From 2eb1002f7a47b09b64ae1985642168e9733c92e7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Jul 2015 18:57:58 +0200 Subject: 1&2 lass: move userconfig to base.nix --- 1systems/lass/mors.nix | 15 --------------- 1systems/lass/uriel.nix | 33 ++++++++++----------------------- 2 files changed, 10 insertions(+), 38 deletions(-) (limited to '1systems') diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index 940dc4fdb..7e70be8c4 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -168,21 +168,6 @@ ''; }; - users.extraUsers = { - #main user - mainUser = { - uid = 1337; - name = "lass"; - #isNormalUser = true; - group = "users"; - createHome = true; - home = "/home/lass"; - useDefaultShell = true; - isSystemUser = false; - extraGroups = [ "wheel" "audio" ]; - }; - }; - environment.systemPackages = with pkgs; [ ]; diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix index 25745d055..a5a0833dc 100644 --- a/1systems/lass/uriel.nix +++ b/1systems/lass/uriel.nix @@ -1,5 +1,6 @@ { config, pkgs, ... }: +with builtins; { imports = [ ../../2configs/lass/desktop-base.nix @@ -30,6 +31,15 @@ enable = true; }; } + { + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = map readFile [ + ../../Zpubkeys/uriel.ssh.pub + ]; + }; + }; + } ]; networking.hostName = "uriel"; @@ -87,29 +97,6 @@ ''; }; - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ - config.sshKeys.lass.pub - ]; - }; - mainUser = { - uid = 1337; - name = "lass"; - #isNormalUser = true; - group = "users"; - createHome = true; - home = "/home/lass"; - useDefaultShell = true; - isSystemUser = false; - description = "lassulus"; - extraGroups = [ "wheel" "audio" ]; - openssh.authorizedKeys.keys = [ - config.sshKeys.lass.pub - ]; - }; - }; - environment.systemPackages = with pkgs; [ ]; -- cgit v1.2.3 From bf4f2e31d3b5872fedc363325c90897f6826402f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Jul 2015 19:04:40 +0200 Subject: lass: add cloudkrebs system --- 1systems/lass/cloudkrebs.nix | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 1systems/lass/cloudkrebs.nix (limited to '1systems') diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix new file mode 100644 index 000000000..dc27affe7 --- /dev/null +++ b/1systems/lass/cloudkrebs.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../../2configs/tv/CAC-Developer-2.nix + ../../2configs/tv/CAC-CentOS-7-64bit.nix + ../../2configs/lass/base.nix + { + networking.interfaces.enp2s1.ip4 = [ + { + address = "104.167.113.104"; + prefixLength = 24; + } + ]; + networking.defaultGateway = "104.167.113.1"; + networking.nameservers = [ + "8.8.8.8" + ]; + + } + { + imports = [ ../../3modules/tv/retiolum.nix ]; + tv.retiolum = { + enable = true; + hosts = ../../Zhosts; + connectTo = [ + "fastpoke" + "gum" + "pigstarter" + ]; + }; + } + { + imports = [ ../../3modules/tv/identity.nix ]; + tv.identity = { + enable = true; + }; + } + ]; + + networking.hostName = "cloudkrebs"; + +} -- cgit v1.2.3 From d94b2132d54a7b38fa307bb1ad5c0ddf9812f54e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:11:56 +0200 Subject: 1&2 lass: move exim/retiolum to retiolum.nix --- 1systems/lass/cloudkrebs.nix | 13 +------------ 1systems/lass/mors.nix | 14 +------------- 1systems/lass/uriel.nix | 14 +------------- 3 files changed, 3 insertions(+), 38 deletions(-) (limited to '1systems') diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix index dc27affe7..53e23dbee 100644 --- a/1systems/lass/cloudkrebs.nix +++ b/1systems/lass/cloudkrebs.nix @@ -5,6 +5,7 @@ ../../2configs/tv/CAC-Developer-2.nix ../../2configs/tv/CAC-CentOS-7-64bit.nix ../../2configs/lass/base.nix + ../../2configs/lass/retiolum.nix { networking.interfaces.enp2s1.ip4 = [ { @@ -18,18 +19,6 @@ ]; } - { - imports = [ ../../3modules/tv/retiolum.nix ]; - tv.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "fastpoke" - "gum" - "pigstarter" - ]; - }; - } { imports = [ ../../3modules/tv/identity.nix ]; tv.identity = { diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index 7e70be8c4..dacf7668e 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -20,19 +20,7 @@ ../../2configs/lass/chromium-patched.nix ../../2configs/lass/git-repos.nix ../../2configs/tv/synaptics.nix - ../../2configs/tv/exim-retiolum.nix - { - imports = [ ../../3modules/tv/retiolum.nix ]; - tv.