summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/external/default.nix84
-rw-r--r--krebs/3modules/lass/default.nix51
-rw-r--r--krebs/3modules/lass/ssh/xerxes.ed255191
-rw-r--r--krebs/3modules/lass/ssh/xerxes.rsa1
-rw-r--r--krebs/3modules/mb/default.nix26
-rw-r--r--krebs/nixpkgs.json6
-rw-r--r--lass/1systems/xerxes/config.nix35
-rw-r--r--lass/1systems/xerxes/icarus/config.nix33
-rw-r--r--lass/1systems/xerxes/icarus/physical.nix25
-rw-r--r--lass/1systems/xerxes/physical.nix86
-rw-r--r--mb/1systems/gr33n/configuration.nix14
-rw-r--r--mb/1systems/orange/configuration.nix7
-rw-r--r--mb/1systems/p1nk/configuration.nix4
-rw-r--r--mb/1systems/rofl/configuration.nix103
-rw-r--r--mb/1systems/sunsh1n3/configuration.nix181
-rw-r--r--mb/1systems/sunsh1n3/hardware-configuration.nix29
-rw-r--r--mb/2configs/default.nix23
-rw-r--r--mb/2configs/google-compute-config.nix231
-rw-r--r--mb/2configs/headless.nix25
-rw-r--r--mb/2configs/neovimrc446
-rw-r--r--mb/2configs/nvim.nix70
-rw-r--r--mb/2configs/qemu-guest.nix19
22 files changed, 1493 insertions, 7 deletions
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 1720811d9..5b602fc7d 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -229,6 +229,90 @@ in {
};
};
};
+ rose = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ retiolum = {
+ addrs = [
+ config.krebs.hosts.rose.nets.retiolum.ip4.addr
+ config.krebs.hosts.rose.nets.retiolum.ip6.addr
+ ];
+ ip4.addr = "10.243.29.178";
+ aliases = [ "rose.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA0h88uEcgVFhggGh3xqHySt8T+oDdoSN8ve4ZPmMzrGCD4dnlWcUO
+ 6uMiwE7XG667wvjB0J2RbCJ8n8/r6eQgp6sRfPzSQL/Mc74J+py+sOVOjjjL5wJX
+ btrYmASO3GKUSMhGmM0IiwHMIPrmUViaREDrweF3bUwK45d/ocqpBkc+nF27kksd
+ DMYjHMWRIkKuQaj592zo/kY1pAJ/yAvDPess0x1CLL6uDNbjTr2S/L7JHdzZs9Xq
+ 1+SGdVtqD0sWgSBKA0PC/Mi+Divd4PC1SoSL7wZRWD0Y2DNgj3+xUc7hAWRCw2Gs
+ 5wofK+qiwnyYAmeNYcyQfDLosKZF9hOM8U3UbxptkPLsOK3cfZoGoLQCuOryVDBe
+ 6GfJkJ49WfuSSNWs3WPWL6/6zmVPeGR0TvoMt02VQ3cKTmeIkWyTIzSVoC7wYv5D
+ Dl8Xt3aFr9UFI2GxenesViyuDLi8cy2fOsM3r+gowXQtgEKoXc9W2vyPwIIlcWUJ
+ QrKVsyNlkKKL0YjsnGazaEvqdiE30/Iq7f7VBnXnWXRLnZhr85HbTdDQnpT4GcEv
+ W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ
+ 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ martha = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ retiolum = {
+ addrs = [
+ config.krebs.hosts.martha.nets.retiolum.ip4.addr
+ config.krebs.hosts.martha.nets.retiolum.ip6.addr
+ ];
+ ip4.addr = "10.243.29.179";
+ aliases = [ "martha.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA3lR3Wup2yd9SYs9n9a7lq/jXxlKdwjgp9gPEirLn3/XCFM7NpLIp
+ LRm3Wdplv0NWim4zI3AsdGmUBrV3y0Ugj48Td4RpXlOiFjS8NHnvRbamCZF7m/pJ
+ 3T/QpQx98+QEKXb3gZ5aDGgcHLRbUYUBuwFOxAKaikuDe2qJxqXqOmA7RXZDkEqe
+ FrQE/H1/+8HqJ1vhgZKi3Vu7zLRB1EV8nggWFjQKR8o0AeViLwM3OxFtGyKTaXuK
+ WAQrvSdKQDpQwqAPogyeftGesOfW7z0xrelkux10p42YM9epYvZDFRG97/nupw/S
+ iYGiTTFDBDTzpyT3zl1uwhmQ3re/nJXf5e4fgnZEcsweU8ysHtDhbimqrm9impVn
+ XdKnnuNa9F8VlyHCT2pVC9+WDKDNtA2M8f+8lG8/hoJ7hhp5HhBZ3ncROyQqOg4F
+ e6YtaFidi+fYXjQkdUXHv5FCkqFJnoxZdI2vwqU2DumltG/o+qsksI2WSsLsuMVs
+ sa4KUq0+5OsmCJnIAKWV2YwbLVf1tJMjPGA0jQECrHPL6SKobRefqav6MPuTbytC
+ 4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM
+ mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ donna = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ retiolum = {
