diff options
author | lassulus <lass@aidsballs.de> | 2015-08-13 22:36:07 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2015-08-13 22:36:07 +0200 |
commit | cc1baf4d385e45b8c9f0509c04e8883f48ade6ae (patch) | |
tree | 9eb6a04cdb91414d662409e7f8b3b2e396f92895 | |
parent | dbd69c4e956bc1c88b379c273a5ea5b4ceea8813 (diff) | |
parent | db4b55527d527158bd4e7f93128668e646f2cf1f (diff) |
Merge branch 'tv' into newmaster
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | Zpubkeys/makefu_tsp.ssh.pub | 1 | ||||
-rw-r--r-- | krebs/3modules/default.nix | 147 | ||||
-rw-r--r-- | krebs/3modules/exim-retiolum.nix (renamed from tv/2configs/exim-retiolum.nix) | 43 | ||||
-rw-r--r-- | krebs/4lib/types.nix | 7 | ||||
-rw-r--r-- | krebs/5pkgs/cac.nix | 38 | ||||
-rw-r--r-- | krebs/5pkgs/default.nix | 1 | ||||
-rw-r--r-- | makefu/1systems/pnp.nix | 48 | ||||
-rw-r--r-- | makefu/1systems/tsp.nix | 37 | ||||
-rw-r--r-- | makefu/2configs/base-gui.nix | 57 | ||||
-rw-r--r-- | makefu/2configs/base.nix | 30 | ||||
-rw-r--r-- | makefu/2configs/cgit-retiolum.nix | 10 | ||||
-rw-r--r-- | makefu/2configs/graphite-standalone.nix | 34 | ||||
-rw-r--r-- | makefu/2configs/sda-crypto-root.nix | 27 | ||||
-rw-r--r-- | makefu/2configs/tinc-basic-retiolum.nix | 14 | ||||
-rw-r--r-- | makefu/2configs/tp-x200.nix | 28 | ||||
-rw-r--r-- | makefu/2configs/vim.nix | 119 | ||||
-rw-r--r-- | makefu/2configs/vm-single-partition.nix | 20 | ||||
-rw-r--r-- | tv/1systems/nomic.nix | 4 | ||||
-rw-r--r-- | tv/1systems/wu.nix | 5 | ||||
-rw-r--r-- | tv/2configs/git.nix | 3 |
21 files changed, 609 insertions, 68 deletions
@@ -25,7 +25,7 @@ deploy:;@ eval: @ ifeq ($(filter),json) - extraArgs=--json + extraArgs='--json --strict' filter() { jq -r .; } else filter() { cat; } @@ -33,8 +33,6 @@ endif NIX_PATH=stockholm=$$PWD:$$NIX_PATH \ nix-instantiate \ $${extraArgs-} \ - $${json+--json} \ - $${json+--strict} \ --eval \ -A "$$get" \ '<stockholm>' \ diff --git a/Zpubkeys/makefu_tsp.ssh.pub b/Zpubkeys/makefu_tsp.ssh.pub new file mode 100644 index 000000000..9a9c9b6f8 --- /dev/null +++ b/Zpubkeys/makefu_tsp.ssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 668d66ccf..9ad9c9f91 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ./exim-retiolum.nix ./github-hosts-sync.nix ./git.nix ./nginx.nix @@ -55,7 +56,7 @@ let --exclude .git \ --exclude .graveyard \ --exclude old \ - --rsync-path="mkdir -p \"$dst\" && rsync" \ + --rsync-path="mkdir -p \"$2\" && rsync" \ --usermap=\*:0 \ --groupmap=\*:0 \ --delete-excluded \ @@ -164,7 +165,7 @@ let { krebs = tv-imp; } { krebs.dns.providers = { - de.krebsco = "ovh"; + de.krebsco = "zones"; internet = "hosts"; retiolum = "hosts"; }; @@ -183,7 +184,42 @@ let ) host.nets ) cfg.hosts )); - } + + # krebs.hosts.bob = rec { + # addrs4 = "10.0.0.1"; + # extraZones = { + # # extraZones + # "krebsco.de" = '' + # krebsco.de. IN MX 10 mx1 + # mx1 IN A ${addrs4} + # ''; + # "dickbutt.de" = '' + # dickbutt.de. IN NS ns + # ns IN A ${addrs4} + # '' + # } + # } + # krebs.hosts.khan = rec { + # addrs4 = "10.0.0.2"; + # extraZones = { + # "krebsco.de" = '' + # khan.krebsco.de IN A ${addrs4} + # }; + # } + # + # => + # "zone/krebsco.de".text = '' + # krebsco.de. IN MX 10 mx1 + # mx1 IN A 10.0.0.1 + # khan.krebsco.de IN A 10.0.0.2 + # ''; + + + environment.etc = mapAttrs' + (name: value: + nameValuePair (("zones/" + name)) ({ text=value;})) + cfg.hosts.pigstarter.extraZones; + } ]; lass-imp = { @@ -306,10 +342,106 @@ let }; }; }; + tsp = { + cores = 2; + dc = "makefu"; #x200 + nets = { + retiolum = { + addrs4 = ["10.243.0.212"]; + addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0002"]; + aliases = [ + "tsp.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi + HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3 + mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+ + n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG + R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr + Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi + aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo + ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE + KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v + XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ + teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + pornocauster = { + cores = 2; + dc = "makefu"; #x220 + nets = { + retiolum = { + addrs4 = ["10.243.0.91"]; + addrs6 = ["42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"]; + aliases = [ + "pornocauster.