summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/blue/source.nix2
-rw-r--r--lass/1systems/coaxmetal/config.nix2
-rw-r--r--lass/1systems/coaxmetal/source.nix21
-rw-r--r--lass/1systems/echelon/config.nix3
-rw-r--r--lass/1systems/green/config.nix9
-rw-r--r--lass/1systems/green/source.nix5
-rw-r--r--lass/1systems/morpheus/config.nix29
-rw-r--r--lass/1systems/morpheus/physical.nix44
-rw-r--r--lass/1systems/mors/source.nix21
-rw-r--r--lass/1systems/prism/config.nix11
-rw-r--r--lass/1systems/prism/physical.nix6
-rw-r--r--lass/1systems/red/config.nix28
-rw-r--r--lass/1systems/red/physical.nix7
-rw-r--r--lass/1systems/uriel/config.nix47
-rw-r--r--lass/1systems/uriel/physical.nix59
-rw-r--r--lass/2configs/IM.nix2
-rw-r--r--lass/2configs/baseX.nix5
-rw-r--r--lass/2configs/bepasty.nix44
-rw-r--r--lass/2configs/binary-cache/server.nix7
-rw-r--r--lass/2configs/blue.nix40
-rw-r--r--lass/2configs/codimd.nix45
-rw-r--r--lass/2configs/default.nix24
-rw-r--r--lass/2configs/exim-smarthost.nix4
-rw-r--r--lass/2configs/fetchWallpaper.nix2
-rw-r--r--lass/2configs/gc.nix2
-rw-r--r--lass/2configs/git-brain.nix57
-rw-r--r--lass/2configs/git.nix2
-rw-r--r--lass/2configs/green-host.nix10
-rw-r--r--lass/2configs/hw/x220.nix6
-rw-r--r--lass/2configs/mpv.nix7
-rw-r--r--lass/2configs/muchsync.nix1
-rw-r--r--lass/2configs/murmur.nix13
-rw-r--r--lass/2configs/pass.nix8
-rw-r--r--lass/2configs/pipewire.nix2
-rw-r--r--lass/2configs/prism-mounts/samba.nix15
-rw-r--r--lass/2configs/programs.nix14
-rw-r--r--lass/2configs/radio.nix85
-rw-r--r--lass/2configs/reaktor-coders.nix37
-rw-r--r--lass/2configs/steam.nix2
-rw-r--r--lass/2configs/sync/sync.nix2
-rw-r--r--lass/2configs/tmux.nix46
-rw-r--r--lass/2configs/ts3.nix19
-rw-r--r--lass/2configs/vim.nix15
-rw-r--r--lass/2configs/websites/default.nix7
-rw-r--r--lass/2configs/websites/domsen.nix19
-rw-r--r--lass/2configs/websites/lassulus.nix1
-rw-r--r--lass/2configs/zsh.nix7
-rw-r--r--lass/3modules/klem.nix2
-rw-r--r--lass/5pkgs/sshify/default.nix1
-rw-r--r--lass/krops.nix20
50 files changed, 412 insertions, 455 deletions
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index 2b4158211..0b2bf5f5b 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,5 +1,5 @@
{ lib, pkgs, test, ... }:
-{
+if test then {} else {
nixpkgs = lib.mkIf (! test) (lib.mkForce {
file = {
path = toString (pkgs.fetchFromGitHub {
diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix
index 227c5e1e9..0e6bddf5e 100644
--- a/lass/1systems/coaxmetal/config.nix
+++ b/lass/1systems/coaxmetal/config.nix
@@ -16,7 +16,7 @@
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
- # <stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/prism-mounts/samba.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/bitcoin.nix>
diff --git a/lass/1systems/coaxmetal/source.nix b/lass/1systems/coaxmetal/source.nix
new file mode 100644
index 000000000..abbf26c75
--- /dev/null
+++ b/lass/1systems/coaxmetal/source.nix
@@ -0,0 +1,21 @@
+{ lib, pkgs, test, ... }: let
+ npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
+in {
+ nixpkgs = (if test then lib.mkForce ({ derivation = let
+ rev = npkgs.rev;
+ sha256 = npkgs.sha256;
+ in ''
+ with import (builtins.fetchTarball {
+ url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
+ sha256 = "${sha256}";
+ }) {};
+ pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = "${rev}";
+ sha256 = "${sha256}";
+ }
+ ''; }) else {
+ git.ref = lib.mkForce npkgs.rev;
+ });
+}
diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix
index 9e72916b3..eacdff782 100644
--- a/lass/1systems/echelon/config.nix
+++ b/lass/1systems/echelon/config.nix
@@ -5,10 +5,13 @@
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/tor-initrd.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/green-host.nix>
];
krebs.build.host = config.krebs.hosts.echelon;
boot.tmpOnTmpfs = true;
+
}
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index d7bf62b40..b41e396c9 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -17,6 +17,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/IM.nix>
