diff options
-rw-r--r-- | krebs/1systems/arcadeomat/config.nix | 87 | ||||
-rw-r--r-- | krebs/1systems/arcadeomat/hw.nix | 25 | ||||
-rw-r--r-- | krebs/3modules/external/mic92.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/krebs/default.nix | 24 | ||||
-rw-r--r-- | makefu/1systems/wbob/config.nix | 12 | ||||
-rw-r--r-- | makefu/2configs/fs/sda-crypto-root.nix | 4 | ||||
-rw-r--r-- | makefu/2configs/nix-community/supervision.nix | 1 | ||||
-rw-r--r-- | makefu/2configs/tools/extra-gui.nix | 3 | ||||
-rw-r--r-- | makefu/2configs/urlwatch/default.nix | 6 |
9 files changed, 151 insertions, 13 deletions
diff --git a/krebs/1systems/arcadeomat/config.nix b/krebs/1systems/arcadeomat/config.nix new file mode 100644 index 000000000..8a2b0202e --- /dev/null +++ b/krebs/1systems/arcadeomat/config.nix @@ -0,0 +1,87 @@ +{ config,lib, pkgs, ... }: +let + shack-ip = config.krebs.build.host.nets.shack.ip4.addr; + ext-if = "et0"; + external-mac = "52:54:b0:0b:af:fe"; + mainUser = "krebs"; + +in +{ + imports = [ + ./hw.nix + <stockholm/krebs> + <stockholm/krebs/2configs> + + #<stockholm/krebs/2configs/binary-cache/nixos.nix> + #<stockholm/krebs/2configs/binary-cache/prism.nix> + + <stockholm/krebs/2configs/shack/ssh-keys.nix> + <stockholm/krebs/2configs/save-diskspace.nix> + <stockholm/krebs/2configs/shack/prometheus/node.nix> + + ]; + # use your own binary cache, fallback use cache.nixos.org (which is used by + # apt-cacher-ng in first place) + + # local discovery in shackspace + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; + + + #networking = { + # firewall.enable = false; + # firewall.allowedTCPPorts = [ 8088 8086 8083 ]; + # interfaces."${ext-if}".ipv4.addresses = [ + # { + # address = shack-ip; + # prefixLength = 20; + # } + # ]; + + # defaultGateway = "10.42.0.1"; + # nameservers = [ "10.42.0.100" "10.42.0.200" ]; + #}; + + ##################### + # uninteresting stuff + ##################### + krebs.build.host = config.krebs.hosts.arcadeomat; + users.users."${mainUser}" = { + uid = 9001; + extraGroups = [ "audio" "video" ]; + isNormalUser = true; + }; + boot.kernel.sysctl = { + # Enable IPv6 Privacy Extensions + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; + + + time.timeZone = "Europe/Berlin"; + + # avahi + services.avahi = { + enable = true; + wideArea = false; + }; + environment.systemPackages = with pkgs;[ glxinfo sdlmame ]; + nixpkgs.config.allowUnfree = true; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_340; + boot.kernelPackages = pkgs.linuxPackages_5_4; + + services.xserver = { + videoDrivers = [ "nvidia" ]; + enable = true; + windowManager = { + awesome.enable = true; + awesome.noArgb = true; + awesome.luaModules = [ pkgs.luaPackages.vicious ]; + }; + displayManager.defaultSession = lib.mkDefault "none+awesome"; + displayManager.autoLogin = { + enable = true; + user = mainUser; + }; + }; +} diff --git a/krebs/1systems/arcadeomat/hw.nix b/krebs/1systems/arcadeomat/hw.nix new file mode 100644 index 000000000..b24deeecb --- /dev/null +++ b/krebs/1systems/arcadeomat/hw.nix @@ -0,0 +1,25 @@ + +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/0aae456e-0548-4917-a282-11d5d4e403cf"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.copyKernels = true; + +} diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index e83608385..0e6812a35 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -224,10 +224,8 @@ in { retiolum = { via = internet; addrs = [ - config.krebs.hosts.eve.nets.retiolum.ip4.addr config.krebs.hosts.eve.nets.retiolum.ip6.addr ]; - ip4.addr = "10.243.29.174"; aliases = [ "eve.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 776b893f5..f796f0323 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -187,6 +187,30 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY"; syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR"; }; + arcadeomat = { + ci = true; + nets = { + retiolum = { + ip4.addr = "10.243.77.67"; + aliases = [ + "arcadeomat.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb + HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7 + apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg + 4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk + 7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH + 8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB + -----END RSA PUBLIC KEY----- + Ed25519PublicKey = n/HMlgTTyLa0fcXqSBO/G6sVOUYh2yZ5PfU4vLI9CJO + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOu6EVN3928qWiWszqBUzOjeQJRvFozTBl4xAhBP/Ymc"; + }; wolf = { ci = true; nets = { diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 550afbeae..60f4f7b72 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -100,7 +100,7 @@ in { networking.firewall.allowedUDPPorts = [ 655 ]; networking.firewall.allowedTCPPorts = [ 655 - 8081 #smokeping + 8081 # smokeping 49152 ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; @@ -111,15 +111,15 @@ in { # Port = 1655 # ''; #}; - boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_latest; # rt2870.bin wifi card, part of linux-unfree hardware.enableRedistributableFirmware = true; nixpkgs.config.allowUnfree = true; # rt2870 with nonfree creates wlp2s0 from wlp0s20u2 # not explicitly setting the interface results in wpa_supplicant to crash - networking.interfaces.virbr1.ipv4.addresses = [{ - address = "10.8.8.11"; - prefixLength = 24; - }]; + #networking.interfaces.virbr1.ipv4.addresses = [{ + # address = "10.8.8.11"; + # prefixLength = 24; + #}]; # nuc hardware } diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index e49843cfe..54ee9f9e5 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -16,8 +16,8 @@ loader.grub.version = 2; loader.grub.device = lib.mkDefault "/dev/sda"; - initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["cbc" "hmac" "sha256" "rng" "aes" "encrypted_keys" "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; fileSystems = { "/" = { diff --git a/makefu/2configs/nix-community/supervision.nix b/makefu/2configs/nix-community/supervision.nix index f648b9c17..cd4b6567b 100644 --- a/makefu/2configs/nix-community/supervision.nix +++ b/makefu/2configs/nix-community/supervision.nix @@ -6,6 +6,7 @@ in { networking.firewall.extraCommands = '' iptables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT ''; services.telegraf = { diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 763603dfd..4bd0c25f4 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -20,6 +20,9 @@ # rambox vscode + + # 3d Modelling chitubox + freecad ]; } diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 93424815d..3620bc568 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -34,9 +34,9 @@ in { https://pypi.python.org/simple/pyserial/ https://pypi.python.org/simple/semantic_version/ # weird shit - { url = "https://www.zigbee2mqtt.io/information/supported_adapters.html"; - filter = "html2text"; - } + #{ url = "https://www.zigbee2mqtt.io/guide/adapters/"; + # filter = "html2text"; + #} http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack |