summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kartei/feliks/default.nix24
-rw-r--r--krebs/2configs/mastodon.nix6
-rw-r--r--krebs/2configs/reaktor2.nix2
-rw-r--r--krebs/5pkgs/haskell/nix-serve-ng.nix6
-rw-r--r--krebs/5pkgs/simple/ovh-zone/default.nix1
-rw-r--r--krebs/5pkgs/simple/vicuna-chat/default.nix2
-rw-r--r--krebs/nixpkgs-unstable.json10
-rw-r--r--krebs/nixpkgs.json10
-rw-r--r--lass/1systems/aergia/config.nix1
-rw-r--r--lass/1systems/aergia/disk.nix2
-rw-r--r--lass/1systems/aergia/physical.nix11
-rw-r--r--lass/1systems/green/config.nix1
-rw-r--r--lass/1systems/neoprism/physical.nix39
-rw-r--r--lass/1systems/prism/backup.nix37
-rw-r--r--lass/1systems/prism/config.nix157
-rw-r--r--lass/1systems/prism/physical.nix8
-rw-r--r--lass/1systems/shodan/config.nix6
-rw-r--r--lass/1systems/skynet/physical.nix16
-rw-r--r--lass/1systems/styx/config.nix2
-rw-r--r--lass/1systems/styx/physical.nix1
-rw-r--r--lass/1systems/wizard/config.nix3
-rw-r--r--lass/1systems/xerxes/config.nix21
-rw-r--r--lass/2configs/binary-cache/server.nix6
-rw-r--r--lass/2configs/bitlbee.nix22
-rw-r--r--lass/2configs/browsers.nix2
-rw-r--r--lass/2configs/c-base.nix2
-rw-r--r--lass/2configs/codimd.nix20
-rw-r--r--lass/2configs/consul.nix3
-rw-r--r--lass/2configs/default.nix15
-rw-r--r--lass/2configs/exim-smarthost.nix16
-rw-r--r--lass/2configs/fysiirc.nix17
-rw-r--r--lass/2configs/gc.nix2
-rw-r--r--lass/2configs/gg23.nix8
-rw-r--r--lass/2configs/git-brain.nix1
-rw-r--r--lass/2configs/green-hosts/cryfs.nix95
-rw-r--r--lass/2configs/green-hosts/ecryptfs.nix99
-rw-r--r--lass/2configs/green-hosts/plain-bindfs.nix90
-rw-r--r--lass/2configs/green-hosts/plain-permown.nix88
-rw-r--r--lass/2configs/green-hosts/plain.nix87
-rw-r--r--lass/2configs/green-hosts/securefs.nix101
-rw-r--r--lass/2configs/gsm-wiki.nix20
-rw-r--r--lass/2configs/hfos.nix9
-rw-r--r--lass/2configs/home-media.nix78
-rw-r--r--lass/2configs/matrix.nix20
-rw-r--r--lass/2configs/minecraft.nix6
-rw-r--r--lass/2configs/monitoring/telegraf.nix175
-rw-r--r--lass/2configs/muchsync.nix1
-rw-r--r--lass/2configs/murmur.nix37
-rw-r--r--lass/2configs/orange-host.nix4
-rw-r--r--lass/2configs/pass.nix3
-rw-r--r--lass/2configs/paste.nix17
-rw-r--r--lass/2configs/print.nix5
-rw-r--r--lass/2configs/realwallpaper.nix8
-rw-r--r--lass/2configs/red-host.nix4
-rw-r--r--lass/2configs/retiolum.nix9
-rw-r--r--lass/2configs/riot.nix34
-rw-r--r--lass/2configs/services/coms/proxy.nix13
-rw-r--r--lass/2configs/services/radio/default.nix18
-rw-r--r--lass/2configs/services/radio/news.nix11
-rw-r--r--lass/2configs/snapclient.nix2
-rw-r--r--lass/2configs/snapserver.nix23
-rw-r--r--lass/2configs/steam.nix4
-rw-r--r--lass/2configs/telegraf.nix67
-rw-r--r--lass/2configs/tor-ssh.nix2
-rw-r--r--lass/2configs/vim.nix45
