summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2023-03-02 09:20:37 +0100
committertv <tv@krebsco.de>2023-03-02 09:20:37 +0100
commit03a9448a0922fcf158c4357922bed689245105e3 (patch)
tree7dbedf90d0443bd1e375aac61f63735f43e64984
parent177fd1eeec05f0821f1ccc63733b3e0fd5aed7b6 (diff)
parent8639d428c2e9f2190ec4e4b5dd931f24a4166f36 (diff)
Merge remote-tracking branch 'prism/master' into head
-rw-r--r--kartei/lass/prism.nix3
-rw-r--r--kartei/mic92/default.nix134
-rw-r--r--kartei/palo/default.nix21
-rw-r--r--kartei/palo/retiolum.pub13
-rw-r--r--krebs/1systems/hotdog/config.nix4
-rw-r--r--krebs/1systems/news/config.nix11
-rw-r--r--krebs/2configs/hotdog-host.nix9
-rw-r--r--krebs/2configs/news-host.nix9
-rw-r--r--krebs/2configs/news.nix3
-rw-r--r--krebs/3modules/sync-containers3.nix4
-rw-r--r--krebs/5pkgs/simple/fzfmenu/default.nix9
-rw-r--r--krebs/5pkgs/simple/pager.nix2
-rw-r--r--lass/1systems/aergia/config.nix6
-rw-r--r--lass/1systems/aergia/physical.nix73
-rw-r--r--lass/1systems/coaxmetal/config.nix6
-rw-r--r--lass/1systems/green/config.nix1
-rw-r--r--lass/1systems/lasspi/config.nix5
-rw-r--r--lass/1systems/lasspi/physical.nix21
-rw-r--r--lass/1systems/neoprism/config.nix11
-rw-r--r--lass/1systems/orange/config.nix1
-rw-r--r--lass/1systems/prism/config.nix5
-rw-r--r--lass/1systems/radio/config.nix2
-rw-r--r--lass/1systems/yellow/config.nix330
-rw-r--r--lass/2configs/antimicrox/default.nix33
-rw-r--r--lass/2configs/antimicrox/empty.amgp20
-rw-r--r--lass/2configs/antimicrox/mouse.amgp272
-rw-r--r--lass/2configs/baseX.nix2
-rw-r--r--lass/2configs/browsers.nix14
-rw-r--r--lass/2configs/jitsi.nix24
-rw-r--r--lass/2configs/mail.nix6
-rw-r--r--lass/2configs/mumble-reminder.nix6
-rw-r--r--lass/2configs/murmur.nix42
-rw-r--r--lass/2configs/print.nix14
-rw-r--r--lass/2configs/services/coms/default.nix6
-rw-r--r--lass/2configs/services/coms/jitsi.nix43
-rw-r--r--lass/2configs/services/coms/murmur.nix47
-rw-r--r--lass/2configs/services/coms/proxy.nix41
-rw-r--r--lass/2configs/services/flix/container-host.nix40
-rw-r--r--lass/2configs/services/flix/default.nix316
-rw-r--r--lass/2configs/services/flix/proxy.nix12
-rw-r--r--lass/2configs/services/radio/container-host.nix (renamed from lass/2configs/radio/container-host.nix)0
-rw-r--r--lass/2configs/services/radio/controls.html (renamed from lass/2configs/radio/controls.html)0
-rw-r--r--lass/2configs/services/radio/default.nix (renamed from lass/2configs/radio/default.nix)0
-rw-r--r--lass/2configs/services/radio/news.nix (renamed from lass/2configs/radio/news.nix)0
-rw-r--r--lass/2configs/services/radio/proxy.nix17
-rw-r--r--lass/2configs/services/radio/radio.liq (renamed from lass/2configs/radio/radio.liq)0
-rw-r--r--lass/2configs/services/radio/shell.nix (renamed from lass/2configs/radio/shell.nix)0
-rw-r--r--lass/2configs/services/radio/weather.nix (renamed from lass/2configs/radio/weather.nix)0
-rw-r--r--lass/2configs/services/radio/weather_for_ips.py (renamed from lass/2configs/radio/weather_for_ips.py)0
