stockholm/lass/1systems/helios/config.nix

with import <stockholm/lib>;
{ config, lib, pkgs, ... }:

{
  imports = [
    <stockholm/lass>
    <stockholm/lass/2configs/baseX.nix>
    <stockholm/lass/2configs/browsers.nix>
    <stockholm/lass/2configs/mouse.nix>
    <stockholm/lass/2configs/pass.nix>
    <stockholm/lass/2configs/retiolum.nix>
    <stockholm/lass/2configs/otp-ssh.nix>
    # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
    #<stockholm/lass/2configs/git.nix>
    <stockholm/lass/2configs/dcso-vpn.nix>
    <stockholm/lass/2configs/virtualbox.nix>
    <stockholm/lass/2configs/dcso-dev.nix>
    <stockholm/lass/2configs/steam.nix>
    <stockholm/lass/2configs/rtl-sdr.nix>
    <stockholm/lass/2configs/backup.nix>
    { # automatic hardware detection
      boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
      boot.kernelModules = [ "kvm-intel" ];

      fileSystems."/" = {
        device = "/dev/pool/root";
        fsType = "btrfs";
      };

      fileSystems."/boot" = {
        device = "/dev/disk/by-uuid/1F60-17C6";
        fsType = "vfat";
      };

      fileSystems."/home" = {
        device = "/dev/pool/home";
        fsType = "btrfs";
      };

      fileSystems."/tmp" = {
        device = "tmpfs";
        fsType = "tmpfs";
        options = ["nosuid" "nodev" "noatime"];
      };

      nix.maxJobs = lib.mkDefault 8;
    }
    { # crypto stuff
      boot.initrd.luks = {
        cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
        devices =  [{
           name = "luksroot";
           device = "/dev/nvme0n1p3";
        }];
      };
    }
    {
      services.xserver.dpi = 200;
      fonts.fontconfig.dpi = 200;
      lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola";
      lass.fonts.bold =    "xft:Hack-Bold:pixelsize=22,xft:Symbola";
      lass.fonts.italic =  "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol";
    }
    { #TAPIR, AGATIS, sentral, a3 - foo
      services.redis.enable = true;
    }
    {
      krebs.fetchWallpaper = {
        enable = true;
        url = "http://i.imgur.com/0ktqxSg.png";
        maxTime = 9001;
      };
    }
    {
      #urban terror port
      krebs.iptables.tables.filter.INPUT.rules = [
        { predicate = "-p tcp --dport 27960"; target = "ACCEPT"; }
        { predicate = "-p udp --dport 27960"; target = "ACCEPT"; }
      ];
    }
  ];
  krebs.build.host = config.krebs.hosts.helios;

  krebs.git.rules = [
    {
      user = [ config.krebs.users.lass-helios ];
      repo = [ config.krebs.git.repos.stockholm ];
      perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ];
    }
    {
      lass.umts = {
        enable = true;
        modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09";
        initstrings = ''
          Init1 = AT+CFUN=1
          Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
        '';
      };
    }
  ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.wireless.enable = true;
  hardware.enableRedistributableFirmware = true;

  environment.systemPackages = with pkgs; [
    ag
    vim
    git
    rsync
    hashPassword
    thunderbird
    dpass
  ];

  users.users = {
    root.openssh.authorizedKeys.keys = [
      config.krebs.users.lass-helios.pubkey
    ];
  };

  services.tlp.enable = true;

  services.xserver.videoDrivers = [ "nvidia" ];
  services.xserver.xrandrHeads = [
    { output = "DP-2"; primary = true; }
    { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
    { output = "DP-0"; }
  ];

  services.xserver.displayManager.sessionCommands = ''
    ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
  '';

  networking.hostName = lib.mkForce "BLN02NB0162";

  security.pki.certificateFiles = [
    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })

    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
  ];

  programs.adb.enable = true;
  users.users.mainUser.extraGroups = [ "adbusers" "docker" ];

  services.printing.drivers = [ pkgs.postscript-lexmark ];

  services.logind.extraConfig = ''
    HandleLidSwitch=ignore
  '';

  virtualisation.docker.enable = true;
}
l: add helios.r config + source 2017-09-19 12:34:43 +02:00			`with import <stockholm/lib>;`
			`{ config, lib, pkgs, ... }:`

