Merge remote-tracking branch 'ni/master'

This commit is contained in:
lassulus 2023-07-09 11:32:26 +02:00
commit 305b9e1dee
21 changed files with 26 additions and 214 deletions

View file

@ -1,25 +0,0 @@
{
ci = true;
nets = {
retiolum = {
ip4.addr = "10.243.13.37";
aliases = [
"wu.r"
"cgit.wu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "urVOEGxTkBedkpszPH0XRCRMk+Fc2U9IneYMFDqGoIB";
};
};
secure = true;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
}

View file

@ -1 +0,0 @@
68bL6l3/sjbirva80tm0Dw6/PJu1S95nJC58gWCh42E=

View file

@ -113,6 +113,8 @@
]; ];
krebs.build.host = config.krebs.hosts.puyak; krebs.build.host = config.krebs.hosts.puyak;
krebs.hosts.puyak.ssh.privkey.path = <secrets/ssh.id_ed25519>;
sound.enable = false; sound.enable = false;
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;

View file

@ -51,6 +51,7 @@ in
# uninteresting stuff # uninteresting stuff
##################### #####################
krebs.build.host = config.krebs.hosts.wolf; krebs.build.host = config.krebs.hosts.wolf;
krebs.hosts.wolf.ssh.privkey.path = <secrets/ssh.id_ed25519>;
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk"

View file

@ -42,6 +42,7 @@ in {
"makefu@krebsco.de" = makefu; "makefu@krebsco.de" = makefu;
"spam@krebsco.de" = spam-ml; "spam@krebsco.de" = spam-ml;
"tv@krebsco.de" = tv; "tv@krebsco.de" = tv;
"xkey@krebsco.de" = { mail = "lennart@cope.cool"; };
# XXX These are no internet aliases # XXX These are no internet aliases
# XXX exim-retiolum hosts should be able to relay to retiolum addresses # XXX exim-retiolum hosts should be able to relay to retiolum addresses
"lass@retiolum" = lass; "lass@retiolum" = lass;

View file

@ -5,6 +5,6 @@
unifiAddress = "https://unifi.shack:8443/"; unifiAddress = "https://unifi.shack:8443/";
unifiInsecure = true; unifiInsecure = true;
unifiUsername = "prometheus"; # needed manual login after setup to confirm the password unifiUsername = "prometheus"; # needed manual login after setup to confirm the password
unifiPassword = lib.replaceChars ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>); unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>);
}; };
} }

View file

@ -33,7 +33,7 @@ in {
default = {}; default = {};
}; };
config = { config = {
systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceChars ["/"] ["_"] path}" { systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceStrings ["/"] ["_"] path}" {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ path = [
pkgs.acl pkgs.acl

View file

@ -1,5 +1,6 @@
{ config, pkgs, lib, ... }: { config, lib, pkgs, ... }: let
with lib; { slib = import ../../lib/pure.nix { inherit lib; };
in with lib; {
options.krebs.iana-etc.services = mkOption { options.krebs.iana-etc.services = mkOption {
default = {}; default = {};
@ -7,7 +8,7 @@ with lib; {
options = { options = {
port = mkOption { port = mkOption {
default = config._module.args.name; default = config._module.args.name;
type = types.addCheck types.str (test "[1-9][0-9]*"); type = types.addCheck types.str (slib.test "[1-9][0-9]*");
}; };
} // genAttrs ["tcp" "udp"] (protocol: mkOption { } // genAttrs ["tcp" "udp"] (protocol: mkOption {
default = null; default = null;
@ -30,7 +31,7 @@ with lib; {
(proto: let (proto: let
line = "${entry.${proto}.name} ${entry.port}/${proto}"; line = "${entry.${proto}.name} ${entry.port}/${proto}";
in /* sh */ '' in /* sh */ ''
echo ${shell.escape line} echo ${slib.shell.escape line}
'') '')
(filter (proto: entry.${proto} != null) ["tcp" "udp"])} (filter (proto: entry.${proto} != null) ["tcp" "udp"])}
'') (attrValues config.krebs.iana-etc.services)} '') (attrValues config.krebs.iana-etc.services)}

