summaryrefslogtreecommitdiffstats
path: root/old/modules/mors
diff options
context:
space:
mode:
Diffstat (limited to 'old/modules/mors')
-rw-r--r--old/modules/mors/default.nix294
-rw-r--r--old/modules/mors/git.nix130
-rw-r--r--old/modules/mors/paths.nix12
-rw-r--r--old/modules/mors/repos.nix87
-rw-r--r--old/modules/mors/retiolum.nix21
5 files changed, 0 insertions, 544 deletions
diff --git a/old/modules/mors/default.nix b/old/modules/mors/default.nix
deleted file mode 100644
index 8ba052d60..000000000
--- a/old/modules/mors/default.nix
+++ /dev/null
@@ -1,294 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- ../lass/xresources.nix
- ../lass/desktop-base.nix
- ../lass/programs.nix
- ./retiolum.nix
- ../tv/synaptics.nix
- ../lass/bitcoin.nix
- ../lass/browsers.nix
- ../lass/games.nix
- ../tv/exim-retiolum.nix
- ../lass/pass.nix
- ../lass/vim.nix
- ../lass/virtualbox.nix
- ../lass/elster.nix
- ../lass/urxvt.nix
- ../lass/steam.nix
- ../lass/wine.nix
- ../lass/texlive.nix
- ../common/nixpkgs.nix
- ../lass/binary-caches.nix
- ../lass/ircd.nix
- ../../secrets/mors-pw.nix
- ./repos.nix
- ../lass/chromium-patched.nix
- ./git.nix
- ];
-
- nixpkgs = {
- url = "https://github.com/Lassulus/nixpkgs";
- rev = "7ef800430789252dac47f0b67e75a6b9bb616397";
- };
-
- networking.hostName = "mors";
- networking.wireless.enable = true;
-
- networking.extraHosts = ''
- '';
-
- nix.maxJobs = 4;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
- boot = {
- kernelParams = [
- "acpi.brightness_switch_enabled=0"
- ];
- loader.grub.enable = true;
- loader.grub.version = 2;
- loader.grub.device = "/dev/sda";
-
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
- initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
- };
- fileSystems = {
- "/" = {
- device = "/dev/big/nix";
- fsType = "ext4";
- };
-
- "/boot" = {
- device = "/dev/sda1";
- };
-
- "/mnt/loot" = {
- device = "/dev/big/loot";
- fsType = "ext4";
- };
-
- "/home" = {
- device = "/dev/big/home";
- fsType = "ext4";
- };
-
- "/home/lass" = {
- device = "/dev/big/home-lass";
- fsType = "ext4";
- };
-
- "/mnt/backups" = {
- device = "/dev/big/backups";
- fsType = "ext4";
- };
-
- "/home/games/.local/share/Steam" = {
- device = "/dev/big/steam";
- fsType = "ext4";
- };
-
- "/home/virtual/virtual" = {
- device = "/dev/big/virtual";
- fsType = "ext4";
- };
-
- "/mnt/public" = {
- device = "/dev/big/public";
- fsType = "ext4";
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
- '';
-
- #TODO activationScripts seem broken, fix them!
- #activationScripts
- #split up and move into base
- system.activationScripts.powertopTunables = ''
- #Enable Audio codec power management
- echo '1' > '/sys/module/snd_hda_intel/parameters/power_save'
- #VM writeback timeout
- echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs'
- #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
- echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
- #Autosuspend for USB device Biometric Coprocessor
- echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
-
- #Runtime PMs
- echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:16.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:03:00.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:0d:00.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:16.3/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
- '';
-
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- #system.activationScripts.trackpoint = ''
- # echo 0 > '/sys/devices/platform/i8042/serio1/serio2/speed'
- # echo 220 > '/sys/devices/platform/i8042/serio1/serio2/sensitivity'
- #'';
-
- services.xserver = {
- videoDriver = "intel";
- vaapiDrivers = [ pkgs.vaapiIntel ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- BusID "PCI:0:2:0"
- '';
- };
-
- users.extraUsers = {
- #main user
- mainUser = {
- uid = 1337;
- name = "lass";
- #isNormalUser = true;
- group = "users";
- createHome = true;
- home = "/home/lass";
- useDefaultShell = true;
- isSystemUser = false;
