summaryrefslogtreecommitdiffstats
path: root/makefu/1systems/omo
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2023-08-01 12:14:30 +0200
committertv <tv@krebsco.de>2023-08-01 12:14:30 +0200
commit7be9bfdc55d672de39dce98dae9c6d112404dfc6 (patch)
treee89a93ad96e6f35490ffbf6b6a337ca4dcc9a170 /makefu/1systems/omo
parent5d1b0675cf179f863a5b34b67661a953197b6057 (diff)
parent6e63efa3645353bc0549f5f152ef811fff5d644c (diff)
Merge remote-tracking branch 'orange/master'
Diffstat (limited to 'makefu/1systems/omo')
-rw-r--r--makefu/1systems/omo/config.nix194
-rw-r--r--makefu/1systems/omo/hw/omo.nix126
-rw-r--r--makefu/1systems/omo/hw/tsp-tools.nix11
-rw-r--r--makefu/1systems/omo/hw/tsp.nix41
-rw-r--r--makefu/1systems/omo/hw/vaapi.nix17
-rw-r--r--makefu/1systems/omo/source.nix6
6 files changed, 0 insertions, 395 deletions
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
deleted file mode 100644
index 224e170dd..000000000
--- a/makefu/1systems/omo/config.nix
+++ /dev/null
@@ -1,194 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, lib, ... }:
-let
- primaryInterface = config.makefu.server.primary-itf;
-in {
- imports =
- [
- ./hw/omo.nix
- #./hw/tsp.nix
- <stockholm/makefu>
- <stockholm/makefu/2configs/headless.nix>
- <stockholm/makefu/2configs/support-nixos.nix>
- <stockholm/makefu/2configs/nur.nix>
- # x11 forwarding
- {
- services.openssh.forwardX11 = true;
- users.users.makefu.packages = [
- pkgs.tinymediamanager
- ];
- }
- { environment.systemPackages = [ pkgs.youtube-dl2kodi pkgs.youtube-dl]; }
-
-
- <stockholm/makefu/2configs/zsh-user.nix>
- <stockholm/makefu/2configs/home-manager>
- <stockholm/makefu/2configs/home-manager/cli.nix>
- <stockholm/makefu/2configs/editor/neovim>
- # <stockholm/makefu/2configs/storj/client.nix>
-
-
- <stockholm/makefu/2configs/backup/state.nix>
-
- { makefu.backup.server.repo = "/media/cryptX/backup/borg"; }
- <stockholm/makefu/2configs/backup/server.nix>
- <stockholm/makefu/2configs/exim-retiolum.nix>
- # <stockholm/makefu/2configs/smart-monitor.nix>
- <stockholm/makefu/2configs/mail-client.nix>
- <stockholm/makefu/2configs/mosh.nix>
- <stockholm/makefu/2configs/tools/core.nix>
- <stockholm/makefu/2configs/tools/dev.nix>
- <stockholm/makefu/2configs/tools/desktop.nix>
- <stockholm/makefu/2configs/tools/mobility.nix>
- <stockholm/makefu/2configs/tools/consoles.nix>
- #<stockholm/makefu/2configs/graphite-standalone.nix>
- #<stockholm/makefu/2configs/share-user-sftp.nix>
-
- <stockholm/makefu/2configs/urlwatch>
- # <stockholm/makefu/2configs/legacy_only.nix>
-
- <stockholm/makefu/2configs/share>
- <stockholm/makefu/2configs/share/omo.nix>
- <stockholm/makefu/2configs/share/gum-client.nix>
- <stockholm/makefu/2configs/sync>
-
- <stockholm/makefu/2configs/wireguard/wiregrill.nix>
- #<stockholm/makefu/2configs/dcpp/airdcpp.nix>
- #{ krebs.airdcpp.dcpp.shares = let
- # d = path: "/media/cryptX/${path}";
- # in {
- # emu.path = d "emu";
- # audiobooks.path = lib.mkForce (d "audiobooks");
- # incoming.path = lib.mkForce (d "torrent");
- # anime.path = d "anime";
- # };
- # krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp";
- #}
- {
- # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
- #services.sabnzbd.enable = true;
- #systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- }
- # <stockholm/makefu/2configs/share/omo-timemachine.nix>
- <stockholm/makefu/2configs/tinc/retiolum.nix>
-
- # statistics
- # <stockholm/makefu/2configs/stats/client.nix>
- # Logging
- #influx + grafana
- <stockholm/makefu/2configs/stats/server.nix>
- # <stockholm/makefu/2configs/stats/nodisk-client.nix>
- # logs to influx
- <stockholm/makefu/2configs/stats/external/aralast.nix>
- <stockholm/makefu/2configs/stats/telegraf>
- # <stockholm/makefu/2configs/stats/telegraf/europastats.nix>
- <stockholm/makefu/2configs/stats/telegraf/hamstats.nix>
- <stockholm/makefu/2configs/hw/cdrip.nix>
-
- # services
- {
- services.nginx.enable = true;
- networking.firewall.allowedTCPPorts = [ 80 8123 ];
- }
- # <stockholm/makefu/2configs/syncthing.nix>
- <stockholm/makefu/2configs/remote-build/slave.nix>
- # TODO:
- <stockholm/makefu/2configs/virtualisation/docker.nix>
- <stockholm/makefu/2configs/bluetooth-mpd.nix>
-
- <stockholm/makefu/2configs/home/jellyfin.nix>