+ addrs = [
+ config.krebs.hosts.donna.nets.retiolum.ip4.addr
+ config.krebs.hosts.donna.nets.retiolum.ip6.addr
+ ];
+ ip4.addr = "10.243.29.180";
+ aliases = [ "donna.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAnv5zVPwjHk5Q72D3tv2rlQkp7SOsZD7Wvz8l1yI/mWkxoriJ9MVa
+ x8RziSB3KF8sF1lRWIKmuynkgLI3w0X/YFs/fAvtayxk6Qf8DOl23Vd8Is0h/i3I
+ 0fCmCEIHhHboKsREW6NxY7w5WAI2+SFNmGef1P7vzrAv7iLyPbo9nQ8wlrAmc+PJ
+ Ao3BOf4U7kP778fhsPA4dlGtF2v9CBhygeGVI/DQR8jcvzeiPd2Dr0k/JvrVMYtf
+ wJW4xUwZkIpws/yfI8b4VJOFl2X/Yw9712Z8Jvga0rR32OG4YbnggvuCMum1g94k
+ YwMjaSckv1XTalvPQuf1Od96XzwL2hjPFpEK3Tdl4AitMnArgj9HNzhcRL+eGonf
+ U24zk52OToHnoP3palNpodi7DziIBeXIaIMl7VMXku2ymbOUJsI6zeew+uZahJkv
+ QIWjxveQ8N40BoTc8Yg6pea1AId3l4f3brtwJbQOVbb3bVQ5VcrxM9Q/TBvyADYR
+ Knwszxw3uBw5Za1FMbwCPwd8/y/Ar19qGCx25xK0QnsyqZZT/cHsbBOTzh6BBWwI
+ IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7
+ awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
inspector = {
owner = config.krebs.users.Mic92;
nets = rec {
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index f4c8f5c6a..217edfdd1 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -393,6 +393,55 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
};
+ xerxes = {
+ cores = 2;
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.1.3";
+ ip6.addr = r6 "3";
+ aliases = [
+ "xerxes.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
+ MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk
+ gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W
+ /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb
+ mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO
+ X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj
+ +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim
+ hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9
+ 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4
+ H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5
+ JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4
+ hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe
+ SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo
+ 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe
+ vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3
+ Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO
+ scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv
+ jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ
+ Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u
+ /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0
+ bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ
+ sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ wiregrill = {
+ ip6.addr = w6 "3";
+ aliases = [
+ "xerxes.w"
+ ];
+ wireguard.pubkey = "UTm8B8YUVvBGqwwxAUMVFsVQFQGQ6jbcXAavZ8LxYT8=";
+ };
+ };
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
+ syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM";
+ };
red = {
monitoring = false;
cores = 1;
@@ -626,7 +675,7 @@ in {
};
lass-xerxes = {
mail = "lass@xerxes.r";
- pubkey = builtins.readFile ./ssh/xerxes.rsa;
+ pubkey = builtins.readFile ./ssh/xerxes.ed25519;
};
lass-daedalus = {
mail = "lass@daedalus.r";
diff --git a/krebs/3modules/lass/ssh/xerxes.ed25519 b/krebs/3modules/lass/ssh/xerxes.ed25519
