summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/hilum/config.nix28
-rw-r--r--lass/1systems/hilum/physical.nix35
-rw-r--r--lass/1systems/mors/config.nix2
-rw-r--r--lass/1systems/prism/config.nix8
-rw-r--r--lass/1systems/prism/physical.nix5
-rw-r--r--lass/1systems/shodan/config.nix87
-rw-r--r--lass/1systems/shodan/physical.nix1
-rw-r--r--lass/2configs/backup.nix1
-rw-r--r--lass/2configs/baseX.nix11
-rw-r--r--lass/2configs/br.nix9
-rw-r--r--lass/2configs/nfs-dl.nix15
11 files changed, 194 insertions, 8 deletions
diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix
new file mode 100644
index 000000000..998fa1478
--- /dev/null
+++ b/lass/1systems/hilum/config.nix
@@ -0,0 +1,28 @@
+{ config, ... }:
+{
+ imports = [
+ <stockholm/lass>
+
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/baseX.nix>
+ <stockholm/lass/2configs/browsers.nix>
+ <stockholm/lass/2configs/programs.nix>
+ <stockholm/lass/2configs/network-manager.nix>
+ <stockholm/lass/2configs/mail.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.hilum;
+
+ boot.loader.grub.extraEntries = ''
+ menuentry "grml" {
+ iso_path=/isos/grml.iso
+ export iso_path
+ search --set=root --file $iso_path
+ loopback loop $iso_path
+ root=(loop)
+ configfile /boot/grub/loopback.cfg
+ loopback --delete loop
+ }
+ '';
+}
diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix
new file mode 100644
index 000000000..f8bab57d6
--- /dev/null
+++ b/lass/1systems/hilum/physical.nix
@@ -0,0 +1,35 @@
+{ lib, pkgs, ... }:
+
+{
+ imports = [
+ ./config.nix
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
+ boot.initrd.kernelModules = [ "dm-snapshot" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.efiSupport = true;
+ boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0";
+ boot.loader.grub.efiInstallAsRemovable = true;
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2";
+ fsType = "ext4";
+ };
+
+ boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4";
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/2B9E-5131";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 5076beeef..1477d6d8b 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -54,7 +54,7 @@ with import <stockholm/lib>;
folders = {
the_playlist = {
path = "/home/lass/tmp/the_playlist";
- peers = [ "mors" "phone" "prism" ];
+ peers = [ "mors" "phone" "prism" "xerxes" ];
};
free_music = {
id = "mu9mn-zgvsw";
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index eec8e34b8..845cf943c 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -31,7 +31,15 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
];
+ packages = [
+ (pkgs.writeDashBin "kick-routing" ''
+ /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
+ '')
+ ];
};
+ security.sudo.extraConfig = ''
+ riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
+ '';
# TODO write function for proxy_pass (ssl/nonssl)
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 9a84e9d63..7458f5ffd 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -20,6 +20,11 @@
fsType = "ext4";
};
+ fileSystems."/backups" = {
+ device = "tank/backups";
+ fsType = "zfs";
+ };
+
fileSystems."/srv/http" = {
device = "tank/srv-http";
fsType = "zfs";
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index 5de87d790..ad510283f 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -17,6 +17,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/green-host.nix>
<stockholm/lass/2configs/ssh-cryptsetup.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
];
krebs.build.host = config.krebs.hosts.shodan;
@@ -24,4 +25,90 @@ with import <stockholm/lib>;
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
+
+ #media center
+ users.users.media = {
+ isNormalUser = true;
+ uid = genid_uint31 "media";
+ extraGroups = [ "video" "audio" ];
+ };
+
+ services.xserver.displayManager.lightdm.autoLogin = {
+ enable = true;
+ user = "media";
+ };
+
+ #hass
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 1883"; target = "ACCEPT"; }
+ # zerotierone
+ { predicate = "-p udp --dport 9993"; target = "ACCEPT"; }
+ ];
+
+ services.home-assistant = let
+ tasmota_s20 = name: topic: {
+ platform = "mqtt";
+ inherit name;
+ state_topic = "stat/${topic}/POWER";
+ command_topic = "cmnd/${topic}/POWER";
+ payload_on = "ON";
+ payload_off = "OFF";
+ };
+ in {
+ enable = true;
+ package = pkgs.home-assistant.override {
+ python3 = pkgs.python36;
+ #extraComponents = [
+ # (pkgs.fetchgit {
+ # url = "https://github.com/marcschumacher/dwd_pollen";
+ # rev = "0.1";
+ # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p";
+ # })
+ #];
+ };
+ config = {
+ homeassistant = {
+ name = "Home"; time_zone = "Europe/Berlin";
+ latitude = "48.7687";
+ longitude = "9.2478";
+ elevation = 247;
+ };
+ sun.elevation = 66;
+ discovery = {};
+ frontend = { };
+ mqtt = {
+ broker = "localhost";
+ port = 1883;
+ client_id = "home-assistant";
+ username = "gg23";
+ password = "gg23-mqtt";
+ keepalive = 60;
+ protocol = 3.1;
+ };
+ sensor = [
+ ];
+ switch = [
+ (tasmota_s20 "Drucker Strom" "drucker")
+ (tasmota_s20 "Bett Licht" "bett")
+ ];
+ device_tracker = [
+ {
+ platform = "luci";
+ }
+ ];
+ };
+ };
+
+ services.mosquitto = {
+ enable = true;
+ host = "0.0.0.0";
+ allowAnonymous = false;
+ checkPasswords = true;
+ users.gg23 = {
+ password = "gg23-mqtt";
+ acl = [ "topic readwrite #" ];
+ };
+ };
+ environment.systemPackages = [ pkgs.mosquitto ];
}
diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix
index 41508127c..7cfeba932 100644
--- a/lass/1systems/shodan/physical.nix
+++ b/lass/1systems/shodan/physical.nix
@@ -13,7 +13,6 @@
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
};
fileSystems = {
"/" = {
diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix
index 94272fdb0..f5c241785 100644
--- a/lass/2configs/backup.nix
+++ b/lass/2configs/backup.nix
@@ -6,6 +6,7 @@ with import <stockholm/lib>;
useDefaultShell = true;
home = "/backups";
createHome = true;
+ group = "syncthing";
openssh.authorizedKeys.keys = with config.krebs.hosts; [
blue.ssh.pubkey
];
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 5003d2279..ecbb7541f 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -59,6 +59,7 @@ in {
environment.systemPackages = with pkgs; [
acpi
+ acpilight
ag
cabal2nix
cholerab
@@ -72,6 +73,7 @@ in {
lm_sensors
ncdu
nix-index
+ nix-review
nmap
pavucontrol
powertop
@@ -79,9 +81,10 @@ in {
sxiv
taskwarrior
termite
+ transgui
+ wirelesstools
xclip
xephyrify
- xorg.xbacklight
xorg.xhost
xsel
zathura
@@ -94,6 +97,12 @@ in {
xlibs.fontschumachermisc
];
+ services.udev.extraRules = ''
+ SUBSYSTEM=="backlight", ACTION=="add", \
+ RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", \
+ RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
+ '';
+
services.xserver = {
enable = true;
layout = "us";
diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix
index ad307c797..e4ccffe23 100644
--- a/lass/2configs/br.nix
+++ b/lass/2configs/br.nix
@@ -5,10 +5,11 @@ with import <stockholm/lib>;
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
];
- krebs.nixpkgs.allowUnfreePredicate = pkg: any (flip hasPrefix pkg.name) [
- "brother-udev-rule-type1-"
- "brscan4-"
- "mfcl2700dnlpr-"
+ krebs.nixpkgs.allowUnfreePredicate = pkg: any (eq (packageName pkg)) [
+ "brother-udev-rule-type1"
+ "brscan4"
+ "brscan4-etc-files"
+ "mfcl2700dnlpr"
];
hardware.sane = {
diff --git a/lass/2configs/nfs-dl.nix b/lass/2configs/nfs-dl.nix
index abbcc1d42..ba53321b9 100644
--- a/lass/2configs/nfs-dl.nix
+++ b/lass/2configs/nfs-dl.nix
@@ -1,7 +1,20 @@
{
fileSystems."/mnt/prism" = {
- device = "prism.w:/export";
+ device = "prism.w:/export/download";
fsType = "nfs";
+ options = [
+ "timeo=14"
+ "noauto"
+ "noatime"
+ "nodiratime"
+ "noac"
+ "nocto"
+ "x-systemd.automount"
+ "x-systemd.device-timeout=1"
+ "x-systemd.idle-timeout=1min"
+ "x-systemd.requires=retiolum.service"
+ "x-systemd.requires=wpa_supplicant.service"
+ ];
};
}