diff options
| -rw-r--r-- | krebs/3modules/backup.nix | 22 | ||||
| -rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/lass/default.nix | 32 | ||||
| -rw-r--r-- | krebs/3modules/miefda/default.nix | 40 | ||||
| -rw-r--r-- | krebs/3modules/tv/default.nix | 1 | ||||
| -rw-r--r-- | krebs/5pkgs/get/default.nix | 6 | ||||
| -rw-r--r-- | krebs/Zhosts/dishfire | 12 | ||||
| -rw-r--r-- | lass/1systems/dishfire.nix | 43 | ||||
| -rw-r--r-- | lass/1systems/mors.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/uriel.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/base.nix | 9 | ||||
| -rw-r--r-- | lass/2configs/baseX.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/buildbot-standalone.nix | 78 | ||||
| -rw-r--r-- | lass/2configs/git.nix | 2 | ||||
| -rw-r--r-- | miefda/1systems/bobby.nix | 102 | ||||
| -rw-r--r-- | miefda/2configs/git.nix | 87 | ||||
| -rw-r--r-- | miefda/2configs/hardware-configuration.nix | 23 | ||||
| -rw-r--r-- | miefda/2configs/miefda.nix | 8 | ||||
| -rw-r--r-- | miefda/2configs/tinc-basic-retiolum.nix | 15 | ||||
| -rw-r--r-- | miefda/2configs/tlp.nix | 25 | ||||
| -rw-r--r-- | miefda/2configs/x220t.nix | 27 | ||||
| -rw-r--r-- | miefda/5pkgs/default.nix | 1 | ||||
| -rw-r--r-- | tv/2configs/backup.nix | 40 |
23 files changed, 539 insertions, 38 deletions
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 01bb16a2b..a1f335905 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -28,9 +28,17 @@ let type = types.krebs.file-location; }; startAt = mkOption { - type = types.str; + default = "hourly"; + type = types.str; # TODO systemd.time(7)'s calendar event }; snapshots = mkOption { + default = { + hourly = { format = "%Y-%m-%dT%H"; retain = 4; }; + daily = { format = "%Y-%m-%d"; retain = 7; }; + weekly = { format = "%YW%W"; retain = 4; }; + monthly = { format = "%Y-%m"; retain = 12; }; + yearly = { format = "%Y"; }; + }; type = types.attrsOf (types.submodule { options = { format = mkOption { @@ -284,3 +292,15 @@ let }; in out +# TODO ionice +# TODO mail on failed push, pull +# TODO mail on missing push +# TODO don't cancel plans on activation +# also, don't hang while deploying at: +# starting the following units: backup.wu-home-xu.push.service, backup.wu-home-xu.push.timer +# TODO make sure /bku is properly mounted +# TODO make sure that secure hosts cannot backup to insecure ones +# TODO optionally only backup when src and dst are near enough :) +# TODO try using btrfs for snapshots (configurable) +# TODO warn if partial snapshots are found +# TODO warn if unknown stuff is found in dst path diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ba1f425d9..65c1aa2ec 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -84,6 +84,7 @@ let imp = mkMerge [ { krebs = import ./lass { inherit lib; }; } { krebs = import ./makefu { inherit lib; }; } + { krebs = import ./miefda { inherit lib; }; } { krebs = import ./mv { inherit lib; }; } { krebs = import ./shared { inherit lib; }; } { krebs = import ./tv { inherit lib; }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 26b0947bb..592ed475d 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -4,6 +4,38 @@ with lib; { hosts = addNames { + dishfire = { + cores = 4; + dc = "lass"; #dc = "cac"; + nets = rec { + internet = { + addrs4 = ["144.76.172.188"]; + aliases = [ + "dishfire.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.133.99"]; + addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"]; + aliases = [ + "dishfire.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs + Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 + uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK + R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd + vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U + HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + #ssh.privkey.path = <secrets/ssh.id_ed25519>; + #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; + }; echelon = { cores = 2; dc = "lass"; #dc = "cac"; diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix new file mode 100644 index 000000000..8ecf898c5 --- /dev/null +++ b/krebs/3modules/miefda/default.nix @@ -0,0 +1,40 @@ +{ lib, ... }: + +with lib; + +{ + hosts = addNames { + bobby = { + cores = 4; + dc = "miefda"; + nets = { + retiolum = { + addrs4 = ["10.243.111.112"]; + addrs6 = ["42:0:0:0:0:0:111:112"]; + aliases = [ + "bobby.retiolum" + "cgit.bobby.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s + uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y + Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny + 0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+ + jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu + cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + #ssh.privkey.path = <secrets/ssh.ed25519>; + #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro"; + }; + }; + users = addNames { + miefda = { + mail = "miefda@miefda.de"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos"; + }; + }; +} diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 6fd1c4224..31c1a375a 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -247,6 +247,7 @@ with lib; }; }; secure = true; + ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; }; xu = { diff --git a/krebs/5pkgs/get/default.nix b/krebs/5pkgs/get/default.nix index 9a0192aab..13cdeca96 100644 --- a/krebs/5pkgs/get/default.nix +++ b/krebs/5pkgs/get/default.nix @@ -1,12 +1,12 @@ { coreutils, gnugrep, gnused, fetchgit, jq, nix, stdenv, ... }: stdenv.mkDerivation { - name = "get-1.3.1"; + name = "get-1.4.0"; src = fetchgit { url = http://cgit.cd.krebsco.de/get; - rev = "64c97edd3f9952cd5e703208c46748a035a515bf"; - sha256 = "32ca83f4fd86fd3285bef9dcfd0917308086d239189858daceca175de49ff97c"; + rev = "08757d47c480c130d69270855c6c0371f6b7d385"; + sha256 = "7c609e2cde7a071bbf62241a7bea60313fdbf076b9f7b3d97226417e13e5ba9d"; }; phases = [ diff --git a/krebs/Zhosts/dishfire b/krebs/Zhosts/dishfire new file mode 100644 index 000000000..c4cf68b6b --- /dev/null +++ b/krebs/Zhosts/dishfire @@ -0,0 +1,12 @@ +Address = 144.76.172.188 +Subnet = 10.243.133.99 +Subnet = 42:0000:0000:0000:0000:0000:d15f:1233 + +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs +Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 +uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK +R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd +vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U +HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix new file mode 100644 index 000000000..a1288d578 --- /dev/null +++ b/lass/1systems/dishfire.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + ../2configs/base.nix + { + boot.loader.grub = { + device = "/dev/vda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "ehci_pci" + "uhci_hcd" + "virtio_pci" + "virtio_blk" + ]; + + fileSystems."/" = { + device = "/dev/mapper/pool-nix"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + } + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + "eth*" + ]; + } + { + sound.enable = false; + } + ]; + + krebs.build.host = config.krebs.hosts.dishfire; +} diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 61f57f1f9..effaa576b 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -25,6 +25,7 @@ ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix + ../2configs/buildbot-standalone.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 1b008cbfd..d53e783d0 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -13,6 +13,7 @@ with builtins; ../2configs/retiolum.nix ../2configs/bitlbee.nix ../2configs/weechat.nix + ../2configs/skype.nix { users.extraUsers = { root = { diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 66e12b262..ab7cda7d3 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -50,7 +50,8 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119"; + rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; + target-path = "/var/src/nixpkgs"; }; dir.secrets = { host = config.krebs.hosts.mors; @@ -176,4 +177,10 @@ with lib; noipv4ll ''; + #CVE-2016-0777 and CVE-2016-0778 workaround + #https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt + programs.ssh.extraConfig = '' + UseRoaming no + ''; + } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 0596682df..ede1c7b7b 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -31,6 +31,7 @@ in { environment.systemPackages = with pkgs; [ + dmenu gitAndTools.qgit mpv much diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix new file mode 100644 index 000000000..4d02fb97a --- /dev/null +++ b/lass/2configs/buildbot-standalone.nix @@ -0,0 +1,78 @@ +{ lib, config, pkgs, ... }: +{ + #networking.firewall.allowedTCPPorts = [ 8010 9989 ]; + krebs.buildbot.master = { + slaves = { + testslave = "lasspass"; + }; + change_source.stockholm = '' + stockholm_repo = 'http://cgit.mors/stockholm' + cs.append(changes.GitPoller( + stockholm_repo, + workdir='stockholm-poller', branch='master', + project='stockholm', + pollinterval=120)) + ''; + scheduler = { + force-scheduler = '' + sched.append(schedulers.ForceScheduler( + name="force", + builderNames=["fast-tests"])) + ''; + fast-tests-scheduler = '' + # test the master real quick + sched.append(schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter(branch="master"), + name="fast-master-test", + builderNames=["fast-tests"])) + ''; + }; + builder_pre = '' + # prepare grab_repo step for stockholm + grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') + + env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"} + + # prepare nix-shell + # the dependencies which are used by the test script + deps = [ "gnumake", "jq","nix","rsync" ] + # TODO: --pure , prepare ENV in nix-shell command: + # SSL_CERT_FILE,LOGNAME,NIX_REMOTE + nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ] + + # prepare addShell function + def addShell(factory,**kwargs): + factory.addStep(steps.ShellCommand(**kwargs)) + ''; + builder = { + fast-tests = '' + f = util.BuildFactory() + f.addStep(grab_repo) + addShell(f,name="mors-eval",env=env, + command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"]) + + bu.append(util.BuilderConfig(name="fast-tests", + slavenames=slavenames, + factory=f)) + ''; + }; + enable = true; + web.enable = true; + irc = { + enable = true; + nick = "lass-buildbot"; + server = "cd.retiolum"; + channels = [ "retiolum" ]; + allowForce = true; + }; + }; + + krebs.buildbot.slave = { + enable = true; + masterhost = "localhost"; + username = "testslave"; + password = "lasspass"; + packages = with pkgs;[ git nix ]; + extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; }; + }; +} diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 16ecaefec..10e54074c 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -74,7 +74,7 @@ let perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional repo.public { - user = [ tv makefu uriel ]; + user = [ tv makefu miefda uriel ]; repo = [ repo ]; perm = fetch; } ++ diff --git a/miefda/1systems/bobby.nix b/miefda/1systems/bobby.nix new file mode 100644 index 000000000..d24595256 --- /dev/null +++ b/miefda/1systems/bobby.nix @@ -0,0 +1,102 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + + ../2configs/miefda.nix + ../2configs/tlp.nix + ../2configs/x220t.nix + ../2configs/hardware-configuration.nix + ../2configs/tinc-basic-retiolum.nix + ../2configs/git.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Select internationalisation properties. + i18n = { + # consoleFont = "Lat2-Terminus16"; + consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + }; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + environment.systemPackages = with pkgs; [ + wget chromium + ]; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable the KDE Desktop Environment. + #services.xserver.displayManager.kdm.enable = true; + services.xserver.desktopManager = { + xfce.enable = true; + xterm.enable= false; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.miefda = { + isNormalUser = true; + initialPassword= "welcome"; + uid = 1000; + extraGroups= [ + "wheel" + ]; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; + + + networking.hostName = config.krebs.build.host.name; + + krebs = { + enable = true; + search-domain = "retiolum"; + build = { + host = config.krebs.hosts.bobby; + user = config.krebs.users.miefda; + source = { + git.nixpkgs = { + url = https://github.com/Lassulus/nixpkgs; + rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251"; + target-path = "/var/src/nixpkgs"; + }; + dir.secrets = { + host = config.krebs.hosts.bobby; + path = "/home/miefda/secrets/${config.krebs.build.host.name}"; + }; + dir.stockholm = { + host = config.krebs.hosts.bobby; + path = "/home/miefda/gits/stockholm"; + }; + }; + }; + }; +} diff --git a/miefda/2configs/git.nix b/miefda/2configs/git.nix new file mode 100644 index 000000000..fec828f80 --- /dev/null +++ b/miefda/2configs/git.nix @@ -0,0 +1,87 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + out = { + krebs.git = { + enable = true; + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = + public-repos // + optionalAttrs config.krebs.build.host.secure restricted-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + painload = {}; + stockholm = { + desc = "take all the computers hostage, they'll love you!"; + }; + #wai-middleware-time = {}; + #web-routes-wai-custom = {}; + #go = {}; + #newsbot-js = {}; + #kimsufi-check = {}; + #realwallpaper = {}; + }; + + restricted-repos = mapAttrs make-restricted-repo ( + { + brain = { + collaborators = with config.krebs.users; [ tv makefu ]; + }; + } // + import <secrets/repos.nix> { inherit config lib pkgs; } + ); + + make-public-repo = name: { desc ? null, ... }: { + inherit name desc; + public = true; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; + channel = "#retiolum"; + server = "cd.retiolum"; + verbose = config.krebs.build.host.name == "bobby"; + }; + }; + }; + + make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: { + inherit name collaborators desc; + public = false; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = miefda; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = [ lass tv makefu uriel ]; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out diff --git a/miefda/2configs/hardware-configuration.nix b/miefda/2configs/hardware-configuration.nix new file mode 100644 index 000000000..3eb1f43fe --- /dev/null +++ b/miefda/2configs/hardware-configuration.nix @@ -0,0 +1,23 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usb_storage" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/4db70ae3-1ff9-43d7-8fcc-83264761a0bb"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nix.maxJobs = 4; +} diff --git a/miefda/2configs/miefda.nix b/miefda/2configs/miefda.nix new file mode 100644 index 000000000..545987a68 --- /dev/null +++ b/miefda/2configs/miefda.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + + #networking.wicd.enable = true; + +} diff --git a/miefda/2configs/tinc-basic-retiolum.nix b/miefda/2configs/tinc-basic-retiolum.nix new file mode 100644 index 000000000..153b41d78 --- /dev/null +++ b/miefda/2configs/tinc-basic-retiolum.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + krebs.retiolum = { + enable = true; + hosts = ../../krebs/Zhosts; + connectTo = [ + "gum" + "pigstarter" + "prism" + "ire" + ]; + }; +} diff --git a/miefda/2configs/tlp.nix b/miefda/2configs/tlp.nix new file mode 100644 index 000000000..0e1bb0d6b --- /dev/null +++ b/miefda/2configs/tlp.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.cpu.intel.updateMicrocode = true; + + zramSwap.enable = true; + zramSwap.numDevices = 2; + + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 220; + emulateWheel = true; + }; + + + services.tlp.enable = true; + services.tlp.extraConfig = '' + START_CHARGE_THRESH_BAT0=80 + ''; +} diff --git a/miefda/2configs/x220t.nix b/miefda/2configs/x220t.nix new file mode 100644 index 000000000..bea84f796 --- /dev/null +++ b/miefda/2configs/x220t.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + + services.xserver = { + xkbVariant = "altgr-intl"; + videoDriver = "intel"; + # vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; + deviceSection = '' + Option "AccelMethod" "sna" + ''; + }; + + + + services.xserver.displayManager.sessionCommands ='' + xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 + xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2 + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 + # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 + ''; + + hardware.bluetooth.enable = true; + + +} diff --git a/miefda/5pkgs/default.nix b/miefda/5pkgs/default.nix new file mode 100644 index 000000000..2eb33a153 --- /dev/null +++ b/miefda/5pkgs/default.nix @@ -0,0 +1 @@ +_:{} diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index 51d3bb8a7..ce937a744 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -2,41 +2,17 @@ with lib; { krebs.backup.plans = addNames { - xu-test-cd = { + wu-home-xu = { method = "push"; - - src = { host = config.krebs.hosts.xu; path = "/tmp/xu-test"; }; - dst = { host = config.krebs.hosts.cd; path = "/tmp/backups/xu-test"; }; - - #startAt = "0,6,12,18:00"; - startAt = "minutely"; + src = { host = config.krebs.hosts.wu; path = "/home"; }; + dst = { host = config.krebs.hosts.xu; path = "/bku/wu-home"; }; + startAt = "05:00"; snapshots = { - minutely = { format = "%Y-%m-%dT%H:%M"; retain = 5; }; - hourly = { format = "%Y-%m-%dT%H"; retain = 4; }; - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; + daily = { format = "%Y-%m-%d"; retain = 7; }; + weekly = { format = "%YW%W"; retain = 4; }; + monthly = { format = "%Y-%m"; retain = 12; }; + yearly = { format = "%Y"; }; }; }; - #xu-test-wu = { - # method = "push"; - # dst = { user = tv; host = wu; path = "/krebs/backup/xu-test"; }; - #}; - cd-test-xu = { - method = "pull"; - src = { host = config.krebs.hosts.cd; path = "/tmp/cd-test"; }; - dst = { host = config.krebs.hosts.xu; path = "/tmp/backups/cd-test"; }; - startAt = "minutely"; - snapshots = { - minutely = { format = "%Y-%m-%dT%H:%M"; retain = 5; }; - hourly = { format = "%Y-%m-%dT%H"; retain = 4; }; - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; - }; - }; } |