diff options
| -rw-r--r-- | kartei/lass/prism.nix | 3 | ||||
| -rw-r--r-- | kartei/palo/default.nix | 21 | ||||
| -rw-r--r-- | kartei/palo/retiolum.pub | 13 | ||||
| -rw-r--r-- | krebs/1systems/news/config.nix | 11 | ||||
| -rw-r--r-- | krebs/2configs/news-host.nix | 9 | ||||
| -rw-r--r-- | krebs/2configs/news.nix | 3 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/fzfmenu/default.nix | 9 | ||||
| -rw-r--r-- | lass/1systems/aergia/config.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/aergia/physical.nix | 68 | ||||
| -rw-r--r-- | lass/1systems/green/config.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/lasspi/config.nix | 5 | ||||
| -rw-r--r-- | lass/1systems/lasspi/physical.nix | 21 | ||||
| -rw-r--r-- | lass/2configs/baseX.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/jitsi.nix | 14 | ||||
| -rw-r--r-- | lass/2configs/mail.nix | 6 | ||||
| -rw-r--r-- | lass/2configs/print.nix | 14 |
16 files changed, 140 insertions, 61 deletions
diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix index cfc05b636..d72b167b6 100644 --- a/kartei/lass/prism.nix +++ b/kartei/lass/prism.nix @@ -21,7 +21,7 @@ rec { 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - cgit CNAME ${config.krebs.hosts.prism.nets.internet.ip4.addr} + cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} @@ -38,6 +38,7 @@ rec { mail 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + schrott 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { diff --git a/kartei/palo/default.nix b/kartei/palo/default.nix index 9d35c3808..6fc9a594f 100644 --- a/kartei/palo/default.nix +++ b/kartei/palo/default.nix @@ -17,13 +17,28 @@ let in { hosts = mapAttrs hostDefaults { - sterni = { + sol = { owner = config.krebs.users.palo; nets = { retiolum = { tinc.port = 720; - aliases = [ "sterni.r" ]; - tinc.pubkey = builtins.readFile ./retiolum.pub; + aliases = [ "sol.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxrvdMSAcOJXM1TbIIDZ+zPojrcRG3RVMfPC2/0DasRpBFSuS+L60 + mQEs0l0ptAL6Sbr4+9gfaHkdETfYpeKB4Q4lCPahMq88YfTyB1f3tEOqW3vP22nC + Z+Yf+W/sTLWVRoDoS/Eok6wS95R1IQ74vr37YXdbJTD/eeX6sAJkn2I2RV5PD6Bu + lHsMuunAj+PyhAgqb2P393h7FN4exL0xM6UbHbgsd9OSp5qKTjZE3jeOyWmounK1 + 7n+8pyRjI0VE47ontnj/GANwpsxRFFtRGmG/S5KhUBXMv7wZr/vaVETRphAu+KhT + NqdclmGkQlB/YBodzJID7C21Zz4b33kcn12TU3nc6AL5u9j3sU2sEu/22fAZBWLV + yOZ9l/Qe4aJkIbdL70Gvp9G8m7+M4vkdM+e/nA5cZT0N9ArI2D5ltJRd7VLVzxef + Y0t/bS9bVOcNt2Sgd81Ubg0OmF2paHGGboAAMqXhf3afwCMyXcDsP6sgPXOIEu7Q + hjuo5rg6Fu8eK9edAAQ2afl52GiFUawzjHbjGANwVyea1JTQ3uR6eBtxGOEaYpkr + vbl75CxLwE0YA0L3VwhJTNLMVldTrUi2M76QedjzyePkJHMijHT5+0nqTlsmjcNg + uv89Mh9shNKdqulfGjTAFyKjTCuUe/rCprJ5CeZWBaEuQKYkcZuMkJsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "qCJvjlNz5YNOz5IEiwGaoK3InSVCL76uNl+xVBUa/AP"; }; }; }; diff --git a/kartei/palo/retiolum.pub b/kartei/palo/retiolum.pub deleted file mode 100644 index 65284d51d..000000000 --- a/kartei/palo/retiolum.pub +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE -8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4 -oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/ -ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD -ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ -ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu -MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL -rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo -sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1 -EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH -yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix index 620e6249e..b27fc3737 100644 --- a/krebs/1systems/news/config.nix +++ b/krebs/1systems/news/config.nix @@ -17,13 +17,8 @@ boot.isContainer = true; networking.useDHCP = lib.mkForce true; - krebs.bindfs = { - "/var/lib/brockman" = { - source = "/var/state/brockman"; - options = [ - "-m ${toString config.users.users.brockman.uid}:${toString config.users.users.nginx.uid}" - ]; - clearTarget = true; - }; + krebs.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBVZomw68WDQy0HsHhNbWK1KpzaR5aRUG1oioE7IgCv"; }; } diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix index 07674c86e..71793e518 100644 --- a/krebs/2configs/news-host.nix +++ b/krebs/2configs/news-host.nix @@ -1,10 +1,5 @@ { - krebs.sync-containers.containers.news = { - peers = [ - "shodan" - "mors" - "styx" - ]; - format = "plain"; + krebs.sync-containers3.containers.news = { + sshKey = "${toString <secrets>}/news.sync.key"; }; } diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index d6c6371da..9d9470727 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -74,7 +74,7 @@ limits.identlen = 100; history.enabled = false; }; - systemd.services.brockman.bindsTo = [ "ergo.service" ]; + systemd.services.brockman.bindsTo = [ "ergochat.