diff options
author | tv <tv@krebsco.de> | 2017-07-06 21:47:47 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-07-10 11:05:48 +0200 |
commit | 7fdc46bb9d911838edfa723d985ede6a604c0c5a (patch) | |
tree | 3ceb366c12f0bc229cfcd5fce6c2f409e29fe06b /tv/1systems/wu | |
parent | fc3f5d3d56a299b7b46c1a42d3fec57c536a5917 (diff) |
move source config from module system to 1systems/*/source.nix
Diffstat (limited to 'tv/1systems/wu')
-rw-r--r-- | tv/1systems/wu/config.nix | 174 | ||||
-rw-r--r-- | tv/1systems/wu/source.nix | 4 |
2 files changed, 178 insertions, 0 deletions
diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix new file mode 100644 index 000000000..5b2542acd --- /dev/null +++ b/tv/1systems/wu/config.nix @@ -0,0 +1,174 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +{ + krebs.build.host = config.krebs.hosts.wu; + + imports = [ + <stockholm/tv> + <stockholm/tv/2configs/hw/w110er.nix> + <stockholm/tv/2configs/exim-retiolum.nix> + <stockholm/tv/2configs/gitrepos.nix> + <stockholm/tv/2configs/im.nix> + <stockholm/tv/2configs/mail-client.nix> + <stockholm/tv/2configs/man.nix> + <stockholm/tv/2configs/nginx/public_html.nix> + <stockholm/tv/2configs/pulse.nix> + <stockholm/tv/2configs/retiolum.nix> + <stockholm/tv/2configs/xserver> + { + environment.systemPackages = with pkgs; [ + # root + cryptsetup + + # tv + bc + bind # dig + cac-api + dic + file + get + gnupg1compat + haskellPackages.hledger + jq + mkpasswd + netcat + nix-repl + nmap + p7zip + push + qrencode + tmux + + #ack + #apache-httpd + #ascii + #emacs + #es + #esniper + #gcc + #gptfdisk + #graphviz + #haskellPackages.cabal2nix + #haskellPackages.ghc + #haskellPackages.shake + #hdparm + #i7z + #iftop + #imagemagick + #inotifyTools + #iodine + #iotop + #lshw + #lsof + #minicom + #mtools + #ncmpc + #neovim + #nethogs + #nix-prefetch-scripts #cvs bug + #openssl + #openswan + #parted + #perl + #powertop + #ppp + #proot + #pythonPackages.arandr + #pythonPackages.youtube-dl + #racket + #rxvt_unicode-with-plugins + #scrot + #sec + #silver-searcher + #sloccount + #smartmontools + #socat + #sshpass + #strongswan + #sysdig + #sysstat + #tcpdump + #tlsdate + #unetbootin + #utillinuxCurses + #wvdial + #xdotool + #xkill + #xl2tpd + #xsel + + unison + ]; + } + ]; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ + { name = "wuca"; device = "/dev/sda2"; } + ]; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/wuvga-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/bku" = { + device = "/dev/mapper/wuvga-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/wuvga-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name; + hardware.bumblebee.enable = true; + hardware.bumblebee.group = "video"; + hardware.enableAllFirmware = true; + hardware.opengl.driSupport32Bit = true; + + environment.systemPackages = with pkgs; [ + ethtool + tinc_pre + iptables + #jack2 + ]; + + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; + + services.printing.enable = true; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" + + # for jack + KERNEL=="rtc0", GROUP="audio" + KERNEL=="hpet", GROUP="audio" + ''; + + virtualisation.virtualbox.host.enable = true; +} diff --git a/tv/1systems/wu/source.nix b/tv/1systems/wu/source.nix new file mode 100644 index 000000000..2e9cdeb8a --- /dev/null +++ b/tv/1systems/wu/source.nix @@ -0,0 +1,4 @@ +import <stockholm/tv/source.nix> { + name = "wu"; + secure = true; +} |