diff options
-rw-r--r-- | krebs/3modules/external/default.nix | 84 | ||||
-rw-r--r-- | krebs/3modules/lass/default.nix | 51 | ||||
-rw-r--r-- | krebs/3modules/lass/ssh/xerxes.ed25519 | 1 | ||||
-rw-r--r-- | krebs/3modules/lass/ssh/xerxes.rsa | 1 | ||||
-rw-r--r-- | krebs/3modules/mb/default.nix | 26 | ||||
-rw-r--r-- | krebs/nixpkgs.json | 6 | ||||
-rw-r--r-- | lass/1systems/xerxes/config.nix | 35 | ||||
-rw-r--r-- | lass/1systems/xerxes/icarus/config.nix | 33 | ||||
-rw-r--r-- | lass/1systems/xerxes/icarus/physical.nix | 25 | ||||
-rw-r--r-- | lass/1systems/xerxes/physical.nix | 86 | ||||
-rw-r--r-- | mb/1systems/gr33n/configuration.nix | 14 | ||||
-rw-r--r-- | mb/1systems/orange/configuration.nix | 7 | ||||
-rw-r--r-- | mb/1systems/p1nk/configuration.nix | 4 | ||||
-rw-r--r-- | mb/1systems/rofl/configuration.nix | 103 | ||||
-rw-r--r-- | mb/1systems/sunsh1n3/configuration.nix | 181 | ||||
-rw-r--r-- | mb/1systems/sunsh1n3/hardware-configuration.nix | 29 | ||||
-rw-r--r-- | mb/2configs/default.nix | 23 | ||||
-rw-r--r-- | mb/2configs/google-compute-config.nix | 231 | ||||
-rw-r--r-- | mb/2configs/headless.nix | 25 | ||||
-rw-r--r-- | mb/2configs/neovimrc | 446 | ||||
-rw-r--r-- | mb/2configs/nvim.nix | 70 | ||||
-rw-r--r-- | mb/2configs/qemu-guest.nix | 19 |
22 files changed, 1493 insertions, 7 deletions
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 1720811d9..5b602fc7d 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -229,6 +229,90 @@ in { }; }; }; + rose = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.rose.nets.retiolum.ip4.addr + config.krebs.hosts.rose.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.178"; + aliases = [ "rose.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA0h88uEcgVFhggGh3xqHySt8T+oDdoSN8ve4ZPmMzrGCD4dnlWcUO + 6uMiwE7XG667wvjB0J2RbCJ8n8/r6eQgp6sRfPzSQL/Mc74J+py+sOVOjjjL5wJX + btrYmASO3GKUSMhGmM0IiwHMIPrmUViaREDrweF3bUwK45d/ocqpBkc+nF27kksd + DMYjHMWRIkKuQaj592zo/kY1pAJ/yAvDPess0x1CLL6uDNbjTr2S/L7JHdzZs9Xq + 1+SGdVtqD0sWgSBKA0PC/Mi+Divd4PC1SoSL7wZRWD0Y2DNgj3+xUc7hAWRCw2Gs + 5wofK+qiwnyYAmeNYcyQfDLosKZF9hOM8U3UbxptkPLsOK3cfZoGoLQCuOryVDBe + 6GfJkJ49WfuSSNWs3WPWL6/6zmVPeGR0TvoMt02VQ3cKTmeIkWyTIzSVoC7wYv5D + Dl8Xt3aFr9UFI2GxenesViyuDLi8cy2fOsM3r+gowXQtgEKoXc9W2vyPwIIlcWUJ + QrKVsyNlkKKL0YjsnGazaEvqdiE30/Iq7f7VBnXnWXRLnZhr85HbTdDQnpT4GcEv + W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ + 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + martha = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.martha.nets.retiolum.ip4.addr + config.krebs.hosts.martha.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.179"; + aliases = [ "martha.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3lR3Wup2yd9SYs9n9a7lq/jXxlKdwjgp9gPEirLn3/XCFM7NpLIp + LRm3Wdplv0NWim4zI3AsdGmUBrV3y0Ugj48Td4RpXlOiFjS8NHnvRbamCZF7m/pJ + 3T/QpQx98+QEKXb3gZ5aDGgcHLRbUYUBuwFOxAKaikuDe2qJxqXqOmA7RXZDkEqe + FrQE/H1/+8HqJ1vhgZKi3Vu7zLRB1EV8nggWFjQKR8o0AeViLwM3OxFtGyKTaXuK + WAQrvSdKQDpQwqAPogyeftGesOfW7z0xrelkux10p42YM9epYvZDFRG97/nupw/S + iYGiTTFDBDTzpyT3zl1uwhmQ3re/nJXf5e4fgnZEcsweU8ysHtDhbimqrm9impVn + XdKnnuNa9F8VlyHCT2pVC9+WDKDNtA2M8f+8lG8/hoJ7hhp5HhBZ3ncROyQqOg4F + e6YtaFidi+fYXjQkdUXHv5FCkqFJnoxZdI2vwqU2DumltG/o+qsksI2WSsLsuMVs + sa4KUq0+5OsmCJnIAKWV2YwbLVf1tJMjPGA0jQECrHPL6SKobRefqav6MPuTbytC + 4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM + mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + donna = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.donna.nets.retiolum.ip4.addr + config.krebs.hosts.donna.