diff options
31 files changed, 177 insertions, 257 deletions
diff --git a/krebs/1systems/filebitch/hardware-configuration.nix b/krebs/1systems/filebitch/hardware-configuration.nix index 574618e39..1e7fa7872 100644 --- a/krebs/1systems/filebitch/hardware-configuration.nix +++ b/krebs/1systems/filebitch/hardware-configuration.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let byid = dev: "/dev/disk/by-id/" + dev; - keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; + keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; in { imports = @@ -19,7 +19,7 @@ in boot.tmpOnTmpfs = true; - boot.initrd.availableKernelModules = [ + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" "raid456" "usbhid" @@ -77,20 +77,18 @@ in networking.hostId = "54d97450"; # required for zfs use boot.initrd.luks.devices = let - usbkey = name: device: { - inherit name device keyFile; + usbkey = device: { + inherit device keyFile; keyFileSize = 2048; preLVM = true; }; - in [ - ((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2")) - // { allowDiscards = true; } ) - ((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3")) - // { allowDiscards = true; } ) - (usbkey "125" "/dev/md125") - (usbkey "126" "/dev/md126") - (usbkey "127" "/dev/md127") - ]; - - + in { + swap = ((usbkey (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2")) + // { allowDiscards = true; } ); + root = ((usbkey (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3")) + // { allowDiscards = true; } ); + md125 = usbkey "/dev/md125"; + md126 = usbkey "/dev/md126"; + md127 = usbkey "/dev/md127"; + }; } diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index bb84b1873..c0fa38284 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -12,7 +12,6 @@ <stockholm/krebs/2configs/buildbot-stockholm.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/nscd-fix.nix> <stockholm/krebs/2configs/reaktor2.nix> <stockholm/krebs/2configs/wiki.nix> ]; diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 3442272ec..f56f6045a 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -43,7 +43,6 @@ with import <stockholm/lib>; ]; }; services.cron.enable = false; - services.nscd.enable = false; services.ntp.enable = false; users.mutableUsers = false; diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix deleted file mode 100644 index 8e5909e72..000000000 --- a/krebs/2configs/nscd-fix.nix +++ /dev/null @@ -1,24 +0,0 @@ -with import <stockholm/lib>; -{ pkgs, ... }: let - - enable = versionOlderThan "19.03"; - - versionOlderThan = v: - compareVersions - (versions.majorMinor version) - (versions.majorMinor v) - == -1; - - warning = '' - Using custom services.nscd.config because - https://github.com/NixOS/nixpkgs/pull/50316 - ''; - -in - optionalAttrs enable (trace warning { - services.nscd.enable = mkForce true; - services.nscd.config = mkForce (readFile (pkgs.fetchurl { - url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf; - sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs"; - })); - }) diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index b80198b03..473028f95 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -95,7 +95,7 @@ let } hooks.sed (generators.command_hook { - inherit (commands) hello random-emoji nixos-version stockholm-issue; + inherit (commands) hello random-emoji nixos-version; tell = { filename = "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg"; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index f9a7e7f36..d4858c67f 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -197,6 +197,60 @@ in { }; }; }; + makanek = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.84"; + aliases = [ + "makanek.r" + "makanek.kmein.