diff options
Diffstat (limited to 'makefu/1systems')
-rw-r--r-- | makefu/1systems/darth.nix | 19 | ||||
-rw-r--r-- | makefu/1systems/omo.nix | 6 | ||||
-rw-r--r-- | makefu/1systems/shoney.nix | 14 | ||||
-rw-r--r-- | makefu/1systems/vbob.nix | 20 |
4 files changed, 41 insertions, 18 deletions
diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 5f1d6e121..87029a693 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -16,16 +16,32 @@ in { ../2configs/smart-monitor.nix ../2configs/exim-retiolum.nix ../2configs/virtualization.nix + + ../2configs/temp-share-samba.nix ]; + services.samba.shares = { + isos = { + path = "/data/isos/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; services.tinc.networks.siem = { name = "sdarth"; extraConfig = "ConnectTo = sjump"; }; + + makefu.forward-journal = { + enable = true; + src = "10.8.10.2"; + dst = "10.8.10.6"; + }; + #networking.firewall.enable = false; krebs.retiolum.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; - hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; networking = { @@ -33,6 +49,7 @@ in { firewall = { allowPing = true; logRefusedConnections = false; + trustedInterfaces = [ "eno1" ]; allowedUDPPorts = [ 80 655 1655 67 ]; allowedTCPPorts = [ 80 655 1655 ]; }; diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e71055f54..8c24e0ff5 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -75,6 +75,7 @@ in { # HDD Array stuff + environment.systemPackages = [ pkgs.mergerfs ]; services.smartd.devices = builtins.map (x: { device = x; }) allDisks; makefu.snapraid = let @@ -129,7 +130,10 @@ in { kernelModules = [ "kvm-intel" ]; extraModulePackages = [ ]; }; - + users.users.misa = { + uid = 9002; + name = "misa"; + }; hardware.enableAllFirmware = true; hardware.cpu.intel.updateMicrocode = true; diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 1fe8871d2..3a3ac9c7c 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -3,8 +3,9 @@ let tinc-siem-ip = "10.8.10.1"; ip = "64.137.234.215"; - alt-ip = "64.137.234.210"; - extra-ip = "64.137.234.114"; #currently unused + alt-ip = "64.137.234.210"; # honeydrive honeyd + extra-ip1 = "64.137.234.114"; # floating tinc.siem + extra-ip2 = "64.137.234.232"; # honeydrive gw = "64.137.234.1"; in { imports = [ @@ -15,7 +16,7 @@ in { ]; - + environment.systemPackages = [ pkgs.honeyd ]; services.tinc.networks.siem.name = "sjump"; krebs = { @@ -37,10 +38,15 @@ in { }; }; }; + makefu.forward-journal = { + enable = true; + src = "10.8.10.1"; + dst = "10.8.10.6"; + }; networking = { interfaces.enp2s1.ip4 = [ { address = ip; prefixLength = 24; } - { address = alt-ip; prefixLength = 24; } + # { address = alt-ip; prefixLength = 24; } ]; defaultGateway = gw; diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 8b71b1393..3fcb173ce 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -5,23 +5,23 @@ imports = [ # Include the results of the hardware scan. ../. - <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix> + (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>) + (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>) ../2configs/main-laptop.nix #< base-gui + # (toString <secrets>)/extra-hosts.nix # environment ]; - nixpkgs.config.allowUnfree = true; + # workaround for https://github.com/NixOS/nixpkgs/issues/16641 + services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; + nixpkgs.config.allowUnfree = true; fileSystems."/nix" = { device ="/dev/disk/by-label/nixstore"; fsType = "ext4"; }; - fileSystems."/var/lib/docker" = { - device ="/dev/disk/by-label/nix-docker"; - fsType = "ext4"; - }; - #makefu.buildbot.master.enable = true; + # allow vbob to deploy self users.extraUsers = { root = { @@ -52,11 +52,7 @@ "gum" ]; }; - - networking.extraHosts = '' - 172.17.20.190 gitlab - 172.17.62.27 svbittool01 tool - ''; + virtualisation.docker.enable = false; fileSystems."/media/share" = { fsType = "vboxsf"; |