diff --git a/2configs/deployment/buildbot/master.nix b/2configs/deployment/buildbot/master.nix
index 1dee36a..f5fe3b1 100644
--- a/2configs/deployment/buildbot/master.nix
+++ b/2configs/deployment/buildbot/master.nix
@@ -1,6 +1,6 @@
-{...}@inputs:
+{inputs,config, ...}:
let
- domain = "buildbot.euer.krebsco.de";
+ domain = "build.euer.krebsco.de";
in {
imports = [
diff --git a/machines/crapi/README b/machines/crapi/README
deleted file mode 100644
index 9278c76..0000000
--- a/machines/crapi/README
+++ /dev/null
@@ -1,4 +0,0 @@
-1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard
-2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate
-3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix
-5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%
diff --git a/machines/crapi/config.nix b/machines/crapi/config.nix
deleted file mode 100644
index e7c6c36..0000000
--- a/machines/crapi/config.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, pkgs, lib, ... }:
-{
- imports = [
- <stockholm/makefu>
- ./hardware-config.nix
- <stockholm/makefu/2configs>
- <stockholm/makefu/2configs/tinc/retiolum.nix>
- <stockholm/makefu/2configs/save-diskspace.nix>
-
- ];
- krebs.build.host = config.krebs.hosts.crapi;
-
- services.openssh.enable = true;
-
-}
diff --git a/machines/crapi/hardware-config.nix b/machines/crapi/hardware-config.nix
deleted file mode 100644
index bba31da..0000000
--- a/machines/crapi/hardware-config.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ pkgs, lib, ... }:
-{
- #raspi1
- boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ];
-
- boot.loader.grub.enable = false;
- boot.loader.raspberryPi.enable = true;
- boot.loader.raspberryPi.version = 1;
- boot.loader.raspberryPi.uboot.enable = true;
- boot.loader.raspberryPi.uboot.configurationLimit = 1;
- boot.loader.generationsDir.enable = lib.mkDefault false;
- hardware.enableRedistributableFirmware = true;
- boot.cleanTmpDir = true;
- environment.systemPackages = [ pkgs.raspberrypi-tools ];
- boot.kernelPackages = pkgs.linuxPackages_rpi;
-
- nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
- nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
-
- fileSystems = {
- "/boot" = {
- device = "/dev/disk/by-label/NIXOS_BOOT";
- fsType = "vfat";
- };
- "/" = {
- device = "/dev/disk/by-label/NIXOS_SD";
- fsType = "ext4";
- };
- };
-
- system.activationScripts.create-swap = ''
- if [ ! -e /swapfile ]; then
- fallocate -l 2G /swapfile
- mkswap /swapfile
- chmod 600 /swapfile
- fi
- '';
- swapDevices = [ { device = "/swapfile"; size = 4096; } ];
-}
diff --git a/machines/crapi/source.nix b/machines/crapi/source.nix
deleted file mode 100644
index 4a4359e..0000000
--- a/machines/crapi/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- arm6 = true;
-}
diff --git a/machines/darth/config.nix b/machines/darth/config.nix
deleted file mode 100644
index 52df9b5..0000000
--- a/machines/darth/config.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with pkgs.stockholm.lib;
-let
- # all the good stuff resides in /data
-
- byid = dev: "/dev/disk/by-id/" + dev;
- rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN";
- bootPart = rootDisk + "-part1";
- rootPart = rootDisk + "-part2";
-
- allDisks = [ rootDisk ]; # auxDisk
-in {
- imports = [
- <stockholm/makefu>
- <stockholm/makefu/2configs/fs/sda-crypto-root.nix>
- <stockholm/makefu/2configs/sshd-totp.nix>
- <stockholm/makefu/2configs/zsh-user.nix>
- <stockholm/makefu/2configs/smart-monitor.nix>
- <stockholm/makefu/2configs/exim-retiolum.nix>
- # <stockholm/makefu/2configs/virtualisation/libvirt.nix>
-
- <stockholm/makefu/2configs/tinc/retiolum.nix>
- <stockholm/makefu/2configs/tools/core.nix>
- <stockholm/makefu/2configs/stats/client.nix>
- # <stockholm/makefu/2configs/nsupdate-data.nix>
-
- <stockholm/makefu/2configs/share/anon-ftp.nix>
-
- # lan party
- <stockholm/makefu/2configs/lanparty/lancache.nix>
- <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
- <stockholm/makefu/2configs/lanparty/samba.nix>
- <stockholm/makefu/2configs/lanparty/mumble-server.nix>
- <stockholm/makefu/2configs/virtualisation/libvirt.nix>
- ];
-
-
-
- #networking.firewall.enable = false;
- makefu.server.primary-itf = "enp0s25";
- # krebs.hidden-ssh.enable = true;
- boot.kernelModules = [ "coretemp" "f71882fg" ];
- hardware.enableRedistributableFirmware = true;
- nixpkgs.config.allowUnfree = true;
- networking = {
- wireless.enable = true;
- firewall = {
- allowPing = true;
- logRefusedConnections = false;
- # trustedInterfaces = [ "eno1" ];
- allowedUDPPorts = [ 80 655 1655 67 ];
- allowedTCPPorts = [ 80 655 1655 ];
- };
- # fallback connection to the internal virtual network
- # interfaces.virbr3.ip4 = [{
- # address = "10.8.8.2";
- # prefixLength = 24;
- # }];
- };
-
- # TODO smartd omo darth gum all-in-one
- services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
-
- boot.loader.grub.device = rootDisk;
- boot.initrd.luks.devices = [
- { name = "luksroot";
- device = rootPart;
- allowDiscards = true;
- keyFileSize = 4096;
- keyFile = "/dev/sdb";
- }
- ];
-
- krebs.build.host = config.krebs.hosts.darth;
-}
diff --git a/machines/darth/source.nix b/machines/darth/source.nix
deleted file mode 100644
index a8d7368..0000000
--- a/machines/darth/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- name="darth";
-}
diff --git a/machines/drop/config.nix b/machines/drop/config.nix
deleted file mode 100644
index 2757db8..0000000
--- a/machines/drop/config.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, pkgs, ... }:
-let
- external-ip = "45.55.145.62";
- default-gw = "45.55.128.1";
- prefixLength = 18;
-in {
- imports = [
- <stockholm/makefu>
- <stockholm/makefu/2configs/hw/CAC.nix>
- <stockholm/makefu/2configs/save-diskspace.nix>
- <stockholm/makefu/2configs/torrent.nix>
- ];
- krebs = {
- enable = true;
- tinc.retiolum.enable = true;
- build.host = config.krebs.hosts.drop;
- };
-
- boot.loader.grub.device = "/dev/vda";
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
- fileSystems."/" = {
- device = "/dev/vda1";
- fsType = "ext4";
- };
-
- networking = {
- firewall = {
- allowPing = true;
- logRefusedConnections = false;
- allowedTCPPorts = [ ];
- allowedUDPPorts = [ 655 ];
- };
- interfaces.enp0s3.ipv4.addresses = [{
- address = external-ip;
- inherit prefixLength;
- }];
- defaultGateway = default-gw;
- nameservers = [ "8.8.8.8" ];
- };
-}
diff --git a/machines/drop/source.nix b/machines/drop/source.nix
deleted file mode 100644
index a6bc834..0000000
--- a/machines/drop/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- name="drop";
- torrent = true;
-}
diff --git a/machines/fileleech/config.nix b/machines/fileleech/config.nix
deleted file mode 100644
index 7e9dea9..0000000
--- a/machines/fileleech/config.nix
+++ /dev/null
@@ -1,174 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
- toMapper = id: "/media/crypt${builtins.toString id}";
- byid = dev: "/dev/disk/by-id/" + dev;
- keyFile = byid "usb-Intuix_DiskOnKey_09A07360336198F8-0:0";
- rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
- rootPartition = rootDisk + "-part3";
-
- dataDisks = let
- idpart = dev: byid dev + "-part1";
- in [
- { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";}
- { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";}
- { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";}
- { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";}
- { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";}
- { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";}
- { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";}
- { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity
- ];
-
- disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks;
-in {
- imports = [
- <stockholm/makefu>
- <stockholm/makefu/2configs/tinc/retiolum.nix>
- <stockholm/makefu/2configs/disable_v6.nix>
- <stockholm/makefu/2configs/torrent.nix>
- <stockholm/makefu/2configs/fs/sda-crypto-root.nix>
-
- #<stockholm/makefu/2configs/elchos/irc-token.nix>
- # <stockholm/makefu/2configs/elchos/log.nix>
- # <stockholm/makefu/2configs/elchos/search.nix>
- # <stockholm/makefu/2configs/elchos/stats.nix>
-
- ];
- systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
- systemd.services.graphiteApi.serviceConfig.LimitNOFILE=10032;
- systemd.services.carbonCache.serviceConfig.LimitNOFILE=10032;
- makefu.server.primary-itf = "enp8s0f0";
- krebs = {
- enable = true;
- build.host = config.krebs.hosts.fileleech;
- };
- # git clone https://github.com/makefu/docker-pyload
- # docker build .
- # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload
-
- virtualisation.docker.enable = true; # for pyload
- networking.firewall.allowPing = true;
- networking.firewall.logRefusedConnections = false;
- networking.firewall.allowedTCPPorts = [
- 51412 # torrent
- 8112 # rutorrent-web
- 8113 # pyload
- 8080 # sabnzbd
- 9090 # sabnzbd-ssl
- 655 # tinc
- 21 # ftp
- ];
- services.nginx.virtualHosts._download = {
- default = true;
- root = config.makefu.dl-dir;
- extraConfig = ''
- autoindex on;
- '';
- basicAuth = import <secrets/kibana-auth.nix>;
- };
- networking.firewall.allowedUDPPorts = [
- 655 # tinc
- 51412 # torrent
- ];
-
- services.vsftpd.enable = true;
- services.vsftpd.localUsers = true;
- services.vsftpd.userlist = [ "download" ];
- services.vsftpd.userlistEnable = true;
- # services.vsftpd.chrootlocalUser = true;
-
- services.sabnzbd.enable = true;
- systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
-
- # TODO use users.motd and pam.services.sshd.showMotd
- services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" ''
- Services:
- ssh://download@fileleech - ssh via filebitch
- ftp://download@fileleech - access to ${config.makefu.dl-dir}
- http://fileleech:8112 - rutorrent
- http://fileleech:8113 - pyload
- https://fileleech:9090 - sabnzb
- ''; in "Banner ${banner}";
-
- boot.initrd.luks = {
- devices = let
- usbkey = name: device: {
- inherit name device keyFile;
- keyFileSize = 4096;
- allowDiscards = true;
- };
- in builtins.map (x: usbkey x.name x.device) disks;
- };
- environment.systemPackages = with pkgs;[ mergerfs ];
-
- fileSystems = let
- cryptMount = name:
- { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
- in cryptMount "crypt0"
- // cryptMount "crypt1"
- // cryptMount "crypt2"
- // cryptMount "crypt3"
- // cryptMount "crypt4"
- // cryptMount "crypt5"
- // cryptMount "crypt6"
- // cryptMount "crypt7"
-
- # this entry sometimes creates issues
- // { "/media/cryptX" = {
- device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 4 5 6 ]);
- fsType = "mergerfs";
- noCheck = true;
- options = [ "defaults" "nofail" "allow_other" "nonempty" ]; };
- }
-
- ;
- makefu.dl-dir = "/media/cryptX";
- users.users.download = {
- useDefaultShell = true;
- # name = "download";
- # createHome = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.makefu.pubkey
- config.krebs.users.lass.pubkey
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch"
- ];
- };
- makefu.snapraid = {
- enable = true;
- disks = map toMapper [ 0 1 2 3 4 5 6 ];
- parity = toMapper 7;
- };
- networking.nameservers = [ "8.8.8.8" ];
- # SPF
- networking.defaultGateway = "151.217.176.1";
- networking.interfaces.enp6s0f0.ipv4.addresses = [{
- address = "151.217.178.63";
- prefixLength = 22;
- }];
-
- # Gigabit
- networking.interfaces.enp8s0f1.ipv4.addresses = [{
- address = "192.168.126.1";
- prefixLength = 24;
- }];
-
- #interfaces.enp6s0f1.ip4 = [{
- # address = external-ip;
- # prefixLength = 22;
- #}];
-
- boot.loader.grub.device = rootDisk;
-
- boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "aacraid" "usb_storage" "usbhid" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- # http://blog.hackathon.de/using-unsupported-sfp-modules-with-linux.html
- boot.extraModprobeConfig = ''
- options ixgbe allow_unsupported_sfp=1
- '';
-}
diff --git a/machines/fileleech/source.nix b/machines/fileleech/source.nix
deleted file mode 100644
index b6951a2..0000000
--- a/machines/fileleech/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- name = "fileleech";
- torrent = true;
-}
diff --git a/machines/firecracker/config.nix b/machines/firecracker/config.nix
deleted file mode 100644
index 87f5002..0000000
--- a/machines/firecracker/config.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- primaryInterface = "eth0";
-in {
- imports = [
- <stockholm/makefu>
- ./hardware-config.nix
- # <stockholm/makefu/2configs/tools/core.nix>
- { environment.systemPackages = with pkgs;[ rsync screen curl git ];}
- <stockholm/makefu/2configs/binary-cache/nixos.nix>
- #<stockholm/makefu/2configs/support-nixos.nix>
-# configure your hw:
-# <stockholm/makefu/2configs/save-diskspace.nix>
- ];
- krebs = {
- enable = true;
- tinc.retiolum.enable = true;
- build.host = config.krebs.hosts.firecracker;
- };
- networking.firewall.trustedInterfaces = [ primaryInterface ];
- documentation.info.enable = false;
- documentation.man.enable = false;
- services.nixosManual.enable = false;
- sound.enable = false;
-}
diff --git a/machines/firecracker/hardware-config.nix b/machines/firecracker/hardware-config.nix
deleted file mode 100644
index acd5664..0000000
--- a/machines/firecracker/hardware-config.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ pkgs, lib, ... }:
-{
- boot.kernelParams = lib.mkForce ["console=ttyS2,1500000n8" "earlycon=uart8250,mmio32,0xff1a0000" "earlyprintk"];
- boot.loader.grub.enable = false;
- boot.loader.generic-extlinux-compatible.enable = true;
- boot.loader.generic-extlinux-compatible.configurationLimit = 1;
- boot.loader.generationsDir.enable = lib.mkDefault false;
- boot.supportedFilesystems = lib.mkForce [ "vfat" ];
-
- boot.tmp.useTmpfs = lib.mkForce false;
- boot.cleanTmpDir = true;
- hardware.enableRedistributableFirmware = true;
-
- ## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747
- boot.kernelPackages = pkgs.linuxPackages_latest;
- networking.wireless.enable = true;
- # File systems configuration for using the installer's partition layout
- swapDevices = [ { device = "/var/swap"; size = 4096; } ];
- fileSystems = {
- "/boot" = {
- device = "/dev/disk/by-label/NIXOS_BOOT";
- fsType = "vfat";
- };
- "/" = {
- device = "/dev/disk/by-label/NIXOS_SD";
- fsType = "ext4";
- };
- };
-
-}
diff --git a/machines/firecracker/source.nix b/machines/firecracker/source.nix
deleted file mode 100644
index 22c4003..0000000
--- a/machines/firecracker/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- name="cake";
- full = true;
-}
diff --git a/machines/hardware/tsp-disk.json b/machines/hardware/tsp-disk.json
deleted file mode 100644
index 5a4bd26..0000000
--- a/machines/hardware/tsp-disk.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "type": "devices",
- "content": {
- "sda": {
- "type": "table",
- "format": "msdos",
- "partitions": [
- { "type": "partition",
- "part-type": "primary",
- "start": "1M",
- "end": "100%",
- "bootable": true,
- "content": {
- "type": "filesystem",
- "format": "ext4",
- "mountpoint": "/"
- }
- }
- ]
- }
- }
-}
-
diff --git a/machines/iso/config.nix b/machines/iso/config.nix
deleted file mode 100644
index 57b536f..0000000
--- a/machines/iso/config.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with pkgs.stockholm.lib;