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "fastpoke" - "gum" - "pigstarter" - ]; - }; - } + ../../2configs/lass/retiolum.nix { imports = [ ../../3modules/tv/identity.nix ]; tv.identity = { diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix index a5a0833dc..7a5da23e1 100644 --- a/1systems/lass/uriel.nix +++ b/1systems/lass/uriel.nix @@ -12,19 +12,7 @@ with builtins; ../../2configs/lass/bird.nix ../../2configs/lass/git-repos.nix ../../2configs/lass/chromium-patched.nix - ../../2configs/tv/exim-retiolum.nix - { - imports = [ ../../3modules/tv/retiolum.nix ]; - tv.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "fastpoke" - "gum" - "pigstarter" - ]; - }; - } + ../../2configs/lass/retiolum.nix { imports = [ ../../3modules/tv/identity.nix ]; tv.identity = { -- cgit v1.2.3 From 47f68443a39d8492b4bd056de8e35cfef2027f0c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:17:40 +0200 Subject: 1&2 lass: move vim.nix import to base.nix --- 1systems/lass/mors.nix | 1 - 1systems/lass/uriel.nix | 1 - 2 files changed, 2 deletions(-) (limited to '1systems') diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index dacf7668e..300738089 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -8,7 +8,6 @@ ../../2configs/lass/browsers.nix ../../2configs/lass/games.nix ../../2configs/lass/pass.nix - ../../2configs/lass/vim.nix ../../2configs/lass/virtualbox.nix ../../2configs/lass/elster.nix ../../2configs/lass/urxvt.nix diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix index 7a5da23e1..a6f5a82d6 100644 --- a/1systems/lass/uriel.nix +++ b/1systems/lass/uriel.nix @@ -7,7 +7,6 @@ with builtins; ../../2configs/lass/browsers.nix ../../2configs/lass/games.nix ../../2configs/lass/pass.nix - ../../2configs/lass/vim.nix ../../2configs/lass/urxvt.nix ../../2configs/lass/bird.nix ../../2configs/lass/git-repos.nix -- cgit v1.2.3 From b590d9e21d8c99a91fd419c3e0bea949a9ac6849 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:20:44 +0200 Subject: 1 lass.cloudkrebs: move config to fastpoke-pages --- 1systems/lass/cloudkrebs.nix | 1 + 1 file changed, 1 insertion(+) (limited to '1systems') diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix index 53e23dbee..8b3e41584 100644 --- a/1systems/lass/cloudkrebs.nix +++ b/1systems/lass/cloudkrebs.nix @@ -6,6 +6,7 @@ ../../2configs/tv/CAC-CentOS-7-64bit.nix ../../2configs/lass/base.nix ../../2configs/lass/retiolum.nix + ../../2configs/lass/fastpoke-pages.nix { networking.interfaces.enp2s1.ip4 = [ { -- cgit v1.2.3 From 4f131c40c88ab131e07e294cd1ddfa19b2f26d26 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 13:14:32 +0200 Subject: 1 lass.cloudkrebs: add identity --- 1systems/lass/cloudkrebs.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to '1systems') diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix index 8b3e41584..57b191020 100644 --- a/1systems/lass/cloudkrebs.nix +++ b/1systems/lass/cloudkrebs.nix @@ -7,6 +7,10 @@ ../../2configs/lass/base.nix ../../2configs/lass/retiolum.nix ../../2configs/lass/fastpoke-pages.nix + ../../2configs/lass/identity.nix + { + tv.identity.self = config.tv.identity.hosts.cloudkrebs; + } { networking.interfaces.enp2s1.ip4 = [ { -- cgit v1.2.3 From f392909ea3ce9585e5ecc533af772602559d2c3e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:54:29 +0200 Subject: 1 lass: get identity from krebs --- 1systems/lass/cloudkrebs.nix | 12 ++---------- 1systems/lass/mors.nix | 9 +++------ 1systems/lass/uriel.nix | 9 +++------ 3 files changed, 8 insertions(+), 22 deletions(-) (limited to '1systems') diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix index 57b191020..ba32ae579 100644 --- a/1systems/lass/cloudkrebs.nix +++ b/1systems/lass/cloudkrebs.nix @@ -7,10 +7,6 @@ ../../2configs/lass/base.nix ../../2configs/lass/retiolum.nix ../../2configs/lass/fastpoke-pages.nix - ../../2configs/lass/identity.nix - { - tv.identity.self = config.tv.identity.hosts.cloudkrebs; - } { networking.interfaces.enp2s1.ip4 = [ { @@ -24,14 +20,10 @@ ]; } - { - imports = [ ../../3modules/tv/identity.nix ]; - tv.identity = { - enable = true; - }; - } ]; + krebs.enable = true; + krebs.build.host = config.krebs.hosts.cloudkrebs; networking.hostName = "cloudkrebs"; } diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index 300738089..882cb9ff1 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -20,14 +20,11 @@ ../../2configs/lass/git-repos.nix ../../2configs/tv/synaptics.nix ../../2configs/lass/retiolum.nix - { - imports = [ ../../3modules/tv/identity.nix ]; - tv.identity = { - enable = true; - }; - } ]; + krebs.enable = true; + krebs.build.host = config.krebs.hosts.mors; + networking.hostName = "mors"; networking.wireless.enable = true; diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix index a6f5a82d6..d8858b4f6 100644 --- a/1systems/lass/uriel.nix +++ b/1systems/lass/uriel.nix @@ -12,12 +12,6 @@ with builtins; ../../2configs/lass/git-repos.nix ../../2configs/lass/chromium-patched.nix ../../2configs/lass/retiolum.nix - { - imports = [ ../../3modules/tv/identity.nix ]; - tv.identity = { - enable = true; - }; - } { users.extraUsers = { root = { @@ -29,7 +23,10 @@ with builtins; } ]; + krebs.enable = true; + krebs.build.host = config.krebs.hosts.uriel; networking.hostName = "uriel"; + networking.wireless.enable = true; nix.maxJobs = 2; -- cgit v1.2.3 From 611ae1101e303c860624c39a62c745420a37cd18 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:57:46 +0200 Subject: 1 lass: use new-repos.nix --- 1systems/lass/cloudkrebs.nix | 1 + 1systems/lass/mors.nix | 2 +- 1systems/lass/uriel.nix | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) (limited to '1systems') diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix index ba32ae579..2c755d8cb 100644 --- a/1systems/lass/cloudkrebs.nix +++ b/1systems/lass/cloudkrebs.nix @@ -7,6 +7,7 @@ ../../2configs/lass/base.nix ../../2configs/lass/retiolum.nix ../../2configs/lass/fastpoke-pages.nix + ../../2configs/lass/new-repos.nix { networking.interfaces.enp2s1.ip4 = [ { diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index 882cb9ff1..ee2184afd 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -17,7 +17,7 @@ ../../2configs/lass/binary-caches.nix ../../2configs/lass/ircd.nix ../../2configs/lass/chromium-patched.nix - ../../2configs/lass/git-repos.nix + ../../2configs/lass/new-repos.nix ../../2configs/tv/synaptics.nix ../../2configs/lass/retiolum.nix ]; diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix index d8858b4f6..4fe8cf21a 100644 --- a/1systems/lass/uriel.nix +++ b/1systems/lass/uriel.nix @@ -9,7 +9,7 @@ with builtins; ../../2configs/lass/pass.nix ../../2configs/lass/urxvt.nix ../../2configs/lass/bird.nix - ../../2configs/lass/git-repos.nix + ../../2configs/lass/new-repos.nix ../../2configs/lass/chromium-patched.nix ../../2configs/lass/retiolum.nix { -- cgit v1.2.3 From 8d2cb8cfcf6b7a087163eb879471ec74b902379c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:59:22 +0200 Subject: 1 lass.mors: open tcp 8000 --- 1systems/lass/mors.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to '1systems') diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index ee2184afd..e854dd525 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -186,4 +186,12 @@ services.mongodb = { enable = true; }; + + lass.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } + ]; + }; + }; } -- cgit v1.2.3 From a141fa1e0c7ed11510d3a1006576b05ce4e280cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 17:03:20 +0200 Subject: lass: move krebs config to base --- 1systems/lass/mors.nix | 1 - 1 file changed, 1 deletion(-) (limited to '1systems') diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index e854dd525..8cda1eac3 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -22,7 +22,6 @@ ../../2configs/lass/retiolum.nix ]; - krebs.enable = true; krebs.build.host = config.krebs.hosts.mors; networking.hostName = "mors"; -- cgit v1.2.3 From ac64527c5707cca5fc6e6e6ecf3957129cdb32b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jul 2015 20:28:21 +0200 Subject: lass: port everything to stockholm --- 1systems/lass/cloudkrebs.nix | 30 ------- 1systems/lass/mors.nix | 196 ------------------------------------------- 1systems/lass/uriel.nix | 166 ------------------------------------ 3 files changed, 392 deletions(-) delete mode 100644 1systems/lass/cloudkrebs.nix delete mode 100644 1systems/lass/mors.nix delete mode 100644 1systems/lass/uriel.nix (limited to '1systems') diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix deleted file mode 100644 index 2c755d8cb..000000000 --- a/1systems/lass/cloudkrebs.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ../../2configs/tv/CAC-Developer-2.nix - ../../2configs/tv/CAC-CentOS-7-64bit.nix - ../../2configs/lass/base.nix - ../../2configs/lass/retiolum.nix - ../../2configs/lass/fastpoke-pages.nix - ../../2configs/lass/new-repos.nix - { - networking.interfaces.enp2s1.ip4 = [ - { - address = "104.167.113.104"; - prefixLength = 24; - } - ]; - networking.defaultGateway = "104.167.113.1"; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - ]; - - krebs.enable = true; - krebs.build.host = config.krebs.hosts.cloudkrebs; - networking.hostName = "cloudkrebs"; - -} diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix deleted file mode 100644 index 8cda1eac3..000000000 --- a/1systems/lass/mors.nix +++ /dev/null @@ -1,196 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ../../2configs/lass/desktop-base.nix - ../../2configs/lass/programs.nix - ../../2configs/lass/bitcoin.nix - ../../2configs/lass/browsers.nix - ../../2configs/lass/games.nix - ../../2configs/lass/pass.nix - ../../2configs/lass/virtualbox.nix - ../../2configs/lass/elster.nix - ../../2configs/lass/urxvt.nix - ../../2configs/lass/steam.nix - ../../2configs/lass/wine.nix - ../../2configs/lass/texlive.nix - ../../2configs/lass/binary-caches.nix - ../../2configs/lass/ircd.nix - ../../2configs/lass/chromium-patched.nix - ../../2configs/lass/new-repos.nix - ../../2configs/tv/synaptics.nix - ../../2configs/lass/retiolum.nix - ]; - - krebs.build.host = config.krebs.hosts.mors; - - networking.hostName = "mors"; - networking.wireless.enable = true; - - networking.extraHosts = '' - ''; - - nix.maxJobs = 4; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/big/nix"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - - "/mnt/loot" = { - device = "/dev/big/loot"; - fsType = "ext4"; - }; - - "/home" = { - device = "/dev/big/home"; - fsType = "ext4"; - }; - - "/home/lass" = { - device = "/dev/big/home-lass"; - fsType = "ext4"; - }; - - "/mnt/backups" = { - device = "/dev/big/backups"; - fsType = "ext4"; - }; - - "/home/games/.local/share/Steam" = { - device = "/dev/big/steam"; - fsType = "ext4"; - }; - - "/home/virtual/virtual" = { - device = "/dev/big/virtual"; - fsType = "ext4"; - }; - - "/mnt/public" = { - device = "/dev/big/public"; - fsType = "ext4"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" - ''; - - #TODO activationScripts seem broken, fix them! - #activationScripts - #split up and move into base - system.activationScripts.powertopTunables = '' - #Enable Audio codec power management - echo '1' > '/sys/module/snd_hda_intel/parameters/power_save' - #VM writeback timeout - echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs' - #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp] - echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control' - #Autosuspend for USB device Biometric Coprocessor - echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' - - #Runtime PMs - echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:16.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:03:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:0d:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:16.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' - ''; - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - #system.activationScripts.trackpoint = '' - # echo 0 > '/sys/devices/platform/i8042/serio1/serio2/speed' - # echo 220 > '/sys/devices/platform/i8042/serio1/serio2/sensitivity' - #''; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - - environment.systemPackages = with pkgs; [ - ]; - - #TODO: fix this shit - ##fprint stuff - ##sudo fprintd-enroll $USER to save fingerprints - #services.fprintd.enable = true; - #security.pam.services.sudo.fprintAuth = true; - - users.extraGroups = { - loot = { - members = [ - config.users.extraUsers.mainUser.name - "firefox" - "chromium" - "google" - "virtual" - ]; - }; - }; - - networking.firewall = { - allowPing = true; - allowedTCPPorts = [ - 8000 - ]; - allowedUDPPorts = [ - 67 - ]; - }; - - services.mongodb = { - enable = true; - }; - - lass.