summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2020-12-02 00:45:50 +0100
committertv <tv@krebsco.de>2020-12-02 00:45:50 +0100
commitd60b1b793f3a1635c1fe30aa11b64831fd665b4f (patch)
treed484b1315dab9b6c3d230118f6e33b0888f0aca5 /lass
parent29827720520b6a4885dbdcb3237070e6e45dd910 (diff)
parent813eefa3c55fd1cd234b0adb1da7286bd761b579 (diff)
Merge remote-tracking branch 'prism/master' into master
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/icarus/config.nix1
-rw-r--r--lass/1systems/morpheus/physical.nix5
-rw-r--r--lass/1systems/prism/config.nix9
-rw-r--r--lass/1systems/shodan/config.nix1
-rw-r--r--lass/1systems/styx/config.nix80
-rw-r--r--lass/1systems/styx/physical.nix34
-rw-r--r--lass/1systems/uriel/physical.nix2
-rw-r--r--lass/2configs/copyq.nix3
-rw-r--r--lass/2configs/dcso-vpn.nix44
-rw-r--r--lass/2configs/default.nix2
-rw-r--r--lass/2configs/hass/default.nix2
-rw-r--r--lass/2configs/hass/rooms/bett.nix62
-rw-r--r--lass/2configs/hass/rooms/essen.nix2
-rw-r--r--lass/2configs/hass/rooms/nass.nix2
-rw-r--r--lass/2configs/hass/zigbee.nix2
-rw-r--r--lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem0
-rw-r--r--lass/2configs/tests/dummy-secrets/dcsovpn/cert.key0
-rw-r--r--lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem0
-rw-r--r--lass/2configs/tests/dummy-secrets/dcsovpn/login.txt0
-rw-r--r--lass/2configs/websites/domsen.nix1
-rw-r--r--lass/2configs/websites/lassulus.nix2
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/hass.nix51
23 files changed, 161 insertions, 145 deletions
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 8332e7c53..609da6011 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -19,7 +19,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/nfs-dl.nix>
#<stockholm/lass/2configs/prism-share.nix>
- <stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/home-media.nix>
];
diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix
index 3fb03cda4..6e59a2273 100644
--- a/lass/1systems/morpheus/physical.nix
+++ b/lass/1systems/morpheus/physical.nix
@@ -34,10 +34,7 @@
};
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- devices = [{
- name = "luksroot";
- device = "/dev/nvme0n1p3";
- }];
+ devices.luksroot.device = "/dev/nvme0n1p3";
};
services.udev.extraRules = ''
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 944a68beb..1206f1655 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -392,6 +392,15 @@ with import <stockholm/lib>;
];
}
{
+ users.users.shannan = {
+ uid = genid_uint31 "shannan";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.shannan.pubkey
+ ];
+ };
+ }
+ {
nix.trustedUsers = [ "mic92" ];
users.users.mic92 = {
uid = genid_uint31 "mic92";
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index d7b43f2cd..9e01396bc 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -15,7 +15,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/blue-host.nix>
- <stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/gg23.nix>
<stockholm/lass/2configs/hass>
diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix
new file mode 100644
index 000000000..4c3ae1411
--- /dev/null
+++ b/lass/1systems/styx/config.nix
@@ -0,0 +1,80 @@
+{ config, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+ imports = [
+ <stockholm/lass>
+
+ <stockholm/lass/2configs/mouse.nix>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/baseX.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/browsers.nix>
+ <stockholm/lass/2configs/programs.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
+ # <stockholm/lass/2configs/gg23.nix>
+ # <stockholm/lass/2configs/hass>
+ # <stockholm/lass/2configs/br.nix>
+ <stockholm/lass/2configs/fetchWallpaper.nix>
+ <stockholm/lass/2configs/home-media.nix>
+ # <stockholm/lass/2configs/syncthing.nix>
+ # <stockholm/lass/2configs/sync/sync.nix>
+ # <stockholm/lass/2configs/idc.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.styx;
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport ${toString config.services.smokeping.port}"; target = "ACCEPT"; }
+ ];
+ services.smokeping = {
+ enable = true;
+ targetConfig = ''
+ probe = FPing
+ menu = top
+ title = top
+
+ + Local
+ menu = Local
+ title = Local Network
+ ++ LocalMachine
+ menu = Local Machine