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwvtxCG7Vua6+WoStGrkL+H/g4BABidL2eikDBtbxWN+oGv2Bjrwb + VzXB8lMTCsu6M2wb3YTXXzAkc5oI4gE1sSOiCKyhYnQRrndc91KewquxTPfKL19u + JiRqax/E49IvWKARPRPXUhPfU/NNw1oIxhbcFkjwJmqDvh9SWhl5VZVynCE28ov5 + hjjhqNXZHOR8CQqPJeY8v38OAAwTWvJ6rhEQwp5dLBqmRAbvPXj7OOzCxKluDY2X + Dl4k6QAjI6NddJXsXHRYRNGiB0CP1UBC91NDtW2+HIjf1Q1Lip5agO4/SkkSUt39 + de7uYKrNcfyDUBb9Suconw0HvW+Dv4Ce5um+aa1RUrWIQdqBCOECbsXYKp66vAnK + Hidf2uznFseWxiyxz1ow8AvvSseABej5GuHI/56lywnFlnHEZLREUF/4PT+BZ0vE + uPRkzqeSNybsYYFieK8aany/RmJaoIsduGutgAiKBvkCCHru895n02xuLhZVkM2G + zfVjA2le+Gxr21/sVPrHfxResLUh4RA8fkS7erWMRF4a3IOpIS4yrM+p4pZTlTxO + Ya8buh4RgyE/0hp4QNpa4K7fvntriK+k6zHs7BcZcG2aMWP3O9/4DgjzBR3eslQV + oou23ajP11wyfrmZK0/PQGTpsU472Jj+06KtMAaH0zo4vAR8s2kV1ukCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + manakish = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.85"; + aliases = [ + "manakish.r" + "manakish.kmein.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAtZcWwm1tTFoMcO0EOwNdSrZW9m2tSNWzwTGjlfuNFQKPnHiKdFFH + Hym72+WtaIZmffermGTfYdMoB/lWgOB0glqH9oSBFvrLVDgdQL2il589EXBd/1Qy + 7Ye5EVy2/xEA7iZGg3j0i+q1ic48tt6ePd4+QR0LmLEa8+Gz5X0Tp9TTf7gdv+lB + dVA6p7LJixKcBsC5W0jY5oTGUP0fM844AtWbpflmlz0JZNWrkJhCksOnfhUzeIsF + 1m9rCsyK+3jGMV6ZxhEbwaOt99Wlv0N0ouPePw+xLnnGTu0rJ/RKWceYnWnrHIyb + GgGIHnm9GbMd4mAfyp63emRYDMclSQSrddpDUL2GK8TCTttr6bZm4M/pFuXQGJsQ + EG0iaE8FM+nCrhmCRnX8dRWcNmHybd34UoVGCDJ6u+ksLIivqgWeY41CauqN0vQw + U4zqp6XMXRB6vlVcyLzdTASxVKaLJt+BuvHcyqz/YslJ97z4yoLE3d7s/9gZkM// + +FD970bsyvKpKRx72rNRCO9tQJNgPsaMiW5nuHUFw71XxX8o0w//5a0h5cdbiT64 + I4ISySa4ynmHI1/v0a937/sFS0IvRI1Va0Efh2VxasNIqpDmM3hA8auPDj0Js/4c + qVnWMbvqqYlY9l//HCNxUXIhi0vcOr2PoCxBtcP5pHY8nNphQrPjRrcCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; qubasa = { owner = config.krebs.users.qubasa; nets = { @@ -254,30 +308,29 @@ in { }; }; }; - scardanelli = { + zaatar = { owner = config.krebs.users.kmein; nets = { retiolum = { - ip4.addr = "10.243.2.2"; + ip4.addr = "10.243.2.34"; aliases = [ - "scardanelli.r" - "scardanelli.kmein.r" + "zaatar.r" + "zaatar.kmein.r" ]; tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/ - MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge - UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi - kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0 - gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx - we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY - QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm - SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL - 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f - m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q - FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5 - lM61fOMcVW1KREdWypiDtu8CAwEAAQ== - -----END PUBLIC KEY----- + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAn1L8LaoLuvHnN39Vz/8Mu/G20+z2DdWeG8XCX53seG2R+Nv4K/Fb + PikALazrN5TIxjRSRL4HEOsYAHWrHyMyRiK0RTuVZxYX4ArilpWz6+5dyt9CkPDg + mpUqhkpHuWO7zXnCcMVkn2ESzJaDIClLaaZP9klrGoaOJLGSJhfF/y4z8p6C/HlR + AjxI4z+90ReRWHWj+adSd3FZnN9yfeVQwUyqohGM0tIHvLCiDVewigLOI3IWjPom + MyUFV/UPVn0/A81C2eADgKbwn6EiJnxDtlPZWBrEJ9vd8lNWBCyGTxTcD0DuDVCe + yP5+r3uV2OYgQPYFrmWwCZJDu7qBdR4MpPP974iPFZ7WCHrvqQQNPYNZ78zBVA4x + YPNpXxp7i3Q10Vnp5fDQlxy+tfE9deeS3vk15Ydyc6gC2D9YClch720cAtPemgs3 + F1O9Uc1PfJkUS5T0t9dpxH/0k6GZ9RQyJGCW7nupWTXmnDW7+TTjszLX3KYmG7XO + pQiic0oMvSCHwEPygnHTLWSt7rroje84htbatzplpQo8GS2tffieOEsgOaHp8TNr + QkRQnNbkAermVod6yK7wtutOk55f7WtYSCw+Kdo/pdQQQpcayKpTBikUQgdGwtTV + z9V1ZlEoLaaRxqisT4DB8279Bzy3QRV+eSHMMqw3+ePjxn7NbJxFn3sCAwEAAQ== + -----END RSA PUBLIC KEY----- ''; }; }; @@ -432,6 +485,58 @@ in { }; }; }; + nxbg = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.123"; + aliases = [ + "nxbg.