-rw-r--r--lass/2configs/xdg-open.nix26
-rw-r--r--lass/2configs/xmonad.nix6
-rw-r--r--lass/2configs/yellow-host.nix14
-rw-r--r--lass/3modules/browsers.nix94
-rw-r--r--lass/3modules/default.nix2
-rw-r--r--lass/3modules/xjail.nix173
55 files changed, 1057 insertions, 896 deletions
diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix
index cfc05b636..d72b167b6 100644
--- a/kartei/lass/prism.nix
+++ b/kartei/lass/prism.nix
@@ -21,7 +21,7 @@ rec {
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- cgit CNAME ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
@@ -38,6 +38,7 @@ rec {
mail 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ schrott 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix
index 75f5b7fc9..796f0fd33 100644
--- a/kartei/mic92/default.nix
+++ b/kartei/mic92/default.nix
@@ -51,24 +51,6 @@ in {
};
};
};
- herbert = {
- owner = config.krebs.users.mic92;
- nets = rec {
- retiolum = {
- aliases = [ "herbert.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA7ZINr8YxVwHtcOR+ySpc9UjnJWsFXlOyu3CnrJ8IrY+mPA25UmNZ
- stXd8QbJuxpad9HyPs294uW8UmXttEZzIwAlikVHasM5IQHVltudTTFvv7s3YFWd
- /lgpHbo8zOA2mafx+Sr02Fy/lHjk6BTf8IOzdJIpUHZL/P+FUl9baBwGLmtbEvPh
- fbvtf5QryBjJ9nRnb+wsPVpeFE/LncIMK/bYQsyE01T5QDu/muAaeYPbgm6FqaQH
- OJ4oEHsarWBvU1qzgz/IRz0BHHeTrbbP3AG/glTwL02Z1mtTXSjME7cfk7ZRM5Cj
- jXAqnqu2m1B08Kii+zYp4BPZDmPLT5gq+QIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
rauter = {
owner = config.krebs.users.mic92;
nets = rec {
@@ -161,19 +143,20 @@ in {
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAt/dCDTvJU5jugP+5pk2CNM8X6cOnFonJv2eS253nsmKI97T9FSUa
- QDt417MoqAJNEeZw7o4ve1fmdZmtfKgmXYdDJi2HSJCJoKY6FUgVOKevtzGg4akl
- 4mKTy2z59CxyIbA41MHyLq18W3NLabQ41NpWGBRt9jvHQpZfd+wI8t5IIzdvFrKo
- JSOFRbzEBL5//Hc3N/443cUg4IMyDBTemS7/jaZ2/Mn+PVZAdoIPLEZjFeWewmTF
- Jd8Bsc2thzAREYHYnawhq3PLJSebMJd91pCdkD0NB0i59VKORcQTFady3fzE9+w4
- RSTqAdBTUDuxzU/B8g1dp89/qW+fVPiFuB5Pf7D9t2DgxTDAeSXMiId/4Hwa0B1G
- QCnCedz0Qk2UdId16BTS8DSq8Pd9fawU6qCmPY6ahSiw5ZQ6odMvDISb480cKj41
- pslLjhIItTk3WEs8MwnQCzweNABuCK7GzT7CNaYm3f9pznBlOB+KfoZ6mrlzKkEK
- u+gFJXTFym0ZF0wheXO7FCJ1jp4LFHqKGS3zWQyT7isjLsbcQzpOe8/FdiFlQvlG
- vltL+5JjcahAMHc/ba+pRa5rSy8ebqf68fg4jlkT94Za13bCIHdK5w7eAXR3s/9z
- H2wZmhvajUIZAxQSgFUy+7kKWOIkWqFkGPIdmbdwTaHC88OWshvRv8ECAwEAAQ==
+ MIICCgKCAgEAvanhJvtvqnTGblOF9Dy7Un3vaLAJHGeu9z8YMARFh6ENe+duILp0
+ IDjJMZc7F3J01RbkjkfbzPiXmHN532MBcbKnp0Z5eUld/XmDdNCc3ekTifrYs2em
+ eJKFrx2Vhsx924PZ8cOOf7P+JuqJNQzMiy7ohATjpMLU9If1tjqSyV+/lGjbjckN
+ /e88XtG7Z4Cu5LdbD5Ajb4Rzp9gL0ae4aNw+2nX3wMJLYEjOcmBYuMzBcLYzVnZw
+ YrtgN9RV8md9gdb2B/Fj1PdJGDyjdiuGRE9LnloC3dpMSkmhbNm9DthsThaWMUn1
+ DyrtHrJoyNTO8OvyTfWK7EqKqZcZ+0gaTmtec5VCYWSCpb/CWLmHL3ydTyzNhtRA
+ 9ZFRwPQUdBsYQ/G/xtGrMQf5T/FdqUj3bD5pGlw6vheabBkD8a8Bt7WB52fzWWb0
+ MZZlxyWiHoIim83LI8Qa5WHkJ7jZkV8XdrwsA7hkJpVikJIbWsdzwQVWBVvz5WiF
+ 0z1vi/cb5EYe3MRRshhG5VpTHBJzDRmvkdbKqrWi8dFEzJGkr0NPflmVKYAIBnRI
+ xLemDSacswrvY1x9cdzCsNI92SkYxCvsVI27DCeeF5cfkApkZ0YcnOJm+3joTgpP
+ uF8mQiPsyavyuBg4QWWPwGJosDRbycmHEzGDRLoizSkAQX5c+rvCvVECAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
+ tinc.pubkey_ed25519 = "5ZhQyLQ2RLTkKvFCN38dfmqfjZOnZmm19Vr1eiOVlID";
};
};
aenderpad = {
@@ -294,32 +277,6 @@ in {
};
};
};
- sauron = {
- owner = config.krebs.users.mic92;
- nets = rec {
- internet = {
- ip4.addr = "129.215.165.75";
- ip6.addr = "2001:630:3c1:164:d65d:64ff:feb0:e8a8";
- aliases = [ "sauron.i" ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.29.194";
- aliases = [ "sauron.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAxmCryT4ZEhPOvdZhWhYZsRS7sz1njSh2ozh6iwXRXhjRjZ9tYZVQ
- GoYc6ADnWCnb9SGpPe1WqwFMblfKofnXCvC4wLQaFsch1GIMPhujosJ4Te84BHi1
- XKqyompotE2F7iWYPE6i6UAdRK2dCapfCbiDBOjMhCnmmhM1oY5Bv/fBtx3/2N7E
- W+iN6LG2t9cKibs8qrLzFtJIfWn8uXU9dkdhX3d9guCdplGOn/NT/Aq3ayvA+/Mf
- 74oJVJgBT5M1rTH2+u+MU+kC+x2UD+jjXEjS55owFWsEM1jI4rGra+dpsDuzdGdG
- 67wl9JlpDBy4Tkf2Bl3CQWZHsWDsR6jCqwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "Z5+fArxMfP8oLqlHpXadkGc9ROOPHBqugAMD2czmNlJ";
- };
- };
- };
bill = {
owner = config.krebs.users.mic92;
nets = rec {
@@ -435,73 +392,6 @@ in {
};
};
};
- harsha = {
- owner = config.krebs.users.mic92;
- nets = {
- retiolum = {
- ip4.addr = "10.243.29.184";
- aliases = [
- "harsha.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA9VVG+kwSXDmjLuNCT6Mp9xTCj9IdzgjWxkExEH/Jd9kgVNXRa+39
- P8OQuHXi9fC/51363hh7ThggneIxOs2R4fZDyUcWfzv13aik34U0e+tYjhWXig+o
- MClkK4/uhLrsk370MQVevpjYW23S5d+pThOm84xIchvjR9nqzp6E3jzjhyeQwHJg
- dM48y7XT2+7hLvOkkEQ8xLcd35J228wVSilsSYhye1D2+ThRDbjjEkKXnIeOmU5h
- TPNvn+U0lVdwUDYlS+XUhNl3awRdfzTYlPvUhTWv9zwSxS5EQjvgMqC/3/fQod2K
- zyYdPwCwEyrksr9JvJF/t+oCw4hf3V4iOwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
-
- redha = {
- owner = config.krebs.users.mic92;
- nets = {
- retiolum = {
- ip4.addr = "10.243.29.188";
- aliases = [
- "redha.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAx7STxTTPMxXugweHpUGOeLUrrTSCt7j5l+fjNtArIygOGKEiAC5O
- s0G4WHK2IcrNnv7pxS09S5mnXywi51aAL+G2fKzcU3YgLFuoUN4Kk5LohMvBynEE
- a3kZK2/D+LMeFfpK2RWBPjLnulN29ke11Iot42TC6+NIMWiZh/Y2T0mKirUJQGsH
- RV3zRlR7YfIOdR1AZ5S+qrmPF8hLb7O08TTXrHo8NQk5NAVUS89OYcn1pc9hnf/e
- FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm
- mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "oRGc9V9G9GFsY1bZIaJamoDEAZU2kphlpxXOMBxI2GN";
- };
- };
- };
-
- grandalf = {
- owner = config.krebs.users.mic92;
- nets = {
- retiolum = {
- ip4.addr = "10.243.29.187";
- aliases = [
- "grandalf.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAn1wLOI8DluJAKvscyImoyG0gjxyVC1/Ky8A63YO7INy0SYBg3wU7
- XPSbix5VJZdADQ382LWg31ORYjnDg40c49gCGLfR6+awgd+Rb0sb4eAz07XENXJC
- qc70oQrrXLi8HIfeckCsJHe514LJOMA3pU+muaMShOiSygoTiTlEH6RRrkC8HROL
- 2/V7Hm2Sg7YS+MY8bI/x61MIagfkQKH2eFyqGG54Y80bIhm5SohMkiANu78GdngI
- jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/
- /btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "dzjT09UeUGJCbUFrBo+FtbnXrsxFQnmqmJw7tjpJQJL";
- };
- };
- };