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi + HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3 + mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+ + n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG + R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr + Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi + aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo + ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE + KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v + XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ + teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + pigstarter = rec { + cores = 1; + dc = "frontrange"; #vps + + extraZones = { + "de.krebsco" = '' + pigstarter.krebsco.de IN A ${elemAt nets.internet.addrs4 0} + krebsco.de. IN NS io + io IN A ${elemAt nets.internet.addrs4 0} + krebsco.de. IN MX 10 mx42 + mx42 IN A ${elemAt nets.internet.addrs4 0} + ''; + }; + nets = { + internet = { + addrs4 = ["192.40.56.122"]; + addrs6 = ["2604:2880::841f:72c"]; + aliases = [ + "pigstarter.internet" + ]; + }; + retiolum = { + addrs4 = ["10.243.0.153"]; + addrs6 = ["42:9143:b4c0:f981:6030:7aa2:8bc5:4110"]; + aliases = [ + "pigstarter.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ + 9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv + 3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG + 4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE + DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv + sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = addNames { makefu = { - mail = "root@euer.krebsco.de"; + mail = "root@tsp.retiolum"; pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub; }; }; @@ -323,6 +455,13 @@ let cd = { cores = 2; dc = "tv"; #dc = "cac"; + extraZones = { + "de.krebsco" = '' + mx23 IN A ${elemAt nets.internet.addrs4 0} + cd IN A ${elemAt nets.internet.addrs4 0} + krebsco.de. IN MX 5 mx23 + ''; + }; nets = rec { internet = { addrs4 = ["162.219.7.216"]; diff --git a/tv/2configs/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index 851a0c625..e1315d8c8 100644 --- a/tv/2configs/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -1,15 +1,27 @@ -{ config, pkgs, ... }: - -{ - services.exim = - # This configuration makes only sense for retiolum-enabled hosts. - # TODO modular configuration - assert config.krebs.retiolum.enable; - let - # TODO get the hostname from config.krebs.retiolum. - retiolumHostname = "${config.networking.hostName}.retiolum"; - in - { enable = true; +{ config, pkgs, lib, ... }: + +with builtins; +with lib; +let + cfg = config.krebs.exim-retiolum; + + out = { + options.krebs.exim-retiolum = api; + config = + mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "krebs.exim-retiolum"; + }; + + imp = { + services.exim = + # This configuration makes only sense for retiolum-enabled hosts. + # TODO modular configuration + assert config.krebs.retiolum.enable; + { + enable = true; config = '' primary_hostname = ${retiolumHostname} domainlist local_domains = @ : localhost @@ -123,4 +135,9 @@ begin authenticators ''; }; -} + }; + + # TODO get the hostname from somewhere else. + retiolumHostname = "${config.networking.hostName}.retiolum"; +in +out diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 92410dd58..f767d20fe 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -20,6 +20,13 @@ types // rec { type = attrsOf net; apply = x: assert hasAttr "retiolum" x; x; }; + + extraZones = mkOption { + default = {}; + # TODO: string is either MX, NS, A or AAAA + type = with types; attrsOf string; + }; + secure = mkOption { type = bool; default = false; diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix new file mode 100644 index 000000000..eff523048 --- /dev/null +++ b/krebs/5pkgs/cac.