From 0c4f3acb281be6290c55a6e96bc29fab5b5c7a11 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 11 Sep 2023 18:24:28 +0200 Subject: stockholm -> hrm --- systems/alnus/config.nix | 85 ++++++++++++++++++++++++++ systems/au/config.nix | 22 +++++++ systems/au/disks.nix | 19 ++++++ systems/bu/config.nix | 33 ++++++++++ systems/bu/disks.nix | 19 ++++++ systems/mu/config.nix | 125 ++++++++++++++++++++++++++++++++++++++ systems/nomic/config.nix | 60 ++++++++++++++++++ systems/querel/config.nix | 84 +++++++++++++++++++++++++ systems/ru/config.nix | 35 +++++++++++ systems/xu/config.nix | 152 ++++++++++++++++++++++++++++++++++++++++++++++ systems/zu/config.nix | 49 +++++++++++++++ 11 files changed, 683 insertions(+) create mode 100644 systems/alnus/config.nix create mode 100644 systems/au/config.nix create mode 100644 systems/au/disks.nix create mode 100644 systems/bu/config.nix create mode 100644 systems/bu/disks.nix create mode 100644 systems/mu/config.nix create mode 100644 systems/nomic/config.nix create mode 100644 systems/querel/config.nix create mode 100644 systems/ru/config.nix create mode 100644 systems/xu/config.nix create mode 100644 systems/zu/config.nix (limited to 'systems') diff --git a/systems/alnus/config.nix b/systems/alnus/config.nix new file mode 100644 index 0000000..f8dd0b8 --- /dev/null +++ b/systems/alnus/config.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, ... }: { + imports = [ + ../../configs/hw/x220.nix + ../../configs/exim-retiolum.nix + ../../configs/retiolum.nix + ]; + + boot = { + initrd = { + availableKernelModules = [ "ahci" ]; + luks.devices.luksroot.device = "/dev/sda2"; + }; + }; + + environment.systemPackages = [ + pkgs.firefox + pkgs.networkmanagerapplet + (pkgs.pidgin.override { + plugins = [ pkgs.pidgin-otr ]; + }) + ]; + + fileSystems = { + "/boot" = { + device = "/dev/sda1"; + }; + "/" = { + device = "/dev/mapper/main-root"; + fsType = "ext4"; + options = [ "defaults" "noatime" ]; + }; + "/home" = { + device = "/dev/mapper/main-home"; + fsType = "ext4"; + options = [ "defaults" "noatime" ]; + }; + }; + + hardware = { + opengl.driSupport32Bit = true; + pulseaudio.enable = true; + }; + + i18n.defaultLocale = "de_DE.UTF-8"; + + krebs.build = { + host = config.krebs.hosts.alnus; + user = lib.mkForce config.krebs.users.dv; + }; + + networking.networkmanager.enable = true; + + services.earlyoom.enable = true; + services.earlyoom.freeMemThreshold = 5; + systemd.services.earlyoom.environment.EARLYOOM_ARGS = toString [ + "--prefer '^(Web Content|Privileged Cont)$'" # firefox tabs + ]; + + services.xserver = { + enable = true; + layout = "de"; + xkbOptions = "eurosign:e"; + + libinput.enable = false; + synaptics = { + enable = true; + twoFingerScroll = true; + }; + }; + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.displayManager.autoLogin.enable = true; + services.xserver.displayManager.autoLogin.user = "dv"; + + system.stateVersion = "22.05"; + + users.users.dv = { + inherit (config.krebs.users.dv) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; +} diff --git a/systems/au/config.nix b/systems/au/config.nix new file mode 100644 index 0000000..bd61f78 --- /dev/null +++ b/systems/au/config.nix @@ -0,0 +1,22 @@ +{ config, ... }: { + imports = [ + ./disks.nix + ../../configs/hw/x220.nix + ../../configs/ppp.nix + ../../configs/retiolum.nix + ../../configs/xsessions + ]; + + krebs.build.host = config.krebs.hosts.au; + + networking.wireless.enable = true; + networking.useDHCP = false; + networking.interfaces.enp0s25.useDHCP = true; + networking.interfaces.wlp3s0.useDHCP = true; + networking.interfaces.wwp0s29u1u4i6.useDHCP = true; + + system.stateVersion = "20.03"; + + tv.hw.screens.primary.width = 1920; + tv.hw.screens.primary.height = 1080; +} diff --git a/systems/au/disks.nix b/systems/au/disks.nix new file mode 100644 index 0000000..434de17 --- /dev/null +++ b/systems/au/disks.nix @@ -0,0 +1,19 @@ +{ + boot.initrd.luks.devices.main.device = "/dev/sda2"; + fileSystems."/" = { + device = "/dev/main/root"; + options = ["defaults" "noatime" "commit=60"]; + }; + fileSystems."