summaryrefslogtreecommitdiffstats
path: root/lass/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2020-01-14 21:35:10 +0100
committertv <tv@krebsco.de>2020-01-14 21:35:10 +0100
commit67cda2940f1228063efd09e08d39fad12fe9a0ef (patch)
treeac639d44c2e6378265621988b19c345d891c4909 /lass/1systems
parent525c955b5f955dd23ec4d060ebd1ef1e149760ce (diff)
parenta01e3174e04fc946e7dfaf3569919aacf5a6763d (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r--lass/1systems/hilum/config.nix12
-rw-r--r--lass/1systems/icarus/config.nix1
-rw-r--r--lass/1systems/icarus/physical.nix47
-rw-r--r--lass/1systems/iso.nix193
-rw-r--r--lass/1systems/iso/default.nix211
-rwxr-xr-xlass/1systems/iso/generate-iso.sh7
-rw-r--r--lass/1systems/shodan/config.nix1
-rw-r--r--lass/1systems/xerxes/physical.nix17
-rw-r--r--lass/1systems/yellow/config.nix13
9 files changed, 267 insertions, 235 deletions
diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix
index d4a389a4a..470dd3aff 100644
--- a/lass/1systems/hilum/config.nix
+++ b/lass/1systems/hilum/config.nix
@@ -21,13 +21,9 @@
source /grub/autoiso.cfg
}
'';
- extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation {
- name = "autoiso.cfg";
- src = pkgs.grub2.src;
- phases = [ "unpackPhase" "installPhase" ];
- installPhase = ''
- cp docs/autoiso.cfg $out
- '';
- });
+ extraFiles."/grub/autoiso.cfg" = "${pkgs.grub2.src}/docs/autoiso.cfg";
};
+
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchDocked = "ignore";
}
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 46f0892a2..5e16052ad 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -20,6 +20,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/nfs-dl.nix>
#<stockholm/lass/2configs/prism-share.nix>
<stockholm/lass/2configs/ssh-cryptsetup.nix>
+ <stockholm/lass/2configs/network-manager.nix>
];
#media center
diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix
index d764dabc1..861bd8b0b 100644
--- a/lass/1systems/icarus/physical.nix
+++ b/lass/1systems/icarus/physical.nix
@@ -1,22 +1,53 @@
+{ config, lib, pkgs, ... }:
{
imports = [
./config.nix
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/coreboot.nix>
+ #<stockholm/lass/2configs/hw/x220.nix>
+ #<stockholm/lass/2configs/boot/universal.nix>
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ <stockholm/krebs/2configs/hw/x220.nix>
];
- fileSystems = {
- "/bku" = {
- device = "/dev/mapper/pool-bku";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.efiSupport = true;
+ boot.loader.grub.efiInstallAsRemovable = true;
+ boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6";
+ boot.initrd.luks.devices.ssd.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6-part3";
+
+ boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "sd_mod" "sdhci_pci" ];
+ boot.initrd.kernelModules = [ "dm-snapshot" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/298eb635-8db2-4c15-a73d-2e0d6afa10e8";
+ fsType = "xfs";
+ };
+
+ fileSystems."/home" = {
+ device = "/dev/disk/by-uuid/eec94bef-e745-4d95-ad17-4df728f5fd31";
+ fsType = "xfs";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/D975-2CAB";
+ fsType = "vfat";
};
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
services.thinkfan.enable = true;
+
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchDocked = "ignore";
+
}
