summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2021-11-24 08:27:30 +0100
committermakefu <github@syntax-fehler.de>2021-11-24 08:27:30 +0100
commitd2776a87a51bbc63957ee2e590f18a7425a87987 (patch)
tree7052993633e46defc64737aff54d0272a8ce75c1
parent60b7a7bded68ebd3a5d76b6e0374e189f3a64300 (diff)
parent4c7abec39771cbd47dc091c674a0429f5c757ebc (diff)
Merge remote-tracking branch 'lass/master'
-rw-r--r--krebs/2configs/default.nix3
-rw-r--r--krebs/3modules/airdcpp.nix2
-rw-r--r--krebs/3modules/backup.nix3
-rw-r--r--krebs/3modules/bepasty-server.nix2
-rw-r--r--krebs/3modules/build.nix2
-rw-r--r--krebs/3modules/buildbot/master.nix2
-rw-r--r--krebs/3modules/exim-smarthost.nix1
-rw-r--r--krebs/3modules/git.nix9
-rw-r--r--krebs/3modules/github-hosts-sync.nix2
-rw-r--r--krebs/3modules/github-known-hosts.nix26
-rw-r--r--krebs/3modules/htgen.nix6
-rw-r--r--krebs/3modules/krebs/default.nix6
-rw-r--r--krebs/3modules/lass/default.nix47
-rw-r--r--krebs/3modules/reaktor2.nix3
-rw-r--r--krebs/3modules/rtorrent.nix2
-rw-r--r--krebs/3modules/shadow.nix4
-rw-r--r--krebs/3modules/tinc.nix27
-rw-r--r--krebs/3modules/tinc_graphs.nix2
-rw-r--r--krebs/5pkgs/override/default.nix2
-rw-r--r--krebs/5pkgs/simple/ircaids/default.nix2
-rw-r--r--krebs/nixpkgs-unstable.json9
-rw-r--r--krebs/nixpkgs.json9
-rw-r--r--lass/1systems/dishfire/config.nix10
-rw-r--r--lass/1systems/dishfire/physical.nix21
-rw-r--r--lass/1systems/mors/config.nix29
-rw-r--r--lass/2configs/default.nix2
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/restic.nix119
-rw-r--r--lass/3modules/xjail.nix1
-rw-r--r--lib/types.nix52
30 files changed, 217 insertions, 189 deletions
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index f56f6045a..4c25bc963 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -54,6 +54,9 @@ with import <stockholm/lib>;
config.krebs.users.tv.pubkey
];
+ # enable documentation for our modules
+ documentation.nixos.includeAllModules = true;
+
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
}
diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix
index 0ac9d3350..4ac6e30ee 100644
--- a/krebs/3modules/airdcpp.nix
+++ b/krebs/3modules/airdcpp.nix
@@ -45,7 +45,7 @@ let
Nick Name for hub
'';
type = str;
- default = cfg.Nick;
+ default = cfg.dcpp.Nick;
};
Password = mkOption {
description = ''
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index 910324f3c..c5cb1cae6 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -14,7 +14,7 @@ let
default = {};
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
- enable = mkEnableOption "krebs.backup.${config.name}" // {
+ enable = mkEnableOption "krebs.backup.${config._module.args.name}" // {
default = true;
};
method = mkOption {
@@ -23,6 +23,7 @@ let
name = mkOption {
type = types.str;
default = config._module.args.name;
+ defaultText = "‹name›";
};
src = mkOption {
type = types.krebs.file-location;
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index 051646b63..c374aa9af 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -58,6 +58,7 @@ let
permissions will be set to 755
'';
default = config.users.extraUsers.bepasty.home;
+ defaultText = "<literal>\${config.users.extraUsers.bepasty.home}</literal>";
};
dataDir = mkOption {
@@ -67,6 +68,7 @@ let
/var/lib/bepasty-server/data
'';
default = "${config.users.extraUsers.bepasty.home}/data";
+ defaultText = "<literal>\${config.users.extraUsers.bepasty.home}/data</literal>";
};
extraConfig = mkOption {
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 904deb164..5f961617f 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -10,7 +10,7 @@ with import <stockholm/lib>;
};
profile = mkOption {
- type = types.absolute-path;
+ type = types.absolute-pathname;
default = "/nix/var/nix/profiles/system";
};
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index a845bb281..e55bd95ea 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -137,7 +137,7 @@ let
type = types.listOf types.str;
example = [ "cac.json" ];
description = ''
- List of all the secrets in <secrets> which should be copied into the
+ List of all the secrets in ‹secrets› which should be copied into the
buildbot master directory.