+ title = This host
+ host = localhost
+
+ + Internet
+ menu = internet
+ title = internet
+
+ ++ CloudflareDNS
+ menu = Cloudflare DNS
+ title = Cloudflare DNS server
+ host = 1.1.1.1
+
+ ++ GoogleDNS
+ menu = Google DNS
+ title = Google DNS server
+ host = 8.8.8.8
+
+ + retiolum
+ menu = retiolum
+ title = retiolum
+
+ ++ gum
+ menu = gum.r
+ title = gum.r
+ host = gum.r
+
+ ++ ni
+ menu = ni.r
+ title = ni.r
+ host = ni.r
+
+ ++ prism
+ menu = prism.r
+ title = prism.r
+ host = prism.r
+ '';
+ };
+}
+
diff --git a/lass/1systems/styx/physical.nix b/lass/1systems/styx/physical.nix
new file mode 100644
index 000000000..a3899f87d
--- /dev/null
+++ b/lass/1systems/styx/physical.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ ./config.nix
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+ boot.initrd.kernelModules = [ "dm-snapshot" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.efiSupport = true;
+ boot.loader.grub.device = "/dev/disk/by-id/ata-SanDisk_SSD_G5_BICS4_20248F446514";
+ boot.loader.grub.efiInstallAsRemovable = true;
+
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/ee5c9099-17fa-401e-852e-67cb4ae068f4";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/EAA5-88A9";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix
index 2d21f00d5..82a088643 100644
--- a/lass/1systems/uriel/physical.nix
+++ b/lass/1systems/uriel/physical.nix
@@ -15,7 +15,7 @@
loader.systemd-boot.enable = true;
loader.timeout = 5;
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.devices.luksroot.device = "/dev/sda2";
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix
index 56c091a6e..ed78699b0 100644
--- a/lass/2configs/copyq.nix
+++ b/lass/2configs/copyq.nix
@@ -25,9 +25,6 @@ in {
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
- path = with pkgs; [
- qt5.full
- ];
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
diff --git a/lass/2configs/dcso-vpn.nix b/lass/2configs/dcso-vpn.nix
deleted file mode 100644
index 0a5623bf0..000000000
--- a/lass/2configs/dcso-vpn.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-with import <stockholm/lib>;
-{ ... }:
-
-{
-
- users.extraUsers = {
- dcsovpn = rec {
- name = "dcsovpn";
- uid = genid "dcsovpn";
- description = "user for running dcso openvpn";
- home = "/home/${name}";
- };
- };
-
- users.extraGroups.dcsovpn.gid = genid "dcsovpn";
-
- services.openvpn.servers = {
- dcso = {
- config = ''
- client
- dev tun
- tun-mtu 1356
- mssfix
- proto udp
- float
- remote 217.111.55.41 1194
- nobind
- user dcsovpn
- group dcsovpn
- persist-key
- persist-tun
- ca ${toString <secrets/dcsovpn/ca.pem>}
- cert ${toString <secrets/dcsovpn/cert.pem>}
- key ${toString <secrets/dcsovpn/cert.key>}
- verb 3
- mute 20
- auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
- route-method exe
- route-delay 2
- '';
- updateResolvConf = true;
- };
- };
-}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index f59988b75..1cf421fed 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -2,7 +2,6 @@ with import <stockholm/lib>;
{ config, pkgs, ... }:
{
imports = [
- <stockholm/krebs/2configs/nscd-fix.nix>
./binary-cache/client.nix
./backup.nix
./gc.nix
@@ -223,4 +222,5 @@ with import <stockholm/lib>;
# use 24:00 time format, the default got sneakily changed around 20.03
i18n.defaultLocale = mkDefault "C.UTF-8";
+ system.stateVersion = mkDefault "20.03";
}
diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix
index 66d430cd1..78379ba1c 100644
--- a/lass/2configs/hass/default.nix
+++ b/lass/2configs/hass/default.nix
@@ -26,7 +26,7 @@ with import ./lib.nix { inherit lib; };
lovelaceConfigWritable = true;
};
- lass.hass.config = let
+ services.home-assistant.config = let
tasmota_s20 = name: topic: {
platform = "mqtt";
inherit name;
diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix
index 16227fcb6..48a1f72d7 100644
--- a/lass/2configs/hass/rooms/bett.nix
+++ b/lass/2configs/hass/rooms/bett.nix
@@ -2,38 +2,38 @@
with import ../lib.nix { inherit lib; };
{
- lass.hass.config = lib.mkMerge [
+ services.home-assistant.config = lib.mkMerge [
(lightswitch switches.dimmer.bett lights.bett)
];
- lass.hass.love = {
- resources = [{
- url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map";
- type = "js";
