summaryrefslogtreecommitdiffstats
path: root/makefu/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-06-30 16:31:05 +0200
committertv <tv@krebsco.de>2016-06-30 16:31:05 +0200
commitd81b068113325fb7604089c3647c365a41804978 (patch)
tree4c43ad2142825ac7c0a7045e5c48a039b25f6786 /makefu/2configs
parent1542f9bbee823025f703e6abf3836905cee416fd (diff)
parentf12578c66f8b7b829c0dec5255f358778c0d3366 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/2configs')
-rw-r--r--makefu/2configs/default.nix15
-rw-r--r--makefu/2configs/fs/CAC-CentOS-7-64bit.nix20
-rw-r--r--makefu/2configs/fs/sda-crypto-root.nix6
-rw-r--r--makefu/2configs/hw/CAC.nix13
-rw-r--r--makefu/2configs/hw/fingerprint-reader.nix6
-rw-r--r--makefu/2configs/hw/tp-x220.nix4
-rw-r--r--makefu/2configs/hw/tp-x2x0.nix3
-rw-r--r--makefu/2configs/save-diskspace.nix9
8 files changed, 69 insertions, 7 deletions
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 62daed8be..422927b28 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -16,6 +16,8 @@ with config.krebs.lib;
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
krebs = {
enable = true;
+
+ dns.providers.siem = "hosts";
search-domain = "retiolum";
build = {
user = config.krebs.users.makefu;
@@ -24,7 +26,9 @@ with config.krebs.lib;
url = https://github.com/nixos/nixpkgs;
rev = "63b9785"; # stable @ 2016-06-01
};
- secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/";
+ secrets = if getEnv "dummy_secrets" == "true"
+ then toString <stockholm/makefu/6tests/data/secrets>
+ else "/home/makefu/secrets/${config.krebs.build.host.name}";
stockholm = "/home/makefu/stockholm";
# Defaults for all stockholm users?
@@ -154,6 +158,15 @@ with config.krebs.lib;
"net.ipv6.conf.default.use_tempaddr" = 2;
};
+ system.activationScripts.nix-defexpr = ''
+ (set -euf
+ for i in /home/makefu /root/;do
+ f="$i/.nix-defexpr"
+ rm -fr "$f"
+ ln -s /var/src/nixpkgs "$f"
+ done)
+ '';
+
i18n = {
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
diff --git a/makefu/2configs/fs/CAC-CentOS-7-64bit.nix b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix
new file mode 100644
index 000000000..c9eb97f44
--- /dev/null
+++ b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix
@@ -0,0 +1,20 @@
+_:
+
+{
+ boot.loader.grub = {
+ device = "/dev/sda";
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/centos/root";
+ fsType = "xfs";
+ };
+ "/boot" = {
+ device = "/dev/sda1";
+ fsType = "xfs";
+ };
+ };
+ swapDevices = [
+ { device = "/dev/centos/swap"; }
+ ];
+}
diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix
index b82c0e44e..5c7cdf716 100644
--- a/makefu/2configs/fs/sda-crypto-root.nix
+++ b/makefu/2configs/fs/sda-crypto-root.nix
@@ -1,16 +1,16 @@
{ config, lib, pkgs, ... }:
# sda: bootloader grub2
-# sda1: boot ext4 (label nixboot)
+# sda1: boot ext4 (label nixboot) - must be unlocked on boot if required:
+ # boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
# sda2: cryptoluks -> ext4
with config.krebs.lib;
{
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
- loader.grub.device = "/dev/sda";
+ loader.grub.device = lib.mkDefault "/dev/sda";
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
};
diff --git a/makefu/2configs/hw/CAC.nix b/makefu/2configs/hw/CAC.nix
new file mode 100644
index 000000000..9ed18344a
--- /dev/null
+++ b/makefu/2configs/hw/CAC.nix
@@ -0,0 +1,13 @@
+_:
+{
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "vmw_pvscsi"
+ ];
+ boot.loader.grub.splashImage = null;
+ nix = {
+ daemonIONiceLevel = 1;
+ daemonNiceLevel = 1;
+ };
+ sound.enable = false;
+}
diff --git a/makefu/2configs/hw/fingerprint-reader.nix b/makefu/2configs/hw/fingerprint-reader.nix
new file mode 100644
index 000000000..1f2f00b03
--- /dev/null
+++ b/makefu/2configs/hw/fingerprint-reader.nix
@@ -0,0 +1,6 @@
+_: {
+ # add fingerprint with fprintd-enroll
+ services.fprintd.enable = true;
+ security.pam.services.login.fprintAuth = true;
+ security.pam.services.xscreensaver.fprintAuth = true;
+}
diff --git a/makefu/2configs/hw/tp-x220.nix b/makefu/2configs/hw/tp-x220.nix
index be3d1eb70..1c9a34965 100644
--- a/makefu/2configs/hw/tp-x220.nix
+++ b/makefu/2configs/hw/tp-x220.nix
@@ -5,7 +5,7 @@ with config.krebs.lib;
imports = [ ./tp-x2x0.nix ];
boot = {
- kernelModules = [ "kvm-intel" "acpi_call" ];
+ kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
};
@@ -28,7 +28,7 @@ with config.krebs.lib;
# enable HDMI output switching with pulseaudio
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
- ${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
+ ${builtins.readFile "${config.hardware.pulseaudio.package.out}/etc/pulse/default.pa"}
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"
'';
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 7f9dc67a5..c10ec1314 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -22,7 +22,8 @@ with config.krebs.lib;
services.tlp.enable = true;
services.tlp.extraConfig = ''
- START_CHARGE_THRESH_BAT0=80
+ # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
+ #START_CHARGE_THRESH_BAT0=80
STOP_CHARGE_THRESH_BAT0=95
CPU_SCALING_GOVERNOR_ON_AC=performance
diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix
new file mode 100644
index 000000000..cc2b29cac
--- /dev/null
+++ b/makefu/2configs/save-diskspace.nix
@@ -0,0 +1,9 @@
+_:
+# TODO: do not check out nixpkgs master but fetch revision from github
+{
+ services.nixosManual.enable = false;
+ programs.man.enable = false;
+ services.journald.extraConfig = "SystemMaxUse=50M";
+ nix.gc.automatic = true;
+ nix.gc.dates = "03:10";
+}