Merge remote-tracking branch 'prism/master' into head
This commit is contained in:
commit
3c1a1f0f09
|
@ -50,15 +50,20 @@ in {
|
|||
aliases = [ "filebitch.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA8ZSLsOlPy9Vd8XdEcIoP8H3rztsbB0McTYPGhUaZ6/aqcD/MBSQa
|
||||
FT9NZS0+N0Pev7y90As6Rj5Wrom92xlThcFPaX0Dzmzz+7363M4qtlrtmmWkx2FX
|
||||
VDrPOYbe4hGGOCsPNOTNJkcW4zs2Ym5YKbZeXHfnuqCW+yuhKBCgO9slc740jkHZ
|
||||
5xuv5zbU3ZMRk1H8xi4+cQcHqh+1PY75lJxVSNvrbe5pvGxm9yVdp235b49ohDRU
|
||||
UfUjXmymPlnfJgTOMxmHwl+UmwYR4Yw2CZKXTjbJe5HjbykleTwUb1qyijM8suJf
|
||||
eXRyma8VGILcY6K/HmE4nz7ESAlI1c+QlwIDAQAB
|
||||
MIICCgKCAgEA8S3eYZB/z1oT8SlSeHXdHVlSZE1Z15KA2Icd/qLnopqIj9qi8rGa
|
||||
TVptxNPAnI6ohLw3MnFix2fZCizHremrIV5lObSB/hYfqJZq73/Og3zb7GO25cl+
|
||||
bb/ApgmTHKjrI0xJPnRxC4Wl0KawEFfX+J3pS0ty9JHN7VNHfPzCnd3NO/LplY+9
|
||||
hxsV6Oegt4+X4onv7/5xjd/PYe7CsA3BvKGqtLwznEg/fZdm/e2UJv2U/ddk2MUU
|
||||
JwDpQ3n4WYSv4ltY6TcTP1CiFHNOzaPV4AxUROimvI8natuTC+Yapv/J5DDowatX
|
||||
Fo51GXXptTr3lASHNfonWDBTmhkELp3uS48MYO6z/fxLNqS4Un7q845sEN4GQQXL
|
||||
StdUQEDp7+ycui2zHG7GHfbGqK5qZ1/hVU8sofnlfIGlfgwcMN4NHjhS5GifQGPC
|
||||
Fuwx5e/r06HI9FaC5BM6muouaFiGWkK2Xb/coSZb7eoXffVIyiX1didrlwCYzI5b
|
||||
K/KMQRsJu1mhAjUrlxxvtW5Y2yj+kP70Kz9FaPAIlWirMK+EQFCToK63CbCO5X2y
|
||||
5Pxkomg/KCeZ9grBSugnI2i6WqYeyOTGHM45VugxhU39mgBxzcIVjDy+UKVh/ILS
|
||||
3IYJVNzCFcbDueHp+G56ClCT1HYYPuAieFhawzwAQ7jUN3mhvdOr5fUCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
Ed25519PublicKey = NPjEmo1dkxNS2Xm7qUyWhLKdFYF4MnhIM79NPQELWHC
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "D5TYSZW9OAkdnvQ/NL98UgheRC2Zg4SMNZ8M4/KwdeL";
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
|
|
39
kartei/lass/aergia.nix
Normal file
39
kartei/lass/aergia.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{ r6, w6, ... }:
|
||||
{
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.1";
|
||||
ip6.addr = r6 "ae12";
|
||||
aliases = [
|
||||
"aergia.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAqLtEUExq0qmXbi3aykdoW1WIneePfmm1SnFxCVcEBecJ1z326cNl
|
||||
EIhYFSzhctwui0vG1dscmNMXHJ0rRQ0QHks1kp/x2MNMlun3Wl8Md9PQrTRGqZOf
|
||||
ltdlNKzn8QbqcQQa9BYMgnFRzhbzzsSO3q5xqncJJ8qSxxWy/boIR9fO+OI/aUfe
|
||||
rVLVHj/i5TTAmov5johqQZOyb7ydEbLiTbaaPSo1H/I/as0iv2jaDRdoVBL5/r+q
|
||||
JvYFfhcdePjpwjRVNohdRwPquyM2ut91e2UyxD5N5eUoQBn+Xr18f6CQlyfJmMrc
|
||||
/oGL+DScrDzFQ/ezCzks3O02dWAmgJsU6odUyNqtdU2x+0lhSqTRH0IXfdkj5n3k
|
||||
K5U340/84e8Bn/1BJQoaGpBZJbK8RHdZd/0r+9+aXcI5tm2YAGaPPYzgLUYg06NZ
|
||||
fMES28iByiCecIPci4vUZ50oOQFGQYaBNA12JC4TRbL/EfLlaax9bRAaUQr7qIXS
|
||||
OBmKrC8eN9QO53T2d2w8Llk5d1rwq0TE3lyJEFLt7sqrHvlBFJ4fpeC+JqZAObqf
|
||||
AJlCvFrqDYXBPzuNC2cZQX9QJ4FlGBpOObGg5KtkY0hPUyBO96OMxIDQ2+Jqc7F0
|
||||
isAUVvn23h6i3m77jRE1AGFyIC/ReMaCH70/83AJQxRpTkzKcF98xU8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "Jb8RJkm+ufh8o0acM31P2BolEUneYFB4xbtyoLQywLG";
|
||||
};
|
||||
wiregrill = {
|
||||
ip6.addr = w6 "ae12";
|
||||
aliases = [
|
||||
"aergia.w"
|
||||
];
|
||||
wireguard.pubkey = ''
|
||||
h2GFkqW1ThHpDiALrLkJEsR5NU1lXHvwk0Kers1vIxg=
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAGcqlL5fcxT3iCTlOm5rNPGKZmx1SEDWS71d3Tvbs/";
|
||||
syncthing.id = "K5G46ZC-AKEG3WE-MQTG6MB-PC3ZA7O-C2BOKW6-KCXTSEW-RWHKP4B-Q7FCRQ7";
|
||||
}
|
38
kartei/lass/orange.nix
Normal file
38
kartei/lass/orange.nix
Normal file
|
@ -0,0 +1,38 @@
|
|||
{ r6, w6, ... }:
|
||||
{
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.15";
|
||||
ip6.addr = r6 "012a";
|
||||
aliases = [
|
||||
"orange.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAlnHedIf4f3/6Wfl5PSSz+7KvdIMkygp5m/U270sdPBh46MqYa8cn
|
||||
OfPq40LcbWIZqAVex7mP+fK7vq8LTIr+sCKvzY46o3ZLbQQ7cCtQi02GFnSAPhVT
|
||||
4XEmPn9dX/nRmI8xQqzh5jRMpgeOKE+xY6QfgkERD9mflkJi5dGYCOVW1UUK7pHR
|
||||
7giCrUiLuQbUeIz+G7KOeIRHxU8dwD8it1Jk6KxdM3MW6HwFsuqZu0qjbBPKhTEe
|
||||
fgzSTDtZEGmcQw5vA/RwjxoRvKYThbK/lLoVJItFAhUCWUJA8bJuIanwzPfOF0JO
|
||||
xWkxiY3ntvn5ykbvhF6LoHE+kEfcBJzBfRFRSXV5qU5wW1FC4AQylUDrest/qXQh
|
||||
DY8boUqK/hi/MlC2ciPH+DlBOi5wduWty8F0KqNzjg1IIEOk8H+z9hgBDbdJnYHH
|
||||
MBjYOZ3MFpoNb2VCJTE7dlIarVdH1OOO2KkzX/GGW7wGQK94iqLHjBcGl15GcGOz
|
||||
EOivq+783VOtzZGS4jd8D0OcCo725FzhuWi6KR5QTljwrd5C1gGFoAW7RCsUiveZ
|
||||
0by9aB+G2DWmSRWZsmPnnbYo6yPvp+WR2yfPu1pKwjyNsmAgTYm4bkwRIvODb6Xk
