summaryrefslogtreecommitdiffstats
path: root/jeschli
diff options
context:
space:
mode:
Diffstat (limited to 'jeschli')
-rw-r--r--jeschli/1systems/bln/config.nix189
-rw-r--r--jeschli/1systems/bln/hardware-configuration.nix34
-rw-r--r--jeschli/1systems/bln/source.nix4
-rw-r--r--jeschli/1systems/brauerei/config.nix132
-rw-r--r--jeschli/1systems/brauerei/hardware-configuration.nix33
-rw-r--r--jeschli/1systems/brauerei/source.nix4
-rw-r--r--jeschli/1systems/reagenzglas/.source.nix.swpbin0 -> 12288 bytes
-rw-r--r--jeschli/1systems/reagenzglas/config.nix146
-rw-r--r--jeschli/1systems/reagenzglas/hardware-configuration.nix33
-rw-r--r--jeschli/1systems/reagenzglas/source.nix4
-rw-r--r--jeschli/2configs/default.nix66
-rw-r--r--jeschli/2configs/retiolum.nix22
-rw-r--r--jeschli/2configs/tests/dummy-secrets/empty0
-rw-r--r--jeschli/2configs/urxvt.nix34
-rw-r--r--jeschli/2configs/vim.nix92
-rw-r--r--jeschli/default.nix9
-rw-r--r--jeschli/source.nix22
17 files changed, 824 insertions, 0 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
new file mode 100644
index 000000000..901970e81
--- /dev/null
+++ b/jeschli/1systems/bln/config.nix
@@ -0,0 +1,189 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ <stockholm/jeschli>
+ ./hardware-configuration.nix
+ # ./dcso-vpn.nix
+ ];
+
+ # Use the GRUB 2 boot loader.
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ # boot.loader.grub.efiSupport = true;
+ # boot.loader.grub.efiInstallAsRemovable = true;
+ # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+ # Define on which hard drive you want to install Grub.
+ boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+ boot.loader.grub.extraEntries = ''
+ menuentry "Debian GNU/Linux, kernel 4.9.0-4-amd64" {
+ search --set=drive1 --fs-uuid f169fd32-bf96-4da0-bc34-294249ffa606
+ linux ($drive1)/vmlinuz-4.9.0-4-amd64 root=/dev/mapper/pool-debian ro
+ initrd ($drive1)/initrd.img-4.9.0-4-amd64
+ }
+ '';
+ boot.initrd.luks.devices = [
+ {
+ name = "root";
+ device = "/dev/disk/by-uuid/cba5d550-c3c8-423e-a913-14b5210bdd32";
+ preLVM = true;
+ allowDiscards = true;
+ }
+ ];
+
+ networking.hostName = "BLN02NB0154"; # Define your hostname.
+ networking.networkmanager.enable = true;
+ #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+
+ # Select internationalisation properties.
+ # i18n = {
+ # consoleFont = "Lat2-Terminus16";
+ # consoleKeyMap = "us";
+ # defaultLocale = "en_US.UTF-8";
+ # };
+
+ # Set your time zone.
+ time.timeZone = "Europe/Berlin";
+
+
+ # List packages installed in system profile. To search by name, run:
+ # $ nix-env -qaP | grep wget
+ nixpkgs.config.allowUnfree = true;
+ environment.shellAliases = { n = "nix-shell"; };
+ environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
+ environment.systemPackages = with pkgs; [
+ # system helper
+ ag
+ copyq
+ dmenu
+ git
+ i3lock
+ keepass
+ networkmanagerapplet
+ rsync
+ terminator
+ tmux
+ wget
+ rxvt_unicode
+ # editors
+ emacs
+ # internet
+ thunderbird
+ hipchat
+ chromium
+ google-chrome
+ # programming languages
+ go
+ gcc
+ ghc
+ python35
+ python35Packages.pip
+ # go tools
+ golint
+ gotools
+ # dev tools
+ gnumake
+ jetbrains.pycharm-professional
+ jetbrains.webstorm
+ jetbrains.goland
+ texlive.combined.scheme-full
+ pandoc
+ redis
+ # document viewer
+ zathura
+ ];
+
+
+
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ programs.bash.enableCompletion = true;
+ programs.vim.defaultEditor = true;
+ # programs.mtr.enable = true;
+ # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+
+ # List services that you want to enable:
+
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+
+ # Open ports in the firewall.
