Merge remote-tracking branch 'prism/master'

7 files changed, 75 insertions, 47 deletions

diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix
index 7accb13d3..046c1574c 100644
--- a/makefu/1systems/darth/config.nix
+++ b/makefu/1systems/darth/config.nix
@@ -2,6 +2,8 @@
 
 with import <stockholm/lib>;
 let
+  # all the good stuff resides in /data
+
   byid = dev: "/dev/disk/by-id/" + dev;
   rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN";
   bootPart = rootDisk + "-part1";
@@ -21,44 +23,23 @@ in {
       <stockholm/makefu/2configs/tinc/retiolum.nix>
       <stockholm/makefu/2configs/tools/core.nix>
       <stockholm/makefu/2configs/stats/client.nix>
-      <stockholm/makefu/2configs/nsupdate-data.nix>
-
-      # SIEM
-      #<stockholm/makefu/2configs/tinc/siem.nix>
-      # {services.tinc.networks.siem = {
-      #     name = "sdarth";
-      #     extraConfig = "ConnectTo = sjump";
-      #   };
-      # }
+      # <stockholm/makefu/2configs/nsupdate-data.nix>
 
-      # {
-      #   makefu.forward-journal = {
-      #     enable = true;
-      #     src = "10.8.10.2";
-      #     dst = "10.8.10.6";
-      #   };
-      # }
-
-      ## Sharing
-      # <stockholm/makefu/2configs/share/temp-share-samba.nix>
-      #{
-      #  services.samba.shares = {
-      #      isos = {
-      #        path = "/data/isos/";
-      #        "read only" = "yes";
-      #        browseable = "yes";
-      #        "guest ok" = "yes";
-      #      };
-      #  };
-      #}
       <stockholm/makefu/2configs/share/anon-ftp.nix>
+
+      # lan party
+      <stockholm/makefu/2configs/lanparty/lancache.nix>
+      <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
+      <stockholm/makefu/2configs/lanparty/samba.nix>
+      <stockholm/makefu/2configs/lanparty/mumble-server.nix>
+      <stockholm/makefu/2configs/virtualisation/libvirt.nix>
   ];
 
 
 
   #networking.firewall.enable = false;
   makefu.server.primary-itf = "enp0s25";
-  krebs.hidden-ssh.enable = true;
+  # krebs.hidden-ssh.enable = true;
   boot.kernelModules = [ "coretemp" "f71882fg" ];
   hardware.enableAllFirmware = true;
   nixpkgs.config.allowUnfree = true;
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index e769b1e22..98d5d2988 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -2,16 +2,22 @@
 
 with import <stockholm/lib>;
 let
-  external-mac = "3a:66:48:8e:82:b2";
+  # hw-specific
+  external-mac = "2a:c5:6e:d2:fc:7f";
+  main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
+  external-gw = "185.194.140.1";
+  # single partition, label "nixos"
+  # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
+
+
+  # static
   external-ip = config.krebs.build.host.nets.internet.ip4.addr;
   external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
-  external-gw = "188.68.40.1";
   external-gw6 = "fe80::1";
   external-netmask = 22;
   external-netmask6 = 64;
-  ext-if = "et0"; # gets renamed on the fly
   internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
-  main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
+  ext-if = "et0"; # gets renamed on the fly
 in {
   imports = [
       <stockholm/makefu>
@@ -19,6 +25,7 @@ in {
       <stockholm/makefu/2configs/headless.nix>
       <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
       # <stockholm/makefu/2configs/smart-monitor.nix>
+
       <stockholm/makefu/2configs/git/cgit-retiolum.nix>
       <stockholm/makefu/2configs/backup.nix>
       # <stockholm/makefu/2configs/mattermost-docker.nix>
@@ -76,7 +83,7 @@ in {
       # <stockholm/makefu/2configs/logging/client.nix>
 
       # Temporary:
-      <stockholm/makefu/2configs/temp/rst-issue.nix>
+      # <stockholm/makefu/2configs/temp/rst-issue.nix>
 
   ];
   makefu.dl-dir = "/var/download";
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index 3b06660c6..5352b029f 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -18,7 +18,7 @@ in {
 
     # Security
     <stockholm/makefu/2configs/sshd-totp.nix>
-    <stockholm/makefu/2configs/stats/client.nix>
+    # <stockholm/makefu/2configs/stats/client.nix>
 
     # Tools
     <stockholm/makefu/2configs/tools/core.nix>
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index a22ff10bd..1d157460b 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -82,7 +82,7 @@ in {
       # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
 