-{
- imports = [
- #<stockholm/makefu>
- <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
- <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
- # <stockholm/makefu/2configs/tools/core.nix>
- ./justdoit.nix
- {
- environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" ''
- #!/bin/sh
- ip addr add 178.254.30.202/255.255.252.0 dev ens3
- ip route add default via 178.254.28.1
- echo nameserver 1.1.1.1 > /etc/resolv.conf
- '')];
- kexec.justdoit = {
- bootSize = 512;
- rootDevice = "/dev/vda";
- bootType = "vfat";
- luksEncrypt = false;
- uefi = false;
- };
- }
- ];
- # boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
- # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
- # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
- #krebs.build.host = { cores = 0; };
- isoImage.isoBaseName = lib.mkForce "stockholm";
- #krebs.hidden-ssh.enable = true;
- # environment.systemPackages = with pkgs; [
- # aria2
- # ddrescue
- # ];
- environment.extraInit = ''
- EDITOR=vim
- '';
- # iso-specific
- services.openssh = {
- enable = true;
- hostKeys = [
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
- # enable ssh in the iso boot process
- systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
- # hack `tee` behavior
- #nixpkgs.config.packageOverrides = super: {
- # irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
- # pkgs = pkgs // {
- # coreutils = pkgs.symlinkJoin {
- # name = "coreutils-hack";
- # paths = [
- # pkgs.coreutils
- # (pkgs.writeDashBin "tee" ''
- # if test "$1" = /dev/stderr; then
- # while read -r line; do
- # echo "$line"
- # echo "$line" >&2
- # done
- # else
- # ${super.coreutils}/bin/tee "$@"
- # fi
- # '')
- # ];
- # };
- # };
- # };
- #};
-}
diff --git a/machines/iso/justdoit.nix b/machines/iso/justdoit.nix
deleted file mode 100644
index 0ce9049..0000000
--- a/machines/iso/justdoit.nix
+++ /dev/null
@@ -1,120 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-let
- cfg = config.kexec.justdoit;
- x = if cfg.nvme then "p" else "";
-in {
- options = {
- kexec.justdoit = {
- rootDevice = mkOption {
- type = types.str;
- default = "/dev/sda";
- description = "the root block device that justdoit will nuke from orbit and force nixos onto";
- };
- bootSize = mkOption {
- type = types.int;
- default = 256;
- description = "size of /boot in mb";
- };
- bootType = mkOption {
- type = types.enum [ "ext4" "vfat" "zfs" ];
- default = "ext4";
- };
- swapSize = mkOption {
- type = types.int;
- default = 1024;
- description = "size of swap in mb";
- };
- poolName = mkOption {
- type = types.str;
- default = "tank";
- description = "zfs pool name";
- };
- luksEncrypt = mkOption {
- type = types.bool;
- default = false;
- description = "encrypt all of zfs and swap";
- };
- uefi = mkOption {
- type = types.bool;
- default = false;
- description = "create a uefi install";
- };
- nvme = mkOption {
- type = types.bool;
- default = false;
- description = "rootDevice is nvme";
- };
- };
- };
- config = let
- mkBootTable = {
- ext4 = "mkfs.ext4 $NIXOS_BOOT -L NIXOS_BOOT";
- vfat = "mkfs.vfat $NIXOS_BOOT -n NIXOS_BOOT";
- zfs = "";
- };
- in lib.mkIf true {
- system.build.justdoit = pkgs.writeScriptBin "justdoit" ''
- #!${pkgs.stdenv.shell}
- set -e
- vgchange -a n
- wipefs -a ${cfg.rootDevice}
- dd if=/dev/zero of=${cfg.rootDevice} bs=512 count=10000
- sfdisk ${cfg.rootDevice} <<EOF
- label: gpt
- device: ${cfg.rootDevice}
- unit: sectors
- ${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"}
- ${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"}
- 2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
- EOF
- ${if cfg.luksEncrypt then ''
- cryptsetup luksFormat ${cfg.rootDevice}${x}2
- cryptsetup open --type luks ${cfg.rootDevice}${x}2 root
- export ROOT_DEVICE=/dev/mapper/root
- '' else ''
- export ROOT_DEVICE=${cfg.rootDevice}${x}2
- ''}
- ${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"}
- mkdir -p /mnt
- ${mkBootTable.${cfg.bootType}}
- zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE
- zfs create -o mountpoint=legacy ${cfg.poolName}/root
- zfs create -o mountpoint=legacy ${cfg.poolName}/home
- zfs create -o mountpoint=legacy ${cfg.poolName}/nix
- mount -t zfs ${cfg.poolName}/root /mnt/
- mkdir /mnt/{home,nix,boot}
- mount -t zfs ${cfg.poolName}/home /mnt/home/
- mount -t zfs ${cfg.poolName}/nix /mnt/nix/
- ${lib.optionalString (cfg.bootType != "zfs") "mount $NIXOS_BOOT /mnt/boot/"}
- nixos-generate-config --root /mnt/
- hostId=$(echo $(head -c4 /dev/urandom | od -A none -t x4))
- cp ${./target-config.nix} /mnt/etc/nixos/configuration.nix
- cat > /mnt/etc/nixos/generated.nix <<EOF
- { ... }:
- {
- ${if cfg.uefi then ''
- boot.loader.grub.efiInstallAsRemovable = true;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.device = "nodev";
- '' else ''
- boot.loader.grub.device = "${cfg.rootDevice}";
- ''}
- networking.hostId = "$hostId"; # required for zfs use
- ${lib.optionalString cfg.luksEncrypt ''
- boot.initrd.luks.devices = [
- { name = "root"; device = "${cfg.rootDevice}${x}2"; preLVM = true; }
- ];
- ''}
- }
- EOF
- nixos-install
- umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt
- zpool export ${cfg.poolName}
- '';
- environment.systemPackages = [ config.system.build.justdoit ];
- boot.supportedFilesystems = [ "zfs" ];
- users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ];
- };
-}
diff --git a/machines/iso/source.nix b/machines/iso/source.nix
deleted file mode 100644
index 6bef8ad..0000000
--- a/machines/iso/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- name="iso";
-}
diff --git a/machines/iso/target-config.nix b/machines/iso/target-config.nix
deleted file mode 100644
index 9d921c3..0000000
--- a/machines/iso/target-config.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ pkgs, lib, ... }:
-
-{
- imports = [ ./hardware-configuration.nix ./generated.nix ];
- boot.loader.grub.enable = true;
- boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
- #boot.zfs.forceImportRoot = false;
- #boot.zfs.forceImportAll = false;
- boot.kernelParams = [
- "boot.shell_on_fail"
- "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
- ];
- users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ];
- boot.tmp.useTmpfs = true;
- programs.bash.enableCompletion = true;
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
- environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" ''
- #!/bin/sh
- ip addr add 178.254.30.202/255.255.252.0 dev ens3
- ip route add default via 178.254.28.1
- echo nameserver 1.1.1.1 > /etc/resolv.conf
- '')];
-
- # minimal
- boot.supportedFilesystems = [ "zfs" ];
- programs.command-not-found.enable = false;
- time.timeZone = "Europe/Berlin";
- programs.ssh.startAgent = false;
- nix.useSandbox = true;
- users.mutableUsers = false;
- networking.firewall.rejectPackets = true;
- networking.firewall.allowPing = true;
- services.openssh.enable = true;
- i18n = {
- consoleKeyMap = "us";
- defaultLocale = "en_US.UTF-8";
- };
- boot.kernel.sysctl = {
- "net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2";
- "net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2";
- };
-}
diff --git a/machines/kexec/config.nix b/machines/kexec/config.nix
deleted file mode 100644
index 545bbb1..0000000
--- a/machines/kexec/config.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with pkgs.stockholm.lib;
-{
- imports = [
- <stockholm/makefu>
- # <stockholm/makefu/2configs/tools/core.nix>
- <nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix>
- <clever_kexec/kexec/kexec.nix>
- ];
- # cd ~/stockholm ; nix-build '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -j 4 -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso
-
- krebs.build.host = config.krebs.hosts.iso;
- krebs.hidden-ssh.enable = true;
- environment.extraInit = ''
- EDITOR=vim
- '';
- services.openssh = {
- enable = true;
- hostKeys = [
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
- systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
-}
diff --git a/machines/kexec/source.nix b/machines/kexec/source.nix
deleted file mode 100644
index 6bef8ad..0000000
--- a/machines/kexec/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- name="iso";
-}
diff --git a/machines/latte/1blu/default.nix b/machines/latte/1blu/default.nix
deleted file mode 100644
index c246229..0000000
--- a/machines/latte/1blu/default.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-{
-
- imports =
- [ ./network.nix
- (modulesPath + "/profiles/qemu-guest.nix")
- ];
-
- # Disk
- boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "tank/root";
- fsType = "zfs";
- };
-
- fileSystems."/home" =
- { device = "tank/home";
- fsType = "zfs";
- };
-
- fileSystems."/nix" =
- { device = "tank/nix";
- fsType = "zfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/AEF3-A486";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
- boot.loader.grub.device = "/dev/vda";
-
- networking.hostId = "3150697c"; # required for zfs use
- boot.tmp.useTmpfs = true;
- boot.supportedFilesystems = [ "zfs" ];
-
- boot.loader.grub.enable = true;
- boot.loader.grub.copyKernels = true;
- boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
- boot.kernelParams = [
- "boot.shell_on_fail"
- "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
- ];
-}
diff --git a/machines/latte/1blu/network.nix b/machines/latte/1blu/network.nix
deleted file mode 100644
index 0a0eac9..0000000
--- a/machines/latte/1blu/network.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-let
- external-mac = "c4:37:72:55:4e:1c";
- external-gw = "178.254.28.1";
- external-ip = "178.254.30.202";
- external-ip6 = "2a00:6800:3:18c::2";
- external-gw6 = "2a00:6800:3::1";
- external-netmask = 22;
- external-netmask6 = 64;
- internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
- ext-if = "et0"; # gets renamed on the fly
-in
-{
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
- '';
- networking = {
- interfaces."${ext-if}" = {
- ipv4.addresses = [{
- address = external-ip;
- prefixLength = external-netmask;
- }];
- ipv6.addresses = [{
- address = external-ip6;
- prefixLength = external-netmask6;
- }];
- };
- defaultGateway6 = { address = external-gw6; interface = ext-if; };
- defaultGateway = external-gw;
- nameservers = [ "1.1.1.1" ];
- };
-}
diff --git a/machines/latte/config.nix b/machines/latte/config.nix
deleted file mode 100644
index 9a242a4..0000000
--- a/machines/latte/config.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-
- # external-ip = config.krebs.build.host.nets.internet.ip4.addr;
- # internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
- # default-gw = "185.215.224.1";
- # prefixLength = 24;
- # external-mac = "46:5b:fc:f4:44:c9";
- # ext-if = "et0";
-in {
-
- imports = [
- ./1blu
- <stockholm/makefu>
-
- # common
- <stockholm/makefu/2configs/nur.nix>
- <stockholm/makefu/2configs/home-manager>
- <stockholm/makefu/2configs/home-manager/cli.nix>
-
- # Security
- <stockholm/makefu/2configs/sshd-totp.nix>
-
- # Tools
- <stockholm/makefu/2configs/tools/core.nix>
- <stockholm/makefu/2configs/zsh-user.nix>
-
- # NixOS Build
- <stockholm/makefu/2configs/remote-build/slave.nix>
-
- # Storage
- <stockholm/makefu/2configs/share>
- # <stockholm/makefu/2configs/share/hetzner-client.nix>
-
-
- # torrent is managed by gum
- # <stockholm/makefu/2configs/torrent/rtorrent.nix>
-
- ## Web
-
- # local usage:
- <stockholm/makefu/2configs/mosh.nix>
-
-
- # Supervision
- <stockholm/makefu/2configs/nix-community/supervision.nix>
-
- # Krebs
- <stockholm/makefu/2configs/tinc/retiolum.nix>
-
- # backup
- <stockholm/makefu/2configs/backup/state.nix>
-
- # migrated:
- # <stockholm/makefu/2configs/bitlbee.nix>
-
-
- ];
- krebs = {
- enable = true;
- build.host = config.krebs.hosts.latte;
- };
-
- makefu.dl-dir = "/media/cloud/download";
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-}
diff --git a/machines/latte/source.nix b/machines/latte/source.nix
deleted file mode 100644
index 41abecf..0000000
--- a/machines/latte/source.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- name = "latte";
- torrent = true;
- home-manager = true;
-}
diff --git a/machines/minicake/config.nix b/machines/minicake/config.nix
deleted file mode 100644
index fe66679..0000000
--- a/machines/minicake/config.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config,nixpkgsPath, pkgs, lib, ... }:
-{
- krebs = {
- enable = true;
-
- dns.providers.lan = "hosts";
- build.user = config.krebs.users.makefu;
- };
- imports = [
- (nixpkgsPath + "/nixos/modules/profiles/minimal.nix")
- (nixpkgsPath + "/nixos/modules/profiles/installation-device.nix")
- ];
-
- # cifs-utils fails to cross-compile
- # Let's simplify this by removing all unneeded filesystems from the image.
- boot.supportedFilesystems = lib.mkForce [ "vfat" ];
-
- boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
-
-
- users.users = {
- root = {
- openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
- };
- };
- services.openssh.enable = true;
-}
diff --git a/machines/mrdavid/config.nix b/machines/mrdavid/config.nix
deleted file mode 100644
index 99b627c..0000000
--- a/machines/mrdavid/config.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ config, pkgs, lib, self, ... }:
-
-{
- imports =
- [ # Include the results of the hardware scan.
