summaryrefslogtreecommitdiffstats
path: root/makefu/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-11-28 19:06:54 +0100
committertv <tv@krebsco.de>2017-11-28 19:06:54 +0100
commit05bc20b893ff6d441d7e8e10802134d2192e724a (patch)
tree1c34434d71eb2e3e3ced9ade09ee4b5879cc63cd /makefu/1systems
parent5163d8eba27976ccccf7703b52eb1b8f4c0295af (diff)
parent10a96c644898d9498e9f75fa543ebb395ffbca20 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/1systems')
-rw-r--r--makefu/1systems/darth/config.nix41
-rw-r--r--makefu/1systems/gum/config.nix17
-rw-r--r--makefu/1systems/latte/config.nix2
-rw-r--r--makefu/1systems/omo/config.nix2
-rw-r--r--makefu/1systems/tsp/config.nix42
-rw-r--r--makefu/1systems/wbob/config.nix5
-rw-r--r--makefu/1systems/x/config.nix13
7 files changed, 75 insertions, 47 deletions
diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix
index 7accb13d3..046c1574c 100644
--- a/makefu/1systems/darth/config.nix
+++ b/makefu/1systems/darth/config.nix
@@ -2,6 +2,8 @@
with import <stockholm/lib>;
let
+ # all the good stuff resides in /data
+
byid = dev: "/dev/disk/by-id/" + dev;
rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN";
bootPart = rootDisk + "-part1";
@@ -21,44 +23,23 @@ in {
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/stats/client.nix>
- <stockholm/makefu/2configs/nsupdate-data.nix>
-
- # SIEM
- #<stockholm/makefu/2configs/tinc/siem.nix>
- # {services.tinc.networks.siem = {
- # name = "sdarth";
- # extraConfig = "ConnectTo = sjump";
- # };
- # }
+ # <stockholm/makefu/2configs/nsupdate-data.nix>
- # {
- # makefu.forward-journal = {
- # enable = true;
- # src = "10.8.10.2";
- # dst = "10.8.10.6";
- # };
- # }
-
- ## Sharing
- # <stockholm/makefu/2configs/share/temp-share-samba.nix>
- #{
- # services.samba.shares = {
- # isos = {
- # path = "/data/isos/";
- # "read only" = "yes";
- # browseable = "yes";
- # "guest ok" = "yes";
- # };
- # };
- #}
<stockholm/makefu/2configs/share/anon-ftp.nix>
+
+ # lan party
+ <stockholm/makefu/2configs/lanparty/lancache.nix>
+ <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
+ <stockholm/makefu/2configs/lanparty/samba.nix>
+ <stockholm/makefu/2configs/lanparty/mumble-server.nix>
+ <stockholm/makefu/2configs/virtualisation/libvirt.nix>
];
#networking.firewall.enable = false;
makefu.server.primary-itf = "enp0s25";
- krebs.hidden-ssh.enable = true;
+ # krebs.hidden-ssh.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index e769b1e22..98d5d2988 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -2,16 +2,22 @@
with import <stockholm/lib>;
let
- external-mac = "3a:66:48:8e:82:b2";
+ # hw-specific
+ external-mac = "2a:c5:6e:d2:fc:7f";
+ main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
+ external-gw = "185.194.140.1";
+ # single partition, label "nixos"
+ # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
+
+
+ # static
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
- external-gw = "188.68.40.1";
external-gw6 = "fe80::1";
external-netmask = 22;
external-netmask6 = 64;
- ext-if = "et0"; # gets renamed on the fly
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
- main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
+ ext-if = "et0"; # gets renamed on the fly
in {
imports = [
<stockholm/makefu>
@@ -19,6 +25,7 @@ in {
<stockholm/makefu/2configs/headless.nix>
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
+
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
<stockholm/makefu/2configs/backup.nix>
# <stockholm/makefu/2configs/mattermost-docker.nix>
@@ -76,7 +83,7 @@ in {
# <stockholm/makefu/2configs/logging/client.nix>
# Temporary:
- <stockholm/makefu/2configs/temp/rst-issue.nix>
+ # <stockholm/makefu/2configs/temp/rst-issue.nix>
];
makefu.dl-dir = "/var/download";
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index 3b06660c6..5352b029f 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -18,7 +18,7 @@ in {
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
- <stockholm/makefu/2configs/stats/client.nix>
+ # <stockholm/makefu/2configs/stats/client.nix>
# Tools
<stockholm/makefu/2configs/tools/core.nix>
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index a22ff10bd..1d157460b 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -82,7 +82,7 @@ in {
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
# Temporary:
- <stockholm/makefu/2configs/temp/rst-issue.nix>
+ # <stockholm/makefu/2configs/temp/rst-issue.nix>
];
makefu.full-populate = true;
makefu.server.primary-itf = primaryInterface;
diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix
index 75a11d3a7..7b751e514 100644
--- a/makefu/1systems/tsp/config.nix
+++ b/makefu/1systems/tsp/config.nix
@@ -1,20 +1,20 @@
#
#
#
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
{
imports =
[ # Include the results of the hardware scan.