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.180"; + aliases = [ "donna.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAnv5zVPwjHk5Q72D3tv2rlQkp7SOsZD7Wvz8l1yI/mWkxoriJ9MVa + x8RziSB3KF8sF1lRWIKmuynkgLI3w0X/YFs/fAvtayxk6Qf8DOl23Vd8Is0h/i3I + 0fCmCEIHhHboKsREW6NxY7w5WAI2+SFNmGef1P7vzrAv7iLyPbo9nQ8wlrAmc+PJ + Ao3BOf4U7kP778fhsPA4dlGtF2v9CBhygeGVI/DQR8jcvzeiPd2Dr0k/JvrVMYtf + wJW4xUwZkIpws/yfI8b4VJOFl2X/Yw9712Z8Jvga0rR32OG4YbnggvuCMum1g94k + YwMjaSckv1XTalvPQuf1Od96XzwL2hjPFpEK3Tdl4AitMnArgj9HNzhcRL+eGonf + U24zk52OToHnoP3palNpodi7DziIBeXIaIMl7VMXku2ymbOUJsI6zeew+uZahJkv + QIWjxveQ8N40BoTc8Yg6pea1AId3l4f3brtwJbQOVbb3bVQ5VcrxM9Q/TBvyADYR + Knwszxw3uBw5Za1FMbwCPwd8/y/Ar19qGCx25xK0QnsyqZZT/cHsbBOTzh6BBWwI + IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7 + awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; inspector = { owner = config.krebs.users.Mic92; nets = rec { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index f4c8f5c6a..217edfdd1 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -393,6 +393,55 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD"; }; + xerxes = { + cores = 2; + nets = rec { + retiolum = { + ip4.addr = "10.243.1.3"; + ip6.addr = r6 "3"; + aliases = [ + "xerxes.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U + MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk + gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W + /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb + mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO + X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj + +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim + hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9 + 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4 + H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5 + JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4 + hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe + SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo + 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe + vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3 + Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO + scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv + jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ + Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u + /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0 + bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ + sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "3"; + aliases = [ + "xerxes.w" + ]; + wireguard.pubkey = "UTm8B8YUVvBGqwwxAUMVFsVQFQGQ6jbcXAavZ8LxYT8="; + }; + }; + secure = true; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; + syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM"; + }; red = { monitoring = false; cores = 1; @@ -626,7 +675,7 @@ in { }; lass-xerxes = { mail = "lass@xerxes.r"; - pubkey = builtins.readFile ./ssh/xerxes.rsa; + pubkey = builtins.readFile ./ssh/xerxes.ed25519; }; lass-daedalus = { mail = "lass@daedalus.r"; diff --git a/krebs/3modules/lass/ssh/xerxes.ed25519 b/krebs/3modules/lass/ssh/xerxes.ed25519 new file mode 100644 index 000000000..87a40ca2a --- /dev/null +++ b/krebs/3modules/lass/ssh/xerxes.ed25519 @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwCq56DGqj/kz8d8ax0xIl29jV9f3tUtDgtnCnS1b4q lass@xerxes diff --git a/krebs/3modules/lass/ssh/xerxes.rsa b/krebs/3modules/lass/ssh/xerxes.rsa deleted file mode 100644 index 2b5da7b25..000000000 --- a/krebs/3modules/lass/ssh/xerxes.rsa +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGjBN0aFs6GxNwMjCvlddbN6+vb6LZuWiWWe+wbAynaGuGbae0TXCLp0/eMNy7fH8poDjpdW9M4mKbBFKOqyG8WJLCPFoQw761tjKl1hccJn0hFSkQAEGKxtfzHlAl/Mz+59yvqNg7/WNSivv41hE7btYltzRy238VQDYFv2eLM7acyxrgGo7tWOtkbpfELj5cM8Qw1j3TF9bGV5pK6IOEtaHbmalS8Iiz77syAu+6E/y6zKBTtGMHI15l6RNJ/Y7A1LM/WwuNL+9dJMYWJFVHy3/4dpaxiioHREiSawUbz9wNHknCrT6vaPCIVVcujhz9Oee1C5UiYUyyfJrFYdlzaTg7FuLNIt2hKMY6NYx1D8/Pwpq1JOsaEfK/K5ytCgaJb115mRevcaUA5s7KYNWHmmZvy08JzCgSM6ZPRtfkQIcha77wVq6DugJ+KgBz+oADQRKiaMrumOMldd0B3q4Oxb71gDTE1XLAbWJnd/0Up1H5GAtZZUUrMUslZiU/23R6SOkyEMLWQTx/KgkWcz8DZLtib5o03uZpfJDVqp2CR+sjmy4x9aa+lSaOzuZP0KRyg+mOKl0o3zL7TNAzrzSCORVBg7nOh+0SPJkDxVRkc6dVY1L3ZOfdm2P/19fhWEr5ECgVrmYYKnDPwWY1iWJlZsiEc3Mj7KB1m44ov0FJg2hiNnydImqcXTCoszp515MBmeHnpqJsqEZuWS8dAnaEiOwZaSKIO1E7lQ7CoP86+eD4yAwLq6fb2tgjHT69LgDMaIha4hMfrO2o4UDVw9OZMfnPtyatI4pxplaQDoQM1p0dej0rZ7uxL1tfoKAyT0UCdtjhxfnNs0x1gOQbML4eGbqyKuyF82eOQRgKRDqH/tParoE4SRBVi7o3s0kILRmXA3ng3n1uhEiGwPTH8JsQ9huM+XOhH8+CzQeg4yb/jCrhsDzvLaW654+ouq9G+kjwqmO4vLNs5eZxfae84rppbS2MJqK1x8rkJixvKBKEfvYJOuDNV+hXyMbToaq8qtGy7cCSq4+UDio3DsSHY0Tpt9e+yEzoOOqFQLQyq6uHv/+u9MY+VADoa4N64U3S2SXul9tE3g6hOAY0F5BYMbxQSuj59kzwghlAmbsyWN2FCmWdsfCQkkZX7wCTj20DtZB/GdVSGNgHGAoU5JZrXKca3A2Yc9hzbYjyNYr0NmQ9NUbkbaOkcYJRIUXtS2OBOHP+FoUkkqL3ieKXR07l5xJbWLzbyVUxN9Zii4Baj5xnDO/RLZPDvTUxbER/0d1orMZztL2EKmfSn4j4uhWqpi04Rg9sWH+WVLAq22EKhAuqcFEOUimjcyZWYKxcAq5Z51NJNBQB7euz55eCJUZkBUYEpNuYr0UDlmBxKB2r6ZWDeNXT7eLxBdwDHCHSqXV7qOG1vMhHtjbbxmQMnkQ4InhO9TdpaN3tj67nGmc6hhgYO4b7NvyL1/pvDPrHrR/3GzkDkwqvt3uESdVdqAJSCk6gFh9V1aGs= lass@xerxes diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix index e77811f08..31e01c4ab 100644 --- a/krebs/3modules/mb/default.nix +++ b/krebs/3modules/mb/default.nix @@ -36,6 +36,32 @@ in { }; }; }; + rofl = { + nets = { + retiolum = { + ip4.addr = "10.243.42.43"; + aliases = [ + "rofl.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnysdVVwxkmSroNUleYZm + xdaIB9EdZYCo2xj3WyhsD2lWMpj51FzSH6Y052Vy1V1TCuIXIwjidpmMohBvflG8 + txKCaBGQOZbVqRgzyCDXsNisbr05ayYuHcRrXTpn5ask4HN0Vtx2uJOn8YmOxA0D + VhyEnf8xWu+vi8dwDqRVR17QnPBYqgenzIBmAuRngvNqg6WZg+E9X2e1Dco/PMzb + VW0AgC2+zFCl4+G7dEW7uhsI6IJLy4LsJuEN4TlvWAf7tfdFEnBzTfODW8quGdts + 1Yzah4svPNNt9F1ZhOR/1bDsfVoOjI76BgB0G+ZZPQAGV1zxgn8DXSKi/tJTLNu1 + vj/n9sUJfXMYQdTAOkABghCyEDFUspPKCffQqUXUcJbLKY9fNssGGBeanMsobUQC + Ch9z7kIJ52JDcP/D58z9Yf62P5ENqXzeVPCcodIOey1EizOu/FH3jVo52we1M5sp + 1iM4hMc3ZINUBI9AA1nLWWlB3lBnErAXrhmMMHjcO4nO7/M0YU+EalkDB5eIhqiH + QJx7VnOE2UZYU9Y0vVNSWfYocU12aABK98T7lr5Tde4dI1J81sk2MUZcbNHger3f + NxpvNzOBpeC5xvq/ENCRR7MDf/59xWW5P5N7PbGprLQAi8cfdSoIEhSPz17Taq1f + 3aAAePgBsZvRQozxXZfqp58CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; p1nk = { nets = { retiolum = { diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 4118a1dd6..7363507ad 