- <stockholm/makefu/2configs/home/music.nix>
- <stockholm/makefu/2configs/home/photoprism.nix>
- # <stockholm/makefu/2configs/home/tonie.nix>
- <stockholm/makefu/2configs/home/ps4srv.nix>
- # <stockholm/makefu/2configs/home/metube.nix>
- # <stockholm/makefu/2configs/home/ham>
- <stockholm/makefu/2configs/home/ham/docker.nix>
- <stockholm/makefu/2configs/home/zigbee2mqtt>
- {
- makefu.ps3netsrv = {
- enable = true;
- servedir = "/media/cryptX/emu/ps3";
- };
- users.users.makefu.packages = [ pkgs.pkgrename ];
- }
-
-
- {
- hardware.pulseaudio.systemWide = true;
- makefu.mpd.musicDirectory = "/media/cryptX/music";
- }
-
- # security
- <stockholm/makefu/2configs/sshd-totp.nix>
- # <stockholm/makefu/2configs/logging/central-logging-client.nix>
-
- # <stockholm/makefu/2configs/torrent.nix>
- {
- #krebs.rtorrent = {
- # downloadDir = lib.mkForce "/media/cryptX/torrent";
- # extraConfig = ''
- # upload_rate = 500
- # '';
- #};
- }
-
- # <stockholm/makefu/2configs/elchos/search.nix>
- # <stockholm/makefu/2configs/elchos/log.nix>
- # <stockholm/makefu/2configs/elchos/irc-token.nix>
-
- ## as long as pyload is not in nixpkgs:
- # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
-
- # Temporary:
- # <stockholm/makefu/2configs/temp/rst-issue.nix>
- <stockholm/makefu/2configs/bgt/social-to-irc.nix>
-
- ];
- makefu.full-populate = true;
- nixpkgs.config.allowUnfree = true;
- users.users.share.isNormalUser = true;
- users.groups.share = {
- gid = (import <stockholm/lib>).genid "share";
- members = [ "makefu" "misa" ];
- };
- networking.firewall.trustedInterfaces = [ primaryInterface "docker0" ];
-
-
-
- users.users.misa = {
- uid = 9002;
- name = "misa";
- isNormalUser = true;
- };
-
- zramSwap.enable = true;
-
- #krebs.Reaktor.reaktor-shack = {
- # nickname = "Reaktor|shack";
- # workdir = "/var/lib/Reaktor/shack";
- # channels = [ "#shackspace" ];
- # plugins = with pkgs.ReaktorPlugins;
- # [ shack-correct
- # # stockholm-issue
- # sed-plugin
- # random-emoji ];
- #};
- #krebs.Reaktor.reaktor-bgt = {
- # nickname = "Reaktor|bgt";
- # workdir = "/var/lib/Reaktor/bgt";
- # channels = [ "#binaergewitter" ];
- # plugins = with pkgs.ReaktorPlugins;
- # [ titlebot
- # # stockholm-issue
- # nixos-version
- # shack-correct
- # sed-plugin
- # random-emoji ];
- #};
-
- krebs.build.host = config.krebs.hosts.omo;
-}
diff --git a/makefu/1systems/omo/hw/omo.nix b/makefu/1systems/omo/hw/omo.nix
deleted file mode 100644
index eaedbb779..000000000
--- a/makefu/1systems/omo/hw/omo.nix
+++ /dev/null
@@ -1,126 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
- toMapper = id: "/media/crypt${builtins.toString id}";
- byid = dev: "/dev/disk/by-id/" + dev;
- keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
- rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904";
- rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2";
- primaryInterface = "enp2s0";
- # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
- # cryptsetup luksAddKey $dev tmpkey
- # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
- # mkfs.xfs /dev/mapper/crypt0 -L crypt0
-
- # omo Chassis:
- # __FRONT_
- # |* d0 |
- # | |
- # |* d1 |
- # | |
- # |* d3 |
- # | |
- # |* |
- # |* d2 |
- # | * |
- # | * |
- # |_______|
- # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
- cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV";
- cryptDisk1 = byid "ata-WDC_WD80EZAZ-11TDBA0_7SJPVLYW";
- cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
- cryptDisk2 = byid "ata-WDC_WD80EZAZ-11TDBA0_7SJPWT5W";
-
- # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
- # all physical disks
-
- # TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
- dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
- allDisks = [ rootDisk ] ++ dataDisks;
-in {
- imports =
- [ # TODO: unlock home partition via ssh
- ./vaapi.nix
- <stockholm/makefu/2configs/fs/sda-crypto-root.nix> ];
-
- makefu.server.primary-itf = primaryInterface;
- system.activationScripts.createCryptFolders = ''
- ${lib.concatMapStringsSep "\n"
- (d: "install -m 755 -d " + (toMapper d) )
- [ 0 1 2 "X" ]}
- '';
-
- makefu.snapraid = {
- enable = true;
- disks = map toMapper [ 0 1 3 ];
- parity = toMapper 2; # find -name PARITY_PARTITION