|
||||
ShgawP5V8RDp+hUmr27KgJvUJnQbVeJf9SO1pT7IfNOjLwHv26iOo7UCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "dVIOgHjuKLDJ+QB+sDjL9Pk3pXs8wKo+gemGvNG3z1H";
|
||||
};
|
||||
wiregrill = {
|
||||
ip6.addr = w6 "012a";
|
||||
aliases = [
|
||||
"orange.w"
|
||||
];
|
||||
wireguard.pubkey = ''
|
||||
NP8zM9+ocwsHhY9Rn6tFqIU1FR8JidqtDs7IKpl3yU8=
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnHnTPPwMW1Oy3DBuaT4fG5ryhWmVS9Y8Sw0ezUGuLn";
|
||||
}
|
38
kartei/lass/ubik.nix
Normal file
38
kartei/lass/ubik.nix
Normal file
|
@ -0,0 +1,38 @@
|
|||
{ r6, w6, ... }:
|
||||
{
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.12";
|
||||
ip6.addr = r6 "0b1c";
|
||||
aliases = [
|
||||
"ubik.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAnWJKDrDmmGZbwVeaBhvOdTR4nsumo1yzOR2Iu+SMTOH6fbgJM5cW
|
||||
WtlgPhrdOMrBYR956SBiBNkvsdczRrOF7F6hvXyDwwoGdWGsZXzaTMJlNAYjP5Y4
|
||||
fbJlDq8/QV/SvVFGeu4XP3g2yuU/aNu/4FkU4jlysX+8wo9qGpIFPLpLvqfuU247
|
||||
jHCatNzHfLK60fx7yt57iDhuX2plyFfQVX7xPTxudfGZKD7rEDEnKX4Ghd5dUkOA
|
||||
z0lr0B1AOrkZgrnajU0ZmkjnNy8lrylCWDOnEPhJdao53gL4XFmUcZaR4uFsWuS7
|
||||
V1VM+VivuMTAXRUnJScyLap2mo6dcr9h11kas70c/R7tI2pGmxlNk9t2uYy/jQnC
|
||||
WmyzNCcqpPSfKikx5sRVAVIuv2wtAKYDuZg+1D4YEfeklA0+ZZlHO43NnRnIoKeO
|
||||
Za0SNUE6vtd/EPoiifMkOWtHaO0LppgOxMTk8OgUxR6dcTmbuL0Roz3aY0rSW3EG
|
||||
+li3yjS3YAtMtvhQwuqooVrkBFrcGQLjTnAfCeUHbCjZidGAHnqhESA+Aj+LKx32
|
||||
0ALQY439xAs6Vf3rICs93cO4Yxa8W1F5sHE6ANOGU+jCmSkCWI2hdHGbckD3L0AQ
|
||||
NBJ+jyXm0kFfVgqRS2i17JPz2ZZxhAHw3KH13Ef1KI4tMdzCvFSayW0CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "BcbZOID7dipWNH0/uowqCF7Ivqm4QktMoz11Yv249tG";
|
||||
};
|
||||
wiregrill = {
|
||||
ip6.addr = w6 "0b1c";
|
||||
aliases = [
|
||||
"ubik.w"
|
||||
];
|
||||
wireguard.pubkey = ''
|
||||
JakWwg7Rq76jjzLFWPBQJPpzRHbIEbb46VLsSUOKI2I=
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlqW8zqJpjbva0NTty9Ex7R/Jk2emDxHJNpaM3WPt5L";
|
||||
}
|
|
@ -107,6 +107,7 @@ in {
|
|||
"eve.r"
|
||||
"tts.r"
|
||||
"flood.r"
|
||||
"warez.r"
|
||||
"navidrome.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
|
|
|
@ -52,7 +52,7 @@ let
|
|||
};
|
||||
|
||||
confuse = {
|
||||
pattern = "^!confuse (.*)$";
|
||||
pattern = "!confuse (.*)$";
|
||||
activate = "match";
|
||||
arguments = [1];
|
||||
command = {
|
||||
|
@ -90,7 +90,7 @@ let
|
|||
};
|
||||
|
||||
confuse_hackint = {
|
||||
pattern = "^!confuse (.*)$";
|
||||
pattern = "!confuse (.*)$";
|
||||
activate = "match";
|
||||
arguments = [1];
|
||||
command = {
|
||||
|
|
|
@ -53,6 +53,7 @@ let
|
|||
./sitemap.nix
|
||||
./ssl.nix
|
||||
./sync-containers.nix
|
||||
./sync-containers3.nix
|
||||
./systemd.nix
|
||||
./tinc.nix
|
||||
./tinc_graphs.nix
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{ config, lib, pkgs, ... }: let
|
||||
cfg = config.lass.sync-containers3;
|
||||
cfg = config.krebs.sync-containers3;
|
||||
slib = pkgs.stockholm.lib;
|
||||
in {
|
||||
options.lass.sync-containers3 = {
|
||||
options.krebs.sync-containers3 = {
|
||||
inContainer = {
|
||||
enable = lib.mkEnableOption "container config for syncing";
|
||||
pubkey = lib.mkOption {
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs",
|
||||
"rev": "befc83905c965adfd33e5cae49acb0351f6e0404",
|
||||
"date": "2023-01-13T18:32:21+01:00",
|
||||
"path": "/nix/store/bwpp6fchhfw699jn9hsdypyc7ggb72gx-nixpkgs",
|
||||
"sha256": "0m0ik7z06q3rshhhrg2p0vsrkf2jnqcq5gq1q6wb9g291rhyk6h2",
|
||||
"rev": "2caf4ef5005ecc68141ecb4aac271079f7371c44",
|
||||
"date": "2023-01-30T22:55:03+01:00",
|
||||
"path": "/nix/store/mkif1y61ndjfi6fl2hzm7gmgqn40rchn-nixpkgs",
|
||||
"sha256": "1f8d0v4q687r4z3qpg54asglgi3v07ac75hzxzxl0qxjyh0asdz3",
|
||||
"fetchLFS": false,
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs",
|
||||
"rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f",
|
||||
"date": "2023-01-15T13:38:37-03:00",
|
||||
"path": "/nix/store/mn2dwzki0d159fl09y87jrvyvcjgyy03-nixpkgs",
|
||||
"sha256": "0w3ysrhbqhgr1qnh0r9miyqd7yf7vsd4wcd21dffwjlb99lynla8",
|
||||
"rev": "0218941ea68b4c625533bead7bbb94ccce52dceb",
|
||||
"date": "2023-01-31T16:39:44+08:00",
|
||||
"path": "/nix/store/82grl4czg5pgacsa93nqssf5m7qrmmna-nixpkgs",
|
||||
