summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-01-09 19:06:50 +0100
committertv <tv@krebsco.de>2018-01-09 19:06:50 +0100
commit8ff5c5e992ebafeca5edb2b22a0ab700edc715a5 (patch)
treee141f28bca4e5494669282d41c1c8dbbc96b4ce8 /lass
parentfb0bbec70ae1a0dd4fdc3c9bc9ed47f2a8573fd9 (diff)
parent5ef3a2c6caa2f018c2adf795de992e0487dd2413 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/daedalus/config.nix1
-rw-r--r--lass/1systems/dishfire/config.nix1
-rw-r--r--lass/1systems/mors/config.nix5
-rw-r--r--lass/1systems/prism/config.nix16
-rw-r--r--lass/2configs/IM.nix15
-rw-r--r--lass/2configs/ableton.nix20
-rw-r--r--lass/2configs/dns-stuff.nix22
-rw-r--r--lass/2configs/rebuild-on-boot.nix18
-rw-r--r--lass/2configs/security-workarounds.nix2
-rw-r--r--lass/source.nix2
10 files changed, 77 insertions, 25 deletions
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index 6674b3db5..8ec744584 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -41,6 +41,7 @@ with import <stockholm/lib>;
skype
wine
];
+ nixpkgs.config.firefox.enableAdobeFlash = true;
services.xserver.enable = true;
services.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
index 416edeb82..7993c763e 100644
--- a/lass/1systems/dishfire/config.nix
+++ b/lass/1systems/dishfire/config.nix
@@ -43,6 +43,7 @@
networking.dhcpcd.allowInterfaces = [
"enp*"
"eth*"
+ "ens*"
];
}
{
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index ad133802f..c231a0b10 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -30,6 +30,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/otp-ssh.nix>
<stockholm/lass/2configs/c-base.nix>
<stockholm/lass/2configs/br.nix>
+ <stockholm/lass/2configs/ableton.nix>
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@@ -70,10 +71,6 @@ with import <stockholm/lib>;
];
}
{
- #ps vita stuff
- boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
- }
- {
services.tor = {
enable = true;
client.enable = true;
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 593a1fc9c..03e9f6eeb 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -184,14 +184,17 @@ in {
}
{
#hotdog
+ systemd.services."container@hotdog".reloadIfChanged = mkForce false;
containers.hotdog = {
config = { ... }: {
+ imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
+ autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.1";
@@ -200,8 +203,10 @@ in {
}
{
#kaepsele
+ systemd.services."container@kaepsele".reloadIfChanged = mkForce false;
containers.kaepsele = {
config = { ... }: {
+ imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
@@ -209,6 +214,7 @@ in {
tv.pubkey
];
};
+ autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.3";
@@ -217,8 +223,10 @@ in {
}
{
#onondaga
+ systemd.services."container@onondaga".reloadIfChanged = mkForce false;
containers.onondaga = {
config = { ... }: {
+ imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
@@ -226,6 +234,7 @@ in {
config.krebs.users.nin.pubkey
];
};
+ autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.5";
@@ -302,6 +311,13 @@ in {
}
];
}
+ {
+ krebs.repo-sync.repos.stockholm.timerConfig = {
+ OnBootSec = "5min";
+ OnUnitInactiveSec = "2min";
+ RandomizedDelaySec = "2min";
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
index b94cb0634..51512955e 100644
--- a/lass/2configs/IM.nix
+++ b/lass/2configs/IM.nix
@@ -20,6 +20,17 @@ let
'';
in {
+ services.bitlbee = {
+ enable = true;
+ portNumber = 6666;
+ plugins = [
+ pkgs.bitlbee-facebook
+ pkgs.bitlbee-steam
+ pkgs.bitlbee-discord
+ ];
+ libpurple_plugins = [ pkgs.telegram-purple ];
+ };
+
users.extraUsers.chat = {
home = "/home/chat";
uid = genid "chat";
@@ -46,6 +57,10 @@ in {
restartIfChanged = false;
+ path = [
+ pkgs.rxvt_unicode.terminfo
+ ];
+
serviceConfig = {
User = "chat";
RemainAfterExit = true;
diff --git a/lass/2configs/ableton.nix b/lass/2configs/ableton.nix
new file mode 100644
index 000000000..9d6f481b0
--- /dev/null
+++ b/lass/2configs/ableton.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, ... }: let
+ mainUser = config.users.extraUsers.mainUser;
+in {
+ users.users= {
+ ableton = {
+ isNormalUser = true;
+ extraGroups = [
+ "audio"
+ "video"
+ ];
+ packages = [
+ pkgs.wine
+ pkgs.winetricks
+ ];
+ };
+ };
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(ableton) NOPASSWD: ALL
+ '';
+}
diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix
index 411b07503..cbcce8df9 100644
--- a/lass/2configs/dns-stuff.nix
+++ b/lass/2configs/dns-stuff.nix
@@ -11,24 +11,6 @@ with import <stockholm/lib>;
key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
};
};
- services.dnsmasq = {
- enable = true;
- resolveLocalQueries = false;
- extraConfig = ''
- server=127.1.0.1
- #no-resolv
- cache-size=1000
- min-cache-ttl=3600
- bind-dynamic
- all-servers
- dnssec
- trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
- rebind-domain-ok=/onion/
- server=/.onion/127.0.0.1#9053
- port=53
- '';
- };
- networking.extraResolvconfConf = ''
- name_servers='127.0.0.1'
- '';
+ services.resolved.enable = true;
+ services.resolved.fallbackDns = [ "127.1.0.1" ];
}
diff --git a/lass/2configs/rebuild-on-boot.nix b/lass/2configs/rebuild-on-boot.nix
new file mode 100644
index 000000000..60198be7b
--- /dev/null
+++ b/lass/2configs/rebuild-on-boot.nix
@@ -0,0 +1,18 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ systemd.services.rebuild-on-boot = {
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ NIX_REMOTE = "daemon";
+ HOME = "/var/empty";
+ };
+ serviceConfig = {
+ ExecStart = pkgs.writeScript "rebuild" ''
+ #!${pkgs.bash}/bin/bash
+ (/run/current-system/sw/bin/nixos-rebuild -I /var/src switch) &
+ '';
+ ExecStop = "${pkgs.coreutils}/bin/sleep 10";
+ };
+ };
+}
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
index 537c8a59b..c3d07d5fe 100644
--- a/lass/2configs/security-workarounds.nix
+++ b/lass/2configs/security-workarounds.nix
@@ -5,4 +5,6 @@ with import <stockholm/lib>;
boot.extraModprobeConfig = ''
install dccp /run/current-system/sw/bin/false
'';
+
+ boot.kernelPackages = pkgs.linuxPackages_latest;
}
diff --git a/lass/source.nix b/lass/source.nix
index 473dd2cf2..46c6d31dc 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "3aec59c";
+ ref = "d202e30";
};
secrets = getAttr builder {
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;