diff options
30 files changed, 217 insertions, 189 deletions
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index f56f6045a..4c25bc963 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -54,6 +54,9 @@ with import <stockholm/lib>; config.krebs.users.tv.pubkey ]; + # enable documentation for our modules + documentation.nixos.includeAllModules = true; + # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "17.03"; } diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 0ac9d3350..4ac6e30ee 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -45,7 +45,7 @@ let Nick Name for hub ''; type = str; - default = cfg.Nick; + default = cfg.dcpp.Nick; }; Password = mkOption { description = '' diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 910324f3c..c5cb1cae6 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -14,7 +14,7 @@ let default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { - enable = mkEnableOption "krebs.backup.${config.name}" // { + enable = mkEnableOption "krebs.backup.${config._module.args.name}" // { default = true; }; method = mkOption { @@ -23,6 +23,7 @@ let name = mkOption { type = types.str; default = config._module.args.name; + defaultText = "‹name›"; }; src = mkOption { type = types.krebs.file-location; diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 051646b63..c374aa9af 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -58,6 +58,7 @@ let permissions will be set to 755 ''; default = config.users.extraUsers.bepasty.home; + defaultText = "<literal>\${config.users.extraUsers.bepasty.home}</literal>"; }; dataDir = mkOption { @@ -67,6 +68,7 @@ let /var/lib/bepasty-server/data ''; default = "${config.users.extraUsers.bepasty.home}/data"; + defaultText = "<literal>\${config.users.extraUsers.bepasty.home}/data</literal>"; }; extraConfig = mkOption { diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 904deb164..5f961617f 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -10,7 +10,7 @@ with import <stockholm/lib>; }; profile = mkOption { - type = types.absolute-path; + type = types.absolute-pathname; default = "/nix/var/nix/profiles/system"; }; diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index a845bb281..e55bd95ea 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -137,7 +137,7 @@ let type = types.listOf types.str; example = [ "cac.json" ]; description = '' - List of all the secrets in <secrets> which should be copied into the + List of all the secrets in ‹secrets› which should be copied into the buildbot master directory. ''; }; diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index c5969caac..4eb1d6411 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -31,6 +31,7 @@ let owner.name = "exim"; source-path = toString <secrets> + "/${config.domain}.dkim.priv"; }; + defaultText = "‹secrets/‹domain›.dkim.priv›"; }; selector = mkOption { type = types.str; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 0aa1ae0f2..1bfd58e31 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -53,7 +53,7 @@ let control system, using a built in cache to decrease pressure on the git server. cgit in this module is being served via fastcgi nginx.This module - deploys a http://cgit.<hostname> nginx configuration and enables nginx + deploys a http://cgit.‹hostname› nginx configuration and enables nginx if not yet enabled. ''; }; @@ -207,7 +207,7 @@ let List of users that should be able to do everything with this repo. This option is currently not used by krebs.git but instead can be - used to create rules. See e.g. <stockholm/lass/2configs/git.nix> for + used to create rules. See e.g. ‹stockholm/lass/2configs/git.nix› for an example. ''; }; @@ -222,6 +222,7 @@ let path = mkOption { type = types.str; default = "${cfg.dataDir}/${config.name}"; + defaultText = "${cfg.dataDir}/‹reponame›"; description = '' An absolute path to the repository directory. For non-bare repositories this is the .git-directory. @@ -237,6 +238,7 @@ let url = mkOption { type = types.str; default = config.name; + defaultText = "‹reponame›"; description = '' The relative url used to access the repository. ''; @@ -249,7 +251,7 @@ let List of users that should be able to fetch from this repo. This option is currently not used by krebs.git but instead can be - used to create rules. See e.g. <stockholm/tv/2configs/git.nix> for + used to create rules. See e.g. ‹stockholm/tv/2configs/git.nix› for an example. ''; }; @@ -258,6 +260,7 @@ let description = '' Repository name. ''; + defaultText = "‹reponame›"; }; hooks = mkOption { type = types.attrsOf types.str; diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index d385ec355..9421576df 