diff options
54 files changed, 764 insertions, 402 deletions
diff --git a/kartei/janik/default.nix b/kartei/janik/default.nix new file mode 100644 index 000000000..44ec9b0a8 --- /dev/null +++ b/kartei/janik/default.nix @@ -0,0 +1,38 @@ +with import ../../lib; +{ config, ... }: let + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }); +in { + users.janik = { + mail = "retiolum.janik@aq0.de"; + }; + hosts.hertz = { + owner = config.krebs.users.janik; + nets.retiolum = { + aliases = [ "hertz.janik.r" ]; + ip6.addr = (lib.krebs.genipv6 "retiolum" "janik" { hostName = "hertz"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA0mqxrdVU9wFhNZYGWEknJpKV4yIodNlaCIKDPVhU5wmlzh2szKUS + V3PzyEAo4DaQCZXdpj1jS9ddN+yLj68K4k4LRLuCyXep0GcFM1mUKQTBOxa3VF+W + oRaSUAVHib/jUiX08BIxYBDwiCUPSdEBUHWftnc8WYvjthPkOOuGAvs1w9ZBs6qC + ftkVJT5rt8cU9VsXPqRRauVHb9wH1M41p5/3HtBAgVBtCDp/qXmABW0rbXEKtwmv + +hzZoMvxTm05cAE7O2UlluERdnheKkBXWuBYR4aC9BQQH54kIShByOZYYACWuGGA + oHHqITYwWh+42wacAKCkTZ6kHoIQrU+uDypQ24YBhxbqUiGTspGbfO/jDHxxjgrd + Aauxil2YNQNclEZuWFD4Hlt2Y29jDh7uQwBbOl3dmTLvXr8qTA5HQIsf9uuOrvu9 + uejj8VMIUHxdSZi8oH3+4XOH43DAGWM2pZogE+jeZtc2hPjqz1XZ40tXBPfEeUr4 + VE4l1q4m9ynEMZbMZjyDGxX4Yo9htgJmKGk3LQ0ufbOo5CQM/lqzAZVYDKBlW7ka + rTgh9ZwMmd3/5ije3nI94Bd+2x+TLJ8ESCloqLYGZ0HaIRU1b5JX5a44+OPq5obB + sClD3CzaqMDkoEDBWrEyst8VkqZUWKmicnWtZapNWW67mjXBtzUQmOUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "iT84cW45GuGqsEGgtVwGwe36iGFAha/orKcyZp8VbxH"; + }; + }; +} diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix index e5b12f1cb..d4806534f 100644 --- a/kartei/lass/default.nix +++ b/kartei/lass/default.nix @@ -29,7 +29,7 @@ in { users = rec { lass = lass-yubikey; lass-yubikey = { - mail = "lass@lassul.us"; + mail = "lass@green.r"; pubkey = builtins.readFile ./ssh/yubikey.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp; }; diff --git a/kartei/lass/mors.nix b/kartei/lass/mors.nix index c483fe5a3..f3a4b2447 100644 --- a/kartei/lass/mors.nix +++ b/kartei/lass/mors.nix @@ -1,5 +1,6 @@ { r6, w6, ... }: { + consul = false; nets = { retiolum = { ip4.addr = "10.243.0.2"; diff --git a/kartei/lass/neoprism.nix b/kartei/lass/neoprism.nix index 9538c3003..a122fa207 100644 --- a/kartei/lass/neoprism.nix +++ b/kartei/lass/neoprism.nix @@ -20,6 +20,7 @@ ip6.addr = r6 "99"; aliases = [ "neoprism.r" + "cache.neoprism.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix index ac7974731..ecb56264f 100644 --- a/kartei/lass/prism.nix +++ b/kartei/lass/prism.nix @@ -14,31 +14,31 @@ rec { @ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300) 60 IN NS ns16.ovh.net. 60 IN NS dns16.ovh.net. - 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} + 60 IN A ${nets.internet.ip4.addr} + 60 IN AAAA ${nets.internet.ip4.addr} IN MX 5 mail.lassul.us. 60 IN TXT "v=spf1 mx -all" 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" - cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + cache 60 IN A ${nets.internet.ip4.addr} + cgit 60 IN A ${nets.internet.ip4.addr} + pad 60 IN A ${nets.internet.ip4.addr} + codi 60 IN A ${nets.internet.ip4.addr} + go 60 IN A ${nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. - ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - mail 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} - flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - schrott 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + ions 60 IN A ${nets.internet.ip4.addr} + lol 60 IN A ${nets.internet.ip4.addr} + matrix 60 IN A ${nets.internet.ip4.addr} + paste 60 IN A ${nets.internet.ip4.addr} + radio 60 IN A ${nets.internet.ip4.addr} + jitsi 60 IN A ${nets.internet.ip4.addr} + streaming 60 IN A ${nets.internet.ip4.addr} + mumble 60 IN A ${nets.internet.ip4.addr} + mail 60 IN A ${nets.internet.ip4.addr} + mail 60 IN AAAA ${nets.internet.ip6.addr} + flix 60 IN A ${nets.internet.ip4.addr} + testing 60 IN A ${nets.internet.ip4.addr} + schrott 60 IN A ${nets.internet.ip4.addr} ''; }; nets = rec { diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix index 5b9d41413..720b362fd 100644 --- a/kartei/mic92/default.nix +++ b/kartei/mic92/default.nix @@ -476,15 +476,21 @@ in { aliases = [ "ryan.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0RE5jmBiEGmaYLVFmpCyVvlb6K3Zh2uxh7sVm44k31d9PEHHm4Wz - HQH+ueaefGVu19xLRJQGu4ZMl7oRbb5awiqKdSGgInhQaNzxUIHW4cCCdOVkgZSy - NjI9LMcc8tQtkoFGt6OhAzaViuGMo+aJAkLuXNf8hz5uR2flqQEeKfG5Kc7Z1DAQ - QNoBRtY0pltyK2y/Ip8cZ9cdxR5oLww67ykhY+eLy9tZLfKs6uWSq+2CV0cpNNQ9 - Sh8fSbkjb4+JkxWAHDOyAnwFxnxstMcW0cscOW7nXYDi5IpvvesJlk698un7bLhm - vCkAd+WiNuTGfs9t0r6FDDVDREBhNk1sLwIDAQAB + MIICCgKCAgEApu7U9HP1Uo+kTDI+KTCs+YFLcSYct1qPuMkntKonYgdiW9Z4Ud99 + tU0VmJWdDnKaRxIcjC2Bmy342G3QN+UgdnTxyEWggWRKHUDjWMXBuj5n+uBgzTyM + XDwuQR7RZmStBG6vDRIQWL07/b0u/wzyrhXDERx7o2msOLfnaU271aVrDM/Y67fL + PMfKBtfckv7+W5e7KspJRIyhj7mqXMsSHaroqgoikK+Xyv44OxlklV7VnmACaNLf + Yg0AiSjIrMtkTQ85m9t6q147lWBKlAK7yqEHUPyVNGMf/Mh6M1Xg1t0oc9hcb7/F + VAPNbwFiwm0rR8ugjW5Gn5i/uZDeDDSQcc8m1tsB+86peuS16sfOXZewXH9bYDFo + 9n28+vFjyF5FRI1J6fAjneFm5PyoLvowgwvVECEDRgUF2+ySwfWawF+LPDpRZiZ4 + NfHN2qT81QWa1UfWdaudCYbwMK5iQskCUtRw20ABsR0Kg6oHGG/uiLZ4pYReeM/n + agefDCe9PN5bkjonwOxN2klV8QgYQeznm1gdsFjMdvJUcba2kZICpRy8Wx9Sc0ai + oO8HKLqRoO5sV4Nv1FcY6EFq05AR1PPt6LoE0AY5REwVuNZSyiBp8lzzDj2E3JYf + obeZ8RtCYmNkXL3I+wfm/73SrIrX/ombqeaWGJB/rX2DEwco0IFau4ECAwEAAQ== -----END RSA PUBLIC KEY----- ''; - tinc.pubkey_ed25519 = "sOD149OLZ2yUEjRpwbGdwHULKF2qNY3F+9AsEi1G0ZM"; + + tinc.pubkey_ed25519 = "/KoqKeQsdRWnhva7/YTX65mUxuyKaFNjA8LlxmAUQXP"; }; }; }; diff --git a/kartei/tv/hosts/wu.nix b/kartei/tv/hosts/wu.nix deleted file mode 100644 index d03886f14..000000000 --- a/kartei/tv/hosts/wu.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - ci = true; - nets = { - retiolum = { - ip4.addr = "10.243.13.37"; - aliases = [ - "wu.r" - "cgit.wu.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn - M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg - GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT - KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4 - 4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik - AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "urVOEGxTkBedkpszPH0XRCRMk+Fc2U9IneYMFDqGoIB"; - }; - }; - secure = true; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; -} diff --git a/kartei/tv/wiregrill/wu.pub b/kartei/tv/wiregrill/wu.pub deleted file mode 100644 index 0d25d9de9..000000000 --- a/kartei/tv/wiregrill/wu.pub +++ /dev/null @@ -1 +0,0 @@ -68bL6l3/sjbirva80tm0Dw6/PJu1S95nJC58gWCh42E= diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 931ebe70b..a4f22d39c 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -113,6 +113,8 @@ ]; krebs.build.host = config.krebs.hosts.puyak; + krebs.hosts.puyak.ssh.privkey.path = <secrets/ssh.id_ed25519>; + sound.enable = false; boot = { loader.systemd-boot.enable = true; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 12ce4db3e..2415bd32f 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -51,6 +51,7 @@ in # uninteresting stuff ##################### krebs.build.host = config.krebs.hosts.wolf; + krebs.hosts.wolf.ssh.privkey.path = <secrets/ssh.id_ed25519>; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index c2f6b4dc0..2842e10d4 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -42,6 +42,7 @@ in { "makefu@krebsco.de" = makefu; "spam@krebsco.de" = spam-ml; "tv@krebsco.de" = tv; + "xkey@krebsco.de" = { mail = "lennart@cope.cool"; }; # XXX These are no internet aliases # XXX exim-retiolum hosts should be able to relay to retiolum addresses "lass@retiolum" = lass; diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index c56883d3e..b82aba45a 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -38,7 +38,6 @@ hidden = false; password = "$2a$04$0AtVycWQJ07ymrDdKyAm2un3UVSVIzpzL3wsWbWb3PF95d1CZMcMO"; }; - server.max-line-length = 1024; server.lookup-hostnames = true; }; }; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 231c3d46c..61b44fc27 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -253,6 +253,24 @@ let }; }; + vicuna = { + pattern = "^!vicuna (.*)$"; + activate = "match"; + arguments = [1]; + timeoutSec = 1337; + command = { + filename = pkgs.writeDash "vicuna" '' + set -efu + + mkdir -p ${stateDir}/vicuna + export CONTEXT=${stateDir}/vicuna/"$_msgtarget".context + ${pkgs.vicuna-chat}/bin/vicuna-chat "$@" | + echo "$_from: $(cat)" | + fold -s -w 426 + ''; + }; + }; + locationsLib = pkgs.writeText "locations.sh" '' ENDPOINT=http://c.r/poi.json get_locations() { @@ -413,6 +431,7 @@ let hooks.sed interrogate say + vicuna (generators.command_hook { inherit (commands) dance random-emoji nixos-version; tell = { @@ -607,6 +626,7 @@ in { channels = [ "#noise" "#xxx" + "#fin" ]; }; } diff --git a/krebs/2configs/shack/prometheus/unifi.nix b/krebs/2configs/shack/prometheus/unifi.nix index 401ecb024..34e47add9 100644 --- a/krebs/2configs/shack/prometheus/unifi.nix +++ b/krebs/2configs/shack/prometheus/unifi.nix @@ -5,6 +5,6 @@ unifiAddress = "https://unifi.shack:8443/"; unifiInsecure = true; unifiUsername = "prometheus"; # needed manual login after setup to confirm the password - unifiPassword = lib.replaceChars ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>); + unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>); }; } diff --git a/krebs/3modules/acl.nix b/krebs/3modules/acl.nix index d23706499..05f7e824b 100644 --- a/krebs/3modules/acl.nix +++ b/krebs/3modules/acl.nix @@ -33,7 +33,7 @@ in { default = {}; }; config = { - systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceChars ["/"] ["_"] path}" { + systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceStrings ["/"] ["_"] path}" { wantedBy = [ "multi-user.target" ]; path = [ pkgs.acl diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 7b3dace6a..093ae2030 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -40,7 +40,7 @@ let }; extraRouters = mkOption { - type = types.nullOr types.str; + type = types.nullOr types.lines; default = null; }; diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix index 3195f71d9..dabe2f8aa 100644 --- a/krebs/3modules/iana-etc.nix +++ b/krebs/3modules/iana-etc.nix @@ -1,5 +1,6 @@ -{ config, pkgs, lib, ... }: -with lib; { +{ config, lib, pkgs, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; +in with lib; { options.krebs.iana-etc.services = mkOption { default = {}; @@ -7,7 +8,7 @@ with lib; { options = { port = mkOption { default = config._module.args.name; - type = types.addCheck types.str (test "[1-9][0-9]*"); + type = types.addCheck types.str (slib.test "[1-9][0-9]*"); }; } // genAttrs ["tcp" "udp"] (protocol: mkOption { default = null; @@ -30,7 +31,7 @@ with lib; { (proto: let line = "${entry.${proto}.name} ${entry.port}/${proto}"; in /* sh */ '' - echo ${shell.escape line} + echo ${slib.shell.escape line} '') (filter (proto: entry.${proto} != null) ["tcp" "udp"])} '') (attrValues config.krebs.iana-etc.services)} diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix index 3ebbc44fe..ae8702978 100644 --- a/krebs/3modules/permown.nix +++ b/krebs/3modules/permown.nix @@ -1,4 +1,6 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; +in with lib; { options.krebs.permown = mkOption { @@ -16,7 +18,7 @@ with lib; { group = mkOption { apply = x: if x == null then "" else x; default = null; - type = types.nullOr types.groupname; + type = types.nullOr slib.types.groupname; }; keepGoing = mkOption { default = false; @@ -28,15 +30,15 @@ with lib; { ''; }; owner = mkOption { - type = types.username; + type = slib.types.username; }; path = mkOption { default = config._module.args.name; - type = types.absolute-pathname; + type = slib.types.absolute-pathname; }; umask = mkOption { default = "0027"; - type = types.file-mode; + type = slib.types.file-mode; }; }; })); @@ -48,11 +50,11 @@ with lib; { system.activationScripts.permown = let mkdir = plan: /* sh */ '' - ${pkgs.coreutils}/bin/mkdir -p ${shell.escape plan.path} + ${pkgs.coreutils}/bin/mkdir -p ${slib.shell.escape plan.path} ''; in concatMapStrings mkdir plans; - systemd.services = genAttrs' plans (plan: let + systemd.services = slib.genAttrs' plans (plan: let continuable = command: if plan.keepGoing then /* sh */ "{ ${command}; } || :" diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix index e1e9d423f..f8ce03f39 100644 --- a/krebs/5pkgs/haskell/email-header.nix +++ b/krebs/5pkgs/haskell/email-header.nix @@ -18,9 +18,9 @@ let sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; }; }.${versions.majorMinor version} or { - version = "0.4.1-tv2"; + version = "0.4.2-tv1"; rev = "refs/tags/v${cfg.version}"; - sha256 = "1yg4b5318lpviwgjs4kdcqg8cwfnxxfcdckcjq12r2nnj2k4ms2d"; + sha256 = "JZfqvkbb/1t0q1iWmZHmmCN2Vr+QKTiq4LVncrG+xMU="; }; in mkDerivation { diff --git a/krebs/5pkgs/simple/fzfmenu/default.nix b/krebs/5pkgs/simple/fzfmenu/default.nix index fe5d5e27a..eb2441330 100644 --- a/krebs/5pkgs/simple/fzfmenu/default.nix +++ b/krebs/5pkgs/simple/fzfmenu/default.nix @@ -39,7 +39,7 @@ let }; in -pkgs.writeDashBin "fzfmenu" '' +pkgs.writers.writeDashBin "fzfmenu" '' set -efu # Spawn terminal if called without one, like e.g. from a window manager. diff --git a/krebs/5pkgs/simple/htgen-paste/src/htgen-paste b/krebs/5pkgs/simple/htgen-paste/src/htgen-paste index bc806e870..74266e53a 100644 --- a/krebs/5pkgs/simple/htgen-paste/src/htgen-paste +++ b/krebs/5pkgs/simple/htgen-paste/src/htgen-paste @@ -46,8 +46,8 @@ case "$Method $abs_path" in cp -v $content $item >&2 fi - if test -n ${reg_content_type-}; then - echo -n "$req_content_type" > "$item".content_type + if test -n "${req_content_type_override-}"; then + echo -n "$req_content_type_override" > "$item".content_type fi base32short=$(echo $base32 | cut -b-7) diff --git a/krebs/5pkgs/simple/irc-announce/default.nix b/krebs/5pkgs/simple/irc-announce/default.nix index 7b2af0307..75036d41c 100644 --- a/krebs/5pkgs/simple/irc-announce/default.nix +++ b/krebs/5pkgs/simple/irc-announce/default.nix @@ -1,6 +1,6 @@ { pkgs, lib, ... }: -pkgs.writeDashBin "irc-announce" '' +pkgs.writers.writeDashBin "irc-announce" '' set -euf IRC_SERVER=$1 diff --git a/krebs/5pkgs/simple/netcup/default.nix b/krebs/5pkgs/simple/netcup/default.nix index 408672eff..750e9cfa9 100644 --- a/krebs/5pkgs/simple/netcup/default.nix +++ b/krebs/5pkgs/simple/netcup/default.nix @@ -3,7 +3,7 @@ with stockholm.lib; let readJSON = path: fromJSON (readFile path); - sed.escape = replaceChars ["/"] ["\\/"]; # close enough + sed.escape = replaceStrings ["/"] ["\\/"]; # close enough PATH = makeBinPath [ coreutils curl diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 236d75d72..544abb3a3 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -9,7 +9,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' gnused file findutils - imagemagick6 + imagemagick inkscape jq nomads-cloud diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 83131c2b8..244a2cc54 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "645ff62e09d294a30de823cb568e9c6d68e92606", - "date": "2023-07-01T19:09:17+02:00", - "path": "/nix/store/s5zy1prlscbr2iz6h9fj5la3973isaxw-nixpkgs", - "sha256": "02hpby5ln7p5kix9518hn0ady4q3i41z5ycamvwsarv3gvlzbsb4", + "rev": "3c7487575d9445185249a159046cc02ff364bff8", + "date": "2023-07-06T17:30:45-04:00", + "path": "/nix/store/cjn75bb2d5fgf0kj4nnk3p53z5qg2x80-nixpkgs", + "sha256": "0sll858mrfx64g5hc3sysg5cz4py9nxi8g7m9j5idhh8yq8lcz5p", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index aed82e9f3..5d61372b7 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "0de86059128947b2438995450f2c2ca08cc783d5", - "date": "2023-07-01T05:19:59+03:00", - "path": "/nix/store/fwazy7k5nlavyj4637jnsqabdzdiad90-nixpkgs", - "sha256": "0m3aqg2xx5705v4yglal1ksknqnj3cbdyzcyw1dvz6qqvn9ng7i5", + "rev": "d8bb6c681cf86265fdcf3cc3119f757bbb085835", + "date": "2023-07-07T23:10:04+02:00", + "path": "/nix/store/v2mnhk8j1p2g67zvr8mlhasmvj6187yy-nixpkgs", + "sha256": "1jsgl8i78avkdm31lzyazzn9nb3yrb099c6msa450yigsbxcmjqn", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix index d49040a7a..618938ce8 100644 --- a/lass/1systems/aergia/config.nix +++ b/lass/1systems/aergia/config.nix @@ -27,6 +27,83 @@ <stockholm/lass/2configs/print.nix> <stockholm/lass/2configs/br.nix> <stockholm/lass/2configs/c-base.nix> + # steam-deck like experience https://github.com/Jovian-Experiments/Jovian-NixOS + { + imports = [ + "${builtins.fetchTarball "https://github.com/Jovian-Experiments/Jovian-NixOS/archive/master.tar.gz"}/modules" + ]; + jovian.steam.enable = true; + } + { # autorandrs + services.autorandr = { + enable = true; + hooks.postswitch.reset_usb = '' + echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized + ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert + ''; + profiles = { + default = { + fingerprint = { + eDP = "00ffffffffffff00288931000100000016200104805932780a0dc9a05747982712484c0000000101010101010101010101010101010108700088a1401360c820a300d9870000001ead4a0088a1401360c820a30020c23100001e000000fd0016480f5a1e000a202020202020000000fc0047504431303031480a2020202000cf"; + }; + config = { + eDP = { + enable = true; + primary = true; + position = "0x0"; + mode = "2560x1600"; + rate = "60.01"; + transform = [ + [ 0.750000 0.000000 0.000000 ] + [ 0.000000 0.750000 0.000000 ] + [ 0.000000 0.000000 1.000000 ] + ]; + # scale = { + # x = 0.599991; + # y = 0.599991; + # }; + }; + }; + }; + docked2 = { + fingerprint = { + eDP = config.services.autorandr.profiles.default.fingerprint.eDP; + DisplayPort-8 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c5a8780a070384d4030203500b9882100001af4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000009"; + DisplayPort-7 = "00ffffffffffff0020a32f00010000000c190103807341780acf74a3574cb02309484c21080081c0814081800101010101010101010104740030f2705a80b0588a00501d7400001e023a801871382d40582c4500501d7400001e000000fc00484953454e53450a2020202020000000fd00324b0f451e000a2020202020200172020333714f5f5e5d01020400101113001f2021222909070715075057070083010000e200f96d030c002000183c200060010203662150b051001b304070360056005300001e011d8018711c1620582c2500c48e2100009e011d007251d01e206e285500c48e2100001800000000000000000000000000000000000000000000ea"; + }; + config = { + DisplayPort-7 = { + enable = true; + position = "2560x0"; + mode = "1920x1080"; + rate = "60.00"; + }; + DisplayPort-8 = config.services.autorandr.profiles.docked1.config.DisplayPort-1; + eDP = config.services.autorandr.profiles.docked1.config.eDP; + }; + }; + docked1 = { + fingerprint = { + eDP = config.services.autorandr.profiles.default.fingerprint.eDP; + DisplayPort-1 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c000000000000000000000000000000000000f4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000040"; + }; + config = { + DisplayPort-1 = { + enable = true; + primary = true; + position = "0x0"; + mode = "2560x1440"; + rate = "165.08"; + }; + eDP = config.services.autorandr.profiles.default.config.eDP // { + primary = false; + position = "640x1440"; + }; + }; + }; + }; + }; + } ]; system.stateVersion = "22.11"; @@ -38,6 +115,8 @@ bank l-gen-secrets generate-secrets + nixpkgs-review + pipenv ]; programs.adb.enable = true; @@ -65,4 +144,5 @@ ]; boot.cleanTmpDir = true; + programs.noisetorch.enable = true; } diff --git a/lass/1systems/aergia/disk.nix b/lass/1systems/aergia/disk.nix index 0ae0892ee..848157729 100644 --- a/lass/1systems/aergia/disk.nix +++ b/lass/1systems/aergia/disk.nix @@ -10,14 +10,12 @@ partitions = [ { name = "boot"; - type = "partition"; start = "0"; end = "1M"; part-type = "primary"; flags = ["bios_grub"]; } { - type = "partition"; name = "ESP"; start = "1MiB"; end = "1GiB"; @@ -31,7 +29,6 @@ } { name = "root"; - type = "partition"; start = "1GiB"; end = "100%"; content = { diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index 692f68dcc..ef62478b4 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -19,14 +19,10 @@ boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelParams = [ - # Enable energy savings during sleep - "mem_sleep_default=deep" # use less power with pstate "amd_pstate=passive" - # for ryzenadj -i - "iomem=relaxed" # suspend "resume_offset=178345675" @@ -37,24 +33,6 @@ # On recent AMD CPUs this can be more energy efficient. "amd-pstate" "kvm-amd" - - # needed for zenstates - "msr" - - # zenpower - "zenpower" - ]; - - boot.extraModulePackages = [ - (config.boot.kernelPackages.zenpower.overrideAttrs (old: { - src = pkgs.fetchFromGitea { - domain = "git.exozy.me"; - owner = "a"; - repo = "zenpower3"; - rev = "c176fdb0d5bcba6ba2aba99ea36812e40f47751f"; - hash = "sha256-d2WH8Zv7F0phZmEKcDiaak9On+Mo9bAFhMulT/N5FWI="; - }; - })) ]; # hardware.cpu.amd.updateMicrocode = true; @@ -76,7 +54,6 @@ environment.systemPackages = [ pkgs.vulkan-tools - pkgs.ryzenadj (pkgs.writers.writeDashBin "set_tdp" '' set -efux watt=$1 @@ -85,31 +62,9 @@ '') ]; - # textsize - services.xserver.dpi = 200; - # corectrl - programs.corectrl = { - enable = true; - gpuOverclock = { - enable = true; - ppfeaturemask = "0xffffffff"; - }; - }; - users.users.mainUser.extraGroups = [ "corectrl" ]; # use newer ryzenadj - nixpkgs.config.packageOverrides = super: { - ryzenadj = super.ryzenadj.overrideAttrs (old: { - version = "unstable-2023-01-15"; - src = pkgs.fetchFromGitHub { - owner = "FlyGoat"; - repo = "RyzenAdj"; - rev = "1052fb52b2c0e23ac4cd868c4e74d4a9510be57c"; # unstable on 2023-01-15 - sha256 = "sha256-/IxkbQ1XrBrBVrsR4EdV6cbrFr1m+lGwz+rYBqxYG1k="; - }; - }); - }; # keyboard quirks services.xserver.displayManager.sessionCommands = '' @@ -122,11 +77,16 @@ KEYBOARD_KEY_70027=reserved ''; - # ignore power key - # update cpu microcode hardware.cpu.amd.updateMicrocode = true; + hardware.opengl.enable = true; + hardware.opengl.extraPackages = [ + pkgs.amdvlk + pkgs.rocm-opencl-icd + pkgs.rocm-opencl-runtime + ]; + # suspend to disk swapDevices = [{ device = "/swapfile"; @@ -139,4 +99,8 @@ # firefox touchscreen support environment.sessionVariables.MOZ_USE_XINPUT2 = "1"; + # reinit usb after docking station connect + services.udev.extraRules = '' + SUBSYSTEM=="drm", ACTION=="change", RUN+="${pkgs.dash}/bin/dash -c 'echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized'" + ''; } diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 9ef858e28..c34dc0acf 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -6,7 +6,8 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/nfs-dl.nix> + <stockholm/lass/2configs/pipewire.nix> + # <stockholm/lass/2configs/nfs-dl.nix> { # bubsy config users.users.bubsy = { @@ -17,22 +18,20 @@ with import <stockholm/lib>; extraGroups = [ "audio" "networkmanager" + "pipewire" + # "plugdev" ]; useDefaultShell = true; isNormalUser = true; }; networking.networkmanager.enable = true; networking.wireless.enable = mkForce false; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - programs.chromium = { - enable = true; - extensions = [ - "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - ]; - }; + # programs.chromium = { + # enable = true; + # extensions = [ + # "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + # ]; + # }; environment.systemPackages = with pkgs; [ ark pavucontrol @@ -48,7 +47,9 @@ with import <stockholm/lib>; geeqie vlc zsnes + telegram-desktop ]; + # services.udev.packages = [ pkgs.ledger-udev-rules ]; nixpkgs.config.firefox.enableAdobeFlash = true; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; @@ -72,12 +73,10 @@ with import <stockholm/lib>; "networkmanager" "plugdev" ]; - packages = let - unstable = import <nixpkgs-unstable> { config.allowUnfree = true; }; - in [ + packages = [ pkgs.electrum pkgs.electron-cash - unstable.ledger-live-desktop + pkgs.ledger-live-desktop ]; }; }; diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix index b814d7188..279cad10b 100644 --- a/lass/1systems/dishfire/config.nix +++ b/lass/1systems/dishfire/config.nix @@ -4,6 +4,9 @@ imports = [ <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/monitoring/prometheus.nix> + <stockholm/lass/2configs/monitoring/telegraf.nix> + <stockholm/lass/2configs/consul.nix> ]; krebs.build.host = config.krebs.hosts.dishfire; diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index 3f25991d9..953b5d0d4 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -4,13 +4,8 @@ <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/browsers.nix> - <stockholm/lass/2configs/programs.nix> <stockholm/lass/2configs/network-manager.nix> - <stockholm/lass/2configs/mail.nix> <stockholm/lass/2configs/syncthing.nix> - <stockholm/lass/2configs/nfs-dl.nix> ]; krebs.build.host = config.krebs.hosts.hilum; diff --git a/lass/1systems/hilum/disk.nix b/lass/1systems/hilum/disk.nix index 926401648..b5199d432 100644 --- a/lass/1systems/hilum/disk.nix +++ b/lass/1systems/hilum/disk.nix @@ -10,18 +10,14 @@ partitions = [ { name = "boot"; - type = "partition"; start = "0"; end = "1M"; - part-type = "primary"; flags = ["bios_grub"]; } { - type = "partition"; name = "ESP"; - start = "1MiB"; + start = "1M"; end = "50%"; - fs-type = "fat32"; bootable = true; content = { type = "filesystem"; @@ -31,18 +27,12 @@ } { name = "root"; - type = "partition"; start = "50%"; end = "100%"; content = { - type = "luks"; - name = "hilum_luks"; - keyFile = keyFile; - content = { - type = "filesystem"; - format = "xfs"; - mountpoint = "/"; - }; + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; }; } ]; diff --git a/lass/1systems/hilum/flash-stick.sh b/lass/1systems/hilum/flash-stick.sh index 17a5fc580..9846ea087 100755 --- a/lass/1systems/hilum/flash-stick.sh +++ b/lass/1systems/hilum/flash-stick.sh @@ -3,9 +3,13 @@ set -efux disk=$1 +cd "$(dirname "$0")" export NIXPKGS_ALLOW_UNFREE=1 (umask 077; pass show admin/hilum/luks > /tmp/hilum.luks) trap 'rm -f /tmp/hilum.luks' EXIT +echo "$disk" > /tmp/hilum-disk +trap 'rm -f /tmp/hilum-disk' EXIT + stockholm_root=$(git rev-parse --show-toplevel) ssh root@localhost -t -- $(nix-build \ --no-out-link \ @@ -31,7 +35,9 @@ $(nix-build \ --arg force true ) ssh root@localhost << SSH -NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-root-password --root /mnt/hilum -I /var/src +set -efux +mkdir -p /mnt/hilum/etc +NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-bootloader --no-root-password --root /mnt/hilum -I /var/src nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader umount -Rv /mnt/hilum SSH diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix index 6f160062d..9caf8e531 100644 --- a/lass/1systems/hilum/physical.nix +++ b/lass/1systems/hilum/physical.nix @@ -15,7 +15,7 @@ ; in lib.mkOption { type = lib.types.str; - default = tryFile "/etc/hilum-disk" "/dev/sdz"; + default = tryFile "/etc/hilum-disk" (tryFile "/tmp/hilum-disk" "/dev/sdz"); }; config.environment.etc.hilum-disk.text = config.mainDisk; } @@ -47,4 +47,7 @@ nix.maxJobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + #weird bug with nixos-enter + services.logrotate.enable = false; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index a3486cffa..1b205f25c 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: with import <stockholm/lib>; { @@ -8,6 +8,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/mouse.nix> <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/pipewire.nix> <stockholm/lass/2configs/exim-retiolum.nix> <stockholm/lass/2configs/programs.nix> <stockholm/lass/2configs/bitcoin.nix> @@ -17,10 +18,8 @@ with import <stockholm/lib>; <stockholm/lass/2configs/elster.nix> <stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/wine.nix> - <stockholm/lass/2configs/git.nix> <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/mail.nix> - <stockholm/krebs/2configs/ircd.nix> <stockholm/lass/2configs/logf.nix> <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/sync/sync.nix> @@ -104,28 +103,9 @@ with import <stockholm/lib>; dnsutils woeusb - l-gen-secrets - generate-secrets - (pkgs.writeDashBin "btc-coinbase" '' - ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount' - '') - (pkgs.writeDashBin "btc-wex" '' - ${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg' - '') - (pkgs.writeDashBin "btc-kraken" '' - ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]' - '') - (pkgs.writeDashBin "krebsco.de" '' - TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) - ${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json - OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import - ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" - '') - (pkgs.writeDashBin "lassul.us" '' - TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) - ${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json - OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us - ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + (pkgs.writeDashBin "play-on" '' + HOST=$(echo 'styx\nshodan' | fzfmenu) + ssh -t "$HOST" -- mpv "$@" '') ]; diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index a9108104b..2ffbf88c0 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -2,9 +2,11 @@ imports = [ ./config.nix <stockholm/lass/2configs/hw/x220.nix> - <stockholm/lass/2configs/boot/stock-x220.nix> + <stockholm/lass/2configs/boot/universal.nix> ]; + boot.kernelParams = [ "acpi_backlight=native" ]; + fileSystems = { "/bku" = { device = "/dev/mapper/pool-bku"; diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index 7b402f8a6..79402959e 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -4,6 +4,9 @@ imports = [ <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/mail/internet-gateway.nix> + <stockholm/lass/2configs/binary-cache/server.nix> + <stockholm/lass/2configs/matrix.nix> <stockholm/lass/2configs/gsm-wiki.nix> # sync-containers @@ -26,7 +29,23 @@ krebs.build.host = config.krebs.hosts.neoprism; networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.nginx.enable = true; security.acme.acceptTerms = true; security.acme.defaults.email = "acme@lassul.us"; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + + enableReload = true; + + virtualHosts.default = { + default = true; + locations."= /etc/os-release".extraConfig = '' + default_type text/plain; + alias /etc/os-release; + ''; + locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge"; + }; + }; } diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix index cf9a8cef4..dfebaf8d8 100644 --- a/lass/1systems/neoprism/disk.nix +++ b/lass/1systems/neoprism/disk.nix @@ -9,14 +9,12 @@ partitions = [ { name = "boot"; - type = "partition"; start = "0"; end = "1M"; part-type = "primary"; flags = ["bios_grub"]; } { - type = "partition"; name = "ESP"; start = "1M"; end = "1GiB"; @@ -28,7 +26,6 @@ }; } { - type = "partition"; name = "zfs"; start = "1GiB"; end = "100%"; @@ -69,7 +66,7 @@ rootFsOptions = { }; datasets.reserved = { - zfs_type = "filesystem"; + type = "zfs_fs"; options.refreservation = "1G"; }; }; @@ -77,38 +74,53 @@ type = "zpool"; datasets = { reserved = { - zfs_type = "filesystem"; + type = "zfs_fs"; options.refreservation = "1G"; }; containers = { - zfs_type = "filesystem"; + type = "zfs_fs"; mountpoint = "/var/lib/containers"; + options = { + canmount = "noauto"; + }; }; home = { - zfs_type = "filesystem"; + type = "zfs_fs"; mountpoint = "/home"; + options = { + canmount = "noauto"; + }; }; srv = { - zfs_type = "filesystem"; + type = "zfs_fs"; mountpoint = "/srv"; + options = { + canmount = "noauto"; + }; }; libvirt = { - zfs_type = "filesystem"; + type = "zfs_fs"; mountpoint = "/var/lib/libvirt"; + options = { + canmount = "noauto"; + }; }; # encrypted = { - # zfs_type = "filesystem"; + # type = "zfs_fs"; # options = { + # canmount = "noauto"; # mountpoint = "none"; # encryption = "aes-256-gcm"; # keyformat = "passphrase"; # keylocation = "prompt"; # }; # }; - # "encrypted/download" = { - # zfs_type = "filesystem"; + # type = "zfs_fs"; # mountpoint = "/var/download"; + # options = { + # canmount = "noauto"; + # }; # }; }; }; diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix index 4ffb749f1..f2092d9aa 100644 --- a/lass/1systems/neoprism/physical.nix +++ b/lass/1systems/neoprism/physical.nix @@ -8,6 +8,8 @@ ]; disko.devices = import ./disk.nix; + networking.hostId = "9c0a74ac"; + boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.efiSupport = true; @@ -17,26 +19,58 @@ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; # networking config - boot.kernelParams = [ "net.ifnames=0" ]; - networking.bridges."ext-br".interfaces = [ "eth0" ]; - networking = { - hostId = "2283aaae"; - defaultGateway = "95.217.192.1"; - defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; }; - # Use google's public DNS server - nameservers = [ "8.8.8.8" ]; - interfaces.ext-br.ipv4.addresses = [ - { - address = "95.217.192.59"; - prefixLength = 26; - } - ]; - interfaces.ext-br.ipv6.addresses = [ - { - address = "2a01:4f9:4a:4f1a::1"; - prefixLength = 64; - } - ]; + networking.useNetworkd = true; + systemd.network = { + enable = true; + config = { + networkConfig.SpeedMeter = true; + }; + # netdevs.ext-br.netdevConfig = { + # Kind = "bridge"; + # Name = "ext-br"; + # MACAddress = "a8:a1:59:0f:2d:69"; + # }; + # networks.ext-br = { + # name = "ext-br"; + # address = [ + # "95.217.192.59/26" + # "2a01:4f9:4a:4f1a::1/64" + # ]; + # gateway = [ + # "95.217.192.1" + # "fe80::1" + # ]; + # }; + networks.eth0 = { + #bridge = [ "ext-br" ]; + matchConfig.Name = "eth0"; + address = [ + "95.217.192.59/26" + "2a01:4f9:4a:4f1a::1/64" + ]; + gateway = [ + "95.217.192.1" + "fe80::1" + ]; + }; }; + networking.useDHCP = false; + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + authorizedKeys = [ config.krebs.users.lass.pubkey ]; + port = 2222; + hostKeys = [ + (toString <secrets/ssh.id_ed25519>) + (toString <secrets/ssh.id_rsa>) + ]; + }; + }; + boot.kernelParams = [ + "net.ifnames=0" + "ip=dhcp" + "boot.trace" + ]; } diff --git a/lass/2configs/boot/universal.nix b/lass/2configs/boot/universal.nix new file mode 100644 index 000000000..33f4323cc --- /dev/null +++ b/lass/2configs/boot/universal.