ma: random cleanup
This commit is contained in:
parent
cceb82a76a
commit
51edca6c1f
|
@ -6,13 +6,13 @@
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
<stockholm/makefu>
|
<stockholm/makefu>
|
||||||
|
|
||||||
# <stockholm/makefu/2configs/hw/vbox-guest.nix>
|
<stockholm/makefu/2configs/hw/vbox-guest.nix>
|
||||||
{ # until virtualbox-image is fixed
|
#{ # until virtualbox-image is fixed
|
||||||
imports = [
|
# imports = [
|
||||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
# <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||||
];
|
# ];
|
||||||
boot.loader.grub.device = "/dev/sda";
|
# boot.loader.grub.device = lib.mkForce "/dev/sda";
|
||||||
}
|
#}
|
||||||
<stockholm/makefu/2configs/main-laptop.nix>
|
<stockholm/makefu/2configs/main-laptop.nix>
|
||||||
# <secrets/extra-hosts.nix>
|
# <secrets/extra-hosts.nix>
|
||||||
|
|
||||||
|
|
|
@ -8,57 +8,32 @@
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
<stockholm/makefu>
|
<stockholm/makefu>
|
||||||
<stockholm/makefu/2configs/main-laptop.nix>
|
<stockholm/makefu/2configs/main-laptop.nix>
|
||||||
<stockholm/makefu/2configs/tools/all.nix>
|
# <stockholm/makefu/2configs/tools/all.nix>
|
||||||
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
|
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||||
# hardware specifics are in here
|
# hardware specifics are in here
|
||||||
# imports tp-x2x0.nix
|
# imports tp-x2x0.nix
|
||||||
# <stockholm/makefu/2configs/hw/tp-x200.nix>
|
<stockholm/makefu/2configs/hw/tp-x230.nix>
|
||||||
|
<stockholm/makefu/2configs/hw/bluetooth.nix>
|
||||||
|
<stockholm/makefu/2configs/hw/network-manager.nix>
|
||||||
|
|
||||||
# <stockholm/makefu/2configs/rad1o.nix>
|
# <stockholm/makefu/2configs/rad1o.nix>
|
||||||
|
|
||||||
<stockholm/makefu/2configs/zsh-user.nix>
|
<stockholm/makefu/2configs/zsh-user.nix>
|
||||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||||
|
|
||||||
|
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||||
|
{
|
||||||
|
programs.adb.enable = true;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
# not working in vm
|
|
||||||
krebs.build.host = config.krebs.hosts.tsp;
|
krebs.build.host = config.krebs.hosts.tsp;
|
||||||
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
boot.loader.grub.device = "/dev/sda";
|
||||||
boot.loader.grub.copyKernels = true;
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
25
|
25
|
||||||
];
|
];
|
||||||
|
|
||||||
# acer aspire
|
|
||||||
networking.wireless.enable = lib.mkDefault true;
|
|
||||||
|
|
||||||
services.xserver.synaptics.enable = true;
|
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
hardware.enableAllFirmware = true;
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode = true;
|
|
||||||
|
|
||||||
zramSwap.enable = true;
|
|
||||||
zramSwap.numDevices = 2;
|
|
||||||
|
|
||||||
services.tlp.enable = true;
|
|
||||||
services.tlp.extraConfig = ''
|
|
||||||
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
|
|
||||||
START_CHARGE_THRESH_BAT0=67
|
|
||||||
STOP_CHARGE_THRESH_BAT0=100
|
|
||||||
|
|
||||||
|
|
||||||
CPU_SCALING_GOVERNOR_ON_AC=performance
|
|
||||||
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
|
|
||||||
CPU_MIN_PERF_ON_AC=0
|
|
||||||
CPU_MAX_PERF_ON_AC=100
|
|
||||||
CPU_MIN_PERF_ON_BAT=0
|
|
||||||
CPU_MAX_PERF_ON_BAT=30
|
|
||||||
'';
|
|
||||||
|
|
||||||
powerManagement.resumeCommands = ''
|
|
||||||
${pkgs.rfkill}/bin/rfkill unblock all
|
|
||||||
'';
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
host = "0.0.0.0";
|
host = "0.0.0.0";
|
||||||
users = {};
|
users = {};
|
||||||
|
# TODO: secure that shit
|
||||||
allowAnonymous = true;
|
allowAnonymous = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,6 +17,7 @@ in {
|
||||||
"file_mode=0775"
|
"file_mode=0775"
|
||||||
"dir_mode=0775"
|
"dir_mode=0775"
|
||||||
"uid=9001"
|
"uid=9001"
|
||||||
|
"vers=3"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -2,11 +2,11 @@
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
let
|
let
|
||||||
irc-server = "rc.r";
|
irc-server = "irc.r";
|
||||||
irc-nick = "m-alarm";
|
irc-nick = "m-alarm";
|
||||||
collectd-port = 25826;
|
collectd-port = 25826;
|
||||||
influx-port = 8086;
|
influx-port = 8086;
|
||||||
grafana-port = 3000; # TODO nginx forward
|
grafana-port = 3000;
|
||||||
db = "collectd_db";
|
db = "collectd_db";
|
||||||
logging-interface = config.makefu.server.primary-itf;
|
logging-interface = config.makefu.server.primary-itf;
|
||||||
in {
|
in {
|
||||||
|
@ -72,15 +72,16 @@ in {
|
||||||
iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
