Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
e250f85838
|
@ -54,6 +54,9 @@ with import <stockholm/lib>;
|
||||||
config.krebs.users.tv.pubkey
|
config.krebs.users.tv.pubkey
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# enable documentation for our modules
|
||||||
|
documentation.nixos.includeAllModules = true;
|
||||||
|
|
||||||
# The NixOS release to be compatible with for stateful data such as databases.
|
# The NixOS release to be compatible with for stateful data such as databases.
|
||||||
system.stateVersion = "17.03";
|
system.stateVersion = "17.03";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
6667 6669
|
6667 6669
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.services.solanum.serviceConfig.LimitNOFILE = 16384;
|
systemd.services.solanum.serviceConfig.LimitNOFILE = lib.mkForce 16384;
|
||||||
|
|
||||||
krebs.solanum = {
|
services.solanum = {
|
||||||
enable = true;
|
enable = true;
|
||||||
motd = ''
|
motd = ''
|
||||||
hello
|
hello
|
||||||
|
|
|
@ -50,7 +50,6 @@ let
|
||||||
./secret.nix
|
./secret.nix
|
||||||
./setuid.nix
|
./setuid.nix
|
||||||
./shadow.nix
|
./shadow.nix
|
||||||
./solanum.nix
|
|
||||||
./sync-containers.nix
|
./sync-containers.nix
|
||||||
./tinc.nix
|
./tinc.nix
|
||||||
./tinc_graphs.nix
|
./tinc_graphs.nix
|
||||||
|
|
2
krebs/3modules/external/default.nix
vendored
2
krebs/3modules/external/default.nix
vendored
|
@ -587,7 +587,7 @@ in {
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.13.12";
|
ip4.addr = "10.243.13.12";
|
||||||
aliases = [ "catalonia.r" "aleph.r" ];
|
aliases = [ "catalonia.r" ];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
|
MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
|
||||||
|
|
108
krebs/3modules/external/mic92.nix
vendored
108
krebs/3modules/external/mic92.nix
vendored
|
@ -256,6 +256,10 @@ in {
|
||||||
okelmann = {
|
okelmann = {
|
||||||
owner = config.krebs.users.mic92;
|
owner = config.krebs.users.mic92;
|
||||||
nets.retiolum = {
|
nets.retiolum = {
|
||||||
|
addrs = [
|
||||||
|
config.krebs.hosts.okelmann.nets.retiolum.ip4.addr
|
||||||
|
config.krebs.hosts.okelmann.nets.retiolum.ip6.addr
|
||||||
|
];
|
||||||
ip4.addr = "10.243.29.190";
|
ip4.addr = "10.243.29.190";
|
||||||
aliases = [
|
aliases = [
|
||||||
"okelmann.r"
|
"okelmann.r"
|
||||||
|
@ -275,6 +279,10 @@ in {
|
||||||
aendernix = {
|
aendernix = {
|
||||||
owner = config.krebs.users.mic92;
|
owner = config.krebs.users.mic92;
|
||||||
nets.retiolum = {
|
nets.retiolum = {
|
||||||
|
addrs = [
|
||||||
|
config.krebs.hosts.aendernix.nets.retiolum.ip4.addr
|
||||||
|
config.krebs.hosts.aendernix.nets.retiolum.ip6.addr
|
||||||
|
];
|
||||||
ip4.addr = "10.243.29.172";
|
ip4.addr = "10.243.29.172";
|
||||||
aliases = [
|
aliases = [
|
||||||
"aendernix.r"
|
"aendernix.r"
|
||||||
|
@ -296,6 +304,30 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
aenderpad = {
|
||||||
|
owner = config.krebs.users.mic92;
|
||||||
|
nets.retiolum = {
|
||||||
|
addrs = [
|
||||||
|
config.krebs.hosts.aenderpad.nets.retiolum.ip4.addr
|
||||||
|
config.krebs.hosts.aenderpad.nets.retiolum.ip6.addr
|
||||||
|
];
|
||||||
|
ip4.addr = "10.243.29.201";
|
||||||
|
aliases = [
|
||||||
|
"aendernix.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAvHSVUd6/5P2rK3s9iQhVrxkjufDIi0Kn04iVB4Z0TpUvnmFAP+Hv
|
||||||
|
d7umo95lNkAPL9c3byv4ooQjOskrp7GmgQRijLUvJSAZ9FBVWPAjMXs+gk9oJnQj
|
||||||
|
6bovXJ3DurmW3h1ZRmkWn256j7g8lEMtf5LGFxs9Bwi4wqZTbI6DzTQhmNm76Spb
|
||||||
|
2UMSzr9kDcNj5r6LDhDKEDtx4P1Opshgsf9AusV81N5nqDcvAYsvEqYoPvjKIPwF
|
||||||
|
5jtfHY7hM7SdYoVgdAY8RFH7xuRkLQW4LBxPKjP3pEQPCgXcuEELm33PGr+w/vhC
|
||||||
|
jxeyKP+uSeuBBMSatTWG3kU8W2LxVML65QIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
Ed25519PublicKey = jC2UzKiUtWUlZF2ET88qM+Ot+GpoWxFFfpi8TCCr0uM
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
dimitra = {
|
dimitra = {
|
||||||
owner = config.krebs.users.mic92;
|
owner = config.krebs.users.mic92;
|
||||||
nets.retiolum = {
|
nets.retiolum = {
|
||||||
|
@ -761,5 +793,81 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
ryan = {
|
||||||
|
owner = config.krebs.users.mic92;
|
||||||
|
nets = rec {
|
||||||
|
retiolum = {
|
||||||
|
addrs = [
|
||||||
|
config.krebs.hosts.ryan.nets.retiolum.ip4.addr
|
||||||
|
config.krebs.hosts.ryan.nets.retiolum.ip6.addr
|
||||||
|
];
|
||||||
|
ip4.addr = "10.243.29.198";
|
||||||
|
aliases = [ "ryan.r" ];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEA0RE5jmBiEGmaYLVFmpCyVvlb6K3Zh2uxh7sVm44k31d9PEHHm4Wz
|
||||||
|
HQH+ueaefGVu19xLRJQGu4ZMl7oRbb5awiqKdSGgInhQaNzxUIHW4cCCdOVkgZSy
|
||||||
|
NjI9LMcc8tQtkoFGt6OhAzaViuGMo+aJAkLuXNf8hz5uR2flqQEeKfG5Kc7Z1DAQ
|
||||||
|
QNoBRtY0pltyK2y/Ip8cZ9cdxR5oLww67ykhY+eLy9tZLfKs6uWSq+2CV0cpNNQ9
|
||||||
|
Sh8fSbkjb4+JkxWAHDOyAnwFxnxstMcW0cscOW7nXYDi5IpvvesJlk698un7bLhm
|
||||||
|
vCkAd+WiNuTGfs9t0r6FDDVDREBhNk1sLwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
Ed25519PublicKey = sOD149OLZ2yUEjRpwbGdwHULKF2qNY3F+9AsEi1G0ZM
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
graham = {
|
||||||
|
owner = config.krebs.users.mic92;
|
||||||
|
nets = rec {
|
||||||
|
retiolum = {
|
||||||
|
addrs = [
|
||||||
|
config.krebs.hosts.graham.nets.retiolum.ip4.addr
|
||||||
|
config.krebs.hosts.graham.nets.retiolum.ip6.addr
|
||||||
|
];
|
||||||
|
ip4.addr = "10.243.29.199";
|
||||||
|
aliases = [ "graham.r" ];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAtnM8VqFlEPLPYfKOZvN4kKklrVEyX4WewlqHO8vtxML9ND5BHCdn
|
||||||
|
UeRsThvbKVRqEvZLTAXKClZRYVr2IroHqfx0euTq3FYTUbNNQ4KgcFAfLKWoxGfK
|
||||||
|
HsQbYpS93/sUtmhRBGcgXPnEkE6yqvFBXxcmB1QqdmgYKdY2Gtikwrv/5hb4AlNe
|
||||||
|
/gyzKGtAKYogspLI6EpEwlD9CGDNIUPJ4uQ56gDhV/qtyMSE6X0igSSVZayDc+x1
|
||||||
|
InPkH90xsa0/uXjYDnXNdMguLArGkRzMhd6DzK4vEaPFIX59yMX+tEj46rGY7xAI
|
||||||
|
gUZUI2codqY5Z93W5GC+ws34y0bpfeMMWwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
Ed25519PublicKey = xMJNMMXZRCbWkN9CzLFohkGUK54dPcrrosFD7xgIFXA
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
maurice = {
|
||||||
|
owner = config.krebs.users.mic92;
|
||||||
|
nets = rec {
|
||||||
|
retiolum = {
|
||||||
|
addrs = [
|
||||||
|
config.krebs.hosts.maurice.nets.retiolum.ip4.addr
|
||||||
|
config.krebs.hosts.maurice.nets.retiolum.ip6.addr
|
||||||
|
];
|
||||||
|
ip4.addr = "10.243.29.200";
|
||||||
|
aliases = [ "maurice.r" ];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAsLKBfPtZkjWGu6uitCV+4c5aQox2t4N8XNhY2mqE806XsYrqAC+y
|
||||||
|
d0oLOxRMUjfh9stDnEW/YRoLEKz9oZdRYd4eenP0Q3c3HdRFDBNCs27M5a8ysqZD
|
||||||
|
5w9+B+9OfUmMv61NyKiaR6WtoGbE849cj1UNk1z04elshfU7h829D8QnD4j1A1gf
|
||||||
|
bOaNG+RzOP6qP/6Q30rxAiTxRPi+FhcHvxa33y1ZVobvnfGcJa+AzsTbgH9T9Yob
|
||||||
|
GuXFZvuQVSyWOLOgY/vVml904q8gScMpBesAsZJ7DEXxSTga0Rt99Ti3d9ABwBI5
|
||||||
|
1YabQlGLaAkrj3PMgrDyayzGBDDDva9fEQIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
Ed25519PublicKey = pkMuJ4kbyleQAdau+sfmLtzTuUy7uL+wwcgV/GWC7/N
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -55,10 +55,12 @@ let
|
||||||
name = "fetchWallpaper";
|
name = "fetchWallpaper";
|
||||||
uid = genid_uint31 "fetchWallpaper";
|
uid = genid_uint31 "fetchWallpaper";
|
||||||
description = "fetchWallpaper user";
|
description = "fetchWallpaper user";
|
||||||
|
group = "fetchWallpaper";
|
||||||
home = cfg.stateDir;
|
home = cfg.stateDir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
};
|
};
|
||||||
|
users.groups.fetchWallpaper = {};
|
||||||
|
|
||||||
systemd.timers.fetchWallpaper = {
|
systemd.timers.fetchWallpaper = {
|
||||||
description = "fetch wallpaper timer";
|
description = "fetch wallpaper timer";
|
||||||
|
|
|
@ -365,10 +365,8 @@ let
|
||||||
users.users.${cfg.user.name} = {
|
users.users.${cfg.user.name} = {
|
||||||
inherit (cfg.user) home name uid;
|
inherit (cfg.user) home name uid;
|
||||||
description = "Git repository hosting user";
|
description = "Git repository hosting user";