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + loader.grub.efiSupport = true; + loader.grub.efiInstallAsRemovable = true; + }; +} diff --git a/lass/2configs/monitoring/alert-rules.nix b/lass/2configs/monitoring/alert-rules.nix new file mode 100644 index 000000000..eae2569fb --- /dev/null +++ b/lass/2configs/monitoring/alert-rules.nix @@ -0,0 +1,208 @@ +# inspiration from https://github.com/Mic92/dotfiles/blob/master/nixos/eva/modules/prometheus/alert-rules.nix +{ lib }: + +lib.mapAttrsToList + (name: opts: { + alert = name; + expr = opts.condition; + for = opts.time or "2m"; + labels = { }; + annotations.description = opts.description; + }) + ({ + prometheus_too_many_restarts = { + condition = ''changes(process_start_time_seconds{job=~"prometheus|pushgateway|alertmanager|telegraf"}[15m]) > 2''; + description = "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping."; + }; + + alert_manager_config_not_synced = { + condition = ''count(count_values("config_hash", alertmanager_config_hash)) > 1''; + description = "Configurations of AlertManager cluster instances are out of sync."; + }; + + prometheus_not_connected_to_alertmanager = { + condition = "prometheus_notifications_alertmanagers_discovered < 1"; + description = "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"; + }; + + prometheus_rule_evaluation_failures = { + condition = "increase(prometheus_rule_evaluation_failures_total[3m]) > 0"; + description = "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"; + }; + + prometheus_template_expansion_failures = { + condition = "increase(prometheus_template_text_expansion_failures_total[3m]) > 0"; + time = "0m"; + description = "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"; + }; + + promtail_request_errors = { + condition = ''100 * sum(rate(promtail_request_duration_seconds_count{status_code=~"5..|failed"}[1m])) by (namespace, job, route, instance) / sum(rate(promtail_request_duration_seconds_count[1m])) by (namespace, job, route, instance) > 10''; + time = "15m"; + description = ''{{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}% errors.''; + }; + + promtail_file_lagging = { + condition = ''abs(promtail_file_bytes_total - promtail_read_bytes_total) > 1e6''; + time = "15m"; + description = ''{{ $labels.instance }} {{ $labels.job }} {{ $labels.path }} has been lagging by more than 1MB for more than 15m.''; + }; + + filesystem_full_80percent = { + condition = ''disk_used_percent{mode!="ro"} >= 95''; + time = "10m"; + description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 20% space left on its filesystem."; + }; + + filesystem_full_krebs = { + condition = ''disk_used_percent{mode!="ro", org="krebs"} >= 95''; + time = "10m"; + description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 5% space left on its filesystem."; + }; + + filesystem_inodes_full = { + condition = ''disk_inodes_free / disk_inodes_total < 0.10''; + time = "10m"; + description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 10% inodes left on its filesystem."; + }; + + daily_task_not_run = { + # give 6 hours grace period + condition = ''time() - task_last_run{state="ok",frequency="daily"} > (24 + 6) * 60 * 60''; + description = "{{$labels.host}}: {{$labels.name}} was not run in the last 24h"; + }; + + daily_task_failed = { + condition = ''task_last_run{state="fail"}''; + description = "{{$labels.host}}: {{$labels.name}} failed to run"; + }; + + swap_using_30percent = { + condition = "mem_swap_total - (mem_swap_cached + mem_swap_free) > mem_swap_total * 0.3"; + time = "30m"; + description = "{{$labels.host}} is using 30% of its swap space for at least 30 minutes."; + }; + + systemd_service_failed = { + condition = ''systemd_units_active_code{name!~"nixpkgs-update-.*.service"} == 3''; + description = "{{$labels.host}} failed to (re)start service {{$labels.name}}."; + }; + + service_not_running = { + condition = ''systemd_units_active_code{name=~"teamspeak3-server.service|tt-rss.service", sub!="running"}''; + description = "{{$labels.host}} should have a running {{$labels.name}}."; + }; + + nfs_export_not_present = { + condition = "nfs_export_present == 0"; + time = "1h"; + description = "{{$labels.host}} cannot reach nfs export [{{$labels.server}}]:{{$labels.path}}"; + }; + + ram_using_90percent = { + condition = "mem_buffered + mem_free + mem_cached < mem_total * 0.1"; + time = "1h"; + description = "{{$labels.host}} is using at least 90% of its RAM for at least 1 hour."; + }; + load15 = { + condition = ''system_load15 / system_n_cpus{org!="nix-community"} >= 2.0''; + time = "10m"; + description = "{{$labels.host}} is running with load15 > 1 for at least 5 minutes: {{$value}}"; + }; + reboot = { + condition = "system_uptime < 300"; + description = "{{$labels.host}} just rebooted."; + }; + uptime = { + # too scared to upgrade matchbox + condition = ''system_uptime {host!~"^(matchbox|grandalf)$"} > 2592000''; + description = "Uptime monster: {{$labels.host}} has been up for more than 30 days."; + }; + telegraf_down = { + condition = ''min(up{job=~"telegraf",type!='mobile'}) by (source, job, instance, org) == 0''; + time = "3m"; + description = "{{$labels.instance}}: {{$labels.job}} telegraf exporter from {{$labels.source}} is down."; + }; + ping = { + condition = "ping_result_code{type!='mobile'} != 0"; + description = "{{$labels.url}}: ping from {{$labels.instance}} has failed!"; + }; + ping_high_latency = { + condition = "ping_average_response_ms{type!='mobile'} > 5000"; + description = "{{$labels.instance}}: ping probe from {{$labels.source}} is encountering high latency!"; + }; + http = { + condition = "http_response_result_code != 0"; + description = "{{$labels.server}} : http request failed from {{$labels.instance}}: {{$labels.result}}!"; + }; + http_match_failed = { + condition = "http_response_response_string_match == 0"; + description = "{{$labels.server}} : http body not as expected; status code: {{$labels.status_code}}!"; + }; + dns_query = { + condition = "dns_query_result_code != 0"; + description = "{{$labels.domain}} : could retrieve A record {{$labels.instance}} from server {{$labels.server}}: {{$labels.result}}!"; + }; + secure_dns_query = { + condition = "secure_dns_state != 0"; + description = "{{$labels.domain}} : could retrieve A record {{$labels.instance}} from server {{$labels.server}}: {{$labels.result}} for protocol {{$labels.protocol}}!"; + }; + connection_failed = { + condition = "net_response_result_code != 0"; + description = "{{$labels.server}}: connection to {{$labels.port}}({{$labels.protocol}}) failed from {{$labels.instance}}"; + }; + healthchecks = { + condition = "hc_check_up == 0"; + description = "{{$labels.instance}}: healtcheck {{$labels.job}} fails!"; + }; + cert_expiry = { + condition = "x509_cert_expiry < 7*24*3600"; + description = "{{$labels.instance}}: The TLS certificate from {{$labels.source}} will expire in less than 7 days: {{$value}}s"; + }; + + postfix_queue_length = { + condition = "avg_over_time(postfix_queue_length[1h]) > 10"; + description = "{{$labels.instance}}: postfix mail queue has undelivered {{$value}} items"; + }; + + zfs_errors = { + condition = "zfs_arcstats_l2_io_error + zfs_dmu_tx_error + zfs_arcstats_l2_writes_error > 0"; + description = "{{$labels.instance}} reports: {{$value}} ZFS IO errors."; + }; + + # ignore devices that disabled S.M.A.R.T (example if attached via USB) + smart_errors = { + condition = ''smart_device_health_ok{enabled!