summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/cloudkrebs.nix1
-rw-r--r--lass/1systems/echelon.nix2
-rw-r--r--lass/1systems/mors.nix38
-rw-r--r--lass/1systems/prism.nix2
-rw-r--r--lass/1systems/shodan.nix26
-rw-r--r--lass/2configs/binary-caches.nix13
-rw-r--r--lass/2configs/hw/tp-x220.nix50
-rw-r--r--lass/2configs/realwallpaper-server.nix32
-rw-r--r--lass/2configs/realwallpaper.nix29
-rw-r--r--lass/2configs/wordpress.nix59
10 files changed, 81 insertions, 171 deletions
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index a3cc9d7b3..5aa35f5a7 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -13,7 +13,6 @@ in {
../2configs/retiolum.nix
../2configs/git.nix
../2configs/realwallpaper.nix
- ../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
{
networking.interfaces.enp2s1.ip4 = [
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 97734a7bd..8d944ed40 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -11,7 +11,7 @@ in {
../2configs/default.nix
../2configs/exim-retiolum.nix
../2configs/retiolum.nix
- ../2configs/realwallpaper-server.nix
+ ../2configs/realwallpaper.nix
../2configs/privoxy-retiolum.nix
../2configs/git.nix
#../2configs/redis.nix
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 062e4c29d..cccfa791c 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -3,6 +3,7 @@
{
imports = [
../.
+ ../2configs/hw/tp-x220.nix
../2configs/baseX.nix
../2configs/exim-retiolum.nix
../2configs/programs.nix
@@ -14,14 +15,9 @@
../2configs/elster.nix
../2configs/steam.nix
../2configs/wine.nix
- #../2configs/texlive.nix
- ../2configs/binary-caches.nix
- #../2configs/ircd.nix
../2configs/chromium-patched.nix
../2configs/git.nix
- #../2configs/wordpress.nix
../2configs/bitlbee.nix
- #../2configs/firefoxPatched.nix
../2configs/skype.nix
../2configs/teamviewer.nix
../2configs/libvirt.nix
@@ -57,17 +53,10 @@
# package = pkgs.postgresql;
# };
#}
- {
- }
];
krebs.build.host = config.krebs.hosts.mors;
- networking.wireless.enable = true;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
@@ -77,7 +66,6 @@
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
@@ -168,22 +156,6 @@
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
'';
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- services.xserver = {
- videoDriver = "intel";
- vaapiDrivers = [ pkgs.vaapiIntel ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- BusID "PCI:0:2:0"
- '';
- };
-
environment.systemPackages = with pkgs; [
acronym
cac-api
@@ -217,12 +189,4 @@
services.mongodb = {
enable = true;
};
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
- ];
- };
- };
}
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index d4207d2e1..34c1ef69b 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -203,7 +203,7 @@ in {
}
{
imports = [
- ../2configs/realwallpaper-server.nix
+ ../2configs/realwallpaper.nix
];
krebs.nginx.servers."lassul.us".locations = [
(lib.nameValuePair "/wallpaper.png" ''
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 073d86790..96d64bda3 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -4,6 +4,7 @@ with builtins;
{
imports = [
../.
+ ../2configs/hw/tp-x220.nix
../2configs/baseX.nix
../2configs/git.nix
../2configs/exim-retiolum.nix
@@ -20,34 +21,10 @@ with builtins;
# };
# };
#}
- {
- #x220 config from mors
- #TODO: make x220 config file (or look in other user dir)
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- services.xserver = {
- videoDriver = "intel";
- vaapiDrivers = [ pkgs.vaapiIntel ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- BusID "PCI:0:2:0"
- '';
- };
- }
];
krebs.build.host = config.krebs.hosts.shodan;
- networking.wireless.enable = true;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
@@ -57,7 +34,6 @@ with builtins;
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
diff --git a/lass/2configs/binary-caches.nix b/lass/2configs/binary-caches.nix
deleted file mode 100644
index c2727520d..000000000
--- a/lass/2configs/binary-caches.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }:
-
-{
- nix.sshServe.enable = true;
- nix.sshServe.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel"
- ];
- nix.binaryCaches = [
- #"scp://nix-ssh@mors"
- #"scp://nix-ssh@uriel"
- ];
-}
diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix
new file mode 100644
index 000000000..e8d1e7b6d
--- /dev/null
+++ b/lass/2configs/hw/tp-x220.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+{
+ networking.wireless.enable = lib.mkDefault true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ hardware.cpu.intel.updateMicrocode = true;
+
+ zramSwap.enable = true;
+ zramSwap.numDevices = 2;
+
+ hardware.trackpoint = {
+ enable = true;
+ sensitivity = 220;
+ speed = 0;
+ emulateWheel = true;
+ };
+
+ services.tlp.enable = true;
+ services.tlp.extraConfig = ''
+ # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
+ #START_CHARGE_THRESH_BAT0=80
+ STOP_CHARGE_THRESH_BAT0=95
+
+ CPU_SCALING_GOVERNOR_ON_AC=performance
+ CPU_SCALING_GOVERNOR_ON_BAT=ondemand
+ CPU_MIN_PERF_ON_AC=0
+ CPU_MAX_PERF_ON_AC=100
+ CPU_MIN_PERF_ON_BAT=0
+ CPU_MAX_PERF_ON_BAT=30
+ '';
+
+ boot = {
+ kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
+ extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+ };
+
+ services.xserver = {
+ videoDriver = "intel";
+ vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
+ deviceSection = ''
+ Option "AccelMethod" "sna"
+ '';
+ };
+
+ security.rngd.enable = true;
+}
diff --git a/lass/2configs/realwallpaper-server.nix b/lass/2configs/realwallpaper-server.nix
deleted file mode 100644
index 7340fc7ca..000000000
--- a/lass/2configs/realwallpaper-server.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ config, lib, ... }:
-
-let
- hostname = config.krebs.build.host.name;
- inherit (lib)
- nameValuePair
- ;
-
-in {
- imports = [
- ./realwallpaper.nix
- ];
-
- krebs.nginx.servers.wallpaper = {
- server-names = [
- hostname
- ];
- locations = [
- (nameValuePair "/wallpaper.png" ''
- root /tmp/;
- '')
- ];
- };
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
- };
-}
diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix
index c69cb1660..2ab52ed92 100644
--- a/lass/2configs/realwallpaper.nix
+++ b/lass/2configs/realwallpaper.nix
@@ -1,5 +1,30 @@
-{ config, ... }:
+{ config, lib, ... }:
-{
+let
+ hostname = config.krebs.build.host.name;
+ inherit (lib)
+ nameValuePair
+ ;
+
+in {
krebs.realwallpaper.enable = true;
+
+ krebs.nginx.servers.wallpaper = {
+ server-names = [
+ hostname
+ ];
+ locations = [
+ (nameValuePair "/wallpaper.png" ''
+ root /tmp/;
+ '')
+ ];
+ };
+
+ krebs.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
+ ];
+ };
+ };
}
diff --git a/lass/2configs/wordpress.nix b/lass/2configs/wordpress.nix
deleted file mode 100644
index bd59080d9..000000000
--- a/lass/2configs/wordpress.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- containers.wordpress = {
- privateNetwork = true;
- hostAddress = "192.168.101.1";
- localAddress = "192.168.101.2";
-
- config = {
- imports = [
- ../../krebs/3modules/iptables.nix
- ];
-
- krebs.iptables = {
- enable = true;
- tables = {
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
- { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
- { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
- { predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- ];
- };
- };
-
- environment.systemPackages = with pkgs; [
- iptables
- ];
-
- services.postgresql = {
- enable = true;
- package = pkgs.postgresql;
- };
-
- services.httpd = {
- enable = true;
- adminAddr = "root@apanowicz.de";
- extraModules = [
- { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; }
- ];
- virtualHosts = [
- {
- hostName = "wordpress";
- serverAliases = [ "wordpress" "www.wordpress" ];
-
- extraSubservices = [
- {
- serviceName = "wordpress";
- }
- ];
- }
- ];
- };
- };
- };
-}