summaryrefslogtreecommitdiffstats
path: root/lass/1systems
diff options
context:
space:
mode:
Diffstat (limited to 'lass/1systems')
-rw-r--r--lass/1systems/blue/config.nix9
-rw-r--r--lass/1systems/blue/physical.nix1
-rw-r--r--lass/1systems/daedalus/config.nix8
-rw-r--r--lass/1systems/green/config.nix11
-rw-r--r--lass/1systems/green/physical.nix1
-rw-r--r--lass/1systems/icarus/config.nix1
-rw-r--r--lass/1systems/iso.nix10
-rw-r--r--lass/1systems/littleT/config.nix1
-rw-r--r--lass/1systems/morpheus/config.nix8
-rw-r--r--lass/1systems/mors/config.nix36
-rw-r--r--lass/1systems/prism/config.nix36
-rw-r--r--lass/1systems/red/physical.nix1
-rw-r--r--lass/1systems/shodan/config.nix2
-rw-r--r--lass/1systems/skynet/config.nix1
-rw-r--r--lass/1systems/yellow/config.nix1
-rw-r--r--lass/1systems/yellow/physical.nix1
16 files changed, 92 insertions, 36 deletions
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index a287f548b..14f4971f7 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -9,17 +9,12 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue.nix>
<stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/sync/decsync.nix>
+ <stockholm/lass/2configs/sync/weechat.nix>
];
krebs.build.host = config.krebs.hosts.blue;
- krebs.syncthing.folders = [
- { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
- ];
- lass.ensure-permissions = [
- { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
- ];
-
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix
index 7499ff723..b6aa3a894 100644
--- a/lass/1systems/blue/physical.nix
+++ b/lass/1systems/blue/physical.nix
@@ -4,5 +4,4 @@
];
boot.isContainer = true;
networking.useDHCP = false;
- environment.variables.NIX_REMOTE = "daemon";
}
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index e28fbf2f8..6e3df12f0 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -27,6 +27,12 @@ with import <stockholm/lib>;
enable = true;
systemWide = true;
};
+ programs.chromium = {
+ enable = true;
+ extensions = [
+ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
+ ];
+ };
environment.systemPackages = with pkgs; [
pavucontrol
#firefox
@@ -40,7 +46,7 @@ with import <stockholm/lib>;
wine
geeqie
vlc
- minecraft
+ zsnes
];
nixpkgs.config.firefox.enableAdobeFlash = true;
services.xserver.enable = true;
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index 6ae157e38..0b4b50ee4 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -8,20 +8,13 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/mail.nix>
- #<stockholm/lass/2configs/blue.nix>
<stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/sync/decsync.nix>
+ <stockholm/lass/2configs/sync/weechat.nix>
];
krebs.build.host = config.krebs.hosts.green;
- krebs.syncthing.folders = [
- { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
- ];
- lass.ensure-permissions = [
- { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
- ];
-
-
#networking.nameservers = [ "1.1.1.1" ];
#time.timeZone = "Europe/Berlin";
diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix
index 7499ff723..b6aa3a894 100644
--- a/lass/1systems/green/physical.nix
+++ b/lass/1systems/green/physical.nix
@@ -4,5 +4,4 @@
];
boot.isContainer = true;
networking.useDHCP = false;
- environment.variables.NIX_REMOTE = "daemon";
}
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 06b1e7366..d8c8699ae 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -20,6 +20,7 @@
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/prism-share.nix>
+ <stockholm/lass/2configs/ssh-cryptsetup.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index be064bed2..a814cc6b9 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -6,7 +6,6 @@ with import <stockholm/lib>;
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
<stockholm/krebs>
<stockholm/lass/3modules>
- <stockholm/lass/5pkgs>
<stockholm/lass/2configs/mc.nix>
<stockholm/lass/2configs/vim.nix>
{
@@ -40,9 +39,10 @@ with import <stockholm/lib>;
networking.hostName = "lass-iso";
}
{
+ nixpkgs.config.packageOverrides = import <stockholm/lass/5pkgs> pkgs;
krebs.enable = true;
krebs.build.user = config.krebs.users.lass;
- krebs.build.host = config.krebs.hosts.iso;
+ krebs.build.host = {};
}
{
nixpkgs.config.allowUnfree = true;
@@ -174,11 +174,13 @@ with import <stockholm/lib>;
user = "lass";
};
windowManager.default = "xmonad";
- windowManager.session = [{
+ windowManager.session = let
+ xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; };
+ in [{
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
- ${pkgs.xmonad-lass}/bin/xmonad &
+ ${xmonad-lass}/bin/xmonad &
waitPID=$!
