diff options
author | jeschli <jeschli@gmail.com> | 2018-06-19 09:52:04 +0200 |
---|---|---|
committer | jeschli <jeschli@gmail.com> | 2018-06-19 09:52:04 +0200 |
commit | 6290ff93ae85061582f2ed1263b5f8d50e162a74 (patch) | |
tree | 203887d48928654591693a33dfcccba98540a883 /jeschli/1systems | |
parent | 8d8e74e971672b15e0e2fe4975e89927b246b820 (diff) | |
parent | 0147c69753e90570ab5e17192ec0adedeed25cf9 (diff) |
Merge remote-tracking branch 'origin/staging/jeschli'
Diffstat (limited to 'jeschli/1systems')
-rw-r--r-- | jeschli/1systems/bln/config.nix | 64 | ||||
-rw-r--r-- | jeschli/1systems/bln/dcso-vpn.nix | 44 | ||||
-rw-r--r-- | jeschli/1systems/bln/hardware-configuration.nix | 2 |
3 files changed, 86 insertions, 24 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index a8329c4..7d37134 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -1,16 +1,32 @@ { config, lib, pkgs, ... }: # bln config file { - imports = - [ <stockholm/jeschli> - <stockholm/jeschli/2configs/virtualbox.nix> - <stockholm/jeschli/2configs/urxvt.nix> - <stockholm/jeschli/2configs/emacs.nix> - ./hardware-configuration.nix - ]; - - boot.loader.systemd-boot.enable = true; + imports = [ + ./hardware-configuration.nix + <stockholm/jeschli> + <stockholm/jeschli/2configs/virtualbox.nix> + <stockholm/jeschli/2configs/urxvt.nix> + <stockholm/jeschli/2configs/emacs.nix> + <stockholm/jeschli/2configs/xdg.nix> + <stockholm/jeschli/2configs/xserver> + ]; + +# boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot"; + boot.loader.grub = { + devices = [ "nodev" ]; + efiSupport = true; + enable = true; + extraEntries = '' + menuentry "Debian" { + insmod ext2 + insmod chain + chainloader /EFI/debian/grubx64.efi + } + ''; + version = 2; + }; jeschliFontSize = 20; @@ -54,7 +70,6 @@ sqlite # internet thunderbird - hipchat chromium google-chrome # programming languages @@ -92,18 +107,17 @@ services.printing.drivers = [ pkgs.postscript-lexmark ]; # Enable the X11 windowing system. - services.xserver.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; - services.xserver.windowManager.xmonad.enable = true; - services.xserver.windowManager.xmonad.enableContribAndExtras = true; - services.xserver.displayManager.sddm.enable = true; - services.xserver.dpi = 100; - fonts.fontconfig.dpi = 100; +# services.xserver.windowManager.xmonad.enable = true; +# services.xserver.windowManager.xmonad.enableContribAndExtras = true; +# services.xserver.displayManager.sddm.enable = true; +# services.xserver.dpi = 100; +# fonts.fontconfig.dpi = 100; users.extraUsers.jeschli = { isNormalUser = true; - extraGroups = ["docker" "vboxusers"]; + extraGroups = ["docker" "vboxusers" "audio"]; uid = 1000; }; @@ -123,15 +137,17 @@ # DCSO Certificates security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; }) + + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; }) ]; + hardware.bluetooth.enable = true; krebs.build.host = config.krebs.hosts.bln; } diff --git a/jeschli/1systems/bln/dcso-vpn.nix b/jeschli/1systems/bln/dcso-vpn.nix new file mode 100644 index 0000000..0a5623b --- /dev/null +++ b/jeschli/1systems/bln/dcso-vpn.nix @@ -0,0 +1,44 @@ +with import <stockholm/lib>; +{ ... }: + +{ + + users.extraUsers = { + dcsovpn = rec { + name = "dcsovpn"; + uid = genid "dcsovpn"; + description = "user for running dcso openvpn"; + home = "/home/${name}"; + }; + }; + + users.extraGroups.dcsovpn.gid = genid "dcsovpn"; + + services.openvpn.servers = { + dcso = { + config = '' + client + dev tun + tun-mtu 1356 + mssfix + proto udp + float + remote 217.111.55.41 1194 + nobind + user dcsovpn + group dcsovpn + persist-key + persist-tun + ca ${toString <secrets/dcsovpn/ca.pem>} + cert ${toString <secrets/dcsovpn/cert.pem>} + key ${toString <secrets/dcsovpn/cert.key>} + verb 3 + mute 20 + auth-user-pass ${toString <secrets/dcsovpn/login.txt>} + route-method exe + route-delay 2 + ''; + updateResolvConf = true; + }; + }; +} diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix index b774bfc..35f0b3b 100644 --- a/jeschli/1systems/bln/hardware-configuration.nix +++ b/jeschli/1systems/bln/hardware-configuration.nix @@ -30,4 +30,6 @@ nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = "powersave"; + + hardware.pulseaudio.enable = true; } |