From d04c6be43d5c63f98a0c89aad512f19f1ffa6329 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 6 Dec 2018 14:20:04 +0100
Subject: l prism.r: add dnsmasq for wireguard

---
 lass/1systems/prism/config.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'lass')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index e2097e93a..83cc96771 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -323,6 +323,15 @@ with import <stockholm/lib>;
           }
         ];
       };
+      services.dnsmasq = {
+        enable = true;
+        resolveLocalQueries = false;
+
+        extraConfig= ''
+          except-interface=lo
+          interface=wg0
+        '';
+      };
     }
     {
       krebs.iptables.tables.filter.INPUT.rules = [
-- 
cgit v1.2.3


From 9e632ce4905fe46d285ad36f0e5b8a90f5d53dfd Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 16:54:00 +0100
Subject: l: add wirelum.nix

---
 lass/2configs/default.nix |  1 +
 lass/2configs/wirelum.nix | 44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 lass/2configs/wirelum.nix

(limited to 'lass')

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index a43113177..dea32d4d4 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -10,6 +10,7 @@ with import <stockholm/lib>;
     ./zsh.nix
     ./htop.nix
     ./security-workarounds.nix
+    ./wirelum.nix
     {
       users.extraUsers =
         mapAttrs (_: h: { hashedPassword = h; })
diff --git a/lass/2configs/wirelum.nix b/lass/2configs/wirelum.nix
new file mode 100644
index 000000000..cd8a20c6b
--- /dev/null
+++ b/lass/2configs/wirelum.nix
@@ -0,0 +1,44 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+  self = config.krebs.build.host.nets.wirelum;
+  isRouter = !isNull self.via;
+
+in mkIf (hasAttr "wirelum" config.krebs.build.host.nets) {
+  #hack for modprobe inside containers
+  systemd.services."wireguard-wirelum".path = mkIf config.boot.isContainer (mkBefore [
+    (pkgs.writeDashBin "modprobe" ":")
+  ]);
+
+  boot.kernel.sysctl = mkIf isRouter {
+    "net.ipv6.conf.all.forwarding" = 1;
+  };
+  krebs.iptables.tables.filter.INPUT.rules = [
+     { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
+  ];
+  krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
+    { precedence = 1000; predicate = "-i wirelum -o wirelum"; target = "ACCEPT"; }
+  ];
+
+  networking.wireguard.interfaces.wirelum = {
+    ips =
+      (optional (!isNull self.ip4) self.ip4.addr) ++
+      (optional (!isNull self.ip6) self.ip6.addr);
+    listenPort = 51820;
+    privateKeyFile = (toString <secrets>) + "/wirelum.key";
+    allowedIPsAsRoutes = true;
+    peers = mapAttrsToList
+      (_: host: {
+        allowedIPs = if isRouter then
+          (optional (!isNull host.nets.wirelum.ip4) host.nets.wirelum.ip4.addr) ++
+          (optional (!isNull host.nets.wirelum.ip6) host.nets.wirelum.ip6.addr)
+        else
+          host.nets.wirelum.wireguard.subnets
+        ;
+        endpoint = mkIf (!isNull host.nets.wirelum.via) (host.nets.wirelum.via.ip4.addr + ":${toString host.nets.wirelum.wireguard.port}");
+        persistentKeepalive = mkIf (!isNull host.nets.wirelum.via) 61;
+        publicKey = host.nets.wirelum.wireguard.pubkey;
+      })
+      (filterAttrs (_: h: hasAttr "wirelum" h.nets) config.krebs.hosts);
+  };
+}
-- 
cgit v1.2.3


From 5d321689af3fd207a72ea73280add7689dc8d8c5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 16:55:00 +0100
Subject: l prism.r: dedup with wirelum.nix

---
 lass/1systems/prism/config.nix | 26 +++++++-------------------
 1 file changed, 7 insertions(+), 19 deletions(-)

