summaryrefslogtreecommitdiffstats
path: root/lass/1systems
diff options
context:
space:
mode:
Diffstat (limited to 'lass/1systems')
-rw-r--r--lass/1systems/aergia/config.nix80
-rw-r--r--lass/1systems/aergia/disk.nix3
-rw-r--r--lass/1systems/aergia/physical.nix52
-rw-r--r--lass/1systems/daedalus/config.nix29
-rw-r--r--lass/1systems/dishfire/config.nix3
-rw-r--r--lass/1systems/hilum/config.nix5
-rw-r--r--lass/1systems/hilum/disk.nix18
-rwxr-xr-xlass/1systems/hilum/flash-stick.sh8
-rw-r--r--lass/1systems/hilum/physical.nix5
-rw-r--r--lass/1systems/mors/config.nix30
-rw-r--r--lass/1systems/mors/physical.nix4
-rw-r--r--lass/1systems/neoprism/config.nix21
-rw-r--r--lass/1systems/neoprism/disk.nix72
-rw-r--r--lass/1systems/neoprism/physical.nix74
-rw-r--r--lass/1systems/prism/physical.nix3
-rw-r--r--lass/1systems/styx/config.nix34
-rw-r--r--lass/1systems/ubik/config.nix231
17 files changed, 507 insertions, 165 deletions
diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix
index d49040a7a..618938ce8 100644
--- a/lass/1systems/aergia/config.nix
+++ b/lass/1systems/aergia/config.nix
@@ -27,6 +27,83 @@
<stockholm/lass/2configs/print.nix>
<stockholm/lass/2configs/br.nix>
<stockholm/lass/2configs/c-base.nix>
+ # steam-deck like experience https://github.com/Jovian-Experiments/Jovian-NixOS
+ {
+ imports = [
+ "${builtins.fetchTarball "https://github.com/Jovian-Experiments/Jovian-NixOS/archive/master.tar.gz"}/modules"
+ ];
+ jovian.steam.enable = true;
+ }
+ { # autorandrs
+ services.autorandr = {
+ enable = true;
+ hooks.postswitch.reset_usb = ''
+ echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized
+ ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert
+ '';
+ profiles = {
+ default = {
+ fingerprint = {
+ eDP = "00ffffffffffff00288931000100000016200104805932780a0dc9a05747982712484c0000000101010101010101010101010101010108700088a1401360c820a300d9870000001ead4a0088a1401360c820a30020c23100001e000000fd0016480f5a1e000a202020202020000000fc0047504431303031480a2020202000cf";
+ };
+ config = {
+ eDP = {
+ enable = true;
+ primary = true;
+ position = "0x0";
+ mode = "2560x1600";
+ rate = "60.01";
+ transform = [
+ [ 0.750000 0.000000 0.000000 ]
+ [ 0.000000 0.750000 0.000000 ]
+ [ 0.000000 0.000000 1.000000 ]
+ ];
+ # scale = {
+ # x = 0.599991;
+ # y = 0.599991;
+ # };
+ };
+ };
+ };
+ docked2 = {
+ fingerprint = {
+ eDP = config.services.autorandr.profiles.default.fingerprint.eDP;
+ DisplayPort-8 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c5a8780a070384d4030203500b9882100001af4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000009";
+ DisplayPort-7 = "00ffffffffffff0020a32f00010000000c190103807341780acf74a3574cb02309484c21080081c0814081800101010101010101010104740030f2705a80b0588a00501d7400001e023a801871382d40582c4500501d7400001e000000fc00484953454e53450a2020202020000000fd00324b0f451e000a2020202020200172020333714f5f5e5d01020400101113001f2021222909070715075057070083010000e200f96d030c002000183c200060010203662150b051001b304070360056005300001e011d8018711c1620582c2500c48e2100009e011d007251d01e206e285500c48e2100001800000000000000000000000000000000000000000000ea";
+ };
+ config = {
+ DisplayPort-7 = {
+ enable = true;
+ position = "2560x0";
+ mode = "1920x1080";
+ rate = "60.00";
+ };
+ DisplayPort-8 = config.services.autorandr.profiles.docked1.config.DisplayPort-1;
+ eDP = config.services.autorandr.profiles.docked1.config.eDP;
+ };
+ };
+ docked1 = {
+ fingerprint = {
+ eDP = config.services.autorandr.profiles.default.fingerprint.eDP;
+ DisplayPort-1 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c000000000000000000000000000000000000f4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000040";
+ };
+ config = {
+ DisplayPort-1 = {
+ enable = true;
+ primary = true;
+ position = "0x0";
+ mode = "2560x1440";
+ rate = "165.08";
+ };
+ eDP = config.services.autorandr.profiles.default.config.eDP // {
+ primary = false;
+ position = "640x1440";
+ };
+ };
+ };
+ };
+ };
+ }
];
system.stateVersion = "22.11";
@@ -38,6 +115,8 @@
bank
l-gen-secrets
generate-secrets
+ nixpkgs-review
+ pipenv
];
programs.adb.enable = true;
@@ -65,4 +144,5 @@
];
boot.cleanTmpDir = true;
+ programs.noisetorch.enable = true;
}
diff --git a/lass/1systems/aergia/disk.nix b/lass/1systems/aergia/disk.nix
index 0ae0892ee..848157729 100644
--- a/lass/1systems/aergia/disk.nix
+++ b/lass/1systems/aergia/disk.nix
@@ -10,14 +10,12 @@
partitions = [
{
name = "boot";
- type = "partition";
start = "0";
end = "1M";
part-type = "primary";
flags = ["bios_grub"];
}
{
- type = "partition";
name = "ESP";
start = "1MiB";
end = "1GiB";
@@ -31,7 +29,6 @@
}
{
name = "root";
- type = "partition";
start = "1GiB";
end = "100%";
content = {
diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix
index 692f68dcc..9f06dccdc 100644
--- a/lass/1systems/aergia/physical.nix
+++ b/lass/1systems/aergia/physical.nix
@@ -19,15 +19,9 @@
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelParams = [
- # Enable energy savings during sleep
- "mem_sleep_default=deep"
-
# use less power with pstate
"amd_pstate=passive"
- # for ryzenadj -i
- "iomem=relaxed"
-
# suspend
"resume_offset=178345675"
];
@@ -37,24 +31,6 @@
# On recent AMD CPUs this can be more energy efficient.
"amd-pstate"
"kvm-amd"
-
- # needed for zenstates
- "msr"
-
- # zenpower
- "zenpower"
- ];
-
- boot.extraModulePackages = [
- (config.boot.kernelPackages.zenpower.overrideAttrs (old: {
- src = pkgs.fetchFromGitea {
- domain = "git.exozy.me";
- owner = "a";
- repo = "zenpower3";
- rev = "c176fdb0d5bcba6ba2aba99ea36812e40f47751f";
- hash = "sha256-d2WH8Zv7F0phZmEKcDiaak9On+Mo9bAFhMulT/N5FWI=";
- };
- }))
];
# hardware.cpu.amd.updateMicrocode = true;
@@ -76,7 +52,6 @@
environment.systemPackages = [
pkgs.vulkan-tools
- pkgs.ryzenadj
(pkgs.writers.writeDashBin "set_tdp" ''
set -efux
watt=$1
@@ -85,9 +60,6 @@
'')
];
- # textsize
- services.xserver.dpi = 200;
-
# corectrl
programs.corectrl = {
enable = true;
@@ -99,17 +71,6 @@
users.users.mainUser.extraGroups = [ "corectrl" ];
# use newer ryzenadj
- nixpkgs.config.packageOverrides = super: {
- ryzenadj = super.ryzenadj.overrideAttrs (old: {
- version = "unstable-2023-01-15";
- src = pkgs.fetchFromGitHub {
- owner = "FlyGoat";
- repo = "RyzenAdj";
- rev = "1052fb52b2c0e23ac4cd868c4e74d4a9510be57c"; # unstable on 2023-01-15
- sha256 = "sha256-/IxkbQ1XrBrBVrsR4EdV6cbrFr1m+lGwz+rYBqxYG1k=";
- };
- });
- };
# keyboard quirks
services.xserver.displayManager.sessionCommands = ''
@@ -122,11 +83,16 @@
KEYBOARD_KEY_70027=reserved
'';
- # ignore power key
-
# update cpu microcode
hardware.cpu.amd.updateMicrocode = true;
+ hardware.opengl.enable = true;
+ hardware.opengl.extraPackages = [
+ pkgs.amdvlk
+ pkgs.rocm-opencl-icd
+ pkgs.rocm-opencl-runtime
+ ];
+
# suspend to disk
swapDevices = [{
device = "/swapfile";
@@ -139,4 +105,8 @@
# firefox touchscreen support
environment.sessionVariables.MOZ_USE_XINPUT2 = "1";
+ # reinit usb after docking station connect
+ services.udev.extraRules = ''
+ SUBSYSTEM=="drm", ACTION=="change", RUN+="${pkgs.dash}/bin/dash -c 'echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized'"
+ '';
}
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index 9ef858e28..c34dc0acf 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -6,7 +6,8 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/pipewire.nix>
+ # <stockholm/lass/2configs/nfs-dl.nix>
{
# bubsy config
users.users.bubsy = {
