From 4acff6e9e977352a1e6ec7a86f0b060a9234f248 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 23 Aug 2023 22:07:31 +0200 Subject: l prism.r: make bootable again --- lass/1systems/prism/physical.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index ebc80411b..d4dd88382 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -9,6 +9,7 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; boot.kernelModules = [ "kvm-intel" ]; + boot.swraid.enable = true; fileSystems."/" = { device = "rpool/root/nixos"; @@ -80,7 +81,7 @@ # we don't pay for power there and this might solve a problem we observed at least once # https://www.thomas-krenn.com/de/wiki/PCIe_Bus_Error_Status_00001100_beheben - boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" ]; + boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" "nomodeset" ]; networking.dhcpcd.enable = false; -- cgit v1.2.3 From 9bc7ad4afe727660f05c037386d0a00f5625801a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 31 Aug 2023 17:47:17 +0200 Subject: l prism.r: add backups --- lass/1systems/prism/backup.nix | 37 +++++++++++++++++++++++++++++++++++++ lass/1systems/prism/config.nix | 1 + 2 files changed, 38 insertions(+) create mode 100644 lass/1systems/prism/backup.nix (limited to 'lass/1systems') diff --git a/lass/1systems/prism/backup.nix b/lass/1systems/prism/backup.nix new file mode 100644 index 000000000..52b4142b9 --- /dev/null +++ b/lass/1systems/prism/backup.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: +{ + services.postgresqlBackup.enable = true; + + systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ]; + + services.borgbackup.jobs.hetzner = { + paths = [ + "/var/backup" + ]; + exclude = [ + "*.pyc" + ]; + repo = "u364341@u364341.your-storagebox.de:/./hetzner"; + encryption.mode = "none"; + compression = "auto,zstd"; + startAt = "daily"; + # TODO: change backup key + environment.BORG_RSH = "ssh -oPort=23 -i ${toString + "/borgbackup.ssh.id25519"}"; + preHook = '' + set -x + ''; + + postHook = '' + cat > /var/log/telegraf/borgbackup-job-hetzner.service <; { imports = [ + ./backup.nix -- cgit v1.2.3 From 3bb70cd5c28ebcf8ddee9ef7ad05cc86a2c841af Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Sep 2023 10:59:51 +0200 Subject: l aergia.r: fix mounting with new disko --- lass/1systems/aergia/disk.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/aergia/disk.nix b/lass/1systems/aergia/disk.nix index 848157729..233b320e4 100644 --- a/lass/1systems/aergia/disk.nix +++ b/lass/1systems/aergia/disk.nix @@ -45,9 +45,11 @@ # Mountpoints inferred from subvolume name "/home" = { mountOptions = []; + mountpoint = "/home"; }; "/nix" = { mountOptions = []; + mountpoint = "/nix"; }; }; }; -- cgit v1.2.3 From 521dd6afa5518f19a1ba7772a036363d5604441b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Sep 2023 11:23:46 +0200 Subject: l aergia.r: more hardware settings --- lass/1systems/aergia/physical.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index 9f06dccdc..e76460d20 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -16,7 +16,7 @@ efiInstallAsRemovable = true; }; - boot.kernelPackages = pkgs.linuxPackages_latest; + # boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelParams = [ # use less power with pstate @@ -70,8 +70,6 @@ }; users.users.mainUser.extraGroups = [ "corectrl" ]; - # use newer ryzenadj - # keyboard quirks services.xserver.displayManager.sessionCommands = '' ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert @@ -102,9 +100,16 @@ services.logind.extraConfig = '' HandlePowerKey=hibernate ''; + # systemd.sleep.extraConfig = '' + # HibernateDelaySec=1800 + # ''; # firefox touchscreen support environment.sessionVariables.MOZ_USE_XINPUT2 = "1"; + + # enable thunderbolt + services.hardware.bolt.enable = true; + # reinit usb after docking station connect services.udev.extraRules = '' SUBSYSTEM=="drm", ACTION=="change", RUN+="${pkgs.dash}/bin/dash -c 'echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized'" -- cgit v1.2.3 From c1656131473f63e415baae35e99507dbb1c780a4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Sep 2023 11:43:01 +0200 Subject: l prism.r: remove xanf disk --- lass/1systems/prism/physical.nix | 5 ----- 1 file changed, 5 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index d4dd88382..2260aa648 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -61,11 +61,6 @@ fsType = "zfs"; }; - fileSystems."/home/xanf" = { - device = "/dev/disk/by-id/wwn-0x500a07511becb076"; - fsType = "ext4"; - }; - # silence mdmonitor.service failures # https://github.com/NixOS/nixpkgs/issues/72394 environment.etc."mdadm.conf".text = '' -- cgit v1.2.3 From b7fba1c6ba5379cbad60728541259538df5096ec Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Sep 2023 11:45:42 +0200 Subject: l shodan.r: remove containers, add trusted users --- lass/1systems/shodan/config.