summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--jeschli/1systems/brauerei/config.nix3
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/lass/default.nix63
-rw-r--r--krebs/3modules/lass/ssh/android.rsa2
-rw-r--r--krebs/3modules/syncthing.nix153
-rw-r--r--krebs/nixpkgs.json6
-rw-r--r--lass/1systems/blue/config.nix31
-rw-r--r--lass/1systems/blue/source.nix20
-rw-r--r--lass/1systems/daedalus/physical.nix4
-rw-r--r--lass/1systems/green/config.nix28
-rw-r--r--lass/1systems/green/physical.nix8
-rw-r--r--lass/1systems/green/source.nix14
-rw-r--r--lass/1systems/icarus/config.nix3
-rw-r--r--lass/1systems/icarus/physical.nix2
-rw-r--r--lass/1systems/littleT/config.nix1
-rw-r--r--lass/1systems/mors/config.nix10
-rw-r--r--lass/1systems/mors/physical.nix4
-rw-r--r--lass/1systems/prism/config.nix22
-rw-r--r--lass/1systems/shodan/physical.nix4
-rw-r--r--lass/1systems/skynet/config.nix1
-rw-r--r--lass/1systems/yellow/config.nix5
-rw-r--r--lass/2configs/backup.nix8
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/2configs/blue.nix4
-rw-r--r--lass/2configs/default.nix8
-rw-r--r--lass/2configs/exim-smarthost.nix3
-rw-r--r--lass/2configs/mail.nix6
-rw-r--r--lass/2configs/monitoring/node-exporter.nix15
-rw-r--r--lass/2configs/monitoring/prometheus-server.nix217
-rw-r--r--lass/2configs/prism-share.nix39
-rw-r--r--lass/2configs/reaktor-coders.nix4
-rw-r--r--lass/2configs/syncthing.nix18
-rw-r--r--lass/2configs/tests/dummy-secrets/syncthing.cert0
-rw-r--r--lass/2configs/tests/dummy-secrets/syncthing.key0
-rw-r--r--lass/2configs/virtualbox.nix1
-rw-r--r--lass/2configs/websites/domsen.nix6
-rw-r--r--lass/2configs/wine.nix2
-rw-r--r--lass/2configs/zsh.nix4
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/ensure-permissions.nix66
-rw-r--r--lass/3modules/screenlock.nix9
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix5
-rw-r--r--lass/krops.nix5
-rw-r--r--lib/types.nix6
m---------submodules/nix-writers0
45 files changed, 497 insertions, 316 deletions
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index ecf40a615..b9bb021b8 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -145,10 +145,11 @@ in
'';
}
];
-
};
};
+ services.xserver.windowManager.i3.enable = true;
+
users.extraUsers.jeschli = { # TODO: define as krebs.users
isNormalUser = true;
extraGroups = ["docker" "vboxusers" "audio"];
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 9c2f53cbe..567c077eb 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -48,6 +48,7 @@ let
./rtorrent.nix
./secret.nix
./setuid.nix
+ ./syncthing.nix
./tinc.nix
./tinc_graphs.nix
./urlwatch.nix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 630c14f18..a3b8cab39 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -106,6 +106,7 @@ in {
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
+ syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
};
archprism = {
cores = 1;
@@ -204,6 +205,7 @@ in {
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
+ syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
};
shodan = {
cores = 2;
@@ -270,6 +272,7 @@ in {
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
+ syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4";
};
daedalus = {
cores = 2;
@@ -324,10 +327,18 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
+ wiregrill = {
+ ip6.addr = w6 "5ce7";
+ aliases = [
+ "skynet.w"
+ ];
+ wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU=";
+ };
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
+ syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3";
};
littleT = {
cores = 2;
@@ -365,10 +376,18 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
+ wiregrill = {
+ ip6.addr = w6 "771e";
+ aliases = [
+ "littleT.w"
+ ];
+ wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg=";
+ };
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
+ syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
};
red = {
monitoring = false;
@@ -474,7 +493,48 @@ in {
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
+ syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD";
};
+
+ green = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.66";
+ ip6.addr = r6 "12ee";
+ aliases = [
+ "green.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk
+ uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx
+ ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477
+ n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI
+ hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6
+ m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6
+ BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1
+ pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy
+ 2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk
+ UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA
+ udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT
+ 3MVh92sFyMVYkJcL7SISk80CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ wiregrill = {
+ ip6.addr = w6 "12ee";
+ aliases = [
+ "green.w"
+ ];
+ wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk=";
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 ";
+ syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM";
+ };
+
phone = {
nets = {
wiregrill = {
@@ -482,11 +542,12 @@ in {
aliases = [
"phone.w"
];
- wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