new file mode 100644
index 000000000..87a40ca2a
--- /dev/null
+++ b/krebs/3modules/lass/ssh/xerxes.ed25519
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwCq56DGqj/kz8d8ax0xIl29jV9f3tUtDgtnCnS1b4q lass@xerxes
diff --git a/krebs/3modules/lass/ssh/xerxes.rsa b/krebs/3modules/lass/ssh/xerxes.rsa
deleted file mode 100644
index 2b5da7b25..000000000
--- a/krebs/3modules/lass/ssh/xerxes.rsa
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGjBN0aFs6GxNwMjCvlddbN6+vb6LZuWiWWe+wbAynaGuGbae0TXCLp0/eMNy7fH8poDjpdW9M4mKbBFKOqyG8WJLCPFoQw761tjKl1hccJn0hFSkQAEGKxtfzHlAl/Mz+59yvqNg7/WNSivv41hE7btYltzRy238VQDYFv2eLM7acyxrgGo7tWOtkbpfELj5cM8Qw1j3TF9bGV5pK6IOEtaHbmalS8Iiz77syAu+6E/y6zKBTtGMHI15l6RNJ/Y7A1LM/WwuNL+9dJMYWJFVHy3/4dpaxiioHREiSawUbz9wNHknCrT6vaPCIVVcujhz9Oee1C5UiYUyyfJrFYdlzaTg7FuLNIt2hKMY6NYx1D8/Pwpq1JOsaEfK/K5ytCgaJb115mRevcaUA5s7KYNWHmmZvy08JzCgSM6ZPRtfkQIcha77wVq6DugJ+KgBz+oADQRKiaMrumOMldd0B3q4Oxb71gDTE1XLAbWJnd/0Up1H5GAtZZUUrMUslZiU/23R6SOkyEMLWQTx/KgkWcz8DZLtib5o03uZpfJDVqp2CR+sjmy4x9aa+lSaOzuZP0KRyg+mOKl0o3zL7TNAzrzSCORVBg7nOh+0SPJkDxVRkc6dVY1L3ZOfdm2P/19fhWEr5ECgVrmYYKnDPwWY1iWJlZsiEc3Mj7KB1m44ov0FJg2hiNnydImqcXTCoszp515MBmeHnpqJsqEZuWS8dAnaEiOwZaSKIO1E7lQ7CoP86+eD4yAwLq6fb2tgjHT69LgDMaIha4hMfrO2o4UDVw9OZMfnPtyatI4pxplaQDoQM1p0dej0rZ7uxL1tfoKAyT0UCdtjhxfnNs0x1gOQbML4eGbqyKuyF82eOQRgKRDqH/tParoE4SRBVi7o3s0kILRmXA3ng3n1uhEiGwPTH8JsQ9huM+XOhH8+CzQeg4yb/jCrhsDzvLaW654+ouq9G+kjwqmO4vLNs5eZxfae84rppbS2MJqK1x8rkJixvKBKEfvYJOuDNV+hXyMbToaq8qtGy7cCSq4+UDio3DsSHY0Tpt9e+yEzoOOqFQLQyq6uHv/+u9MY+VADoa4N64U3S2SXul9tE3g6hOAY0F5BYMbxQSuj59kzwghlAmbsyWN2FCmWdsfCQkkZX7wCTj20DtZB/GdVSGNgHGAoU5JZrXKca3A2Yc9hzbYjyNYr0NmQ9NUbkbaOkcYJRIUXtS2OBOHP+FoUkkqL3ieKXR07l5xJbWLzbyVUxN9Zii4Baj5xnDO/RLZPDvTUxbER/0d1orMZztL2EKmfSn4j4uhWqpi04Rg9sWH+WVLAq22EKhAuqcFEOUimjcyZWYKxcAq5Z51NJNBQB7euz55eCJUZkBUYEpNuYr0UDlmBxKB2r6ZWDeNXT7eLxBdwDHCHSqXV7qOG1vMhHtjbbxmQMnkQ4InhO9TdpaN3tj67nGmc6hhgYO4b7NvyL1/pvDPrHrR/3GzkDkwqvt3uESdVdqAJSCk6gFh9V1aGs= lass@xerxes
diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix
index e77811f08..31e01c4ab 100644
--- a/krebs/3modules/mb/default.nix
+++ b/krebs/3modules/mb/default.nix
@@ -36,6 +36,32 @@ in {
};
};
};
+ rofl = {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.42.43";
+ aliases = [
+ "rofl.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnysdVVwxkmSroNUleYZm
+ xdaIB9EdZYCo2xj3WyhsD2lWMpj51FzSH6Y052Vy1V1TCuIXIwjidpmMohBvflG8
+ txKCaBGQOZbVqRgzyCDXsNisbr05ayYuHcRrXTpn5ask4HN0Vtx2uJOn8YmOxA0D
+ VhyEnf8xWu+vi8dwDqRVR17QnPBYqgenzIBmAuRngvNqg6WZg+E9X2e1Dco/PMzb
+ VW0AgC2+zFCl4+G7dEW7uhsI6IJLy4LsJuEN4TlvWAf7tfdFEnBzTfODW8quGdts
+ 1Yzah4svPNNt9F1ZhOR/1bDsfVoOjI76BgB0G+ZZPQAGV1zxgn8DXSKi/tJTLNu1
+ vj/n9sUJfXMYQdTAOkABghCyEDFUspPKCffQqUXUcJbLKY9fNssGGBeanMsobUQC
+ Ch9z7kIJ52JDcP/D58z9Yf62P5ENqXzeVPCcodIOey1EizOu/FH3jVo52we1M5sp
+ 1iM4hMc3ZINUBI9AA1nLWWlB3lBnErAXrhmMMHjcO4nO7/M0YU+EalkDB5eIhqiH
+ QJx7VnOE2UZYU9Y0vVNSWfYocU12aABK98T7lr5Tde4dI1J81sk2MUZcbNHger3f
+ NxpvNzOBpeC5xvq/ENCRR7MDf/59xWW5P5N7PbGprLQAi8cfdSoIEhSPz17Taq1f
+ 3aAAePgBsZvRQozxXZfqp58CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
p1nk = {
nets = {
retiolum = {
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 4118a1dd6..7363507ad 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "d77e3bd661354ea775a8cacc97bb59ddde513c09",
