Merge remote-tracking branch 'lassul.us/master'
This commit is contained in:
commit
254e9e62b9
2
ci.nix
2
ci.nix
|
@ -16,6 +16,6 @@ let
|
||||||
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
|
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
|
||||||
|
|
||||||
build = host: owner:
|
build = host: owner:
|
||||||
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";});
|
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build/${host}";});
|
||||||
|
|
||||||
in mapAttrs (n: h: build n h.owner.name) ci-systems
|
in mapAttrs (n: h: build n h.owner.name) ci-systems
|
||||||
|
|
|
@ -123,8 +123,8 @@
|
||||||
displayManager.job.execCmd = lib.mkForce "derp";
|
displayManager.job.execCmd = lib.mkForce "derp";
|
||||||
|
|
||||||
enable = true;
|
enable = true;
|
||||||
display = 11;
|
display = lib.mkForce 11;
|
||||||
tty = 11;
|
tty = lib.mkForce 11;
|
||||||
|
|
||||||
dpi = 144;
|
dpi = 144;
|
||||||
|
|
||||||
|
|
|
@ -29,6 +29,7 @@ in {
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
||||||
test = { target }: pkgs.krops.writeTest "${name}-test" {
|
test = { target }: pkgs.krops.writeTest "${name}-test" {
|
||||||
|
force = true;
|
||||||
inherit target;
|
inherit target;
|
||||||
source = source { test = true; };
|
source = source { test = true; };
|
||||||
};
|
};
|
||||||
|
|
|
@ -38,7 +38,7 @@ with import <stockholm/lib>;
|
||||||
};
|
};
|
||||||
nets = rec {
|
nets = rec {
|
||||||
internet = {
|
internet = {
|
||||||
ip4.addr = "46.4.114.247";
|
ip4.addr = "95.216.1.150";
|
||||||
aliases = [
|
aliases = [
|
||||||
"prism.i"
|
"prism.i"
|
||||||
"paste.i"
|
"paste.i"
|
||||||
|
@ -87,6 +87,46 @@ with import <stockholm/lib>;
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
archprism = {
|
||||||
|
cores = 1;
|
||||||
|
nets = rec {
|
||||||
|
internet = {
|
||||||
|
ip4.addr = "46.4.114.247";
|
||||||
|
aliases = [
|
||||||
|
"archprism.i"
|
||||||
|
];
|
||||||
|
ssh.port = 45621;
|
||||||
|
};
|
||||||
|
retiolum = {
|
||||||
|
via = internet;
|
||||||
|
ip4.addr = "10.243.0.123";
|
||||||
|
ip6.addr = "42:0:0:0:0:0:0:123";
|
||||||
|
aliases = [
|
||||||
|
"archprism.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6dK0jsPSb7kWMGjfyWbG
|
||||||
|
wQYYt8vi5pY/1/Ohk0iy84+mfb1SCJdm5IOC4WXgHtmfd468OluUpU5etAu13D3n
|
||||||
|
f0iDeCuohH0uTjP+EojnKrAXYTiTRpySqXjVmhaWwFyMAACFdzKFb9cgMoByrP0U
|
||||||
|
5qruBcupK8Zwxt+Pe8IadRpPuOmz/bMYS7r+NKwybttoIX+YVm4myNzqdtMT77+H
|
||||||
|
BYR2mzW99T5YI54YZoCe0+XiIEQsosd6IL/9dP0+6vku6nHLD4qb81Q9AgaT+hte
|
||||||
|
s/ivHL+Fe2GULEQUi8aoEfXrPwnGFVY+QYxLw2G9A0Gfe9KnYBXDn99HXUGcFu2l
|
||||||
|
x7duN6mnT3WNC6VReh9m5+rPMnih/3l82W0tH1lBWUtdKcxx6yhkyUFgKOvkm4UP
|
||||||
|
gf1+EIpxf+bM7jlWylKGc+bD+dTMFV+tzHE6qHlcnzdZQrhYd0zjOXGnm4Kl1ec5
|
||||||
|
GSlpmqTcjgR+42l6frAENo3fndqYw1WkDtswImDz3Wjuco7BiOULHTJvQN+Ao1DI
|
||||||
|
l2MQDOWJoN4eYIE4XPqLSvdOSavHQB2WGv+dFDDpWOxnDLNi19aubtynIfpGJXxV
|
||||||
|
L8s9kUTG00Hdv08BG06hGt0+2Sy1PTVniDcTftHKmEOPS6Y5rJzQih7JdakSUQCc
|
||||||
|
6j/HwgWTf85Io/tbVMTNtkECAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||||
|
};
|
||||||
|
|
||||||
domsen-nas = {
|
domsen-nas = {
|
||||||
ci = false;
|
ci = false;
|
||||||
monitoring = false;
|
monitoring = false;
|
||||||
|
@ -338,6 +378,35 @@ with import <stockholm/lib>;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
kruck = {
|
||||||
|
monitoring = false;
|
||||||
|
ci = false;
|
||||||
|
external = true;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.29.201";
|
||||||
|
ip6.addr = "42:4234:6a6d:600::1";
|
||||||
|
aliases = [
|
||||||
|
"kruck.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
|
||||||
|
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
|
||||||
|
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
|
||||||
|
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
|
||||||
|
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
|
||||||
|
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
|
||||||
|
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
|
||||||
|
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
|
||||||
|
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
|
||||||
|
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
|
||||||
|
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
turingmachine = {
|
turingmachine = {
|
||||||
monitoring = false;
|
monitoring = false;
|
||||||
ci = false;
|
ci = false;
|
||||||
|
@ -494,6 +563,44 @@ with import <stockholm/lib>;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
eve = {
|
||||||
|
monitoring = false;
|
||||||