"sha256": "0vwszpqs1x9sgnabvj3413mvcrj7k2ix4wv4hfvw6nmp6k4z6ic1",
|
||||
"fetchLFS": false,
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
|
|
76
lass/1systems/aergia/config.nix
Normal file
76
lass/1systems/aergia/config.nix
Normal file
|
@ -0,0 +1,76 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/baseX.nix>
|
||||
<stockholm/lass/2configs/pipewire.nix>
|
||||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/network-manager.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/sync/sync.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
<stockholm/lass/2configs/wine.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/yellow-mounts/samba.nix>
|
||||
<stockholm/lass/2configs/pass.nix>
|
||||
<stockholm/lass/2configs/mail.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
# <stockholm/lass/2configs/xonsh.nix>
|
||||
<stockholm/lass/2configs/review.nix>
|
||||
<stockholm/lass/2configs/dunst.nix>
|
||||
<stockholm/lass/2configs/print.nix>
|
||||
<stockholm/lass/2configs/br.nix>
|
||||
];
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
krebs.build.host = config.krebs.hosts.aergia;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
brain
|
||||
bank
|
||||
l-gen-secrets
|
||||
generate-secrets
|
||||
];
|
||||
|
||||
programs.adb.enable = true;
|
||||
|
||||
hardware.bluetooth = {
|
||||
enable = true;
|
||||
powerOnBoot = true;
|
||||
};
|
||||
hardware.pulseaudio.package = pkgs.pulseaudioFull;
|
||||
|
||||
lass.browser.config = {
|
||||
fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
|
||||
qt = { browser = "qutebrowser"; groups = [ "audio" "video" ]; hidden = true; };
|
||||
};
|
||||
|
||||
nix.trustedUsers = [ "root" "lass" ];
|
||||
|
||||
# nix.extraOptions = ''
|
||||
# extra-experimental-features = nix-command flakes
|
||||
# '';
|
||||
|
||||
services.tor = {
|
||||
enable = true;
|
||||
client.enable = true;
|
||||
};
|
||||
|
||||
documentation.nixos.enable = true;
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"aarch64-linux"
|
||||
];
|
||||
|
||||
boot.cleanTmpDir = true;
|
||||
|
||||
# vbox
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "vboxusers" ];
|
||||
}
|
64
lass/1systems/aergia/disk.nix
Normal file
64
lass/1systems/aergia/disk.nix
Normal file
|
@ -0,0 +1,64 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
disk = {
|
||||
main = {
|
||||
type = "disk";
|
||||
device = "/dev/nvme0n1";
|
||||
content = {
|
||||
type = "table";
|
||||
format = "gpt";
|
||||
partitions = [
|
||||
{
|
||||
name = "boot";
|
||||
type = "partition";
|
||||
start = "0";
|
||||
end = "1M";
|
||||
part-type = "primary";
|
||||
flags = ["bios_grub"];
|
||||
}
|
||||
{
|
||||
type = "partition";
|
||||
name = "ESP";
|
||||
start = "1MiB";
|
||||
end = "1GiB";
|
||||
fs-type = "fat32";
|
||||
bootable = true;
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "root";
|
||||
type = "partition";
|
||||
start = "1GiB";
|
||||
end = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "aergia1";
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = "-f"; # Override existing partition
|
||||
subvolumes = {
|
||||
# Subvolume name is different from mountpoint
|
||||
"/rootfs" = {
|
||||
mountpoint = "/";
|
||||
};
|
||||
# Mountpoints inferred from subvolume name
|
||||
"/home" = {
|
||||
mountOptions = [];
|
||||
};
|
||||
"/nix" = {
|
||||
mountOptions = [];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
3
lass/1systems/aergia/install.sh
Normal file
3
lass/1systems/aergia/install.sh
Normal file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
|
||||
target=$1
|
86
lass/1systems/aergia/physical.nix
Normal file
86
lass/1systems/aergia/physical.nix
Normal file
|
@ -0,0 +1,86 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
disko.devices = import ./disk.nix;
|
||||
|
||||
networking.hostId = "deadbeef";
|
||||
# boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
device = "/dev/nvme0n1";
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
};
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
boot.kernelParams = [
|
||||
# Enable energy savings during sleep
|
||||
"mem_sleep_default=deep"
|
||||
"initcall_blacklist=acpi_cpufreq_init"
|
||||
|
||||
# for ryzenadj -i
|
||||
"iomem=relaxed"
|
||||
];
