summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2020-10-23 21:02:02 +0200
committermakefu <github@syntax-fehler.de>2020-10-23 21:02:02 +0200
commite8b6cc0587929a7ebd0d00f83d298640b20b055f (patch)
treee0f813b8264119a84d6b8c32fa68041c8541ab59 /lass
parentfd41a76d4cab2765f9ef95ce5322b7bffe52b8a7 (diff)
parent242530680d5dcb37a5a023d0b8f6155ab441cead (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/blue/config.nix21
-rw-r--r--lass/1systems/morpheus/config.nix1
-rw-r--r--lass/1systems/mors/config.nix2
-rw-r--r--lass/1systems/mors/physical.nix2
-rw-r--r--lass/1systems/prism/config.nix9
-rw-r--r--lass/1systems/prism/physical.nix10
-rw-r--r--lass/1systems/shodan/physical.nix2
-rwxr-xr-xlass/1systems/wizard/run-vm.sh7
-rw-r--r--lass/1systems/wizard/test.nix2
-rw-r--r--lass/1systems/xerxes/config.nix26
-rw-r--r--lass/1systems/yellow/config.nix3
-rw-r--r--lass/2configs/baseX.nix5
-rw-r--r--lass/2configs/blue-host.nix90
-rw-r--r--lass/2configs/blue.nix7
-rw-r--r--lass/2configs/default.nix11
-rw-r--r--lass/2configs/exim-smarthost.nix8
-rw-r--r--lass/2configs/gc.nix1
-rw-r--r--lass/2configs/git.nix4
-rw-r--r--lass/2configs/green-host.nix109
-rw-r--r--lass/2configs/hass/default.nix1
-rw-r--r--lass/2configs/hass/rooms/bett.nix31
-rw-r--r--lass/2configs/hw/x220.nix11
-rw-r--r--lass/2configs/mail.nix19
-rw-r--r--lass/2configs/mpv.nix2
-rw-r--r--lass/2configs/paste.nix31
-rw-r--r--lass/2configs/radio.nix29
-rw-r--r--lass/2configs/steam.nix6
-rw-r--r--lass/2configs/syncthing.nix1
-rw-r--r--lass/2configs/websites/domsen.nix18
-rw-r--r--lass/2configs/websites/lassulus.nix5
-rw-r--r--lass/2configs/wine.nix3
-rw-r--r--lass/2configs/zsh.nix13
-rw-r--r--lass/3modules/hass.nix17
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix29
-rw-r--r--lass/5pkgs/emot-menu/default.nix2
-rw-r--r--lass/5pkgs/init/default.nix45
-rwxr-xr-xlass/5pkgs/init/run-vm.sh7
-rw-r--r--lass/5pkgs/init/test.nix13
-rwxr-xr-xlass/5pkgs/init/test.sh11
-rw-r--r--lass/krops.nix3
40 files changed, 394 insertions, 223 deletions
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index c46bb351e..f6dc23d20 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -17,27 +17,6 @@ with import <stockholm/lib>;
networking.nameservers = [ "1.1.1.1" ];
- services.restic.backups = genAttrs [
- "daedalus"
- "icarus"
- "littleT"
- "prism"
- "shodan"
- "skynet"
- ] (dest: {
- initialize = true;
- extraOptions = [
- "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
- ];
- repository = "sftp:backup@${dest}.r:/backups/blue";
- passwordFile = (toString <secrets>) + "/restic/${dest}";
- timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
- paths = [
- "/home/"
- "/var/lib"
- ];
- });
-
time.timeZone = "Europe/Berlin";
users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
}
diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix
index c3a8ea6c8..79fbe4c97 100644
--- a/lass/1systems/morpheus/config.nix
+++ b/lass/1systems/morpheus/config.nix
@@ -18,6 +18,7 @@ with import <stockholm/lib>;
gitAndTools.hub
nix-review
firefox
+ ag
];
services.openssh.forwardX11 = true;
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index c1ceb0633..b03d95c49 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -126,8 +126,6 @@ with import <stockholm/lib>;
remmina
transmission
- iodine
-
macchanger
dpass
diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix
index 2f3a68442..a9108104b 100644
--- a/lass/1systems/mors/physical.nix
+++ b/lass/1systems/mors/physical.nix
@@ -23,7 +23,7 @@
services.udev.extraRules = ''
SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:4f:42:35", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:37:15:d9", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 33ec21e72..b335353be 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -272,9 +272,9 @@ with import <stockholm/lib>;
resolveLocalQueries = false;
extraConfig= ''
