diff options
author | mv <mv@ni.r> | 2017-08-29 21:00:46 +0200 |
---|---|---|
committer | mv <mv@ni.r> | 2017-08-29 21:05:25 +0200 |
commit | 15c510e05b3353b5644c488d5b97005eb877105a (patch) | |
tree | 44f8c9070b461e77e6d082af4e5958d407f4d567 /mv/1systems/stro.nix | |
parent | 34189b038f3ea92024b453649ff6fa9569299f82 (diff) |
mv: the future is now!
Diffstat (limited to 'mv/1systems/stro.nix')
-rw-r--r-- | mv/1systems/stro.nix | 169 |
1 files changed, 0 insertions, 169 deletions
diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix deleted file mode 100644 index bb37aed..0000000 --- a/mv/1systems/stro.nix +++ /dev/null @@ -1,169 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ - krebs = { - enable = true; - build = { - user = config.krebs.users.mv; - host = config.krebs.hosts.stro; - source = let - HOME = getEnv "HOME"; - host = config.krebs.build.host; - in { - nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix"; - secrets.file = "${HOME}/secrets/${host.name}"; - stockholm.file = "${HOME}/stockholm"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f"; - }; - }; - }; - }; - - imports = [ - <secrets> - <stockholm/krebs> - <stockholm/tv/2configs/audit.nix> - <stockholm/tv/2configs/bash.nix> - <stockholm/tv/2configs/exim-retiolum.nix> - <stockholm/tv/2configs/hw/x220.nix> - <stockholm/tv/2configs/im.nix> - <stockholm/tv/2configs/mail-client.nix> - <stockholm/tv/2configs/nginx/public_html.nix> - <stockholm/tv/2configs/retiolum.nix> - <stockholm/tv/2configs/ssh.nix> - <stockholm/tv/2configs/sshd.nix> - <stockholm/tv/2configs/vim.nix> - <stockholm/tv/2configs/xdg.nix> - <stockholm/tv/2configs/xserver> - <stockholm/tv/3modules> - <stockholm/tv/5pkgs> - ]; - - boot.kernel.sysctl = { - # Enable IPv6 Privacy Extensions - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { - name = "luks1"; - device = "/dev/disk/by-id/ata-TOSHIBA-TR150_467B50JXK8WU-part2"; - } - ]; - }; - - environment = { - profileRelativeEnvVars.PATH = mkForce [ "/bin" ]; - shellAliases = mkForce { - gp = "${pkgs.pari}/bin/gp -q"; - df = "df -h"; - du = "du -h"; - ls = "ls -h --color=auto --group-directories-first"; - dmesg = "dmesg -L --reltime"; - view = "vim -R"; - - reload = "systemctl reload"; - restart = "systemctl restart"; - start = "systemctl start"; - status = "systemctl status"; - stop = "systemctl stop"; - }; - systemPackages = with pkgs; [ - dic - htop - p7zip - q - - pavucontrol - rxvt_unicode.terminfo - - # stockholm - git - gnumake - populate - ]; - variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - }; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-id/ata-TOSHIBA-TR150_467B50JXK8WU-part1"; - }; - "/" = { - device = "/dev/mapper/vg1-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home" = { - device = "/dev/mapper/vg1-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - networking.hostName = config.krebs.build.host.name; - - nix = { - binaryCaches = ["https://cache.nixos.org"]; - # TODO check if both are required: - chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ]; - requireSignedBinaryCaches = true; - useChroot = true; - }; - - nixpkgs.config.allowUnfree = false; - - users = { - defaultUserShell = "/run/current-system/sw/bin/bash"; - mutableUsers = false; - users = { - mv = { - inherit (config.krebs.users.mv) home uid; - isNormalUser = true; - }; - }; - }; - - security.sudo.extraConfig = '' - Defaults env_keep+="SSH_CLIENT" - Defaults mailto="${config.krebs.users.mv.mail}" - Defaults !lecture - ''; - - services.cron.enable = false; - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - services.nscd.enable = false; - services.ntp.enable = false; - services.timesyncd.enable = true; - - time.timeZone = "Europe/Berlin"; - - tv.iptables = { - enable = true; - accept-echo-request = "internet"; - }; - - system.stateVersion = "16.03"; -} |