- extraGroups = [ "wheel" "audio" ];
- };
- };
-
- environment.systemPackages = with pkgs; [
- ];
-
- #TODO: fix this shit
- ##fprint stuff
- ##sudo fprintd-enroll $USER to save fingerprints
- #services.fprintd.enable = true;
- #security.pam.services.sudo.fprintAuth = true;
-
- users.extraGroups = {
- loot = {
- members = [
- config.users.extraUsers.mainUser.name
- "firefox"
- "chromium"
- "google"
- "virtual"
- ];
- };
- };
-
- networking.firewall = {
- allowPing = true;
- allowedTCPPorts = [
- 8000
- ];
- allowedUDPPorts = [
- 67
- ];
- };
-
- services.mongodb = {
- enable = true;
- };
- #services.ircdHybrid = {
- # enable = true;
-
- # description = "local test server";
- #};
-
- #TODO
- #services.urxvtd = {
- # enable = true;
- # users = [ "lass" ];
- # urxvtPackage = pkgs.rxvt_unicode_with-plugins;
- #};
-
- #system.activationScripts.iptables =
- # let
- # log = false;
- # when = c: f: if c then f else "";
- # in
- # ''
- # ip4tables() { ${pkgs.iptables}/sbin/iptables "$@"; }
- # ip6tables() { ${pkgs.iptables}/sbin/ip6tables "$@"; }
- # ipXtables() { ip4tables "$@"; ip6tables "$@"; }
-
- # #
- # # nat
- # #
-
- # # reset tables
- # ipXtables -t nat -F
- # ipXtables -t nat -X
-
- # #
- # #ipXtables -t nat -A PREROUTING -j REDIRECT ! -i retiolum -p tcp --dport ssh --to-ports 0
- # ipXtables -t nat -A PREROUTING -j REDIRECT -p tcp --dport 11423 --to-ports ssh
-
- # #
- # # filter
- # #
-
- # # reset tables
- # ipXtables -P INPUT DROP
- # ipXtables -P FORWARD DROP
- # ipXtables -F
- # ipXtables -X
-
- # # create custom chains
- # ipXtables -N Retiolum
-
- # # INPUT
- # ipXtables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
- # ipXtables -A INPUT -j ACCEPT -i lo
- # ipXtables -A INPUT -j ACCEPT -p tcp --dport ssh -m conntrack --ctstate NEW
- # ipXtables -A INPUT -j ACCEPT -p tcp --dport http -m conntrack --ctstate NEW
- # ipXtables -A INPUT -j ACCEPT -p tcp --dport tinc -m conntrack --ctstate NEW
- # ipXtables -A INPUT -j ACCEPT -p tcp --dport smtp -m conntrack --ctstate NEW
-
- # #mc
- # ipXtables -A INPUT -j ACCEPT -p tcp --dport 25565
- # ipXtables -A INPUT -j ACCEPT -p udp --dport 25565
-
- # ipXtables -A INPUT -j Retiolum -i retiolum
- # ${when log "ipXtables -A INPUT -j LOG --log-level info --log-prefix 'INPUT DROP '"}
-
- # # FORWARD
- # ${when log "ipXtables -A FORWARD -j LOG --log-level info --log-prefix 'FORWARD DROP '"}
-
- # # Retiolum
- # ip4tables -A Retiolum -j ACCEPT -p icmp --icmp-type echo-request
- # ip6tables -A Retiolum -j ACCEPT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request
-
-
- # ${when log "ipXtables -A Retiolum -j LOG --log-level info --log-prefix 'REJECT '"}
- # ipXtables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset
- # ip4tables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable
- # ip4tables -A Retiolum -j REJECT --reject-with icmp-proto-unreachable
- # ip6tables -A Retiolum -j REJECT -p udp --reject-with icmp6-port-unreachable
- # ip6tables -A Retiolum -j REJECT
-
- # '';
-}
diff --git a/old/modules/mors/git.nix b/old/modules/mors/git.nix
deleted file mode 100644
index 375064868..000000000
--- a/old/modules/mors/git.nix
+++ /dev/null
@@ -1,130 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- inherit (builtins) map readFile;
- inherit (lib) concatMap listToAttrs;
- # TODO lib should already include our stuff
- inherit (import ../../lib { inherit lib pkgs; }) addNames git;
-
- x-repos = [
- (krebs-private "brain")
-
- (public "painload")
- (public "shitment")
- (public "wai-middleware-time")
- (public "web-routes-wai-custom")
-
- (secret "pass")
-
- (tv-lass "emse-drywall")
- (tv-lass "emse-hsdb")
- ];
-
- users = addNames {
- tv = { pubkey = readFile <pubkeys/tv_wu.ssh.pub>; };
- lass = { pubkey = readFile <pubkeys/lass.ssh.pub>; };
- uriel = { pubkey = readFile <pubkeys/uriel.ssh.pub>; };
- makefu = { pubkey = "xxx"; };
- };
-
- repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) x-repos);
-
- rules = concatMap ({ rules, ... }: rules) x-repos;
-
- krebs-private = repo-name:
- rec {
- repo = {
- name = repo-name;
- hooks = {
- post-receive = git.irc-announce {
- nick = config.networking.hostName; # TODO make this the default
- channel = "#retiolum";
- server = "ire.retiolum";
- };
- };
- };
- rules = with git; with users; [
- { user = lass;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- }
- { user = [ tv makefu uriel ];
- repo = [ repo ];
- perm = fetch;
- }
- ];
- };
-
- public = repo-name:
- rec {
- repo = {
- name = repo-name;
- hooks = {
- post-receive = git.irc-announce {
- nick = config.networking.hostName; # TODO make this the default
- channel = "#retiolum";
- server = "ire.retiolum";
- };
- };
- public = true;
- };
- rules = with git; with users; [
- { user = lass;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- }
- { user = [ tv makefu uriel ];
- repo = [ repo ];
- perm = fetch;
- }
- ];
- };
-
- secret = repo-name:
- rec {
- repo = {
- name = repo-name;
- hooks = {};
- };
- rules = with git; with users; [
- { user = lass;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- }
- { user = [ uriel ];
- repo = [ repo ];
- perm = fetch;
- }
- ];
- };
-
- tv-lass = repo-name:
- rec {
- repo = {
- name = repo-name;
- hooks = {};
- };
- rules = with git; with users; [
- { user = lass;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- }
- { user = [ tv ];
- repo = [ repo ];
- perm = fetch;
- }
- ];
- };
-
-in
-
-{
- imports = [
- ../tv/git
- ];
-
- tv.git = {
- enable = true;
- inherit repos rules users;
- };
-}
diff --git a/old/modules/mors/paths.nix b/old/modules/mors/paths.nix
deleted file mode 100644
index 153356a7e..000000000
--- a/old/modules/mors/paths.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- lib.file.url = ../../lib;
- modules.file.url = ../../modules;
- nixpkgs.git = {
- url = https://github.com/Lassulus/nixpkgs;
- rev = "7ef800430789252dac47f0b67e75a6b9bb616397";
- cache = ../../tmp/git-cache;
- };
- pubkeys.file.url = ../../pubkeys;
- retiolum-hosts.file.url = ../../hosts;
- secrets.file.url = ../../secrets;
-}
diff --git a/old/modules/mors/repos.nix b/old/modules/mors/repos.nix
deleted file mode 100644
index 1f7f33456..000000000
--- a/old/modules/mors/repos.nix
+++ /dev/null
@@ -1,87 +0,0 @@
-{ ... }:
-
-{
- imports = [
- ../lass/gitolite-base.nix
- ../common/krebs-keys.nix
- ../common/krebs-repos.nix
- ];
-
- services.gitolite = {
- repos = {
-
- config = {
- users = {
- lass = "RW+";
- uriel = "R";
- tv = "R";
- };
- extraConfig = "option hook.post-receive = irc-announce";
- };
-
- pass = {
- users = {
- lass = "RW+";
- uriel = "R";
- };
- };
-
- load-env = {
- users = {
- lass = "RW+";
- uriel = "R";
- tv = "R";
- };
- extraConfig = "option hook.post-receive = irc-announce";
- };
-
- emse-drywall = {
- users = {
- lass = "RW+";
- uriel = "R";
- tv = "R";
- };
- extraConfig = "option hook.post-receive = irc-announce";
- };
-
- emse-hsdb = {
- users = {
- lass = "RW+";
- uriel = "R";
- tv = "R";
- };
- extraConfig = "option hook.post-receive = irc-announce";
- };
-
- brain = {
- users = {
- lass = "RW+";
- };
- extraConfig = "option hook.post-receive = irc-announce";
- #hooks.post-receive = irc-announce;
- };
-
- painload = {
- users = {
- lass = "RW+";
- };
- extraConfig = "option hook.post-receive = irc-announce";
- };
-
- services = {
- users = {
- lass = "RW+";
- };
- extraConfig = "option hook.post-receive = irc-announce";
- };
-
- xmonad-config = {
- users = {
- lass = "RW+";
- uriel = "R";
- };
- };
-
- };
- };
-}
diff --git a/old/modules/mors/retiolum.nix b/old/modules/mors/retiolum.nix
deleted file mode 100644
index 1148bee9c..000000000
--- a/old/modules/mors/retiolum.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- ../tv/retiolum
- ];
-
- tv.retiolum = {
- enable = true;
- hosts = <retiolum-hosts>;
- privateKeyFile = "/etc/nixos/secrets/mors.retiolum.rsa_key.priv";
- connectTo = [
- "fastpoke"
- "gum"
- "ire"
- ];
- };
-
- networking.firewall.allowedTCPPorts = [ 655 ];
- networking.firewall.allowedUDPPorts = [ 655 ];
-}