diff options
Diffstat (limited to 'lass/1systems')
-rw-r--r-- | lass/1systems/aergia/config.nix | 80 | ||||
-rw-r--r-- | lass/1systems/aergia/disk.nix | 3 | ||||
-rw-r--r-- | lass/1systems/aergia/physical.nix | 52 | ||||
-rw-r--r-- | lass/1systems/daedalus/config.nix | 29 | ||||
-rw-r--r-- | lass/1systems/dishfire/config.nix | 3 | ||||
-rw-r--r-- | lass/1systems/hilum/config.nix | 5 | ||||
-rw-r--r-- | lass/1systems/hilum/disk.nix | 18 | ||||
-rwxr-xr-x | lass/1systems/hilum/flash-stick.sh | 8 | ||||
-rw-r--r-- | lass/1systems/hilum/physical.nix | 5 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 30 | ||||
-rw-r--r-- | lass/1systems/mors/physical.nix | 4 | ||||
-rw-r--r-- | lass/1systems/neoprism/config.nix | 21 | ||||
-rw-r--r-- | lass/1systems/neoprism/disk.nix | 72 | ||||
-rw-r--r-- | lass/1systems/neoprism/physical.nix | 74 | ||||
-rw-r--r-- | lass/1systems/prism/physical.nix | 3 | ||||
-rw-r--r-- | lass/1systems/styx/config.nix | 34 | ||||
-rw-r--r-- | lass/1systems/ubik/config.nix | 231 |
17 files changed, 507 insertions, 165 deletions
diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix index d49040a7a..618938ce8 100644 --- a/lass/1systems/aergia/config.nix +++ b/lass/1systems/aergia/config.nix @@ -27,6 +27,83 @@ <stockholm/lass/2configs/print.nix> <stockholm/lass/2configs/br.nix> <stockholm/lass/2configs/c-base.nix> + # steam-deck like experience https://github.com/Jovian-Experiments/Jovian-NixOS + { + imports = [ + "${builtins.fetchTarball "https://github.com/Jovian-Experiments/Jovian-NixOS/archive/master.tar.gz"}/modules" + ]; + jovian.steam.enable = true; + } + { # autorandrs + services.autorandr = { + enable = true; + hooks.postswitch.reset_usb = '' + echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized + ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert + ''; + profiles = { + default = { + fingerprint = { + eDP = "00ffffffffffff00288931000100000016200104805932780a0dc9a05747982712484c0000000101010101010101010101010101010108700088a1401360c820a300d9870000001ead4a0088a1401360c820a30020c23100001e000000fd0016480f5a1e000a202020202020000000fc0047504431303031480a2020202000cf"; + }; + config = { + eDP = { + enable = true; + primary = true; + position = "0x0"; + mode = "2560x1600"; + rate = "60.01"; + transform = [ + [ 0.750000 0.000000 0.000000 ] + [ 0.000000 0.750000 0.000000 ] + [ 0.000000 0.000000 1.000000 ] + ]; + # scale = { + # x = 0.599991; + # y = 0.599991; + # }; + }; + }; + }; + docked2 = { + fingerprint = { + eDP = config.services.autorandr.profiles.default.fingerprint.eDP; + DisplayPort-8 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c5a8780a070384d4030203500b9882100001af4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000009"; + DisplayPort-7 = "00ffffffffffff0020a32f00010000000c190103807341780acf74a3574cb02309484c21080081c0814081800101010101010101010104740030f2705a80b0588a00501d7400001e023a801871382d40582c4500501d7400001e000000fc00484953454e53450a2020202020000000fd00324b0f451e000a2020202020200172020333714f5f5e5d01020400101113001f2021222909070715075057070083010000e200f96d030c002000183c200060010203662150b051001b304070360056005300001e011d8018711c1620582c2500c48e2100009e011d007251d01e206e285500c48e2100001800000000000000000000000000000000000000000000ea"; + }; + config = { + DisplayPort-7 = { + enable = true; + position = "2560x0"; + mode = "1920x1080"; + rate = "60.00"; + }; + DisplayPort-8 = config.services.autorandr.profiles.docked1.config.DisplayPort-1; + eDP = config.services.autorandr.profiles.docked1.config.eDP; + }; + }; + docked1 = { + fingerprint = { + eDP = config.services.autorandr.profiles.default.fingerprint.eDP; + DisplayPort-1 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c000000000000000000000000000000000000f4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000040"; + }; + config = { + DisplayPort-1 = { + enable = true; + primary = true; + position = "0x0"; + mode = "2560x1440"; + rate = "165.08"; + }; + eDP = config.services.autorandr.profiles.default.config.eDP // { + primary = false; + position = "640x1440"; + }; + }; + }; + }; + }; + } ]; system.stateVersion = "22.11"; @@ -38,6 +115,8 @@ bank l-gen-secrets generate-secrets + nixpkgs-review + pipenv ]; programs.adb.enable = true; @@ -65,4 +144,5 @@ ]; boot.cleanTmpDir = true; + programs.noisetorch.enable = true; } diff --git a/lass/1systems/aergia/disk.nix b/lass/1systems/aergia/disk.nix index 0ae0892ee..848157729 100644 --- a/lass/1systems/aergia/disk.nix +++ b/lass/1systems/aergia/disk.nix @@ -10,14 +10,12 @@ partitions = [ { name = "boot"; - type = "partition"; start = "0"; end = "1M"; part-type = "primary"; flags = ["bios_grub"]; } { - type = "partition"; name = "ESP"; start = "1MiB"; end = "1GiB"; @@ -31,7 +29,6 @@ } { name = "root"; - type = "partition"; start = "1GiB"; end = "100%"; content = { diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index 692f68dcc..9f06dccdc 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -19,15 +19,9 @@ boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelParams = [ - # Enable energy savings during sleep - "mem_sleep_default=deep" - # use less power with pstate "amd_pstate=passive" - # for ryzenadj -i - "iomem=relaxed" - # suspend "resume_offset=178345675" ]; @@ -37,24 +31,6 @@ # On recent AMD CPUs this can be more energy efficient. "amd-pstate" "kvm-amd" - - # needed for zenstates - "msr" - - # zenpower - "zenpower" - ]; - - boot.extraModulePackages = [ - (config.boot.kernelPackages.zenpower.overrideAttrs (old: { - src = pkgs.fetchFromGitea { - domain = "git.exozy.me"; - owner = "a"; - repo = "zenpower3"; - rev = "c176fdb0d5bcba6ba2aba99ea36812e40f47751f"; - hash = "sha256-d2WH8Zv7F0phZmEKcDiaak9On+Mo9bAFhMulT/N5FWI="; - }; - })) ]; # hardware.cpu.amd.updateMicrocode = true; @@ -76,7 +52,6 @@ environment.systemPackages = [ pkgs.vulkan-tools - pkgs.ryzenadj (pkgs.writers.writeDashBin "set_tdp" '' set -efux watt=$1 @@ -85,9 +60,6 @@ '') ]; - # textsize - services.xserver.dpi = 200; - # corectrl programs.corectrl = { enable = true; @@ -99,17 +71,6 @@ users.users.mainUser.extraGroups = [ "corectrl" ]; # use newer ryzenadj - nixpkgs.config.packageOverrides = super: { - ryzenadj = super.ryzenadj.overrideAttrs (old: { - version = "unstable-2023-01-15"; - src = pkgs.fetchFromGitHub { - owner = "FlyGoat"; - repo = "RyzenAdj"; - rev = "1052fb52b2c0e23ac4cd868c4e74d4a9510be57c"; # unstable on 2023-01-15 - sha256 = "sha256-/IxkbQ1XrBrBVrsR4EdV6cbrFr1m+lGwz+rYBqxYG1k="; - }; - }); - }; # keyboard quirks services.xserver.displayManager.sessionCommands = '' @@ -122,11 +83,16 @@ KEYBOARD_KEY_70027=reserved ''; - # ignore power key - # update cpu microcode hardware.cpu.amd.updateMicrocode = true; + hardware.opengl.enable = true; + hardware.opengl.extraPackages = [ + pkgs.amdvlk + pkgs.rocm-opencl-icd + pkgs.rocm-opencl-runtime + ]; + # suspend to disk swapDevices = [{ device = "/swapfile"; @@ -139,4 +105,8 @@ # firefox touchscreen support environment.sessionVariables.MOZ_USE_XINPUT2 = "1"; + # reinit usb after docking station connect + services.udev.extraRules = '' + SUBSYSTEM=="drm", ACTION=="change", RUN+="${pkgs.dash}/bin/dash -c 'echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized'" + ''; } diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 9ef858e28..c34dc0acf 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -6,7 +6,8 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/nfs-dl.nix> + <stockholm/lass/2configs/pipewire.nix> + # <stockholm/lass/2configs/nfs-dl.nix> { # bubsy config users.users.bubsy = { @@ -17,22 +18,20 @@ with import <stockholm/lib>; extraGroups = [ "audio" "networkmanager" + "pipewire" + # "plugdev" ]; useDefaultShell = true; isNormalUser = true; }; networking.networkmanager.enable = true; networking.wireless.enable = mkForce false; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - programs.chromium = { - enable = true; - extensions = [ - "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - ]; - }; + # programs.chromium = { + # enable = true; + # extensions = [ + # "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + # ]; + # }; environment.systemPackages = with pkgs; [ ark pavucontrol @@ -48,7 +47,9 @@ with import <stockholm/lib>; geeqie vlc zsnes + telegram-desktop ]; + # services.udev.packages = [ pkgs.ledger-udev-rules ]; nixpkgs.config.firefox.enableAdobeFlash = true; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; @@ -72,12 +73,10 @@ with import <stockholm/lib>; "networkmanager" "plugdev" ]; - packages = let - unstable = import <nixpkgs-unstable> { config.allowUnfree = true; }; - in [ + packages = [ pkgs.electrum pkgs.electron-cash - unstable.ledger-live-desktop + pkgs.ledger-live-desktop ]; }; }; diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix index b814d7188..279cad10b 100644 --- a/lass/1systems/dishfire/config.nix +++ b/lass/1systems/dishfire/config.nix @@ -4,6 +4,9 @@ imports = [ <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/monitoring/prometheus.nix> + <stockholm/lass/2configs/monitoring/telegraf.nix> + <stockholm/lass/2configs/consul.nix> ]; krebs.build.host = config.krebs.hosts.dishfire; diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index 3f25991d9..953b5d0d4 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -4,13 +4,8 @@ <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/browsers.nix> - <stockholm/lass/2configs/programs.nix> <stockholm/lass/2configs/network-manager.nix> - <stockholm/lass/2configs/mail.nix> <stockholm/lass/2configs/syncthing.nix> - <stockholm/lass/2configs/nfs-dl.nix> ]; krebs.build.host = config.krebs.hosts.hilum; diff --git a/lass/1systems/hilum/disk.nix b/lass/1systems/hilum/disk.nix index 926401648..b5199d432 100644 --- a/lass/1systems/hilum/disk.nix +++ b/lass/1systems/hilum/disk.nix @@ -10,18 +10,14 @@ partitions = [ { name = "boot"; - type = "partition"; start = "0"; end = "1M"; - part-type = "primary"; flags = ["bios_grub"]; } { - type = "partition"; name = "ESP"; - start = "1MiB"; + start = "1M"; end = "50%"; - fs-type = "fat32"; bootable = true; content = { type = "filesystem"; @@ -31,18 +27,12 @@ } { name = "root"; - type = "partition"; start = "50%"; end = "100%"; content = { - type = "luks"; - name = "hilum_luks"; - keyFile = keyFile; - content = { - type = "filesystem"; - format = "xfs"; - mountpoint = "/"; - }; + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; }; } ]; diff --git a/lass/1systems/hilum/flash-stick.sh b/lass/1systems/hilum/flash-stick.sh index 17a5fc580..9846ea087 100755 --- a/lass/1systems/hilum/flash-stick.sh +++ b/lass/1systems/hilum/flash-stick.sh @@ -3,9 +3,13 @@ set -efux disk=$1 +cd "$(dirname "$0")" export NIXPKGS_ALLOW_UNFREE=1 (umask 077; pass show admin/hilum/luks > /tmp/hilum.luks) trap 'rm -f /tmp/hilum.luks' EXIT +echo "$disk" > /tmp/hilum-disk +trap 'rm -f /tmp/hilum-disk' EXIT + stockholm_root=$(git rev-parse --show-toplevel) ssh root@localhost -t -- $(nix-build \ --no-out-link \ @@ -31,7 +35,9 @@ $(nix-build \ --arg force true ) ssh root@localhost << SSH -NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-root-password --root /mnt/hilum -I /var/src +set -efux +mkdir -p /mnt/hilum/etc +NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-bootloader --no-root-password --root /mnt/hilum -I /var/src nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader umount -Rv /mnt/hilum SSH diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix index 6f160062d..9caf8e531 100644 --- a/lass/1systems/hilum/physical.nix +++ b/lass/1systems/hilum/physical.nix @@ -15,7 +15,7 @@ ; in lib.mkOption { type = lib.types.str; - default = tryFile "/etc/hilum-disk" "/dev/sdz"; + default = tryFile "/etc/hilum-disk" (tryFile "/tmp/hilum-disk" "/dev/sdz"); }; config.environment.etc.hilum-disk.text = config.mainDisk; } @@ -47,4 +47,7 @@ nix.maxJobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + #weird bug with nixos-enter + services.logrotate.enable = false; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index a3486cffa..1b205f25c 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: with import <stockholm/lib>; { @@ -8,6 +8,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/mouse.nix> <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/pipewire.nix> <stockholm/lass/2configs/exim-retiolum.nix> <stockholm/lass/2configs/programs.nix> <stockholm/lass/2configs/bitcoin.nix> @@ -17,10 +18,8 @@ with import <stockholm/lib>; <stockholm/lass/2configs/elster.nix> <stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/wine.nix> - <stockholm/lass/2configs/git.nix> <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/mail.nix> - <stockholm/krebs/2configs/ircd.nix> <stockholm/lass/2configs/logf.nix> <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/sync/sync.nix> @@ -104,28 +103,9 @@ with import <stockholm/lib>; dnsutils woeusb - l-gen-secrets - generate-secrets - (pkgs.writeDashBin "btc-coinbase" '' - ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount' - '') - (pkgs.writeDashBin "btc-wex" '' - ${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg' - '') - (pkgs.writeDashBin "btc-kraken" '' - ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]' - '') - (pkgs.writeDashBin "krebsco.de" '' - TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) - ${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json - OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import - ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" - '') - (pkgs.writeDashBin "lassul.us" '' - TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) - ${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json - OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us - ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + (pkgs.writeDashBin "play-on" '' + HOST=$(echo 'styx\nshodan' | fzfmenu) + ssh -t "$HOST" -- mpv "$@" '') ]; diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index a9108104b..2ffbf88c0 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -2,9 +2,11 @@ imports = [ ./config.nix <stockholm/lass/2configs/hw/x220.nix> - <stockholm/lass/2configs/boot/stock-x220.nix> + <stockholm/lass/2configs/boot/universal.nix> ]; + boot.kernelParams = [ "acpi_backlight=native" ]; + fileSystems = { "/bku" = { device = "/dev/mapper/pool-bku"; diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index 7b402f8a6..79402959e 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -4,6 +4,9 @@ imports = [ <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/mail/internet-gateway.nix> + <stockholm/lass/2configs/binary-cache/server.nix> + <stockholm/lass/2configs/matrix.nix> <stockholm/lass/2configs/gsm-wiki.nix> # sync-containers @@ -26,7 +29,23 @@ krebs.build.host = config.krebs.hosts.neoprism; networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.nginx.enable = true; security.acme.acceptTerms = true; security.acme.defaults.email = "acme@lassul.us"; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + + enableReload = true; + + virtualHosts.default = { + default = true; + locations."