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -18,10 +18,12 @@ let srcDir = mkOption { type = types.str; default = "${config.krebs.tinc.retiolum.confDir}/hosts"; + defaultText = "\${config.krebs.tinc.retiolum.confDir}/hosts"; }; ssh-identity-file = mkOption { type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"]; default = toString <secrets/github-hosts-sync.ssh.id_ed25519>; + defaultText = "‹secrets/github-hosts-sync.ssh.id_ed25519›"; }; url = mkOption { type = types.str; diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix index 39b9722ec..d30b41ee5 100644 --- a/krebs/3modules/github-known-hosts.nix +++ b/krebs/3modules/github-known-hosts.nix @@ -2,8 +2,8 @@ services.openssh.knownHosts.github = { hostNames = [ "github.com" - # List generated with - # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R . + # List generated with (IPv6 addresses are currently ignored): + # curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | nix-shell -p cidr2glob --run cidr2glob | jq -R . "192.30.252.*" "192.30.253.*" "192.30.254.*" @@ -28,6 +28,22 @@ "140.82.125.*" "140.82.126.*" "140.82.127.*" + "143.55.64.*" + "143.55.65.*" + "143.55.66.*" + "143.55.67.*" + "143.55.68.*" + "143.55.69.*" + "143.55.70.*" + "143.55.71.*" + "143.55.72.*" + "143.55.73.*" + "143.55.74.*" + "143.55.75.*" + "143.55.76.*" + "143.55.77.*" + "143.55.78.*" + "143.55.79.*" "13.114.40.48" "52.192.72.89" "52.69.186.44" @@ -44,6 +60,9 @@ "18.228.52.138" "18.228.67.229" "18.231.5.6" + "20.201.28.151" + "20.205.243.166" + "102.133.202.242" "18.181.13.223" "54.238.117.237" "54.168.17.15" @@ -60,6 +79,9 @@ "54.233.131.104" "18.231.104.233" "18.228.167.86" + "20.201.28.152" + "20.205.243.160" + "102.133.202.246" ]; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; }; diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 063bccc68..517dad76f 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -13,7 +13,7 @@ let default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { - enable = mkEnableOption "krebs.htgen-${config.name}"; + enable = mkEnableOption "krebs.htgen-${config._module.args.name}"; name = mkOption { type = types.username; @@ -38,6 +38,10 @@ let name = "htgen-${config.name}"; home = "/var/lib/htgen-${config.name}"; }; + defaultText = { + name = "htgen-‹name›"; + home = "/var/lib/htgen-‹name›"; + }; }; }; })); diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index ec499d63d..776b893f5 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -39,7 +39,10 @@ in { cores = 4; nets = { shack = { - ip4.addr = "10.42.0.50" ; + ip4 = { + addr = "10.42.0.50" ; + prefix = "10.42.0.0/16"; + }; aliases = [ "filebitch.shack" ]; @@ -158,6 +161,7 @@ in { }; puyak = { ci = true; + cores = 4; nets = { retiolum = { ip4.addr = "10.243.77.2"; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index e96b4d8be..1f118b8b0 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -14,7 +14,47 @@ in { dns.providers = { "lassul.us" = "zones"; }; - hosts = mapAttrs hostDefaults { + hosts = mapAttrs (_: recursiveUpdate { + owner = config.krebs.users.lass; + ci = true; + monitoring = true; + }) { + dishfire = { + cores = 4; + nets = rec { + internet = { + ip4 = rec { + addr = "157.90.232.92"; + prefix = "${addr}/32"; + }; + aliases = [ + "dishfire.i" + ]; + ssh.port = 45621; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.133.99"; + ip6.addr = r6 "d15f:1233"; + aliases = [ + "dishfire.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs + Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 + uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK + R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd + vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U + HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.port = 655; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; + }; prism = rec { cores = 4; extraZones = { @@ -54,7 +94,10 @@ in { }; nets = rec { internet = { - ip4.addr = "95.216.1.150"; + ip4 = { + addr = "95.216.1.150"; + prefix = "0.0.0.0/0"; + }; aliases = [ "prism.i" "paste.i" diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index fcc453fa4..26aac5d5a 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -26,11 +26,13 @@ with import <stockholm/lib>; }; stateDir = mkOption { default = "/var/lib/${self.config.username}"; + defaultText = "/var/lib/‹username›"; readOnly = true; type = types.absolute-pathname; }; systemd-service-name = mkOption { default = "reaktor2${optionalString (name != "default") "-${name}"}"; + defaultText = "reaktor2-‹name› or just reaktor2 if ‹name› is \"default\""; type = types.filename; }; sendDelaySec = mkOption { @@ -39,6 +41,7 @@ with import <stockholm/lib>; }; username = mkOption { default = self.config.systemd-service-name; + defaultText = "‹systemd-service-name›"; type = types.username; }; useTLS = mkOption { diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index e5566f329..4a96f6203 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -96,7 +96,7 @@ let basic authentication to be used. If unset, no authentication will be enabled. - Refer to `services.nginx.virtualHosts.