From f9adf3af97b7f4be5dcd314fa45138fc59cc1b7f Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 5 Sep 2023 11:30:39 +0200 Subject: tv initrd/sshd: init --- tv/2configs/initrd/sshd.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 tv/2configs/initrd/sshd.nix diff --git a/tv/2configs/initrd/sshd.nix b/tv/2configs/initrd/sshd.nix new file mode 100644 index 000000000..eff848074 --- /dev/null +++ b/tv/2configs/initrd/sshd.nix @@ -0,0 +1,17 @@ +{ config, ... }: { + boot.initrd.availableKernelModules = [ + "e1000e" + ]; + boot.initrd.network.enable = true; + boot.initrd.network.ssh = { + enable = true; + port = 11423; + authorizedKeys = [ + config.krebs.users.tv.pubkey + ]; + ignoreEmptyHostKeys = true; + }; + boot.initrd.secrets = { + "/etc/ssh/ssh_host_rsa_key" = ; + }; +} -- cgit v1.2.3 From 90b1515dcd5b67a85cd92901fb211764b1fa5f83 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 5 Sep 2023 21:11:11 +0200 Subject: tv weechat-server: init --- tv/2configs/weechat-server.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 tv/2configs/weechat-server.nix diff --git a/tv/2configs/weechat-server.nix b/tv/2configs/weechat-server.nix new file mode 100644 index 000000000..41f157c35 --- /dev/null +++ b/tv/2configs/weechat-server.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: { + users.users.tv.packages = [ + (pkgs.writers.writeDashBin "weechat-client" '' + set -efu + exec ${pkgs.tmux}/bin/tmux attach -t weechat + '') + ]; + systemd.services.weechat = { + wantedBy = [ "multi-user.target" ]; + environment = { + TERM = "rxvt-unicode-256color"; + }; + serviceConfig = { + ExecStart = "${pkgs.tmux}/bin/tmux new -d -s weechat ${pkgs.weechat}/bin/weechat"; + OOMScoreAdjust = -1000; + Restart = "always"; + RestartSec = "100ms"; + Type = "forking"; + StartLimitBurst = 0; + User = "tv"; + WorkingDirectory = "/home/tv"; + }; + }; +} -- cgit v1.2.3 From 5370e0485788224126861e076110ac705013d2de Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 11 Sep 2023 15:31:13 +0200 Subject: treewide: don't reference explicitly --- kartei/makefu/default.nix | 2 +- kartei/tv/default.nix | 2 +- krebs/1systems/hotdog/config.nix | 2 +- krebs/1systems/puyak/config.nix | 2 +- krebs/1systems/wolf/config.nix | 2 +- krebs/2configs/cache.nsupdate.info.nix | 2 +- krebs/2configs/matterbridge.nix | 2 +- krebs/2configs/secret-passwords.nix | 4 ++-- krebs/2configs/shack/gitlab-runner.nix | 4 ++-- krebs/2configs/shack/grafana.nix | 5 ++--- krebs/2configs/shack/muell_caller.nix | 2 +- krebs/2configs/shack/muell_mail.nix | 2 +- krebs/2configs/shack/prometheus/unifi.nix | 2 +- krebs/2configs/shack/s3-power.nix | 2 +- krebs/3modules/retiolum-bootstrap.nix | 4 ++-- krebs/3modules/secret.nix | 12 ++++++++---- krebs/5pkgs/simple/generate-secrets/default.nix | 2 +- lib/types.nix | 2 +- tv/2configs/binary-cache/default.nix | 2 +- tv/2configs/default.nix | 6 +++++- tv/2configs/gitrepos.nix | 4 +--- tv/2configs/initrd/sshd.nix | 2 +- tv/2configs/ppp.nix | 2 +- tv/2configs/wiregrill.nix | 2 +- tv/3modules/charybdis/default.nix | 4 ++-- tv/3modules/ejabberd/default.nix | 2 +- tv/3modules/wwan.nix | 2 +- tv/3modules/x0vncserver.nix | 2 +- 28 files changed, 44 insertions(+), 39 deletions(-) diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index e6c296c75..f215f1fcb 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -51,7 +51,7 @@ ssh.pubkey = readFile pubkey-path; # We assume that if the sshd pubkey exits then there must be a privkey in # the screts store as well - ssh.privkey.path = ; + ssh.privkey.path = "${config.krebs.secret.directory}/ssh_host_ed25519_key"; }) host ]; diff --git a/kartei/tv/default.nix b/kartei/tv/default.nix index 2f23324cc..e81bdd32b 100644 --- a/kartei/tv/default.nix +++ b/kartei/tv/default.nix @@ -43,7 +43,7 @@ in { }) (host: mkIf (host.config.ssh.pubkey != null) { ssh.privkey = mapAttrs (const mkDefault) { - path = config.krebs.secret.file "ssh.id_${host.config.ssh.privkey.type}"; + path = "${config.krebs.secret.directory}/ssh.id_${host.config.ssh.privkey.type}"; type = head (toList (builtins.match "ssh-([^ ]+) .*" host.config.ssh.pubkey)); }; }) diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index f3c0d4440..75a8a0da1 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -22,7 +22,7 @@ ]; krebs.build.host = config.krebs.hosts.hotdog; - krebs.hosts.hotdog.ssh.privkey.path = ; + krebs.hosts.hotdog.ssh.privkey.path = "${config.krebs.secret.directory}/ssh.id_ed25519"; krebs.pages.enable = true; boot.isContainer = true; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index a4f22d39c..fb0f6ec61 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -113,7 +113,7 @@ ]; krebs.build.host = config.krebs.hosts.puyak; - krebs.hosts.puyak.ssh.privkey.path = ; + krebs.hosts.puyak.ssh.privkey.path = "${config.krebs.secret.directory}/ssh.id_ed25519"; sound.enable = false; boot = { diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 2415bd32f..6ff280f79 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -51,7 +51,7 @@ in # uninteresting stuff ##################### krebs.build.host = config.krebs.hosts.wolf; - krebs.hosts.wolf.ssh.privkey.path = ; + krebs.hosts.wolf.ssh.privkey.path = "${config.krebs.secret.directory}/ssh.id_ed25519"; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix index 74f345614..1ac63eaf5 100644 --- a/krebs/2configs/cache.nsupdate.info.nix +++ b/krebs/2configs/cache.nsupdate.info.nix @@ -9,7 +9,7 @@ in { enable = true; server = "ipv4.nsupdate.info"; username = domain; - password = import ((toString ) + "/nsupdate-cache.nix"); + password = import "${config.krebs.secret.directory}/nsupdate-cache.nix"; domains = [ domain ]; use= "if, if=et0"; # use = "web, web=http://ipv4.nsupdate.info/myip"; diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix index b96dea300..f42921824 100644 --- a/krebs/2configs/matterbridge.nix +++ b/krebs/2configs/matterbridge.nix @@ -2,7 +2,7 @@ services.matterbridge = { enable = true; configPath = let - bridgeBotToken = lib.strings.fileContents ; + bridgeBotToken = lib.strings.fileContents "${config.krebs.secret.directory}/telegram.token"; in toString ((pkgs.formats.toml {}).generate "config.toml" { general = { diff --git a/krebs/2configs/secret-passwords.nix b/krebs/2configs/secret-passwords.nix index 0f0d068aa..531d570cc 100644 --- a/krebs/2configs/secret-passwords.nix +++ b/krebs/2configs/secret-passwords.nix @@ -1,7 +1,7 @@ -{ lib, ... }: +{ config, lib, ... }: with lib; { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) - (import ); + (import "${config.krebs.secret.directory}/hashedPasswords.nix"); } diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix index d525e7987..a27fe29ae 100644 --- a/krebs/2configs/shack/gitlab-runner.nix +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -1,4 +1,4 @@ -{ pkgs,lib, ... }: +{ config, lib, pkgs, ... }: { boot.kernel.sysctl."net.ipv4.ip_forward" = true; services.gitlab-runner = { @@ -10,7 +10,7 @@ # File should contain at least these two variables: # `CI_SERVER_URL` # `REGISTRATION_TOKEN` - registrationConfigFile = toString ; + registrationConfigFile = "${config.krebs.secret.directory}/shackspace-gitlab-ci"; dockerImage = "alpine"; dockerVolumes = [ "/nix/store:/nix/store:ro" diff --git a/krebs/2configs/shack/grafana.nix b/krebs/2configs/shack/grafana.nix index f42f1c4af..78ef29f97 100644 --- a/krebs/2configs/shack/grafana.nix +++ b/krebs/2configs/shack/grafana.nix @@ -1,7 +1,6 @@ -let +{ config, ... }: let port = 3000; in { - networking.firewall.allowedTCPPorts = [ port ]; # legacy services.nginx.virtualHosts."grafana.shack" = { locations."/" = { @@ -25,6 +24,6 @@ in { users.allowOrgCreate = true; users.autoAssignOrg = true; auth.anonymous.enable = true; - security = import ; + security = import "${config.krebs.secret.directory}/grafana_security.nix"; }; } diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index f3007dd1d..ea335f233 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -21,7 +21,7 @@ let install -m755 -D call.py $out/bin/call-muell ''; }; - cfg = "${toString }/tell.json"; + cfg = "${config.krebs.secret.directory}/tell.json"; in { systemd.services.call_muell = { description = "call muell"; diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 2a8c92e46..69bc33e46 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -9,7 +9,7 @@ let sha256 = "0hgchwam5ma96s2v6mx2jfkh833psadmisjbm3k3153rlxp46frx"; }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/muell_mail"; - cfg = toString ; + cfg = "${config.krebs.secret.directory}/shack/muell_mail.js"; in { users.users.muell_mail = { inherit home; diff --git a/krebs/2configs/shack/prometheus/unifi.nix b/krebs/2configs/shack/prometheus/unifi.nix index 34e47add9..1e42779f0 100644 --- a/krebs/2configs/shack/prometheus/unifi.nix +++ b/krebs/2configs/shack/prometheus/unifi.nix @@ -5,6 +5,6 @@ unifiAddress = "https://unifi.shack:8443/"; unifiInsecure = true; unifiUsername = "prometheus"; # needed manual login after setup to confirm the password - unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile ); + unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile "${config.krebs.secret.directory}/shack/unifi-prometheus-pw"); }; } diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index d8033f1e2..e79d15d73 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -10,7 +10,7 @@ let }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/s3-power"; - cfg = toString ; + cfg = "${config.krebs.secret.directory}/shack/s3-power.json"; in { users.users.s3_power = { inherit home; diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index bd7e7c5f6..1e94df14e 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -22,8 +22,8 @@ in default = "${config.krebs.secret.directory}/tinc.krebsco.de.key"; }; # in use: - # - # + # ${config.krebs.secret.directory}/tinc.krebsco.de.crt + # ${config.krebs.secret.directory}/tinc.krebsco.de.key }; config = mkIf cfg.enable { diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index 90c2f6a6d..c35dceba3 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -7,13 +7,17 @@ in { default = toString ; type = types.absolute-pathname; }; - file = mkOption { - default = relpath: "${cfg.directory}/${relpath}"; - readOnly = true; - }; files = mkOption { type = with pkgs.stockholm.lib.types; attrsOf secret-file; default = {}; + apply = mapAttrs (name: secret-file: + if types.absolute-pathname.check secret-file.source-path then + secret-file + else + secret-file // { + source-path = "${config.krebs.secret.directory}/secret-file.source-path"; + } + ); }; }; config = lib.mkIf (cfg.files != {}) { diff --git a/krebs/5pkgs/simple/generate-secrets/default.nix b/krebs/5pkgs/simple/generate-secrets/default.nix index a3c9f67c5..8522b5dda 100644 --- a/krebs/5pkgs/simple/generate-secrets/default.nix +++ b/krebs/5pkgs/simple/generate-secrets/default.nix @@ -39,7 +39,7 @@ pkgs.writers.writeDashBin "generate-secrets" '' }; }; }; - ssh.privkey.path = ; + ssh.privkey.path = "\''${config.krebs.secret.directory}/ssh.id_ed25519"; ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; }; EOF diff --git a/lib/types.nix b/lib/types.nix index 5f01ccb52..ad8421b18 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -340,7 +340,7 @@ rec { }; source-path = mkOption { type = str; - default = toString + "/${config.name}"; + default = config.name; defaultText = "‹secrets/‹name››"; }; }; diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix index 66d740715..5b4e75107 100644 --- a/tv/2configs/binary-cache/default.nix +++ b/tv/2configs/binary-cache/default.nix @@ -11,7 +11,7 @@ services.nix-serve = { enable = true; - secretKeyFile = toString + "/nix-serve.key"; + secretKeyFile = "${config.krebs.secret.directory}/nix-serve.key"; }; services.nginx = { diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index a8d840c15..91aad54cf 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -10,7 +10,6 @@ with import ./lib; networking.hostName = config.krebs.build.host.name; imports = [ - ./backup.nix ./bash ./htop.nix @@ -28,6 +27,11 @@ with import ./lib; defaultUserShell = "/run/current-system/sw/bin/bash"; mutableUsers = false; users = { + root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey + ]; + }; tv = { inherit (config.krebs.users.tv) home uid; isNormalUser = true; diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 58dffe6a6..102d264b6 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -178,9 +178,7 @@ with import ./lib; ''; }; }; - } // - # TODO don't put secrets/repos.nix into the store - import { inherit config lib pkgs; } + } ); irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate { diff --git a/tv/2configs/initrd/sshd.nix b/tv/2configs/initrd/sshd.nix