|
||||||
extraGroups = [
|
# To allow running cgit-clear-cache via hooks.
|
||||||
# To allow running cgit-clear-cache via hooks.
|
group = cfg.cgit.fcgiwrap.group.name;
|
||||||
cfg.cgit.fcgiwrap.group.name
|
|
||||||
];
|
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
shell = "/bin/sh";
|
shell = "/bin/sh";
|
||||||
openssh.authorizedKeys.keys =
|
openssh.authorizedKeys.keys =
|
||||||
|
|
|
@ -39,7 +39,10 @@ in {
|
||||||
cores = 4;
|
cores = 4;
|
||||||
nets = {
|
nets = {
|
||||||
shack = {
|
shack = {
|
||||||
ip4.addr = "10.42.0.50" ;
|
ip4 = {
|
||||||
|
addr = "10.42.0.50" ;
|
||||||
|
prefix = "10.42.0.0/16";
|
||||||
|
};
|
||||||
aliases = [
|
aliases = [
|
||||||
"filebitch.shack"
|
"filebitch.shack"
|
||||||
];
|
];
|
||||||
|
@ -105,6 +108,7 @@ in {
|
||||||
"go.r"
|
"go.r"
|
||||||
"rss.r"
|
"rss.r"
|
||||||
];
|
];
|
||||||
|
tinc.port = 0;
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN PUBLIC KEY-----
|
-----BEGIN PUBLIC KEY-----
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9PY6t6P1ytgo8qYL2QDc
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9PY6t6P1ytgo8qYL2QDc
|
||||||
|
@ -157,6 +161,7 @@ in {
|
||||||
};
|
};
|
||||||
puyak = {
|
puyak = {
|
||||||
ci = true;
|
ci = true;
|
||||||
|
cores = 4;
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.77.2";
|
ip4.addr = "10.243.77.2";
|
||||||
|
@ -165,6 +170,7 @@ in {
|
||||||
"build.puyak.r"
|
"build.puyak.r"
|
||||||
"cgit.puyak.r"
|
"cgit.puyak.r"
|
||||||
];
|
];
|
||||||
|
tinc.port = 0;
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIIBCgKCAQEAwwDvaVKSJmAi1fpbsmjLz1DQVTgqnx56GkHKbz5sHwAfPVQej955
|
MIIBCgKCAQEAwwDvaVKSJmAi1fpbsmjLz1DQVTgqnx56GkHKbz5sHwAfPVQej955
|
||||||
|
|
|
@ -37,6 +37,7 @@ in {
|
||||||
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
||||||
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
io 60 IN NS ions.lassul.us.
|
io 60 IN NS ions.lassul.us.
|
||||||
|
@ -48,11 +49,15 @@ in {
|
||||||
jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
nets = rec {
|
nets = rec {
|
||||||
internet = {
|
internet = {
|
||||||
ip4.addr = "95.216.1.150";
|
ip4 = {
|
||||||
|
addr = "95.216.1.150";
|
||||||
|
prefix = "0.0.0.0/0";
|
||||||
|
};
|
||||||
aliases = [
|
aliases = [
|
||||||
"prism.i"
|
"prism.i"
|
||||||
"paste.i"
|
"paste.i"
|
||||||
|
@ -122,33 +127,6 @@ in {
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||||
syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
|
syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
|
||||||
};
|
};
|
||||||
uriel = {
|
|
||||||
monitoring = false;
|
|
||||||
cores = 1;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.81.176";
|
|
||||||
ip6.addr = r6 "1e1";
|
|
||||||
aliases = [
|
|
||||||
"uriel.r"
|
|
||||||
];
|
|
||||||
tinc.port = 0;
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR
|
|
||||||
duJkk8Fj12ftMc+Of1gnwDkFhRcfAKOeH1RSc4CTircWVq99WyecTwEZoaR/goQb
|
|
||||||
MND022kIBoG6NQNxv1Y5I1B/h7hfloMFEPym9oFtOAXoGhBY2vVl4g64NNz+RLME
|
|
||||||
m1RipLXKANAh6LRNPGPQCUYX4TVY2ZJVxM3CM1XdomUAdOYXJmWFyUg9NcIKaacx
|
|
||||||
uRrmuy7J9yFBcihZX5Y7NV361kINrpRmZYxJRf9cr0hb5EkJJ7bMIKQMEFQ5RnYo
|
|
||||||
u7MPGKD7aNHa6hLLCeIfJ5u0igVmSLh3pwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBryIo/Waw8SWvlQ0+5I+Bd/dJgcMd6iPXtELS6gQXoc";
|
|
||||||
secure = true;
|
|
||||||
};
|
|
||||||
mors = {
|
mors = {
|
||||||
cores = 2;
|
cores = 2;
|
||||||
nets = {
|
nets = {
|
||||||
|
@ -418,38 +396,6 @@ in {
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
|
||||||
syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM";
|
syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM";
|
||||||
};
|
};
|
||||||
red = {
|
|
||||||
monitoring = false;
|
|
||||||
cores = 1;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.0.13";
|
|
||||||
ip6.addr = r6 "12ed";
|
|
||||||
aliases = [
|
|
||||||
"red.r"
|
|
||||||
];
|
|
||||||
tinc.port = 0;
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
|
|
||||||
4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF
|
|
||||||
Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI
|
|
||||||
phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0
|
|
||||||
FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox
|
|
||||||
TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa
|
|
||||||
mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w
|
|
||||||
oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE
|
|
||||||
cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ
|
|
||||||
7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa
|
|
||||||
5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW
|
|
||||||
ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
|
|
||||||
};
|
|
||||||
yellow = {
|
yellow = {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = {
|
nets = {
|
||||||
|
@ -583,44 +529,6 @@ in {
|
||||||
ci = false;
|
ci = false;
|
||||||
syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ";
|
syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ";
|
||||||
};
|
};
|
||||||
morpheus = {
|
|
||||||
cores = 1;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.0.19";
|
|
||||||
ip6.addr = r6 "012f";
|
|
||||||
aliases = [
|
|
||||||
"morpheus.r"
|
|
||||||
];
|
|
||||||
tinc.port = 0;
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY
|
|
||||||
T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN
|
|
||||||
/Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh
|
|
||||||
S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz
|
|
||||||
Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR
|
|
||||||
bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI
|
|
||||||
Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz
|
|
||||||
sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+
|
|
||||||
VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j
|
|
||||||
3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA
|
|
||||||
U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "012f";
|
|
||||||
aliases = [
|
|
||||||
"morpheus.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
|
|
||||||
syncthing.id = "JS4RFIL-MJP2SMJ-EOQXCPQ-MC3NB4V-BQ77GN5-LPKGLWY-GHDP732-G22OJQQ";
|
|
||||||
};
|
|
||||||
hilum = {
|
hilum = {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = {
|
nets = {
|
||||||
|
|
|
@ -1,104 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
inherit (lib) mkEnableOption mkIf mkOption singleton types;
|
|
||||||
inherit (pkgs) coreutils solanum;
|
|
||||||
cfg = config.krebs.solanum;
|
|
||||||
|
|
||||||
configFile = pkgs.writeText "solanum.conf" ''
|
|
||||||
${cfg.config}
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
|
|
||||||
{
|
|
||||||
|
|
||||||
###### interface
|
|
||||||
|
|
||||||
options = {
|
|
||||||
|
|
||||||
krebs.solanum = {
|
|
||||||
|
|
||||||
enable = mkEnableOption "Solanum IRC daemon";
|
|
||||||
|
|
||||||
config = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
description = ''
|
|
||||||
Solanum IRC daemon configuration file.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
statedir = mkOption {
|
|
||||||
type = types.path;
|
|
||||||
default = "/var/lib/solanum";
|
|
||||||
description = ''
|
|
||||||
Location of the state directory of solanum.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
user = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "ircd";
|
|
||||||
description = ''
|
|
||||||
Solanum IRC daemon user.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
group = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "ircd";
|
|
||||||
description = ''
|
|
||||||
Solanum IRC daemon group.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
motd = mkOption {
|
|
||||||
type = types.nullOr types.lines;
|
|
||||||
default = null;
|
|
||||||
description = ''
|
|
||||||
Solanum MOTD text.
|
|
||||||
|
|
||||||
Solanum will read its MOTD from /etc/solanum/ircd.motd .
|
|
||||||
If set, the value of this option will be written to this path.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
###### implementation
|
|
||||||
|
|
||||||
config = mkIf cfg.enable (lib.mkMerge [
|
|
||||||
{
|
|
||||||
users.users.${cfg.user} = {
|
|
||||||
description = "Solanum IRC daemon user";
|
|
||||||
uid = config.ids.uids.ircd;
|
|
||||||
group = cfg.group;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.groups.${cfg.group} = {
|
|
||||||
gid = config.ids.gids.ircd;
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d ${cfg.statedir} - ${cfg.user} ${cfg.group} - -"
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.services.solanum = {
|
|
||||||
description = "Solanum IRC daemon";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${solanum}/bin/solanum -foreground -logfile /dev/stdout -configfile ${configFile} -pidfile ${cfg.statedir}/ircd.pid";
|
|
||||||
Group = cfg.group;
|
|
||||||
User = cfg.user;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
(mkIf (cfg.motd != null) {
|
|
||||||
environment.etc."solanum/ircd.motd".text = cfg.motd;
|
|
||||||
})
|
|
||||||
]);
|
|
||||||
}
|
|
|
@ -94,7 +94,7 @@ in {
|
||||||
programs.fuse.userAllowOther = true;
|
programs.fuse.userAllowOther = true;
|
||||||
# allow syncthing to enter /var/lib/containers
|
# allow syncthing to enter /var/lib/containers
|
||||||
system.activationScripts.containers-enter = mkDefault ''
|
system.activationScripts.containers-enter = mkDefault ''
|
||||||
${pkgs.coreutils}/bin/chmod a+x /var/lib/containers
|
${pkgs.coreutils}/bin/chmod a+x /var/lib/containers || :
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.syncthing.declarative.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({
|
services.syncthing.declarative.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({
|
||||||
|
|
|
@ -254,9 +254,14 @@ let
|
||||||
inherit (cfg.user) home name uid;
|
inherit (cfg.user) home name uid;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
|
group = netname;
|
||||||
}
|
}
|
||||||
) config.krebs.tinc;
|
) config.krebs.tinc;
|
||||||
|
|
||||||
|
users.groups = mapAttrs' (netname: cfg:
|
||||||
|
nameValuePair netname {}
|
||||||
|
) config.krebs.tinc;
|
||||||
|
|
||||||
environment.etc = mapAttrs' (netname: cfg:
|
environment.etc = mapAttrs' (netname: cfg:
|
||||||
nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy {
|
nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy {
|
||||||
source = cfg.confDir;
|
source = cfg.confDir;
|
||||||
|
|
|
@ -1,3 +1,10 @@
|
||||||
|
emptyok_response() {(
|
||||||
|
printf "HTTP/1.1 204 OK\r\n"
|
||||||
|
printf 'Connection: close\r\n'
|
||||||
|
printf 'Server: %s\r\n' "$Server"
|
||||||
|
printf '\r\n'
|
||||||
|
)}
|
||||||
|
|
||||||
delete_response() {
|
delete_response() {
|
||||||
jq -n -r \
|
jq -n -r \
|
||||||
--arg server "$Server" \
|
--arg server "$Server" \
|
||||||
|
@ -44,7 +51,10 @@ read_uri() {
|
||||||
}
|
}
|
||||||
|
|
||||||
uri=$(read_uri "$Request_URI")
|
uri=$(read_uri "$Request_URI")
|
||||||
path=$(jq -nr --argjson uri "$uri" '$uri.path')
|
path=$(jq -nr --argjson uri "$uri" '
|
||||||
|
$uri.path |
|
||||||
|
gsub("/+"; "/")
|
||||||
|
')
|
||||||
|
|
||||||
case "$Method $path" in
|
case "$Method $path" in
|
||||||
'POST /'*|'PUT /'*)
|
'POST /'*|'PUT /'*)
|
||||||
|
@ -57,6 +67,8 @@ case "$Method $path" in
|
||||||
|
|
||||||
mkdir -v -p $STATEDIR/items >&2
|
mkdir -v -p $STATEDIR/items >&2
|
||||||
cp -v $content $item >&2
|
cp -v $content $item >&2
|
||||||
|
|
||||||
|
emptyok_response
|
||||||
exit
|
exit
|
||||||
;;
|
;;
|
||||||
'GET /'*)
|
'GET /'*)
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
{ writers, coreutils, grib2json, curl, jq, findutils, imagemagick }:
|
{ writers, coreutils, grib2json, curl, jq, findutils, imagemagick }:
|
||||||
writers.writeDashBin "nomads-cloud" ''
|
writers.writeDashBin "nomads-cloud" ''
|
||||||
prefix=$(mktemp -d)
|
prefix=$(mktemp -d)
|
||||||
grib_path=$prefix.grib
|
grib_path=$prefix/clouds.grib
|
||||||
json_path=$prefix.json
|
json_path=$prefix/clouds.json
|
||||||
pgm_path=$prefix.pgm
|
pgm_path=$prefix/clouds.pgm
|
||||||
png_path="$1"
|
png_path=$1
|
||||||
|
|
||||||
mkdir -p "$prefix"
|
mkdir -p "$prefix"
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
"url": "https://github.com/NixOS/nixpkgs",
|
||||||
"rev": "70088dc29994c32f8520150e34c6e57e8453f895",
|
"rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175",
|
||||||
"date": "2021-10-07T22:46:35+08:00",
|
"date": "2021-11-01T19:42:18+01:00",
|
||||||
"path": "/nix/store/f0i4rdi62kkwa95v7ap8fzxybrikqi01-nixpkgs",
|
"path": "/nix/store/ccfd4ijkp4rn018sjghkhn4a7gkdq84l-nixpkgs",
|
||||||
"sha256": "08ldqfh2cmbvf930yq9pv220sv83k9shq183935l5d8p61fxh5zr",
|
"sha256": "1q7n9rk4i8ky2xxiymm72cfq1xra3ss3vkhbwf60rhiblslldgqg",
|
||||||
"fetchSubmodules": false,
|
"fetchSubmodules": false,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
"leaveDotGit": false
|
"leaveDotGit": false
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
"url": "https://github.com/NixOS/nixpkgs",
|
||||||
"rev": "ce7a1190a0fa4ba3465b5f5471b08567060ca14c",
|
"rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f",
|
||||||
"date": "2021-10-08T11:14:43-05:00",
|
"date": "2021-10-31T15:33:08-07:00",
|
||||||
"path": "/nix/store/y01vzcdhna8pjvy3w2bz7nc9zqyylxg3-nixpkgs",
|
"path": "/nix/store/60dqlv3rf8dyf041qwx2bblmpd7mp7q6-nixpkgs",
|
||||||
"sha256": "1zr1s9gp0h5g4arlba1bpb9yqfaaby5195ydm6a2psaxhm748li9",
|
"sha256": "150rrksrjf6w9m3c1ll04xilpglysklfpi636rxwyy318g5xss55",
|
||||||
"fetchSubmodules": false,
|
"fetchSubmodules": false,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
"leaveDotGit": false
|
"leaveDotGit": false
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{ lib, pkgs, test, ... }:
|
{ lib, pkgs, test, ... }:
|
||||||
{
|
if test then {} else {
|
||||||
nixpkgs = lib.mkIf (! test) (lib.mkForce {
|
nixpkgs = lib.mkIf (! test) (lib.mkForce {
|
||||||
file = {
|
file = {
|
||||||
path = toString (pkgs.fetchFromGitHub {
|
path = toString (pkgs.fetchFromGitHub {
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
<stockholm/lass/2configs/steam.nix>
|
<stockholm/lass/2configs/steam.nix>
|
||||||
<stockholm/lass/2configs/wine.nix>
|
<stockholm/lass/2configs/wine.nix>
|
||||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||||
# <stockholm/lass/2configs/nfs-dl.nix>
|
<stockholm/lass/2configs/prism-mounts/samba.nix>
|
||||||
<stockholm/lass/2configs/pass.nix>
|
<stockholm/lass/2configs/pass.nix>
|
||||||
<stockholm/lass/2configs/mail.nix>
|
<stockholm/lass/2configs/mail.nix>
|
||||||
<stockholm/lass/2configs/bitcoin.nix>
|
<stockholm/lass/2configs/bitcoin.nix>
|
||||||
|
|
21
lass/1systems/coaxmetal/source.nix
Normal file
21
lass/1systems/coaxmetal/source.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{ lib, pkgs, test, ... }: let
|
||||||
|
npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
|
||||||
|
in {
|
||||||
|
nixpkgs = (if test then lib.mkForce ({ derivation = let
|
||||||
|
rev = npkgs.rev;
|
||||||
|
sha256 = npkgs.sha256;
|
||||||
|
in ''
|
||||||
|
with import (builtins.fetchTarball {
|
||||||
|
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
|
||||||
|
sha256 = "${sha256}";
|
||||||
|
}) {};
|
||||||
|
pkgs.fetchFromGitHub {
|
||||||
|
owner = "nixos";
|
||||||
|
repo = "nixpkgs";
|
||||||
|
rev = "${rev}";
|
||||||
|
sha256 = "${sha256}";
|
||||||
|
}
|
||||||
|
''; }) else {
|
||||||
|
git.ref = lib.mkForce npkgs.rev;
|
||||||
|
});
|
||||||
|
}
|
|
@ -5,10 +5,13 @@
|
||||||
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/tor-initrd.nix>
|
<stockholm/lass/2configs/tor-initrd.nix>
|
||||||
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
|
<stockholm/lass/2configs/green-host.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.echelon;
|
krebs.build.host = config.krebs.hosts.echelon;
|
||||||
|
|
||||||
boot.tmpOnTmpfs = true;
|
boot.tmpOnTmpfs = true;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,6 +17,8 @@ with import <stockholm/lib>;
|
||||||
<stockholm/lass/2configs/IM.nix>
|
<stockholm/lass/2configs/IM.nix>
|
||||||
<stockholm/lass/2configs/muchsync.nix>
|
<stockholm/lass/2configs/muchsync.nix>
|
||||||
<stockholm/lass/2configs/pass.nix>
|
<stockholm/lass/2configs/pass.nix>
|
||||||
|
|
||||||
|
<stockholm/lass/2configs/git-brain.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.green;
|
krebs.build.host = config.krebs.hosts.green;
|
||||||
|
@ -68,6 +70,13 @@ with import <stockholm/lib>;
|
||||||
];
|
];
|
||||||
clearTarget = true;
|
clearTarget = true;
|
||||||
};
|
};
|
||||||
|
"/var/lib/git" = {
|
||||||
|
source = "/var/state/git";
|
||||||
|
options = [
|
||||||
|
"-M ${toString config.users.users.git.uid}"
|
||||||
|
];
|
||||||
|
clearTarget = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" ''
|
systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" ''
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{ lib, pkgs, ... }:
|
{ lib, pkgs, test, ... }:
|
||||||
{
|
if test then {} else {
|
||||||
nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
|
nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
|
||||||
nixpkgs.git.shallow = true;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,29 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
<stockholm/lass>
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
|
||||||
|
|
||||||
<stockholm/lass/2configs/syncthing.nix>
|
|
||||||
<stockholm/lass/2configs/green-host.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.morpheus;
|
|
||||||
|
|
||||||
networking.wireless.enable = false;
|
|
||||||
networking.networkmanager.enable = true;
|
|
||||||
|
|
||||||
services.logind.lidSwitch = "ignore";
|
|
||||||
services.logind.lidSwitchDocked = "ignore";
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
gitAndTools.hub
|
|
||||||
nix-review
|
|
||||||
firefox
|
|
||||||
ag
|
|
||||||
];
|
|
||||||
|
|
||||||
services.openssh.forwardX11 = true;
|
|
||||||
programs.x2goserver.enable = true;
|
|
||||||
}
|
|
|
@ -1,44 +0,0 @@
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./config.nix
|
|
||||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.efiSupport = true;
|
|
||||||
boot.loader.grub.efiInstallAsRemovable = true;
|
|
||||||
boot.loader.grub.device = "nodev";
|
|
||||||
|
|
||||||
networking.hostId = "06442b9a";
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/pool/root";
|
|
||||||
fsType = "btrfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
|
||||||
device = "/dev/disk/by-uuid/1F60-17C6";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/home" = {
|
|
||||||
device = "/dev/pool/home";
|
|
||||||
fsType = "btrfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/tmp" = {
|
|
||||||
device = "tmpfs";
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = ["nosuid" "nodev" "noatime"];
|
|
||||||
};
|
|
||||||
boot.initrd.luks = {
|
|
||||||
cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
|
||||||
devices.luksroot.device = "/dev/nvme0n1p3";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0"
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0"
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -183,35 +183,6 @@ with import <stockholm/lib>;
|
||||||
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
|
|
||||||
lass.restic = genAttrs [
|
|
||||||
"daedalus"
|
|
||||||
"icarus"
|
|
||||||
"littleT"
|
|
||||||
"prism"
|
|
||||||
"shodan"
|
|
||||||
"skynet"
|
|
||||||
] (dest: {
|
|
||||||
dirs = [
|
|
||||||
"/home/lass/src"
|
|
||||||
"/home/lass/work"
|
|
||||||
"/home/lass/.gnupg"
|
|
||||||
"/home/lass/Maildir"
|
|
||||||
"/home/lass/stockholm"
|
|
||||||
"/home/lass/.password-store"
|
|
||||||
"/home/bitcoin"
|
|
||||||
"/home/bch"
|
|
||||||
];
|
|
||||||
passwordFile = (toString <secrets>) + "/restic/${dest}";
|
|
||||||
repo = "sftp:backup@${dest}.r:/backups/mors";
|
|
||||||
#sshPrivateKey = config.krebs.build.host.ssh.privkey.path;
|
|
||||||
extraArguments = [
|
|
||||||
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
|
|
||||||
];
|
|
||||||
timerConfig = {
|
|
||||||
OnCalendar = "00:05";
|
|
||||||
RandomizedDelaySec = "5h";
|
|
||||||
};
|
|
||||||
});
|
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation.libvirtd.enable = true;
|
||||||
|
|
||||||
services.earlyoom = {
|
services.earlyoom = {
|
||||||
|
|
21
lass/1systems/mors/source.nix
Normal file
21
lass/1systems/mors/source.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{ lib, pkgs, test, ... }: let
|
||||||
|
npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
|
||||||
|
in {
|
||||||
|
nixpkgs = (if test then lib.mkForce ({ derivation = let
|
||||||
|
rev = npkgs.rev;
|
||||||
|
sha256 = npkgs.sha256;
|
||||||
|
in ''
|
||||||
|
with import (builtins.fetchTarball {
|
||||||
|
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
|
||||||
|
sha256 = "${sha256}";
|
||||||
|
}) {};
|
||||||
|
pkgs.fetchFromGitHub {
|
||||||
|
owner = "nixos";
|
||||||
|
repo = "nixpkgs";
|
||||||
|
rev = "${rev}";
|
||||||
|
sha256 = "${sha256}";
|
||||||
|
}
|
||||||
|
''; }) else {
|
||||||
|
git.ref = lib.mkForce npkgs.rev;
|
||||||
|
});
|
||||||
|
}
|
|
@ -112,7 +112,6 @@ with import <stockholm/lib>;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
<stockholm/lass/2configs/exim-smarthost.nix>
|
<stockholm/lass/2configs/exim-smarthost.nix>
|
||||||
<stockholm/lass/2configs/ts3.nix>
|
|
||||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||||
<stockholm/lass/2configs/radio.nix>
|
<stockholm/lass/2configs/radio.nix>
|
||||||
<stockholm/lass/2configs/binary-cache/server.nix>
|
<stockholm/lass/2configs/binary-cache/server.nix>
|
||||||
|
@ -124,16 +123,6 @@ with import <stockholm/lib>;
|
||||||
<stockholm/lass/2configs/ciko.nix>
|
<stockholm/lass/2configs/ciko.nix>
|
||||||
<stockholm/lass/2configs/container-networking.nix>
|
<stockholm/lass/2configs/container-networking.nix>
|
||||||
<stockholm/lass/2configs/jitsi.nix>
|
<stockholm/lass/2configs/jitsi.nix>
|
||||||
{ # quasi bepasty.nix
|
|
||||||
imports = [
|
|
||||||
<stockholm/lass/2configs/bepasty.nix>
|
|
||||||
];
|
|
||||||
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
|
||||||
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
|
|
||||||
return 403;
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
services.tor = {
|
services.tor = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -65,6 +65,12 @@
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# silence mdmonitor.service failures
|
||||||
|
# https://github.com/NixOS/nixpkgs/issues/72394
|
||||||
|
environment.etc."mdadm.conf".text = ''
|
||||||
|
MAILADDR root
|
||||||
|
'';
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 8;
|
nix.maxJobs = lib.mkDefault 8;
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
|
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
with import <stockholm/lib>;
|
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
|
||||||
servephpBB
|
|
||||||
;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
<stockholm/lass>
|
|
||||||
<stockholm/lass/2configs>
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
|
||||||
<stockholm/lass/2configs/websites>
|
|
||||||
<stockholm/lass/2configs/websites/sqlBackup.nix>
|
|
||||||
(servephpBB [ "rote-allez-fraktion.de" ])
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.red;
|
|
||||||
|
|
||||||
services.nginx.enable = true;
|
|
||||||
environment.systemPackages = [
|
|
||||||
pkgs.mk_sql_pair
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,7 +0,0 @@
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./config.nix
|
|
||||||
];
|
|
||||||
boot.isContainer = true;
|
|
||||||
networking.useDHCP = false;
|
|
||||||
}
|
|
|
@ -1,47 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
with builtins;
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
<stockholm/lass>
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
|
||||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
|
||||||
{
|
|
||||||
# locke config
|
|
||||||
i18n.defaultLocale ="de_DE.UTF-8";
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
services.xserver.enable = true;
|
|
||||||
services.xserver.libinput.enable = false;
|
|
||||||
users.users.locke = {
|
|
||||||
uid = genid "locke";
|
|
||||||
home = "/home/locke";
|
|
||||||
group = "users";
|
|
||||||
createHome = true;
|
|
||||||
extraGroups = [
|
|
||||||
"audio"
|
|
||||||
"networkmanager"
|
|
||||||
];
|
|
||||||
useDefaultShell = true;
|
|
||||||
isNormalUser = true;
|
|
||||||
};
|
|
||||||
networking.networkmanager.enable = true;
|
|
||||||
hardware.pulseaudio = {
|
|
||||||
enable = true;
|
|
||||||
systemWide = true;
|
|
||||||
};
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
pavucontrol
|
|
||||||
firefox
|
|
||||||
hexchat
|
|
||||||
networkmanagerapplet
|
|
||||||
];
|
|
||||||
services.xserver.desktopManager.xfce = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.uriel;
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
}
|
|
|
@ -1,59 +0,0 @@
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./config.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
boot = {
|
|
||||||
#kernelParams = [
|
|
||||||
# "acpi.brightness_switch_enabled=0"
|
|
||||||
#];
|
|
||||||
#loader.grub.enable = true;
|
|
||||||
#loader.grub.version = 2;
|
|
||||||
#loader.grub.device = "/dev/sda";
|
|
||||||
|
|
||||||
loader.systemd-boot.enable = true;
|
|
||||||
loader.timeout = 5;
|
|
||||||
|
|
||||||
initrd.luks.devices.luksroot.device = "/dev/sda2";
|
|
||||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
|
||||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
|
||||||
#kernelModules = [ "kvm-intel" "msr" ];
|
|
||||||
kernelModules = [ "msr" ];
|
|
||||||
};
|
|
||||||
fileSystems = {
|
|
||||||
"/" = {
|
|
||||||
device = "/dev/pool/root";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
"/bku" = {
|
|
||||||
device = "/dev/pool/bku";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
"/boot" = {
|
|
||||||
device = "/dev/sda1";
|
|
||||||
};
|
|
||||||
"/tmp" = {
|
|
||||||
device = "tmpfs";
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = ["nosuid" "nodev" "noatime"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.xserver.synaptics = {
|
|
||||||
enable = true;
|
|
||||||
twoFingerScroll = true;
|
|
||||||
accelFactor = "0.035";
|
|
||||||
additionalOptions = ''
|
|
||||||
Option "FingerHigh" "60"
|
|
||||||
Option "FingerLow" "60"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -30,7 +30,7 @@ in {
|
||||||
imports = [
|
imports = [
|
||||||
./bitlbee.nix
|
./bitlbee.nix
|
||||||
];
|
];
|
||||||
environment.systemPackages = [ tmux ];
|
environment.systemPackages = [ tmux weechat ];
|
||||||
systemd.services.chat = {
|
systemd.services.chat = {
|
||||||
description = "chat environment setup";
|
description = "chat environment setup";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
|
|
@ -11,6 +11,7 @@ in {
|
||||||
./xdg-open.nix
|
./xdg-open.nix
|
||||||
./yubikey.nix
|
./yubikey.nix
|
||||||
./pipewire.nix
|
./pipewire.nix
|
||||||
|
./tmux.nix
|
||||||
./xmonad.nix
|
./xmonad.nix
|
||||||
{
|
{
|
||||||
krebs.per-user.lass.packages = [
|
krebs.per-user.lass.packages = [
|
||||||
|
@ -61,7 +62,8 @@ in {
|
||||||
font-size
|
font-size
|
||||||
fzfmenu
|
fzfmenu
|
||||||
gimp
|
gimp
|
||||||
gitAndTools.qgit
|
gitAndTools.hub
|
||||||