- listen-address=42:1:ce16::1
+ listen-address=42:1:ce16::1,10.244.1.103
except-interface=lo
- interface=wg0
+ interface=wiregrill
'';
};
}
@@ -284,7 +284,10 @@ with import <stockholm/lib>;
];
}
{
- services.murmur.enable = true;
+ services.murmur = {
+ enable = true;
+ bandwidth = 10000000;
+ };
services.murmur.registerName = "lassul.us";
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 7458f5ffd..1a3bee850 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -55,6 +55,16 @@
fsType = "zfs";
};
+ fileSystems."/var/realwallpaper/archive" = {
+ device = "tank/wallpaper";
+ fsType = "zfs";
+ };
+
+ fileSystems."/home/xanf" = {
+ device = "/dev/disk/by-id/wwn-0x500a07511becb076";
+ fsType = "ext4";
+ };
+
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix
index 39a4d9661..55e91b0e4 100644
--- a/lass/1systems/shodan/physical.nix
+++ b/lass/1systems/shodan/physical.nix
@@ -10,7 +10,7 @@
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.devices.lusksroot.device = "/dev/sda2";
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
};
diff --git a/lass/1systems/wizard/run-vm.sh b/lass/1systems/wizard/run-vm.sh
new file mode 100755
index 000000000..13914ad5f
--- /dev/null
+++ b/lass/1systems/wizard/run-vm.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash -p nixos-generators
+
+set -efu
+
+WD=$(dirname "$0")
+nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run
diff --git a/lass/1systems/wizard/test.nix b/lass/1systems/wizard/test.nix
index c7a27102a..165b9f14d 100644
--- a/lass/1systems/wizard/test.nix
+++ b/lass/1systems/wizard/test.nix
@@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
{
imports = [
- ./default.nix
+ ./config.nix
];
virtualisation.emptyDiskImages = [
8000
diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix
index e4a4fb505..8c4362865 100644
--- a/lass/1systems/xerxes/config.nix
+++ b/lass/1systems/xerxes/config.nix
@@ -41,22 +41,6 @@
displayManager.lightdm.autoLogin.user = "lass";
};
- services.syncthing.declarative = {
- folders = {
- the_playlist = {
- path = "/home/lass/tmp/the_playlist";
- devices = [ "mors" "phone" "prism" "xerxes" ];
- };
- };
- };
- krebs.permown = {
- "/home/lass/tmp/the_playlist" = {
- owner = "lass";
- group = "syncthing";
- umask = "0007";
- };
- };
-
boot.blacklistedKernelModules = [ "xpad" ];
systemd.services.xboxdrv = {
wantedBy = [ "multi-user.target" ];
@@ -93,7 +77,15 @@
};
};
- hardware.bluetooth.enable = true;
+ hardware.bluetooth = {
+ enable = true;
+ powerOnBoot = true;
+ # config.General.Disable = "Headset";
+ extraConfig = ''
+ [General]
+ Disable = Headset
+ '';
+ };
hardware.pulseaudio.package = pkgs.pulseaudioFull;
# hardware.pulseaudio.configFile = pkgs.writeText "default.pa" ''
# load-module module-bluetooth-policy
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index bc3b1f5d5..d400697d7 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -172,7 +172,7 @@ with import <stockholm/lib>;
client
dev tun
proto udp
- remote 89.249.65.83 1194
+ remote 185.230.127.27 1194
resolv-retry infinite
remote-random
nobind
@@ -195,7 +195,6 @@ with import <stockholm/lib>;
fast-io
cipher AES-256-CBC
auth SHA512
-
<ca>
-----BEGIN CERTIFICATE-----
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index baf93ffe5..e92ddbcca 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -72,10 +72,11 @@ in {
git-preview
gnome3.dconf
iodine
+ libarchive
lm_sensors
ncdu
nix-index
- nix-review
+ nixpkgs-review
nmap
pavucontrol
ponymix
@@ -92,6 +93,8 @@ in {
xsel
zathura
(pkgs.writeDashBin "screenshot" ''
+ set -efu
+
${pkgs.flameshot-once}/bin/flameshot-once
${pkgs.klem}/bin/klem
'')
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index 718a92e9c..7aabf0931 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -49,54 +49,54 @@ in {
};
- systemd.services = builtins.listToAttrs (map (host:
- let
- in nameValuePair "sync-blue-${host}" {