index eff848074..d7264f073 100644 --- a/tv/2configs/initrd/sshd.nix +++ b/tv/2configs/initrd/sshd.nix @@ -12,6 +12,6 @@ ignoreEmptyHostKeys = true; }; boot.initrd.secrets = { - "/etc/ssh/ssh_host_rsa_key" = ; + "/etc/ssh/ssh_host_rsa_key" = "${config.krebs.secret.directory}/initrd/ssh_host_rsa_key"; }; } diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix index 24d2831c4..b3ae4da89 100644 --- a/tv/2configs/ppp.nix +++ b/tv/2configs/ppp.nix @@ -1,7 +1,7 @@ with import ./lib; { config, pkgs, ... }: let cfg = { - pin = "@${toString }"; + pin = "@${config.krebs.secret.directory}/o2.pin"; ttys.ppp = "/dev/ttyACM0"; ttys.com = "/dev/ttyACM1"; }; diff --git a/tv/2configs/wiregrill.nix b/tv/2configs/wiregrill.nix index edf65e979..cace01a6b 100644 --- a/tv/2configs/wiregrill.nix +++ b/tv/2configs/wiregrill.nix @@ -12,7 +12,7 @@ in optional (cfg.net.ip4 != null) cfg.net.ip4.addr ++ optional (cfg.net.ip6 != null) cfg.net.ip6.addr; listenPort = 51820; - privateKeyFile = (toString ) + "/wiregrill.key"; + privateKeyFile = "${config.krebs.secret.directory}/wiregrill.key"; allowedIPsAsRoutes = true; peers = mapAttrsToList (_: host: { diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 4a0f99503..1fdcea572 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -17,11 +17,11 @@ in { }; ssl_dh_params = mkOption { type = types.absolute-pathname; - default = toString + "/charybdis.dh.pem"; + default = "${config.krebs.secret.directory}/charybdis.dh.pem"; }; ssl_private_key = mkOption { type = types.absolute-pathname; - default = toString + "/charybdis.key.pem"; + default = "${config.krebs.secret.directory}/charybdis.key.pem"; }; sslport = mkOption { type = types.int; diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index 71a1a597a..61fd8fdf1 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -20,7 +20,7 @@ in { certfiles = mkOption { type = types.listOf types.absolute-pathname; default = [ - (toString + "/ejabberd.pem") + "${config.krebs.secret.directory}/ejabberd.pem" ]; }; configFile = mkOption { diff --git a/tv/3modules/wwan.nix b/tv/3modules/wwan.nix index 382f5a535..0cdfbf36c 100644 --- a/tv/3modules/wwan.nix +++ b/tv/3modules/wwan.nix @@ -19,7 +19,7 @@ with import ./lib; }; tv.wwan.secrets = mkOption { type = with types; pathname; - default = toString ; + default = "${config.krebs.secret.directory}/wwan.json"; # format: {"pin1":number} }; }; diff --git a/tv/3modules/x0vncserver.nix b/tv/3modules/x0vncserver.nix index eb9b1ae4e..c8e23d06e 100644 --- a/tv/3modules/x0vncserver.nix +++ b/tv/3modules/x0vncserver.nix @@ -9,7 +9,7 @@ in { }; enable = mkEnableOption "tv.x0vncserver"; pwfile = mkOption { - default = toString + "/vncpasswd"; + default = "${config.krebs.secret.directory}/vncpasswd"; description = '' Use vncpasswd to edit pwfile. See: nix-shell -p tigervnc --run 'man vncpasswd' -- cgit v1.2.3 From fbd485cd86c7e9984819357398f912a2d5510845 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 12 Sep 2023 12:56:39 +0200 Subject: tv: emigrate --- kartei/tv/hosts/alnus.nix | 1 - kartei/tv/hosts/au.nix | 1 - kartei/tv/hosts/bu.nix | 1 - kartei/tv/hosts/mu.nix | 1 - kartei/tv/hosts/nomic.nix | 1 - kartei/tv/hosts/querel.nix | 1 - kartei/tv/hosts/ru.nix | 1 - kartei/tv/hosts/xu.nix | 1 - kartei/tv/hosts/zu.nix | 1 - tv/1systems/alnus/config.nix | 87 ---- tv/1systems/alnus/lib | 1 - tv/1systems/au/config.nix | 23 - tv/1systems/au/disks.nix | 19 - tv/1systems/au/lib | 1 - tv/1systems/bu/config.nix | 35 -- tv/1systems/bu/disks.nix | 19 - tv/1systems/bu/lib | 1 - tv/1systems/lib | 1 - tv/1systems/mu/config.nix | 127 ----- tv/1systems/mu/lib | 1 - tv/1systems/nomic/config.nix | 62 --- tv/1systems/nomic/lib | 1 - tv/1systems/querel/config.nix | 86 ---- tv/1systems/querel/lib | 1 - tv/1systems/ru/config.nix | 37 -- tv/1systems/xu/config.nix | 154 ------ tv/1systems/xu/lib | 1 - tv/1systems/zu/config.nix | 51 -- tv/2configs/autotether.nix | 19 - tv/2configs/backup.nix | 109 ----- tv/2configs/bash/default.nix | 67 --- tv/2configs/bash/lib | 1 - tv/2configs/binary-cache/default.nix | 29 -- tv/2configs/binary-cache/lib | 1 - tv/2configs/br.nix | 49 -- tv/2configs/default.nix | 137 ------ tv/2configs/elm-packages-proxy.nix | 359 -------------- tv/2configs/exim-retiolum.nix | 9 - tv/2configs/exim-smarthost.nix | 46 -- tv/2configs/fs/CAC-CentOS-7-64bit.nix | 20 - tv/2configs/gitconfig.nix | 16 - tv/2configs/gitrepos.nix | 233 --------- tv/2configs/htop.nix | 40 -- tv/2configs/hw/AO753.nix | 48 -- tv/2configs/hw/lib | 1 - tv/2configs/hw/winmax2.nix | 48 -- tv/2configs/hw/x220.nix | 89 ---- tv/2configs/imgur.nix | 22 - tv/2configs/initrd/sshd.nix | 17 - tv/2configs/lib | 1 - tv/2configs/mail-client.nix | 9 - tv/2configs/man.nix | 13 - tv/2configs/nets/hkw.nix | 68 --- tv/2configs/networkd.nix | 4 - tv/2configs/nginx/default.nix | 22 - tv/2configs/nginx/lib | 1 - tv/2configs/nginx/public_html.nix | 18 - tv/2configs/nix.nix | 9 - tv/2configs/pki/certs/tv.crt | 31 -- tv/2configs/pki/default.nix | 68 --- tv/2configs/pki/lib | 1 - tv/2configs/ppp.nix | 86 ---- tv/2configs/pulse.nix | 120 ----- tv/2configs/repo-sync/lib | 1 - tv/2configs/repo-sync/wiki.nix | 40 -- tv/2configs/retiolum.nix | 27 -- tv/2configs/smartd.nix | 17 - tv/2configs/ssh.nix | 22 - tv/2configs/sshd.nix | 27 -- tv/2configs/urlwatch.nix | 117 ----- tv/2configs/vim.nix | 183 -------- tv/2configs/weechat-server.nix | 24 - tv/2configs/wiregrill.nix | 37 -- tv/2configs/xdg.nix | 11 - tv/2configs/xserver/Xmodmap.nix | 28 -- tv/2configs/xserver/default.nix | 167 ------- tv/2configs/xserver/lib | 1 - tv/2configs/xserver/sxiv.nix | 12 - tv/2configs/xserver/urxvt.nix | 73 --- tv/2configs/xserver/xkiller.nix | 14 - tv/2configs/xserver/xserver.conf.nix | 39 -- tv/2configs/xsessions/default.nix | 5 - tv/2configs/xsessions/urxvtd.nix | 15 - tv/3modules/Xresources.nix | 38 -- tv/3modules/charybdis/config.nix | 519 --------------------- tv/3modules/charybdis/default.nix | 81 ---- tv/3modules/charybdis/lib | 1 - tv/3modules/default.nix | 8 - tv/3modules/dnsmasq.nix | 58 --- tv/3modules/ejabberd/default.nix | 275 ----------- tv/3modules/ejabberd/lib | 1 - tv/3modules/focus.nix | 4 - tv/3modules/hosts.nix | 9 - tv/3modules/hw.nix | 16 - tv/3modules/im.nix | 110 ----- tv/3modules/iptables.nix | 208 --------- tv/3modules/lib | 1 - tv/3modules/lidControl.nix | 45 -- .../org.freedesktop.machine1.host-shell.nix | 29 -- tv/3modules/slock.nix | 78 ---- tv/3modules/systemd.nix | 47 -- tv/3modules/unbound.nix | 84 ---- tv/3modules/wwan.nix | 182 -------- tv/3modules/x0vncserver.nix | 45 -- tv/5pkgs/compat/default.nix | 1 - tv/5pkgs/default.nix | 19 - tv/5pkgs/haskell/default.nix | 28 -- tv/5pkgs/haskell/lib | 1 - tv/5pkgs/haskell/th-env/default.nix | 10 - tv/5pkgs/haskell/th-env/src/THEnv.hs | 49 -- tv/5pkgs/haskell/th-env/th-env.cabal | 20 - tv/5pkgs/haskell/xmonad-tv/default.nix | 16 - tv/5pkgs/haskell/xmonad-tv/shell.nix | 83 ---- tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs | 113 ----- tv/5pkgs/haskell/xmonad-tv/src/XMonad/Extra.hs | 14 - .../src/XMonad/Hooks/EwmhDesktops/Extra.hs | 117 ----- tv/5pkgs/haskell/xmonad-tv/src/main.hs | 227 --------- tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal | 29 -- tv/5pkgs/lib | 1 - tv/5pkgs/override/alacritty.nix | 16 - tv/5pkgs/override/anbox.nix | 72 --- tv/5pkgs/override/default.nix | 4 - tv/5pkgs/override/fzf/complete1.patch | 77 --- tv/5pkgs/override/fzf/default.nix | 7 - tv/5pkgs/override/gitAndTools.nix | 5 - tv/5pkgs/override/input-fonts.nix | 13 - tv/5pkgs/override/iosevka-tv-1.nix | 20 - tv/5pkgs/override/iosevka-tv-2.nix | 20 - tv/5pkgs/override/jc.nix | 21 - tv/5pkgs/override/lib | 1 - tv/5pkgs/override/uqmi.nix | 10 - .../433Utils/RPi_utils.codesend.codestring.patch | 24 - tv/5pkgs/rpi/433Utils/default.nix | 42 -- tv/5pkgs/rpi/433Utils/rc-switch.protocols.patch | 10 - tv/5pkgs/rpi/433Utils/src.json | 7 - tv/5pkgs/rpi/WiringPi/default.nix | 61 --- tv/5pkgs/rpi/WiringPi/src.json | 6 - tv/5pkgs/rpi/default.nix | 7 - tv/5pkgs/rpi/lib | 1 - tv/5pkgs/simple/alacritty-tv.nix | 152 ------ tv/5pkgs/simple/bash-fzf-history.nix | 102 ---- tv/5pkgs/simple/cr.nix | 16 - tv/5pkgs/simple/default.nix | 18 - tv/5pkgs/simple/diff-so-fancy.nix | 50 -- tv/5pkgs/simple/disko.nix | 13 - tv/5pkgs/simple/editor-input.nix | 18 - tv/5pkgs/simple/ff.nix | 8 - tv/5pkgs/simple/field.nix | 6 - tv/5pkgs/simple/flameshot-once-tv.nix | 48 -- tv/5pkgs/simple/font-size-alacritty.nix | 67 --- tv/5pkgs/simple/fzmenu/bin/otpmenu | 44 -- tv/5pkgs/simple/fzmenu/bin/passmenu | 45 -- tv/5pkgs/simple/fzmenu/default.nix | 50 -- tv/5pkgs/simple/hc.nix | 39 -- tv/5pkgs/simple/iosevka-tv-1.nix | 18 - tv/5pkgs/simple/iosevka-tv-2.nix | 20 - tv/5pkgs/simple/lib | 1 - tv/5pkgs/simple/libinput-tv.nix | 11 - tv/5pkgs/simple/mpvterm/default.nix | 8 - tv/5pkgs/simple/mpvterm/mpvterm.patch | 146 ------ tv/5pkgs/simple/pinentry-urxvt/default.nix | 124 ----- tv/5pkgs/simple/pinentry-urxvt/lib | 1 - tv/5pkgs/simple/q/default.nix | 171 ------- tv/5pkgs/simple/q/lib | 1 - tv/5pkgs/simple/rox-filer.nix | 95 ---- .../rxvt-unicode-256color-terminfo/default.nix | 16 - .../rxvt-unicode-256color.terminfo | Bin 2239 -> 0 bytes tv/5pkgs/simple/stardict/default.nix | 235 ---------- tv/5pkgs/simple/viljetic-pages/default.nix | 17 - tv/5pkgs/simple/viljetic-pages/index.html | 11 - tv/5pkgs/simple/viljetic-pages/logo.xpm | 24 - tv/5pkgs/simple/weechat-tv.nix | 9 - tv/5pkgs/simple/xdpytools/default.nix | 31 -- tv/5pkgs/simple/xdpytools/src/xdpychvt | 11 - tv/5pkgs/simple/xdpytools/src/xdpysel | 49 -- tv/5pkgs/simple/xkiller.nix | 25 - tv/5pkgs/simple/xtoggledpms.nix | 16 - tv/5pkgs/vim/default.nix | 11 - tv/5pkgs/vim/elixir.nix | 9 - tv/5pkgs/vim/file-line.nix | 10 - tv/5pkgs/vim/fzf.nix | 11 - tv/5pkgs/vim/hack.nix | 49 -- tv/5pkgs/vim/jq.nix | 10 - tv/5pkgs/vim/lib | 1 - tv/5pkgs/vim/nix.nix | 225 --------- tv/5pkgs/vim/showsyntax.nix | 26 -- tv/5pkgs/vim/tv.nix | 42 -- tv/5pkgs/vim/vim.nix | 16 - tv/default.nix | 15 - tv/dummy_secrets/default.nix | 8 - tv/dummy_secrets/o2.pin | 1 - tv/dummy_secrets/repos.nix | 1 - tv/dummy_secrets/ssh.id_ed25519 | 3 - tv/dummy_secrets/ssh.id_rsa | 3 - tv/krops.nix | 23 - tv/lib | 1 - tv/tombstone | 1 + 197 files changed, 1 insertion(+), 8560 deletions(-) delete mode 100644 tv/1systems/alnus/config.nix delete mode 120000 tv/1systems/alnus/lib delete mode 100644 tv/1systems/au/config.nix delete mode 100644 tv/1systems/au/disks.nix delete mode 120000 tv/1systems/au/lib delete mode 100644 tv/1systems/bu/config.nix delete mode 100644 tv/1systems/bu/disks.nix delete mode 120000 tv/1systems/bu/lib delete mode 120000 tv/1systems/lib delete mode 100644 tv/1systems/mu/config.nix delete mode 120000 tv/1systems/mu/lib delete mode 100644 tv/1systems/nomic/config.nix delete mode 120000 tv/1systems/nomic/lib delete mode 100644 tv/1systems/querel/config.nix delete mode 120000 tv/1systems/querel/lib delete mode 100644 tv/1systems/ru/config.nix delete mode 100644 tv/1systems/xu/config.nix delete mode 120000 tv/1systems/xu/lib delete mode 100644 tv/1systems/zu/config.nix delete mode 100644 tv/2configs/autotether.nix delete mode 100644 tv/2configs/backup.nix delete mode 100644 tv/2configs/bash/default.nix delete mode 120000 tv/2configs/bash/lib delete mode 100644 tv/2configs/binary-cache/default.nix delete mode 120000 tv/2configs/binary-cache/lib delete mode 100644 tv/2configs/br.nix delete mode 100644 tv/2configs/default.nix delete mode 100644 tv/2configs/elm-packages-proxy.nix delete mode 100644 tv/2configs/exim-retiolum.nix delete mode 100644 tv/2configs/exim-smarthost.nix delete mode 100644 tv/2configs/fs/CAC-CentOS-7-64bit.nix delete mode 100644 tv/2configs/gitconfig.nix delete mode 100644 tv/2configs/gitrepos.nix delete mode 100644 tv/2configs/htop.nix delete mode 100644 tv/2configs/hw/AO753.nix delete mode 120000 tv/2configs/hw/lib delete mode 100644 tv/2configs/hw/winmax2.nix delete mode 100644 tv/2configs/hw/x220.nix delete mode 100644 tv/2configs/imgur.nix delete mode 100644 tv/2configs/initrd/sshd.nix delete mode 120000 tv/2configs/lib delete mode 100644 tv/2configs/mail-client.nix delete mode 100644 tv/2configs/man.nix delete mode 100644 tv/2configs/nets/hkw.nix delete mode 100644 tv/2configs/networkd.nix delete mode 100644 tv/2configs/nginx/default.nix delete mode 120000 tv/2configs/nginx/lib delete mode 100644 tv/2configs/nginx/public_html.nix delete mode 100644 tv/2configs/nix.nix delete mode 100644 tv/2configs/pki/certs/tv.crt delete mode 100644 tv/2configs/pki/default.nix delete mode 120000 tv/2configs/pki/lib delete mode 100644 tv/2configs/ppp.nix delete mode 100644 tv/2configs/pulse.nix delete mode 120000 tv/2configs/repo-sync/lib delete mode 100644 tv/2configs/repo-sync/wiki.nix delete mode 100644 tv/2configs/retiolum.nix delete mode 100644 tv/2configs/smartd.nix delete mode 100644 tv/2configs/ssh.nix delete mode 100644 tv/2configs/sshd.nix delete mode 100644 tv/2configs/urlwatch.nix delete mode 100644 tv/2configs/vim.nix delete mode 100644 tv/2configs/weechat-server.nix delete mode 100644 tv/2configs/wiregrill.nix delete mode 100644 tv/2configs/xdg.nix delete mode 100644 tv/2configs/xserver/Xmodmap.nix delete mode 100644 tv/2configs/xserver/default.nix delete mode 120000 tv/2configs/xserver/lib delete mode 100644 tv/2configs/xserver/sxiv.nix delete mode 100644 tv/2configs/xserver/urxvt.nix delete mode 100644 tv/2configs/xserver/xkiller.nix delete mode 100644 tv/2configs/xserver/xserver.conf.nix delete mode 100644 tv/2configs/xsessions/default.nix delete mode 100644 tv/2configs/xsessions/urxvtd.nix delete mode 100644 tv/3modules/Xresources.nix delete mode 100644 tv/3modules/charybdis/config.nix delete mode 100644 tv/3modules/charybdis/default.nix delete mode 120000 tv/3modules/charybdis/lib delete mode 100644 tv/3modules/default.nix delete mode 100644 tv/3modules/dnsmasq.nix delete mode 100644 tv/3modules/ejabberd/default.nix delete mode 120000 tv/3modules/ejabberd/lib delete mode 100644 tv/3modules/focus.nix delete mode 100644 tv/3modules/hosts.nix delete mode 100644 tv/3modules/hw.nix delete mode 100644 tv/3modules/im.nix delete mode 100644 tv/3modules/iptables.nix delete mode 120000 tv/3modules/lib delete mode 100644 tv/3modules/lidControl.nix delete mode 100644 tv/3modules/org.freedesktop.machine1.host-shell.nix delete mode 100644 tv/3modules/slock.nix delete mode 100644 tv/3modules/systemd.nix delete mode 100644 tv/3modules/unbound.nix delete mode 100644 tv/3modules/wwan.nix delete mode 100644 tv/3modules/x0vncserver.nix delete mode 100644 tv/5pkgs/compat/default.nix delete mode 100644 tv/5pkgs/default.nix delete mode 100644 tv/5pkgs/haskell/default.nix delete mode 120000 tv/5pkgs/haskell/lib delete mode 100644 tv/5pkgs/haskell/th-env/default.nix delete mode 100644 tv/5pkgs/haskell/th-env/src/THEnv.hs delete mode 100644 tv/5pkgs/haskell/th-env/th-env.cabal delete mode 100644 tv/5pkgs/haskell/xmonad-tv/default.nix delete mode 100644 tv/5pkgs/haskell/xmonad-tv/shell.nix delete mode 100644 tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs delete mode 100644 tv/5pkgs/haskell/xmonad-tv/src/XMonad/Extra.hs delete mode 100644 tv/5pkgs/haskell/xmonad-tv/src/XMonad/Hooks/EwmhDesktops/Extra.hs delete mode 100644 tv/5pkgs/haskell/xmonad-tv/src/main.hs delete mode 100644 tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal delete mode 120000 tv/5pkgs/lib delete mode 100644 tv/5pkgs/override/alacritty.nix delete mode 100644 tv/5pkgs/override/anbox.nix delete mode 100644 tv/5pkgs/override/default.nix delete mode 100644 tv/5pkgs/override/fzf/complete1.patch delete mode 100644 tv/5pkgs/override/fzf/default.nix delete mode 100644 tv/5pkgs/override/gitAndTools.nix delete mode 100644 tv/5pkgs/override/input-fonts.nix delete mode 100644 tv/5pkgs/override/iosevka-tv-1.nix delete mode 100644 tv/5pkgs/override/iosevka-tv-2.nix delete mode 100644 tv/5pkgs/override/jc.nix delete mode 120000 tv/5pkgs/override/lib delete mode 100644 tv/5pkgs/override/uqmi.nix delete mode 100644 tv/5pkgs/rpi/433Utils/RPi_utils.codesend.codestring.patch delete mode 100644 tv/5pkgs/rpi/433Utils/default.nix delete mode 100644 tv/5pkgs/rpi/433Utils/rc-switch.protocols.patch delete mode 100644 tv/5pkgs/rpi/433Utils/src.json delete mode 100644 tv/5pkgs/rpi/WiringPi/default.nix delete mode 100644 tv/5pkgs/rpi/WiringPi/src.json delete mode 100644 tv/5pkgs/rpi/default.nix delete mode 120000 tv/5pkgs/rpi/lib delete mode 100644 tv/5pkgs/simple/alacritty-tv.nix delete mode 100644 tv/5pkgs/simple/bash-fzf-history.nix delete mode 100644 tv/5pkgs/simple/cr.nix delete mode 100644 tv/5pkgs/simple/default.nix delete mode 100644 tv/5pkgs/simple/diff-so-fancy.nix delete mode 100644 tv/5pkgs/simple/disko.nix delete mode 100644 tv/5pkgs/simple/editor-input.nix delete mode 100644 tv/5pkgs/simple/ff.nix delete mode 100644 tv/5pkgs/simple/field.nix delete mode 100644 tv/5pkgs/simple/flameshot-once-tv.nix delete mode 100644 tv/5pkgs/simple/font-size-alacritty.nix delete mode 100755 tv/5pkgs/simple/fzmenu/bin/otpmenu delete mode 100755 tv/5pkgs/simple/fzmenu/bin/passmenu delete mode 100644 tv/5pkgs/simple/fzmenu/default.nix delete mode 100644 tv/5pkgs/simple/hc.nix delete mode 100644 tv/5pkgs/simple/iosevka-tv-1.nix delete mode 100644 tv/5pkgs/simple/iosevka-tv-2.nix delete mode 120000 tv/5pkgs/simple/lib delete mode 100644 tv/5pkgs/simple/libinput-tv.nix delete mode 100644 tv/5pkgs/simple/mpvterm/default.nix delete mode 100644 tv/5pkgs/simple/mpvterm/mpvterm.patch delete mode 100644 tv/5pkgs/simple/pinentry-urxvt/default.nix delete mode 120000 tv/5pkgs/simple/pinentry-urxvt/lib delete mode 100644 tv/5pkgs/simple/q/default.nix delete mode 120000 tv/5pkgs/simple/q/lib delete mode 100644 tv/5pkgs/simple/rox-filer.nix delete mode 100644 tv/5pkgs/simple/rxvt-unicode-256color-terminfo/default.nix delete mode 100644 tv/5pkgs/simple/rxvt-unicode-256color-terminfo/rxvt-unicode-256color.terminfo delete mode 100644 tv/5pkgs/simple/stardict/default.nix delete mode 100644 tv/5pkgs/simple/viljetic-pages/default.nix delete mode 100644 tv/5pkgs/simple/viljetic-pages/index.html delete mode 100644 tv/5pkgs/simple/viljetic-pages/logo.xpm delete mode 100644 tv/5pkgs/simple/weechat-tv.nix delete mode 100644 tv/5pkgs/simple/xdpytools/default.nix delete mode 100755 tv/5pkgs/simple/xdpytools/src/xdpychvt delete mode 100755 tv/5pkgs/simple/xdpytools/src/xdpysel delete mode 100644 tv/5pkgs/simple/xkiller.nix delete mode 100644 tv/5pkgs/simple/xtoggledpms.nix delete mode 100644 tv/5pkgs/vim/default.nix delete mode 100644 tv/5pkgs/vim/elixir.nix delete mode 100644 tv/5pkgs/vim/file-line.nix delete mode 100644 tv/5pkgs/vim/fzf.nix delete mode 100644 tv/5pkgs/vim/hack.nix delete mode 100644 tv/5pkgs/vim/jq.nix delete mode 120000 tv/5pkgs/vim/lib delete mode 100644 tv/5pkgs/vim/nix.nix delete mode 100644 tv/5pkgs/vim/showsyntax.nix delete mode 100644 tv/5pkgs/vim/tv.nix delete mode 100644 tv/5pkgs/vim/vim.nix delete mode 100644 tv/default.nix delete mode 100644 tv/dummy_secrets/default.nix delete mode 100644 tv/dummy_secrets/o2.pin delete mode 100644 tv/dummy_secrets/repos.nix delete mode 100644 tv/dummy_secrets/ssh.id_ed25519 delete mode 100644 tv/dummy_secrets/ssh.id_rsa delete mode 100644 tv/krops.nix delete mode 120000 tv/lib create mode 100644 tv/tombstone diff --git a/kartei/tv/hosts/alnus.nix b/kartei/tv/hosts/alnus.nix index e66236f1f..099f3c741 100644 --- a/kartei/tv/hosts/alnus.nix +++ b/kartei/tv/hosts/alnus.