'';
};
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index c5969caac..4eb1d6411 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -31,6 +31,7 @@ let
owner.name = "exim";
source-path = toString <secrets> + "/${config.domain}.dkim.priv";
};
+ defaultText = "‹secrets/‹domain›.dkim.priv›";
};
selector = mkOption {
type = types.str;
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 0aa1ae0f2..1bfd58e31 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -53,7 +53,7 @@ let
control system, using a built in cache to decrease pressure on the
git server.
cgit in this module is being served via fastcgi nginx.This module
- deploys a http://cgit.<hostname> nginx configuration and enables nginx
+ deploys a http://cgit.‹hostname› nginx configuration and enables nginx
if not yet enabled.
'';
};
@@ -207,7 +207,7 @@ let
List of users that should be able to do everything with this repo.
This option is currently not used by krebs.git but instead can be
- used to create rules. See e.g. <stockholm/lass/2configs/git.nix> for
+ used to create rules. See e.g. ‹stockholm/lass/2configs/git.nix› for
an example.
'';
};
@@ -222,6 +222,7 @@ let
path = mkOption {
type = types.str;
default = "${cfg.dataDir}/${config.name}";
+ defaultText = "${cfg.dataDir}/‹reponame›";
description = ''
An absolute path to the repository directory. For non-bare
repositories this is the .git-directory.
@@ -237,6 +238,7 @@ let
url = mkOption {
type = types.str;
default = config.name;
+ defaultText = "‹reponame›";
description = ''
The relative url used to access the repository.
'';
@@ -249,7 +251,7 @@ let
List of users that should be able to fetch from this repo.
This option is currently not used by krebs.git but instead can be
- used to create rules. See e.g. <stockholm/tv/2configs/git.nix> for
+ used to create rules. See e.g. ‹stockholm/tv/2configs/git.nix› for
an example.
'';
};
@@ -258,6 +260,7 @@ let
description = ''
Repository name.
'';
+ defaultText = "‹reponame›";
};
hooks = mkOption {
type = types.attrsOf types.str;
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index d385ec355..9421576df 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -18,10 +18,12 @@ let
srcDir = mkOption {
type = types.str;
default = "${config.krebs.tinc.retiolum.confDir}/hosts";
+ defaultText = "\${config.krebs.tinc.retiolum.confDir}/hosts";
};
ssh-identity-file = mkOption {
type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"];
default = toString <secrets/github-hosts-sync.ssh.id_ed25519>;
+ defaultText = "‹secrets/github-hosts-sync.ssh.id_ed25519›";
};
url = mkOption {
type = types.str;
diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix
index 39b9722ec..d30b41ee5 100644
--- a/krebs/3modules/github-known-hosts.nix
+++ b/krebs/3modules/github-known-hosts.nix
@@ -2,8 +2,8 @@
services.openssh.knownHosts.github = {
hostNames = [
"github.com"
- # List generated with
- # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R .
+ # List generated with (IPv6 addresses are currently ignored):
+ # curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | nix-shell -p cidr2glob --run cidr2glob | jq -R .