<stockholm/lass/2configs/muchsync.nix>
<stockholm/lass/2configs/pass.nix>
+
+ <stockholm/lass/2configs/git-brain.nix>
];
krebs.build.host = config.krebs.hosts.green;
@@ -68,6 +70,13 @@ with import <stockholm/lib>;
];
clearTarget = true;
};
+ "/var/lib/git" = {
+ source = "/var/state/git";
+ options = [
+ "-M ${toString config.users.users.git.uid}"
+ ];
+ clearTarget = true;
+ };
};
systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" ''
diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix
index 48499c9db..da137e064 100644
--- a/lass/1systems/green/source.nix
+++ b/lass/1systems/green/source.nix
@@ -1,5 +1,4 @@
-{ lib, pkgs, ... }:
-{
+{ lib, pkgs, test, ... }:
+if test then {} else {
nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
- nixpkgs.git.shallow = true;
}
diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix
deleted file mode 100644
index 79d4f528d..000000000
--- a/lass/1systems/morpheus/config.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
-
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/green-host.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.morpheus;
-
- networking.wireless.enable = false;
- networking.networkmanager.enable = true;
-
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
-
- environment.systemPackages = with pkgs; [
- gitAndTools.hub
- nix-review
- firefox
- ag
- ];
-
- services.openssh.forwardX11 = true;
- programs.x2goserver.enable = true;
-}
diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix
deleted file mode 100644
index 6e59a2273..000000000
--- a/lass/1systems/morpheus/physical.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.efiInstallAsRemovable = true;
- boot.loader.grub.device = "nodev";
-
- networking.hostId = "06442b9a";
-
- fileSystems."/" = {
- device = "/dev/pool/root";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/1F60-17C6";
- fsType = "vfat";
- };
-
- fileSystems."/home" = {
- device = "/dev/pool/home";
- fsType = "btrfs";
- };
-
- fileSystems."/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
- boot.initrd.luks = {
- cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- devices.luksroot.device = "/dev/nvme0n1p3";
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0"
- '';
-}
diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix
new file mode 100644
index 000000000..abbf26c75
--- /dev/null
+++ b/lass/1systems/mors/source.nix
@@ -0,0 +1,21 @@
+{ lib, pkgs, test, ... }: let
+ npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
+in {
+ nixpkgs = (if test then lib.mkForce ({ derivation = let
+ rev = npkgs.rev;
+ sha256 = npkgs.sha256;
+ in ''
+ with import (builtins.fetchTarball {
+ url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
+ sha256 = "${sha256}";
+ }) {};
+ pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = "${rev}";
+ sha256 = "${sha256}";
+ }
+ ''; }) else {
+ git.ref = lib.mkForce npkgs.rev;
+ });
+}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index d43fb804a..45f9ae00e 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -112,7 +112,6 @@ with import <stockholm/lib>;
};
}
<stockholm/lass/2configs/exim-smarthost.nix>
- <stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/radio.nix>
<stockholm/lass/2configs/binary-cache/server.nix>
@@ -124,16 +123,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/jitsi.nix>
- { # quasi bepasty.nix
- imports = [
- <stockholm/lass/2configs/bepasty.nix>
- ];
- krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
- if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
- return 403;
- }
- '';
- }
{
services.tor = {
enable = true;
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 1a3bee850..26ecd1cda 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -65,6 +65,12 @@
fsType = "ext4";
};
+ # silence mdmonitor.service failures
+ # https://github.com/NixOS/nixpkgs/issues/72394
+ environment.etc."mdadm.conf".text = ''
