diff options
Diffstat (limited to 'old/modules/mors')
-rw-r--r-- | old/modules/mors/default.nix | 294 | ||||
-rw-r--r-- | old/modules/mors/git.nix | 130 | ||||
-rw-r--r-- | old/modules/mors/paths.nix | 12 | ||||
-rw-r--r-- | old/modules/mors/repos.nix | 87 | ||||
-rw-r--r-- | old/modules/mors/retiolum.nix | 21 |
5 files changed, 0 insertions, 544 deletions
diff --git a/old/modules/mors/default.nix b/old/modules/mors/default.nix deleted file mode 100644 index 8ba052d60..000000000 --- a/old/modules/mors/default.nix +++ /dev/null @@ -1,294 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ../lass/xresources.nix - ../lass/desktop-base.nix - ../lass/programs.nix - ./retiolum.nix - ../tv/synaptics.nix - ../lass/bitcoin.nix - ../lass/browsers.nix - ../lass/games.nix - ../tv/exim-retiolum.nix - ../lass/pass.nix - ../lass/vim.nix - ../lass/virtualbox.nix - ../lass/elster.nix - ../lass/urxvt.nix - ../lass/steam.nix - ../lass/wine.nix - ../lass/texlive.nix - ../common/nixpkgs.nix - ../lass/binary-caches.nix - ../lass/ircd.nix - ../../secrets/mors-pw.nix - ./repos.nix - ../lass/chromium-patched.nix - ./git.nix - ]; - - nixpkgs = { - url = "https://github.com/Lassulus/nixpkgs"; - rev = "7ef800430789252dac47f0b67e75a6b9bb616397"; - }; - - networking.hostName = "mors"; - networking.wireless.enable = true; - - networking.extraHosts = '' - ''; - - nix.maxJobs = 4; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - boot = { - kernelParams = [ - "acpi.brightness_switch_enabled=0" - ]; - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/big/nix"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - - "/mnt/loot" = { - device = "/dev/big/loot"; - fsType = "ext4"; - }; - - "/home" = { - device = "/dev/big/home"; - fsType = "ext4"; - }; - - "/home/lass" = { - device = "/dev/big/home-lass"; - fsType = "ext4"; - }; - - "/mnt/backups" = { - device = "/dev/big/backups"; - fsType = "ext4"; - }; - - "/home/games/.local/share/Steam" = { - device = "/dev/big/steam"; - fsType = "ext4"; - }; - - "/home/virtual/virtual" = { - device = "/dev/big/virtual"; - fsType = "ext4"; - }; - - "/mnt/public" = { - device = "/dev/big/public"; - fsType = "ext4"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" - ''; - - #TODO activationScripts seem broken, fix them! - #activationScripts - #split up and move into base - system.activationScripts.powertopTunables = '' - #Enable Audio codec power management - echo '1' > '/sys/module/snd_hda_intel/parameters/power_save' - #VM writeback timeout - echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs' - #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp] - echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control' - #Autosuspend for USB device Biometric Coprocessor - echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' - - #Runtime PMs - echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:16.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:03:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:0d:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:16.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' - ''; - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - #system.activationScripts.trackpoint = '' - # echo 0 > '/sys/devices/platform/i8042/serio1/serio2/speed' - # echo 220 > '/sys/devices/platform/i8042/serio1/serio2/sensitivity' - #''; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - - users.extraUsers = { - #main user - mainUser = { - uid = 1337; - name = "lass"; - #isNormalUser = true; - group = "users"; - createHome = true; - home = "/home/lass"; - useDefaultShell = true; - isSystemUser = false; - extraGroups = [ "wheel" "audio" ]; - }; - }; - - environment.systemPackages = with pkgs; [ - ]; - - #TODO: fix this shit - ##fprint stuff - ##sudo fprintd-enroll $USER to save fingerprints - #services.fprintd.enable = true; - #security.pam.services.sudo.fprintAuth = true; - - users.extraGroups = { - loot = { - members = [ - config.users.extraUsers.mainUser.name - "firefox" - "chromium" - "google" - "virtual" - ]; - }; - }; - - networking.firewall = { - allowPing = true; - allowedTCPPorts = [ - 8000 - ]; - allowedUDPPorts = [ - 67 - ]; - }; - - services.mongodb = { - enable = true; - }; - #services.ircdHybrid = { - # enable = true; - - # description = "local test server"; - #}; - - #TODO - #services.urxvtd = { - # enable = true; - # users = [ "lass" ]; - # urxvtPackage = pkgs.rxvt_unicode_with-plugins; - #}; - - #system.activationScripts.iptables = - # let - # log = false; - # when = c: f: if c then f else ""; - # in - # '' - # ip4tables() { ${pkgs.iptables}/sbin/iptables "$@"; } - # ip6tables() { ${pkgs.iptables}/sbin/ip6tables "$@"; } - # ipXtables() { ip4tables "$@"; ip6tables "$@"; } - - # # - # # nat - # # - - # # reset tables - # ipXtables -t nat -F - # ipXtables -t nat -X - - # # - # #ipXtables -t nat -A PREROUTING -j REDIRECT ! -i retiolum -p tcp --dport ssh --to-ports 0 - # ipXtables -t nat -A PREROUTING -j REDIRECT -p tcp --dport 11423 --to-ports ssh - - # # - # # filter - # # - - # # reset tables - # ipXtables -P INPUT DROP - # ipXtables -P FORWARD DROP - # ipXtables -F - # ipXtables -X - - # # create custom chains - # ipXtables -N Retiolum - - # # INPUT - # ipXtables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED - # ipXtables -A INPUT -j ACCEPT -i lo - # ipXtables -A INPUT -j ACCEPT -p tcp --dport ssh -m conntrack --ctstate NEW - # ipXtables -A INPUT -j ACCEPT -p tcp --dport http -m conntrack --ctstate NEW - # ipXtables -A INPUT -j ACCEPT -p tcp --dport tinc -m conntrack --ctstate NEW - # ipXtables -A INPUT -j ACCEPT -p tcp --dport smtp -m conntrack --ctstate NEW - - # #mc - # ipXtables -A INPUT -j ACCEPT -p tcp --dport 25565 - # ipXtables -A INPUT -j ACCEPT -p udp --dport 25565 - - # ipXtables -A INPUT -j Retiolum -i retiolum - # ${when log "ipXtables -A INPUT -j LOG --log-level info --log-prefix 'INPUT DROP '"} - - # # FORWARD - # ${when log "ipXtables -A FORWARD -j LOG --log-level info --log-prefix 'FORWARD DROP '"} - - # # Retiolum - # ip4tables -A Retiolum -j ACCEPT -p icmp --icmp-type echo-request - # ip6tables -A Retiolum -j ACCEPT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request - - - # ${when log "ipXtables -A Retiolum -j LOG --log-level info --log-prefix 'REJECT '"} - # ipXtables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset - # ip4tables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable - # ip4tables -A Retiolum -j REJECT --reject-with icmp-proto-unreachable - # ip6tables -A Retiolum -j REJECT -p udp --reject-with icmp6-port-unreachable - # ip6tables -A Retiolum -j REJECT - - # ''; -} diff --git a/old/modules/mors/git.nix b/old/modules/mors/git.nix deleted file mode 100644 index 375064868..000000000 --- a/old/modules/mors/git.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (builtins) map readFile; - inherit (lib) concatMap listToAttrs; - # TODO lib should already include our stuff - inherit (import ../../lib { inherit lib pkgs; }) addNames git; - - x-repos = [ - (krebs-private "brain") - - (public "painload") - (public "shitment") - (public "wai-middleware-time") - (public "web-routes-wai-custom") - - (secret "pass") - - (tv-lass "emse-drywall") - (tv-lass "emse-hsdb") - ]; - - users = addNames { - tv = { pubkey = readFile <pubkeys/tv_wu.ssh.pub>; }; - lass = { pubkey = readFile <pubkeys/lass.ssh.pub>; }; - uriel = { pubkey = readFile <pubkeys/uriel.ssh.pub>; }; - makefu = { pubkey = "xxx"; }; - }; - - repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) x-repos); - - rules = concatMap ({ rules, ... }: rules) x-repos; - - krebs-private = repo-name: - rec { - repo = { - name = repo-name; - hooks = { - post-receive = git.irc-announce { - nick = config.networking.hostName; # TODO make this the default - channel = "#retiolum"; - server = "ire.retiolum"; - }; - }; - }; - rules = with git; with users; [ - { user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ tv makefu uriel ]; - repo = [ repo ]; - perm = fetch; - } - ]; - }; - - public = repo-name: - rec { - repo = { - name = repo-name; - hooks = { - post-receive = git.irc-announce { - nick = config.networking.hostName; # TODO make this the default - channel = "#retiolum"; - server = "ire.retiolum"; - }; - }; - public = true; - }; - rules = with git; with users; [ - { user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ tv makefu uriel ]; - repo = [ repo ]; - perm = fetch; - } - ]; - }; - - secret = repo-name: - rec { - repo = { - name = repo-name; - hooks = {}; - }; - rules = with git; with users; [ - { user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ uriel ]; - repo = [ repo ]; - perm = fetch; - } - ]; - }; - - tv-lass = repo-name: - rec { - repo = { - name = repo-name; - hooks = {}; - }; - rules = with git; with users; [ - { user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ tv ]; - repo = [ repo ]; - perm = fetch; - } - ]; - }; - -in - -{ - imports = [ - ../tv/git - ]; - - tv.git = { - enable = true; - inherit repos rules users; - }; -} diff --git a/old/modules/mors/paths.nix b/old/modules/mors/paths.nix deleted file mode 100644 index 153356a7e..000000000 --- a/old/modules/mors/paths.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - lib.file.url = ../../lib; - modules.file.url = ../../modules; - nixpkgs.git = { - url = https://github.com/Lassulus/nixpkgs; - rev = "7ef800430789252dac47f0b67e75a6b9bb616397"; - cache = ../../tmp/git-cache; - }; - pubkeys.file.url = ../../pubkeys; - retiolum-hosts.file.url = ../../hosts; - secrets.file.url = ../../secrets; -} diff --git a/old/modules/mors/repos.nix b/old/modules/mors/repos.nix deleted file mode 100644 index 1f7f33456..000000000 --- a/old/modules/mors/repos.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ ... }: - -{ - imports = [ - ../lass/gitolite-base.nix - ../common/krebs-keys.nix - ../common/krebs-repos.nix - ]; - - services.gitolite = { - repos = { - - config = { - users = { - lass = "RW+"; - uriel = "R"; - tv = "R"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - pass = { - users = { - lass = "RW+"; - uriel = "R"; - }; - }; - - load-env = { - users = { - lass = "RW+"; - uriel = "R"; - tv = "R"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - emse-drywall = { - users = { - lass = "RW+"; - uriel = "R"; - tv = "R"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - emse-hsdb = { - users = { - lass = "RW+"; - uriel = "R"; - tv = "R"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - brain = { - users = { - lass = "RW+"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - #hooks.post-receive = irc-announce; - }; - - painload = { - users = { - lass = "RW+"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - services = { - users = { - lass = "RW+"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - xmonad-config = { - users = { - lass = "RW+"; - uriel = "R"; - }; - }; - - }; - }; -} diff --git a/old/modules/mors/retiolum.nix b/old/modules/mors/retiolum.nix deleted file mode 100644 index 1148bee9c..000000000 --- a/old/modules/mors/retiolum.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ../tv/retiolum - ]; - - tv.retiolum = { - enable = true; - hosts = <retiolum-hosts>; - privateKeyFile = "/etc/nixos/secrets/mors.retiolum.rsa_key.priv"; - connectTo = [ - "fastpoke" - "gum" - "ire" - ]; - }; - - networking.firewall.allowedTCPPorts = [ 655 ]; - networking.firewall.allowedUDPPorts = [ 655 ]; -} |