diff options
-rw-r--r-- | krebs/3modules/lass/default.nix | 40 | ||||
-rw-r--r-- | krebs/3modules/tinc.nix | 8 | ||||
-rw-r--r-- | krebs/5pkgs/haskell/blessings.nix | 17 | ||||
-rw-r--r-- | krebs/nixpkgs-unstable.json | 7 | ||||
-rw-r--r-- | krebs/nixpkgs.json | 6 | ||||
-rwxr-xr-x | krebs/update-nixpkgs-unstable.sh | 9 | ||||
-rwxr-xr-x | krebs/update-nixpkgs.sh (renamed from krebs/update-channel.sh) | 0 | ||||
-rw-r--r-- | lass/1systems/hilum/config.nix | 28 | ||||
-rw-r--r-- | lass/1systems/hilum/physical.nix | 35 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 2 | ||||
-rw-r--r-- | lass/1systems/prism/config.nix | 8 | ||||
-rw-r--r-- | lass/1systems/prism/physical.nix | 5 | ||||
-rw-r--r-- | lass/1systems/shodan/config.nix | 87 | ||||
-rw-r--r-- | lass/1systems/shodan/physical.nix | 1 | ||||
-rw-r--r-- | lass/2configs/backup.nix | 1 | ||||
-rw-r--r-- | lass/2configs/baseX.nix | 11 | ||||
-rw-r--r-- | tv/3modules/default.nix | 1 | ||||
-rw-r--r-- | tv/3modules/focus.nix | 4 |
18 files changed, 249 insertions, 21 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index a8314e11c..78f3542fa 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -638,6 +638,46 @@ in { ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; }; + hilum = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.20.123"; + ip6.addr = r6 "005b"; + aliases = [ + "hilum.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb + pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi + V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c + SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh + 4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE + saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz + vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY + 8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ + wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3 + RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh + Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl + 87b8jfJNXlKFW+EBxBxN2uECAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "005b"; + aliases = [ + "hilum.w" + ]; + wireguard.pubkey = '' + 0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw= + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w"; + syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC"; + }; }; users = rec { lass = lass-blue; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 24eac7158..ed00d187c 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -110,8 +110,12 @@ let hostsArchive = mkOption { type = types.package; default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} '' - ${pkgs.coreutils}/bin/ln -s ${tinc.config.hostsPackage} hosts - ${pkgs.gnutar}/bin/tar -hcjf $out hosts + cp \ + --no-preserve=mode \ + --recursive \ + ${tinc.config.hostsPackage} \ + hosts + ${pkgs.gnutar}/bin/tar -cjf $out hosts ''; readOnly = true; }; diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix index 55f2d17d0..b0e81fdc1 100644 --- a/krebs/5pkgs/haskell/blessings.nix +++ b/krebs/5pkgs/haskell/blessings.nix @@ -6,19 +6,10 @@ with import <stockholm/lib>; version = "1.1.0"; sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1"; }; - "18.09" = { - version = "2.2.0"; - sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; - }; - "19.03" = { - version = "2.2.0"; - sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; - }; - "19.09" = { - version = "2.2.0"; - sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; - }; - }.${versions.majorMinor version}; + }.${versions.majorMinor version} or { + version = "2.2.0"; + sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; + }; in mkDerivation { pname = "blessings"; diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json new file mode 100644 index 000000000..5f8f0c771 --- /dev/null +++ b/krebs/nixpkgs-unstable.json @@ -0,0 +1,7 @@ +{ + "url": "https://github.com/NixOS/nixpkgs-channels", + "rev": "d484f2b7fc0834a068e8ace851faa449a03963f5", + "date": "2019-09-20T22:58:43+02:00", + "sha256": "0jk93ikryi2hqc30l2n5i4vlgmklrlzb8cf7b3sg1q3k70q344jn", + "fetchSubmodules": false +} diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index a72f5cad5..f1dd0bf6d 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "8a30e242181410931bcd0384f7147b6f1ce286a2", - "date": "2019-09-10T08:24:01-04:00", - "sha256": "0574zwcgy3pqjcxli4948sd3sy6h0qw6fvsm4r530gqj41gpwf6b", + "rev": "021d733ea3f87b8c9232020b4e606d08eaca160b", + "date": "2019-09-20T08:20:21+02:00", + "sha256": "13600nzrakvg2hsfg5yr7x0jp9m762nvjyddf07q60d3m7vx9jxy", "fetchSubmodules": false } diff --git a/krebs/update-nixpkgs-unstable.sh b/krebs/update-nixpkgs-unstable.sh new file mode 100755 index 000000000..068da5f6f --- /dev/null +++ b/krebs/update-nixpkgs-unstable.sh @@ -0,0 +1,9 @@ +#!/bin/sh +dir=$(dirname $0) +oldrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') +nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ + --url https://github.com/NixOS/nixpkgs-channels \ + --rev refs/heads/nixos-unstable' \ +> $dir/nixpkgs-unstable.json +newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') +git commit $dir/nixpkgs.json -m "nixpkgs-unstable: $oldrev -> $newrev" diff --git a/krebs/update-channel.sh b/krebs/update-nixpkgs.sh index 08354357a..08354357a 100755 --- a/krebs/update-channel.sh +++ b/krebs/update-nixpkgs.sh diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix new file mode 100644 index 000000000..998fa1478 --- /dev/null +++ b/lass/1systems/hilum/config.nix @@ -0,0 +1,28 @@ +{ config, ... }: +{ + imports = [ + <stockholm/lass> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/network-manager.nix> + <stockholm/lass/2configs/mail.nix> + <stockholm/lass/2configs/syncthing.nix> + ]; + + krebs.build.host = config.krebs.hosts.hilum; + + boot.loader.grub.extraEntries = '' + menuentry "grml" { + iso_path=/isos/grml.iso + export iso_path + search --set=root --file $iso_path + loopback loop $iso_path + root=(loop) + configfile /boot/grub/loopback.cfg + loopback --delete loop + } + ''; +} diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix new file mode 100644 index 000000000..f8bab57d6 --- /dev/null +++ b/lass/1systems/hilum/physical.nix @@ -0,0 +1,35 @@ +{ lib, pkgs, ... }: + +{ + imports = [ + ./config.nix + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0"; + boot.loader.grub.efiInstallAsRemovable = true; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2B9E-5131"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 5076beeef..1477d6d8b 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -54,7 +54,7 @@ with import <stockholm/lib>; folders = { the_playlist = { path = "/home/lass/tmp/the_playlist"; - peers = [ "mors" "phone" "prism" ]; + peers = [ "mors" "phone" "prism" "xerxes" ]; }; free_music = { id = "mu9mn-zgvsw"; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index eec8e34b8..845cf943c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -31,7 +31,15 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" ]; + packages = [ + (pkgs.writeDashBin "kick-routing" '' + /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service + '') + ]; }; + security.sudo.extraConfig = '' + riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service + ''; # TODO write function for proxy_pass (ssl/nonssl) diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 9a84e9d63..7458f5ffd 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -20,6 +20,11 @@ fsType = "ext4"; }; + fileSystems."/backups" = { + device = "tank/backups"; + fsType = "zfs"; + }; + fileSystems."/srv/http" = { device = "tank/srv-http"; fsType = "zfs"; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 5de87d790..ad510283f 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -17,6 +17,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/green-host.nix> <stockholm/lass/2configs/ssh-cryptsetup.nix> + <stockholm/lass/2configs/nfs-dl.nix> ]; krebs.build.host = config.krebs.hosts.shodan; @@ -24,4 +25,90 @@ with import <stockholm/lib>; services.logind.extraConfig = '' HandleLidSwitch=ignore ''; + + #media center + users.users.media = { + isNormalUser = true; + uid = genid_uint31 "media"; + extraGroups = [ "video" "audio" ]; + }; + + services.xserver.displayManager.lightdm.autoLogin = { + enable = true; + user = "media"; + }; + + #hass + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 1883"; target = "ACCEPT"; } + # zerotierone + { predicate = "-p udp --dport 9993"; target = "ACCEPT"; } + ]; + + services.home-assistant = let + tasmota_s20 = name: topic: { + platform = "mqtt"; + inherit name; + state_topic = "stat/${topic}/POWER"; + command_topic = "cmnd/${topic}/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + }; + in { + enable = true; + package = pkgs.home-assistant.override { + python3 = pkgs.python36; + #extraComponents = [ + # (pkgs.fetchgit { + # url = "https://github.com/marcschumacher/dwd_pollen"; + # rev = "0.1"; + # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p"; + # }) + #]; + }; + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + elevation = 247; + }; + sun.elevation = 66; + discovery = {}; + frontend = { }; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "gg23"; + password = "gg23-mqtt"; + keepalive = 60; + protocol = 3.1; + }; + sensor = [ + ]; + switch = [ + (tasmota_s20 "Drucker Strom" "drucker") + (tasmota_s20 "Bett Licht" "bett") + ]; + device_tracker = [ + { + platform = "luci"; + } + ]; + }; + }; + + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + users.gg23 = { + password = "gg23-mqtt"; + acl = [ "topic readwrite #" ]; + }; + }; + environment.systemPackages = [ pkgs.mosquitto ]; } diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 41508127c..7cfeba932 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -13,7 +13,6 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; }; fileSystems = { "/" = { diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix index 94272fdb0..f5c241785 100644 --- a/lass/2configs/backup.nix +++ b/lass/2configs/backup.nix @@ -6,6 +6,7 @@ with import <stockholm/lib>; useDefaultShell = true; home = "/backups"; createHome = true; + group = "syncthing"; openssh.authorizedKeys.keys = with config.krebs.hosts; [ blue.ssh.pubkey ]; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 5003d2279..ecbb7541f 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -59,6 +59,7 @@ in { environment.systemPackages = with pkgs; [ acpi + acpilight ag cabal2nix cholerab @@ -72,6 +73,7 @@ in { lm_sensors ncdu nix-index + nix-review nmap pavucontrol powertop @@ -79,9 +81,10 @@ in { sxiv taskwarrior termite + transgui + wirelesstools xclip xephyrify - xorg.xbacklight xorg.xhost xsel zathura @@ -94,6 +97,12 @@ in { xlibs.fontschumachermisc ]; + services.udev.extraRules = '' + SUBSYSTEM=="backlight", ACTION=="add", \ + RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", \ + RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness" + ''; + services.xserver = { enable = true; layout = "us"; diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index edaf50f03..db2cdcd1f 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -3,6 +3,7 @@ ./charybdis ./dnsmasq.nix ./ejabberd + ./focus.nix ./hosts.nix ./iptables.nix ./slock.nix diff --git a/tv/3modules/focus.nix b/tv/3modules/focus.nix new file mode 100644 index 000000000..b1a7b2e52 --- /dev/null +++ b/tv/3modules/focus.nix @@ -0,0 +1,4 @@ +with import <stockholm/lib>; +{ + options.tv.focus.enable = mkEnableOption "tv.focus"; +} |