- extraConfig = ''
- exclude /lib/storj/
- exclude /.bitcoin/blocks/
- '';
- };
- fileSystems = let
- cryptMount = name:
- { "/media/${name}" = {
- device = "/dev/mapper/${name}"; fsType = "xfs";
- options = [ "nofail" ];
- };};
- in cryptMount "crypt0"
- // cryptMount "crypt1"
- // cryptMount "crypt2"
- // cryptMount "crypt3"
- // { "/media/cryptX" = {
- device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]);
- fsType = "mergerfs";
- noCheck = true;
- options = [ "defaults" "allow_other" "nofail" "nonempty" ];
- };
- };
-
- powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
- ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
- ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
- ${pkgs.hdparm}/sbin/hdparm -y ${disk}
- '') allDisks);
-
- # crypto unlocking
- boot = {
- initrd.luks = {
- devices = let
- usbkey = device: {
- inherit device keyFile;
- keyFileSize = 4096;
- allowDiscards = true;
- };
- in
- {
- luksroot = usbkey rootPartition;
- crypt0 = usbkey cryptDisk0;
- crypt1 = usbkey cryptDisk1;
- crypt2 = usbkey cryptDisk2;
- crypt3 = usbkey cryptDisk3;
- };
- };
- loader.grub.device = lib.mkForce rootDisk;
-
- initrd.availableKernelModules = [
- "ahci"
- "ohci_pci"
- "ehci_pci"
- "pata_atiixp"
- "firewire_ohci"
- "usb_storage"
- "usbhid"
- "raid456"
- "megaraid_sas"
- ];
-
- kernelModules = [ "kvm-intel" ];
- extraModulePackages = [ ];
- };
- environment.systemPackages = with pkgs;[
- mergerfs # hard requirement for mount
- ];
- hardware.enableRedistributableFirmware = true;
- hardware.cpu.intel.updateMicrocode = true;
-}
-
diff --git a/makefu/1systems/omo/hw/tsp-tools.nix b/makefu/1systems/omo/hw/tsp-tools.nix
deleted file mode 100644
index 6579edd9d..000000000
--- a/makefu/1systems/omo/hw/tsp-tools.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-let
- disko = import (builtins.fetchGit {
- url = https://cgit.lassul.us/disko/;
- rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe";
- });
-
- cfg = builtins.fromJSON (builtins.readFile ../../hardware/tsp-disk.json);
-in ''
-${disko.create cfg}
-${disko.mount cfg}
-''
diff --git a/makefu/1systems/omo/hw/tsp.nix b/makefu/1systems/omo/hw/tsp.nix
deleted file mode 100644
index a289fadce..000000000
--- a/makefu/1systems/omo/hw/tsp.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ pkgs, ... }:
-with builtins;
-let
- disko = import (builtins.fetchGit {
- url = https://cgit.lassul.us/disko/;
- rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe";
- });
- cfg = fromJSON (readFile ../../hardware/tsp-disk.json);
- # primaryInterface = "enp1s0";
- primaryInterface = "wlp2s0";
- rootDisk = "/dev/sda"; # TODO same as disko uses
-in {
- imports = [
- (disko.config cfg)
- ];
- makefu.server.primary-itf = primaryInterface;
- boot = {
- loader.grub.device = rootDisk;
-
- initrd.availableKernelModules = [
- "ahci"
- "ohci_pci"
- "ehci_pci"
- "pata_atiixp"
- "firewire_ohci"
- "usb_storage"
- "usbhid"
- ];
-
- kernelModules = [ "kvm-intel" ];
- };
- networking.wireless.enable = true;
- hardware.enableRedistributableFirmware = true;
- hardware.cpu.intel.updateMicrocode = true;
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
- services.logind.extraConfig = ''
- HandleSuspendKey = ignore
- '';
- powerManagement.enable = false;
-}
diff --git a/makefu/1systems/omo/hw/vaapi.nix b/makefu/1systems/omo/hw/vaapi.nix
deleted file mode 100644
index 8250d4110..000000000
--- a/makefu/1systems/omo/hw/vaapi.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ pkgs, ... }:
-{
- nixpkgs.config.packageOverrides = pkgs: {
- vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
- };
- hardware.opengl = {
- enable = true;
- extraPackages = with pkgs; [
- intel-media-driver # LIBVA_DRIVER_NAME=iHD
- vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
- vaapiVdpau
- libvdpau-va-gl
- ];
- };
- hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ vaapiIntel ];
- environment.systemPackages = [ pkgs.libva-utils ];
-}
diff --git a/makefu/1systems/omo/source.nix b/makefu/1systems/omo/source.nix
deleted file mode 100644
index b56e855fc..000000000
--- a/makefu/1systems/omo/source.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- name="omo";
- torrent = true;
- unstable = true;
- home-manager = true;
-}