|
||||
|
||||
# Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html
|
||||
# On recent AMD CPUs this can be more energy efficient.
|
||||
boot.kernelModules = [ "amd-pstate" "kvm-amd" ];
|
||||
|
||||
# hardware.cpu.amd.updateMicrocode = true;
|
||||
|
||||
services.xserver.videoDrivers = [
|
||||
"amdgpu"
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.vulkan-tools
|
||||
pkgs.ryzenadj
|
||||
(pkgs.writers.writeDashBin "set_tdp" ''
|
||||
set -efux
|
||||
watt=$1
|
||||
value=$(( $watt * 1000 ))
|
||||
${pkgs.ryzenadj}/bin/ryzenadj --stapm-limit="$value" --fast-limit="$value" --slow-limit="$value"
|
||||
'')
|
||||
];
|
||||
|
||||
# textsize
|
||||
services.xserver.dpi = 200;
|
||||
hardware.video.hidpi.enable = lib.mkDefault true;
|
||||
|
||||
# corectrl
|
||||
programs.corectrl.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "corectrl" ];
|
||||
|
||||
# use newer ryzenadj
|
||||
nixpkgs.config.packageOverrides = super: {
|
||||
ryzenadj = super.ryzenadj.overrideAttrs (old: {
|
||||
version = "unstable-2023-01-15";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "FlyGoat";
|
||||
repo = "RyzenAdj";
|
||||
rev = "1052fb52b2c0e23ac4cd868c4e74d4a9510be57c"; # unstable on 2023-01-15
|
||||
sha256 = "sha256-/IxkbQ1XrBrBVrsR4EdV6cbrFr1m+lGwz+rYBqxYG1k=";
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
# keyboard quirks
|
||||
services.xserver.displayManager.sessionCommands = ''
|
||||
xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert
|
||||
'';
|
||||
services.udev.extraHwdb = /* sh */ ''
|
||||
# disable back buttons
|
||||
evdev:input:b0003v2F24p0135* # /dev/input/event2
|
||||
KEYBOARD_KEY_70026=reserved
|
||||
KEYBOARD_KEY_70027=reserved
|
||||
'';
|
||||
|
||||
# ignore power key
|
||||
services.logind.extraConfig = "HandlePowerKey=ignore";
|
||||
}
|
21
lass/1systems/aergia/source.nix
Normal file
21
lass/1systems/aergia/source.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ lib, pkgs, test, ... }: let
|
||||
npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
|
||||
in {
|
||||
nixpkgs = (if test then lib.mkForce ({ derivation = let
|
||||
rev = npkgs.rev;
|
||||
sha256 = npkgs.sha256;
|
||||
in ''
|
||||
with import (builtins.fetchTarball {
|
||||
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
|
||||
sha256 = "${sha256}";
|
||||
}) {};
|
||||
pkgs.fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = "nixpkgs";
|
||||
rev = "${rev}";
|
||||
sha256 = "${sha256}";
|
||||
}
|
||||
''; }) else {
|
||||
git.ref = lib.mkForce npkgs.rev;
|
||||
});
|
||||
}
|
|
@ -27,7 +27,7 @@ with import <stockholm/lib>;
|
|||
|
||||
krebs.build.host = config.krebs.hosts.green;
|
||||
|
||||
lass.sync-containers3.inContainer = {
|
||||
krebs.sync-containers3.inContainer = {
|
||||
enable = true;
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y";
|
||||
};
|
||||
|
|
53
lass/1systems/hilum/disk.nix
Normal file
53
lass/1systems/hilum/disk.nix
Normal file
|
@ -0,0 +1,53 @@
|
|||
{ lib, disk, keyFile, ... }:
|
||||
{
|
||||
disk = {
|
||||
main = {
|
||||
type = "disk";
|
||||
device = disk;
|
||||
content = {
|
||||
type = "table";
|
||||
format = "gpt";
|
||||
partitions = [
|
||||
{
|
||||
name = "boot";
|
||||
type = "partition";
|
||||
start = "0";
|
||||
end = "1M";
|
||||
part-type = "primary";
|
||||
flags = ["bios_grub"];
|
||||
}
|
||||
{
|
||||
type = "partition";
|
||||
name = "ESP";
|
||||
start = "1MiB";
|
||||
end = "50%";
|
||||
fs-type = "fat32";
|
||||
bootable = true;
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "root";
|
||||
type = "partition";
|
||||
start = "50%";
|
||||
end = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "hilum_luks";
|
||||
keyFile = keyFile;
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "xfs";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
37
lass/1systems/hilum/flash-stick.sh
Executable file
37
lass/1systems/hilum/flash-stick.sh
Executable file
|
@ -0,0 +1,37 @@
|
|||
#!/bin/sh
|
||||
set -efux
|
||||
|
||||
disk=$1
|
||||
|
||||
export NIXPKGS_ALLOW_UNFREE=1
|
||||
(umask 077; pass show admin/hilum/luks > /tmp/hilum.luks)
|
||||
trap 'rm -f /tmp/hilum.luks' EXIT
|
||||
stockholm_root=$(git rev-parse --show-toplevel)
|
||||
ssh root@localhost -t -- $(nix-build \
|
||||
--no-out-link \
|
||||
-I nixpkgs=/var/src/nixpkgs \
|
||||
-I stockholm="$stockholm_root" \
|
||||
-I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \
|
||||
-E "with import <nixpkgs> {}; (pkgs.nixos [
|
||||
{
|
||||
luksPassFile = \"/tmp/hilum.luks\";
|
||||
mainDisk = \"$disk\";
|
||||
disko.rootMountPoint = \"/mnt/hilum\";
|
||||
}
|
||||
./physical.nix
|
||||
]).disko"
|
||||
)
|
||||
rm -f /tmp/hilum.luks
|
||||
$(nix-build \
|
||||
--no-out-link \
|
||||
-I nixpkgs=/var/src/nixpkgs \
|
||||
"$stockholm_root"/lass/krops.nix -A populate \
|
||||
--argstr name hilum \
|
||||
--argstr target "root@localhost/mnt/hilum/var/src" \
|
||||
--arg force true
|
||||
)
|
||||
ssh root@localhost << SSH
|
||||
NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-root-password --root /mnt/hilum -I /var/src
|
||||
nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader
|
||||
umount -Rv /mnt/hilum
|
||||
SSH
|
|
@ -1,11 +1,38 @@
|
|||
{ lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
{
|
||||
# nice hack to carry around state passed impurely at the beginning
|
||||
options.mainDisk = let
|
||||
tryFile = path: default:
|
||||
if lib.elem (builtins.baseNameOf path) (lib.attrNames (builtins.readDir (builtins.dirOf path))) then
|
||||
builtins.readFile path
|
||||
else
|
||||
default
|
||||
;
|
||||
in lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = tryFile "/etc/hilum-disk" "/dev/sdz";
|
||||
};
|