doctor = {
owner = config.krebs.users.mic92;
diff --git a/kartei/palo/default.nix b/kartei/palo/default.nix
index 9d35c3808..6fc9a594f 100644
--- a/kartei/palo/default.nix
+++ b/kartei/palo/default.nix
@@ -17,13 +17,28 @@ let
in
{
hosts = mapAttrs hostDefaults {
- sterni = {
+ sol = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
tinc.port = 720;
- aliases = [ "sterni.r" ];
- tinc.pubkey = builtins.readFile ./retiolum.pub;
+ aliases = [ "sol.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAxrvdMSAcOJXM1TbIIDZ+zPojrcRG3RVMfPC2/0DasRpBFSuS+L60
+ mQEs0l0ptAL6Sbr4+9gfaHkdETfYpeKB4Q4lCPahMq88YfTyB1f3tEOqW3vP22nC
+ Z+Yf+W/sTLWVRoDoS/Eok6wS95R1IQ74vr37YXdbJTD/eeX6sAJkn2I2RV5PD6Bu
+ lHsMuunAj+PyhAgqb2P393h7FN4exL0xM6UbHbgsd9OSp5qKTjZE3jeOyWmounK1
+ 7n+8pyRjI0VE47ontnj/GANwpsxRFFtRGmG/S5KhUBXMv7wZr/vaVETRphAu+KhT
+ NqdclmGkQlB/YBodzJID7C21Zz4b33kcn12TU3nc6AL5u9j3sU2sEu/22fAZBWLV
+ yOZ9l/Qe4aJkIbdL70Gvp9G8m7+M4vkdM+e/nA5cZT0N9ArI2D5ltJRd7VLVzxef
+ Y0t/bS9bVOcNt2Sgd81Ubg0OmF2paHGGboAAMqXhf3afwCMyXcDsP6sgPXOIEu7Q
+ hjuo5rg6Fu8eK9edAAQ2afl52GiFUawzjHbjGANwVyea1JTQ3uR6eBtxGOEaYpkr
+ vbl75CxLwE0YA0L3VwhJTNLMVldTrUi2M76QedjzyePkJHMijHT5+0nqTlsmjcNg
+ uv89Mh9shNKdqulfGjTAFyKjTCuUe/rCprJ5CeZWBaEuQKYkcZuMkJsCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "qCJvjlNz5YNOz5IEiwGaoK3InSVCL76uNl+xVBUa/AP";
};
};
};
diff --git a/kartei/palo/retiolum.pub b/kartei/palo/retiolum.pub
deleted file mode 100644
index 65284d51d..000000000
--- a/kartei/palo/retiolum.pub
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE
-8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4
-oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/
-ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD
-ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ
-ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu
-MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL
-rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo
-sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1
-EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH
-yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 9849937d5..70307a96b 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -26,4 +26,8 @@
boot.isContainer = true;
networking.useDHCP = false;
+ krebs.sync-containers3.inContainer = {
+ enable = true;
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM20tYHHvwIgrJZzR35ATzH9AlTrM1enNKEQJ7IP6lBh";
+ };
}
diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix
index 620e6249e..b27fc3737 100644
--- a/krebs/1systems/news/config.nix
+++ b/krebs/1systems/news/config.nix
@@ -17,13 +17,8 @@
boot.isContainer = true;
networking.useDHCP = lib.mkForce true;
- krebs.bindfs = {
- "/var/lib/brockman" = {
- source = "/var/state/brockman";
- options = [
- "-m ${toString config.users.users.brockman.uid}:${toString config.users.users.nginx.uid}"
- ];
- clearTarget = true;
- };
+ krebs.sync-containers3.inContainer = {
+ enable = true;
