diff options
-rw-r--r-- | lass/1systems/cloudkrebs.nix | 1 | ||||
-rw-r--r-- | lass/1systems/echelon.nix | 2 | ||||
-rw-r--r-- | lass/1systems/mors.nix | 38 | ||||
-rw-r--r-- | lass/1systems/prism.nix | 2 | ||||
-rw-r--r-- | lass/1systems/shodan.nix | 26 | ||||
-rw-r--r-- | lass/2configs/binary-caches.nix | 13 | ||||
-rw-r--r-- | lass/2configs/hw/tp-x220.nix | 50 | ||||
-rw-r--r-- | lass/2configs/realwallpaper-server.nix | 32 | ||||
-rw-r--r-- | lass/2configs/realwallpaper.nix | 29 | ||||
-rw-r--r-- | lass/2configs/wordpress.nix | 59 |
10 files changed, 81 insertions, 171 deletions
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index a3cc9d7b3..5aa35f5a7 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -13,7 +13,6 @@ in { ../2configs/retiolum.nix ../2configs/git.nix ../2configs/realwallpaper.nix - ../2configs/realwallpaper-server.nix ../2configs/privoxy-retiolum.nix { networking.interfaces.enp2s1.ip4 = [ diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 97734a7bd..8d944ed40 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -11,7 +11,7 @@ in { ../2configs/default.nix ../2configs/exim-retiolum.nix ../2configs/retiolum.nix - ../2configs/realwallpaper-server.nix + ../2configs/realwallpaper.nix ../2configs/privoxy-retiolum.nix ../2configs/git.nix #../2configs/redis.nix diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 062e4c29d..cccfa791c 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -3,6 +3,7 @@ { imports = [ ../. + ../2configs/hw/tp-x220.nix ../2configs/baseX.nix ../2configs/exim-retiolum.nix ../2configs/programs.nix @@ -14,14 +15,9 @@ ../2configs/elster.nix ../2configs/steam.nix ../2configs/wine.nix - #../2configs/texlive.nix - ../2configs/binary-caches.nix - #../2configs/ircd.nix ../2configs/chromium-patched.nix ../2configs/git.nix - #../2configs/wordpress.nix ../2configs/bitlbee.nix - #../2configs/firefoxPatched.nix ../2configs/skype.nix ../2configs/teamviewer.nix ../2configs/libvirt.nix @@ -57,17 +53,10 @@ # package = pkgs.postgresql; # }; #} - { - } ]; krebs.build.host = config.krebs.hosts.mors; - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - boot = { loader.grub.enable = true; loader.grub.version = 2; @@ -77,7 +66,6 @@ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; }; fileSystems = { "/" = { @@ -168,22 +156,6 @@ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' ''; - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - environment.systemPackages = with pkgs; [ acronym cac-api @@ -217,12 +189,4 @@ services.mongodb = { enable = true; }; - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } - ]; - }; - }; } diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index d4207d2e1..34c1ef69b 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -203,7 +203,7 @@ in { } { imports = [ - ../2configs/realwallpaper-server.nix + ../2configs/realwallpaper.nix ]; krebs.nginx.servers."lassul.us".locations = [ (lib.nameValuePair "/wallpaper.png" '' diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 073d86790..96d64bda3 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -4,6 +4,7 @@ with builtins; { imports = [ ../. + ../2configs/hw/tp-x220.nix ../2configs/baseX.nix ../2configs/git.nix ../2configs/exim-retiolum.nix @@ -20,34 +21,10 @@ with builtins; # }; # }; #} - { - #x220 config from mors - #TODO: make x220 config file (or look in other user dir) - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - } ]; krebs.build.host = config.krebs.hosts.shodan; - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - boot = { loader.grub.enable = true; loader.grub.version = 2; @@ -57,7 +34,6 @@ with builtins; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; }; fileSystems = { "/" = { diff --git a/lass/2configs/binary-caches.nix b/lass/2configs/binary-caches.nix deleted file mode 100644 index c2727520d..000000000 --- a/lass/2configs/binary-caches.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: - -{ - nix.sshServe.enable = true; - nix.sshServe.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel" - ]; - nix.binaryCaches = [ - #"scp://nix-ssh@mors" - #"scp://nix-ssh@uriel" - ]; -} diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix new file mode 100644 index 000000000..e8d1e7b6d --- /dev/null +++ b/lass/2configs/hw/tp-x220.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +{ + networking.wireless.enable = lib.mkDefault true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.cpu.intel.updateMicrocode = true; + + zramSwap.enable = true; + zramSwap.numDevices = 2; + + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + + services.tlp.enable = true; + services.tlp.extraConfig = '' + # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery + #START_CHARGE_THRESH_BAT0=80 + STOP_CHARGE_THRESH_BAT0=95 + + CPU_SCALING_GOVERNOR_ON_AC=performance + CPU_SCALING_GOVERNOR_ON_BAT=ondemand + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 + ''; + + boot = { + kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + }; + + services.xserver = { + videoDriver = "intel"; + vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; + deviceSection = '' + Option "AccelMethod" "sna" + ''; + }; + + security.rngd.enable = true; +} diff --git a/lass/2configs/realwallpaper-server.nix b/lass/2configs/realwallpaper-server.nix deleted file mode 100644 index 7340fc7ca..000000000 --- a/lass/2configs/realwallpaper-server.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, ... }: - -let - hostname = config.krebs.build.host.name; - inherit (lib) - nameValuePair - ; - -in { - imports = [ - ./realwallpaper.nix - ]; - - krebs.nginx.servers.wallpaper = { - server-names = [ - hostname - ]; - locations = [ - (nameValuePair "/wallpaper.png" '' - root /tmp/; - '') - ]; - }; - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - }; -} diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index c69cb1660..2ab52ed92 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -1,5 +1,30 @@ -{ config, ... }: +{ config, lib, ... }: -{ +let + hostname = config.krebs.build.host.name; + inherit (lib) + nameValuePair + ; + +in { krebs.realwallpaper.enable = true; + + krebs.nginx.servers.wallpaper = { + server-names = [ + hostname + ]; + locations = [ + (nameValuePair "/wallpaper.png" '' + root /tmp/; + '') + ]; + }; + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + }; } diff --git a/lass/2configs/wordpress.nix b/lass/2configs/wordpress.nix deleted file mode 100644 index bd59080d9..000000000 --- a/lass/2configs/wordpress.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, pkgs, ... }: - -{ - containers.wordpress = { - privateNetwork = true; - hostAddress = "192.168.101.1"; - localAddress = "192.168.101.2"; - - config = { - imports = [ - ../../krebs/3modules/iptables.nix - ]; - - krebs.iptables = { - enable = true; - tables = { - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } - ]; - }; - }; - - environment.systemPackages = with pkgs; [ - iptables - ]; - - services.postgresql = { - enable = true; - package = pkgs.postgresql; - }; - - services.httpd = { - enable = true; - adminAddr = "root@apanowicz.de"; - extraModules = [ - { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } - ]; - virtualHosts = [ - { - hostName = "wordpress"; - serverAliases = [ "wordpress" "www.wordpress" ]; - - extraSubservices = [ - { - serviceName = "wordpress"; - } - ]; - } - ]; - }; - }; - }; -} |