= /etc/os-release".extraConfig = '' + default_type text/plain; + alias /etc/os-release; + ''; + locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge"; + }; + }; } diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix index cf9a8cef4..c5bd44c94 100644 --- a/lass/1systems/neoprism/disk.nix +++ b/lass/1systems/neoprism/disk.nix @@ -4,40 +4,27 @@ type = "disk"; device = disk; content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "boot"; - type = "partition"; - start = "0"; - end = "1M"; - part-type = "primary"; - flags = ["bios_grub"]; - } - { - type = "partition"; - name = "ESP"; - start = "1M"; - end = "1GiB"; - fs-type = "fat32"; - bootable = true; + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; + }; + ESP = { + size = "1G"; content = { type = "mdraid"; name = "boot"; }; - } - { - type = "partition"; - name = "zfs"; - start = "1GiB"; - end = "100%"; + }; + zfs = { + size = "100%"; content = { type = "zfs"; pool = "zroot"; }; - } - ]; + }; + }; }; })) // { hdd1 = { @@ -69,7 +56,7 @@ rootFsOptions = { }; datasets.reserved = { - zfs_type = "filesystem"; + type = "zfs_fs"; options.refreservation = "1G"; }; }; @@ -77,38 +64,53 @@ type = "zpool"; datasets = { reserved = { - zfs_type = "filesystem"; + type = "zfs_fs"; options.refreservation = "1G"; }; containers = { - zfs_type = "filesystem"; + type = "zfs_fs"; mountpoint = "/var/lib/containers"; + options = { + canmount = "noauto"; + }; }; home = { - zfs_type = "filesystem"; + type = "zfs_fs"; mountpoint = "/home"; + options = { + canmount = "noauto"; + }; }; srv = { - zfs_type = "filesystem"; + type = "zfs_fs"; mountpoint = "/srv"; + options = { + canmount = "noauto"; + }; }; libvirt = { - zfs_type = "filesystem"; + type = "zfs_fs"; mountpoint = "/var/lib/libvirt"; + options = { + canmount = "noauto"; + }; }; # encrypted = { - # zfs_type = "filesystem"; + # type = "zfs_fs"; # options = { + # canmount = "noauto"; # mountpoint = "none"; # encryption = "aes-256-gcm"; # keyformat = "passphrase"; # keylocation = "prompt"; # }; # }; - # "encrypted/download" = { - # zfs_type = "filesystem"; + # type = "zfs_fs"; # mountpoint = "/var/download"; + # options = { + # canmount = "noauto"; + # }; # }; }; }; diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix index 4ffb749f1..f2092d9aa 100644 --- a/lass/1systems/neoprism/physical.nix +++ b/lass/1systems/neoprism/physical.nix @@ -8,6 +8,8 @@ ]; disko.devices = import ./disk.nix; + networking.hostId = "9c0a74ac"; + boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.efiSupport = true; @@ -17,26 +19,58 @@ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; # networking config - boot.kernelParams = [ "net.ifnames=0" ]; - networking.bridges."ext-br".interfaces = [ "eth0" ]; - networking = { - hostId = "2283aaae"; - defaultGateway = "95.217.192.1"; - defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; }; - # Use google's public DNS server - nameservers = [ "8.8.8.8" ]; - interfaces.ext-br.ipv4.addresses = [ - { - address = "95.217.192.59"; - prefixLength = 26; - } - ]; - interfaces.ext-br.ipv6.addresses = [ - { - address = "2a01:4f9:4a:4f1a::1"; - prefixLength = 64; - } - ]; + networking.useNetworkd = true; + systemd.network = { + enable = true; + config = { + networkConfig.SpeedMeter = true; + }; + # netdevs.ext-br.netdevConfig = { + # Kind = "bridge"; + # Name = "ext-br"; + # MACAddress = "a8:a1:59:0f:2d:69"; + # }; + # networks.ext-br = { + # name = "ext-br"; + # address = [ + # "95.217.192.59/26" + # "2a01:4f9:4a:4f1a::1/64" + # ]; + # gateway = [ + # "95.217.192.1" + # "fe80::1" + # ]; + # }; + networks.eth0 = { + #bridge = [ "ext-br" ]; + matchConfig.Name = "eth0"; + address = [ + "95.217.192.59/26" + "2a01:4f9:4a:4f1a::1/64" + ]; + gateway = [ + "95.217.192.1" + "fe80::1" + ]; + }; }; + networking.useDHCP = false; + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + authorizedKeys = [ config.krebs.users.lass.pubkey ]; + port = 2222; + hostKeys = [ + (toString <secrets/ssh.id_ed25519>) + (toString <secrets/ssh.id_rsa>) + ]; + }; + }; + boot.kernelParams = [ + "net.ifnames=0" + "ip=dhcp" + "boot.trace" + ]; } diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 027a27b2b..ebc80411b 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -83,6 +83,9 @@ boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" ]; networking.dhcpcd.enable = false; + + networking.useNetworkd = lib.mkForce false; + systemd.network.enable = lib.mkForce false; # bridge config networking.bridges."ext-br".interfaces = [ "eth0" ]; networking = { diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix index e49d24f9a..6c054abfe 100644 --- a/lass/1systems/styx/config.nix +++ b/lass/1systems/styx/config.nix @@ -13,6 +13,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/browsers.nix> <stockholm/lass/2configs/programs.nix> <stockholm/lass/2configs/nfs-dl.nix> + <stockholm/lass/2configs/yellow-mounts/samba.nix> <stockholm/lass/2configs/gg23.nix> <stockholm/lass/2configs/hass> <stockholm/lass/2configs/green-host.nix> @@ -30,13 +31,37 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.styx; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport ${toString config.services.smokeping.port}"; target = "ACCEPT"; } - ]; + networking.firewall.interfaces.int0.allowedTCPPorts = [ config.services.smokeping.port ]; + networking.firewall.interfaces.retiolum.allowedTCPPorts = [ config.services.smokeping.port ]; + networking.firewall.interfaces.wiregrill.allowedTCPPorts = [ config.services.smokeping.port ]; krebs.power-action.enable = mkForce false; + environment.systemPackages = with pkgs; [ + wol + (writeDashBin "wake-alien" '' + ${wol}/bin/wol -h 10.42.0.255 10:65:30:68:83:a3 + '') + (writers.writeDashBin "iptv" '' + set -efu + /run/current-system/sw/bin/mpv \ + --audio-display=no --audio-channels=stereo \ + --audio-samplerate=48000 --audio-format=s16 \ + --ao-pcm-file=/run/snapserver/snapfifo --ao=pcm \ + --audio-delay=-1 \ + --playlist=https://iptv-org.github.io/iptv/index.nsfw.m3u \ + --idle=yes \ + --input-ipc-server=/tmp/mpv.ipc \ + "$@" + '') + ]; + + users.users.mainUser.openssh.authorizedKeys.keys = [ + config.krebs.users.lass-android.pubkey + ]; + # http://10.42.0.1:8081/smokeping.fcgi services.smokeping = { enable = true; + host = null; targetConfig = '' probe = FPing menu = top @@ -84,5 +109,8 @@ with import <stockholm/lib>; host = prism.r ''; }; + + # for usb internet + hardware.usbWwan.enable = true; } diff --git a/lass/1systems/ubik/config.nix b/lass/1systems/ubik/config.nix index b153c0d3b..3afbf6bd1 100644 --- a/lass/1systems/ubik/config.nix +++ b/lass/1systems/ubik/config.nix @@ -42,4 +42,235 @@ with import <stockholm/lib>; /var/src/secrets/nextcloud.pw /run/nextcloud.pw ''}" ]; + + # mail + lass.usershadow.enable = true; + services.nginx.virtualHosts."mail.ubikmedia.eu" = { + enableACME = true; + forceSSL = true; + }; + services.roundcube = { + enable = true; + hostName = "mail.ubikmedia.eu"; + extraConfig = '' + $config['smtp_debug'] = true; + $config['smtp_host'] = "localhost:25"; + ''; + }; + services.dovecot2 = { + enable = true; + showPAMFailure = true; + mailLocation = "maildir:~/Mail"; + sslServerCert = "/var/lib/acme/mail.ubikmedia.eu/fullchain.pem"; + sslServerKey = "/var/lib/acme/mail.ubikmedia.eu/key.pem"; + }; + krebs.exim-smarthost = { + ssl_cert = "/var/lib/acme/mail.ubikmedia.eu/fullchain.pem"; + ssl_key = "/var/lib/acme/mail.ubikmedia.eu/key.pem"; + authenticators.PLAIN = '' + driver = plaintext + public_name = PLAIN + server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}} + ''; + authenticators.LOGIN = '' + driver = plaintext + public_name = LOGIN + server_prompts = "Username:: : Password::" + server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} + # ser |