diff options
Diffstat (limited to 'makefu/1systems')
88 files changed, 0 insertions, 3694 deletions
diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix deleted file mode 100644 index b9550cb2e..000000000 --- a/makefu/1systems/cake/config.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ... }: -let - primaryInterface = "eth0"; -in { - imports = [ - <stockholm/makefu> - ./hardware-config.nix - <stockholm/makefu/2configs/home-manager> - <stockholm/makefu/2configs/home/3dprint.nix> - #./hardware-config.nix - { environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];} - # <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/binary-cache/nixos.nix> - #<stockholm/makefu/2configs/support-nixos.nix> - # <stockholm/makefu/2configs/homeautomation/default.nix> - # <stockholm/makefu/2configs/homeautomation/google-muell.nix> - # <stockholm/makefu/2configs/hw/pseyecam.nix> - # configure your hw: - # <stockholm/makefu/2configs/save-diskspace.nix> - - # directly use the alsa device instead of attaching to pulse - - <stockholm/makefu/2configs/audio/respeaker.nix> - <stockholm/makefu/2configs/home/rhasspy/default.nix> - <stockholm/makefu/2configs/home/rhasspy/led-control.nix> - ]; - krebs = { - enable = true; - tinc.retiolum.enable = true; - build.host = config.krebs.hosts.cake; - }; - # ensure disk usage is limited - services.journald.extraConfig = "Storage=volatile"; - networking.firewall.trustedInterfaces = [ primaryInterface ]; - documentation.info.enable = false; - documentation.man.enable = false; - documentation.nixos.enable = false; -} diff --git a/makefu/1systems/cake/hardware-config.nix b/makefu/1systems/cake/hardware-config.nix deleted file mode 100644 index 932aa1929..000000000 --- a/makefu/1systems/cake/hardware-config.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, lib, ... }: -{ - environment.systemPackages = [ pkgs.libraspberrypi ]; - imports = [ <nixos-hardware/raspberry-pi/4> ]; - boot.kernelPackages = pkgs.linuxPackages_rpi4; - fileSystems = { - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - }; - hardware.raspberry-pi."4".fkms-3d.enable = true; - hardware.raspberry-pi."4".audio.enable = true; -} diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix deleted file mode 100644 index 8fc2fff2d..000000000 --- a/makefu/1systems/cake/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - name="cake"; - full = true; - home-manager = true; - hw = true; -} diff --git a/makefu/1systems/crapi/README b/makefu/1systems/crapi/README deleted file mode 100644 index 9278c764a..000000000 --- a/makefu/1systems/crapi/README +++ /dev/null @@ -1,4 +0,0 @@ -1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard -2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate -3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix -5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=% diff --git a/makefu/1systems/crapi/config.nix b/makefu/1systems/crapi/config.nix deleted file mode 100644 index e7c6c3666..000000000 --- a/makefu/1systems/crapi/config.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - imports = [ - <stockholm/makefu> - ./hardware-config.nix - <stockholm/makefu/2configs> - <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/save-diskspace.nix> - - ]; - krebs.build.host = config.krebs.hosts.crapi; - - services.openssh.enable = true; - -} diff --git a/makefu/1systems/crapi/hardware-config.nix b/makefu/1systems/crapi/hardware-config.nix deleted file mode 100644 index bba31dabd..000000000 --- a/makefu/1systems/crapi/hardware-config.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ pkgs, lib, ... }: -{ - #raspi1 - boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ]; - - boot.loader.grub.enable = false; - boot.loader.raspberryPi.enable = true; - boot.loader.raspberryPi.version = 1; - boot.loader.raspberryPi.uboot.enable = true; - boot.loader.raspberryPi.uboot.configurationLimit = 1; - boot.loader.generationsDir.enable = lib.mkDefault false; - hardware.enableRedistributableFirmware = true; - boot.cleanTmpDir = true; - environment.systemPackages = [ pkgs.raspberrypi-tools ]; - boot.kernelPackages = pkgs.linuxPackages_rpi; - - nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; - nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-label/NIXOS_BOOT"; - fsType = "vfat"; - }; - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - }; - }; - - system.activationScripts.create-swap = '' - if [ ! -e /swapfile ]; then - fallocate -l 2G /swapfile - mkswap /swapfile - chmod 600 /swapfile - fi - ''; - swapDevices = [ { device = "/swapfile"; size = 4096; } ]; -} diff --git a/makefu/1systems/crapi/source.nix b/makefu/1systems/crapi/source.nix deleted file mode 100644 index 4a4359ee6..000000000 --- a/makefu/1systems/crapi/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - arm6 = true; -} diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix deleted file mode 100644 index 4e71d1426..000000000 --- a/makefu/1systems/darth/config.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import <stockholm/lib>; -let - # all the good stuff resides in /data - - byid = dev: "/dev/disk/by-id/" + dev; - rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN"; - bootPart = rootDisk + "-part1"; - rootPart = rootDisk + "-part2"; - - allDisks = [ rootDisk ]; # auxDisk -in { - imports = [ - <stockholm/makefu> - <stockholm/makefu/2configs/fs/sda-crypto-root.nix> - <stockholm/makefu/2configs/sshd-totp.nix> - <stockholm/makefu/2configs/zsh-user.nix> - <stockholm/makefu/2configs/smart-monitor.nix> - <stockholm/makefu/2configs/exim-retiolum.nix> - # <stockholm/makefu/2configs/virtualisation/libvirt.nix> - - <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/stats/client.nix> - # <stockholm/makefu/2configs/nsupdate-data.nix> - - <stockholm/makefu/2configs/share/anon-ftp.nix> - - # lan party - <stockholm/makefu/2configs/lanparty/lancache.nix> - <stockholm/makefu/2configs/lanparty/lancache-dns.nix> - <stockholm/makefu/2configs/lanparty/samba.nix> - <stockholm/makefu/2configs/lanparty/mumble-server.nix> - <stockholm/makefu/2configs/virtualisation/libvirt.nix> - ]; - - - - #networking.firewall.enable = false; - makefu.server.primary-itf = "enp0s25"; - # krebs.hidden-ssh.enable = true; - boot.kernelModules = [ "coretemp" "f71882fg" ]; - hardware.enableRedistributableFirmware = true; - nixpkgs.config.allowUnfree = true; - networking = { - wireless.enable = true; - firewall = { - allowPing = true; - logRefusedConnections = false; - # trustedInterfaces = [ "eno1" ]; - allowedUDPPorts = [ 80 655 1655 67 ]; - allowedTCPPorts = [ 80 655 1655 ]; - }; - # fallback connection to the internal virtual network - # interfaces.virbr3.ip4 = [{ - # address = "10.8.8.2"; - # prefixLength = 24; - # }]; - }; - - # TODO smartd omo darth gum all-in-one - services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - - boot.loader.grub.device = rootDisk; - boot.initrd.luks.devices = [ - { name = "luksroot"; - device = rootPart; - allowDiscards = true; - keyFileSize = 4096; - keyFile = "/dev/sdb"; - } - ]; - - krebs.build.host = config.krebs.hosts.darth; -} diff --git a/makefu/1systems/darth/source.nix b/makefu/1systems/darth/source.nix deleted file mode 100644 index a8d7368ab..000000000 --- a/makefu/1systems/darth/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="darth"; -} diff --git a/makefu/1systems/drop/config.nix b/makefu/1systems/drop/config.nix deleted file mode 100644 index 2757db8cc..000000000 --- a/makefu/1systems/drop/config.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, pkgs, ... }: -let - external-ip = "45.55.145.62"; - default-gw = "45.55.128.1"; - prefixLength = 18; -in { - imports = [ - <stockholm/makefu> - <stockholm/makefu/2configs/hw/CAC.nix> - <stockholm/makefu/2configs/save-diskspace.nix> - <stockholm/makefu/2configs/torrent.nix> - ]; - krebs = { - enable = true; - tinc.retiolum.enable = true; - build.host = config.krebs.hosts.drop; - }; - - boot.loader.grub.device = "/dev/vda"; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; - fileSystems."/" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - - networking = { - firewall = { - allowPing = true; - logRefusedConnections = false; - allowedTCPPorts = [ ]; - allowedUDPPorts = [ 655 ]; - }; - interfaces.enp0s3.ipv4.addresses = [{ - address = external-ip; - inherit prefixLength; - }]; - defaultGateway = default-gw; - nameservers = [ "8.8.8.8" ]; - }; -} diff --git a/makefu/1systems/drop/source.nix b/makefu/1systems/drop/source.nix deleted file mode 100644 index a6bc834b0..000000000 --- a/makefu/1systems/drop/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - name="drop"; - torrent = true; -} diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix deleted file mode 100644 index 7e9dea9ec..000000000 --- a/makefu/1systems/fileleech/config.nix +++ /dev/null @@ -1,174 +0,0 @@ -{ config, pkgs, lib, ... }: -let - toMapper = id: "/media/crypt${builtins.toString id}"; - byid = dev: "/dev/disk/by-id/" + dev; - keyFile = byid "usb-Intuix_DiskOnKey_09A07360336198F8-0:0"; - rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; - rootPartition = rootDisk + "-part3"; - - dataDisks = let - idpart = dev: byid dev + "-part1"; - in [ - { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";} - { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";} - { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";} - { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";} - { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";} - { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";} - { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";} - { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity - ]; - - disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks; -in { - imports = [ - <stockholm/makefu> - <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/disable_v6.nix> - <stockholm/makefu/2configs/torrent.nix> - <stockholm/makefu/2configs/fs/sda-crypto-root.nix> - - #<stockholm/makefu/2configs/elchos/irc-token.nix> - # <stockholm/makefu/2configs/elchos/log.nix> - # <stockholm/makefu/2configs/elchos/search.nix> - # <stockholm/makefu/2configs/elchos/stats.nix> - - ]; - systemd.services.grafana.serviceConfig.LimitNOFILE=10032; - systemd.services.graphiteApi.serviceConfig.LimitNOFILE=10032; - systemd.services.carbonCache.serviceConfig.LimitNOFILE=10032; - makefu.server.primary-itf = "enp8s0f0"; - krebs = { - enable = true; - build.host = config.krebs.hosts.fileleech; - }; - # git clone https://github.com/makefu/docker-pyload - # docker build . - # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload - - virtualisation.docker.enable = true; # for pyload - networking.firewall.allowPing = true; - networking.firewall.logRefusedConnections = false; - networking.firewall.allowedTCPPorts = [ - 51412 # torrent - 8112 # rutorrent-web - 8113 # pyload - 8080 # sabnzbd - 9090 # sabnzbd-ssl - 655 # tinc - 21 # ftp - ]; - services.nginx.virtualHosts._download = { - default = true; - root = config.makefu.dl-dir; - extraConfig = '' - autoindex on; - ''; - basicAuth = import <secrets/kibana-auth.nix>; - }; - networking.firewall.allowedUDPPorts = [ - 655 # tinc - 51412 # torrent - ]; - - services.vsftpd.enable = true; - services.vsftpd.localUsers = true; - services.vsftpd.userlist = [ "download" ]; - services.vsftpd.userlistEnable = true; - # services.vsftpd.chrootlocalUser = true; - - services.sabnzbd.enable = true; - systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - - # TODO use users.motd and pam.services.sshd.showMotd - services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" '' - Services: - ssh://download@fileleech - ssh via filebitch - ftp://download@fileleech - access to ${config.makefu.dl-dir} - http://fileleech:8112 - rutorrent - http://fileleech:8113 - pyload - https://fileleech:9090 - sabnzb - ''; in "Banner ${banner}"; - - boot.initrd.luks = { - devices = let - usbkey = name: device: { - inherit name device keyFile; - keyFileSize = 4096; - allowDiscards = true; - }; - in builtins.map (x: usbkey x.name x.device) disks; - }; - environment.systemPackages = with pkgs;[ mergerfs ]; - - fileSystems = let - cryptMount = name: - { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; - in cryptMount "crypt0" - // cryptMount "crypt1" - // cryptMount "crypt2" - // cryptMount "crypt3" - // cryptMount "crypt4" - // cryptMount "crypt5" - // cryptMount "crypt6" - // cryptMount "crypt7" - - # this entry sometimes creates issues - // { "/media/cryptX" = { - device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 4 5 6 ]); - fsType = "mergerfs"; - noCheck = true; - options = [ "defaults" "nofail" "allow_other" "nonempty" ]; }; - } - - ; - makefu.dl-dir = "/media/cryptX"; - users.users.download = { - useDefaultShell = true; - # name = "download"; - # createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.makefu.pubkey - config.krebs.users.lass.pubkey - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch" - ]; - }; - makefu.snapraid = { - enable = true; - disks = map toMapper [ 0 1 2 3 4 5 6 ]; - parity = toMapper 7; - }; - networking.nameservers = [ "8.8.8.8" ]; - # SPF - networking.defaultGateway = "151.217.176.1"; - networking.interfaces.enp6s0f0.ipv4.addresses = [{ - address = "151.217.178.63"; - prefixLength = 22; - }]; - - # Gigabit - networking.interfaces.enp8s0f1.ipv4.addresses = [{ - address = "192.168.126.1"; - prefixLength = 24; - }]; - - #interfaces.enp6s0f1.ip4 = [{ - # address = external-ip; - # prefixLength = 22; - #}]; - - boot.loader.grub.device = rootDisk; - - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "aacraid" "usb_storage" "usbhid" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - # http://blog.hackathon.de/using-unsupported-sfp-modules-with-linux.html - boot.extraModprobeConfig = '' - options ixgbe allow_unsupported_sfp=1 - ''; -} diff --git a/makefu/1systems/fileleech/source.nix b/makefu/1systems/fileleech/source.nix deleted file mode 100644 index b6951a273..000000000 --- a/makefu/1systems/fileleech/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - name = "fileleech"; - torrent = true; -} diff --git a/makefu/1systems/filepimp/config.nix b/makefu/1systems/filepimp/config.nix deleted file mode 100644 index 3edfffb78..000000000 --- a/makefu/1systems/filepimp/config.