			`{`
			`imports = [`
			`<stockholm/lass>`
			`<stockholm/lass/2configs/baseX.nix>`
			`<stockholm/lass/2configs/browsers.nix>`
			`<stockholm/lass/2configs/mouse.nix>`
			`<stockholm/lass/2configs/pass.nix>`
			`<stockholm/lass/2configs/retiolum.nix>`
			`<stockholm/lass/2configs/otp-ssh.nix>`
l helios.r: disable git 2017-11-12 13:54:15 +01:00			`# TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined`
			`#<stockholm/lass/2configs/git.nix>`
l helios.r: add dcsovpn 2017-10-05 15:50:45 +02:00			`<stockholm/lass/2configs/dcso-vpn.nix>`
l helios.r: import virtualbox 2017-11-28 18:02:18 +01:00			`<stockholm/lass/2configs/virtualbox.nix>`
l helios.r: add dcso coop env 2017-11-29 16:22:10 +01:00			`<stockholm/lass/2configs/dcso-dev.nix>`
l helios.r: add games related stuff 2017-12-03 22:29:40 +01:00			`<stockholm/lass/2configs/steam.nix>`
l: add rtl-sdr 2018-02-13 17:13:55 +01:00			`<stockholm/lass/2configs/rtl-sdr.nix>`
l: config for backup target 2018-04-27 16:55:43 +02:00			`<stockholm/lass/2configs/backup.nix>`
l: add helios.r config + source 2017-09-19 12:34:43 +02:00			`{ # automatic hardware detection`
			`boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];`
			`boot.kernelModules = [ "kvm-intel" ];`

l helios.r: add /tmp 2017-12-15 21:31:23 +01:00			`fileSystems."/" = {`
			`device = "/dev/pool/root";`
			`fsType = "btrfs";`
			`};`
l: add helios.r config + source 2017-09-19 12:34:43 +02:00
l helios.r: add /tmp 2017-12-15 21:31:23 +01:00			`fileSystems."/boot" = {`
			`device = "/dev/disk/by-uuid/1F60-17C6";`
			`fsType = "vfat";`
			`};`
l: add helios.r config + source 2017-09-19 12:34:43 +02:00
l helios.r: add /tmp 2017-12-15 21:31:23 +01:00			`fileSystems."/home" = {`
			`device = "/dev/pool/home";`
			`fsType = "btrfs";`
			`};`

			`fileSystems."/tmp" = {`
			`device = "tmpfs";`
			`fsType = "tmpfs";`
			`options = ["nosuid" "nodev" "noatime"];`
			`};`
l: add helios.r config + source 2017-09-19 12:34:43 +02:00
			`nix.maxJobs = lib.mkDefault 8;`
			`}`
			`{ # crypto stuff`
			`boot.initrd.luks = {`
			`cryptoModules = [ "aes" "sha512" "sha1" "xts" ];`
			`devices = [{`
			`name = "luksroot";`
			`device = "/dev/nvme0n1p3";`
			`}];`
			`};`
			`}`
			`{`
			`services.xserver.dpi = 200;`
			`fonts.fontconfig.dpi = 200;`
l: use hack fonts everywhere 2017-10-09 13:02:14 +02:00			`lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola";`
			`lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola";`
			`lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol";`
l: add helios.r config + source 2017-09-19 12:34:43 +02:00			`}`
l helios.r: enable redis 2017-09-30 19:09:46 +02:00			`{ #TAPIR, AGATIS, sentral, a3 - foo`
			`services.redis.enable = true;`
			`}`
			`{`
			`krebs.fetchWallpaper = {`
			`enable = true;`
			`url = "http://i.imgur.com/0ktqxSg.png";`
			`maxTime = 9001;`
			`};`
			`}`
l helios.r: add games related stuff 2017-12-03 22:29:40 +01:00			`{`
			`#urban terror port`
			`krebs.iptables.tables.filter.INPUT.rules = [`
			`{ predicate = "-p tcp --dport 27960"; target = "ACCEPT"; }`
			`{ predicate = "-p udp --dport 27960"; target = "ACCEPT"; }`
			`];`
			`}`
l: add helios.r config + source 2017-09-19 12:34:43 +02:00			`];`
			`krebs.build.host = config.krebs.hosts.helios;`