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBVZomw68WDQy0HsHhNbWK1KpzaR5aRUG1oioE7IgCv";
};
}
diff --git a/krebs/2configs/hotdog-host.nix b/krebs/2configs/hotdog-host.nix
new file mode 100644
index 000000000..95d70376b
--- /dev/null
+++ b/krebs/2configs/hotdog-host.nix
@@ -0,0 +1,9 @@
+{
+ krebs.sync-containers3.containers.hotdog = {
+ sshKey = "${toString <secrets>}/hotdog.sync.key";
+ };
+ containers.hotdog.bindMounts."/var/lib" = {
+ hostPath = "/var/lib/sync-containers3/hotdog/state";
+ isReadOnly = false;
+ };
+}
diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix
index 07674c86e..71793e518 100644
--- a/krebs/2configs/news-host.nix
+++ b/krebs/2configs/news-host.nix
@@ -1,10 +1,5 @@
{
- krebs.sync-containers.containers.news = {
- peers = [
- "shodan"
- "mors"
- "styx"
- ];
- format = "plain";
+ krebs.sync-containers3.containers.news = {
+ sshKey = "${toString <secrets>}/news.sync.key";
};
}
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index d6c6371da..9d9470727 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -74,7 +74,7 @@
limits.identlen = 100;
history.enabled = false;
};
- systemd.services.brockman.bindsTo = [ "ergo.service" ];
+ systemd.services.brockman.bindsTo = [ "ergochat.service" ];
systemd.services.brockman.serviceConfig.LimitNOFILE = 16384;
systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG";
krebs.brockman = {
@@ -87,6 +87,7 @@
nick = "brockman";
extraChannels = [ "#all" ];
};
+ statePath = "/var/state/brockman/brockman.json";
bots = {};
};
};
diff --git a/krebs/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix
index 4a00b23ab..ed147b30e 100644
--- a/krebs/3modules/sync-containers3.nix
+++ b/krebs/3modules/sync-containers3.nix
@@ -104,7 +104,9 @@ in {
consul lock sync_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-sync" ''
set -efux
if /run/wrappers/bin/ping -c 1 ${ctr.name}.r; then
- nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 container_sync@${ctr.name}.r:disk "$HOME"/disk
+ nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 --inplace --sparse container_sync@${ctr.name}.r:disk "$HOME"/disk.rsync
+ touch "$HOME"/incomplete
+ nice --adjustment=30 rsync --inplace "$HOME"/disk.rsync "$HOME"/disk
rm -f "$HOME"/incomplete
fi
''}
diff --git a/krebs/5pkgs/simple/fzfmenu/default.nix b/krebs/5pkgs/simple/fzfmenu/default.nix
index 4527ad90b..fe5d5e27a 100644
--- a/krebs/5pkgs/simple/fzfmenu/default.nix
+++ b/krebs/5pkgs/simple/fzfmenu/default.nix
@@ -48,10 +48,11 @@ pkgs.writeDashBin "fzfmenu" ''
exec 4>&1
export FZFMENU_INPUT_FD=3
export FZFMENU_OUTPUT_FD=4
- exec ${pkgs.rxvt-unicode}/bin/urxvt \
- -name ${cfg.appName} \
- -title ${shell.escape cfg.windowTitle} \
- -e "$0" "$@"
+ exec ${pkgs.alacritty}/bin/alacritty \
+ --config-file /var/theme/config/alacritty.yaml \
+ --class ${cfg.appName} \
+ --title ${shell.escape cfg.windowTitle} \
+ --command "$0" "$@"
else
exec 0<&''${FZFMENU_INPUT_FD-0}
exec 1>&''${FZFMENU_OUTPUT_FD-1}
diff --git a/krebs/5pkgs/simple/pager.nix b/krebs/5pkgs/simple/pager.nix
