true; - networking.interfaces.wlp3s0.useDHCP = true; - networking.useDHCP = false; - -} diff --git a/tv/1systems/wu/lib b/tv/1systems/wu/lib deleted file mode 120000 index dc598c56d..000000000 --- a/tv/1systems/wu/lib +++ /dev/null @@ -1 +0,0 @@ -../lib
\ No newline at end of file diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index c8ab73b50..56c04c4e3 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -9,12 +9,6 @@ with import ./lib; yearly = { format = "%Y"; }; }; }) { - bu-home-wu = { - method = "push"; - src = { host = config.krebs.hosts.bu; path = "/home"; }; - dst = { host = config.krebs.hosts.wu; path = "/bku/bu-home"; }; - startAt = "05:15"; - }; bu-home-xu = { method = "push"; src = { host = config.krebs.hosts.bu; path = "/home"; }; @@ -45,18 +39,6 @@ with import ./lib; dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; }; startAt = "22:00"; }; - wu-home-xu = { - method = "push"; - src = { host = config.krebs.hosts.wu; path = "/home"; }; - dst = { host = config.krebs.hosts.xu; path = "/bku/wu-home"; }; - startAt = "05:00"; - }; - wu-home-zu = { - method = "push"; - src = { host = config.krebs.hosts.wu; path = "/home"; }; - dst = { host = config.krebs.hosts.zu; path = "/bku/wu-home"; }; - startAt = "05:20"; - }; xu-home-bu = { method = "push"; src = { host = config.krebs.hosts.xu; path = "/home"; }; @@ -69,12 +51,6 @@ with import ./lib; dst = { host = config.krebs.hosts.nomic; path = "/fs/cis3hG/bku/xu-home"; }; startAt = "05:20"; }; - xu-home-wu = { - method = "push"; - src = { host = config.krebs.hosts.xu; path = "/home"; }; - dst = { host = config.krebs.hosts.wu; path = "/bku/xu-home"; }; - startAt = "06:00"; - }; xu-home-zu = { method = "push"; src = { host = config.krebs.hosts.xu; path = "/home"; }; @@ -129,10 +105,5 @@ with import ./lib; src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; }; dst = { host = config.krebs.hosts.xu; path = "/bku/xu-test-pull"; }; }; - xu-test-push-wu = { - method = "push"; - src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; }; - dst = { host = config.krebs.hosts.wu; path = "/bku/xu-test-push"; }; - }; }; } diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 53b11c620..a8d840c15 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -130,11 +130,4 @@ with import ./lib; ]; } ]; - - nixpkgs.overlays = - mkAfter (optional config.hardware.video.hidpi.enable (self: super: { - alacritty-tv = super.alacritty-tv.override { - variant = "hidpi"; - }; - })); } diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index e905536df..6750d9a85 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -15,7 +15,6 @@ with import ./lib; ]; relay_from_hosts = concatMap (host: host.nets.retiolum.addrs) [ config.krebs.hosts.nomic - config.krebs.hosts.wu config.krebs.hosts.xu ]; internet-aliases = with config.krebs.users; [ diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix deleted file mode 100644 index bf749a98a..000000000 --- a/tv/2configs/hw/w110er.nix +++ /dev/null @@ -1,70 +0,0 @@ -with import ./lib; -{ pkgs, ... }: { - imports = [ - ../smartd.nix - { - # nvidia doesn't build despite - # https://github.com/NixOS/nixpkgs/issues/33284 - #hardware.bumblebee.enable = true; - #hardware.bumblebee.group = "video"; - #hardware.enableRedistributableFirmware= true; - #krebs.nixpkgs.allowUnfreePredicate = pkg: any (eq (packageName pkg)) [ - # "nvidia-x11" - # "nvidia-persistenced" - # "nvidia-settings" - #]; - } - - { - nix.buildCores = 4; - nix.maxJobs = 4; - } - (if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then { - nix.daemonCPUSchedPolicy = "batch"; - nix.daemonIOSchedPriority = 1; - } else { - nix.daemonIONiceLevel = 1; - nix.daemonNiceLevel = 1; - }) - ]; - - boot.extraModprobeConfig = '' - options kvm_intel nested=1 - ''; - - boot.initrd.availableKernelModules = [ "ahci" ]; - boot.kernelModules = [ "kvm-intel" ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - hardware.enableRedistributableFirmware = true; - - hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages = [ pkgs.vaapiIntel ]; - - networking.wireless.enable = true; - - services.logind.extraConfig = '' - HandleHibernateKey=ignore - HandleLidSwitch=ignore - HandlePowerKey=ignore - HandleSuspendKey=ignore - ''; - - system.activationScripts.powertopTunables = '' - echo 1 > /sys/module/snd_hda_intel/parameters/power_save - echo 1500 > /proc/sys/vm/dirty_writeback_centisecs - (cd /sys/bus/pci/devices - for i in *; do - echo auto > $i/power/control # defaults to 'on' - done) - ''; - - services.xserver = { - videoDriver = "intel"; - }; - - tv.hw.screens.primary.width = 1366; - tv.hw.screens.primary.height = 768; -} diff --git a/tv/2configs/nets/hkw.nix b/tv/2configs/nets/hkw.nix index c3acde1fb..51a8a7366 100644 --- a/tv/2configs/nets/hkw.nix +++ b/tv/2configs/nets/hkw.nix @@ -38,19 +38,6 @@ ]; }; }; - wu = { - nets.hkw = { - ip4 = { - addr = "10.23.1.37"; - prefix = "10.23.1.0/24"; - }; - aliases = [ - "wu.hkw" - "cache.wu.hkw" - ]; - ssh.port = 11423; - }; - }; xu = { nets.hkw = { ip4 = { diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index f10ccb10e..9b9d86f58 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -52,12 +52,6 @@ in { enable = true; display = mkForce 11; tty = mkForce 11; - - synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - }; }; systemd.services.display-manager.enable = false; |