diff options
author | tv <tv@krebsco.de> | 2023-08-01 12:14:30 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2023-08-01 12:14:30 +0200 |
commit | 7be9bfdc55d672de39dce98dae9c6d112404dfc6 (patch) | |
tree | e89a93ad96e6f35490ffbf6b6a337ca4dcc9a170 /makefu/1systems/omo | |
parent | 5d1b0675cf179f863a5b34b67661a953197b6057 (diff) | |
parent | 6e63efa3645353bc0549f5f152ef811fff5d644c (diff) |
Merge remote-tracking branch 'orange/master'
Diffstat (limited to 'makefu/1systems/omo')
-rw-r--r-- | makefu/1systems/omo/config.nix | 194 | ||||
-rw-r--r-- | makefu/1systems/omo/hw/omo.nix | 126 | ||||
-rw-r--r-- | makefu/1systems/omo/hw/tsp-tools.nix | 11 | ||||
-rw-r--r-- | makefu/1systems/omo/hw/tsp.nix | 41 | ||||
-rw-r--r-- | makefu/1systems/omo/hw/vaapi.nix | 17 | ||||
-rw-r--r-- | makefu/1systems/omo/source.nix | 6 |
6 files changed, 0 insertions, 395 deletions
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix deleted file mode 100644 index 224e170dd..000000000 --- a/makefu/1systems/omo/config.nix +++ /dev/null @@ -1,194 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, lib, ... }: -let - primaryInterface = config.makefu.server.primary-itf; -in { - imports = - [ - ./hw/omo.nix - #./hw/tsp.nix - <stockholm/makefu> - <stockholm/makefu/2configs/headless.nix> - <stockholm/makefu/2configs/support-nixos.nix> - <stockholm/makefu/2configs/nur.nix> - # x11 forwarding - { - services.openssh.forwardX11 = true; - users.users.makefu.packages = [ - pkgs.tinymediamanager - ]; - } - { environment.systemPackages = [ pkgs.youtube-dl2kodi pkgs.youtube-dl]; } - - - <stockholm/makefu/2configs/zsh-user.nix> - <stockholm/makefu/2configs/home-manager> - <stockholm/makefu/2configs/home-manager/cli.nix> - <stockholm/makefu/2configs/editor/neovim> - # <stockholm/makefu/2configs/storj/client.nix> - - - <stockholm/makefu/2configs/backup/state.nix> - - { makefu.backup.server.repo = "/media/cryptX/backup/borg"; } - <stockholm/makefu/2configs/backup/server.nix> - <stockholm/makefu/2configs/exim-retiolum.nix> - # <stockholm/makefu/2configs/smart-monitor.nix> - <stockholm/makefu/2configs/mail-client.nix> - <stockholm/makefu/2configs/mosh.nix> - <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/tools/dev.nix> - <stockholm/makefu/2configs/tools/desktop.nix> - <stockholm/makefu/2configs/tools/mobility.nix> - <stockholm/makefu/2configs/tools/consoles.nix> - #<stockholm/makefu/2configs/graphite-standalone.nix> - #<stockholm/makefu/2configs/share-user-sftp.nix> - - <stockholm/makefu/2configs/urlwatch> - # <stockholm/makefu/2configs/legacy_only.nix> - - <stockholm/makefu/2configs/share> - <stockholm/makefu/2configs/share/omo.nix> - <stockholm/makefu/2configs/share/gum-client.nix> - <stockholm/makefu/2configs/sync> - - <stockholm/makefu/2configs/wireguard/wiregrill.nix> - #<stockholm/makefu/2configs/dcpp/airdcpp.nix> - #{ krebs.airdcpp.dcpp.shares = let - # d = path: "/media/cryptX/${path}"; - # in { - # emu.path = d "emu"; - # audiobooks.path = lib.mkForce (d "audiobooks"); - # incoming.path = lib.mkForce (d "torrent"); - # anime.path = d "anime"; - # }; - # krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp"; - #} - { - # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/ - #services.sabnzbd.enable = true; - #systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - } - # <stockholm/makefu/2configs/share/omo-timemachine.nix> - <stockholm/makefu/2configs/tinc/retiolum.nix> - - # statistics - # <stockholm/makefu/2configs/stats/client.nix> - # Logging - #influx + grafana - <stockholm/makefu/2configs/stats/server.nix> - # <stockholm/makefu/2configs/stats/nodisk-client.nix> - # logs to influx - <stockholm/makefu/2configs/stats/external/aralast.nix> - <stockholm/makefu/2configs/stats/telegraf> - # <stockholm/makefu/2configs/stats/telegraf/europastats.nix> - <stockholm/makefu/2configs/stats/telegraf/hamstats.nix> - <stockholm/makefu/2configs/hw/cdrip.nix> - - # services - { - services.nginx.enable = true; - networking.firewall.allowedTCPPorts = [ 80 8123 ]; - } - # <stockholm/makefu/2configs/syncthing.nix> - <stockholm/makefu/2configs/remote-build/slave.nix> - # TODO: - <stockholm/makefu/2configs/virtualisation/docker.nix> - <stockholm/makefu/2configs/bluetooth-mpd.nix> - - <stockholm/makefu/2configs/home/jellyfin.nix> - <stockholm/makefu/2configs/home/music.nix> - <stockholm/makefu/2configs/home/photoprism.nix> - # <stockholm/makefu/2configs/home/tonie.nix> - <stockholm/makefu/2configs/home/ps4srv.nix> - # <stockholm/makefu/2configs/home/metube.nix> - # <stockholm/makefu/2configs/home/ham> - <stockholm/makefu/2configs/home/ham/docker.nix> - <stockholm/makefu/2configs/home/zigbee2mqtt> - { - makefu.ps3netsrv = { - enable = true; - servedir = "/media/cryptX/emu/ps3"; - }; - users.users.makefu.packages = [ pkgs.pkgrename ]; - } - - - { - hardware.pulseaudio.systemWide = true; - makefu.mpd.musicDirectory = "/media/cryptX/music"; - } - - # security - <stockholm/makefu/2configs/sshd-totp.nix> - # <stockholm/makefu/2configs/logging/central-logging-client.nix> - - # <stockholm/makefu/2configs/torrent.nix> - { - #krebs.rtorrent = { - # downloadDir = lib.mkForce "/media/cryptX/torrent"; - # extraConfig = '' - # upload_rate = 500 - # ''; - #}; - } - - # <stockholm/makefu/2configs/elchos/search.nix> - # <stockholm/makefu/2configs/elchos/log.nix> - # <stockholm/makefu/2configs/elchos/irc-token.nix> - - ## as long as pyload is not in nixpkgs: - # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload - - # Temporary: - # <stockholm/makefu/2configs/temp/rst-issue.nix> - <stockholm/makefu/2configs/bgt/social-to-irc.nix> - - ]; - makefu.full-populate = true; - nixpkgs.config.allowUnfree = true; - users.users.share.isNormalUser = true; - users.groups.share = { - gid = (import <stockholm/lib>).genid "share"; - members = [ "makefu" "misa" ]; - }; - networking.firewall.trustedInterfaces = [ primaryInterface "docker0" ]; - - - - users.users.misa = { - uid = 9002; - name = "misa"; - isNormalUser = true; - }; - - zramSwap.enable = true; - - #krebs.Reaktor.reaktor-shack = { - # nickname = "Reaktor|shack"; - # workdir = "/var/lib/Reaktor/shack"; - # channels = [ "#shackspace" ]; - # plugins = with pkgs.ReaktorPlugins; - # [ shack-correct - # # stockholm-issue - # sed-plugin - # random-emoji ]; - #}; - #krebs.Reaktor.reaktor-bgt = { - # nickname = "Reaktor|bgt"; - # workdir = "/var/lib/Reaktor/bgt"; - # channels = [ "#binaergewitter" ]; - # plugins = with pkgs.ReaktorPlugins; - # [ titlebot - # # stockholm-issue - # nixos-version - # shack-correct - # sed-plugin - # random-emoji ]; - #}; - - krebs.build.host = config.krebs.hosts.omo; -} diff --git a/makefu/1systems/omo/hw/omo.nix b/makefu/1systems/omo/hw/omo.nix deleted file mode 100644 index eaedbb779..000000000 --- a/makefu/1systems/omo/hw/omo.nix +++ /dev/null @@ -1,126 +0,0 @@ -{ config, pkgs, lib, ... }: -let - toMapper = id: "/media/crypt${builtins.toString id}"; - byid = dev: "/dev/disk/by-id/" + dev; - keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; - rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; - rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; - primaryInterface = "enp2s0"; - # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 - # cryptsetup luksAddKey $dev tmpkey - # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 - # mkfs.xfs /dev/mapper/crypt0 -L crypt0 - - # omo Chassis: - # __FRONT_ - # |* d0 | - # | | - # |* d1 | - # | | - # |* d3 | - # | | - # |* | - # |* d2 | - # | * | - # | * | - # |_______| - # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; - cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV"; - cryptDisk1 = byid "ata-WDC_WD80EZAZ-11TDBA0_7SJPVLYW"; - cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; - cryptDisk2 = byid "ata-WDC_WD80EZAZ-11TDBA0_7SJPWT5W"; - - # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; - # all physical disks - - # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; - allDisks = [ rootDisk ] ++ dataDisks; -in { - imports = - [ # TODO: unlock home partition via ssh - ./vaapi.nix - <stockholm/makefu/2configs/fs/sda-crypto-root.nix> ]; - - makefu.server.primary-itf = primaryInterface; - system.activationScripts.createCryptFolders = '' - ${lib.concatMapStringsSep "\n" - (d: "install -m 755 -d " + (toMapper d) ) - [ 0 1 2 "X" ]} - ''; - - makefu.snapraid = { - enable = true; - disks = map toMapper [ 0 1 3 ]; - parity = toMapper 2; # find -name PARITY_PARTITION - extraConfig = '' - exclude /lib/storj/ - exclude /.bitcoin/blocks/ - ''; - }; - fileSystems = let - cryptMount = name: - { "/media/${name}" = { - device = "/dev/mapper/${name}"; fsType = "xfs"; - options = [ "nofail" ]; - };}; - in cryptMount "crypt0" - // cryptMount "crypt1" - // cryptMount "crypt2" - // cryptMount "crypt3" - // { "/media/cryptX" = { - device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]); - fsType = "mergerfs"; - noCheck = true; - options = [ "defaults" "allow_other" "nofail" "nonempty" ]; - }; - }; - - powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' - ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} - ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} - ${pkgs.hdparm}/sbin/hdparm -y ${disk} - '') allDisks); - - # crypto unlocking - boot = { - initrd.luks = { - devices = let - usbkey = device: { - inherit device keyFile; - keyFileSize = 4096; - allowDiscards = true; - }; - in - { - luksroot = usbkey rootPartition; - crypt0 = usbkey cryptDisk0; - crypt1 = usbkey cryptDisk1; - crypt2 = usbkey cryptDisk2; - crypt3 = usbkey cryptDisk3; - }; - }; - loader.grub.device = lib.mkForce rootDisk; - - initrd.availableKernelModules = [ - "ahci" - "ohci_pci" - "ehci_pci" - "pata_atiixp" - "firewire_ohci" - "usb_storage" - "usbhid" - "raid456" - "megaraid_sas" - ]; - - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; - environment.systemPackages = with pkgs;[ - mergerfs # hard requirement for mount - ]; - hardware.enableRedistributableFirmware = true; - hardware.cpu.intel.updateMicrocode = true; -} - diff --git a/makefu/1systems/omo/hw/tsp-tools.nix b/makefu/1systems/omo/hw/tsp-tools.nix deleted file mode 100644 index 6579edd9d..000000000 --- a/makefu/1systems/omo/hw/tsp-tools.nix +++ /dev/null @@ -1,11 +0,0 @@ -let - disko = import (builtins.fetchGit { - url = https://cgit.lassul.us/disko/; - rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe"; - }); - - cfg = builtins.fromJSON (builtins.readFile ../../hardware/tsp-disk.json); -in '' -${disko.create cfg} -${disko.mount cfg} -'' diff --git a/makefu/1systems/omo/hw/tsp.nix b/makefu/1systems/omo/hw/tsp.nix deleted file mode 100644 index a289fadce..000000000 --- a/makefu/1systems/omo/hw/tsp.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ pkgs, ... }: -with builtins; -let - disko = import (builtins.fetchGit { - url = https://cgit.lassul.us/disko/; - rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe"; - }); - cfg = fromJSON (readFile ../../hardware/tsp-disk.json); - # primaryInterface = "enp1s0"; - primaryInterface = "wlp2s0"; - rootDisk = "/dev/sda"; # TODO same as disko uses -in { - imports = [ - (disko.config cfg) - ]; - makefu.server.primary-itf = primaryInterface; - boot = { - loader.grub.device = rootDisk; - - initrd.availableKernelModules = [ - "ahci" - "ohci_pci" - "ehci_pci" - "pata_atiixp" - "firewire_ohci" - "usb_storage" - "usbhid" - ]; - - kernelModules = [ "kvm-intel" ]; - }; - networking.wireless.enable = true; - hardware.enableRedistributableFirmware = true; - hardware.cpu.intel.updateMicrocode = true; - services.logind.lidSwitch = "ignore"; - services.logind.lidSwitchDocked = "ignore"; - services.logind.extraConfig = '' - HandleSuspendKey = ignore - ''; - powerManagement.enable = false; -} diff --git a/makefu/1systems/omo/hw/vaapi.nix b/makefu/1systems/omo/hw/vaapi.nix deleted file mode 100644 index 8250d4110..000000000 --- a/makefu/1systems/omo/hw/vaapi.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: -{ - nixpkgs.config.packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; - }; - hardware.opengl = { - enable = true; - extraPackages = with pkgs; [ - intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - vaapiVdpau - libvdpau-va-gl - ]; - }; - hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ vaapiIntel ]; - environment.systemPackages = [ pkgs.libva-utils ]; -} diff --git a/makefu/1systems/omo/source.nix b/makefu/1systems/omo/source.nix deleted file mode 100644 index b56e855fc..000000000 --- a/makefu/1systems/omo/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - name="omo"; - torrent = true; - unstable = true; - home-manager = true; -} |