summaryrefslogtreecommitdiffstats
path: root/lass/1systems/mors
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-07-13 00:37:54 +0200
committertv <tv@krebsco.de>2017-07-13 00:37:54 +0200
commitbc6c6a3164d31141f39333914c1b15ff261e7859 (patch)
tree8bff8dd19f1d9f9fcc2b78b7c8d3fb81a332aab4 /lass/1systems/mors
parent4da01794605291bdb7bd9fa9dc7109764f4faf58 (diff)
parent7212de210bb7fc751ffade00d6b1b08f195ddf47 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems/mors')
-rw-r--r--lass/1systems/mors/config.nix194
-rw-r--r--lass/1systems/mors/source.nix4
2 files changed, 198 insertions, 0 deletions
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
new file mode 100644
index 000000000..45b3f740f
--- /dev/null
+++ b/lass/1systems/mors/config.nix
@@ -0,0 +1,194 @@
+{ config, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/hw/tp-x220.nix>
+ <stockholm/lass/2configs/baseX.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/programs.nix>
+ <stockholm/lass/2configs/bitcoin.nix>
+ <stockholm/lass/2configs/browsers.nix>
+ <stockholm/lass/2configs/games.nix>
+ <stockholm/lass/2configs/pass.nix>
+ <stockholm/lass/2configs/elster.nix>
+ <stockholm/lass/2configs/steam.nix>
+ <stockholm/lass/2configs/wine.nix>
+ <stockholm/lass/2configs/git.nix>
+ <stockholm/lass/2configs/virtualbox.nix>
+ <stockholm/lass/2configs/fetchWallpaper.nix>
+ <stockholm/lass/2configs/mail.nix>
+ <stockholm/lass/2configs/repo-sync.nix>
+ <stockholm/lass/2configs/ircd.nix>
+ <stockholm/lass/2configs/logf.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ {
+ #risk of rain port
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
+ ];
+ }
+ {
+ services.elasticsearch = {
+ enable = true;
+ };
+ }
+ {
+ #zalando project
+ services.postgresql = {
+ enable = true;
+ package = pkgs.postgresql;
+ };
+ virtualisation.docker.enable = true;
+ #users.users.mainUser.extraGroups = [ "docker" ];
+ }
+ {
+ lass.umts = {
+ enable = true;
+ modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_C12AD95CB7B78F90-if09";
+ initstrings = ''
+ Init1 = AT+CFUN=1
+ Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
+ '';
+ };
+ }
+ {
+ services.nginx = {
+ enable = true;
+ virtualHosts.default = {
+ serverAliases = [
+ "localhost"
+ "${config.krebs.build.host.name}"
+ "${config.krebs.build.host.name}.r"
+ ];
+ locations."~ ^/~(.+?)(/.*)?\$".extraConfig = ''
+ alias /home/$1/public_html$2;
+ '';
+ };
+ };
+ }
+ {
+ services.redis.enable = true;
+ }
+ {
+ environment.systemPackages = [
+ pkgs.ovh-zone
+ ];
+ }
+ {
+ #ps vita stuff
+ boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+ }
+ {
+ services.tor = {
+ enable = true;
+ client.enable = true;
+ };
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.mors;
+
+ boot = {
+ loader.grub.enable = true;
+ loader.grub.version = 2;
+ loader.grub.device = "/dev/sda";
+ loader.grub.efiSupport = true;
+
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
+ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/pool-root";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/boot" = {
+ device = "/dev/sda2";
+ };
+ #"/bku" = {
+ # device = "/dev/mapper/pool-bku";
+ # fsType = "btrfs";
+ # options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ #};
+ "/home" = {
+ device = "/dev/mapper/pool-home";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+ '';
+
+ #TODO activationScripts seem broken, fix them!
+ #activationScripts
+ #split up and move into base
+ system.activationScripts.powertopTunables = ''
+ #Runtime PMs
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
+ '';
+
+ environment.systemPackages = with pkgs; [
+ acronym
+ brain
+ cac-api
+ sshpass
+ get
+ teamspeak_client
+ hashPassword
+ urban
+ mk_sql_pair
+ remmina
+ thunderbird
+
+ iodine
+
+ macchanger
+ ];
+
+ #TODO: fix this shit
+ ##fprint stuff
+ ##sudo fprintd-enroll $USER to save fingerprints
+ #services.fprintd.enable = true;
+ #security.pam.services.sudo.fprintAuth = true;
+
+ users.extraGroups = {
+ loot = {
+ members = [
+ config.users.extraUsers.mainUser.name
+ "firefox"
+ "chromium"
+ "google"
+ "virtual"
+ ];
+ };
+ };
+
+ krebs.repo-sync.timerConfig = {
+ OnCalendar = "00:37";
+ };
+}
diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix
new file mode 100644
index 000000000..a9dfa2eb6
--- /dev/null
+++ b/lass/1systems/mors/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/lass/source.nix> {
+ name = "mors";
+ secure = true;
+}