<name>.basicAuth` + Refer to `services.nginx.virtualHosts.‹name›.basicAuth` ''; default = {}; }; diff --git a/krebs/3modules/shadow.nix b/krebs/3modules/shadow.nix index 9505efb0c..f056cfd8e 100644 --- a/krebs/3modules/shadow.nix +++ b/krebs/3modules/shadow.nix @@ -55,11 +55,11 @@ in { The overrides file may contain either regular shadow(5) entries like: - <code><login-name>:<hashed-password>:1::::::</code> + <code>‹login-name›:‹hashed-password›:1::::::</code> Or shortened entries only containing login name and password like: - <code><login-name>:<hashed-password></code> + <code>‹login-name›:‹hashed-password›</code> ''; type = types.nullOr (types.either types.path types.absolute-pathname); }; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 2c19aefdb..898b5e8c3 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -81,9 +81,16 @@ let ''} ${tinc.config.tincUpExtra} ''; + defaultText = '' + ip -4 addr add ‹net.ip4.addr› dev ${netname} + ip -4 route add ‹net.ip4.prefix› dev ${netname} + ip -6 addr add ‹net.ip6.addr› dev ${netname} + ip -6 route add ‹net.ip6.prefix› dev ${netname} + ${tinc.config.tincUpExtra} + ''; description = '' tinc-up script to be used. Defaults to setting the - krebs.host.nets.<netname>.ip4 and ip6 for the new ips and + krebs.host.nets.‹netname›.ip4 and ip6 for the new ips and configures forwarding of the respecitive netmask as subnet. ''; }; @@ -103,6 +110,7 @@ let type = with types; attrsOf host; default = filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts; + defaultText = "‹all-hosts-of-‹netname››"; description = '' Hosts to generate <literal>config.krebs.tinc.retiolum.hostsPackage</literal>. Note that these hosts must have a network named @@ -138,9 +146,10 @@ let '') tinc.config.hosts)} ''; }; + defaultText = "‹netname›-tinc-hosts"; description = '' Package of tinc host configuration files. By default, a package will - be generated from <literal>config.krebs.${tinc.config.netname}.hosts</literal>. This + be generated from <literal>config.krebs.‹netname›.hosts</literal>. This option's main purpose is to expose the generated hosts package to other modules, like <literal>config.krebs.tinc_graphs</literal>. But it can also be used to provide a custom hosts directory. @@ -168,6 +177,7 @@ let owner = tinc.config.user; source-path = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv"; }; + defaultText = "‹secrets/‹netname›.rsa_key.priv›"; }; privkey_ed25519 = mkOption { @@ -179,11 +189,12 @@ let owner = tinc.config.user; source-path = toString <secrets> + "/${tinc.config.netname}.ed25519_key.priv"; }; + defaultText = "‹secrets/‹netname›.ed25519_key.priv›"; }; connectTo = mkOption { type = types.listOf types.str; - ${if tinc.config.netname == "retiolum" then "default" else null} = [ + ${if netname == "retiolum" then "default" else null} = [ "gum" "ni" "prism" @@ -194,8 +205,10 @@ let routeable IPv4 or IPv6 address. In stockholm this can be done by configuring: - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; + { + krebs.hosts.‹host›.nets.‹netname›.via.ip4.addr = external-ip; + krebs.hosts.‹host›.nets.‹netname›.tinc.port = 1655; + } ''; }; @@ -205,6 +218,10 @@ let name = tinc.config.netname; home = "/var/lib/${tinc.config.user.name}"; }; + defaultText = { + name = "‹netname›"; + home = "/var/lib/‹netname›"; + }; }; }; })); diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 19cce8aa4..7a414e6e3 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -24,6 +24,7 @@ let type = types.str; description = "Path to Hosts directory"; default = "${config.krebs.tinc.retiolum.hostsPackage}"; + defaultText = "\${config.krebs.tinc.retiolum.hostsPackage}"; }; network = mkOption { @@ -68,6 +69,7 @@ let Defaults to the new users home dir which defaults to /var/cache/tinc_graphs''; default = config.users.extraUsers.tinc_graphs.home; + defaultText = "<literal>\${config.users.extraUsers.tinc_graphs.home}</literal>"; }; timerConfig = mkOption { diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix index 2291132ba..c1d8fa3da 100644 --- a/krebs/5pkgs/override/default.nix +++ b/krebs/5pkgs/override/default.nix @@ -20,7 +20,7 @@ self: super: { "0.10.1" = [ ./flameshot/flameshot_imgur_0.9.0.patch ]; - }.${old.version}; + }.