From 26342f9bbbfab2ded2c03f11346094fa8d6971d1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Oct 2020 19:40:50 +0100 Subject: l morpheus.r: use new luks devices config --- lass/1systems/morpheus/physical.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'lass') diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix index 3fb03cda4..6e59a2273 100644 --- a/lass/1systems/morpheus/physical.nix +++ b/lass/1systems/morpheus/physical.nix @@ -34,10 +34,7 @@ }; boot.initrd.luks = { cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices = [{ - name = "luksroot"; - device = "/dev/nvme0n1p3"; - }]; + devices.luksroot.device = "/dev/nvme0n1p3"; }; services.udev.extraRules = '' -- cgit v1.2.3 From de124026ab74fa9a3611e7fd6cdf54ad2273b79a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Oct 2020 19:47:38 +0100 Subject: remove deprecated dcso vpn --- lass/2configs/dcso-vpn.nix | 44 ---------------------- lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem | 0 lass/2configs/tests/dummy-secrets/dcsovpn/cert.key | 0 lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem | 0 .../2configs/tests/dummy-secrets/dcsovpn/login.txt | 0 5 files changed, 44 deletions(-) delete mode 100644 lass/2configs/dcso-vpn.nix delete mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem delete mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/cert.key delete mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem delete mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/login.txt (limited to 'lass') diff --git a/lass/2configs/dcso-vpn.nix b/lass/2configs/dcso-vpn.nix deleted file mode 100644 index 0a5623bf0..000000000 --- a/lass/2configs/dcso-vpn.nix +++ /dev/null @@ -1,44 +0,0 @@ -with import ; -{ ... }: - -{ - - users.extraUsers = { - dcsovpn = rec { - name = "dcsovpn"; - uid = genid "dcsovpn"; - description = "user for running dcso openvpn"; - home = "/home/${name}"; - }; - }; - - users.extraGroups.dcsovpn.gid = genid "dcsovpn"; - - services.openvpn.servers = { - dcso = { - config = '' - client - dev tun - tun-mtu 1356 - mssfix - proto udp - float - remote 217.111.55.41 1194 - nobind - user dcsovpn - group dcsovpn - persist-key - persist-tun - ca ${toString } - cert ${toString } - key ${toString } - verb 3 - mute 20 - auth-user-pass ${toString } - route-method exe - route-delay 2 - ''; - updateResolvConf = true; - }; - }; -} diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem deleted file mode 100644 index e69de29bb..000000000 diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key deleted file mode 100644 index e69de29bb..000000000 diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem deleted file mode 100644 index e69de29bb..000000000 diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt b/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt deleted file mode 100644 index e69de29bb..000000000 -- cgit v1.2.3 From cb24733b91e40d82b8fb5b39ff08be1b0f68c512 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Oct 2020 19:59:35 +0100 Subject: l uriel.r: use new luks devices config --- lass/1systems/uriel/physical.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix index 2d21f00d5..82a088643 100644 --- a/lass/1systems/uriel/physical.nix +++ b/lass/1systems/uriel/physical.nix @@ -15,7 +15,7 @@ loader.systemd-boot.enable = true; loader.timeout = 5; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices.luksroot.device = "/dev/sda2"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; -- cgit v1.2.3 From 2871761a933c3c63faff0cf13fd10e679ce87093 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Oct 2020 20:20:12 +0100 Subject: l copyq: remove (broken) path extensions --- lass/2configs/copyq.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'lass') diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index 56c091a6e..ed78699b0 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -25,9 +25,6 @@ in { environment = { DISPLAY = ":${toString config.services.xserver.display}"; }; - path = with pkgs; [ - qt5.full - ]; serviceConfig = { SyslogIdentifier = "copyq"; ExecStart = "${pkgs.copyq}/bin/copyq"; -- cgit v1.2.3 From 4ed62e280e52ce373c6f1a9c44c5d365c24f572c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Oct 2020 20:23:33 +0100 Subject: l icarus.r shodan.r: remove borken ssh-cryptsetup --- lass/1systems/icarus/config.nix | 1 - lass/1systems/shodan/config.nix | 2 -- 2 files changed, 3 deletions(-) (limited to 'lass') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 8332e7c53..609da6011 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -19,7 +19,6 @@ with import ; # - ]; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index e41c9bd1e..9e01396bc 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,8 +15,6 @@ with import ; - - -- cgit v1.2.3 From 39f58ebd9a9b69ea11ec6fb432391ce661249dc2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Oct 2020 20:36:32 +0100 Subject: l domsen: remove obsolete nextcloud nginx --- lass/2configs/websites/domsen.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index a177a0228..0714d9374 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -97,7 +97,6 @@ in { overwriteProtocol = "https"; }; https = true; - nginx.enable = true; }; services.nginx.virtualHosts."o.xanf.org" = { enableACME = true; -- cgit v1.2.3 From fbbee5daca66332179e1efed442764b26718cfbe Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Oct 2020 20:38:44 +0100 Subject: l websites: fix acme issues --- lass/2configs/websites/lassulus.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 74585a6f8..17df71310 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -16,7 +16,6 @@ in { email = "acme@lassul.us"; acceptTerms = true; certs."lassul.us" = { - allowKeysForGroup = true; group = "lasscert"; }; }; @@ -78,7 +77,6 @@ in { email = "lassulus@lassul.us"; webroot = "/var/lib/acme/acme-challenge"; group = "nginx"; - user = "nginx"; }; -- cgit v1.2.3 From 4bd6d7a13c982b87f0792bc346ab2e9293f4adff Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Nov 2020 12:00:42 +0100 Subject: nscd-fix: RIP --- lass/2configs/default.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f59988b75..babcb51de 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,7 +2,6 @@ with import ; { config, pkgs, ... }: { imports = [ - ./binary-cache/client.nix ./backup.nix ./gc.nix -- cgit v1.2.3 From 32b9762495f44c0869f623c569fcb1cbea03c486 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 11 Nov 2020 18:12:22 +0100 Subject: l: delete legacy secrets --- lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem | 0 lass/2configs/tests/dummy-secrets/dcsovpn/cert.key | 0 lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem | 0 lass/2configs/tests/dummy-secrets/dcsovpn/login.txt | 0 4 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem delete mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/cert.key delete mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem delete mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/login.txt (limited to 'lass') diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem deleted file mode 100644 index e69de29bb..000000000 diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key deleted file mode 100644 index e69de29bb..000000000 diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem deleted file mode 100644 index e69de29bb..000000000 diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt b/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt deleted file mode 100644 index e69de29bb..000000000 -- cgit v1.2.3 From 98de93f009b0ae5f07585185efc0c8d5e3fd666f Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 19 Nov 2020 18:49:04 +0100 Subject: remove deprecated hass module --- lass/2configs/default.nix | 1 + lass/2configs/hass/default.nix | 2 +- lass/2configs/hass/rooms/bett.nix | 62 +++++++++++++++++++------------------- lass/2configs/hass/rooms/essen.nix | 2 +- lass/2configs/hass/rooms/nass.nix | 2 +- lass/2configs/hass/zigbee.nix | 2 +- lass/3modules/default.nix | 1 - lass/3modules/hass.nix | 51 ------------------------------- 8 files changed, 36 insertions(+), 87 deletions(-) delete mode 100644 lass/3modules/hass.nix (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index babcb51de..81c813b97 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -222,4 +222,5 @@ with import ; # use 24:00 time format, the default got sneakily changed around 20.03 i18n.defaultLocale = mkDefault "C.UTF-8"; + system.stateVersion = lib.mkDefault "20.03"; } diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index 66d430cd1..78379ba1c 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -26,7 +26,7 @@ with import ./lib.nix { inherit lib; }; lovelaceConfigWritable = true; }; - lass.hass.config = let + services.home-assistant.config = let tasmota_s20 = name: topic: { platform = "mqtt"; inherit name; diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix index 16227fcb6..48a1f72d7 100644 --- a/lass/2configs/hass/rooms/bett.nix +++ b/lass/2configs/hass/rooms/bett.nix @@ -2,38 +2,38 @@ with import ../lib.nix { inherit lib; }; { - lass.hass.config = lib.mkMerge [ + services.home-assistant.config = lib.mkMerge [ (lightswitch switches.dimmer.bett lights.bett) ]; - lass.hass.love = { - resources = [{ - url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map"; - type = "js"; - }]; - views = [{ - title = "bett"; - cards = [ - { - type = "markdown"; - title = "hello world"; - content = "This is just a test"; - } - { - type = "light"; - entity = "light.${lights.bett}"; - } - { - type = "custom:light-entity-card"; - entity = "light.${lights.bett}"; - } - { - type = "history-graph"; - entities = [ - "light.${lights.bett}" - ]; - } - ]; - }]; - }; + # lass.hass.love = { + # resources = [{ + # url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map"; + # type = "js"; + # }]; + # views = [{ + # title = "bett"; + # cards = [ + # { + # type = "markdown"; + # title = "hello world"; + # content = "This is just a test"; + # } + # { + # type = "light"; + # entity = "light.${lights.bett}"; + # } + # { + # type = "custom:light-entity-card"; + # entity = "light.${lights.bett}"; + # } + # { + # type = "history-graph"; + # entities = [ + # "light.${lights.bett}" + # ]; + # } + # ]; + # }]; + # }; } diff --git a/lass/2configs/hass/rooms/essen.nix b/lass/2configs/hass/rooms/essen.nix index f74996154..eeb3d30d2 100644 --- a/lass/2configs/hass/rooms/essen.nix +++ b/lass/2configs/hass/rooms/essen.nix @@ -2,7 +2,7 @@ with import ../lib.nix { inherit lib; }; { - lass.hass.config = lib.mkMerge [ + services.home-assistant.config = lib.mkMerge [ (detect_movement sensors.movement.essen lights.essen 10) (lightswitch switches.dimmer.essen lights.essen) ]; diff --git a/lass/2configs/hass/rooms/nass.nix b/lass/2configs/hass/rooms/nass.nix index 163f4fc48..7e6298738 100644 --- a/lass/2configs/hass/rooms/nass.nix +++ b/lass/2configs/hass/rooms/nass.nix @@ -2,7 +2,7 @@ with import ../lib.nix { inherit lib; }; { - lass.hass.config = lib.mkMerge [ + services.home-assistant.config = lib.mkMerge [ (detect_movement sensors.movement.nass lights.nass 100) (lightswitch switches.dimmer.nass lights.nass) ]; diff --git a/lass/2configs/hass/zigbee.nix b/lass/2configs/hass/zigbee.nix index 6d091066e..b2a221e49 100644 --- a/lass/2configs/hass/zigbee.nix +++ b/lass/2configs/hass/zigbee.nix @@ -35,7 +35,7 @@ in { volumes = ["/var/lib/zigbee2mqtt:/app/data"]; }; - lass.hass.config = { + services.home-assistant.config = { sensor = [ # Sensor for monitoring the bridge state { diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 335658ed8..c3c73bdcb 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -4,7 +4,6 @@ _: ./dnsmasq.nix ./ejabberd ./folderPerms.nix - ./hass.nix ./hosts.nix ./klem.nix ./mysql-backup.nix diff --git a/lass/3modules/hass.nix b/lass/3modules/hass.nix deleted file mode 100644 index 96521aaa9..000000000 --- a/lass/3modules/hass.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -let - - cfg = config.lass.hass; - -in { - options.lass.hass = { - config = mkOption { - default = {}; - type = with lib.types; let - valueType = nullOr (oneOf [ - bool - int - float - str - (attrsOf valueType) - (listOf valueType) - ]) // { - description = "Yaml value"; - emptyValue.value = {}; - }; - in valueType; - }; - love = mkOption { - default = {}; - type = with lib.types; let - valueType = nullOr (oneOf [ - bool - int - float - str - (attrsOf valueType) - (listOf valueType) - ]) // { - description = "Yaml value"; - emptyValue.value = {}; - }; - in valueType; - }; - }; - - config = - assert versionOlder version "20.09"; - mkIf (cfg.config != {}) - { - services.home-assistant.config = cfg.config; - # services.home-assistant.lovelaceConfig = cfg.love; - }; -} - -- cgit v1.2.3 From e2ecd1df6dc515b95dc9656aede57443c1952a92 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 19 Nov 2020 19:13:49 +0100 Subject: l: fix lib usage --- lass/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 81c813b97..1cf421fed 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -222,5 +222,5 @@ with import ; # use 24:00 time format, the default got sneakily changed around 20.03 i18n.defaultLocale = mkDefault "C.UTF-8"; - system.stateVersion = lib.mkDefault "20.03"; + system.stateVersion = mkDefault "20.03"; } -- cgit v1.2.3 From 636d1eb762aae20e1da580d6f37460aa25391f45 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 23 Nov 2020 11:32:23 +0100 Subject: l: init styx.r --- lass/1systems/styx/config.nix | 80 +++++++++++++++++++++++++++++++++++++++++ lass/1systems/styx/physical.nix | 34 ++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 lass/1systems/styx/config.nix create mode 100644 lass/1systems/styx/physical.nix (limited to 'lass') diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix new file mode 100644 index 000000000..4c3ae1411 --- /dev/null +++ b/lass/1systems/styx/config.nix @@ -0,0 +1,80 @@ +{ config, pkgs, ... }: + +with import ; +{ + imports = [ + + + + + + + + + + # + # + # + + + # + # + # + ]; + + krebs.build.host = config.krebs.hosts.styx; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport ${toString config.services.smokeping.port}"; target = "ACCEPT"; } + ]; + services.smokeping = { + enable = true; + targetConfig = '' + probe = FPing + menu = top + title = top + + + Local + menu = Local + title = Local Network + ++ LocalMachine + menu = Local Machine + title = This host + host = localhost + + + Internet + menu = internet + title = internet + + ++ CloudflareDNS + menu = Cloudflare DNS + title = Cloudflare DNS server + host = 1.1.1.1 + + ++ GoogleDNS + menu = Google DNS + title = Google DNS server + host = 8.8.8.8 + + + retiolum + menu = retiolum + title = retiolum + + ++ gum + menu = gum.r + title = gum.r + host = gum.r + + ++ ni + menu = ni.r + title = ni.r + host = ni.r + + ++ prism + menu = prism.r + title = prism.r + host = prism.r + ''; + }; +} + diff --git a/lass/1systems/styx/physical.nix b/lass/1systems/styx/physical.nix new file mode 100644 index 000000000..a3899f87d --- /dev/null +++ b/lass/1systems/styx/physical.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./config.nix + + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.device = "/dev/disk/by-id/ata-SanDisk_SSD_G5_BICS4_20248F446514"; + boot.loader.grub.efiInstallAsRemovable = true; + + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ee5c9099-17fa-401e-852e-67cb4ae068f4"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/EAA5-88A9"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} -- cgit v1.2.3 From ff1d896c8d436cdc83f60f7df7203f38f03fceac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 24 Nov 2020 10:25:37 +0100 Subject: mic92: add shannan --- lass/1systems/prism/config.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 944a68beb..1206f1655 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -391,6 +391,15 @@ with import ; { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } ]; } + { + users.users.shannan = { + uid = genid_uint31 "shannan"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.shannan.pubkey + ]; + }; + } { nix.trustedUsers = [ "mic92" ]; users.users.mic92 = { -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/17300000.lock: No such file or directory (2)