- bindsTo = [ "container@blue.service" ];
- wantedBy = [ "container@blue.service" ];
- # ssh needed for rsync
- path = [ pkgs.openssh ];
- serviceConfig = {
- Restart = "always";
- RestartSec = 10;
- ExecStart = pkgs.writeDash "sync-blue-${host}" ''
- set -efu
- #make sure blue is running
- /run/wrappers/bin/ping -c1 blue.r > /dev/null
+ #systemd.services = builtins.listToAttrs (map (host:
+ # let
+ # in nameValuePair "sync-blue-${host}" {
+ # bindsTo = [ "container@blue.service" ];
+ # wantedBy = [ "container@blue.service" ];
+ # # ssh needed for rsync
+ # path = [ pkgs.openssh ];
+ # serviceConfig = {
+ # Restart = "always";
+ # RestartSec = 10;
+ # ExecStart = pkgs.writeDash "sync-blue-${host}" ''
+ # set -efu
+ # #make sure blue is running
+ # /run/wrappers/bin/ping -c1 blue.r > /dev/null
- #make sure the container is unlocked
- ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
+ # #make sure the container is unlocked
+ # ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
- #make sure our target is reachable
- ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null
+ # #make sure our target is reachable
+ # ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null
- #start sync
- ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" ''
- settings {
- nodaemon = true,
- inotifyMode = "CloseWrite or Modify",
- }
- sync {
- default.rsyncssh,
- source = "/var/lib/containers/.blue",
- host = "${host}.r",
- targetdir = "/var/lib/containers/.blue",
- rsync = {
- archive = true,
- owner = true,
- group = true,
- };
- ssh = {
- binary = "${pkgs.openssh}/bin/ssh";
- identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
- },
- }
- ''}
- '';
- };
- unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
- }
- ) remote_hosts);
+ # #start sync
+ # ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" ''
+ # settings {
+ # nodaemon = true,
+ # inotifyMode = "CloseWrite or Modify",
+ # }
+ # sync {
+ # default.rsyncssh,
+ # source = "/var/lib/containers/.blue",
+ # host = "${host}.r",
+ # targetdir = "/var/lib/containers/.blue",
+ # rsync = {
+ # archive = true,
+ # owner = true,
+ # group = true,
+ # };
+ # ssh = {
+ # binary = "${pkgs.openssh}/bin/ssh";
+ # identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
+ # },
+ # }
+ # ''}
+ # '';
+ # };
+ # unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
+ # }
+ #) remote_hosts);
environment.systemPackages = [
(pkgs.writeDashBin "start-blue" ''
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index a4000cada..15408a200 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -26,6 +26,8 @@ with (import <stockholm/lib>);
{ predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";}
{ predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";}
{ predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";}
+ { predicate = "-i retiolum -p tcp --dport imap"; target = "ACCEPT";}
+ { predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";}
];
systemd.services.chat = let
@@ -64,4 +66,9 @@ with (import <stockholm/lib>);
ExecStop = "${tmux} kill-session -t IM";
};
};
+
+ services.dovecot2 = {
+ enable = true;
+ mailLocation = "maildir:~/Maildir";
+ };
}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index ae2754c96..f59988b75 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -44,7 +44,15 @@ with import <stockholm/lib>;
config.krebs.users.lass-yubikey.pubkey
];
};
+ nix = {
+ isNormalUser = true;
+ uid = genid_uint31 "nix";
+ openssh.authorizedKeys.keys = [
+ config.krebs.hosts.mors.ssh.pubkey
+ ];
+ };
};
+ nix.trustedUsers = ["nix"];
}
{
environment.variables = {
@@ -212,4 +220,7 @@ with import <stockholm/lib>;
networking.dhcpcd.extraConfig = ''
noipv4ll
'';
+
+ # use 24:00 time format, the default got sneakily changed around 20.03
+ i18n.defaultLocale = mkDefault "C.UTF-8";