(limited to 'lass')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 83cc96771..ec3976519 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -297,37 +297,25 @@ with import <stockholm/lib>;
       };
     }
     {
-      krebs.iptables.tables.filter.INPUT.rules = [
-         { predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
-      ];
-      krebs.iptables.tables.nat.PREROUTING.rules = [
-        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+      imports = [
+        <stockholm/lass/2configs/wirelum.nix>
       ];
+      #krebs.iptables.tables.nat.PREROUTING.rules = [
+      #  { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+      #];
       krebs.iptables.tables.filter.FORWARD.rules = [
-        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; }
         { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
       ];
       krebs.iptables.tables.nat.POSTROUTING.rules = [
         { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
       ];
-      networking.wireguard.interfaces.wg0 = {
-        ips = [ "10.244.1.1/24" ];
-        listenPort = 51820;
-        privateKeyFile = (toString <secrets>) + "/wireguard.key";
-        allowedIPsAsRoutes = true;
-        peers = [
-          {
-            # lass-android
-            allowedIPs = [ "10.244.1.2/32" ];
-            publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
-          }
-        ];
-      };
       services.dnsmasq = {
         enable = true;
         resolveLocalQueries = false;
 
         extraConfig= ''
+          listen-address=10.244.1.1
           except-interface=lo
           interface=wg0
         '';
-- 
cgit v1.2.3


From 1a3980bf2eeeb925305312f68e2b8033fc8af78d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:03:44 +0100
Subject: l yellow.r: fix transmission stuff

---
 lass/1systems/yellow/config.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index ff7b23687..58fa564a1 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -19,7 +19,11 @@ with import <stockholm/lib>;
   users.groups.download.members = [ "transmission" ];
   users.users.transmission.group = mkForce "download";
 
-  systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ];
+  systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ];
+  systemd.services.transmission.after = [ "openvpn-nordvpn.service" ];
+  systemd.services.transmission.postStart = ''
+    chmod 775 /var/download/finished
+  '';
   services.transmission = {
     enable = true;
     settings = {
@@ -52,6 +56,9 @@ with import <stockholm/lib>;
           autoindex on;
         '';
       };
+      locations."/dl".extraConfig = ''
+        return 301 /;
+      '';
       locations."/" = {
         root = "/var/download/finished";
         extraConfig = ''
-- 
cgit v1.2.3


From 848ababbe1d050b12ca98da2ca713e7de7eca286 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:04:02 +0100
Subject: l: add more mails

---
 lass/2configs/exim-smarthost.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass')

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 1ee45bb41..1acfe5056 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -94,6 +94,7 @@ with import <stockholm/lib>;
       { from = "osmocom@lassul.us"; to = lass.mail; }
       { from = "lesswrong@lassul.us"; to = lass.mail; }
       { from = "nordvpn@lassul.us"; to = lass.mail; }
+      { from = "csv-direct@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
-- 
cgit v1.2.3


From 72e9832f73ba27aafe0fe819d8dc160235222897 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:04:13 +0100
Subject: l games: add dolhinEmu to pkgs

---
 lass/2configs/games.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass')

diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 49602898e..62e3f6d52 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -57,6 +57,7 @@ let
 
 in {
   environment.systemPackages = with pkgs; [
+    dolphinEmu
     doom1
     doom2
     vdoom1
-- 
cgit v1.2.3


From dfa8e29fd82219849676244b3e90574cfaf7fe2c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:07:53 +0100
Subject: l: rebind capslock, enable libinput

---
 lass/2configs/baseX.nix | 4 ++--
 lass/2configs/mouse.nix | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

(limited to 'lass')

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index d781f8c71..53d90ed7d 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -97,9 +97,9 @@ in {
     enable = true;
     layout = "us";
     display = mkForce 0;
-    xkbModel = "evdev";
     xkbVariant = "altgr-intl";
-    xkbOptions = "caps:backspace";
+    xkbOptions = "caps:escape";
+    libinput.enable = true;
     displayManager.lightdm.enable = true;
     windowManager.default = "xmonad";
     windowManager.session = [{
diff --git a/lass/2configs/mouse.nix b/lass/2configs/mouse.nix
index 098809d62..f5f9319ed 100644
--- a/lass/2configs/mouse.nix
+++ b/lass/2configs/mouse.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
 {
   hardware.trackpoint = {
     enable = true;
@@ -7,6 +7,7 @@
     emulateWheel = true;
   };
 
+  services.xserver.libinput.enable = lib.mkForce false;
   services.xserver.synaptics = {
     enable = true;
     horizEdgeScroll = false;
-- 
cgit v1.2.3


From 30772247c0e629d443fb62bc566f3651be1157c1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:12:34 +0100
Subject: l: add morpheus.r

---
 lass/1systems/morpheus/config.nix   | 33 +++++++++++++++++++++++++++++++++
 lass/1systems/morpheus/physical.nix | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 65 insertions(+)
 create mode 100644 lass/1systems/morpheus/config.nix
 create mode 100644 lass/1systems/morpheus/physical.nix

(limited to 'lass')

diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix
new file mode 100644
index 000000000..0d82ba611
--- /dev/null
+++ b/lass/1systems/morpheus/config.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+  imports = [
+    <stockholm/lass>
+
+    <stockholm/lass/2configs/retiolum.nix>
+    <stockholm/lass/2configs/power-action.nix>
+    <stockholm/lass/2configs/baseX.nix>
+    <stockholm/lass/2configs/games.nix>
+    <stockholm/lass/2configs/steam.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.morpheus;
+
+  networking.wireless.enable = false;
+  networking.networkmanager.enable = true;
+
+  services.logind.extraConfig = ''
+    HandleLidSwitch=ignore
+  '';
+
+  nixpkgs.config.packageOverrides = super: {
+    steam = super.steam.override {
+      withPrimus = true;
+      extraPkgs = p: with p; [
+        glxinfo
+        nettools
+        bumblebee
+      ];
+    };
+  };
+}
diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix
new file mode 100644
index 000000000..0f08acb2d
--- /dev/null
+++ b/lass/1systems/morpheus/physical.nix
@@ -0,0 +1,32 @@
+{ lib, ... }:
+{
+  imports = [
+    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ./config.nix
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostId = "60ce7e88";
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2009"'' ];
+
+  hardware.bumblebee.enable = true;
+  hardware.bumblebee.group = "video";
+
+  fileSystems."/" =
+    { device = "rpool/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/DF3B-4528";
+      fsType = "vfat";
+    };
+
+  nix.maxJobs = lib.mkDefault 8;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
-- 
cgit v1.2.3


From dc64ec0307253b497afc4a99a5e6aca1f1a23be9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:26:41 +0100
Subject: l gen-secrets: add wirelum keys

---
 lass/5pkgs/l-gen-secrets/default.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'lass')

diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix
index b6cb2ec7e..5997dca09 100644
--- a/lass/5pkgs/l-gen-secrets/default.nix
+++ b/lass/5pkgs/l-gen-secrets/default.nix
@@ -8,6 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" ''
   ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
   ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
   ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
+  ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wirelum.key
+  ${pkgs.coreutils}/bin/cat $TMPDIR/wirelum.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wirelum.pub
   cat <<EOF > $TMPDIR/hashedPasswords.nix
   {
     root = "$HASHED_PASSWORD";
@@ -35,6 +37,15 @@ pkgs.writeDashBin "l-gen-secrets" ''
   $(cat $TMPDIR/retiolum.rsa_key.pub)
           ${"''"};
         };
+        wirelum = {
+          ip6.addr = (wip6 "changeme").address;
+          aliases = [
+            "$HOSTNAME.w"
+          ];
+          wireguard.pubkey = ${"''"}
+  $(cat $TMPDIR/wirelum.pub)
+          ${"''"};
+        };
       };
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
-- 
cgit v1.2.3


From 4d44efa2fceda1308dbe8207e8fd0f122cd64e19 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 12 Dec 2018 15:35:15 +0100
Subject: l: import network-manager only in mors

---
 lass/1systems/mors/config.nix | 1 +
 lass/2configs/baseX.nix       | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 207c7c640..46cdbbb66 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -34,6 +34,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/backup.nix>
     <stockholm/lass/2configs/print.nix>
     <stockholm/lass/2configs/blue-host.nix>
+    <stockholm/lass/2configs/network-manager.nix>
     {
       krebs.iptables.tables.filter.INPUT.rules = [
         #risk of rain
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 53d90ed7d..859a2a1b9 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -9,7 +9,6 @@ in {
     ./power-action.nix
     ./copyq.nix
     ./urxvt.nix
-    ./network-manager.nix
     {
       hardware.pulseaudio = {
         enable = true;
-- 
cgit v1.2.3