summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/arcadeomat/config.nix87
-rw-r--r--krebs/1systems/arcadeomat/hw.nix25
-rw-r--r--krebs/3modules/external/mic92.nix2
-rw-r--r--krebs/3modules/krebs/default.nix24
-rw-r--r--makefu/1systems/wbob/config.nix12
-rw-r--r--makefu/2configs/fs/sda-crypto-root.nix4
-rw-r--r--makefu/2configs/nix-community/supervision.nix1
-rw-r--r--makefu/2configs/tools/extra-gui.nix3
-rw-r--r--makefu/2configs/urlwatch/default.nix6
9 files changed, 151 insertions, 13 deletions
diff --git a/krebs/1systems/arcadeomat/config.nix b/krebs/1systems/arcadeomat/config.nix
new file mode 100644
index 000000000..8a2b0202e
--- /dev/null
+++ b/krebs/1systems/arcadeomat/config.nix
@@ -0,0 +1,87 @@
+{ config,lib, pkgs, ... }:
+let
+ shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
+ ext-if = "et0";
+ external-mac = "52:54:b0:0b:af:fe";
+ mainUser = "krebs";
+
+in
+{
+ imports = [
+ ./hw.nix
+ <stockholm/krebs>
+ <stockholm/krebs/2configs>
+
+ #<stockholm/krebs/2configs/binary-cache/nixos.nix>
+ #<stockholm/krebs/2configs/binary-cache/prism.nix>
+
+ <stockholm/krebs/2configs/shack/ssh-keys.nix>
+ <stockholm/krebs/2configs/save-diskspace.nix>
+ <stockholm/krebs/2configs/shack/prometheus/node.nix>
+
+ ];
+ # use your own binary cache, fallback use cache.nixos.org (which is used by
+ # apt-cacher-ng in first place)
+
+ # local discovery in shackspace
+ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+ krebs.tinc.retiolum.extraConfig = "TCPOnly = yes";
+
+
+ #networking = {
+ # firewall.enable = false;
+ # firewall.allowedTCPPorts = [ 8088 8086 8083 ];
+ # interfaces."${ext-if}".ipv4.addresses = [
+ # {
+ # address = shack-ip;
+ # prefixLength = 20;
+ # }
+ # ];
+
+ # defaultGateway = "10.42.0.1";
+ # nameservers = [ "10.42.0.100" "10.42.0.200" ];
+ #};
+
+ #####################
+ # uninteresting stuff
+ #####################
+ krebs.build.host = config.krebs.hosts.arcadeomat;
+ users.users."${mainUser}" = {
+ uid = 9001;
+ extraGroups = [ "audio" "video" ];
+ isNormalUser = true;
+ };
+ boot.kernel.sysctl = {
+ # Enable IPv6 Privacy Extensions
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+
+
+ time.timeZone = "Europe/Berlin";
+
+ # avahi
+ services.avahi = {
+ enable = true;
+ wideArea = false;
+ };
+ environment.systemPackages = with pkgs;[ glxinfo sdlmame ];
+ nixpkgs.config.allowUnfree = true;
+ hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_340;
+ boot.kernelPackages = pkgs.linuxPackages_5_4;
+
+ services.xserver = {
+ videoDrivers = [ "nvidia" ];
+ enable = true;
+ windowManager = {
+ awesome.enable = true;
+ awesome.noArgb = true;
+ awesome.luaModules = [ pkgs.luaPackages.vicious ];
+ };
+ displayManager.defaultSession = lib.mkDefault "none+awesome";
+ displayManager.autoLogin = {
+ enable = true;
+ user = mainUser;
+ };
+ };
+}
diff --git a/krebs/1systems/arcadeomat/hw.nix b/krebs/1systems/arcadeomat/hw.nix
new file mode 100644
index 000000000..b24deeecb
--- /dev/null
+++ b/krebs/1systems/arcadeomat/hw.nix
@@ -0,0 +1,25 @@
+
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usbhid" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/0aae456e-0548-4917-a282-11d5d4e403cf";
+ fsType = "ext4";
+ };
+
+ swapDevices = [ ];
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.device = "/dev/sda";
+ boot.loader.grub.copyKernels = true;
+
+}
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index e83608385..0e6812a35 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -224,10 +224,8 @@ in {
retiolum = {
via = internet;
addrs = [
- config.krebs.hosts.eve.nets.retiolum.ip4.addr
config.krebs.hosts.eve.nets.retiolum.ip6.addr