<stockholm/makefu>
- <stockholm/makefu/2configs/gui/base.nix>
+ <stockholm/makefu/2configs/main-laptop.nix>
+ <stockholm/makefu/2configs/tools/all.nix>
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
# hardware specifics are in here
# imports tp-x2x0.nix
- <stockholm/makefu/2configs/hw/tp-x200.nix>
+ # <stockholm/makefu/2configs/hw/tp-x200.nix>
- <stockholm/makefu/2configs/disable_v6.nix>
- <stockholm/makefu/2configs/rad1o.nix>
+ # <stockholm/makefu/2configs/rad1o.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
@@ -22,9 +22,41 @@
];
# not working in vm
krebs.build.host = config.krebs.hosts.tsp;
+ boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
+ boot.loader.grub.copyKernels = true;
networking.firewall.allowedTCPPorts = [
25
];
+ # acer aspire
+ networking.wireless.enable = lib.mkDefault true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ hardware.cpu.intel.updateMicrocode = true;
+
+ zramSwap.enable = true;
+ zramSwap.numDevices = 2;
+
+ services.tlp.enable = true;
+ services.tlp.extraConfig = ''
+ # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
+ START_CHARGE_THRESH_BAT0=67
+ STOP_CHARGE_THRESH_BAT0=100
+
+
+ CPU_SCALING_GOVERNOR_ON_AC=performance
+ CPU_SCALING_GOVERNOR_ON_BAT=ondemand
+ CPU_MIN_PERF_ON_AC=0
+ CPU_MAX_PERF_ON_AC=100
+ CPU_MIN_PERF_ON_BAT=0
+ CPU_MAX_PERF_ON_BAT=30
+ '';
+
+ powerManagement.resumeCommands = ''
+ ${pkgs.rfkill}/bin/rfkill unblock all
+ '';
+
}
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index 3a53b70cb..ac51fd9ca 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -24,9 +24,12 @@ in {
# <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
# <stockholm/makefu/2configs/audio/realtime-audio.nix>
# <stockholm/makefu/2configs/vncserver.nix>
- <stockholm/makefu/2configs/temp/rst-issue.nix>
+
# Services
<stockholm/makefu/2configs/remote-build/slave.nix>
+
+ # temporary
+ # <stockholm/makefu/2configs/temp/rst-issue.nix>
];
krebs = {
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index f7db75564..1dd1a070f 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -23,8 +23,6 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/deployment/wiki-irc-bot>
# <stockholm/makefu/2configs/torrent.nix>
- # <stockholm/makefu/2configs/lanparty/lancache.nix>
- # <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
# <stockholm/makefu/2configs/deployment/dirctator.nix>
# <stockholm/makefu/2configs/vncserver.nix>
# <stockholm/makefu/2configs/deployment/led-fader>
@@ -64,7 +62,7 @@ with import <stockholm/lib>;
<stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/exfat-nofuse.nix>
<stockholm/makefu/2configs/hw/wwan.nix>
- <stockholm/makefu/2configs/hw/stk1160.nix>
+ # <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix>
# Filesystem
@@ -75,6 +73,11 @@ with import <stockholm/lib>;
{
programs.adb.enable = true;
}
+ # temporary
+ # <stockholm/makefu/2configs/lanparty/lancache.nix>
+ # <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
+ # <stockholm/makefu/2configs/lanparty/samba.nix>
+ # <stockholm/makefu/2configs/lanparty/mumble-server.nix>
];
@@ -84,7 +87,6 @@ with import <stockholm/lib>;
nixpkgs.config.allowUnfree = true;
- environment.systemPackages = [ pkgs.passwdqc-utils ];
# configure pulseAudio to provide a HDMI sink as well
@@ -102,4 +104,7 @@ with import <stockholm/lib>;
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
+
+ nix.package = pkgs.nixUnstable;
+ environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
}