+ # networking.firewall.allowedTCPPorts = [ ... ];
+ # networking.firewall.allowedUDPPorts = [ ... ];
+ # Or disable the firewall altogether.
+ # networking.firewall.enable = false;
+
+ # Enable CUPS to print documents.
+ services.printing.enable = true;
+ services.printing.drivers = [ pkgs.postscript-lexmark ];
+ # Enable the X11 windowing system.
+ services.xserver.enable = true;
+ # services.xserver.xrandrHeads = [
+ # { output = "eDP1"; }
+ # { output = "DP-2-2-8"; primary = true; }
+ # { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; }
+ # ];
+ # services.xserver.layout = "us";
+ # services.xserver.xkbOptions = "eurosign:e";
+
+ # Enable touchpad support.
+ # services.xserver.libinput.enable = true;
+
+ # Enable the KDE Desktop Environment.
+# services.xserver.displayManager.lightdm.enable = true;
+ services.xserver.windowManager.xmonad.enable = true;
+ services.xserver.windowManager.xmonad.enableContribAndExtras = true;
+# services.xserver.desktopManager.gnome3.enable = true;
+ # services.xserver.displayManager.gdm.enable = true;
+ services.xserver.displayManager.sddm.enable = true;
+ #services.xserver.desktopManager.plasma5.enable = true;
+# services.xserver.displayManager.sessionCommands = ''
+# (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off
+#'';
+
+ # Define a user account. Don't forget to set a password with ‘passwd’.
+ users.extraUsers.markus = {
+ isNormalUser = true;
+ extraGroups = ["docker"];
+ uid = 1000;
+ };
+
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "17.09"; # Did you read the comment?
+
+ # Gogland Debugger workaround
+# nixpkgs.config.packageOverrides = super: {
+# idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: {
+# postFixup = ''
+# interp="$(cat $NIX_CC/nix-support/dynamic-linker)"
+# patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
+# chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
+# '';
+# });
+# };
+
+# virtualisation.docker.enable = true;
+
+
+ # DCSO Certificates
+ security.pki.certificateFiles = [
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ ];
+
+ hardware.bluetooth.enable = true;
+ krebs.build.host = config.krebs.hosts.bln;
+}
diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix
new file mode 100644
index 000000000..714162271
--- /dev/null
+++ b/jeschli/1systems/bln/hardware-configuration.nix
@@ -0,0 +1,34 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+ imports =
+ [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/02144ea4-947d-440e-bbf9-99cab0dccf05";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/f169fd32-bf96-4da0-bc34-294249ffa606";
+ fsType = "ext2";
+ };
+
+ fileSystems."/home" =
+ { device = "/dev/disk/by-uuid/68ef2163-7b3d-4dbb-add9-d3543ad7c738";
+ fsType = "ext4";
+ };
+
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+ powerManagement.cpuFreqGovernor = "powersave";
+}
diff --git a/jeschli/1systems/bln/source.nix b/jeschli/1systems/bln/source.nix
new file mode 100644
index 000000000..0864fd90c
--- /dev/null
+++ b/jeschli/1systems/bln/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/jeschli/source.nix> {
+ name = "bln";
+ secure = true;
+}
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
new file mode 100644
index 000000000..171a002da
--- /dev/null
+++ b/jeschli/1systems/brauerei/config.nix
@@ -0,0 +1,132 @@
+# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’).
+{ config, pkgs, ... }:
+{
+ imports = [
+ <stockholm/jeschli>
+ ./hardware-configuration.nix
+ <stockholm/jeschli/2configs/urxvt.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.brauerei;
+ # Use the GRUB 2 boot loader.
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.efiSupport = true;
+ # Define on which hard drive you want to install Grub.
