Merge remote-tracking branch 'prism/master'

12 files changed, 238 insertions, 14 deletions

diff --git a/krebs/3modules/external/kmein.nix b/krebs/3modules/external/kmein.nix
index 4605fbdf0..6e4457eae 100644
--- a/krebs/3modules/external/kmein.nix
+++ b/krebs/3modules/external/kmein.nix
@@ -125,6 +125,7 @@ in
           "grocy.kmein.r"
           "moodle.kmein.r"
           "radio.kmein.r"
+          "home.kmein.r"
         ];
         tinc.pubkey = ''
           -----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index db57b5944..b62ece0c7 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -146,7 +146,6 @@ in {
       owner = config.krebs.users.mic92;
       nets = rec {
         retiolum = {
-          ip4.addr = "10.243.29.177";
           aliases = [ "herbert.r" ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -163,6 +162,9 @@ in {
     };
     eve = {
       owner = config.krebs.users.mic92;
+      extraZones."krebsco.de" = ''
+        mukke     IN CNAME eve.thalheim.io.
+      '';
       nets = rec {
         internet = {
           # eve.thalheim.io
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 68484a102..d63277132 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -154,6 +154,8 @@ in {
         "krebsco.de" = ''
           latte.euer     IN A      ${nets.internet.ip4.addr}
           rss.euer          IN A      ${nets.internet.ip4.addr}
+          o.euer            IN A      ${nets.internet.ip4.addr}
+          bw.euer           IN A      ${nets.internet.ip4.addr}
         '';
       };
       cores = 4;
@@ -217,7 +219,6 @@ in {
           mon.euer          IN A      ${nets.internet.ip4.addr}
           netdata.euer      IN A      ${nets.internet.ip4.addr}
           nixos.unstable    IN CNAME  krebscode.github.io.
-          o.euer            IN A      ${nets.internet.ip4.addr}
           photostore        IN A      ${nets.internet.ip4.addr}
           pigstarter        IN CNAME  makefu.github.io.
           share.euer        IN A      ${nets.internet.ip4.addr}
@@ -233,14 +234,13 @@ in {
           maps.work.euer    IN A      ${nets.internet.ip4.addr}
           play.work.euer    IN A      ${nets.internet.ip4.addr}
           ul.work.euer      IN A      ${nets.internet.ip4.addr}
-          bw.euer           IN A      ${nets.internet.ip4.addr}
         '';
       };
       cores = 8;
       nets = rec {
         internet = {
-          ip4.addr = "144.76.26.247";
-          ip6.addr = "2a01:4f8:191:12f6::2";
+          ip4.addr = "142.132.189.140";
+          ip6.addr = "fe80::9400:1ff:fe24:33f4";
           aliases = [
             "gum.i"
           ];
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index c9b40c10f..e7760128f 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "4275a321beab5a71872fb7a5fe5da511bb2bec73",
-  "date": "2022-02-23T13:42:45-08:00",
-  "path": "/nix/store/g521qhbql6116naa3fjgga6dm0r24ynx-nixpkgs",
-  "sha256": "1p3pn7767ifbg08nmgjd93iqk0z87z4lv29ypalj9idwd3chsm69",
+  "rev": "47cd6702934434dd02bc53a67dbce3e5493e33a2",
+  "date": "2022-03-04T16:09:08+01:00",
+  "path": "/nix/store/xbb640k873m7nmchdrnijl0f9n540ys6-nixpkgs",
+  "sha256": "1rvp9gx7n0gppc86bcysaybw79zl3y8yninsgz6rawdjprzvg7y6",
   "fetchLFS": false,
   "fetchSubmodules": false,
   "deepClone": false,
diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix
index 0e6bddf5e..dd8308bbd 100644
--- a/lass/1systems/coaxmetal/config.nix
+++ b/lass/1systems/coaxmetal/config.nix
@@ -66,4 +66,6 @@
     enable = true;
     client.enable = true;
   };
+
+  documentation.nixos.enable = true;
 }
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index e2163b688..f03d8b568 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -221,4 +221,7 @@ with import <stockholm/lib>;
   time.timeZone = mkDefault"Europe/Berlin";
 
