makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions1 Packages Projects Releases Wiki Activity

l: cleanup

Browse source
This commit is contained in:
lassulus 2016-06-25 18:38:30 +02:00
parent 6d1a29522a
commit 2b74d0defd
10 changed files with 81 additions and 171 deletions

1
lass/1systems/cloudkrebs.nix
View file

@ -13,7 +13,6 @@ in {
../2configs/retiolum.nix
../2configs/git.nix
../2configs/realwallpaper.nix
../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
{
networking.interfaces.enp2s1.ip4 = [

2
lass/1systems/echelon.nix
View file

@ -11,7 +11,7 @@ in {
../2configs/default.nix
../2configs/exim-retiolum.nix
../2configs/retiolum.nix
../2configs/realwallpaper-server.nix
../2configs/realwallpaper.nix
../2configs/privoxy-retiolum.nix
../2configs/git.nix
#../2configs/redis.nix

38
lass/1systems/mors.nix
View file

@ -3,6 +3,7 @@
{
imports = [
../.
../2configs/hw/tp-x220.nix
../2configs/baseX.nix
../2configs/exim-retiolum.nix
../2configs/programs.nix
@ -14,14 +15,9 @@
../2configs/elster.nix
../2configs/steam.nix
../2configs/wine.nix
#../2configs/texlive.nix
../2configs/binary-caches.nix
#../2configs/ircd.nix
../2configs/chromium-patched.nix
../2configs/git.nix
#../2configs/wordpress.nix
../2configs/bitlbee.nix
#../2configs/firefoxPatched.nix
../2configs/skype.nix
../2configs/teamviewer.nix
../2configs/libvirt.nix
@ -57,17 +53,10 @@
# package = pkgs.postgresql;
# };
#}
{
}
];
krebs.build.host = config.krebs.hosts.mors;
networking.wireless.enable = true;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
@ -77,7 +66,6 @@
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
@ -168,22 +156,6 @@
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
'';
hardware.trackpoint = {
enable = true;
sensitivity = 220;
speed = 0;
emulateWheel = true;
};
services.xserver = {
videoDriver = "intel";
vaapiDrivers = [ pkgs.vaapiIntel ];
deviceSection = ''
Option "AccelMethod" "sna"
BusID "PCI:0:2:0"
'';
};
environment.systemPackages = with pkgs; [
acronym
cac-api
@ -217,12 +189,4 @@
services.mongodb = {
enable = true;
};
krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
];
};
};
}

2
lass/1systems/prism.nix
View file

@ -203,7 +203,7 @@ in {
}
{
imports = [
../2configs/realwallpaper-server.nix
../2configs/realwallpaper.nix
];
krebs.nginx.servers."lassul.us".locations = [
(lib.nameValuePair "/wallpaper.png" ''

26
lass/1systems/shodan.nix
View file

@ -4,6 +4,7 @@ with builtins;
{
imports = [
../.
../2configs/hw/tp-x220.nix
../2configs/baseX.nix
../2configs/git.nix
../2configs/exim-retiolum.nix
@ -20,34 +21,10 @@ with builtins;
# };
# };
#}
{
#x220 config from mors
#TODO: make x220 config file (or look in other user dir)
hardware.trackpoint = {
enable = true;
sensitivity = 220;
speed = 0;
emulateWheel = true;
};
services.xserver = {
videoDriver = "intel";
vaapiDrivers = [ pkgs.vaapiIntel ];
deviceSection = ''
Option "AccelMethod" "sna"
BusID "PCI:0:2:0"
'';
};
}
];
krebs.build.host = config.krebs.hosts.shodan;
networking.wireless.enable = true;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
@ -57,7 +34,6 @@ with builtins;
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {

13
lass/2configs/binary-caches.nix
View file

@ -1,13 +0,0 @@
{ config, ... }:
{
nix.sshServe.enable = true;
nix.sshServe.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel"
];
nix.binaryCaches = [
#"scp://nix-ssh@mors"
#"scp://nix-ssh@uriel"
];
}

50
lass/2configs/hw/tp-x220.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
{
networking.wireless.enable = lib.mkDefault true;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
hardware.cpu.intel.updateMicrocode = true;
zramSwap.enable = true;
zramSwap.numDevices = 2;
hardware.trackpoint = {
enable = true;
sensitivity = 220;
speed = 0;
emulateWheel = true;
};
services.tlp.enable = true;
services.tlp.extraConfig = ''
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
#START_CHARGE_THRESH_BAT0=80
STOP_CHARGE_THRESH_BAT0=95
CPU_SCALING_GOVERNOR_ON_AC=performance
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
CPU_MIN_PERF_ON_AC=0
CPU_MAX_PERF_ON_AC=100
CPU_MIN_PERF_ON_BAT=0
CPU_MAX_PERF_ON_BAT=30
'';
boot = {
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
};
services.xserver = {
videoDriver = "intel";
vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
deviceSection = ''
Option "AccelMethod" "sna"
'';
};
security.rngd.enable = true;
}

32
lass/2configs/realwallpaper-server.nix
View file

@ -1,32 +0,0 @@
{ config, lib, ... }:
let
hostname = config.krebs.build.host.name;
inherit (lib)
nameValuePair
;
in {
imports = [
./realwallpaper.nix
];
krebs.nginx.servers.wallpaper = {
server-names = [
hostname
];
locations = [
(nameValuePair "/wallpaper.png" ''
root /tmp/;
'')
];
};
krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
];
};
};
}

29
lass/2configs/realwallpaper.nix
View file

@ -1,5 +1,30 @@
{ config, ... }:
{ config, lib, ... }:
{
let
hostname = config.krebs.build.host.name;
inherit (lib)
nameValuePair
;
in {
krebs.realwallpaper.enable = true;
krebs.nginx.servers.wallpaper = {
server-names = [
hostname
];
locations = [
(nameValuePair "/wallpaper.png" ''
root /tmp/;
'')
];
};
krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
];
};
};
}

59
lass/2configs/wordpress.nix
View file

@ -1,59 +0,0 @@
{ config, pkgs, ... }:
{
containers.wordpress = {
privateNetwork = true;
hostAddress = "192.168.101.1";
localAddress = "192.168.101.2";
config = {
imports = [
../../krebs/3modules/iptables.nix
];
krebs.iptables = {
enable = true;
tables = {
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
];
};
};
environment.systemPackages = with pkgs; [
iptables
];
services.postgresql = {
enable = true;
package = pkgs.postgresql;
};
services.httpd = {
enable = true;
adminAddr = "root@apanowicz.de";
extraModules = [
{ name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; }
];
virtualHosts = [
{
hostName = "wordpress";
serverAliases = [ "wordpress" "www.wordpress" ];
extraSubservices = [
{
serviceName = "wordpress";
}
];
}
];
};
};
};
}