Merge remote-tracking branch 'ni/master'
This commit is contained in:
commit
305b9e1dee
|
@ -1,25 +0,0 @@
|
|||
{
|
||||
ci = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.13.37";
|
||||
aliases = [
|
||||
"wu.r"
|
||||
"cgit.wu.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
|
||||
M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
|
||||
GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
|
||||
KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
|
||||
4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
|
||||
AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "urVOEGxTkBedkpszPH0XRCRMk+Fc2U9IneYMFDqGoIB";
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
68bL6l3/sjbirva80tm0Dw6/PJu1S95nJC58gWCh42E=
|
|
@ -113,6 +113,8 @@
|
|||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.puyak;
|
||||
krebs.hosts.puyak.ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
|
||||
sound.enable = false;
|
||||
boot = {
|
||||
loader.systemd-boot.enable = true;
|
||||
|
|
|
@ -51,6 +51,7 @@ in
|
|||
# uninteresting stuff
|
||||
#####################
|
||||
krebs.build.host = config.krebs.hosts.wolf;
|
||||
krebs.hosts.wolf.ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk"
|
||||
|
|
|
@ -42,6 +42,7 @@ in {
|
|||
"makefu@krebsco.de" = makefu;
|
||||
"spam@krebsco.de" = spam-ml;
|
||||
"tv@krebsco.de" = tv;
|
||||
"xkey@krebsco.de" = { mail = "lennart@cope.cool"; };
|
||||
# XXX These are no internet aliases
|
||||
# XXX exim-retiolum hosts should be able to relay to retiolum addresses
|
||||
"lass@retiolum" = lass;
|
||||
|
|
|
@ -5,6 +5,6 @@
|
|||
unifiAddress = "https://unifi.shack:8443/";
|
||||
unifiInsecure = true;
|
||||
unifiUsername = "prometheus"; # needed manual login after setup to confirm the password
|
||||
unifiPassword = lib.replaceChars ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>);
|
||||
unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>);
|
||||
};
|
||||
}
|
||||
|
|
|
@ -33,7 +33,7 @@ in {
|
|||
default = {};
|
||||
};
|
||||
config = {
|
||||
systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceChars ["/"] ["_"] path}" {
|
||||
systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceStrings ["/"] ["_"] path}" {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [
|
||||
pkgs.acl
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib; {
|
||||
{ config, lib, pkgs, ... }: let
|
||||
slib = import ../../lib/pure.nix { inherit lib; };
|
||||
in with lib; {
|
||||
|
||||
options.krebs.iana-etc.services = mkOption {
|
||||
default = {};
|
||||
|
@ -7,7 +8,7 @@ with lib; {
|
|||
options = {
|
||||
port = mkOption {
|
||||
default = config._module.args.name;
|
||||
type = types.addCheck types.str (test "[1-9][0-9]*");
|
||||
type = types.addCheck types.str (slib.test "[1-9][0-9]*");
|
||||
};
|
||||
} // genAttrs ["tcp" "udp"] (protocol: mkOption {
|
||||
default = null;
|
||||
|
@ -30,7 +31,7 @@ with lib; {
|
|||
(proto: let
|
||||
line = "${entry.${proto}.name} ${entry.port}/${proto}";
|
||||
in /* sh */ ''
|
||||
echo ${shell.escape line}
|
||||
echo ${slib.shell.escape line}
|
||||
'')
|
||||
(filter (proto: entry.${proto} != null) ["tcp" "udp"])}
|
||||
'') (attrValues config.krebs.iana-etc.services)}
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, ... }: let
|
||||
slib = import ../../lib/pure.nix { inherit lib; };
|
||||
in
|
||||
with lib; {
|
||||
|
||||
options.krebs.permown = mkOption {
|
||||
|
@ -16,7 +18,7 @@ with lib; {
|
|||
group = mkOption {
|
||||
apply = x: if x == null then "" else x;
|
||||
default = null;
|
||||
type = types.nullOr types.groupname;
|
||||
type = types.nullOr slib.types.groupname;
|
||||
};
|
||||
keepGoing = mkOption {
|
||||
default = false;
|
||||
|
@ -28,15 +30,15 @@ with lib; {
|
|||
'';
|
||||
};
|
||||
owner = mkOption {
|
||||
type = types.username;
|
||||
type = slib.types.username;
|
||||
};
|
||||
path = mkOption {
|
||||
default = config._module.args.name;
|
||||
type = types.absolute-pathname;
|
||||
type = slib.types.absolute-pathname;
|
||||
};
|
||||
umask = mkOption {
|
||||
default = "0027";
|
||||
type = types.file-mode;
|
||||
type = slib.types.file-mode;
|
||||
};
|
||||
};
|
||||
}));
|
||||
|
@ -48,11 +50,11 @@ with lib; {
