summaryrefslogtreecommitdiffstats
path: root/krebs/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2021-06-10 21:42:06 +0200
committertv <tv@krebsco.de>2021-06-10 21:42:06 +0200
commit0e6e8b7188b4a2aab7ca467cb20514a70ba09011 (patch)
treecfa9ab8a1a83e0dd139255cf7f7b29bf9a37fdf6 /krebs/2configs
parent44c4cb6a453f5bc34c870caa6802548c099e9435 (diff)
parent04a081a3be600cc5e74aadd4f0fee899d6987a85 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/2configs')
-rw-r--r--krebs/2configs/ergo.nix13
-rw-r--r--krebs/2configs/hw/x220.nix2
-rw-r--r--krebs/2configs/reaktor2.nix1
-rw-r--r--krebs/2configs/shack/muell_mail.nix1
-rw-r--r--krebs/2configs/shack/muellshack.nix1
-rw-r--r--krebs/2configs/shack/node-light.nix1
-rw-r--r--krebs/2configs/shack/powerraw.nix5
-rw-r--r--krebs/2configs/shack/s3-power.nix1
-rw-r--r--krebs/2configs/shack/shackDNS.nix1
-rw-r--r--krebs/2configs/shack/share.nix2
-rw-r--r--krebs/2configs/wiki.nix10
11 files changed, 30 insertions, 8 deletions
diff --git a/krebs/2configs/ergo.nix b/krebs/2configs/ergo.nix
new file mode 100644
index 000000000..db0bc5748
--- /dev/null
+++ b/krebs/2configs/ergo.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+ networking.firewall.allowedTCPPorts = [
+ 6667
+ ];
+
+ krebs.ergo = {
+ enable = true;
+ };
+}
+
+
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index 3780e0d7d..bb273652d 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -22,8 +22,6 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau
];
- security.rngd.enable = mkDefault true;
-
services.xserver = {
videoDriver = "intel";
};
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 2823aabef..14e0a3d7a 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -119,6 +119,7 @@ in {
users.users.reaktor2 = {
uid = genid_uint31 "reaktor2";
home = stateDir;
+ isSystemUser = true;
};
krebs.reaktor2 = {
diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix
index 481564719..951450200 100644
--- a/krebs/2configs/shack/muell_mail.nix
+++ b/krebs/2configs/shack/muell_mail.nix
@@ -12,6 +12,7 @@ let
in {
users.users.muell_mail = {
inherit home;
+ isSystemUser = true;
createHome = true;
};
systemd.services.muell_mail = {
diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix
index e894b9394..b032b4299 100644
--- a/krebs/2configs/shack/muellshack.nix
+++ b/krebs/2configs/shack/muellshack.nix
@@ -13,6 +13,7 @@ let
in {
users.users.muellshack = {
inherit home;
+ isSystemUser = true;
createHome = true;
};
services.nginx.virtualHosts."muell.shack" = {
diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix
index 4a981ea87..2e69d5aaa 100644
--- a/krebs/2configs/shack/node-light.nix
+++ b/krebs/2configs/shack/node-light.nix
@@ -14,6 +14,7 @@ in {
networking.firewall.allowedUDPPorts = [ 2342 ];
users.users.node-light = {
inherit home;
+ isSystemUser = true;
createHome = true;
};
services.nginx.virtualHosts."lounge.light.shack" = {
diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix
index cc3692e85..43c743587 100644
--- a/krebs/2configs/shack/powerraw.nix
+++ b/krebs/2configs/shack/powerraw.nix
@@ -14,7 +14,10 @@ let
in {
# receive response from light.shack / standby.shack
networking.firewall.allowedUDPPorts = [ 11111 ];
- users.users.powermeter.extraGroups = [ "dialout" ];
+ users.users.powermeter = {
+ extraGroups = [ "dialout" ];
+ isSystemUser = true;
+ };
# we make sure that usb-ttl has the correct permissions
# creates /dev/powerraw
diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix
index f3ea67f79..0ce8a8786 100644
--- a/krebs/2configs/shack/s3-power.nix
+++ b/krebs/2configs/shack/s3-power.nix
@@ -14,6 +14,7 @@ in {
users.users.s3_power = {
inherit home;
createHome = true;
+ isSystemUser = true;
};
systemd.services.s3-power = {
startAt = "daily";
diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix
index 807bb7e65..c9cdfd24b 100644
--- a/krebs/2configs/shack/shackDNS.nix
+++ b/krebs/2configs/shack/shackDNS.nix
@@ -30,6 +30,7 @@ in {
users.users.shackDNS = {
inherit home;
createHome = true;
+ isSystemUser = true;
};
services.nginx.virtualHosts."leases.shack" = {
locations."/" = {
diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix
index d8d65d309..3eb30964e 100644
--- a/krebs/2configs/shack/share.nix
+++ b/krebs/2configs/shack/share.nix
@@ -1,7 +1,7 @@
{config, ... }:{
users.users.smbguest = {
name = "smbguest";
- uid = config.ids.uids.smbguest;
+ uid = config.ids.uids.smbguest; #effectively systemUser
group = "share";
description = "smb guest user";
home = "/home/share";
diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix
index e4f05a6e6..9a18b8dff 100644
--- a/krebs/2configs/wiki.nix
+++ b/krebs/2configs/wiki.nix
@@ -4,9 +4,9 @@ let
setupGit = ''
export PATH=${makeBinPath [ pkgs.git ]}
- export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519'
+ export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.services.gollum.stateDir}/.ssh/id_ed25519'
repo='git@localhost:wiki'
- cd ${config.krebs.gollum.stateDir}
+ cd ${config.services.gollum.stateDir}
if ! url=$(git config remote.origin.url); then
git remote add origin "$repo"
elif test "$url" != "$repo"; then
@@ -27,7 +27,7 @@ let
in
{
- krebs.gollum = {
+ services.gollum = {
enable = true;
extraConfig = ''
Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
@@ -36,6 +36,8 @@ in
'';
};
+ systemd.services.gollum.environment.LC_ALL = "en_US.UTF-8";
+
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
@@ -87,7 +89,7 @@ in
};
krebs.secret.files.gollum = {
- path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519";
+ path = "${config.services.gollum.stateDir}/.ssh/id_ed25519";
owner = { name = "gollum"; };
source-path = "${<secrets/gollum.id_ed25519>}";
};