From 45e031cd6b9ad15881f2f69e649234337aa26e4c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 13:05:55 +0200 Subject: hw x220: disable deprecated rngd --- krebs/2configs/hw/x220.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 3780e0d7..bb273652 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -22,8 +22,6 @@ with import ; pkgs.vaapiVdpau ]; - security.rngd.enable = mkDefault true; - services.xserver = { videoDriver = "intel"; }; -- cgit v1.2.3 From 032341bd35c6e387b7e0e0600f74a9c45dacc159 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:14:56 +0200 Subject: reaktor2: isSystemUser --- krebs/2configs/reaktor2.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/2configs') diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 2823aabe..14e0a3d7 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -119,6 +119,7 @@ in { users.users.reaktor2 = { uid = genid_uint31 "reaktor2"; home = stateDir; + isSystemUser = true; }; krebs.reaktor2 = { -- cgit v1.2.3 From b37a74c688e272587433874cb779bdc367e127a2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 19:13:25 +0200 Subject: puyak.r/shack: isSystemUser everything --- krebs/2configs/shack/muell_mail.nix | 1 + krebs/2configs/shack/muellshack.nix | 1 + krebs/2configs/shack/node-light.nix | 1 + krebs/2configs/shack/powerraw.nix | 5 ++++- krebs/2configs/shack/s3-power.nix | 1 + krebs/2configs/shack/shackDNS.nix | 1 + krebs/2configs/shack/share.nix | 1 + 7 files changed, 10 insertions(+), 1 deletion(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 48156471..95145020 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -12,6 +12,7 @@ let in { users.users.muell_mail = { inherit home; + isSystemUser = true; createHome = true; }; systemd.services.muell_mail = { diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index e894b939..b032b429 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -13,6 +13,7 @@ let in { users.users.muellshack = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."muell.shack" = { diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 4a981ea8..2e69d5aa 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -14,6 +14,7 @@ in { networking.firewall.allowedUDPPorts = [ 2342 ]; users.users.node-light = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."lounge.light.shack" = { diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index cc3692e8..43c74358 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -14,7 +14,10 @@ let in { # receive response from light.shack / standby.shack networking.firewall.allowedUDPPorts = [ 11111 ]; - users.users.powermeter.extraGroups = [ "dialout" ]; + users.users.powermeter = { + extraGroups = [ "dialout" ]; + isSystemUser = true; + }; # we make sure that usb-ttl has the correct permissions # creates /dev/powerraw diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index f3ea67f7..0ce8a878 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -14,6 +14,7 @@ in { users.users.s3_power = { inherit home; createHome = true; + isSystemUser = true; }; systemd.services.s3-power = { startAt = "daily"; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix index 807bb7e6..c9cdfd24 100644 --- a/krebs/2configs/shack/shackDNS.nix +++ b/krebs/2configs/shack/shackDNS.nix @@ -30,6 +30,7 @@ in { users.users.shackDNS = { inherit home; createHome = true; + isSystemUser = true; }; services.nginx.virtualHosts."leases.shack" = { locations."/" = { diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index d8d65d30..d08eb8ab 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -4,6 +4,7 @@ uid = config.ids.uids.smbguest; group = "share"; description = "smb guest user"; + isNormalUser = true; home = "/home/share"; createHome = true; }; -- cgit v1.2.3 From f7dfc2c43ad99f5971b12a6f6a8c88cca3634f77 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 20:06:00 +0200 Subject: ma samba: remove isNormalUser again --- krebs/2configs/shack/share.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index d08eb8ab..3eb30964 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -1,10 +1,9 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser group = "share"; description = "smb guest user"; - isNormalUser = true; home = "/home/share"; createHome = true; }; -- cgit v1.2.3 From 0b5c89dae9242e1817ae6add75253018f9ac644d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 8 Jun 2021 17:41:21 +0200 Subject: module ergo: init --- krebs/2configs/ergo.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 krebs/2configs/ergo.nix (limited to 'krebs/2configs') diff --git a/krebs/2configs/ergo.nix b/krebs/2configs/ergo.nix new file mode 100644 index 00000000..db0bc574 --- /dev/null +++ b/krebs/2configs/ergo.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: + +{ + networking.firewall.allowedTCPPorts = [ + 6667 + ]; + + krebs.ergo = { + enable = true; + }; +} + + -- cgit v1.2.3 From 85cd96ed8bffc97307400e80933548fbfbb353f9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Jun 2021 11:37:27 +0200 Subject: gollum: follow upstream --- krebs/2configs/wiki.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index e4f05a6e..c3d12618 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -27,7 +27,7 @@ let in { - krebs.gollum = { + services.gollum = { enable = true; extraConfig = '' Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| -- cgit v1.2.3 From 824a1e8d059cadf83cd70d4cc90e2b6406cb93bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Jun 2021 11:37:56 +0200 Subject: wiki: fix ascii error --- krebs/2configs/wiki.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs/2configs') diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index c3d12618..7624c205 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -36,6 +36,8 @@ in ''; }; + systemd.services.gollum.environment.LC_ALL = "en_US.UTF-8"; + networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; -- cgit v1.2.3 From 2447bc7d8c496562f03e0cf71a3d90c62fae5764 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Jun 2021 22:21:06 +0200 Subject: wiki: fix old references to krebs.gollum --- krebs/2configs/wiki.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index 7624c205..9a18b8df 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -4,9 +4,9 @@ let setupGit = '' export PATH=${makeBinPath [ pkgs.git ]} - export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.services.gollum.stateDir}/.ssh/id_ed25519' repo='git@localhost:wiki' - cd ${config.krebs.gollum.stateDir} + cd ${config.services.gollum.stateDir} if ! url=$(git config remote.origin.url); then git remote add origin "$repo" elif test "$url" != "$repo"; then @@ -89,7 +89,7 @@ in }; krebs.secret.files.gollum = { - path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519"; + path = "${config.services.gollum.stateDir}/.ssh/id_ed25519"; owner = { name = "gollum"; }; source-path = "${}"; }; -- cgit v1.2.3