/boot" = { + device = "/dev/sda1"; + options = ["defaults" "noatime"]; + }; + fileSystems."/bku" = { + device = "/dev/main/bku"; + options = ["defaults" "noatime"]; + }; + fileSystems."/home" = { + device = "/dev/main/home"; + options = ["defaults" "noatime" "commit=60"]; + }; +} diff --git a/systems/bu/config.nix b/systems/bu/config.nix new file mode 100644 index 0000000..39d1007 --- /dev/null +++ b/systems/bu/config.nix @@ -0,0 +1,33 @@ +{ config, ... }: { + imports = [ + ./disks.nix + ../../configs/hw/x220.nix + ../../configs/exim-retiolum.nix + ../../configs/gitconfig.nix + ../../configs/pulse.nix + ../../configs/retiolum.nix + ../../configs/xsessions + ]; + + krebs.build.host = config.krebs.hosts.bu; + + networking.wireless.enable = true; + networking.useDHCP = false; + networking.interfaces.enp0s25.useDHCP = true; + networking.interfaces.wlp3s0.useDHCP = true; + networking.interfaces.wwp0s29u1u4i6.useDHCP = true; + networking.wireless.interfaces = [ + "wlp3s0" + ]; + + programs.gnupg.agent.enable = true; + programs.gnupg.agent.pinentryFlavor = "gtk2"; + + services.earlyoom.enable = true; + services.earlyoom.freeMemThreshold = 5; + systemd.services.earlyoom.environment.EARLYOOM_ARGS = toString [ + "--prefer '(^|/)chromium$'" + ]; + + system.stateVersion = "21.11"; +} diff --git a/systems/bu/disks.nix b/systems/bu/disks.nix new file mode 100644 index 0000000..deabefa --- /dev/null +++ b/systems/bu/disks.nix @@ -0,0 +1,19 @@ +{ + boot.initrd.luks.devices.buda2.device = "/dev/sda2"; + fileSystems."/" = { + device = "buda2/root"; + fsType = "zfs"; + }; + fileSystems."/bku" = { + device = "buda2/bku"; + fsType = "zfs"; + }; + fileSystems."/home" = { + device = "buda2/home"; + fsType = "zfs"; + }; + fileSystems."/boot" = { + device = "/dev/sda1"; + fsType = "vfat"; + }; +} diff --git a/systems/mu/config.nix b/systems/mu/config.nix new file mode 100644 index 0000000..dc9ea0f --- /dev/null +++ b/systems/mu/config.nix @@ -0,0 +1,125 @@ +{ config, lib, pkgs, ... }: { + imports = [ + ../../configs/br.nix + ../../configs/exim-retiolum.nix + ../../configs/hw/x220.nix + ../../configs/retiolum.nix + ]; + + krebs.build.host = config.krebs.hosts.mu; + krebs.build.user = lib.mkForce config.krebs.users.vv; + + tv.x0vncserver.enable = true; + + boot.initrd.luks.devices.muca.device = "/dev/sda2"; + boot.initrd.availableKernelModules = [ "ahci" ]; + boot.kernelModules = [ "fbcon" "kvm-intel" ]; + boot.kernelParams = [ "fsck.repair=yes" ]; + boot.extraModulePackages = [ ]; + + fileSystems = { + "/" = { + device = "/dev/mapper/muvga-root"; + fsType = "ext4"; + options = [ "defaults" "discard" ]; + }; + "/home" = { + device = "/dev/mapper/muvga-home"; + fsType = "ext4"; + options = [ "defaults" "discard" ]; + }; + "/boot" = { + device = "/dev/sda1"; + fsType = "vfat"; + }; + }; + + nixpkgs.config.allowUnfree = true; + hardware.opengl.driSupport32Bit = true; + + hardware.pulseaudio.enable = true; + + hardware.enableRedistributableFirmware = true; + + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + + networking.networkmanager.enable = true; + + # XXX reload to work around occasional "Failed to load firmware chunk!" + # TODO only do this if firmware is actually broken(?) + system.activationScripts.reload-iwlwifi = /* sh */ '' + ${pkgs.kmod}/bin/modprobe -vr iwlwifi + ${pkgs.kmod}/bin/modprobe -v iwlwifi + ''; + + environment.systemPackages = [ + pkgs.chromium + pkgs.firefox + pkgs.gimp + pkgs.iptables + pkgs.libreoffice + pkgs.plasma-pa + (pkgs.pidgin.override { + plugins = [ pkgs.pidgin-otr ]; + }) + pkgs.skypeforlinux + pkgs.slock + pkgs.tinc_pre + pkgs.vim + pkgs.xsane + + #pkgs.foomatic_filters + #pkgs.gutenprint + #pkgs.cups_pdf_filter + #pkgs.ghostscript + ]; + + + i18n.defaultLocale = "de_DE.UTF-8"; + + programs.ssh.startAgent = false; + + krebs.setuid = { + slock = { + filename = "${pkgs.slock}/bin/slock"; + mode = "4111"; + }; + }; + + security.pam.loginLimits = [ + # for jack + { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } + { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } + ]; + + fonts.fonts = [ + pkgs.xorg.fontschumachermisc + ]; + + services.xserver.enable = true; + services.xserver.layout = "de"; + services.xserver.xkbOptions = "eurosign:e"; + + # TODO this is host specific + services.xserver.libinput.enable = false; + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + }; + + services.xserver.desktopManager.plasma5.enable = true; + + services.xserver.displayManager.autoLogin.enable = true; + services.xserver.displayManager.autoLogin.user = "vv"; + + users.users.vv = { + inherit (config.krebs.users.vv) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; +} diff --git a/systems/nomic/config.nix b/systems/nomic/config.nix new file mode 100644 index 0000000..e8a5f9c --- /dev/null +++ b/systems/nomic/config.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: { + krebs.build.host = config.krebs.hosts.nomic; + + imports = [ + ../../configs/hw/x220.nix + ../../configs/exim-retiolum.nix + ../../configs/gitrepos.nix + ../../configs/mail-client.nix + ../../configs/nginx/public_html.nix + ../../configs/pulse.nix + ../../configs/retiolum.nix + ../../configs/xserver + ]; + + boot.initrd.luks.devices.luks1.device = "/dev/sda2"; + + # Don't use UEFI because current disk was partitioned/formatted for AO753. + # TODO remove following bool.loader section after repartitioning/reformatting + boot.loader = { + grub = { + device = "/dev/sda"; + splashImage = null; + }; + systemd-boot.enable = lib.mkForce false; + }; + + fileSystems."/" = + { device = "/dev/mapper/nomic1-root"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/mapper/nomic1-home"; + fsType = "btrfs"; + }; + + environment.systemPackages = with pkgs; [ + (writeDashBin "play" '' + set -euf + mpv() { exec ${mpv}/bin/mpv "$@"; } + case $1 in + deepmix) mpv http://deepmix.ru/deepmix128.pls;; + groovesalad) mpv http://somafm.com/play/groovesalad;; + ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;; + *) + echo "$0: bad argument: $*" >&2 + exit 23 + esac + '') + gnupg + tmux + ]; + + networking.wireless.enable = true; +} diff --git a/systems/querel/config.nix b/systems/querel/config.nix new file mode 100644 index 0000000..1b99f12 --- /dev/null +++ b/systems/querel/config.nix @@ -0,0 +1,84 @@ +{ config, lib, pkgs, ... }: { + imports = [ + ../../configs/retiolum.nix + ]; + + krebs.build.host = config.krebs.hosts.querel; + krebs.build.user = lib.mkForce config.krebs.users.itak; + + boot.initrd.availableKernelModules = [ "ahci" ]; + boot.initrd.luks.devices.querel-luks1 = { + allowDiscards = true; + device = "/dev/sda2"; + }; + boot.kernelModules = [ "kvm-intel" ]; + boot.loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + + environment.systemPackages = [ + pkgs.firefox + pkgs.gimp + pkgs.kate + pkgs.libreoffice + (pkgs.pidgin.override { + plugins = [ pkgs.pidgin-otr ]; + }) + pkgs.sxiv + pkgs.texlive.combined.scheme-full + pkgs.vim + pkgs.xsane + pkgs.zathura + ]; + + fileSystems = { + "/" = { + device = "/dev/mapper/querel-root"; + fsType = "ext4"; + options = [ "defaults" "discard" ]; + }; + "/home" = { + device = "/dev/mapper/querel-home"; + fsType = "ext4"; + options = [ "defaults" "discard" ]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + }; + + hardware.enableRedistributableFirmware = true; + hardware.pulseaudio.enable = true; + + i18n.defaultLocale = "de_DE.UTF-8"; + + networking.networkmanager.enable = true; + + programs.ssh.startAgent = false; + + services.xserver.enable = true; + services.xserver.layout = "de"; + services.xserver.xkbOptions = "eurosign:e"; + + services.xserver.libinput.enable = false; + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + }; + + services.xserver.desktopManager.plasma5.enable = true; + + services.xserver.displayManager.autoLogin.enable = true; + services.xserver.displayManager.autoLogin.user = "itak"; + + users.users.itak = { + inherit (config.krebs.users.itak) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; +} diff --git a/systems/ru/config.nix b/systems/ru/config.nix new file mode 100644 index 0000000..a79a1a7 --- /dev/null +++ b/systems/ru/config.nix @@ -0,0 +1,35 @@ +{ config, ... }: { + imports = [ + ../../configs/hw/winmax2.nix + ../../configs/retiolum.nix + ../../configs/wiregrill.nix + ]; + + boot.initrd.luks.devices.main.device = "/dev/nvme0n1p2"; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + + fileSystems."