diff options
| -rw-r--r-- | krebs/3modules/external/kmein.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/external/mic92.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 8 | ||||
| -rw-r--r-- | krebs/nixpkgs.json | 8 | ||||
| -rw-r--r-- | lass/1systems/coaxmetal/config.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/default.nix | 3 | ||||
| -rw-r--r-- | lass/3modules/nichtparasoup.nix | 115 | ||||
| -rw-r--r-- | makefu/1systems/gum/config.nix | 7 | ||||
| -rw-r--r-- | makefu/1systems/gum/hetznercloud/default.nix | 50 | ||||
| -rw-r--r-- | makefu/1systems/gum/hetznercloud/doit | 13 | ||||
| -rw-r--r-- | makefu/1systems/gum/hetznercloud/network.nix | 35 | ||||
| -rw-r--r-- | makefu/1systems/gum/hetznercloud/sfdisk.part | 6 |
12 files changed, 238 insertions, 14 deletions
diff --git a/krebs/3modules/external/kmein.nix b/krebs/3modules/external/kmein.nix index 4605fbdf0..6e4457eae 100644 --- a/krebs/3modules/external/kmein.nix +++ b/krebs/3modules/external/kmein.nix @@ -125,6 +125,7 @@ in "grocy.kmein.r" "moodle.kmein.r" "radio.kmein.r" + "home.kmein.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index db57b5944..b62ece0c7 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -146,7 +146,6 @@ in { owner = config.krebs.users.mic92; nets = rec { retiolum = { - ip4.addr = "10.243.29.177"; aliases = [ "herbert.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -163,6 +162,9 @@ in { }; eve = { owner = config.krebs.users.mic92; + extraZones."krebsco.de" = '' + mukke IN CNAME eve.thalheim.io. + ''; nets = rec { internet = { # eve.thalheim.io diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 68484a102..d63277132 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -154,6 +154,8 @@ in { "krebsco.de" = '' latte.euer IN A ${nets.internet.ip4.addr} rss.euer IN A ${nets.internet.ip4.addr} + o.euer IN A ${nets.internet.ip4.addr} + bw.euer IN A ${nets.internet.ip4.addr} ''; }; cores = 4; @@ -217,7 +219,6 @@ in { mon.euer IN A ${nets.internet.ip4.addr} netdata.euer IN A ${nets.internet.ip4.addr} nixos.unstable IN CNAME krebscode.github.io. - o.euer IN A ${nets.internet.ip4.addr} photostore IN A ${nets.internet.ip4.addr} pigstarter IN CNAME makefu.github.io. share.euer IN A ${nets.internet.ip4.addr} @@ -233,14 +234,13 @@ in { maps.work.euer IN A ${nets.internet.ip4.addr} play.work.euer IN A ${nets.internet.ip4.addr} ul.work.euer IN A ${nets.internet.ip4.addr} - bw.euer IN A ${nets.internet.ip4.addr} ''; }; cores = 8; nets = rec { internet = { - ip4.addr = "144.76.26.247"; - ip6.addr = "2a01:4f8:191:12f6::2"; + ip4.addr = "142.132.189.140"; + ip6.addr = "fe80::9400:1ff:fe24:33f4"; aliases = [ "gum.i" ]; diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index c9b40c10f..e7760128f 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "4275a321beab5a71872fb7a5fe5da511bb2bec73", - "date": "2022-02-23T13:42:45-08:00", - "path": "/nix/store/g521qhbql6116naa3fjgga6dm0r24ynx-nixpkgs", - "sha256": "1p3pn7767ifbg08nmgjd93iqk0z87z4lv29ypalj9idwd3chsm69", + "rev": "47cd6702934434dd02bc53a67dbce3e5493e33a2", + "date": "2022-03-04T16:09:08+01:00", + "path": "/nix/store/xbb640k873m7nmchdrnijl0f9n540ys6-nixpkgs", + "sha256": "1rvp9gx7n0gppc86bcysaybw79zl3y8yninsgz6rawdjprzvg7y6", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index 0e6bddf5e..dd8308bbd 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -66,4 +66,6 @@ enable = true; client.enable = true; }; + + documentation.nixos.enable = true; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index e2163b688..f03d8b568 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -221,4 +221,7 @@ with import <stockholm/lib>; time.timeZone = mkDefault"Europe/Berlin"; system.stateVersion = mkDefault "20.03"; + + # disable doc usually + documentation.nixos.enable = mkDefault false; } diff --git a/lass/3modules/nichtparasoup.nix b/lass/3modules/nichtparasoup.nix index 632481b69..c18c942d1 100644 --- a/lass/3modules/nichtparasoup.nix +++ b/lass/3modules/nichtparasoup.nix @@ -24,7 +24,120 @@ with import <stockholm/lib>; [Sites] SoupIO: everyone Pr0gramm: new,top - Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,educationalgifs,EngineeringPorn,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected + Reddit: ${lib.concatStringsSep "," [ + "2healthbars" + "abandonedporn" + "animalsbeingderps" + "ANormalDayInRussia" + "assholedesign" + "AwesomeOffBrands" + "bizarrebuildings" + "bonehurtingjuice" + "boottoobig" + "bossfight" + "bravofotogeschichten" + "breathinginformation" + "buddhistmemes" + "cablefail" + "cableporn" + "catastrophicfailure" + "chairsunderwater" + "clevercomebacks" + "confusingperspective" + "conni" + "crappydesign" + "cursedcomments" + "desirepath" + "doenerverbrechen" + "dontdeadopeninside" + "educationalgifs" + "EngineeringPorn" + "eyebleach" + "forbiddensnacks" + "funnyanimals" + "gifs" + "Gittertiere" + "goodboomerhumor" + "grssk" + "halthoch" + "hmm" + "hmmm" + "holdmybeer" + "holup" + "iamatotalpieceofshit" + "ichbin40undlustig" + "idiotsincars" + "illegallysmolcats" + "infokriegerkutschen" + "instagramreality" + "instant_regret" + "itrunsdoom" + "itsaunixsystem" + "kamikazebywords" + "keming" + "kidsarefuckingstupid" + "kitchenconfidential" + "laughingbuddha" + "LiminalSpace" + "loadingicon" + "MachinePorn" + "mallninjashit" + "michaelbaygifs" + "mildlyinfuriating" + "miscatculations" + "natureisfuckinglit" + "nononoyesno" + "notinteresting" + "notliketheothergirls" + "oddlysatisfying" + "ofcoursethatsathing" + "okbuddylinux" + "OSHA" + "PeopleFuckingDying" + "Perfectfit" + "perfectloops" + "PerfectTiming" + "picsofunusualbirds" + "PixelArt" + "pizzacrimes" + "prequelmemes" + "Prisonwallet" + "reactiongifs" + "RealFakeDoors" + "reallifedoodles" + "RetroFuturism" + "robotsbeingjerks" + "SchizophreniaRides" + "scriptedasiangifs" + "shitposting" + "shittyfoodporn" + "shittyrobots" + "softwaregore" + "specializedtools" + "spicypillows" + "StallmanWasRight" + "startledcats" + "startrekstabilized" + "stupidfood" + "techsupportgore" + "thathappened" + "ThingsCutInHalfPorn" + "totallynotrobots" + "trippinthroughtime" + "Unexpected" + "urbanexploration" + "wasletztepreis" + "wellthatsucks" + "wertekinder" + "wewantplates" + "whatcouldgowrong" + "whatsthisbug" + "whatsthisplant" + "whatswrongwithyourdog" + "whenthe" + "yesyesyesyesno" + "youseeingthisshit" + ]} NineGag: geeky,wtf,hot,trending Instagram: nature,wtf Fourchan: sci diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 089fc8e9f..540106004 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -8,7 +8,7 @@ let in { imports = [ <stockholm/makefu> - ./hardware-config.nix + ./hetznercloud { users.users.lass = { uid = 19002; @@ -42,7 +42,7 @@ in { <stockholm/makefu/2configs/tools/core.nix> <stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/sec.nix> - <stockholm/makefu/2configs/tools/desktop.nix> + #<stockholm/makefu/2configs/tools/desktop.nix> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/mosh.nix> @@ -109,7 +109,6 @@ in { <stockholm/makefu/2configs/share/gum.nix> # samba sahre <stockholm/makefu/2configs/torrent/rtorrent.nix> # <stockholm/makefu/2configs/sickbeard> - <stockholm/makefu/2configs/bitwarden.nix> { nixpkgs.config.allowUnfree = true; } #<stockholm/makefu/2configs/retroshare.nix> @@ -189,7 +188,7 @@ in { ]; # makefu.dl-dir = "/var/download"; - makefu.dl-dir = "/media/cloud/download"; + makefu.dl-dir = "/media/cloud/download/finished"; services.openssh.hostKeys = lib.mkForce [ { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; } diff --git a/makefu/1systems/gum/hetznercloud/default.nix b/makefu/1systems/gum/hetznercloud/default.nix new file mode 100644 index 000000000..cfcd894af --- /dev/null +++ b/makefu/1systems/gum/hetznercloud/default.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, modulesPath, ... }: +{ + + imports = + [ ./network.nix + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + # Disk + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "rpool/home"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "rpool/nix"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + boot.loader.grub.device = "/dev/sda"; + + networking.hostId = "3150697b"; # required for zfs use + boot.tmpOnTmpfs = true; + boot.supportedFilesystems = [ "zfs" ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.copyKernels = true; + boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues + boot.kernelParams = [ + "boot.shell_on_fail" + "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + ]; +} diff --git a/makefu/1systems/gum/hetznercloud/doit b/makefu/1systems/gum/hetznercloud/doit new file mode 100644 index 000000000..45798587a --- /dev/null +++ b/makefu/1systems/gum/hetznercloud/doit @@ -0,0 +1,13 @@ +ROOT_DEVICE=/dev/sda2 +NIXOS_BOOT=/dev/sda1 + +zpool create -o ashift=12 -o altroot=/mnt rpool $ROOT_DEVICE +zfs create -o mountpoint=legacy rpool/root +zfs create -o mountpoint=legacy rpool/home +zfs create -o mountpoint=legacy rpool/nix +mount -t zfs rpool/root /mnt +mkdir /mnt/{home,nix,boot} +mount -t zfs rpool/home /mnt/home +mount -t zfs rpool/nix /mnt/nix +mount $NIXOS_BOOT /mnt/boot/ + diff --git a/makefu/1systems/gum/hetznercloud/network.nix b/makefu/1systems/gum/hetznercloud/network.nix new file mode 100644 index 000000000..24fe3842f --- /dev/null +++ b/makefu/1systems/gum/hetznercloud/network.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, modulesPath, ... }: +let + external-mac = "96:00:01:24:33:f4"; + external-gw = "172.31.1.1"; + external-ip = "142.132.189.140"; + external-ip6 = "2a01:4f8:1c17:5cdf::2/64"; + external-gw6 = "fe80::1"; + external-netmask = 32; + external-netmask6 = 64; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + ext-if = "et0"; # gets renamed on the fly +in +{ + makefu.server.primary-itf = ext-if; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; + networking = { + interfaces."${ext-if}" = { + useDHCP = true; + }; + #ipv4.addresses = [{ + # address = external-ip; + # prefixLength = external-netmask; + #}]; + #ipv6.addresses = [{ + # address = external-ip6; + # prefixLength = external-netmask6; + # }]; + #}; + #defaultGateway6 = { address = external-gw6; interface = ext-if; }; + #defaultGateway = external-gw; + nameservers = [ "1.1.1.1" ]; + }; +} diff --git a/makefu/1systems/gum/hetznercloud/sfdisk.part b/makefu/1systems/gum/hetznercloud/sfdisk.part new file mode 100644 index 000000000..fb375b15a --- /dev/null +++ b/makefu/1systems/gum/hetznercloud/sfdisk.part @@ -0,0 +1,6 @@ +label: gpt +device: /dev/sda +unit: sectors +1 : size=524288 type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 +4 : size=4096 type=21686148-6449-6E6F-744E-656564454649 +2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 |