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEArnkpu+oD59Shu9xcppkcelMT/uHsKvMKdudr67WZG/4F0xhd/5ex + an8v3OWClztIsnB+5uwl0dgamfKDAfIdg5ll2ZHcXo7dAdAN7q8DkegJD9k/Pmmi + YGsEwyENhAcX0/L1xHD5rGqH+6qQ/HrXPKPquoWCIlDDX41dyZQxJCTzkKlRGWhl + uwEMHkR4sfGgsD/OFmTVHMqygWbQIBIrUKXcHahsVj5k0LZW+ejVAQwNlzuKZi2B + n4maa6R0s4kRk2N8TPW11BcCl+rZlaX7RSn8vi+lA0Aq+A5SL1kXaKkKQT/9j2+n + G/uCDpQ6ruXaNycDkemqZg/MHDanbm5SUtjqZarfT6tRr3bwvpndxeGCeOZHkehw + iDiRsXszdwVDziRBlHs4WvFHTZUBLBsetOeo/LaB3Lt069nF5Cs6SZDi3z17ZMow + 5IU66KLQBDnSHqJWvAkBZsWrlZHMr3Csefaqli+qGpPr2gVgiwh3BrH8Ie1DBWJM + ysY0XK98s3jhLfWtc8Fg99H7QYenrh9IwfiIr5kRTmYxLBoGHO7GBRovuziJYzj+ + G1D160xnRSqVdbIg9Az9OMBHfv9/HwYwwLpQ/154SRTY6f4H3iFMt+0lJwSS6nIl + yN7HY7PKXieun8OsS3GhV/+r8UVcRmVk+who3x8Hw8MQJHp8lUNGjLUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + nxrm = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.124"; + aliases = [ + "nxrm.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxPg9J+cpmazp8ZH2eCQwbq6GdU22Nhd/ySm+K/aN+x55C4QN6gMM + cBW2o0nfHi4JtvqDtdw0s9pGh0GsLHHoQlFD/lGr1oCMAe0FeN4cSAwbUH1DYFPw + KsyiXpXLVYCqt42JjzCM8HNUMBNDlnZ60z2Ashxj79PbYJ+i3oPEIE//Vf6MPOta + vaDUXCbqsWKKEqG8t+rM4WRrqzVVpASq6Avs2x+eijVe0Yeq4tkHcO0z3SrV2TM1 + nAPYDL0QlHHBVtAt0tAfo4CC+HAwZJz8yZ0sWPzz/fJj/K3HwuFDBKZSrsIgSPBc + +JCFefuI3aNc1fKTYIu0XqCqgdB0Xu2g/AkJcqXSvJQaNPFuyk5n79C2INHcpLrp + s8NWwaUAH7XhNUGYnzevan3hiuSgIsT0T2cfERmEGyMn90fioYWN7TW9txfEX9qL + I4mkmh1xqt8ipdpfGxYmUAAj9KoHEhAnDElblIXRWY3KLdY6gT4sO80K+hTbK/J+ + oyhU0nYcAnrFJNlSNjNucM/4UlCXqs4TaCM9cRggT6PmHy+M7vLebI4JGoOpCuYw + W1fiyXCrzlTP0vidDtv9mr0vTTK78Nc8oGc46Yu3K1kFSQYS/pRCjnOin35sYe/K + ahpclNJjom6tHxcwTriT0w6Yh/fCei7WCqpWtK2m4Qho/+WA3rFc3WUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; ada = { owner = config.krebs.users.filly; nets = { @@ -496,7 +601,7 @@ in { mail = "jacek.galowicz@gmail.com"; }; kmein = { - mail = "kieran.meinhardt@gmail.com"; + mail = "kmein@posteo.de"; pubkey = ssh-for "kmein"; }; mic92 = { diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 0b7d56098..7d618ebfd 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -62,8 +62,8 @@ let }; }; - users.extraUsers = singleton { - inherit (user) name uid; + users.users.${user.name} = { + inherit (user) uid; home = cfg.dataDir; }; }; diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 75d7eda6e..390f7585f 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -12,6 +12,7 @@ with import <stockholm/lib>; in { hosts = mapAttrs hostDefaults { brauerei = { + ci = false; nets = { retiolum = { ip4.addr = "10.243.27.29"; @@ -93,6 +94,7 @@ in { }; bolide = { + ci = false; nets = { retiolum = { ip4.addr = "10.243.27.31"; @@ -130,6 +132,7 @@ in { }; reagenzglas = { + ci = false; nets = { retiolum = { ip4.addr = "10.243.27.32"; diff --git a/krebs/5pkgs/haskell/reaktor2.nix b/krebs/5pkgs/haskell/reaktor2/default.nix index ae242efea..6a48f865c 100644 --- a/krebs/5pkgs/haskell/reaktor2.nix +++ b/krebs/5pkgs/haskell/reaktor2/default.nix @@ -6,13 +6,13 @@ , time, transformers, unagi-chan, unix, unordered-containers , vector, wai, warp }: -mkDerivation { +mkDerivation rec { pname = "reaktor2"; - version = "0.3.0"; + version = "0.4.0"; src = fetchgit { url = "https://cgit.krebsco.de/reaktor2"; - sha256 = "02hqpq8wcfd6rvi8qk10zy3f3lrzzqnjwqal4cbvksjn3vahz36h"; - rev = "a6893c00f78a8acd0a4bfe7da87ab6889eabcf21"; + sha256 = "0bnn23hjl57y0a5rf3h8kq078dziby7il7fandz5wh6s4i3psicp"; + rev = "v${version}"; fetchSubmodules = true; }; isLibrary = false; diff --git a/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix index f0e221406..a84407457 100644 --- a/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix +++ b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix @@ -11,7 +11,7 @@ buildGoModule rec { sha256 = "09cciml1j8x76jpm2v5v6h2q6j1fkhsz1kswslmx8wl4wk40xgp4"; }; - modSha256 = "0nlnxkpcna7g7qslyz5i1619paw4jkb1ma4fgpsgvgx1spwrjm8h"; + vendorSha256 = "0nlnxkpcna7g7qslyz5i1619paw4jkb1ma4fgpsgvgx1spwrjm8h"; postInstall = '' install -D ./default.tmpl $out/templates/default.tmpl ''; diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 22c33bd66..9ea1d4141 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "007126eef72271480cb7670e19e501a1ad2c1ff2", - "date": "2020-10-20T10:30:15+10:00", - "sha256": "1rfvw560vp2wn3dxdhqn1rk1fgk0ak9lnqm2dqpnsrkl4b8ay9mq", + "rev": "34ad166a830d3ac1541dcce571c52231f2f0865a", + "date": "2020-11-02T21:18:15-05:00", + "sha256": "1jvi1562x3kq65w642vfimpszv65zbc7c2nv8gakhzcx4n3f47xq", "fetchSubmodules": false } diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 161a099e5..68d950208 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "7c2a362b58a1c2ba72d24aa3869da3b1a91d39e1", - "date": "2020-10-20T09:32:31+02:00", - "sha256": "0gl4xndyahasa9dv5mi3x9w8s457wl2xh9lcldizcn1irjvkrzs4", + "rev": "896270d629efd47d14972e96f4fbb79fc9f45c80", + "date": "2020-11-10T22:42:32+01:00", + "sha256": "0xmjjayg19wm6cn88sh724mrsdj6mgrql6r3zc0g4x9bx4y342p7", "fetchSubmodules": false } diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index b0ffb6adc..9a0ea7ed4 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-20.03' \ + --rev refs/heads/nixos-20.09' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 8332e7c53..609da6011 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -19,7 +19,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/nfs-dl.nix> #<stockholm/lass/2configs/prism-share.nix> - <stockholm/lass/2configs/ssh-cryptsetup.nix> <stockholm/lass/2configs/network-manager.nix> <stockholm/lass/2configs/home-media.nix> ]; diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index d44e62053..eee23ee60 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,7 +8,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/syncthing.nix> - <stockholm/lass/2configs/green-host.nix> ]; networking.networkmanager.enable = true; diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix index 3fb03cda4..6e59a2273 100644 --- a/lass/1systems/morpheus/physical.nix +++ b/lass/1systems/morpheus/physical.nix @@ -34,10 +34,7 @@ }; boot.initrd.luks = { cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices = [{ - name = "luksroot"; - device = "/dev/nvme0n1p3"; - }]; + devices.luksroot.device = "/dev/nvme0n1p3"; }; services.udev.extraRules = '' diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b335353be..944a68beb 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -90,13 +90,6 @@ with import <stockholm/lib>; ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; }; - users.users.kmein = { - uid = genid_uint31 "kmein"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.kmein.pubkey - ]; - }; } { #hotdog diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index e41c9bd1e..9e01396bc 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,8 +15,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/blue-host.nix> - <stockholm/lass/2configs/green-host.nix> - <stockholm/lass/2configs/ssh-cryptsetup.nix> <stockholm/lass/2configs/nfs-dl.nix> <stockholm/lass/2configs/gg23.nix> <stockholm/lass/2configs/hass> diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 1bc440a98..507ccd14d 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -8,7 +8,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/power-action.nix> <stockholm/lass/2configs/syncthing.nix> - <stockholm/lass/2configs/green-host.nix> { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix index 2d21f00d5..82a088643 100644 --- a/lass/1systems/uriel/physical.nix +++ b/lass/1systems/uriel/physical.nix @@ -15,7 +15,7 @@ loader.systemd-boot.enable = true; loader.timeout = 5; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices.luksroot.device = "/dev/sda2"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index 56c091a6e..ed78699b0 