summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-11-02 21:12:27 +0100
committertv <tv@krebsco.de>2017-11-02 21:12:27 +0100
commit24ef0f56ba48da109b7288e37304958b0320dc0e (patch)
treed9191f27d437aaefec137d8838cea90e16402f53
parent36c01359dcffd3c7424366b9c43eb0b8baae666a (diff)
tv querel: init
-rw-r--r--krebs/3modules/tv/default.nix32
-rw-r--r--tv/1systems/querel/config.nix95
-rw-r--r--tv/1systems/querel/source.nix3
3 files changed, 130 insertions, 0 deletions
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index e80becfa7..98145274c 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -254,6 +254,36 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
};
+ querel = {
+ ci = true;
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.22.22";
+ ip6.addr = "42::2222";
+ aliases = [
+ "querel.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEArv9eB8acpUhJwRaLY9kGeM7DEPvInVvoduEbec10p4Y2PFx2MjSz
+ 2OhyxFRkONC4EMV9oVTKD+NRtpbRGZGLYD8ZPB622SvccgB0XnL6ZZfie1feSgrn
+ bPyVnX8EnEgtx9IQckHyaxWgtyrluJnY2CbLkCYgD+50KFT12rdHyAa3+QoYU65x
+ ACQo28i9xIpsl6dm7iWBb+ecHc7fST35OqWywtVxSpHPe1nvwaYm1p3rqqtkCGVh
+ iXE5ruAscri7Dskc5dGR1p7LquhBaebuylH6sfRKA6kre05+/IkXi+JLeAmAtJ+W
+ xezYlecEvxhguql9ZmSYAYkR4KknZb56KtvCnm29o0evvEpsaYcbtgq1D0JhoGyk
+ 4DixS5e+5dg470icVKxPfz1AzejxrTUTtMlI28qjAIx1FcmCBGM+T6yHs/MhNGbf
+ aqUmN+FwtsJ2QWFYqu9zjxxyAfrAw+gqHm0LnsKK1ttwF/2fYCTRLowY+ItB3axs
+ UVq7DQxyunyYalKGX2RSJ5BHczREHrfgX43HCSlcAuMuow9jHLOjzul0A49rSZ9E
+ vOPqbjrki0KEEQj0HN3Ax4UVqZ6mPWaTQzuup+bPQ/2Sjkx6COzMSAPmKo4l6DkA
+ J++ZonpnOCUkwCeCU6qJgMuHeXn0uh117Ypj/3J9eKYMO/RTSs3x8l0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFM2GdL9yOjSBmYBE07ClywNOADc/zxqXwZuWd7Mael root@querel.r";
+ };
xu = {
binary-cache = {
pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
@@ -339,6 +369,8 @@ with import <stockholm/lib>;
dv = {
mail = "dv@alnus.r";
};
+ itak = {
+ };
mv-ni = {
mail = "mv@ni.r";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix
new file mode 100644
index 000000000..b564383d7
--- /dev/null
+++ b/tv/1systems/querel/config.nix
@@ -0,0 +1,95 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: {
+
+ imports = [
+ <stockholm/krebs>
+ <stockholm/tv/2configs>
+ <stockholm/tv/3modules>
+ <stockholm/tv/2configs/retiolum.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.querel;
+ krebs.build.user = mkForce config.krebs.users.itak;
+
+ boot.initrd.availableKernelModules = [ "ahci" ];
+ boot.initrd.luks = {
+ cryptoModules = [ "aes" "sha512" "xts" ];
+ devices.querel-luks1 = {
+ allowDiscards = true;
+ device = "/dev/sda2";
+ };
+ };
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.loader = {
+ efi.canTouchEfiVariables = true;
+ systemd-boot.enable = true;
+ };
+
+ environment.systemPackages = with pkgs; [
+ firefoxWrapper
+ gimp
+ kate
+ libreoffice
+ (pkgs.pidgin-with-plugins.override {
+ plugins = [ pkgs.pidginotr ];
+ })
+ sxiv
+ texlive.combined.scheme-full
+ vim
+ zathura
+ ];
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/querel-root";
+ fsType = "ext4";
+ options = [ "defaults" "discard" ];
+ };
+ "/home" = {
+ device = "/dev/mapper/querel-home";
+ fsType = "ext4";
+ options = [ "defaults" "discard" ];
+ };
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ };
+
+ hardware.enableRedistributableFirmware = true;
+ hardware.pulseaudio.enable = true;
+
+ i18n.defaultLocale = "de_DE.UTF-8";
+
+ networking.networkmanager.enable = true;
+
+ programs.ssh.startAgent = false;
+
+ services.printing = {
+ enable = true;
+ };
+
+ services.xserver.enable = true;
+ services.xserver.layout = "de";
+ services.xserver.xkbOptions = "eurosign:e";
+
+ services.xserver.synaptics = {
+ enable = true;
+ twoFingerScroll = true;
+ };
+
+ services.xserver.desktopManager.plasma5.enable = true;
+ services.xserver.displayManager.auto = {
+ enable = true;
+ user = "itak";
+ };
+
+ users.users.itak = {
+ inherit (config.krebs.users.itak) home uid;
+ isNormalUser = true;
+ extraGroups = [
+ "audio"
+ "video"
+ "networkmanager"
+ ];
+ };
+}
diff --git a/tv/1systems/querel/source.nix b/tv/1systems/querel/source.nix
new file mode 100644
index 000000000..74eab51e4
--- /dev/null
+++ b/tv/1systems/querel/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/tv/source.nix> {
+ name = "querel";
+}