diff options
Diffstat (limited to 'lass')
| -rw-r--r-- | lass/1systems/coaxmetal/physical.nix | 10 | ||||
| -rw-r--r-- | lass/1systems/dishfire/config.nix | 10 | ||||
| -rw-r--r-- | lass/1systems/dishfire/physical.nix | 21 | ||||
| -rw-r--r-- | lass/1systems/prism/config.nix | 6 | ||||
| -rw-r--r-- | lass/1systems/yellow/config.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/binary-cache/server.nix | 17 | ||||
| -rw-r--r-- | lass/2configs/bitlbee.nix | 17 | ||||
| -rw-r--r-- | lass/2configs/hass/default.nix | 11 | ||||
| -rw-r--r-- | lass/2configs/prism-share.nix | 3 | ||||
| -rw-r--r-- | lass/3modules/usershadow.nix | 17 |
10 files changed, 70 insertions, 44 deletions
diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix index b033477fe..6be047300 100644 --- a/lass/1systems/coaxmetal/physical.nix +++ b/lass/1systems/coaxmetal/physical.nix @@ -56,14 +56,4 @@ xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Button' 2 xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Axes' 6 7 4 5 ''; - - # https://forums.lenovo.com/t5/Fedora/T14s-AMD-Trackpoint-almost-unusable/m-p/5064952?page=4 - # https://bugzilla.kernel.org/show_bug.cgi?id=209167#c1 - boot.kernelPatches = [{ - name = "fix-trackpoint-jumping"; - patch = pkgs.fetchurl { - url = "https://patchwork.kernel.org/project/linux-input/patch/20210729010940.5752-1-phoenix@emc.com.tw/raw/"; - sha256 = "0apbf7c8w830dbdsrmxpip90d5zbg74a939x89jfgpvm5gbdqdjg"; - }; - }]; } diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix new file mode 100644 index 000000000..b814d7188 --- /dev/null +++ b/lass/1systems/dishfire/config.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.dishfire; +} diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix new file mode 100644 index 000000000..ca013132f --- /dev/null +++ b/lass/1systems/dishfire/physical.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + ./config.nix + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + boot.loader.grub.devices = [ "/dev/sda" ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd"; + fsType = "ext4"; + }; + + swapDevices = [ ]; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 45f9ae00e..c92a239f9 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -284,6 +284,12 @@ with import <stockholm/lib>; localAddress = "10.233.2.14"; }; + services.nginx.virtualHosts."jelly.r" = { + locations."/".extraConfig = '' + proxy_pass http://10.233.2.14:8096/; + proxy_set_header Accept-Encoding ""; + ''; + }; services.nginx.virtualHosts."flix.r" = { locations."/".extraConfig = '' proxy_pass http://10.233.2.14:80/; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index dc3b4b566..554882bf3 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -21,7 +21,7 @@ with import <stockholm/lib>; download-dir = "/var/download/finished"; incomplete-dir = "/var/download/incoming"; incomplete-dir-enable = true; - rpc-bind-address = "0.0.0.0"; + rpc-bind-address = "::"; message-level = 1; umask = 18; rpc-whitelist-enabled = false; diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index baa891821..1abf51ae6 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -1,27 +1,14 @@ -{ config, lib, pkgs, ...}: +{ config, lib, pkgs, stockholm, ...}: { # generate private key with: # nix-store --generate-binary-cache-key my-secret-key my-public-key services.nix-serve = { enable = true; - secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + secretKeyFile = toString <secrets> + "/nix-serve.key"; port = 5005; }; - systemd.services.nix-serve = { - after = [ - config.krebs.secret.files.nix-serve-key.service - ]; - partOf = [ - config.krebs.secret.files.nix-serve-key.service - ]; - }; - krebs.secret.files.nix-serve-key = { - path = "/run/secret/nix-serve.key"; - owner.name = "nix-serve"; - source-path = toString <secrets> + "/nix-serve.key"; - }; services.nginx = { enable = true; virtualHosts.nix-serve = { diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix index d8f1ae888..b84221155 100644 --- a/lass/2configs/bitlbee.nix +++ b/lass/2configs/bitlbee.nix @@ -11,9 +11,22 @@ with (import <stockholm/lib>); pkgs.bitlbee-discord ]; libpurple_plugins = [ - # pkgs.telegram-purple - pkgs.tdlib-purple + pkgs.telegram-purple + # pkgs.tdlib-purple # pkgs.purple-gowhatsapp ]; }; + + users.users.bitlbee = { + uid = genid_uint31 "bitlbee"; + isSystemUser = true; + group = "bitlbee"; + }; + users.groups.bitlbee = {}; + + systemd.services.bitlbee.serviceConfig = { + DynamicUser = lib.mkForce false; + User = "bitlbee"; + StateDirectory = lib.mkForce null; + }; } diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index be9c32809..b303df938 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -119,13 +119,10 @@ in { services.mosquitto = { enable = true; - host = "0.0.0.0"; - allowAnonymous = false; - checkPasswords = true; - users.gg23 = { - password = "gg23-mqtt"; - acl = [ "topic readwrite #" ]; - }; + listeners = [{ + acl = [ "topic pattern readwrite #" ]; + users.gg23 = { acl = [ "topic readwrite #" ]; password = "gg23-mqtt"; }; + }]; }; environment.systemPackages = [ pkgs.mosquitto ]; diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix index aa3eb541d..fb803dd77 100644 --- a/lass/2configs/prism-share.nix +++ b/lass/2configs/prism-share.nix @@ -14,7 +14,10 @@ with import <stockholm/lib>; description = "smb guest user"; home = "/home/share"; createHome = true; + group = "share"; }; + users.groups.share = {}; + services.samba = { enable = true; enableNmbd = true; diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index c3d4de84d..b1011ced0 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -28,23 +28,22 @@ session required pam_permit.so ''; - security.pam.services.dovecot2 = { - text = '' - auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} - auth required pam_permit.so - account required pam_permit.so - session required pam_permit.so - session required pam_env.so envfile=${config.system.build.pamEnvironment} - ''; - }; + security.pam.services.dovecot2.text = '' + auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} + auth required pam_permit.so + account required pam_permit.so + session required pam_permit.so + ''; security.wrappers.shadow_verify_pam = { source = "${usershadow}/bin/verify_pam"; owner = "root"; + group = "root"; }; security.wrappers.shadow_verify_arg = { source = "${usershadow}/bin/verify_arg"; owner = "root"; + group = "root"; }; }; |