+ wireguard.pubkey = "MRicxap2VxPnzmXoOqqjQNGWJ54cQC8Tfy28+IXXsxM=";
};
};
external = true;
ci = false;
+ syncthing.id = "DUFMX7V-HNR6WXM-LZB5LJE-TM6QIOH-MTGHEUJ-QSD3XIY-YRFJLOR-G6Y3XQB";
};
morpheus = {
cores = 1;
diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa
index 3d35b76e4..675ba8df2 100644
--- a/krebs/3modules/lass/ssh/android.rsa
+++ b/krebs/3modules/lass/ssh/android.rsa
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPF7RHU4q6w1f3xWcfeAD6u23jDs2fd/H3IuxdT5G1ZL
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
new file mode 100644
index 000000000..34879fd3f
--- /dev/null
+++ b/krebs/3modules/syncthing.nix
@@ -0,0 +1,153 @@
+{ config, pkgs, ... }: with import <stockholm/lib>;
+
+let
+
+ cfg = config.krebs.syncthing;
+
+ devices = mapAttrsToList (name: peer: {
+ name = name;
+ deviceID = peer.id;
+ addresses = peer.addresses;
+ }) cfg.peers;
+
+ folders = map (folder: {
+ inherit (folder) path id type;
+ devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
+ rescanIntervalS = folder.rescanInterval;
+ fsWatcherEnabled = folder.watch;
+ fsWatcherDelayS = folder.watchDelay;
+ ignorePerms = folder.ignorePerms;
+ }) cfg.folders;
+
+ getApiKey = pkgs.writeDash "getAPIKey" ''
+ ${pkgs.libxml2}/bin/xmllint \
+ --xpath 'string(configuration/gui/apikey)'\
+ ${config.services.syncthing.dataDir}/config.xml
+ '';
+
+ updateConfig = pkgs.writeDash "merge-syncthing-config" ''
+ set -efu
+ # wait for service to restart
+ ${pkgs.untilport}/bin/untilport localhost 8384
+ API_KEY=$(${getApiKey})
+ CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config)
+ echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * {
+ "devices": ${builtins.toJSON devices},
+ "folders": ${builtins.toJSON folders}
+ }' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @-
+ ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST
+ '';
+
+in
+
+{
+ options.krebs.syncthing = {
+
+ enable = mkEnableOption "syncthing-init";
+
+ id = mkOption {
+ type = types.str;
+ default = config.krebs.build.host.name;
+ };
+
+ cert = mkOption {
+ type = types.nullOr types.absolute-pathname;
+ default = null;
+ };
+
+ key = mkOption {
+ type = types.nullOr types.absolute-pathname;
+ default = null;
+ };
+
+ peers = mkOption {
+ default = {};
+ type = types.attrsOf (types.submodule ({
+ options = {
+
+ # TODO make into addr + port submodule
+ addresses = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ };
+
+ #TODO check
+ id = mkOption {
+ type = types.str;
+ };
+
+ };
+ }));
+ };
+
+ folders = mkOption {
+ default = [];
+ type = types.listOf (types.submodule ({ config, ... }: {
+ options = {
+
+ path = mkOption {
+ type = types.absolute-pathname;
+ };
+
+ id = mkOption {
+ type = types.str;
+ default = config.path;
+ };
+
+ peers = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ };
+
+ rescanInterval = mkOption {
+ type = types.int;
+ default = 3600;
+ };
+
+ type = mkOption {
+ type = types.enum [ "sendreceive" "sendonly" "receiveonly" ];
+ default = "sendreceive";
+ };
+
+ watch = mkOption {
+ type = types.bool;
+ default = true;
+ };
+
+ watchDelay = mkOption {
+ type = types.int;
+ default = 10;
+ };
+
+ ignorePerms = mkOption {
+ type = types.bool;
+ default = true;
+ };
+
+ };
+ }));
+ };
+ };
+
+ config = (mkIf cfg.enable) {
+
+ systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
+ preStart = ''
+ ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"}
+ ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"}
+ '';
+ };
+
+ systemd.services.syncthing-init = {
+ after = [ "syncthing.service" ];
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ User = config.services.syncthing.user;
+ RemainAfterExit = true;
+ Type = "oneshot";
+ ExecStart = updateConfig;
+ };
+ };
+ };
+}
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 28c98ceb2..1ee21020b 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "8abca4bc7b8b313c6e3073d074d623d1095c0dba",
- "date": "2019-03-07T09:54:51+01:00",
- "sha256": "1qhhlqkwzxwhq8ga4n7p4zg4nrhl79m6x4qd0pgaic6n4z5m82gr",
+ "rev": "222950952f15f6b1e9f036b80440b597f23e652d",
+ "date": "2019-04-05T10:07:50+02:00",
+ "sha256": "1hfchhy8vlc333sglabk1glkcnv4mrnarm9j4havqn7g5ri68vrd",
"fetchSubmodules": false
}
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index a84bb37f6..a287f548b 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -8,21 +8,29 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/blue.nix>
+ <stockholm/lass/2configs/syncthing.nix>
];
krebs.build.host = config.krebs.hosts.blue;
+ krebs.syncthing.folders = [
+ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ ];
+ lass.ensure-permissions = [
+ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ ];
+
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
export SYSTEM="$1"
- $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
+ $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
};
networking.nameservers = [ "1.1.1.1" ];
- lass.restic = genAttrs [
+ services.restic.backups = genAttrs [
"daedalus"
"icarus"
"littleT"
@@ -30,20 +38,19 @@ with import <stockholm/lib>;
"shodan"
"skynet"
] (dest: {
- dirs = [
- "/home/"
- "/var/lib"
+ initialize = true;
+ extraOptions = [
+ "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
];
+ repository = "sftp:backup@${dest}.r:/backups/blue";
passwordFile = (toString <secrets>) + "/restic/${dest}";
- repo = "sftp:backup@${dest}.r:/backups/blue";
- extraArguments = [
- "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
+ timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
+ paths = [
+ "/home/"
+ "/var/lib"
];
- timerConfig = {
- OnCalendar = "00:05";
- RandomizedDelaySec = "5h";
- };
});
+
time.timeZone = "Europe/Berlin";
users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
}
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index a52771a4d..21f3a8bd5 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,20 +1,14 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
- derivation = let
- rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
- sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
- in ''
- with import (builtins.fetchTarball {
- url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
- sha256 = "${sha256}";
- }) {};
- pkgs.fetchFromGitHub {
+ file = {
+ path = toString (pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
- rev = "${rev}";
- sha256 = "${sha256}";
- }
- '';
+ rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
+ });
+ useChecksum = true;
+ };
};
}
diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix
index 33a0cb473..d10ced7da 100644
--- a/lass/1systems/daedalus/physical.nix
+++ b/lass/1systems/daedalus/physical.nix
@@ -11,6 +11,10 @@
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
+ "/backups" = {
+ device = "/dev/pool/backup";
+ fsType = "ext4";
+ };
};
services.udev.extraRules = ''
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
new file mode 100644
index 000000000..6ae157e38
--- /dev/null
+++ b/lass/1systems/green/config.nix
@@ -0,0 +1,28 @@
+with import <stockholm/lib>;
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/mail.nix>
+
+ #<stockholm/lass/2configs/blue.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.green;
+
+ krebs.syncthing.folders = [
+ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ ];
+ lass.ensure-permissions = [
+ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ ];
+
+
+ #networking.nameservers = [ "1.1.1.1" ];
+
+ #time.timeZone = "Europe/Berlin";
+}
diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix
new file mode 100644
index 000000000..7499ff723
--- /dev/null
+++ b/lass/1systems/green/physical.nix
@@ -0,0 +1,8 @@
+{
+ imports = [
+ ./config.nix
+ ];
+ boot.isContainer = true;
+ networking.useDHCP = false;
+ environment.variables.NIX_REMOTE = "daemon";
+}
diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix
new file mode 100644
index 000000000..21f3a8bd5
--- /dev/null
+++ b/lass/1systems/green/source.nix
@@ -0,0 +1,14 @@
+{ lib, pkgs, ... }:
+{
+ nixpkgs = lib.mkForce {
+ file = {
+ path = toString (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
+ });
+ useChecksum = true;
+ };
+ };
+}
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index d2d4bd3eb..06b1e7366 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -17,6 +17,9 @@
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/blue-host.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/prism-share.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix
index 6cc77a47d..d764dabc1 100644
--- a/lass/1systems/icarus/physical.nix
+++ b/lass/1systems/icarus/physical.nix
@@ -17,4 +17,6 @@
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
+
+ services.thinkfan.enable = true;
}
diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
index 7fe143c3c..eee23ee60 100644
--- a/lass/1systems/littleT/config.nix
+++ b/lass/1systems/littleT/config.nix
@@ -7,6 +7,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/blue-host.nix>
+ <stockholm/lass/2configs/syncthing.nix>
];
networking.networkmanager.enable = true;
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index f35ebff56..250d96e53 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -49,6 +49,16 @@ with import <stockholm/lib>;
];
}
{
+ krebs.syncthing.folders = [
+ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
+ ];
+ lass.ensure-permissions = [
+ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
+ ];
+ }
+ {
lass.umts = {
enable = true;
modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09";
diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix
index 680dc9bde..25425f146 100644
--- a/lass/1systems/mors/physical.nix
+++ b/lass/1systems/mors/physical.nix
@@ -15,6 +15,10 @@
device = "/dev/mapper/pool-virtual";
fsType = "ext4";
};
+ "/backups" = {
+ device = "/dev/pool/backup";
+ fsType = "ext4";
+ };
};
services.udev.extraRules = ''
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 23746d210..b3b7ac0df 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -109,25 +109,6 @@ with import <stockholm/lib>;
localAddress = "10.233.2.2";
};
}
- {
- #onondaga
- systemd.services."container@onondaga".reloadIfChanged = mkForce false;
- containers.onondaga = {
- config = { ... }: {
- imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = true;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.5";
- localAddress = "10.233.2.6";
- };
- }
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
@@ -139,7 +120,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/monitoring/prometheus-server.nix>
{ # quasi bepasty.nix
imports = [
<stockholm/lass/2configs/bepasty.nix>
@@ -286,6 +266,7 @@ with import <stockholm/lib>;
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p