diff options
Diffstat (limited to 'lass/1systems')
| -rw-r--r-- | lass/1systems/icarus.nix | 32 | ||||
| -rw-r--r-- | lass/1systems/mors.nix | 7 | ||||
| -rw-r--r-- | lass/1systems/prism.nix | 33 |
3 files changed, 50 insertions, 22 deletions
diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix index 3998fc177..7f632e9bf 100644 --- a/lass/1systems/icarus.nix +++ b/lass/1systems/icarus.nix @@ -14,15 +14,6 @@ with import <stockholm/lib>; ../2configs/fetchWallpaper.nix ../2configs/backups.nix ../2configs/games.nix - #{ - # users.extraUsers = { - # root = { - # openssh.authorizedKeys.keys = map readFile [ - # ../../krebs/Zpubkeys/uriel.ssh.pub - # ]; - # }; - # }; - #} ]; krebs.build.host = config.krebs.hosts.icarus; @@ -32,19 +23,28 @@ with import <stockholm/lib>; loader.grub.version = 2; loader.grub.device = "/dev/sda"; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; }; fileSystems = { "/" = { - device = "/dev/pool/nix"; + device = "/dev/mapper/pool-root"; fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/bku" = { + device = "/dev/mapper/pool-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; - "/boot" = { - device = "/dev/sda1"; + device = "/dev/sda2"; }; "/tmp" = { device = "tmpfs"; @@ -54,7 +54,7 @@ with import <stockholm/lib>; }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; } diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 012bd359f..dde867eb3 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -256,11 +256,6 @@ with import <stockholm/lib>; fsType = "ext4"; }; - "/bku" = { - device = "/dev/big/backups"; - fsType = "ext4"; - }; - "/home/games/.local/share/Steam" = { device = "/dev/big/steam"; fsType = "ext4"; @@ -289,7 +284,7 @@ with import <stockholm/lib>; services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; #TODO activationScripts seem broken, fix them! diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index d07acebee..34d81f099 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -226,6 +226,39 @@ in { enable = true; }; } + { + users.users.nin = { + uid = genid "nin"; + inherit (config.krebs.users.nin) home; + group = "users"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + extraGroups = [ + "libvirtd" + ]; + }; + krebs.git.rules = [ + { + user = [ config.krebs.users.nin ]; + repo = [ config.krebs.git.repos.stockholm ]; + perm = with git; push "refs/heads/nin" [ fast-forward non-fast-forward create delete merge ]; + } + ]; + krebs.repo-sync.repos.stockholm.nin = { + origin.url = "http://cgit.prism/stockholm"; + origin.ref = "heads/nin"; + mirror.url = "git@${config.networking.hostName}:stockholm"; + }; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; |