@@ -17,22 +18,20 @@ with import <stockholm/lib>;
extraGroups = [
"audio"
"networkmanager"
+ "pipewire"
+ # "plugdev"
];
useDefaultShell = true;
isNormalUser = true;
};
networking.networkmanager.enable = true;
networking.wireless.enable = mkForce false;
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
- programs.chromium = {
- enable = true;
- extensions = [
- "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
- ];
- };
+ # programs.chromium = {
+ # enable = true;
+ # extensions = [
+ # "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
+ # ];
+ # };
environment.systemPackages = with pkgs; [
ark
pavucontrol
@@ -48,7 +47,9 @@ with import <stockholm/lib>;
geeqie
vlc
zsnes
+ telegram-desktop
];
+ # services.udev.packages = [ pkgs.ledger-udev-rules ];
nixpkgs.config.firefox.enableAdobeFlash = true;
services.xserver.enable = true;
services.xserver.displayManager.lightdm.enable = true;
@@ -72,12 +73,10 @@ with import <stockholm/lib>;
"networkmanager"
"plugdev"
];
- packages = let
- unstable = import <nixpkgs-unstable> { config.allowUnfree = true; };
- in [
+ packages = [
pkgs.electrum
pkgs.electron-cash
- unstable.ledger-live-desktop
+ pkgs.ledger-live-desktop
];
};
};
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
index b814d7188..279cad10b 100644
--- a/lass/1systems/dishfire/config.nix
+++ b/lass/1systems/dishfire/config.nix
@@ -4,6 +4,9 @@
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/monitoring/prometheus.nix>
+ <stockholm/lass/2configs/monitoring/telegraf.nix>
+ <stockholm/lass/2configs/consul.nix>
];
krebs.build.host = config.krebs.hosts.dishfire;
diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix
index 3f25991d9..953b5d0d4 100644
--- a/lass/1systems/hilum/config.nix
+++ b/lass/1systems/hilum/config.nix
@@ -4,13 +4,8 @@
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/nfs-dl.nix>
];
krebs.build.host = config.krebs.hosts.hilum;
diff --git a/lass/1systems/hilum/disk.nix b/lass/1systems/hilum/disk.nix
index 926401648..b5199d432 100644
--- a/lass/1systems/hilum/disk.nix
+++ b/lass/1systems/hilum/disk.nix
@@ -10,18 +10,14 @@
partitions = [
{
name = "boot";
- type = "partition";
start = "0";
end = "1M";
- part-type = "primary";
flags = ["bios_grub"];
}
{
- type = "partition";
name = "ESP";
- start = "1MiB";
+ start = "1M";
end = "50%";
- fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
@@ -31,18 +27,12 @@
}
{
name = "root";
- type = "partition";
start = "50%";
end = "100%";
content = {
- type = "luks";
- name = "hilum_luks";
- keyFile = keyFile;
- content = {
- type = "filesystem";
- format = "xfs";
- mountpoint = "/";
- };
+ type = "filesystem";
+ format = "ext4";
+ mountpoint = "/";
};
}
];
diff --git a/lass/1systems/hilum/flash-stick.sh b/lass/1systems/hilum/flash-stick.sh
index 17a5fc580..9846ea087 100755
--- a/lass/1systems/hilum/flash-stick.sh
+++ b/lass/1systems/hilum/flash-stick.sh
@@ -3,9 +3,13 @@ set -efux
disk=$1
+cd "$(dirname "$0")"
export NIXPKGS_ALLOW_UNFREE=1
(umask 077; pass show admin/hilum/luks > /tmp/hilum.luks)
trap 'rm -f /tmp/hilum.luks' EXIT
+echo "$disk" > /tmp/hilum-disk
+trap 'rm -f /tmp/hilum-disk' EXIT
+
stockholm_root=$(git rev-parse --show-toplevel)
ssh root@localhost -t -- $(nix-build \
--no-out-link \
@@ -31,7 +35,9 @@ $(nix-build \
--arg force true
)
ssh root@localhost << SSH
-NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-root-password --root /mnt/hilum -I /var/src
+set -efux
+mkdir -p /mnt/hilum/etc
+NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-bootloader --no-root-password --root /mnt/hilum -I /var/src
nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader
umount -Rv /mnt/hilum
SSH
diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix
index 6f160062d..9caf8e531 100644
--- a/lass/1systems/hilum/physical.nix
+++ b/lass/1systems/hilum/physical.nix
@@ -15,7 +15,7 @@
;
in lib.mkOption {
type = lib.types.str;
- default = tryFile "/etc/hilum-disk" "/dev/sdz";
+ default = tryFile "/etc/hilum-disk" (tryFile "/tmp/hilum-disk" "/dev/sdz");
};
config.environment.etc.hilum-disk.text = config.mainDisk;
}
@@ -47,4 +47,7 @@
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+
+ #weird bug with nixos-enter
+ services.logrotate.enable = false;
}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index a3486cffa..1b205f25c 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
@@ -8,6 +8,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
+ <stockholm/lass/2configs/pipewire.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/bitcoin.nix>
@@ -17,10 +18,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/elster.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/git.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/mail.nix>
- <stockholm/krebs/2configs/ircd.nix>
<stockholm/lass/2configs/logf.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/sync/sync.nix>
@@ -104,28 +103,9 @@ with import <stockholm/lib>;
dnsutils
woeusb
- l-gen-secrets
- generate-secrets
- (pkgs.writeDashBin "btc-coinbase" ''
- ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount'
- '')
- (pkgs.writeDashBin "btc-wex" ''
- ${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg'
- '')
- (pkgs.writeDashBin "btc-kraken" ''
- ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]'
- '')
- (pkgs.writeDashBin "krebsco.de" ''
- TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
- ${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json
- OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import
- ${pkgs.coreutils}/bin/rm -rf "$TMPDIR"
- '')
- (pkgs.writeDashBin "lassul.us" ''
- TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
- ${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json
- OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us
- ${pkgs.coreutils}/bin/rm -rf "$TMPDIR"
+ (pkgs.writeDashBin "play-on" ''
+ HOST=$(echo 'styx\nshodan' | fzfmenu)
+ ssh -t "$HOST" -- mpv "$@"
'')
];
diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix
index a9108104b..2ffbf88c0 100644
--- a/lass/1systems/mors/physical.nix
+++ b/lass/1systems/mors/physical.nix
@@ -2,9 +2,11 @@
imports = [
./config.nix
<stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
+ <stockholm/lass/2configs/boot/universal.nix>
];
+ boot.kernelParams = [ "acpi_backlight=native" ];
+
fileSystems = {
"/bku" = {
device = "/dev/mapper/pool-bku";
diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix
index 7b402f8a6..79402959e 100644
--- a/lass/1systems/neoprism/config.nix
+++ b/lass/1systems/neoprism/config.nix
@@ -4,6 +4,9 @@
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/mail/internet-gateway.nix>
+ <stockholm/lass/2configs/binary-cache/server.nix>
+ <stockholm/lass/2configs/matrix.nix>
<stockholm/lass/2configs/gsm-wiki.nix>
# sync-containers
@@ -26,7 +29,23 @@
krebs.build.host = config.krebs.hosts.neoprism;
networking.firewall.allowedTCPPorts = [ 80 443 ];
- services.nginx.enable = true;
security.acme.acceptTerms = true;
security.acme.defaults.email = "acme@lassul.us";
+ services.nginx = {
+ enable = true;
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedTlsSettings = true;
+
+ enableReload = true;
+
+ virtualHosts.default = {
+ default = true;
+ locations."= /etc/os-release".extraConfig = ''
+ default_type text/plain;
+ alias /etc/os-release;
+ '';
+ locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
+ };
+ };
}
diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix
index cf9a8cef4..c5bd44c94 100644
