diff options
author | lassulus <lass@blue.r> | 2018-09-29 19:07:07 +0200 |
---|---|---|
committer | lassulus <lass@blue.r> | 2018-09-29 19:07:07 +0200 |
commit | b9380d6aba5f4ad04cedc4fb6a4213949791e830 (patch) | |
tree | 84b386b3c68aa46d982d3018984519914952e9d8 /jeschli/1systems/bln | |
parent | d04fa5351158f91f8c38f1b0cc072def3f357e05 (diff) | |
parent | 6cf8b42c0bf5b256db0bcd3c051c528052cfe5b2 (diff) |
Merge remote-tracking branch 'enklave/master'
Diffstat (limited to 'jeschli/1systems/bln')
-rw-r--r-- | jeschli/1systems/bln/config.nix | 173 | ||||
-rw-r--r-- | jeschli/1systems/bln/dcso-vpn.nix | 44 | ||||
-rw-r--r-- | jeschli/1systems/bln/hardware-configuration.nix | 35 |
3 files changed, 0 insertions, 252 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix deleted file mode 100644 index 6e3c3bec8..000000000 --- a/jeschli/1systems/bln/config.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, pkgs, ... }: -# bln config file -{ - imports = [ - ./hardware-configuration.nix - <stockholm/jeschli> - <stockholm/jeschli/2configs/virtualbox.nix> - <stockholm/jeschli/2configs/urxvt.nix> - <stockholm/jeschli/2configs/emacs.nix> - <stockholm/jeschli/2configs/xdg.nix> - <stockholm/jeschli/2configs/xserver> -# <stockholm/jeschli/1systems/bln/dcso-vpn.nix> - <stockholm/jeschli/2configs/officevpn.nix> - ]; - -# boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot"; - boot.loader.grub = { - devices = [ "nodev" ]; - efiSupport = true; - enable = true; - extraEntries = '' - menuentry "Debian" { - insmod ext2 - insmod chain - chainloader /EFI/debian/grubx64.efi - } - ''; - version = 2; - }; - - jeschliFontSize = 20; - - environment.shellAliases = { - n = "nix-shell"; - gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; - gh = "cd /home/markus/go/src/github.com"; - stocki = pkgs.writeDash "deploy" '' - cd ~/stockholm - LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"' - ''; - }; - networking.hostName = lib.mkForce "BLN02NB0232"; - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # Setup Packages - nixpkgs.config.allowUnfree = true; - environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; - environment.systemPackages = with pkgs; [ - termite - # system helper - ag - copyq - dmenu - git - tig - i3lock - keepass - networkmanagerapplet - rsync - terminator - tmux - wget - rxvt_unicode - # editors - emacs - # databases - sqlite - # internet - thunderbird - chromium - google-chrome - # programming languages - elmPackages.elm - go - gcc - ghc - python35 - python35Packages.pip - # go tools - golint - gotools - # dev tools - gnumake - jetbrains.pycharm-professional - jetbrains.webstorm - jetbrains.goland - jetbrains.datagrip - texlive.combined.scheme-full - pandoc - redis - vagrant - # document viewer - zathura - - samba - ]; - - - programs.bash.enableCompletion = true; - programs.vim.defaultEditor = true; - - services.openssh.enable = true; - - # Enable CUPS to print documents. - services.printing.enable = true; - services.printing.drivers = [ pkgs.postscript-lexmark ]; - - services.redis.enable = true; - - services.xserver = { - - desktopManager.session = lib.mkForce []; - - enable = true; - display = 11; - tty = 11; - - dpi = 200; - - videoDrivers = [ "nvidia" ]; - synaptics = { - enable = false; - }; - - }; - - - users.extraUsers.jeschli = { - isNormalUser = true; - extraGroups = ["docker" "vboxusers" "audio"]; - uid = 1000; - }; - - system.stateVersion = "17.09"; - # Gogland Debugger workaround - # nixpkgs.config.packageOverrides = super: { - # idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { - # postFixup = '' - # interp="$(cat $NIX_CC/nix-support/dynamic-linker)" - # patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv - # chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv - # ''; - # }); - # }; - - virtualisation.docker.enable = true; - - # DCSO Certificates - security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; }) - - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; }) - ]; - - - hardware.bluetooth.enable = true; - krebs.build.host = config.krebs.hosts.bln; - - networking.interfaces.enp0s31f6.ipv4.addresses = [ - { address = "10.99.23.2"; prefixLength = 24; } - ]; - -} diff --git a/jeschli/1systems/bln/dcso-vpn.nix b/jeschli/1systems/bln/dcso-vpn.nix deleted file mode 100644 index 0a5623bf0..000000000 --- a/jeschli/1systems/bln/dcso-vpn.nix +++ /dev/null @@ -1,44 +0,0 @@ -with import <stockholm/lib>; -{ ... }: - -{ - - users.extraUsers = { - dcsovpn = rec { - name = "dcsovpn"; - uid = genid "dcsovpn"; - description = "user for running dcso openvpn"; - home = "/home/${name}"; - }; - }; - - users.extraGroups.dcsovpn.gid = genid "dcsovpn"; - - services.openvpn.servers = { - dcso = { - config = '' - client - dev tun - tun-mtu 1356 - mssfix - proto udp - float - remote 217.111.55.41 1194 - nobind - user dcsovpn - group dcsovpn - persist-key - persist-tun - ca ${toString <secrets/dcsovpn/ca.pem>} - cert ${toString <secrets/dcsovpn/cert.pem>} - key ${toString <secrets/dcsovpn/cert.key>} - verb 3 - mute 20 - auth-user-pass ${toString <secrets/dcsovpn/login.txt>} - route-method exe - route-delay 2 - ''; - updateResolvConf = true; - }; - }; -} diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix deleted file mode 100644 index 35f0b3bca..000000000 --- a/jeschli/1systems/bln/hardware-configuration.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/25534522-5748-4dcc-a5ca-80a3ac70f59d"; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/496c8889-96db-446d-9bac-60d4347faeac"; - fsType = "ext4"; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/2785adf5-a99e-49d7-86d6-99f393f457ea"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/927E-01A0"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = "powersave"; - - hardware.pulseaudio.enable = true; -} |