diff options
Diffstat (limited to 'lass')
31 files changed, 495 insertions, 377 deletions
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 2c1be473a..bd559944a 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -34,6 +34,7 @@ with import <stockholm/lib>; ]; }; environment.systemPackages = with pkgs; [ + ark pavucontrol #firefox chromium diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index 998fa1478..f57d275d8 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: { imports = [ <stockholm/lass> @@ -14,15 +14,19 @@ krebs.build.host = config.krebs.hosts.hilum; - boot.loader.grub.extraEntries = '' - menuentry "grml" { - iso_path=/isos/grml.iso - export iso_path - search --set=root --file $iso_path - loopback loop $iso_path - root=(loop) - configfile /boot/grub/loopback.cfg - loopback --delete loop - } - ''; + boot.loader.grub = { + extraEntries = '' + submenu isos { + source /grub/autoiso.cfg + } + ''; + extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation { + name = "autoiso.cfg"; + src = pkgs.grub2.src; + phases = [ "unpackPhase" "installPhase" ]; + installPhase = '' + cp docs/autoiso.cfg $out + ''; + }); + }; } diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index d8c8699ae..86727700f 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { imports = [ @@ -14,20 +14,13 @@ <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/games.nix> <stockholm/lass/2configs/bitcoin.nix> - <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/wine.nix> - <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/nfs-dl.nix> - <stockholm/lass/2configs/prism-share.nix> + #<stockholm/lass/2configs/prism-share.nix> <stockholm/lass/2configs/ssh-cryptsetup.nix> ]; krebs.build.host = config.krebs.hosts.icarus; - - environment.systemPackages = with pkgs; [ - macchanger - dpass - ]; programs.adb.enable = true; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 13e865c6e..e957279e2 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -261,41 +261,6 @@ with import <stockholm/lib>; hostAddress = "10.233.2.3"; localAddress = "10.233.2.4"; }; - services.nginx.virtualHosts."rote-allez-fraktion.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - extraConfig = '' - proxy_set_header Host rote-allez-fraktion.de; - proxy_pass http://10.233.2.4; - ''; - }; - }; - } - { - imports = [ <stockholm/lass/2configs/backup.nix> ]; - lass.restic = genAttrs [ - "daedalus" - "icarus" - "littleT" - "mors" - "shodan" - "skynet" - ] (dest: { - dirs = [ - "/home/chat/.weechat" - "/bku/sql_dumps" - ]; - passwordFile = (toString <secrets>) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/prism"; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }); } { users.users.download.openssh.authorizedKeys.keys = [ diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 2d25bc88a..8630d0f4b 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -28,6 +28,12 @@ export SYSTEM="$1" $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; + usb-tether-on = pkgs.writeDash "usb-tether-on" '' + adb shell su -c service call connectivity 33 i32 1 s16 text + ''; + usb-tether-off = pkgs.writeDash "usb-tether-off" '' + adb shell su -c service call connectivity 33 i32 0 s16 text + ''; }; services.xserver = { @@ -66,26 +72,8 @@ programs.adb.enable = true; - services.logind.lidSwitch = "ignore"; - services.acpid = { - enable = true; - lidEventCommands = '' - export DISPLAY=:${toString config.services.xserver.display} - case "$1" in - "button/lid LID close") - ${pkgs.xorg.xinput}/bin/xinput disable 'pointer: Mouse for Windows' - ${pkgs.xorg.xinput}/bin/xinput disable 'keyboard: Mouse for Windows' - ${pkgs.acpilight}/bin/xbacklight -get > /tmp/pre_lid_brightness - ${pkgs.acpilight}/bin/xbacklight -set 0 - ;; - "button/lid LID open") - ${pkgs.xorg.xinput}/bin/xinput enable 'pointer: Mouse for Windows' - ${pkgs.xorg.xinput}/bin/xinput enable 'keyboard: Mouse for Windows' - ${pkgs.acpilight}/bin/xbacklight -set $(cat /tmp/pre_lid_brightness) - ;; - esac - ''; - }; + services.logind.lidSwitch = "suspend"; + lass.screenlock.enable = lib.mkForce false; systemd.services.suspend-again = { after = [ "suspend.target" ]; diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix index 5d60dfc45..77cf2206b 100644 --- a/lass/1systems/xerxes/physical.nix +++ b/lass/1systems/xerxes/physical.nix @@ -13,9 +13,8 @@ }; boot.loader.efi.canTouchEfiVariables = true; - # TODO fix touchscreen boot.blacklistedKernelModules = [ - "goodix" + "sdhci_pci" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; @@ -46,7 +45,7 @@ swapDevices = [ ]; boot.extraModprobeConfig = '' - options zfs zfs_arc_max=1073741824 + options zfs zfs_arc_max=107374182 ''; nix.maxJobs = lib.mkDefault 4; @@ -74,13 +73,10 @@ services.xserver = { videoDrivers = [ "intel" ]; - deviceSection = '' - Option "TearFree" "true" - ''; displayManager.sessionCommands = '' echo nonono > /tmp/xxyy (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right) - (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1) ''; }; } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index ecbb7541f..52d694c46 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -10,6 +10,7 @@ in { ./copyq.nix ./urxvt.nix ./xdg-open.nix + ./yubikey.nix { hardware.pulseaudio = { enable = true; @@ -54,7 +55,7 @@ in { time.timeZone = "Europe/Berlin"; programs.ssh.agentTimeout = "10m"; - programs.ssh.startAgent = true; + programs.ssh.startAgent = false; services.openssh.forwardX11 = true; environment.systemPackages = with pkgs; [ @@ -62,11 +63,11 @@ in { acpilight ag cabal2nix - cholerab dic dmenu font-size fzfmenu + gimp gitAndTools.qgit git-preview gnome3.dconf diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index c0085995d..eafab400c 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,100 +1,13 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - - mainUser = config.users.extraUsers.mainUser; - - browser-select = let - sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) - (mapAttrsToList (name: value: { inherit name value; }) - config.lass.browser.paths); - in pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) - case $BROWSER in - ${concatMapStringsSep "\n" (n: '' - ${n.name}) - export BIN=${n.value.path}/bin/${n.name} - ;; - '') (sortedPaths)} - esac - $BIN "$@" - ''; - - createUser = script: name: groups: precedence: dpi: - { - lass.xjail.${name} = { - inherit script groups dpi; - }; - environment.systemPackages = [ - config.lass.xjail-bins.${name} - (pkgs.writeDashBin "cx-${name}" '' - DISPLAY=:${toString (genid_uint31 name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip - '') - ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; - - createChromiumUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.chromium}/bin/chromium "$@" - '') name groups precedence 80; - - createFirefoxUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.firefox}/bin/firefox "$@" - '') name groups precedence 80; - - createQuteUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.qutebrowser}/bin/qutebrowser "$@" - '') name groups precedence 60; - -in { - - lass.browser.select = browser-select; - - environment.systemPackages = [ - browser-select - ]; - +{ + lass.browser.config = { + cr = { groups = [ "audio" "video" ]; precedence = 9; }; + }; programs.chromium = { enable = true; extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium + "ihlenndgcmojhcghmfjfneahoeklbjjh" #cVim ]; }; - - imports = [ - { - options.lass.browser.select = mkOption { - type = types.path; - }; - options.lass.browser.paths = mkOption { - type = types.attrsOf (types.submodule ({ - options = { - path = mkOption { - type = types.path; - }; - precedence = mkOption { - type = types.int; - default = 0; - }; - }; - })); - }; - } - ( createFirefoxUser "ff" [ "audio" ] 11 ) - ( createQuteUser "qb" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "audio" "video" ] 9 ) - ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "audio" ] 0 ) - ( createChromiumUser "fb" [ "audio" ] 0 ) - ( createChromiumUser "com" [ "audio" ] 0 ) - ( createChromiumUser "fin" [] (-1) ) - ]; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 972b4760a..27242b129 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -23,8 +23,8 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey - config.krebs.users.lass-shodan.pubkey - config.krebs.users.lass-icarus.pubkey + config.krebs.users.lass-xerxes.pubkey + config.krebs.users.lass-yubikey.pubkey ]; }; mainUser = { @@ -42,6 +42,8 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey + config.krebs.users.lass-xerxes.pubkey + config.krebs.users.lass-yubikey.pubkey ]; }; }; @@ -173,13 +175,7 @@ with import <stockholm/lib>; ''; }; - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; + services.openssh.enable = true; services.journald.extraConfig = '' SystemMaxUse=1G @@ -190,7 +186,9 @@ with import <stockholm/lib>; enable = true; tables = { nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-i retiolum -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + { predicate = "-i wiregrill -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + { predicate = "-p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } ]; nat.OUTPUT.rules = [ @@ -217,7 +215,4 @@ with import <stockholm/lib>; networking.dhcpcd.extraConfig = '' noipv4ll ''; - services.netdata = { - enable = true; - }; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index d1e6b195b..a82672998 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -15,6 +15,7 @@ with import <stockholm/lib>; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors config.krebs.hosts.blue + config.krebs.hosts.xerxes ]; internet-aliases = with config.krebs.users; [ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 @@ -106,6 +107,10 @@ with import <stockholm/lib>; { from = "ubisoft@lassul.us"; to = lass.mail; } { from = "kottezeller@lassul.us"; to = lass.mail; } { from = "pie@lassul.us"; to = lass.mail; } + { from = "vebit@lassul.us"; to = lass.mail; } + { from = "vcvrack@lassul.us"; to = lass.mail; } + { from = "epic@lassul.us"; to = lass.mail; } + { from = "microsoft@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index a3acb82bb..c0e6beba4 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -10,7 +10,7 @@ let doom = pkgs.writeDash "doom" '' DOOM_DIR=''${DOOM_DIR:-~/doom/} ${vdoom} \ - -file $DOOM_DIR/lib/brutalv20.pk3 \ + -file $DOOM_DIR/lib/brutalv21.pk3 \ "$@" ''; doom1 = pkgs.writeDashBin "doom1" '' @@ -56,15 +56,6 @@ let ''; in { - environment.systemPackages = with pkgs; [ - dolphinEmu - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver - ]; - users.extraUsers = { games = { name = "games"; @@ -76,7 +67,14 @@ in { packages = with pkgs; [ minecraft steam-run + scummvm dolphinEmu + doom1 + doom2 + vdoom1 + vdoom2 + vdoomserver + retroarchBare ]; }; }; diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index a1bb26049..0ddb63a03 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import <stockholm/lib>; { nix.gc = { - automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer); + automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer); }; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 7650f4294..ced0d7955 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -180,7 +180,7 @@ let with git // config.krebs.users; repo: singleton { - user = [ lass lass-mors lass-shodan lass-icarus lass-blue ]; + user = [ lass lass-mors lass-shodan lass-icarus lass-blue lass-xerxes ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index 5649041f9..89b119347 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, pkgs, ... }: { imports = [ <stockholm/krebs/2configs/hw/x220.nix> @@ -8,7 +8,20 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + extraModulePackages = [ + config.boot.kernelPackages.tp_smapi + config.boot.kernelPackages.acpi_call + ]; + kernelModules = [ + "acpi_call" + "tp_smapi" + ]; }; + + environment.systemPackages = [ + pkgs.tpacpi-bat + ]; + fileSystems = { "/" = { device = "/dev/mapper/pool-root"; @@ -33,4 +46,10 @@ services.logind.lidSwitch = "ignore"; services.logind.lidSwitchDocked = "ignore"; + services.tlp.enable = true; + services.tlp.extraConfig = '' + START_CHARGE_THRESH_BAT0=80 + STOP_CHARGE_THRESH_BAT0=95 + ''; + } diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 1c253a6c5..156ebcae7 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -2,7 +2,7 @@ { krebs.per-user.lass.packages = with pkgs; [ - pass + (pass.withExtensions (ext: [ ext.pass-otp ])) gnupg ]; diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 7e1433fde..b24d7af3e 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -260,7 +260,7 @@ in { }; krebs.syncthing.folders."the_playlist" = { path = "/home/radio/music/the_playlist"; - peers = [ "mors" "phone" "prism" ]; + peers = [ "mors" "phone" "prism" "xerxes" ]; }; krebs.permown."/home/radio/music/the_playlist" = { owner = "radio"; diff --git a/lass/2configs/starcraft.nix b/lass/2configs/starcraft.nix index 742b877e8..c95a610e7 100644 --- a/lass/2configs/starcraft.nix +++ b/lass/2configs/starcraft.nix @@ -1,36 +1,5 @@ { config, pkgs, ... }: let mainUser = config.users.extraUsers.mainUser; - newWine = pkgs.wineStaging; - #newWine = pkgs.wineStaging.overrideAttrs (old: { - # name = "wine-3.7"; - # buildInputs = old.buildInputs ++ [ - # pkgs.libuuid.bin - # pkgs.autoconf.out - # ]; - # src = pkgs.fetchurl { - # url = "https://dl.winehq.org/wine/source/3.x/wine-3.7.tar.xz"; - # sha256 = "1drbzk3y0m14lkq3vzwwkvain5shykgcbmyzh6gcb5r4sxh3givn"; - # }; - # postPatch = old.postPatch or "" + '' - # patchShebangs tools - # cp -r ${pkgs.fetchFromGitHub { - # sha256 = "0kam73jqhah7bzji5csxxhhfdp6byhzpcph6xnzjqz2aic5xk7xi"; - # owner = "wine-staging"; - # repo = "wine-staging"; - # rev = "v3.7"; - # }}/patches . - # chmod +w patches - # cd patches - # patchShebangs gitapply.sh - # ./patchinstall.sh DESTDIR="$PWD/.." --all - # cd .. - # ''; - - #}); - #newWine = (import (builtins.fetchGit { - # url = "https://github.com/NixOS/nixpkgs"; - # rev = "696c6bed4e8e2d9fd9b956dea7e5d49531e9d13f"; - #}) {}).wineStaging; in { users.users= { starcraft = { @@ -40,7 +9,7 @@ in { "video" ]; packages = [ - newWine + pkgs.wineWowPackages.minimal pkgs.winetricks pkgs.mpg123 ]; diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index e1b523e3a..701e5047e 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -11,9 +11,8 @@ # ##TODO: make steam module nixpkgs.config.steam.java = true; - environment.systemPackages = with pkgs; [ - steam - ]; + + users.users.games.packages = [ pkgs.steam ]; #ports for inhome streaming krebs.iptables = { diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix index 5b92d0919..d0cfdf478 100644 --- a/lass/2configs/ts3.nix +++ b/lass/2configs/ts3.nix @@ -10,8 +10,8 @@ { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; } { predicate = "-p udp --dport 9987"; target = "ACCEPT"; } ##file transfer port - #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } - #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } + { predicate = "-p udp --dport 30033"; target = "ACCEPT"; } ##query port #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; } #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 9980e0501..b9673de70 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,7 +26,6 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ "jarugadesign.de" "www.jarugadesign.de" ]) (servePage [ "freemonkey.art" "www.freemonkey.art" @@ -41,6 +40,7 @@ in { "youthtube.xyz" "joemisch.com" "weirdwednesday.de" + "jarugadesign.de" "www.apanowicz.de" "www.nirwanabluete.de" @@ -50,6 +50,7 @@ in { "www.ubikmedia.de" "www.joemisch.com" "www.weirdwednesday.de" + "www.jarugadesign.de" "aldona2.ubikmedia.de" "apanowicz.ubikmedia.de" @@ -64,6 +65,7 @@ in { "freemonkey.ubikmedia.de" "jarugadesign.ubikmedia.de" "crypto4art.ubikmedia.de" + "jarugadesign.ubikmedia.de" ]) ]; @@ -250,14 +252,13 @@ in { lines = 1000; }; }; + services.restic.backups.domsen = { initialize = true; - extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; - repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + repository = "/backups/domsen"; passwordFile = toString <secrets> + "/domsen_backup_pw"; timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; paths = [ - "/srv/http" "/home/domsen/Mail" "/home/ms/Mail" "/home/klabusterbeere/Mail" @@ -270,32 +271,32 @@ in { }; boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576"; + krebs.syncthing.folders = { + domsen-backups = { + path = "/backups/domsen"; + peers = [ "domsen-backup" ]; + }; + domsen-backup-srv-http = { + path = "/srv/http"; + peers = [ "domsen-backup" ]; + }; + }; + + system.activationScripts.domsen-backups = '' + ${pkgs.coreutils}/bin/chmod 750 /backups + ''; + krebs.permown = { - "/srv/http/ubikmedia.de" = { - owner = "domsen"; - group = "nginx"; + "/backups/domsen" = { + owner = "backup"; + group = "syncthing"; umask = "0007"; }; - "/srv/http/o.ubikmedia.de" = { - owner = "domsen"; + "/srv/http" = { + owner = "syncthing"; group = "nginx"; umask = "0007"; }; - "/srv/http/freemonkey.art" = { - owner = "domsen"; - group = "nginx"; - umask = "0002"; - }; - "/srv/http/jarugadesign.de" = { - owner = "domsen"; - group = "nginx"; - umask = "0002"; - }; - "/srv/http/reich-gebaeudereinigung.de" = { - owner = "domsen"; - group = "nginx"; - umask = "0002"; - }; }; } diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix new file mode 100644 index 000000000..e6482c58c --- /dev/null +++ b/lass/2configs/yubikey.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + yubikey-personalization + ]; + + services.udev.packages = with pkgs; [ yubikey-personalization ]; + services.pcscd.enable = true; |