"192.30.252.*"
"192.30.253.*"
"192.30.254.*"
@@ -28,6 +28,22 @@
"140.82.125.*"
"140.82.126.*"
"140.82.127.*"
+ "143.55.64.*"
+ "143.55.65.*"
+ "143.55.66.*"
+ "143.55.67.*"
+ "143.55.68.*"
+ "143.55.69.*"
+ "143.55.70.*"
+ "143.55.71.*"
+ "143.55.72.*"
+ "143.55.73.*"
+ "143.55.74.*"
+ "143.55.75.*"
+ "143.55.76.*"
+ "143.55.77.*"
+ "143.55.78.*"
+ "143.55.79.*"
"13.114.40.48"
"52.192.72.89"
"52.69.186.44"
@@ -44,6 +60,9 @@
"18.228.52.138"
"18.228.67.229"
"18.231.5.6"
+ "20.201.28.151"
+ "20.205.243.166"
+ "102.133.202.242"
"18.181.13.223"
"54.238.117.237"
"54.168.17.15"
@@ -60,6 +79,9 @@
"54.233.131.104"
"18.231.104.233"
"18.228.167.86"
+ "20.201.28.152"
+ "20.205.243.160"
+ "102.133.202.246"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix
index 063bccc68..517dad76f 100644
--- a/krebs/3modules/htgen.nix
+++ b/krebs/3modules/htgen.nix
@@ -13,7 +13,7 @@ let
default = {};
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
- enable = mkEnableOption "krebs.htgen-${config.name}";
+ enable = mkEnableOption "krebs.htgen-${config._module.args.name}";
name = mkOption {
type = types.username;
@@ -38,6 +38,10 @@ let
name = "htgen-${config.name}";
home = "/var/lib/htgen-${config.name}";
};
+ defaultText = {
+ name = "htgen-‹name›";
+ home = "/var/lib/htgen-‹name›";
+ };
};
};
}));
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index ec499d63d..776b893f5 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -39,7 +39,10 @@ in {
cores = 4;
nets = {
shack = {
- ip4.addr = "10.42.0.50" ;
+ ip4 = {
+ addr = "10.42.0.50" ;
+ prefix = "10.42.0.0/16";
+ };
aliases = [
"filebitch.shack"
];
@@ -158,6 +161,7 @@ in {
};
puyak = {
ci = true;
+ cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.77.2";
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index e96b4d8be..1f118b8b0 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -14,7 +14,47 @@ in {
dns.providers = {
"lassul.us" = "zones";
};
- hosts = mapAttrs hostDefaults {
+ hosts = mapAttrs (_: recursiveUpdate {
+ owner = config.krebs.users.lass;
+ ci = true;
+ monitoring = true;
+ }) {
+ dishfire = {
+ cores = 4;
+ nets = rec {
+ internet = {
+ ip4 = rec {
+ addr = "157.90.232.92";
+ prefix = "${addr}/32";
+ };
+ aliases = [
+ "dishfire.i"
+ ];
+ ssh.port = 45621;
+ };
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.133.99";
+ ip6.addr = r6 "d15f:1233";
+ aliases = [
+ "dishfire.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
+ Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
+ uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
+ R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
+ vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
+ HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.port = 655;
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
+ };
prism = rec {
cores = 4;
extraZones = {
@@ -54,7 +94,10 @@ in {
};
nets = rec {
internet = {
- ip4.addr = "95.216.1.150";
+ ip4 = {
+ addr = "95.216.1.150";
+ prefix = "0.0.0.0/0";
+ };
aliases = [
"prism.i"
"paste.i"
diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix
index fcc453fa4..26aac5d5a 100644
--- a/krebs/3modules/reaktor2.nix
+++ b/krebs/3modules/reaktor2.nix
@@ -26,11 +26,13 @@ with import <stockholm/lib>;
};
stateDir = mkOption {
default = "/var/lib/${self.config.username}";
+ defaultText = "/var/lib/‹username›";
readOnly = true;
type = types.absolute-pathname;
};
systemd-service-name = mkOption {
default = "reaktor2${optionalString (name != "default") "-${name}"}";
+ defaultText = "reaktor2-‹name› or just reaktor2 if ‹name› is \"default\"";
type = types.filename;
};
sendDelaySec = mkOption {
@@ -39,6 +41,7 @@ with import <stockholm/lib>;
};
username = mkOption {
default = self.config.systemd-service-name;
+ defaultText = "‹systemd-service-name›";
type = types.username;
};
useTLS = mkOption {
diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix
index e5566f329..4a96f6203 100644
--- a/krebs/3modules/rtorrent.nix
+++ b/krebs/3modules/rtorrent.nix
@@ -96,7 +96,7 @@ let
basic authentication to be used. If unset, no authentication will be
enabled.
- Refer to `services.nginx.virtualHosts.<name>.basicAuth`
+ Refer to `services.nginx.virtualHosts.‹name›.basicAuth`
'';
default = {};
};
diff --git a/krebs/3modules/shadow.nix b/krebs/3modules/shadow.nix
index 9505efb0c..f056cfd8e 100644
--- a/krebs/3modules/shadow.nix
+++ b/krebs/3modules/shadow.nix
@@ -55,11 +55,11 @@ in {
The overrides file may contain either regular shadow(5) entries like:
- <code>&lt;login-name&gt;:&lt;hashed-password&gt;:1::::::</code>
+ <code>‹login-name›:‹hashed-password›:1::::::</code>
Or shortened entries only containing login name and password like:
- <code>&lt;login-name&gt;:&lt;hashed-password&gt</code>
+ <code>‹login-name›:‹hashed-password›</code>
'';
type = types.nullOr (types.either types.path types.absolute-pathname);
};
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 2c19aefdb..898b5e8c3 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -81,9 +81,16 @@ let
''}
${tinc.config.tincUpExtra}
'';
+ defaultText = ''
+ ip -4 addr add ‹net.ip4.addr› dev ${netname}
+ ip -4 route add ‹net.ip4.prefix› dev ${netname}
+ ip -6 addr add ‹net.ip6.addr› dev ${netname}
+ ip -6 route add ‹net.ip6.prefix› dev ${netname}
+ ${tinc.config.tincUpExtra}
+ '';
description = ''
tinc-up script to be used. Defaults to setting the
- krebs.host.nets.<netname>.ip4 and ip6 for the new ips and
+ krebs.host.nets.‹netname›.ip4 and ip6 for the new ips and
configures forwarding of the respecitive netmask as subnet.
