summaryrefslogtreecommitdiffstats
path: root/lass/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-12-11 19:50:50 +0100
committertv <tv@krebsco.de>2018-12-11 19:50:50 +0100
commit172a746c3a4735f1f7875f7169b53e8b3df82269 (patch)
treeee5e0d2e093f446d0f23d1abe599e85766928c12 /lass/1systems
parent761ce9cefdb2c04132f44c2b41fac6d49a472752 (diff)
parent30772247c0e629d443fb62bc566f3651be1157c1 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r--lass/1systems/morpheus/config.nix33
-rw-r--r--lass/1systems/morpheus/physical.nix32
-rw-r--r--lass/1systems/prism/config.nix26
-rw-r--r--lass/1systems/yellow/config.nix9
4 files changed, 80 insertions, 20 deletions
diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix
new file mode 100644
index 000000000..0d82ba611
--- /dev/null
+++ b/lass/1systems/morpheus/config.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ imports = [
+ <stockholm/lass>
+
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/power-action.nix>
+ <stockholm/lass/2configs/baseX.nix>
+ <stockholm/lass/2configs/games.nix>
+ <stockholm/lass/2configs/steam.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.morpheus;
+
+ networking.wireless.enable = false;
+ networking.networkmanager.enable = true;
+
+ services.logind.extraConfig = ''
+ HandleLidSwitch=ignore
+ '';
+
+ nixpkgs.config.packageOverrides = super: {
+ steam = super.steam.override {
+ withPrimus = true;
+ extraPkgs = p: with p; [
+ glxinfo
+ nettools
+ bumblebee
+ ];
+ };
+ };
+}
diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix
new file mode 100644
index 000000000..0f08acb2d
--- /dev/null
+++ b/lass/1systems/morpheus/physical.nix
@@ -0,0 +1,32 @@
+{ lib, ... }:
+{
+ imports = [
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ./config.nix
+ ];
+
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ networking.hostId = "60ce7e88";
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2009"'' ];
+
+ hardware.bumblebee.enable = true;
+ hardware.bumblebee.group = "video";
+
+ fileSystems."/" =
+ { device = "rpool/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/DF3B-4528";
+ fsType = "vfat";
+ };
+
+ nix.maxJobs = lib.mkDefault 8;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 83cc96771..ec3976519 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -297,37 +297,25 @@ with import <stockholm/lib>;
};
}
{
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ imports = [
+ <stockholm/lass/2configs/wirelum.nix>
];
+ #krebs.iptables.tables.nat.PREROUTING.rules = [
+ # { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ #];
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
];
- networking.wireguard.interfaces.wg0 = {
- ips = [ "10.244.1.1/24" ];
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wireguard.key";
- allowedIPsAsRoutes = true;
- peers = [
- {
- # lass-android
- allowedIPs = [ "10.244.1.2/32" ];
- publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
- }
- ];
- };
services.dnsmasq = {
enable = true;
resolveLocalQueries = false;
extraConfig= ''
+ listen-address=10.244.1.1
except-interface=lo
interface=wg0
'';
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index ff7b23687..58fa564a1 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -19,7 +19,11 @@ with import <stockholm/lib>;
users.groups.download.members = [ "transmission" ];
users.users.transmission.group = mkForce "download";
- systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ];
+ systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ];
+ systemd.services.transmission.after = [ "openvpn-nordvpn.service" ];
+ systemd.services.transmission.postStart = ''
+ chmod 775 /var/download/finished
+ '';
services.transmission = {
enable = true;
settings = {
@@ -52,6 +56,9 @@ with import <stockholm/lib>;
autoindex on;
'';
};
+ locations."/dl".extraConfig = ''
+ return 301 /;
+ '';
locations."/" = {
root = "/var/download/finished";
extraConfig = ''