summaryrefslogtreecommitdiffstats
path: root/1systems/lass
diff options
context:
space:
mode:
Diffstat (limited to '1systems/lass')
-rw-r--r--1systems/lass/cloudkrebs.nix30
-rw-r--r--1systems/lass/mors.nix196
-rw-r--r--1systems/lass/uriel.nix166
3 files changed, 0 insertions, 392 deletions
diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix
deleted file mode 100644
index 2c755d8cb..000000000
--- a/1systems/lass/cloudkrebs.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- ../../2configs/tv/CAC-Developer-2.nix
- ../../2configs/tv/CAC-CentOS-7-64bit.nix
- ../../2configs/lass/base.nix
- ../../2configs/lass/retiolum.nix
- ../../2configs/lass/fastpoke-pages.nix
- ../../2configs/lass/new-repos.nix
- {
- networking.interfaces.enp2s1.ip4 = [
- {
- address = "104.167.113.104";
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = "104.167.113.1";
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- }
- ];
-
- krebs.enable = true;
- krebs.build.host = config.krebs.hosts.cloudkrebs;
- networking.hostName = "cloudkrebs";
-
-}
diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix
deleted file mode 100644
index 8cda1eac3..000000000
--- a/1systems/lass/mors.nix
+++ /dev/null
@@ -1,196 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- ../../2configs/lass/desktop-base.nix
- ../../2configs/lass/programs.nix
- ../../2configs/lass/bitcoin.nix
- ../../2configs/lass/browsers.nix
- ../../2configs/lass/games.nix
- ../../2configs/lass/pass.nix
- ../../2configs/lass/virtualbox.nix
- ../../2configs/lass/elster.nix
- ../../2configs/lass/urxvt.nix
- ../../2configs/lass/steam.nix
- ../../2configs/lass/wine.nix
- ../../2configs/lass/texlive.nix
- ../../2configs/lass/binary-caches.nix
- ../../2configs/lass/ircd.nix
- ../../2configs/lass/chromium-patched.nix
- ../../2configs/lass/new-repos.nix
- ../../2configs/tv/synaptics.nix
- ../../2configs/lass/retiolum.nix
- ];
-
- krebs.build.host = config.krebs.hosts.mors;
-
- networking.hostName = "mors";
- networking.wireless.enable = true;
-
- networking.extraHosts = ''
- '';
-
- nix.maxJobs = 4;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
- boot = {
- loader.grub.enable = true;
- loader.grub.version = 2;
- loader.grub.device = "/dev/sda";
-
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
- initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
- };
- fileSystems = {
- "/" = {
- device = "/dev/big/nix";
- fsType = "ext4";
- };
-
- "/boot" = {
- device = "/dev/sda1";
- };
-
- "/mnt/loot" = {
- device = "/dev/big/loot";
- fsType = "ext4";
- };
-
- "/home" = {
- device = "/dev/big/home";
- fsType = "ext4";
- };
-
- "/home/lass" = {
- device = "/dev/big/home-lass";
- fsType = "ext4";
- };
-
- "/mnt/backups" = {
- device = "/dev/big/backups";
- fsType = "ext4";
- };
-
- "/home/games/.local/share/Steam" = {
- device = "/dev/big/steam";
- fsType = "ext4";
- };
-
- "/home/virtual/virtual" = {
- device = "/dev/big/virtual";
- fsType = "ext4";
- };
-
- "/mnt/public" = {
- device = "/dev/big/public";
- fsType = "ext4";
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
- '';
-
- #TODO activationScripts seem broken, fix them!