View file

@ -1,4 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: let
slib = import ../../lib/pure.nix { inherit lib; };
in
with lib; { with lib; {
options.krebs.permown = mkOption { options.krebs.permown = mkOption {
@ -16,7 +18,7 @@ with lib; {
group = mkOption { group = mkOption {
apply = x: if x == null then "" else x; apply = x: if x == null then "" else x;
default = null; default = null;
type = types.nullOr types.groupname; type = types.nullOr slib.types.groupname;
}; };
keepGoing = mkOption { keepGoing = mkOption {
default = false; default = false;
@ -28,15 +30,15 @@ with lib; {
''; '';
}; };
owner = mkOption { owner = mkOption {
type = types.username; type = slib.types.username;
}; };
path = mkOption { path = mkOption {
default = config._module.args.name; default = config._module.args.name;
type = types.absolute-pathname; type = slib.types.absolute-pathname;
}; };
umask = mkOption { umask = mkOption {
default = "0027"; default = "0027";
type = types.file-mode; type = slib.types.file-mode;
}; };
}; };
})); }));
@ -48,11 +50,11 @@ with lib; {
system.activationScripts.permown = let system.activationScripts.permown = let
mkdir = plan: /* sh */ '' mkdir = plan: /* sh */ ''
${pkgs.coreutils}/bin/mkdir -p ${shell.escape plan.path} ${pkgs.coreutils}/bin/mkdir -p ${slib.shell.escape plan.path}
''; '';
in concatMapStrings mkdir plans; in concatMapStrings mkdir plans;
systemd.services = genAttrs' plans (plan: let systemd.services = slib.genAttrs' plans (plan: let
continuable = command: continuable = command:
if plan.keepGoing if plan.keepGoing
then /* sh */ "{ ${command}; } || :" then /* sh */ "{ ${command}; } || :"

View file

@ -18,9 +18,9 @@ let
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
}; };
}.${versions.majorMinor version} or { }.${versions.majorMinor version} or {
version = "0.4.1-tv2"; version = "0.4.2-tv1";
rev = "refs/tags/v${cfg.version}"; rev = "refs/tags/v${cfg.version}";
sha256 = "1yg4b5318lpviwgjs4kdcqg8cwfnxxfcdckcjq12r2nnj2k4ms2d"; sha256 = "JZfqvkbb/1t0q1iWmZHmmCN2Vr+QKTiq4LVncrG+xMU=";
}; };
in mkDerivation { in mkDerivation {

View file

@ -3,7 +3,7 @@ with stockholm.lib;
let let
readJSON = path: fromJSON (readFile path); readJSON = path: fromJSON (readFile path);
sed.escape = replaceChars ["/"] ["\\/"]; # close enough sed.escape = replaceStrings ["/"] ["\\/"]; # close enough
PATH = makeBinPath [ PATH = makeBinPath [
coreutils coreutils
curl curl

View file

@ -26,7 +26,7 @@ let
krops = import ../submodules/krops/lib; krops = import ../submodules/krops/lib;
shell = import ./shell.nix { inherit (stockholm) lib; }; shell = import ./shell.nix { inherit (stockholm) lib; };
systemd = { systemd = {
encodeName = replaceChars ["/"] ["\\x2f"]; encodeName = replaceStrings ["/"] ["\\x2f"];
}; };
types = nixpkgs-lib.types // import ./types.nix { lib = stockholm.lib; }; types = nixpkgs-lib.types // import ./types.nix { lib = stockholm.lib; };
uri = import ./uri.nix { inherit (stockholm) lib; }; uri = import ./uri.nix { inherit (stockholm) lib; };
@ -79,7 +79,7 @@ let
string = toJSON x; # close enough string = toJSON x; # close enough
}.${type} or reject; }.${type} or reject;
indent = replaceChars ["\n"] ["\n "]; indent = replaceStrings ["\n"] ["\n "];
stripAttr = converge (filterAttrsRecursive (n: v: v != {} && v != null)); stripAttr = converge (filterAttrsRecursive (n: v: v != {} && v != null));