|
|||
|
||||
system.activationScripts.permown = let
|
||||
mkdir = plan: /* sh */ ''
|
||||
${pkgs.coreutils}/bin/mkdir -p ${shell.escape plan.path}
|
||||
${pkgs.coreutils}/bin/mkdir -p ${slib.shell.escape plan.path}
|
||||
'';
|
||||
in concatMapStrings mkdir plans;
|
||||
|
||||
systemd.services = genAttrs' plans (plan: let
|
||||
systemd.services = slib.genAttrs' plans (plan: let
|
||||
continuable = command:
|
||||
if plan.keepGoing
|
||||
then /* sh */ "{ ${command}; } || :"
|
||||
|
|
|
@ -18,9 +18,9 @@ let
|
|||
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
|
||||
};
|
||||
}.${versions.majorMinor version} or {
|
||||
version = "0.4.1-tv2";
|
||||
version = "0.4.2-tv1";
|
||||
rev = "refs/tags/v${cfg.version}";
|
||||
sha256 = "1yg4b5318lpviwgjs4kdcqg8cwfnxxfcdckcjq12r2nnj2k4ms2d";
|
||||
sha256 = "JZfqvkbb/1t0q1iWmZHmmCN2Vr+QKTiq4LVncrG+xMU=";
|
||||
};
|
||||
|
||||
in mkDerivation {
|
||||
|
|
|
@ -3,7 +3,7 @@ with stockholm.lib;
|
|||
|
||||
let
|
||||
readJSON = path: fromJSON (readFile path);
|
||||
sed.escape = replaceChars ["/"] ["\\/"]; # close enough
|
||||
sed.escape = replaceStrings ["/"] ["\\/"]; # close enough
|
||||
PATH = makeBinPath [
|
||||
coreutils
|
||||
curl
|
||||
|
|
|
@ -26,7 +26,7 @@ let
|
|||
krops = import ../submodules/krops/lib;
|
||||
shell = import ./shell.nix { inherit (stockholm) lib; };
|
||||
systemd = {
|
||||
encodeName = replaceChars ["/"] ["\\x2f"];
|
||||
encodeName = replaceStrings ["/"] ["\\x2f"];
|
||||
};
|
||||
types = nixpkgs-lib.types // import ./types.nix { lib = stockholm.lib; };
|
||||
uri = import ./uri.nix { inherit (stockholm) lib; };
|
||||
|
@ -79,7 +79,7 @@ let
|
|||
string = toJSON x; # close enough
|
||||
}.${type} or reject;
|
||||
|
||||
indent = replaceChars ["\n"] ["\n "];
|
||||
indent = replaceStrings ["\n"] ["\n "];
|
||||
|
||||
stripAttr = converge (filterAttrsRecursive (n: v: v != {} && v != null));
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ with import <stockholm/lib>;
|
|||
|
||||
let
|
||||
# returns dirname without / , used as disk name
|
||||
dname = dir: replaceChars ["/"] [""] (head (reverseList (splitString "/" dir)));
|
||||
dname = dir: replaceStrings ["/"] [""] (head (reverseList (splitString "/" dir)));
|
||||
snapraid-conf = ''
|
||||
# Disks
|
||||
${concatMapStringsSep "\n" (d: "disk ${dname d} ${d}") cfg.disks}
|
||||
|
|
|
@ -1,42 +0,0 @@
|
|||
with import ../lib;
|
||||
{ config, pkgs, ... }: {
|
||||
krebs.build.host = config.krebs.hosts.wu;
|
||||
|
||||
imports = [
|
||||
<stockholm/tv>
|
||||
<stockholm/tv/2configs/hw/w110er.nix>
|
||||
<stockholm/tv/2configs/exim-retiolum.nix>
|
||||
<stockholm/tv/2configs/pulse.nix>
|
||||
<stockholm/tv/2configs/retiolum.nix>
|
||||
<stockholm/tv/2configs/xserver>
|
||||
];
|
||||
|
||||
boot.initrd.luks.devices.wuca.device = "/dev/sda2";
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/mapper/wuvga-root";
|
||||
fsType = "ext4";
|
||||
};
|
||||
"/bku" = {
|
||||
device = "/dev/mapper/wuvga-bku";
|
||||
fsType = "ext4";
|
||||
};
|
||||
"/home" = {
|
||||
device = "/dev/mapper/wuvga-home";
|
||||
fsType = "ext4";
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
};
|
||||
|
||||
networking.wireless.enable = true;
|
||||
networking.wireless.interfaces = [
|
||||
"wlp3s0"
|
||||
];
|
||||
networking.interfaces.enp4s0f2.useDHCP = true;
|
||||
networking.interfaces.wlp3s0.useDHCP = true;
|
||||
networking.useDHCP = false;
|
||||
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
../lib
|
|
@ -9,12 +9,6 @@ with import ./lib;
|
|||
yearly = { format = "%Y"; };
|
||||
};
|
||||
}) {
|
||||
bu-home-wu = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.bu; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.wu; path = "/bku/bu-home"; };
|
||||
startAt = "05:15";
|
||||
};
|
||||
bu-home-xu = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.bu; path = "/home"; };
|
||||
|
@ -45,18 +39,6 @@ with import ./lib;
|
|||
dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; };
|
||||
startAt = "22:00";
|
||||
};
|
||||
wu-home-xu = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.wu; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.xu; path = "/bku/wu-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