   system.stateVersion = mkDefault "20.03";
+
+  # disable doc usually
+  documentation.nixos.enable = mkDefault false;
 }
diff --git a/lass/3modules/nichtparasoup.nix b/lass/3modules/nichtparasoup.nix
index 632481b69..c18c942d1 100644
--- a/lass/3modules/nichtparasoup.nix
+++ b/lass/3modules/nichtparasoup.nix
@@ -24,7 +24,120 @@ with import <stockholm/lib>;
         [Sites]
         SoupIO: everyone
         Pr0gramm: new,top
-        Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,educationalgifs,EngineeringPorn,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected
+        Reddit: ${lib.concatStringsSep "," [
+          "2healthbars"
+          "abandonedporn"
+          "animalsbeingderps"
+          "ANormalDayInRussia"
+          "assholedesign"
+          "AwesomeOffBrands"
+          "bizarrebuildings"
+          "bonehurtingjuice"
+          "boottoobig"
+          "bossfight"
+          "bravofotogeschichten"
+          "breathinginformation"
+          "buddhistmemes"
+          "cablefail"
+          "cableporn"
+          "catastrophicfailure"
+          "chairsunderwater"
+          "clevercomebacks"
+          "confusingperspective"
+          "conni"
+          "crappydesign"
+          "cursedcomments"
+          "desirepath"
+          "doenerverbrechen"
+          "dontdeadopeninside"
+          "educationalgifs"
+          "EngineeringPorn"
+          "eyebleach"
+          "forbiddensnacks"
+          "funnyanimals"
+          "gifs"
+          "Gittertiere"
+          "goodboomerhumor"
+          "grssk"
+          "halthoch"
+          "hmm"
+          "hmmm"
+          "holdmybeer"
+          "holup"
+          "iamatotalpieceofshit"
+          "ichbin40undlustig"
+          "idiotsincars"
+          "illegallysmolcats"
+          "infokriegerkutschen"
+          "instagramreality"
+          "instant_regret"
+          "itrunsdoom"
+          "itsaunixsystem"
+          "kamikazebywords"
+          "keming"
+          "kidsarefuckingstupid"
+          "kitchenconfidential"
+          "laughingbuddha"
+          "LiminalSpace"
+          "loadingicon"
+          "MachinePorn"
+          "mallninjashit"
+          "michaelbaygifs"
+          "mildlyinfuriating"
+          "miscatculations"
+          "natureisfuckinglit"
+          "nononoyesno"
+          "notinteresting"
+          "notliketheothergirls"
+          "oddlysatisfying"
+          "ofcoursethatsathing"
+          "okbuddylinux"
+          "OSHA"
+          "PeopleFuckingDying"
+          "Perfectfit"
+          "perfectloops"
+          "PerfectTiming"
+          "picsofunusualbirds"
+          "PixelArt"
+          "pizzacrimes"
+          "prequelmemes"
+          "Prisonwallet"
+          "reactiongifs"
+          "RealFakeDoors"
+          "reallifedoodles"
+          "RetroFuturism"
+          "robotsbeingjerks"
+          "SchizophreniaRides"
+          "scriptedasiangifs"
+          "shitposting"
+          "shittyfoodporn"
+          "shittyrobots"
+          "softwaregore"
+          "specializedtools"
+          "spicypillows"
+          "StallmanWasRight"
+          "startledcats"
+          "startrekstabilized"
+          "stupidfood"
+          "techsupportgore"
+          "thathappened"
+          "ThingsCutInHalfPorn"
+          "totallynotrobots"
+          "trippinthroughtime"
+          "Unexpected"
+          "urbanexploration"
+          "wasletztepreis"
+          "wellthatsucks"
+          "wertekinder"
+          "wewantplates"
+          "whatcouldgowrong"
+          "whatsthisbug"
+          "whatsthisplant"
+          "whatswrongwithyourdog"
+          "whenthe"
+          "yesyesyesyesno"
+          "youseeingthisshit"
+        ]}
         NineGag: geeky,wtf,hot,trending
         Instagram: nature,wtf
         Fourchan: sci
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 089fc8e9f..540106004 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -8,7 +8,7 @@ let
 in {
   imports = [
       <stockholm/makefu>
-      ./hardware-config.nix
+      ./hetznercloud
       {
         users.users.lass = {
           uid = 19002;
@@ -42,7 +42,7 @@ in {
       <stockholm/makefu/2configs/tools/core.nix>
       <stockholm/makefu/2configs/tools/dev.nix>
       <stockholm/makefu/2configs/tools/sec.nix>
-      <stockholm/makefu/2configs/tools/desktop.nix>
+      #<stockholm/makefu/2configs/tools/desktop.nix>
 