-rw-r--r--lass/2configs/websites/default.nix2
-rw-r--r--lass/2configs/websites/domsen.nix28
-rw-r--r--lass/2configs/websites/flix.lassul.us.nix13
-rw-r--r--lass/2configs/weechat.nix11
-rw-r--r--lass/2configs/wine.nix2
-rw-r--r--lass/2configs/wiregrill.nix10
-rw-r--r--lass/2configs/xmonad.nix30
-rw-r--r--lass/2configs/yubikey.nix15
-rw-r--r--lass/3modules/nichtparasoup.nix2
-rw-r--r--lass/5pkgs/deploy/default.nix2
-rw-r--r--lass/5pkgs/q/default.nix6
-rw-r--r--lass/5pkgs/super-vnc/default.nix38
-rw-r--r--lass/krops.nix53
78 files changed, 1335 insertions, 532 deletions
diff --git a/kartei/feliks/default.nix b/kartei/feliks/default.nix
index 953f1a7ee..9f9866c71 100644
--- a/kartei/feliks/default.nix
+++ b/kartei/feliks/default.nix
@@ -25,20 +25,20 @@ in {
aliases = [ "papawhakaaro.r" "tp.feliks.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEA4bd0lVUVlzFmM8TuH77C5VctcK4lkw02LbMVQDJ5U+Ww075nNahw
- oRHqPgJRwfGW0Tgu/1s5czZ2tAFU3lXoOSBYldAspM3KRZ4DKQsFrL9B0oWarGsK
- sUgsuOJprlX4mkfj/eBNINqTqf2kVIH+p43VENQ9ioKmc+qJKm4xfRONRLp871GV
- 5jmIvRvQ6JP0RtNd2KpNLaeplzx8M61D9PBOAZkNYAUTpBs4LZBNJj4eFnXBugrz
- GkBjmm3Rk7olz0uOZzbeTc6Slv2tgtN5FrQifdy4XIlsKcBTzMkYHEZstmldJgd9
- pGvfmem6uPcXrF+eDJzqUn0ArH7eOIS4F0+DzugJz4qX+ytvE4ag7r2Vx0Pa9TCY
- hpn0lqwW+ly1clM0SKt59v1nQ4oRW4UIbAZaIgp4UJbb3IGSwbq7NuadvHpNICHi
- 4pqQD+1sSEbGLAZ0bFjLIYFg9zzNjLeAxXpn49WHOEyRlq3h+SUQcG2EuVMI28DX
- lILKSoOJsuQupURPubaxkiNEa5neYk9hZ8CWgwSG/VlyRLuNsVDVn2dBma43Mr10
- LHMkX2/a9t7ghokugvV2XMP9Es9A9TGFShM9UtFAlovdad+SQ8FBPNheDwIhjCJe
- l5NIrMrmQIveq7QJ1szxYhqfl1ifU0c+YxeMkg3tvEuQV/tk/oki/aECAwEAAQ==
+ MIICCgKCAgEApPx0Xa5tms6t9yOqrdBuz5JVheIqntIF4XK04gXMYr/lcqWj35Sj
+ jM0fObbB0MXz1Di0DsWT5ukVMpvRfespif2FsRfpUOBzVQymlcFfn7D4t2qUa0nH
+ AHuvoSqb2qV8YUIvVRNdnNSv1NWlbEpcsKXzg36O2ESdro64vSM5hAVw8Djo8Eoh
+ AGlZVi1tplVs+DPlsMjUqjCrGeq81V7SiLwaVc7adcx/cNvzDA23axkUosm/X2fN
+ Ug8UWXHt3SgH/BtTwWIpT48anIdPbkttH0d4ICzt0g3nX6+zmVhdzIjHWNsmjxaQ
+ qKn2DfC1TcYffE4k4E2yENwLoTkJn3U3cCowt7OTLfNvexRyFj5E/O1Aa1VdwX68
+ MTpF89Hv8SKUSMRsbyG/vFAoh/I88Y4lDis+TtBKPs1VLBtsQy1mZaIooSTslPf+
+ pcUDBBUsf2/SudwvbBC1XHl1YDnRFBZG74ApVIXeIo5G8Cfm4LasppYqPJ7YzTKp
+ 6yoR9iKaXONTwQ3xhlBcfpMxObZTE1v8kF9sy3t9Pl8Px9f4PSbuQpp82MJrRJQC
+ FYTMkUh0PZwbw7vzqDLjeW715YWeNKW6PSFT0TtY8UTNNKFslhUfuBBLGyjsU+T3
+ 9m9uNNhRxFoFmlKYziFzyEVWgMl67Eg0CQAulP0q9zv3d4367il6SK8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
- tinc.pubkey_ed25519 = "5G49yQPjkkoGZxM6CeDy87y6tB/abtelUAk55wJ4GpP";
+ tinc.pubkey_ed25519 = "8g19LVFwgtdpFPcqTM/pdCzWhy3ins9+LPjHIjwNFvA";
};
};
};
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
index 145b383ed..af308b2c7 100644
--- a/krebs/2configs/mastodon.nix
+++ b/krebs/2configs/mastodon.nix
@@ -33,8 +33,10 @@
];
environment.systemPackages = [
- (pkgs.writers.writeDashBin "tootctl" ''
- sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
+ (pkgs.writers.writeDashBin "clear-mastodon-cache" ''
+ mastodon-tootctl media remove --prune-profiles --days=14 --concurrency=30
+ mastodon-tootctl media remove-orphans
+ mastodon-tootctl preview_cards remove --days=14
'')
(pkgs.writers.writeDashBin "create-mastodon-user" ''
set -efu
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 0f7ab0adf..bc5bfc0fb 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -486,7 +486,7 @@ in {
services.nginx.virtualHosts."agenda.r" = {
serverAliases = [ "kri.r" ];
locations."= /index.html".extraConfig = ''
- alias ./agenda.html;
+ alias ${./agenda.html};
'';
locations."/agenda.json".extraConfig = ''
proxy_set_header Host $host;
diff --git a/krebs/5pkgs/haskell/nix-serve-ng.nix b/krebs/5pkgs/haskell/nix-serve-ng.nix
index 8866b205b..62e02ce82 100644
--- a/krebs/5pkgs/haskell/nix-serve-ng.nix
+++ b/krebs/5pkgs/haskell/nix-serve-ng.nix
@@ -6,11 +6,11 @@
}:
mkDerivation {
pname = "nix-serve-ng";
- version = "1.0.0";
+ version = "1.0.1";
src = fetchgit {
url = "https://github.com/aristanetworks/nix-serve-ng";
- sha256 = "0mqp67z5mi8rsjahdh395n7ppf0b65k8rd3pvnl281g02rbr69y2";
- rev = "433f70f4daae156b84853f5aaa11987aa5ce7277";
+ sha256 = "sha256-PkzwtjUgYuqfWtCH1nRqVRaajihN1SqMVjWmoSG/CCY=";
+ rev = "9b546864f4090736f3f9069a01ea5d42cf7bab7c";
fetchSubmodules = true;
};
isLibrary = false;
diff --git a/krebs/5pkgs/simple/ovh-zone/default.nix b/krebs/5pkgs/simple/ovh-zone/default.nix
index 051a14e8d..bc0e45cb9 100644
--- a/krebs/5pkgs/simple/ovh-zone/default.nix
+++ b/krebs/5pkgs/simple/ovh-zone/default.nix
@@ -9,7 +9,6 @@ python3Packages.buildPythonPackage rec {
name = "ovh-zone-${version}";
version = "0.4.4";
propagatedBuildInputs = with pkgs.python3Packages;[
- d2to1 # for setup to work
ovh
docopt
];
diff --git a/krebs/5pkgs/simple/vicuna-chat/default.nix b/krebs/5pkgs/simple/vicuna-chat/default.nix
index 11a11aabe..db15899d6 100644
--- a/krebs/5pkgs/simple/vicuna-chat/default.nix
+++ b/krebs/5pkgs/simple/vicuna-chat/default.nix
@@ -23,7 +23,7 @@ pkgs.writers.writeDashBin "vicuna-chat" ''
add_to_context "{\"role\": \"user\", \"content\": \"$PROMPT\"}"
response=$(
jq -nc --slurpfile context "$CONTEXT" '{
- model: "vicuna-13b",
+ model: "vicuna-13b-v1.5-16k",
messages: $context[0],
}' |
curl -Ss http://vicuna.r/v1/chat/completions -H 'Content-Type: application/json' -d @-
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 4ae0716ea..2233cd20b 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,10 +1,10 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "2a9d660ff0f7ffde9d73be328ee6e6f10ef66b28",
- "date": "2023-07-28T14:55:37+02:00",
- "path": "/nix/store/38nmp3rkbjic5dm6g9qp4ldwi7pr602p-nixpkgs",