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } - ]; - }; - }; -} diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix deleted file mode 100644 index 4fe8cf21a..000000000 --- a/1systems/lass/uriel.nix +++ /dev/null @@ -1,166 +0,0 @@ -{ config, pkgs, ... }: - -with builtins; -{ - imports = [ - ../../2configs/lass/desktop-base.nix - ../../2configs/lass/browsers.nix - ../../2configs/lass/games.nix - ../../2configs/lass/pass.nix - ../../2configs/lass/urxvt.nix - ../../2configs/lass/bird.nix - ../../2configs/lass/new-repos.nix - ../../2configs/lass/chromium-patched.nix - ../../2configs/lass/retiolum.nix - { - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/uriel.ssh.pub - ]; - }; - }; - } - ]; - - krebs.enable = true; - krebs.build.host = config.krebs.hosts.uriel; - networking.hostName = "uriel"; - - networking.wireless.enable = true; - nix.maxJobs = 2; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - boot = { - #kernelParams = [ - # "acpi.brightness_switch_enabled=0" - #]; - #loader.grub.enable = true; - #loader.grub.version = 2; - #loader.grub.device = "/dev/sda"; - - loader.gummiboot.enable = true; - loader.gummiboot.timeout = 5; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; - extraModprobeConfig = '' - ''; - }; - fileSystems = { - "/" = { - device = "/dev/pool/root"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - ''; - - #services.xserver = { - #}; - - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - additionalOptions = '' - Option "FingerHigh" "60" - Option "FingerLow" "60" - ''; - }; - - environment.systemPackages = with pkgs; [ - ]; - - #for google hangout - - users.extraUsers.google.extraGroups = [ "audio" "video" ]; - - - #users.extraGroups = { - # loot = { - # members = [ - # "lass" - # "firefox" - # "chromium" - # "google" - # ]; - # }; - #}; - # - # iptables - # - #networking.firewall.enable = false; - #system.activationScripts.iptables = - # let - # log = false; - # when = c: f: if c then f else ""; - # in - # '' - # ip4tables() { ${pkgs.iptables}/sbin/iptables "$@"; } - # ip6tables() { ${pkgs.iptables}/sbin/ip6tables "$@"; } - # ipXtables() { ip4tables "$@"; ip6tables "$@"; } - - # # - # # nat - # # - - # # reset tables - # ipXtables -t nat -F - # ipXtables -t nat -X - - # # - # #ipXtables -t nat -A PREROUTING -j REDIRECT ! -i retiolum -p tcp --dport ssh --to-ports 0 - # ipXtables -t nat -A PREROUTING -j REDIRECT -p tcp --dport 11423 --to-ports ssh - - # # - # # filter - # # - - # # reset tables - # ipXtables -P INPUT DROP - # ipXtables -P FORWARD DROP - # ipXtables -F - # ipXtables -X - - # # create custom chains - # ipXtables -N Retiolum - - # # INPUT - # ipXtables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED - # ipXtables -A INPUT -j ACCEPT -i lo - # ipXtables -A INPUT -j ACCEPT -p tcp --dport ssh -m conntrack --ctstate NEW - # ipXtables -A INPUT -j ACCEPT -p tcp --dport http -m conntrack --ctstate NEW - # ipXtables -A INPUT -j ACCEPT -p tcp --dport tinc -m conntrack --ctstate NEW - # ipXtables -A INPUT -j Retiolum -i retiolum - # ${when log "ipXtables -A INPUT -j LOG --log-level info --log-prefix 'INPUT DROP '"} - - # # FORWARD - # ${when log "ipXtables -A FORWARD -j LOG --log-level info --log-prefix 'FORWARD DROP '"} - - # # Retiolum - # ip4tables -A Retiolum -j ACCEPT -p icmp --icmp-type echo-request - # ip6tables -A Retiolum -j ACCEPT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request - - - # ${when log "ipXtables -A Retiolum -j LOG --log-level info --log-prefix 'REJECT '"} - # ipXtables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset - # ip4tables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable - # ip4tables -A Retiolum -j REJECT --reject-with icmp-proto-unreachable - # ip6tables -A Retiolum -j REJECT -p udp --reject-with icmp6-port-unreachable - # ip6tables -A Retiolum -j REJECT - - # ''; -} -- cgit v1.2.3