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "d77e3bd661354ea775a8cacc97bb59ddde513c09", - "date": "2019-06-18T23:08:17+02:00", - "sha256": "1m82zs00n6nc0pkdpmd9amm013qxwksjfhzcm6gck3p469q7n866", + "rev": "754763ff4ba1dd03fe3fad3a0fea36d2e39f5860", + "date": "2019-07-05T14:34:03+02:00", + "sha256": "10752kda1rzljlpcchi826hmbc8853vnbg9rkh7s89mxq6yjnm15", "fetchSubmodules": false } diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix new file mode 100644 index 000000000..b393f203d --- /dev/null +++ b/lass/1systems/xerxes/config.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/network-manager.nix> + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/games.nix> + <stockholm/lass/2configs/steam.nix> + <stockholm/lass/2configs/wine.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/nfs-dl.nix> + <stockholm/lass/2configs/pass.nix> + <stockholm/lass/2configs/mail.nix> + ]; + + krebs.build.host = config.krebs.hosts.xerxes; + + services.xserver = { + displayManager.lightdm.autoLogin.enable = true; + displayManager.lightdm.autoLogin.user = "lass"; + }; + + boot.blacklistedKernelModules = [ + "xpad" + ]; + + lass.screenlock.enable = lib.mkForce false; +} diff --git a/lass/1systems/xerxes/icarus/config.nix b/lass/1systems/xerxes/icarus/config.nix new file mode 100644 index 000000000..dada4949e --- /dev/null +++ b/lass/1systems/xerxes/icarus/config.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + + <stockholm/lass/2configs/mouse.nix> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + #<stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/games.nix> + <stockholm/lass/2configs/bitcoin.nix> + <stockholm/lass/2configs/wine.nix> + #<stockholm/lass/2configs/blue-host.nix> + #<stockholm/lass/2configs/xtreemfs.nix> + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/nfs-dl.nix> + #<stockholm/lass/2configs/prism-share.nix> + <stockholm/lass/2configs/ssh-cryptsetup.nix> + ]; + + krebs.build.host = config.krebs.hosts.icarus; + + environment.systemPackages = with pkgs; [ + macchanger + nix-review + ]; + programs.adb.enable = true; +} diff --git a/lass/1systems/xerxes/icarus/physical.nix b/lass/1systems/xerxes/icarus/physical.nix new file mode 100644 index 000000000..e9e09bc05 --- /dev/null +++ b/lass/1systems/xerxes/icarus/physical.nix @@ -0,0 +1,25 @@ +{ + imports = [ + ./config.nix + <stockholm/lass/2configs/hw/x220.nix> + <stockholm/lass/2configs/boot/coreboot.nix> + ]; + + fileSystems = { + "/bku" = { + device = "/dev/mapper/pool-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + ''; + + services.thinkfan.enable = true; + services.tlp.extraConfig = '' + START_CHARGE_THRESH_BAT0=80 + ''; +} diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix new file mode 100644 index 000000000..f88578e19 --- /dev/null +++ b/lass/1systems/xerxes/physical.nix @@ -0,0 +1,86 @@ +{ pkgs, lib, ... }: +{ + imports = [ + ./config.nix + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.zfs.enableUnstable = true; + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + efiSupport = true; + }; + boot.loader.efi.canTouchEfiVariables = true; + + # TODO fix touchscreen + boot.blacklistedKernelModules = [ + "goodix" + ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.initrd.luks.devices.crypted.device = "/dev/sda3"; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + boot.kernelParams = [ + "fbcon=rotate:1" + "boot.shell_on_fail" + ]; + + services.xserver.displayManager.sessionCommands = '' + (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP-1 --rotate right) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) + ''; + + fileSystems."