- "sha256": "0c2x3bcal4kyxgf6i408622zqvxamz986h11z8zjvd7gc8y4wxn7",
- "hash": "sha256-x3ZOPGLvtC0/+iFAg9Kvqm/8hTAIkGjc634SqtgaXTA=",
+ "rev": "aa8aa7e2ea35ce655297e8322dc82bf77a31d04b",
+ "date": "2023-09-01T18:51:16+08:00",
+ "path": "/nix/store/10xskkarnksmn1fahylswv0y4216c73w-nixpkgs",
+ "sha256": "0bbv3y86kfpn02zh5vvdbkmnqyzagzbc1gzpvvlb6qbvgg639bf9",
+ "hash": "sha256-ya00zHt7YbPo3ve/wNZ/6nts61xt7wK/APa6aZAfey0=",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 55e54ec64..0b6021ed0 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,10 +1,10 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "48e82fe1b1c863ee26a33ce9bd39621d2ada0a33",
- "date": "2023-07-28T18:34:19+03:00",
- "path": "/nix/store/pgqfg8ip3lv0lr6mpwh558npz3c1wwcr-nixpkgs",
- "sha256": "0d7na9ygda2r7gs3gbixd9gvcxgdv84993cilkj86bcwbpbg4vp5",
- "hash": "sha256-5W7y1l2cLYPkpJGNlAja7XW2X2o9rjf0O1mo9nxS9jQ=",
+ "rev": "9075cba53e86dc318d159aee55dc9a7c9a4829c1",
+ "date": "2023-09-02T08:28:47+02:00",
+ "path": "/nix/store/605bv7zssv38j0ii8rbnxkv1m0f0b53p-nixpkgs",
+ "sha256": "0kymzp32d31c0hny2b2f7zfn49nzrxlm963xbm4v0axka6abym36",
+ "hash": "sha256-ZlS/lFGzK7BJXX2YVGnP3yZi3T9OLOEtBCyMJsb91U8=",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix
index 618938ce8..3e0ae23f7 100644
--- a/lass/1systems/aergia/config.nix
+++ b/lass/1systems/aergia/config.nix
@@ -112,7 +112,6 @@
environment.systemPackages = with pkgs; [
brain
- bank
l-gen-secrets
generate-secrets
nixpkgs-review
diff --git a/lass/1systems/aergia/disk.nix b/lass/1systems/aergia/disk.nix
index 848157729..233b320e4 100644
--- a/lass/1systems/aergia/disk.nix
+++ b/lass/1systems/aergia/disk.nix
@@ -45,9 +45,11 @@
# Mountpoints inferred from subvolume name
"/home" = {
mountOptions = [];
+ mountpoint = "/home";
};
"/nix" = {
mountOptions = [];
+ mountpoint = "/nix";
};
};
};
diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix
index 9f06dccdc..e76460d20 100644
--- a/lass/1systems/aergia/physical.nix
+++ b/lass/1systems/aergia/physical.nix
@@ -16,7 +16,7 @@
efiInstallAsRemovable = true;
};
- boot.kernelPackages = pkgs.linuxPackages_latest;
+ # boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelParams = [
# use less power with pstate
@@ -70,8 +70,6 @@
};
users.users.mainUser.extraGroups = [ "corectrl" ];
- # use newer ryzenadj
-
# keyboard quirks
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert
@@ -102,9 +100,16 @@
services.logind.extraConfig = ''
HandlePowerKey=hibernate
'';
+ # systemd.sleep.extraConfig = ''
+ # HibernateDelaySec=1800
+ # '';
# firefox touchscreen support
environment.sessionVariables.MOZ_USE_XINPUT2 = "1";
+
+ # enable thunderbolt
+ services.hardware.bolt.enable = true;
+
# reinit usb after docking station connect
services.udev.extraRules = ''
