diff options
Diffstat (limited to 'lass')
| -rw-r--r-- | lass/1systems/lasspi/config.nix | 26 | ||||
| -rw-r--r-- | lass/1systems/lasspi/physical.nix | 43 | ||||
| -rw-r--r-- | lass/1systems/prism/config.nix | 14 | ||||
| -rw-r--r-- | lass/1systems/wizard/config.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/murmur.nix | 39 |
5 files changed, 110 insertions, 14 deletions
diff --git a/lass/1systems/lasspi/config.nix b/lass/1systems/lasspi/config.nix new file mode 100644 index 000000000..9f823dfc8 --- /dev/null +++ b/lass/1systems/lasspi/config.nix @@ -0,0 +1,26 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +let +in +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs> + <stockholm/lass/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.lasspi; + + networking = { + networkmanager = { + enable = true; + }; + }; + environment.systemPackages = with pkgs; [ + vim + rxvt_unicode.terminfo + ]; + services.openssh.enable = true; + + system.stateVersion = "21.05"; +} diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix new file mode 100644 index 000000000..80c459a95 --- /dev/null +++ b/lass/1systems/lasspi/physical.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +{ + # This configuration worked on 09-03-2021 nixos-unstable @ commit 102eb68ceec + # The image used https://hydra.nixos.org/build/134720986 + imports = [ + ./config.nix + ]; + + boot = { + # kernelPackages = pkgs.linuxPackages_rpi4; + tmpOnTmpfs = true; + initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; + # ttyAMA0 is the serial console broken out to the GPIO + kernelParams = [ + "8250.nr_uarts=1" + "console=ttyAMA0,115200" + "console=tty1" + # Some gui programs need this + "cma=128M" + ]; + }; + + boot.loader.raspberryPi = { + enable = true; + version = 4; + }; + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + + # Required for the Wireless firmware + hardware.enableRedistributableFirmware = true; + + # Assuming this is installed on top of the disk image. + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + + powerManagement.cpuFreqGovernor = "ondemand"; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6ce4332da..3a6ab25a4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -276,19 +276,7 @@ with import <stockholm/lib>; { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} ]; } - { - services.murmur = { - enable = true; - bandwidth = 10000000; - registerName = "lassul.us"; - autobanTime = 30; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} - { predicate = "-p udp --dport 64738"; target = "ACCEPT";} - ]; - - } + <stockholm/lass/2configs/murmur.nix> { systemd.services."container@yellow".reloadIfChanged = mkForce false; containers.yellow = { diff --git a/lass/1systems/wizard/config.nix b/lass/1systems/wizard/config.nix index 8f9db7d3c..e158fa728 100644 --- a/lass/1systems/wizard/config.nix +++ b/lass/1systems/wizard/config.nix @@ -271,7 +271,7 @@ in { message = "lassulus: torify sshn root@"; }; systemd.services.hidden-ssh-announce.wantedBy = mkForce []; - services.mingetty.autologinUser = lib.mkForce "root"; + services.getty.autologinUser = lib.mkForce "root"; nixpkgs.config.packageOverrides = super: { dmenu = pkgs.writeDashBin "dmenu" '' diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix new file mode 100644 index 000000000..9f325d0af --- /dev/null +++ b/lass/2configs/murmur.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: +{ + services.murmur = { + enable = true; + bandwidth = 10000000; + registerName = "lassul.us"; + autobanTime = 30; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + { predicate = "-p udp --dport 64738"; target = "ACCEPT";} + ]; + + systemd.services.docker-mumble-web.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + virtualisation.oci-containers.containers.mumble-web = { + image = "rankenstein/mumble-web"; + environment = { + MUMBLE_SERVER = "lassul.us:64738"; + }; + ports = [ + "64739:8080" + ]; + }; + + services.nginx.virtualHosts."mumble.lassul.us" = { + enableACME = true; + forceSSL = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:64739/; + proxy_set_header Accept-Encoding ""; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + ''; + }; +} |