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; krebs.brockman = { @@ -87,6 +87,7 @@ nick = "brockman"; extraChannels = [ "#all" ]; }; + statePath = "/var/state/brockman/brockman.json"; bots = {}; }; }; diff --git a/krebs/5pkgs/simple/fzfmenu/default.nix b/krebs/5pkgs/simple/fzfmenu/default.nix index 4527ad90b..fe5d5e27a 100644 --- a/krebs/5pkgs/simple/fzfmenu/default.nix +++ b/krebs/5pkgs/simple/fzfmenu/default.nix @@ -48,10 +48,11 @@ pkgs.writeDashBin "fzfmenu" '' exec 4>&1 export FZFMENU_INPUT_FD=3 export FZFMENU_OUTPUT_FD=4 - exec ${pkgs.rxvt-unicode}/bin/urxvt \ - -name ${cfg.appName} \ - -title ${shell.escape cfg.windowTitle} \ - -e "$0" "$@" + exec ${pkgs.alacritty}/bin/alacritty \ + --config-file /var/theme/config/alacritty.yaml \ + --class ${cfg.appName} \ + --title ${shell.escape cfg.windowTitle} \ + --command "$0" "$@" else exec 0<&''${FZFMENU_INPUT_FD-0} exec 1>&''${FZFMENU_OUTPUT_FD-1} diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix index ed5bbcf12..af88a0260 100644 --- a/lass/1systems/aergia/config.nix +++ b/lass/1systems/aergia/config.nix @@ -26,6 +26,7 @@ <stockholm/lass/2configs/dunst.nix> <stockholm/lass/2configs/print.nix> <stockholm/lass/2configs/br.nix> + <stockholm/lass/2configs/c-base.nix> ]; system.stateVersion = "22.11"; diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index de5f7540e..0e5a88aa1 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -20,15 +20,40 @@ boot.kernelParams = [ # Enable energy savings during sleep "mem_sleep_default=deep" - "initcall_blacklist=acpi_cpufreq_init" + + "amd_pstate=passive" # for ryzenadj -i "iomem=relaxed" + + # suspend + "resume_offset=178345675" ]; - # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html - # On recent AMD CPUs this can be more energy efficient. - boot.kernelModules = [ "amd-pstate" "kvm-amd" ]; + boot.kernelModules = [ + # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html + # On recent AMD CPUs this can be more energy efficient. + "amd-pstate" + "kvm-amd" + + # needed for zenstates + "msr" + + # zenpower + "zenpower" + ]; + + boot.extraModulePackages = [ + (config.boot.kernelPackages.zenpower.overrideAttrs (old: { + src = pkgs.fetchFromGitea { + domain = "git.exozy.me"; + owner = "a"; + repo = "zenpower3"; + rev = "c176fdb0d5bcba6ba2aba99ea36812e40f47751f"; + hash = "sha256-d2WH8Zv7F0phZmEKcDiaak9On+Mo9bAFhMulT/N5FWI="; + }; + })) + ]; # hardware.cpu.amd.updateMicrocode = true; @@ -36,7 +61,16 @@ "amdgpu" ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "thunderbolt" + "xhci_pci" + "usbhid" + ]; + + boot.initrd.kernelModules = [ + "amdgpu" + ]; environment.systemPackages = [ pkgs.vulkan-tools @@ -54,7 +88,13 @@ hardware.video.hidpi.enable = lib.mkDefault true; # corectrl - programs.corectrl.enable = true; + programs.corectrl = { + enable = true; + gpuOverclock = { + enable = true; + ppfeaturemask = "0xffffffff"; + }; + }; users.users.mainUser.extraGroups = [ "corectrl" ]; # use newer ryzenadj @@ -72,7 +112,7 @@ # keyboard quirks services.xserver.displayManager.sessionCommands = '' - xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert + ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert ''; services.udev.extraHwdb = /* sh */ '' # disable back buttons @@ -82,5 +122,17 @@ ''; # ignore power key - services.logind.extraConfig = "HandlePowerKey=ignore"; + + # update cpu microcode + hardware.cpu.amd.updateMicrocode = true; + + # suspend to disk + swapDevices = [{ + device = "/swapfile"; + }]; + boot.resumeDevice = "/dev/mapper/aergia1"; + services.logind.lidSwitch = "suspend-then-hibernate"; + services.logind.extraConfig = '' + HandlePowerKey=hibernate + ''; } diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 077f7b3fa..c232be9bd 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -35,6 +35,7 @@ with import <stockholm/lib>; systemd.tmpfiles.rules = [ "d /home/lass/.local/share 0700 lass users -" "d /home/lass/.local 0700 lass users -" + "d /home/lass/.config 0700 lass users -" "d /var/state/lass_mail 0700 lass users -" "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail" diff --git