- "date": "2019-06-18T23:08:17+02:00",
- "sha256": "1m82zs00n6nc0pkdpmd9amm013qxwksjfhzcm6gck3p469q7n866",
+ "rev": "754763ff4ba1dd03fe3fad3a0fea36d2e39f5860",
+ "date": "2019-07-05T14:34:03+02:00",
+ "sha256": "10752kda1rzljlpcchi826hmbc8853vnbg9rkh7s89mxq6yjnm15",
"fetchSubmodules": false
}
diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix
new file mode 100644
index 000000000..b393f203d
--- /dev/null
+++ b/lass/1systems/xerxes/config.nix
@@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/lass>
+
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/baseX.nix>
+ <stockholm/lass/2configs/browsers.nix>
+ <stockholm/lass/2configs/programs.nix>
+ <stockholm/lass/2configs/network-manager.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/games.nix>
+ <stockholm/lass/2configs/steam.nix>
+ <stockholm/lass/2configs/wine.nix>
+ <stockholm/lass/2configs/fetchWallpaper.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/pass.nix>
+ <stockholm/lass/2configs/mail.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.xerxes;
+
+ services.xserver = {
+ displayManager.lightdm.autoLogin.enable = true;
+ displayManager.lightdm.autoLogin.user = "lass";
+ };
+
+ boot.blacklistedKernelModules = [
+ "xpad"
+ ];
+
+ lass.screenlock.enable = lib.mkForce false;
+}
diff --git a/lass/1systems/xerxes/icarus/config.nix b/lass/1systems/xerxes/icarus/config.nix
new file mode 100644
index 000000000..dada4949e
--- /dev/null
+++ b/lass/1systems/xerxes/icarus/config.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/lass>
+
+ <stockholm/lass/2configs/mouse.nix>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/git.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/baseX.nix>
+ #<stockholm/lass/2configs/browsers.nix>
+ <stockholm/lass/2configs/programs.nix>
+ <stockholm/lass/2configs/fetchWallpaper.nix>
+ <stockholm/lass/2configs/games.nix>
+ <stockholm/lass/2configs/bitcoin.nix>
+ <stockholm/lass/2configs/wine.nix>
+ #<stockholm/lass/2configs/blue-host.nix>
+ #<stockholm/lass/2configs/xtreemfs.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
+ #<stockholm/lass/2configs/prism-share.nix>
+ <stockholm/lass/2configs/ssh-cryptsetup.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.icarus;
+
+ environment.systemPackages = with pkgs; [
+ macchanger
+ nix-review
+ ];
+ programs.adb.enable = true;
+}
diff --git a/lass/1systems/xerxes/icarus/physical.nix b/lass/1systems/xerxes/icarus/physical.nix
new file mode 100644
index 000000000..e9e09bc05
--- /dev/null
+++ b/lass/1systems/xerxes/icarus/physical.nix
@@ -0,0 +1,25 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/coreboot.nix>
+ ];
+
+ fileSystems = {
+ "/bku" = {
+ device = "/dev/mapper/pool-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+ '';
+
+ services.thinkfan.enable = true;
+ services.tlp.extraConfig = ''
+ START_CHARGE_THRESH_BAT0=80
+ '';
+}
diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix
new file mode 100644
index 000000000..f88578e19
--- /dev/null
+++ b/lass/1systems/xerxes/physical.nix
@@ -0,0 +1,86 @@
+{ pkgs, lib, ... }:
+{
+ imports = [
+ ./config.nix
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ boot.zfs.enableUnstable = true;
+ boot.loader.grub = {
+ enable = true;
