ma: random cleanup

This commit is contained in:
makefu 2018-09-17 01:11:57 +02:00
parent cceb82a76a
commit 51edca6c1f
11 changed files with 41 additions and 66 deletions

View file

@ -6,13 +6,13 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
<stockholm/makefu> <stockholm/makefu>
# <stockholm/makefu/2configs/hw/vbox-guest.nix> <stockholm/makefu/2configs/hw/vbox-guest.nix>
{ # until virtualbox-image is fixed #{ # until virtualbox-image is fixed
imports = [ # imports = [
<stockholm/makefu/2configs/fs/single-partition-ext4.nix> # <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
]; # ];
boot.loader.grub.device = "/dev/sda"; # boot.loader.grub.device = lib.mkForce "/dev/sda";
} #}
<stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix> # <secrets/extra-hosts.nix>

View file

@ -8,57 +8,32 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
<stockholm/makefu> <stockholm/makefu>
<stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/tools/all.nix> # <stockholm/makefu/2configs/tools/all.nix>
<stockholm/makefu/2configs/fs/sda-crypto-root.nix> <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
# hardware specifics are in here # hardware specifics are in here
# imports tp-x2x0.nix # imports tp-x2x0.nix
# <stockholm/makefu/2configs/hw/tp-x200.nix> <stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/bluetooth.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
# <stockholm/makefu/2configs/rad1o.nix> # <stockholm/makefu/2configs/rad1o.nix>
<stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/sshd-totp.nix>
{
programs.adb.enable = true;
}
]; ];
# not working in vm
krebs.build.host = config.krebs.hosts.tsp; krebs.build.host = config.krebs.hosts.tsp;
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; boot.loader.grub.device = "/dev/sda";
boot.loader.grub.copyKernels = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
25 25
]; ];
# acer aspire
networking.wireless.enable = lib.mkDefault true;
services.xserver.synaptics.enable = true;
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
hardware.cpu.intel.updateMicrocode = true;
zramSwap.enable = true;
zramSwap.numDevices = 2;
services.tlp.enable = true;
services.tlp.extraConfig = ''
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
START_CHARGE_THRESH_BAT0=67
STOP_CHARGE_THRESH_BAT0=100
CPU_SCALING_GOVERNOR_ON_AC=performance
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
CPU_MIN_PERF_ON_AC=0
CPU_MAX_PERF_ON_AC=100
CPU_MIN_PERF_ON_BAT=0
CPU_MAX_PERF_ON_BAT=30
'';
powerManagement.resumeCommands = ''
${pkgs.rfkill}/bin/rfkill unblock all
'';
} }

View file

@ -4,6 +4,7 @@
enable = true; enable = true;
host = "0.0.0.0"; host = "0.0.0.0";
users = {}; users = {};
# TODO: secure that shit
allowAnonymous = true; allowAnonymous = true;
}; };
} }

View file

@ -17,6 +17,7 @@ in {
"file_mode=0775" "file_mode=0775"
"dir_mode=0775" "dir_mode=0775"
"uid=9001" "uid=9001"
"vers=3"
]; ];
}; };

View file

@ -2,11 +2,11 @@
with import <stockholm/lib>; with import <stockholm/lib>;
let let
irc-server = "rc.r"; irc-server = "irc.r";
irc-nick = "m-alarm"; irc-nick = "m-alarm";
collectd-port = 25826; collectd-port = 25826;
influx-port = 8086; influx-port = 8086;
grafana-port = 3000; # TODO nginx forward grafana-port = 3000;
db = "collectd_db"; db = "collectd_db";
logging-interface = config.makefu.server.primary-itf; logging-interface = config.makefu.server.primary-itf;
in { in {
@ -72,15 +72,16 @@ in {
iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT #iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT #ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
''; '';
state = [ "/var/lib/grafana/data/grafana.db" ];
} }

View file

@ -1,7 +1,8 @@
_: { pkgs, ... }:
{ {
imports = [ imports = [
../binary-cache/lass.nix ../binary-cache/lass.nix
]; ];
krebs.tinc.retiolum.enable = true; krebs.tinc.retiolum.enable = true;
environment.systemPackages = [ pkgs.tinc ];
} }

View file

@ -3,9 +3,11 @@
# tools i use when actually working with the host. # tools i use when actually working with the host.
# package version will now be maintained by nix-rebuild # package version will now be maintained by nix-rebuild
# #
# essentially `nix-env -q` of the main user
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
( pkgs.writeScriptBin "unknow" ''#!/bin/sh
${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts
'')
at_spi2_core at_spi2_core
acpi acpi
bc bc

View file

@ -6,6 +6,7 @@
gimp gimp
inkscape inkscape
libreoffice libreoffice
quodlibet
# skype # skype
synergy synergy
tdesktop tdesktop

View file

@ -3,11 +3,14 @@
{ {
users.users.makefu.packages = with pkgs; [ users.users.makefu.packages = with pkgs; [
kodi kodi
streamripper
youtube-dl
calibre calibre
vlc vlc
mumble mumble
mplayer mplayer
quodlibet
plowshare
streamripper
youtube-dl
]; ];
} }

View file

@ -1,5 +1,4 @@
{ stdenv, fetchFromGitHub { stdenv, fetchFromGitHub
, pkgconfig
, cmake , cmake
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -13,7 +12,7 @@ stdenv.mkDerivation rec {
sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf"; sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf";
}; };
nativeBuildInputs = [ cmake pkgconfig ]; nativeBuildInputs = [ cmake ];
installPhase = '' installPhase = ''
mkdir -p $out/{lib,bin} mkdir -p $out/{lib,bin}
find -iname '*.so' -exec mv --target-directory="$out/lib" {} \; find -iname '*.so' -exec mv --target-directory="$out/lib" {} \;

View file

@ -33,15 +33,6 @@ in {
inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: { inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
patches = [ ./custom/inkscape/dxf_fix.patch ]; patches = [ ./custom/inkscape/dxf_fix.patch ];
}); });
pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> {
wordset-file = super.pkgs.fetchurl {
urls = [
https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c
https://archive.org/download/nixos-stockholm-tarballs/pviar5j1gxiqcf3l34b4n2pil06xc8zf-wordset_4k.c
];
sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
};
};
} }
// (mapAttrs (_: flip callPackage {}) // (mapAttrs (_: flip callPackage {})