index 506ef2eb3..952b5ee1e 100644
--- a/krebs/5pkgs/simple/pager.nix
+++ b/krebs/5pkgs/simple/pager.nix
@@ -33,8 +33,6 @@ pkgs.symlinkJoin {
-ti vt340 \
-xrm '*geometry: 32x10' \
-xrm '*internalBorder: 2' \
- -xrm '*background: #050505' \
- -xrm '*foreground: #d0d7d0' \
-e ${pkgs.haskellPackages.pager}/bin/pager "$@"
'')
pkgs.haskellPackages.pager
diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix
index ed5bbcf12..6992db4a5 100644
--- a/lass/1systems/aergia/config.nix
+++ b/lass/1systems/aergia/config.nix
@@ -26,6 +26,7 @@
<stockholm/lass/2configs/dunst.nix>
<stockholm/lass/2configs/print.nix>
<stockholm/lass/2configs/br.nix>
+ <stockholm/lass/2configs/c-base.nix>
];
system.stateVersion = "22.11";
@@ -47,11 +48,6 @@
};
hardware.pulseaudio.package = pkgs.pulseaudioFull;
- lass.browser.config = {
- fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
- qt = { browser = "qutebrowser"; groups = [ "audio" "video" ]; hidden = true; };
- };
-
nix.trustedUsers = [ "root" "lass" ];
# nix.extraOptions = ''
diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix
index de5f7540e..023639083 100644
--- a/lass/1systems/aergia/physical.nix
+++ b/lass/1systems/aergia/physical.nix
@@ -3,6 +3,7 @@
imports = [
./config.nix
(modulesPath + "/installer/scan/not-detected.nix")
+ <stockholm/lass/2configs/antimicrox>
];
disko.devices = import ./disk.nix;
@@ -20,15 +21,41 @@
boot.kernelParams = [
# Enable energy savings during sleep
"mem_sleep_default=deep"
- "initcall_blacklist=acpi_cpufreq_init"
+
+ # use less power with pstate
+ "amd_pstate=passive"
# for ryzenadj -i
"iomem=relaxed"
+
+ # suspend
+ "resume_offset=178345675"
];
- # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html
- # On recent AMD CPUs this can be more energy efficient.
- boot.kernelModules = [ "amd-pstate" "kvm-amd" ];
+ boot.kernelModules = [
+ # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html
+ # On recent AMD CPUs this can be more energy efficient.
+ "amd-pstate"
+ "kvm-amd"
+
+ # needed for zenstates
+ "msr"
+
+ # zenpower
+ "zenpower"
+ ];
+
+ boot.extraModulePackages = [
+ (config.boot.kernelPackages.zenpower.overrideAttrs (old: {
+ src = pkgs.fetchFromGitea {
+ domain = "git.exozy.me";
+ owner = "a";
+ repo = "zenpower3";
+ rev = "c176fdb0d5bcba6ba2aba99ea36812e40f47751f";
+ hash = "sha256-d2WH8Zv7F0phZmEKcDiaak9On+Mo9bAFhMulT/N5FWI=";
+ };
+ }))
+ ];
# hardware.cpu.amd.updateMicrocode = true;
@@ -36,7 +63,16 @@
"amdgpu"
];
- boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
+ boot.initrd.availableKernelModules = [
+ "nvme"
+ "thunderbolt"
+ "xhci_pci"
+ "usbhid"
+ ];
+
+ boot.initrd.kernelModules = [
+ "amdgpu"
+ ];
environment.systemPackages = [
pkgs.vulkan-tools
@@ -54,7 +90,13 @@
hardware.video.hidpi.enable = lib.mkDefault true;
# corectrl
- programs.corectrl.enable = true;
+ programs.corectrl = {
+ enable = true;
+ gpuOverclock = {
+ enable = true;
+ ppfeaturemask = "0xffffffff";
+ };
+ };
users.users.mainUser.ex