+ device = "/dev/sda";
+ efiSupport = true;
+ };
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ # TODO fix touchscreen
+ boot.blacklistedKernelModules = [
+ "goodix"
+ ];
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.initrd.luks.devices.crypted.device = "/dev/sda3";
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+ boot.kernelParams = [
+ "fbcon=rotate:1"
+ "boot.shell_on_fail"
+ ];
+
+ services.xserver.displayManager.sessionCommands = ''
+ (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP-1 --rotate right)
+ (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1)
+ '';
+
+ fileSystems."/" = {
+ device = "rpool/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/home" = {
+ device = "rpool/home";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/E749-784C";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+
+ boot.extraModprobeConfig = ''
+ options zfs zfs_arc_max=1073741824
+ '';
+
+ nix.maxJobs = lib.mkDefault 4;
+
+ networking.hostId = "9b0a74ac";
+ networking.networkmanager.enable = true;
+
+ hardware.opengl.enable = true;
+
+ services.tlp.enable = true;
+ services.tlp.extraConfig = ''
+ CPU_SCALING_GOVERNOR_ON_AC=ondemand
+ CPU_SCALING_GOVERNOR_ON_BAT=powersave
+ CPU_MIN_PERF_ON_AC=0
+ CPU_MAX_PERF_ON_AC=100
+ CPU_MIN_PERF_ON_BAT=0
+ CPU_MAX_PERF_ON_BAT=30
+ '';
+
+ services.logind.extraConfig = ''
+ HandlePowerKey=suspend
+ IdleAction=suspend
+ IdleActionSec=300
+ '';
+
+ services.xserver.extraConfig = ''
+ Section "Device"
+ Identifier "Intel Graphics"
+ Driver "Intel"
+ Option "TearFree" "true"
+ EndSection
+ '';
+}
diff --git a/mb/1systems/gr33n/configuration.nix b/mb/1systems/gr33n/configuration.nix
index 4342ba0e2..dcf987791 100644
--- a/mb/1systems/gr33n/configuration.nix
+++ b/mb/1systems/gr33n/configuration.nix
@@ -62,6 +62,7 @@ in {
wcalc
wget
xz
+ zbackup
];
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
@@ -71,6 +72,19 @@ in {
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
+ services.codimd = {
+ enable = true;
+ workDir = "/storage/codimd";
+ configuration = {
+ port = 1337;
+ host = "0.0.0.0";
+ db = {
+ dialect = "sqlite";
+ storage = "/storage/codimd/db.codimd.sqlite";
+ };
+ };
+ };
+
networking.wireless.enable = false;
networking.networkmanager.enable = false;
krebs.iptables.enable = true;
diff --git a/mb/1systems/orange/configuration.nix b/mb/1systems/orange/configuration.nix
index 3e90f89a2..b43bd8a0f 100644
--- a/mb/1systems/orange/configuration.nix
+++ b/mb/1systems/orange/configuration.nix
@@ -5,6 +5,7 @@ in {
[ # Include the results of the hardware scan.
./hardware-configuration.nix
<stockholm/mb>
+ <stockholm/mb/2configs/nvim.nix>
];
krebs.build.host = config.krebs.hosts.orange;
@@ -124,15 +125,19 @@ in {
unstable.ponyc
unstable.sublime3
unstable.youtube-dl
- vim
virt-viewer
virtmanager
vulnix
wcalc
wget
xz
+ zbackup
];
+ environment.variables = {
+ EDITOR = ["nvim"];
+ };
+
environment.shellAliases = {
ll = "ls -alh";
ls = "ls --color=tty";
diff --git a/mb/1systems/p1nk/configuration.nix b/mb/1systems/p1nk/configuration.nix
index 905630e78..19efc75b0 100644
--- a/mb/1systems/p1nk/configuration.nix
+++ b/mb/1systems/p1nk/configuration.nix
@@ -5,6 +5,7 @@ in {
[ # Include the results of the hardware scan.
