summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2019-09-25 15:21:03 +0200
committermakefu <github@syntax-fehler.de>2019-09-25 15:21:03 +0200
commitbe19e6a618df0cdb44ce91f58efbc16e9d01f076 (patch)
tree3860e1e8018a17ffd81a533b034ec5da18082508
parentab8cb5c12627f37f28ee62afb783548c90354fed (diff)
parent53c6b483ba2a17589a5e9656eeb6cbcfbde24383 (diff)
Merge remote-tracking branch 'lass/master'
-rw-r--r--krebs/3modules/lass/default.nix40
-rw-r--r--krebs/3modules/tinc.nix8
-rw-r--r--krebs/5pkgs/haskell/blessings.nix17
-rw-r--r--krebs/nixpkgs-unstable.json7
-rw-r--r--krebs/nixpkgs.json6
-rwxr-xr-xkrebs/update-nixpkgs-unstable.sh9
-rwxr-xr-xkrebs/update-nixpkgs.sh (renamed from krebs/update-channel.sh)0
-rw-r--r--lass/1systems/hilum/config.nix28
-rw-r--r--lass/1systems/hilum/physical.nix35
-rw-r--r--lass/1systems/mors/config.nix2
-rw-r--r--lass/1systems/prism/config.nix8
-rw-r--r--lass/1systems/prism/physical.nix5
-rw-r--r--lass/1systems/shodan/config.nix87
-rw-r--r--lass/1systems/shodan/physical.nix1
-rw-r--r--lass/2configs/backup.nix1
-rw-r--r--lass/2configs/baseX.nix11
-rw-r--r--tv/3modules/default.nix1
-rw-r--r--tv/3modules/focus.nix4
18 files changed, 249 insertions, 21 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index a8314e11c..78f3542fa 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -638,6 +638,46 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
};
+ hilum = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.20.123";
+ ip6.addr = r6 "005b";
+ aliases = [
+ "hilum.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb
+ pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi
+ V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c
+ SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh
+ 4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE
+ saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz
+ vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY
+ 8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ
+ wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3
+ RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh
+ Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl
+ 87b8jfJNXlKFW+EBxBxN2uECAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ wiregrill = {
+ ip6.addr = w6 "005b";
+ aliases = [
+ "hilum.w"
+ ];
+ wireguard.pubkey = ''
+ 0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw=
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w";
+ syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC";
+ };
};
users = rec {
lass = lass-blue;
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 24eac7158..ed00d187c 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -110,8 +110,12 @@ let
hostsArchive = mkOption {
type = types.package;
default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} ''
- ${pkgs.coreutils}/bin/ln -s ${tinc.config.hostsPackage} hosts
- ${pkgs.gnutar}/bin/tar -hcjf $out hosts
+ cp \
+ --no-preserve=mode \
+ --recursive \
+ ${tinc.config.hostsPackage} \
+ hosts
+ ${pkgs.gnutar}/bin/tar -cjf $out hosts
'';
readOnly = true;
};
diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix
index 55f2d17d0..b0e81fdc1 100644
--- a/krebs/5pkgs/haskell/blessings.nix
+++ b/krebs/5pkgs/haskell/blessings.nix
@@ -6,19 +6,10 @@ with import <stockholm/lib>;
version = "1.1.0";
sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
};
- "18.09" = {
- version = "2.2.0";
- sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
- };
- "19.03" = {
- version = "2.2.0";
- sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
- };
- "19.09" = {
- version = "2.2.0";
- sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
- };
- }.${versions.majorMinor version};
+ }.${versions.majorMinor version} or {
+ version = "2.2.0";
+ sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
+ };
in mkDerivation {
pname = "blessings";
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
new file mode 100644
index 000000000..5f8f0c771
--- /dev/null
+++ b/krebs/nixpkgs-unstable.json
@@ -0,0 +1,7 @@
+{
+ "url": "https://github.com/NixOS/nixpkgs-channels",