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchgit, coreutils, curl, gnused, jq, ncurses, sshpass, ... }: + +stdenv.mkDerivation { + name = "cac"; + + src = fetchgit { + url = http://cgit.cd.retiolum/cac; + rev = "f4589158572ab35969b9bccf801ea07e115705e1"; + sha256 = "9d761cd1d7ff68507392cbfd6c3f6000ddff9cc540293da2b3c4ee902321fb27"; + }; + + phases = [ + "unpackPhase" + "installPhase" + ]; + + installPhase = + let + path = stdenv.lib.makeSearchPath "bin" [ + coreutils + curl + gnused + jq + ncurses + sshpass + ]; + in + '' + mkdir -p $out/bin + + sed \ + 's,^\( true) \)\(cac "$@";;\)$,\1 PATH=${path}${PATH+:$PATH} \2,' \ + < ./cac \ + > $out/bin/cac + + chmod +x $out/bin/cac + ''; +} diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 231fda797..5de84f66c 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -6,6 +6,7 @@ in pkgs // { + cac = callPackage ./cac.nix {}; dic = callPackage ./dic.nix {}; genid = callPackage ./genid.nix {}; github-hosts-sync = callPackage ./github-hosts-sync.nix {}; diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 549658983..6693dc066 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -10,6 +10,9 @@ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/base.nix ../2configs/cgit-retiolum.nix + ../2configs/graphite-standalone.nix + ../2configs/vm-single-partition.nix + ../2configs/tinc-basic-retiolum.nix ]; krebs.build.host = config.krebs.hosts.pnp; krebs.build.user = config.krebs.users.makefu; @@ -20,45 +23,14 @@ url = https://github.com/NixOS/nixpkgs; rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; }; - secrets = { - url = "/home/makefu/secrets/${config.krebs.build.host.name}"; - }; - stockholm = { - url = toString ../..; - }; }; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - hardware.enableAllFirmware = true; - hardware.cpu.amd.updateMicrocode = true; + networking.firewall.allowedTCPPorts = [ + # nginx runs on 80 + # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp + 80 + 8080 2003 + ]; + networking.firewall.allowedUDPPorts = [ 2003 ]; -# networking.firewall is enabled by default - networking.firewall.allowedTCPPorts = [ 80 ]; - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; - - fileSystems."/" = - { device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - krebs.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "gum" - "pigstarter" - "fastpoke" - ]; - }; - -# $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; [ - jq - ]; } diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix new file mode 100644 index 000000000..6e93df51e --- /dev/null +++ b/makefu/1systems/tsp.nix @@ -0,0 +1,37 @@ +# +# +# +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../2configs/base.nix + ../2configs/base-gui.nix + ../2configs/tinc-basic-retiolum.nix + ../2configs/sda-crypto-root.nix + # hardware specifics are in here + ../2configs/tp-x200.nix + ]; + # not working in vm + krebs.build.host = config.krebs.hosts.tsp; + krebs.build.user = config.krebs.users.makefu; + krebs.build.target = "root@tsp"; + + krebs.exim-retiolum.enable = true; + networking.firewall.allowedTCPPorts = [ + # nginx runs on 80 + # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp + 25 + ]; + + krebs.build.deps = { + nixpkgs = { + #url = https://github.com/NixOS/nixpkgs; + # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L) + url = https://github.com/makefu/nixpkgs; + rev = "8b8b65da24f13f9317504e8bcba476f9161613fe"; + }; + }; + +} diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix new file mode 100644 index 000000000..4e5558a1f --- /dev/null +++ b/makefu/2configs/base-gui.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, ... }: +## +# of course this name is a lie - it prepares a GUI environment close to my +# current configuration. +# +# autologin with mainUser into awesome +## +# +with lib; +let + mainUser = config.krebs.build.user.name; +in +{ + imports = [ ]; + services.xserver = { + enable = true; + layout = "us"; + xkbVariant = "altgr-intl"; + xkbOptions = "ctrl:nocaps"; + + windowManager = { + awesome.enable = true; + awesome.luaModules = [ pkgs.luaPackages.vicious ]; + default = "awesome"; + }; + + displayManager.auto.enable = true; + displayManager.auto.user = mainUser; + desktopManager.xterm.enable = false; + }; + +## FONTS +# TODO: somewhere else? + + i18n.consoleFont = "Lat2-Terminus16"; + + fonts = { + enableCoreFonts = true; + enableFontDir = true; + enableGhostscriptFonts = false; + fonts = [ pkgs.terminus_font ]; + }; + + environment.systemPackages = with pkgs;[ + xlockmore + rxvt_unicode-with-plugins + vlc + firefox + chromium + ]; + # TODO: use mainUser + users.extraUsers.makefu.extraGroups = [ "audio" ]; + hardware.pulseaudio = { + enable = true; + # systemWide = true; + }; +} diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix index 8dfb2ef27..906c74f7d 100644 --- a/makefu/2configs/base.nix +++ b/makefu/2configs/base.nix @@ -2,11 +2,18 @@ with lib; { - imports = [ ]; + imports = [ + { + users.extraUsers = + mapAttrs (_: h: { hashedPassword = h; }) + (import /root/src/secrets/hashedPasswords.nix); + } + ./vim.nix + ]; krebs.enable = true; krebs.search-domain = "retiolum"; - networking.hostName = config.krebs.build.host.name; + users.extraUsers = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; @@ -24,12 +31,29 @@ with lib; }; }; + networking.hostName = config.krebs.build.host.name; + nix.maxJobs = config.krebs.build.host.cores + 1; + #nix.maxJobs = 1; + + krebs.build.deps = { + secrets = { + url = "/home/makefu/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; + services.openssh.enable = true; nix.useChroot = true; - users.mutableUsers = true; + users.mutableUsers = false; boot.tmpOnTmpfs = true; + + networking.firewall.rejectPackets = true; + networking.firewall.allowPing = true; + systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; diff --git a/makefu/2configs/cgit-retiolum.nix b/makefu/2configs/cgit-retiolum.nix index 7dfb181c5..d352f5792 100644 --- a/makefu/2configs/cgit-retiolum.nix +++ b/makefu/2configs/cgit-retiolum.nix @@ -52,11 +52,7 @@ let # TODO: get the list of all krebsministers krebsminister = with config.krebs.users; [ lass tv uriel ]; - - #all-makefu = with config.krebs.users; [ makefu ]; - - - all-makefu = with config.krebs.users; [ makefu makefu-omo ]; + all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; priv-rules = repo: set-owners repo all-makefu; @@ -69,6 +65,10 @@ in { name = "makefu-omo" ; pubkey= with builtins; readFile ../../Zpubkeys/makefu_omo.ssh.pub; }; + krebs.users.makefu-tsp = { + name = "makefu-tsp" ; + pubkey= with builtins; readFile ../../Zpubkeys/makefu_tsp.ssh.pub; + }; }]; krebs.git = { enable = true; diff --git a/makefu/2configs/graphite-standalone.nix b/makefu/2configs/graphite-standalone.nix new file mode 100644 index 000000000..8b70c11c8 --- /dev/null +++ b/makefu/2configs/graphite-standalone.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +# graphite-web on port 8080 +# carbon cache on port 2003 (tcp/udp) +with lib; +{ + imports = [ ]; + + services.graphite = { + web = { + enable = true; + host = "0.0.0.0"; + }; + carbon = { + enableCache = true; + # save disk usage by restricting to 1 bulk update per second + config = '' + [cache] + MAX_CACHE_SIZE = inf + MAX_UPDATES_PER_SECOND = 1 + MAX_CREATES_PER_MINUTE = 50 + ''; + storageSchemas = '' + [carbon] + pattern = ^carbon\. + retentions = 60:90d + + [default] + pattern = .* + retentions = 60s:30d,300s:1y + ''; + }; + }; +} diff --git a/makefu/2configs/sda-crypto-root.nix b/makefu/2configs/sda-crypto-root.nix new file mode 100644 index 000000000..0d979a0b8 --- /dev/null +++ b/makefu/2configs/sda-crypto-root.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +# sda: bootloader grub2 +# sda1: boot ext4 (label nixboot) +# sda2: cryptoluks -> ext4 +with lib; +{ + boot = { + loader.grub.enable =true; + loader.grub.version =2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}]; + initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/luksroot"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-label/nixboot"; + fsType = "ext4"; + }; + }; +} diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix new file mode 100644 index 000000000..cb1991bd6 --- /dev/null +++ b/makefu/2configs/tinc-basic-retiolum.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + krebs.retiolum = { + enable = true; + hosts = ../../Zhosts; + connectTo = [ + "gum" + "pigstarter" + "fastpoke" + ]; + }; +} diff --git a/makefu/2configs/tp-x200.nix b/makefu/2configs/tp-x200.nix new file mode 100644 index 000000000..25a2537e8 --- /dev/null +++ b/makefu/2configs/tp-x200.