||||
config.environment.etc.hilum-disk.text = config.mainDisk;
|
||||
}
|
||||
{
|
||||
options.luksPassFile = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = null;
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
disko.devices = import ./disk.nix {
|
||||
inherit lib;
|
||||
disk = config.mainDisk;
|
||||
keyFile = config.luksPassFile;
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
@ -13,21 +40,9 @@
|
|||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.efiSupport = true;
|
||||
boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0";
|
||||
boot.loader.grub.device = config.mainDisk;
|
||||
boot.loader.grub.efiInstallAsRemovable = true;
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4";
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/2B9E-5131";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
|
|
|
@ -51,34 +51,6 @@ with import <stockholm/lib>;
|
|||
{ predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
services.syncthing.declarative = {
|
||||
devices.schasch.addresses = [ "schasch.r:22000" ];
|
||||
folders = {
|
||||
the_playlist = {
|
||||
path = "/home/lass/tmp/the_playlist";
|
||||
devices = [ "mors" "phone" "prism" "xerxes" ];
|
||||
};
|
||||
free_music = {
|
||||
id = "mu9mn-zgvsw";
|
||||
path = "/home/lass/tmp/free_music";
|
||||
devices = [ "mors" "schasch" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
krebs.permown = {
|
||||
"/home/lass/tmp/free_music" = {
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
};
|
||||
"/home/lass/tmp/the_playlist" = {
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
|
|
@ -9,10 +9,16 @@
|
|||
<stockholm/lass/2configs/consul.nix>
|
||||
<stockholm/lass/2configs/yellow-host.nix>
|
||||
<stockholm/lass/2configs/radio/container-host.nix>
|
||||
<stockholm/lass/2configs/ubik-host.nix>
|
||||
|
||||
# other containers
|
||||
<stockholm/lass/2configs/riot.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.neoprism;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
services.nginx.enable = true;
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "acme@lassul.us";
|
||||
}
|
||||
|
|
21
lass/1systems/orange/config.nix
Normal file
21
lass/1systems/orange/config.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.orange;
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "acme@lassul.us";
|
||||
};
|
||||
|
||||
krebs.sync-containers3.inContainer = {
|
||||
enable = true;
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWzKuXrwQopBc1mzb2VpljmwAs7Y8bRl9a8hBXLC+l";
|
||||
};
|
||||
}
|
7
lass/1systems/orange/physical.nix
Normal file
7
lass/1systems/orange/physical.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
];
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = true;
|
||||
}
|
|
@ -17,7 +17,7 @@ with import <stockholm/lib>;
|
|||
defaults.email = "acme@lassul.us";
|
||||
};
|
||||
|
||||
lass.sync-containers3.inContainer = {
|
||||
krebs.sync-containers3.inContainer = {
|
||||
enable = true;
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvPKdbVwMEFCDMyNAzR8NdVjTbQL2G+03Xomxn6KKFt";
|
||||
};
|
||||
|
|
33
lass/1systems/ubik/config.nix
Normal file
33
lass/1systems/ubik/config.nix
Normal file
|
@ -0,0 +1,33 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.ubik;
|
||||
|
||||
krebs.sync-containers3.inContainer = {
|
||||
enable = true;
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
hostName = "c.apanowicz.de";
|
||||
package = pkgs.nextcloud25;
|
||||
config.adminpassFile = "/run/nextcloud.pw";
|
||||
https = true;
|
||||
};
|
||||
systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [
|
||||
"+${pkgs.writeDash "copy-pw" ''
|
||||
${pkgs.rsync}/bin/rsync \
|
||||
--chown nextcloud:nextcloud \
|
||||
--chmod 0700 \
|
||||
/var/src/secrets/nextcloud.pw /run/nextcloud.pw
|
||||
''}"
|
||||
];
|
||||
}
|
7
lass/1systems/ubik/physical.nix
Normal file
7
lass/1systems/ubik/physical.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
];
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = true;
|
||||
}
|
|
@ -9,7 +9,7 @@ in {
|
|||
|
||||
krebs.build.host = config.krebs.hosts.yellow;
|
||||
|
||||
lass.sync-containers3.inContainer = {
|
||||
krebs.sync-containers3.inContainer = {
|
||||
enable = true;
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN737BAP36KiZO97mPKTIUGJUcr97ps8zjfFag6cUiYL";
|
||||
};
|
||||
|
|
|
@ -12,9 +12,9 @@ with import <stockholm/lib>;
|
|||
linkConfig = {
|
||||
RequiredForOnline = "routable";
|
||||
};
|
||||
# networkConfig = {
|
||||
# LinkLocalAddressing = "no";
|
||||
# };
|
||||
networkConfig = {
|
||||
LinkLocalAddressing = "no";
|
||||
};
|
||||
# dhcpV6Config = {
|
||||
# PrefixDelegationHint = "::/60";
|
||||
# };
|
||||
|
|
|
@ -1,10 +1,6 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass/2configs/container-networking.nix>
|
||||
];
|
||||
|
||||
lass.sync-containers3.containers.green = {
|
||||
krebs.sync-containers3.containers.green = {
|
||||
sshKey = "${toString <secrets>}/green.sync.key";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
with import <stockholm/lib>;
|
||||
{ pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
|
||||
|
@ -14,7 +13,6 @@ let
|
|||
port 465
|
||||
tls on
|
||||
tls_starttls off
|
||||
tls_fingerprint 9C:82:3B:0F:31:CE:1B:8E:96:00:CC:C9:FF:E7:BE:66:95:92:4F:22:DD:D6:2E:0E:1D:90:76:BE:8E:9E:8E:16
|
||||
auth on
|
||||
user lassulus
|
||||
passwordeval pass show c-base/pass
|
||||
|
@ -24,11 +22,12 @@ let
|
|||
notmuch-config = pkgs.writeText "notmuch-config" ''
|
||||
[database]
|
||||
path=/home/lass/Maildir
|
||||
mail_root=/home/lass/Maildir
|
||||
|
||||
[user]
|
||||
name=lassulus
|
||||
primary_email=lassulus@lassul.us
|
||||