+ "rev": "d484f2b7fc0834a068e8ace851faa449a03963f5",
+ "date": "2019-09-20T22:58:43+02:00",
+ "sha256": "0jk93ikryi2hqc30l2n5i4vlgmklrlzb8cf7b3sg1q3k70q344jn",
+ "fetchSubmodules": false
+}
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index a72f5cad5..f1dd0bf6d 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "8a30e242181410931bcd0384f7147b6f1ce286a2",
- "date": "2019-09-10T08:24:01-04:00",
- "sha256": "0574zwcgy3pqjcxli4948sd3sy6h0qw6fvsm4r530gqj41gpwf6b",
+ "rev": "021d733ea3f87b8c9232020b4e606d08eaca160b",
+ "date": "2019-09-20T08:20:21+02:00",
+ "sha256": "13600nzrakvg2hsfg5yr7x0jp9m762nvjyddf07q60d3m7vx9jxy",
"fetchSubmodules": false
}
diff --git a/krebs/update-nixpkgs-unstable.sh b/krebs/update-nixpkgs-unstable.sh
new file mode 100755
index 000000000..068da5f6f
--- /dev/null
+++ b/krebs/update-nixpkgs-unstable.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+dir=$(dirname $0)
+oldrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
+nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
+ --url https://github.com/NixOS/nixpkgs-channels \
+ --rev refs/heads/nixos-unstable' \
+> $dir/nixpkgs-unstable.json
+newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
+git commit $dir/nixpkgs.json -m "nixpkgs-unstable: $oldrev -> $newrev"
diff --git a/krebs/update-channel.sh b/krebs/update-nixpkgs.sh
index 08354357a..08354357a 100755
--- a/krebs/update-channel.sh
+++ b/krebs/update-nixpkgs.sh
diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix
new file mode 100644
index 000000000..998fa1478
--- /dev/null
+++ b/lass/1systems/hilum/config.nix
@@ -0,0 +1,28 @@
+{ config, ... }:
+{
+ imports = [
+ <stockholm/lass>
+
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/baseX.nix>
+ <stockholm/lass/2configs/browsers.nix>
+ <stockholm/lass/2configs/programs.nix>
+ <stockholm/lass/2configs/network-manager.nix>
+ <stockholm/lass/2configs/mail.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.hilum;
+
+ boot.loader.grub.extraEntries = ''
+ menuentry "grml" {
+ iso_path=/isos/grml.iso
+ export iso_path
+ search --set=root --file $iso_path
+ loopback loop $iso_path
+ root=(loop)
+ configfile /boot/grub/loopback.cfg
+ loopback --delete loop
+ }
+ '';
+}
diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix
new file mode 100644
index 000000000..f8bab57d6
--- /dev/null
+++ b/lass/1systems/hilum/physical.nix
@@ -0,0 +1,35 @@
+{ lib, pkgs, ... }:
+
+{
+ imports = [
+ ./config.nix
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
+ boot.initrd.kernelModules = [ "dm-snapshot" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.efiSupport = true;
+ boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0";
+ boot.loader.grub.efiInstallAsRemovable = true;
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2";
+ fsType = "ext4";
+ };
+
+ boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4";
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/2B9E-5131";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 5076beeef..1477d6d8b 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -54,7 +54,7 @@ with import <stockholm/lib>;
folders = {
the_playlist = {
path = "/home/lass/tmp/the_playlist";
- peers = [ "mors" "phone" "prism" ];
+ peers = [ "mors" "phone" "prism" "xerxes" ];
};
free_music = {
id = "mu9mn-zgvsw";
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index eec8e34b8..845cf943c 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -31,7 +31,15 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
];
+ packages = [
+ (pkgs.writeDashBin "kick-routing" ''
+ /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
+ '')
+ ];
};
+ security.sudo.extraConfig = ''
+ riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
+ '';
# TODO write function for proxy_pass (ssl/nonssl)
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 9a84e9d63..7458f5ffd 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -20,6 +20,11 @@
fsType = "ext4";
};
+ fileSystems."/backups" = {
+ device = "tank/backups";
+ fsType = "zfs";
+ };
+
fileSystems."/srv/http" = {
device = "tank/srv-http";
fsType = "zfs";
