diff options
Diffstat (limited to 'tv')
| -rw-r--r-- | tv/1systems/doppelbock.nix | 23 | ||||
| -rw-r--r-- | tv/1systems/mkdir.nix | 11 | ||||
| -rw-r--r-- | tv/1systems/mu.nix | 169 | ||||
| -rw-r--r-- | tv/1systems/rmdir.nix | 7 | ||||
| -rw-r--r-- | tv/2configs/exim-smarthost.nix | 2 | ||||
| -rw-r--r-- | tv/3modules/charybdis/config.nix | 9 |
6 files changed, 198 insertions, 23 deletions
diff --git a/tv/1systems/doppelbock.nix b/tv/1systems/doppelbock.nix new file mode 100644 index 000000000..ec85a7772 --- /dev/null +++ b/tv/1systems/doppelbock.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: +with config.krebs.lib; +{ + krebs.build.host = config.krebs.hosts.doppelbock; + + imports = [ + ../. + ../2configs/hw/CAC-Developer-2.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/retiolum.nix + ]; + + networking = { + interfaces.enp2s1.ip4 = singleton { + address = let + addr = "45.62.237.203"; + in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; + prefixLength = 24; + }; + defaultGateway = "45.62.237.1"; + nameservers = ["8.8.8.8"]; + }; +} diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix index 58a8fdcb2..f46ed9547 100644 --- a/tv/1systems/mkdir.nix +++ b/tv/1systems/mkdir.nix @@ -7,12 +7,7 @@ let getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - - primary-addr4 = - builtins.elemAt config.krebs.build.host.nets.internet.addrs4 0; - - #secondary-addr4 = - # builtins.elemAt config.krebs.build.host.nets.internet.addrs4 1; + primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr; in { @@ -55,10 +50,6 @@ in address = primary-addr4; prefixLength = 24; } - #{ - # address = secondary-addr4; - # prefixLength = 24; - #} ]; # TODO define gateway in krebs/3modules/default.nix diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix new file mode 100644 index 000000000..06da15ecc --- /dev/null +++ b/tv/1systems/mu.nix @@ -0,0 +1,169 @@ +{ config, pkgs, ... }: + +with config.krebs.lib; + +{ + imports = [ + ../../krebs + ../2configs + ../3modules + ../2configs/exim-retiolum.nix + ../2configs/retiolum.nix + ]; + + krebs.build.host = config.krebs.hosts.mu; + krebs.build.user = mkForce config.krebs.users.vv; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" + + # for jack + KERNEL=="rtc0", GROUP="audio" + KERNEL=="hpet", GROUP="audio" + ''; + + + # hardware configuration + boot.initrd.luks.devices = [ + { name = "vgmu1"; device = "/dev/sda2"; } + ]; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; + boot.initrd.availableKernelModules = [ "ahci" ]; + boot.kernelModules = [ "fbcon" "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.extraModprobeConfig = '' + options kvm_intel nested=1 + ''; + + fileSystems = { + "/" = { + device = "/dev/vgmu1/nixroot"; + fsType = "ext4"; + options = [ "defaults" "noatime" ]; + }; + "/home" = { + device = "/dev/vgmu1/home"; + options = [ "defaults" "noatime" ]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "nosuid" "nodev" "noatime" ]; + }; + }; + + swapDevices =[ ]; + + nixpkgs.config.firefox.enableAdobeFlash = true; + nixpkgs.config.chromium.enablePepperFlash = true; + + nixpkgs.config.allowUnfree = true; + hardware.opengl.driSupport32Bit = true; + + hardware.pulseaudio.enable = true; + + hardware.enableAllFirmware = true; + + boot.loader.gummiboot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.networkmanager.enable = true; + + environment.systemPackages = with pkgs; [ + slock + tinc + iptables + vim + gimp + xsane + firefoxWrapper + chromiumDev + skype + libreoffice + kde4.l10n.de + kde4.plasma-nm + pidgin-with-plugins + pidginotr + + kde4.print_manager + #foomatic_filters + #gutenprint + #cups_pdf_filter + #ghostscript + ]; + + + i18n.defaultLocale = "de_DE.UTF-8"; + + programs.ssh.startAgent = false; + + security.setuidPrograms = [ + "sendmail" # for cron + "slock" + ]; + + security.pam.loginLimits = [ + # for jack + { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } + { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } + ]; + + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + #drivers = [ + # #pkgs.foomatic_filters + # #pkgs.gutenprint + # #pkgs.cups_pdf_filter + # #pkgs.ghostscript + #]; + #cupsdConf = '' + # LogLevel debug2 + #''; + }; + + services.xserver.enable = true; + services.xserver.layout = "de"; + services.xserver.xkbOptions = "eurosign:e"; + + # TODO this is host specific + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + }; + + services.xserver.desktopManager.kde4.enable = true; + services.xserver.displayManager.auto = { + enable = true; + user = "vv"; + }; + + users.users.vv = { + inherit (config.krebs.users.vv) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; +} diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix index c54caa649..25fae2c36 100644 --- a/tv/1systems/rmdir.nix +++ b/tv/1systems/rmdir.nix @@ -7,12 +7,7 @@ let getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - - primary-addr4 = - builtins.elemAt config.krebs.build.host.nets.internet.addrs4 0; - - #secondary-addr4 = - # builtins.elemAt config.krebs.build.host.nets.internet.addrs4 1; + primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr; in { diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 280d8572b..2b9ad77d7 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -13,7 +13,7 @@ with config.krebs.lib; "shackspace.de" "viljetic.de" ]; - relay_from_hosts = concatMap (host: host.nets.retiolum.addrs4) [ + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ config.krebs.hosts.nomic config.krebs.hosts.wu config.krebs.hosts.xu diff --git a/tv/3modules/charybdis/config.nix b/tv/3modules/charybdis/config.nix index e4d754ff3..1b160926c 100644 --- a/tv/3modules/charybdis/config.nix +++ b/tv/3modules/charybdis/config.nix @@ -56,9 +56,9 @@ in toFile "charybdis.conf" '' /* On multi-homed hosts you may need the following. These define * the addresses we connect from to other servers. */ /* for IPv4 */ - vhost = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs4}; + vhost = ${toJSON config.krebs.build.host.nets.retiolum.ip4.addr}; /* for IPv6 */ - vhost6 = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs6}; + vhost6 = ${toJSON config.krebs.build.host.nets.retiolum.ip6.addr}; /* ssl_private_key: our ssl private key */ ssl_private_key = ${toJSON cfg.ssl_private_key.path}; @@ -160,10 +160,7 @@ in toFile "charybdis.conf" '' /* If you want to listen on a specific IP only, specify host. * host definitions apply only to the following port line. */ - # XXX This is stupid because only one host is allowed[?] - #host = ''${concatMapStringsSep ", " toJSON ( - # config.krebs.build.host.nets.retiolum.addrs - #)}; + #host = ${toJSON config.krebs.build.host.nets.retiolum.ip4.addr}; port = ${toString cfg.port}; sslport = ${toString cfg.sslport}; }; |