+ MAILADDR root
+ '';
+
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix
deleted file mode 100644
index 3139e94a2..000000000
--- a/lass/1systems/red/config.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
-let
- inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- servephpBB
- ;
-in
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/websites>
- <stockholm/lass/2configs/websites/sqlBackup.nix>
- (servephpBB [ "rote-allez-fraktion.de" ])
- ];
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
- ];
-
- krebs.build.host = config.krebs.hosts.red;
-
- services.nginx.enable = true;
- environment.systemPackages = [
- pkgs.mk_sql_pair
- ];
-}
diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix
deleted file mode 100644
index b6aa3a894..000000000
--- a/lass/1systems/red/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = false;
-}
diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix
deleted file mode 100644
index c3ce8fced..000000000
--- a/lass/1systems/uriel/config.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ config, pkgs, ... }:
-
-with builtins;
-with import <stockholm/lib>;
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- {
- # locke config
- i18n.defaultLocale ="de_DE.UTF-8";
- time.timeZone = "Europe/Berlin";
- services.xserver.enable = true;
- services.xserver.libinput.enable = false;
- users.users.locke = {
- uid = genid "locke";
- home = "/home/locke";
- group = "users";
- createHome = true;
- extraGroups = [
- "audio"
- "networkmanager"
- ];
- useDefaultShell = true;
- isNormalUser = true;
- };
- networking.networkmanager.enable = true;
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
- environment.systemPackages = with pkgs; [
- pavucontrol
- firefox
- hexchat
- networkmanagerapplet
- ];
- services.xserver.desktopManager.xfce = {
- enable = true;
- };
- }
- ];
-
- krebs.build.host = config.krebs.hosts.uriel;
- nixpkgs.config.allowUnfree = true;
-}
diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix
deleted file mode 100644
index 82a088643..000000000
--- a/lass/1systems/uriel/physical.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{
- imports = [
- ./config.nix
- ];
-
- hardware.enableRedistributableFirmware = true;
- boot = {
- #kernelParams = [
- # "acpi.brightness_switch_enabled=0"
- #];
- #loader.grub.enable = true;
- #loader.grub.version = 2;
- #loader.grub.device = "/dev/sda";
-
- loader.systemd-boot.enable = true;
- loader.timeout = 5;
-
- initrd.luks.devices.luksroot.device = "/dev/sda2";
- initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
- };
- fileSystems = {
- "/" = {
- device = "/dev/pool/root";
- fsType = "ext4";
- };
-
- "/bku" = {
- device = "/dev/pool/bku";
- fsType = "ext4";
- };
-
- "/boot" = {
- device = "/dev/sda1";
- };
- "/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
- '';
-
- services.xserver.synaptics = {
- enable = true;
- twoFingerScroll = true;
- accelFactor = "0.035";
- additionalOptions = ''
- Option "FingerHigh" "60"
- Option "FingerLow" "60"
- '';
- };
-}
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
index 5108f6bc1..5b8cebf5c 100644
--- a/lass/2configs/IM.nix
+++ b/lass/2configs/IM.nix
@@ -30,7 +30,7 @@ in {
imports = [
./bitlbee.nix
];
- environment.systemPackages = [ tmux ];
+ environment.systemPackages = [ tmux weechat ];
systemd.services.chat = {
description = "chat environment setup";
after = [ "network.target" ];
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 23eaa2802..124eef2cf 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -11,6 +11,7 @@ in {
./xdg-open.nix
./yubikey.nix
./pipewire.nix
+ ./tmux.nix
./xmonad.nix
{
krebs.per-user.lass.packages = [
@@ -61,7 +62,8 @@ in {
font-size
fzfmenu
gimp
- gitAndTools.qgit
+ gitAndTools.hub
+ git-crypt
git-preview
gnome3.dconf
iodine
@@ -85,6 +87,7 @@ in {
xorg.xhost
xsel
zathura
+ flameshot-once
(pkgs.writeDashBin "screenshot" ''
set -efu
diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix
deleted file mode 100644