./hardware-configuration.nix
<stockholm/mb>
+ <stockholm/mb/2configs/nvim.nix>
];
krebs.build.host = config.krebs.hosts.p1nk;
@@ -118,13 +119,13 @@ in {
unstable.ponyc
unstable.sublime3
youtube-dl
- vim
virt-viewer
virtmanager
vulnix
wcalc
wget
xz
+ zbackup
];
environment.shellAliases = {
@@ -159,6 +160,7 @@ in {
};
};
windowManager.ratpoison.enable = true;
+ windowManager.pekwm.enable = true;
};
services.openssh.enable = true;
diff --git a/mb/1systems/rofl/configuration.nix b/mb/1systems/rofl/configuration.nix
new file mode 100644
index 000000000..3c5c56c84
--- /dev/null
+++ b/mb/1systems/rofl/configuration.nix
@@ -0,0 +1,103 @@
+{ config, pkgs, callPackage, ... }: let
+ unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
+in {
+ imports =
+ [ # Include the results of the hardware scan.
+ <stockholm/mb/2configs/google-compute-config.nix>
+ <stockholm/mb>
+ ];
+
+ krebs.build.host = config.krebs.hosts.rofl;
+
+ i18n = {
+ consoleFont = "Lat2-Terminus16";
+ consoleKeyMap = "de";
+ defaultLocale = "en_US.UTF-8";
+ };
+
+ time.timeZone = "Europe/Berlin";
+
+ nixpkgs.config.allowUnfree = true;
+
+ environment.shellAliases = {
+ ll = "ls -alh";
+ ls = "ls --color=tty";
+ };
+
+ environment.systemPackages = with pkgs; [
+ curl
+ fish
+ git
+ htop
+ nmap
+ ranger
+ tcpdump
+ tmux
+ traceroute
+ tree
+ vim
+ xz
+ zbackup
+ ];
+
+ sound.enable = false;
+
+ services.openssh.enable = true;
+ services.openssh.passwordAuthentication = false;
+
+ networking.wireless.enable = false;
+ networking.networkmanager.enable = false;
+ krebs.iptables.enable = true;
+ networking.enableIPv6 = false;
+
+ programs.fish = {
+ enable = true;
+ shellInit = ''
+ function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
+ if begin
+ set -q SSH_AGENT_PID
+ and kill -0 $SSH_AGENT_PID
+ and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
+ end
+ echo "ssh-agent running on pid $SSH_AGENT_PID"
+ else
+ eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
+ end
+ set -l identity $HOME/.ssh/id_rsa
+ set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
+ ssh-add -l | grep -q $fingerprint
+ or ssh-add $identity
+ end
+ '';
+ promptInit = ''
+ function fish_prompt --description 'Write out the prompt'
+ set -l color_cwd
+ set -l suffix
+ set -l nix_shell_info (
+ if test "$IN_NIX_SHELL" != ""
+ echo -n " <nix-shell>"
+ end
+ )
+ switch "$USER"
+ case root toor
+ if set -q fish_color_cwd_root
+ set color_cwd $fish_color_cwd_root
+ else
+ set color_cwd $fish_color_cwd
+ end
+ set suffix '#'
+ case '*'
+ set color_cwd $fish_color_cwd
+ set suffix '>'
+ end
+
+ echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
+ end
+ '';
+ };
+
+ system.autoUpgrade.enable = false;
+ system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
+ system.stateVersion = "19.03";
+
+}
diff --git a/mb/1systems/sunsh1n3/configuration.nix b/mb/1systems/sunsh1n3/configuration.nix
new file mode 100644
index 000000000..633d122ea
--- /dev/null
+++ b/mb/1systems/sunsh1n3/configuration.nix
@@ -0,0 +1,181 @@
+
+{ config, pkgs, ... }: let
+ unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
+in {
+ imports =
+ [ # Include the results of the hardware scan.
