diff options
author | tv <tv@krebsco.de> | 2020-10-03 13:44:30 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2020-10-03 13:44:30 +0200 |
commit | d1e52425e0d5d79a33b11c92cc2afb498075d953 (patch) | |
tree | 29277982f014eaae680e006b6afc7fdb42e8d9b2 /lass/1systems | |
parent | 654f64f05935a69607a540f2e8d15619cee9e15e (diff) | |
parent | 7e7499d86302d261c8f8404fb34f2ac091318d0e (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r-- | lass/1systems/blue/config.nix | 21 | ||||
-rw-r--r-- | lass/1systems/morpheus/config.nix | 1 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 2 | ||||
-rw-r--r-- | lass/1systems/mors/physical.nix | 2 | ||||
-rw-r--r-- | lass/1systems/prism/config.nix | 9 | ||||
-rw-r--r-- | lass/1systems/prism/physical.nix | 10 | ||||
-rw-r--r-- | lass/1systems/shodan/physical.nix | 2 | ||||
-rwxr-xr-x | lass/1systems/wizard/run-vm.sh | 7 | ||||
-rw-r--r-- | lass/1systems/wizard/test.nix | 2 | ||||
-rw-r--r-- | lass/1systems/xerxes/config.nix | 26 | ||||
-rw-r--r-- | lass/1systems/yellow/config.nix | 26 |
11 files changed, 59 insertions, 49 deletions
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index c46bb351e..f6dc23d20 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -17,27 +17,6 @@ with import <stockholm/lib>; networking.nameservers = [ "1.1.1.1" ]; - services.restic.backups = genAttrs [ - "daedalus" - "icarus" - "littleT" - "prism" - "shodan" - "skynet" - ] (dest: { - initialize = true; - extraOptions = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - repository = "sftp:backup@${dest}.r:/backups/blue"; - passwordFile = (toString <secrets>) + "/restic/${dest}"; - timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; - paths = [ - "/home/" - "/var/lib" - ]; - }); - time.timeZone = "Europe/Berlin"; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ]; } diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix index c3a8ea6c8..79fbe4c97 100644 --- a/lass/1systems/morpheus/config.nix +++ b/lass/1systems/morpheus/config.nix @@ -18,6 +18,7 @@ with import <stockholm/lib>; gitAndTools.hub nix-review firefox + ag ]; services.openssh.forwardX11 = true; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c1ceb0633..b03d95c49 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -126,8 +126,6 @@ with import <stockholm/lib>; remmina transmission - iodine - macchanger dpass diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index 2f3a68442..a9108104b 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -23,7 +23,7 @@ services.udev.extraRules = '' SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:4f:42:35", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:37:15:d9", NAME="et0" ''; #TODO activationScripts seem broken, fix them! diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 33ec21e72..b335353be 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -272,9 +272,9 @@ with import <stockholm/lib>; resolveLocalQueries = false; extraConfig= '' - listen-address=42:1:ce16::1 + listen-address=42:1:ce16::1,10.244.1.103 except-interface=lo - interface=wg0 + interface=wiregrill ''; }; } @@ -284,7 +284,10 @@ with import <stockholm/lib>; ]; } { - services.murmur.enable = true; + services.murmur = { + enable = true; + bandwidth = 10000000; + }; services.murmur.registerName = "lassul.us"; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 7458f5ffd..1a3bee850 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -55,6 +55,16 @@ fsType = "zfs"; }; + fileSystems."/var/realwallpaper/archive" = { + device = "tank/wallpaper"; + fsType = "zfs"; + }; + + fileSystems."/home/xanf" = { + device = "/dev/disk/by-id/wwn-0x500a07511becb076"; + fsType = "ext4"; + }; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 39a4d9661..55e91b0e4 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -10,7 +10,7 @@ loader.grub.version = 2; loader.grub.device = "/dev/sda"; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices.lusksroot.device = "/dev/sda2"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; diff --git a/lass/1systems/wizard/run-vm.sh b/lass/1systems/wizard/run-vm.sh new file mode 100755 index 000000000..13914ad5f --- /dev/null +++ b/lass/1systems/wizard/run-vm.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nixos-generators + +set -efu + +WD=$(dirname "$0") +nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run diff --git a/lass/1systems/wizard/test.nix b/lass/1systems/wizard/test.nix index c7a27102a..165b9f14d 100644 --- a/lass/1systems/wizard/test.nix +++ b/lass/1systems/wizard/test.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { imports = [ - ./default.nix + ./config.nix ]; virtualisation.emptyDiskImages = [ 8000 diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index e4a4fb505..8c4362865 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -41,22 +41,6 @@ displayManager.lightdm.autoLogin.user = "lass"; }; - services.syncthing.declarative = { - folders = { - the_playlist = { - path = "/home/lass/tmp/the_playlist"; - devices = [ "mors" "phone" "prism" "xerxes" ]; - }; - }; - }; - krebs.permown = { - "/home/lass/tmp/the_playlist" = { - owner = "lass"; - group = "syncthing"; - umask = "0007"; - }; - }; - boot.blacklistedKernelModules = [ "xpad" ]; systemd.services.xboxdrv = { wantedBy = [ "multi-user.target" ]; @@ -93,7 +77,15 @@ }; }; - hardware.bluetooth.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + # config.General.Disable = "Headset"; + extraConfig = '' + [General] + Disable = Headset + ''; + }; hardware.pulseaudio.package = pkgs.pulseaudioFull; # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" '' # load-module module-bluetooth-policy diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 82fe3fac5..d400697d7 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -172,7 +172,7 @@ with import <stockholm/lib>; client dev tun proto udp - remote 89.249.65.83 1194 + remote 185.230.127.27 1194 resolv-retry infinite remote-random nobind @@ -195,7 +195,6 @@ with import <stockholm/lib>; fast-io cipher AES-256-CBC auth SHA512 - <ca> -----BEGIN CERTIFICATE----- MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ @@ -251,6 +250,27 @@ with import <stockholm/lib>; 3f8a56ddb2e64eb67adfc9b337157ff4 -----END OpenVPN Static key V1----- </tls-auth> - ''; + + systemd.services.flix-index = { + wantedBy = [ "multi-user.target" ]; + path = [ + pkgs.coreutils + pkgs.findutils + pkgs.inotifyTools + ]; + serviceConfig = { + Restart = "always"; + ExecStart = pkgs.writers.writeDash "flix-index" '' + set -efu + + DIR=/var/download/finished + cd "$DIR" + while inotifywait -rq -e create -e move -e delete "$DIR"; do + find . -type f > "$DIR"/index.tmp + mv "$DIR"/index.tmp "$DIR"/index + done + ''; + }; + }; } |