diff options
-rw-r--r-- | krebs/3modules/urlwatch.nix | 3 | ||||
-rw-r--r-- | makefu/1systems/pnp.nix | 17 | ||||
-rw-r--r-- | makefu/1systems/pornocauster.nix | 45 | ||||
-rw-r--r-- | makefu/1systems/repunit.nix | 3 | ||||
-rw-r--r-- | makefu/1systems/tsp.nix | 15 | ||||
-rw-r--r-- | makefu/2configs/base-gui.nix | 30 | ||||
-rw-r--r-- | makefu/2configs/cgit-retiolum.nix | 2 | ||||
-rw-r--r-- | makefu/2configs/exim-retiolum.nix | 11 | ||||
-rw-r--r-- | makefu/2configs/main-laptop.nix | 23 | ||||
-rw-r--r-- | makefu/2configs/sda-crypto-root-home.nix | 39 | ||||
-rw-r--r-- | makefu/2configs/tp-x200.nix | 24 | ||||
-rw-r--r-- | makefu/2configs/tp-x220.nix | 19 | ||||
-rw-r--r-- | makefu/2configs/tp-x2x0.nix | 22 | ||||
-rw-r--r-- | makefu/2configs/urlwatch.nix | 17 | ||||
-rw-r--r-- | makefu/2configs/virtualization.nix | 8 | ||||
-rw-r--r-- | makefu/2configs/wwan.nix | 29 | ||||
-rw-r--r-- | makefu/2configs/zsh-user.nix | 10 |
17 files changed, 263 insertions, 54 deletions
diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 39d9fec54..531e6c87b 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -78,7 +78,7 @@ let HOME = cfg.dataDir; LC_ALL = "en_US.UTF-8"; LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive"; - SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + SSL_CERT_FILE = "${pkgs.cacert}/etc/ca-bundle.crt"; }; serviceConfig = { User = user.name; @@ -100,7 +100,6 @@ let ExecStart = pkgs.writeScript "urlwatch" '' #! /bin/sh set -euf - from=${escapeShellArg cfg.from} mailto=${escapeShellArg cfg.mailto} urlsFile=${escapeShellArg urlsFile} diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 6693dc066..963d07744 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -10,9 +10,12 @@ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/base.nix ../2configs/cgit-retiolum.nix - ../2configs/graphite-standalone.nix + # ../2configs/graphite-standalone.nix ../2configs/vm-single-partition.nix ../2configs/tinc-basic-retiolum.nix + + ../2configs/exim-retiolum.nix + ../2configs/urlwatch.nix ]; krebs.build.host = config.krebs.hosts.pnp; krebs.build.user = config.krebs.users.makefu; @@ -21,16 +24,20 @@ krebs.build.deps = { nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + rev = "13576925552b1d0751498fdda22e91a055a1ff6c"; }; }; networking.firewall.allowedTCPPorts = [ # nginx runs on 80 + 80 # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp - 80 - 8080 2003 + # 8080 2003 + + # smtp + 25 ]; - networking.firewall.allowedUDPPorts = [ 2003 ]; + + # networking.firewall.allowedUDPPorts = [ 2003 ]; } diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix new file mode 100644 index 000000000..415c1af30 --- /dev/null +++ b/makefu/1systems/pornocauster.nix @@ -0,0 +1,45 @@ +# +# +# +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../2configs/base.nix + ../2configs/main-laptop.nix #< base-gui + + # Krebs + ../2configs/tinc-basic-retiolum.nix + #../2configs/disable_v6.nix + + #../2configs/sda-crypto-root.nix + ../2configs/sda-crypto-root-home.nix + + ../2configs/zsh-user.nix + + # applications + ../2configs/exim-retiolum.nix + ../2configs/virtualization.nix + ../2configs/wwan.nix + + # hardware specifics are in here + ../2configs/tp-x220.nix + ]; + + krebs.build.host = config.krebs.hosts.pornocauster; + krebs.build.user = config.krebs.users.makefu; + krebs.build.target = "root@pornocauster"; + + networking.firewall.allowedTCPPorts = [ + 25 + ]; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + #url = https://github.com/makefu/nixpkgs; + rev = "13576925552b1d0751498fdda22e91a055a1ff6c"; + }; + }; +} diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix index 7596a3d54..503fe8f65 100644 --- a/makefu/1systems/repunit.nix +++ b/makefu/1systems/repunit.nix @@ -18,7 +18,8 @@ krebs.build.deps = { nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + #url = https://github.com/makefu/nixpkgs; + rev = "13576925552b1d0751498fdda22e91a055a1ff6c"; }; secrets = { url = "/home/makefu/secrets/${config.krebs.build.host.name}"; diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 388ded068..67db22460 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -11,28 +11,29 @@ ../2configs/tinc-basic-retiolum.nix ../2configs/sda-crypto-root.nix # hardware specifics are in here - ../2configs/tp-x200.nix + ../2configs/tp-x200.nix #< imports tp-x2x0.nix ../2configs/disable_v6.nix ../2configs/rad1o.nix + + ../2configs/zsh-user.nix + ../2configs/exim-retiolum.nix ]; # not working in vm krebs.build.host = config.krebs.hosts.tsp; krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@tsp"; - krebs.exim-retiolum.enable = true; + networking.firewall.allowedTCPPorts = [ 25 ]; krebs.build.deps = { nixpkgs = { - #url = https://github.com/NixOS/nixpkgs; - # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L) - url = https://github.com/makefu/nixpkgs; - rev = "8b8b65da24f13f9317504e8bcba476f9161613fe"; + url = https://github.com/NixOS/nixpkgs; + #url = https://github.com/makefu/nixpkgs; + rev = "13576925552b1d0751498fdda22e91a055a1ff6c"; }; }; - } diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 55fcd6baa..6896a66dc 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -1,11 +1,15 @@ { config, lib, pkgs, ... }: ## -# of course this name is a lie - it prepares a GUI environment close to my -# current configuration. +# of course this name is a lie +# - it prepares a GUI environment close to my +# current configuration,specifically: # -# autologin with mainUser into awesome -## +# * autologin with mainUser into awesome +# * audio +# * terminus font # +# if this is not enough, check out main-laptop.nix + with lib; let mainUser = config.krebs.build.user.name; @@ -28,14 +32,6 @@ in displayManager.auto.user = mainUser; desktopManager.xterm.enable = false; }; - services.redshift = { - enable = true; - latitude = "48.7"; - longitude = "9.1"; - }; - -## FONTS -# TODO: somewhere else? i18n.consoleFont = "Lat2-Terminus16"; @@ -49,14 +45,12 @@ in environment.systemPackages = with pkgs;[ xlockmore rxvt_unicode-with-plugins - vlc firefox - chromium ]; - # TODO: use mainUser - users.extraUsers.makefu.extraGroups = [ "audio" ]; + users.extraUsers.${mainUser}.extraGroups = [ "audio" ]; + hardware.pulseaudio = { - enable = true; - # systemWide = true; + enable = true; + # systemWide = true; }; } diff --git a/makefu/2configs/cgit-retiolum.nix b/makefu/2configs/cgit-retiolum.nix index d352f5792..8d9439569 100644 --- a/makefu/2configs/cgit-retiolum.nix +++ b/makefu/2configs/cgit-retiolum.nix @@ -8,7 +8,7 @@ let krebs-repos = mapAttrs make-krebs-repo { stockholm = { - desc = "take all the computers hostage, they'll love you!"; + desc = "Make all the systems into 1systems!"; }; }; diff --git a/makefu/2configs/exim-retiolum.nix b/makefu/2configs/exim-retiolum.nix new file mode 100644 index 000000000..fc570ba97 --- /dev/null +++ b/makefu/2configs/exim-retiolum.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + krebs.exim-retiolum.enable = true; + environment.systemPackages = with pkgs; [ + msmtp + mutt-kz + ]; + +} diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix new file mode 100644 index 000000000..8d2c8213e --- /dev/null +++ b/makefu/2configs/main-laptop.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +# stuff for the main laptop +# this is pretty much nice-to-have and does +# not fit into base-gui + +with lib; +{ + imports = [ ./base-gui.nix ]; + environment.systemPackages = with pkgs;[ + vlc + firefox + chromium + keepassx + ]; + + services.redshift = { + enable = true; + latitude = "48.7"; + longitude = "9.1"; + }; + +} diff --git a/makefu/2configs/sda-crypto-root-home.nix b/makefu/2configs/sda-crypto-root-home.nix new file mode 100644 index 000000000..3821c7504 --- /dev/null +++ b/makefu/2configs/sda-crypto-root-home.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: + +# ssd # +# sda: bootloader grub2 +# sda1: boot ext4 (label nixboot) +# sda2: cryptoluks -> lvm: +# / (main-root) +# /home (main-home) + +with lib; +{ + boot = { + loader.grub.enable =true; + loader.grub.version =2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "main"; device = "/dev/sda2"; allowDiscards=true; }]; + initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/main-root"; + fsType = "ext4"; + options="defaults,discard"; + }; + # TODO: just import sda-crypto-root, add this device + "/home" = { + device = "/dev/mapper/main-home"; + fsType = "ext4"; + options="defaults,discard"; + }; + "/boot" = { + device = "/dev/disk/by-label/nixboot"; + fsType = "ext4"; + options="defaults,discard"; + }; + }; +} diff --git a/makefu/2configs/tp-x200.nix