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
deleted file mode 100644
index a7b9f21b3..000000000
--- a/lass/1systems/iso.nix
+++ /dev/null
@@ -1,193 +0,0 @@
-{ config, pkgs, ... }:
-
-with import <stockholm/lib>;
-{
- imports = [
- <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
- <stockholm/krebs>
- <stockholm/lass/3modules>
- <stockholm/lass/2configs/mc.nix>
- <stockholm/lass/2configs/vim.nix>
- {
- # /dev/stderr doesn't work. I don't know why
- # /proc/self doesn't seem to work correctly
- # /dev/pts is empty except for 1 file
- # my life sucks
- nixpkgs.config.packageOverrides = super: {
- irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
- pkgs = pkgs // {
- coreutils = pkgs.symlinkJoin {
- name = "coreutils-hack";
- paths = [
- (pkgs.writeDashBin "tee" ''
- if test "$1" = /dev/stderr; then
- while read -r line; do
- echo "$line"
- echo "$line" >&2
- done
- else
- ${super.coreutils}/bin/tee "$@"
- fi
- '')
- pkgs.coreutils
- ];
- };
- };
- };
- };
- boot.kernelParams = [ "copytoram" ];
- networking.hostName = "lass-iso";
- }
- {
- nixpkgs.config.packageOverrides = import <stockholm/lass/5pkgs> pkgs;
- krebs.enable = true;
- krebs.build.user = config.krebs.users.lass;
- krebs.build.host = {};
- }
- {
- nixpkgs.config.allowUnfree = true;
- }
- {
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- };
- }
- {
- environment.extraInit = ''
- EDITOR=vim
- '';
- }
- {
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- gnumake
- jq
- parallel
- proot
- populate
-
- #style
- most
- rxvt_unicode.terminfo
-
- #monitoring tools
- htop
- iotop
-
- #network
- iptables
- iftop
-
- #stuff for dl
- aria2
-
- #neat utils
- hashPassword
- krebspaste
- pciutils
- pop
- psmisc
- q
- rs
- tmux
- untilport
- usbutils
-
- #unpack stuff
- p7zip
- unzip
- unrar
-
- #data recovery
- ddrescue
- ntfs3g
- dosfstools
- ];
- }
- {
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=65536
- HISTFILESIZE=$HISTSIZE
-
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- complete -d cd
- '';
- promptInit = ''
- if test $UID = 0; then
- PS1='\[\033[1;31m\]\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
- elif test $UID = 1337; then
- PS1='\[\033[1;32m\]\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
- else
- PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
- fi
- if test -n "$SSH_CLIENT"; then
- PS1='\[\033[35m\]\h'" $PS1"
- PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
- fi
- '';
- };
- }
- {
- services.openssh = {
- enable = true;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
- systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
- }
- {
- networking.firewall = {
- enable = true;
- allowedTCPPorts = [ 22 ];
- };
- }
- {
- krebs.hidden-ssh.enable = true;
- }
- {
- services.xserver = {
- enable = true;
- #videoDrivers = mkForce [ "ati_unfree" ];
-
- desktopManager.xterm.enable = false;
- desktopManager.default = "none";
- displayManager.lightdm.enable = true;
- displayManager.lightdm.autoLogin = {
- enable = true;
- user = "lass";
- };
- windowManager.default = "xmonad";
- windowManager.session = let
- xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; };
- in [{
- name = "xmonad";
- start = ''
- ${pkgs.xorg.xhost}/bin/xhost +LOCAL:
- ${xmonad-lass}/bin/xmonad &
- waitPID=$!
