diff options
author | tv <tv@krebsco.de> | 2017-07-13 00:37:54 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-07-13 00:37:54 +0200 |
commit | bc6c6a3164d31141f39333914c1b15ff261e7859 (patch) | |
tree | 8bff8dd19f1d9f9fcc2b78b7c8d3fb81a332aab4 /lass/1systems/mors | |
parent | 4da01794605291bdb7bd9fa9dc7109764f4faf58 (diff) | |
parent | 7212de210bb7fc751ffade00d6b1b08f195ddf47 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems/mors')
-rw-r--r-- | lass/1systems/mors/config.nix | 194 | ||||
-rw-r--r-- | lass/1systems/mors/source.nix | 4 |
2 files changed, 198 insertions, 0 deletions
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix new file mode 100644 index 000000000..45b3f740f --- /dev/null +++ b/lass/1systems/mors/config.nix @@ -0,0 +1,194 @@ +{ config, pkgs, ... }: + +with import <stockholm/lib>; +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/hw/tp-x220.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/bitcoin.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/games.nix> + <stockholm/lass/2configs/pass.nix> + <stockholm/lass/2configs/elster.nix> + <stockholm/lass/2configs/steam.nix> + <stockholm/lass/2configs/wine.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/virtualbox.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/mail.nix> + <stockholm/lass/2configs/repo-sync.nix> + <stockholm/lass/2configs/ircd.nix> + <stockholm/lass/2configs/logf.nix> + <stockholm/lass/2configs/syncthing.nix> + { + #risk of rain port + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } + ]; + } + { + services.elasticsearch = { + enable = true; + }; + } + { + #zalando project + services.postgresql = { + enable = true; + package = pkgs.postgresql; + }; + virtualisation.docker.enable = true; + #users.users.mainUser.extraGroups = [ "docker" ]; + } + { + lass.umts = { + enable = true; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_C12AD95CB7B78F90-if09"; + initstrings = '' + Init1 = AT+CFUN=1 + Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + ''; + }; + } + { + services.nginx = { + enable = true; + virtualHosts.default = { + serverAliases = [ + "localhost" + "${config.krebs.build.host.name}" + "${config.krebs.build.host.name}.r" + ]; + locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' + alias /home/$1/public_html$2; + ''; + }; + }; + } + { + services.redis.enable = true; + } + { + environment.systemPackages = [ + pkgs.ovh-zone + ]; + } + { + #ps vita stuff + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + } + { + services.tor = { + enable = true; + client.enable = true; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.mors; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + loader.grub.efiSupport = true; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/pool-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda2"; + }; + #"/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + #}; + "/home" = { + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + ''; + + #TODO activationScripts seem broken, fix them! + #activationScripts + #split up and move into base + system.activationScripts.powertopTunables = '' + #Runtime PMs + echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' + ''; + + environment.systemPackages = with pkgs; [ + acronym + brain + cac-api + sshpass + get + teamspeak_client + hashPassword + urban + mk_sql_pair + remmina + thunderbird + + iodine + + macchanger + ]; + + #TODO: fix this shit + ##fprint stuff + ##sudo fprintd-enroll $USER to save fingerprints + #services.fprintd.enable = true; + #security.pam.services.sudo.fprintAuth = true; + + users.extraGroups = { + loot = { + members = [ + config.users.extraUsers.mainUser.name + "firefox" + "chromium" + "google" + "virtual" + ]; + }; + }; + + krebs.repo-sync.timerConfig = { + OnCalendar = "00:37"; + }; +} diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix new file mode 100644 index 000000000..a9dfa2eb6 --- /dev/null +++ b/lass/1systems/mors/source.nix @@ -0,0 +1,4 @@ +import <stockholm/lass/source.nix> { + name = "mors"; + secure = true; +} |