'';
}];
diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
index eee23ee60..d44e62053 100644
--- a/lass/1systems/littleT/config.nix
+++ b/lass/1systems/littleT/config.nix
@@ -8,6 +8,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/green-host.nix>
];
networking.networkmanager.enable = true;
diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix
index 0d82ba611..cab267d54 100644
--- a/lass/1systems/morpheus/config.nix
+++ b/lass/1systems/morpheus/config.nix
@@ -30,4 +30,12 @@ with import <stockholm/lib>;
];
};
};
+
+
+ services.xserver.desktopManager.default = "none";
+ services.xserver.displayManager.lightdm.autoLogin = {
+ enable = true;
+ user = "lass";
+ timeout = 5;
+ };
}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 250d96e53..f911b79d6 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -26,6 +26,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/otp-ssh.nix>
<stockholm/lass/2configs/c-base.nix>
+ <stockholm/lass/2configs/sync/decsync.nix>
+ <stockholm/lass/2configs/sync/weechat.nix>
<stockholm/lass/2configs/br.nix>
<stockholm/lass/2configs/ableton.nix>
<stockholm/lass/2configs/starcraft.nix>
@@ -36,27 +38,26 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
- <stockholm/lass/2configs/hardening.nix>
+ #<stockholm/lass/2configs/hardening.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
- #chromecast
- { predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; }
#quake3
{ predicate = "-p tcp --dport 27950:27965"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; }
];
}
{
- krebs.syncthing.folders = [
- { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
- { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
- ];
- lass.ensure-permissions = [
- { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
- { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
- ];
+ krebs.syncthing.folders."the_playlist" = {
+ path = "/home/lass/tmp/the_playlist";
+ peers = [ "mors" "phone" "prism" ];
+ };
+ krebs.permown."/home/lass/tmp/the_playlist" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
}
{
lass.umts = {
@@ -92,6 +93,7 @@ with import <stockholm/lib>;
pkgs.ovh-zone
pkgs.bank
pkgs.adb-sync
+ pkgs.transgui
];
}
{
@@ -135,6 +137,18 @@ with import <stockholm/lib>;
(pkgs.writeDashBin "btc-kraken" ''
${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]'
'')
+ (pkgs.writeDashBin "krebsco.de" ''
+ TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
+ ${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json
+ OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import
+ ${pkgs.coreutils}/bin/rm -rf "$TMPDIR"
+ '')
+ (pkgs.writeDashBin "lassul.us" ''
+ TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
+ ${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json
+ OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us
+ ${pkgs.coreutils}/bin/rm -rf "$TMPDIR"
+ '')
];
#TODO: fix this shit
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index b3b7ac0df..d7b0b701a 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -413,6 +413,42 @@ with import <stockholm/lib>;
];
};
}
+ { #macos mounting of yellow
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i wiregrill -p tcp --dport 139"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p udp --dport 137"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p udp --dport 138"; target = "ACCEPT"; }
+ ];
+ users.users.smbguest = {
+ name = "smbguest";
+ uid = config.ids.uids.smbguest;
+ description = "smb guest user";
+ home = "/home/share";
+ createHome = true;
+ };
+ services.samba = {
+ enable = true;
+ enableNmbd = true;
+ shares = {
+ download = {
+ path = "/var/download/finished";
+ "read only" = "yes";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
+ extraConfig = ''
+ guest account = smbguest
+ map to guest = bad user
+ # disable printing
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
+ '';
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix
index 7499ff723..b6aa3a894 100644
--- a/lass/1systems/red/physical.nix
+++ b/lass/1systems/red/physical.nix
@@ -4,5 +4,4 @@
];
boot.isContainer = true;
networking.useDHCP = false;
- environment.variables.NIX_REMOTE = "daemon";
}
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index 39c0791fc..5de87d790 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -15,6 +15,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/blue-host.nix>
+ <stockholm/lass/2configs/green-host.nix>
+ <stockholm/lass/2configs/ssh-cryptsetup.nix>
];
krebs.build.host = config.krebs.hosts.shodan;
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index 0bf3e6b4d..70787e514 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -8,6 +8,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/power-action.nix>
<stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/green-host.nix>
{
services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true;
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 8b3b2814f..cda0d0a33 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -31,6 +31,7 @@ with import <stockholm/lib>;
download-dir = "/var/download/finished";
incomplete-dir = "/var/download/incoming";
incomplete-dir-enable = true;
+ message-level = 1;
umask = "002";
rpc-whitelist-enabled = false;
rpc-host-whitelist-enabled = false;
diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix
index 7499ff723..b6aa3a894 100644
--- a/lass/1systems/yellow/physical.nix
+++ b/lass/1systems/yellow/physical.nix
@@ -4,5 +4,4 @@
];
boot.isContainer = true;
networking.useDHCP = false;
- environment.variables.NIX_REMOTE = "daemon";
}