- '';
- }];
-
- layout = "us";
- xkbModel = "evdev";
- xkbVariant = "altgr-intl";
- xkbOptions = "caps:backspace";
- };
- }
- ];
-}
diff --git a/lass/1systems/iso/default.nix b/lass/1systems/iso/default.nix
new file mode 100644
index 000000000..a77a74fbe
--- /dev/null
+++ b/lass/1systems/iso/default.nix
@@ -0,0 +1,211 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+let
+
+ wizard = pkgs.writers.writeBash "wizard" ''
+ shopt -s extglob
+
+ echo -n '
+ welcome to the computer wizard
+ first we will check for internet connectivity
+ (press enter to continue)
+ '
+ read -n 1 -s
+ if ! ping -c1 lassul.us; then
+ echo 'no internet detectio, you will have to provide credentials'
+ read -n 1 -s
+ nmtui
+ fi
+
+ # ping -c1 lassuls.us || ${pkgs.writeDash "nm-dmenu" ''
+ # set -x
+ # export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
+ # exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
+ # ''}
+
+ mode=$(echo -n '
+ 1. help of the wizard
+ 2. let the wizard watch and help if needed
+ 3. I will do it alone
+ ' | ${pkgs.fzf}/bin/fzf --reverse)
+ case "$mode" in
+ 1*)
+ echo 'mode_1' > /tmp/mode
+ systemctl start hidden-ssh-announce.service
+ tmux new -s help
+ ;;
+ 2*)
+ echo 'mode_2' > /tmp/mode
+ ;;
+ 3*)
+ echo 'mode_3' > /tmp/mode
+ ;;
+ *)
+ echo 'no mode selected'
+ ;;
+ esac
+ '';
+
+in {
+ imports = [
+ <stockholm/krebs>
+ <stockholm/lass/3modules>
+ <stockholm/lass/2configs/vim.nix>
+ {
+ nixpkgs.config.packageOverrides = import <stockholm/lass/5pkgs> pkgs;
+ krebs.enable = true;
+ krebs.build.user = config.krebs.users.lass;
+ krebs.build.host = {};
+ }
+ # {
+ # systemd.services.wizard = {
+ # description = "Computer Wizard";
+ # wantedBy = [ "multi-user.target" ];
+ # serviceConfig = {
+ # ExecStart = pkgs.writers.writeDash "wizard" ''
+ # set -efu
+ # cat <<EOF
+ # welcome to the computer wizard
+ # you can choose between the following modes
+ # echo -n '1\n2\n3' | ${pkgs.fzf}/bin/fzf
+ # EOF
+ # '';
+ # StandardInput = "tty";
+ # StandardOutput = "tty";
+ # # TTYPath = "/dev/tty1";
+ # TTYPath = "/dev/ttyS0";
+ # TTYReset = true;
+ # TTYVTDisallocate = true;
+ # Restart = "always";
+ # };
+ # };
+ # }
+ ];
+
+ networking.hostName = "wizard";
+ nixpkgs.config.allowUnfree = true;
+
+ users.extraUsers = {
+ root = {
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ config.krebs.users.lass-mors.pubkey
+ ];
+ };
+ };
+
+ environment.systemPackages = with pkgs; [
+ #stockholm
+ git
+ gnumake
+ jq
+ parallel
+ proot
+ populate
+
+ #style
+ most
+ rxvt_unicode.terminfo
+
+ #monitoring tools
+ htop
+ iotop
+
+ #network
+ iptables
+ iftop
+
+ #stuff for dl
+ aria2
+
+ #neat utils
+ dmenu
+ hashPassword
+ krebspaste
+ pciutils
+ pop
+ psmisc
+ q
+ rs
+ tmux
+ untilport
+ usbutils
+
+ #unpack stuff
+ p7zip
+ unzip
+ unrar
+
+ #data recovery
+ ddrescue
+ ntfs3g
+ dosfstools
+ ];
+
+ environment.extraInit = ''
+ EDITOR=vim
+ '';
+
+ programs.bash = {
+ enableCompletion = true;
+ interactiveShellInit = ''
+ HISTCONTROL='erasedups:ignorespace'
+ HISTSIZE=65536
+ HISTFILESIZE=$HISTSIZE
+
+ shopt -s checkhash
+ shopt -s histappend histreedit histverify
+ shopt -s no_empty_cmd_completion
+ complete -d cd
+ '';
+ promptInit = ''
+ if test $UID = 0; then
+ PS1='\[\033[1;31m\]\w\[\033[0m\] '
+ PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
+ elif test $UID = 1337; then
+ PS1='\[\033[1;32m\]\w\[\033[0m\] '
+ PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
+ else
+ PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
+ PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
+ fi
+ if test -n "$SSH_CLIENT"; then
+ PS1='\[\033[35m\]\h'" $PS1"
+ PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