- #activationScripts
- #split up and move into base
- system.activationScripts.powertopTunables = ''
- #Enable Audio codec power management
- echo '1' > '/sys/module/snd_hda_intel/parameters/power_save'
- #VM writeback timeout
- echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs'
- #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
- echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
- #Autosuspend for USB device Biometric Coprocessor
- echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
-
- #Runtime PMs
- echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:16.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:03:00.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:0d:00.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:16.3/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
- '';
-
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- #system.activationScripts.trackpoint = ''
- # echo 0 > '/sys/devices/platform/i8042/serio1/serio2/speed'
- # echo 220 > '/sys/devices/platform/i8042/serio1/serio2/sensitivity'
- #'';
-
- services.xserver = {
- videoDriver = "intel";
- vaapiDrivers = [ pkgs.vaapiIntel ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- BusID "PCI:0:2:0"
- '';
- };
-
- environment.systemPackages = with pkgs; [
- ];
-
- #TODO: fix this shit
- ##fprint stuff
- ##sudo fprintd-enroll $USER to save fingerprints
- #services.fprintd.enable = true;
- #security.pam.services.sudo.fprintAuth = true;
-
- users.extraGroups = {
- loot = {
- members = [
- config.users.extraUsers.mainUser.name
- "firefox"
- "chromium"
- "google"
- "virtual"
- ];
- };
- };
-
- networking.firewall = {
- allowPing = true;
- allowedTCPPorts = [
- 8000
- ];
- allowedUDPPorts = [
- 67
- ];
- };
-
- services.mongodb = {
- enable = true;
- };
-
- lass.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
- ];
- };
- };
-}
diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix
deleted file mode 100644
index 4fe8cf21a..000000000
--- a/1systems/lass/uriel.nix
+++ /dev/null
@@ -1,166 +0,0 @@
-{ config, pkgs, ... }:
-
-with builtins;
-{
- imports = [
- ../../2configs/lass/desktop-base.nix
- ../../2configs/lass/browsers.nix
- ../../2configs/lass/games.nix
- ../../2configs/lass/pass.nix
- ../../2configs/lass/urxvt.nix
- ../../2configs/lass/bird.nix
- ../../2configs/lass/new-repos.nix
- ../../2configs/lass/chromium-patched.nix
- ../../2configs/lass/retiolum.nix
- {
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = map readFile [
- ../../Zpubkeys/uriel.ssh.pub
- ];
- };
- };
- }
- ];
-
- krebs.enable = true;
- krebs.build.host = config.krebs.hosts.uriel;
- networking.hostName = "uriel";
-
- networking.wireless.enable = true;
- nix.maxJobs = 2;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
- boot = {
- #kernelParams = [
- # "acpi.brightness_switch_enabled=0"
- #];
- #loader.grub.enable = true;
- #loader.grub.version = 2;
- #loader.grub.device = "/dev/sda";
-
- loader.gummiboot.enable = true;
- loader.gummiboot.timeout = 5;
-
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
- initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
- extraModprobeConfig = ''
- '';
- };
- fileSystems = {
- "/" = {
- device = "/dev/pool/root";
- fsType = "ext4";
- };
-
- "/boot" = {
- device = "/dev/sda1";
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
- '';
-
- #services.xserver = {
- #};
-
- services.xserver.synaptics = {
- enable = true;
- twoFingerScroll = true;
- accelFactor = "0.035";
- additionalOptions = ''
- Option "FingerHigh" "60"
- Option "FingerLow" "60"
- '';
- };
-
- environment.systemPackages = with pkgs; [
- ];
-
- #for google hangout
-
- users.extraUsers.google.extraGroups = [ "audio" "video" ];
-
-
- #users.extraGroups = {
- # loot = {
- # members = [
- # "lass"
- # "firefox"
- # "chromium"
- # "google"
- # ];
- # };
- #};
- #
- # iptables
- #
- #networking.firewall.enable = false;
- #system.activationScripts.iptables =
- # let
- # log = false;
- # when = c: f: if c then f else "";
- # in
- # ''
- # ip4tables() { ${pkgs.iptables}/sbin/iptables "$@"; }
- # ip6tables() { ${pkgs.iptables}/sbin/ip6tables "$@"; }
- # ipXtables() { ip4tables "$@"; ip6tables "$@"; }
-
- # #
- # # nat
- # #
-
- # # reset tables
- # ipXtables -t nat -F
- # ipXtables -t nat -X
-
- # #
- # #ipXtables -t nat -A PREROUTING -j REDIRECT ! -i retiolum -p tcp --dport ssh --to-ports 0
- # ipXtables -t nat -A PREROUTING -j REDIRECT -p tcp --dport 11423 --to-ports ssh
-
- # #
- # # filter
- # #
-
- # # reset tables
- # ipXtables -P INPUT DROP
- # ipXtables -P FORWARD DROP
- # ipXtables -F
- # ipXtables -X
-
- # # create custom chains
- # ipXtables -N Retiolum
-
- # # INPUT
- # ipXtables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
- # ipXtables -A INPUT -j ACCEPT -i lo
- # ipXtables -A INPUT -j ACCEPT -p tcp --dport ssh -m conntrack --ctstate NEW
- # ipXtables -A INPUT -j ACCEPT -p tcp --dport http -m conntrack --ctstate NEW
- # ipXtables -A INPUT -j ACCEPT -p tcp --dport tinc -m conntrack --ctstate NEW
- # ipXtables -A INPUT -j Retiolum -i retiolum
- # ${when log "ipXtables -A INPUT -j LOG --log-level info --log-prefix 'INPUT DROP '"}
-
- # # FORWARD
- # ${when log "ipXtables -A FORWARD -j LOG --log-level info --log-prefix 'FORWARD DROP '"}
-
- # # Retiolum
- # ip4tables -A Retiolum -j ACCEPT -p icmp --icmp-type echo-request
- # ip6tables -A Retiolum -j ACCEPT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request
-
-
- # ${when log "ipXtables -A Retiolum -j LOG --log-level info --log-prefix 'REJECT '"}
- # ipXtables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset
- # ip4tables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable
- # ip4tables -A Retiolum -j REJECT --reject-with icmp-proto-unreachable
- # ip6tables -A Retiolum -j REJECT -p udp --reject-with icmp6-port-unreachable
- # ip6tables -A Retiolum -j REJECT
-
- # '';
-}