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index 5de87d790..ad510283f 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -17,6 +17,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/green-host.nix>
<stockholm/lass/2configs/ssh-cryptsetup.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
];
krebs.build.host = config.krebs.hosts.shodan;
@@ -24,4 +25,90 @@ with import <stockholm/lib>;
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
+
+ #media center
+ users.users.media = {
+ isNormalUser = true;
+ uid = genid_uint31 "media";
+ extraGroups = [ "video" "audio" ];
+ };
+
+ services.xserver.displayManager.lightdm.autoLogin = {
+ enable = true;
+ user = "media";
+ };
+
+ #hass
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 1883"; target = "ACCEPT"; }
+ # zerotierone
+ { predicate = "-p udp --dport 9993"; target = "ACCEPT"; }
+ ];
+
+ services.home-assistant = let
+ tasmota_s20 = name: topic: {
+ platform = "mqtt";
+ inherit name;
+ state_topic = "stat/${topic}/POWER";
+ command_topic = "cmnd/${topic}/POWER";
+ payload_on = "ON";
+ payload_off = "OFF";
+ };
+ in {
+ enable = true;
+ package = pkgs.home-assistant.override {
+ python3 = pkgs.python36;
+ #extraComponents = [
+ # (pkgs.fetchgit {
+ # url = "https://github.com/marcschumacher/dwd_pollen";
+ # rev = "0.1";
+ # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p";
+ # })
+ #];
+ };
+ config = {
+ homeassistant = {
+ name = "Home"; time_zone = "Europe/Berlin";
+ latitude = "48.7687";
+ longitude = "9.2478";
+ elevation = 247;
+ };
+ sun.elevation = 66;
+ discovery = {};
+ frontend = { };
+ mqtt = {
+ broker = "localhost";
+ port = 1883;
+ client_id = "home-assistant";
+ username = "gg23";
+ password = "gg23-mqtt";
+ keepalive = 60;
+ protocol = 3.1;
+ };
+ sensor = [
+ ];
+ switch = [
+ (tasmota_s20 "Drucker Strom" "drucker")
+ (tasmota_s20 "Bett Licht" "bett")
+ ];
+ device_tracker = [
+ {
+ platform = "luci";
+ }
+ ];
+ };
+ };
+
+ services.mosquitto = {
+ enable = true;
+ host = "0.0.0.0";
+ allowAnonymous = false;
+ checkPasswords = true;
+ users.gg23 = {
+ password = "gg23-mqtt";
+ acl = [ "topic readwrite #" ];
+ };
+ };
+ environment.systemPackages = [ pkgs.mosquitto ];
}
diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix
index 41508127c..7cfeba932 100644
--- a/lass/1systems/shodan/physical.nix
+++ b/lass/1systems/shodan/physical.nix
@@ -13,7 +13,6 @@
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
};
fileSystems = {
"/" = {
diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix
index 94272fdb0..f5c241785 100644
--- a/lass/2configs/backup.nix
+++ b/lass/2configs/backup.nix
@@ -6,6 +6,7 @@ with import <stockholm/lib>;
useDefaultShell = true;
home = "/backups";
createHome = true;
+ group = "syncthing";
openssh.authorizedKeys.keys = with config.krebs.hosts; [
blue.ssh.pubkey
];
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 5003d2279..ecbb7541f 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -59,6 +59,7 @@ in {
environment.systemPackages = with pkgs; [
acpi
+ acpilight
ag
cabal2nix
cholerab
@@ -72,6 +73,7 @@ in {
lm_sensors
ncdu
nix-index
+ nix-review
nmap
pavucontrol
powertop
@@ -79,9 +81,10 @@ in {
sxiv
taskwarrior
termite
+ transgui
+ wirelesstools
xclip
xephyrify
- xorg.xbacklight
xorg.xhost
xsel
zathura
@@ -94,6 +97,12 @@ in {
xlibs.fontschumachermisc
];
+ services.udev.extraRules = ''
+ SUBSYSTEM=="backlight", ACTION=="add", \
+ RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", \
+ RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
+ '';
+
services.xserver = {
enable = true;
layout = "us";
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index edaf50f03..db2cdcd1f 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -3,6 +3,7 @@
./charybdis
./dnsmasq.nix
./ejabberd
+ ./focus.nix
./hosts.nix
./iptables.nix
./slock.nix
diff --git a/tv/3modules/focus.nix b/tv/3modules/focus.nix
new file mode 100644
index 000000000..b1a7b2e52
--- /dev/null
+++ b/tv/3modules/focus.nix
@@ -0,0 +1,4 @@
+with import <stockholm/lib>;
+{
+ options.tv.focus.enable = mkEnableOption "tv.focus";
+}