- ./hardware.nix
- ../../2configs/default.nix
-
- # ../../2configs/nur.nix
- ../../2configs/home-manager
- ../../2configs/main-laptop.nix
- ../../2configs/editor/neovim
- ../../2configs/tools/core.nix
- # ../../2configs/tools/all.nix
-
- ((import ../../2configs/fs/disko/single-disk-ext4.nix ) { disk = "/dev/sda"; })
- # hardware specifics are in here
-
- ../../2configs/zsh-user.nix
- ../../2configs/home-manager
- ../../2configs/home-manager/desktop.nix
- ../../2configs/home-manager/cli.nix
-
- # ../../2configs/tinc/retiolum.nix
- ];
-
- krebs.build.host.name = "mrdavid";
-}
diff --git a/machines/mrdavid/hardware.nix b/machines/mrdavid/hardware.nix
deleted file mode 100644
index 7398306..0000000
--- a/machines/mrdavid/hardware.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ lib, ... }:
-{
- imports = [ ];
- hardware.enableRedistributableFirmware = true;
-}
diff --git a/machines/pnp/config.nix b/machines/pnp/config.nix
deleted file mode 100644
index 6c9fc06..0000000
--- a/machines/pnp/config.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-# Usage:
-# NIX_PATH=secrets=/home/makefu/secrets/wry:nixpkgs=/var/src/nixpkgs nix-build -A users.makefu.pnp.config.system.build.vm
-# result/bin/run-pnp-vm -virtfs local,path=/home/makefu/secrets/pnp,security_model=none,mount_tag=secrets
-{ config, pkgs, ... }:
-
-{
- imports =
- [
- <stockholm/makefu>
- <stockholm/makefu/2configs/headless.nix>
-
- # these will be overwritten by qemu-vm.nix but will be used if the system
- # is directly deployed
- <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- <stockholm/makefu/2configs/fs/vm-single-partition.nix>
-
- <stockholm/makefu/2configs/tinc/retiolum.nix>
-
- # config.system.build.vm
- (toString <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>)
- ];
-
- virtualisation.graphics = false;
- # also export secrets, see Usage above
- fileSystems = pkgs.lib.mkVMOverride {
- "${builtins.toString <secrets>}" =
- { device = "secrets";
- fsType = "9p";
- options = [ "trans=virtio" "version=9p2000.L" "cache=loose" ];
- neededForBoot = true;
- };
- };
-
- krebs.Reaktor.debug = {
- debug = true;
- extraEnviron = {
- # TODO: remove hard-coded server
- REAKTOR_HOST = "irc.r";
- };
- plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ];
- channels = [ "#xxx" ];
- };
-
- krebs.build.host = config.krebs.hosts.pnp;
-
- networking.firewall.allowedTCPPorts = [
- 25
- ];
-
-}
diff --git a/machines/pnp/source.nix b/machines/pnp/source.nix
deleted file mode 100644
index 02f7d0a..0000000
--- a/machines/pnp/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- name="pnp";
-}
diff --git a/machines/repunit/config.nix b/machines/repunit/config.nix
deleted file mode 100644
index 23b0dc6..0000000
--- a/machines/repunit/config.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
- imports =
- [ # Include the results of the hardware scan.
- <stockholm/makefu>
- <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- <stockholm/makefu/2configs/git/cgit-retiolum.nix>
- <stockholm/makefu/2configs/tinc/retiolum.nix>
- ];
- krebs.build.host = config.krebs.hosts.repunit;
-
- boot.loader.grub.enable = true;
- boot.loader.grub.device = "/dev/vda";
-
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
- hardware.enableRedistributableFirmware = true;
- hardware.cpu.amd.updateMicrocode = true;
-
-# networking.firewall is enabled by default
- networking.firewall.allowedTCPPorts = [ 80 ];
- networking.firewall.allowPing = true;
-
- fileSystems."/" =
- { device = "/dev/disk/by-label/nixos";
- fsType = "ext4";
- };
-
-# $ nix-env -qaP | grep wget
- environment.systemPackages = with pkgs; [
- jq
- ];
-}
diff --git a/machines/repunit/source.nix b/machines/repunit/source.nix
deleted file mode 100644
index 20d3cd1..0000000
--- a/machines/repunit/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- name="repunit";
-}
diff --git a/machines/sdcard/config.nix b/machines/sdcard/config.nix
deleted file mode 100644
index 4e3c22a..0000000
--- a/machines/sdcard/config.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
- kernel = pkgs.callPackage ./kernel.nix {
- kernelPatches = with pkgs.kernelPatches; [
- # kernelPatches.bridge_stp_helper
- # kernelPatches.modinst_arg_list_too_long
- ];
- };
-in
-{
- imports = [
- <nixpkgs/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix>
- # <stockholm/makefu/2configs/minimal.nix>
- ];
- # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
- # cd ~/stockholm ; nix build config.system.build.sdImage -I nixos-config=makefu/1systems/sdcard/config.nix -f /home/makefu/nixpkgs/nixos
-
- boot.kernelParams = ["console=ttyS2,1500000" "earlycon=uart8250,mmio32,0xff1a0000"];
- # boot.kernelPackages = pkgs.linuxPackages_latest;
- boot.kernelPackages = pkgs.linuxPackagesFor kernel;
- boot.supportedFilesystems = lib.mkForce [ "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
-
- # krebs.hidden-ssh.enable = true;
- environment.systemPackages = with pkgs; [
- aria2
- ddrescue
- ];
- environment.extraInit = ''
- EDITOR=vim
- '';
- # iso-specific
- services.openssh = {
- enable = true;
- hostKeys = [
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
- # enable ssh in the iso boot process
- systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
-}
diff --git a/machines/sdcard/kernel.nix b/machines/sdcard/kernel.nix
deleted file mode 100644
index df5e7ad..0000000
--- a/machines/sdcard/kernel.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ fetchFromGitLab, buildLinux, ... } @ args:
-buildLinux (args // rec {
- version = "4.4.55";
- modDirVersion = "4.4.55";
- extraMeta.branch = "4.4";
- defconfig = "firefly_linux_defconfig";
-
- src = fetchFromGitLab {
- owner = "TeeFirefly";
- repo = "linux-kernel";
- rev = "firefly_0821_release";
- sha256 = "1fwj9cm5ysz286znrr3fyrhfn903m84i7py4rv3y3h9avxb3zl1r";
- };
- extraMeta.platforms = [ "aarch64-linux" ];
-} // (args.argsOverride or {}))
diff --git a/machines/sdcard/source.nix b/machines/sdcard/source.nix
deleted file mode 100644
index 6bef8ad..0000000
--- a/machines/sdcard/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- name="iso";
-}
diff --git a/machines/sdev/config.nix b/machines/sdev/config.nix
deleted file mode 100644
index d02c303..0000000
--- a/machines/sdev/config.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ lib, config, pkgs, ... }:
-{
- krebs.build.host = config.krebs.hosts.sdev;
- makefu.awesome.modkey = "Mod1";
- imports =
- [ # Include the results of the hardware scan.
- <stockholm/makefu>
- <stockholm/makefu/2configs/home-manager>
-
- # <stockholm/makefu/2configs/hw/vbox-guest.nix> # broken since 2019-04-18
- { # until virtualbox-image is fixed
- imports = [
- <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
- ];
- boot.loader.grub.device = lib.mkForce "/dev/sda";
- }
- <stockholm/makefu/2configs/main-laptop.nix>
- # <secrets/extra-hosts.nix>
-
- # environment
- <stockholm/makefu/2configs/tinc/retiolum.nix>
- <stockholm/makefu/2configs/virtualisation/docker.nix>
-
- ];
- # allow sdev to deploy self
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
- };
- };
- # corefonts
- nixpkgs.config.allowUnfree = true;
-
- environment.systemPackages = with pkgs;[
- ppp xclip
- get
- passwdqc-utils
- gnupg
- populate
- # 20.09: torbrowser is broken
- #(pkgs.writeScriptBin "tor-browser" ''
- # #! /bin/sh
- # TOR_SKIP_LAUNCH=1 ${torbrowser}/bin/tor-browser
- #'')
- ];
-
- networking.firewall.allowedTCPPorts = [
- 25
- 80
- 8010
- ];
-
-
-}
diff --git a/machines/sdev/source.nix b/machines/sdev/source.nix
deleted file mode 100644
index d6c3d20..0000000
--- a/machines/sdev/source.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- name="sdev";
- home-manager = true;
- hw = true;
- mic92 = true;
- unstable = true;
-}
diff --git a/machines/shack-autoinstall/config.nix b/machines/shack-autoinstall/config.nix
deleted file mode 100644
index 18bfd2c..0000000
--- a/machines/shack-autoinstall/config.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with pkgs.stockholm.lib;
-let
- disk = "/dev/sda";
-in {
- imports = [
- <stockholm/makefu>
- <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
- <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
- <stockholm/makefu/2configs/tools/core.nix>
- ];
- # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
- # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
- krebs.build.host = config.krebs.hosts.iso;
- krebs.hidden-ssh.enable = true;
-
- environment.extraInit = ''
- EDITOR=vim
- '';
- # iso-specific
- boot.kernelParams = [ "copytoram" ];
-
-
- environment.systemPackages = [
- pkgs.parted
- ( pkgs.writeScriptBin "shack-install" ''
- #! /bin/sh
- echo "go ahead and try NIX_PATH=/root/.nix-defexpr/channels/ nixos-install"
- '')
- ];
-
- systemd.services.wpa_supplicant.wantedBy = lib.mkForce [ "multi-user.target" ];
-
- networking.wireless = {
- enable = true;
- networks.shack.psk = "welcome2shack";
- };
-
-
- services.openssh = {
- enable = true;
- hostKeys = [
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
- # enable ssh in the iso boot process
- systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
-}
diff --git a/machines/shack-autoinstall/grub-partition.sh b/machines/shack-autoinstall/grub-partition.sh
deleted file mode 100644
index c23c897..0000000
--- a/machines/shack-autoinstall/grub-partition.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-set -euf
-parted -s ${disk} mklabel msdos
-parted -s ${disk} -- mkpart primary linux-swap 1M 4096M
-parted -s ${disk} -- mkpart primary ext2 4096M 100%
diff --git a/machines/shack-autoinstall/shack-config.nix b/machines/shack-autoinstall/shack-config.nix
deleted file mode 100644
index cd79aa6..0000000
--- a/machines/shack-autoinstall/shack-config.nix
+++ /dev/null
@@ -1,230 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
- imports = [
- ./hardware-configuration.nix
- # TODO:
- ];
-
- # shacks-specific
- networking.wireless = {
- enable = true;
- networks.shack.psk = "181471eb97eb23f12c6871227bc4a7b13c8f6af56dcc0d0e8b71f4d7a510cb4e";
- };
- networking.hostName = "shackbook";
-
- boot.tmp.useTmpfs = true;
-
- users.users.shack = {
- createHome = true;
- useDefaultShell = true;
- home = "/home/shack";
- uid = 9001;
- packages = with pkgs;[
- chromium
- firefox
- ];
- extraGroups = [ "audio" "wheel" ];
- hashedPassword = "$6$KIxlQTLEnKl7cwC$LrmbwZ64Mlm7zqUUZ0EObPJMES3C0mQ6Sw7ynTuXzUo7d9EWg/k5XCGkDHMFvL/Pz19Awcv0knHB1j3dHT6fh/" ;
- };
-
- environment.variables = let
- ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- in {
- EDITOR = lib.mkForce "vim";
- CURL_CA_BUNDLE = ca-bundle;
- GIT_SSL_CAINFO = ca-bundle;
- SSL_CERT_FILE = ca-bundle;
- };
-
- services.printing = {
- enable = true;
- # TODO: shack-printer
- };
-
-
- environment.systemPackages = with pkgs;[
- parted
- ddrescue
- tmux
- jq git gnumake htop rxvt_unicode.terminfo
- (pkgs.vim_configurable.customize {
- name = "vim";
- vimrcConfig.customRC = ''
- set nocompatible
- syntax on
- set list
- set listchars=tab:▸\
- "set list listchars=tab:>-,trail:.,extends:>
-
- filetype off
- filetype plugin indent on
-
- colorscheme darkblue
- set background=dark
-
- set number
- set relativenumber
- set mouse=a
- set ignorecase
- set incsearch
- set wildignore=*.o,*.obj,*.bak,*.exe,*.os
- set textwidth=79
- set shiftwidth=2
- set expandtab
- set softtabstop=2
- set shiftround
- set smarttab
- set tabstop=2
- set et
- set autoindent
- set backspace=indent,eol,start
-
-
- inoremap <F1> <ESC>
- nnoremap <F1> <ESC>
- vnoremap <F1> <ESC>
-
- nnoremap <F5> :UndotreeToggle<CR>
- set undodir =~/.vim/undo
- set undofile
- "maximum number of changes that can be undone
- set undolevels=1000000
- "maximum number lines to save for undo on a buffer reload
- set undoreload=10000000
-
- nnoremap <F2> :set invpaste paste?<CR>
- set pastetoggle=<F2>
- set showmode
-
- set showmatch
- set matchtime=3
- set hlsearch
-
- autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red
-
-
- " save on focus lost
- au FocusLost * :wa
-
- autocmd BufRead *.json set filetype=json
- au BufNewFile,BufRead *.mustache set syntax=mustache
-
- cnoremap SudoWrite w !sudo tee > /dev/null %
-
- " create Backup/tmp/undo dirs
- set backupdir=~/.vim/backup
- set directory=~/.vim/tmp
-
- function! InitBackupDir()
- let l:parent = $HOME . '/.vim/'
- let l:backup = l:parent . 'backup/'
- let l:tmpdir = l:parent . 'tmp/'
- let l:undodir= l:parent . 'undo/'
-
-
- if !isdirectory(l:parent)
- call mkdir(l:parent)
- endif
- if !isdirectory(l:backup)
- call mkdir(l:backup)
- endif
- if !isdirectory(l:tmpdir)
- call mkdir(l:tmpdir)
- endif
- if !isdirectory(l:undodir)
- call mkdir(l:undodir)
- endif
- endfunction
- call InitBackupDir()
-
- augroup Binary
- " edit binaries in xxd-output, xxd is part of vim
- au!
- au BufReadPre *.bin let &bin=1
- au BufReadPost *.bin if &bin | %!xxd
- au BufReadPost *.bin set ft=xxd | endif
- au BufWritePre *.bin if &bin | %!xxd -r
- au BufWritePre *.bin endif
- au BufWritePost *.bin if &bin | %!xxd
- au BufWritePost *.bin set nomod | endif
- augroup END
- '';
- vimrcConfig.vam.knownPlugins = pkgs.vimPlugins;
- vimrcConfig.vam.pluginDictionaries = [
- { names = [ "undotree" ]; }
- # vim-nix handles indentation better but does not perform sanity
- { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
- ];
- })
-
- ];
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=900001
- HISTFILESIZE=$HISTSIZE
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- PS1='\[\e[1;32m\]\w\[\e[0m\] '
- '';
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
- nix = {
- package = pkgs.nixUnstable;
- optimise.automatic = true;
- useSandbox = true;
- gc.automatic = true;
- };
-
- system.autoUpgrade.enable = true;
-
- boot.loader.grub.enable = true;
- boot.loader.grub.device = "/dev/sda";
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
-
-
- # gui and stuff
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "us";
- defaultLocale = "en_US.UTF-8";
- };
-
- fonts = {
- enableFontDir = true;
- enableGhostscriptFonts = true;
- fonts = [ pkgs.terminus_font ];
- };
-
- time.timeZone = "Europe/Berlin";
- services.timesyncd.enable = true;
-
-
- # GUI
- hardware.pulseaudio.enable = true;
- services.xserver = {
- enable = true;
- displayManager.auto.enable = true;
- displayManager.auto.user = "shack";
-
- desktopManager.xfce.enable = true;
-
- layout = "us";
- xkbVariant = "altgr-intl";
- xkbOptions = "ctrl:nocaps, eurosign:e";
- };
-
- services.openssh = {
- enable = true;
- hostKeys = [
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
-}
diff --git a/machines/shack-autoinstall/source.nix b/machines/shack-autoinstall/source.nix
deleted file mode 100644
index 6bef8ad..0000000
--- a/machines/shack-autoinstall/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- name="iso";
-}
diff --git a/machines/shack-autoinstall/uefi-partition.sh b/machines/shack-autoinstall/uefi-partition.sh
deleted file mode 100644
index 4566b7d..0000000
--- a/machines/shack-autoinstall/uefi-partition.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-set -euf
-p(){
- parted -s ${disk} -- $@
-}
-p mklabel gpt
-p mkpart primary fat32 1M 551M
-p set 1 boot on
-p mkpart primary linux-swap 51M 4647M
-p mkpart primary ext2 4647M 100%
-udevadm settle
-mkfs.fat -nboot -F32 /dev/sda1
-
-udevadm settle
-mkswap ${disk}2 -L swap
-swapon -L swap
-mkfs.ext4 -L nixos ${disk}3
-mount LABEL=nixos /mnt
-mkdir /mnt/boot
-mount LABEL=boot /mnt/boot
-
-mkdir -p /mnt/etc/nixos
-cp ${./shack-config.nix} /mnt/etc/nixos/configuration.nix
-nixos-generate-config --root /mnt
diff --git a/machines/shoney/config.nix b/machines/shoney/config.nix
deleted file mode 100644
index 27d389b..0000000
--- a/machines/shoney/config.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-{ config, pkgs, ... }:
-let
- tinc-siem-ip = "10.8.10.1";
-
- ip = "64.137.234.215";
- alt-ip = "64.137.234.210"; # honeydrive honeyd
- extra-ip1 = "64.137.234.114"; # floating tinc.siem
- extra-ip2 = "64.137.234.232"; # honeydrive
- gw = "64.137.234.1";
-in {
- imports = [
- <stockholm/makefu>
- <stockholm/makefu/2configs/save-diskspace.nix>
- <stockholm/makefu/2configs/hw/CAC.nix>
- <stockholm/makefu/2configs/fs/CAC-CentOS-7-64bit.nix>
- <stockholm/makefu/2configs/tinc/retiolum.nix>
- ];
-
-
- krebs = {
- enable = true;
- build.host = config.krebs.hosts.shoney;
- tinc_graphs = {
- enable = true;
- network = "siem";
- hostsPath = "/etc/tinc/siem/hosts";
- nginx = {
- enable = true;
- # TODO: remove hard-coded hostname
- anonymous-domain = "localhost.localdomain";
- anonymous.extraConfig = "return 403;";
- complete = {
- serverAliases = [ "graph.siem" ];
- extraConfig = ''
- if ( $server_addr = "${ip}" ) {
- return 403;
- }
- '';
- };
- };
- };
- };
- makefu.forward-journal = {
- enable = true;
- src = "10.8.10.1";
- dst = "10.8.10.6";
- };
- networking = {
- interfaces.enp2s1.ipv4.addresses = [
- { address = ip; prefixLength = 24; }
- # { address = alt-ip; prefixLength = 24; }
- ];
-
- defaultGateway = gw;
- nameservers = [ "8.8.8.8" ];
- firewall = {
- trustedInterfaces = [ "tinc.siem" ];
- allowedUDPPorts = [ 655 1655 ];
- allowedTCPPorts = [ 655 1655 ];
- };
- };
-}
diff --git a/machines/shoney/source.nix b/machines/shoney/source.nix
deleted file mode 100644
index 3616716..0000000
--- a/machines/shoney/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- name="shoney";
-}
diff --git a/machines/snake/config.nix b/machines/snake/config.nix
deleted file mode 100644
index 69e347d..0000000
--- a/machines/snake/config.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- primaryInterface = "eth0";
-in {
- imports = [
- <stockholm/makefu>
- ./hardware-config.nix
- <stockholm/makefu/2configs/home-manager>
- <stockholm/makefu/2configs/tools/core.nix>
- <stockholm/makefu/2configs/binary-cache/nixos.nix>
-
- <stockholm/makefu/2configs/home/rhasspy>
- # <stockholm/makefu/2configs/hw/pseyecam.nix>
- ];
- krebs = {
- enable = true;
- tinc.retiolum.enable = true;
- build.host = config.krebs.hosts.snake;
- };
- # ensure disk usage is limited
- services.journald.extraConfig = "Storage=volatile";
- networking.firewall.trustedInterfaces = [ primaryInterface ];
- documentation.info.enable = false;
- documentation.man.enable = false;
- documentation.nixos.enable = false;
-}
diff --git a/machines/snake/disk.nix b/machines/snake/disk.nix
deleted file mode 100644
index f9e1484..0000000
--- a/machines/snake/disk.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{ disks ? [ "/dev/sda" ], ... }: {
- disk = {
- x = {
- type = "disk";
- device = "/dev/sda";
- content = {
- type = "table";
- format = "gpt";
- partitions = [
- {
- name = "boot";
- type = "partition";
- start = "0";
- end = "1M";
- part-type = "primary";
- flags = ["bios_grub"];
- }
- {
- type = "partition";
- name = "ESP";
- start = "1M";
- end = "512MiB";
- fs-type = "fat32";
- bootable = true;
- content = {
- type = "filesystem";
- format = "vfat";
- mountpoint = "/boot";
- };
- }
- {
- type = "partition";
- name = "zfs";
- start = "512MiB";
- end = "100%";
- content = {
- type = "zfs";
- pool = "zroot";
- };
- }
- ];
- };
- };
- };
- zpool = {
- zroot = {
- type = "zpool";
- rootFsOptions.compression = "lz4";
- mountpoint = "/";
-
- datasets = {
- home = {
- zfs_type = "filesystem";
- mountpoint = "/home";
- options.mountpoint = "legacy";
- };
- reserved = {
- zfs_type = "filesystem";
- options.refreservation = "1G";
- };
- };
- };
- };
-}
diff --git a/machines/snake/hardware-config.nix b/machines/snake/hardware-config.nix
deleted file mode 100644
index de3607e..0000000
--- a/machines/snake/hardware-config.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ pkgs, lib, ... }:
-{
- imports = [
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ./wifi.nix
- ./sound.nix
- ];
- boot.loader.grub.enable = true;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.device = "/dev/sda";
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
- boot.kernelModules = [ "kvm-amd" ];
- disko.devices = import ./disk.nix;
-
- hardware.enableRedistributableFirmware = true;
- hardware.cpu.amd.updateMicrocode = true;
- nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
- powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
-
- boot.kernelParams = [ "net.ifnames=0" ];
- networking.hostId = "0123AABB";
-
-}
diff --git a/machines/snake/sound.nix b/machines/snake/sound.nix
deleted file mode 100644
index 452f4b4..0000000
--- a/machines/snake/sound.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ lib, ... }: {
- imports = [
- <stockholm/makefu/2configs/gui/snake-kiosk.nix>
- ];
- nixpkgs.config.allowUnfree = true;
- networking.networkmanager.enable = lib.mkForce false;