--- a/lass/1systems/neoprism/disk.nix
+++ b/lass/1systems/neoprism/disk.nix
@@ -4,40 +4,27 @@
type = "disk";
device = disk;
content = {
- type = "table";
- format = "gpt";
- partitions = [
- {
- name = "boot";
- type = "partition";
- start = "0";
- end = "1M";
- part-type = "primary";
- flags = ["bios_grub"];
- }
- {
- type = "partition";
- name = "ESP";
- start = "1M";
- end = "1GiB";
- fs-type = "fat32";
- bootable = true;
+ type = "gpt";
+ partitions = {
+ boot = {
+ size = "1M";
+ type = "EF02";
+ };
+ ESP = {
+ size = "1G";
content = {
type = "mdraid";
name = "boot";
};
- }
- {
- type = "partition";
- name = "zfs";
- start = "1GiB";
- end = "100%";
+ };
+ zfs = {
+ size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
- }
- ];
+ };
+ };
};
})) // {
hdd1 = {
@@ -69,7 +56,7 @@
rootFsOptions = {
};
datasets.reserved = {
- zfs_type = "filesystem";
+ type = "zfs_fs";
options.refreservation = "1G";
};
};
@@ -77,38 +64,53 @@
type = "zpool";
datasets = {
reserved = {
- zfs_type = "filesystem";
+ type = "zfs_fs";
options.refreservation = "1G";
};
containers = {
- zfs_type = "filesystem";
+ type = "zfs_fs";
mountpoint = "/var/lib/containers";
+ options = {
+ canmount = "noauto";
+ };
};
home = {
- zfs_type = "filesystem";
+ type = "zfs_fs";
mountpoint = "/home";
+ options = {
+ canmount = "noauto";
+ };
};
srv = {
- zfs_type = "filesystem";
+ type = "zfs_fs";
mountpoint = "/srv";
+ options = {
+ canmount = "noauto";
+ };
};
libvirt = {
- zfs_type = "filesystem";
+ type = "zfs_fs";
mountpoint = "/var/lib/libvirt";
+ options = {
+ canmount = "noauto";
+ };
};
# encrypted = {
- # zfs_type = "filesystem";
+ # type = "zfs_fs";
# options = {
+ # canmount = "noauto";
# mountpoint = "none";
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# keylocation = "prompt";
# };
# };
-
# "encrypted/download" = {
- # zfs_type = "filesystem";
+ # type = "zfs_fs";
# mountpoint = "/var/download";
+ # options = {
+ # canmount = "noauto";
+ # };
# };
};
};
diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix
index 4ffb749f1..f2092d9aa 100644
--- a/lass/1systems/neoprism/physical.nix
+++ b/lass/1systems/neoprism/physical.nix
@@ -8,6 +8,8 @@
];
disko.devices = import ./disk.nix;
+ networking.hostId = "9c0a74ac";
+
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.efiSupport = true;
@@ -17,26 +19,58 @@
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# networking config
- boot.kernelParams = [ "net.ifnames=0" ];
- networking.bridges."ext-br".interfaces = [ "eth0" ];
- networking = {
- hostId = "2283aaae";
- defaultGateway = "95.217.192.1";
- defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; };
- # Use google's public DNS server
- nameservers = [ "8.8.8.8" ];
- interfaces.ext-br.ipv4.addresses = [
- {
- address = "95.217.192.59";
- prefixLength = 26;
- }
- ];
- interfaces.ext-br.ipv6.addresses = [
- {
- address = "2a01:4f9:4a:4f1a::1";
- prefixLength = 64;
- }
- ];
+ networking.useNetworkd = true;
+ systemd.network = {
+ enable = true;
+ config = {
+ networkConfig.SpeedMeter = true;
+ };
+ # netdevs.ext-br.netdevConfig = {
+ # Kind = "bridge";
+ # Name = "ext-br";
+ # MACAddress = "a8:a1:59:0f:2d:69";
+ # };
+ # networks.ext-br = {
+ # name = "ext-br";
+ # address = [
+ # "95.217.192.59/26"
+ # "2a01:4f9:4a:4f1a::1/64"
+ # ];
+ # gateway = [
+ # "95.217.192.1"
+ # "fe80::1"
+ # ];
+ # };
+ networks.eth0 = {
+ #bridge = [ "ext-br" ];
+ matchConfig.Name = "eth0";
+ address = [
+ "95.217.192.59/26"
+ "2a01:4f9:4a:4f1a::1/64"
+ ];
+ gateway = [
+ "95.217.192.1"
+ "fe80::1"
+ ];
+ };
};
+ networking.useDHCP = false;
+ boot.initrd.network = {
+ enable = true;
+ ssh = {
+ enable = true;
+ authorizedKeys = [ config.krebs.users.lass.pubkey ];