a/lass/1systems/lasspi/config.nix b/lass/1systems/lasspi/config.nix index 9f823dfc8..d2207627d 100644 --- a/lass/1systems/lasspi/config.nix +++ b/lass/1systems/lasspi/config.nix @@ -1,4 +1,3 @@ -with import <stockholm/lib>; { config, lib, pkgs, ... }: let in @@ -18,9 +17,9 @@ in }; environment.systemPackages = with pkgs; [ vim - rxvt_unicode.terminfo + rxvt-unicode-unwrapped.terminfo ]; services.openssh.enable = true; - system.stateVersion = "21.05"; + system.stateVersion = "22.05"; } diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix index 868bafad5..07efb5ca5 100644 --- a/lass/1systems/lasspi/physical.nix +++ b/lass/1systems/lasspi/physical.nix @@ -1,15 +1,14 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, modulesPath, ... }: { - # This configuration worked on 09-03-2021 nixos-unstable @ commit 102eb68ceec - # The image used https://hydra.nixos.org/build/134720986 imports = [ + (modulesPath + "/installer/scan/not-detected.nix") ./config.nix ]; boot = { # kernelPackages = pkgs.linuxPackages_rpi4; tmpOnTmpfs = true; - initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; + initrd.availableKernelModules = [ "usbhid" "usb_storage" "xhci_pci" ]; # ttyAMA0 is the serial console broken out to the GPIO kernelParams = [ "8250.nr_uarts=1" @@ -20,19 +19,23 @@ ]; }; - boot.loader.raspberryPi = { - enable = true; - version = 4; - }; + # boot.loader.raspberryPi = { + # enable = true; + # version = 4; + # # uboot.enable = true; + # }; boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; # Required for the Wireless firmware hardware.enableRedistributableFirmware = true; + networking.interfaces.eth0.useDHCP = true; + # Assuming this is installed on top of the disk image. fileSystems = { "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; fsType = "ext4"; options = [ "noatime" ]; }; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 2e28d48b6..79777429a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -95,7 +95,7 @@ in { (pkgs.writeDashBin "screenshot" '' set -efu - ${pkgs.flameshot}/bin/flameshot + ${pkgs.flameshot}/bin/flameshot gui ${pkgs.klem}/bin/klem '') ]; diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix index fa41f6634..2c148dcdd 100644 --- a/lass/2configs/jitsi.nix +++ b/lass/2configs/jitsi.nix @@ -8,6 +8,16 @@ enableWelcomePage = true; requireDisplayName = true; analytics.disabled = true; + startAudioOnly = true; + channelLastN = 4; + stunServers = [ + # - https://www.kuketz-blog.de/jitsi-meet-server-einstellungen-fuer-einen-datenschutzfreundlichen-betrieb/ + { urls = "turn:turn.matrix.org:3478?transport=udp"; } + { urls = "turn:turn.matrix.org:3478?transport=tcp"; } + # - services.coturn: + #{ urls = "turn:turn.${domainName}:3479?transport=udp"; } + #{ urls = "turn:turn.${domainName}:3479?transport=tcp"; } + ]; }; interfaceConfig = { SHOW_JITSI_WATERMARK = false; @@ -17,6 +27,10 @@ }; }; + services.jitsi-videobridge.config = { + org.jitsi.videobridge.TRUST_BWE = false; + }; + krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; } { predicate = "-p udp --dport 10000"; target = "ACCEPT"; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index f5b2e22b7..0adef8f8c 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -93,8 +93,6 @@ let tag-new-mails = pkgs.writeDashBin "nm-tag-init" '' ${pkgs.notmuch}/bin/notmuch new ${lib.concatMapStringsSep "\n" (i: '' - '') (lib.mapAttrsToList lib.nameValuePair mailboxes)} - ${lib.concatMapStringsSep "\n" (i: '' mkdir -p "$HOME/Maildir/.${i.name}/cur" for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files 'tag:inbox and (${lib.concatMapStringsSep " or " (f: "${f}") i.value})'); do if test -e "$mail"; then @@ -186,7 +184,9 @@ let "<enter-command>unset wait_key<enter> \ <shell-escape>${pkgs.writeDash "muchsync" '' set -efu - ${pkgs.muchsync}/bin/muchsync -F lass@green.r + until ${pkgs.muchsync}/bin/muchsync -F lass@green.r; do + sleep 1 + done ''}<enter> \ 'run muchsync to green.r' diff --git a/lass/2configs/print.nix b/lass/2configs/print.nix index c2b3e8377..5769f9b15 100644 --- a/lass/2configs/print.nix +++ b/lass/2configs/print.nix @@ -6,5 +6,19 @@ pkgs.foomatic-filters pkgs.gutenprint ]; + browsing = true; + browsedConf = '' + BrowseDNSSDSubTypes _cups,_print + BrowseLocalProtocols all + BrowseRemoteProtocols all + CreateIPPPrinterQueues All + + BrowseProtocols all + ''; + }; + services.avahi = { + enable = true; + openFirewall = true; + nssmdns = true; }; } |