diff options
Diffstat (limited to 'lass/1systems')
| -rw-r--r-- | lass/1systems/daedalus/config.nix | 3 | ||||
| -rw-r--r-- | lass/1systems/hilum/config.nix | 32 | ||||
| -rw-r--r-- | lass/1systems/hilum/physical.nix | 35 | ||||
| -rw-r--r-- | lass/1systems/icarus/config.nix | 11 | ||||
| -rw-r--r-- | lass/1systems/morpheus/config.nix | 41 | ||||
| -rw-r--r-- | lass/1systems/morpheus/physical.nix | 32 | ||||
| -rw-r--r-- | lass/1systems/mors/config.nix | 2 | ||||
| -rw-r--r-- | lass/1systems/prism/config.nix | 74 | ||||
| -rw-r--r-- | lass/1systems/prism/physical.nix | 5 | ||||
| -rw-r--r-- | lass/1systems/shodan/config.nix | 87 | ||||
| -rw-r--r-- | lass/1systems/shodan/physical.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/xerxes/config.nix | 28 | ||||
| -rw-r--r-- | lass/1systems/xerxes/physical.nix | 10 | ||||
| -rw-r--r-- | lass/1systems/yellow/config.nix | 2 |
14 files changed, 213 insertions, 150 deletions
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index df8868034..bd559944a 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -34,6 +34,7 @@ with import <stockholm/lib>; ]; }; environment.systemPackages = with pkgs; [ + ark pavucontrol #firefox chromium @@ -58,7 +59,7 @@ with import <stockholm/lib>; krebs.per-user.bitcoin.packages = [ pkgs.electrum pkgs.electron-cash - pkgs.altcoins.litecoin + pkgs.litecoin ]; users.extraUsers = { bitcoin = { diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix new file mode 100644 index 000000000..f57d275d8 --- /dev/null +++ b/lass/1systems/hilum/config.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: +{ + imports = [ + <stockholm/lass> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/network-manager.nix> + <stockholm/lass/2configs/mail.nix> + <stockholm/lass/2configs/syncthing.nix> + ]; + + krebs.build.host = config.krebs.hosts.hilum; + + boot.loader.grub = { + extraEntries = '' + submenu isos { + source /grub/autoiso.cfg + } + ''; + extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation { + name = "autoiso.cfg"; + src = pkgs.grub2.src; + phases = [ "unpackPhase" "installPhase" ]; + installPhase = '' + cp docs/autoiso.cfg $out + ''; + }); + }; +} diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix new file mode 100644 index 000000000..f8bab57d6 --- /dev/null +++ b/lass/1systems/hilum/physical.nix @@ -0,0 +1,35 @@ +{ lib, pkgs, ... }: + +{ + imports = [ + ./config.nix + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0"; + boot.loader.grub.efiInstallAsRemovable = true; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2B9E-5131"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index d8c8699ae..86727700f 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { imports = [ @@ -14,20 +14,13 @@ <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/games.nix> <stockholm/lass/2configs/bitcoin.nix> - <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/wine.nix> - <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/nfs-dl.nix> - <stockholm/lass/2configs/prism-share.nix> + #<stockholm/lass/2configs/prism-share.nix> <stockholm/lass/2configs/ssh-cryptsetup.nix> ]; krebs.build.host = config.krebs.hosts.icarus; - - environment.systemPackages = with pkgs; [ - macchanger - dpass - ]; programs.adb.enable = true; } diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix deleted file mode 100644 index cab267d54..000000000 --- a/lass/1systems/morpheus/config.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -{ - imports = [ - <stockholm/lass> - - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/power-action.nix> - <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/games.nix> - <stockholm/lass/2configs/steam.nix> - ]; - - krebs.build.host = config.krebs.hosts.morpheus; - - networking.wireless.enable = false; - networking.networkmanager.enable = true; - - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - - nixpkgs.config.packageOverrides = super: { - steam = super.steam.override { - withPrimus = true; - extraPkgs = p: with p; [ - glxinfo - nettools - bumblebee - ]; - }; - }; - - - services.xserver.desktopManager.default = "none"; - services.xserver.displayManager.lightdm.autoLogin = { - enable = true; - user = "lass"; - timeout = 5; - }; -} diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix deleted file mode 100644 index 0f08acb2d..000000000 --- a/lass/1systems/morpheus/physical.