diff options
author | tv <tv@krebsco.de> | 2020-12-02 00:45:50 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2020-12-02 00:45:50 +0100 |
commit | d60b1b793f3a1635c1fe30aa11b64831fd665b4f (patch) | |
tree | d484b1315dab9b6c3d230118f6e33b0888f0aca5 /lass | |
parent | 29827720520b6a4885dbdcb3237070e6e45dd910 (diff) | |
parent | 813eefa3c55fd1cd234b0adb1da7286bd761b579 (diff) |
Merge remote-tracking branch 'prism/master' into master
Diffstat (limited to 'lass')
23 files changed, 161 insertions, 145 deletions
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 8332e7c53..609da6011 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -19,7 +19,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/nfs-dl.nix> #<stockholm/lass/2configs/prism-share.nix> - <stockholm/lass/2configs/ssh-cryptsetup.nix> <stockholm/lass/2configs/network-manager.nix> <stockholm/lass/2configs/home-media.nix> ]; diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix index 3fb03cda4..6e59a2273 100644 --- a/lass/1systems/morpheus/physical.nix +++ b/lass/1systems/morpheus/physical.nix @@ -34,10 +34,7 @@ }; boot.initrd.luks = { cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices = [{ - name = "luksroot"; - device = "/dev/nvme0n1p3"; - }]; + devices.luksroot.device = "/dev/nvme0n1p3"; }; services.udev.extraRules = '' diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 944a68beb..1206f1655 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -392,6 +392,15 @@ with import <stockholm/lib>; ]; } { + users.users.shannan = { + uid = genid_uint31 "shannan"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.shannan.pubkey + ]; + }; + } + { nix.trustedUsers = [ "mic92" ]; users.users.mic92 = { uid = genid_uint31 "mic92"; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index d7b43f2cd..9e01396bc 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,7 +15,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/blue-host.nix> - <stockholm/lass/2configs/ssh-cryptsetup.nix> <stockholm/lass/2configs/nfs-dl.nix> <stockholm/lass/2configs/gg23.nix> <stockholm/lass/2configs/hass> diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix new file mode 100644 index 000000000..4c3ae1411 --- /dev/null +++ b/lass/1systems/styx/config.nix @@ -0,0 +1,80 @@ +{ config, pkgs, ... }: + +with import <stockholm/lib>; +{ + imports = [ + <stockholm/lass> + + <stockholm/lass/2configs/mouse.nix> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/nfs-dl.nix> + # <stockholm/lass/2configs/gg23.nix> + # <stockholm/lass/2configs/hass> + # <stockholm/lass/2configs/br.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/home-media.nix> + # <stockholm/lass/2configs/syncthing.nix> + # <stockholm/lass/2configs/sync/sync.nix> + # <stockholm/lass/2configs/idc.nix> + ]; + + krebs.build.host = config.krebs.hosts.styx; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport ${toString config.services.smokeping.port}"; target = "ACCEPT"; } + ]; + services.smokeping = { + enable = true; + targetConfig = '' + probe = FPing + menu = top + title = top + + + Local + menu = Local + title = Local Network + ++ LocalMachine + menu = Local Machine + title = This host + host = localhost + + + Internet + menu = internet + title = internet + + ++ CloudflareDNS + menu = Cloudflare DNS + title = Cloudflare DNS server + host = 1.1.1.1 + + ++ GoogleDNS + menu = Google DNS + title = Google DNS server + host = 8.8.8.8 + + + retiolum + menu = retiolum + title = retiolum + + ++ gum + menu = gum.r + title = gum.r + host = gum.r + + ++ ni + menu = ni.r + title = ni.r + host = ni.r + + ++ prism + menu = prism.r + title = prism.r + host = prism.r + ''; + }; +} + diff --git a/lass/1systems/styx/physical.nix b/lass/1systems/styx/physical.nix new file mode 100644 index 000000000..a3899f87d --- /dev/null +++ b/lass/1systems/styx/physical.