other_email=lass@mors.r;${concatStringsSep ";" (flatten (attrValues mailboxes))}
|
||||
other_email=lass@mors.r;${lib.concatStringsSep ";" (lib.flatten (lib.attrValues mailboxes))}
|
||||
|
||||
[new]
|
||||
tags=unread;inbox;
|
||||
|
@ -93,11 +92,37 @@ let
|
|||
|
||||
tag-new-mails = pkgs.writeDashBin "nm-tag-init" ''
|
||||
${pkgs.notmuch}/bin/notmuch new
|
||||
${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
|
||||
${lib.concatMapStringsSep "\n" (i: ''
|
||||
'') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
|
||||
${lib.concatMapStringsSep "\n" (i: ''
|
||||
mkdir -p "$HOME/Maildir/.${i.name}/cur"
|
||||
for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files 'tag:inbox and (${lib.concatMapStringsSep " or " (f: "${f}") i.value})'); do
|
||||
if test -e "$mail"; then
|
||||
mv "$mail" "$HOME/Maildir/.${i.name}/cur/"
|
||||
else
|
||||
echo "$mail does not exist"
|
||||
fi
|
||||
done
|
||||
${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${lib.concatMapStringsSep " or " (f: "${f}") i.value}
|
||||
'') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
|
||||
${pkgs.notmuch}/bin/notmuch new
|
||||
${pkgs.notmuch}/bin/notmuch dump > "$HOME/Maildir/notmuch.backup"
|
||||
'';
|
||||
|
||||
tag-old-mails = pkgs.writeDashBin "nm-tag-old" ''
|
||||
${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
|
||||
set -efux
|
||||
${lib.concatMapStringsSep "\n" (i: ''
|
||||
${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${lib.concatMapStringsSep " or " (f: "${f}") i.value}
|
||||
mkdir -p "$HOME/Maildir/.${i.name}/cur"
|
||||
for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files ${lib.concatMapStringsSep " or " (f: "${f}") i.value}); do
|
||||
if test -e "$mail"; then
|
||||
mv "$mail" "$HOME/Maildir/.${i.name}/cur/"
|
||||
else
|
||||
echo "$mail does not exist"
|
||||
fi
|
||||
done
|
||||
'') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
|
||||
${pkgs.notmuch}/bin/notmuch new --no-hooks
|
||||
'';
|
||||
|
||||
muttrc = pkgs.writeText "muttrc" ''
|
||||
|
@ -110,17 +135,6 @@ let
|
|||
set crypt_verify_sig = yes
|
||||
set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f"
|
||||
|
||||
macro index \Cv \
|
||||
"<enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
|
||||
<enter-command> set crypt_verify_sig=yes<enter> \
|
||||
<display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
|
||||
'Verify PGP signature and open the message'
|
||||
|
||||
macro pager \Cv \
|
||||
"<exit><enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
|
||||
<enter-command> set crypt_verify_sig=yes<enter> \
|
||||
<display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
|
||||
'Verify PGP signature'
|
||||
|
||||
# read html mails
|
||||
auto_view text/html
|
||||
|
@ -138,8 +152,8 @@ let
|
|||
set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail
|
||||
set from="lassulus@lassul.us"
|
||||
alternates ^.*@lassul\.us$ ^.*@.*\.r$
|
||||
set use_from=yes
|
||||
set envelope_from=yes
|
||||
unset envelope_from_address
|
||||
set use_envelope_from
|
||||
set reverse_name
|
||||
|
||||
set sort=threads
|
||||
|
@ -148,7 +162,7 @@ let
|
|||
|
||||
virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
|
||||
virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
|
||||
${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)}
|
||||
${lib.concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
|
||||
virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
|
||||
virtual-mailboxes "Starred" "notmuch://?query=tag:*"
|
||||
virtual-mailboxes "Archive" "notmuch://?query=tag:archive"
|
||||
|
@ -166,6 +180,15 @@ let
|
|||
macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
|
||||
macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
|
||||
|
||||
# muchsync
|
||||
bind index \Cr noop
|
||||
macro index \Cr \
|
||||
"<enter-command>unset wait_key<enter> \
|
||||
<shell-escape>${pkgs.writeDash "muchsync" ''
|
||||
set -efu
|
||||
${pkgs.muchsync}/bin/muchsync -F lass@green.r
|
||||
''}<enter> \
|
||||
'run muchsync to green.r'
|
||||
|
||||
#killed
|
||||
bind index d noop
|
||||
|
@ -213,6 +236,9 @@ let
|
|||
macro pager ,@3 "<enter-command> set pager_index_lines=7; macro pager ] ,@1 'Toggle indexbar<Enter>"
|
||||
macro pager ] ,@1 'Toggle indexbar
|
||||
|
||||
# urlview
|
||||
macro pager \cb <pipe-entry>'${pkgs.urlview}/bin/urlview'<enter> 'Follow links with urlview'
|
||||
|
||||
# sidebar
|
||||
set sidebar_divider_char = '│'
|
||||
set sidebar_delim_chars = "/"
|
||||
|
|
15
lass/2configs/orange-host.nix
Normal file
15
lass/2configs/orange-host.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
krebs.sync-containers3.containers.orange = {
|
||||
sshKey = "${toString <secrets>}/orange.sync.key";
|
||||
};
|
||||
services.nginx.virtualHosts."lassul.us" = {
|
||||
# enableACME = config.security;
|
||||
# forceSSL = true;
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://orange.r";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
lass.sync-containers3.containers.radio = {
|
||||
krebs.sync-containers3.containers.radio = {
|
||||
sshKey = "${toString <secrets>}/radio.sync.key";
|
||||
};
|
||||
containers.radio = {
|
||||
|
|
|
@ -8,7 +8,7 @@ in
|
|||
];
|
||||
|
||||
|
||||
lass.sync-containers3.containers.red = {
|
||||
krebs.sync-containers3.containers.red = {
|
||||
sshKey = "${toString <secrets>}/containers/red/sync.key";
|
||||
ephemeral = true;
|
||||
};
|
||||
|
|
26
lass/2configs/ubik-host.nix
Normal file
26
lass/2configs/ubik-host.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
krebs.sync-containers3.containers.ubik = {
|
||||
sshKey = "${toString <secrets>}/ubik.sync.key";
|
||||
};
|
||||
containers.ubik.bindMounts."/var/lib" = {
