From 9c6c20f69e7b76e4231ffeae715d2ee5d453bb4d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 26 Jan 2021 20:23:51 +0100
Subject: ma x.r: enable service

---
 makefu/1systems/x/config.nix | 43 ++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 38 insertions(+), 5 deletions(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 4781af35..27d265f3 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -19,8 +19,37 @@
       <stockholm/makefu/2configs/editor/neovim>
       <stockholm/makefu/2configs/tools/all.nix>
       { programs.adb.enable = true; }
+      {
+        services.openssh.hostKeys = [
+          { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa";}
+        ];
+      }
+
+      #{
+      #  users.users.makefu.packages = with pkgs;[ mpc_cli ncmpcpp ];
+      #  services.ympd.enable = true;
+      #  services.mpd = {
+      #    enable = true;
+      #    extraConfig = ''
+      #      log_level "default"
+      #      auto_update "yes"
+
+      #      audio_output {
+      #        type "httpd"
+      #        name "lassulus radio"
+      #        encoder "vorbis" # optional
+      #        port "8000"
+      #        quality "5.0" # do not define if bitrate is defined
+      #        # bitrate "128" # do not define if quality is defined
+      #        format "44100:16:2"
+      #        always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
+      #        tags "yes" # httpd supports sending tags to listening streams.
+      #      }
+      #    '';
+      #  };
+      #}
 
-      { systemd.services.docker.wantedBy = lib.mkForce []; }
+      # { systemd.services.docker.wantedBy = lib.mkForce []; }
       <stockholm/makefu/2configs/dict.nix>
       # <stockholm/makefu/2configs/legacy_only.nix>
       #<stockholm/makefu/3modules/netboot_server.nix>
@@ -59,10 +88,13 @@
       # <stockholm/makefu/2configs/deployment/hound>
       # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
       # <stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
+      <stockholm/makefu/2configs/bureautomation/office-radio>
 
       # Krebs
       <stockholm/makefu/2configs/tinc/retiolum.nix>
-      # <stockholm/makefu/2configs/share/gum-client.nix>
+      # <stockholm/makefu/2configs/share/anon-ftp.nix>
+      # <stockholm/makefu/2configs/share/anon-sftp.nix>
+      <stockholm/makefu/2configs/share/gum-client.nix>
       # <stockholm/makefu/2configs/share/temp-share-samba.nix>
 
 
@@ -108,6 +140,7 @@
       <stockholm/makefu/2configs/hw/switch.nix>
       # <stockholm/makefu/2configs/hw/rad1o.nix>
       <stockholm/makefu/2configs/hw/cc2531.nix>
+      <stockholm/makefu/2configs/hw/droidcam.nix>
       <stockholm/makefu/2configs/hw/smartcard.nix>
       <stockholm/makefu/2configs/hw/upower.nix>
 
@@ -115,7 +148,7 @@
       <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
 
       # Security
-      <stockholm/makefu/2configs/sshd-totp.nix>
+      # <stockholm/makefu/2configs/sshd-totp.nix>
 
       # temporary
       # { services.redis.enable = true; }
@@ -158,8 +191,8 @@
 
   # configure pulseAudio to provide a HDMI sink as well
   networking.firewall.enable = true;
-  networking.firewall.allowedUDPPorts = [ 665 26061 ];
-  networking.firewall.trustedInterfaces = [ "vboxnet0" ];
+  networking.firewall.allowedUDPPorts = [ 665 26061 1514 ];
+  networking.firewall.trustedInterfaces = [ "vboxnet0" "enp0s25" ];
 
   krebs.build.host = config.krebs.hosts.x;
 
-- 
cgit v1.2.3


From 54cd4c84e5b05ef6dc5c175098610d5333ffbdcb Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 27 Jan 2021 22:59:21 +0100
Subject: ma x.r: split hardware config