];
- ip4.addr = "10.243.29.174";
aliases = [ "eve.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 776b893f5..f796f0323 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -187,6 +187,30 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR";
};
+ arcadeomat = {
+ ci = true;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.77.67";
+ aliases = [
+ "arcadeomat.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb
+ HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7
+ apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg
+ 4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk
+ 7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH
+ 8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ Ed25519PublicKey = n/HMlgTTyLa0fcXqSBO/G6sVOUYh2yZ5PfU4vLI9CJO
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOu6EVN3928qWiWszqBUzOjeQJRvFozTBl4xAhBP/Ymc";
+ };
wolf = {
ci = true;
nets = {
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index 550afbeae..60f4f7b72 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -100,7 +100,7 @@ in {
networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [
655
- 8081 #smokeping
+ 8081 # smokeping
49152
];
networking.firewall.trustedInterfaces = [ "enp0s25" ];
@@ -111,15 +111,15 @@ in {
# Port = 1655
# '';
#};
- boot.kernelPackages = pkgs.linuxPackages_latest;
+ #boot.kernelPackages = pkgs.linuxPackages_latest;
# rt2870.bin wifi card, part of linux-unfree
hardware.enableRedistributableFirmware = true;
nixpkgs.config.allowUnfree = true;
# rt2870 with nonfree creates wlp2s0 from wlp0s20u2
# not explicitly setting the interface results in wpa_supplicant to crash
- networking.interfaces.virbr1.ipv4.addresses = [{
- address = "10.8.8.11";
- prefixLength = 24;
- }];
+ #networking.interfaces.virbr1.ipv4.addresses = [{
+ # address = "10.8.8.11";
+ # prefixLength = 24;
+ #}];
# nuc hardware
}
diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix
index e49843cfe..54ee9f9e5 100644
--- a/makefu/2configs/fs/sda-crypto-root.nix
+++ b/makefu/2configs/fs/sda-crypto-root.nix
@@ -16,8 +16,8 @@
loader.grub.version = 2;
loader.grub.device = lib.mkDefault "/dev/sda";
- initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
- initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ #initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = ["cbc" "hmac" "sha256" "rng" "aes" "encrypted_keys" "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
};
fileSystems = {
"/" = {
diff --git a/makefu/2configs/nix-community/supervision.nix b/makefu/2configs/nix-community/supervision.nix
index f648b9c17..cd4b6567b 100644
--- a/makefu/2configs/nix-community/supervision.nix
+++ b/makefu/2configs/nix-community/supervision.nix
@@ -6,6 +6,7 @@ in {
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT
+ ip6tables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT
'';
services.telegraf = {
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 763603dfd..4bd0c25f4 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -20,6 +20,9 @@
# rambox
vscode
+
+ # 3d Modelling
chitubox
+ freecad
];
}
diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix
index 93424815d..3620bc568 100644
--- a/makefu/2configs/urlwatch/default.nix
+++ b/makefu/2configs/urlwatch/default.nix
@@ -34,9 +34,9 @@ in {
https://pypi.python.org/simple/pyserial/
https://pypi.python.org/simple/semantic_version/
# weird shit
- { url = "https://www.zigbee2mqtt.io/information/supported_adapters.html";
- filter = "html2text";
- }
+ #{ url = "https://www.zigbee2mqtt.io/guide/adapters/";
+ # filter = "html2text";
+ #}
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack