From 72abe80227ec5de5c2f7a55f6e2fe3da46c14538 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 16:55:43 +0200 Subject: l: config for backup target --- lass/1systems/helios/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems/helios') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index e64cfbe79..557fce1e8 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -17,6 +17,7 @@ with import ; + { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; -- cgit v1.2.3 From b847bcdc02ded53c946a8f75dabfbda8ac3498dc Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 2 May 2018 15:53:09 +0200 Subject: l helios.r: update certs --- lass/1systems/helios/config.nix | 37 ++++++++----------------------------- 1 file changed, 8 insertions(+), 29 deletions(-) (limited to 'lass/1systems/helios') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 557fce1e8..759bb6d06 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -138,35 +138,14 @@ with import ; networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) - - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) - (pkgs.writeText "minio.cert" '' - -----BEGIN CERTIFICATE----- - MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS - MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1 - OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC - AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL - 8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV - YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C - ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM - CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw - hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk - MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw - I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB - CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30 - hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox - jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY - EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM - zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a - qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa - -----END CERTIFICATE----- - '') + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; }) + + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; }) ]; programs.adb.enable = true; -- cgit v1.2.3 From 0c0d527bec3a6a3d6435203253edb2ef27f9655b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 May 2018 15:51:24 +0200 Subject: l: hw config into physical.nix --- lass/1systems/helios/config.nix | 56 +-------------------------------- lass/1systems/helios/physical.nix | 65 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 55 deletions(-) create mode 100644 lass/1systems/helios/physical.nix (limited to 'lass/1systems/helios') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 759bb6d06..bd7f75c3e 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -12,48 +12,12 @@ with import ; # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined # - + # - { # automatic hardware detection - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - - fileSystems."/" = { - device = "/dev/pool/root"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/1F60-17C6"; - fsType = "vfat"; - }; - - fileSystems."/home" = { - device = "/dev/pool/home"; - fsType = "btrfs"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - - nix.maxJobs = lib.mkDefault 8; - } - { # crypto stuff - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices = [{ - name = "luksroot"; - device = "/dev/nvme0n1p3"; - }]; - }; - } { services.xserver.dpi = 200; fonts.fontconfig.dpi = 200; @@ -99,13 +63,6 @@ with import ; } ]; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.wireless.enable = true; - hardware.enableRedistributableFirmware = true; - environment.systemPackages = with pkgs; [ ag vim @@ -124,17 +81,6 @@ with import ; services.tlp.enable = true; - services.xserver.videoDrivers = [ "nvidia" ]; - services.xserver.xrandrHeads = [ - { output = "DP-2"; primary = true; } - { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; } - { output = "DP-0"; } - ]; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal - ''; - networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix new file mode 100644 index 000000000..549506c29 --- /dev/null +++ b/lass/1systems/helios/physical.nix @@ -0,0 +1,65 @@ +{ + imports = [ + ./config.nix + { # automatic hardware detection + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = { + device = "/dev/pool/root"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/1F60-17C6"; + fsType = "vfat"; + }; + + fileSystems."/home" = { + device = "/dev/pool/home"; + fsType = "btrfs"; + }; + + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + + nix.maxJobs = lib.mkDefault 8; + } + { # crypto stuff + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + devices = [{ + name = "luksroot"; + device = "/dev/nvme0n1p3"; + }]; + }; + } + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.wireless.enable = true; + hardware.enableRedistributableFirmware = true; + + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0" + ''; + + services.xserver.videoDrivers = [ "nvidia" ]; + services.xserver.xrandrHeads = [ + { output = "DP-2"; primary = true; } + { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; } + { output = "DP-0"; } + ]; + + services.xserver.displayManager.sessionCommands = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal + ''; +} -- cgit v1.2.3 From 8642d7c3bcd6edcfc63a3837b4985dd7380bfdb2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 13 May 2018 19:52:22 +0200 Subject: l helios.r: remove maxJobs --- lass/1systems/helios/physical.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass/1systems/helios') diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix index 549506c29..a224f81df 100644 --- a/lass/1systems/helios/physical.nix +++ b/lass/1systems/helios/physical.nix @@ -25,8 +25,6 @@ fsType = "tmpfs"; options = ["nosuid" "nodev" "noatime"]; }; - - nix.maxJobs = lib.mkDefault 8; } { # crypto stuff boot.initrd.luks = { -- cgit v1.2.3 From 364c99bd295e2a44170991cd94d39a1cd546a128 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 13 May 2018 20:38:10 +0200 Subject: l helios.r: import pkgs --- lass/1systems/helios/physical.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems/helios') diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix index a224f81df..a5212454f 100644 --- a/lass/1systems/helios/physical.nix +++ b/lass/1systems/helios/physical.nix @@ -1,3 +1,4 @@ +{ pkgs, ... }: { imports = [ ./config.nix -- cgit v1.2.3