---
 makefu/1systems/x/config.nix            | 51 ++++++++++++++++----------------
 makefu/1systems/x/x13/default.nix       | 52 +++++++++++++++++++++++++++++++++
 makefu/1systems/x/x13/input.nix         | 13 +++++++++
 makefu/1systems/x/x13/toggle_brightness |  8 +++++
 makefu/1systems/x/x13/zfs.nix           | 32 ++++++++++++++++++++
 makefu/1systems/x/x230/default.nix      | 19 ++++++++++++
 6 files changed, 149 insertions(+), 26 deletions(-)
 create mode 100644 makefu/1systems/x/x13/default.nix
 create mode 100644 makefu/1systems/x/x13/input.nix
 create mode 100644 makefu/1systems/x/x13/toggle_brightness
 create mode 100644 makefu/1systems/x/x13/zfs.nix
 create mode 100644 makefu/1systems/x/x230/default.nix

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 27d265f3..6c0388e5 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -4,7 +4,30 @@
 { config, pkgs, lib, ... }:
 {
   imports =
-    [ # base
+    [
+      # hardware-dependent
+      # device
+
+
+      ./x13
+      # ./x230
+
+      # Common Hardware Components
+
+      # <stockholm/makefu/2configs/hw/mceusb.nix>
+      # <stockholm/makefu/2configs/hw/rtl8812au.nix>
+      <stockholm/makefu/2configs/hw/network-manager.nix>
+      # <stockholm/makefu/2configs/hw/stk1160.nix>
+      # <stockholm/makefu/2configs/hw/irtoy.nix>
+      # <stockholm/makefu/2configs/hw/malduino_elite.nix>
+      <stockholm/makefu/2configs/hw/switch.nix>
+      # <stockholm/makefu/2configs/hw/rad1o.nix>
+      <stockholm/makefu/2configs/hw/cc2531.nix>
+      <stockholm/makefu/2configs/hw/droidcam.nix>
+      <stockholm/makefu/2configs/hw/smartcard.nix>
+      <stockholm/makefu/2configs/hw/upower.nix>
+
+      # base
       <stockholm/makefu>
       <stockholm/makefu/2configs/nur.nix>
       <stockholm/makefu/2configs/home-manager>
@@ -107,7 +130,7 @@
       # Virtualization
       # <stockholm/makefu/2configs/virtualisation/libvirt.nix>
       <stockholm/makefu/2configs/virtualisation/docker.nix>
-      <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
+      # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
       #{
       #  networking.firewall.allowedTCPPorts = [ 8080 ];
       #  networking.nat = {
@@ -128,24 +151,7 @@
       <stockholm/makefu/2configs/binary-cache/gum.nix>
       <stockholm/makefu/2configs/binary-cache/lass.nix>
 
-      # Hardware
-      <stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth
-      # <stockholm/makefu/2configs/hw/mceusb.nix>
-      <stockholm/makefu/2configs/hw/tpm.nix>
-      # <stockholm/makefu/2configs/hw/rtl8812au.nix>
-      <stockholm/makefu/2configs/hw/network-manager.nix>
-      # <stockholm/makefu/2configs/hw/stk1160.nix>
-      # <stockholm/makefu/2configs/hw/irtoy.nix>
-      # <stockholm/makefu/2configs/hw/malduino_elite.nix>
-      <stockholm/makefu/2configs/hw/switch.nix>
-      # <stockholm/makefu/2configs/hw/rad1o.nix>
-      <stockholm/makefu/2configs/hw/cc2531.nix>
-      <stockholm/makefu/2configs/hw/droidcam.nix>
-      <stockholm/makefu/2configs/hw/smartcard.nix>
-      <stockholm/makefu/2configs/hw/upower.nix>
 
-      # Filesystem
-      <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
 
       # Security
       # <stockholm/makefu/2configs/sshd-totp.nix>
@@ -182,7 +188,6 @@
       }
     ];
 
-  makefu.server.primary-itf = "wlp3s0";
 
   nixpkgs.config.allowUnfree = true;
   nixpkgs.config.oraclejdk.accept_license = true;
@@ -198,12 +203,6 @@
 
   krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ];
 