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib, ... }: -{ - imports = [ - <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ./config.nix - ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostId = "60ce7e88"; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2009"'' ]; - - hardware.bumblebee.enable = true; - hardware.bumblebee.group = "video"; - - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/DF3B-4528"; - fsType = "vfat"; - }; - - nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 5076beeef..1477d6d8b 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -54,7 +54,7 @@ with import <stockholm/lib>; folders = { the_playlist = { path = "/home/lass/tmp/the_playlist"; - peers = [ "mors" "phone" "prism" ]; + peers = [ "mors" "phone" "prism" "xerxes" ]; }; free_music = { id = "mu9mn-zgvsw"; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index eec8e34b8..e957279e2 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -31,7 +31,15 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" ]; + packages = [ + (pkgs.writeDashBin "kick-routing" '' + /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service + '') + ]; }; + security.sudo.extraConfig = '' + riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service + ''; # TODO write function for proxy_pass (ssl/nonssl) @@ -57,6 +65,13 @@ with import <stockholm/lib>; config.krebs.users.makefu.pubkey ]; }; + users.users.nin = { + uid = genid "nin"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; users.extraUsers.dritter = { uid = genid_uint31 "dritter"; isNormalUser = true; @@ -109,6 +124,26 @@ with import <stockholm/lib>; localAddress = "10.233.2.2"; }; } + { + #onondaga + systemd.services."container@onondaga".reloadIfChanged = mkForce false; + containers.onondaga = { + config = { ... }: { + imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ]; + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + config.krebs.users.nin.pubkey + ]; + }; + autoStart = true; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.5"; + localAddress = "10.233.2.6"; + }; + } <stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/ts3.nix> <stockholm/lass/2configs/privoxy-retiolum.nix> @@ -149,7 +184,7 @@ with import <stockholm/lib>; imports = [ <stockholm/lass/2configs/realwallpaper.nix> ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + services.nginx.virtualHosts."lassul.us".locations."= /wallpaper.png".extraConfig = '' alias /var/realwallpaper/realwallpaper.png; ''; } @@ -226,41 +261,6 @@ with import <stockholm/lib>; hostAddress = "10.233.2.3"; localAddress = "10.233.2.4"; }; - services.nginx.virtualHosts."rote-allez-fraktion.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - extraConfig = '' - proxy_set_header Host rote-allez-fraktion.de; - proxy_pass http://10.233.2.4; - ''; - }; - }; - } - { - imports = [ <stockholm/lass/2configs/backup.nix> ]; - lass.restic = genAttrs [ - "daedalus" - "icarus" - "littleT" - "mors" - "shodan" - "skynet" - ] (dest: { - dirs = [ - "/home/chat/.weechat" - "/bku/sql_dumps" - ]; - passwordFile = (toString <secrets>) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/prism"; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }); } { users.users.download.openssh.authorizedKeys.keys = [ @@ -344,7 +344,7 @@ with import <stockholm/lib>; services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' if ($scheme != "https") { - rewrite ^ https://$host$uri permanent; + rewrite ^ https://$host$request_uri permanent; } auth_basic "Restricted Content"; auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 9a84e9d63..7458f5ffd 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -20,6 +20,11 @@ fsType = "ext4"; }; + fileSystems."/backups" = { + device = "tank/backups"; + fsType = "zfs"; + }; + fileSystems."