b/makefu/2configs/tp-x200.nix index 2bbc75c20..ed46875d8 100644 --- a/makefu/2configs/tp-x200.nix +++ b/makefu/2configs/tp-x200.nix @@ -2,36 +2,20 @@ with lib; { - #services.xserver = { - # videoDriver = "intel"; - #}; + + imports = [ ./tp-x2x0.nix ]; boot = { kernelModules = [ "tp_smapi" "msr" ]; extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; }; + services.thinkfan.enable = true; - #networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - zramSwap.enable = true; - zramSwap.numDevices = 2; - - hardware.trackpoint.enable = true; - hardware.trackpoint.sensitivity = 255; - hardware.trackpoint.speed = 255; + # only works on tp-x200 , not x220 services.xserver.displayManager.sessionCommands = '' xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 1 xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 2 xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 200 ''; - - services.thinkfan.enable = true; - services.tlp.enable = true; - services.tlp.extraConfig = '' - START_CHARGE_THRESH_BAT0=80 - ''; } diff --git a/makefu/2configs/tp-x220.nix b/makefu/2configs/tp-x220.nix new file mode 100644 index 000000000..1aacb07cd --- /dev/null +++ b/makefu/2configs/tp-x220.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + + imports = [ ./tp-x2x0.nix ]; + + boot.kernelModules = [ "kvm-intel" ]; + + services.xserver.vaapiDrivers = [pkgs.vaapiIntel pkgs.vaapiVdpau ]; + + services.xserver.displayManager.sessionCommands ='' + xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 + xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2 + xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 + ''; + +} diff --git a/makefu/2configs/tp-x2x0.nix b/makefu/2configs/tp-x2x0.nix new file mode 100644 index 000000000..b79d94b4a --- /dev/null +++ b/makefu/2configs/tp-x2x0.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + # TODO: put this somewhere else + networking.wireless.enable = true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + zramSwap.enable = true; + zramSwap.numDevices = 2; + + hardware.trackpoint.enable = true; + hardware.trackpoint.sensitivity = 220; + hardware.trackpoint.speed = 220; + + services.tlp.enable = true; + services.tlp.extraConfig = '' + START_CHARGE_THRESH_BAT0=80 + ''; +} diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix new file mode 100644 index 000000000..933cb93c5 --- /dev/null +++ b/makefu/2configs/urlwatch.nix @@ -0,0 +1,17 @@ +{ config, ... }: + +{ + krebs.urlwatch = { + enable = true; + mailto = config.krebs.users.makefu.mail; + onCalendar = "*-*-* 05:00:00"; + urls = [ + ## nixpkgs maintenance + https://api.github.com/repos/ovh/python-ovh/tags + https://api.github.com/repos/embray/d2to1/tags + http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release + + ]; + }; +} + diff --git a/makefu/2configs/virtualization.nix b/makefu/2configs/virtualization.nix new file mode 100644 index 000000000..b3f8c8284 --- /dev/null +++ b/makefu/2configs/virtualization.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.krebs.build.user; +in { + virtualisation.libvirtd.enable = true; + users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ]; +} diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix new file mode 100644 index 000000000..dd1c63090 --- /dev/null +++ b/makefu/2configs/wwan.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +#usage: $ wvdial + +let + mainUser = config.krebs.build.user; +in { + environment.systemPackages = with pkgs;[ + wvdial + ]; + + # configure for NETZCLUB + environment.wvdial.dialerDefaults = '' + Phone = *99***1# + Dial Command = ATDT + Modem = /dev/ttyACM0 + Baud = 460800 + Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + Init2 = ATZ + Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 + ISDN = 0 + Modem Type = Analog Modem + Username = netzclub + Password = netzclub + Stupid Mode = 1 + Idle Seconds = 0''; + + users.extraUsers.${mainUser.name}.extraGroups = [ "dialout" ]; +} diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix new file mode 100644 index 000000000..3089b706a --- /dev/null +++ b/makefu/2configs/zsh-user.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: +## +with lib; +let + mainUser = config.krebs.build.user.name; +in +{ + programs.zsh.enable = true; + users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh"; +} |