Merge remote-tracking branch 'lass/master'
This commit is contained in:
makefu
commit
47ade5b208
|
|
@ -202,6 +202,7 @@ with import <stockholm/lib>;
|
|||
"mors.retiolum"
|
||||
"mors.r"
|
||||
"cgit.mors.retiolum"
|
||||
"cgit.mors.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
|
|
@ -273,6 +274,33 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
|
||||
};
|
||||
icarus = {
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.133.114";
|
||||
ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1214";
|
||||
aliases = [
|
||||
"icarus.retiolum"
|
||||
"icarus.r"
|
||||
"cgit.icarus.retiolum"
|
||||
"cgit.icarus.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr
|
||||
Q4CeN+pi2SZHEOiRm3jO8sOkGlv4I1WGs/nOu5Beb4/8wFH6wbm4cqXTqH/qFwCK
|
||||
7+9Bke8TUaoDj9E4ol9eyOx6u8Cto3ZRAUi6m1ilrfs1szFGS5ZX7mxI73uhki6t
|
||||
k6Zb5sa9G8WLcLPIN7tk3Nd0kofd/smwxSN0mXoTgbAf1DZ3Fnkgox/M5VnwpPW7
|
||||
zLzbWNFyLIgDGbQ5vZBlJW7c4O0KrMlftvEQ80GeZXaKNt6UK7LSAQ4Njn+8sXTt
|
||||
gl0Dx29bSPU3L8udj0Vu6ul7CiQ5bZzUCQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
|
||||
};
|
||||
|
||||
};
|
||||
users = {
|
||||
|
|
@ -294,6 +322,10 @@ with import <stockholm/lib>;
|
|||
pubkey = builtins.readFile ./ssh/shodan.rsa;
|
||||
pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
|
||||
};
|
||||
lass-icarus = {
|
||||
mail = "lass@icarus.retiolum";
|
||||
pubkey = builtins.readFile ./ssh/icarus.rsa;
|
||||
};
|
||||
fritz = {
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
|
||||
};
|
||||
|
|
|
|||
1
krebs/3modules/lass/ssh/icarus.rsa
Normal file
1
krebs/3modules/lass/ssh/icarus.rsa
Normal file
|
|
@ -0,0 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus
|
||||
|
|
@ -30,6 +30,7 @@ with import <stockholm/lib>;
|
|||
networking.wireless.enable = true;
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
};
|
||||
users.users.ferret = {
|
||||
uid = genid "ferret";
|
||||
|
|
|
|||
59
lass/1systems/icarus.nix
Normal file
59
lass/1systems/icarus.nix
Normal file
|
|
@ -0,0 +1,59 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
../.
|
||||
../2configs/retiolum.nix
|
||||
../2configs/hw/tp-x220.nix
|
||||
../2configs/baseX.nix
|
||||
../2configs/git.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/browsers.nix
|
||||
../2configs/programs.nix
|
||||
../2configs/fetchWallpaper.nix
|
||||
../2configs/backups.nix
|
||||
#{
|
||||
# users.extraUsers = {
|
||||
# root = {
|
||||
# openssh.authorizedKeys.keys = map readFile [
|
||||
# ../../krebs/Zpubkeys/uriel.ssh.pub
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
#}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.icarus;
|
||||
|
||||
boot = {
|
||||
loader.grub.enable = true;
|
||||
loader.grub.version = 2;
|
||||
loader.grub.device = "/dev/sda";
|
||||
|
||||
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
|
||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||
#kernelModules = [ "kvm-intel" "msr" ];
|
||||
};
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/pool/nix";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
"/tmp" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = ["nosuid" "nodev" "noatime"];
|
||||
};
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
|
||||
'';
|
||||
}
|
||||
|
|
@ -68,11 +68,19 @@ with import <stockholm/lib>;
|
|||
{
|
||||
krebs.nginx = {
|
||||
enable = true;
|
||||
servers.default.locations = [
|
||||
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
|
||||
alias /home/$1/public_html$2;
|
||||
'')
|
||||
];
|
||||
servers.default = {
|
||||
server-names = [
|
||||
"localhost"
|
||||
"${config.krebs.build.host.name}"
|
||||
"${config.krebs.build.host.name}.r"
|
||||
"${config.krebs.build.host.name}.retiolum"
|
||||
];
|
||||
locations = [
|
||||
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
|
||||
alias /home/$1/public_html$2;
|
||||
'')
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
|
|
|
|||
|
|
@ -230,6 +230,7 @@ in {
|
|||
}
|
||||
{
|
||||
virtualisation.libvirtd.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "libvirtd" ];
|
||||
}
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ in {
|
|||
]
|
||||
)
|
||||
|
||||
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
|
||||
for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
|
||||
addShell(f,name="build-{}".format(i),env=env_lass,
|
||||
command=nixshell + \
|
||||
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ with import <stockholm/lib>;
|
|||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"fuse"
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ let
|
|||
with git // config.krebs.users;
|
||||
repo:
|
||||
singleton {
|
||||
user = [ lass lass-uriel ];
|
||||
user = [ lass lass-shodan ];
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
} ++
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ in {
|
|||
krebs.power-action = {
|
||||
enable = true;
|
||||
plans.low-battery = {
|
||||
upperLimit = 30;
|
||||
lowerLimit = 25;
|
||||
upperLimit = 10;
|
||||
lowerLimit = 15;
|
||||
charging = false;
|
||||
action = pkgs.writeDash "warn-low-battery" ''
|
||||
${speak "power level low"}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ in {
|
|||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-shodan.pubkey
|
||||
config.krebs.users.lass-icarus.pubkey
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -118,4 +118,5 @@
|
|||
fi
|
||||
'';
|
||||
};
|
||||
users.users.${config.krebs.build.user.name}.shell = "/run/current-system/sw/bin/zsh";
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue