diff options
29 files changed, 244 insertions, 120 deletions
diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix index 862c9b991..67ca23ecd 100644 --- a/krebs/2configs/reaktor-krebs.nix +++ b/krebs/2configs/reaktor-krebs.nix @@ -7,6 +7,7 @@ with import <stockholm/lib>; channels = [ "#krebs" "#nixos-wiki" + "#nixos-de" ]; extraEnviron = { REAKTOR_HOST = "irc.freenode.org"; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index a7ec0e158..089113ac6 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -84,8 +84,8 @@ in { nets = rec { internet = { # eve.thalheim.io - ip4.addr = "188.68.39.17"; - ip6.addr = "2a03:4000:13:31e::1"; + ip4.addr = "95.216.112.61"; + ip6.addr = "2a01:4f9:2b:1605::1"; aliases = [ "eve.i" ]; }; retiolum = { @@ -141,6 +141,29 @@ in { }; }; }; + idontcare = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.idontcare.nets.retiolum.ip4.addr + config.krebs.hosts.idontcare.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.177"; + aliases = [ "idontcare.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxmmbQLVXcnCU9Vg9TCoJxfq/RyNfzaTj8XJsn4Kpo3CvQOwFzL6O + qZnbG55WjPjPumuFgtUdHA/G8mgtrTVaIRbVE9ck2l2wWFzMWxORzuvDbMh5xP8A + OW2Z2qjlH6O9GTBCzpYyHuyBWCjtiN4x9zEqxkIsBARKOylAoy3zQIiiQF0d72An + lqKFi9vYUU90zo9rP8BTzx2ZsEWb28xhHUlwf1+vgaOHI1jI99gnr12dVYl/i/Hb + O28gDUogfpP/5pWFAHJ+53ZscHo8/Y7imjiKgGXmOHywoXOsKQ67M6ROEU/0xPnw + jKmq2p7zTJk2mDhphjePi5idd5yKNX5Q3wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; justraute = { owner = config.krebs.users.raute; # laptop nets = { @@ -393,7 +416,7 @@ in { pubkey = ssh-for "kmein"; }; Mic92 = { - mail = "joerg@higgsboson.tk"; + mail = "joerg@thalheim.io"; pubkey = ssh-for "Mic92"; }; palo = { diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index d3f681a65..614d5bccf 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "0396345b79436f54920f7eb651ab42acf2eb7973", - "date": "2018-12-30T21:22:33-05:00", - "sha256": "10wd0wsair6dlilgaviqw2p9spgcf8qg736bzs08jha0f4zfqjs4", + "rev": "97e0d53d669cd07f0750a42fd535524b3cdd46d1", + "date": "2019-01-15T00:11:44+01:00", + "sha256": "111xa7qn9142dar29cil4br2mvn8f1rbiy310lkhwl73126fq8dw", "fetchSubmodules": false } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index df2778bef..23746d210 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -36,10 +36,10 @@ with import <stockholm/lib>; # TODO write function for proxy_pass (ssl/nonssl) krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; } ]; } { @@ -379,6 +379,7 @@ with import <stockholm/lib>; name = "download"; home = "/var/download"; useDefaultShell = true; + uid = genid "download"; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-shodan.pubkey @@ -420,6 +421,16 @@ with import <stockholm/lib>; { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } ]; } + { + nix.trustedUsers = [ "Mic92" ]; + users.users.Mic92 = { + uid = genid_uint31 "Mic92"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.Mic92.pubkey + ]; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index a2b5efb29..9a84e9d63 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -63,9 +63,15 @@ defaultGateway = "95.216.1.129"; # Use google's public DNS server nameservers = [ "8.8.8.8" ]; - interfaces.eth0 = { - ipAddress = "95.216.1.150"; - prefixLength = 26; - }; + interfaces.eth0.ipv4.addresses = [ + { + address = "95.216.1.150"; + prefixLength = 26; + } + { + address = "95.216.1.130"; + prefixLength = 26; + } + ]; }; } diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 58fa564a1..9d8bcd7be 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -88,7 +88,7 @@ with import <stockholm/lib>; client dev tun proto udp - remote 82.102.16.229 1194 + remote 89.249.65.83 1194 resolv-retry infinite remote-random nobind @@ -103,13 +103,9 @@ with import <stockholm/lib>; reneg-sec 0 comp-lzo no - explicit-exit-notify 3 - remote-cert-tls server - #mute 10000 auth-user-pass ${toString <secrets/nordvpn.txt>} - verb 3 pull fast-io @@ -118,32 +114,33 @@ with import <stockholm/lib>; <ca> -----BEGIN CERTIFICATE----- - MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD - VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH - Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw - bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y - ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG - A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT - B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2 - cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v - cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG - UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny - mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X - +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT - ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI - 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA - VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT - Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh - MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ - MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy - Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW - EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ - e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW - //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB - wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB - KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p - lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9 + MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ + MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2 + MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV + BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI + hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF + kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr + XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU + eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV + skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu + MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA + 37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR + hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s + Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy + WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6 + MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST + LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG + SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g + nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/ + k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S + DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/ + pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo + k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp + +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd + NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa + wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC + VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S + PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA== -----END CERTIFICATE----- </ca> key-direction 1 @@ -152,23 +149,24 @@ with import <stockholm/lib>; # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- - 49b2f54c6ee58d2d97331681bb577d55 - 054f56d92b743c31e80b684de0388702 - ad3bf51088cd88f3fac7eb0729f2263c - 51d82a6eb7e2ed4ae6dfa65b1ac764d0 - b9dedf1379c1b29b36396d64cb6fd6b2 - e61f869f9a13001dadc02db171f04c4d - c46d1132c1f31709e7b54a6eabae3ea8 - fbd2681363c185f4cb1be5aa42a27c31 - 21db7b2187fd11c1acf224a0d5a44466 - b4b5a3cc34ec0227fe40007e8b379654 - f1e8e2b63c6b46ee7ab6f1bd82f57837 - 92c209e8f25bc9ed493cb5c1d891ae72 - 7f54f4693c5b20f136ca23e639fd8ea0 - 865b4e22dd2af43e13e6b075f12427b2 - 08af9ffd09c56baa694165f57fe2697a - 3377fa34aebcba587c79941d83deaf45 + e685bdaf659a25a200e2b9e39e51ff03 + 0fc72cf1ce07232bd8b2be5e6c670143 + f51e937e670eee09d4f2ea5a6e4e6996 + 5db852c275351b86fc4ca892d78ae002 + d6f70d029bd79c4d1c26cf14e9588033 + cf639f8a74809f29f72b9d58f9b8f5fe + fc7938eade40e9fed6cb92184abb2cc1 + 0eb1a296df243b251df0643d53724cdb + 5a92a1d6cb817804c4a9319b57d53be5 + 80815bcfcb2df55018cc83fc43bc7ff8 + 2d51f9b88364776ee9d12fc85cc7ea5b + 9741c4f598c485316db066d52db4540e + 212e1518a9bd4828219e24b20d88f598 + a196c9de96012090e333519ae18d3509 + 9427e7b372d348d352dc4c85e18cd4b9 + 3f8a56ddb2e64eb67adfc9b337157ff4 -----END OpenVPN Static key V1----- </tls-auth> + ''; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 69e697a1d..d3676a9b9 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -115,6 +115,7 @@ with import <stockholm/lib>; #network iptables iftop + tcpdump #stuff for dl aria2 diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index f487a9910..555295422 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -96,6 +96,7 @@ with import <stockholm/lib>; { from = "nordvpn@lassul.us"; to = lass.mail; } { from = "csv-direct@lassul.us"; to = lass.mail; } { from = "nintendo@lassul.us"; to = lass.mail; } + { from = "overleaf@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 62e3f6d52..a3acb82bb 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -74,7 +74,6 @@ in { createHome = true; useDefaultShell = true; packages = with pkgs; [ - ftb minecraft steam-run dolphinEmu diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 223fc73ba..7fb248139 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -155,6 +155,13 @@ in { ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; + users.users.UBIK-SFTP = { + uid = genid_uint31 "UBIK-SFTP"; + home = "/home/UBIK-SFTP"; + useDefaultShell = true; + createHome = true; + }; + users.users.xanf = { uid = genid_uint31 "xanf"; home = "/home/xanf"; @@ -227,5 +234,22 @@ in { createHome = true; }; + services.restic.backups.domsen = { + initialize = true; + extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; + repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + passwordFile = toString <secrets> + "/domsen_backup_pw"; + paths = [ + "/srv/http" + "/home/domsen/Mail" + "/home/ms/Mail" + "/home/klabusterbeere/Mail" + "/home/jms/Mail" + "/home/bruno/Mail" + "/home/akayguen/Mail" + "/backups/sql_dumps" + ]; + }; + } diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix index 2491352eb..e40042b2d 100644 --- a/makefu/1systems/cake/config.nix +++ b/makefu/1systems/cake/config.nix @@ -2,6 +2,7 @@ { imports = [ <stockholm/makefu> + ./hardware-config.nix <stockholm/makefu/2configs/tools/core.nix> # configure your hw: # <stockholm/makefu/2configs/save-diskspace.nix> @@ -11,46 +12,10 @@ tinc.retiolum.enable = true; build.host = config.krebs.hosts.cake; }; - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" ]; - programs.info.enable = false; - programs.man.enable = false; + documentation.info.enable = false; + documentation.man.enable = false; services.nixosManual.enable = false; - boot.tmpOnTmpfs = lib.mkForce false; sound.enable = false; - hardware.enableRedistributableFirmware = true; - hardware.firmware = [ - (pkgs.stdenv.mkDerivation { - name = "broadcom-rpi3-rest"; - src = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/54bab3d/brcm80211/brcm/brcmfmac43430-sdio.txt"; - sha256 = "19bmdd7w0xzybfassn7x4rb30l70vynnw3c80nlapna2k57xwbw7"; - }; - phases = [ "installPhase" ]; - installPhase = '' - mkdir -p $out/lib/firmware/brcm - cp $src $out/lib/firmware/brcm/brcmfmac43430-sdio.txt - ''; - }) - ]; - networking.wireless.enable = true; - users.extraUsers.root.openssh.authorizedKeys.keys = [ - config.krebs.users.Mic92.pubkey - ]; - -# File systems configuration for using the installer's partition layout - fileSystems = { - "/boot" = { - device = "/dev/disk/by-label/NIXOS_BOOT"; - fsType = "vfat"; - }; - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - }; - }; } diff --git a/makefu/1systems/cake/hardware-config.nix b/makefu/1systems/cake/hardware-config.nix new file mode 100644 index 000000000..d021f9458 --- /dev/null +++ b/makefu/1systems/cake/hardware-config.nix @@ -0,0 +1,42 @@ +{ pkgs, lib, ... }: +{ + # raspi3 + boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ]; + boot.loader.grub.enable = false; + boot.loader.raspberryPi.enable = true; + boot.loader.raspberryPi.version = 3; + boot.loader.raspberryPi.uboot.enable = true; + boot.loader.raspberryPi.uboot.configurationLimit = 3; + boot.loader.raspberryPi.firmwareConfig = '' + gpu_mem=32 + arm_freq=1350 + core_freq=500 + over_voltage=4 + disable_splash=1 + # bye bye warranty + force_turbo=1 + ''; + boot.loader.generationsDir.enable = lib.mkDefault false; + + boot.tmpOnTmpfs = lib.mkForce false; + boot.cleanTmpDir = true; + hardware.enableRedistributableFirmware = true; + + ## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747 + # boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackages_latest; + environment.systemPackages = [ pkgs.raspberrypi-tools ]; + networking.wireless.enable = true; + # File systems configuration for using the installer's partition layout + swapDevices = [ { device = "/var/swap"; size = 2048; } ]; + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; +} diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 6024260dc..e274b4bf8 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -22,6 +22,8 @@ in { }; } <stockholm/makefu/2configs/support-nixos.nix> + <stockholm/makefu/2configs/home-manager> + <stockholm/makefu/2configs/home-manager/cli.nix> # <stockholm/makefu/2configs/stats/client.nix> <stockholm/makefu/2configs/stats/netdata-server.nix> @@ -123,7 +125,7 @@ in { #<stockholm/makefu/2configs/nginx/update.connector.one.nix> <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> # <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> - <stockholm/makefu/2configs/nginx/iso.euer.nix> + # <stockholm/makefu/2configs/nginx/iso.euer.nix> <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> <stockholm/makefu/2configs/deployment/graphs.nix> diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix index e9670a5a4..542b79fe7 100644 --- a/makefu/1systems/gum/hardware-config.nix +++ b/makefu/1systems/gum/hardware-config.nix @@ -34,7 +34,7 @@ in { prefixLength = external-netmask6; }]; }; - defaultGateway6 = external-gw6; + defaultGateway6 = { address = external-gw6; interface = ext-if; }; defaultGateway = external-gw; }; boot.kernelParams = [ ]; diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index 1e36c6e87..43586ede4 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -2,4 +2,5 @@ name="gum"; torrent = true; clever_kexec = true; + home-manager = true; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 5a4eea2e4..35779507b 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -69,6 +69,7 @@ # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> <stockholm/makefu/2configs/hw/mceusb.nix> + <stockholm/makefu/2configs/hw/malduino_elite.nix> # <stockholm/makefu/2configs/hw/tpm.nix> # <stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/network-manager.nix> diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix index a89a4813f..57184bdf7 100644 --- a/makefu/2configs/bureautomation/hass.nix +++ b/makefu/2configs/bureautomation/hass.nix @@ -3,19 +3,14 @@ let tasmota_plug = name: topic: { platform = "mqtt"; inherit name; - state_topic = "/bam/${topic}/stat/POWER1"; - command_topic = "/bam/${topic}/cmnd/POWER1"; + state_topic = "/bam/${topic}/stat/POWER"; + command_topic = "/bam/${topic}/cmnd/POWER"; availability_topic = "/bam/${topic}/tele/LWT"; payload_on= "ON"; payload_off= "OFF"; payload_available= "Online"; payload_not_available= "Offline"; }; - tasmota_stecki = name: topic: - ( tasmota_plug name topic) // - { state_topic = "/bam/${topic}/stat/POWER"; - command_topic = "/bam/${topic}/cmnd/POWER"; - }; espeasy_dht22 = name: [ { platform = "mqtt"; name = "${name} DHT22 Temperature"; @@ -77,8 +72,8 @@ in { switch = [ (tasmota_plug "Bauarbeiterlampe" "plug") (tasmota_plug "Blitzdings" "plug2") - (tasmota_stecki "Fernseher" "fernseher") - (tasmota_plug "Pluggy" "plug4") + (tasmota_plug "Fernseher" "plug3") + (tasmota_plug "Feuer" "plug4") ]; binary_sensor = [ { platform = "mqtt"; @@ -179,7 +174,7 @@ in { "switch.bauarbeiterlampe" "switch.blitzdings" "switch.fernseher" - "switch.pluggy" + "switch.feuer" ]; camera = [ "camera.Baumarkt" @@ -212,7 +207,7 @@ in { }; action = { service = "homeassistant.turn_on"; - entity_id = [ "switch.fernseher" "switch.blitzdings" ]; + entity_id = [ "switch.fernseher" "switch.feuer" ]; }; } { alias = "Turn off Fernseher 10 minutes after last movement"; @@ -231,7 +226,7 @@ in { ]; action = { service = "homeassistant.turn_off"; - entity_id = [ "switch.fernseher" "switch.blitzdings" ]; + entity_id = [ "switch.fernseher" "switch.feuer" ]; }; condition = { condition = "and"; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index cbfb4da1c..177114a49 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -84,5 +84,5 @@ with import <stockholm/lib>; SystemMaxUse=1G RuntimeMaxUse=128M ''; - + environment.pathsToLink = [ "/share" ]; } diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index 6bcd09826..63ce6201a 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -28,6 +28,7 @@ in windowManager = { awesome.enable = true; + awesome.noArgb = true; awesome.luaModules = [ pkgs.luaPackages.vicious ]; default = "awesome"; }; diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix index 40a1c6497..3be020faa 100644 --- a/makefu/2configs/home-manager/desktop.nix +++ b/makefu/2configs/home-manager/desktop.nix @@ -1,8 +1,9 @@ { pkgs, lib, ... }: { - users.users.makefu.packages = with pkgs;[ bat direnv ]; + users.users.makefu.packages = with pkgs;[ bat direnv clipit ]; home-manager.users.makefu = { + systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.networkmanagerapplet}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; programs.firefox.enable = true; programs.obs-studio.enable = true; @@ -36,6 +37,7 @@ }; Service = { + Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.clipit}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; ExecStart = "${pkgs.clipit}/bin/clipit"; Restart = "on-abort"; }; diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index dff6d9337..59658e667 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -56,7 +56,7 @@ ]; } EOF - ${EDITOR:-vim} default.nix + ''${EDITOR:-vim} default.nix fi } eval "$(direnv hook zsh)" diff --git a/makefu/2configs/hw/malduino_elite.nix b/makefu/2configs/hw/malduino_elite.nix new file mode 100644 index 000000000..1af85493f --- /dev/null +++ b/makefu/2configs/hw/malduino_elite.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +{ + + services.udev.extraRules = '' + ACTION!="add|change", GOTO="mm_usb_device_blacklist_local_end" + SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_local_end" + ENV{DEVTYPE}!="usb_device", GOTO="mm_usb_device_blacklist_local_end" + + ATTRS{idVendor}=="1b4f" ATTRS{idProduct}=="9204", ENV{ID_MM_DEVICE_IGNORE}="1" + ATTRS{idVendor}=="1b4f" ATTRS{idProduct}=="9203", ENV{ID_MM_DEVICE_IGNORE}="1" + + LABEL="mm_usb_device_blacklist_local_end" + ''; +} diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index fb1a67358..0889ebbc1 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -6,7 +6,8 @@ in { services.printing = { enable = true; drivers = with pkgs; [ - samsungUnifiedLinuxDriver + # samsungUnifiedLinuxDriver + splix # scx 3200 cups-dymo # dymo labelwriter foo2zjs # magicolor 1690mf cups-zj-58 diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix index 9dedafdd2..05560db90 100644 --- a/ma |