- }];
- views = [{
- title = "bett";
- cards = [
- {
- type = "markdown";
- title = "hello world";
- content = "This is just a test";
- }
- {
- type = "light";
- entity = "light.${lights.bett}";
- }
- {
- type = "custom:light-entity-card";
- entity = "light.${lights.bett}";
- }
- {
- type = "history-graph";
- entities = [
- "light.${lights.bett}"
- ];
- }
- ];
- }];
- };
+ # lass.hass.love = {
+ # resources = [{
+ # url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map";
+ # type = "js";
+ # }];
+ # views = [{
+ # title = "bett";
+ # cards = [
+ # {
+ # type = "markdown";
+ # title = "hello world";
+ # content = "This is just a test";
+ # }
+ # {
+ # type = "light";
+ # entity = "light.${lights.bett}";
+ # }
+ # {
+ # type = "custom:light-entity-card";
+ # entity = "light.${lights.bett}";
+ # }
+ # {
+ # type = "history-graph";
+ # entities = [
+ # "light.${lights.bett}"
+ # ];
+ # }
+ # ];
+ # }];
+ # };
}
diff --git a/lass/2configs/hass/rooms/essen.nix b/lass/2configs/hass/rooms/essen.nix
index f74996154..eeb3d30d2 100644
--- a/lass/2configs/hass/rooms/essen.nix
+++ b/lass/2configs/hass/rooms/essen.nix
@@ -2,7 +2,7 @@
with import ../lib.nix { inherit lib; };
{
- lass.hass.config = lib.mkMerge [
+ services.home-assistant.config = lib.mkMerge [
(detect_movement sensors.movement.essen lights.essen 10)
(lightswitch switches.dimmer.essen lights.essen)
];
diff --git a/lass/2configs/hass/rooms/nass.nix b/lass/2configs/hass/rooms/nass.nix
index 163f4fc48..7e6298738 100644
--- a/lass/2configs/hass/rooms/nass.nix
+++ b/lass/2configs/hass/rooms/nass.nix
@@ -2,7 +2,7 @@
with import ../lib.nix { inherit lib; };
{
- lass.hass.config = lib.mkMerge [
+ services.home-assistant.config = lib.mkMerge [
(detect_movement sensors.movement.nass lights.nass 100)
(lightswitch switches.dimmer.nass lights.nass)
];
diff --git a/lass/2configs/hass/zigbee.nix b/lass/2configs/hass/zigbee.nix
index 6d091066e..b2a221e49 100644
--- a/lass/2configs/hass/zigbee.nix
+++ b/lass/2configs/hass/zigbee.nix
@@ -35,7 +35,7 @@ in {
volumes = ["/var/lib/zigbee2mqtt:/app/data"];
};
- lass.hass.config = {
+ services.home-assistant.config = {
sensor = [
# Sensor for monitoring the bridge state
{
diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt b/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt
+++ /dev/null
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 78cfb29cd..ac7db10f5 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -97,7 +97,6 @@ in {
overwriteProtocol = "https";
};
https = true;
- nginx.enable = true;
};
services.nginx.virtualHosts."o.xanf.org" = {
enableACME = true;
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 74585a6f8..17df71310 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -16,7 +16,6 @@ in {
email = "acme@lassul.us";
acceptTerms = true;
certs."lassul.us" = {
- allowKeysForGroup = true;
group = "lasscert";
};
};
@@ -78,7 +77,6 @@ in {
email = "lassulus@lassul.us";
webroot = "/var/lib/acme/acme-challenge";
group = "nginx";
- user = "nginx";
};
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 335658ed8..c3c73bdcb 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -4,7 +4,6 @@ _:
./dnsmasq.nix
./ejabberd
./folderPerms.nix
- ./hass.nix
./hosts.nix
./klem.nix
./mysql-backup.nix
diff --git a/lass/3modules/hass.nix b/lass/3modules/hass.nix
deleted file mode 100644
index 96521aaa9..000000000
--- a/lass/3modules/hass.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-let
-
- cfg = config.lass.hass;
-
-in {
- options.lass.hass = {
- config = mkOption {
- default = {};
- type = with lib.types; let
- valueType = nullOr (oneOf [
- bool
- int
- float
- str
- (attrsOf valueType)
- (listOf valueType)
- ]) // {
- description = "Yaml value";
- emptyValue.value = {};
- };
- in valueType;
- };
- love = mkOption {
- default = {};
- type = with lib.types; let
- valueType = nullOr (oneOf [
- bool
- int
- float
- str
- (attrsOf valueType)
- (listOf valueType)
- ]) // {
- description = "Yaml value";
- emptyValue.value = {};
- };
- in valueType;
- };
- };
-
- config =
- assert versionOlder version "20.09";
- mkIf (cfg.config != {})
- {
- services.home-assistant.config = cfg.config;
- # services.home-assistant.lovelaceConfig = cfg.love;
- };
-}
-