}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 82839beba..797864b15 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -2,8 +2,6 @@
to = concatStringsSep "," [
"lass@blue.r"
- "lass@xerxes.r"
- "lass@mors.r"
];
mails = [
@@ -110,6 +108,12 @@
"auschein@lassul.us"
"tleech@lassul.us"
"durstexpress@lassul.us"
+ "acme@lassul.us"
+ "antstore@lassul.us"
+ "openweather@lassul.us"
+ "lobsters@lassul.us"
+ "rewe@lassul.us"
+ "spotify@lassul.us"
];
in {
diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix
index 0ddb63a03..f9c61c461 100644
--- a/lass/2configs/gc.nix
+++ b/lass/2configs/gc.nix
@@ -4,5 +4,6 @@ with import <stockholm/lib>;
{
nix.gc = {
automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer);
+ options = "--delete-older-than 15d";
};
}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index eba68c0bc..edec2dcb4 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -58,6 +58,10 @@ let
cgit.desc = "url shortener";
cgit.section = "software";
};
+ grib2json-bin = {
+ cgit.desc = "build jar of grib2json";
+ cgit.section = "deployment";
+ };
krebspage = {
cgit.desc = "homepage of krebs";
cgit.section = "configuration";
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
index 0cccbc30e..6cccab4b3 100644
--- a/lass/2configs/green-host.nix
+++ b/lass/2configs/green-host.nix
@@ -1,38 +1,44 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
-{
+let
+
+ cname = "green";
+ cryfs = pkgs.cryfs.overrideAttrs (old: {
+ patches = [
+ (pkgs.writeText "file_mode.patch" ''
+ --- a/src/cryfs/filesystem/CryNode.cpp
+ +++ b/src/cryfs/filesystem/CryNode.cpp
+ @@ -171,7 +171,7 @@ CryNode::stat_info CryNode::stat() const {
+ result.uid = fspp::uid_t(getuid());
+ result.gid = fspp::gid_t(getgid());
+ #endif
+ - result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag();
+ + result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag().addGroupReadFlag().addGroupExecFlag().addOtherReadFlag().addOtherExecFlag();;
+ result.size = fsblobstore::DirBlob::DIR_LSTAT_SIZE;
+ //TODO If possible without performance loss, then for a directory, st_nlink should return number of dir entries (including "." and "..")
+ result.nlink = 1;
+ '')
+ ] ++ old.patches;
+ });
+
+in {
imports = [
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/syncthing.nix>
- { #hack for already defined
- systemd.services."container@green".reloadIfChanged = mkForce false;
- systemd.services."container@green".preStart = ''
- ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green '
- '';
- systemd.services."container@green".postStop = ''
- set -x
- ${pkgs.umount}/bin/umount /var/lib/containers/green
- ls -la /dev/mapper/control
- ${pkgs.devicemapper}/bin/dmsetup ls
- ${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img
- '';
- }
];
- services.syncthing.declarative.folders."/var/lib/sync-containers".devices = [ "icarus" "skynet" "littleT" "shodan" ];
- krebs.permown."/var/lib/sync-containers" = {
- owner = "root";
- group = "syncthing";
- umask = "0007";
- };
+ programs.fuse.userAllowOther = true;
- system.activationScripts.containerPermissions = ''
- mkdir -p /var/lib/containers
- chmod 711 /var/lib/containers
- '';
+ services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}".devices = [ "icarus" "skynet" "littleT" "shodan" ];
+ # krebs.permown."/var/lib/sync-containers/${cname}" = {
+ # owner = "root";
+ # group = "syncthing";
+ # umask = "0007";
+ # };
- containers.green = {
+ systemd.services."container@green".reloadIfChanged = mkForce false;
+ containers.${cname} = {
config = { ... }: {
environment.systemPackages = [
pkgs.git
@@ -42,41 +48,52 @@ with import <stockholm/lib>;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
+ system.activationScripts.fuse = {
+ text = ''
+ ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
+ '';
+ deps = [];
+ };
};
+ allowedDevices = [
+ { modifier = "rwm"; node = "/dev/fuse"; }
+ ];
autoStart = false;
enableTun = true;