|
ci = false;
|
||||||
|
external = true;
|
||||||
|
nets = rec {
|
||||||
|
internet = {
|
||||||
|
# eve.thalheim.io
|
||||||
|
ip4.addr = "188.68.39.17";
|
||||||
|
ip6.addr = "2a03:4000:13:31e::1";
|
||||||
|
aliases = [ "eve.i" ];
|
||||||
|
};
|
||||||
|
retiolum = rec {
|
||||||
|
via = internet;
|
||||||
|
addrs = [
|
||||||
|
ip4.addr
|
||||||
|
ip6.addr
|
||||||
|
];
|
||||||
|
ip4.addr = "10.243.29.174";
|
||||||
|
ip6.addr = "42:4992:6a6d:a00::1";
|
||||||
|
aliases = [ "eve.r" ];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
|
||||||
|
XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82
|
||||||
|
08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk
|
||||||
|
6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI
|
||||||
|
+xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3
|
||||||
|
dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW
|
||||||
|
pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP
|
||||||
|
c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi
|
||||||
|
YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI
|
||||||
|
61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13
|
||||||
|
Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
xerxes = {
|
xerxes = {
|
||||||
cores = 2;
|
cores = 2;
|
||||||
nets = rec {
|
nets = rec {
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
python3Packages.buildPythonPackage rec {
|
python3Packages.buildPythonPackage rec {
|
||||||
name = "Reaktor-${version}";
|
name = "Reaktor-${version}";
|
||||||
version = "0.6.1";
|
version = "0.6.2";
|
||||||
|
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
|
|
||||||
|
@ -14,7 +14,7 @@ python3Packages.buildPythonPackage rec {
|
||||||
owner = "krebs";
|
owner = "krebs";
|
||||||
repo = "Reaktor";
|
repo = "Reaktor";
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "0mw2zizv8p264zqqrnb5qyx7szldcza5ma190292a1qlasyg1b4m";
|
sha256 = "0h8pj0x9b5fnxddwrc0f63rxd3275v5phmjc0fv4kiwlzvbcxj6m";
|
||||||
};
|
};
|
||||||
meta = {
|
meta = {
|
||||||
homepage = http://krebsco.de/;
|
homepage = http://krebsco.de/;
|
||||||
|
|
|
@ -9,7 +9,11 @@ writeDashBin "git-preview" ''
|
||||||
preview_name=$(${coreutils}/bin/basename "$preview_dir")
|
preview_name=$(${coreutils}/bin/basename "$preview_dir")
|
||||||
${git}/bin/git worktree add --detach -f "$preview_dir" 2>/dev/null
|
${git}/bin/git worktree add --detach -f "$preview_dir" 2>/dev/null
|
||||||
${git}/bin/git -C "$preview_dir" checkout -q "$head_commit"
|
${git}/bin/git -C "$preview_dir" checkout -q "$head_commit"
|
||||||
${git}/bin/git -C "$preview_dir" merge -qm "$merge_message" "$merge_commit"
|
${git}/bin/git -C "$preview_dir" merge \
|
||||||
|
''${GIT_PREVIEW_MERGE_STRATEGY+-s "$GIT_PREVIEW_MERGE_STRATEGY"} \
|
||||||
|
-m "$merge_message" \
|
||||||
|
-q \
|
||||||
|
"$merge_commit"
|
||||||
${git}/bin/git -C "$preview_dir" diff "$head_commit.." "$@"
|
${git}/bin/git -C "$preview_dir" diff "$head_commit.." "$@"
|
||||||
${coreutils}/bin/rm -fR "$preview_dir"
|
${coreutils}/bin/rm -fR "$preview_dir"
|
||||||
${coreutils}/bin/rm -R .git/worktrees/"$preview_name"
|
${coreutils}/bin/rm -R .git/worktrees/"$preview_name"
|
||||||
|
|
|
@ -54,6 +54,7 @@
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
||||||
test = { target }: pkgs.krops.writeTest "${name}-test" {
|
test = { target }: pkgs.krops.writeTest "${name}-test" {
|
||||||
|
force = true;
|
||||||
inherit target;
|
inherit target;
|
||||||
source = source { test = true; };
|
source = source { test = true; };
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs-channels",
|
"url": "https://github.com/NixOS/nixpkgs-channels",
|
||||||
"rev": "6a3f5bcb061e1822f50e299f5616a0731636e4e7",
|
"rev": "bf7930d582bcf7953c3b87e649858f3f1873eb9c",
|
||||||
"date": "2018-10-05T18:33:19-04:00",
|
"date": "2018-11-04T19:36:25+01:00",
|
||||||
"sha256": "1ib96has10v5nr6bzf7v8kw7yzww8zanxgw2qi1ll1sbv6kj6zpd",
|
"sha256": "0nvn6g0pxp0glqjg985qxs7ash0cmcdc80h8jxxk6z4pnr3f2n1m",
|
||||||
"fetchSubmodules": true
|
"fetchSubmodules": false
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@ dir=$(dirname $0)
|
||||||
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
||||||
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
|
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
|
||||||
--url https://github.com/NixOS/nixpkgs-channels \
|
--url https://github.com/NixOS/nixpkgs-channels \
|
||||||
--rev refs/heads/nixos-18.03' \
|
--rev refs/heads/nixos-18.09' \
|
||||||
> $dir/nixpkgs.json
|
> $dir/nixpkgs.json
|