'';
};
@@ -103,6 +110,7 @@ let
type = with types; attrsOf host;
default =
filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts;
+ defaultText = "‹all-hosts-of-‹netname››";
description = ''
Hosts to generate <literal>config.krebs.tinc.retiolum.hostsPackage</literal>.
Note that these hosts must have a network named
@@ -138,9 +146,10 @@ let
'') tinc.config.hosts)}
'';
};
+ defaultText = "‹netname›-tinc-hosts";
description = ''
Package of tinc host configuration files. By default, a package will
- be generated from <literal>config.krebs.${tinc.config.netname}.hosts</literal>. This
+ be generated from <literal>config.krebs.‹netname›.hosts</literal>. This
option's main purpose is to expose the generated hosts package to other
modules, like <literal>config.krebs.tinc_graphs</literal>. But it can
also be used to provide a custom hosts directory.
@@ -168,6 +177,7 @@ let
owner = tinc.config.user;
source-path = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv";
};
+ defaultText = "‹secrets/‹netname›.rsa_key.priv›";
};
privkey_ed25519 = mkOption {
@@ -179,11 +189,12 @@ let
owner = tinc.config.user;
source-path = toString <secrets> + "/${tinc.config.netname}.ed25519_key.priv";
};
+ defaultText = "‹secrets/‹netname›.ed25519_key.priv›";
};
connectTo = mkOption {
type = types.listOf types.str;
- ${if tinc.config.netname == "retiolum" then "default" else null} = [
+ ${if netname == "retiolum" then "default" else null} = [
"gum"
"ni"
"prism"
@@ -194,8 +205,10 @@ let
routeable IPv4 or IPv6 address.
In stockholm this can be done by configuring:
- krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip
- krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655;
+ {
+ krebs.hosts.‹host›.nets.‹netname›.via.ip4.addr = external-ip;
+ krebs.hosts.‹host›.nets.‹netname›.tinc.port = 1655;
+ }
'';
};
@@ -205,6 +218,10 @@ let
name = tinc.config.netname;
home = "/var/lib/${tinc.config.user.name}";
};
+ defaultText = {
+ name = "‹netname›";
+ home = "/var/lib/‹netname›";
+ };
};
};
}));
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index 19cce8aa4..7a414e6e3 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -24,6 +24,7 @@ let
type = types.str;
description = "Path to Hosts directory";
default = "${config.krebs.tinc.retiolum.hostsPackage}";
+ defaultText = "\${config.krebs.tinc.retiolum.hostsPackage}";
};
network = mkOption {
@@ -68,6 +69,7 @@ let
Defaults to the new users home dir which defaults to
/var/cache/tinc_graphs'';
default = config.users.extraUsers.tinc_graphs.home;
+ defaultText = "<literal>\${config.users.extraUsers.tinc_graphs.home}</literal>";
};
timerConfig = mkOption {
diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix
index 2291132ba..c1d8fa3da 100644
--- a/krebs/5pkgs/override/default.nix
+++ b/krebs/5pkgs/override/default.nix
@@ -20,7 +20,7 @@ self: super: {
"0.10.1" = [
./flameshot/flameshot_imgur_0.9.0.patch
];
- }.${old.version};
+ }.${old.version} or [];
});
# https://github.com/proot-me/PRoot/issues/106
diff --git a/krebs/5pkgs/simple/ircaids/default.nix b/krebs/5pkgs/simple/ircaids/default.nix
index 61d3ee31c..a070cf948 100644
--- a/krebs/5pkgs/simple/ircaids/default.nix
+++ b/krebs/5pkgs/simple/ircaids/default.nix
@@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
pkgs.netcat
pkgs.nettools
pkgs.openssl
- pkgs.utillinux
+ pkgs.unixtools.getopt
]};
' $out/bin/ircsink
'';
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 594147405..da23245ae 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,10 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175",
- "date": "2021-11-01T19:42:18+01:00",
- "path": "/nix/store/ccfd4ijkp4rn018sjghkhn4a7gkdq84l-nixpkgs",
- "sha256": "1q7n9rk4i8ky2xxiymm72cfq1xra3ss3vkhbwf60rhiblslldgqg",