- # sound.enable = true;
- #hardware.pulseaudio = {
- # enable = true;
- # systemWide = true;
- # tcp = {
- # enable = true;
- # anonymousClients.allowAll = true;
- # };
- #};
-
- #users.users.makefu = {
- # extraGroups = [ "pipewire" "audio" ];
- #};
-
-
- #services.xserver = {
- # enable = true;
- # # desktopManager.xterm.enable = true;
- # desktopManager.xfce = {
- # enable = true;
- # noDesktop = true;
- # };
-
- # displayManager.autoLogin = {
- # enable = true;
- # user = "makefu";
- # };
- #};
- hardware.pulseaudio.enable = lib.mkForce false;
- security.rtkit.enable = true;
- #services.pipewire = {
- # enable = true;
- # systemWide = true;
- # socketActivation = false;
- # alsa.enable = true;
- # alsa.support32Bit = true;
- # pulse.enable = true;
- # config.pipewire-pulse = {
- # "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ];
- # };
-
- #};
-
-
-}
diff --git a/machines/snake/source.nix b/machines/snake/source.nix
deleted file mode 100644
index 8fc2fff..0000000
--- a/machines/snake/source.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- name="cake";
- full = true;
- home-manager = true;
- hw = true;
-}
diff --git a/machines/snake/wifi.nix b/machines/snake/wifi.nix
deleted file mode 100644
index 7e15690..0000000
--- a/machines/snake/wifi.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- networking.wireless = {
- enable = true;
- networks = import <secrets/wifi.nix>;
- };
-}
diff --git a/machines/studio/config.nix b/machines/studio/config.nix
deleted file mode 100644
index 841e32c..0000000
--- a/machines/studio/config.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-{ config, pkgs, ... }:
-{
- imports = [
- <stockholm/makefu>
- <stockholm/makefu/2configs/vncserver.nix>
- <stockholm/makefu/2configs/disable_v6.nix>
- <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
- <stockholm/makefu/2configs/audio/realtime-audio.nix>
- <stockholm/makefu/2configs/gui/studio.nix>
- <stockholm/makefu/2configs/binary-cache/lass.nix>
-
- ];
- makefu.gui.user = "user"; # we use an extra user
- krebs = {
- enable = true;
- tinc.retiolum.enable = true;
- build.host = config.krebs.hosts.studio;
- };
- networking.firewall.allowedTCPPorts = [ 655 ];
- networking.firewall.allowedUDPPorts = [ 655 ];
-
-
- environment.systemPackages = with pkgs;[
- # audio foo
- ## pulseaudio
- pavucontrol
- paprefs
- pamixer
-
- # extra alsa tools
- alsa-hdspconf
- alsa-hdspmixer
- alsa-hdsploader
-
- # recording
- darkice
- (mumble.override { jackSupport = true; })
-
- # browsing
- firefox
- chromium
- ];
-
-
- nixpkgs.config.allowUnfree = true;
- fonts = {
- enableCoreFonts = true;
- enableFontDir = true;
- enableGhostscriptFonts = true;
- fonts = [ ];
- };
- # ingos favorite display manager
-
-
- # hardware
- boot.loader.grub.enable = true;
- boot.loader.grub.device = "/dev/sda";
-
- boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/0aeda516-230e-4c54-9e27-13515c2f3f21";
- fsType = "ext4";
- };
-
- swapDevices = [ { device = "/dev/disk/by-uuid/1914af67-5a8f-41d3-a1c2-211c39605da9"; } ];
- users.users.user = {
- isNormalUser = true;
- extraGroups = [ "wheel" "audio" ];
- uid = 1000;
- openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
- };
-}
diff --git a/machines/studio/source.nix b/machines/studio/source.nix
deleted file mode 100644
index ff88d35..0000000
--- a/machines/studio/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- name="studio";
- musnix = true;
-}
diff --git a/machines/vbob/config.nix b/machines/vbob/config.nix
deleted file mode 100644
index 208dd1f..0000000
--- a/machines/vbob/config.nix
+++ /dev/null
@@ -1,91 +0,0 @@
-{ lib, config, pkgs, ... }:
-{
- krebs.build.host = config.krebs.hosts.vbob;
- makefu.awesome.modkey = "Mod1";
- imports =
- [
- <stockholm/makefu>
- {
- imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
- boot.loader.grub.device = "/dev/sda";
- }
- # <stockholm/makefu/2configs/hw/vbox-guest.nix>
- # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
-
- # base gui
- # <stockholm/makefu/2configs/main-laptop.nix>
- # <stockholm/makefu/2configs/tools/core-gui.nix>
-
- <stockholm/makefu/2configs/zsh-user.nix>
-
- # security
- <stockholm/makefu/2configs/sshd-totp.nix>
-
- # Tools
- <stockholm/makefu/2configs/tools/core.nix>
- <stockholm/makefu/2configs/tools/dev.nix>
- # <stockholm/makefu/2configs/tools/extra-gui.nix>
- # <stockholm/makefu/2configs/tools/sec.nix>
-
- # environment
- <stockholm/makefu/2configs/tinc/retiolum.nix>
- (let
- gum-ip = config.krebs.hosts.gum.nets.internet.ip4.addr;
- gateway = "10.0.2.2";
- in {
- # make sure the route to gum gets added after the network is online
- systemd.services.wireguard-wg0.after = [ "network-online.target" ];
- networking.wireguard.interfaces.wg0 = {
- ips = [ "10.244.0.3/24" ];
- privateKeyFile = (toString <secrets>) + "/wireguard.key";
- # explicit route via eth0 to gum
- preSetup = ["${pkgs.iproute}/bin/ip route add ${gum-ip} via ${gateway}"];
- peers = [
- { # gum
- endpoint = "${gum-ip}:51820";
- allowedIPs = [ "0.0.0.0/0" "10.244.0.0/24" ];
- publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
- persistentKeepalive = 25;
- }
- ];
- };
- })
-
- ];
- networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
-
- # allow vbob to deploy self
- users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
-
- environment.shellAliases = {
- forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
- };
-
- system.activationScripts.prepare-fortclientvpnssl = ''
- # TODO: for forticlientsslpn
- mkdir -p /usr/{s,}bin
- ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
- ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
- '';
-
- # for forticlient
- nixpkgs.config.allowUnfree = true;
-
- environment.systemPackages = with pkgs;[
- fortclientsslvpn ppp xclip
- get
- logstash
- #devpi-web
- #devpi-client
- ansible
- ];
-
-
- networking.firewall.allowedTCPPorts = [
- 25
- 80
- 8010
- ];
- # required for qemu
- systemd.services."serial-getty@ttyS0".enable = true;
-}
diff --git a/machines/vbob/source.nix b/machines/vbob/source.nix
deleted file mode 100644
index 59744fa..0000000
--- a/machines/vbob/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- name="vbob";
- # musnix = true;
-}
diff --git a/machines/wry/config.nix b/machines/wry/config.nix
deleted file mode 100644
index abeb7d8..0000000
--- a/machines/wry/config.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with pkgs.stockholm.lib;
-let
-
- external-ip = config.krebs.build.host.nets.internet.ip4.addr;
- internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
-in {
- imports = [
- <stockholm/makefu>
- # TODO: copy this config or move to krebs
- <stockholm/makefu/2configs/hw/CAC.nix>
- <stockholm/makefu/2configs/fs/CAC-CentOS-7-64bit.nix>
- <stockholm/makefu/2configs/save-diskspace.nix>
-
- # <stockholm/makefu/2configs/bepasty-dual.nix>
-
- <stockholm/makefu/2configs/iodined.nix>
- <stockholm/makefu/2configs/backup.nix>
-
- # other nginx
- # <stockholm/makefu/2configs/nginx/euer.test.nix>
-
- # collectd
- <stockholm/makefu/2configs/stats/client.nix>
- <stockholm/makefu/2configs/logging/client.nix>
-
- <stockholm/makefu/2configs/tinc/retiolum.nix>
- # <stockholm/makefu/2configs/torrent.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.wry;
-
- # prepare graphs
- services.nginx.enable = true;
- krebs.retiolum-bootstrap.enable = true;
-
- networking = {
- firewall = {
- allowPing = true;
- logRefusedConnections = false;
- allowedTCPPorts = [ 53 80 443 ];
- allowedUDPPorts = [ 655 53 ];
- };
- interfaces.enp2s1.ipv4.addresses = [{
- address = external-ip;
- prefixLength = 24;
- }];
- defaultGateway = "104.233.87.1";
- nameservers = [ "8.8.8.8" ];
- };
-
- environment.systemPackages = [ pkgs.screen ];
-}
diff --git a/machines/wry/source.nix b/machines/wry/source.nix
deleted file mode 100644
index 7303005..0000000
--- a/machines/wry/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- name="wry";
-}