||||||
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
||||||
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
|
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
|
||||||
|
|
356
lass/1systems/archprism/config.nix
Normal file
356
lass/1systems/archprism/config.nix
Normal file
|
@ -0,0 +1,356 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass>
|
||||||
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
|
<stockholm/lass/2configs/libvirt.nix>
|
||||||
|
{
|
||||||
|
services.nginx.enable = true;
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass/2configs/websites/domsen.nix>
|
||||||
|
<stockholm/lass/2configs/websites/lassulus.nix>
|
||||||
|
];
|
||||||
|
# needed by domsen.nix ^^
|
||||||
|
lass.usershadow = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{ # TODO make new hfos.nix out of this vv
|
||||||
|
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||||
|
users.users.riot = {
|
||||||
|
uid = genid "riot";
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "libvirtd" ];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO write function for proxy_pass (ssl/nonssl)
|
||||||
|
|
||||||
|
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||||
|
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||||
|
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
users.users.tv = {
|
||||||
|
uid = genid "tv";
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.tv.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
users.users.makefu = {
|
||||||
|
uid = genid "makefu";
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.makefu.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
users.users.nin = {
|
||||||
|
uid = genid "nin";
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.nin.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
users.extraUsers.dritter = {
|
||||||
|
uid = genid "dritter";
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [
|
||||||
|
"download"
|
||||||
|
];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
users.extraUsers.juhulian = {
|
||||||
|
uid = 1339;
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
users.users.hellrazor = {
|
||||||
|
uid = genid "hellrazor";
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [
|
||||||
|
"download"
|
||||||
|
];
|
||||||
|
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
#hotdog
|
||||||
|
systemd.services."container@hotdog".reloadIfChanged = mkForce false;
|
||||||
|
containers.hotdog = {
|
||||||
|
config = { ... }: {
|
||||||
|
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
||||||
|
environment.systemPackages = [ pkgs.git ];
|
||||||
|
services.openssh.enable = true;
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.lass.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
autoStart = true;
|
||||||
|
enableTun = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "10.233.2.1";
|
||||||
|
localAddress = "10.233.2.2";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
#onondaga
|
||||||
|
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
|
||||||
|
containers.onondaga = {
|
||||||
|
config = { ... }: {
|
||||||
|
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
||||||
|
environment.systemPackages = [ pkgs.git ];
|
||||||
|
services.openssh.enable = true;
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.lass.pubkey
|
||||||
|
config.krebs.users.nin.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
autoStart = true;
|
||||||
|
enableTun = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "10.233.2.5";
|
||||||
|
localAddress = "10.233.2.6";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
<stockholm/lass/2configs/exim-smarthost.nix>
|
||||||
|
<stockholm/lass/2configs/ts3.nix>
|
||||||
|
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||||
|
<stockholm/lass/2configs/radio.nix>
|
||||||
|
<stockholm/lass/2configs/binary-cache/server.nix>
|
||||||
|
<stockholm/lass/2configs/iodined.nix>
|
||||||
|
<stockholm/lass/2configs/paste.nix>
|
||||||
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
|
<stockholm/lass/2configs/reaktor-coders.nix>
|
||||||
|
<stockholm/lass/2configs/ciko.nix>
|
||||||
|
<stockholm/lass/2configs/container-networking.nix>
|
||||||
|
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
|
||||||
|
{ # quasi bepasty.nix
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass/2configs/bepasty.nix>
|
||||||
|
];
|
||||||
|
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
||||||
|
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
{
|
||||||
|