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.21.1"; diff --git a/kartei/tv/hosts/au.nix b/kartei/tv/hosts/au.nix index 44279b687..c897f9cb1 100644 --- a/kartei/tv/hosts/au.nix +++ b/kartei/tv/hosts/au.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.13.39"; diff --git a/kartei/tv/hosts/bu.nix b/kartei/tv/hosts/bu.nix index cbdf5af22..ca544c912 100644 --- a/kartei/tv/hosts/bu.nix +++ b/kartei/tv/hosts/bu.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.13.36"; diff --git a/kartei/tv/hosts/mu.nix b/kartei/tv/hosts/mu.nix index e10694ec1..4fb7165f6 100644 --- a/kartei/tv/hosts/mu.nix +++ b/kartei/tv/hosts/mu.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.20.1"; diff --git a/kartei/tv/hosts/nomic.nix b/kartei/tv/hosts/nomic.nix index 7c46dc40a..ebb0edcf5 100644 --- a/kartei/tv/hosts/nomic.nix +++ b/kartei/tv/hosts/nomic.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.0.110"; diff --git a/kartei/tv/hosts/querel.nix b/kartei/tv/hosts/querel.nix index 6b9b9881b..805eeab94 100644 --- a/kartei/tv/hosts/querel.nix +++ b/kartei/tv/hosts/querel.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.22.22"; diff --git a/kartei/tv/hosts/ru.nix b/kartei/tv/hosts/ru.nix index 334df5d07..d1a2be276 100644 --- a/kartei/tv/hosts/ru.nix +++ b/kartei/tv/hosts/ru.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.13.42"; diff --git a/kartei/tv/hosts/xu.nix b/kartei/tv/hosts/xu.nix index e943915e4..7361092b7 100644 --- a/kartei/tv/hosts/xu.nix +++ b/kartei/tv/hosts/xu.nix @@ -2,7 +2,6 @@ binary-cache = { pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s="; }; - ci = true; nets = { retiolum = { ip4.addr = "10.243.13.38"; diff --git a/kartei/tv/hosts/zu.nix b/kartei/tv/hosts/zu.nix index 91270d57e..c40de32a1 100644 --- a/kartei/tv/hosts/zu.nix +++ b/kartei/tv/hosts/zu.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.13.40"; diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix deleted file mode 100644 index 90501d56d..000000000 --- a/tv/1systems/alnus/config.nix +++ /dev/null @@ -1,87 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: { - imports = [ - - - - - ]; - - boot = { - initrd = { - availableKernelModules = [ "ahci" ]; - luks.devices.luksroot.device = "/dev/sda2"; - }; - }; - - environment.systemPackages = [ - pkgs.firefox - pkgs.networkmanagerapplet - (pkgs.pidgin.override { - plugins = [ pkgs.pidgin-otr ]; - }) - ]; - - fileSystems = { - "/boot" = { - device = "/dev/sda1"; - }; - "/" = { - device = "/dev/mapper/main-root"; - fsType = "ext4"; - options = [ "defaults" "noatime" ]; - }; - "/home" = { - device = "/dev/mapper/main-home"; - fsType = "ext4"; - options = [ "defaults" "noatime" ]; - }; - }; - - hardware = { - opengl.driSupport32Bit = true; - pulseaudio.enable = true; - }; - - i18n.defaultLocale = "de_DE.UTF-8"; - - krebs.build = { - host = config.krebs.hosts.alnus; - user = mkForce config.krebs.users.dv; - }; - - networking.networkmanager.enable = true; - - services.earlyoom.enable = true; - services.earlyoom.freeMemThreshold = 5; - systemd.services.earlyoom.environment.EARLYOOM_ARGS = toString [ - "--prefer '^(Web Content|Privileged Cont)$'" # firefox tabs - ]; - - services.xserver = { - enable = true; - layout = "de"; - xkbOptions = "eurosign:e"; - - libinput.enable = false; - synaptics = { - enable = true; - twoFingerScroll = true; - }; - }; - services.xserver.desktopManager.plasma5.enable = true; - services.xserver.displayManager.autoLogin.enable = true; - services.xserver.displayManager.autoLogin.user = "dv"; - - system.stateVersion = "22.05"; - - users.users.dv = { - inherit (config.krebs.users.dv) home uid; - isNormalUser = true; - extraGroups = [ - "audio" - "video" - "networkmanager" - ]; - }; -} diff --git a/tv/1systems/alnus/lib b/tv/1systems/alnus/lib deleted file mode 120000 index dc598c56d..000000000 --- a/tv/1systems/alnus/lib +++ /dev/null @@ -1 +0,0 @@ -../lib \ No newline at end of file diff --git a/tv/1systems/au/config.nix b/tv/1systems/au/config.nix deleted file mode 100644 index 2521059b4..000000000 --- a/tv/1systems/au/config.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, ... }: { - imports = [ - ./disks.nix - - - - - - ]; - - krebs.build.host = config.krebs.hosts.au; - - networking.wireless.enable = true; - networking.useDHCP = false; - networking.interfaces.enp0s25.useDHCP = true; - networking.interfaces.wlp3s0.useDHCP = true; - networking.interfaces.wwp0s29u1u4i6.useDHCP = true; - - system.stateVersion = "20.03"; - - tv.hw.screens.primary.width = 1920; - tv.hw.screens.primary.height = 1080; -} diff --git a/tv/1systems/au/disks.nix b/tv/1systems/au/disks.nix deleted file mode 100644 index 434de1740..000000000 --- a/tv/1systems/au/disks.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - boot.initrd.luks.devices.main.device = "/dev/sda2"; - fileSystems."/" = { - device = "/dev/main/root"; - options = ["defaults" "noatime" "commit=60"]; - }; - fileSystems."/boot" = { - device = "/dev/sda1"; - options = ["defaults" "noatime"]; - }; - fileSystems."/bku" = { - device = "/dev/main/bku"; - options = ["defaults" "noatime"]; - }; - fileSystems."/home" = { - device = "/dev/main/home"; - options = ["defaults" "noatime" "commit=60"]; - }; -} diff --git a/tv/1systems/au/lib b/tv/1systems/au/lib deleted file mode 120000 index dc598c56d..000000000 --- a/tv/1systems/au/lib +++ /dev/null @@ -1 +0,0 @@ -../lib \ No newline at end of file diff --git a/tv/1systems/bu/config.nix b/tv/1systems/bu/config.nix deleted file mode 100644 index a3959cd84..000000000 --- a/tv/1systems/bu/config.nix +++ /dev/null @@ -1,35 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: { - imports = [ - ./disks.nix - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.bu; - - networking.wireless.enable = true; - networking.useDHCP = false; - networking.interfaces.enp0s25.useDHCP = true; - networking.interfaces.wlp3s0.useDHCP = true; - networking.interfaces.wwp0s29u1u4i6.useDHCP = true; - networking.wireless.interfaces = [ - "wlp3s0" - ]; - - programs.gnupg.agent.enable = true; - programs.gnupg.agent.pinentryFlavor = "gtk2"; - - services.earlyoom.enable = true; - services.earlyoom.freeMemThreshold = 5; - systemd.services.earlyoom.environment.EARLYOOM_ARGS = toString [ - "--prefer '(^|/)chromium$'" - ]; - - system.stateVersion = "21.11"; -} diff --git a/tv/1systems/bu/disks.nix b/tv/1systems/bu/disks.nix deleted file mode 100644 index deabefa7b..000000000 --- a/tv/1systems/bu/disks.