SUBSYSTEM=="drm", ACTION=="change", RUN+="${pkgs.dash}/bin/dash -c 'echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized'"
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index c232be9bd..81b8b909b 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -15,7 +15,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/weechat.nix>
<stockholm/lass/2configs/bitlbee.nix>
- <stockholm/lass/2configs/muchsync.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/git-brain.nix>
diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix
index f2092d9aa..cc7734f39 100644
--- a/lass/1systems/neoprism/physical.nix
+++ b/lass/1systems/neoprism/physical.nix
@@ -13,7 +13,10 @@
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.efiSupport = true;
- boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
+ boot.loader.grub.devices = [
+ config.disko.devices.disk."/dev/nvme0n1".device
+ config.disko.devices.disk."/dev/nvme1n1".device
+ ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
boot.kernelModules = [ "kvm-amd" ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
@@ -56,21 +59,21 @@
};
networking.useDHCP = false;
- boot.initrd.network = {
- enable = true;
- ssh = {
- enable = true;
- authorizedKeys = [ config.krebs.users.lass.pubkey ];
- port = 2222;
- hostKeys = [
- (toString <secrets/ssh.id_ed25519>)
- (toString <secrets/ssh.id_rsa>)
- ];
- };
- };
- boot.kernelParams = [
- "net.ifnames=0"
- "ip=dhcp"
- "boot.trace"
- ];
+ # boot.initrd.network = {
+ # enable = true;
+ # ssh = {
+ # enable = true;
+ # authorizedKeys = [ config.krebs.users.lass.pubkey ];
+ # port = 2222;
+ # hostKeys = [
+ # (<secrets/ssh.id_ed25519>)
+ # (<secrets/ssh.id_rsa>)
+ # ];
+ # };
+ # };
+ # boot.kernelParams = [
+ # "net.ifnames=0"
+ # "ip=dhcp"
+ # "boot.trace"
+ # ];
}
diff --git a/lass/1systems/prism/backup.nix b/lass/1systems/prism/backup.nix
new file mode 100644
index 000000000..52b4142b9
--- /dev/null
+++ b/lass/1systems/prism/backup.nix
@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+{
+ services.postgresqlBackup.enable = true;
+
+ systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
+
+ services.borgbackup.jobs.hetzner = {
+ paths = [
+ "/var/backup"
+ ];
+ exclude = [
+ "*.pyc"
+ ];
+ repo = "u364341@u364341.your-storagebox.de:/./hetzner";
+ encryption.mode = "none";
+ compression = "auto,zstd";
+ startAt = "daily";
+ # TODO: change backup key
+ environment.BORG_RSH = "ssh -oPort=23 -i ${toString <secrets> + "/borgbackup.ssh.id25519"}";
+ preHook = ''
+ set -x
+ '';
+
+ postHook = ''
+ cat > /var/log/telegraf/borgbackup-job-hetzner.service <<EOF
+ task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
+ EOF
+ '';
+
+ prune.keep = {
+ within = "1d"; # Keep all archives from the last day
+ daily = 7;