services.tor = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
lass.ejabberd = {
|
||||||
|
enable = true;
|
||||||
|
hosts = [ "lassul.us" ];
|
||||||
|
};
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass/2configs/realwallpaper.nix>
|
||||||
|
];
|
||||||
|
services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
|
||||||
|
alias /var/realwallpaper/realwallpaper.png;
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
{
|
||||||
|
users.users.jeschli = {
|
||||||
|
uid = genid "jeschli";
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||||
|
jeschli.pubkey
|
||||||
|
jeschli-bln.pubkey
|
||||||
|
jeschli-bolide.pubkey
|
||||||
|
jeschli-brauerei.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
krebs.git.rules = [
|
||||||
|
{
|
||||||
|
user = with config.krebs.users; [
|
||||||
|
jeschli
|
||||||
|
jeschli-bln
|
||||||
|
jeschli-bolide
|
||||||
|
jeschli-brauerei
|
||||||
|
];
|
||||||
|
repo = [ config.krebs.git.repos.xmonad-stockholm ];
|
||||||
|
perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
user = with config.krebs.users; [
|
||||||
|
jeschli
|
||||||
|
jeschli-bln
|
||||||
|
jeschli-bolide
|
||||||
|
jeschli-brauerei
|
||||||
|
];
|
||||||
|
repo = [ config.krebs.git.repos.stockholm ];
|
||||||
|
perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
krebs.repo-sync.repos.stockholm.timerConfig = {
|
||||||
|
OnBootSec = "5min";
|
||||||
|
OnUnitInactiveSec = "2min";
|
||||||
|
RandomizedDelaySec = "2min";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
<stockholm/lass/2configs/downloading.nix>
|
||||||
|
<stockholm/lass/2configs/minecraft.nix>
|
||||||
|
{
|
||||||
|
services.taskserver = {
|
||||||
|
enable = true;
|
||||||
|
fqdn = "lassul.us";
|
||||||
|
listenHost = "::";
|
||||||
|
listenPort = 53589;
|
||||||
|
organisations.lass.users = [ "lass" "android" ];
|
||||||
|
};
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
||||||
|
#<stockholm/lass/2configs/go.nix>
|
||||||
|
{
|
||||||
|
environment.systemPackages = [ pkgs.cryptsetup ];
|
||||||
|
systemd.services."container@red".reloadIfChanged = mkForce false;
|
||||||
|
containers.red = {
|
||||||
|
config = { ... }: {
|
||||||
|
environment.systemPackages = [ pkgs.git ];
|
||||||
|
services.openssh.enable = true;
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.lass.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
autoStart = false;
|
||||||
|
enableTun = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "10.233.2.3";
|
||||||
|
localAddress = "10.233.2.4";
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host rote-allez-fraktion.de;
|
||||||
|
proxy_pass http://10.233.2.4;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
#{
|
||||||
|
# imports = [ <stockholm/lass/2configs/backup.nix> ];
|
||||||
|
# lass.restic = genAttrs [
|
||||||
|
# "daedalus"
|
||||||
|
# "icarus"
|
||||||
|
# "littleT"
|
||||||
|
# "mors"
|
||||||
|
# "shodan"
|
||||||
|
# "skynet"
|
||||||
|
# ] (dest: {
|
||||||
|
# dirs = [
|
||||||
|
# "/home/chat/.weechat"
|
||||||
|
# "/bku/sql_dumps"
|
||||||
|
# ];
|
||||||
|
# passwordFile = (toString <secrets>) + "/restic/${dest}";
|
||||||
|
# repo = "sftp:backup@${dest}.r:/backups/prism";
|
||||||
|
# extraArguments = [
|
||||||
|
# "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
|
||||||
|
# ];
|
||||||
|
# timerConfig = {
|
||||||
|
# OnCalendar = "00:05";
|
||||||
|
# RandomizedDelaySec = "5h";
|
||||||
|
# };
|
||||||
|
# });
|
||||||
|
#}
|
||||||
|
{
|
||||||
|
users.users.download.openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
}
|
||||||
|
{
|
||||||
|
lass.nichtparasoup.enable = true;
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."lol.lassul.us" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_pass http://localhost:5001;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||||
|
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||||
|
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
|
||||||
|
{ v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||||
|
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
|
||||||
|
];
|
||||||
|
networking.wireguard.interfaces.wg0 = {
|
||||||
|
ips = [ "10.244.1.1/24" ];
|
||||||
|
listenPort = 51820;
|
||||||
|
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
||||||
|
allowedIPsAsRoutes = true;
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# lass-android
|
||||||
|
allowedIPs = [ "10.244.1.2/32" ];
|
||||||
|
publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
services.murmur.enable = true;
|
||||||
|
services.murmur.registerName = "lassul.us";
