diff options
Diffstat (limited to 'lass')
37 files changed, 572 insertions, 549 deletions
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index df8868034..bd559944a 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -34,6 +34,7 @@ with import <stockholm/lib>; ]; }; environment.systemPackages = with pkgs; [ + ark pavucontrol #firefox chromium @@ -58,7 +59,7 @@ with import <stockholm/lib>; krebs.per-user.bitcoin.packages = [ pkgs.electrum pkgs.electron-cash - pkgs.altcoins.litecoin + pkgs.litecoin ]; users.extraUsers = { bitcoin = { diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index 998fa1478..f57d275d8 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: { imports = [ <stockholm/lass> @@ -14,15 +14,19 @@ krebs.build.host = config.krebs.hosts.hilum; - boot.loader.grub.extraEntries = '' - menuentry "grml" { - iso_path=/isos/grml.iso - export iso_path - search --set=root --file $iso_path - loopback loop $iso_path - root=(loop) - configfile /boot/grub/loopback.cfg - loopback --delete loop - } - ''; + boot.loader.grub = { + extraEntries = '' + submenu isos { + source /grub/autoiso.cfg + } + ''; + extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation { + name = "autoiso.cfg"; + src = pkgs.grub2.src; + phases = [ "unpackPhase" "installPhase" ]; + installPhase = '' + cp docs/autoiso.cfg $out + ''; + }); + }; } diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index d8c8699ae..86727700f 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { imports = [ @@ -14,20 +14,13 @@ <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/games.nix> <stockholm/lass/2configs/bitcoin.nix> - <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/wine.nix> - <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/nfs-dl.nix> - <stockholm/lass/2configs/prism-share.nix> + #<stockholm/lass/2configs/prism-share.nix> <stockholm/lass/2configs/ssh-cryptsetup.nix> ]; krebs.build.host = config.krebs.hosts.icarus; - - environment.systemPackages = with pkgs; [ - macchanger - dpass - ]; programs.adb.enable = true; } diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix deleted file mode 100644 index cab267d54..000000000 --- a/lass/1systems/morpheus/config.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -{ - imports = [ - <stockholm/lass> - - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/power-action.nix> - <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/games.nix> - <stockholm/lass/2configs/steam.nix> - ]; - - krebs.build.host = config.krebs.hosts.morpheus; - - networking.wireless.enable = false; - networking.networkmanager.enable = true; - - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - - nixpkgs.config.packageOverrides = super: { - steam = super.steam.override { - withPrimus = true; - extraPkgs = p: with p; [ - glxinfo - nettools - bumblebee - ]; - }; - }; - - - services.xserver.desktopManager.default = "none"; - services.xserver.displayManager.lightdm.autoLogin = { - enable = true; - user = "lass"; - timeout = 5; - }; -} diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix deleted file mode 100644 index 0f08acb2d..000000000 --- a/lass/1systems/morpheus/physical.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib, ... }: -{ - imports = [ - <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ./config.nix - ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostId = "60ce7e88"; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2009"'' ]; - - hardware.bumblebee.enable = true; - hardware.bumblebee.group = "video"; - - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/DF3B-4528"; - fsType = "vfat"; - }; - - nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a586807ef..e957279e2 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -184,7 +184,7 @@ with import <stockholm/lib>; imports = [ <stockholm/lass/2configs/realwallpaper.nix> ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + services.nginx.virtualHosts."lassul.us".locations."= /wallpaper.png".extraConfig = '' alias /var/realwallpaper/realwallpaper.png; ''; } @@ -261,41 +261,6 @@ with import <stockholm/lib>; hostAddress = "10.233.2.3"; localAddress = "10.233.2.4"; }; - services.nginx.virtualHosts."rote-allez-fraktion.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - extraConfig = '' - proxy_set_header Host rote-allez-fraktion.de; - proxy_pass http://10.233.2.4; - ''; - }; - }; - } - { - imports = [ <stockholm/lass/2configs/backup.nix> ]; - lass.restic = genAttrs [ - "daedalus" - "icarus" - "littleT" - "mors" - "shodan" - "skynet" - ] (dest: { - dirs = [ - "/home/chat/.weechat" - "/bku/sql_dumps" - ]; - passwordFile = (toString <secrets>) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/prism"; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }); } { users.users.download.openssh.authorizedKeys.keys = [ @@ -379,7 +344,7 @@ with import <stockholm/lib>; services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' if ($scheme != "https") { - rewrite ^ https://$host$uri permanent; + rewrite ^ https://$host$request_uri permanent; } auth_basic "Restricted Content"; auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 2d25bc88a..8630d0f4b 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -28,6 +28,12 @@ export SYSTEM="$1" $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; + usb-tether-on = pkgs.writeDash "usb-tether-on" '' + adb shell su -c service call connectivity 33 i32 1 s16 text + ''; + usb-tether-off = pkgs.writeDash "usb-tether-off" '' + adb shell su -c service call connectivity 33 i32 0 s16 text + ''; }; services.xserver = { @@ -66,26 +72,8 @@ programs.adb.enable = true; - services.logind.lidSwitch = "ignore"; - services.acpid = { - enable = true; - lidEventCommands = '' - export DISPLAY=:${toString config.services.xserver.display} - case "$1" in - "button/lid LID close") - ${pkgs.xorg.xinput}/bin/xinput disable 'pointer: Mouse for Windows' - ${pkgs.xorg.xinput}/bin/xinput disable 'keyboard: Mouse for Windows' - ${pkgs.acpilight}/bin/xbacklight -get > /tmp/pre_lid_brightness - ${pkgs.acpilight}/bin/xbacklight -set 0 - ;; - "button/lid LID open") - ${pkgs.xorg.xinput}/bin/xinput enable 'pointer: Mouse for Windows' - ${pkgs.xorg.xinput}/bin/xinput enable 'keyboard: Mouse for Windows' - ${pkgs.acpilight}/bin/xbacklight -set $(cat /tmp/pre_lid_brightness) - ;; - esac - ''; - }; + services.logind.lidSwitch = "suspend"; + lass.screenlock.enable = lib.mkForce false; systemd.services.suspend-again = { after = [ "suspend.target" ]; diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix index 5d60dfc45..77cf2206b 100644 --- a/lass/1systems/xerxes/physical.nix +++ b/lass/1systems/xerxes/physical.nix @@ -13,9 +13,8 @@ }; boot.loader.efi.canTouchEfiVariables = true; - # TODO fix touchscreen boot.blacklistedKernelModules = [ - "goodix" + "sdhci_pci" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; @@ -46,7 +45,7 @@ swapDevices = [ ]; boot.extraModprobeConfig = '' - options zfs zfs_arc_max=1073741824 + options zfs zfs_arc_max=107374182 ''; nix.maxJobs = lib.mkDefault 4; @@ -74,13 +73,10 @@ services.xserver = { videoDrivers = [ "intel" ]; - deviceSection = '' - Option "TearFree" "true" - ''; displayManager.sessionCommands = '' echo nonono > /tmp/xxyy (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right) - (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1) ''; }; } diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index cda0d0a33..d049bdee6 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -47,7 +47,7 @@ with import <stockholm/lib>; }; virtualHosts.default = { default = true; - locations."/Nginx-Fancyindex-Theme-dark" = { + locations."=/Nginx-Fancyindex-Theme-dark" = { extraConfig = '' alias ${pkgs.fetchFromGitHub { owner = "Naereen"; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index ecbb7541f..52d694c46 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -10,6 +10,7 @@ in { ./copyq.nix ./urxvt.nix ./xdg-open.nix + ./yubikey.nix { hardware.pulseaudio = { enable = true; @@ -54,7 +55,7 @@ in { time.timeZone = "Europe/Berlin"; programs.ssh.agentTimeout = "10m"; - programs.ssh.startAgent = true; + programs.ssh.startAgent = false; services.openssh.forwardX11 = true; environment.systemPackages = with pkgs; [ @@ -62,11 +63,11 @@ in { acpilight ag cabal2nix - cholerab dic dmenu font-size fzfmenu + gimp gitAndTools.qgit git-preview gnome3.dconf diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index c0085995d..eafab400c 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,100 +1,13 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - - mainUser = config.users.extraUsers.mainUser; - - browser-select = let - sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) - (mapAttrsToList (name: value: { inherit name value; }) - config.lass.browser.paths); - in pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) - case $BROWSER in - ${concatMapStringsSep "\n" (n: '' - ${n.name}) - export BIN=${n.value.path}/bin/${n.name} - ;; - '') (sortedPaths)} - esac - $BIN "$@" - ''; - - createUser = script: name: groups: precedence: dpi: - { - lass.xjail.${name} = { - inherit script groups dpi; - }; - environment.systemPackages = [ - config.lass.xjail-bins.${name} - (pkgs.writeDashBin "cx-${name}" '' - DISPLAY=:${toString (genid_uint31 name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip - '') - ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; - - createChromiumUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.chromium}/bin/chromium "$@" - '') name groups precedence 80; - - createFirefoxUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.firefox}/bin/firefox "$@" - '') name groups precedence 80; - - createQuteUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.qutebrowser}/bin/qutebrowser "$@" - '') name groups precedence 60; - -in { - - lass.browser.select = browser-select; - - environment.systemPackages = [ - browser-select - ]; - +{ + lass.browser.config = { + cr = { groups = [ "audio" "video" ]; precedence = 9; }; + }; programs.chromium = { enable = true; extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium + "ihlenndgcmojhcghmfjfneahoeklbjjh" #cVim ]; }; - - imports = [ - { - options.lass.browser.select = mkOption { - type = types.path; - }; - options.lass.browser.paths = mkOption { - type = types.attrsOf (types.submodule ({ - options = { - path = mkOption { - type = types.path; - }; - precedence = mkOption { - type = types.int; - default = 0; - }; - }; - })); - }; - } - ( createFirefoxUser "ff" [ "audio" ] 11 ) - ( createQuteUser "qb" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "audio" "video" ] 9 ) - ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "audio" ] 0 ) - ( createChromiumUser "fb" [ "audio" ] 0 ) - ( createChromiumUser "com" [ "audio" ] 0 ) - ( createChromiumUser "fin" [] (-1) ) - ]; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 972b4760a..27242b129 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -23,8 +23,8 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey - config.krebs.users.lass-shodan.pubkey - config.krebs.users.lass-icarus.pubkey + config.krebs.users.lass-xerxes.pubkey + config.krebs.users.lass-yubikey.pubkey ]; }; mainUser = { @@ -42,6 +42,8 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey + config.krebs.users.lass-xerxes.pubkey + config.krebs.users.lass-yubikey.pubkey ]; }; }; @@ -173,13 +175,7 @@ with import <stockholm/lib>; ''; }; - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; + services.openssh.enable = true; services.journald.extraConfig = '' SystemMaxUse=1G @@ -190,7 +186,9 @@ with import <stockholm/lib>; enable = true; tables = { nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-i retiolum -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + { predicate = "-i wiregrill -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + { predicate = "-p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } ]; nat.OUTPUT.rules = [ @@ -217,7 +215,4 @@ with import <stockholm/lib>; networking.dhcpcd.extraConfig = '' noipv4ll ''; - services.netdata = { - enable = true; - }; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index d1e6b195b..a82672998 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -15,6 +15,7 @@ with import <stockholm/lib>; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors config.krebs.hosts.blue + config.krebs.hosts.xerxes ]; internet-aliases = with config.krebs.users; [ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 @@ -106,6 +107,10 @@ with import <stockholm/lib>; { from = "ubisoft@lassul.us"; to = lass.mail; } { from = "kottezeller@lassul.us"; to = lass.mail; } { from = "pie@lassul.us"; to = lass.mail; } + { from = "vebit@lassul.us"; to = lass.mail; } + { from = "vcvrack@lassul.us"; to = lass.mail; } + { from = "epic@lassul.us"; to = lass.mail; } + { from = "microsoft@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index a3acb82bb..c0e6beba4 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -10,7 +10,7 @@ let doom = pkgs.writeDash "doom" '' DOOM_DIR=''${DOOM_DIR:-~/doom/} ${vdoom} \ - -file $DOOM_DIR/lib/brutalv20.pk3 \ + -file $DOOM_DIR/lib/brutalv21.pk3 \ "$@" ''; doom1 = pkgs.writeDashBin "doom1" '' @@ -56,15 +56,6 @@ let ''; in { - environment.systemPackages = with pkgs; [ - dolphinEmu - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver - ]; - users.extraUsers = { games = { name = "games"; @@ -76,7 +67,14 @@ in { packages = with pkgs; [ minecraft steam-run + scummvm dolphinEmu + doom1 + doom2 + vdoom1 + vdoom2 + vdoomserver + retroarchBare ]; }; }; diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index a1bb26049..0ddb63a03 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import <stockholm/lib>; { nix.gc = { - automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer); + automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer); }; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 7650f4294..ced0d7955 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -180,7 +180,7 @@ let with git // config.krebs.users; repo: singleton { - user = [ lass lass-mors lass-shodan lass-icarus lass-blue ]; + user = [ lass lass-mors lass-shodan lass-icarus lass-blue lass-xerxes ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index 5649041f9..89b119347 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, pkgs, ... }: { imports = [ <stockholm/krebs/2configs/hw/x220.nix> @@ -8,7 +8,20 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + extraModulePackages = [ + config.boot.kernelPackages.tp_smapi + config.boot.kernelPackages.acpi_call + ]; + kernelModules = [ + "acpi_call" + "tp_smapi" + ]; }; + + environment.systemPackages = [ + pkgs.tpacpi-bat + ]; + fileSystems = { "/" = { device = "/dev/mapper/pool-root"; @@ -33,4 +46,10 @@ services.logind.lidSwitch = "ignore"; services.logind.lidSwitchDocked = "ignore"; + services.tlp.enable = true; + services.tlp.extraConfig = '' + START_CHARGE_THRESH_BAT0=80 + STOP_CHARGE_THRESH_BAT0=95 + ''; + } diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 1c253a6c5..156ebcae7 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -2,7 +2,7 @@ { krebs.per-user.lass.packages = with pkgs; [ - |