From 3eee2d3c860629404bf25dc55098f31b9d8bf318 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:43:50 +0200 Subject: ma 1 omo: finish hw merge for omo --- makefu/2configs/fs/sda-crypto-root.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index b82c0e44e..5c7cdf716 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -1,16 +1,16 @@ { config, lib, pkgs, ... }: # sda: bootloader grub2 -# sda1: boot ext4 (label nixboot) +# sda1: boot ext4 (label nixboot) - must be unlocked on boot if required: + # boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; # sda2: cryptoluks -> ext4 with config.krebs.lib; { boot = { loader.grub.enable = true; loader.grub.version = 2; - loader.grub.device = "/dev/sda"; + loader.grub.device = lib.mkDefault "/dev/sda"; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; -- cgit v1.2.3 From 365b6f3859c5f1a67cfe476a3478f62aeceff5aa Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:44:23 +0200 Subject: ma 2 fingerprint-reader: init --- makefu/2configs/hw/fingerprint-reader.nix | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 makefu/2configs/hw/fingerprint-reader.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/hw/fingerprint-reader.nix b/makefu/2configs/hw/fingerprint-reader.nix new file mode 100644 index 000000000..1f2f00b03 --- /dev/null +++ b/makefu/2configs/hw/fingerprint-reader.nix @@ -0,0 +1,6 @@ +_: { + # add fingerprint with fprintd-enroll + services.fprintd.enable = true; + security.pam.services.login.fprintAuth = true; + security.pam.services.xscreensaver.fprintAuth = true; +} -- cgit v1.2.3 From 0bfa1dbaf0eae32fe972a42d8f9c9d16caae8b11 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:45:21 +0200 Subject: ma 2 tp-x220: minor tweaks --- makefu/2configs/hw/tp-x220.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/hw/tp-x220.nix b/makefu/2configs/hw/tp-x220.nix index be3d1eb70..1c9a34965 100644 --- a/makefu/2configs/hw/tp-x220.nix +++ b/makefu/2configs/hw/tp-x220.nix @@ -5,7 +5,7 @@ with config.krebs.lib; imports = [ ./tp-x2x0.nix ]; boot = { - kernelModules = [ "kvm-intel" "acpi_call" ]; + kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; }; @@ -28,7 +28,7 @@ with config.krebs.lib; # enable HDMI output switching with pulseaudio hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" '' - ${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"} + ${builtins.readFile "${config.hardware.pulseaudio.package.out}/etc/pulse/default.pa"} load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI" ''; -- cgit v1.2.3 From 50f4b1d79dce0560137f5118eb18b7af4b0e37d8 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:46:16 +0200 Subject: ma 2 tp-x2x0: add remark why to not start charge at 80 --- makefu/2configs/hw/tp-x2x0.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 7f9dc67a5..c10ec1314 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -22,7 +22,8 @@ with config.krebs.lib; services.tlp.enable = true; services.tlp.extraConfig = '' - START_CHARGE_THRESH_BAT0=80 + # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery + #START_CHARGE_THRESH_BAT0=80 STOP_CHARGE_THRESH_BAT0=95 CPU_SCALING_GOVERNOR_ON_AC=performance -- cgit v1.2.3 From 7dd825bed421a773db185983fdc50d2b5f704c59 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:47:21 +0200 Subject: m 2 defaut: fix .nix-defexpr in activation script" --- makefu/2configs/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 62daed8be..e7366e182 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -154,6 +154,15 @@ with config.krebs.lib; "net.ipv6.conf.default.use_tempaddr" = 2; }; + system.activationScripts.nix-defexpr = '' + (set -euf + for i in /home/makefu /root/;do + f="$i/.nix-defexpr" + rm -fr "$f" + ln -s /var/src/nixpkgs "$f" + done) + ''; + i18n = { consoleKeyMap = "us"; defaultLocale = "en_US.UTF-8"; -- cgit v1.2.3 From f256bbcb11565138e92266e97856438061b623a0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Jun 2016 16:22:51 +0200 Subject: cp tv/2/*CAC -> makefu/2/ --- makefu/2configs/fs/CAC-CentOS-7-64bit.nix | 20 ++++++++++++++++++++ makefu/2configs/hw/CAC.nix | 13 +++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 makefu/2configs/fs/CAC-CentOS-7-64bit.nix create mode 100644 makefu/2configs/hw/CAC.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/fs/CAC-CentOS-7-64bit.nix b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix new file mode 100644 index 000000000..c9eb97f44 --- /dev/null +++ b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix @@ -0,0 +1,20 @@ +_: + +{ + boot.loader.grub = { + device = "/dev/sda"; + }; + fileSystems = { + "/" = { + device = "/dev/centos/root"; + fsType = "xfs"; + }; + "/boot" = { + device = "/dev/sda1"; + fsType = "xfs"; + }; + }; + swapDevices = [ + { device = "/dev/centos/swap"; } + ]; +} diff --git a/makefu/2configs/hw/CAC.nix b/makefu/2configs/hw/CAC.nix new file mode 100644 index 000000000..9ed18344a --- /dev/null +++ b/makefu/2configs/hw/CAC.nix @@ -0,0 +1,13 @@ +_: +{ + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + boot.loader.grub.splashImage = null; + nix = { + daemonIONiceLevel = 1; + daemonNiceLevel = 1; + }; + sound.enable = false; +} -- cgit v1.2.3 From 5894ecc94233b72003ac859fab8b12c8ade7766a Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 16:45:44 +0200 Subject: add siem internal network --- makefu/2configs/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index e7366e182..a753e6777 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -16,6 +16,8 @@ with config.krebs.lib; nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { enable = true; + + dns.providers.siem = "hosts"; search-domain = "retiolum"; build = { user = config.krebs.users.makefu; -- cgit v1.2.3 From d5e0dcccd074d7e63cfa7fff35782cb92c101270 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 16:57:36 +0200 Subject: ma 2 save-diskspace: init --- makefu/2configs/save-diskspace.nix | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 makefu/2configs/save-diskspace.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix new file mode 100644 index 000000000..cc2b29cac --- /dev/null +++ b/makefu/2configs/save-diskspace.nix @@ -0,0 +1,9 @@ +_: +# TODO: do not check out nixpkgs master but fetch revision from github +{ + services.nixosManual.enable = false; + programs.man.enable = false; + services.journald.extraConfig = "SystemMaxUse=50M"; + nix.gc.automatic = true; + nix.gc.dates = "03:10"; +} -- cgit v1.2.3 From b709634ce9e61323b19aaf1b31c433f79f556fad Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 17:54:12 +0200 Subject: ma 2 add support for dummy secrets --- makefu/2configs/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index a753e6777..422927b28 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -26,7 +26,9 @@ with config.krebs.lib; url = https://github.com/nixos/nixpkgs; rev = "63b9785"; # stable @ 2016-06-01 }; - secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/"; + secrets = if getEnv "dummy_secrets" == "true" + then toString + else "/home/makefu/secrets/${config.krebs.build.host.name}"; stockholm = "/home/makefu/stockholm"; # Defaults for all stockholm users? -- cgit v1.2.3