summaryrefslogtreecommitdiffstats
path: root/jeschli/1systems
diff options
context:
space:
mode:
authorlassulus <lass@blue.r>2018-09-29 19:07:07 +0200
committerlassulus <lass@blue.r>2018-09-29 19:07:07 +0200
commitb9380d6aba5f4ad04cedc4fb6a4213949791e830 (patch)
tree84b386b3c68aa46d982d3018984519914952e9d8 /jeschli/1systems
parentd04fa5351158f91f8c38f1b0cc072def3f357e05 (diff)
parent6cf8b42c0bf5b256db0bcd3c051c528052cfe5b2 (diff)
Merge remote-tracking branch 'enklave/master'
Diffstat (limited to 'jeschli/1systems')
-rw-r--r--jeschli/1systems/bln/config.nix173
-rw-r--r--jeschli/1systems/bln/dcso-vpn.nix44
-rw-r--r--jeschli/1systems/bln/hardware-configuration.nix35
-rw-r--r--jeschli/1systems/brauerei/config.nix13
4 files changed, 13 insertions, 252 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
deleted file mode 100644
index 6e3c3bec8..000000000
--- a/jeschli/1systems/bln/config.nix
+++ /dev/null
@@ -1,173 +0,0 @@
-{ config, lib, pkgs, ... }:
-# bln config file
-{
- imports = [
- ./hardware-configuration.nix
- <stockholm/jeschli>
- <stockholm/jeschli/2configs/virtualbox.nix>
- <stockholm/jeschli/2configs/urxvt.nix>
- <stockholm/jeschli/2configs/emacs.nix>
- <stockholm/jeschli/2configs/xdg.nix>
- <stockholm/jeschli/2configs/xserver>
-# <stockholm/jeschli/1systems/bln/dcso-vpn.nix>
- <stockholm/jeschli/2configs/officevpn.nix>
- ];
-
-# boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
- boot.loader.efi.efiSysMountPoint = "/boot";
- boot.loader.grub = {
- devices = [ "nodev" ];
- efiSupport = true;
- enable = true;
- extraEntries = ''
- menuentry "Debian" {
- insmod ext2
- insmod chain
- chainloader /EFI/debian/grubx64.efi
- }
- '';
- version = 2;
- };
-
- jeschliFontSize = 20;
-
- environment.shellAliases = {
- n = "nix-shell";
- gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
- gh = "cd /home/markus/go/src/github.com";
- stocki = pkgs.writeDash "deploy" ''
- cd ~/stockholm
- LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"'
- '';
- };
- networking.hostName = lib.mkForce "BLN02NB0232";
- networking.networkmanager.enable = true;
-
- # Set your time zone.
- time.timeZone = "Europe/Berlin";
-
- # Setup Packages
- nixpkgs.config.allowUnfree = true;
- environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
- environment.systemPackages = with pkgs; [
- termite
- # system helper
- ag
- copyq
- dmenu
- git
- tig
- i3lock
- keepass
- networkmanagerapplet
- rsync
- terminator
- tmux
- wget
- rxvt_unicode
- # editors
- emacs
- # databases
- sqlite
- # internet
- thunderbird
- chromium
- google-chrome
- # programming languages
- elmPackages.elm
- go
- gcc
- ghc
- python35
- python35Packages.pip
- # go tools
- golint
- gotools
- # dev tools
- gnumake
- jetbrains.pycharm-professional
- jetbrains.webstorm
- jetbrains.goland
- jetbrains.datagrip
- texlive.combined.scheme-full
- pandoc
- redis
- vagrant
- # document viewer
- zathura
-
- samba
- ];
-
-
- programs.bash.enableCompletion = true;
- programs.vim.defaultEditor = true;
-
- services.openssh.enable = true;
-
- # Enable CUPS to print documents.
- services.printing.enable = true;
- services.printing.drivers = [ pkgs.postscript-lexmark ];
-
- services.redis.enable = true;
-
- services.xserver = {
-
- desktopManager.session = lib.mkForce [];
-
- enable = true;
- display = 11;
- tty = 11;
-
- dpi = 200;
-
- videoDrivers = [ "nvidia" ];
- synaptics = {
- enable = false;
- };
-
- };
-
-
- users.extraUsers.jeschli = {
- isNormalUser = true;
- extraGroups = ["docker" "vboxusers" "audio"];
- uid = 1000;
- };
-
- system.stateVersion = "17.09";
- # Gogland Debugger workaround
- # nixpkgs.config.packageOverrides = super: {
- # idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: {
- # postFixup = ''
- # interp="$(cat $NIX_CC/nix-support/dynamic-linker)"
- # patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
- # chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
- # '';
- # });
- # };
-
- virtualisation.docker.enable = true;
-
- # DCSO Certificates
- security.pki.certificateFiles = [
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
-
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
- ];
-
-
- hardware.bluetooth.enable = true;
- krebs.build.host = config.krebs.hosts.bln;
-
- networking.interfaces.enp0s31f6.ipv4.addresses = [
- { address = "10.99.23.2"; prefixLength = 24; }
- ];
-
-}
diff --git a/jeschli/1systems/bln/dcso-vpn.nix b/jeschli/1systems/bln/dcso-vpn.nix
deleted file mode 100644
index 0a5623bf0..000000000
--- a/jeschli/1systems/bln/dcso-vpn.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-with import <stockholm/lib>;
-{ ... }:
-
-{
-
- users.extraUsers = {
- dcsovpn = rec {
- name = "dcsovpn";
- uid = genid "dcsovpn";
- description = "user for running dcso openvpn";
- home = "/home/${name}";
- };
- };
-
- users.extraGroups.dcsovpn.gid = genid "dcsovpn";
-
- services.openvpn.servers = {
- dcso = {
- config = ''
- client
- dev tun
- tun-mtu 1356
- mssfix
- proto udp
- float
- remote 217.111.55.41 1194
- nobind
- user dcsovpn
- group dcsovpn
- persist-key
- persist-tun
- ca ${toString <secrets/dcsovpn/ca.pem>}
- cert ${toString <secrets/dcsovpn/cert.pem>}
- key ${toString <secrets/dcsovpn/cert.key>}
- verb 3
- mute 20
- auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
- route-method exe
- route-delay 2
- '';
- updateResolvConf = true;
- };
- };
-}
diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix
deleted file mode 100644
index 35f0b3bca..000000000
--- a/jeschli/1systems/bln/hardware-configuration.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sr_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/25534522-5748-4dcc-a5ca-80a3ac70f59d";
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/496c8889-96db-446d-9bac-60d4347faeac";
- fsType = "ext4";
- };
-
- fileSystems."/home" =
- { device = "/dev/disk/by-uuid/2785adf5-a99e-49d7-86d6-99f393f457ea";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/927E-01A0";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 8;
- powerManagement.cpuFreqGovernor = "powersave";
-
- hardware.pulseaudio.enable = true;
-}
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 4cd544a66..0c01b7948 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -37,6 +37,11 @@
cd ~/stockholm
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="brauerei"'
'';
+ deploy = pkgs.writeDash "deploy" ''
+ set -eu
+ export SYSTEM="$1"
+ $(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
+ '';
};
environment.systemPackages = with pkgs; [
@@ -138,6 +143,14 @@
isNormalUser = true;
uid = 1001; # TODO genid
};
+ users.users.dev = {
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
+ ];
+ };
+
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"