${old.version} or []; }); # https://github.com/proot-me/PRoot/issues/106 diff --git a/krebs/5pkgs/simple/ircaids/default.nix b/krebs/5pkgs/simple/ircaids/default.nix index 61d3ee31c..a070cf948 100644 --- a/krebs/5pkgs/simple/ircaids/default.nix +++ b/krebs/5pkgs/simple/ircaids/default.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { pkgs.netcat pkgs.nettools pkgs.openssl - pkgs.utillinux + pkgs.unixtools.getopt ]}; ' $out/bin/ircsink ''; diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 594147405..da23245ae 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175", - "date": "2021-11-01T19:42:18+01:00", - "path": "/nix/store/ccfd4ijkp4rn018sjghkhn4a7gkdq84l-nixpkgs", - "sha256": "1q7n9rk4i8ky2xxiymm72cfq1xra3ss3vkhbwf60rhiblslldgqg", + "rev": "715f63411952c86c8f57ab9e3e3cb866a015b5f2", + "date": "2021-11-17T14:17:56+01:00", + "path": "/nix/store/85yrz3ygrzkgw87fp3j42i1i9f4vf0n0-nixpkgs", + "sha256": "152kxfk11mgwg8gx0s1rgykyydfb7s746yfylvbwk5mk5cv4z9nv", + "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 8bfd16523..d6d70faf6 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f", - "date": "2021-10-31T15:33:08-07:00", - "path": "/nix/store/60dqlv3rf8dyf041qwx2bblmpd7mp7q6-nixpkgs", - "sha256": "150rrksrjf6w9m3c1ll04xilpglysklfpi636rxwyy318g5xss55", + "rev": "24528474d2b3370f2f23879a557ae2cc92a5d50b", + "date": "2021-11-19T11:04:27+01:00", + "path": "/nix/store/f435816nqq7y14ar1haadw228nbxnh33-nixpkgs", + "sha256": "0pdmqzk1l7cwwfp005kzv0dwnmg8xnskzc745052gdxp8pzh1w45", + "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix new file mode 100644 index 000000000..b814d7188 --- /dev/null +++ b/lass/1systems/dishfire/config.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.dishfire; +} diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix new file mode 100644 index 000000000..ca013132f --- /dev/null +++ b/lass/1systems/dishfire/physical.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + ./config.nix + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + boot.loader.grub.devices = [ "/dev/sda" ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd"; + fsType = "ext4"; + }; + + swapDevices = [ ]; +} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 95b688590..88ac90de4 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -183,35 +183,6 @@ with import <stockholm/lib>; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; - lass.restic = genAttrs [ - "daedalus" - "icarus" - "littleT" - "prism" - "shodan" - "skynet" - ] (dest: { - dirs = [ - "/home/lass/src" - "/home/lass/work" - "/home/lass/.gnupg" - "/home/lass/Maildir" - "/home/lass/stockholm" - "/home/lass/.password-store" - "/home/bitcoin" - "/home/bch" - ]; - passwordFile = (toString <secrets>) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/mors"; - #sshPrivateKey = config.krebs.build.host.ssh.privkey.path; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }); virtualisation.libvirtd.enable = true; services.earlyoom = { diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 91922e5c9..c3fbc2093 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -215,6 +215,8 @@ with import <stockholm/lib>; noipv4ll ''; + documentation.nixos.includeAllModules = true; + # use 24:00 time format, the default got sneakily changed around 20.03 i18n.defaultLocale = mkDefault "C.UTF-8"; time.timeZone = mkDefault"Europe/Berlin"; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 1ce88b238..570bb45be 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -9,7 +9,6 @@ _: ./news.nix ./nichtparasoup.nix ./pyload.nix - ./restic.nix ./screenlock.nix ./usershadow.nix ./xjail.nix diff --git a/lass/3modules/restic.nix b/lass/3modules/restic.nix deleted file mode 100644 index c720793b1..000000000 --- a/lass/3modules/restic.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ - options.lass.restic = mkOption { - type = types.attrsOf (types.submodule ({ config, ... }: { - options = { - name = mkOption { - type = types.str; - default = config._module.args.name; - }; - passwordFile = mkOption { - type = types.str; - default = toString <secrets/restic-password>; - description = '' - read the repository password from a file. - ''; - example = "/etc/nixos/restic-password"; - - }; - repo = mkOption { - type = types.str; - default = "sftp:backup@prism.r:/backups/${config.name}"; - description = '' - repository to backup to. - ''; - example = "sftp:backup@192.168.1.100:/backups/${config.name}"; - }; - dirs = mkOption { - type = types.listOf types.str; - default = []; - description = '' - which directories to backup. - ''; - example = [ - "/var/lib/postgresql" - "/home/user/backup" - ]; - }; - timerConfig = mkOption { |