+ boot.loader.grub.device = "/dev/sda";
+ # or "nodev" for efi only
+ boot.initrd.luks.devices = [ {
+ name = "root";
+ device = "/dev/sda2";
+ preLVM = true;
+ allowDiscards = true;
+ } ];
+ # networking.hostName = "nixos";
+ # Define your hostname.
+ networking.wireless.enable = true;
+ # Enables wireless support via wpa_supplicant.
+ # Select internationalisation properties.
+ # i18n = {
+ # consoleFont = "Lat2-Terminus16";
+ # consoleKeyMap = "us";
+ # defaultLocale = "en_US.UTF-8";
+ # };
+ # Set your time zone. #
+ time.timeZone = "Europe/Amsterdam";
+ nixpkgs.config.allowUnfree = true;
+ # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget
+ environment.systemPackages = with pkgs; [
+ # system helper
+ ag
+ curl
+ copyq
+ dmenu
+ git
+ i3lock
+ keepass
+ networkmanagerapplet
+ rsync
+ terminator
+ tmux
+ wget
+ # rxvt_unicode
+ # editors
+ emacs
+ # internet
+ thunderbird
+ chromium
+ google-chrome
+ # programming languages
+ go
+ gcc
+ ghc
+ python35
+ python35Packages.pip
+ # go tools
+ golint
+ gotools
+ # dev tools
+ gnumake
+ jetbrains.pycharm-professional
+ jetbrains.webstorm
+ jetbrains.goland
+ # document viewer
+ zathura
+ ];
+
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ # programs.bash.enableCompletion = true;
+ # programs.mtr.enable = true;
+ programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+
+ # List services that you want to enable:
+
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+
+ # Open ports in the firewall.
+ # networking.firewall.allowedTCPPorts = [ ... ];
+ # networking.firewall.allowedUDPPorts = [ ... ];
+ # Or disable the firewall altogether.
+ # networking.firewall.enable = false;
+
+ # Enable CUPS to print documents.
+ # services.printing.enable = true;
+
+ # Enable the X11 windowing system.
+ services.xserver.enable = true;
+ # services.xserver.layout = "us";
+ # services.xserver.xkbOptions = "eurosign:e";
+
+ # Enable touchpad support.
+ # services.xserver.libinput.enable = true;
+
+ # Enable the KDE Desktop Environment.
+ # services.xserver.displayManager.sddm.enable = true;
+ # services.xserver.desktopManager.plasma5.enable = true;
+ services.xserver.displayManager.sddm.enable = true;
+ services.xserver.windowManager.xmonad.enable = true;
+ services.xserver.windowManager.xmonad.enableContribAndExtras = true;
+#
+ # Define a user account. Don't forget to set a password with ‘passwd’.
+ users.extraUsers.jeschli = {
+ isNormalUser = true;
+ uid = 1000;
+ };
+ users.extraUsers.jamie = {
+ isNormalUser = true;
+ uid = 1001;
+ };
+
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
+ ];
+
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "17.09"; # Did you read the comment?
+
+}
diff --git a/jeschli/1systems/brauerei/hardware-configuration.nix b/jeschli/1systems/brauerei/hardware-configuration.nix
new file mode 100644
index 000000000..75fdb89fd
--- /dev/null
+++ b/jeschli/1systems/brauerei/hardware-configuration.nix
@@ -0,0 +1,33 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+ imports =
+ [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sdhci_pci" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/e264fc21-45bb-4224-93fc-b0e19c2c3478";
+ fsType = "ext4";
+ };
+
+ fileSystems."/home" =
+ { device = "/dev/disk/by-uuid/bd0846ce-7d39-4329-bcb4-7c76becd6ab1";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/42BF-0795";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+}
diff --git a/jeschli/1systems/brauerei/source.nix b/jeschli/1systems/brauerei/source.nix
new file mode 100644
index 000000000..61978768e
--- /dev/null
+++ b/jeschli/1systems/brauerei/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/jeschli/source.nix> {
+ name = "brauerei";
+ secure = true;
+}
diff --git a/jeschli/1systems/reagenzglas/.source.nix.swp b/jeschli/1systems/reagenzglas/.source.nix.swp
new file mode 100644
index 000000000..8c1a75f39
--- /dev/null
+++ b/jeschli/1systems/reagenzglas/.source.nix.swp
Binary files differ
diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix
new file mode 100644
index 000000000..d65e897ae
--- /dev/null
+++ b/jeschli/1systems/reagenzglas/config.nix
@@ -0,0 +1,146 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ <stockholm/jeschli>
+ ./hardware-configuration.nix
+ ];
+
+ # Use the GRUB 2 boot loader.