+ port = 2222;
+ hostKeys = [
+ (toString <secrets/ssh.id_ed25519>)
+ (toString <secrets/ssh.id_rsa>)
+ ];
+ };
+ };
+ boot.kernelParams = [
+ "net.ifnames=0"
+ "ip=dhcp"
+ "boot.trace"
+ ];
}
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 027a27b2b..ebc80411b 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -83,6 +83,9 @@
boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" ];
networking.dhcpcd.enable = false;
+
+ networking.useNetworkd = lib.mkForce false;
+ systemd.network.enable = lib.mkForce false;
# bridge config
networking.bridges."ext-br".interfaces = [ "eth0" ];
networking = {
diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix
index e49d24f9a..6c054abfe 100644
--- a/lass/1systems/styx/config.nix
+++ b/lass/1systems/styx/config.nix
@@ -13,6 +13,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/yellow-mounts/samba.nix>
<stockholm/lass/2configs/gg23.nix>
<stockholm/lass/2configs/hass>
<stockholm/lass/2configs/green-host.nix>
@@ -30,13 +31,37 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.styx;
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport ${toString config.services.smokeping.port}"; target = "ACCEPT"; }
- ];
+ networking.firewall.interfaces.int0.allowedTCPPorts = [ config.services.smokeping.port ];
+ networking.firewall.interfaces.retiolum.allowedTCPPorts = [ config.services.smokeping.port ];
+ networking.firewall.interfaces.wiregrill.allowedTCPPorts = [ config.services.smokeping.port ];
krebs.power-action.enable = mkForce false;
+ environment.systemPackages = with pkgs; [
+ wol
+ (writeDashBin "wake-alien" ''
+ ${wol}/bin/wol -h 10.42.0.255 10:65:30:68:83:a3
+ '')
+ (writers.writeDashBin "iptv" ''
+ set -efu
+ /run/current-system/sw/bin/mpv \
+ --audio-display=no --audio-channels=stereo \
+ --audio-samplerate=48000 --audio-format=s16 \
+ --ao-pcm-file=/run/snapserver/snapfifo --ao=pcm \
+ --audio-delay=-1 \
+ --playlist=https://iptv-org.github.io/iptv/index.nsfw.m3u \
+ --idle=yes \
+ --input-ipc-server=/tmp/mpv.ipc \
+ "$@"
+ '')
+ ];
+
+ users.users.mainUser.openssh.authorizedKeys.keys = [
+ config.krebs.users.lass-android.pubkey
+ ];
+ # http://10.42.0.1:8081/smokeping.fcgi
services.smokeping = {
enable = true;
+ host = null;
targetConfig = ''
probe = FPing
menu = top
@@ -84,5 +109,8 @@ with import <stockholm/lib>;
host = prism.r
'';
};
+
+ # for usb internet
+ hardware.usbWwan.enable = true;
}
diff --git a/lass/1systems/ubik/config.nix b/lass/1systems/ubik/config.nix
index b153c0d3b..3afbf6bd1 100644
--- a/lass/1systems/ubik/config.nix
+++ b/lass/1systems/ubik/config.nix
@@ -42,4 +42,235 @@ with import <stockholm/lib>;
/var/src/secrets/nextcloud.pw /run/nextcloud.pw
''}"
];
+
+ # mail
+ lass.usershadow.enable = true;
+ services.nginx.virtualHosts."mail.ubikmedia.eu" = {
+ enableACME = true;
+ forceSSL = true;
+ };
+ services.roundcube = {
+ enable = true;
+ hostName = "mail.ubikmedia.eu";
+ extraConfig = ''
+ $config['smtp_debug'] = true;
+ $config['smtp_host'] = "localhost:25";
+ '';
+ };
+ services.dovecot2 = {
+ enable = true;
+ showPAMFailure = true;
+ mailLocation = "maildir:~/Mail";
+ sslServerCert = "/var/lib/acme/mail.ubikmedia.eu/fullchain.pem";
+ sslServerKey = "/var/lib/acme/mail.ubikmedia.eu/key.pem";
+ };
+ krebs.exim-smarthost = {
+ ssl_cert = "/var/lib/acme/mail.ubikmedia.eu/fullchain.pem";
+ ssl_key = "/var/lib/acme/mail.ubikmedia.eu/key.pem";
+ authenticators.PLAIN = ''
+ driver = plaintext
+ public_name = PLAIN
+ server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
+ '';
+ authenticators.LOGIN = ''
+ driver = plaintext
+ public_name = LOGIN
+ server_prompts = "Username:: : Password::"
+ server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
+ # ser