+ fi
+ if ! test -e /tmp/mode; then
+ ${wizard}
+ fi
+ '';
+ };
+
+ services.openssh.enable = true;
+ systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
+
+ networking.firewall = {
+ enable = true;
+ allowedTCPPorts = [ 22 ];
+ };
+ networking.networkmanager.enable = true;
+ networking.wireless.enable = mkForce false;
+
+ krebs.hidden-ssh = {
+ enable = true;
+ channel = "##lassulus-wizard";
+
+ };
+ systemd.services.hidden-ssh-announce.wantedBy = mkForce [];
+ services.mingetty.autologinUser = "root";
+
+ nixpkgs.config.packageOverrides = super: {
+ dmenu = pkgs.writeDashBin "dmenu" ''
+ ${pkgs.fzf}/bin/fzf \
+ --history=/dev/null \
+ --print-query \
+ --prompt=\"$PROMPT\"
+ '';
+ };
+
+ boot.tmpOnTmpfs = true;
+}
diff --git a/lass/1systems/iso/generate-iso.sh b/lass/1systems/iso/generate-iso.sh
new file mode 100755
index 000000000..3179b31c1
--- /dev/null
+++ b/lass/1systems/iso/generate-iso.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash -p nixos-generators
+
+set -xefu
+
+WD=$(dirname "$0")
+nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/default.nix -f install-iso
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index b3de15837..9bb31191c 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -19,6 +19,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/gg23.nix>
+ <stockholm/lass/2configs/br.nix>
];
krebs.build.host = config.krebs.hosts.shodan;
diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix
index 77cf2206b..5a6f07215 100644
--- a/lass/1systems/xerxes/physical.nix
+++ b/lass/1systems/xerxes/physical.nix
@@ -5,40 +5,32 @@
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
- boot.zfs.enableUnstable = true;
boot.loader.grub = {
enable = true;
device = "/dev/sda";
efiSupport = true;
+ efiInstallAsRemovable = true;
};
- boot.loader.efi.canTouchEfiVariables = true;
boot.blacklistedKernelModules = [
"sdhci_pci"
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
- boot.initrd.kernelModules = [ ];
boot.initrd.luks.devices.crypted.device = "/dev/sda3";
boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
boot.kernelParams = [
"fbcon=rotate:1"
"boot.shell_on_fail"
];
fileSystems."/" = {
- device = "rpool/root";
- fsType = "zfs";
- };
-
- fileSystems."/home" = {
- device = "rpool/home";
- fsType = "zfs";
+ device = "/dev/disk/by-uuid/8efd0c22-f712-46bf-baad-1fbf19d9ec25";
+ fsType = "xfs";
};
fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/E749-784C";
+ device = "/dev/disk/by-uuid/7F23-DDB4";
fsType = "vfat";
};
@@ -74,7 +66,6 @@
services.xserver = {
videoDrivers = [ "intel" ];
displayManager.sessionCommands = ''
- echo nonono > /tmp/xxyy
(sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right)
(sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1)
'';
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index d049bdee6..abbc0045b 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -47,17 +47,6 @@ with import <stockholm/lib>;
};
virtualHosts.default = {
default = true;
- locations."=/Nginx-Fancyindex-Theme-dark" = {
- extraConfig = ''
- alias ${pkgs.fetchFromGitHub {
- owner = "Naereen";
- repo = "Nginx-Fancyindex-Theme";
- rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4";
- sha256 = "0wzl4ws2w8f0749vxfd1c8c21p3jw463wishgfcmaljbh4dwplg6";
- }}/Nginx-Fancyindex-Theme-dark;
- autoindex on;
- '';
- };
locations."/dl".extraConfig = ''
return 301 /;
'';
@@ -65,8 +54,6 @@ with import <stockholm/lib>;
root = "/var/download/finished";
extraConfig = ''
fancyindex on;
- fancyindex_header "/Nginx-Fancyindex-Theme-dark/header.html";
- fancyindex_footer "/Nginx-Fancyindex-Theme-dark/footer.html";
dav_methods PUT DELETE MKCOL COPY MOVE;
create_full_put_path on;