-{ config, ... }:
-with config.krebs.lib;
- hosts = mapAttrs (_: setAttr "owner" {
- stro = {
- cores = 4;
- nets = {
- retiolum = {
- ip4.addr = "";
- ip6.addr = "42:0:0:0:0:0:111:111";
- aliases = [
- "stro.retiolum"
- "cgit.stro.retiolum"
- ];
- tinc.pubkey = ''
- MIIBCgKCAQEA0vIzLyoetOyi3R7qOh3gjSvUVjPEdqCvd0NEevDCIhhFy0nIbZ/b
- vnuk3EUeTb6e384J8fKB4agig0JeR3JjtDvtjy5g9Cdy2nrU71w8wqU0etmv2PTb
- FjbCFfeBXn0N3U7gXwjZGCvjAXa1a4jGb4R2iYBYGG3aY4reCN8B8Ah81h+S0oLg
- ZJJfaBmWM5vNRFEI5X4CLaVnwtsoZuXIjYStgNn/9Mg/Y6NQS0H0H+HFeyhigAqG
- oYGqNar/2QqPU176V/FwrD30F3qJV1uyzuPta7hmdfOxqYjZ/jqdPSRYtlunYYcq
- XbH5oYmzO9NEeVWzjdac/DiV2OP8HufoYwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
- };
- };
- users = {
- mv-stro = {
- mail = "mv@stro.retiolum";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxM34g1GUm5EtU00DAOlGSx8MsCWunhGTrozurj460QT7EdUbZvj0AcrQC0lP9kaZyhX+KueTjmLC+ICsnlHYeg4zoSEnSAUkccuyZxfgynVc4wrpfNAc1nHjDhDb/ulnC+8wNxvxUpI0XlBgu/Y7AbbChZj3ofv6uGGHJKfG3uSyCkt9VTCi1KwydHpe9P252N8NbopnbnkT0EMkRHruh7ICEKr4/ivmUL/IUrbFicEeCy4SeRAl8+00x4WqqvbBPzgdXn0AIjKLvus3dBoQubJNpUoXnyXJbElnit5a7QcgZJNLMbV0kf9zzCGduxkADzHkAFB9D4PuSMYt62iy12QlGbm80A9ncuwaSyJf7hPTvNbU8VyCblyfRz/SCaudUrfk5Xbxxu26FHi4hZqr3IUQt4T8pD8JWYGl4n2ZKnD8hHz/jrmNBK8h9d+VFafU9t1hRxlFsW1AhMEM+kfWClyhfTcKBKbml2a657lgUEVmlZt+18kwwsivM1QhHNTgxn5urRXRkh1VQ40UQroVuV1OUmvAngyAthF441VPGc5z7kEI+D4qjmUjSy6k4dvEy/RGfsAgJCf63zilRuUbL68f2OpxE8aeZZUXPvgdLml284pry7+C5sjlnCDoJfCj/yhdVx6mU9pWUd/Q97CLQewbsYhMzsqlBlIkXuipkDQ== mv@stro";
- };
- };
-{ config, lib, pkgs, ... }:
-with config.krebs.lib;
- = config.krebs.hosts.stro;
- =
- "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a";
- imports = [
- ../.
- ../2configs/hw/x220.nix
- ../2configs/git.nix
- ../2configs/mail-client.nix
- ../2configs/xserver
- {
- environment.systemPackages = with pkgs; [
- # stockholm
- genid
- gnumake
- hashPassword
- lentil
- parallel
- (pkgs.writeScriptBin "im" ''
- #! ${pkgs.bash}/bin/bash
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
- # root
- cryptsetup
- ntp # ntpate
- # tv
- bc
- bind # dig
- #cac
- dic
- file
- gnupg21
- haskellPackages.hledger
- htop
- jq
- manpages
- mkpasswd
- netcat
- nix-repl
- nmap
- p7zip
- pass
- posix_man_pages
- qrencode
- texLive
- tmux
- #ack
- #apache-httpd
- #ascii
- #emacs
- #es
- #esniper
- #gcc
- #gptfdisk
- #graphviz
- #haskellPackages.cabal2nix
- #haskellPackages.ghc
- #haskellPackages.shake
- #hdparm
- #i7z
- #iftop
- #imagemagick
- #inotifyTools
- #iodine
- #iotop
- #lshw
- #lsof
- #minicom
- #mtools
- #ncmpc
- #nethogs
- #nix-prefetch-scripts #cvs bug
- #openssl
- #openswan
- #parted
- #perl
- #powertop
- #ppp
- #proot
- #pythonPackages.arandr
- #racket
- #rxvt_unicode-with-plugins
- #scrot
- #sec
- #silver-searcher
- #sloccount
- #smartmontools
- #socat
- #sshpass
- #strongswan
- #sysdig
- #sysstat
- #tcpdump
- #tlsdate
- #unetbootin
- #utillinuxCurses
- #wvdial
- #xdotool
- #xkill
- #xl2tpd
- #xsel
- unison
- ];
- }
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "http"
- "tinc"
- "smtp"
- ];
- };
- }
- {
- krebs.exim-retiolum.enable = true;
- }
- {
- krebs.nginx = {
- enable = true;
- servers.default.locations = [
- (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '')
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "cd"
- "gum"
- "wry"
- ];
- };
- }
- ];
- boot.initrd.luks = {
- cryptoModules = [ "aes" "sha512" "xts" ];
- devices = [
- { name = "xuca"; device = "/dev/sda2"; }
- ];
- };
- fileSystems = {
- "/" = {
- device = "/dev/mapper/xuvga-root";
- fsType = "btrfs";
- options = "defaults,noatime,ssd,compress=lzo";
- };
- "/home" = {
- device = "/dev/mapper/xuvga-home";
- fsType = "btrfs";
- options = "defaults,noatime,ssd,compress=lzo";
- };
- "/boot" = {
- device = "/dev/sda1";
- };
- "/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = "nosuid,nodev,noatime";
- };
- };
- nixpkgs.config.chromium.enablePepperFlash = true;
- #nixpkgs.config.allowUnfreePredicate = pkg:
- # pkgs.lib.hasPrefix "virtualbox";
- #nixpkgs.config.allowUnfree = true;
- #hardware.bumblebee.enable = true;
- = "video";
- hardware.enableAllFirmware = true;
- #hardware.opengl.driSupport32Bit = true;
- hardware.pulseaudio.enable = true;
- environment.systemPackages = with pkgs; [
- #xlibs.fontschumachermisc
- #slock
- ethtool
- #firefoxWrapper # with plugins
- #chromiumDevWrapper
- tinc
- iptables
- #jack2
- gptfdisk
- ];
- security.setuidPrograms = [
- "sendmail" # for cron
- ];
- services.bitlbee.enable = true;
- services.printing.enable = true;
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
- # see tmpfiles.d(5)
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -" # does this work with mounted /tmp?
- ];
- #virtualisation.libvirtd.enable = true;
- #services.bitlbee.enable = true;
- #services.tor.client.enable = true;
- #services.tor.enable = true;
- #nixpkgs.config.virtualbox.enableExtensionPack = true;
- # XXX Enable for maximum slowness:
- = true;
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "15.09";