       <stockholm/makefu/2configs/zsh-user.nix>
       <stockholm/makefu/2configs/mosh.nix>
@@ -109,7 +109,6 @@ in {
       <stockholm/makefu/2configs/share/gum.nix> # samba sahre
       <stockholm/makefu/2configs/torrent/rtorrent.nix>
       # <stockholm/makefu/2configs/sickbeard>
-      <stockholm/makefu/2configs/bitwarden.nix>
 
       { nixpkgs.config.allowUnfree = true; }
       #<stockholm/makefu/2configs/retroshare.nix>
@@ -189,7 +188,7 @@ in {
     ];
 
   # makefu.dl-dir = "/var/download";
-  makefu.dl-dir = "/media/cloud/download";
+  makefu.dl-dir = "/media/cloud/download/finished";
 
   services.openssh.hostKeys = lib.mkForce [
     { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
diff --git a/makefu/1systems/gum/hetznercloud/default.nix b/makefu/1systems/gum/hetznercloud/default.nix
new file mode 100644
index 000000000..cfcd894af
--- /dev/null
+++ b/makefu/1systems/gum/hetznercloud/default.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+
+  imports =
+    [ ./network.nix
+      (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  # Disk
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "rpool/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "rpool/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "rpool/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/sda1";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+  boot.loader.grub.device = "/dev/sda";
+
+  networking.hostId = "3150697b"; # required for zfs use
+  boot.tmpOnTmpfs = true;
+  boot.supportedFilesystems = [ "zfs" ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.copyKernels = true;
+  boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
+  boot.kernelParams = [
+    "boot.shell_on_fail"
+    "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+  ];
+}
diff --git a/makefu/1systems/gum/hetznercloud/doit b/makefu/1systems/gum/hetznercloud/doit
new file mode 100644
index 000000000..45798587a
--- /dev/null
+++ b/makefu/1systems/gum/hetznercloud/doit
@@ -0,0 +1,13 @@
+ROOT_DEVICE=/dev/sda2
+NIXOS_BOOT=/dev/sda1
+
+zpool create -o ashift=12 -o altroot=/mnt rpool $ROOT_DEVICE
+zfs create -o mountpoint=legacy rpool/root
+zfs create -o mountpoint=legacy rpool/home
+zfs create -o mountpoint=legacy rpool/nix
+mount -t zfs rpool/root /mnt
+mkdir /mnt/{home,nix,boot}
+mount -t zfs rpool/home /mnt/home
+mount -t zfs rpool/nix /mnt/nix
+mount $NIXOS_BOOT /mnt/boot/
+
diff --git a/makefu/1systems/gum/hetznercloud/network.nix b/makefu/1systems/gum/hetznercloud/network.nix
new file mode 100644
index 000000000..24fe3842f
--- /dev/null
+++ b/makefu/1systems/gum/hetznercloud/network.nix
@@ -0,0 +1,35 @@
+{ config, lib, pkgs, modulesPath, ... }:
+let
+  external-mac = "96:00:01:24:33:f4";
+  external-gw = "172.31.1.1";
+  external-ip = "142.132.189.140";
+  external-ip6 = "2a01:4f8:1c17:5cdf::2/64";
+  external-gw6 = "fe80::1";
+  external-netmask = 32;
+  external-netmask6 = 64;
+  internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+  ext-if = "et0"; # gets renamed on the fly
+in
+{
+  makefu.server.primary-itf = ext-if;
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
+  '';
+  networking = {
+    interfaces."${ext-if}" = {
+      useDHCP = true;
+    };
+    #ipv4.addresses = [{
+    #  address = external-ip;
+    #  prefixLength = external-netmask;
+    #}];
+    #ipv6.addresses = [{
+    #    address = external-ip6;
+    #    prefixLength = external-netmask6;
+    #  }];
+    #};
+    #defaultGateway6 = { address = external-gw6; interface = ext-if; };
+    #defaultGateway = external-gw;
+    nameservers = [ "1.1.1.1" ];
+  };
+}
diff --git a/makefu/1systems/gum/hetznercloud/sfdisk.part b/makefu/1systems/gum/hetznercloud/sfdisk.part
new file mode 100644
index 000000000..fb375b15a
--- /dev/null
+++ b/makefu/1systems/gum/hetznercloud/sfdisk.part
@@ -0,0 +1,6 @@
+label: gpt
+device: /dev/sda
+unit: sectors
+1 : size=524288 type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
+4 : size=4096 type=21686148-6449-6E6F-744E-656564454649
+2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4