+ ./hardware-configuration.nix
+ <stockholm/mb>
+ ];
+
+ krebs.build.host = config.krebs.hosts.sunsh1n3;
+
+ boot.kernelPackages = pkgs.linuxPackages_latest;
+
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
+
+ boot.initrd.luks.devices = [
+ {
+ name = "root";
+ device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21";
+ preLVM = true;
+ allowDiscards = true;
+ }
+ ];
+
+ i18n = {
+ consoleFont = "Lat2-Terminus16";
+ consoleKeyMap = "de";
+ defaultLocale = "en_US.UTF-8";
+ };
+
+ time.timeZone = "Europe/Berlin";
+
+ nixpkgs.config.packageOverrides = super : {
+ openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; };
+ };
+
+ nixpkgs.config.allowUnfree = true;
+
+ fonts = {
+ enableCoreFonts = true;
+ enableGhostscriptFonts = true;
+ fonts = with pkgs; [
+ anonymousPro
+ corefonts
+ dejavu_fonts
+ envypn-font
+ fira
+ gentium
+ gohufont
+ inconsolata
+ liberation_ttf
+ powerline-fonts
+ source-code-pro
+ terminus_font
+ ttf_bitstream_vera
+ ubuntu_font_family
+ unifont
+ unstable.cherry
+ xorg.fontbitstream100dpi
+ xorg.fontbitstream75dpi
+ xorg.fontbitstreamtype1
+ ];
+ };
+
+ environment.systemPackages = with pkgs; [
+ wget vim git curl fish
+ ag
+ chromium
+ firefox
+ gimp
+ p7zip
+ htop
+ mpv
+ mpvc
+ nmap
+ ntfs3g
+ keepassx2
+ sshfs
+ #unstable.skrooge
+ skrooge
+ unstable.alacritty
+ tmux
+ tree
+ wcalc
+ virtmanager
+ virt-viewer
+ (wine.override { wineBuild = "wineWow"; })
+ xz
+ zbackup
+ ];
+
+ virtualisation.libvirtd.enable = true;
+ virtualisation.kvmgt.enable = true;
+
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ # programs.mtr.enable = true;
+
+ programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+ programs.dconf.enable = true;
+
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+ services.openssh.passwordAuthentication = false;
+
+ krebs.iptables.enable = true;
+ #networking.wireless.enable = true;
+ networking.networkmanager.enable = true;
+ networking.enableIPv6 = false;
+
+ # Enable sound.
+ sound.enable = true;
+ hardware.pulseaudio.enable = true;
+ hardware.pulseaudio.support32Bit = true;
+ nixpkgs.config.pulseaudio = true;
+
+ services.xserver.enable = true;
+ services.xserver.layout = "de";
+ services.xserver.xkbOptions = "nodeadkeys";
+ services.xserver.libinput.enable = true;
+
+ # Enable the KDE Desktop Environment.
+ services.xserver.displayManager.sddm.enable = true;
+ services.xserver.desktopManager.plasma5.enable = true;
+
+ programs.fish = {
+ enable = true;
+ shellInit = ''
+ function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
+ if begin
+ set -q SSH_AGENT_PID
+ and kill -0 $SSH_AGENT_PID
+ and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
+ end
+ echo "ssh-agent running on pid $SSH_AGENT_PID"
+ else
+ eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
+ end
+ set -l identity $HOME/.ssh/id_rsa
+ set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
+ ssh-add -l | grep -q $fingerprint
+ or ssh-add $identity
+ end
+ '';
+ promptInit = ''
+ function fish_prompt --description 'Write out the prompt'
+ set -l color_cwd
+ set -l suffix
+ set -l nix_shell_info (
+ if test "$IN_NIX_SHELL" != ""
+ echo -n " <nix-shell>"
+ end
+ )
+ switch "$USER"
+ case root toor
+ if set -q fish_color_cwd_root
+ set color_cwd $fish_color_cwd_root
+ else
+ set color_cwd $fish_color_cwd
+ end
+ set suffix '#'
+ case '*'
+ set color_cwd $fish_color_cwd
+ set suffix '>'
+ end
+
+ echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
+ end
+ '';
+ };
+
+ nix.buildCores = 4;
+
+ system.stateVersion = "19.09";
+
+}
diff --git a/mb/1systems/sunsh1n3/hardware-configuration.nix b/mb/1systems/sunsh1n3/hardware-configuration.nix
new file mode 100644
index 000000000..2beee7c4f
--- /dev/null
+++ b/mb/1systems/sunsh1n3/hardware-configuration.nix
@@ -0,0 +1,29 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+ imports =
+ [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/60A6-4DAB";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix
index ab11495c8..3066d1c36 100644
--- a/mb/2configs/default.nix
+++ b/mb/2configs/default.nix
@@ -21,6 +21,29 @@ with import <stockholm/lib>;