View file

@ -4,7 +4,7 @@ with import <stockholm/lib>;
let let
# returns dirname without / , used as disk name # returns dirname without / , used as disk name
dname = dir: replaceChars ["/"] [""] (head (reverseList (splitString "/" dir))); dname = dir: replaceStrings ["/"] [""] (head (reverseList (splitString "/" dir)));
snapraid-conf = '' snapraid-conf = ''
# Disks # Disks
${concatMapStringsSep "\n" (d: "disk ${dname d} ${d}") cfg.disks} ${concatMapStringsSep "\n" (d: "disk ${dname d} ${d}") cfg.disks}

View file

@ -1,42 +0,0 @@
with import ../lib;
{ config, pkgs, ... }: {
krebs.build.host = config.krebs.hosts.wu;
imports = [
<stockholm/tv>
<stockholm/tv/2configs/hw/w110er.nix>
<stockholm/tv/2configs/exim-retiolum.nix>
<stockholm/tv/2configs/pulse.nix>
<stockholm/tv/2configs/retiolum.nix>
<stockholm/tv/2configs/xserver>
];
boot.initrd.luks.devices.wuca.device = "/dev/sda2";
fileSystems = {
"/" = {
device = "/dev/mapper/wuvga-root";
fsType = "ext4";
};
"/bku" = {
device = "/dev/mapper/wuvga-bku";
fsType = "ext4";
};
"/home" = {
device = "/dev/mapper/wuvga-home";
fsType = "ext4";
};
"/boot" = {
device = "/dev/sda1";
};
};
networking.wireless.enable = true;
networking.wireless.interfaces = [
"wlp3s0"
];
networking.interfaces.enp4s0f2.useDHCP = true;
networking.interfaces.wlp3s0.useDHCP = true;
networking.useDHCP = false;
}

View file

@ -1 +0,0 @@
../lib

View file

@ -9,12 +9,6 @@ with import ./lib;
yearly = { format = "%Y"; }; yearly = { format = "%Y"; };
}; };
}) { }) {
bu-home-wu = {
method = "push";
src = { host = config.krebs.hosts.bu; path = "/home"; };
dst = { host = config.krebs.hosts.wu; path = "/bku/bu-home"; };
startAt = "05:15";
};
bu-home-xu = { bu-home-xu = {
method = "push"; method = "push";
src = { host = config.krebs.hosts.bu; path = "/home"; }; src = { host = config.krebs.hosts.bu; path = "/home"; };
@ -45,18 +39,6 @@ with import ./lib;
dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; }; dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; };
startAt = "22:00"; startAt = "22:00";
}; };
wu-home-xu = {
method = "push";
src = { host = config.krebs.hosts.wu; path = "/home"; };
dst = { host = config.krebs.hosts.xu; path = "/bku/wu-home"; };
startAt = "05:00";
};
wu-home-zu = {
method = "push";
src = { host = config.krebs.hosts.wu; path = "/home"; };
dst = { host = config.krebs.hosts.zu; path = "/bku/wu-home"; };
startAt = "05:20";
};
xu-home-bu = { xu-home-bu = {
method = "push"; method = "push";
src = { host = config.krebs.hosts.xu; path = "/home"; }; src = { host = config.krebs.hosts.xu; path = "/home"; };
@ -69,12 +51,6 @@ with import ./lib;
dst = { host = config.krebs.hosts.nomic; path = "/fs/cis3hG/bku/xu-home"; }; dst = { host = config.krebs.hosts.nomic; path = "/fs/cis3hG/bku/xu-home"; };
startAt = "05:20"; startAt = "05:20";
}; };
xu-home-wu = {
method = "push";
src = { host = config.krebs.hosts.xu; path = "/home"; };
dst = { host = config.krebs.hosts.wu; path = "/bku/xu-home"; };
startAt = "06:00";
};
xu-home-zu = { xu-home-zu = {
method = "push"; method = "push";
src = { host = config.krebs.hosts.xu; path = "/home"; }; src = { host = config.krebs.hosts.xu; path = "/home"; };
@ -129,10 +105,5 @@ with import ./lib;
src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; }; src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; };
dst = { host = config.krebs.hosts.xu; path = "/bku/xu-test-pull"; }; dst = { host = config.krebs.hosts.xu; path = "/bku/xu-test-pull"; };
}; };
xu-test-push-wu = {
method = "push";
src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; };
dst = { host = config.krebs.hosts.wu; path = "/bku/xu-test-push"; };
};
}; };
} }