			`krebs.git.rules = [`
			`{`
			`user = [ config.krebs.users.lass-helios ];`
			`repo = [ config.krebs.git.repos.stockholm ];`
			`perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ];`
			`}`
l helios.r: add umts 2017-11-12 12:59:30 +01:00			`{`
			`lass.umts = {`
			`enable = true;`
			`modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09";`
			`initstrings = ''`
			`Init1 = AT+CFUN=1`
			`Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0`
			`'';`
			`};`
			`}`
l: add helios.r config + source 2017-09-19 12:34:43 +02:00			`];`

			`# Use the systemd-boot EFI boot loader.`
			`boot.loader.systemd-boot.enable = true;`
			`boot.loader.efi.canTouchEfiVariables = true;`

			`networking.wireless.enable = true;`
			`hardware.enableRedistributableFirmware = true;`

			`environment.systemPackages = with pkgs; [`
l helios.r: add pkgs.ag 2017-09-30 19:10:12 +02:00			`ag`
l: add helios.r config + source 2017-09-19 12:34:43 +02:00			`vim`
			`git`
			`rsync`
			`hashPassword`
			`thunderbird`
			`dpass`
			`];`

			`users.users = {`
			`root.openssh.authorizedKeys.keys = [`
			`config.krebs.users.lass-helios.pubkey`
			`];`
			`};`

l helios.r: enable tlp 2017-09-19 15:17:09 +02:00			`services.tlp.enable = true;`
l helios.r: use nvidia drivers 2017-10-05 05:04:01 +02:00
			`services.xserver.videoDrivers = [ "nvidia" ];`
l helios.r: add multihead config 2017-10-09 12:03:57 +02:00			`services.xserver.xrandrHeads = [`
			`{ output = "DP-2"; primary = true; }`
l helios.r: add monitor config 2017-11-12 12:59:45 +01:00			`{ output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }`
			`{ output = "DP-0"; }`
l helios.r: add multihead config 2017-10-09 12:03:57 +02:00			`];`
l helios.r: add certificateFiles 2017-10-05 05:04:31 +02:00
l helios.r: add monitor config 2017-11-12 12:59:45 +01:00			`services.xserver.displayManager.sessionCommands = ''`
l helios.r: fix displayManager setup 2018-03-13 21:31:02 +01:00			`${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal`
l helios.r: add monitor config 2017-11-12 12:59:45 +01:00			`'';`

l helios.r: add office related stuff 2017-11-02 23:26:19 +01:00			`networking.hostName = lib.mkForce "BLN02NB0162";`

l helios.r: add certificateFiles 2017-10-05 05:04:31 +02:00			`security.pki.certificateFiles = [`
l helios.r: update certs 2018-05-02 15:53:09 +02:00			`(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })`
			`(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })`
			`(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })`

			`(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })`
			`(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })`
			`(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })`
			`(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })`
l helios.r: add certificateFiles 2017-10-05 05:04:31 +02:00			`];`
l: make screenlock configureable 2017-10-19 18:42:09 +02:00
l helios.r: add office related stuff 2017-11-02 23:26:19 +01:00			`programs.adb.enable = true;`
l helios.r: add docker 2018-02-12 10:41:19 +01:00			`users.users.mainUser.extraGroups = [ "adbusers" "docker" ];`
l helios.r: add office related stuff 2017-11-02 23:26:19 +01:00
l helios.r: minimize printing config 2017-11-12 13:00:03 +01:00			`services.printing.drivers = [ pkgs.postscript-lexmark ];`

l helios.r: ignore lidswitch 2017-12-18 18:52:35 +01:00			`services.logind.extraConfig = ''`
			`HandleLidSwitch=ignore`
			`'';`
l helios.r: add docker 2018-02-12 10:41:19 +01:00
			`virtualisation.docker.enable = true;`
l: add helios.r config + source 2017-09-19 12:34:43 +02:00			`}`