wu-home-zu = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.wu; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.zu; path = "/bku/wu-home"; };
|
||||
startAt = "05:20";
|
||||
};
|
||||
xu-home-bu = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.xu; path = "/home"; };
|
||||
|
@ -69,12 +51,6 @@ with import ./lib;
|
|||
dst = { host = config.krebs.hosts.nomic; path = "/fs/cis3hG/bku/xu-home"; };
|
||||
startAt = "05:20";
|
||||
};
|
||||
xu-home-wu = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.xu; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.wu; path = "/bku/xu-home"; };
|
||||
startAt = "06:00";
|
||||
};
|
||||
xu-home-zu = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.xu; path = "/home"; };
|
||||
|
@ -129,10 +105,5 @@ with import ./lib;
|
|||
src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; };
|
||||
dst = { host = config.krebs.hosts.xu; path = "/bku/xu-test-pull"; };
|
||||
};
|
||||
xu-test-push-wu = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.xu; path = "/tmp/xu-bku-test-data"; };
|
||||
dst = { host = config.krebs.hosts.wu; path = "/bku/xu-test-push"; };
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -130,11 +130,4 @@ with import ./lib;
|
|||
];
|
||||
}
|
||||
];
|
||||
|
||||
nixpkgs.overlays =
|
||||
mkAfter (optional config.hardware.video.hidpi.enable (self: super: {
|
||||
alacritty-tv = super.alacritty-tv.override {
|
||||
variant = "hidpi";
|
||||
};
|
||||
}));
|
||||
}
|
||||
|
|
|
@ -15,7 +15,6 @@ with import ./lib;
|
|||
];
|
||||
relay_from_hosts = concatMap (host: host.nets.retiolum.addrs) [
|
||||
config.krebs.hosts.nomic
|
||||
config.krebs.hosts.wu
|
||||
config.krebs.hosts.xu
|
||||
];
|
||||
internet-aliases = with config.krebs.users; [
|
||||
|
|
|
@ -1,70 +0,0 @@
|
|||
with import ./lib;
|
||||
{ pkgs, ... }: {
|
||||
imports = [
|
||||
../smartd.nix
|
||||
{
|
||||
# nvidia doesn't build despite
|
||||
# https://github.com/NixOS/nixpkgs/issues/33284
|
||||
#hardware.bumblebee.enable = true;
|
||||
#hardware.bumblebee.group = "video";
|
||||
#hardware.enableRedistributableFirmware= true;
|
||||
#krebs.nixpkgs.allowUnfreePredicate = pkg: any (eq (packageName pkg)) [
|
||||
# "nvidia-x11"
|
||||
# "nvidia-persistenced"
|
||||
# "nvidia-settings"
|
||||
#];
|
||||
}
|
||||
|
||||
{
|
||||
nix.buildCores = 4;
|
||||
nix.maxJobs = 4;
|
||||
}
|
||||
(if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then {
|
||||
nix.daemonCPUSchedPolicy = "batch";
|
||||
nix.daemonIOSchedPriority = 1;
|
||||
} else {
|
||||
nix.daemonIONiceLevel = 1;
|
||||
nix.daemonNiceLevel = 1;
|
||||
})
|
||||
];
|
||||
|
||||
boot.extraModprobeConfig = ''
|
||||
options kvm_intel nested=1
|
||||
'';
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ahci" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
|
||||
|
||||
networking.wireless.enable = true;
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandleHibernateKey=ignore
|
||||
HandleLidSwitch=ignore
|
||||
HandlePowerKey=ignore
|
||||
HandleSuspendKey=ignore
|
||||
'';
|
||||
|
||||
system.activationScripts.powertopTunables = ''
|
||||
echo 1 > /sys/module/snd_hda_intel/parameters/power_save
|
||||
echo 1500 > /proc/sys/vm/dirty_writeback_centisecs
|
||||
(cd /sys/bus/pci/devices
|
||||
for i in *; do
|
||||
echo auto > $i/power/control # defaults to 'on'
|
||||
done)
|
||||
'';
|
||||
|
||||
services.xserver = {
|
||||
videoDriver = "intel";
|
||||
};
|
||||
|
||||
tv.hw.screens.primary.width = 1366;
|
||||
tv.hw.screens.primary.height = 768;
|
||||
}
|
|
@ -38,19 +38,6 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
wu = {
|
||||
nets.hkw = {
|
||||
ip4 = {
|
||||
addr = "10.23.1.37";
|
||||
prefix = "10.23.1.0/24";
|
||||
};
|
||||
aliases = [
|
||||
"wu.hkw"
|
||||
"cache.wu.hkw"
|
||||
];
|
||||
ssh.port = 11423;
|
||||
};
|
||||
};
|
||||
xu = {
|
||||
nets.hkw = {
|
||||
ip4 = {
|
||||
|
|
|
@ -52,12 +52,6 @@ in {
|
|||
enable = true;
|
||||
display = mkForce 11;
|
||||
tty = mkForce 11;
|
||||
|
||||
synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
accelFactor = "0.035";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.display-manager.enable = false;
|
||||
|
|
Loading…
Reference in a new issue