|
||||
hostPath = "/var/lib/sync-containers3/ubik/state";
|
||||
isReadOnly = false;
|
||||
};
|
||||
containers.ubik.bindMounts."/var/lib/nextcloud/data" = {
|
||||
hostPath = "/var/ubik";
|
||||
isReadOnly = false;
|
||||
};
|
||||
services.nginx.virtualHosts."c.apanowicz.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://ubik.r";
|
||||
extraConfig = ''
|
||||
client_max_body_size 9001M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -53,6 +53,7 @@ import XMonad.Util.EZConfig (additionalKeysP)
|
|||
import XMonad.Util.NamedWindows (getName)
|
||||
import XMonad.Util.Run (safeSpawn)
|
||||
import XMonad.Util.Ungrab (unGrab)
|
||||
import XMonad.Util.Paste (pasteSelection)
|
||||
|
||||
data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
|
||||
|
||||
|
@ -105,11 +106,9 @@ floatHooks = composeAll
|
|||
|
||||
myKeyMap :: [([Char], X ())]
|
||||
myKeyMap =
|
||||
[ ("M4-C-p", forkFile "${pkgs.scrot}/bin/scrot" [ "~/public_html/scrot.png" ] Nothing )
|
||||
, ("M4-p", forkFile "${pkgs.pass}/bin/passmenu" [ "--type" ] Nothing)
|
||||
[ ("M4-p", forkFile "${pkgs.pass}/bin/passmenu" [ "--type" ] Nothing)
|
||||
, ("M4-S-p", forkFile "${pkgs.otpmenu}/bin/otpmenu" [] Nothing)
|
||||
, ("M4-o", forkFile "${pkgs.brain}/bin/brainmenu --type" [] Nothing)
|
||||
, ("M4-z", forkFile "${pkgs.emot-menu}/bin/emoticons" [] Nothing)
|
||||
, ("M4-z", forkFile "${pkgs.unimenu}/bin/unimenu" [] Nothing)
|
||||
|
||||
, ("M4-S-q", restart "xmonad" True)
|
||||
|
||||
|
@ -177,13 +176,13 @@ myKeyMap =
|
|||
, ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x")
|
||||
|
||||
, ("M4-<F11>", spawn "${config.lass.screenlock.command}")
|
||||
, ("M4-<F12>", spawn "${pkgs.systemd}/bin/systemctl suspend -i")
|
||||
|
||||
, ("M4-u", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
|
||||
, ("M4-y", spawn "/run/current-system/sw/bin/switch-theme toggle")
|
||||
|
||||
, ("M4-s", spawn "${pkgs.knav}/bin/knav")
|
||||
${lib.optionalString (builtins.hasAttr "warpd" pkgs) '', ("M4-s", spawn "${pkgs.warpd}/bin/warpd --hint")''}
|
||||
, ("M4-i", spawn "/run/current-system/sw/bin/screenshot")
|
||||
, ("S-<F12>", pasteSelection)
|
||||
|
||||
--, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
|
||||
--, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
lass.sync-containers3.containers.yellow = {
|
||||
krebs.sync-containers3.containers.yellow = {
|
||||
sshKey = "${toString <secrets>}/yellow.sync.key";
|
||||
};
|
||||
containers.yellow.bindMounts."/var/lib" = {
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
environment.systemPackages = with pkgs; [
|
||||
yubikey-personalization
|
||||
yubikey-manager
|
||||
pinentry-curses pinentry-qt
|
||||
];
|
||||
|
||||
services.udev.packages = with pkgs; [ yubikey-personalization ];
|
||||
|
@ -11,6 +12,7 @@
|
|||
services.pcscd.enable = true;
|
||||
systemd.user.services.gpg-agent.serviceConfig.ExecStartPre = pkgs.writers.writeDash "init_gpg" ''
|
||||
set -x
|
||||
mkdir -p $HOME/.gnupg
|
||||
${pkgs.coreutils}/bin/ln -sf ${pkgs.writeText "scdaemon.conf" ''
|
||||
disable-ccid
|
||||
pcsc-driver ${pkgs.pcsclite.out}/lib/libpcsclite.so.1
|
||||
|
@ -25,6 +27,10 @@
|
|||
reader-port Yubico YubiKey
|
||||
''} $HOME/.gnupg/scdaemon.conf
|
||||
'';
|
||||
systemd.user.services.gpg-agent.serviceConfig.ExecStartPost = pkgs.writers.writeDash "init_gpg" ''
|
||||
${pkgs.gnupg}/bin/gpg --import ${../../kartei/lass/pgp/yubikey.pgp} >/dev/null
|
||||
echo -e '5\ny\n' | gpg --command-fd 0 --expert --edit-key DBCD757846069B392EA9401D6657BE8A8D1EE807 trust >/dev/null || :
|
||||
'';
|
||||
|
||||
security.polkit.extraConfig = ''
|
||||
polkit.addRule(function(action, subject) {
|
||||
|
@ -38,13 +44,14 @@
|
|||
}
|
||||
});
|
||||
polkit.addRule(function(action, subject) {
|
||||
polkit.log("subject: " + subject + " action: " + action);
|
||||
polkit.log("subject: " + subject + " action: " + action);
|
||||
});
|
||||
'';
|
||||
|
||||
environment.shellInit = ''
|
||||
if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then
|
||||
export GPG_TTY="$(tty)"
|
||||
mkdir -p $HOME/.gnupg
|
||||
gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
|
||||
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
|
||||
if [ -z "$SSH_AUTH_SOCK" ]; then
|
||||
|
@ -61,6 +68,7 @@
|
|||
ssh.startAgent = false;
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
pinentryFlavor = "qt";
|
||||
# enableSSHSupport = true;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -15,6 +15,5 @@ _:
|
|||
./xjail.nix
|
||||
./autowifi.nix
|
||||
./browsers.nix
|
||||
./sync-containers3.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -5,13 +5,21 @@ pkgs.writers.writeDashBin "install-system" ''
|
|||
TARGET=$2
|
||||
# format
|
||||
if ! (sshn "$TARGET" -- mountpoint /mnt); then
|
||||
nix run github:numtide/nixos-remote -- --stop-after-disko --store-paths "$(nix-build --no-out-link -I stockholm="$HOME"/sync/stockholm -I nixos-config="$HOME"/sync/stockholm/lass/1systems/"$SYSTEM"/physical.nix '<nixpkgs/nixos>' -A config.system.build.diskoNoDeps)" /dev/null "$TARGET"
|
||||
if ! (sshn "$TARGET" -- type -p nix); then
|
||||
nix run github:numtide/nixos-remote -- --stop-after-disko --store-paths "$(nix-build --no-out-link -I stockholm="$HOME"/sync/stockholm -I nixos-config="$HOME"/sync/stockholm/lass/1systems/"$SYSTEM"/physical.nix '<nixpkgs/nixos>' -A config.system.build.diskoNoDeps)" /dev/null "$TARGET"
|
||||
else
|
||||
disko=$(nix-build -I stockholm=$HOME/sync/stockholm -I secrets=$HOME/sync/stockholm/lass/2configs/tests/dummy-secrets -I nixos-config=$HOME/sync/stockholm/lass/1systems/$SYSTEM/physical.nix '<nixpkgs/nixos>' -A config.system.build.disko)
|
||||