+ # boot.loader.grub.enable = true;
+ # boot.loader.grub.version = 2;
+ # boot.loader.grub.efiSupport = true;
+ # boot.loader.grub.efiInstallAsRemovable = true;
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+ # Define on which hard drive you want to install Grub.
+# boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only
+
+ boot.initrd.luks.devices = [
+ {
+ name = "root";
+ device = "/dev/disk/by-id/wwn-0x5002538844584d30-part2";
+ preLVM = true;
+ allowDiscards = true;
+ }
+ ];
+ networking.hostName = "reaganzglas"; # Define your hostname.
+# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+ networking.networkmanager.enable = true;
+ # Select internationalisation properties.
+ # i18n = {
+ # consoleFont = "Lat2-Terminus16";
+ # consoleKeyMap = "us";
+ # defaultLocale = "en_US.UTF-8";
+ # };
+
+ # Set your time zone.
+ # time.timeZone = "Europe/Amsterdam";
+
+ # List packages installed in system profile. To search by name, run:
+ # $ nix-env -qaP | grep wget
+ nixpkgs.config.allowUnfree = true;
+ environment.shellAliases = { n = "nix-shell"; };
+ environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
+ environment.systemPackages = with pkgs; [
+ # system helper
+ ag
+ curl
+ copyq
+ dmenu
+ git
+ i3lock
+ keepass
+ networkmanagerapplet
+ rsync
+ terminator
+ tmux
+ wget
+ rxvt_unicode
+ # editors
+ emacs
+ # internet
+ thunderbird
+ chromium
+ google-chrome
+ # programming languages
+ go
+ gcc
+ ghc
+ python35
+ python35Packages.pip
+ # go tools
+ golint
+ gotools
+ # dev tools
+ gnumake
+ # document viewer
+ zathura
+ ];
+
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ # programs.mtr.enable = true;
+ # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+
+ # List services that you want to enable:
+
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas"
+ ];
+
+ # Open ports in the firewall.
+ # networking.firewall.allowedTCPPorts = [ ... ];
+ # networking.firewall.allowedUDPPorts = [ ... ];
+ # Or disable the firewall altogether.
+ # networking.firewall.enable = false;
+
+ # Enable CUPS to print documents.
+ # services.printing.enable = true;
+
+ # Enable the X11 windowing system.
+ services.xserver.enable = true;
+ services.xserver.layout = "us";
+ services.xserver.xkbOptions = "eurosign:e";
+
+ # Enable touchpad support.
+ services.xserver.libinput.enable = true;
+
+ # Enable the KDE Desktop Environment.
+ services.xserver.displayManager.sddm.enable = true;
+ services.xserver.windowManager.xmonad.enable = true;
+ services.xserver.windowManager.xmonad.enableContribAndExtras = true;
+
+ # services.xserver.desktopManager.plasma5.enable = true;
+
+ # Define a user account. Don't forget to set a password with ‘passwd’.
+ users.extraUsers.jeschli = {
+ isNormalUser = true;
+ uid = 1000;
+ };
+
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "18.03"; # Did you read the comment?