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, lib, ... }: -# nix-shell -p wol --run 'wol C8:CB:B8:CF:E4:DC --passwd=CA-FE-BA-BE-13-37' -let - itf = config.makefu.server.primary-itf; -in { - imports = - [ # Include the results of the hardware scan. - ./hw.nix - <stockholm/makefu> - <stockholm/makefu/2configs/home-manager> - <stockholm/makefu/2configs/fs/single-partition-ext4.nix> - <stockholm/makefu/2configs/smart-monitor.nix> - <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/filepimp-share.nix> - ]; - - krebs.build.host = config.krebs.hosts.filepimp; - - networking.firewall.trustedInterfaces = [ itf ]; - networking.interfaces.${itf}.wakeOnLan.enable = true; - -} diff --git a/makefu/1systems/filepimp/hw.nix b/makefu/1systems/filepimp/hw.nix deleted file mode 100644 index 6f02d9b1b..000000000 --- a/makefu/1systems/filepimp/hw.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - byid = dev: "/dev/disk/by-id/" + dev; - part1 = disk: disk + "-part1"; - rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890"; - primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc - # N54L Chassis: - # ____________________ - # |______FRONT_______| - # | [ ]| - # | [ d1 d0 d3 d4 ]| - # |___[_____________]| - jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA"; - - # transfer to omo - jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; - jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363"; - jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA"; - allDisks = [ rootDisk jDisk0 jDisk1 jDisk2 jDisk3 ]; -in { - boot = { - loader.grub.device = rootDisk; - - initrd.availableKernelModules = [ - "ahci" - "ohci_pci" - "ehci_pci" - "pata_atiixp" - "usb_storage" - "usbhid" - ]; - - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; - }; - makefu.server.primary-itf = primary-interface; - - hardware.enableRedistributableFirmware = true; - hardware.cpu.amd.updateMicrocode = true; - - zramSwap.enable = true; - - makefu.snapraid = let - toMedia = name: "/media/" + name; - in { - enable = true; - # todo combine creation when enabling the mount point - disks = map toMedia [ - "j0" - "j1" - "j2" - ]; - parity = toMedia "par0"; - }; - # TODO: refactor, copy-paste from omo - services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' - ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} - ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} - ${pkgs.hdparm}/sbin/hdparm -y ${disk} - '') allDisks); - fileSystems = let - xfsmount = name: dev: - { "/media/${name}" = { - device = dev; fsType = "xfs"; - options = [ "nofail" ]; - }; }; - tomedia = id: "/media/${id}"; - in - (xfsmount "j0" (part1 jDisk0)) // - (xfsmount "j1" (part1 jDisk1)) // - (xfsmount "j2" (part1 jDisk2)) // - (xfsmount "par0" (part1 jDisk3)) // - { "/media/jX" = { - device = (lib.concatMapStringsSep ":" (d: (tomedia d)) ["j0" "j1" "j2" ]); - fsType = "mergerfs"; - noCheck = true; - options = [ "defaults" "allow_other" "nofail" "nonempty" ]; - }; - }; - environment.systemPackages = [ pkgs.mergerfs ]; -} diff --git a/makefu/1systems/filepimp/source.nix b/makefu/1systems/filepimp/source.nix deleted file mode 100644 index 9930f0e42..000000000 --- a/makefu/1systems/filepimp/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - name="filepimp"; - home-manager = true; -} diff --git a/makefu/1systems/firecracker/config.nix b/makefu/1systems/firecracker/config.nix deleted file mode 100644 index 87f500287..000000000 --- a/makefu/1systems/firecracker/config.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: -let - primaryInterface = "eth0"; -in { - imports = [ - <stockholm/makefu> - ./hardware-config.nix - # <stockholm/makefu/2configs/tools/core.nix> - { environment.systemPackages = with pkgs;[ rsync screen curl git ];} - <stockholm/makefu/2configs/binary-cache/nixos.nix> - #<stockholm/makefu/2configs/support-nixos.nix> -# configure your hw: -# <stockholm/makefu/2configs/save-diskspace.nix> - ]; - krebs = { - enable = true; - tinc.retiolum.enable = true; - build.host = config.krebs.hosts.firecracker; - }; - networking.firewall.trustedInterfaces = [ primaryInterface ]; - documentation.info.enable = false; - documentation.man.enable = false; - services.nixosManual.enable = false; - sound.enable = false; -} diff --git a/makefu/1systems/firecracker/hardware-config.nix b/makefu/1systems/firecracker/hardware-config.nix deleted file mode 100644 index b821a3375..000000000 --- a/makefu/1systems/firecracker/hardware-config.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, lib, ... }: -{ - boot.kernelParams = lib.mkForce ["console=ttyS2,1500000n8" "earlycon=uart8250,mmio32,0xff1a0000" "earlyprintk"]; - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; - boot.loader.generic-extlinux-compatible.configurationLimit = 1; - boot.loader.generationsDir.enable = lib.mkDefault false; - boot.supportedFilesystems = lib.mkForce [ "vfat" ]; - - boot.tmpOnTmpfs = lib.mkForce false; - boot.cleanTmpDir = true; - hardware.enableRedistributableFirmware = true; - - ## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747 - boot.kernelPackages = pkgs.linuxPackages_latest; - networking.wireless.enable = true; - # File systems configuration for using the installer's partition layout - swapDevices = [ { device = "/var/swap"; size = 4096; } ]; - fileSystems = { - "/boot" = { - device = "/dev/disk/by-label/NIXOS_BOOT"; - fsType = "vfat"; - }; - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - }; - }; - -} diff --git a/makefu/1systems/firecracker/source.nix b/makefu/1systems/firecracker/source.nix deleted file mode 100644 index 22c40039e..000000000 --- a/makefu/1systems/firecracker/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - name="cake"; - full = true; -} diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix deleted file mode 100644 index f40f113bb..000000000 --- a/makefu/1systems/gum/config.nix +++ /dev/null @@ -1,261 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - ext-if = config.makefu.server.primary-itf; - allDisks = [ "/dev/sda" "/dev/sdb" ]; -in { - imports = [ - <stockholm/makefu> - ./hetznercloud - { - # wait for mount - systemd.services.rtorrent.wantedBy = lib.mkForce []; - systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce []; - systemd.services.samba-smbd.wantedBy = lib.mkForce []; - } - { - users.users.lass = { - uid = 19002; - isNormalUser = true; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - makefu.pubkey - ]; - }; - } - <stockholm/makefu/2configs/nur.nix> - <stockholm/makefu/2configs/support-nixos.nix> - <stockholm/makefu/2configs/nix-community/supervision.nix> - <stockholm/makefu/2configs/home-manager> - <stockholm/makefu/2configs/home-manager/cli.nix> - # <stockholm/makefu/2configs/stats/client.nix> - <stockholm/makefu/2configs/share> - <stockholm/makefu/2configs/share/hetzner-client.nix> - # <stockholm/makefu/2configs/stats/netdata-server.nix> - - <stockholm/makefu/2configs/headless.nix> - - # Security - <stockholm/makefu/2configs/sshd-totp.nix> - - # Tools - <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/tools/dev.nix> - <stockholm/makefu/2configs/tools/sec.nix> - #<stockholm/makefu/2configs/tools/desktop.nix> - - <stockholm/makefu/2configs/zsh-user.nix> - <stockholm/makefu/2configs/mosh.nix> - <stockholm/makefu/2configs/storj/forward-port.nix> - # <stockholm/makefu/2configs/gui/xpra.nix> - - # networking - # <stockholm/makefu/2configs/vpn/vpnws/server.nix> - #<stockholm/makefu/2configs/dnscrypt/server.nix> - # <stockholm/makefu/2configs/iodined.nix> - # <stockholm/makefu/2configs/backup.nix> - <stockholm/makefu/2configs/tinc/retiolum.nix> - { # bonus retiolum config for connecting more hosts - krebs.tinc.retiolum = { - #extraConfig = lib.mkForce '' - # ListenAddress = ${external-ip} 53 - # ListenAddress = ${external-ip} 655 - # ListenAddress = ${external-ip} 21031 - # StrictSubnets = yes - # LocalDiscovery = no - #''; - connectTo = [ - "prism" "ni" "enklave" "eve" "dishfire" - ]; - }; - networking.firewall = { - allowedTCPPorts = - [ - 53 - 655 - 21031 - ]; - allowedUDPPorts = - [ - 53 - 655 - 21031 - ]; - }; - } - - # ci - # <stockholm/makefu/2configs/exim-retiolum.nix> - <stockholm/makefu/2configs/git/cgit-retiolum.nix> - - ### systemdUltras ### - <stockholm/makefu/2configs/systemdultras/ircbot.nix> - - ###### Shack ##### - # <stockholm/makefu/2configs/shack/events-publisher> - # <stockholm/makefu/2configs/shack/gitlab-runner> - - - <stockholm/makefu/2configs/remote-build/slave.nix> - <stockholm/makefu/2configs/remote-build/aarch64-community.nix> - <stockholm/makefu/2configs/taskd.nix> - - # services - <stockholm/makefu/2configs/bitlbee.nix> # postgres backend - # <stockholm/makefu/2configs/sabnzbd.nix> - # <stockholm/makefu/2configs/mail/mail.euer.nix> - { krebs.exim.enable = mkDefault true; } - <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix> - - # sharing - <stockholm/makefu/2configs/share/gum.nix> # samba sahre - <stockholm/makefu/2configs/torrent/rtorrent.nix> - # <stockholm/makefu/2configs/sickbeard> - - { nixpkgs.config.allowUnfree = true; } - #<stockholm/makefu/2configs/retroshare.nix> - ## <stockholm/makefu/2configs/ipfs.nix> - #<stockholm/makefu/2configs/syncthing.nix> - # <stockholm/makefu/2configs/sync> - # <stockholm/makefu/2configs/opentracker.nix> - - - ## network - # <stockholm/makefu/2configs/vpn/openvpn-server.nix> - # <stockholm/makefu/2configs/vpn/vpnws/server.nix> - <stockholm/makefu/2configs/binary-cache/server.nix> - { makefu.backup.server.repo = "/var/backup/borg"; } - <stockholm/makefu/2configs/backup/server.nix> - <stockholm/makefu/2configs/backup/state.nix> - <stockholm/makefu/2configs/wireguard/server.nix> - <stockholm/makefu/2configs/wireguard/wiregrill.nix> - - { # recent changes mediawiki bot - networking.firewall.allowedUDPPorts = [ 5005 5006 ]; - } - # Removed until move: no extra mails - # <stockholm/makefu/2configs/urlwatch> - # Removed until move: avoid letsencrypt ban - ### Web - - <stockholm/makefu/2configs/bitwarden.nix> # postgres backend - <stockholm/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix> # postgres backend - <stockholm/makefu/2configs/deployment/rss/ratt.nix> - - <stockholm/makefu/2configs/deployment/ntfysh.nix> - <stockholm/makefu/2configs/deployment/owncloud.nix> #postgres backend - ### Moving owncloud data dir to /media/cloud/nextcloud-data - { - users.users.nextcloud.extraGroups = [ "download" ]; - # nextcloud-setup fails as it cannot set permissions for nextcloud - systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1"; - systemd.tmpfiles.rules = [ - "L /var/lib/nextcloud/data - - - - /media/cloud/nextcloud-data" - "L /var/backup - - - - /media/cloud/gum-backup" - ]; - #fileSystems."/var/lib/nextcloud/data" = { - # device = "/media/cloud/nextcloud-data"; - # options = [ "bind" ]; - #}; - #fileSystems."/var/backup" = { - # device = "/media/cloud/gum-backup"; - # options = [ "bind" ]; - #}; - } - - <stockholm/makefu/2configs/nginx/dl.euer.krebsco.de.nix> - #<stockholm/makefu/2configs/nginx/euer.test.nix> - <stockholm/makefu/2configs/nginx/euer.mon.nix> - <stockholm/makefu/2configs/nginx/euer.wiki.nix> - <stockholm/makefu/2configs/nginx/euer.blog.nix> - <stockholm/makefu/2configs/nginx/music.euer.nix> - ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix> - #<stockholm/makefu/2configs/nginx/public_html.nix> - #<stockholm/makefu/2configs/nginx/update.connector.one.nix> - <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> - # <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> - # <stockholm/makefu/2configs/nginx/iso.euer.nix> - - # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> - # <stockholm/makefu/2configs/deployment/graphs.nix> - #<stockholm/makefu/2configs/deployment/owncloud.nix> - # <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix> - #<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de> - <stockholm/makefu/2configs/deployment/boot-euer.nix> - <stockholm/makefu/2configs/deployment/gecloudpad> - #<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix> - <stockholm/makefu/2configs/deployment/mediengewitter.de.nix> - <stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix> - # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix> - - <stockholm/makefu/2configs/shiori.nix> - #<stockholm/makefu/2configs/workadventure> - - <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix> - <stockholm/makefu/2configs/bgt/hidden_service.nix> - <stockholm/makefu/2configs/bgt/backup.nix> - # <stockholm/makefu/2configs/bgt/social-to-irc.nix> - - # <stockholm/makefu/2configs/logging/client.nix> - - # sharing - <stockholm/makefu/2configs/dcpp/airdcpp.nix> - { krebs.airdcpp.dcpp.shares = { - download.path = config.makefu.dl-dir + "/finished"; - sorted.path = config.makefu.dl-dir + "/sorted"; - }; - } - <stockholm/makefu/2configs/dcpp/hub.nix> - - ## Temporary: - # <stockholm/makefu/2configs/temp/rst-issue.nix> - # <stockholm/makefu/2configs/virtualisation/docker.nix> - #<stockholm/makefu/2configs/virtualisation/libvirt.nix> - - # krebs infrastructure services - # <stockholm/makefu/2configs/stats/server.nix> - ]; - - # makefu.dl-dir = "/var/download"; - makefu.dl-dir = "/media/cloud/download/finished"; - - services.openssh.hostKeys = lib.mkForce [ - { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; } - { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ]; - ###### stable - security.acme.certs."cgit.euer.krebsco.de" = { - email = "letsencrypt@syntax-fehler.de"; - webroot = "/var/lib/acme/acme-challenge"; - group = "nginx"; - }; - services.nginx.virtualHosts."cgit" = { - serverAliases = [ "cgit.euer.krebsco.de" ]; - addSSL = true; - sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem"; - locations."/.well-known/acme-challenge".extraConfig = '' - root /var/lib/acme/acme-challenge; - ''; - }; - - krebs.build.host = config.krebs.hosts.gum; - - # Network - networking = { - firewall = { - allowedTCPPorts = [ - 80 443 - 28967 # storj - ]; - allowPing = true; - logRefusedConnections = false; - }; - nameservers = [ "8.8.8.8" ]; - }; - users.users.makefu.extraGroups = [ "download" "nginx" ]; - state = [ "/home/makefu/.weechat" ]; -} diff --git a/makefu/1systems/gum/hetzner/default.nix b/makefu/1systems/gum/hetzner/default.nix deleted file mode 100644 index 7d445879a..000000000 --- a/makefu/1systems/gum/hetzner/default.nix +++ /dev/null @@ -1,116 +0,0 @@ -{ config, ... }: -let - external-mac = "50:46:5d:9f:63:6b"; - main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; - sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; - external-gw = "144.76.26.225"; - # single partition, label "nixos" - # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate - - - # static - external-ip = "144.76.26.247"; - external-ip6 = "2a01:4f8:191:12f6::2"; - external-gw6 = "fe80::1"; - external-netmask = 27; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly -in { - imports = [ - <stockholm/makefu/2configs/smart-monitor.nix> - { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; } - - ]; - makefu.server.primary-itf = ext-if; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - networking = { - interfaces."${ext-if}" = { - ipv4.addresses = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - ipv6.addresses = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - defaultGateway6 = { address = external-gw6; interface = ext-if; }; - defaultGateway = external-gw; - }; - boot.kernelParams = [ ]; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ main-disk ]; - boot.initrd.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" ]; - boot.initrd.availableKernelModules = [ - "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" - "xhci_pci" "ehci_pci" "ahci" "sd_mod" - ]; - boot.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" "kvm-intel" ]; - hardware.enableRedistributableFirmware = true; - fileSystems."/" = { - device = "/dev/nixos/root"; - fsType = "ext4"; - }; - fileSystems."/var/lib" = { - device = "/dev/nixos/lib"; - fsType = "ext4"; - }; - fileSystems."/var/log" = { - device = "/dev/nixos/log"; - fsType = "ext4"; - }; - fileSystems."/var/download" = { - device = "/dev/nixos/download"; - fsType = "ext4"; - }; - fileSystems."/var/www/binaergewitter" = { - device = "/dev/nixos/binaergewitter"; - fsType = "ext4"; - options = [ "nofail" ]; - }; - fileSystems."/var/lib/nextcloud/data" = { - device = "/dev/nixos/nextcloud"; - fsType = "ext4"; - options = [ "nofail" ]; - }; - fileSystems."/var/lib/borgbackup" = { - device = "/dev/nixos/backup"; - fsType = "ext4"; - }; - fileSystems."/boot" = { - device = "/dev/sda2"; - fsType = "vfat"; - }; - # parted -s -a optimal "$disk" \ - # mklabel gpt \ - # mkpart no-fs 0 1024KiB \ - # set 1 bios_grub on \ - # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ - # mkpart primary 1025MiB 100% - # parted -s -a optimal "/dev/sdb" \ - # mklabel gpt \ - # mkpart primary 1M 100% - - #mkfs.vfat /dev/sda2 - #pvcreate /dev/sda3 - #pvcreate /dev/sdb1 - #vgcreate nixos /dev/sda3 /dev/sdb1 - #lvcreate -L 120G -m 1 -n root nixos - #lvcreate -L 50G -m 1 -n lib nixos - #lvcreate -L 100G -n download nixos - #lvcreate -L 100G -n backup nixos - #mkfs.ext4 /dev/mapper/nixos-root - #mkfs.ext4 /dev/mapper/nixos-lib - #mkfs.ext4 /dev/mapper/nixos-download - #mkfs.ext4 /dev/mapper/nixos-borgbackup - #mount /dev/mapper/nixos-root /mnt - #mkdir /mnt/boot - #mount /dev/sda2 /mnt/boot - #mkdir -p /mnt/var/src - #touch /mnt/var/src/.populate - -} diff --git a/makefu/1systems/gum/hetznercloud/default.nix b/makefu/1systems/gum/hetznercloud/default.nix deleted file mode 100644 index cfcd894af..000000000 --- a/makefu/1systems/gum/hetznercloud/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - - imports = - [ ./network.nix - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - # Disk - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/nix" = - { device = "rpool/nix"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - boot.loader.grub.device = "/dev/sda"; - - networking.hostId = "3150697b"; # required for zfs use - boot.tmpOnTmpfs = true; - boot.supportedFilesystems = [ "zfs" ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.copyKernels = true; - boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues - boot.kernelParams = [ - "boot.shell_on_fail" - "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues - ]; -} diff --git a/makefu/1systems/gum/hetznercloud/doit b/makefu/1systems/gum/hetznercloud/doit deleted file mode 100644 index 45798587a..000000000 --- a/makefu/1systems/gum/hetznercloud/doit +++ /dev/null @@ -1,13 +0,0 @@ -ROOT_DEVICE=/dev/sda2 -NIXOS_BOOT=/dev/sda1 - -zpool create -o ashift=12 -o altroot=/mnt rpool $ROOT_DEVICE -zfs create -o mountpoint=legacy rpool/root -zfs create -o mountpoint=legacy rpool/home -zfs create -o mountpoint=legacy rpool/nix -mount -t zfs rpool/root /mnt -mkdir /mnt/{home,nix,boot} -mount -t zfs rpool/home /mnt/home -mount -t zfs rpool/nix /mnt/nix -mount $NIXOS_BOOT /mnt/boot/ - diff --git a/makefu/1systems/gum/hetznercloud/network.nix b/makefu/1systems/gum/hetznercloud/network.nix deleted file mode 100644 index 5159cf570..000000000 --- a/makefu/1systems/gum/hetznercloud/network.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -let - external-mac = "96:00:01:24:33:f4"; - external-gw = "172.31.1.1"; - external-ip = "142.132.189.140"; - external-ip6 = "2a01:4f8:1c17:5cdf::2"; - external-gw6 = "fe80::1"; - external-netmask = 32; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly -in -{ - makefu.server.primary-itf = ext-if; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - networking = { - enableIPv6 = true; - nat.enableIPv6 = true; - interfaces."${ext-if}" = { - useDHCP = true; - ipv6.addresses = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - #ipv4.addresses = [{ - # address = external-ip; - # prefixLength = external-netmask; - #}]; - defaultGateway6 = { address = external-gw6; interface = ext-if; }; - #defaultGateway = external-gw; - nameservers = [ "1.1.1.1" ]; - }; -} diff --git a/makefu/1systems/gum/hetznercloud/sfdisk.part b/makefu/1systems/gum/hetznercloud/sfdisk.part deleted file mode 100644 index fb375b15a..000000000 --- a/makefu/1systems/gum/hetznercloud/sfdisk.part +++ /dev/null @@ -1,6 +0,0 @@ -label: gpt -device: /dev/sda -unit: sectors -1 : size=524288 type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 -4 : size=4096 type=21686148-6449-6E6F-744E-656564454649 -2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt deleted file mode 100644 index 0a3ed96ee..000000000 --- a/makefu/1systems/gum/rescue.txt +++ /dev/null @@ -1,15 +0,0 @@ -ssh gum.i -o StrictHostKeyChecking=no - -mount /dev/mapper/nixos-root /mnt -mount /dev/sda2 /mnt/boot - -chroot-prepare /mnt -chroot /mnt /bin/sh - - -journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub) -# ... activating ... - -export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin -/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate -/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix deleted file mode 100644 index 43586ede4..000000000 --- a/makefu/1systems/gum/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - name="gum"; - torrent = true; - clever_kexec = true; - home-manager = true; -} diff --git a/makefu/1systems/hardware/tsp-disk.json b/makefu/1systems/hardware/tsp-disk.json deleted file mode 100644 index 5a4bd26ab..000000000 --- a/makefu/1systems/hardware/tsp-disk.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "type": "devices", - "content": { - "sda": { - "type": "table", - "format": "msdos", - "partitions": [ - { "type": "partition", - "part-type": "primary", - "start": "1M", - "end": "100%", - "bootable": true, - "content": { - "type": "filesystem", - "format": "ext4", - "mountpoint": "/" - } - } - ] - } - } -} - diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix deleted file mode 100644 index 207121236..000000000 --- a/makefu/1systems/iso/config.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import <stockholm/lib>; -{ - imports = [ - #<stockholm/makefu> - <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix> - <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix> - # <stockholm/makefu/2configs/tools/core.nix> - ./justdoit.nix - { - environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" '' - #!/bin/sh - ip addr add 178.254.30.202/255.255.252.0 dev ens3 - ip route add default via 178.254.28.1 - echo nameserver 1.1.1.1 > /etc/resolv.conf - '')]; - kexec.justdoit = { - bootSize = 512; - rootDevice = "/dev/vda"; - bootType = "vfat"; - luksEncrypt = false; - uefi = false; - }; - } - ]; - # boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now - # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos - #krebs.build.host = { cores = 0; }; - isoImage.isoBaseName = lib.mkForce "stockholm"; - #krebs.hidden-ssh.enable = true; - # environment.systemPackages = with pkgs; [ - # aria2 - # ddrescue - # ]; - environment.extraInit = '' - EDITOR=vim - ''; - # iso-specific - services.openssh = { - enable = true; - hostKeys = [ - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - # enable ssh in the iso boot process - systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; - # hack `tee` behavior - nixpkgs.config.packageOverrides = super: { - irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> { - pkgs = pkgs // { - coreutils = pkgs.symlinkJoin { - name = "coreutils-hack"; - paths = [ - pkgs.coreutils - (pkgs.writeDashBin "tee" '' - if test "$1" = /dev/stderr; then - while read -r line; do - echo "$line" - echo "$line" >&2 - done - else - ${super.coreutils}/bin/tee "$@" - fi - '') - ]; - }; - }; - }; - }; -} diff --git a/makefu/1systems/iso/justdoit.nix b/makefu/1systems/iso/justdoit.nix deleted file mode 100644 index 0ce90494b..000000000 --- a/makefu/1systems/iso/justdoit.nix +++ /dev/null @@ -1,120 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - cfg = config.kexec.justdoit; - x = if cfg.nvme then "p" else ""; -in { - options = { - kexec.justdoit = { - rootDevice = mkOption { - type = types.str; - default = "/dev/sda"; - description = "the root block device that justdoit will nuke from orbit and force nixos onto"; - }; - bootSize = mkOption { - type = types.int; - default = 256; - description = "size of /boot in mb"; - }; - bootType = mkOption { - type = types.enum [ "ext4" "vfat" "zfs" ]; - default = "ext4"; - }; - swapSize = mkOption { - type = types.int; - default = 1024; - description = "size of swap in mb"; - }; - poolName = mkOption { - type = types.str; - default = "tank"; - description = "zfs pool name"; - }; - luksEncrypt = mkOption { - type = types.bool; - default = false; - description = "encrypt all of zfs and swap"; - }; - uefi = mkOption { - type = types.bool; - default = false; - description = "create a uefi install"; - }; - nvme = mkOption { - type = types.bool; - default = false; - description = "rootDevice is nvme"; - }; - }; - }; - config = let - mkBootTable = { - ext4 = "mkfs.ext4 $NIXOS_BOOT -L NIXOS_BOOT"; - vfat = "mkfs.vfat $NIXOS_BOOT -n NIXOS_BOOT"; - zfs = ""; - }; - in lib.mkIf true { - system.build.justdoit = pkgs.writeScriptBin "justdoit" '' - #!${pkgs.stdenv.shell} - set -e - vgchange -a n - wipefs -a ${cfg.rootDevice} - dd if=/dev/zero of=${cfg.rootDevice} bs=512 count=10000 - sfdisk ${cfg.rootDevice} <<EOF - label: gpt - device: ${cfg.rootDevice} - unit: sectors - ${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"} - ${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"} - 2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 - EOF - ${if cfg.luksEncrypt then '' - cryptsetup luksFormat ${cfg.rootDevice}${x}2 - cryptsetup open --type luks ${cfg.rootDevice}${x}2 root - export ROOT_DEVICE=/dev/mapper/root - '' else '' - export ROOT_DEVICE=${cfg.rootDevice}${x}2 - ''} - ${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"} - mkdir -p /mnt - ${mkBootTable.${cfg.bootType}} - zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE - zfs create -o mountpoint=legacy ${cfg.poolName}/root - zfs create -o mountpoint=legacy ${cfg.poolName}/home - zfs create -o mountpoint=legacy ${cfg.poolName}/nix - mount -t zfs ${cfg.poolName}/root /mnt/ - mkdir /mnt/{home,nix,boot} - mount -t zfs ${cfg.poolName}/home /mnt/home/ - mount -t zfs ${cfg.poolName}/nix /mnt/nix/ - ${lib.optionalString (cfg.bootType != "zfs") "mount $NIXOS_BOOT /mnt/boot/"} - nixos-generate-config --root /mnt/ - hostId=$(echo $(head -c4 /dev/urandom | od -A none -t x4)) - cp ${./target-config.nix} /mnt/etc/nixos/configuration.nix - cat > /mnt/etc/nixos/generated.nix <<EOF - { ... }: - { - ${if cfg.uefi then '' - boot.loader.grub.efiInstallAsRemovable = true; - boot.loader.grub.efiSupport = true; - boot.loader.grub.device = "nodev"; - '' else '' - boot.loader.grub.device = "${cfg.rootDevice}"; - ''} - networking.hostId = "$hostId"; # required for zfs use - ${lib.optionalString cfg.luksEncrypt '' - boot.initrd.luks.devices = [ - { name = "root"; device = "${cfg.rootDevice}${x}2"; preLVM = true; } - ]; - ''} - } - EOF - nixos-install - umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt - zpool export ${cfg.poolName} - ''; - environment.systemPackages = [ config.system.build.justdoit ]; - boot.supportedFilesystems = [ "zfs" ]; - users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ]; - }; -} diff --git a/makefu/1systems/iso/source.nix b/makefu/1systems/iso/source.nix deleted file mode 100644 index 6bef8ada9..000000000 --- a/makefu/1systems/iso/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="iso"; -} diff --git a/makefu/1systems/iso/target-config.nix b/makefu/1systems/iso/target-config.nix deleted file mode 100644 index 59d2960bc..000000000 --- a/makefu/1systems/iso/target-config.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ pkgs, lib, ... }: - -{ - imports = [ ./hardware-configuration.nix ./generated.nix ]; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues - #boot.zfs.forceImportRoot = false; - #boot.zfs.forceImportAll = false; - boot.kernelParams = [ - "boot.shell_on_fail" - "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues - ]; - users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ]; - boot.tmpOnTmpfs = true; - programs.bash.enableCompletion = true; - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" '' - #!/bin/sh - ip addr add 178.254.30.202/255.255.252.0 dev ens3 - ip route add default via 178.254.28.1 - echo nameserver 1.1.1.1 > /etc/resolv.conf - '')]; - - # minimal - boot.supportedFilesystems = [ "zfs" ]; - programs.command-not-found.enable = false; - time.timeZone = "Europe/Berlin"; - programs.ssh.startAgent = false; - nix.useSandbox = true; - users.mutableUsers = false; - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; - services.openssh.enable = true; - i18n = { - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; - boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2"; - "net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2"; - }; -} diff --git a/makefu/1systems/kexec/config.nix b/makefu/1systems/kexec/config.nix deleted file mode 100644 index 5bf19f978..000000000 --- a/makefu/1systems/kexec/config.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import <stockholm/lib>; -{ - imports = [ - <stockholm/makefu> - # <stockholm/makefu/2configs/tools/core.nix> - <nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix> - <clever_kexec/kexec/kexec.nix> - ]; - # cd ~/stockholm ; nix-build '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -j 4 -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso - - krebs.build.host = config.krebs.hosts.iso; - krebs.hidden-ssh.enable = true; - environment.extraInit = '' - EDITOR=vim - ''; - services.openssh = { - enable = true; - hostKeys = [ - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; -} diff --git a/makefu/1systems/kexec/source.nix b/makefu/1systems/kexec/source.nix deleted file mode 100644 index 6bef8ada9..000000000 --- a/makefu/1systems/kexec/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="iso"; -} diff --git a/makefu/1systems/latte/1blu/default.nix b/makefu/1systems/latte/1blu/default.nix deleted file mode 100644 index 50cd9204d..000000000 --- a/makefu/1systems/latte/1blu/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - - imports = - [ ./network.nix - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - # Disk - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "tank/root"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { device = "tank/home"; - fsType = "zfs"; - }; - - fileSystems."/nix" = - { device = "tank/nix"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/AEF3-A486"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - boot.loader.grub.device = "/dev/vda"; - - networking.hostId = "3150697c"; # required for zfs use - boot.tmpOnTmpfs = true; - boot.supportedFilesystems = [ "zfs" ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.copyKernels = true; - boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues - boot.kernelParams = [ - "boot.shell_on_fail" - "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues - ]; -} diff --git a/makefu/1systems/latte/1blu/network.nix b/makefu/1systems/latte/1blu/network.nix deleted file mode 100644 index 0a0eac972..000000000 --- a/makefu/1systems/latte/1blu/network.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -let - external-mac = "c4:37:72:55:4e:1c"; - external-gw = "178.254.28.1"; - external-ip = "178.254.30.202"; - external-ip6 = "2a00:6800:3:18c::2"; - external-gw6 = "2a00:6800:3::1"; - external-netmask = 22; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly -in -{ - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - networking = { - interfaces."${ext-if}" = { - ipv4.addresses = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - ipv6.addresses = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - defaultGateway6 = { address = external-gw6; interface = ext-if; }; - defaultGateway = external-gw; - nameservers = [ "1.1.1.1" ]; - }; -} diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix deleted file mode 100644 index 9a242a41b..000000000 --- a/makefu/1systems/latte/config.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, pkgs, ... }: -let - - # external-ip = config.krebs.build.host.nets.internet.ip4.addr; - # internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - # default-gw = "185.215.224.1"; - # prefixLength = 24; - # external-mac = "46:5b:fc:f4:44:c9"; - # ext-if = "et0"; -in { - - imports = [ - ./1blu - <stockholm/makefu> - - # common - <stockholm/makefu/2configs/nur.nix> - <stockholm/makefu/2configs/home-manager> - <stockholm/makefu/2configs/home-manager/cli.nix> - - # Security - <stockholm/makefu/2configs/sshd-totp.nix> - - # Tools - <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/zsh-user.nix> - - # NixOS Build - <stockholm/makefu/2configs/remote-build/slave.nix> - - # Storage - <stockholm/makefu/2configs/share> - # <stockholm/makefu/2configs/share/hetzner-client.nix> - - - # torrent is managed by gum - # <stockholm/makefu/2configs/torrent/rtorrent.nix> - - ## Web - - # local usage: - <stockholm/makefu/2configs/mosh.nix> - - - # Supervision - <stockholm/makefu/2configs/nix-community/supervision.nix> - - # Krebs - <stockholm/makefu/2configs/tinc/retiolum.nix> - - # backup - <stockholm/makefu/2configs/backup/state.nix> - - # migrated: - # <stockholm/makefu/2configs/bitlbee.nix> - - - ]; - krebs = { - enable = true; - build.host = config.krebs.hosts.latte; - }; - - makefu.dl-dir = "/media/cloud/download"; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - -} diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix deleted file mode 100644 index 41abecf36..000000000 --- a/makefu/1systems/latte/source.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - name = "latte"; - torrent = true; - home-manager = true; -} diff --git a/makefu/1systems/minicake/config.nix b/makefu/1systems/minicake/config.nix deleted file mode 100644 index fe66679ad..000000000 --- a/makefu/1systems/minicake/config.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config,nixpkgsPath, pkgs, lib, ... }: -{ - krebs = { - enable = true; - - dns.providers.lan = "hosts"; - build.user = config.krebs.users.makefu; - }; - imports = [ - (nixpkgsPath + "/nixos/modules/profiles/minimal.nix") - (nixpkgsPath + "/nixos/modules/profiles/installation-device.nix") - ]; - - # cifs-utils fails to cross-compile - # Let's simplify this by removing all unneeded filesystems from the image. - boot.supportedFilesystems = lib.mkForce [ "vfat" ]; - - boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - - - users.users = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - }; - services.openssh.enable = true; -} diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix deleted file mode 100644 index 224e170dd..000000000 --- a/makefu/1systems/omo/config.nix +++ /dev/null @@ -1,194 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, lib, ... }: -let - primaryInterface = config.makefu.server.primary-itf; -in { - imports = - [ - ./hw/omo.nix - #./hw/tsp.nix - <stockholm/makefu> - <stockholm/makefu/2configs/headless.nix> - <stockholm/makefu/2configs/support-nixos.nix> - <stockholm/makefu/2configs/nur.nix> - # x11 forwarding - { - services.openssh.forwardX11 = true; - users.users.makefu.packages = [ - pkgs.tinymediamanager - ]; - } - { environment.systemPackages = [ pkgs.youtube-dl2kodi pkgs.youtube-dl]; } - - - <stockholm/makefu/2configs/zsh-user.nix> - <stockholm/makefu/2configs/home-manager> - <stockholm/makefu/2configs/home-manager/cli.nix> - <stockholm/makefu/2configs/editor/neovim> - # <stockholm/makefu/2configs/storj/client.nix> - - - <stockholm/makefu/2configs/backup/state.nix> - - { makefu.backup.server.repo = "/media/cryptX/backup/borg"; } - <stockholm/makefu/2configs/backup/server.nix> - <stockholm/makefu/2configs/exim-retiolum.nix> - # <stockholm/makefu/2configs/smart-monitor.nix> - <stockholm/makefu/2configs/mail-client.nix> - <stockholm/makefu/2configs/mosh.nix> - <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/tools/dev.nix> - <stockholm/makefu/2configs/tools/desktop.nix> - <stockholm/makefu/2configs/tools/mobility.nix> - <stockholm/makefu/2configs/tools/consoles.nix> - #<stockholm/makefu/2configs/graphite-standalone.nix> - #<stockholm/makefu/2configs/share-user-sftp.nix> - - <stockholm/makefu/2configs/urlwatch> - # <stockholm/makefu/2configs/legacy_only.nix> - - <stockholm/makefu/2configs/share> - <stockholm/makefu/2configs/share/omo.nix> - <stockholm/makefu/2configs/share/gum-client.nix> - <stockholm/makefu/2configs/sync> - - <stockholm/makefu/2configs/wireguard/wiregrill.nix> - #<stockholm/makefu/2configs/dcpp/airdcpp.nix> - #{ krebs.airdcpp.dcpp.shares = let - # d = path: "/media/cryptX/${path}"; - # in { - # emu.path = d "emu"; - # audiobooks.path = lib.mkForce (d "audiobooks"); - # incoming.path = lib.mkForce (d "torrent"); - # anime.path = d "anime"; - # }; - # krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp"; - #} - { - # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/ - #services.sabnzbd.enable = true; - #systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - } - # <stockholm/makefu/2configs/share/omo-timemachine.nix> - <stockholm/makefu/2configs/tinc/retiolum.nix> - - # statistics - # <stockholm/makefu/2configs/stats/client.nix> - # Logging - #influx + grafana - <stockholm/makefu/2configs/stats/server.nix> - # <stockholm/makefu/2configs/stats/nodisk-client.nix> - # logs to influx - <stockholm/makefu/2configs/stats/external/aralast.nix> - <stockholm/makefu/2configs/stats/telegraf> - # <stockholm/makefu/2configs/stats/telegraf/europastats.nix> - <stockholm/makefu/2configs/stats/telegraf/hamstats.nix> - <stockholm/makefu/2configs/hw/cdrip.nix> - - # services - { - services.nginx.enable = true; - networking.firewall.allowedTCPPorts = [ 80 8123 ]; - } - # <stockholm/makefu/2configs/syncthing.nix> - <stockholm/makefu/2configs/remote-build/slave.nix> - # TODO: - <stockholm/makefu/2configs/virtualisation/docker.nix> - <stockholm/makefu/2configs/bluetooth-mpd.nix> - - <stockholm/makefu/2configs/home/jellyfin.nix> - <stockholm/makefu/2configs/home/music.nix> - <stockholm/makefu/2configs/home/photoprism.nix> - # <stockholm/makefu/2configs/home/tonie.nix> - <stockholm/makefu/2configs/home/ps4srv.nix> - # <stockholm/makefu/2configs/home/metube.nix> - # <stockholm/makefu/2configs/home/ham> - <stockholm/makefu/2configs/home/ham/docker.nix> - <stockholm/makefu/2configs/home/zigbee2mqtt> - { - makefu.ps3netsrv = { - enable = true; - servedir = "/media/cryptX/emu/ps3"; - }; - users.users.makefu.packages = [ pkgs.pkgrename ]; - } - - - { - hardware.pulseaudio.systemWide = true; - makefu.mpd.musicDirectory = "/media/cryptX/music"; - } - - # security - <stockholm/makefu/2configs/sshd-totp.nix> - # <stockholm/makefu/2configs/logging/central-logging-client.nix> - - # <stockholm/makefu/2configs/torrent.nix> - { - #krebs.rtorrent = { - # downloadDir = lib.mkForce "/media/cryptX/torrent"; - # extraConfig = '' - # upload_rate = 500 - # ''; - #}; - } - - # <stockholm/makefu/2configs/elchos/search.nix> - # <stockholm/makefu/2configs/elchos/log.nix> - # <stockholm/makefu/2configs/elchos/irc-token.nix> - - ## as long as pyload is not in nixpkgs: - # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload - - # Temporary: - # <stockholm/makefu/2configs/temp/rst-issue.nix> - <stockholm/makefu/2configs/bgt/social-to-irc.nix> - - ]; - makefu.full-populate = true; - nixpkgs.config.allowUnfree = true; - users.users.share.isNormalUser = true; - users.groups.share = { - gid = (import <stockholm/lib>).genid "share"; - members = [ "makefu" "misa" ]; - }; - networking.firewall.trustedInterfaces = [ primaryInterface "docker0" ]; - - - - users.users.misa = { - uid = 9002; - name = "misa"; - isNormalUser = true; - }; - - zramSwap.enable = true; - - #krebs.Reaktor.reaktor-shack = { - # nickname = "Reaktor|shack"; - # workdir = "/var/lib/Reaktor/shack"; - # channels = [ "#shackspace" ]; - # plugins = with pkgs.ReaktorPlugins; - # [ shack-correct - # # stockholm-issue - # sed-plugin - # random-emoji ]; - #}; - #krebs.Reaktor.reaktor-bgt = { - # nickname = "Reaktor|bgt"; - # workdir = "/var/lib/Reaktor/bgt"; - # channels = [ "#binaergewitter" ]; - # plugins = with pkgs.ReaktorPlugins; - # [ titlebot - # # stockholm-issue - # nixos-version - # shack-correct - # sed-plugin - # random-emoji ]; - #}; - - krebs.build.host = config.krebs.hosts.omo; -} diff --git a/makefu/1systems/omo/hw/omo.nix b/makefu/1systems/omo/hw/omo.nix deleted file mode 100644 index eaedbb779..000000000 --- a/makefu/1systems/omo/hw/omo.nix +++ /dev/null @@ -1,126 +0,0 @@ -{ config, pkgs, lib, ... }: -let - toMapper = id: "/media/crypt${builtins.toString id}"; - byid = dev: "/dev/disk/by-id/" + dev; - keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; - rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; - rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; - primaryInterface = "enp2s0"; - # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 - # cryptsetup luksAddKey $dev tmpkey - # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 - # mkfs.xfs /dev/mapper/crypt0 -L crypt0 - - # omo Chassis: - # __FRONT_ - # |* d0 | - # | | - # |* d1 | - # | | - # |* d3 | - # | | - # |* | - # |* d2 | - # | * | - # | * | - # |_______| - # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; - cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV"; - cryptDisk1 = byid "ata-WDC_WD80EZAZ-11TDBA0_7SJPVLYW"; - cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; - cryptDisk2 = byid "ata-WDC_WD80EZAZ-11TDBA0_7SJPWT5W"; - - # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; - # all physical disks - - # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; - allDisks = [ rootDisk ] ++ dataDisks; -in { - imports = - [ # TODO: unlock home partition via ssh - ./vaapi.nix - <stockholm/makefu/2configs/fs/sda-crypto-root.nix> ]; - - makefu.server.primary-itf = primaryInterface; - system.activationScripts.createCryptFolders = '' - ${lib.concatMapStringsSep "\n" - (d: "install -m 755 -d " + (toMapper d) ) - [ 0 1 2 "X" ]} - ''; - - makefu.snapraid = { - enable = true; - disks = map toMapper [ 0 1 3 ]; - parity = toMapper 2; # find -name PARITY_PARTITION - extraConfig = '' - exclude /lib/storj/ - exclude /.bitcoin/blocks/ - ''; - }; - fileSystems = let - cryptMount = name: - { "/media/${name}" = { - device = "/dev/mapper/${name}"; fsType = "xfs"; - options = [ "nofail" ]; - };}; - in cryptMount "crypt0" - // cryptMount "crypt1" - // cryptMount "crypt2" - // cryptMount "crypt3" - // { "/media/cryptX" = { - device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]); - fsType = "mergerfs"; - noCheck = true; - options = [ "defaults" "allow_other" "nofail" "nonempty" ]; - }; - }; - - powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' - ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} - ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} - ${pkgs.hdparm}/sbin/hdparm -y ${disk} - '') allDisks); - - # crypto unlocking - boot = { - initrd.luks = { - devices = let - usbkey = device: { - inherit device keyFile; - keyFileSize = 4096; - allowDiscards = true; - }; - in - { - luksroot = usbkey rootPartition; - crypt0 = usbkey cryptDisk0; - crypt1 = usbkey cryptDisk1; - crypt2 = usbkey cryptDisk2; - crypt3 = usbkey cryptDisk3; - }; - }; - loader.grub.device = lib.mkForce rootDisk; - - initrd.availableKernelModules = [ - "ahci" - "ohci_pci" - "ehci_pci" - "pata_atiixp" - "firewire_ohci" - "usb_storage" - "usbhid" - "raid456" - "megaraid_sas" - ]; - - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; - environment.systemPackages = with pkgs;[ - mergerfs # hard requirement for mount - ]; - hardware.enableRedistributableFirmware = true; - hardware.cpu.intel.updateMicrocode = true; -} - diff --git a/makefu/1systems/omo/hw/tsp-tools.nix b/makefu/1systems/omo/hw/tsp-tools.nix deleted file mode 100644 index 6579edd9d..000000000 --- a/makefu/1systems/omo/hw/tsp-tools.nix +++ /dev/null @@ -1,11 +0,0 @@ -let - disko = import (builtins.fetchGit { - url = https://cgit.lassul.us/disko/; - rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe"; - }); - - cfg = builtins.fromJSON (builtins.readFile ../../hardware/tsp-disk.json); -in '' -${disko.create cfg} -${disko.mount cfg} -'' diff --git a/makefu/1systems/omo/hw/tsp.nix b/makefu/1systems/omo/hw/tsp.nix deleted file mode 100644 index a289fadce..000000000 --- a/makefu/1systems/omo/hw/tsp.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ pkgs, ... }: -with builtins; -let - disko = import (builtins.fetchGit { - url = https://cgit.lassul.us/disko/; - rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe"; - }); - cfg = fromJSON (readFile ../../hardware/tsp-disk.json); - # primaryInterface = "enp1s0"; - primaryInterface = "wlp2s0"; - rootDisk = "/dev/sda"; # TODO same as disko uses -in { - imports = [ - (disko.config cfg) - ]; - makefu.server.primary-itf = primaryInterface; - boot = { - loader.grub.device = rootDisk; - - initrd.availableKernelModules = [ - "ahci" - "ohci_pci" - "ehci_pci" - "pata_atiixp" - "firewire_ohci" - "usb_storage" - "usbhid" - ]; - - kernelModules = [ "kvm-intel" ]; - }; - networking.wireless.enable = true; - hardware.enableRedistributableFirmware = true; - hardware.cpu.intel.updateMicrocode = true; - services.logind.lidSwitch = "ignore"; - services.logind.lidSwitchDocked = "ignore"; - services.logind.extraConfig = '' - HandleSuspendKey = ignore - ''; - powerManagement.enable = false; -} diff --git a/makefu/1systems/omo/hw/vaapi.nix b/makefu/1systems/omo/hw/vaapi.nix deleted file mode 100644 index 8250d4110..000000000 --- a/makefu/1systems/omo/hw/vaapi.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: -{ - nixpkgs.config.packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; - }; - hardware.opengl = { - enable = true; - extraPackages = with pkgs; [ - intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - vaapiVdpau - libvdpau-va-gl - ]; - }; - hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ vaapiIntel ]; - environment.systemPackages = [ pkgs.libva-utils ]; -} diff --git a/makefu/1systems/omo/source.nix b/makefu/1systems/omo/source.nix deleted file mode 100644 index b56e855fc..000000000 --- a/makefu/1systems/omo/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - name="omo"; - torrent = true; - unstable = true; - home-manager = true; -} diff --git a/makefu/1systems/pnp/config.nix b/makefu/1systems/pnp/config.nix deleted file mode 100644 index 6c9fc0606..000000000 --- a/makefu/1systems/pnp/config.nix +++ /dev/null @@ -1,50 +0,0 @@ -# Usage: -# NIX_PATH=secrets=/home/makefu/secrets/wry:nixpkgs=/var/src/nixpkgs nix-build -A users.makefu.pnp.config.system.build.vm -# result/bin/run-pnp-vm -virtfs local,path=/home/makefu/secrets/pnp,security_model=none,mount_tag=secrets -{ config, pkgs, ... }: - -{ - imports = - [ - <stockholm/makefu> - <stockholm/makefu/2configs/headless.nix> - - # these will be overwritten by qemu-vm.nix but will be used if the system - # is directly deployed - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - <stockholm/makefu/2configs/fs/vm-single-partition.nix> - - <stockholm/makefu/2configs/tinc/retiolum.nix> - - # config.system.build.vm - (toString <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>) - ]; - - virtualisation.graphics = false; - # also export secrets, see Usage above - fileSystems = pkgs.lib.mkVMOverride { - "${builtins.toString <secrets>}" = - { device = "secrets"; - fsType = "9p"; - options = [ "trans=virtio" "version=9p2000.L" "cache=loose" ]; - neededForBoot = true; - }; - }; - - krebs.Reaktor.debug = { - debug = true; - extraEnviron = { - # TODO: remove hard-coded server - REAKTOR_HOST = "irc.r"; - }; - plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ]; - channels = [ "#xxx" ]; - }; - - krebs.build.host = config.krebs.hosts.pnp; - - networking.firewall.allowedTCPPorts = [ - 25 - ]; - -} diff --git a/makefu/1systems/pnp/source.nix b/makefu/1systems/pnp/source.nix deleted file mode 100644 index 02f7d0ab6..000000000 --- a/makefu/1systems/pnp/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="pnp"; -} diff --git a/makefu/1systems/repunit/config.nix b/makefu/1systems/repunit/config.nix deleted file mode 100644 index 5589cc0a2..000000000 --- a/makefu/1systems/repunit/config.nix +++ /dev/null @@ -1,40 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - <stockholm/makefu> - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - <stockholm/makefu/2configs/git/cgit-retiolum.nix> - <stockholm/makefu/2configs/tinc/retiolum.nix> - ]; - krebs.build.host = config.krebs.hosts.repunit; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - hardware.enableRedistributableFirmware = true; - hardware.cpu.amd.updateMicrocode = true; - -# networking.firewall is enabled by default - networking.firewall.allowedTCPPorts = [ 80 ]; - networking.firewall.allowPing = true; - - fileSystems."/" = - { device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - -# $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; [ - jq - ]; -} diff --git a/makefu/1systems/repunit/source.nix b/makefu/1systems/repunit/source.nix deleted file mode 100644 index 20d3cd1cb..000000000 --- a/makefu/1systems/repunit/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="repunit"; -} diff --git a/makefu/1systems/sdcard/config.nix b/makefu/1systems/sdcard/config.nix deleted file mode 100644 index 4e3c22a30..000000000 --- a/makefu/1systems/sdcard/config.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, pkgs, lib, ... }: -let - kernel = pkgs.callPackage ./kernel.nix { - kernelPatches = with pkgs.kernelPatches; [ - # kernelPatches.bridge_stp_helper - # kernelPatches.modinst_arg_list_too_long - ]; - }; -in -{ - imports = [ - <nixpkgs/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix> - # <stockholm/makefu/2configs/minimal.nix> - ]; - # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now - # cd ~/stockholm ; nix build config.system.build.sdImage -I nixos-config=makefu/1systems/sdcard/config.nix -f /home/makefu/nixpkgs/nixos - - boot.kernelParams = ["console=ttyS2,1500000" "earlycon=uart8250,mmio32,0xff1a0000"]; - # boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelPackages = pkgs.linuxPackagesFor kernel; - boot.supportedFilesystems = lib.mkForce [ "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; - - # krebs.hidden-ssh.enable = true; - environment.systemPackages = with pkgs; [ - aria2 - ddrescue - ]; - environment.extraInit = '' - EDITOR=vim - ''; - # iso-specific - services.openssh = { - enable = true; - hostKeys = [ - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - # enable ssh in the iso boot process - systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; -} diff --git a/makefu/1systems/sdcard/kernel.nix b/makefu/1systems/sdcard/kernel.nix deleted file mode 100644 index df5e7ada9..000000000 --- a/makefu/1systems/sdcard/kernel.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ fetchFromGitLab, buildLinux, ... } @ args: -buildLinux (args // rec { - version = "4.4.55"; - modDirVersion = "4.4.55"; - extraMeta.branch = "4.4"; - defconfig = "firefly_linux_defconfig"; - - src = fetchFromGitLab { - owner = "TeeFirefly"; - repo = "linux-kernel"; - rev = "firefly_0821_release"; - sha256 = "1fwj9cm5ysz286znrr3fyrhfn903m84i7py4rv3y3h9avxb3zl1r"; - }; - extraMeta.platforms = [ "aarch64-linux" ]; -} // (args.argsOverride or {})) diff --git a/makefu/1systems/sdcard/source.nix b/makefu/1systems/sdcard/source.nix deleted file mode 100644 index 6bef8ada9..000000000 --- a/makefu/1systems/sdcard/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="iso"; -} diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix deleted file mode 100644 index d02c30342..000000000 --- a/makefu/1systems/sdev/config.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ lib, config, pkgs, ... }: -{ - krebs.build.host = config.krebs.hosts.sdev; - makefu.awesome.modkey = "Mod1"; - imports = - [ # Include the results of the hardware scan. - <stockholm/makefu> - <stockholm/makefu/2configs/home-manager> - - # <stockholm/makefu/2configs/hw/vbox-guest.nix> # broken since 2019-04-18 - { # until virtualbox-image is fixed - imports = [ - <stockholm/makefu/2configs/fs/single-partition-ext4.nix> - ]; - boot.loader.grub.device = lib.mkForce "/dev/sda"; - } - <stockholm/makefu/2configs/main-laptop.nix> - # <secrets/extra-hosts.nix> - - # environment - <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/virtualisation/docker.nix> - - ]; - # allow sdev to deploy self - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; - }; - }; - # corefonts - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs;[ - ppp xclip - get - passwdqc-utils - gnupg - populate - # 20.09: torbrowser is broken - #(pkgs.writeScriptBin "tor-browser" '' - # #! /bin/sh - # TOR_SKIP_LAUNCH=1 ${torbrowser}/bin/tor-browser - #'') - ]; - - networking.firewall.allowedTCPPorts = [ - 25 - 80 - 8010 - ]; - - -} diff --git a/makefu/1systems/sdev/source.nix b/makefu/1systems/sdev/source.nix deleted file mode 100644 index d6c3d2031..000000000 --- a/makefu/1systems/sdev/source.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - name="sdev"; - home-manager = true; - hw = true; - mic92 = true; - unstable = true; -} diff --git a/makefu/1systems/shack-autoinstall/config.nix b/makefu/1systems/shack-autoinstall/config.nix deleted file mode 100644 index d53c411c0..000000000 --- a/makefu/1systems/shack-autoinstall/config.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import <stockholm/lib>; -let - disk = "/dev/sda"; -in { - imports = [ - <stockholm/makefu> - <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix> - <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix> - <stockholm/makefu/2configs/tools/core.nix> - ]; - # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now - # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos - krebs.build.host = config.krebs.hosts.iso; - krebs.hidden-ssh.enable = true; - - environment.extraInit = '' - EDITOR=vim - ''; - # iso-specific - boot.kernelParams = [ "copytoram" ]; - - - environment.systemPackages = [ - pkgs.parted - ( pkgs.writeScriptBin "shack-install" '' - #! /bin/sh - echo "go ahead and try NIX_PATH=/root/.nix-defexpr/channels/ nixos-install" - '') - ]; - - systemd.services.wpa_supplicant.wantedBy = lib.mkForce [ "multi-user.target" ]; - - networking.wireless = { - enable = true; - networks.shack.psk = "welcome2shack"; - }; - - - services.openssh = { - enable = true; - hostKeys = [ - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - # enable ssh in the iso boot process - systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; -} diff --git a/makefu/1systems/shack-autoinstall/grub-partition.sh b/makefu/1systems/shack-autoinstall/grub-partition.sh deleted file mode 100644 index c23c89799..000000000 --- a/makefu/1systems/shack-autoinstall/grub-partition.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -set -euf -parted -s ${disk} mklabel msdos -parted -s ${disk} -- mkpart primary linux-swap 1M 4096M -parted -s ${disk} -- mkpart primary ext2 4096M 100% diff --git a/makefu/1systems/shack-autoinstall/shack-config.nix b/makefu/1systems/shack-autoinstall/shack-config.nix deleted file mode 100644 index 9fa54ae32..000000000 --- a/makefu/1systems/shack-autoinstall/shack-config.nix +++ /dev/null @@ -1,231 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - imports = [ - ./hardware-configuration.nix - # TODO: - ]; - - # shacks-specific - networking.wireless = { - enable = true; - networks.shack.psk = "181471eb97eb23f12c6871227bc4a7b13c8f6af56dcc0d0e8b71f4d7a510cb4e"; - }; - networking.hostName = "shackbook"; - - boot.tmpOnTmpfs = true; - - users.users.shack = { - createHome = true; - useDefaultShell = true; - home = "/home/shack"; - uid = 9001; - packages = with pkgs;[ - chromium - firefox - ]; - extraGroups = [ "audio" "wheel" ]; - hashedPassword = "$6$KIxlQTLEnKl7cwC$LrmbwZ64Mlm7zqUUZ0EObPJMES3C0mQ6Sw7ynTuXzUo7d9EWg/k5XCGkDHMFvL/Pz19Awcv0knHB1j3dHT6fh/" ; - }; - - environment.variables = let - ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - in { - EDITOR = lib.mkForce "vim"; - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - - services.printing = { - enable = true; - # TODO: shack-printer - }; - - - environment.systemPackages = with pkgs;[ - parted - ddrescue - tmux - jq git gnumake htop rxvt_unicode.terminfo - (pkgs.vim_configurable.customize { - name = "vim"; - vimrcConfig.customRC = '' - set nocompatible - syntax on - set list - set listchars=tab:▸\ - "set list listchars=tab:>-,trail:.,extends:> - - filetype off - filetype plugin indent on - - colorscheme darkblue - set background=dark - - set number - set relativenumber - set mouse=a - set ignorecase - set incsearch - set wildignore=*.o,*.obj,*.bak,*.exe,*.os - set textwidth=79 - set shiftwidth=2 - set expandtab - set softtabstop=2 - set shiftround - set smarttab - set tabstop=2 - set et - set autoindent - set backspace=indent,eol,start - - - inoremap <F1> <ESC> - nnoremap <F1> <ESC> - vnoremap <F1> <ESC> - - nnoremap <F5> :UndotreeToggle<CR> - set undodir =~/.vim/undo - set undofile - "maximum number of changes that can be undone - set undolevels=1000000 - "maximum number lines to save for undo on a buffer reload - set undoreload=10000000 - - nnoremap <F2> :set invpaste paste?<CR> - set pastetoggle=<F2> - set showmode - - set showmatch - set matchtime=3 - set hlsearch - - autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red - - - " save on focus lost - au FocusLost * :wa - - autocmd BufRead *.json set filetype=json - au BufNewFile,BufRead *.mustache set syntax=mustache - - cnoremap SudoWrite w !sudo tee > /dev/null % - - " create Backup/tmp/undo dirs - set backupdir=~/.vim/backup - set directory=~/.vim/tmp - - function! InitBackupDir() - let l:parent = $HOME . '/.vim/' - let l:backup = l:parent . 'backup/' - let l:tmpdir = l:parent . 'tmp/' - let l:undodir= l:parent . 'undo/' - - - if !isdirectory(l:parent) - call mkdir(l:parent) - endif - if !isdirectory(l:backup) - call mkdir(l:backup) - endif - if !isdirectory(l:tmpdir) - call mkdir(l:tmpdir) - endif - if !isdirectory(l:undodir) - call mkdir(l:undodir) - endif - endfunction - call InitBackupDir() - - augroup Binary - " edit binaries in xxd-output, xxd is part of vim - au! - au BufReadPre *.bin let &bin=1 - au BufReadPost *.bin if &bin | %!xxd - au BufReadPost *.bin set ft=xxd | endif - au BufWritePre *.bin if &bin | %!xxd -r - au BufWritePre *.bin endif - au BufWritePost *.bin if &bin | %!xxd - au BufWritePost *.bin set nomod | endif - augroup END - ''; - vimrcConfig.vam.knownPlugins = pkgs.vimPlugins; - vimrcConfig.vam.pluginDictionaries = [ - { names = [ "undotree" ]; } - # vim-nix handles indentation better but does not perform sanity - { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } - ]; - }) - - ]; - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - PS1='\[\e[1;32m\]\w\[\e[0m\] ' - ''; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - nix = { - package = pkgs.nixUnstable; - optimise.automatic = true; - useSandbox = true; - gc.automatic = true; - }; - - system.autoUpgrade.enable = true; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - - - # gui and stuff - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; - - fonts = { - enableFontDir = true; - enableGhostscriptFonts = true; - fonts = [ pkgs.terminus_font ]; - }; - - time.timeZone = "Europe/Berlin"; - services.timesyncd.enable = true; - - - # GUI - hardware.pulseaudio.enable = true; - services.xserver = { - enable = true; - displayManager.auto.enable = true; - displayManager.auto.user = "shack"; - - desktopManager.xfce.enable = true; - - layout = "us"; - xkbVariant = "altgr-intl"; - xkbOptions = "ctrl:nocaps, eurosign:e"; - }; - - services.openssh = { - enable = true; - hostKeys = [ - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; -} diff --git a/makefu/1systems/shack-autoinstall/source.nix b/makefu/1systems/shack-autoinstall/source.nix deleted file mode 100644 index 6bef8ada9..000000000 --- a/makefu/1systems/shack-autoinstall/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="iso"; -} diff --git a/makefu/1systems/shack-autoinstall/uefi-partition.sh b/makefu/1systems/shack-autoinstall/uefi-partition.sh deleted file mode 100644 index 4566b7dce..000000000 --- a/makefu/1systems/shack-autoinstall/uefi-partition.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -set -euf -p(){ - parted -s ${disk} -- $@ -} -p mklabel gpt -p mkpart primary fat32 1M 551M -p set 1 boot on -p mkpart primary linux-swap 51M 4647M -p mkpart primary ext2 4647M 100% -udevadm settle -mkfs.fat -nboot -F32 /dev/sda1 - -udevadm settle -mkswap ${disk}2 -L swap -swapon -L swap -mkfs.ext4 -L nixos ${disk}3 -mount LABEL=nixos /mnt -mkdir /mnt/boot -mount LABEL=boot /mnt/boot - -mkdir -p /mnt/etc/nixos -cp ${./shack-config.nix} /mnt/etc/nixos/configuration.nix -nixos-generate-config --root /mnt diff --git a/makefu/1systems/shoney/config.nix b/makefu/1systems/shoney/config.nix deleted file mode 100644 index 27d389b85..000000000 --- a/makefu/1systems/shoney/config.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ config, pkgs, ... }: -let - tinc-siem-ip = "10.8.10.1"; - - ip = "64.137.234.215"; - alt-ip = "64.137.234.210"; # honeydrive honeyd - extra-ip1 = "64.137.234.114"; # floating tinc.siem - extra-ip2 = "64.137.234.232"; # honeydrive - gw = "64.137.234.1"; -in { - imports = [ - <stockholm/makefu> - <stockholm/makefu/2configs/save-diskspace.nix> - <stockholm/makefu/2configs/hw/CAC.nix> - <stockholm/makefu/2configs/fs/CAC-CentOS-7-64bit.nix> - <stockholm/makefu/2configs/tinc/retiolum.nix> - ]; - - - krebs = { - enable = true; - build.host = config.krebs.hosts.shoney; - tinc_graphs = { - enable = true; - network = "siem"; - hostsPath = "/etc/tinc/siem/hosts"; - nginx = { - enable = true; - # TODO: remove hard-coded hostname - anonymous-domain = "localhost.localdomain"; - anonymous.extraConfig = "return 403;"; - complete = { - serverAliases = [ "graph.siem" ]; - extraConfig = '' - if ( $server_addr = "${ip}" ) { - return 403; - } - ''; - }; - }; - }; - }; - makefu.forward-journal = { - enable = true; - src = "10.8.10.1"; - dst = "10.8.10.6"; - }; - networking = { - interfaces.enp2s1.ipv4.addresses = [ - { address = ip; prefixLength = 24; } - # { address = alt-ip; prefixLength = 24; } - ]; - - defaultGateway = gw; - nameservers = [ "8.8.8.8" ]; - firewall = { - trustedInterfaces = [ "tinc.siem" ]; - allowedUDPPorts = [ 655 1655 ]; - allowedTCPPorts = [ 655 1655 ]; - }; - }; -} diff --git a/makefu/1systems/shoney/source.nix b/makefu/1systems/shoney/source.nix deleted file mode 100644 index 3616716f9..000000000 --- a/makefu/1systems/shoney/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="shoney"; -} diff --git a/makefu/1systems/snake/config.nix b/makefu/1systems/snake/config.nix deleted file mode 100644 index 69e347d71..000000000 --- a/makefu/1systems/snake/config.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, lib, pkgs, ... }: -let - primaryInterface = "eth0"; -in { - imports = [ - <stockholm/makefu> - ./hardware-config.nix - <stockholm/makefu/2configs/home-manager> - <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/binary-cache/nixos.nix> - - <stockholm/makefu/2configs/home/rhasspy> - # <stockholm/makefu/2configs/hw/pseyecam.nix> - ]; - krebs = { - enable = true; - tinc.retiolum.enable = true; - build.host = config.krebs.hosts.snake; - }; - # ensure disk usage is limited - services.journald.extraConfig = "Storage=volatile"; - networking.firewall.trustedInterfaces = [ primaryInterface ]; - documentation.info.enable = false; - documentation.man.enable = false; - documentation.nixos.enable = false; -} diff --git a/makefu/1systems/snake/disk.nix b/makefu/1systems/snake/disk.nix deleted file mode 100644 index f9e14844f..000000000 --- a/makefu/1systems/snake/disk.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ disks ? [ "/dev/sda" ], ... }: { - disk = { - x = { - type = "disk"; - device = "/dev/sda"; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "boot"; - type = "partition"; - start = "0"; - end = "1M"; - part-type = "primary"; - flags = ["bios_grub"]; - } - { - type = "partition"; - name = "ESP"; - start = "1M"; - end = "512MiB"; - fs-type = "fat32"; - bootable = true; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - } - { - type = "partition"; - name = "zfs"; - start = "512MiB"; - end = "100%"; - content = { - type = "zfs"; - pool = "zroot"; - }; - } - ]; - }; - }; - }; - zpool = { - zroot = { - type = "zpool"; - rootFsOptions.compression = "lz4"; - mountpoint = "/"; - - datasets = { - home = { - zfs_type = "filesystem"; - mountpoint = "/home"; - options.mountpoint = "legacy"; - }; - reserved = { - zfs_type = "filesystem"; - options.refreservation = "1G"; - }; - }; - }; - }; -} diff --git a/makefu/1systems/snake/hardware-config.nix b/makefu/1systems/snake/hardware-config.nix deleted file mode 100644 index 88124f659..000000000 --- a/makefu/1systems/snake/hardware-config.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, lib, ... }: -{ - imports = [ - <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ./wifi.nix - ./sound.nix - ]; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.device = "/dev/sda"; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; - boot.kernelModules = [ "kvm-amd" ]; - disko.devices = import ./disk.nix; - - hardware.enableRedistributableFirmware = true; - hardware.cpu.amd.updateMicrocode = true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; - - boot.kernelParams = [ "net.ifnames=0" ]; - networking.hostId = "0123AABB"; - -} diff --git a/makefu/1systems/snake/sound.nix b/makefu/1systems/snake/sound.nix deleted file mode 100644 index 452f4b4b1..000000000 --- a/makefu/1systems/snake/sound.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ lib, ... }: { - imports = [ - <stockholm/makefu/2configs/gui/snake-kiosk.nix> - ]; - nixpkgs.config.allowUnfree = true; - networking.networkmanager.enable = lib.mkForce false; - # sound.enable = true; - #hardware.pulseaudio = { - # enable = true; - # systemWide = true; - # tcp = { - # enable = true; - # anonymousClients.allowAll = true; - # }; - #}; - - #users.users.makefu = { - # extraGroups = [ "pipewire" "audio" ]; - #}; - - - #services.xserver = { - # enable = true; - # # desktopManager.xterm.enable = true; - # desktopManager.xfce = { - # enable = true; - # noDesktop = true; - # }; - - # displayManager.autoLogin = { - # enable = true; - # user = "makefu"; - # }; - #}; - hardware.pulseaudio.enable = lib.mkForce false; - security.rtkit.enable = true; - #services.pipewire = { - # enable = true; - # systemWide = true; - # socketActivation = false; - # alsa.enable = true; - # alsa.support32Bit = true; - # pulse.enable = true; - # config.pipewire-pulse = { - # "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; - # }; - - #}; - - -} diff --git a/makefu/1systems/snake/source.nix b/makefu/1systems/snake/source.nix deleted file mode 100644 index 8fc2fff2d..000000000 --- a/makefu/1systems/snake/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - name="cake"; - full = true; - home-manager = true; - hw = true; -} diff --git a/makefu/1systems/snake/wifi.nix b/makefu/1systems/snake/wifi.nix deleted file mode 100644 index 7e1569010..000000000 --- a/makefu/1systems/snake/wifi.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - networking.wireless = { - enable = true; - networks = import <secrets/wifi.nix>; - }; -} diff --git a/makefu/1systems/studio/config.nix b/makefu/1systems/studio/config.nix deleted file mode 100644 index b3d9383c4..000000000 --- a/makefu/1systems/studio/config.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ config, pkgs, ... }: -{ - imports = [ - <stockholm/makefu> - <stockholm/makefu/2configs/vncserver.nix> - <stockholm/makefu/2configs/disable_v6.nix> - <stockholm/makefu/2configs/audio/jack-on-pulse.nix> - <stockholm/makefu/2configs/audio/realtime-audio.nix> - <stockholm/makefu/2configs/gui/studio.nix> - <stockholm/makefu/2configs/binary-cache/lass.nix> - - ]; - makefu.gui.user = "user"; # we use an extra user - krebs = { - enable = true; - tinc.retiolum.enable = true; - build.host = config.krebs.hosts.studio; - }; - networking.firewall.allowedTCPPorts = [ 655 ]; - networking.firewall.allowedUDPPorts = [ 655 ]; - - - environment.systemPackages = with pkgs;[ - # audio foo - ## pulseaudio - pavucontrol - paprefs - pamixer - - # extra alsa tools - alsa-hdspconf - alsa-hdspmixer - alsa-hdsploader - - # recording - darkice - (mumble.override { jackSupport = true; }) - - # browsing - firefox - chromium - ]; - - - nixpkgs.config.allowUnfree = true; - fonts = { - enableCoreFonts = true; - enableFontDir = true; - enableGhostscriptFonts = true; - fonts = [ ]; - }; - # ingos favorite display manager - - - # hardware - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; - - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/0aeda516-230e-4c54-9e27-13515c2f3f21"; - fsType = "ext4"; - }; - - swapDevices = [ { device = "/dev/disk/by-uuid/1914af67-5a8f-41d3-a1c2-211c39605da9"; } ]; - users.users.user = { - isNormalUser = true; - extraGroups = [ "wheel" "audio" ]; - uid = 1000; - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; -} diff --git a/makefu/1systems/studio/source.nix b/makefu/1systems/studio/source.nix deleted file mode 100644 index ff88d3557..000000000 --- a/makefu/1systems/studio/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - name="studio"; - musnix = true; -} diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix deleted file mode 100644 index 9586578d3..000000000 --- a/makefu/1systems/tsp/config.nix +++ /dev/null @@ -1,45 +0,0 @@ -# -# -# -{ config, pkgs, lib, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware.nix - <stockholm/makefu> - <stockholm/makefu/2configs/nur.nix> - <stockholm/makefu/2configs/home-manager> - <stockholm/makefu/2configs/main-laptop.nix> - <stockholm/makefu/2configs/editor/neovim> - <stockholm/makefu/2configs/tools/core.nix> - # <stockholm/makefu/2configs/tools/all.nix> - <stockholm/makefu/2configs/fs/single-partition-ext4.nix> - # hardware specifics are in here - <stockholm/makefu/2configs/hw/bluetooth.nix> - <stockholm/makefu/2configs/hw/network-manager.nix> - - - # <stockholm/makefu/2configs/rad1o.nix> - - <stockholm/makefu/2configs/zsh-user.nix> - <stockholm/makefu/2configs/home-manager> - <stockholm/makefu/2configs/home-manager/desktop.nix> - <stockholm/makefu/2configs/home-manager/cli.nix> - <stockholm/makefu/2configs/tinc/retiolum.nix> - - <stockholm/makefu/2configs/sshd-totp.nix> - { - programs.adb.enable = true; - } - ]; - krebs.build.host = config.krebs.hosts.tsp; - boot.loader.grub.device = "/dev/sda"; - - networking.firewall.allowedTCPPorts = [ - 25 - ]; - - hardware.enableRedistributableFirmware = true; - nixpkgs.config.allowUnfree = true; -} diff --git a/makefu/1systems/tsp/hardware.nix b/makefu/1systems/tsp/hardware.nix deleted file mode 100644 index 2788eae04..000000000 --- a/makefu/1systems/tsp/hardware.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ lib, ... }: -{ - imports = [ - # laptop is an acer aspire, but close enough i'd say - <stockholm/makefu/2configs/hw/tp-x2x0.nix> - ]; - # the laptop only has the touchpad - services.xserver.synaptics.additionalOptions = lib.mkForce ''Option "TouchpadOff" "0"''; -} diff --git a/makefu/1systems/tsp/source.nix b/makefu/1systems/tsp/source.nix deleted file mode 100644 index afb05e296..000000000 --- a/makefu/1systems/tsp/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - name="tsp"; - full = true; - hw = true; - home-manager = true; -} diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix deleted file mode 100644 index 208dd1ff7..000000000 --- a/makefu/1systems/vbob/config.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ lib, config, pkgs, ... }: -{ - krebs.build.host = config.krebs.hosts.vbob; - makefu.awesome.modkey = "Mod1"; - imports = - [ - <stockholm/makefu> - { - imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ]; - boot.loader.grub.device = "/dev/sda"; - } - # <stockholm/makefu/2configs/hw/vbox-guest.nix> - # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> - - # base gui - # <stockholm/makefu/2configs/main-laptop.nix> - # <stockholm/makefu/2configs/tools/core-gui.nix> - - <stockholm/makefu/2configs/zsh-user.nix> - - # security - <stockholm/makefu/2configs/sshd-totp.nix> - - # Tools - <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/tools/dev.nix> - # <stockholm/makefu/2configs/tools/extra-gui.nix> - # <stockholm/makefu/2configs/tools/sec.nix> - - # environment - <stockholm/makefu/2configs/tinc/retiolum.nix> - (let - gum-ip = config.krebs.hosts.gum.nets.internet.ip4.addr; - gateway = "10.0.2.2"; - in { - # make sure the route to gum gets added after the network is online - systemd.services.wireguard-wg0.after = [ "network-online.target" ]; - networking.wireguard.interfaces.wg0 = { - ips = [ "10.244.0.3/24" ]; - privateKeyFile = (toString <secrets>) + "/wireguard.key"; - # explicit route via eth0 to gum - preSetup = ["${pkgs.iproute}/bin/ip route add ${gum-ip} via ${gateway}"]; - peers = [ - { # gum - endpoint = "${gum-ip}:51820"; - allowedIPs = [ "0.0.0.0/0" "10.244.0.0/24" ]; - publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; - persistentKeepalive = 25; - } - ]; - }; - }) - - ]; - networking.extraHosts = import (toString <secrets/extra-hosts.nix>); - - # allow vbob to deploy self - users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; - - environment.shellAliases = { - forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; - }; - - system.activationScripts.prepare-fortclientvpnssl = '' - # TODO: for forticlientsslpn - mkdir -p /usr/{s,}bin - ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd - ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail - ''; - - # for forticlient - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs;[ - fortclientsslvpn ppp xclip - get - logstash - #devpi-web - #devpi-client - ansible - ]; - - - networking.firewall.allowedTCPPorts = [ - 25 - 80 - 8010 - ]; - # required for qemu - systemd.services."serial-getty@ttyS0".enable = true; -} diff --git a/makefu/1systems/vbob/source.nix b/makefu/1systems/vbob/source.nix deleted file mode 100644 index 59744faf5..000000000 --- a/makefu/1systems/vbob/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - name="vbob"; - # musnix = true; -} diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix deleted file mode 100644 index 77f0f0337..000000000 --- a/makefu/1systems/wbob/config.nix +++ /dev/null @@ -1,139 +0,0 @@ -{ config, pkgs, lib, ... }: -let - user = config.makefu.gui.user; - primaryIP = "192.168.8.11"; -in { - - imports = - [ - <stockholm/makefu> - # Include the results of the hardware scan. - ./nuc - - <stockholm/makefu/2configs/home-manager> - <stockholm/makefu/2configs/support-nixos.nix> - <stockholm/makefu/2configs/zsh-user.nix> - <stockholm/makefu/2configs/tools/core.nix> - # <stockholm/makefu/2configs/disable_v6.nix> - <stockholm/makefu/2configs/tools/core-gui.nix> - <stockholm/makefu/2configs/tools/extra-gui.nix> - <stockholm/makefu/2configs/tools/media.nix> - # <stockholm/makefu/2configs/virtualisation/libvirt.nix> - # <stockholm/makefu/2configs/virtualisation/virtualbox.nix> - <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/gui/wbob-kiosk.nix> - { environment.systemPackages = [ pkgs.brother_ql_web pkgs.nano ]; } - - # <stockholm/makefu/2configs/gui/studio-virtual.nix> - # <stockholm/makefu/2configs/audio/jack-on-pulse.nix> - # <stockholm/makefu/2configs/audio/realtime-audio.nix> - # <stockholm/makefu/2configs/vncserver.nix> - ## no need for dns logs anymore - # <stockholm/makefu/2configs/logging/server.nix> - - # Services - # <stockholm/makefu/2configs/hydra/stockholm.nix> - - <stockholm/makefu/2configs/share/wbob.nix> - <stockholm/makefu/2configs/wireguard/thierry.nix> - <stockholm/makefu/2configs/bluetooth-mpd.nix> - - # Sensors - # <stockholm/makefu/2configs/stats/client.nix> - # <stockholm/makefu/2configs/stats/collectd-client.nix> - <stockholm/makefu/2configs/stats/telegraf> - <stockholm/makefu/2configs/stats/telegraf/airsensor.nix> - <stockholm/makefu/2configs/stats/telegraf/europastats.nix> - <stockholm/makefu/2configs/stats/external/aralast.nix> - <stockholm/makefu/2configs/stats/arafetch.nix> - # <stockholm/makefu/2configs/hw/mceusb.nix> - <stockholm/makefu/2configs/hw/slaesh.nix> - # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix> - { environment.systemPackages = [ pkgs.vlc ]; } - - <stockholm/makefu/2configs/bureautomation> # new hass entry point - <stockholm/makefu/2configs/bureautomation/led-fader.nix> - <stockholm/makefu/2configs/bureautomation/printer.nix> - # <stockholm/makefu/2configs/bureautomation/kalauerbot.nix> now runs in thales - # <stockholm/makefu/2configs/bureautomation/visitor-photostore.nix> - # <stockholm/makefu/2configs/bureautomation/mpd.nix> #mpd is only used for TTS, this is the web interface - <stockholm/makefu/2configs/mqtt.nix> - { - services.mjpg-streamer = { - enable = true; - inputPlugin = "input_uvc.so -d /dev/video0 -r 640x480 -y -f 30 -q 50 -n"; - outputPlugin = "output_http.so -w @www@ -n -p 18088"; - }; - } - (let - collectd-port = 25826; - influx-port = 8086; - admin-port = 8083; - grafana-port = 3000; # TODO nginx forward - db = "collectd_db"; - logging-interface = "enp0s25"; - in { - networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ]; - - services.grafana.enable = true; - services.grafana.addr = "0.0.0.0"; - services.influxdb.enable = true; - systemd.services.influxdb.serviceConfig.LimitNOFILE = 8192; - - services.influxdb.extraConfig = { - meta.hostname = config.krebs.build.host.name; - # meta.logging-enabled = true; - http.bind-address = ":${toString influx-port}"; - admin.bind-address = ":${toString admin-port}"; - collectd = [{ - enabled = true; - typesdb = "${pkgs.collectd}/share/collectd/types.db"; - database = db; - bind-address = ":${toString collectd-port}"; - }]; - }; - - networking.firewall.extraCommands = '' - iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT - ''; - }) - - <stockholm/makefu/2configs/backup/state.nix> - # temporary - # <stockholm/makefu/2configs/temp/rst-issue.nix> - { - services.jellyfin.enable = true; - } - ]; - - krebs = { - enable = true; - build.host = config.krebs.hosts.wbob; - }; - - networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ - 655 - 8081 # smokeping - 49152 - ]; - networking.firewall.trustedInterfaces = [ "enp0s25" ]; - #services.tinc.networks.siem = { - # name = "display"; - # extraConfig = '' - # ConnectTo = sjump - # Port = 1655 - # ''; - #}; - #boot.kernelPackages = pkgs.linuxPackages_latest; - # rt2870.bin wifi card, part of linux-unfree - hardware.enableRedistributableFirmware = true; - nixpkgs.config.allowUnfree = true; - # rt2870 with nonfree creates wlp2s0 from wlp0s20u2 - # not explicitly setting the interface results in wpa_supplicant to crash - #networking.interfaces.virbr1.ipv4.addresses = [{ - # address = "10.8.8.11"; - # prefixLength = 24; - #}]; - # nuc hardware -} diff --git a/makefu/1systems/wbob/nuc/default.nix b/makefu/1systems/wbob/nuc/default.nix deleted file mode 100644 index d4993dfd0..000000000 --- a/makefu/1systems/wbob/nuc/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -let - rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115"; - datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F"; -in { - boot.loader.grub.device = rootdisk; - hardware.cpu.intel.updateMicrocode = true; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - - boot.kernelModules = [ - "kvm-intel" "snd-seq" "snd-rawmidi" - ]; - fileSystems = { - "/" = { - device = rootdisk + "-part1"; - fsType = "ext4"; - }; - "/data" = { - device = datadisk + "-part1"; - fsType = "ext4"; - }; - }; - swapDevices = [ { device = "/var/swap"; } ]; -} diff --git a/makefu/1systems/wbob/source.nix b/makefu/1systems/wbob/source.nix deleted file mode 100644 index 36c7b67bb..000000000 --- a/makefu/1systems/wbob/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - name="wbob"; - # musnix = true; - home-manager = true; - unstable = true; -} diff --git a/makefu/1systems/wry/config.nix b/makefu/1systems/wry/config.nix deleted file mode 100644 index b728703ec..000000000 --- a/makefu/1systems/wry/config.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; -in { - imports = [ - <stockholm/makefu> - # TODO: copy this config or move to krebs - <stockholm/makefu/2configs/hw/CAC.nix> - <stockholm/makefu/2configs/fs/CAC-CentOS-7-64bit.nix> - <stockholm/makefu/2configs/save-diskspace.nix> - - # <stockholm/makefu/2configs/bepasty-dual.nix> - - <stockholm/makefu/2configs/iodined.nix> - <stockholm/makefu/2configs/backup.nix> - - # other nginx - # <stockholm/makefu/2configs/nginx/euer.test.nix> - - # collectd - <stockholm/makefu/2configs/stats/client.nix> - <stockholm/makefu/2configs/logging/client.nix> - - <stockholm/makefu/2configs/tinc/retiolum.nix> - # <stockholm/makefu/2configs/torrent.nix> - ]; - - krebs.build.host = config.krebs.hosts.wry; - - # prepare graphs - services.nginx.enable = true; - krebs.retiolum-bootstrap.enable = true; - - networking = { - firewall = { - allowPing = true; - logRefusedConnections = false; - allowedTCPPorts = [ 53 80 443 ]; - allowedUDPPorts = [ 655 53 ]; - }; - interfaces.enp2s1.ipv4.addresses = [{ - address = external-ip; - prefixLength = 24; - }]; - defaultGateway = "104.233.87.1"; - nameservers = [ "8.8.8.8" ]; - }; - - environment.systemPackages = [ pkgs.screen ]; -} diff --git a/makefu/1systems/wry/source.nix b/makefu/1systems/wry/source.nix deleted file mode 100644 index 730300590..000000000 --- a/makefu/1systems/wry/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="wry"; -} diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix deleted file mode 100644 index 784f9148f..000000000 --- a/makefu/1systems/x/config.nix +++ /dev/null @@ -1,265 +0,0 @@ -# -# -# -{ config, pkgs, lib, ... }: -{ - imports = - [ - # hardware-dependent - # device - - - ./x13 - # ./x230 - - # Common Hardware Components - <nix-ld/modules/nix-ld.nix> - # <stockholm/makefu/2configs/hw/mceusb.nix> - # <stockholm/makefu/2configs/hw/rtl8812au.nix> - <stockholm/makefu/2configs/hw/network-manager.nix> - # <stockholm/makefu/2configs/hw/stk1160.nix> - # <stockholm/makefu/2configs/hw/irtoy.nix> - # <stockholm/makefu/2configs/hw/malduino_elite.nix> - <stockholm/makefu/2configs/hw/switch.nix> - # <stockholm/makefu/2configs/hw/rad1o.nix> - <stockholm/makefu/2configs/hw/cc2531.nix> - <stockholm/makefu/2configs/hw/droidcam.nix> - <stockholm/makefu/2configs/hw/smartcard.nix> - <stockholm/makefu/2configs/hw/upower.nix> - #<stockholm/makefu/2configs/hw/ps4-compat.nix> - - # base - <stockholm/makefu> - <stockholm/makefu/2configs/nur.nix> - <stockholm/makefu/2configs/home-manager> - <stockholm/makefu/2configs/home-manager/desktop.nix> - <stockholm/makefu/2configs/home-manager/cli.nix> - <stockholm/makefu/2configs/home-manager/mail.nix> - <stockholm/makefu/2configs/home-manager/taskwarrior.nix> - - <stockholm/makefu/2configs/main-laptop.nix> - <stockholm/makefu/2configs/kdeconnect.nix> - <stockholm/makefu/2configs/extra-fonts.nix> - <stockholm/makefu/2configs/editor/neovim> - <stockholm/makefu/2configs/tools/all.nix> - { programs.adb.enable = true; } - { - services.openssh.hostKeys = [ - { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa";} - ]; - } - #{ - # imports = [ - # <stockholm/makefu/2configs/bureautomation/rhasspy.nix> - # ]; - # services.pipewire.config.pipewire-pulse = { - # "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; - # }; - # networking.firewall.allowedTCPPorts = [ 4713 ]; - - #} - - #{ - # users.users.makefu.packages = with pkgs;[ mpc_cli ncmpcpp ]; - # services.ympd.enable = true; - # services.mpd = { - # enable = true; - # extraConfig = '' - # log_level "default" - # auto_update "yes" - - # audio_output { - # type "httpd" - # name "lassulus radio" - # encoder "vorbis" # optional - # port "8000" - # quality "5.0" # do not define if bitrate is defined - # # bitrate "128" # do not define if quality is defined - # format "44100:16:2" - # always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. - # tags "yes" # httpd supports sending tags to listening streams. - # } - # ''; - # }; - #} - - # { systemd.services.docker.wantedBy = lib.mkForce []; } - # <stockholm/makefu/2configs/dict.nix> - # <stockholm/makefu/2configs/legacy_only.nix> - #<stockholm/makefu/3modules/netboot_server.nix> - #{ - # netboot_server = { - # network.wan = "wlp3s0"; - # network.lan = "enp0s25"; - # }; - #} - - # Restore: - # systemctl cat borgbackup-job-state - # export BORG_PASSCOMMAND BORG_REPO BORG_RSH - # borg list "$BORG_REPO" - # mount newroot somewhere && cd somewhere - # borg extract "$BORG_REPO::x-state-2019-04-17T01:41:51" --progress # < extract to cwd - <stockholm/makefu/2configs/backup/state.nix> - - # <stockholm/makefu/2configs/dnscrypt/client.nix> - <stockholm/makefu/2configs/avahi.nix> - <stockholm/makefu/2configs/support-nixos.nix> - - # Debugging - # <stockholm/makefu/2configs/disable_v6.nix> - # <stockholm/makefu/2configs/pyload.nix> - - # Testing - #{ - # services.nginx = { - # enable = true; - # recommendedProxySettings = true; - # virtualHosts.local = { - # default = true; - # locations."/".proxyPass= "http://localhost:4567"; - # }; - # }; - # services.gollum = { - # enable = true; - # extraConfig = '' - # Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| - # File.open('/tmp/lol', 'w') { |file| file.write(self.to_s) } - # end - # ''; - # }; - #} - # <stockholm/makefu/2configs/deployment/gitlab.nix> - # <stockholm/makefu/2configs/deployment/docker/etherpad.nix> - # <stockholm/makefu/2configs/deployment/wiki-irc-bot> - - # <stockholm/makefu/2configs/torrent.nix> - # <stockholm/makefu/2configs/deployment/dirctator.nix> - # <stockholm/makefu/2configs/vncserver.nix> - # <stockholm/makefu/2configs/deployment/led-fader> - # <stockholm/makefu/2configs/deployment/hound> - # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> - # <stockholm/makefu/2configs/deployment/bureautomation/hass.nix> - # <stockholm/makefu/2configs/bureautomation/office-radio> - - # Krebs - <stockholm/makefu/2configs/tinc/retiolum.nix> - # <stockholm/makefu/2configs/share/anon-ftp.nix> - # <stockholm/makefu/2configs/share/anon-sftp.nix> - <stockholm/makefu/2configs/share/gum-client.nix> - <stockholm/makefu/2configs/share> - # <stockholm/makefu/2configs/share/temp-share-samba.nix> - - - # applications - <stockholm/makefu/2configs/exim-retiolum.nix> - <stockholm/makefu/2configs/mail-client.nix> - <stockholm/makefu/2configs/printer.nix> - # <stockholm/makefu/2configs/syncthing.nix> - # <stockholm/makefu/2configs/sync> - - # Virtualization - # <stockholm/makefu/2configs/virtualisation/libvirt.nix> - <stockholm/makefu/2configs/virtualisation/docker.nix> - <stockholm/makefu/2configs/virtualisation/virtualbox.nix> - #{ - # networking.firewall.allowedTCPPorts = [ 8080 ]; - # networking.nat = { - # enable = true; - # externalInterface = "wlp3s0"; - # internalInterfaces = [ "vboxnet0" ]; - # }; - #} - # Services - <stockholm/makefu/2configs/git/brain-retiolum.nix> - <stockholm/makefu/2configs/tor.nix> - # <stockholm/makefu/2configs/vpn/vpngate.nix> - # <stockholm/makefu/2configs/buildbot-standalone.nix> - <stockholm/makefu/2configs/remote-build/aarch64-community.nix> - # <stockholm/makefu/2configs/remote-build/gum.nix> - # { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; } - - # <stockholm/makefu/2configs/binary-cache/gum.nix> - <stockholm/makefu/2configs/binary-cache/lass.nix> - - - - # Security - # <stockholm/makefu/2configs/sshd-totp.nix> - - # temporary - # { services.redis.enable = true; } - # citadel exporter - # { services.mongodb.enable = true; } - # { services.elasticsearch.enable = true; } - # <stockholm/makefu/2configs/deployment/nixos.wiki> - # <stockholm/makefu/2configs/home/photoprism.nix> - # <stockholm/makefu/2configs/dcpp/airdcpp.nix> - # <stockholm/makefu/2configs/nginx/rompr.nix> - # <stockholm/makefu/2configs/lanparty/lancache.nix> - # <stockholm/makefu/2configs/lanparty/lancache-dns.nix> - # <stockholm/makefu/2configs/lanparty/samba.nix> - # <stockholm/makefu/2configs/lanparty/mumble-server.nix> - <stockholm/makefu/2configs/wireguard/wiregrill.nix> - -# { -# networking.wireguard.interfaces.wg0 = { -# ips = [ "10.244.0.2/24" ]; -# privateKeyFile = (toString <secrets>) + "/wireguard.key"; -# allowedIPsAsRoutes = true; -# peers = [ -# { -# # gum -# endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820"; -# allowedIPs = [ "10.244.0.0/24" ]; -# publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; -# } -# #{ -# # # vbob -# # allowedIPs = [ "10.244.0.3/32" ]; -# # publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; -# #} -# ]; -# }; -# } - ]; - - - nixpkgs.config.allowUnfree = true; - nixpkgs.config.oraclejdk.accept_license = true; - - - - # configure pulseAudio to provide a HDMI sink as well - networking.firewall.enable = true; - networking.firewall.allowedUDPPorts = [ 665 26061 1514 ]; - networking.firewall.trustedInterfaces = [ "vboxnet0" "enp0s25" ]; - - krebs.build.host = config.krebs.hosts.x; - - #krebs.tinc.retiolum.connectTo = lib.mkForce [ "gum" ]; - #krebs.tinc.retiolum.extraConfig = "AutoConnect = no"; - - - environment.systemPackages = [ pkgs.passwdqc-utils ]; - - # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; }; - state = [ - "/home/makefu/stockholm" - "/home/makefu/.ssh/" - "/home/makefu/.zsh_history" - "/home/makefu/.bash_history" - "/home/makefu/bin" - "/home/makefu/.gnupg" - "/home/makefu/.imapfilter" - "/home/makefu/.mutt" - "/home/makefu/docs" - "/home/makefu/notes" - "/home/makefu/.password-store" - "/home/makefu/.secrets-pass" - "/home/makefu/.config/syncthing" - ]; - - # services.syncthing.user = lib.mkForce "makefu"; - # services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; -} diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix deleted file mode 100644 index ecb1d9962..000000000 --- a/makefu/1systems/x/source.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - name="x"; - full = true; - python = true; - hw = true; - # unstable = true; - mic92 = true; - clever_kexec = true; - home-manager = true; - nix-ld = true; - # torrent = true; -} diff --git a/makefu/1systems/x/x13/battery.nix b/makefu/1systems/x/x13/battery.nix deleted file mode 100644 index 3e28292e3..000000000 --- a/makefu/1systems/x/x13/battery.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ pkgs, ... }: -{ - powerManagement.powertop.enable = true; - services.power-profiles-daemon.enable = true; - users.users.makefu.packages = [ pkgs.gnome.gnome-power-manager ]; -} diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix deleted file mode 100644 index 27ea0c99c..000000000 --- a/makefu/1systems/x/x13/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ pkgs, lib, ... }: -# new zfs deployment -{ - imports = [ - ./zfs.nix - ./input.nix - ./battery.nix - <stockholm/makefu/2configs/hw/bluetooth.nix> - <nixos-hardware/lenovo/thinkpad/l14/amd> # close enough - # <stockholm/makefu/2configs/hw/tpm.nix> - <stockholm/makefu/2configs/hw/ssd.nix> - # <stockholm/makefu/2configs/hw/xmm7360.nix> - ]; - boot.zfs.requestEncryptionCredentials = true; - networking.hostId = "f8b8e0a2"; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # services.xserver.enable = lib.mkForce false; - - services.xserver.videoDrivers = [ "amdgpu" ]; - boot.initrd.kernelModules = [ "amdgpu" ]; - hardware.opengl.driSupport = true; - hardware.opengl.extraPackages = [ pkgs.amdvlk pkgs.rocm-opencl-icd pkgs.rocm-opencl-runtime ]; - # For 32 bit applications - hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages32 = with pkgs; [ - driversi686Linux.amdvlk - ]; - # is required for amd graphics support ( xorg wont boot otherwise ) - #boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelPackages = lib.mkForce pkgs.linuxPackages; - - services.fwupd.enable = true; - - programs.light.enable = true; - - users.groups.video = {}; - users.groups.render = {}; - users.users.makefu.extraGroups = [ "video" "render" ]; - - boot.extraModprobeConfig = '' - options thinkpad_acpi fan_control=1 - ''; -} - diff --git a/makefu/1systems/x/x13/disk.nix b/makefu/1systems/x/x13/disk.nix deleted file mode 100644 index 7ce77bdf5..000000000 --- a/makefu/1systems/x/x13/disk.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ disk ? "/dev/sda", ... }: { - disko.devices = { - disk = { - nvme = { - type = "disk"; - device = disk; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "ESP"; - start = "0"; - end = "512MiB"; - fs-type = "fat32"; - bootable = true; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - } - { - name = "zfs"; - start = "512MiB"; - end = "100%"; - content = { - type = "zfs"; - pool = "tank"; - }; - } - ]; - }; - }; - }; - zpool = { - tank = { - type = "zpool"; - rootFsOptions = { - compression = "lz4"; - #reservation = "5G"; - "com.sun:auto-snapshot" = "false"; - }; - mountpoint = null; - postCreateHook = "zfs snapshot tank@blank"; - - datasets = { - - root = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - encryption = "aes-256-gcm"; - keyformat = "passphrase"; - "com.sun:auto-snapshot" = "true"; - }; - #keylocation = "file:///tmp/secret.key"; - }; - "root/home" = { - type = "zfs_fs"; - mountpoint = "/home"; - }; - }; - }; - }; - }; -} diff --git a/makefu/1systems/x/x13/input.nix b/makefu/1systems/x/x13/input.nix deleted file mode 100644 index 93816ce84..000000000 --- a/makefu/1systems/x/x13/input.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ pkgs, lib, ... }: -{ - # current issues: - # 1. for pressing insert hold shift+fn+Fin - - # scroll by holding middle mouse - #services.xserver.displayManager.sessionCommands ='' - # xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation" 8 1 - # xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Button" 8 2 - # xinput set-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 - # # configure timeout of pressing and holding middle button - # # xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 - # xinput disable 'ETPS/2 Elantech Touchpad' - #''; - - services.xserver.libinput.enable = true; - boot.kernelParams = [ - #"psmouse.proto=imps" - #"psmouse.proto=bare" - #"psmouse.resetafter=0" - "psmouse.synaptics_intertouch=1" # echo 1 > /sys/devices/platform/i8042/serio1/reg_07 - ]; - - programs.light.enable = true; - services.actkbd = { - enable = true; - bindings = [ - { keys = [ 225 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -A 10"; } # fn - F5 - { keys = [ 224 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -U 10"; } # fn - F6 - # fn - 4 => suspend - # fn - d => lcdshadow - #{ keys = [ 227 ]; events = [ "key" ]; command = builtins.toString ( # fn - F7 - # pkgs.writers.writeDash "toggle_touchpad" '' - # PATH=${lib.makeBinPath [ pkgs.xorg.xinput pkgs.gnugrep ]} - # DISPLAY=:0 - # export DISPLAY PATH - - # device=$(xinput list --name-only | grep Touchpad) - # if [ "$(xinput list-props "$device" | grep -P ".*Device Enabled.*\K.(?=$)" -o)" -eq 1 ];then - # xinput disable "$device" - # else - # xinput enable "$device" - # fi - # ''); - #} - ]; - }; -} diff --git a/makefu/1systems/x/x13/toggle_brightness b/makefu/1systems/x/x13/toggle_brightness deleted file mode 100644 index dc1436cb6..000000000 --- a/makefu/1systems/x/x13/toggle_brightness +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -proc=/proc/acpi/ibm/lcdshadow -status=$(awk '/status:/{print $2}' "$proc") -if [ "$status" -eq 0 ];then - echo 1 > "$proc" -else - echo 0 > "$proc" -fi diff --git a/makefu/1systems/x/x13/zfs.nix b/makefu/1systems/x/x13/zfs.nix deleted file mode 100644 index ba341ef50..000000000 --- a/makefu/1systems/x/x13/zfs.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - boot.zfs.enableUnstable = true; # required for 21.05 - fileSystems."/" = - { device = "zroot/root/nixos"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/20BF-2755"; - fsType = "vfat"; - }; - - fileSystems."/home" = - { device = "zroot/root/home"; - fsType = "zfs"; - }; - - swapDevices = [ ]; - services.zfs.autoScrub.enable = true; -} diff --git a/makefu/1systems/x/x230/default.nix b/makefu/1systems/x/x230/default.nix deleted file mode 100644 index c2a635ca7..000000000 --- a/makefu/1systems/x/x230/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - imports = [ - <stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth - <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix> - - <stockholm/makefu/2configs/hw/tpm.nix> - <stockholm/makefu/2configs/hw/ssd.nix> - - # hard dependency because otherwise the device will not be unlocked - { - boot.initrd.luks.devices.luksroot = - { - device = "/dev/sda2"; - allowDiscards = true; - }; - } - { makefu.server.primary-itf = "wlp3s0"; } - ]; -} |