NIX_SSHOPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' nix-copy-closure --to "$TARGET" "$disko"
|
||||
sshn -t "$TARGET" -- "$disko"
|
||||
fi
|
||||
fi
|
||||
|
||||
# install dependencies
|
||||
sshn "$TARGET" << SSH
|
||||
nix-channel --update
|
||||
nix-env -iA nixos.git
|
||||
if ! type -p git; then
|
||||
nix-channel --update
|
||||
nix-env -iA nixos.git
|
||||
fi
|
||||
SSH
|
||||
|
||||
# populate
|
||||
|
@ -19,8 +27,9 @@ pkgs.writers.writeDashBin "install-system" ''
|
|||
|
||||
# install
|
||||
sshn "$TARGET" << SSH
|
||||
ln -s /mnt/var/src /var/src
|
||||
NIXOS_CONFIG=/var/src/nixos-config nixos-install --no-root-password -I /var/src
|
||||
NIXOS_CONFIG=/var/src/nixos-config nixos-install --no-root-password -I /mnt/var/src
|
||||
nixos-enter -- nixos-rebuild -I /var/src switch --install-bootloader
|
||||
umount -R /mnt
|
||||
zpool export -fa
|
||||
SSH
|
||||
''
|
||||
|
|
91
lass/5pkgs/unimenu/default.nix
Normal file
91
lass/5pkgs/unimenu/default.nix
Normal file
|
@ -0,0 +1,91 @@
|
|||
{
|
||||
lib,
|
||||
runCommand,
|
||||
fetchurl,
|
||||
writeText,
|
||||
writers,
|
||||
coreutils,
|
||||
dmenu,
|
||||
gnused,
|
||||
libnotify,
|
||||
xclip,
|
||||
xdotool,
|
||||
gawk,
|
||||
}: let
|
||||
unicode-file = runCommand "unicode.txt" {} ''
|
||||
${
|
||||
writers.writePython3 "generate.py" {flakeIgnore = ["E501" "E722"];} ''
|
||||
import csv
|
||||
|
||||
with open("${
|
||||
fetchurl {
|
||||
url = "https://unicode.org/Public/UCD/latest/ucd/UnicodeData.txt";
|
||||
sha256 = "sha256-NgGOaGV/3LNIX2NmMP/oyFMuAcl3cD0oA/W4nWxf6vs=";
|
||||
}
|
||||
}", "r") as unicode_data:
|
||||
reader = csv.reader(unicode_data, delimiter=";")
|
||||
next(reader) # skip first row containing \0
|
||||
for row in reader:
|
||||
codepoint = row[0]
|
||||
name = row[1]
|
||||
alternate_name = row[10]
|
||||
try:
|
||||
print(chr(int(codepoint, 16)), codepoint, name, alternate_name, sep=" ")
|
||||
except:
|
||||
continue
|
||||
''
|
||||
} > $out
|
||||
'';
|
||||
kaomoji-file = writeText "kaomoji.txt" ''
|
||||
¯\(°_o)/¯ dunno lol shrug dlol
|
||||
¯\_(ツ)_/¯ dunno lol shrug dlol
|
||||
( ͡° ͜ʖ ͡°) lenny
|
||||
¯\_( ͡° ͜ʖ ͡°)_/¯ lenny shrug dlol
|
||||
( ゚д゚) aaah sad noo
|
||||
ヽ(^o^)丿 hi yay hello
|
||||
(^o^: ups hehe
|
||||
(^∇^) yay
|
||||
┗(`皿´)┛ angry argh
|
||||
ヾ(^_^) byebye!! bye
|
||||
<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) dance
|
||||
(-.-)Zzz... sleep
|
||||
(∩╹□╹∩) oh noes woot
|
||||
(╯°□°)╯ ┻━┻ table flip
|
||||
(」゜ロ゜)」 why woot
|
||||
(_゜_゜_) gloom I see you
|
||||
༼ ༎ຶ ෴ ༎ຶ༽ sad
|
||||
(\/) (°,,,,°) (\/) krebs
|
||||
┳━┳ ヽ(ಠل͜ಠ)ノ putting table back
|
||||
┻━┻︵ \(°□°)/ ︵ ┻━┻ flip all dem tablez
|
||||
(`・ω・´) bear look
|
||||
ᕦ(ຈل͜ຈ)ᕤ strong flex muscle bicep
|
||||
ᕦ(ò_óˇ)ᕤ strong flex muscle bicep
|
||||
(๑>ᴗ<๑) excite
|
||||
(∩ ` -´)⊃━━☆゚.*・。゚ wizard spell magic
|
||||
◕ ◡ ◕ puss in boots big eye
|
||||
≋≋≋≋≋̯̫⌧̯̫(ˆ•̮ ̮•ˆ) nyan cat
|
||||
ʕ•ᴥ•ʔ bear
|
||||
(ԾɷԾ) adventure time
|
||||
(⁀ᗢ⁀) happy yay
|
||||
(≧◡≦) happy yay
|
||||
\(º □ º )/ panic
|
||||
𓂺 penis
|
||||
𓂸 penis
|
||||
'';
|
||||
in
|
||||
# ref https://github.com/LukeSmithxyz/voidrice/blob/9fe6802122f6e0392c7fe20eefd30437771d7f8e/.local/bin/dmenuunicode
|
||||
writers.writeDashBin "unimenu" ''
|
||||
history_file=$HOME/.cache/unimenu
|
||||
PATH=${lib.makeBinPath [coreutils dmenu gnused libnotify xclip xdotool]}
|
||||
chosen=$(cat "$history_file" ${kaomoji-file} ${unicode-file} | dmenu -p unicode -i -l 10 | tee --append "$history_file" | sed "s/ .*//")
|
||||
|
||||
[ "$chosen" != "" ] || exit
|
||||
|
||||
echo "$chosen" | tr -d '\n' | xclip -selection clipboard
|
||||
|
||||
if [ -n "$1" ]; then
|
||||
xdotool key Shift+Insert
|
||||
else
|
||||
notify-send --app-name="$(basename "$0")" "'$chosen' copied to clipboard." &
|
||||
fi
|
||||
''
|
|
@ -2,11 +2,11 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
nix.settings = {
|
||||
substituters = [
|
||||
"https://cache.euer.krebsco.de/"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
trusted-public-keys = [
|
||||
"gum:iIXIFlCAotib+MgI3V/i3HMlFXiVYOT/jfP0y54Zuvg="
|
||||
];
|
||||
};
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
nix.settings = {
|
||||
substituters = [
|
||||
"https://cache.krebsco.de"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
trusted-public-keys = [
|
||||
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
|
||||
"cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI="
|
||||
];
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
nix.settings = {
|
||||
substituters = [
|
||||
"https://cache.nixos.org/"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
trusted-public-keys = [
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
];
|
||||
};
|
||||
|
|
|
@ -30,7 +30,7 @@ with import <stockholm/lib>;
|
|||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||
};
|
||||
};
|
||||
nix.trustedUsers = [ config.krebs.build.user.name ];
|
||||
nix.settings.trusted-users = [ config.krebs.build.user.name ];
|
||||
|
||||
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
|
||||
|
||||
|
|
|
@ -8,13 +8,13 @@
|
|||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name;
|
||||
nix.buildCores = 0; # until https://github.com/NixOS/nixpkgs/pull/50440 is in stable
|
||||
|
||||
# we use gpg if necessary (or nothing at all)
|
||||
programs.ssh.startAgent = false;
|
||||
|
||||
# all boxes look the same
|
||||
nix.useSandbox = true;
|
||||
nix.settings.sandbox = true;
|
||||
nix.settings.cores = 0; # until https://github.com/NixOS/nixpkgs/pull/50440 is in stable
|
||||
# we configure users via nix
|
||||
users.mutableUsers = false;
|
||||
|
||||
|
|
Loading…
Reference in a new issue