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + #services.xserver = { + # videoDriver = "intel"; + #}; + + boot = { + kernelModules = [ "tp_smapi" "msr" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + + }; + + networking.wireless.enable = true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.trackpoint.enable = true; + hardware.trackpoint.sensitivity = 255; + hardware.trackpoint.speed = 255; + services.xserver.displayManager.sessionCommands = '' + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 1 + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 2 + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 200 + ''; +} diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix new file mode 100644 index 000000000..b71d95148 --- /dev/null +++ b/makefu/2configs/vim.nix @@ -0,0 +1,119 @@ +{ config, pkgs, ... }: + +let + customPlugins.vim-better-whitespace = pkgs.vimUtils.buildVimPlugin { + name = "vim-better-whitespace"; + src = pkgs.fetchFromGitHub { + owner = "ntpeters"; + repo = "vim-better-whitespace"; + rev = "984c8da518799a6bfb8214e1acdcfd10f5f1eed7"; + sha256 = "10l01a8xaivz6n01x6hzfx7gd0igd0wcf9ril0sllqzbq7yx2bbk"; + }; + }; + +in { + + environment.systemPackages = [ + pkgs.python27Full # required for youcompleteme + (pkgs.vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = '' + set nocompatible + syntax on + + filetype off + filetype plugin indent on + + colorscheme darkblue + set background=dark + + set number + set relativenumber + set mouse=a + set ignorecase + set incsearch + set wildignore=*.o,*.obj,*.bak,*.exe,*.os + set textwidth=79 + set shiftwidth=2 + set expandtab + set softtabstop=2 + set shiftround + set smarttab + set tabstop=2 + set et + set autoindent + set backspace=indent,eol,start + + + inoremap <F1> <ESC> + nnoremap <F1> <ESC> + vnoremap <F1> <ESC> + + nnoremap <F5> :UndotreeToggle<CR> + set undodir =~/.vim/undo + set undofile + "maximum number of changes that can be undone + set undolevels=1000000 + "maximum number lines to save for undo on a buffer reload + set undoreload=10000000 + + nnoremap <F2> :set invpaste paste?<CR> + set pastetoggle=<F2> + set showmode + + set showmatch + set matchtime=3 + set hlsearch + + autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red + + + " save on focus lost + au FocusLost * :wa + + autocmd BufRead *.json set filetype=json + au BufNewFile,BufRead *.mustache set syntax=mustache + + cnoremap SudoWrite w !sudo tee > /dev/null % + + " create Backup/tmp/undo dirs + set backupdir=~/.vim/backup + set directory=~/.vim/tmp + + function! InitBackupDir() + let l:parent = $HOME . '/.vim/' + let l:backup = l:parent . 'backup/' + let l:tmpdir = l:parent . 'tmp/' + let l:undodir= l:parent . 'undo/' + + + if !isdirectory(l:parent) + call mkdir(l:parent) + endif + if !isdirectory(l:backup) + call mkdir(l:backup) + endif + if !isdirectory(l:tmpdir) + call mkdir(l:tmpdir) + endif + if !isdirectory(l:undodir) + call mkdir(l:undodir) + endif + endfunction + call InitBackupDir() + + + ''; + + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" + "YouCompleteMe" + "vim-better-whitespace" ]; } + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + ]; + + }) + ]; +} diff --git a/makefu/2configs/vm-single-partition.nix b/makefu/2configs/vm-single-partition.nix new file mode 100644 index 000000000..78a5e7175 --- /dev/null +++ b/makefu/2configs/vm-single-partition.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +# vda1 ext4 (label nixos) -> only root partition +with lib; +{ + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + hardware.cpu.amd.updateMicrocode = true; + + +} diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index b9a10cb4f..896c1ad29 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -25,7 +25,6 @@ with lib; ../2configs/AO753.nix ../2configs/base.nix ../2configs/consul-server.nix - ../2configs/exim-retiolum.nix ../2configs/git.nix { tv.iptables = { @@ -39,6 +38,9 @@ with lib; }; } { + krebs.exim-retiolum = true; + } + { krebs.nginx = { enable = true; servers.default.locations = [ diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 27691ec56..a5cbde3ec 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -29,7 +29,6 @@ in ../2configs/w110er.nix ../2configs/base.nix ../2configs/consul-client.nix - ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/mail-client.nix ../2configs/xserver.nix @@ -91,6 +90,7 @@ in sxiv texLive tmux + tvpkgs.cac tvpkgs.dic zathura @@ -165,6 +165,9 @@ in }; } { + krebs.exim-retiolum = true; + } + { krebs.nginx = { enable = true; servers.default.locations = [ diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index ecb98cef2..8d662494c 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -20,6 +20,9 @@ let rules = concatMap make-rul |