View file

@ -130,11 +130,4 @@ with import ./lib;
]; ];
} }
]; ];
nixpkgs.overlays =
mkAfter (optional config.hardware.video.hidpi.enable (self: super: {
alacritty-tv = super.alacritty-tv.override {
variant = "hidpi";
};
}));
} }

View file

@ -15,7 +15,6 @@ with import ./lib;
]; ];
relay_from_hosts = concatMap (host: host.nets.retiolum.addrs) [ relay_from_hosts = concatMap (host: host.nets.retiolum.addrs) [
config.krebs.hosts.nomic config.krebs.hosts.nomic
config.krebs.hosts.wu
config.krebs.hosts.xu config.krebs.hosts.xu
]; ];
internet-aliases = with config.krebs.users; [ internet-aliases = with config.krebs.users; [

View file

@ -1,70 +0,0 @@
with import ./lib;
{ pkgs, ... }: {
imports = [
../smartd.nix
{
# nvidia doesn't build despite
# https://github.com/NixOS/nixpkgs/issues/33284
#hardware.bumblebee.enable = true;
#hardware.bumblebee.group = "video";
#hardware.enableRedistributableFirmware= true;
#krebs.nixpkgs.allowUnfreePredicate = pkg: any (eq (packageName pkg)) [
# "nvidia-x11"
# "nvidia-persistenced"
# "nvidia-settings"
#];
}
{
nix.buildCores = 4;
nix.maxJobs = 4;
}
(if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then {
nix.daemonCPUSchedPolicy = "batch";
nix.daemonIOSchedPriority = 1;
} else {
nix.daemonIONiceLevel = 1;
nix.daemonNiceLevel = 1;
})
];
boot.extraModprobeConfig = ''
options kvm_intel nested=1
'';
boot.initrd.availableKernelModules = [ "ahci" ];
boot.kernelModules = [ "kvm-intel" ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
hardware.enableRedistributableFirmware = true;
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
networking.wireless.enable = true;
services.logind.extraConfig = ''
HandleHibernateKey=ignore
HandleLidSwitch=ignore
HandlePowerKey=ignore
HandleSuspendKey=ignore
'';
system.activationScripts.powertopTunables = ''
echo 1 > /sys/module/snd_hda_intel/parameters/power_save
echo 1500 > /proc/sys/vm/dirty_writeback_centisecs
(cd /sys/bus/pci/devices
for i in *; do
echo auto > $i/power/control # defaults to 'on'
done)
'';
services.xserver = {
videoDriver = "intel";
};
tv.hw.screens.primary.width = 1366;
tv.hw.screens.primary.height = 768;
}

View file

@ -38,19 +38,6 @@
]; ];
}; };
}; };
wu = {
nets.hkw = {
ip4 = {
addr = "10.23.1.37";
prefix = "10.23.1.0/24";
};
aliases = [
"wu.hkw"
"cache.wu.hkw"
];
ssh.port = 11423;
};
};
xu = { xu = {
nets.hkw = { nets.hkw = {
ip4 = { ip4 = {

View file

@ -52,12 +52,6 @@ in {
enable = true; enable = true;
display = mkForce 11; display = mkForce 11;
tty = mkForce 11; tty = mkForce 11;
synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
};
}; };
systemd.services.display-manager.enable = false; systemd.services.display-manager.enable = false;