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
|
||||||
|
];
|
||||||
|
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.archprism;
|
||||||
|
services.earlyoom = {
|
||||||
|
enable = true;
|
||||||
|
freeMemThreshold = 5;
|
||||||
|
};
|
||||||
|
}
|
77
lass/1systems/archprism/physical.nix
Normal file
77
lass/1systems/archprism/physical.nix
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
{
|
||||||
|
boot.kernelParams = [ "net.ifnames=0" ];
|
||||||
|
networking = {
|
||||||
|
defaultGateway = "46.4.114.225";
|
||||||
|
# Use google's public DNS server
|
||||||
|
nameservers = [ "8.8.8.8" ];
|
||||||
|
interfaces.eth0 = {
|
||||||
|
ipAddress = "46.4.114.247";
|
||||||
|
prefixLength = 27;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# TODO use this network config
|
||||||
|
#networking.interfaces.et0.ipv4.addresses = [
|
||||||
|
# {
|
||||||
|
# address = config.krebs.build.host.nets.internet.ip4.addr;
|
||||||
|
# prefixLength = 27;
|
||||||
|
# }
|
||||||
|
# {
|
||||||
|
# address = "46.4.114.243";
|
||||||
|
# prefixLength = 27;
|
||||||
|
# }
|
||||||
|
#];
|
||||||
|
#networking.defaultGateway = "46.4.114.225";
|
||||||
|
#networking.nameservers = [
|
||||||
|
# "8.8.8.8"
|
||||||
|
#];
|
||||||
|
#services.udev.extraRules = ''
|
||||||
|
# SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
|
||||||
|
#'';
|
||||||
|
}
|
||||||
|
{
|
||||||
|
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
||||||
|
|
||||||
|
networking.hostId = "fb4173ea";
|
||||||
|
boot.loader.grub = {
|
||||||
|
devices = [
|
||||||
|
"/dev/sda"
|
||||||
|
"/dev/sdb"
|
||||||
|
];
|
||||||
|
splashImage = null;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"ata_piix"
|
||||||
|
"vmw_pvscsi"
|
||||||
|
"ahci" "sd_mod"
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
|
||||||
|
sound.enable = false;
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "rpool/root/nixos";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" = {
|
||||||
|
device = "rpool/home";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
}
|
|
@ -3,27 +3,39 @@
|
||||||
imports = [
|
imports = [
|
||||||
./config.nix
|
./config.nix
|
||||||
{
|
{
|
||||||
networking.interfaces.et0.ipv4.addresses = [
|
boot.kernelParams = [ "net.ifnames=0" ];
|
||||||
{
|
networking = {
|
||||||
address = config.krebs.build.host.nets.internet.ip4.addr;
|
defaultGateway = "46.4.114.225";
|
||||||
|
# Use google's public DNS server
|
||||||
|
nameservers = [ "8.8.8.8" ];
|
||||||
|
interfaces.eth0 = {
|
||||||
|
ipAddress = "46.4.114.247";
|
||||||
prefixLength = 27;
|
prefixLength = 27;
|
||||||
}
|
};
|
||||||
{
|
};
|
||||||
address = "46.4.114.243";
|
# TODO use this network config
|
||||||
prefixLength = 27;
|
#networking.interfaces.et0.ipv4.addresses = [
|
||||||
}
|
# {
|
||||||
];
|
# address = config.krebs.build.host.nets.internet.ip4.addr;
|
||||||
networking.defaultGateway = "46.4.114.225";
|
# prefixLength = 27;
|
||||||
networking.nameservers = [
|
# }
|
||||||
"8.8.8.8"
|
# {
|
||||||
];
|
# address = "46.4.114.243";
|
||||||
services.udev.extraRules = ''
|
# prefixLength = 27;
|
||||||
SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
|
# }
|
||||||
'';
|
#];
|
||||||
|
#networking.defaultGateway = "46.4.114.225";
|
||||||
|
#networking.nameservers = [
|
||||||
|
# "8.8.8.8"
|
||||||
|
#];
|
||||||
|
#services.udev.extraRules = ''
|
||||||
|
# SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
|
||||||
|
#'';
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
||||||
|
|
||||||
|
networking.hostId = "fb4173ea";
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
devices = [
|
devices = [
|
||||||
"/dev/sda"
|
"/dev/sda"
|
||||||
|
@ -40,45 +52,25 @@
|
||||||
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/pool/nix_root";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/tmp" = {
|
|
||||||
device = "tmpfs";
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = ["nosuid" "nodev" "noatime"];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/var/download" = {
|
|
||||||
device = "/dev/pool/download";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/srv/http" = {
|
|
||||||
device = "/dev/pool/http";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/home" = {
|
|
||||||
device = "/dev/pool/home";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/bku" = {
|
|
||||||
device = "/dev/pool/bku";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [
|
|
||||||
{ label = "swap1"; }
|
|
||||||
{ label = "swap2"; }
|
|
||||||
];
|
|
