From 3dc61a8f2d525f7f6c1260ca97a918f78242cb1c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Apr 2019 20:11:30 +0200 Subject: mb: add p1nk.r --- krebs/3modules/mb/default.nix | 26 ++++ mb/1systems/p1nk/configuration.nix | 223 ++++++++++++++++++++++++++++ mb/1systems/p1nk/hardware-configuration.nix | 29 ++++ 3 files changed, 278 insertions(+) create mode 100644 mb/1systems/p1nk/configuration.nix create mode 100644 mb/1systems/p1nk/hardware-configuration.nix diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix index 61be25262..bd9d5059a 100644 --- a/krebs/3modules/mb/default.nix +++ b/krebs/3modules/mb/default.nix @@ -37,6 +37,32 @@ in { }; }; }; + p1nk = { + nets = { + retiolum = { + ip4.addr = "10.243.42.42"; + aliases = [ + "p1nk.r" + ]; + tinc.pubkey = '' + ----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5YVML71oW3iJrzZKuX48 + AKrGitO5zNvsAHOI8BVsGfZTyxAAZgG4OaDX45kr27K39NcBU43LdDD0I1yjNvGe + zAoL5MIiCPD/QR1kAvLmgpMUSqOVvrk+uoGLVt6dOGvxlOiG1AAaN0gA8Q0B/jZV + 4tZlBpZ7MX9xeK10wqVT56msN69P3EzKQn1uoVRrBxEnNvI1iqmmkgMLcrFVJFBQ + 888Uuw9Hx5MO7ES/ATe8mt0zReUGvn91jYVVsPpmAopWnjCol271gflY0RomFXKy + XaIuvbeF+3otF0+MNqJfm4IsAKJjvl92pjVX0f0eBCSPCYR7D1EtgQrqflLkZKZ8 + jBGDlgpsFWt/Omz1BYcuGZU/djM4+SNxr4YRYMi3lMix3s2PmHvm304I7eEEBlC9 + qy1jq/sLaf8mHJrF6Htl7W5WS/Famkwv/VreI92iHrhsmIDiX7OIbXzYDCxT/PQa + 6uCm/3jIbcHG/ZHZ12H6thkafK0Aoe009+p1n+5Y7V2oNvYe3KzZTnCN5t6z1QHZ + V5iypsd6lNDzlodjleTgGK8FmHGRPRdq1wb3eOLE8mWZj7ygDT50FwaC8FzAcHgC + bLN/zlHvCbYmk9IJhktO3B6wtMrZl60+XCpb5rTulM94RirifFYsnTIDJApI11yb + 3AYi5dQXHjab/lvj6917xa0CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; }; users = { mb = { diff --git a/mb/1systems/p1nk/configuration.nix b/mb/1systems/p1nk/configuration.nix new file mode 100644 index 000000000..28a7c7776 --- /dev/null +++ b/mb/1systems/p1nk/configuration.nix @@ -0,0 +1,223 @@ +{ config, pkgs, callPackage, ... }: let + unstable = import { config = { allowUnfree = true; }; }; +in { + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + + ]; + + krebs.build.host = config.krebs.hosts.p1nk; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-uuid/0392257b-f6cf-484d-8c46-e20aab4fddb7"; + preLVM = true; + allowDiscards = true; + } + ]; + fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; + fileSystems."/mnt/public" = { + device = "//192.168.88.252/public"; + fsType = "cifs"; + options = let + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ]; + }; + + networking.wireless.enable = true; + + i18n = { + consoleFont = "Lat2-Terminus16"; + consoleKeyMap = "de"; + defaultLocale = "en_US.UTF-8"; + }; + + time.timeZone = "Europe/Berlin"; + + fonts = { + enableCoreFonts = true; + enableGhostscriptFonts = true; + fonts = with pkgs; [ + anonymousPro + corefonts + dejavu_fonts + envypn-font + fira + gentium + gohufont + inconsolata + liberation_ttf + powerline-fonts + source-code-pro + terminus_font + ttf_bitstream_vera + ubuntu_font_family + unifont + unstable.cherry + xorg.fontbitstream100dpi + xorg.fontbitstream75dpi + xorg.fontbitstreamtype1 + ]; + }; + + nixpkgs.config.packageOverrides = super: { + openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; }; + }; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + adapta-gtk-theme + aircrackng + ag + arandr + binutils + chromium + cifs-utils + curl + evince + exfat + feh + file + firefox + freetype + gimp + git + gnupg + graphite2 + hicolor_icon_theme + htop + i3lock + jq + keepassx2 + kvm + lxappearance + man-pages + moc + mpv + mpvc + mupdf + ncdu + nmap + openvpn + pass + p7zip + powertop + ranger + rofi + sshfs + tcpdump + tmux + traceroute + tree + unstable.alacritty + unstable.ponyc + unstable.sublime3 + youtube-dl + vim + virt-viewer + virtmanager + vulnix + wcalc + wget + xz + ]; + + environment.shellAliases = { + ll = "ls -alh"; + ls = "ls --color=tty"; + }; + + virtualisation.libvirtd.enable = true; + virtualisation.kvmgt.enable = true; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + sound.enable = true; + hardware.pulseaudio.enable = true; + + services.xserver = { + enable = true; + layout = "de"; + xkbOptions = "neo"; + libinput.enable = true; + desktopManager = { + default = "xfce"; + xterm.enable = false; + xfce = { + enable = true; + noDesktop = true; + enableXfwm = false; + }; + }; + windowManager.ratpoison.enable = true; + }; + + services.openssh.enable = true; + services.openssh.passwordAuthentication = false; + + networking.networkmanager.enable = false; + networking.nameservers = [ "8.8.8.8" "141.1.1.1" ]; + networking.enableIPv6 = false; + + programs.fish = { + enable = true; + shellInit = '' + function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' + if begin + set -q SSH_AGENT_PID + and kill -0 $SSH_AGENT_PID + and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline + end + echo "ssh-agent running on pid $SSH_AGENT_PID" + else + eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') + end + set -l identity $HOME/.ssh/id_rsa + set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') + ssh-add -l | grep -q $fingerprint + or ssh-add $identity + end + ''; + promptInit = '' + function fish_prompt --description 'Write out the prompt' + set -l color_cwd + set -l suffix + set -l nix_shell_info ( + if test "$IN_NIX_SHELL" != "" + echo -n " " + end + ) + switch "$USER" + case root toor + if set -q fish_color_cwd_root + set color_cwd $fish_color_cwd_root + else + set color_cwd $fish_color_cwd + end + set suffix '#' + case '*' + set color_cwd $fish_color_cwd + set suffix '>' + end + + echo -n -s "$USER" @ (set_color magenta) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " + end + ''; + }; + + nix.maxJobs = 4; + nix.buildCores = 4; + system.autoUpgrade.enable = false; + system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; + system.stateVersion = "19.03"; + +} diff --git a/mb/1systems/p1nk/hardware-configuration.nix b/mb/1systems/p1nk/hardware-configuration.nix new file mode 100644 index 000000000..ab5b6e204 --- /dev/null +++ b/mb/1systems/p1nk/hardware-configuration.nix @@ -0,0 +1,29 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/4cc2add6-ed19-4685-bbd9-b992bd8d51fb"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/9F87-AEAA"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} -- cgit v1.2.3