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -25,9 +25,6 @@ in { environment = { DISPLAY = ":${toString config.services.xserver.display}"; }; - path = with pkgs; [ - qt5.full - ]; serviceConfig = { SyslogIdentifier = "copyq"; ExecStart = "${pkgs.copyq}/bin/copyq"; diff --git a/lass/2configs/dcso-vpn.nix b/lass/2configs/dcso-vpn.nix deleted file mode 100644 index 0a5623bf0..000000000 --- a/lass/2configs/dcso-vpn.nix +++ /dev/null @@ -1,44 +0,0 @@ -with import <stockholm/lib>; -{ ... }: - -{ - - users.extraUsers = { - dcsovpn = rec { - name = "dcsovpn"; - uid = genid "dcsovpn"; - description = "user for running dcso openvpn"; - home = "/home/${name}"; - }; - }; - - users.extraGroups.dcsovpn.gid = genid "dcsovpn"; - - services.openvpn.servers = { - dcso = { - config = '' - client - dev tun - tun-mtu 1356 - mssfix - proto udp - float - remote 217.111.55.41 1194 - nobind - user dcsovpn - group dcsovpn - persist-key - persist-tun - ca ${toString <secrets/dcsovpn/ca.pem>} - cert ${toString <secrets/dcsovpn/cert.pem>} - key ${toString <secrets/dcsovpn/cert.key>} - verb 3 - mute 20 - auth-user-pass ${toString <secrets/dcsovpn/login.txt>} - route-method exe - route-delay 2 - ''; - updateResolvConf = true; - }; - }; -} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f59988b75..babcb51de 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,7 +2,6 @@ with import <stockholm/lib>; { config, pkgs, ... }: { imports = [ - <stockholm/krebs/2configs/nscd-fix.nix> ./binary-cache/client.nix ./backup.nix ./gc.nix diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix deleted file mode 100644 index 6cccab4b3..000000000 --- a/lass/2configs/green-host.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; - -let - - cname = "green"; - cryfs = pkgs.cryfs.overrideAttrs (old: { - patches = [ - (pkgs.writeText "file_mode.patch" '' - --- a/src/cryfs/filesystem/CryNode.cpp - +++ b/src/cryfs/filesystem/CryNode.cpp - @@ -171,7 +171,7 @@ CryNode::stat_info CryNode::stat() const { - result.uid = fspp::uid_t(getuid()); - result.gid = fspp::gid_t(getgid()); - #endif - - result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag(); - + result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag().addGroupReadFlag().addGroupExecFlag().addOtherReadFlag().addOtherExecFlag();; - result.size = fsblobstore::DirBlob::DIR_LSTAT_SIZE; - //TODO If possible without performance loss, then for a directory, st_nlink should return number of dir entries (including "." and "..") - result.nlink = 1; - '') - ] ++ old.patches; - }); - -in { - imports = [ - <stockholm/lass/2configs/container-networking.nix> - <stockholm/lass/2configs/syncthing.nix> - ]; - - programs.fuse.userAllowOther = true; - - services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}".devices = [ "icarus" "skynet" "littleT" "shodan" ]; - # krebs.permown."/var/lib/sync-containers/${cname}" = { - # owner = "root"; - # group = "syncthing"; - # umask = "0007"; - # }; - - systemd.services."container@green".reloadIfChanged = mkForce false; - containers.${cname} = { - config = { ... }: { - environment.systemPackages = [ - pkgs.git - pkgs.rxvt_unicode.terminfo - ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - system.activationScripts.fuse = { - text = '' - ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229 - ''; - deps = []; - }; - }; - allowedDevices = [ - { modifier = "rwm"; node = "/dev/fuse"; } - ]; - autoStart = false; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs - localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs - }; - - environment.systemPackages = [ - (pkgs.writeDashBin "start-${cname}" '' - set -euf - - mkdir -p /var/lib/containers/${cname}/var/state - chown ${config.services.syncthing.user}: /var/lib/containers/${cname}/var/state - if |