||||||
|
|
||||||
sound.enable = false;
|
sound.enable = false;
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "rpool/root/nixos";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" = {
|
||||||
|
device = "rpool/home";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -74,7 +74,6 @@ in {
|
||||||
nmap
|
nmap
|
||||||
pavucontrol
|
pavucontrol
|
||||||
powertop
|
powertop
|
||||||
push
|
|
||||||
rxvt_unicode_with-plugins
|
rxvt_unicode_with-plugins
|
||||||
sxiv
|
sxiv
|
||||||
taskwarrior
|
taskwarrior
|
||||||
|
|
|
@ -50,14 +50,30 @@ let
|
||||||
cgit.desc = "take a description of your disk layout and produce a format script";
|
cgit.desc = "take a description of your disk layout and produce a format script";
|
||||||
cgit.section = "software";
|
cgit.section = "software";
|
||||||
};
|
};
|
||||||
|
go = {
|
||||||
|
cgit.desc = "url shortener";
|
||||||
|
cgit.section = "software";
|
||||||
|
};
|
||||||
krebspage = {
|
krebspage = {
|
||||||
cgit.desc = "homepage of krebs";
|
cgit.desc = "homepage of krebs";
|
||||||
cgit.section = "configuration";
|
cgit.section = "configuration";
|
||||||
};
|
};
|
||||||
|
krops = {
|
||||||
|
cgit.desc = "krebs deployment";
|
||||||
|
cgit.section = "software";
|
||||||
|
};
|
||||||
news = {
|
news = {
|
||||||
cgit.desc = "take a rss feed and a timeout and print it to stdout";
|
cgit.desc = "take a rss feed and a timeout and print it to stdout";
|
||||||
cgit.section = "software";
|
cgit.section = "software";
|
||||||
};
|
};
|
||||||
|
newsbot-js = {
|
||||||
|
cgit.desc = "print rss feeds to irc channels";
|
||||||
|
cgit.section = "software";
|
||||||
|
};
|
||||||
|
nix-user-chroot = {
|
||||||
|
cgit.desc = "Fork of nix-user-chroot by lethalman";
|
||||||
|
cgit.section = "software";
|
||||||
|
};
|
||||||
nix-writers = {
|
nix-writers = {
|
||||||
cgit.desc = "high level writers for nix";
|
cgit.desc = "high level writers for nix";
|
||||||
cgit.section = "software";
|
cgit.section = "software";
|
||||||
|
@ -85,14 +101,6 @@ let
|
||||||
cgit.desc = "Good Music collection + tools";
|
cgit.desc = "Good Music collection + tools";
|
||||||
cgit.section = "art";
|
cgit.section = "art";
|
||||||
};
|
};
|
||||||
nix-user-chroot = {
|
|
||||||
cgit.desc = "Fork of nix-user-chroot by lethalman";
|
|
||||||
cgit.section = "software";
|
|
||||||
};
|
|
||||||
krops = {
|
|
||||||
cgit.desc = "krebs deployment";
|
|
||||||
cgit.section = "software";
|
|
||||||
};
|
|
||||||
xmonad-stockholm = {
|
xmonad-stockholm = {
|
||||||
cgit.desc = "krebs xmonad modules";
|
cgit.desc = "krebs xmonad modules";
|
||||||
cgit.section = "configuration";
|
cgit.section = "configuration";
|
||||||
|
|
|
@ -210,6 +210,7 @@ in {
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
msmtp
|
msmtp
|
||||||
mutt
|
mutt
|
||||||
|
pkgs.notmuch
|
||||||
pkgs.much
|
pkgs.much
|
||||||
tag-new-mails
|
tag-new-mails
|
||||||
tag-old-mails
|
tag-old-mails
|
||||||
|
|
|
@ -5,7 +5,7 @@ with import <stockholm/lib>;
|
||||||
services.urxvtd.enable = true;
|
services.urxvtd.enable = true;
|
||||||
|
|
||||||
krebs.xresources.resources.urxvt = ''
|
krebs.xresources.resources.urxvt = ''
|
||||||
URxvt*SaveLines: 1000000
|
URxvt.saveLines: 100000
|
||||||
URxvt*scrollBar: false
|
URxvt*scrollBar: false
|
||||||
URxvt*urgentOnBell: true
|
URxvt*urgentOnBell: true
|
||||||
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
|
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
|
||||||
|
|
|
@ -63,6 +63,8 @@ let
|
||||||
au Syntax * syn match Garbage containedin=ALL /\s\+$/
|
au Syntax * syn match Garbage containedin=ALL /\s\+$/
|
||||||
\ | syn match TabStop containedin=ALL /\t\+/
|
\ | syn match TabStop containedin=ALL /\t\+/
|
||||||
\ | syn keyword Todo containedin=ALL TODO
|
\ | syn keyword Todo containedin=ALL TODO
|
||||||
|
\ | syn match NBSP '\%xa0'
|
||||||
|
\ | syn match NarrowNBSP '\%u202F'
|
||||||
|
|
||||||
au BufRead,BufNewFile *.hs so ${hs.vim}
|
au BufRead,BufNewFile *.hs so ${hs.vim}
|
||||||
|
|
||||||
|
@ -165,6 +167,8 @@ let
|
||||||
|
|
||||||
hi Garbage ctermbg=088
|
hi Garbage ctermbg=088
|
||||||
hi TabStop ctermbg=016
|
hi TabStop ctermbg=016
|
||||||
|
hi NBSP ctermbg=094
|
||||||
|
hi NarrowNBSP ctermbg=097
|
||||||
hi Todo ctermfg=174 ctermbg=NONE
|
hi Todo ctermfg=174 ctermbg=NONE
|
||||||
|
|
||||||
hi NixCode ctermfg=148
|
hi NixCode ctermfg=148
|
||||||
|
|
|
@ -66,6 +66,12 @@ in {
|
||||||
])
|
])
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.mysql.ensureDatabases = [ "ubikmedia_de" "o_ubikmedia_de" ];