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./config.nix + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.device = "/dev/disk/by-id/ata-SanDisk_SSD_G5_BICS4_20248F446514"; + boot.loader.grub.efiInstallAsRemovable = true; + + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ee5c9099-17fa-401e-852e-67cb4ae068f4"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/EAA5-88A9"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix index 2d21f00d5..82a088643 100644 --- a/lass/1systems/uriel/physical.nix +++ b/lass/1systems/uriel/physical.nix @@ -15,7 +15,7 @@ loader.systemd-boot.enable = true; loader.timeout = 5; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices.luksroot.device = "/dev/sda2"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index 56c091a6e..ed78699b0 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -25,9 +25,6 @@ in { environment = { DISPLAY = ":${toString config.services.xserver.display}"; }; - path = with pkgs; [ - qt5.full - ]; serviceConfig = { SyslogIdentifier = "copyq"; ExecStart = "${pkgs.copyq}/bin/copyq"; diff --git a/lass/2configs/dcso-vpn.nix b/lass/2configs/dcso-vpn.nix deleted file mode 100644 index 0a5623bf0..000000000 --- a/lass/2configs/dcso-vpn.nix +++ /dev/null @@ -1,44 +0,0 @@ -with import <stockholm/lib>; -{ ... }: - -{ - - users.extraUsers = { - dcsovpn = rec { - name = "dcsovpn"; - uid = genid "dcsovpn"; - description = "user for running dcso openvpn"; - home = "/home/${name}"; - }; - }; - - users.extraGroups.dcsovpn.gid = genid "dcsovpn"; - - services.openvpn.servers = { - dcso = { - config = '' - client - dev tun - tun-mtu 1356 - mssfix - proto udp - float - remote 217.111.55.41 1194 - nobind - user dcsovpn - group dcsovpn - persist-key - persist-tun - ca ${toString <secrets/dcsovpn/ca.pem>} - cert ${toString <secrets/dcsovpn/cert.pem>} - key ${toString <secrets/dcsovpn/cert.key>} - verb 3 - mute 20 - auth-user-pass ${toString <secrets/dcsovpn/login.txt>} - route-method exe - route-delay 2 - ''; - updateResolvConf = true; - }; - }; -} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f59988b75..1cf421fed 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,7 +2,6 @@ with import <stockholm/lib>; { config, pkgs, ... }: { imports = [ - <stockholm/krebs/2configs/nscd-fix.nix> ./binary-cache/client.nix ./backup.nix ./gc.nix @@ -223,4 +222,5 @@ with import <stockholm/lib>; # use 24:00 time format, the default got sneakily changed around 20.03 i18n.defaultLocale = mkDefault "C.UTF-8"; + system.stateVersion = mkDefault "20.03"; } diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index 66d430cd1..78379ba1c 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -26,7 +26,7 @@ with import ./lib.nix { inherit lib; }; lovelaceConfigWritable = true; }; - lass.hass.config = let + services.home-assistant.config = let tasmota_s20 = name: topic: { platform = "mqtt"; inherit name; diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix index 16227fcb6..48a1f72d7 100644 --- a/lass/2configs/hass/rooms/bett.nix +++ b/lass/2configs/hass/rooms/bett.nix @@ -2,38 +2,38 @@ with import ../lib.nix { inherit lib; }; { - lass.hass.config = lib.mkMerge [ + services.home-assistant.config = lib.mkMerge [ (lightswitch switches.dimmer.bett lights.bett) ]; - lass.hass.love = { - resources = [{ - url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map"; - type = "js"; - }]; - views = [{ - title = "bett"; - cards = [ - { - type = "markdown"; - title = "hello world"; - content = "This is just a test"; - } - { - type = "light"; - entity = "light.${lights.bett}"; - } - { - type = "custom:light-entity-card"; - entity = "light.${lights.bett}"; - } - { - type = "history-graph"; - entities = [ - "light.${lights.bett}" - ]; - } - ]; - }]; - }; + # lass.hass.love = { + # resources = [{ + # url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map"; + # type = "js"; + # }]; + # views = [{ + # title = "bett"; + # cards = [ + # { + # type = "markdown"; + # title = "hello world"; + # content = "This is just a test"; + # } + # { + # type = "light"; + # entity = "light.${lights.bett}"; + # } + # { + # type = "custom:light-entity-card"; + # entity = "light.${lights.bett}"; + # } + # { + # type = "history-graph"; + # entities = [ + # "light.${lights.bett}" + # ]; + # } + # ]; + # }]; + # }; } diff --git a/lass/2configs/hass/rooms/essen.nix b/lass/2configs/hass/rooms/essen.nix index f74996154..eeb3d30d2 100644 --- a/lass/2configs/hass/rooms/essen.nix +++ b/lass/2configs/hass/rooms/essen.nix @@ -2,7 +2,7 @@ with import ../lib.nix { inherit lib; }; { - lass.hass.config = lib.mkMerge [ + services.home-assistant.config = lib.mkMerge [ (detect_movement sensors.movement.essen lights.essen 10) (lightswitch switches.dimmer.essen lights.essen) ]; diff --git a/lass/2configs/hass/rooms/nass.nix b/lass/2configs/hass/rooms/nass.nix index 163f4fc48..7e6298738 100644 --- a/lass/2configs/hass/rooms/nass.nix +++ b/lass/2configs/hass/rooms/nass.nix @@ -2,7 +2,7 @@ with import ../lib.nix { inherit lib; }; { - lass.hass.config = lib.mkMerge [ + services.home-assistant.config = lib.mkMerge [ (detect_movement sensors.movement.nass lights.nass 100) (lightswitch switches.dimmer.nass lights.nass) ]; diff --git a/lass/2configs/hass/zigbee.nix b/lass/2configs/hass/zigbee.nix index 6d091066e..b2a221e49 100644 --- a/lass/2configs/hass/zigbee.nix +++ b/lass/2configs/hass/zigbee.nix @@ -35,7 +35,7 @@ in { volumes = ["/var/lib/zigbee2mqtt:/app/data"]; }; - lass.hass.config = { + services.home-assistant.config = { sensor = [ # Sensor for monitoring the bridge state { diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem deleted file mode 100644 index e69de29bb..000000000 --- a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem +++ /dev/null diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key deleted file mode 100644 index e69de29bb..000000000 --- a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key +++ /dev/null diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem deleted file mode 100644 index e69de29bb..000000000 --- a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem +++ /dev/null diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt b/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt deleted file mode 100644 index e69de29bb..000000000 --- a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt +++ /dev/null diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 78cfb29cd..ac7db10f5 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -97,7 +97,6 @@ in { overwriteProtocol = "https"; }; https = true; - nginx.enable = true; }; services.nginx.virtualHosts."o.xanf.org" = { enableACME = true; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 74585a6f8..17df71310 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -16,7 +16,6 @@ in { email = "acme@lassul.us"; acceptTerms = true; certs."lassul.us" = { - allowKeysForGroup = true; group = "lasscert"; }; }; @@ -78,7 +77,6 @@ in { email = "lassulus@lassul.us"; webroot = "/var/lib/acme/acme-challenge"; group = "nginx"; - user = "nginx"; }; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 335658ed8..c3c73bdcb 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -4,7 +4,6 @@ _: ./dnsmasq.nix ./ejabberd ./folderPerms.nix - ./hass.nix ./hosts.nix ./klem.nix ./mysql-backup.nix diff --git a/lass/3modules/hass.nix b/lass/3modules/hass.nix deleted file mode 100644 index 96521aaa9..000000000 --- a/lass/3modules/hass.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; -let - - cfg = config.lass.hass; - -in { - options.lass.hass = { - config = mkOption { - default = {}; - type = with lib.types; let - valueType = nullOr (oneOf [ - bool - int - float - str - (attrsOf valueType) - (listOf valueType) - ]) // { - description = "Yaml value"; - emptyValue.value = {}; - }; - in valueType; - }; - love = mkOption { - default = {}; - type = with lib.types; let - valueType = nullOr (oneOf [ - bool - int - float - str - (attrsOf valueType) - (listOf valueType) - ]) // { - description = "Yaml value"; - emptyValue.value = {}; - }; - in valueType; - }; - }; - - config = - assert versionOlder version "20.09"; - mkIf (cfg.config != {}) - { - services.home-assistant.config = cfg.config; - # services.home-assistant.lovelaceConfig = cfg.love; - }; -} - |