|
git-crypt
|
||||||
git-preview
|
git-preview
|
||||||
gnome3.dconf
|
gnome3.dconf
|
||||||
iodine
|
iodine
|
||||||
|
@ -85,6 +87,7 @@ in {
|
||||||
xorg.xhost
|
xorg.xhost
|
||||||
xsel
|
xsel
|
||||||
zathura
|
zathura
|
||||||
|
flameshot-once
|
||||||
(pkgs.writeDashBin "screenshot" ''
|
(pkgs.writeDashBin "screenshot" ''
|
||||||
set -efu
|
set -efu
|
||||||
|
|
||||||
|
|
|
@ -1,44 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
|
|
||||||
# secrets used:
|
|
||||||
# wildcard.krebsco.de.crt
|
|
||||||
# wildcard.krebsco.de.key
|
|
||||||
# bepasty-secret.nix <- contains single string
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
let
|
|
||||||
secKey = import <secrets/bepasty-secret.nix>;
|
|
||||||
ext-doms = [
|
|
||||||
"paste.lassul.us"
|
|
||||||
"paste.krebsco.de"
|
|
||||||
];
|
|
||||||
in {
|
|
||||||
|
|
||||||
services.nginx.enable = mkDefault true;
|
|
||||||
krebs.bepasty = {
|
|
||||||
enable = true;
|
|
||||||
serveNginx= true;
|
|
||||||
|
|
||||||
servers = {
|
|
||||||
"paste.r" = {
|
|
||||||
nginx = {
|
|
||||||
serverAliases = [
|
|
||||||
"paste.${config.krebs.build.host.name}"
|
|
||||||
"paste.r"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
defaultPermissions = "admin,list,create,read,delete";
|
|
||||||
secretKey = secKey;
|
|
||||||
};
|
|
||||||
} //
|
|
||||||
genAttrs ext-doms (ext-dom: {
|
|
||||||
nginx = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
};
|
|
||||||
defaultPermissions = "read,create";
|
|
||||||
secretKey = secKey;
|
|
||||||
});
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -29,6 +29,13 @@
|
||||||
locations."/".extraConfig = ''
|
locations."/".extraConfig = ''
|
||||||
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||||
'';
|
'';
|
||||||
|
locations."= /nix-cache-info".extraConfig = ''
|
||||||
|
alias ${pkgs.writeText "cache-info" ''
|
||||||
|
StoreDir: /nix/store
|
||||||
|
WantMassQuery: 1
|
||||||
|
Priority: 42
|
||||||
|
''};
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
virtualHosts."cache.krebsco.de" = {
|
virtualHosts."cache.krebsco.de" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
|
@ -2,16 +2,13 @@ with (import <stockholm/lib>);
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./bitlbee.nix
|
|
||||||
./mail.nix
|
./mail.nix
|
||||||
./pass.nix
|
./pass.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
ag
|
ag
|
||||||
brain
|
|
||||||
dic
|
dic
|
||||||
nmap
|
nmap
|
||||||
git-preview
|
git-preview
|
||||||
|
@ -30,43 +27,6 @@ with (import <stockholm/lib>);
|
||||||
{ predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";}
|
{ predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";}
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.services.chat = let
|
|
||||||
tmux = pkgs.writeDash "tmux" ''
|
|
||||||
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
|
|
||||||
set-option -g prefix `
|
|
||||||
unbind-key C-b
|
|
||||||
bind ` send-prefix
|
|
||||||
|
|
||||||
set-option -g status off
|
|
||||||
set-option -g default-terminal screen-256color
|
|
||||||
|
|
||||||
#use session instead of windows
|
|
||||||
bind-key c new-session
|
|
||||||
bind-key p switch-client -p
|
|
||||||
bind-key n switch-client -n
|
|
||||||
bind-key C-s switch-client -l
|
|
||||||
''} "$@"
|
|
||||||
'';
|
|
||||||
in {
|
|
||||||
description = "chat environment setup";
|
|
||||||
after = [ "network.target" ];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
|
|
||||||
restartIfChanged = false;
|
|
||||||
|
|
||||||
path = [
|
|
||||||
pkgs.rxvt_unicode.terminfo
|
|
||||||
];
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
User = "lass";
|
|
||||||
RemainAfterExit = true;
|
|
||||||
Type = "oneshot";
|
|
||||||
ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
|
|
||||||
ExecStop = "${tmux} kill-session -t IM";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.dovecot2 = {
|
services.dovecot2 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
mailLocation = "maildir:~/Maildir";
|
mailLocation = "maildir:~/Maildir";
|
||||||
|
|
|
@ -1,8 +1,16 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
let
|
let
|
||||||
domain = "codi.lassul.us";
|
domain = "pad.lassul.us";
|
||||||
in {
|
in {
|
||||||
|
|
||||||
|
# redirect legacy domain to new one
|
||||||
|
services.nginx.virtualHosts."codi.lassul.us" = {
|
||||||
|
enableACME = true;
|
||||||
|
addSSL = true;
|
||||||
|
locations."/".return = "301 https://${domain}\$request_uri";
|
||||||
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts.${domain} = {
|
services.nginx.virtualHosts.${domain} = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
|
@ -19,10 +19,9 @@ with import <stockholm/lib>;
|
||||||
users.extraUsers = {
|
users.extraUsers = {
|
||||||
root = {
|
root = {
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass-mors.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
config.krebs.users.lass-blue.pubkey
|
config.krebs.users.lass-blue.pubkey
|
||||||
config.krebs.users.lass-green.pubkey
|
config.krebs.users.lass-green.pubkey
|
||||||
config.krebs.users.lass-yubikey.pubkey
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
mainUser = {
|
mainUser = {
|
||||||
|
@ -35,25 +34,17 @@ with import <stockholm/lib>;
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
"audio"
|
"audio"
|
||||||
|
"video"
|
||||||
"fuse"
|
"fuse"
|
||||||
"wheel"
|
"wheel"
|
||||||
];
|
];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass-mors.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
config.krebs.users.lass-blue.pubkey
|
config.krebs.users.lass-blue.pubkey
|
||||||
config.krebs.users.lass-green.pubkey
|
config.krebs.users.lass-green.pubkey
|
||||||
config.krebs.users.lass-yubikey.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
nix = {
|
|
||||||
isNormalUser = true;
|
|
||||||
uid = genid_uint31 "nix";
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.hosts.mors.ssh.pubkey
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
nix.trustedUsers = ["nix"];
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
environment.variables = {
|
environment.variables = {
|
||||||
|
@ -70,7 +61,7 @@ with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
#for sshuttle
|
#for sshuttle
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.pythonPackages.python
|
pkgs.python3Packages.python
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
@ -89,8 +80,6 @@ with import <stockholm/lib>;
|
||||||
|
|
||||||
services.timesyncd.enable = mkForce true;
|
services.timesyncd.enable = mkForce true;
|
||||||
|
|
||||||
boot.tmpOnTmpfs = true;
|
|
||||||
|
|
||||||
# multiple-definition-problem when defining environment.variables.EDITOR
|
# multiple-definition-problem when defining environment.variables.EDITOR
|
||||||
environment.extraInit = ''
|
environment.extraInit = ''
|
||||||
EDITOR=vim
|
EDITOR=vim
|
||||||
|
@ -102,6 +91,7 @@ with import <stockholm/lib>;
|
||||||
#stockholm
|
#stockholm
|
||||||
deploy
|
deploy
|
||||||
git
|
git
|
||||||
|
git-preview
|
||||||
gnumake
|
gnumake
|
||||||
jq
|
jq
|
||||||
|
|
||||||
|
@ -126,6 +116,7 @@ with import <stockholm/lib>;
|
||||||
file
|
file
|
||||||
hashPassword
|
hashPassword
|
||||||
kpaste
|
kpaste
|
||||||
|
cyberlocker-tools
|
||||||
pciutils
|
pciutils
|
||||||
pop
|
pop
|
||||||
q
|
q
|
||||||
|
@ -187,6 +178,7 @@ with import <stockholm/lib>;
|
||||||
services.journald.extraConfig = ''
|
services.journald.extraConfig = ''
|
||||||
SystemMaxUse=1G
|
SystemMaxUse=1G
|
||||||
RuntimeMaxUse=128M
|
RuntimeMaxUse=128M
|
||||||
|
Storage=persistent
|
||||||
'';
|
'';
|
||||||
|
|
||||||
krebs.iptables = {
|
krebs.iptables = {
|
||||||
|
@ -223,7 +215,11 @@ with import <stockholm/lib>;
|
||||||
noipv4ll
|
noipv4ll
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
documentation.nixos.includeAllModules = true;
|
||||||
|
|
||||||
# use 24:00 time format, the default got sneakily changed around 20.03
|
# use 24:00 time format, the default got sneakily changed around 20.03
|
||||||
i18n.defaultLocale = mkDefault "C.UTF-8";
|
i18n.defaultLocale = mkDefault "C.UTF-8";
|
||||||
|
time.timeZone = mkDefault"Europe/Berlin";
|
||||||
|
|
||||||
system.stateVersion = mkDefault "20.03";
|
system.stateVersion = mkDefault "20.03";
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,8 +19,10 @@ in {
|
||||||
"lassul.us"
|
"lassul.us"
|
||||||
];
|
];
|
||||||
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
|
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
|
||||||
config.krebs.hosts.mors
|
|
||||||
config.krebs.hosts.blue
|
config.krebs.hosts.blue
|
||||||
|
config.krebs.hosts.coaxmetal
|
||||||
|
config.krebs.hosts.green
|
||||||
|
config.krebs.hosts.mors
|
||||||
config.krebs.hosts.xerxes
|
config.krebs.hosts.xerxes
|
||||||
];
|
];
|
||||||
internet-aliases = map (from: { inherit from to; }) mails;
|
internet-aliases = map (from: { inherit from to; }) mails;
|
||||||
|
|
|
@ -5,7 +5,7 @@ let
|
||||||
in {
|
in {
|
||||||
krebs.fetchWallpaper = {
|
krebs.fetchWallpaper = {
|
||||||
enable = true;
|
enable = true;
|
||||||
url = "prism/realwallpaper-krebs-stars.png";
|
url = "prism/realwallpaper-krebs-stars-berlin.png";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
nix.gc = {
|
nix.gc = {
|
||||||
automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer);
|
automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" "coaxmetal" ] || config.boot.isContainer);
|
||||||
options = "--delete-older-than 15d";
|
options = "--delete-older-than 15d";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
57
lass/2configs/git-brain.nix
Normal file
57
lass/2configs/git-brain.nix
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
|
||||||