index 9bd416c05..000000000
--- a/lass/2configs/bepasty.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-
-# secrets used:
-# wildcard.krebsco.de.crt
-# wildcard.krebsco.de.key
-# bepasty-secret.nix <- contains single string
-
-with import <stockholm/lib>;
-let
- secKey = import <secrets/bepasty-secret.nix>;
- ext-doms = [
- "paste.lassul.us"
- "paste.krebsco.de"
- ];
-in {
-
- services.nginx.enable = mkDefault true;
- krebs.bepasty = {
- enable = true;
- serveNginx= true;
-
- servers = {
- "paste.r" = {
- nginx = {
- serverAliases = [
- "paste.${config.krebs.build.host.name}"
- "paste.r"
- ];
- };
- defaultPermissions = "admin,list,create,read,delete";
- secretKey = secKey;
- };
- } //
- genAttrs ext-doms (ext-dom: {
- nginx = {
- forceSSL = true;
- enableACME = true;
- };
- defaultPermissions = "read,create";
- secretKey = secKey;
- });
- };
-}
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index 101dd045f..baa891821 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -29,6 +29,13 @@
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'';
+ locations."= /nix-cache-info".extraConfig = ''
+ alias ${pkgs.writeText "cache-info" ''
+ StoreDir: /nix/store
+ WantMassQuery: 1
+ Priority: 42
+ ''};
+ '';
};
virtualHosts."cache.krebsco.de" = {
forceSSL = true;
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index 15408a200..28c7d640d 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -2,16 +2,13 @@ with (import <stockholm/lib>);
{ config, lib, pkgs, ... }:
{
-
imports = [
- ./bitlbee.nix
./mail.nix
./pass.nix
];
environment.systemPackages = with pkgs; [
ag
- brain
dic
nmap
git-preview
@@ -30,43 +27,6 @@ with (import <stockholm/lib>);
{ predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";}
];
- systemd.services.chat = let
- tmux = pkgs.writeDash "tmux" ''
- exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
- set-option -g prefix `
- unbind-key C-b
- bind ` send-prefix
-
- set-option -g status off
- set-option -g default-terminal screen-256color
-
- #use session instead of windows
- bind-key c new-session
- bind-key p switch-client -p
- bind-key n switch-client -n
- bind-key C-s switch-client -l
- ''} "$@"
- '';
- in {
- description = "chat environment setup";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- restartIfChanged = false;
-
- path = [
- pkgs.rxvt_unicode.terminfo
- ];
-
- serviceConfig = {
- User = "lass";
- RemainAfterExit = true;
- Type = "oneshot";
- ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
- ExecStop = "${tmux} kill-session -t IM";
- };
- };
-
services.dovecot2 = {
enable = true;
mailLocation = "maildir:~/Maildir";
diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix
index d29a65210..271dcfca4 100644
--- a/lass/2configs/codimd.nix
+++ b/lass/2configs/codimd.nix
@@ -1,27 +1,52 @@
{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
-{
- services.nginx.virtualHosts.codimd = {
+let
+ domain = "pad.lassul.us";
+in {
+
+ # redirect legacy domain to new one
+ services.nginx.virtualHosts."codi.lassul.us" = {
enableACME = true;
addSSL = true;
- serverName = "codi.lassul.us";
- locations."/".extraConfig = ''
- client_max_body_size 4G;
- proxy_set_header Host $host;
- proxy_pass http://localhost:3091;
- '';
+ locations."/".return = "301 https://${domain}\$request_uri";
+ };
+
+ services.nginx.virtualHosts.${domain} = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "https://localhost:3091";
+ proxyWebsockets = true;
+ };
+ };
+
+ security.acme.certs.${domain}.group = "hedgecert";
+ users.groups.hedgecert.members = [ "codimd" "nginx" ];
+
+ security.dhparams = {
+ enable = true;
+ params.hedgedoc = {};
};
services.hedgedoc = {
enable = true;
- configuration.allowOrigin = [ "*" ];
+ configuration.allowOrigin = [ domain ];
configuration = {
db = {
dialect = "sqlite";
storage = "/var/lib/codimd/db.codimd.sqlite";
- useCDN = false;
};
+ useCDN = false;
port = 3091;
+ domain = domain;
+ allowFreeURL = true;
+
+ useSSL = true;
+ protocolUseSSL = true;