privateNetwork = true;
- hostAddress = "10.233.2.15";
- localAddress = "10.233.2.16";
+ hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs
+ localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs
};
environment.systemPackages = [
- (pkgs.writeDashBin "start-green" ''
- set -fu
- CONTAINER='green'
- IMAGE='/var/lib/sync-containers/green.img'
-
- ${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null
- if [ "$?" -ne 0 ]; then
- ${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER"
- fi
-
- mkdir -p /var/lib/containers/"$CONTAINER"
+ (pkgs.writeDashBin "start-${cname}" ''
+ set -euf
- ${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" "
- if [ "$?" -ne 0 ]; then
- ${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER"
+ mkdir -p /var/lib/containers/${cname}/var/state
+ chown ${config.services.syncthing.user}: /var/lib/containers/${cname}/var/state
+ if ! ${pkgs.mount}/bin/mount | grep -q '^cryfs@/var/lib/sync-containers/${cname} on /var/lib/containers/${cname}/var/state '; then
+ /run/wrappers/bin/sudo -u "${config.services.syncthing.user}" \
+ ${cryfs}/bin/cryfs /var/lib/sync-containers/${cname} /var/lib/containers/${cname}/var/state -o allow_other -o default_permissions
fi
- STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER")
+ STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname})
if [ "$STATE" = 'down' ]; then
- ${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER"
+ ${pkgs.nixos-container}/bin/nixos-container start ${cname}
fi
- ping -c1 green.r
- if [ "$?" -ne 0 ]; then
- ${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch
+
+ if ! ping -c1 -q -w5 ${cname}.r && [ -d /var/lib/containers/${cname}/var/src ]; then
+ ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" ''
+ mkdir -p /var/state/var_src
+ ln -sf state/var_Src /var/src
+ nixos-rebuild -I /var/src switch
+ ''}
fi
+ '')
+ (pkgs.writeDashBin "stop-${cname}" ''
+ set -euf
+ ${pkgs.nixos-container}/bin/nixos-container stop ${cname}
+ ${cryfs}/bin/cryfs-unmount /var/lib/containers/${cname}/var/state
'')
];
}
diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix
index a48c61a69..66d430cd1 100644
--- a/lass/2configs/hass/default.nix
+++ b/lass/2configs/hass/default.nix
@@ -23,6 +23,7 @@ with import ./lib.nix { inherit lib; };
# extraComponents = [ "hue" ];
};
configWritable = true;
+ lovelaceConfigWritable = true;
};
lass.hass.config = let
diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix
index b5da9221c..16227fcb6 100644
--- a/lass/2configs/hass/rooms/bett.nix
+++ b/lass/2configs/hass/rooms/bett.nix
@@ -5,4 +5,35 @@ with import ../lib.nix { inherit lib; };
lass.hass.config = lib.mkMerge [
(lightswitch switches.dimmer.bett lights.bett)
];
+
+ lass.hass.love = {
+ resources = [{
+ url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map";
+ type = "js";
+ }];
+ views = [{
+ title = "bett";
+ cards = [
+ {
+ type = "markdown";
+ title = "hello world";
+ content = "This is just a test";
+ }
+ {
+ type = "light";
+ entity = "light.${lights.bett}";
+ }
+ {
+ type = "custom:light-entity-card";
+ entity = "light.${lights.bett}";
+ }
+ {
+ type = "history-graph";
+ entities = [
+ "light.${lights.bett}"
+ ];
+ }
+ ];
+ }];
+ };
}
diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix
index 89b119347..31f9787e0 100644
--- a/lass/2configs/hw/x220.nix
+++ b/lass/2configs/hw/x220.nix
@@ -5,7 +5,7 @@
];
boot = {
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
+ initrd.luks.devices.luksroot.device = "/dev/sda3";
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
extraModulePackages = [
@@ -47,9 +47,10 @@
services.logind.lidSwitchDocked = "ignore";
services.tlp.enable = true;
- services.tlp.extraConfig = ''
- START_CHARGE_THRESH_BAT0=80
- STOP_CHARGE_THRESH_BAT0=95
- '';
+ #services.tlp.extraConfig = ''
+ # START_CHARGE_THRESH_BAT0=80
+ # STOP_CHARGE_THRESH_BAT0=95