+
+ programs.bash = {
+ enableCompletion = true;
+ interactiveShellInit = ''
+ export GOPATH=$HOME/go
+ export PATH=$PATH:$GOPATH/bin
+ '';
+ };
+
+ krebs.build.host = config.krebs.hosts.reagenzglas;
+
+ hardware.bluetooth.enable = true;
+}
diff --git a/jeschli/1systems/reagenzglas/hardware-configuration.nix b/jeschli/1systems/reagenzglas/hardware-configuration.nix
new file mode 100644
index 000000000..a6ab3f16e
--- /dev/null
+++ b/jeschli/1systems/reagenzglas/hardware-configuration.nix
@@ -0,0 +1,33 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+ imports =
+ [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/09130cf7-b71b-42ab-9fa3-cb3c745f1fc9";
+ fsType = "ext4";
+ };
+
+ fileSystems."/home" =
+ { device = "/dev/disk/by-uuid/8bee50b3-5733-4373-a966-388def141774";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/DA40-AC19";
+ fsType = "vfat";
+ };
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 8;
+# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/jeschli/1systems/reagenzglas/source.nix b/jeschli/1systems/reagenzglas/source.nix
new file mode 100644
index 000000000..7543de6b9
--- /dev/null
+++ b/jeschli/1systems/reagenzglas/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/jeschli/source.nix> {
+ name = "reagenzglas";
+ secure = true;
+}
diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix
new file mode 100644
index 000000000..7fb240951
--- /dev/null
+++ b/jeschli/2configs/default.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ imports = [
+ ./vim.nix
+ ./retiolum.nix
+ {
+ environment.variables = {
+ NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
+ };
+ }
+ ];
+
+ nixpkgs.config.allowUnfree = true;
+
+ environment.systemPackages = with pkgs; [
+ #stockholm
+ git
+ gnumake
+ jq
+ parallel
+ proot
+ populate
+
+ #style
+ most
+ rxvt_unicode.terminfo
+
+ #monitoring tools
+ htop
+ iotop
+
+ #network
+ iptables
+ iftop
+
+ #stuff for dl
+ aria2
+
+ #neat utils
+ file
+ kpaste
+ krebspaste
+ mosh
+ pciutils
+ psmisc
+ # q
+ # rs
+ tmux
+ untilport
+ usbutils
+ # logify
+ goify
+
+ #unpack stuff
+ p7zip
+ unzip
+ unrar
+
+ (pkgs.writeDashBin "sshn" ''
+ ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
+ '')
+ ];
+
+ krebs.enable = true;
+}
diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix
new file mode 100644
index 000000000..403300b30
--- /dev/null
+++ b/jeschli/2configs/retiolum.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+{
+
+ krebs.tinc.retiolum = {
+ enable = true;
+ connectTo = [
+ "prism"
+ "gum"
+ "ni"
+ "dishfire"
+ ];
+ };
+
+ nixpkgs.config.packageOverrides = pkgs: {
+ tinc = pkgs.tinc_pre;
+ };
+
+ environment.systemPackages = [
+ pkgs.tinc
+ ];
+}
diff --git a/jeschli/2configs/tests/dummy-secrets/empty b/jeschli/2configs/tests/dummy-secrets/empty
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/jeschli/2configs/tests/dummy-secrets/empty
diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix
new file mode 100644
index 000000000..a2e02de35
--- /dev/null
+++ b/jeschli/2configs/urxvt.nix
@@ -0,0 +1,34 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ services.urxvtd.enable = true;
+ krebs.xresources.enable = true;
+ krebs.xresources.resources.urxvt = ''
+ *foreground: rgb:a8/a8/a8
+ *background: rgb:00/00/00
+ *faceName: DejaVu Sans Mono
+ *faceSize: 12
+ *color0: rgb:00/00/00
+ *color1: rgb:a8/00/00
+ *color2: rgb:00/a8/00
+ *color3: rgb:a8/54/00
+ *color4: rgb:00/00/a8
+ *color5: rgb:a8/00/a8
+ *color6: rgb:00/a8/a8
+ *color7: rgb:a8/a8/a8
+ *color8: rgb:54/54/54
+ *color9: rgb:fc/54/54
+ *color10: rgb:54/fc/54
+ *color11: rgb:fc/fc/54
+ *color12: rgb:54/54/fc
+ *color13: rgb:fc/54/fc
+ *color14: rgb:54/fc/fc