|
iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
|
||||||
iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
|
iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
|
||||||
iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
|
iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
|
||||||
iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
|
#iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
|
||||||
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
|
#iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
|
||||||
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
|
#iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
|
||||||
|
|
||||||
ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
|
ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
|
||||||
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
|
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
|
||||||
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
|
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
|
||||||
ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
|
#ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
|
||||||
ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
|
#ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
|
||||||
ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
|
#ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
|
||||||
'';
|
'';
|
||||||
|
state = [ "/var/lib/grafana/data/grafana.db" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
_:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../binary-cache/lass.nix
|
../binary-cache/lass.nix
|
||||||
];
|
];
|
||||||
krebs.tinc.retiolum.enable = true;
|
krebs.tinc.retiolum.enable = true;
|
||||||
|
environment.systemPackages = [ pkgs.tinc ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,9 +3,11 @@
|
||||||
# tools i use when actually working with the host.
|
# tools i use when actually working with the host.
|
||||||
# package version will now be maintained by nix-rebuild
|
# package version will now be maintained by nix-rebuild
|
||||||
#
|
#
|
||||||
# essentially `nix-env -q` of the main user
|
|
||||||
{
|
{
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
( pkgs.writeScriptBin "unknow" ''#!/bin/sh
|
||||||
|
${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts
|
||||||
|
'')
|
||||||
at_spi2_core
|
at_spi2_core
|
||||||
acpi
|
acpi
|
||||||
bc
|
bc
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
gimp
|
gimp
|
||||||
inkscape
|
inkscape
|
||||||
libreoffice
|
libreoffice
|
||||||
|
quodlibet
|
||||||
# skype
|
# skype
|
||||||
synergy
|
synergy
|
||||||
tdesktop
|
tdesktop
|
||||||
|
|
|
@ -3,11 +3,14 @@
|
||||||
{
|
{
|
||||||
users.users.makefu.packages = with pkgs; [
|
users.users.makefu.packages = with pkgs; [
|
||||||
kodi
|
kodi
|
||||||
streamripper
|
|
||||||
youtube-dl
|
|
||||||
calibre
|
calibre
|
||||||
vlc
|
vlc
|
||||||
mumble
|
mumble
|
||||||
mplayer
|
mplayer
|
||||||
|
quodlibet
|
||||||
|
|
||||||
|
plowshare
|
||||||
|
streamripper
|
||||||
|
youtube-dl
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{ stdenv, fetchFromGitHub
|
{ stdenv, fetchFromGitHub
|
||||||
, pkgconfig
|
|
||||||
, cmake
|
, cmake
|
||||||
}:
|
}:
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
|
@ -13,7 +12,7 @@ stdenv.mkDerivation rec {
|
||||||
sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf";
|
sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ cmake pkgconfig ];
|
nativeBuildInputs = [ cmake ];
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
mkdir -p $out/{lib,bin}
|
mkdir -p $out/{lib,bin}
|
||||||
find -iname '*.so' -exec mv --target-directory="$out/lib" {} \;
|
find -iname '*.so' -exec mv --target-directory="$out/lib" {} \;
|
||||||
|
|
|
@ -33,15 +33,6 @@ in {
|
||||||
inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
|
inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
|
||||||
patches = [ ./custom/inkscape/dxf_fix.patch ];
|
patches = [ ./custom/inkscape/dxf_fix.patch ];
|
||||||
});
|
});
|
||||||
pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> {
|
|
||||||
wordset-file = super.pkgs.fetchurl {
|
|
||||||
urls = [
|
|
||||||
https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c
|
|
||||||
https://archive.org/download/nixos-stockholm-tarballs/pviar5j1gxiqcf3l34b4n2pil06xc8zf-wordset_4k.c
|
|
||||||
];
|
|
||||||
sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// (mapAttrs (_: flip callPackage {})
|
// (mapAttrs (_: flip callPackage {})
|
||||||
|
|
Loading…
Reference in a new issue