|
||||||
|
services.mysql.ensureUsers = [
|
||||||
|
{ ensurePermissions = { "ubikmedia_de.*" = "ALL"; }; name = "nginx"; }
|
||||||
|
{ ensurePermissions = { "o_ubikmedia_de.*" = "ALL"; }; name = "nginx"; }
|
||||||
|
];
|
||||||
|
|
||||||
services.nginx.virtualHosts."ubikmedia.de".locations."/piwika".extraConfig = ''
|
services.nginx.virtualHosts."ubikmedia.de".locations."/piwika".extraConfig = ''
|
||||||
try_files $uri $uri/ /index.php?$args;
|
try_files $uri $uri/ /index.php?$args;
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -145,8 +145,9 @@ in {
|
||||||
home = "/srv/http/lassul.us";
|
home = "/srv/http/lassul.us";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||||
config.krebs.users.lass.pubkey
|
lass.pubkey
|
||||||
|
lass-mors.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -120,10 +120,13 @@ with import <stockholm/lib>;
|
||||||
${pkgs.coreutils}/bin/kill $WM_PID
|
${pkgs.coreutils}/bin/kill $WM_PID
|
||||||
${pkgs.coreutils}/bin/kill $XEPHYR_PID
|
${pkgs.coreutils}/bin/kill $XEPHYR_PID
|
||||||
'';
|
'';
|
||||||
|
# TODO fix xephyr which doesn't honor resizes anymore
|
||||||
sudo_ = pkgs.writeDash "${cfg.name}-sudo" (if cfg.vglrun then ''
|
sudo_ = pkgs.writeDash "${cfg.name}-sudo" (if cfg.vglrun then ''
|
||||||
/var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@"
|
/var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@"
|
||||||
'' else ''
|
'' else ''
|
||||||
/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
|
#/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
|
||||||
|
/var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@"
|
||||||
|
|
||||||
'');
|
'');
|
||||||
vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" ''
|
vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" ''
|
||||||
DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@"
|
DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@"
|
||||||
|
@ -163,7 +166,7 @@ with import <stockholm/lib>;
|
||||||
|
|
||||||
lass.xjail-bins = mapAttrs' (name: cfg:
|
lass.xjail-bins = mapAttrs' (name: cfg:
|
||||||
nameValuePair name (pkgs.writeScriptBin cfg.name ''
|
nameValuePair name (pkgs.writeScriptBin cfg.name ''
|
||||||
${scripts.${name}.existing} "$@"
|
${scripts.${name}.sudo} "$@"
|
||||||
'')
|
'')
|
||||||
) config.lass.xjail;
|
) config.lass.xjail;
|
||||||
};
|
};
|
||||||
|
|
|
@ -22,13 +22,14 @@
|
||||||
|
|
||||||
in {
|
in {
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
|
||||||
deploy = pkgs.krops.writeDeploy "${name}-deploy" {
|
deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
|
||||||
source = source { test = false; };
|
source = source { test = false; };
|
||||||
target = "root@${name}/var/src";
|
inherit target;
|
||||||
};
|
};
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
||||||
test = { target }: pkgs.krops.writeTest "${name}-test" {
|
test = { target }: pkgs.krops.writeTest "${name}-test" {
|
||||||
|
force = true;
|
||||||
inherit target;
|
inherit target;
|
||||||
source = source { test = true; };
|
source = source { test = true; };
|
||||||
};
|
};
|
||||||
|
|
|
@ -83,6 +83,7 @@ in {
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
||||||
test = { target ? target }: pkgs.krops.writeTest "${name}-test" {
|
test = { target ? target }: pkgs.krops.writeTest "${name}-test" {
|
||||||
|
force = true;
|
||||||
inherit target;
|
inherit target;
|
||||||
source = source { test = true; };
|
source = source { test = true; };
|
||||||
};
|
};
|
||||||
|
|
69
nin/2configs/games.nix
Normal file
69
nin/2configs/games.nix
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
mainUser = config.users.extraUsers.mainUser;
|
||||||
|
vdoom = pkgs.writeDash "vdoom" ''
|
||||||
|
${pkgs.zandronum}/bin/zandronum \
|
||||||
|
-fov 120 \
|
||||||
|
"$@"
|
||||||
|
'';
|
||||||
|
doom = pkgs.writeDash "doom" ''
|
||||||
|
DOOM_DIR=''${DOOM_DIR:-~/doom/}
|
||||||
|
${vdoom} \
|
||||||
|
-file $DOOM_DIR/lib/brutalv20.pk3 \
|
||||||
|
"$@"
|
||||||
|
'';
|
||||||
|
doom1 = pkgs.writeDashBin "doom1" ''
|
||||||
|
DOOM_DIR=''${DOOM_DIR:-~/doom/}
|
||||||
|
${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
|
||||||
|
'';
|
||||||
|
doom2 = pkgs.writeDashBin "doom2" ''
|
||||||
|
DOOM_DIR=''${DOOM_DIR:-~/doom/}
|
||||||
|
${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
|
||||||
|
'';
|
||||||
|
vdoom1 = pkgs.writeDashBin "vdoom1" ''
|
||||||
|
DOOM_DIR=''${DOOM_DIR:-~/doom/}
|
||||||
|
${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
|
||||||
|
'';
|
||||||
|
vdoom2 = pkgs.writeDashBin "vdoom2" ''
|