+ "rev": "715f63411952c86c8f57ab9e3e3cb866a015b5f2",
+ "date": "2021-11-17T14:17:56+01:00",
+ "path": "/nix/store/85yrz3ygrzkgw87fp3j42i1i9f4vf0n0-nixpkgs",
+ "sha256": "152kxfk11mgwg8gx0s1rgykyydfb7s746yfylvbwk5mk5cv4z9nv",
+ "fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 8bfd16523..d6d70faf6 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,10 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f",
- "date": "2021-10-31T15:33:08-07:00",
- "path": "/nix/store/60dqlv3rf8dyf041qwx2bblmpd7mp7q6-nixpkgs",
- "sha256": "150rrksrjf6w9m3c1ll04xilpglysklfpi636rxwyy318g5xss55",
+ "rev": "24528474d2b3370f2f23879a557ae2cc92a5d50b",
+ "date": "2021-11-19T11:04:27+01:00",
+ "path": "/nix/store/f435816nqq7y14ar1haadw228nbxnh33-nixpkgs",
+ "sha256": "0pdmqzk1l7cwwfp005kzv0dwnmg8xnskzc745052gdxp8pzh1w45",
+ "fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
new file mode 100644
index 000000000..b814d7188
--- /dev/null
+++ b/lass/1systems/dishfire/config.nix
@@ -0,0 +1,10 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs/retiolum.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.dishfire;
+}
diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix
new file mode 100644
index 000000000..ca013132f
--- /dev/null
+++ b/lass/1systems/dishfire/physical.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports = [
+ ./config.nix
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+ boot.loader.grub.devices = [ "/dev/sda" ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd";
+ fsType = "ext4";
+ };
+
+ swapDevices = [ ];
+}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 95b688590..88ac90de4 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -183,35 +183,6 @@ with import <stockholm/lib>;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
- lass.restic = genAttrs [
- "daedalus"
- "icarus"
- "littleT"
- "prism"
- "shodan"
- "skynet"
- ] (dest: {
- dirs = [
- "/home/lass/src"
- "/home/lass/work"
- "/home/lass/.gnupg"
- "/home/lass/Maildir"
- "/home/lass/stockholm"
- "/home/lass/.password-store"
- "/home/bitcoin"
- "/home/bch"
- ];
- passwordFile = (toString <secrets>) + "/restic/${dest}";
- repo = "sftp:backup@${dest}.r:/backups/mors";
- #sshPrivateKey = config.krebs.build.host.ssh.privkey.path;
- extraArguments = [
- "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
- ];
- timerConfig = {
- OnCalendar = "00:05";
- RandomizedDelaySec = "5h";
- };
- });
virtualisation.libvirtd.enable = true;
services.earlyoom = {
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 91922e5c9..c3fbc2093 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -215,6 +215,8 @@ with import <stockholm/lib>;
noipv4ll
'';
+ documentation.nixos.includeAllModules = true;
+
# use 24:00 time format, the default got sneakily changed around 20.03
i18n.defaultLocale = mkDefault "C.UTF-8";
time.timeZone = mkDefault"Europe/Berlin";
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 1ce88b238..570bb45be 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -9,7 +9,6 @@ _:
./news.nix
./nichtparasoup.nix
./pyload.nix
- ./restic.nix
./screenlock.nix
./usershadow.nix
./xjail.nix
diff --git a/lass/3modules/restic.nix b/lass/3modules/restic.nix
deleted file mode 100644
index c720793b1..000000000
--- a/lass/3modules/restic.nix
+++ /dev/null
@@ -1,119 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
- options.lass.restic = mkOption {
- type = types.attrsOf (types.submodule ({ config, ... }: {
- options = {
- name = mkOption {
- type = types.str;
- default = config._module.args.name;
- };
- passwordFile = mkOption {
- type = types.str;
- default = toString <secrets/restic-password>;
- description = ''
- read the repository password from a fil