="Disabled"} != 1''; + description = "{{$labels.instance}}: S.M.A.R.T reports: {{$labels.device}} ({{$labels.model}}) has errors."; + }; + + oom_kills = { + condition = "increase(kernel_vmstat_oom_kill[5m]) > 0"; + description = "{{$labels.instance}}: OOM kill detected"; + }; + + unusual_disk_read_latency = { + condition = "rate(diskio_read_time[1m]) / rate(diskio_reads[1m]) > 0.1 and rate(diskio_reads[1m]) > 0"; + description = "{{$labels.instance}}: Disk latency is growing (read operations > 100ms)\n"; + }; + + unusual_disk_write_latency = { + condition = "rate(diskio_write_time[1m]) / rate(diskio_write[1m]) > 0.1 and rate(diskio_write[1m]) > 0"; + description = "{{$labels.instance}}: Disk latency is growing (write operations > 100ms)\n"; + }; + + host_memory_under_memory_pressure = { + condition = "rate(node_vmstat_pgmajfault[1m]) > 1000"; + description = "{{$labels.instance}}: The node is under heavy memory pressure. High rate of major page faults: {{$value}}"; + }; + + ext4_errors = { + condition = "ext4_errors_value > 0"; + description = "{{$labels.instance}}: ext4 has reported {{$value}} I/O errors: check /sys/fs/ext4/*/errors_count"; + }; + + alerts_silences_changed = { + condition = ''abs(delta(alertmanager_silences{state="active"}[1h])) >= 1''; + description = "alertmanager: number of active silences has changed: {{$value}}"; + }; + }) diff --git a/lass/2configs/monitoring/prometheus.nix b/lass/2configs/monitoring/prometheus.nix new file mode 100644 index 000000000..ba32c62a7 --- /dev/null +++ b/lass/2configs/monitoring/prometheus.nix @@ -0,0 +1,110 @@ +{ config, lib, pkgs, ... }: +{ + #prometheus + krebs.iptables = { + enable = true; + tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } # nginx + # { predicate = "-i retiolum -p tcp --dport 3012"; target = "ACCEPT"; } # grafana + # { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } # alertmanager + # { predicate = "-i retiolum -p tcp --dport 9223"; target = "ACCEPT"; } # alertmanager + ]; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "prometheus.lass.r" = { + locations."/".proxyPass = "http://localhost:9090"; + }; + "alert.lass.r" = { + locations."/".proxyPass = "http://localhost:9093"; + }; + "grafana.lass.r" = { + locations."/".proxyPass = "http://localhost:3012"; + }; + }; + }; + + services.grafana = { + enable = true; + addr = "0.0.0.0"; + port = 3012; + auth.anonymous = { + enable = true; + org_role = "Admin"; + }; + }; + services.prometheus = { + enable = true; + ruleFiles = [ + (pkgs.writeText "prometheus-rules.yml" (builtins.toJSON { + groups = [{ + name = "alerting-rules"; + rules = import ./alert-rules.nix { inherit lib; }; + }]; + })) + ]; + scrapeConfigs = [ + { + job_name = "telegraf"; + scrape_interval = "60s"; + metrics_path = "/metrics"; + static_configs = [ + { + targets = [ + "prism.r:9273" + "dishfire.r:9273" + "yellow.r:9273" + ]; + } + ]; + } + ]; + alertmanagers = [ + { scheme = "http"; + path_prefix = "/"; + static_configs = [ { targets = [ "localhost:9093" ]; } ]; + } + ]; + alertmanager = { + enable = true; + webExternalUrl = "https://alert.lass.r"; + listenAddress = "[::1]"; + configuration = { + global = { + # The smarthost and SMTP sender used for mail notifications. + smtp_smarthost = "localhost:587"; + smtp_from = "alertmanager@alert.lass.r"; + # smtp_auth_username = "alertmanager@thalheim.io"; + # smtp_auth_password = "$SMTP_PASSWORD"; + }; + route = { + receiver = "default"; + routes = [ + { + group_by = [ "host" ]; + group_wait = "30s"; + group_interval = "2m"; + repeat_interval = "2h"; + receiver = "all"; + } + ]; + }; + receivers = [ + { + name = "all"; + webhook_configs = [{ + url = "http://127.0.0.1:9223/"; + max_alerts = 5; + }]; + } + { + name = "default"; + } + ]; + }; + }; + }; + +} diff --git a/lass/2configs/monitoring/telegraf.nix b/lass/2configs/monitoring/telegraf.nix new file mode 100644 index 000000000..5258b87ed --- /dev/null +++ b/lass/2configs/monitoring/telegraf.nix @@ -0,0 +1,72 @@ +{ config, lib, pkgs, ... }: +let + isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules; +in { + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 9273"; target = "ACCEPT"; } + ]; + + systemd.services.telegraf.path = [ pkgs.nvme-cli ]; + + services.telegraf = { + enable = true; + extraConfig = { + agent.interval = "60s"; + inputs = { + http_response = [ + { urls = [ + "http://localhost:8080/about/health/" + ]; } + ]; + prometheus.metric_version = 2; + kernel_vmstat = { }; + # smart = lib.mkIf (!isVM) { + # path = pkgs.writeShellScript "smartctl" '' + # exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@" + # ''; + # }; + system = { }; + mem = { }; + file = [{ + data_format = "influx"; + file_tag = "name"; + files = [ "/var/log/telegraf/*" ]; + }] ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) { + name_override = "ext4_errors"; + files = [ "/sys/fs/ext4/*/errors_count" ]; + data_format = "value"; + }; + exec = lib.optionalAttrs (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems) { + ## Commands array + commands = [ + (pkgs.writeScript "zpool-health" '' + #!${pkgs.gawk}/bin/awk -f + BEGIN { + while ("${pkgs.zfs}/bin/zpool status" | getline) { + if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 } + if ($1 ~ /state:/) { printf " state=\"%s\",", $2 } + if ($1 ~ /errors:/) { + if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2 + } + } + } + '') + ]; + data_format = "influx"; + }; + systemd_units = { }; + swap = { }; + disk.tagdrop = { + fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ]; + device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ]; + }; + diskio = { }; + }; + outputs.prometheus_client = { + listen = ":9273"; + metric_version = 2; + }; + }; + }; +} diff --git a/lib/pure.nix b/lib/pure.nix index bb2d586f6..3329db022 100644 --- a/lib/pure.nix +++ b/lib/pure.nix @@ -26,7 +26,7 @@ let krops = import ../submodules/krops/lib; shell = import ./shell.nix { inherit (stockholm) lib; }; systemd = { - encodeName = replaceChars ["/"] ["\\x2f"]; + encodeName = replaceStrings ["/"] ["\\x2f"]; }; types = nixpkgs-lib.types // import ./types.nix { lib = stockholm.lib; }; uri = import ./uri.nix { inherit (stockholm) lib; }; @@ -79,7 +79,7 @@ let string = toJSON x; # close enough }.${type} or reject; - indent = replaceChars ["\n"] ["\n "]; + indent = replaceStrings ["\n"] ["\n "]; stripAttr = converge (filterAttrsRecursive (n: v: v != {} && v != null)); diff --git a/makefu/3modules/snapraid.nix b/makefu/3modules/snapraid.nix index 1a2c08475..25254c142 100644 --- a/makefu/3modules/snapraid.nix +++ b/makefu/3modules/snapraid.nix @@ -4,7 +4,7 @@ with import <stockholm/lib>; let # returns dirname without / , used as disk name - dname = dir: replaceChars ["/"] [""] (head (reverseList (splitString "/" dir))); + dname = dir: replaceStrings ["/"] [""] (head (reverseList (splitString "/" dir))); snapraid-conf = '' # Disks ${concatMapStringsSep "\n" (d: "disk ${dname d} ${d}") cfg.disks} diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix deleted file mode 100644 index 4d45f6d40..000000000 --- a/tv/1systems/wu/config.nix +++ /dev/null @@ -1,42 +0,0 @@ -with import ../lib; -{ config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.wu; - - imports = [ - <stockholm/tv> - <stockholm/tv/2configs/hw/w110er.nix> - <stockholm/tv/2configs/exim-retiolum.nix> - <stockholm/tv/2configs/pulse.nix> - <stockholm/tv/2configs/retiolum.nix> - <stockholm/tv/2configs/xserver> - ]; - - boot.initrd.luks.devices.wuca.device = "/dev/sda2"; - - fileSystems = { - "/" = { - device = "/dev/mapper/wuvga-root"; - fsType = "ext4"; - }; - "/bku" = { - device = "/dev/mapper/wuvga-bku"; - fsType = "ext4"; - }; - "/home" = { - device = "/dev/mapper/wuvga-home"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/sda1"; - }; - }; - - networking.wireless.enable = true; - networking.wireless.interfaces = [ - "wlp3s0" - ]; - networking.interfaces.enp4s0f2.useDHCP = true; - networking.interfaces.wlp3s0.useDHCP = true; - networking.useDHCP = false; - -} diff --git a/tv/1systems/wu/lib b/tv/1systems/wu/lib deleted file mode 120000 index dc598c56d..000000000 --- a/tv/1systems/wu/lib +++ /dev/null @@ -1 +0,0 @@ -../lib
\ No newline at end of file diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index c8ab73b50..56c04c4e3 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -9,12 +9,6 @@ with import ./lib; yearly = { format = "%Y"; }; }; }) { - bu-home-wu = { - method = "push"; - src = { host = config.krebs.hosts.bu; path = "/home"; }; - dst = { host = config.krebs.hosts.wu; path = "/bku/bu-home"; }; - startAt = "05:15"; - }; bu-home-xu = { method = "push"; src = { host = config.krebs.hosts.bu; path = "/home"; }; @@ -45,18 +39,6 @@ with import ./lib; dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; }; startAt = "22:00"; }; - wu-home-xu = { - method = "push"; - src = { host = config.krebs.hosts.wu; path = "/home"; }; - dst = { host = config.krebs.hosts.xu; path = "/bku/wu-home"; }; - startAt = "05:00"; - }; - wu-home-zu = { - method = "push"; - src = { host = config.krebs.hosts.wu; path = "/home"; }; - dst = { host = config.krebs.hosts.zu; path = "/bku/wu-home"; }; - startAt = "05:20"; - }; xu-home-bu = { method = "push"; src = { host = config.krebs.hosts.xu; path = "/home"; }; @@ -69,12 +51,6 @@ with import ./lib; dst = { host = config.krebs.hosts.nomic; path = "/fs/cis3hG/bku/xu-home"; }; startAt = "05:20"; }; - xu-home-wu = { - method = "push"; - src = { host = config.krebs.hosts.xu; path = "/home"; }; - dst = { host = config.krebs.hosts.wu; path = "/bku/xu-home"; }; - startAt = "06:00"; - }; xu-home-zu = { method = "push"; src = { host = config.krebs.hosts.xu; path = "/home"; }; @@ -129,10 +105,5 @@ with import ./lib; src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; }; dst = { host = config.krebs.hosts.xu; path = "/bku/xu-test-pull"; }; }; - xu-test-push-wu = { - method = "push"; - src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; }; - dst = { host = config.krebs.hosts.wu; path = "/bku/xu-test-push"; }; - }; }; } diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 53b11c620..a8d840c15 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -130,11 +130,4 @@ with import ./lib; ]; } ]; - - nixpkgs.overlays = - mkAfter (optional config.hardware.video.hidpi.enable (self: super: { - alacritty-tv = super.alacritty-tv.override { - variant = "hidpi"; - }; - })); } diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index e905536df..6750d9a85 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -15,7 +15,6 @@ with import ./lib; ]; relay_from_hosts = concatMap (host: host.nets.retiolum.addrs) [ config.krebs.hosts.nomic - config.krebs.hosts.wu config.krebs.hosts.xu ]; internet-aliases = with config.krebs.users; [ diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix deleted file mode 100644 index bf749a98a..000000000 --- a/tv/2configs/hw/w110er.nix +++ /dev/null @@ -1,70 +0,0 @@ -with import ./lib; -{ pkgs, ... }: { - imports = [ - ../smartd.nix - { - # nvidia doesn't build despite - # https://github.com/NixOS/nixpkgs/issues/33284 - #hardware.bumblebee.enable = true; - #hardware.bumblebee.group = "video"; - #hardware.enableRedistributableFirmware= true; - #krebs.nixpkgs.allowUnfreePredicate = pkg: any (eq (packageName pkg)) [ - # "nvidia-x11" - # "nvidia-persistenced" - # "nvidia-settings" - #]; - } - - { - nix.buildCores = 4; - nix.maxJobs = 4; - } - (if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then { - nix.daemonCPUSchedPolicy = "batch"; - nix.daemonIOSchedPriority = 1; - } else { - nix.daemonIONiceLevel = 1; - nix.daemonNiceLevel = 1; - }) - ]; - - boot.extraModprobeConfig = '' - options kvm_intel nested=1 - ''; - - boot.initrd.availableKernelModules = [ "ahci" ]; - boot.kernelModules = [ "kvm-intel" ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - hardware.enableRedistributableFirmware = true; - - hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages = [ pkgs.vaapiIntel ]; - - networking.wireless.enable = true; - - services.logind.extraConfig = '' - HandleHibernateKey=ignore - HandleLidSwitch=ignore - HandlePowerKey=ignore - HandleSuspendKey=ignore - ''; - - system.activationScripts.powertopTunables = '' - echo 1 > /sys/module/snd_hda_intel/parameters/power_save - echo 1500 > /proc/sys/vm/dirty_writeback_centisecs - (cd /sys/bus/pci/devices - for i in *; do - echo auto > $i/power/control # defaults to 'on' - done) - ''; - - services.xserver = { - videoDriver = "intel"; - }; - - tv.hw.screens.primary.width = 1366; - tv.hw.screens.primary.height = 768; -} diff --git a/tv/2configs/nets/hkw.nix b/tv/2configs/nets/hkw.nix index c3acde1fb..51a8a7366 100644 --- a/tv/2configs/nets/hkw.nix +++ b/tv/2configs/nets/hkw.nix @@ -38,19 +38,6 @@ ]; }; }; - wu = { - nets.hkw = { - ip4 = { - addr = "10.23.1.37"; - prefix = "10.23.1.0/24"; - }; - aliases = [ - "wu.hkw" - "cache.wu.hkw" - ]; - ssh.port = 11423; - }; - }; xu = { nets.hkw = { ip4 = { diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index f10ccb10e..9b9d86f58 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -52,12 +52,6 @@ in { enable = true; display = mkForce 11; tty = mkForce 11; - - synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - }; }; systemd.services.display-manager.enable = false; |