||||||
|
DOOM_DIR=''${DOOM_DIR:-~/doom/}
|
||||||
|
${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
|
||||||
|
'';
|
||||||
|
|
||||||
|
doomservercfg = pkgs.writeText "doomserver.cfg" ''
|
||||||
|
skill 7
|
||||||
|
#survival true
|
||||||
|
#sv_maxlives 4
|
||||||
|
#sv_norespawn true
|
||||||
|
#sv_weapondrop true
|
||||||
|
no_jump true
|
||||||
|
#sv_noweaponspawn true
|
||||||
|
sv_sharekeys true
|
||||||
|
sv_survivalcountdowntime 1
|
||||||
|
sv_noteamselect true
|
||||||
|
sv_updatemaster false
|
||||||
|
#sv_coop_loseinventory true
|
||||||
|
#cl_startasspectator false
|
||||||
|
#lms_spectatorview false
|
||||||
|
'';
|
||||||
|
|
||||||
|
vdoomserver = pkgs.writeDashBin "vdoomserver" ''
|
||||||
|
DOOM_DIR=''${DOOM_DIR:-~/doom/}
|
||||||
|
|
||||||
|
${pkgs.zandronum}/bin/zandronum-server \
|
||||||
|
+exec ${doomservercfg} \
|
||||||
|
"$@"
|
||||||
|
'';
|
||||||
|
|
||||||
|
in {
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
doom1
|
||||||
|
doom2
|
||||||
|
vdoom1
|
||||||
|
vdoom2
|
||||||
|
vdoomserver
|
||||||
|
];
|
||||||
|
|
||||||
|
hardware.pulseaudio.support32Bit = true;
|
||||||
|
|
||||||
|
}
|
36
nin/krops.nix
Normal file
36
nin/krops.nix
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
{ name }: let
|
||||||
|
inherit (import ../krebs/krops.nix { inherit name; })
|
||||||
|
krebs-source
|
||||||
|
lib
|
||||||
|
pkgs
|
||||||
|
;
|
||||||
|
|
||||||
|
source = { test }: lib.evalSource [
|
||||||
|
krebs-source
|
||||||
|
{
|
||||||
|
nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
|
||||||
|
secrets = if test then {
|
||||||
|
file = toString ./0tests/dummysecrets;
|
||||||
|
} else {
|
||||||
|
pass = {
|
||||||
|
dir = "${lib.getEnv "HOME"}/.password-store";
|
||||||
|
name = "hosts/${name}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
in {
|
||||||
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
|
||||||
|
deploy = pkgs.krops.writeDeploy "${name}-deploy" {
|
||||||
|
source = source { test = false; };
|
||||||
|
target = "root@${name}/var/src";
|
||||||
|
};
|
||||||
|
|
||||||
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
||||||
|
test = { target }: pkgs.krops.writeTest "${name}-test" {
|
||||||
|
force = true;
|
||||||
|
inherit target;
|
||||||
|
source = source { test = true; };
|
||||||
|
};
|
||||||
|
}
|
|
@ -1 +1 @@
|
||||||
Subproject commit 0660cc1a1169e799bda356c6fadb245a96345816
|
Subproject commit fc8a3802a0777a5f43a9a2fe0f5848ecaeb555a1
|
|
@ -153,7 +153,7 @@ let {
|
||||||
public = false;
|
public = false;
|
||||||
hooks = hooks // {
|
hooks = hooks // {
|
||||||
post-receive = /* sh */ ''
|
post-receive = /* sh */ ''
|
||||||
(${hooks.post-receive or ""})
|
(${hooks.post-receive or ":"})
|
||||||
${cgit-clear-cache}/bin/cgit-clear-cache
|
${cgit-clear-cache}/bin/cgit-clear-cache
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,10 +1,28 @@
|
||||||
{ pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../smartd.nix
|
../smartd.nix
|
||||||
|
{
|
||||||
|
boot.extraModulePackages = [
|
||||||
|
config.boot.kernelPackages.acpi_call
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.kernelModules = [
|
||||||
|
"acpi_call"
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.tpacpi-bat
|
||||||
|
];
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
boot.extraModulePackages = [
|
||||||
|
config.boot.kernelPackages.tp_smapi
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.kernelModules = [ "tp_smapi" ];
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,7 @@ let {
|
||||||
|
|
||||||
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
||||||
pkgs.vimPlugins.undotree
|
pkgs.vimPlugins.undotree
|
||||||
|
pkgs.vimPlugins.vim-elixir
|
||||||
(pkgs.vimUtils.buildVimPlugin {
|
(pkgs.vimUtils.buildVimPlugin {
|
||||||
name = "vim-syntax-jq";
|
name = "vim-syntax-jq";
|
||||||
src = pkgs.fetchgit {
|
src = pkgs.fetchgit {
|
||||||
|
|
|
@ -45,8 +45,8 @@ in {
|
||||||
displayManager.job.execCmd = mkForce "derp";
|
displayManager.job.execCmd = mkForce "derp";
|
||||||
|
|
||||||
enable = true;
|
enable = true;
|
||||||
display = 11;
|
display = mkForce 11;
|
||||||
tty = 11;
|
tty = mkForce 11;
|
||||||
|
|
||||||
synaptics = {
|
synaptics = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
||||||
test = { target }: pkgs.krops.writeTest "tv-krops-${name}-ci" {
|
test = { target }: pkgs.krops.writeTest "tv-krops-${name}-ci" {
|
||||||
|
force = true;
|
||||||
inherit source target;
|
inherit source target;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue