summaryrefslogtreecommitdiffstats
path: root/systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2023-09-11 18:24:28 +0200
committertv <tv@krebsco.de>2023-09-13 18:07:11 +0200
commit0c4f3acb281be6290c55a6e96bc29fab5b5c7a11 (patch)
treedadaec00477a095273475ac345b2066b4748c399 /systems
parentab1d0479e90f11806d4703ec6fffed3d5f782914 (diff)
stockholm -> hrm
Diffstat (limited to 'systems')
-rw-r--r--systems/alnus/config.nix85
-rw-r--r--systems/au/config.nix22
-rw-r--r--systems/au/disks.nix19
-rw-r--r--systems/bu/config.nix33
-rw-r--r--systems/bu/disks.nix19
-rw-r--r--systems/mu/config.nix125
-rw-r--r--systems/nomic/config.nix60
-rw-r--r--systems/querel/config.nix84
-rw-r--r--systems/ru/config.nix35
-rw-r--r--systems/xu/config.nix152
-rw-r--r--systems/zu/config.nix49
11 files changed, 683 insertions, 0 deletions
diff --git a/systems/alnus/config.nix b/systems/alnus/config.nix
new file mode 100644
index 0000000..f8dd0b8
--- /dev/null
+++ b/systems/alnus/config.nix
@@ -0,0 +1,85 @@
+{ config, lib, pkgs, ... }: {
+ imports = [
+ ../../configs/hw/x220.nix
+ ../../configs/exim-retiolum.nix
+ ../../configs/retiolum.nix
+ ];
+
+ boot = {
+ initrd = {
+ availableKernelModules = [ "ahci" ];
+ luks.devices.luksroot.device = "/dev/sda2";
+ };
+ };
+
+ environment.systemPackages = [
+ pkgs.firefox
+ pkgs.networkmanagerapplet
+ (pkgs.pidgin.override {
+ plugins = [ pkgs.pidgin-otr ];
+ })
+ ];
+
+ fileSystems = {
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ "/" = {
+ device = "/dev/mapper/main-root";
+ fsType = "ext4";
+ options = [ "defaults" "noatime" ];
+ };
+ "/home" = {
+ device = "/dev/mapper/main-home";
+ fsType = "ext4";
+ options = [ "defaults" "noatime" ];
+ };
+ };
+
+ hardware = {
+ opengl.driSupport32Bit = true;
+ pulseaudio.enable = true;
+ };
+
+ i18n.defaultLocale = "de_DE.UTF-8";
+
+ krebs.build = {
+ host = config.krebs.hosts.alnus;
+ user = lib.mkForce config.krebs.users.dv;
+ };
+
+ networking.networkmanager.enable = true;
+
+ services.earlyoom.enable = true;
+ services.earlyoom.freeMemThreshold = 5;
+ systemd.services.earlyoom.environment.EARLYOOM_ARGS = toString [
+ "--prefer '^(Web Content|Privileged Cont)$'" # firefox tabs
+ ];
+
+ services.xserver = {
+ enable = true;
+ layout = "de";
+ xkbOptions = "eurosign:e";
+
+ libinput.enable = false;
+ synaptics = {
+ enable = true;
+ twoFingerScroll = true;
+ };
+ };
+ services.xserver.desktopManager.plasma5.enable = true;
+ services.xserver.displayManager.autoLogin.enable = true;
+ services.xserver.displayManager.autoLogin.user = "dv";
+
+ system.stateVersion = "22.05";
+
+ users.users.dv = {
+ inherit (config.krebs.users.dv) home uid;
+ isNormalUser = true;
+ extraGroups = [
+ "audio"
+ "video"
+ "networkmanager"
+ ];
+ };
+}
diff --git a/systems/au/config.nix b/systems/au/config.nix
new file mode 100644
index 0000000..bd61f78
--- /dev/null
+++ b/systems/au/config.nix
@@ -0,0 +1,22 @@
+{ config, ... }: {
+ imports = [
+ ./disks.nix
+ ../../configs/hw/x220.nix
+ ../../configs/ppp.nix
+ ../../configs/retiolum.nix
+ ../../configs/xsessions
+ ];
+
+ krebs.build.host = config.krebs.hosts.au;
+
+ networking.wireless.enable = true;
+ networking.useDHCP = false;
+ networking.interfaces.enp0s25.useDHCP = true;
+ networking.interfaces.wlp3s0.useDHCP = true;
+ networking.interfaces.wwp0s29u1u4i6.useDHCP = true;
+
+ system.stateVersion = "20.03";
+
+ tv.hw.screens.primary.width = 1920;
+ tv.hw.screens.primary.height = 1080;
+}
diff --git a/systems/au/disks.nix b/systems/au/disks.nix
new file mode 100644
index 0000000..434de17
--- /dev/null
+++ b/systems/au/disks.nix
@@ -0,0 +1,19 @@
+{
+ boot.initrd.luks.devices.main.device = "/dev/sda2";
+ fileSystems."/" = {
+ device = "/dev/main/root";
+ options = ["defaults" "noatime" "commit=60"];
+ };
+ fileSystems."/boot" = {
+ device = "/dev/sda1";
+ options = ["defaults" "noatime"];
+ };
+ fileSystems."/bku" = {
+ device = "/dev/main/bku";
+ options = ["defaults" "noatime"];
+ };
+ fileSystems."/home" = {
+ device = "/dev/main/home";
+ options = ["defaults" "noatime" "commit=60"];
+ };
+}
diff --git a/systems/bu/config.nix b/systems/bu/config.nix
new file mode 100644
index 0000000..39d1007
--- /dev/null
+++ b/systems/bu/config.nix
@@ -0,0 +1,33 @@
+{ config, ... }: {
+ imports = [
+ ./disks.nix
+ ../../configs/hw/x220.nix
+ ../../configs/exim-retiolum.nix
+ ../../configs/gitconfig.nix
+ ../../configs/pulse.nix
+ ../../configs/retiolum.nix
+ ../../configs/xsessions
+ ];
+
+ krebs.build.host = config.krebs.hosts.bu;
+
+ networking.wireless.enable = true;
+ networking.useDHCP = false;
+ networking.interfaces.enp0s25.useDHCP = true;
+ networking.interfaces.wlp3s0.useDHCP = true;
+ networking.interfaces.wwp0s29u1u4i6.useDHCP = true;
+ networking.wireless.interfaces = [
+ "wlp3s0"
+ ];
+
+ programs.gnupg.agent.enable = true;
+ programs.gnupg.agent.pinentryFlavor = "gtk2";
+
+ services.earlyoom.enable = true;
+ services.earlyoom.freeMemThreshold = 5;
+ systemd.services.earlyoom.environment.EARLYOOM_ARGS = toString [
+ "--prefer '(^|/)chromium$'"
+ ];
+
+ system.stateVersion = "21.11";
+}
diff --git a/systems/bu/disks.nix b/systems/bu/disks.nix
new file mode 100644
index 0000000..deabefa
--- /dev/null
+++ b/systems/bu/disks.nix
@@ -0,0 +1,19 @@
+{
+ boot.initrd.luks.devices.buda2.device = "/dev/sda2";
+ fileSystems."/" = {
+ device = "buda2/root";
+ fsType = "zfs";
+ };
+ fileSystems."/bku" = {
+ device = "buda2/bku";
+ fsType = "zfs";
+ };
+ fileSystems."/home" = {
+ device = "buda2/home";
+ fsType = "zfs";
+ };
+ fileSystems."/boot" = {
+ device = "/dev/sda1";
+ fsType = "vfat";
+ };
+}
diff --git a/systems/mu/config.nix b/systems/mu/config.nix
new file mode 100644
index 0000000..dc9ea0f
--- /dev/null
+++ b/systems/mu/config.nix
@@ -0,0 +1,125 @@
+{ config, lib, pkgs, ... }: {
+ imports = [
+ ../../configs/br.nix
+ ../../configs/exim-retiolum.nix
+ ../../configs/hw/x220.nix
+ ../../configs/retiolum.nix
+ ];
+
+ krebs.build.host = config.krebs.hosts.mu;
+ krebs.build.user = lib.mkForce config.krebs.users.vv;
+
+ tv.x0vncserver.enable = true;
+
+ boot.initrd.luks.devices.muca.device = "/dev/sda2";
+ boot.initrd.availableKernelModules = [ "ahci" ];
+ boot.kernelModules = [ "fbcon" "kvm-intel" ];
+ boot.kernelParams = [ "fsck.repair=yes" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/muvga-root";
+ fsType = "ext4";
+ options = [ "defaults" "discard" ];
+ };
+ "/home" = {
+ device = "/dev/mapper/muvga-home";
+ fsType = "ext4";
+ options = [ "defaults" "discard" ];
+ };
+ "/boot" = {
+ device = "/dev/sda1";
+ fsType = "vfat";
+ };
+ };
+
+ nixpkgs.config.allowUnfree = true;
+ hardware.opengl.driSupport32Bit = true;
+
+ hardware.pulseaudio.enable = true;
+
+ hardware.enableRedistributableFirmware = true;
+
+ boot.loader.efi.canTouchEfiVariables = true;
+ boot.loader.systemd-boot.enable = true;
+
+ networking.networkmanager.enable = true;
+
+ # XXX reload to work around occasional "Failed to load firmware chunk!"
+ # TODO only do this if firmware is actually broken(?)
+ system.activationScripts.reload-iwlwifi = /* sh */ ''
+ ${pkgs.kmod}/bin/modprobe -vr iwlwifi
+ ${pkgs.kmod}/bin/modprobe -v iwlwifi
+ '';
+
+ environment.systemPackages = [
+ pkgs.chromium
+ pkgs.firefox
+ pkgs.gimp
+ pkgs.iptables
+ pkgs.libreoffice
+ pkgs.plasma-pa
+ (pkgs.pidgin.override {
+ plugins = [ pkgs.pidgin-otr ];
+ })
+ pkgs.skypeforlinux
+ pkgs.slock
+ pkgs.tinc_pre
+ pkgs.vim
+ pkgs.xsane
+
+ #pkgs.foomatic_filters
+ #pkgs.gutenprint
+ #pkgs.cups_pdf_filter
+ #pkgs.ghostscript
+ ];
+
+
+ i18n.defaultLocale = "de_DE.UTF-8";
+
+ programs.ssh.startAgent = false;
+
+ krebs.setuid = {
+ slock = {
+ filename = "${pkgs.slock}/bin/slock";
+ mode = "4111";
+ };
+ };
+
+ security.pam.loginLimits = [
+ # for jack
+ { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
+ { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
+ ];
+
+ fonts.fonts = [
+ pkgs.xorg.fontschumachermisc
+ ];
+
+ services.xserver.enable = true;
+ services.xserver.layout = "de";
+ services.xserver.xkbOptions = "eurosign:e";
+
+ # TODO this is host specific
+ services.xserver.libinput.enable = false;
+ services.xserver.synaptics = {
+ enable = true;
+ twoFingerScroll = true;
+ };
+
+ services.xserver.desktopManager.plasma5.enable = true;
+
+ services.xserver.displayManager.autoLogin.enable = true;
+ services.xserver.displayManager.autoLogin.user = "vv";
+
+ users.users.vv = {
+ inherit (config.krebs.users.vv) home uid;
+ isNormalUser = true;
+ extraGroups = [
+ "audio"
+ "video"
+ "networkmanager"
+ ];
+ };
+}
diff --git a/systems/nomic/config.nix b/systems/nomic/config.nix
new file mode 100644
index 0000000..e8a5f9c
--- /dev/null
+++ b/systems/nomic/config.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }: {
+ krebs.build.host = config.krebs.hosts.nomic;
+
+ imports = [
+ ../../configs/hw/x220.nix
+ ../../configs/exim-retiolum.nix
+ ../../configs/gitrepos.nix
+ ../../configs/mail-client.nix
+ ../../configs/nginx/public_html.nix
+ ../../configs/pulse.nix
+ ../../configs/retiolum.nix
+ ../../configs/xserver
+ ];
+
+ boot.initrd.luks.devices.luks1.device = "/dev/sda2";
+
+ # Don't use UEFI because current disk was partitioned/formatted for AO753.
+ # TODO remove following bool.loader section after repartitioning/reformatting
+ boot.loader = {
+ grub = {
+ device = "/dev/sda";
+ splashImage = null;
+ };
+ systemd-boot.enable = lib.mkForce false;
+ };
+
+ fileSystems."/" =
+ { device = "/dev/mapper/nomic1-root";
+ fsType = "btrfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/sda1";
+ fsType = "ext4";
+ };
+
+ fileSystems."/home" =
+ { device = "/dev/mapper/nomic1-home";
+ fsType = "btrfs";
+ };
+
+ environment.systemPackages = with pkgs; [
+ (writeDashBin "play" ''
+ set -euf
+ mpv() { exec ${mpv}/bin/mpv "$@"; }
+ case $1 in
+ deepmix) mpv http://deepmix.ru/deepmix128.pls;;
+ groovesalad) mpv http://somafm.com/play/groovesalad;;
+ ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;;
+ *)
+ echo "$0: bad argument: $*" >&2
+ exit 23
+ esac
+ '')
+ gnupg
+ tmux
+ ];
+
+ networking.wireless.enable = true;
+}
diff --git a/systems/querel/config.nix b/systems/querel/config.nix
new file mode 100644
index 0000000..1b99f12
--- /dev/null
+++ b/systems/querel/config.nix
@@ -0,0 +1,84 @@
+{ config, lib, pkgs, ... }: {
+ imports = [
+ ../../configs/retiolum.nix
+ ];
+
+ krebs.build.host = config.krebs.hosts.querel;
+ krebs.build.user = lib.mkForce config.krebs.users.itak;
+
+ boot.initrd.availableKernelModules = [ "ahci" ];
+ boot.initrd.luks.devices.querel-luks1 = {
+ allowDiscards = true;
+ device = "/dev/sda2";
+ };
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.loader = {
+ efi.canTouchEfiVariables = true;
+ systemd-boot.enable = true;
+ };
+
+ environment.systemPackages = [
+ pkgs.firefox
+ pkgs.gimp
+ pkgs.kate
+ pkgs.libreoffice
+ (pkgs.pidgin.override {
+ plugins = [ pkgs.pidgin-otr ];
+ })
+ pkgs.sxiv
+ pkgs.texlive.combined.scheme-full
+ pkgs.vim
+ pkgs.xsane
+ pkgs.zathura
+ ];
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/querel-root";
+ fsType = "ext4";
+ options = [ "defaults" "discard" ];
+ };
+ "/home" = {
+ device = "/dev/mapper/querel-home";
+ fsType = "ext4";
+ options = [ "defaults" "discard" ];
+ };
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ };
+
+ hardware.enableRedistributableFirmware = true;
+ hardware.pulseaudio.enable = true;
+
+ i18n.defaultLocale = "de_DE.UTF-8";
+
+ networking.networkmanager.enable = true;
+
+ programs.ssh.startAgent = false;
+
+ services.xserver.enable = true;
+ services.xserver.layout = "de";
+ services.xserver.xkbOptions = "eurosign:e";
+
+ services.xserver.libinput.enable = false;
+ services.xserver.synaptics = {
+ enable = true;
+ twoFingerScroll = true;
+ };
+
+ services.xserver.desktopManager.plasma5.enable = true;
+
+ services.xserver.displayManager.autoLogin.enable = true;
+ services.xserver.displayManager.autoLogin.user = "itak";
+
+ users.users.itak = {
+ inherit (config.krebs.users.itak) home uid;
+ isNormalUser = true;
+ extraGroups = [
+ "audio"
+ "video"
+ "networkmanager"
+ ];
+ };
+}
diff --git a/systems/ru/config.nix b/systems/ru/config.nix
new file mode 100644
index 0000000..a79a1a7
--- /dev/null
+++ b/systems/ru/config.nix
@@ -0,0 +1,35 @@
+{ config, ... }: {
+ imports = [
+ ../../configs/hw/winmax2.nix
+ ../../configs/retiolum.nix
+ ../../configs/wiregrill.nix
+ ];
+
+ boot.initrd.luks.devices.main.device = "/dev/nvme0n1p2";
+ boot.loader.efi.canTouchEfiVariables = true;
+ boot.loader.systemd-boot.enable = true;
+
+ fileSystems."/" = {
+ device = "/dev/mapper/ruvg0-root";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "compress=zstd"];
+ };
+ fileSystems."/boot" = {
+ device = "/dev/nvme0n1p1";
+ fsType = "vfat";
+ };
+ fileSystems."/home" = {
+ device = "/dev/mapper/ruvg0-home";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "compress=zstd"];
+ };
+ fileSystems."/bku" = {
+ device = "/dev/mapper/ruvg0-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "compress=zstd"];
+ };
+
+ krebs.build.host = config.krebs.hosts.ru;
+
+ system.stateVersion = "22.11";
+}
diff --git a/systems/xu/config.nix b/systems/xu/config.nix
new file mode 100644
index 0000000..761a018
--- /dev/null
+++ b/systems/xu/config.nix
@@ -0,0 +1,152 @@
+{ config, pkgs, ... }: {
+ krebs.build.host = config.krebs.hosts.xu;
+
+ imports = [
+ ../../configs/autotether.nix
+ ../../configs/hw/x220.nix
+ ../../configs/exim-retiolum.nix
+ ../../configs/gitconfig.nix
+ ../../configs/gitrepos.nix
+ ../../configs/mail-client.nix
+ ../../configs/man.nix
+ ../../configs/nginx/public_html.nix
+ ../../configs/ppp.nix
+ ../../configs/pulse.nix
+ ../../configs/retiolum.nix
+ ../../configs/binary-cache
+ ../../configs/br.nix
+ ../../configs/xserver
+ ../../configs/xsessions
+ ../../configs/xserver/xkiller.nix
+ {
+ environment.systemPackages = with pkgs; [
+
+
+ # root
+ cryptsetup
+
+ # tv
+ bc
+ bind # dig
+ brain
+ cac-api
+ dic
+ file
+ gnupg1compat
+ haskellPackages.hledger
+ jq
+ mkpasswd
+ netcat
+ netcup
+ nmap
+ p7zip
+ (pkgs.pass.withExtensions (ext: [
+ ext.pass-otp
+ ]))
+ q
+ qrencode
+ texlive.combined.scheme-full
+ tmux
+
+ #ack
+ #apache-httpd
+ #ascii
+ #emacs
+ #es
+ #esniper
+ #gcc
+ #gptfdisk
+ #graphviz
+ #haskellPackages.cabal2nix
+ #haskellPackages.ghc
+ #haskellPackages.shake
+ #hdparm
+ #i7z
+ #iftop
+ #imagemagick
+ #inotifyTools
+ #iodine
+ #iotop
+ #lshw
+ #lsof
+ #minicom
+ #mtools
+ #ncmpc
+ #nethogs
+ #nix-prefetch-scripts #cvs bug
+ #openssl
+ #openswan
+ #parted
+ #perl
+ #powertop
+ #ppp
+ #proot
+ #pythonPackages.arandr
+ #pythonPackages.youtube-dl
+ #racket
+ #rxvt_unicode-with-plugins
+ #scrot
+ #sec
+ #silver-searcher
+ #sloccount
+ #smartmontools
+ #socat
+ #sshpass
+ #strongswan
+ #sysdig
+ #sysstat
+ #tcpdump
+ #tlsdate
+ #unetbootin
+ #utillinuxCurses
+ #xdotool
+ #xkill
+ #xl2tpd
+ #xsel
+
+ unison
+ ];
+ }
+ ];
+
+ boot.initrd.luks.devices.xuca.device = "/dev/sda2";
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/xuvga-root";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/bku" = {
+ device = "/dev/mapper/xuvga-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/home" = {
+ device = "/dev/mapper/xuvga-home";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ };
+
+ environment.systemPackages = with pkgs; [
+ ethtool
+ tinc_pre
+ iptables
+ #jack2
+
+ gptfdisk
+ ];
+
+ networking.wireless.enable = true;
+
+ #services.bitlbee.enable = true;
+ #services.tor.client.enable = true;
+ #services.tor.enable = true;
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+ system.stateVersion = "15.09";
+}
diff --git a/systems/zu/config.nix b/systems/zu/config.nix
new file mode 100644
index 0000000..01e0441
--- /dev/null
+++ b/systems/zu/config.nix
@@ -0,0 +1,49 @@
+{ config, ... }: {
+ krebs.build.host = config.krebs.hosts.zu;
+
+ imports = [
+ ../../configs/hw/x220.nix
+ ../../configs/exim-retiolum.nix
+ ../../configs/gitrepos.nix
+ ../../configs/mail-client.nix
+ ../../configs/man.nix
+ ../../configs/nginx/public_html.nix
+ ../../configs/pulse.nix
+ ../../configs/retiolum.nix
+ ../../configs/xserver
+ ];
+
+ boot.initrd.luks.devices.zuca.device = "/dev/sda2";
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/zuvga-root";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/bku" = {
+ device = "/dev/mapper/zuvga-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/home" = {
+ device = "/dev/mapper/zuvga-home";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ };
+
+ networking.wireless.enable = true;
+
+ services.printing.enable = true;
+
+ #services.bitlbee.enable = true;
+ #services.tor.client.enable = true;
+ #services.tor.enable = true;
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+ system.stateVersion = "15.09";
+}