/" = { + device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "rpool/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/E749-784C"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + boot.extraModprobeConfig = '' + options zfs zfs_arc_max=1073741824 + ''; + + nix.maxJobs = lib.mkDefault 4; + + networking.hostId = "9b0a74ac"; + networking.networkmanager.enable = true; + + hardware.opengl.enable = true; + + services.tlp.enable = true; + services.tlp.extraConfig = '' + CPU_SCALING_GOVERNOR_ON_AC=ondemand + CPU_SCALING_GOVERNOR_ON_BAT=powersave + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 + ''; + + services.logind.extraConfig = '' + HandlePowerKey=suspend + IdleAction=suspend + IdleActionSec=300 + ''; + + services.xserver.extraConfig = '' + Section "Device" + Identifier "Intel Graphics" + Driver "Intel" + Option "TearFree" "true" + EndSection + ''; +} diff --git a/mb/1systems/gr33n/configuration.nix b/mb/1systems/gr33n/configuration.nix index 4342ba0e2..dcf987791 100644 --- a/mb/1systems/gr33n/configuration.nix +++ b/mb/1systems/gr33n/configuration.nix @@ -62,6 +62,7 @@ in { wcalc wget xz + zbackup ]; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; @@ -71,6 +72,19 @@ in { services.openssh.enable = true; services.openssh.passwordAuthentication = false; + services.codimd = { + enable = true; + workDir = "/storage/codimd"; + configuration = { + port = 1337; + host = "0.0.0.0"; + db = { + dialect = "sqlite"; + storage = "/storage/codimd/db.codimd.sqlite"; + }; + }; + }; + networking.wireless.enable = false; networking.networkmanager.enable = false; krebs.iptables.enable = true; diff --git a/mb/1systems/orange/configuration.nix b/mb/1systems/orange/configuration.nix index 3e90f89a2..b43bd8a0f 100644 --- a/mb/1systems/orange/configuration.nix +++ b/mb/1systems/orange/configuration.nix @@ -5,6 +5,7 @@ in { [ # Include the results of the hardware scan. ./hardware-configuration.nix <stockholm/mb> + <stockholm/mb/2configs/nvim.nix> ]; krebs.build.host = config.krebs.hosts.orange; @@ -124,15 +125,19 @@ in { unstable.ponyc unstable.sublime3 unstable.youtube-dl - vim virt-viewer virtmanager vulnix wcalc wget xz + zbackup ]; + environment.variables = { + EDITOR = ["nvim"]; + }; + environment.shellAliases = { ll = "ls -alh"; ls = "ls --color=tty"; diff --git a/mb/1systems/p1nk/configuration.nix b/mb/1systems/p1nk/configuration.nix index 905630e78..19efc75b0 100644 --- a/mb/1systems/p1nk/configuration.nix +++ b/mb/1systems/p1nk/configuration.nix @@ -5,6 +5,7 @@ in { [ # Include the results of the hardware scan. ./hardware-configuration.nix <stockholm/mb> + <stockholm/mb/2configs/nvim.nix> ]; krebs.build.host = config.krebs.hosts.p1nk; @@ -118,13 +119,13 @@ in { unstable.ponyc unstable.sublime3 youtube-dl - vim virt-viewer virtmanager vulnix wcalc wget xz + zbackup ]; environment.shellAliases = { @@ -159,6 +160,7 @@ in { }; }; windowManager.ratpoison.enable = true; + windowManager.pekwm.enable = true; }; services.openssh.enable = true; diff --git a/mb/1systems/rofl/configuration.nix b/mb/1systems/rofl/configuration.nix new file mode 100644 index 000000000..3c5c56c84 --- /dev/null +++ b/mb/1systems/rofl/configuration.nix @@ -0,0 +1,103 @@ +{ config, pkgs, callPackage, ... }: let + unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; +in { + imports = + [ # Include the results of the hardware scan. + <stockholm/mb/2configs/google-compute-config.nix> + <stockholm/mb> + ]; + + krebs.build.host = config.krebs.hosts.rofl; + + i18n = { + consoleFont = "Lat2-Terminus16"; + consoleKeyMap = "de"; + defaultLocale = "en_US.UTF-8"; + }; + + time.timeZone = "Europe/Berlin"; + + nixpkgs.config.allowUnfree = true; + + environment.shellAliases = { + ll = "ls -alh"; + ls = "ls --color=tty"; + }; + + environment.systemPackages = with pkgs; [ + curl + fish + git + htop + nmap + ranger + tcpdump + tmux + traceroute + tree + vim + xz + zbackup + ]; + + sound.enable = false; + + services.openssh.enable = true; + services.openssh.passwordAuthentication = false; + + networking.wireless.enable = false; + networking.networkmanager.enable = false; + krebs.iptables.enable = true; + networking.enableIPv6 = false; + + programs.fish = { + enable = true; + shellInit = '' + function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' + if begin + set -q SSH_AGENT_PID + and kill -0 $SSH_AGENT_PID + and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline + end + echo "ssh-agent running on pid $SSH_AGENT_PID" + else + eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') + end + set -l identity $HOME/.ssh/id_rsa + set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') + ssh-add -l | grep -q $fingerprint + or ssh-add $identity + end + ''; + promptInit = '' + function fish_prompt --description 'Write out the prompt' + set -l color_cwd + set -l suffix + set -l nix_shell_info ( + if test "$IN_NIX_SHELL" != "" + echo -n " <nix-shell>" + end + ) + switch "$USER" + case root toor + if set -q fish_color_cwd_root + set color_cwd $fish_color_cwd_root + else + set color_cwd $fish_color_cwd + end + set suffix '#' + case '*' + set color_cwd $fish_color_cwd + set suffix '>' + end + + echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " + end + ''; + }; + + system.autoUpgrade.enable = false; + system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; + system.stateVersion = "19.03"; + +} diff --git a/mb/1systems/sunsh1n3/configuration.nix b/mb/1systems/sunsh1n3/configuration.nix new file mode 100644 index 000000000..633d122ea --- /dev/null +++ b/mb/1systems/sunsh1n3/configuration.nix @@ -0,0 +1,181 @@ + +{ config, pkgs, ... }: let + unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; +in { + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + <stockholm/mb> + ]; + + krebs.build.host = config.krebs.hosts.sunsh1n3; + + boot.kernelPackages = pkgs.linuxPackages_latest; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21"; + preLVM = true; + allowDiscards = true; + } + ]; + + i18n = { + consoleFont = "Lat2-Terminus16"; + consoleKeyMap = "de"; + defaultLocale = "en_US.UTF-8"; + }; + + time.timeZone = "Europe/Berlin"; + + nixpkgs.config.packageOverrides = super : { + openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; }; + }; + + nixpkgs.config.allowUnfree = true; + + fonts = { + enableCoreFonts = true; + enableGhostscriptFonts = true; + fonts = with pkgs; [ + anonymousPro + corefonts + dejavu_fonts + envypn-font + fira + gentium + gohufont + inconsolata + liberation_ttf + powerline-fonts + source-code-pro + terminus_font + ttf_bitstream_vera + ubuntu_font_family + unifont + unstable.cherry + xorg.fontbitstream100dpi + xorg.fontbitstream75dpi + xorg.fontbitstreamtype1 + ]; + }; + + environment.systemPackages = with pkgs; [ + wget vim git curl fish + ag + chromium + firefox + gimp + p7zip + htop + mpv + mpvc + nmap + ntfs3g + keepassx2 + sshfs + #unstable.skrooge + skrooge + unstable.alacritty + tmux + tree + wcalc + virtmanager + virt-viewer + (wine.override { wineBuild = "wineWow"; }) + xz + zbackup + ]; + + virtualisation.libvirtd.enable = true; + virtualisation.kvmgt.enable = true; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + + programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + programs.dconf.enable = true; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.passwordAuthentication = false; + + krebs.iptables.enable = true; + #networking.wireless.enable = true; + networking.networkmanager.enable = true; + networking.enableIPv6 = false; + + # Enable sound. + sound.enable = true; + hardware.pulseaudio.enable = true; + hardware.pulseaudio.support32Bit = true; + nixpkgs.config.pulseaudio = true; + + services.xserver.enable = true; + services.xserver.layout = "de"; + services.xserver.xkbOptions = "nodeadkeys"; + services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + + programs.fish = { + enable = true; + shellInit = '' + function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' + if begin + set -q SSH_AGENT_PID + and kill -0 $SSH_AGENT_PID + and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline + end + echo "ssh-agent running on pid $SSH_AGENT_PID" + else + eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') + end + set -l identity $HOME/.ssh/id_rsa + set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') + ssh-add -l | grep -q $fingerprint + or ssh-add $identity + end + ''; + promptInit = '' + function fish_prompt --description 'Write out the prompt' + set -l color_cwd + set -l suffix + set -l nix_shell_info ( + if test "$IN_NIX_SHELL" != "" + echo -n " <nix-shell>" + end + ) + switch "$USER" + case root toor + if set -q fish_color_cwd_root + set color_cwd $fish_color_cwd_root + else + set color_cwd $fish_color_cwd + end + set suffix '#' + case '*' + set color_cwd $fish_color_cwd + set suffix '>' + end + + echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " + end + ''; + }; + + nix.buildCores = 4; + + system.stateVersion = "19.09"; + +} diff --git a/mb/1systems/sunsh1n3/hardware-configuration.nix b/mb/1systems/sunsh1n3/hardware-configuration.nix new file mode 100644 index 000000000..2beee7c4f --- /dev/null +++ b/mb/1systems/sunsh1n3/hardware-configuration.nix @@ -0,0 +1,29 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/60A6-4DAB"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix index ab11495c8..3066d1c36 100644 --- a/mb/2configs/default.nix +++ b/mb/2configs/default.nix @@ -21,6 +21,29 @@ with import <stockholm/lib>; |