       # Temporary:
-      <stockholm/makefu/2configs/temp/rst-issue.nix>
+      # <stockholm/makefu/2configs/temp/rst-issue.nix>
     ];
   makefu.full-populate = true;
   makefu.server.primary-itf = primaryInterface;
diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix
index 75a11d3a7..7b751e514 100644
--- a/makefu/1systems/tsp/config.nix
+++ b/makefu/1systems/tsp/config.nix
@@ -1,20 +1,20 @@
 #
 #
 #
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 {
   imports =
     [ # Include the results of the hardware scan.
       <stockholm/makefu>
-      <stockholm/makefu/2configs/gui/base.nix>
+      <stockholm/makefu/2configs/main-laptop.nix>
+      <stockholm/makefu/2configs/tools/all.nix>
       <stockholm/makefu/2configs/fs/sda-crypto-root.nix>
       # hardware specifics are in here
       # imports tp-x2x0.nix
-      <stockholm/makefu/2configs/hw/tp-x200.nix>
+      # <stockholm/makefu/2configs/hw/tp-x200.nix>
 
-      <stockholm/makefu/2configs/disable_v6.nix>
-      <stockholm/makefu/2configs/rad1o.nix>
+      # <stockholm/makefu/2configs/rad1o.nix>
 
       <stockholm/makefu/2configs/zsh-user.nix>
       <stockholm/makefu/2configs/exim-retiolum.nix>
@@ -22,9 +22,41 @@
     ];
   # not working in vm
   krebs.build.host = config.krebs.hosts.tsp;
+  boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
+  boot.loader.grub.copyKernels = true;
 
   networking.firewall.allowedTCPPorts = [
     25
   ];
 
+  # acer aspire
+  networking.wireless.enable = lib.mkDefault true;
+
+  hardware.enableAllFirmware = true;
+  nixpkgs.config.allowUnfree = true;
+
+  hardware.cpu.intel.updateMicrocode = true;
+
+  zramSwap.enable = true;
+  zramSwap.numDevices = 2;
+
+  services.tlp.enable = true;
+  services.tlp.extraConfig = ''
+    # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
+    START_CHARGE_THRESH_BAT0=67
+    STOP_CHARGE_THRESH_BAT0=100
+
+
+    CPU_SCALING_GOVERNOR_ON_AC=performance
+    CPU_SCALING_GOVERNOR_ON_BAT=ondemand
+    CPU_MIN_PERF_ON_AC=0
+    CPU_MAX_PERF_ON_AC=100
+    CPU_MIN_PERF_ON_BAT=0
+    CPU_MAX_PERF_ON_BAT=30
+  '';
+
+  powerManagement.resumeCommands = ''
+    ${pkgs.rfkill}/bin/rfkill unblock all
+  '';
+
 }
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index 3a53b70cb..ac51fd9ca 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -24,9 +24,12 @@ in {
       # <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
       # <stockholm/makefu/2configs/audio/realtime-audio.nix>
       # <stockholm/makefu/2configs/vncserver.nix>
-      <stockholm/makefu/2configs/temp/rst-issue.nix>
+
       # Services
       <stockholm/makefu/2configs/remote-build/slave.nix>
+
+      # temporary
+      # <stockholm/makefu/2configs/temp/rst-issue.nix>
   ];
 
   krebs = {
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index f7db75564..1dd1a070f 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -23,8 +23,6 @@ with import <stockholm/lib>;
       # <stockholm/makefu/2configs/deployment/wiki-irc-bot>
 
       # <stockholm/makefu/2configs/torrent.nix>
-      # <stockholm/makefu/2configs/lanparty/lancache.nix>
-      # <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
       # <stockholm/makefu/2configs/deployment/dirctator.nix>
       # <stockholm/makefu/2configs/vncserver.nix>
       # <stockholm/makefu/2configs/deployment/led-fader>
@@ -64,7 +62,7 @@ with import <stockholm/lib>;
       <stockholm/makefu/2configs/hw/rtl8812au.nix>
       <stockholm/makefu/2configs/hw/exfat-nofuse.nix>
       <stockholm/makefu/2configs/hw/wwan.nix>
-      <stockholm/makefu/2configs/hw/stk1160.nix>
+      # <stockholm/makefu/2configs/hw/stk1160.nix>
       # <stockholm/makefu/2configs/rad1o.nix>
 
       # Filesystem
@@ -75,6 +73,11 @@ with import <stockholm/lib>;
       {
         programs.adb.enable = true;
       }
+      # temporary
+      # <stockholm/makefu/2configs/lanparty/lancache.nix>
+      # <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
+      # <stockholm/makefu/2configs/lanparty/samba.nix>
+      # <stockholm/makefu/2configs/lanparty/mumble-server.nix>
 
     ];
 
@@ -84,7 +87,6 @@ with import <stockholm/lib>;
 
   nixpkgs.config.allowUnfree = true;
 
-  environment.systemPackages = [ pkgs.passwdqc-utils ];
 
 
   # configure pulseAudio to provide a HDMI sink as well
@@ -102,4 +104,7 @@ with import <stockholm/lib>;
   '';
   # hard dependency because otherwise the device will not be unlocked
   boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
+
+  nix.package = pkgs.nixUnstable;
+  environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
 }