|
repos = krebs-repos;
|
||||||
|
rules = concatMap krebs-rules (attrValues krebs-repos);
|
||||||
|
|
||||||
|
krebs-repos = mapAttrs make-krebs-repo {
|
||||||
|
brain = { };
|
||||||
|
krebs-secrets = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
make-krebs-repo = with git; name: { cgit ? {}, ... }: {
|
||||||
|
inherit cgit name;
|
||||||
|
public = false;
|
||||||
|
hooks = {
|
||||||
|
post-receive = pkgs.git-hooks.irc-announce {
|
||||||
|
nick = config.networking.hostName;
|
||||||
|
verbose = true;
|
||||||
|
channel = "#xxx";
|
||||||
|
# TODO remove the hardcoded hostname
|
||||||
|
server = "irc.r";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# TODO: get the list of all krebsministers
|
||||||
|
krebsminister = with config.krebs.users; [ makefu tv ];
|
||||||
|
krebs-rules = repo:
|
||||||
|
set-owners repo [ config.krebs.users.lass ] ++ set-ro-access repo krebsminister;
|
||||||
|
|
||||||
|
set-ro-access = with git; repo: user:
|
||||||
|
singleton {
|
||||||
|
inherit user;
|
||||||
|
repo = [ repo ];
|
||||||
|
perm = fetch;
|
||||||
|
};
|
||||||
|
|
||||||
|
set-owners = with git;repo: user:
|
||||||
|
singleton {
|
||||||
|
inherit user;
|
||||||
|
repo = [ repo ];
|
||||||
|
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||||
|
};
|
||||||
|
|
||||||
|
in {
|
||||||
|
krebs.git = {
|
||||||
|
enable = true;
|
||||||
|
cgit = {
|
||||||
|
enable = false;
|
||||||
|
};
|
||||||
|
inherit repos rules;
|
||||||
|
};
|
||||||
|
}
|
|
@ -189,7 +189,7 @@ let
|
||||||
with git // config.krebs.users;
|
with git // config.krebs.users;
|
||||||
repo:
|
repo:
|
||||||
singleton {
|
singleton {
|
||||||
user = [ lass lass-mors lass-blue lass-yubikey ];
|
user = [ lass lass-green ];
|
||||||
repo = [ repo ];
|
repo = [ repo ];
|
||||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||||
} ++
|
} ++
|
||||||
|
|
|
@ -6,12 +6,12 @@
|
||||||
];
|
];
|
||||||
krebs.sync-containers.containers.green = {
|
krebs.sync-containers.containers.green = {
|
||||||
peers = [
|
peers = [
|
||||||
|
"echelon"
|
||||||
"icarus"
|
"icarus"
|
||||||
|
"littleT"
|
||||||
|
"mors"
|
||||||
"shodan"
|
"shodan"
|
||||||
"skynet"
|
"skynet"
|
||||||
"mors"
|
|
||||||
"morpheus"
|
|
||||||
"littleT"
|
|
||||||
"styx"
|
"styx"
|
||||||
];
|
];
|
||||||
hostIp = "10.233.2.15";
|
hostIp = "10.233.2.15";
|
||||||
|
@ -25,5 +25,9 @@
|
||||||
repo = "/var/lib/sync-containers/green/backup";
|
repo = "/var/lib/sync-containers/green/backup";
|
||||||
compression = "auto,lzma";
|
compression = "auto,lzma";
|
||||||
startAt = "daily";
|
startAt = "daily";
|
||||||
|
prune.keep = {
|
||||||
|
daily = 7;
|
||||||
|
weekly = 4;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,7 +6,6 @@
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd.luks.devices.luksroot.device = "/dev/sda3";
|
initrd.luks.devices.luksroot.device = "/dev/sda3";
|
||||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
|
||||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||||
extraModulePackages = [
|
extraModulePackages = [
|
||||||
config.boot.kernelPackages.tp_smapi
|
config.boot.kernelPackages.tp_smapi
|
||||||
|
@ -36,11 +35,6 @@
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||||
};
|
};
|
||||||
"/tmp" = {
|
|
||||||
device = "tmpfs";
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = ["nosuid" "nodev" "noatime"];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.logind.lidSwitch = "ignore";
|
services.logind.lidSwitch = "ignore";
|
||||||
|
|
|
@ -80,7 +80,12 @@ let
|
||||||
name = "mpv";
|
name = "mpv";
|
||||||
paths = [
|
paths = [
|
||||||
(pkgs.writeDashBin "mpv" ''
|
(pkgs.writeDashBin "mpv" ''
|
||||||
exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@"
|
exec ${pkgs.mpv}/bin/mpv \
|
||||||
|
-vo=gpu \
|
||||||
|
--no-config \
|
||||||
|
--script=${autosub} \
|
||||||
|
--script-opts=ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp \
|
||||||
|
"$@"
|
||||||
'')
|
'')
|
||||||
pkgs.mpv
|
pkgs.mpv
|
||||||
];
|
];
|
||||||
|
|
|
@ -4,6 +4,7 @@ with (import <stockholm/lib>);
|
||||||
{
|
{
|
||||||
systemd.services.muchsync = let
|
systemd.services.muchsync = let
|
||||||
hosts = [
|
hosts = [
|
||||||
|
"coaxmetal.r"
|
||||||
"mors.r"
|
"mors.r"
|
||||||
"green.r"
|
"green.r"
|
||||||
"blue.r"
|
"blue.r"
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
StandardError = lib.mkForce "journal";
|
StandardError = lib.mkForce "journal";
|
||||||
};
|
};
|
||||||
virtualisation.oci-containers.containers.mumble-web = {
|
virtualisation.oci-containers.containers.mumble-web = {
|
||||||
image = "rankenstein/mumble-web";
|
image = "rankenstein/mumble-web:0.5";
|
||||||
environment = {
|
environment = {
|
||||||
MUMBLE_SERVER = "lassul.us:64738";
|
MUMBLE_SERVER = "lassul.us:64738";
|
||||||
};
|
};
|
||||||
|
@ -28,12 +28,9 @@
|
||||||
services.nginx.virtualHosts."mumble.lassul.us" = {
|
services.nginx.virtualHosts."mumble.lassul.us" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/".extraConfig = ''
|
locations."/" = {
|
||||||
proxy_pass http://localhost:64739/;
|
proxyPass = "http://localhost:64739";
|
||||||
proxy_set_header Accept-Encoding "";
|
proxyWebsockets = true;
|
||||||
proxy_http_version 1.1;
|
};
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,15 @@
|
||||||
users.users.mainUser.packages = with pkgs; [
|
users.users.mainUser.packages = with pkgs; [
|
||||||
(pass.withExtensions (ext: [ ext.pass-otp ]))
|
(pass.withExtensions (ext: [ ext.pass-otp ]))
|
||||||
gnupg
|
gnupg
|
||||||
|
(pkgs.writers.writeDashBin "unlock" ''
|
||||||
|
set -efu
|
||||||
|
HOST=$1
|
||||||
|
|
||||||
|
pw=$(pass show "admin/$HOST/luks")
|
||||||
|
torify sshn root@$(pass "hosts/$HOST/initrd/hostname") "echo $pw > /crypt-ramfs/passphrase"
|
||||||
|
'')
|
||||||
];
|
];
|
||||||
|
|
||||||
programs.gnupg.agent.enable = true;
|
programs.gnupg.agent.enable = true;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
alsaUtils
|
alsaUtils
|
||||||
pulseaudioLight
|
pulseaudioLight
|
||||||
|
ponymix
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.variables.PULSE_SERVER = "localhost:4713";
|
environment.variables.PULSE_SERVER = "localhost:4713";
|
||||||
|
@ -26,6 +27,7 @@
|
||||||
alsa.support32Bit = true;
|
alsa.support32Bit = true;
|
||||||
pulse.enable = true;
|
pulse.enable = true;
|
||||||
jack.enable = true;
|
jack.enable = true;
|
||||||
|
|
||||||
# https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Migrate-PulseAudio#module-native-protocol-tcp
|
# https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Migrate-PulseAudio#module-native-protocol-tcp
|
||||||
config.pipewire-pulse = {
|
config.pipewire-pulse = {
|
||||||
"context.properties" = {
|
"context.properties" = {
|
||||||
|
|
15
lass/2configs/prism-mounts/samba.nix
Normal file
15
lass/2configs/prism-mounts/samba.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{
|
||||||
|
fileSystems."/mnt/prism" = {
|
||||||
|
device = "//prism.r/public";
|
||||||
|
fsType = "cifs";
|
||||||
|
options = [
|
||||||
|
"guest"
|
||||||
|
"nofail"
|
||||||
|
"noauto"
|
||||||
|
"ro"
|
||||||
|
"x-systemd.automount"
|
||||||
|
"x-systemd.device-timeout=1"
|
||||||
|
"x-systemd.idle-timeout=1min"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -13,9 +13,23 @@
|
||||||
pv
|
pv
|
||||||
pwgen
|
pwgen
|
||||||
remmina
|
remmina
|
||||||
|
ripgrep
|
||||||
silver-searcher
|
silver-searcher
|
||||||
|
transmission
|
||||||
wget
|
wget
|
||||||
xsel
|
xsel
|
||||||
youtube-dl
|
youtube-dl
|
||||||
|
(pkgs.writeDashBin "tether-on" ''
|
||||||
|
adb shell svc usb setFunctions rndis
|
||||||
|
'')
|
||||||
|
(pkgs.writeDashBin "tether-off" ''
|
||||||
|
adb shell svc usb setFunctions
|
||||||
|
'')
|
||||||
|
(pkgs.writeDashBin "dl-movie" ''
|
||||||
|
${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/movies -a "$@"
|
||||||
|
'')
|
||||||
|
(pkgs.writeDashBin "dl-series" ''
|
||||||
|
${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/series -a "$@"
|
||||||
|
'')
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -356,6 +356,89 @@ in {
|
||||||
locations."= /good".extraConfig = ''
|
locations."= /good".extraConfig = ''
|
||||||
proxy_pass http://localhost:8001;
|
proxy_pass http://localhost:8001;
|
||||||
'';
|
'';
|
||||||
|
locations."= /controls".extraConfig = ''
|
||||||
|
default_type "text/html";
|
||||||
|
alias ${pkgs.writeText "controls.html" ''
|
||||||
|
<!doctype html>
|
||||||
|
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
|
||||||
|
<title>The_Playlist Voting!</title>
|
||||||
|
<style>
|
||||||
|
#good {
|
||||||
|
display: block;
|
||||||
|
width: 100%;
|
||||||
|
border: none;
|
||||||
|
background-color: #04AA6D;
|
||||||
|
padding: 14px;
|
||||||
|
margin: 14px 0 0 0;
|
||||||
|
height: 100px;
|
||||||
|
font-size: 16px;
|
||||||
|
cursor: pointer;
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
#bad {
|
||||||
|
display: block;
|
||||||
|
width: 100%;
|
||||||
|
border: none;
|
||||||
|
background-color: red;
|
||||||
|
padding: 14px;
|
||||||
|
height: 100px;
|
||||||
|
|
||||||
|
margin: 14px 0 0 0;
|
||||||
|
font-size: 16px;
|
||||||
|
cursor: pointer;
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<div id=votenote></div>
|
||||||
|
<button id=good type="button"> GUT </button>
|
||||||
|
|
||||||
|
<button id=bad type="button"> SCHLECHT </button>
|
||||||
|
<center>
|
||||||
|
Currently Running: <br/><div>
|
||||||
|
<b id=current></b>
|
||||||
|
</div>
|
||||||
|
<div id=vote>
|
||||||
|
</div>
|
||||||
|
<audio controls autoplay="autoplay">
|
||||||
|
<source src="https://radio.lassul.us/radio.ogg" type="audio/ogg">
|
||||||
|
Your browser does not support the audio element.