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - boot.initrd.luks.devices.buda2.device = "/dev/sda2"; - fileSystems."/" = { - device = "buda2/root"; - fsType = "zfs"; - }; - fileSystems."/bku" = { - device = "buda2/bku"; - fsType = "zfs"; - }; - fileSystems."/home" = { - device = "buda2/home"; - fsType = "zfs"; - }; - fileSystems."/boot" = { - device = "/dev/sda1"; - fsType = "vfat"; - }; -} diff --git a/tv/1systems/bu/lib b/tv/1systems/bu/lib deleted file mode 120000 index dc598c56d..000000000 --- a/tv/1systems/bu/lib +++ /dev/null @@ -1 +0,0 @@ -../lib \ No newline at end of file diff --git a/tv/1systems/lib b/tv/1systems/lib deleted file mode 120000 index dc598c56d..000000000 --- a/tv/1systems/lib +++ /dev/null @@ -1 +0,0 @@ -../lib \ No newline at end of file diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix deleted file mode 100644 index 00cdf84c1..000000000 --- a/tv/1systems/mu/config.nix +++ /dev/null @@ -1,127 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: { - imports = [ - - - - - - ]; - - krebs.build.host = config.krebs.hosts.mu; - krebs.build.user = mkForce config.krebs.users.vv; - - tv.x0vncserver.enable = true; - - boot.initrd.luks.devices.muca.device = "/dev/sda2"; - boot.initrd.availableKernelModules = [ "ahci" ]; - boot.kernelModules = [ "fbcon" "kvm-intel" ]; - boot.kernelParams = [ "fsck.repair=yes" ]; - boot.extraModulePackages = [ ]; - - fileSystems = { - "/" = { - device = "/dev/mapper/muvga-root"; - fsType = "ext4"; - options = [ "defaults" "discard" ]; - }; - "/home" = { - device = "/dev/mapper/muvga-home"; - fsType = "ext4"; - options = [ "defaults" "discard" ]; - }; - "/boot" = { - device = "/dev/sda1"; - fsType = "vfat"; - }; - }; - - nixpkgs.config.allowUnfree = true; - hardware.opengl.driSupport32Bit = true; - - hardware.pulseaudio.enable = true; - - hardware.enableRedistributableFirmware = true; - - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.enable = true; - - networking.networkmanager.enable = true; - - # XXX reload to work around occasional "Failed to load firmware chunk!" - # TODO only do this if firmware is actually broken(?) - system.activationScripts.reload-iwlwifi = /* sh */ '' - ${pkgs.kmod}/bin/modprobe -vr iwlwifi - ${pkgs.kmod}/bin/modprobe -v iwlwifi - ''; - - environment.systemPackages = [ - pkgs.chromium - pkgs.firefox - pkgs.gimp - pkgs.iptables - pkgs.libreoffice - pkgs.plasma-pa - (pkgs.pidgin.override { - plugins = [ pkgs.pidgin-otr ]; - }) - pkgs.skypeforlinux - pkgs.slock - pkgs.tinc_pre - pkgs.vim - pkgs.xsane - - #pkgs.foomatic_filters - #pkgs.gutenprint - #pkgs.cups_pdf_filter - #pkgs.ghostscript - ]; - - - i18n.defaultLocale = "de_DE.UTF-8"; - - programs.ssh.startAgent = false; - - krebs.setuid = { - slock = { - filename = "${pkgs.slock}/bin/slock"; - mode = "4111"; - }; - }; - - security.pam.loginLimits = [ - # for jack - { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } - { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } - ]; - - fonts.fonts = [ - pkgs.xorg.fontschumachermisc - ]; - - services.xserver.enable = true; - services.xserver.layout = "de"; - services.xserver.xkbOptions = "eurosign:e"; - - # TODO this is host specific - services.xserver.libinput.enable = false; - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - }; - - services.xserver.desktopManager.plasma5.enable = true; - - services.xserver.displayManager.autoLogin.enable = true; - services.xserver.displayManager.autoLogin.user = "vv"; - - users.users.vv = { - inherit (config.krebs.users.vv) home uid; - isNormalUser = true; - extraGroups = [ - "audio" - "video" - "networkmanager" - ]; - }; -} diff --git a/tv/1systems/mu/lib b/tv/1systems/mu/lib deleted file mode 120000 index dc598c56d..000000000 --- a/tv/1systems/mu/lib +++ /dev/null @@ -1 +0,0 @@ -../lib \ No newline at end of file diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix deleted file mode 100644 index 5bc25fd36..000000000 --- a/tv/1systems/nomic/config.nix +++ /dev/null @@ -1,62 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.nomic; - - imports = [ - - - - - - - - - - ]; - - boot.initrd.luks.devices.luks1.device = "/dev/sda2"; - - # Don't use UEFI because current disk was partitioned/formatted for AO753. - # TODO remove following bool.loader section after repartitioning/reformatting - boot.loader = { - grub = { - device = "/dev/sda"; - splashImage = null; - }; - systemd-boot.enable = mkForce false; - }; - - fileSystems."/" = - { device = "/dev/mapper/nomic1-root"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "ext4"; - }; - - fileSystems."/home" = - { device = "/dev/mapper/nomic1-home"; - fsType = "btrfs"; - }; - - environment.systemPackages = with pkgs; [ - (writeDashBin "play" '' - set -euf - mpv() { exec ${mpv}/bin/mpv "$@"; } - case $1 in - deepmix) mpv http://deepmix.ru/deepmix128.pls;; - groovesalad) mpv http://somafm.com/play/groovesalad;; - ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;; - *) - echo "$0: bad argument: $*" >&2 - exit 23 - esac - '') - gnupg - tmux - ]; - - networking.wireless.enable = true; -} diff --git a/tv/1systems/nomic/lib b/tv/1systems/nomic/lib deleted file mode 120000 index dc598c56d..000000000 --- a/tv/1systems/nomic/lib +++ /dev/null @@ -1 +0,0 @@ -../lib \ No newline at end of file diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix deleted file mode 100644 index 7ba7d1620..000000000 --- a/tv/1systems/querel/config.nix +++ /dev/null @@ -1,86 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: { - imports = [ - - - ]; - - krebs.build.host = config.krebs.hosts.querel; - krebs.build.user = mkForce config.krebs.users.itak; - - boot.initrd.availableKernelModules = [ "ahci" ]; - boot.initrd.luks.devices.querel-luks1 = { - allowDiscards = true; - device = "/dev/sda2"; - }; - boot.kernelModules = [ "kvm-intel" ]; - boot.loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; - }; - - environment.systemPackages = [ - pkgs.firefox - pkgs.gimp - pkgs.kate - pkgs.libreoffice - (pkgs.pidgin.override { - plugins = [ pkgs.pidgin-otr ]; - }) - pkgs.sxiv - pkgs.texlive.combined.scheme-full - pkgs.vim - pkgs.xsane - pkgs.zathura - ]; - - fileSystems = { - "/" = { - device = "/dev/mapper/querel-root"; - fsType = "ext4"; - options = [ "defaults" "discard" ]; - }; - "/home" = { - device = "/dev/mapper/querel-home"; - fsType = "ext4"; - options = [ "defaults" "discard" ]; - }; - "/boot" = { - device = "/dev/sda1"; - }; - }; - - hardware.enableRedistributableFirmware = true; - hardware.pulseaudio.enable = true; - - i18n.defaultLocale = "de_DE.UTF-8"; - - networking.networkmanager.enable = true; - - programs.ssh.startAgent = false; - - services.xserver.enable = true; - services.xserver.layout = "de"; - services.xserver.xkbOptions = "eurosign:e"; - - services.xserver.libinput.enable = false; - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - }; - - services.xserver.desktopManager.plasma5.enable = true; - - services.xserver.displayManager.autoLogin.enable = true; - services.xserver.displayManager.autoLogin.user = "itak"; - - users.users.itak = { - inherit (config.krebs.users.itak) home uid; - isNormalUser = true; - extraGroups = [ - "audio" - "video" - "networkmanager" - ]; - }; -} diff --git a/tv/1systems/querel/lib b/tv/1systems/querel/lib deleted file mode 120000 index dc598c56d..000000000 --- a/tv/1systems/querel/lib +++ /dev/null @@ -1 +0,0 @@ -../lib \ No newline at end of file diff --git a/tv/1systems/ru/config.nix b/tv/1systems/ru/config.nix deleted file mode 100644 index 0fc62167e..000000000 --- a/tv/1systems/ru/config.nix +++ /dev/null @@ -1,37 +0,0 @@ -with import ./lib; -{ config, ... }: { - imports = [ - ../.. - ../../2configs/hw/winmax2.nix - ../../2configs/retiolum.nix - ../../2configs/wiregrill.nix - ]; - - boot.initrd.luks.devices.main.device = "/dev/nvme0n1p2"; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.enable = true; - - fileSystems."/" = { - device = "/dev/mapper/ruvg0-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "compress=zstd"]; - }; - fileSystems."/boot" = { - device = "/dev/nvme0n1p1"; - fsType = "vfat"; - }; - fileSystems."/home" = { - device = "/dev/mapper/ruvg0-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "compress=zstd"]; - }; - fileSystems."/bku" = { - device = "/dev/mapper/ruvg0-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "compress=zstd"]; - }; - - krebs.build.host = config.krebs.hosts.ru; - - system.stateVersion = "22.11"; -} diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix deleted file mode 100644 index 83e17e1bd..000000000 --- a/tv/1systems/xu/config.nix +++ /dev/null @@ -1,154 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.xu; - - imports = [ - - ../../2configs/autotether.nix - - - - - - - - - - - - - - - - { - environment.systemPackages = with pkgs; [ - - - # root - cryptsetup - - # tv - bc - bind # dig - brain - cac-api - dic - file - gnupg1compat - haskellPackages.hledger - jq - mkpasswd - netcat - netcup - nmap - p7zip - (pkgs.pass.withExtensions (ext: [ - ext.pass-otp - ])) - q - qrencode - texlive.combined.scheme-full - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } - ]; - - boot.initrd.luks.devices.xuca.device = "/dev/sda2"; - - fileSystems = { - "/" = { - device = "/dev/mapper/xuvga-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/bku" = { - device = "/dev/mapper/xuvga-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home" = { - device = "/dev/mapper/xuvga-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda1"; - }; - }; - - environment.systemPackages = with pkgs; [ - ethtool - tinc_pre - iptables - #jack2 - - gptfdisk - ]; - - networking.wireless.enable = true; - - #services.bitlbee.enable = true; - #services.tor.client.enable = true; - #services.tor.enable = true; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; -} diff --git a/tv/1systems/xu/lib b/tv/1systems/xu/lib deleted file mode 120000 index dc598c56d..000000000 --- a/tv/1systems/xu/lib +++ /dev/null @@ -1 +0,0 @@ -../lib \ No newline at end of file diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix deleted file mode 100644 index 169fa6bd6..000000000 --- a/tv/1systems/zu/config.nix +++ /dev/null @@ -1,51 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.zu; - - imports = [ - - - - - - - - - - - ]; - - boot.initrd.luks.devices.zuca.device = "/dev/sda2"; - - fileSystems = { - "/" = { - device = "/dev/mapper/zuvga-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/bku" = { - device = "/dev/mapper/zuvga-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home" = { - device = "/dev/mapper/zuvga-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda1"; - }; - }; - - networking.wireless.enable = true; - - services.printing.enable = true; - - #services.bitlbee.enable = true; - #services.tor.client.enable = true; - #services.tor.enable = true; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; -} diff --git a/tv/2configs/autotether.nix b/tv/2configs/autotether.nix deleted file mode 100644 index 43b5575c8..000000000 --- a/tv/2configs/autotether.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, ... }: let - cfg.serial = "17e064850405"; -in { - systemd.services.usb_tether.serviceConfig = { - SyslogIdentifier = "usb_tether"; - ExecStartPre = "${pkgs.android-tools}/bin/adb -s ${cfg.serial} wait-for-device"; - ExecStart = "${pkgs.android-tools}/bin/adb -s ${cfg.serial} shell svc usb setFunctions rndis"; - }; - services.udev.extraRules = /* sh */ '' - ACTION=="add", SUBSYSTEM=="net", KERNEL=="usb*", NAME="android" - - ACTION=="add", SUBSYSTEM=="usb", ATTR{serial}=="${cfg.serial}", \ - TAG+="systemd", ENV{SYSTEMD_WANTS}="usb_tether.service" - ''; - systemd.network.networks.android = { - matchConfig.Name = "android"; - DHCP = "yes"; - }; -} diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix deleted file mode 100644 index 56c04c4e3..000000000 --- a/tv/2configs/backup.nix +++ /dev/null @@ -1,109 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: { - krebs.backup.plans = { - } // mapAttrs (_: recursiveUpdate { - snapshots = { - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; - }) { - bu-home-xu = { - method =