+ *color15: rgb:fc/fc/fc
+
+ URxvt*scrollBar: false
+ URxvt*urgentOnBell: true
+ URxvt*font: xft:DejaVu Sans Mono:pixelsize=20
+ URXvt*faceSize: 12
+ '';
+}
diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix
new file mode 100644
index 000000000..1a2231a86
--- /dev/null
+++ b/jeschli/2configs/vim.nix
@@ -0,0 +1,92 @@
+{ config, pkgs, ... }:
+
+let
+ customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin {
+ name = "vim-javascript";
+ src = pkgs.fetchFromGitHub {
+ owner = "pangloss";
+ repo = "vim-javascript";
+ rev = "1.2.5.1";
+ sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7";
+ };
+ };
+ customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin {
+ name = "vim-jsx";
+ src = pkgs.fetchFromGitHub {
+ owner = "mxw";
+ repo = "vim-jsx";
+ rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a";
+ sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a";
+ };
+ };
+in {
+# {
+ environment.systemPackages = [
+ (pkgs.vim_configurable.customize {
+ name = "vim";
+
+ vimrcConfig.customRC = ''
+ set nocompatible
+
+ :imap jk <Esc>
+ :vmap v v
+ :map gr :GoRun<Enter>
+ :nnoremap <S-TAB> :bnext<CR>
+ :nnoremap <C-TAB> <c-w><c-w>
+ :map nf :NERDTreeToggle<CR>
+ set autowrite
+ set number
+ set ruler
+ set path+=**
+ set wildmenu
+
+ noremap x "_x
+ set clipboard=unnamedplus
+
+ let g:jsx_ext_required = 0
+
+ let g:go_list_type = "quickfix"
+ let g:go_test_timeout = '10s'
+ let g:go_fmt_command = "goimports"
+ let g:go_snippet_case_type = "camelcase"
+ let g:go_highlight_types = 1
+ let g:go_highlight_fields = 1
+ let g:go_highlight_functions = 1
+ let g:go_highlight_methods = 1
+ let g:go_highlight_extra_types = 1
+ autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
+ let g:rehash256 = 1
+ let g:molokai_original = 1
+ colorscheme molokai
+ let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck']
+ let g:go_metalinter_autosave = 1
+ " let g:go_metalinter_autosave_enabled = ['vet', 'golint']
+ " let g:go_def_mode = 'godef'
+ " let g:go_decls_includes = "func,type"
+
+
+ " Trigger configuration. Do not use <tab> if you use https://github.com/Valloric/YouCompleteMe.
+ let g:UltiSnipsExpandTrigger="<c-e>"
+ let g:UltiSnipsJumpForwardTrigger="<c-t>"
+ let g:UltiSnipsJumpBackwardTrigger="<c-q>"
+
+ " If you want :UltiSnipsEdit to split your window.
+ let g:UltiSnipsEditSplit="vertical"
+
+ if has('persistent_undo') "check if your vim version supports it
+ set undofile "turn on the feature
+ set undodir=$HOME/.vim/undo "directory where the undo files will be stored
+ endif
+ '';
+
+ vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
+ vimrcConfig.vam.pluginDictionaries = [
+ { names = [ "undotree" "molokai" "Syntastic" "ctrlp" "surround" "snipmate" "nerdtree" "easymotion"]; }
+ { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
+ { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode
+ { names = [ "vim-javascript" ]; ft_regex = "^js\$"; }
+ { names = [ "vim-jsx" ]; ft_regex = "^js\$"; }
+ ];
+ })
+ ];
+}
diff --git a/jeschli/default.nix b/jeschli/default.nix
new file mode 100644
index 000000000..7886fef49
--- /dev/null
+++ b/jeschli/default.nix
@@ -0,0 +1,9 @@
+_:
+{
+ imports = [
+ ../krebs
+ ./2configs
+# ./3modules
+# ./5pkgs
+ ];
+}
diff --git a/jeschli/source.nix b/jeschli/source.nix
new file mode 100644
index 000000000..d1b64b0ed
--- /dev/null
+++ b/jeschli/source.nix
@@ -0,0 +1,22 @@
+with import <stockholm/lib>;
+host@{ name, secure ? false, override ? {} }: let
+ builder = if getEnv "dummy_secrets" == "true"
+ then "buildbot"
+ else "jeschli";
+ _file = <stockholm> + "/jeschli/1systems/${name}/source.nix";
+in
+ evalSource (toString _file) [
+ {
+