-  # hard dependency because otherwise the device will not be unlocked
-  boot.initrd.luks.devices.luksroot =
-  {
-      device = "/dev/sda2";
-      allowDiscards = true;
-  };
 
   environment.systemPackages = [ pkgs.passwdqc-utils ];
 
diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix
new file mode 100644
index 00000000..b0400232
--- /dev/null
+++ b/makefu/1systems/x/x13/default.nix
@@ -0,0 +1,52 @@
+{ pkgs, lib, ... }:
+# new zfs deployment
+{
+  imports = [
+    ./zfs.nix
+    ./input.nix
+    <stockholm/makefu/2configs/hw/bluetooth.nix>
+    <nixos-hardware/lenovo/thinkpad/l14/amd> # close enough
+    # <stockholm/makefu/2configs/hw/tpm.nix>
+    <stockholm/makefu/2configs/hw/ssd.nix>
+  ];
+  boot.zfs.requestEncryptionCredentials = true;
+  networking.hostId = "f8b8e0a2";
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # services.xserver.enable = lib.mkForce false;
+
+  services.xserver.videoDrivers = [
+    "amdgpu"
+  ];
+  hardware.opengl.extraPackages = [ pkgs.amdvlk ];
+  # is required for amd graphics support ( xorg wont boot otherwise )
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  environment.variables.VK_ICD_FILENAMES =
+    "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
+
+
+  programs.light.enable = true;
+  services.actkbd = {
+    enable = true;
+    bindings = [
+      { keys = [ 225 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -A 10"; }
+      { keys = [ 224 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -U 10"; }
+      { keys = [ 227 ]; events = [ "key" ]; command = builtins.toString (
+        pkgs.writers.writeDash "toggle_lcdshadow" ''
+          proc=/proc/acpi/ibm/lcdshadow
+          status=$(${pkgs.gawk}/bin/awk '/status:/{print $2}' "$proc")
+          if [ "$status" -eq 0 ];then
+            echo 1 > "$proc"
+          else
+            echo 0 > "$proc"
+          fi
+        '');
+      }
+    ];
+  };
+
+  users.groups.video = {};
+  users.users.makefu.extraGroups = [ "video" ];
+}
+
diff --git a/makefu/1systems/x/x13/input.nix b/makefu/1systems/x/x13/input.nix
new file mode 100644
index 00000000..68b855d8
--- /dev/null
+++ b/makefu/1systems/x/x13/input.nix
@@ -0,0 +1,13 @@
+{
+  # current issues:
+  #  1. for pressing insert hold shift+fn+Fin
+
+  # scroll by holding middle mouse
+  services.xserver.displayManager.sessionCommands =''
+      xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation" 8 1
+      xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Button" 8 2
+      xinput set-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
+      # configure timeout of pressing and holding middle button
+      # xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Timeout" 8 200
+  '';
+}
diff --git a/makefu/1systems/x/x13/toggle_brightness b/makefu/1systems/x/x13/toggle_brightness
new file mode 100644
index 00000000..dc1436cb
--- /dev/null
+++ b/makefu/1systems/x/x13/toggle_brightness
@@ -0,0 +1,8 @@
+#!/bin/sh
+proc=/proc/acpi/ibm/lcdshadow
+status=$(awk '/status:/{print $2}' "$proc")
+if [ "$status" -eq 0 ];then
+  echo 1 > "$proc"
+else
+  echo 0 > "$proc"
+fi
diff --git a/makefu/1systems/x/x13/zfs.nix b/makefu/1systems/x/x13/zfs.nix
new file mode 100644
index 00000000..adfebbf9
--- /dev/null
+++ b/makefu/1systems/x/x13/zfs.nix
@@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "zroot/root/nixos";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/20BF-2755";
+      fsType = "vfat";
+    };
+
+  fileSystems."/home" =
+    { device = "zroot/root/home";
+      fsType = "zfs";
+    };
+
+  swapDevices = [ ];
+}
diff --git a/makefu/1systems/x/x230/default.nix b/makefu/1systems/x/x230/default.nix
new file mode 100644
index 00000000..c2a635ca
--- /dev/null
+++ b/makefu/1systems/x/x230/default.nix
@@ -0,0 +1,19 @@
+{
+  imports = [
+     <stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth
+     <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
+
+    <stockholm/makefu/2configs/hw/tpm.nix>
+    <stockholm/makefu/2configs/hw/ssd.nix>
+
+     # hard dependency because otherwise the device will not be unlocked
+     {
+      boot.initrd.luks.devices.luksroot =
+      {
+          device = "/dev/sda2";
+          allowDiscards = true;
+      };
+     }
+     { makefu.server.primary-itf = "wlp3s0"; }
+  ];
+}
-- 
cgit v1.2.3