/" = { + device = "/dev/mapper/ruvg0-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "compress=zstd"]; + }; + fileSystems."/boot" = { + device = "/dev/nvme0n1p1"; + fsType = "vfat"; + }; + fileSystems."/home" = { + device = "/dev/mapper/ruvg0-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "compress=zstd"]; + }; + fileSystems."/bku" = { + device = "/dev/mapper/ruvg0-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "compress=zstd"]; + }; + + krebs.build.host = config.krebs.hosts.ru; + + system.stateVersion = "22.11"; +} diff --git a/systems/xu/config.nix b/systems/xu/config.nix new file mode 100644 index 0000000..761a018 --- /dev/null +++ b/systems/xu/config.nix @@ -0,0 +1,152 @@ +{ config, pkgs, ... }: { + krebs.build.host = config.krebs.hosts.xu; + + imports = [ + ../../configs/autotether.nix + ../../configs/hw/x220.nix + ../../configs/exim-retiolum.nix + ../../configs/gitconfig.nix + ../../configs/gitrepos.nix + ../../configs/mail-client.nix + ../../configs/man.nix + ../../configs/nginx/public_html.nix + ../../configs/ppp.nix + ../../configs/pulse.nix + ../../configs/retiolum.nix + ../../configs/binary-cache + ../../configs/br.nix + ../../configs/xserver + ../../configs/xsessions + ../../configs/xserver/xkiller.nix + { + environment.systemPackages = with pkgs; [ + + + # root + cryptsetup + + # tv + bc + bind # dig + brain + cac-api + dic + file + gnupg1compat + haskellPackages.hledger + jq + mkpasswd + netcat + netcup + nmap + p7zip + (pkgs.pass.withExtensions (ext: [ + ext.pass-otp + ])) + q + qrencode + texlive.combined.scheme-full + tmux + + #ack + #apache-httpd + #ascii + #emacs + #es + #esniper + #gcc + #gptfdisk + #graphviz + #haskellPackages.cabal2nix + #haskellPackages.ghc + #haskellPackages.shake + #hdparm + #i7z + #iftop + #imagemagick + #inotifyTools + #iodine + #iotop + #lshw + #lsof + #minicom + #mtools + #ncmpc + #nethogs + #nix-prefetch-scripts #cvs bug + #openssl + #openswan + #parted + #perl + #powertop + #ppp + #proot + #pythonPackages.arandr + #pythonPackages.youtube-dl + #racket + #rxvt_unicode-with-plugins + #scrot + #sec + #silver-searcher + #sloccount + #smartmontools + #socat + #sshpass + #strongswan + #sysdig + #sysstat + #tcpdump + #tlsdate + #unetbootin + #utillinuxCurses + #xdotool + #xkill + #xl2tpd + #xsel + + unison + ]; + } + ]; + + boot.initrd.luks.devices.xuca.device = "/dev/sda2"; + + fileSystems = { + "/" = { + device = "/dev/mapper/xuvga-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/bku" = { + device = "/dev/mapper/xuvga-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/xuvga-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + }; + + environment.systemPackages = with pkgs; [ + ethtool + tinc_pre + iptables + #jack2 + + gptfdisk + ]; + + networking.wireless.enable = true; + + #services.bitlbee.enable = true; + #services.tor.client.enable = true; + #services.tor.enable = true; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; +} diff --git a/systems/zu/config.nix b/systems/zu/config.nix new file mode 100644 index 0000000..01e0441 --- /dev/null +++ b/systems/zu/config.nix @@ -0,0 +1,49 @@ +{ config, ... }: { + krebs.build.host = config.krebs.hosts.zu; + + imports = [ + ../../configs/hw/x220.nix + ../../configs/exim-retiolum.nix + ../../configs/gitrepos.nix + ../../configs/mail-client.nix + ../../configs/man.nix + ../../configs/nginx/public_html.nix + ../../configs/pulse.nix + ../../configs/retiolum.nix + ../../configs/xserver + ]; + + boot.initrd.luks.devices.zuca.device = "/dev/sda2"; + + fileSystems = { + "/" = { + device = "/dev/mapper/zuvga-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/bku" = { + device = "/dev/mapper/zuvga-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/zuvga-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + }; + + networking.wireless.enable = true; + + services.printing.enable = true; + + #services.bitlbee.enable = true; + #services.tor.client.enable = true; + #services.tor.enable = true; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; +} -- cgit v1.2.3