/srv/http" = { device = "tank/srv-http"; fsType = "zfs"; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 5de87d790..ad510283f 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -17,6 +17,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/green-host.nix> <stockholm/lass/2configs/ssh-cryptsetup.nix> + <stockholm/lass/2configs/nfs-dl.nix> ]; krebs.build.host = config.krebs.hosts.shodan; @@ -24,4 +25,90 @@ with import <stockholm/lib>; services.logind.extraConfig = '' HandleLidSwitch=ignore ''; + + #media center + users.users.media = { + isNormalUser = true; + uid = genid_uint31 "media"; + extraGroups = [ "video" "audio" ]; + }; + + services.xserver.displayManager.lightdm.autoLogin = { + enable = true; + user = "media"; + }; + + #hass + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 1883"; target = "ACCEPT"; } + # zerotierone + { predicate = "-p udp --dport 9993"; target = "ACCEPT"; } + ]; + + services.home-assistant = let + tasmota_s20 = name: topic: { + platform = "mqtt"; + inherit name; + state_topic = "stat/${topic}/POWER"; + command_topic = "cmnd/${topic}/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + }; + in { + enable = true; + package = pkgs.home-assistant.override { + python3 = pkgs.python36; + #extraComponents = [ + # (pkgs.fetchgit { + # url = "https://github.com/marcschumacher/dwd_pollen"; + # rev = "0.1"; + # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p"; + # }) + #]; + }; + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + elevation = 247; + }; + sun.elevation = 66; + discovery = {}; + frontend = { }; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "gg23"; + password = "gg23-mqtt"; + keepalive = 60; + protocol = 3.1; + }; + sensor = [ + ]; + switch = [ + (tasmota_s20 "Drucker Strom" "drucker") + (tasmota_s20 "Bett Licht" "bett") + ]; + device_tracker = [ + { + platform = "luci"; + } + ]; + }; + }; + + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + users.gg23 = { + password = "gg23-mqtt"; + acl = [ "topic readwrite #" ]; + }; + }; + environment.systemPackages = [ pkgs.mosquitto ]; } diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 41508127c..7cfeba932 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -13,7 +13,6 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; }; fileSystems = { "/" = { diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 2d25bc88a..8630d0f4b 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -28,6 +28,12 @@ export SYSTEM="$1" $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; + usb-tether-on = pkgs.writeDash "usb-tether-on" '' + adb shell su -c service call connectivity 33 i32 1 s16 text + ''; + usb-tether-off = pkgs.writeDash "usb-tether-off" '' + adb shell su -c service call connectivity 33 i32 0 s16 text + ''; }; services.xserver = { @@ -66,26 +72,8 @@ programs.adb.enable = true; - services.logind.lidSwitch = "ignore"; - services.acpid = { - enable = true; - lidEventCommands = '' - export DISPLAY=:${toString config.services.xserver.display} - case "$1" in - "button/lid LID close") - ${pkgs.xorg.xinput}/bin/xinput disable 'pointer: Mouse for Windows' - ${pkgs.xorg.xinput}/bin/xinput disable 'keyboard: Mouse for Windows' - ${pkgs.acpilight}/bin/xbacklight -get > /tmp/pre_lid_brightness - ${pkgs.acpilight}/bin/xbacklight -set 0 - ;; - "button/lid LID open") - ${pkgs.xorg.xinput}/bin/xinput enable 'pointer: Mouse for Windows' - ${pkgs.xorg.xinput}/bin/xinput enable 'keyboard: Mouse for Windows' - ${pkgs.acpilight}/bin/xbacklight -set $(cat /tmp/pre_lid_brightness) - ;; - esac - ''; - }; + services.logind.lidSwitch = "suspend"; + lass.screenlock.enable = lib.mkForce false; systemd.services.suspend-again = { after = [ "suspend.target" ]; diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix index 5d60dfc45..77cf2206b 100644 --- a/lass/1systems/xerxes/physical.nix +++ b/lass/1systems/xerxes/physical.nix @@ -13,9 +13,8 @@ }; boot.loader.efi.canTouchEfiVariables = true; - # TODO fix touchscreen boot.blacklistedKernelModules = [ - "goodix" + "sdhci_pci" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; @@ -46,7 +45,7 @@ swapDevices = [ ]; boot.extraModprobeConfig = '' - options zfs zfs_arc_max=1073741824 + options zfs zfs_arc_max=107374182 ''; nix.maxJobs = lib.mkDefault 4; @@ -74,13 +73,10 @@ services.xserver = { videoDrivers = [ "intel" ]; - deviceSection = '' - Option "TearFree" "true" - ''; displayManager.sessionCommands = '' echo nonono > /tmp/xxyy (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right) - (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1) ''; }; } diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index cda0d0a33..d049bdee6 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -47,7 +47,7 @@ with import <stockholm/lib>; }; virtualHosts.default = { default = true; - locations."/Nginx-Fancyindex-Theme-dark" = { + locations."=/Nginx-Fancyindex-Theme-dark" = { extraConfig = '' alias ${pkgs.fetchFromGitHub { owner = "Naereen"; |