diff options
author | tv <tv@krebsco.de> | 2017-11-02 21:12:27 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-11-02 21:12:27 +0100 |
commit | 24ef0f56ba48da109b7288e37304958b0320dc0e (patch) | |
tree | d9191f27d437aaefec137d8838cea90e16402f53 | |
parent | 36c01359dcffd3c7424366b9c43eb0b8baae666a (diff) |
tv querel: init
-rw-r--r-- | krebs/3modules/tv/default.nix | 32 | ||||
-rw-r--r-- | tv/1systems/querel/config.nix | 95 | ||||
-rw-r--r-- | tv/1systems/querel/source.nix | 3 |
3 files changed, 130 insertions, 0 deletions
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index e80becfa7..98145274c 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -254,6 +254,36 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; }; + querel = { + ci = true; + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.22.22"; + ip6.addr = "42::2222"; + aliases = [ + "querel.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEArv9eB8acpUhJwRaLY9kGeM7DEPvInVvoduEbec10p4Y2PFx2MjSz + 2OhyxFRkONC4EMV9oVTKD+NRtpbRGZGLYD8ZPB622SvccgB0XnL6ZZfie1feSgrn + bPyVnX8EnEgtx9IQckHyaxWgtyrluJnY2CbLkCYgD+50KFT12rdHyAa3+QoYU65x + ACQo28i9xIpsl6dm7iWBb+ecHc7fST35OqWywtVxSpHPe1nvwaYm1p3rqqtkCGVh + iXE5ruAscri7Dskc5dGR1p7LquhBaebuylH6sfRKA6kre05+/IkXi+JLeAmAtJ+W + xezYlecEvxhguql9ZmSYAYkR4KknZb56KtvCnm29o0evvEpsaYcbtgq1D0JhoGyk + 4DixS5e+5dg470icVKxPfz1AzejxrTUTtMlI28qjAIx1FcmCBGM+T6yHs/MhNGbf + aqUmN+FwtsJ2QWFYqu9zjxxyAfrAw+gqHm0LnsKK1ttwF/2fYCTRLowY+ItB3axs + UVq7DQxyunyYalKGX2RSJ5BHczREHrfgX43HCSlcAuMuow9jHLOjzul0A49rSZ9E + vOPqbjrki0KEEQj0HN3Ax4UVqZ6mPWaTQzuup+bPQ/2Sjkx6COzMSAPmKo4l6DkA + J++ZonpnOCUkwCeCU6qJgMuHeXn0uh117Ypj/3J9eKYMO/RTSs3x8l0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFM2GdL9yOjSBmYBE07ClywNOADc/zxqXwZuWd7Mael root@querel.r"; + }; xu = { binary-cache = { pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s="; @@ -339,6 +369,8 @@ with import <stockholm/lib>; dv = { mail = "dv@alnus.r"; }; + itak = { + }; mv-ni = { mail = "mv@ni.r"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod"; diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix new file mode 100644 index 000000000..b564383d7 --- /dev/null +++ b/tv/1systems/querel/config.nix @@ -0,0 +1,95 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: { + + imports = [ + <stockholm/krebs> + <stockholm/tv/2configs> + <stockholm/tv/3modules> + <stockholm/tv/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.querel; + krebs.build.user = mkForce config.krebs.users.itak; + + boot.initrd.availableKernelModules = [ "ahci" ]; + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices.querel-luks1 = { + allowDiscards = true; + device = "/dev/sda2"; + }; + }; + boot.kernelModules = [ "kvm-intel" ]; + boot.loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + + environment.systemPackages = with pkgs; [ + firefoxWrapper + gimp + kate + libreoffice + (pkgs.pidgin-with-plugins.override { + plugins = [ pkgs.pidginotr ]; + }) + sxiv + texlive.combined.scheme-full + vim + zathura + ]; + + fileSystems = { + "/" = { + device = "/dev/mapper/querel-root"; + fsType = "ext4"; + options = [ "defaults" "discard" ]; + }; + "/home" = { + device = "/dev/mapper/querel-home"; + fsType = "ext4"; + options = [ "defaults" "discard" ]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + }; + + hardware.enableRedistributableFirmware = true; + hardware.pulseaudio.enable = true; + + i18n.defaultLocale = "de_DE.UTF-8"; + + networking.networkmanager.enable = true; + + programs.ssh.startAgent = false; + + services.printing = { + enable = true; + }; + + services.xserver.enable = true; + services.xserver.layout = "de"; + services.xserver.xkbOptions = "eurosign:e"; + + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + }; + + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.displayManager.auto = { + enable = true; + user = "itak"; + }; + + users.users.itak = { + inherit (config.krebs.users.itak) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; +} diff --git a/tv/1systems/querel/source.nix b/tv/1systems/querel/source.nix new file mode 100644 index 000000000..74eab51e4 --- /dev/null +++ b/tv/1systems/querel/source.nix @@ -0,0 +1,3 @@ +import <stockholm/tv/source.nix> { + name = "querel"; +} |