|
||||||
|
</audio>
|
||||||
|
</center>
|
||||||
|
|
||||||
|
<script>
|
||||||
|
document.getElementById("good").onclick=async ()=>{
|
||||||
|
let result = await fetch("https://radio.lassul.us/good", {"method": "POST"})
|
||||||
|
document.getElementById("vote").textContent = "Dieses Lied findest du gut"
|
||||||
|
};
|
||||||
|
document.getElementById("bad").onclick=async ()=>{
|
||||||
|
let result = await fetch("https://radio.lassul.us/skip", {"method": "POST"})
|
||||||
|
document.getElementById("vote").textContent = "Dieses Lied findest du schlecht"
|
||||||
|
};
|
||||||
|
|
||||||
|
async function current() {
|
||||||
|
let result = await fetch("https://radio.lassul.us/current", {"method": "GET"})
|
||||||
|
let data = await result.json()
|
||||||
|
document.getElementById("current").textContent = data.name
|
||||||
|
}
|
||||||
|
window.onload = function() {
|
||||||
|
window.setInterval('current()', 10000)
|
||||||
|
current()
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
''};
|
||||||
|
'';
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
add_header 'Access-Control-Allow-Origin' '*';
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||||
|
@ -371,7 +454,7 @@ in {
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
|
<div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
|
||||||
<iframe src="https://kiwiirc.com/client/irc.freenode.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
|
<iframe src="https://kiwiirc.com/client/irc.hackint.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
|
||||||
</div>
|
</div>
|
||||||
<div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
|
<div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
|
||||||
<audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
|
<audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
|
||||||
|
|
|
@ -27,43 +27,6 @@ in {
|
||||||
hooks.PRIVMSG = [
|
hooks.PRIVMSG = [
|
||||||
hooks.sed
|
hooks.sed
|
||||||
hooks.url-title
|
hooks.url-title
|
||||||
{
|
|
||||||
activate = "match";
|
|
||||||
pattern = ''^@([^ ]+) (.*)$'';
|
|
||||||
command = 1;
|
|
||||||
arguments = [2];
|
|
||||||
env.HOME = config.krebs.reaktor2.coders.stateDir;
|
|
||||||
commands = let
|
|
||||||
lambdabot = (import (pkgs.fetchFromGitHub {
|
|
||||||
owner = "NixOS"; repo = "nixpkgs";
|
|
||||||
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
|
|
||||||
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
|
|
||||||
}) {}).lambdabot;
|
|
||||||
lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" ''
|
|
||||||
exec ${lambdabot}/bin/lambdabot \
|
|
||||||
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
|
|
||||||
-XFlexibleInstances -XMultiParamTypeClasses \
|
|
||||||
-XOverloadedStrings -XFunctionalDependencies \
|
|
||||||
-e "$@"
|
|
||||||
'';
|
|
||||||
in {
|
|
||||||
pl.filename = pkgs.writeDash "lambdabot-pl" ''
|
|
||||||
${lambdabotWrapper} "@pl $1"
|
|
||||||
'';
|
|
||||||
type.filename = pkgs.writeDash "lambdabot-type" ''
|
|
||||||
${lambdabotWrapper} "@type $1"
|
|
||||||
'';
|
|
||||||
"let".filename = pkgs.writeDash "lambdabot-let" ''
|
|
||||||
${lambdabotWrapper} "@let $1"
|
|
||||||
'';
|
|
||||||
run.filename = pkgs.writeDash "lambdabot-run" ''
|
|
||||||
${lambdabotWrapper} "@run $1"
|
|
||||||
'';
|
|
||||||
kind.filename = pkgs.writeDash "lambdabot-kind" ''
|
|
||||||
${lambdabotWrapper} "@kind $1"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
activate = "match";
|
activate = "match";
|
||||||
pattern = ''^!([^ ]+)(?:\s*(.*))?'';
|
pattern = ''^!([^ ]+)(?:\s*(.*))?'';
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
nixpkgs.config.steam.java = true;
|
nixpkgs.config.steam.java = true;
|
||||||
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
|
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
|
||||||
|
|
||||||
users.users.games.packages = [ (pkgs.steam.override {
|
users.users.mainUser.packages = [ (pkgs.steam.override {
|
||||||
extraPkgs = p: with p; [
|
extraPkgs = p: with p; [
|
||||||
gnutls # needed for Halo MCC
|
gnutls # needed for Halo MCC
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
services.syncthing.declarative.folders."/home/lass/sync" = {
|
services.syncthing.declarative.folders."/home/lass/sync" = {
|
||||||
devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" ];
|
devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" "coaxmetal" ];
|
||||||
};
|
};
|
||||||
krebs.permown."/home/lass/sync" = {
|
krebs.permown."/home/lass/sync" = {
|
||||||
file-mode = "u+rw,g+rw";
|
file-mode = "u+rw,g+rw";
|
||||||
|
|
46
lass/2configs/tmux.nix
Normal file
46
lass/2configs/tmux.nix
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
nixpkgs.config.packageOverrides = super: {
|
||||||
|
tmux = pkgs.symlinkJoin {
|
||||||
|
name = "tmux";
|
||||||
|
paths = [
|
||||||
|
(pkgs.writeDashBin "tmux" ''
|
||||||
|
exec ${super.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
|
||||||
|
#change prefix key to `
|
||||||
|
set-option -g prefix `
|
||||||
|
unbind-key C-b
|
||||||
|
bind ` send-prefix
|
||||||
|
|
||||||
|
set-option -g default-terminal screen-256color
|
||||||
|
|
||||||
|
#use session instead of windows
|
||||||
|
bind-key c new-session
|
||||||
|
bind-key p switch-client -p
|
||||||
|
bind-key n switch-client -n
|
||||||
|
bind-key C-s switch-client -l
|
||||||
|
''} "$@"
|
||||||
|
'')
|
||||||
|
super.tmux
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
tmux
|
||||||
|
];
|
||||||
|
|
||||||
|
# programs.bash.interactiveShellInit = ''
|
||||||
|
# if [[ "$TERM" != "linux" && -z "$TMUX" ]]; then
|
||||||
|
# if [[ -n "$SSH_AUTH_SOCK" ]]; then
|
||||||
|
# tmux set-environment -g SSH_AUTH_SOCK "$SSH_AUTH_SOCK" 2>/dev/null
|
||||||
|
# fi
|
||||||
|
|
||||||
|
# exec tmux -u
|
||||||
|
# fi
|
||||||
|
# if [[ "$__host__" != "$HOST" ]]; then
|
||||||
|
# tmux set -g status-bg colour$(string_hash $HOST 255)
|
||||||
|
# export __host__=$HOST
|
||||||
|
# fi
|
||||||
|
# '';
|
||||||
|
}
|
|
@ -1,19 +0,0 @@
|
||||||
{ config, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
services.teamspeak3 = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
#voice port
|
|
||||||
{ predicate = "-p tcp --dport 9987"; target = "ACCEPT"; }
|
|
||||||
{ predicate = "-p udp --dport 9987"; target = "ACCEPT"; }
|
|
||||||
##file transfer port
|
|
||||||
{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; }
|
|
||||||
{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; }
|
|
||||||
##query port
|
|
||||||
#{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; }
|
|
||||||
#{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; }
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -5,16 +5,6 @@ let
|
||||||
out = {
|
out = {
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
(hiPrio vim)
|
(hiPrio vim)
|
||||||
(pkgs.writeDashBin "govet" ''
|
|
||||||
go vet "$@"
|
|
||||||
'')
|
|
||||||
(hiPrio (pkgs.python3.withPackages (ps: [
|
|
||||||
ps.python-language-server
|
|
||||||
ps.pyls-isort
|
|
||||||
ps.pyflakes
|
|
||||||
ps.flake8
|
|
||||||
ps.yapf
|
|
||||||
])))
|
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.etc.vimrc.source = vimrc;
|
environment.etc.vimrc.source = vimrc;
|
||||||
|
@ -33,6 +23,7 @@ let
|
||||||
set directory=${dirs.swapdir}//
|
set directory=${dirs.swapdir}//
|
||||||
set hlsearch
|
set hlsearch
|
||||||
set incsearch
|
set incsearch
|
||||||
|
set ttymouse=sgr
|
||||||
set mouse=a
|
set mouse=a
|
||||||
set ruler
|
set ruler
|
||||||
set pastetoggle=<INS>
|
set pastetoggle=<INS>
|
||||||
|
@ -126,11 +117,7 @@ let
|
||||||
'';
|
'';
|
||||||
|
|
||||||
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
||||||
pkgs.vimPlugins.ack-vim
|
|
||||||
pkgs.vimPlugins.undotree
|
pkgs.vimPlugins.undotree
|
||||||
pkgs.vimPlugins.vim-go
|
|
||||||
pkgs.vimPlugins.fzf-vim
|
|
||||||
pkgs.vimPlugins.LanguageClient-neovim
|
|
||||||
(pkgs.vimUtils.buildVimPlugin {
|
(pkgs.vimUtils.buildVimPlugin {
|
||||||
name = "file-line-1.0";
|
name = "file-line-1.0";
|
||||||
src = pkgs.fetchFromGitHub {
|
src = pkgs.fetchFromGitHub {
|
||||||
|
|
|
@ -8,12 +8,7 @@ with import <stockholm/lib>;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
virtualHosts._http = {
|
enableReload = true;
|
||||||
default = true;
|
|
||||||
extraConfig = ''
|
|
||||||
return 404;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualHosts.default = {
|
virtualHosts.default = {
|
||||||
locations."= /etc/os-release".extraConfig = ''
|
locations."= /etc/os-release".extraConfig = ''
|
||||||
|
|
|
@ -82,7 +82,6 @@ in {
|
||||||
"o_ubikmedia_de"
|
"o_ubikmedia_de"
|
||||||
];
|
];
|
||||||
|
|
||||||
services.phpfpm.phpPackage = pkgs.php73;
|
|
||||||
services.phpfpm.phpOptions = ''
|
services.phpfpm.phpOptions = ''
|
||||||
sendmail_path = ${sendmail} -t
|
sendmail_path = ${sendmail} -t
|
||||||
upload_max_filesize = 100M
|
upload_max_filesize = 100M
|
||||||
|
@ -117,6 +116,13 @@ in {
|
||||||
# workaround for android 7
|
# workaround for android 7
|
||||||
security.acme.certs."lassul.us".keyType = "rsa4096";
|
security.acme.certs."lassul.us".keyType = "rsa4096";
|
||||||
|
|
||||||
|
services.roundcube = {
|
||||||
|
enable = true;
|
||||||
|
hostName = "mail.lassul.us";
|
||||||
|
extraConfig = ''
|
||||||
|
$config['smtp_port'] = 25;
|
||||||
|
'';
|
||||||
|
};
|
||||||
services.dovecot2 = {
|
services.dovecot2 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
mailLocation = "maildir:~/Mail";
|
mailLocation = "maildir:~/Mail";
|
||||||
|
@ -138,7 +144,7 @@ in {
|
||||||
driver = plaintext
|
driver = plaintext
|
||||||
public_name = LOGIN
|
public_name = LOGIN
|
||||||
server_prompts = "Username:: : Password::"
|
server_prompts = "Username:: : Password::"
|
||||||
server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
|
server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
|
||||||
'';
|
'';
|
||||||
internet-aliases = [
|
internet-aliases = [
|
||||||
{ from = "dma@ubikmedia.de"; to = "domsen"; }
|
{ from = "dma@ubikmedia.de"; to = "domsen"; }
|
||||||
|
@ -317,6 +323,15 @@ in {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.line = {
|
||||||
|
uid = genid_uint31 "line";
|
||||||
|
home = "/home/line";
|
||||||
|
useDefaultShell = true;
|
||||||
|
# extraGroups = [ "xanf" ];
|
||||||
|
createHome = true;
|
||||||
|
isNormalUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
users.groups.xanf = {};
|
users.groups.xanf = {};
|
||||||
|
|
||||||
krebs.on-failure.plans.restic-backups-domsen = {
|
krebs.on-failure.plans.restic-backups-domsen = {
|
||||||
|
|
|
@ -32,6 +32,7 @@ in {
|
||||||
services.nginx.virtualHosts."lassul.us" = {
|
services.nginx.virtualHosts."lassul.us" = {
|
||||||
addSSL = true;
|
addSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
default = true;
|
||||||
locations."/".extraConfig = ''
|
locations."/".extraConfig = ''
|
||||||
root /srv/http/lassul.us;
|
root /srv/http/lassul.us;
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -58,7 +58,6 @@
|
||||||
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
|
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
|
||||||
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
|
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
|
||||||
}}/LS_COLORS)
|
}}/LS_COLORS)
|
||||||
alias ls='ls --color'
|
|
||||||
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
|
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
|
||||||
|
|
||||||
#emacs bindings
|
#emacs bindings
|
||||||
|
@ -66,12 +65,6 @@
|
||||||
bindkey "[8~" end-of-line
|
bindkey "[8~" end-of-line
|
||||||
bindkey "Oc" emacs-forward-word
|
bindkey "Oc" emacs-forward-word
|
||||||
bindkey "Od" emacs-backward-word
|
bindkey "Od" emacs-backward-word
|
||||||
|
|
||||||
#aliases
|
|
||||||
alias ll='ls -l'
|
|
||||||
alias la='ls -la'
|
|
||||||
|
|
||||||
#fancy window title magic
|
|
||||||
'';
|
'';
|
||||||
promptInit = ''
|
promptInit = ''
|
||||||
# TODO: figure out why we need to set this here
|
# TODO: figure out why we need to set this here
|
||||||
|
|
|
@ -9,7 +9,6 @@ _:
|
||||||
./news.nix
|
./news.nix
|
||||||
./nichtparasoup.nix
|
./nichtparasoup.nix
|
||||||
./pyload.nix
|
./pyload.nix
|
||||||
./restic.nix
|
|
||||||
./screenlock.nix
|
./screenlock.nix
|
||||||
./usershadow.nix
|
./usershadow.nix
|
||||||
./xjail.nix
|
./xjail.nix
|
||||||
|
|
|
@ -38,7 +38,7 @@ in {
|
||||||
# match filetype against patterns
|
# match filetype against patterns
|
||||||
${concatMapStringsSep "\n" (script: ''
|
${concatMapStringsSep "\n" (script: ''
|
||||||
${pkgs.xclip}/bin/xclip -selection clipboard -target TARGETS -out \
|
${pkgs.xclip}/bin/xclip -selection clipboard -target TARGETS -out \
|
||||||
| grep -q '${script.target}'
|
| ${pkgs.gnugrep}/bin/grep -q '${script.target}'
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
labels="$labels:${script.label}"
|
labels="$labels:${script.label}"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1,119 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
|
|
||||||
{
|
|
||||||
options.lass.restic = mkOption {
|
|
||||||
type = types.attrsOf (types.submodule ({ config, ... }: {
|
|
||||||
options = {
|
|
||||||
name = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = config._module.args.name;
|
|
||||||
};
|
|
||||||
passwordFile = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = toString <secrets/restic-password>;
|
|
||||||
description = ''
|
|
||||||
read the repository password from a file.
|
|
||||||
'';
|
|
||||||
example = "/etc/nixos/restic-password";
|
|
||||||
|
|
||||||
};
|
|
||||||
repo = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "sftp:backup@prism.r:/backups/${config.name}";
|
|
||||||
description = ''
|
|
||||||
repository to backup to.
|
|
||||||
'';
|
|
||||||
example = "sftp:backup@192.168.1.100:/backups/${config.name}";
|
|
||||||
};
|
|
||||||
dirs = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = [];
|
|
||||||
description = ''
|
|
||||||
which directories to backup.
|
|
||||||
'';
|
|
||||||
example = [
|
|
||||||
"/var/lib/postgresql"
|
|
||||||
"/home/user/backup"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
timerConfig = mkOption {
|
|
||||||
type = types.attrsOf types.str;
|
|
||||||
default = {
|
|
||||||
OnCalendar = "daily";
|
|
||||||
};
|
|
||||||
description = ''
|
|
||||||
When to run the backup. See man systemd.timer for details.
|
|
||||||
'';
|
|
||||||
example = {
|
|
||||||
OnCalendar = "00:05";
|
|
||||||
RandomizedDelaySec = "5h";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
user = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "root";
|
|
||||||
description = ''
|
|
||||||
As which user the backup should run.
|
|
||||||
'';
|
|
||||||
example = "postgresql";
|
|
||||||
};
|
|
||||||
extraArguments = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = [];
|
|
||||||
description = ''
|
|
||||||
Extra arguments to append to the restic command.
|
|
||||||
'';
|
|
||||||
example = [
|
|
||||||
"sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
initialize = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = ''
|
|
||||||
Create the repository if it doesn't exist.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}));
|
|
||||||
default = {};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = {
|
|
||||||
systemd.services =
|
|
||||||
mapAttrs' (_: plan:
|
|
||||||
let
|
|
||||||
extraArguments = concatMapStringsSep " " (arg: "-o ${arg}") plan.extraArguments;
|
|
||||||
connectTo = elemAt (splitString ":" plan.repo) 1;
|
|
||||||
resticCmd = "${pkgs.restic}/bin/restic ${extraArguments}";
|
|
||||||
in nameValuePair "backup.${plan.name}" {
|
|
||||||
environment = {
|
|
||||||
RESTIC_PASSWORD_FILE = plan.passwordFile;
|
|
||||||
RESTIC_REPOSITORY = plan.repo;
|
|
||||||
};
|
|
||||||
path = with pkgs; [
|
|
||||||
openssh
|
|
||||||
];
|
|
||||||
restartIfChanged = false;
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStartPre = mkIf plan.initialize (pkgs.writeScript "rustic-${plan.name}-init" ''
|
|
||||||
#! ${pkgs.bash}/bin/bash
|
|
||||||
${resticCmd} snapshots || ${resticCmd} init
|
|
||||||
'');
|
|
||||||
ExecStart = pkgs.writeDash "rustic-${plan.name}" (
|
|
||||||
"#! ${pkgs.bash}/bin/bash\n" +
|
|
||||||
concatMapStringsSep "\n" (dir: "${resticCmd} backup ${dir}") plan.dirs
|
|
||||||
);
|
|
||||||
User = plan.user;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
) config.lass.restic;
|
|
||||||
systemd.timers =
|
|
||||||
mapAttrs' (_: plan: nameValuePair "backup.${plan.name}" {
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig = plan.timerConfig;
|
|
||||||
}) config.lass.restic;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -48,6 +48,7 @@ with import <stockholm/lib>;
|
||||||
wm = mkOption {
|
wm = mkOption {
|
||||||
#TODO find type
|
#TODO find type
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
defaultText = "‹script›";
|
||||||
default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
|
default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
|
||||||
executables.xmonad = {
|
executables.xmonad = {
|
||||||
extra-depends = [
|
extra-depends = [
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ pkgs }:
|
{ pkgs }:
|
||||||
|
# usage: sshify prism.r -- curl ifconfig.me
|
||||||
pkgs.writers.writeBashBin "sshify" ''
|
pkgs.writers.writeBashBin "sshify" ''
|
||||||
set -efu
|
set -efu
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
(if (lib.pathExists (./. + "/1systems/${name}/source.nix")) && (! test) then
|
(if lib.pathExists (./. + "/1systems/${name}/source.nix") then
|
||||||
import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs test; }
|
import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs test; }
|
||||||
else
|
else
|
||||||
{}
|
{}
|
||||||
|
@ -33,9 +33,23 @@
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
|
deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeCommand "deploy" {
|
||||||
deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
|
command = targetPath: ''
|
||||||
|
|
||||||
|
set -fu
|
||||||
|
|
||||||
|
outDir=$(mktemp -d)
|
||||||
|
trap "rm -rf $outDir;" INT TERM EXIT
|
||||||
|
|
||||||
|
nix build \
|
||||||
|
-I "${targetPath}" \
|
||||||
|
-f '<nixpkgs/nixos>' config.system.build.toplevel \
|
||||||
|
-o "$outDir/out"
|
||||||
|
|
||||||
|
$outDir/out/bin/switch-to-configuration switch
|
||||||
|
'';
|
||||||
source = source { test = false; };
|
source = source { test = false; };
|
||||||
|
allocateTTY = true;
|
||||||
inherit target;
|
inherit target;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -137,6 +137,8 @@ rec {
|
||||||
type = cidr4;
|
type = cidr4;
|
||||||
} // optionalAttrs (config._module.args.name == "retiolum") {
|
} // optionalAttrs (config._module.args.name == "retiolum") {
|
||||||
default = "10.243.0.0/16";
|
default = "10.243.0.0/16";
|
||||||
|
} // optionalAttrs (config._module.args.name == "wiregrill") {
|
||||||
|
default = "10.244.0.0/16";
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
@ -153,6 +155,8 @@ rec {
|
||||||
type = cidr6;
|
type = cidr6;
|
||||||
} // optionalAttrs (config._module.args.name == "retiolum") {
|
} // optionalAttrs (config._module.args.name == "retiolum") {
|
||||||
default = "42::/16";
|
default = "42::/16";
|
||||||
|
} // optionalAttrs (config._module.args.name == "wiregrill") {
|
||||||
|
default = "42:1::/32";
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
@ -240,6 +244,7 @@ rec {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
|
default = null;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in a new issue