From f55307fd73af235069744dd5155fda0bc73fe613 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Sep 2023 12:26:31 +0200 Subject: lass: migrate away --- lass/1systems/aergia/config.nix | 167 --------------- lass/1systems/aergia/disk.nix | 63 ------ lass/1systems/aergia/install.sh | 3 - lass/1systems/aergia/physical.nix | 117 ----------- lass/1systems/aergia/source.nix | 21 -- lass/1systems/blue/config.nix | 22 -- lass/1systems/blue/physical.nix | 7 - lass/1systems/blue/source.nix | 17 -- lass/1systems/coaxmetal/config.nix | 63 ------ lass/1systems/coaxmetal/physical.nix | 59 ------ lass/1systems/coaxmetal/source.nix | 21 -- lass/1systems/daedalus/config.nix | 115 ----------- lass/1systems/daedalus/physical.nix | 24 --- lass/1systems/dishfire/config.nix | 13 -- lass/1systems/dishfire/physical.nix | 21 -- lass/1systems/echelon/config.nix | 17 -- lass/1systems/echelon/physical.nix | 33 --- lass/1systems/green/config.nix | 75 ------- lass/1systems/green/physical.nix | 7 - lass/1systems/green/source.nix | 6 - lass/1systems/hilum/config.nix | 33 --- lass/1systems/hilum/disk.nix | 43 ---- lass/1systems/hilum/flash-stick.sh | 43 ---- lass/1systems/hilum/physical.nix | 53 ----- lass/1systems/icarus/config.nix | 30 --- lass/1systems/icarus/physical.nix | 49 ----- lass/1systems/lasspi/config.nix | 25 --- lass/1systems/lasspi/physical.nix | 45 ----- lass/1systems/littleT/config.nix | 30 --- lass/1systems/littleT/physical.nix | 25 --- lass/1systems/mors/config.nix | 167 --------------- lass/1systems/mors/physical.nix | 48 ----- lass/1systems/mors/source.nix | 21 -- lass/1systems/neoprism/config.nix | 51 ----- lass/1systems/neoprism/disk.nix | 118 ----------- lass/1systems/neoprism/physical.nix | 79 -------- lass/1systems/orange/config.nix | 25 --- lass/1systems/orange/physical.nix | 7 - lass/1systems/prism/backup.nix | 37 ---- lass/1systems/prism/config.nix | 380 ----------------------------------- lass/1systems/prism/physical.nix | 107 ---------- lass/1systems/radio/config.nix | 24 --- lass/1systems/radio/physical.nix | 7 - lass/1systems/radio/source.nix | 6 - lass/1systems/shodan/config.nix | 28 --- lass/1systems/shodan/physical.nix | 45 ----- lass/1systems/skynet/config.nix | 41 ---- lass/1systems/skynet/physical.nix | 29 --- lass/1systems/styx/config.nix | 116 ----------- lass/1systems/styx/physical.nix | 38 ---- lass/1systems/ubik/config.nix | 276 ------------------------- lass/1systems/ubik/physical.nix | 7 - lass/1systems/wizard/config.nix | 287 -------------------------- lass/1systems/wizard/generate-iso.sh | 7 - lass/1systems/wizard/run-vm.sh | 7 - lass/1systems/wizard/test.nix | 10 - lass/1systems/xerxes/config.nix | 76 ------- lass/1systems/xerxes/physical.nix | 73 ------- lass/1systems/yellow/config.nix | 45 ----- lass/1systems/yellow/physical.nix | 7 - 60 files changed, 3416 deletions(-) delete mode 100644 lass/1systems/aergia/config.nix delete mode 100644 lass/1systems/aergia/disk.nix delete mode 100644 lass/1systems/aergia/install.sh delete mode 100644 lass/1systems/aergia/physical.nix delete mode 100644 lass/1systems/aergia/source.nix delete mode 100644 lass/1systems/blue/config.nix delete mode 100644 lass/1systems/blue/physical.nix delete mode 100644 lass/1systems/blue/source.nix delete mode 100644 lass/1systems/coaxmetal/config.nix delete mode 100644 lass/1systems/coaxmetal/physical.nix delete mode 100644 lass/1systems/coaxmetal/source.nix delete mode 100644 lass/1systems/daedalus/config.nix delete mode 100644 lass/1systems/daedalus/physical.nix delete mode 100644 lass/1systems/dishfire/config.nix delete mode 100644 lass/1systems/dishfire/physical.nix delete mode 100644 lass/1systems/echelon/config.nix delete mode 100644 lass/1systems/echelon/physical.nix delete mode 100644 lass/1systems/green/config.nix delete mode 100644 lass/1systems/green/physical.nix delete mode 100644 lass/1systems/green/source.nix delete mode 100644 lass/1systems/hilum/config.nix delete mode 100644 lass/1systems/hilum/disk.nix delete mode 100755 lass/1systems/hilum/flash-stick.sh delete mode 100644 lass/1systems/hilum/physical.nix delete mode 100644 lass/1systems/icarus/config.nix delete mode 100644 lass/1systems/icarus/physical.nix delete mode 100644 lass/1systems/lasspi/config.nix delete mode 100644 lass/1systems/lasspi/physical.nix delete mode 100644 lass/1systems/littleT/config.nix delete mode 100644 lass/1systems/littleT/physical.nix delete mode 100644 lass/1systems/mors/config.nix delete mode 100644 lass/1systems/mors/physical.nix delete mode 100644 lass/1systems/mors/source.nix delete mode 100644 lass/1systems/neoprism/config.nix delete mode 100644 lass/1systems/neoprism/disk.nix delete mode 100644 lass/1systems/neoprism/physical.nix delete mode 100644 lass/1systems/orange/config.nix delete mode 100644 lass/1systems/orange/physical.nix delete mode 100644 lass/1systems/prism/backup.nix delete mode 100644 lass/1systems/prism/config.nix delete mode 100644 lass/1systems/prism/physical.nix delete mode 100644 lass/1systems/radio/config.nix delete mode 100644 lass/1systems/radio/physical.nix delete mode 100644 lass/1systems/radio/source.nix delete mode 100644 lass/1systems/shodan/config.nix delete mode 100644 lass/1systems/shodan/physical.nix delete mode 100644 lass/1systems/skynet/config.nix delete mode 100644 lass/1systems/skynet/physical.nix delete mode 100644 lass/1systems/styx/config.nix delete mode 100644 lass/1systems/styx/physical.nix delete mode 100644 lass/1systems/ubik/config.nix delete mode 100644 lass/1systems/ubik/physical.nix delete mode 100644 lass/1systems/wizard/config.nix delete mode 100755 lass/1systems/wizard/generate-iso.sh delete mode 100755 lass/1systems/wizard/run-vm.sh delete mode 100644 lass/1systems/wizard/test.nix delete mode 100644 lass/1systems/xerxes/config.nix delete mode 100644 lass/1systems/xerxes/physical.nix delete mode 100644 lass/1systems/yellow/config.nix delete mode 100644 lass/1systems/yellow/physical.nix (limited to 'lass/1systems') diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix deleted file mode 100644 index 9b7409bcc..000000000 --- a/lass/1systems/aergia/config.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - - - - - - - - - - - - - - - - # - - - - - - # steam-deck like experience https://github.com/Jovian-Experiments/Jovian-NixOS - { - imports = [ - "${builtins.fetchTarball "https://github.com/Jovian-Experiments/Jovian-NixOS/archive/master.tar.gz"}/modules" - ]; - jovian.steam.enable = true; - } - { # autorandrs - services.autorandr = { - enable = true; - hooks.postswitch.reset_usb = '' - echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized - ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert - ''; - profiles = { - default = { - fingerprint = { - eDP = "00ffffffffffff00288931000100000016200104805932780a0dc9a05747982712484c0000000101010101010101010101010101010108700088a1401360c820a300d9870000001ead4a0088a1401360c820a30020c23100001e000000fd0016480f5a1e000a202020202020000000fc0047504431303031480a2020202000cf"; - }; - config = { - eDP = { - enable = true; - primary = true; - position = "0x0"; - mode = "2560x1600"; - rate = "60.01"; - transform = [ - [ 0.750000 0.000000 0.000000 ] - [ 0.000000 0.750000 0.000000 ] - [ 0.000000 0.000000 1.000000 ] - ]; - # scale = { - # x = 0.599991; - # y = 0.599991; - # }; - }; - }; - }; - docked2 = { - fingerprint = { - eDP = config.services.autorandr.profiles.default.fingerprint.eDP; - DisplayPort-8 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c5a8780a070384d4030203500b9882100001af4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000009"; - DisplayPort-7 = "00ffffffffffff0020a32f00010000000c190103807341780acf74a3574cb02309484c21080081c0814081800101010101010101010104740030f2705a80b0588a00501d7400001e023a801871382d40582c4500501d7400001e000000fc00484953454e53450a2020202020000000fd00324b0f451e000a2020202020200172020333714f5f5e5d01020400101113001f2021222909070715075057070083010000e200f96d030c002000183c200060010203662150b051001b304070360056005300001e011d8018711c1620582c2500c48e2100009e011d007251d01e206e285500c48e2100001800000000000000000000000000000000000000000000ea"; - }; - config = { - DisplayPort-7 = { - enable = true; - position = "2560x0"; - mode = "1920x1080"; - rate = "60.00"; - }; - DisplayPort-8 = config.services.autorandr.profiles.docked1.config.DisplayPort-1; - eDP = config.services.autorandr.profiles.docked1.config.eDP; - }; - }; - docked1 = { - fingerprint = { - eDP = config.services.autorandr.profiles.default.fingerprint.eDP; - DisplayPort-1 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c000000000000000000000000000000000000f4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000040"; - }; - config = { - DisplayPort-1 = { - enable = true; - primary = true; - position = "0x0"; - mode = "2560x1440"; - rate = "165.08"; - }; - eDP = config.services.autorandr.profiles.default.config.eDP // { - primary = false; - position = "640x1440"; - }; - }; - }; - docked1_hack = { - fingerprint = { - eDP = config.services.autorandr.profiles.default.fingerprint.eDP; - HDMI-A-0 = "00ffffffffffff0010ac31d14c3346300f20010380462878ea26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030901ee63c000a20202020202001db020346f14d030212110113042f141f05103f2309070783010000e200ea67030c001000383c67d85dc4017888006d1a0000020b3090e607622c622ce305c000e606050162622c40e7006aa0a0675008209804b9882100001a6fc200a0a0a05550302035001d4e3100001a000000000000000000000000000000000000000000fc"; - }; - config = { - HDMI-A-0 = { - enable = true; - primary = true; - position = "0x0"; - mode = "2560x1440"; - rate = "165.08"; - }; - eDP = config.services.autorandr.profiles.default.config.eDP // { - primary = false; - position = "640x1440"; - }; - }; - }; - }; - }; - } - ]; - - system.stateVersion = "22.11"; - - krebs.build.host = config.krebs.hosts.aergia; - - environment.systemPackages = with pkgs; [ - brain - bank - l-gen-secrets - generate-secrets - nixpkgs-review - pipenv - ]; - - programs.adb.enable = true; - - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - }; - hardware.pulseaudio.package = pkgs.pulseaudioFull; - - nix.trustedUsers = [ "root" "lass" ]; - - # nix.extraOptions = '' - # extra-experimental-features = nix-command flakes - # ''; - - services.tor = { - enable = true; - client.enable = true; - }; - - documentation.nixos.enable = true; - boot.binfmt.emulatedSystems = [ - "aarch64-linux" - ]; - - boot.cleanTmpDir = true; - programs.noisetorch.enable = true; -} diff --git a/lass/1systems/aergia/disk.nix b/lass/1systems/aergia/disk.nix deleted file mode 100644 index 233b320e4..000000000 --- a/lass/1systems/aergia/disk.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ lib, ... }: -{ - disk = { - main = { - type = "disk"; - device = "/dev/nvme0n1"; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "boot"; - start = "0"; - end = "1M"; - part-type = "primary"; - flags = ["bios_grub"]; - } - { - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - fs-type = "fat32"; - bootable = true; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - } - { - name = "root"; - start = "1GiB"; - end = "100%"; - content = { - type = "luks"; - name = "aergia1"; - content = { - type = "btrfs"; - extraArgs = "-f"; # Override existing partition - subvolumes = { - # Subvolume name is different from mountpoint - "/rootfs" = { - mountpoint = "/"; - }; - # Mountpoints inferred from subvolume name - "/home" = { - mountOptions = []; - mountpoint = "/home"; - }; - "/nix" = { - mountOptions = []; - mountpoint = "/nix"; - }; - }; - }; - }; - } - ]; - }; - }; - }; -} - diff --git a/lass/1systems/aergia/install.sh b/lass/1systems/aergia/install.sh deleted file mode 100644 index 0e4f0ab4c..000000000 --- a/lass/1systems/aergia/install.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -target=$1 diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix deleted file mode 100644 index e76460d20..000000000 --- a/lass/1systems/aergia/physical.nix +++ /dev/null @@ -1,117 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - imports = [ - ./config.nix - (modulesPath + "/installer/scan/not-detected.nix") - - ]; - disko.devices = import ./disk.nix; - - networking.hostId = "deadbeef"; - # boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub = { - enable = true; - device = "/dev/nvme0n1"; - efiSupport = true; - efiInstallAsRemovable = true; - }; - - # boot.kernelPackages = pkgs.linuxPackages_latest; - - boot.kernelParams = [ - # use less power with pstate - "amd_pstate=passive" - - # suspend - "resume_offset=178345675" - ]; - - boot.kernelModules = [ - # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html - # On recent AMD CPUs this can be more energy efficient. - "amd-pstate" - "kvm-amd" - ]; - - # hardware.cpu.amd.updateMicrocode = true; - - services.xserver.videoDrivers = [ - "amdgpu" - ]; - - boot.initrd.availableKernelModules = [ - "nvme" - "thunderbolt" - "xhci_pci" - "usbhid" - ]; - - boot.initrd.kernelModules = [ - "amdgpu" - ]; - - environment.systemPackages = [ - pkgs.vulkan-tools - (pkgs.writers.writeDashBin "set_tdp" '' - set -efux - watt=$1 - value=$(( $watt * 1000 )) - ${pkgs.ryzenadj}/bin/ryzenadj --stapm-limit="$value" --fast-limit="$value" --slow-limit="$value" - '') - ]; - - # corectrl - programs.corectrl = { - enable = true; - gpuOverclock = { - enable = true; - ppfeaturemask = "0xffffffff"; - }; - }; - users.users.mainUser.extraGroups = [ "corectrl" ]; - - # keyboard quirks - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert - ''; - services.udev.extraHwdb = /* sh */ '' - # disable back buttons - evdev:input:b0003v2F24p0135* # /dev/input/event2 - KEYBOARD_KEY_70026=reserved - KEYBOARD_KEY_70027=reserved - ''; - - # update cpu microcode - hardware.cpu.amd.updateMicrocode = true; - - hardware.opengl.enable = true; - hardware.opengl.extraPackages = [ - pkgs.amdvlk - pkgs.rocm-opencl-icd - pkgs.rocm-opencl-runtime - ]; - - # suspend to disk - swapDevices = [{ - device = "/swapfile"; - }]; - boot.resumeDevice = "/dev/mapper/aergia1"; - services.logind.lidSwitch = "suspend-then-hibernate"; - services.logind.extraConfig = '' - HandlePowerKey=hibernate - ''; - # systemd.sleep.extraConfig = '' - # HibernateDelaySec=1800 - # ''; - - # firefox touchscreen support - environment.sessionVariables.MOZ_USE_XINPUT2 = "1"; - - # enable thunderbolt - services.hardware.bolt.enable = true; - - # reinit usb after docking station connect - services.udev.extraRules = '' - SUBSYSTEM=="drm", ACTION=="change", RUN+="${pkgs.dash}/bin/dash -c 'echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized'" - ''; -} diff --git a/lass/1systems/aergia/source.nix b/lass/1systems/aergia/source.nix deleted file mode 100644 index abbf26c75..000000000 --- a/lass/1systems/aergia/source.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, pkgs, test, ... }: let - npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; -in { - nixpkgs = (if test then lib.mkForce ({ derivation = let - rev = npkgs.rev; - sha256 = npkgs.sha256; - in '' - with import (builtins.fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; - sha256 = "${sha256}"; - }) {}; - pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = "${rev}"; - sha256 = "${sha256}"; - } - ''; }) else { - git.ref = lib.mkForce npkgs.rev; - }); -} diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix deleted file mode 100644 index c4286cca3..000000000 --- a/lass/1systems/blue/config.nix +++ /dev/null @@ -1,22 +0,0 @@ -with import ; -{ config, lib, pkgs, ... }: -{ - imports = [ - - - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.blue; - - networking.nameservers = [ "1.1.1.1" ]; - - time.timeZone = "Europe/Berlin"; - users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ]; -} diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix deleted file mode 100644 index b6aa3a894..000000000 --- a/lass/1systems/blue/physical.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - boot.isContainer = true; - networking.useDHCP = false; -} diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix deleted file mode 100644 index 0b2bf5f5b..000000000 --- a/lass/1systems/blue/source.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, pkgs, test, ... }: -if test then {} else { - nixpkgs = lib.mkIf (! test) (lib.mkForce { - file = { - path = toString (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; - sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - }); - useChecksum = true; - }; - }); - nixpkgs-unstable = lib.mkForce { - file.path = "/var/empty"; - }; -} diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix deleted file mode 100644 index 7fd76974b..000000000 --- a/lass/1systems/coaxmetal/config.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - - - - - - - - - - - - - - - - - # - ]; - - krebs.build.host = config.krebs.hosts.coaxmetal; - - environment.systemPackages = with pkgs; [ - brain - bank - l-gen-secrets - (pkgs.writeDashBin "deploy" '' - set -eu - export SYSTEM="$1" - $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - '') - (pkgs.writeDashBin "usb-tether-on" '' - adb shell su -c service call connectivity 33 i32 1 s16 text - '') - (pkgs.writeDashBin "usb-tether-off" '' - adb shell su -c service call connectivity 33 i32 0 s16 text - '') - ]; - - programs.adb.enable = true; - - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - }; - hardware.pulseaudio.package = pkgs.pulseaudioFull; - - nix.trustedUsers = [ "root" "lass" ]; - - services.tor = { - enable = true; - client.enable = true; - }; - - documentation.nixos.enable = true; -} diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix deleted file mode 100644 index 6be047300..000000000 --- a/lass/1systems/coaxmetal/physical.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - imports = [ - ./config.nix - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - networking.hostId = "e0c335ea"; - boot.zfs.requestEncryptionCredentials = true; - boot.zfs.enableUnstable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub = { - enable = true; - # device = "/dev/disk/by-id/nvme-WDC_PC_SN730_SDBQNTY-1T00-1001_205349800040"; - device = "nodev"; - efiSupport = true; - # efiInstallAsRemovable = true; - }; - - services.xserver.videoDrivers = [ - "amdgpu" - ]; - - hardware.opengl.extraPackages = [ pkgs.amdvlk ]; - environment.variables.VK_ICD_FILENAMES = - "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; - - boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-amd" ]; - - fileSystems."/" = { - device = "zpool/root/root"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "zpool/root/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/50A7-1889"; - fsType = "vfat"; - }; - - services.logind.lidSwitch = "ignore"; - services.logind.lidSwitchDocked = "ignore"; - - # Mouse stuff - services.xserver.libinput.enable = lib.mkForce false; - services.xserver.synaptics.enable = true; - - services.xserver.displayManager.sessionCommands = '' - xinput disable 'ETPS/2 Elantech Touchpad' - xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation' 1 - xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Button' 2 - xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Axes' 6 7 4 5 - ''; -} diff --git a/lass/1systems/coaxmetal/source.nix b/lass/1systems/coaxmetal/source.nix deleted file mode 100644 index abbf26c75..000000000 --- a/lass/1systems/coaxmetal/source.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, pkgs, test, ... }: let - npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; -in { - nixpkgs = (if test then lib.mkForce ({ derivation = let - rev = npkgs.rev; - sha256 = npkgs.sha256; - in '' - with import (builtins.fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; - sha256 = "${sha256}"; - }) {}; - pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = "${rev}"; - sha256 = "${sha256}"; - } - ''; }) else { - git.ref = lib.mkForce npkgs.rev; - }); -} diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix deleted file mode 100644 index c34dc0acf..000000000 --- a/lass/1systems/daedalus/config.nix +++ /dev/null @@ -1,115 +0,0 @@ -with import ; -{ config, pkgs, ... }: - -{ - imports = [ - - - - - # - { - # bubsy config - users.users.bubsy = { - uid = genid "bubsy"; - home = "/home/bubsy"; - group = "users"; - createHome = true; - extraGroups = [ - "audio" - "networkmanager" - "pipewire" - # "plugdev" - ]; - useDefaultShell = true; - isNormalUser = true; - }; - networking.networkmanager.enable = true; - networking.wireless.enable = mkForce false; - # programs.chromium = { - # enable = true; - # extensions = [ - # "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - # ]; - # }; - environment.systemPackages = with pkgs; [ - ark - pavucontrol - #firefox - chromium - hexchat - networkmanagerapplet - libreoffice - audacity - zathura - skypeforlinux - wine - geeqie - vlc - zsnes - telegram-desktop - ]; - # services.udev.packages = [ pkgs.ledger-udev-rules ]; - nixpkgs.config.firefox.enableAdobeFlash = true; - services.xserver.enable = true; - services.xserver.displayManager.lightdm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - services.tlp.enable = lib.mkForce false; - services.xserver.layout = "de"; - } - { - users = { - groups.plugdev = {}; - users = { - bitcoin = { - name = "bitcoin"; - description = "user for bitcoin stuff"; - home = "/home/bitcoin"; - isNormalUser = true; - useDefaultShell = true; - createHome = true; - extraGroups = [ - "audio" - "networkmanager" - "plugdev" - ]; - packages = [ - pkgs.electrum - pkgs.electron-cash - pkgs.ledger-live-desktop - ]; - }; - }; - }; - hardware.ledger.enable = true; - security.sudo.extraConfig = '' - bubsy ALL=(bitcoin) NOPASSWD: ALL - ''; - } - { - #remote control - environment.systemPackages = with pkgs; [ - x11vnc - # torbrowser - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } - ]; - } - ]; - - time.timeZone = "Europe/Berlin"; - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - - krebs.build.host = config.krebs.hosts.daedalus; -} diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix deleted file mode 100644 index d10ced7da..000000000 --- a/lass/1systems/daedalus/physical.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - imports = [ - ./config.nix - - - ]; - - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/backups" = { - device = "/dev/pool/backup"; - fsType = "ext4"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - ''; -} diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix deleted file mode 100644 index 279cad10b..000000000 --- a/lass/1systems/dishfire/config.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - - ]; - - krebs.build.host = config.krebs.hosts.dishfire; -} diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix deleted file mode 100644 index ca013132f..000000000 --- a/lass/1systems/dishfire/physical.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ - ./config.nix - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - boot.loader.grub.devices = [ "/dev/sda" ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd"; - fsType = "ext4"; - }; - - swapDevices = [ ]; -} diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix deleted file mode 100644 index eacdff782..000000000 --- a/lass/1systems/echelon/config.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, pkgs, ... }: -{ - imports = [ - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.echelon; - - boot.tmpOnTmpfs = true; - -} - diff --git a/lass/1systems/echelon/physical.nix b/lass/1systems/echelon/physical.nix deleted file mode 100644 index fbacc3927..000000000 --- a/lass/1systems/echelon/physical.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - imports = [ - ./config.nix - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.efiInstallAsRemovable = true; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.initrd.luks.devices.luksroot.device = "/dev/sda3"; - - networking.useDHCP = false; - networking.interfaces.ens18.useDHCP = true; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/5186edb1-9234-48ae-8679-61facb56b818"; - fsType = "xfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/56D1-34A0"; - fsType = "vfat"; - }; - -} diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix deleted file mode 100644 index 81b8b909b..000000000 --- a/lass/1systems/green/config.nix +++ /dev/null @@ -1,75 +0,0 @@ -with import ; -{ config, lib, pkgs, ... }: -{ - imports = [ - - - - - - - - - - - - - - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.green; - - krebs.sync-containers3.inContainer = { - enable = true; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y"; - }; - - systemd.tmpfiles.rules = [ - "d /home/lass/.local/share 0700 lass users -" - "d /home/lass/.local 0700 lass users -" - "d /home/lass/.config 0700 lass users -" - - "d /var/state/lass_mail 0700 lass users -" - "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail" - - "d /var/state/lass_ssh 0700 lass users -" - "L+ /home/lass/.ssh - - - - ../../var/state/lass_ssh" - "d /var/state/lass_gpg 0700 lass users -" - "L+ /home/lass/.gnupg - - - - ../../var/state/lass_gpg" - "d /var/state/lass_sync 0700 lass users -" - "L+ /home/lass/sync - - - - ../../var/state/lass_sync" - - "d /var/state/git 0700 git nogroup -" - "L+ /var/lib/git - - - - ../../var/state/git" - ]; - - users.users.mainUser.openssh.authorizedKeys.keys = [ - config.krebs.users.lass-android.pubkey - config.krebs.users.lass-tablet.pubkey - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgpZwye6yavIs3gUIYvSi70spDa0apL2yHR0ASW74z8" # weechat ssh tunnel - ]; - - krebs.iptables.tables.nat.PREROUTING.rules = [ - { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; } - ]; - - # workaround for ssh access from yubikey via android - services.openssh.extraConfig = '' - HostKeyAlgorithms +ssh-rsa - PubkeyAcceptedAlgorithms +ssh-rsa - ''; - - services.dovecot2 = { - enable = true; - mailLocation = "maildir:~/Maildir"; - }; - - networking.firewall.allowedTCPPorts = [ 143 ]; -} diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix deleted file mode 100644 index 8577daf34..000000000 --- a/lass/1systems/green/physical.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - boot.isContainer = true; - networking.useDHCP = true; -} diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix deleted file mode 100644 index 4acdb0c26..000000000 --- a/lass/1systems/green/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ lib, pkgs, test, ... }: let - npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; -in if test then {} else { - nixpkgs.git.ref = lib.mkForce npkgs.rev; - nixpkgs-unstable = lib.mkForce { file = "/var/empty"; }; -} diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix deleted file mode 100644 index 953b5d0d4..000000000 --- a/lass/1systems/hilum/config.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, pkgs, ... }: -{ - imports = [ - - - - - - ]; - - krebs.build.host = config.krebs.hosts.hilum; - - boot.loader.grub = { - extraEntries = '' - submenu isos { - source /grub/autoiso.cfg - } - ''; - extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation { - name = "autoiso.cfg"; - src = pkgs.grub2.src; - phases = [ "unpackPhase" "installPhase" ]; - installPhase = '' - cp docs/autoiso.cfg $out - ''; - }); - }; - - services.logind.lidSwitch = "ignore"; - services.logind.lidSwitchDocked = "ignore"; - - boot.tmpOnTmpfs = true; -} diff --git a/lass/1systems/hilum/disk.nix b/lass/1systems/hilum/disk.nix deleted file mode 100644 index b5199d432..000000000 --- a/lass/1systems/hilum/disk.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, disk, keyFile, ... }: -{ - disk = { - main = { - type = "disk"; - device = disk; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "boot"; - start = "0"; - end = "1M"; - flags = ["bios_grub"]; - } - { - name = "ESP"; - start = "1M"; - end = "50%"; - bootable = true; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - } - { - name = "root"; - start = "50%"; - end = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - } - ]; - }; - }; - }; -} - diff --git a/lass/1systems/hilum/flash-stick.sh b/lass/1systems/hilum/flash-stick.sh deleted file mode 100755 index 9846ea087..000000000 --- a/lass/1systems/hilum/flash-stick.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh -set -efux - -disk=$1 - -cd "$(dirname "$0")" -export NIXPKGS_ALLOW_UNFREE=1 -(umask 077; pass show admin/hilum/luks > /tmp/hilum.luks) -trap 'rm -f /tmp/hilum.luks' EXIT -echo "$disk" > /tmp/hilum-disk -trap 'rm -f /tmp/hilum-disk' EXIT - -stockholm_root=$(git rev-parse --show-toplevel) -ssh root@localhost -t -- $(nix-build \ - --no-out-link \ - -I nixpkgs=/var/src/nixpkgs \ - -I stockholm="$stockholm_root" \ - -I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \ - -E "with import {}; (pkgs.nixos [ - { - luksPassFile = \"/tmp/hilum.luks\"; - mainDisk = \"$disk\"; - disko.rootMountPoint = \"/mnt/hilum\"; - } - ./physical.nix - ]).disko" -) -rm -f /tmp/hilum.luks -$(nix-build \ - --no-out-link \ - -I nixpkgs=/var/src/nixpkgs \ - "$stockholm_root"/lass/krops.nix -A populate \ - --argstr name hilum \ - --argstr target "root@localhost/mnt/hilum/var/src" \ - --arg force true -) -ssh root@localhost << SSH -set -efux -mkdir -p /mnt/hilum/etc -NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-bootloader --no-root-password --root /mnt/hilum -I /var/src -nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader -umount -Rv /mnt/hilum -SSH diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix deleted file mode 100644 index 9caf8e531..000000000 --- a/lass/1systems/hilum/physical.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./config.nix - - { - # nice hack to carry around state passed impurely at the beginning - options.mainDisk = let - tryFile = path: default: - if lib.elem (builtins.baseNameOf path) (lib.attrNames (builtins.readDir (builtins.dirOf path))) then - builtins.readFile path - else - default - ; - in lib.mkOption { - type = lib.types.str; - default = tryFile "/etc/hilum-disk" (tryFile "/tmp/hilum-disk" "/dev/sdz"); - }; - config.environment.etc.hilum-disk.text = config.mainDisk; - } - { - options.luksPassFile = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - }; - } - ]; - - disko.devices = import ./disk.nix { - inherit lib; - disk = config.mainDisk; - keyFile = config.luksPassFile; - }; - - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.loader.grub.enable = true; - boot.loader.grub.efiSupport = true; - boot.loader.grub.device = config.mainDisk; - boot.loader.grub.efiInstallAsRemovable = true; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - #weird bug with nixos-enter - services.logrotate.enable = false; -} diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix deleted file mode 100644 index e789b09da..000000000 --- a/lass/1systems/icarus/config.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -{ - imports = [ - - - - - - - - - - - - - - - # - - - - ]; - - krebs.build.host = config.krebs.hosts.icarus; - - - environment.systemPackages = [ pkgs.chromium ]; -} diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix deleted file mode 100644 index 0b1aff4a8..000000000 --- a/lass/1systems/icarus/physical.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ - ./config.nix - # - # - - - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.efiInstallAsRemovable = true; - boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6"; - boot.initrd.luks.devices.ssd.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6-part3"; - - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/298eb635-8db2-4c15-a73d-2e0d6afa10e8"; - fsType = "xfs"; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/eec94bef-e745-4d95-ad17-4df728f5fd31"; - fsType = "xfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/D975-2CAB"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - ''; - - services.logind.lidSwitch = "ignore"; -} diff --git a/lass/1systems/lasspi/config.nix b/lass/1systems/lasspi/config.nix deleted file mode 100644 index d2207627d..000000000 --- a/lass/1systems/lasspi/config.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: -let -in -{ - imports = [ - - - - ]; - - krebs.build.host = config.krebs.hosts.lasspi; - - networking = { - networkmanager = { - enable = true; - }; - }; - environment.systemPackages = with pkgs; [ - vim - rxvt-unicode-unwrapped.terminfo - ]; - services.openssh.enable = true; - - system.stateVersion = "22.05"; -} diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix deleted file mode 100644 index 07efb5ca5..000000000 --- a/lass/1systems/lasspi/physical.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ./config.nix - ]; - - boot = { - # kernelPackages = pkgs.linuxPackages_rpi4; - tmpOnTmpfs = true; - initrd.availableKernelModules = [ "usbhid" "usb_storage" "xhci_pci" ]; - # ttyAMA0 is the serial console broken out to the GPIO - kernelParams = [ - "8250.nr_uarts=1" - "console=ttyAMA0,115200" - "console=tty1" - # Some gui programs need this - "cma=128M" - ]; - }; - - # boot.loader.raspberryPi = { - # enable = true; - # version = 4; - # # uboot.enable = true; - # }; - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; - - # Required for the Wireless firmware - hardware.enableRedistributableFirmware = true; - - networking.interfaces.eth0.useDHCP = true; - - # Assuming this is installed on top of the disk image. - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - }; - - powerManagement.cpuFreqGovernor = "ondemand"; -} diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix deleted file mode 100644 index adf8aeeb1..000000000 --- a/lass/1systems/littleT/config.nix +++ /dev/null @@ -1,30 +0,0 @@ -with import ; -{ config, pkgs, ... }: - -{ - imports = [ - - - - - - - ]; - - networking.networkmanager.enable = true; - networking.wireless.enable = mkForce false; - time.timeZone = "Europe/Berlin"; - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - - krebs.build.host = config.krebs.hosts.littleT; -} diff --git a/lass/1systems/littleT/physical.nix b/lass/1systems/littleT/physical.nix deleted file mode 100644 index 550f058a8..000000000 --- a/lass/1systems/littleT/physical.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - imports = [ - ./config.nix - - ]; - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/5B2E-3734"; - fsType = "vfat"; - }; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.efiInstallAsRemovable = true; - boot.loader.grub.device = "nodev"; - networking.hostId = "584248c6"; - - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.kernelModules = [ "kvm-intel" ]; - -} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix deleted file mode 100644 index 23f8a1184..000000000 --- a/lass/1systems/mors/config.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -{ - imports = [ - - - - - - - - - - - - - - - - - - - - - - - - # - - - - - - - - - - # - # - - - - { - krebs.iptables.tables.filter.INPUT.rules = [ - #risk of rain - { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } - #quake3 - { predicate = "-p tcp --dport 27950:27965"; target = "ACCEPT"; } - { predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; } - ]; - } - { - services.nginx = { - enable = true; - virtualHosts.default = { - default = true; - serverAliases = [ - "localhost" - "${config.krebs.build.host.name}" - "${config.krebs.build.host.name}.r" - ]; - locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' - alias /home/$1/public_html$2; - ''; - }; - }; - } - { - services.redis.enable = true; - } - { - environment.systemPackages = [ - pkgs.ovh-zone - pkgs.bank - pkgs.adb-sync - pkgs.transgui - ]; - } - { - services.tor = { - enable = true; - client.enable = true; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.mors; - - environment.systemPackages = with pkgs; [ - acronym - brain - cac-api - sshpass - get - hashPassword - urban - mk_sql_pair - remmina - transmission - - macchanger - - dnsutils - woeusb - (pkgs.writeDashBin "play-on" '' - HOST=$(echo 'styx\nshodan' | fzfmenu) - ssh -t "$HOST" -- mpv "$@" - '') - ]; - - #TODO: fix this shit - ##fprint stuff - ##sudo fprintd-enroll $USER to save fingerprints - #services.fprintd.enable = true; - #security.pam.services.sudo.fprintAuth = true; - - users.extraGroups = { - loot = { - members = [ - config.users.extraUsers.mainUser.name - "firefox" - "chromium" - "google" - "virtual" - ]; - }; - }; - - krebs.repo-sync.timerConfig = { - OnCalendar = "00:37"; - }; - - nixpkgs.config.android_sdk.accept_license = true; - programs.adb.enable = true; - - - services.earlyoom = { - enable = true; - freeMemThreshold = 5; - }; - - - # It may leak your data, but look how FAST it is!1!! - # https://make-linux-fast-again.com/ - boot.kernelParams = [ - "noibrs" - "noibpb" - "nopti" - "nospectre_v2" - "nospectre_v1" - "l1tf=off" - "nospec_store_bypass_disable" - "no_stf_barrier" - "mds=off" - "mitigations=off" - ]; - - boot.binfmt.emulatedSystems = [ - "aarch64-linux" - ]; - - nix.trustedUsers = [ "root" "lass" ]; - - services.nscd.enableNsncd = true; - -} diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix deleted file mode 100644 index 2ffbf88c0..000000000 --- a/lass/1systems/mors/physical.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - imports = [ - ./config.nix - - - ]; - - boot.kernelParams = [ "acpi_backlight=native" ]; - - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home/virtual" = { - device = "/dev/mapper/pool-virtual"; - fsType = "ext4"; - }; - "/backups" = { - device = "/dev/pool/backup"; - fsType = "ext4"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:37:15:d9", NAME="et0" - ''; - - #TODO activationScripts seem broken, fix them! - #activationScripts - #split up and move into base - system.activationScripts.powertopTunables = '' - #Runtime PMs - echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' - ''; -} diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix deleted file mode 100644 index abbf26c75..000000000 --- a/lass/1systems/mors/source.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, pkgs, test, ... }: let - npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; -in { - nixpkgs = (if test then lib.mkForce ({ derivation = let - rev = npkgs.rev; - sha256 = npkgs.sha256; - in '' - with import (builtins.fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; - sha256 = "${sha256}"; - }) {}; - pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = "${rev}"; - sha256 = "${sha256}"; - } - ''; }) else { - git.ref = lib.mkForce npkgs.rev; - }); -} diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix deleted file mode 100644 index 79402959e..000000000 --- a/lass/1systems/neoprism/config.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - - - - # sync-containers - - - - - - - - # other containers - - - # proxying of services - - - - ]; - - krebs.build.host = config.krebs.hosts.neoprism; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.acme.acceptTerms = true; - security.acme.defaults.email = "acme@lassul.us"; - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - - enableReload = true; - - virtualHosts.default = { - default = true; - locations."= /etc/os-release".extraConfig = '' - default_type text/plain; - alias /etc/os-release; - ''; - locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge"; - }; - }; -} diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix deleted file mode 100644 index c5bd44c94..000000000 --- a/lass/1systems/neoprism/disk.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ lib, ... }: -{ - disk = (lib.genAttrs [ "/dev/nvme0n1" "/dev/nvme1n1" ] (disk: { - type = "disk"; - device = disk; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - }; - ESP = { - size = "1G"; - content = { - type = "mdraid"; - name = "boot"; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; - }; - }; - }; - }; - })) // { - hdd1 = { - type = "disk"; - device = "/dev/sda"; - content = { - type = "zfs"; - pool = "tank"; - }; - }; - }; - mdadm = { - boot = { - type = "mdadm"; - level = 1; - metadata = "1.0"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - }; - zpool = { - zroot = { - type = "zpool"; - mode = "mirror"; - mountpoint = "/"; - rootFsOptions = { - }; - datasets.reserved = { - type = "zfs_fs"; - options.refreservation = "1G"; - }; - }; - tank = { - type = "zpool"; - datasets = { - reserved = { - type = "zfs_fs"; - options.refreservation = "1G"; - }; - containers = { - type = "zfs_fs"; - mountpoint = "/var/lib/containers"; - options = { - canmount = "noauto"; - }; - }; - home = { - type = "zfs_fs"; - mountpoint = "/home"; - options = { - canmount = "noauto"; - }; - }; - srv = { - type = "zfs_fs"; - mountpoint = "/srv"; - options = { - canmount = "noauto"; - }; - }; - libvirt = { - type = "zfs_fs"; - mountpoint = "/var/lib/libvirt"; - options = { - canmount = "noauto"; - }; - }; - # encrypted = { - # type = "zfs_fs"; - # options = { - # canmount = "noauto"; - # mountpoint = "none"; - # encryption = "aes-256-gcm"; - # keyformat = "passphrase"; - # keylocation = "prompt"; - # }; - # }; - # "encrypted/download" = { - # type = "zfs_fs"; - # mountpoint = "/var/download"; - # options = { - # canmount = "noauto"; - # }; - # }; - }; - }; - }; -} diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix deleted file mode 100644 index cc7734f39..000000000 --- a/lass/1systems/neoprism/physical.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - imports = [ - ./config.nix - - ]; - - disko.devices = import ./disk.nix; - networking.hostId = "9c0a74ac"; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.devices = [ - config.disko.devices.disk."/dev/nvme0n1".device - config.disko.devices.disk."/dev/nvme1n1".device - ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; - boot.kernelModules = [ "kvm-amd" ]; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - # networking config - networking.useNetworkd = true; - systemd.network = { - enable = true; - config = { - networkConfig.SpeedMeter = true; - }; - # netdevs.ext-br.netdevConfig = { - # Kind = "bridge"; - # Name = "ext-br"; - # MACAddress = "a8:a1:59:0f:2d:69"; - # }; - # networks.ext-br = { - # name = "ext-br"; - # address = [ - # "95.217.192.59/26" - # "2a01:4f9:4a:4f1a::1/64" - # ]; - # gateway = [ - # "95.217.192.1" - # "fe80::1" - # ]; - # }; - networks.eth0 = { - #bridge = [ "ext-br" ]; - matchConfig.Name = "eth0"; - address = [ - "95.217.192.59/26" - "2a01:4f9:4a:4f1a::1/64" - ]; - gateway = [ - "95.217.192.1" - "fe80::1" - ]; - }; - }; - - networking.useDHCP = false; - # boot.initrd.network = { - # enable = true; - # ssh = { - # enable = true; - # authorizedKeys = [ config.krebs.users.lass.pubkey ]; - # port = 2222; - # hostKeys = [ - # () - # () - # ]; - # }; - # }; - # boot.kernelParams = [ - # "net.ifnames=0" - # "ip=dhcp" - # "boot.trace" - # ]; -} diff --git a/lass/1systems/orange/config.nix b/lass/1systems/orange/config.nix deleted file mode 100644 index 47867c31f..000000000 --- a/lass/1systems/orange/config.nix +++ /dev/null @@ -1,25 +0,0 @@ -with import ; -{ config, lib, pkgs, ... }: -{ - imports = [ - - - - - - ]; - - krebs.build.host = config.krebs.hosts.orange; - - services.nginx.enable = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.acme = { - acceptTerms = true; - defaults.email = "acme@lassul.us"; - }; - - krebs.sync-containers3.inContainer = { - enable = true; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWzKuXrwQopBc1mzb2VpljmwAs7Y8bRl9a8hBXLC+l"; - }; -} diff --git a/lass/1systems/orange/physical.nix b/lass/1systems/orange/physical.nix deleted file mode 100644 index 8577daf34..000000000 --- a/lass/1systems/orange/physical.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - boot.isContainer = true; - networking.useDHCP = true; -} diff --git a/lass/1systems/prism/backup.nix b/lass/1systems/prism/backup.nix deleted file mode 100644 index 52b4142b9..000000000 --- a/lass/1systems/prism/backup.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services.postgresqlBackup.enable = true; - - systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ]; - - services.borgbackup.jobs.hetzner = { - paths = [ - "/var/backup" - ]; - exclude = [ - "*.pyc" - ]; - repo = "u364341@u364341.your-storagebox.de:/./hetzner"; - encryption.mode = "none"; - compression = "auto,zstd"; - startAt = "daily"; - # TODO: change backup key - environment.BORG_RSH = "ssh -oPort=23 -i ${toString + "/borgbackup.ssh.id25519"}"; - preHook = '' - set -x - ''; - - postHook = '' - cat > /var/log/telegraf/borgbackup-job-hetzner.service <; - -{ - imports = [ - ./backup.nix - - - - - - - - - { - services.nginx.enable = true; - imports = [ - - ]; - # needed by domsen.nix ^^ - lass.usershadow = { - enable = true; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { # TODO make new hfos.nix out of this vv - users.users.riot = { - uid = genid_uint31 "riot"; - isNormalUser = true; - extraGroups = [ "libvirtd" ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" - ]; - }; - krebs.iptables.tables.filter.FORWARD.rules = mkBefore [ - { v6 = false; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; } - { v6 = false; predicate = "--source 95.216.1.130"; target = "ACCEPT"; } - ]; - } - { - users.users.tv = { - uid = genid_uint31 "tv"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; - }; - users.users.makefu = { - uid = genid_uint31 "makefu"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.makefu.pubkey - ]; - }; - users.extraUsers.dritter = { - uid = genid_uint31 "dritter"; - isNormalUser = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" - ]; - }; - users.extraUsers.juhulian = { - uid = 1339; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" - ]; - }; - users.users.hellrazor = { - uid = genid_uint31 "hellrazor"; - isNormalUser = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; - }; - } - { - services.nginx.virtualHosts."radio.lassul.us" = { - enableACME = true; - addSSL = true; - locations."/" = { - # recommendedProxySettings = true; - proxyWebsockets = true; - proxyPass = "http://radio.r"; - extraConfig = '' - proxy_set_header Host radio.r; - # get source ip for weather reports - proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr"; - ''; - }; - }; - krebs.htgen.radio-redirect = { - port = 8000; - scriptFile = pkgs.writers.writeDash "redir" '' - printf 'HTTP/1.1 301 Moved Permanently\r\n' - printf "Location: http://radio.lassul.us''${Request_URI}\r\n" - printf '\r\n' - ''; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } - ]; - } - - - - - - - - - - - - - - - { - services.tor = { - enable = true; - }; - } - { - imports = [ - - ]; - services.nginx.virtualHosts."lassul.us".locations = { - "= /wallpaper-marker.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper-marker.png; - ''; - "= /wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; - "= /wallpaper-stars-berlin.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper-krebs-stars-berlin.png; - ''; - }; - } - - - - { - lass.nichtparasoup.enable = true; - services.nginx = { - enable = true; - virtualHosts."lol.lassul.us" = { - forceSSL = true; - enableACME = true; - locations."/".extraConfig = '' - proxy_pass http://localhost:5001; - ''; - }; - }; - } - { - imports = [ - - ]; - krebs.iptables.tables.nat.PREROUTING.rules = mkOrder 999 [ - { v6 = false; predicate = "-s 10.244.0.0/16"; target = "ACCEPT"; } - { v4 = false; predicate = "-s 42:1::/32"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.filter.FORWARD.rules = mkBefore [ - { predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; } - { predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; } - { v6 = false; predicate = "-s 10.244.0.0/16 ! -d 10.244.0.0/16"; target = "MASQUERADE"; } - ]; - services.dnsmasq = { - enable = true; - resolveLocalQueries = false; - - extraConfig= '' - bind-interfaces - interface=wiregrill - interface=retiolum - ''; - }; - } - { - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT"; } - ]; - } - - - { - - services.nginx.virtualHosts."flix.lassul.us" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://yellow.r:8096"; - proxyWebsockets = true; - recommendedProxySettings = true; - }; - }; - services.nginx.virtualHosts."lassul.us" = { - locations."^~ /flix/".extraConfig = '' - if ($scheme != "https") { - rewrite ^ https://$host$request_uri permanent; - } - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "flix-user-pass" '' - krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 - ''}; - proxy_pass http://yellow.r:80/; - proxy_set_header Accept-Encoding ""; - sub_filter "https://lassul.us/" "https://lassul.us/flix/"; - sub_filter_once off; - ''; - locations."^~ /chatty/".extraConfig = '' - rewrite ^ https://$host/flix/$request_uri permanent; - ''; - #locations."^~ /transmission".return = "301 https://$host/transmission/web/"; - locations."^~ /transmission/".extraConfig = '' - if ($scheme != "https") { - rewrite ^ https://$host$request_uri permanent; - } - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' - krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 - ''}; - proxy_pass_header X-Transmission-Session-Id; - proxy_pass http://10.233.2.14:9091; - ''; - }; - - users.groups.download = {}; - users.users = { - download = { - createHome = false; - group = "download"; - name = "download"; - home = "/var/download"; - useDefaultShell = true; - uid = genid "download"; - isSystemUser = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-android.pubkey - makefu.pubkey - palo.pubkey - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" - "AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ECL9NSCWqs4KVe+FF+2BPtl5Bv5aQPHqnXllCyiESZykwRKLx6/AbF5SbUAUMVZtp9oDSdp28m3BvVeWJ/q7hAbIxUtfd/jp+JBRZ8Kj6K5GzUO7Bhgl/o0A7xEjAeOKHiYuLjdPMcFUyl6Ah4ey/mcQYf6AdU0+hYUDeUlKe/YxxYD6202W0GJq2xGdIqs/TbopT9iaX+sv0wdXDVfFY72nFqOUwJW3u6O2viKKRugrz/eo50Eo3ts7pYz/FpDXExrUvV9Vu/bQ34pa8nKgF3/AKQHgmzljNQSVZKyAV8OY0UFonjBMXCBg2tXtwfnlzdx2SyuQVv55x+0AuRKsi85G2xLpXu1A3921pseBTW6Q6kbYK9eqxAay2c/kNbwNqFnO+nCvQ6Ier/hvGddOtItMu96IuU2E7mPN6WgvM8/3fjJRFWnZxFxqu/k7iH+yYT8qwRgdiSqZc76qvkYEuabdk2itstTRY0A3SpI3hFMZDw/7bxgMZtqpfyoRk5s= philip@shiki11:15 AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ECL9NSCWqs4KVe+FF+2BPtl5Bv5aQPHqnXllCyiESZykwRKLx6/AbF5SbUAUMVZtp9oDSdp28m3BvVeWJ/q7hAbIxUtfd/jp+JBRZ8Kj6K5GzUO7Bhgl/o0A7xEjAeOKHiYuLjdPMcFUyl6Ah4ey/mcQYf6AdU0+hYUDeUlKe/YxxYD6202W0GJq2xGdIqs/TbopT9iaX+sv0wdXDVfFY72nFqOUwJW3u6O2viKKRugrz/eo50Eo3ts7pYz/FpDXExrUvV9Vu/bQ34pa8nKgF3/AKQHgmzljNQSVZKyAV8OY0UFonjBMXCBg2tXtwfnlzdx2SyuQVv55x+0AuRKsi85G2xLpXu1A3921pseBTW6Q6kbYK9eqxAay2c/kNbwNqFnO+nCvQ6Ier/hvGddOtItMu96IuU2E7mPN6WgvM8/3fjJRFWnZxFxqu/k7iH+yYT8qwRgdiSqZc76qvkYEuabdk2itstTRY0A3SpI3hFMZDw/7bxgMZtqpfyoRk5s= philip@shiki" - mic92.pubkey - qubasa.pubkey - ]; - }; - }; - - system.activationScripts.downloadFolder = '' - mkdir -p /var/download - chmod 775 /var/download - ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : - chown download: /var/download/finished - ''; - - fileSystems."/export/download" = { - device = "/var/lib/containers/yellow/var/download/finished"; - options = [ "bind" ]; - }; - services.nfs.server = { - enable = true; - exports = '' - /export 42::/16(insecure,ro,crossmnt) - ''; - lockdPort = 4001; - mountdPort = 4002; - statdPort = 4000; - }; - - services.samba = { - enable = true; - enableNmbd = false; - extraConfig = '' - workgroup = WORKGROUP - netbios name = PRISM - server string = ${config.networking.hostName} - # only allow retiolum addresses - hosts allow = 42::/16 10.243.0.0/16 10.244.0.0/16 - - # Use sendfile() for performance gain - use sendfile = true - - # No NetBIOS is needed - disable netbios = true - - # Only mangle non-valid NTFS names, don't care about DOS support - mangled names = illegal - - # Performance optimizations - socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 - - # Disable all printing - load printers = false - disable spoolss = true - printcap name = /dev/null - - map to guest = Bad User - max log size = 50 - dns proxy = no - security = user - - [global] - syslog only = yes - ''; - shares.public = { - comment = "Warez"; - path = "/export"; - public = "yes"; - "only guest" = "yes"; - "create mask" = "0644"; - "directory mask" = "2777"; - writable = "no"; - printable = "no"; - }; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - # smbd - { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } - { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } - { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; } - { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } - ]; - } - { # acme fallback for neoprism migration - services.nginx.virtualHosts."lassul.us".acmeFallbackHost = "orange.r"; - services.nginx.virtualHosts."radio.lassul.us".acmeFallbackHost = "neoprism.r"; - services.nginx.virtualHosts."flix.lassul.us".acmeFallbackHost = "neoprism.r"; - services.nginx.virtualHosts."jitsi.lassul.us".acmeFallbackHost = "neoprism.r"; - services.nginx.virtualHosts."cgit.lassul.us".acmeFallbackHost = "orange.r"; - services.nginx.virtualHosts."mail.lassul.us".acmeFallbackHost = "neoprism.r"; - services.nginx.virtualHosts."mumble.lassul.us".acmeFallbackHost = "neoprism.r"; - services.nginx.virtualHosts."mail.ubikmedia.eu" = { - enableACME = true; - forceSSL = true; - acmeFallbackHost = "ubik.r"; - locations."/" = { - recommendedProxySettings = true; - proxyWebsockets = true; - proxyPass = "https://ubik.r"; - }; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.prism; - services.earlyoom = { - enable = true; - freeMemThreshold = 5; - }; - - # prism rsa hack - services.openssh.hostKeys = [{ - path = toString + "ssh.id_rsa"; - type = "rsa"; - }]; -} diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix deleted file mode 100644 index 2260aa648..000000000 --- a/lass/1systems/prism/physical.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - imports = [ - ./config.nix - - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.swraid.enable = true; - - fileSystems."/" = { - device = "rpool/root/nixos"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804"; - fsType = "ext4"; - }; - - fileSystems."/backups" = { - device = "tank/backups"; - fsType = "zfs"; - }; - - fileSystems."/srv/http" = { - device = "tank/srv-http"; - fsType = "zfs"; - }; - - fileSystems."/var/download" = { - device = "tank/download"; - fsType = "zfs"; - }; - - fileSystems."/var/lib/containers" = { - device = "tank/containers"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "tank/home"; - fsType = "zfs"; - }; - - fileSystems."/var/lib/nextcloud" = { - device = "tank/nextcloud"; - fsType = "zfs"; - }; - - fileSystems."/var/lib/libvirt" = { - device = "tank/libvirt"; - fsType = "zfs"; - }; - - fileSystems."/var/realwallpaper/archive" = { - device = "tank/wallpaper"; - fsType = "zfs"; - }; - - # silence mdmonitor.service failures - # https://github.com/NixOS/nixpkgs/issues/72394 - environment.etc."mdadm.conf".text = '' - MAILADDR root - ''; - - nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ]; - - # we don't pay for power there and this might solve a problem we observed at least once - # https://www.thomas-krenn.com/de/wiki/PCIe_Bus_Error_Status_00001100_beheben - boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" "nomodeset" ]; - networking.dhcpcd.enable = false; - - - networking.useNetworkd = lib.mkForce false; - systemd.network.enable = lib.mkForce false; - # bridge config - networking.bridges."ext-br".interfaces = [ "eth0" ]; - networking = { - hostId = "2283aaae"; - defaultGateway = "95.216.1.129"; - defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; }; - # Use google's public DNS server - nameservers = [ "8.8.8.8" ]; - interfaces.ext-br.ipv4.addresses = [ - { - address = "95.216.1.150"; - prefixLength = 26; - } - ]; - interfaces.ext-br.ipv6.addresses = [ - { - address = "2a01:4f9:2a:1e9::1"; - prefixLength = 64; - } - ]; - }; - -} diff --git a/lass/1systems/radio/config.nix b/lass/1systems/radio/config.nix deleted file mode 100644 index 00e9bd3fe..000000000 --- a/lass/1systems/radio/config.nix +++ /dev/null @@ -1,24 +0,0 @@ -with import ; -{ config, lib, pkgs, ... }: -{ - imports = [ - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.radio; - - security.acme = { - acceptTerms = true; - defaults.email = "acme@lassul.us"; - }; - - krebs.sync-containers3.inContainer = { - enable = true; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvPKdbVwMEFCDMyNAzR8NdVjTbQL2G+03Xomxn6KKFt"; - }; -} diff --git a/lass/1systems/radio/physical.nix b/lass/1systems/radio/physical.nix deleted file mode 100644 index 8577daf34..000000000 --- a/lass/1systems/radio/physical.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - boot.isContainer = true; - networking.useDHCP = true; -} diff --git a/lass/1systems/radio/source.nix b/lass/1systems/radio/source.nix deleted file mode 100644 index 4acdb0c26..000000000 --- a/lass/1systems/radio/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ lib, pkgs, test, ... }: let - npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; -in if test then {} else { - nixpkgs.git.ref = lib.mkForce npkgs.rev; - nixpkgs-unstable = lib.mkForce { file = "/var/empty"; }; -} diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix deleted file mode 100644 index 0bea37e5c..000000000 --- a/lass/1systems/shodan/config.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - - - - - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.shodan; - - services.logind.lidSwitch = "ignore"; - services.logind.lidSwitchDocked = "ignore"; - nix.trustedUsers = [ "root" "lass" ]; - system.stateVersion = "22.05"; -} diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix deleted file mode 100644 index f94edcf9b..000000000 --- a/lass/1systems/shodan/physical.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - #TODO reinstall with correct layout and use lass/hw/x220 - imports = [ - ./config.nix - - ]; - - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices.lusksroot.device = "/dev/sda2"; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; - fileSystems = { - "/" = { - device = "/dev/pool/nix"; - fsType = "btrfs"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - "/home" = { - device = "/dev/mapper/pool-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/bku" = { - device = "/dev/pool/bku"; - fsType = "btrfs"; - }; - "/backups" = { - device = "/dev/pool/backup"; - fsType = "ext4"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" - SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:69:ea:71", NAME="int0" - ''; -} diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix deleted file mode 100644 index 4da4dffb8..000000000 --- a/lass/1systems/skynet/config.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, pkgs, ... }: -with import ; -{ - imports = [ - - - - - - - - { - services.xserver.enable = true; - services.xserver.desktopManager.xfce.enable = true; - - users.users.discordius = { - uid = genid "diskordius"; - isNormalUser = true; - extraGroups = [ - "audio" - "networkmanager" - ]; - }; - environment.systemPackages = with pkgs; [ - google-chrome - ]; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.skynet; - - networking.wireless.enable = false; - networking.networkmanager.enable = true; - - services.logind.lidSwitch = "ignore"; - services.logind.lidSwitchDocked = "ignore"; -} diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix deleted file mode 100644 index 1ac9708c7..000000000 --- a/lass/1systems/skynet/physical.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - imports = [ - ./config.nix - - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.efiInstallAsRemovable = true; - boot.loader.grub.device = "nodev"; - - networking.hostId = "06442b9a"; - - fileSystems."/" = { - device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/0876-B308"; - fsType = "vfat"; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0" - ''; -} diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix deleted file mode 100644 index 988cbca75..000000000 --- a/lass/1systems/styx/config.nix +++ /dev/null @@ -1,116 +0,0 @@ -{ config, pkgs, ... }: - -with import ; -{ - imports = [ - - - - - - - - - - - - - - - - # - - - - # - - - - - ]; - - krebs.build.host = config.krebs.hosts.styx; - - networking.firewall.interfaces.int0.allowedTCPPorts = [ config.services.smokeping.port ]; - networking.firewall.interfaces.retiolum.allowedTCPPorts = [ config.services.smokeping.port ]; - networking.firewall.interfaces.wiregrill.allowedTCPPorts = [ config.services.smokeping.port ]; - krebs.power-action.enable = mkForce false; - - environment.systemPackages = with pkgs; [ - wol - (writeDashBin "wake-alien" '' - ${wol}/bin/wol -h 10.42.0.255 10:65:30:68:83:a3 - '') - (writers.writeDashBin "iptv" '' - set -efu - /run/current-system/sw/bin/mpv \ - --audio-display=no --audio-channels=stereo \ - --audio-samplerate=48000 --audio-format=s16 \ - --ao-pcm-file=/run/snapserver/snapfifo --ao=pcm \ - --audio-delay=-1 \ - --playlist=https://iptv-org.github.io/iptv/index.nsfw.m3u \ - --idle=yes \ - --input-ipc-server=/tmp/mpv.ipc \ - "$@" - '') - ]; - - users.users.mainUser.openssh.authorizedKeys.keys = [ - config.krebs.users.lass-android.pubkey - ]; - # http://10.42.0.1:8081/smokeping.fcgi - services.smokeping = { - enable = true; - host = null; - targetConfig = '' - probe = FPing - menu = top - title = top - - + Local - menu = Local - title = Local Network - ++ LocalMachine - menu = Local Machine - title = This host - host = localhost - - + Internet - menu = internet - title = internet - - ++ CloudflareDNS - menu = Cloudflare DNS - title = Cloudflare DNS server - host = 1.1.1.1 - - ++ GoogleDNS - menu = Google DNS - title = Google DNS server - host = 8.8.8.8 - - + retiolum - menu = retiolum - title = retiolum - - ++ gum - menu = gum.r - title = gum.r - host = gum.r - - ++ ni - menu = ni.r - title = ni.r - host = ni.r - - ++ prism - menu = prism.r - title = prism.r - host = prism.r - ''; - }; - - # for usb internet - hardware.usbWwan.enable = true; -} - diff --git a/lass/1systems/styx/physical.nix b/lass/1systems/styx/physical.nix deleted file mode 100644 index 284bbb333..000000000 --- a/lass/1systems/styx/physical.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./config.nix - - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.loader.grub.enable = true; - boot.loader.grub.efiSupport = true; - boot.loader.grub.device = "/dev/disk/by-id/ata-SanDisk_SSD_G5_BICS4_20248F446514"; - boot.loader.grub.efiInstallAsRemovable = true; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/ee5c9099-17fa-401e-852e-67cb4ae068f4"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/EAA5-88A9"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="3c:7c:3f:7e:e2:39", NAME="et0" - SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:78:91:50", NAME="int0" - ''; -} diff --git a/lass/1systems/ubik/config.nix b/lass/1systems/ubik/config.nix deleted file mode 100644 index 3afbf6bd1..000000000 --- a/lass/1systems/ubik/config.nix +++ /dev/null @@ -1,276 +0,0 @@ -with import ; -{ config, lib, pkgs, ... }: -{ - imports = [ - - - - ]; - - krebs.build.host = config.krebs.hosts.ubik; - - krebs.sync-containers3.inContainer = { - enable = true; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM"; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "acme@lassul.us"; - }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - # nextcloud - services.nginx.virtualHosts."c.apanowicz.de" = { - enableACME = true; - forceSSL = true; - }; - services.nextcloud = { - enable = true; - enableBrokenCiphersForSSE = false; - hostName = "c.apanowicz.de"; - package = pkgs.nextcloud25; - config.adminpassFile = "/run/nextcloud.pw"; - https = true; - maxUploadSize = "9001M"; - }; - systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [ - "+${pkgs.writeDash "copy-pw" '' - ${pkgs.rsync}/bin/rsync \ - --chown nextcloud:nextcloud \ - --chmod 0700 \ - /var/src/secrets/nextcloud.pw /run/nextcloud.pw - ''}" - ]; - - # mail - lass.usershadow.enable = true; - services.nginx.virtualHosts."mail.ubikmedia.eu" = { - enableACME = true; - forceSSL = true; - }; - services.roundcube = { - enable = true; - hostName = "mail.ubikmedia.eu"; - extraConfig = '' - $config['smtp_debug'] = true; - $config['smtp_host'] = "localhost:25"; - ''; - }; - services.dovecot2 = { - enable = true; - showPAMFailure = true; - mailLocation = "maildir:~/Mail"; - sslServerCert = "/var/lib/acme/mail.ubikmedia.eu/fullchain.pem"; - sslServerKey = "/var/lib/acme/mail.ubikmedia.eu/key.pem"; - }; - krebs.exim-smarthost = { - ssl_cert = "/var/lib/acme/mail.ubikmedia.eu/fullchain.pem"; - ssl_key = "/var/lib/acme/mail.ubikmedia.eu/key.pem"; - authenticators.PLAIN = '' - driver = plaintext - public_name = PLAIN - server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}} - ''; - authenticators.LOGIN = '' - driver = plaintext - public_name = LOGIN - server_prompts = "Username:: : Password::" - server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} - # server_condition = ''${run{/run/current-system/sw/bin/debug_exim ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} - ''; - internet-aliases = [ - { from = "dma@ubikmedia.de"; to = "domsen"; } - { from = "dma@ubikmedia.eu"; to = "domsen"; } - { from = "hallo@apanowicz.de"; to = "domsen"; } - { from = "bruno@apanowicz.de"; to = "bruno"; } - { from = "mail@jla-trading.com"; to = "jla-trading"; } - { from = "jms@ubikmedia.eu"; to = "jms"; } - { from = "ms@ubikmedia.eu"; to = "ms"; } - { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } - { from = "kontakt@alewis.de"; to ="klabusterbeere"; } - { from = "hallo@jarugadesign.de"; to ="kasia"; } - { from = "noreply@beeshmooth.ch"; to ="besmooth@gmx.ch"; } - - { from = "testuser@ubikmedia.eu"; to = "testuser"; } - ]; - sender_domains = [ - "jla-trading.com" - "ubikmedia.eu" - "ubikmedia.de" - "apanowicz.de" - "alewis.de" - "jarugadesign.de" - "beesmooth.ch" - "event-extra.de" - ]; - dkim = [ - { domain = "ubikmedia.eu"; } - { domain = "apanowicz.de"; } - { domain = "beesmooth.ch"; } - ]; - }; - - # users - users.users.UBIK-SFTP = { - uid = pkgs.stockholm.lib.genid_uint31 "UBIK-SFTP"; - home = "/home/UBIK-SFTP"; - useDefaultShell = true; - createHome = true; - isNormalUser = true; - }; - - users.users.xanf = { - uid = pkgs.stockholm.lib.genid_uint31 "xanf"; - group = "xanf"; - home = "/home/xanf"; - useDefaultShell = true; - createHome = false; # creathome forces permissions - isNormalUser = true; - }; - - users.users.domsen = { - uid = pkgs.stockholm.lib.genid_uint31 "domsen"; - description = "maintenance acc for domsen"; - home = "/home/domsen"; - useDefaultShell = true; - extraGroups = [ "syncthing" "download" "xanf" ]; - createHome = true; - isNormalUser = true; - }; - - users.users.bruno = { - uid = pkgs.stockholm.lib.genid_uint31 "bruno"; - home = "/home/bruno"; - useDefaultShell = true; - createHome = true; - isNormalUser = true; - }; - - users.users.jla-trading = { - uid = pkgs.stockholm.lib.genid_uint31 "jla-trading"; - home = "/home/jla-trading"; - useDefaultShell = true; - createHome = true; - isNormalUser = true; - }; - - users.users.jms = { - uid = pkgs.stockholm.lib.genid_uint31 "jms"; - home = "/home/jms"; - useDefaultShell = true; - createHome = true; - isNormalUser = true; - }; - - users.users.ms = { - uid = pkgs.stockholm.lib.genid_uint31 "ms"; - home = "/home/ms"; - useDefaultShell = true; - createHome = true; - isNormalUser = true; - }; - - users.users.testuser = { - uid = pkgs.stockholm.lib.genid_uint31 "testuser"; - home = "/home/testuser"; - useDefaultShell = true; - createHome = true; - isNormalUser = true; - }; - - users.users.bui = { - uid = pkgs.stockholm.lib.genid_uint31 "bui"; - home = "/home/bui"; - useDefaultShell = true; - createHome = true; - isNormalUser = true; - }; - - users.users.klabusterbeere = { - uid = pkgs.stockholm.lib.genid_uint31 "klabusterbeere"; - home = "/home/klabusterbeere"; - useDefaultShell = true; - createHome = true; - isNormalUser = true; - }; - - users.users.kasia = { - uid = pkgs.stockholm.lib.genid_uint31 "kasia"; - home = "/home/kasia"; - useDefaultShell = true; - createHome = true; - isNormalUser = true; - }; - - users.users.XANF_TEAM = { - uid = pkgs.stockholm.lib.genid_uint31 "XANF_TEAM"; - group = "xanf"; - home = "/home/XANF_TEAM"; - useDefaultShell = true; - createHome = true; - isNormalUser = true; - }; - - users.users.dif = { - uid = pkgs.stockholm.lib.genid_uint31 "dif"; - home = "/home/dif"; - useDefaultShell = true; - extraGroups = [ "xanf" ]; - createHome = true; - isNormalUser = true; - }; - - users.users.lavafilms = { - uid = pkgs.stockholm.lib.genid_uint31 "lavafilms"; - home = "/home/lavafilms"; - useDefaultShell = true; - extraGroups = [ "xanf" ]; - createHome = true; - isNormalUser = true; - }; - - users.users.movematchers = { - uid = pkgs.stockholm.lib.genid_uint31 "movematchers"; - home = "/home/movematchers"; - useDefaultShell = true; - extraGroups = [ "xanf" ]; - createHome = true; - isNormalUser = true; - }; - - users.users.blackphoton = { - uid = pkgs.stockholm.lib.genid_uint31 "blackphoton"; - home = "/home/blackphoton"; - useDefaultShell = true; - extraGroups = [ "xanf" ]; - createHome = true; - isNormalUser = true; - }; - - users.users.line = { - uid = pkgs.stockholm.lib.genid_uint31 "line"; - home = "/home/line"; - useDefaultShell = true; - # extraGroups = [ "xanf" ]; - createHome = true; - isNormalUser = true; - }; - - users.users.avada = { - uid = pkgs.stockholm.lib.genid_uint31 "avada"; - home = "/home/avada"; - useDefaultShell = true; - createHome = true; - isNormalUser = true; - }; - - users.users.familienrat = { - uid = pkgs.stockholm.lib.genid_uint31 "familienrat"; - home = "/home/familienrat"; - useDefaultShell = true; - createHome = true; - isNormalUser = true; - }; - -} diff --git a/lass/1systems/ubik/physical.nix b/lass/1systems/ubik/physical.nix deleted file mode 100644 index 8577daf34..000000000 --- a/lass/1systems/ubik/physical.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - boot.isContainer = true; - networking.useDHCP = true; -} diff --git a/lass/1systems/wizard/config.nix b/lass/1systems/wizard/config.nix deleted file mode 100644 index 5e69171ce..000000000 --- a/lass/1systems/wizard/config.nix +++ /dev/null @@ -1,287 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; - -let - - icon = pkgs.writeText "icon" '' - // - // - _ // - .' . // '. - '_ '_\/_' `_ - . . \\ . . - .==. ` \\' .' - .\| //bd\\ \, - \_'`._\\__//_.'`.; - `.__ __,' \\ - | | \\ - | | ` - | | - | | - |____| - l42 ==' '== - ''; - - messenger = pkgs.writeText "message" '' - . - | \/| - (\ _ ) )|/| - (/ _----. /.'.' - .-._________.. .' @ _\ .' - '.._______. '. / (_| .') - '._____. / '-/ | _.' - '.______ ( ) ) \ - '..____ '._ ) ) - .' __.--\ , , // (( - '.' mrf| \/ (_.'( - ' \ .' - \ ( - \ '. - \ \ '.) - '-'-' - ''; - - waiting = pkgs.writeText "waiting" '' - Z - Z - z - z - * ' - / \ - /___\ - ( - - ) - ) L ( .--------------. - __()(-)()__ | \ | - .~~ )()()() ~. | . : - / )()() ` | `-.__________) - | )() ~ | : : - | ) | : | - | _ | | [ ## : - \ ~~-. | , oo_______.' - `_ ( \) _____/~~~~ `--___ - | ~`-) ) `-. `--- ( - a:f - - | '///` | `-. - | | | | `-. - | | | | `-. - | | |\ | - | | | \| - `-. | | | - `-| ' - ''; - - wizard = pkgs.writers.writeDash "wizard" '' - cat ${icon} - - echo -n '${'' - welcome to the computer wizard - first we will check for internet connectivity - - ''}' - - read -p '(press enter to continue...)' key - until ping -c1 8.8.8.8; do - ${pkgs.nm-dmenu}/bin/nm-dmenu - done - - mode=$(echo -n '${'' - 1. Help of the wizard - 2. Install NixOS - 3. I know what I need to do - ''}' | ${pkgs.fzf}/bin/fzf --reverse) - case "$mode" in - 1*) - echo 'mode_1' > /tmp/mode - clear - echo 'waiting for the messenger to reach the wizard' - cat ${messenger} - - # get pubkeys - mkdir -p /root/.ssh/ - touch /root/.ssh/authorized_keys - curl -Ss 'https://lassul.us/mors.pub' >> /root/.ssh/authorized_keys - curl -Ss 'https://lassul.us/blue.pub' >> /root/.ssh/authorized_keys - curl -Ss 'https://lassul.us/yubi.pub' >> /root/.ssh/authorized_keys - - # write via irc - systemctl start hidden-ssh-announce.service - tmux new-session -s help ${pkgs.writers.writeDash "waiting" '' - cat ${waiting} - read -p 'waiting for the wizard to wake up' key - ${pkgs.bashInteractive}/bin/bash - ''} - ;; - 2*) - echo 'mode_2' > /tmp/mode - ${pkgs.nixos-installer}/bin/nixos-installer - ;; - 3*) - echo 'mode_3' > /tmp/mode - ;; - *) - echo 'no mode selected' - ;; - esac - ''; - -in { - imports = [ - - - - # - { - nixpkgs.config.packageOverrides = import pkgs; - krebs.enable = true; - krebs.build.user = config.krebs.users.lass; - krebs.build.host = {}; - } - # { - # systemd.services.wizard = { - # description = "Computer Wizard"; - # wantedBy = [ "multi-user.target" ]; - # serviceConfig = { - # ExecStart = pkgs.writers.writeDash "wizard" '' - # set -efu - # cat < - - - - - - - - - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.xerxes; - - environment.shellAliases = { - deploy = pkgs.writeDash "deploy" '' - set -eu - export SYSTEM="$1" - $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - ''; - usb-tether-on = pkgs.writeDash "usb-tether-on" '' - adb shell su -c service call connectivity 33 i32 1 s16 text - ''; - usb-tether-off = pkgs.writeDash "usb-tether-off" '' - adb shell su -c service call connectivity 33 i32 0 s16 text - ''; - }; - - services.xserver = { - displayManager.lightdm.autoLogin.enable = true; - displayManager.lightdm.autoLogin.user = "lass"; - }; - - boot.blacklistedKernelModules = [ "xpad" ]; - systemd.services.xboxdrv = { - wantedBy = [ "multi-user.target" ]; - script = '' - ${pkgs.xboxdrv.overrideAttrs(o: { - patches = o.patches ++ [ (pkgs.fetchurl { - url = "https://patch-diff.githubusercontent.com/raw/xboxdrv/xboxdrv/pull/251.patch"; - sha256 = "17784y20mxqrlhgvwvszh8lprxrvgmb7ah9dknmbhj5jhkjl8wq5"; - }) ]; - })}/bin/xboxdrv --type xbox360 --dbus disabled -D - ''; - }; - - programs.adb.enable = true; - - services.logind.lidSwitch = "suspend"; - lass.screenlock.enable = lib.mkForce false; - - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - }; - hardware.pulseaudio.package = pkgs.pulseaudioFull; - # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" '' - # load-module module-bluetooth-policy - # load-module module-bluetooth-discover - # ## module fails to load with - # ## module-bluez5-device.c: Failed to get device path from module arguments - # ## module.c: Failed to load module "module-bluez5-device" (argument: ""): initialization failed. - # # load-module module-bluez5-device - # # load-module module-bluez5-discover - # ''; -} diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix deleted file mode 100644 index 5a6f07215..000000000 --- a/lass/1systems/xerxes/physical.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ pkgs, lib, ... }: -{ - imports = [ - ./config.nix - - ]; - - boot.loader.grub = { - enable = true; - device = "/dev/sda"; - efiSupport = true; - efiInstallAsRemovable = true; - }; - - boot.blacklistedKernelModules = [ - "sdhci_pci" - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; - boot.initrd.luks.devices.crypted.device = "/dev/sda3"; - boot.kernelModules = [ "kvm-intel" ]; - boot.kernelParams = [ - "fbcon=rotate:1" - "boot.shell_on_fail" - ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/8efd0c22-f712-46bf-baad-1fbf19d9ec25"; - fsType = "xfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7F23-DDB4"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - boot.extraModprobeConfig = '' - options zfs zfs_arc_max=107374182 - ''; - - nix.maxJobs = lib.mkDefault 4; - - networking.hostId = "9b0a74ac"; - networking.networkmanager.enable = true; - - hardware.opengl.enable = true; - - services.tlp.enable = true; - services.tlp.extraConfig = '' - CPU_SCALING_GOVERNOR_ON_AC=ondemand - CPU_SCALING_GOVERNOR_ON_BAT=powersave - CPU_MIN_PERF_ON_AC=0 - CPU_MAX_PERF_ON_AC=100 - CPU_MIN_PERF_ON_BAT=0 - CPU_MAX_PERF_ON_BAT=30 - ''; - - services.logind.extraConfig = '' - HandlePowerKey=suspend - IdleAction=suspend - IdleActionSec=300 - ''; - - services.xserver = { - videoDrivers = [ "intel" ]; - displayManager.sessionCommands = '' - (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right) - (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1) - ''; - }; -} diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix deleted file mode 100644 index 2da93b8fd..000000000 --- a/lass/1systems/yellow/config.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, lib, pkgs, ... }: let - vpnPort = 1637; - torrentport = 56709; # port forwarded in airvpn webinterface -in { - imports = [ - - - - - ]; - - krebs.build.host = config.krebs.hosts.yellow; - - krebs.sync-containers3.inContainer = { - enable = true; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN737BAP36KiZO97mPKTIUGJUcr97ps8zjfFag6cUiYL"; - }; - - networking.useHostResolvConf = false; - networking.useNetworkd = true; - - networking.wg-quick.interfaces.airvpn.configFile = "/var/src/secrets/airvpn.conf"; - services.transmission.settings.peer-port = torrentport; - - # only allow traffic through openvpn - krebs.iptables = { - enable = true; - tables.filter.INPUT.rules = [ - { predicate = "-i airvpn -p tcp --dport ${toString torrentport}"; target = "ACCEPT"; } - { predicate = "-i airvpn -p udp --dport ${toString torrentport}"; target = "ACCEPT"; } - ]; - tables.filter.OUTPUT = { - policy = "DROP"; - rules = [ - { predicate = "-o lo"; target = "ACCEPT"; } - { predicate = "-p udp --dport ${toString vpnPort}"; target = "ACCEPT"; } - { predicate = "-o airvpn"; target = "ACCEPT"; } - { predicate = "-o retiolum"; target = "ACCEPT"; } - { v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; } - { v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; } - { v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; } - ]; - }; - }; -} diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix deleted file mode 100644 index b6aa3a894..000000000 --- a/lass/1systems/yellow/physical.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - boot.isContainer = true; - networking.useDHCP = false; -} -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/76000000.lock: No such file or directory (2)