From 0088e2b3cf88e21278b104fc2035d0b073f8bec9 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 27 Jan 2021 23:00:02 +0100
Subject: ma gumr.: enable workadventure

---
 makefu/1systems/gum/config.nix          | 30 ++++++++++++++++++++++--------
 makefu/1systems/gum/hardware-config.nix |  2 +-
 2 files changed, 23 insertions(+), 9 deletions(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index f65c6672..2fd99122 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -65,7 +65,7 @@ in {
         };
         networking.firewall = {
           allowedTCPPorts =
-          [
+            [
             53
             655
             21031
@@ -83,6 +83,9 @@ in {
       # <stockholm/makefu/2configs/exim-retiolum.nix>
       <stockholm/makefu/2configs/git/cgit-retiolum.nix>
 
+      ### systemdUltras ###
+      <stockholm/makefu/2configs/systemdultras/ircbot.nix>
+
       ###### Shack #####
       # <stockholm/makefu/2configs/shack/events-publisher>
       # <stockholm/makefu/2configs/shack/gitlab-runner>
@@ -98,7 +101,7 @@ in {
       { krebs.exim.enable = mkDefault true; }
 
       # sharing
-      <stockholm/makefu/2configs/share/gum.nix>
+      <stockholm/makefu/2configs/share/gum.nix> # samba sahre
       <stockholm/makefu/2configs/torrent.nix>
       <stockholm/makefu/2configs/sickbeard>
 
@@ -145,7 +148,10 @@ in {
       <stockholm/makefu/2configs/deployment/gecloudpad>
       <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
       <stockholm/makefu/2configs/deployment/docker/etherpad.euer.krebsco.de.nix>
+      # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
+
       <stockholm/makefu/2configs/shiori.nix>
+      <stockholm/makefu/2configs/workadventure>
 
       <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
       <stockholm/makefu/2configs/bgt/hidden_service.nix>
@@ -177,12 +183,19 @@ in {
     { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
     { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
   ###### stable
-
-  services.nginx.virtualHosts."cgit.euer.krebsco.de" = {
-    forceSSL = true;
-    enableACME = true;
-    locations."/".proxyPass = "http://localhost/";
-    locations."/".extraConfig = ''proxy_set_header Host cgit;'';
+  security.acme.certs."cgit.euer.krebsco.de" = {
+    email = "letsencrypt@syntax-fehler.de";
+    webroot = "/var/lib/acme/acme-challenge";
+    group = "nginx";
+  };
+  services.nginx.virtualHosts."cgit" = {
+    serverAliases = [ "cgit.euer.krebsco.de" ];
+    addSSL = true;
+    sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
+    sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
+    locations."/.well-known/acme-challenge".extraConfig = ''
+      root /var/lib/acme/acme-challenge;
+    '';
   };
 
   krebs.build.host = config.krebs.hosts.gum;
@@ -190,6 +203,7 @@ in {
   # Network
   networking = {
     firewall = {
+        allowedTCPPorts = [ 80 443 ];
         allowPing = true;
         logRefusedConnections = false;
     };
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
index 2d7efe9c..1881329c 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -69,7 +69,7 @@ in {
     fsType = "ext4";
     options = [ "nofail" ];
   };
-  fileSystems."/var/www/o.euer.krebsco.de" = {
+  fileSystems."/var/lib/nextcloud/data" = {
     device = "/dev/nixos/nextcloud";
     fsType = "ext4";
     options = [ "nofail" ];
-- 
cgit v1.2.3