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 5e48c216a..0bea37e5c 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -13,13 +13,9 @@ - - - - ]; @@ -27,4 +23,6 @@ services.logind.lidSwitch = "ignore"; services.logind.lidSwitchDocked = "ignore"; + nix.trustedUsers = [ "root" "lass" ]; + system.stateVersion = "22.05"; } -- cgit v1.2.3 From f3f5adc4b67c3fff7af571df8a6e395896c93fea Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Sep 2023 11:46:09 +0200 Subject: l skynet.r: better fileSystems syntax --- lass/1systems/skynet/physical.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix index e3451293f..1ac9708c7 100644 --- a/lass/1systems/skynet/physical.nix +++ b/lass/1systems/skynet/physical.nix @@ -12,15 +12,15 @@ networking.hostId = "06442b9a"; - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; + fileSystems."/" = { + device = "rpool/root"; + fsType = "zfs"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/0876-B308"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/0876-B308"; + fsType = "vfat"; + }; services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0" -- cgit v1.2.3 From 1fa53c704e22534219ef85e804eef1feb4643131 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Sep 2023 11:46:56 +0200 Subject: l styx.r: disable syncthing, add consul --- lass/1systems/styx/config.nix | 2 +- lass/1systems/styx/physical.nix | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix index 6c054abfe..988cbca75 100644 --- a/lass/1systems/styx/config.nix +++ b/lass/1systems/styx/config.nix @@ -22,11 +22,11 @@ with import ; - # + ]; krebs.build.host = config.krebs.hosts.styx; diff --git a/lass/1systems/styx/physical.nix b/lass/1systems/styx/physical.nix index ae0cdf489..284bbb333 100644 --- a/lass/1systems/styx/physical.nix +++ b/lass/1systems/styx/physical.nix @@ -16,7 +16,6 @@ boot.loader.grub.device = "/dev/disk/by-id/ata-SanDisk_SSD_G5_BICS4_20248F446514"; boot.loader.grub.efiInstallAsRemovable = true; - fileSystems."/" = { device = "/dev/disk/by-uuid/ee5c9099-17fa-401e-852e-67cb4ae068f4"; fsType = "ext4"; -- cgit v1.2.3 From a53b28f0d6b0a6e7523ee38ce56d3c1afeee660f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Sep 2023 11:47:18 +0200 Subject: l wizard.r: add nm-dmenu --- lass/1systems/wizard/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/wizard/config.nix b/lass/1systems/wizard/config.nix index e158fa728..5e69171ce 100644 --- a/lass/1systems/wizard/config.nix +++ b/lass/1systems/wizard/config.nix @@ -183,7 +183,7 @@ in { #style most - rxvt_unicode.terminfo + rxvt-unicode-unwrapped.terminfo #monitoring tools htop @@ -192,6 +192,7 @@ in { #network iptables iftop + nm-dmenu #stuff for dl aria2 -- cgit v1.2.3 From 72be85e30bbdd658d100b70efc7deafa2a925267 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Sep 2023 11:55:15 +0200 Subject: l neoprism.r: disable initrd ssh --- lass/1systems/neoprism/physical.nix | 39 ++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 18 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix index f2092d9aa..cc7734f39 100644 --- a/lass/1systems/neoprism/physical.nix +++ b/lass/1systems/neoprism/physical.nix @@ -13,7 +13,10 @@ boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.efiSupport = true; - boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ]; + boot.loader.grub.devices = [ + config.disko.devices.disk."/dev/nvme0n1".device + config.disko.devices.disk."/dev/nvme1n1".device + ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; boot.kernelModules = [ "kvm-amd" ]; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; @@ -56,21 +59,21 @@ }; networking.useDHCP = false; - boot.initrd.network = { - enable = true; - ssh = { - enable = true; - authorizedKeys = [ config.krebs.users.lass.pubkey ]; - port = 2222; - hostKeys = [ - (toString ) - (toString ) - ]; - }; - }; - boot.kernelParams = [ - "net.ifnames=0" - "ip=dhcp" - "boot.trace" - ]; + # boot.initrd.network = { + # enable = true; + # ssh = { + # enable = true; + # authorizedKeys = [ config.krebs.users.lass.pubkey ]; + # port = 2222; + # hostKeys = [ + # () + # () + # ]; + # }; + # }; + # boot.kernelParams = [ + # "net.ifnames=0" + # "ip=dhcp" + # "boot.trace" + # ]; } -- cgit v1.2.3 From f58eceedb1ce03b17b75b2cb033a6722f9d72a72 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Sep 2023 11:55:59 +0200 Subject: l xerxes.r: disable some stuff --- lass/1systems/xerxes/config.nix | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 6972567d7..d1ee4cf71 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -7,16 +7,15 @@ + - - ]; @@ -60,24 +59,6 @@ services.logind.lidSwitch = "suspend"; lass.screenlock.enable = lib.mkForce false; - systemd.services.suspend-again = { - after = [ "suspend.target" ]; - requiredBy = [ "suspend.target" ]; - # environment = { - # DISPLAY = ":${toString config.services.xserver.display}"; - # }; - serviceConfig = { - ExecStart = pkgs.writeDash "suspend-again" '' - ${pkgs.gnugrep}/bin/grep -q closed /proc/acpi/button/lid/LID0/state - if [ "$?" -eq 0 ]; then - echo 'wakeup with closed lid' - ${pkgs.systemd}/bin/systemctl suspend - fi - ''; - Type = "simple"; - }; - }; - hardware.bluetooth = { enable = true; powerOnBoot = true; -- cgit v1.2.3 From c4eb2afdb6e2ca28bf68f558d8cbef71a6f512f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 09:33:16 +0200 Subject: l aergia.r: remove broken bank package --- lass/1systems/aergia/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix index 618938ce8..3e0ae23f7 100644 --- a/lass/1systems/aergia/config.nix +++ b/lass/1systems/aergia/config.nix @@ -112,7 +112,6 @@ environment.systemPackages = with pkgs; [ brain - bank l-gen-secrets generate-secrets nixpkgs-review -- cgit v1.2.3 From 9682c93e85ca8b80ba3db2f7a19e5d1662fad0d7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:14:10 +0200 Subject: l green.r: disable muchsync --- lass/1systems/green/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index c232be9bd..81b8b909b 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -15,7 +15,6 @@ with import ; - -- cgit v1.2.3 From 21f62c5352b3c291bbcb61bcc0a9bdfefa502696 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:14:48 +0200 Subject: l prism.r: use new telegraf.nix location --- lass/1systems/prism/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 0e58b62b8..40c721e18 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -9,7 +9,7 @@ with import ; - + { services.nginx.enable = true; imports = [ -- cgit v1.2.3 From 78569fbc7e35fab8a3601dca30424b17d46e7e9b Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:15:23 +0200 Subject: l prism.r: remove jeschli user --- lass/1systems/prism/config.nix | 34 ---------------------------------- 1 file changed, 34 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 40c721e18..5502dd04c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -159,40 +159,6 @@ with import ; ''; }; } - { - users.users.jeschli = { - uid = genid_uint31 "jeschli"; - isNormalUser = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - jeschli.pubkey - jeschli-bln.pubkey - jeschli-bolide.pubkey - jeschli-brauerei.pubkey - ]; - }; - krebs.git.rules = [ - { - user = with config.krebs.users; [ - jeschli - jeschli-bln - jeschli-bolide - jeschli-brauerei - ]; - repo = [ config.krebs.git.repos.xmonad-stockholm ]; - perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ]; - } - { - user = with config.krebs.users; [ - jeschli - jeschli-bln - jeschli-bolide - jeschli-brauerei - ]; - repo = [ config.krebs.git.repos.stockholm ]; - perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ]; - } - ]; - } { krebs.repo-sync.repos.stockholm.timerConfig = { OnBootSec = "5min"; -- cgit v1.2.3 From d9c8a90feaf41d74a383c0d6a146aca4c92d4f47 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:15:36 +0200 Subject: l prism.r: remove taskserver --- lass/1systems/prism/config.nix | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 5502dd04c..aaabd655d 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -169,18 +169,6 @@ with import ; - { - services.taskserver = { - enable = true; - fqdn = "lassul.us"; - listenHost = "::"; - listenPort = 53589; - organisations.lass.users = [ "lass" "android" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } - ]; - } { environment.systemPackages = [ pkgs.cryptsetup ]; -- cgit v1.2.3 From 7757553259fdc426b2a450a0af439e69d290e564 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:15:45 +0200 Subject: l prism.r: disable searx --- lass/1systems/prism/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index aaabd655d..909eedc92 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -168,7 +168,6 @@ with import ; } - { environment.systemPackages = [ pkgs.cryptsetup ]; -- cgit v1.2.3 From 759c63246af4af49e4cdeee329d065879f92ef2d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:16:04 +0200 Subject: l prism.r: remove hotdog --- lass/1systems/prism/config.nix | 18 ------------------ 1 file changed, 18 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 909eedc92..46e35de4f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -80,24 +80,6 @@ with import ; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; }; } - { - #hotdog - systemd.services."container@hotdog".reloadIfChanged = mkForce false; - containers.hotdog = { - config = { ... }: { - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - autoStart = false; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.1"; - localAddress = "10.233.2.2"; - }; - } { services.nginx.virtualHosts."radio.lassul.us" = { enableACME = true; -- cgit v1.2.3 From 9e2adb53bf35e958eddbb369cba1adb3eda92bc6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:16:38 +0200 Subject: l prism.r: remove red --- lass/1systems/prism/config.nix | 22 ---------------------- 1 file changed, 22 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 46e35de4f..797e4e3ed 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -151,28 +151,6 @@ with import ; - { - environment.systemPackages = [ pkgs.cryptsetup ]; - systemd.services."container@red".reloadIfChanged = mkForce false; - containers.red = { - config = { ... }: { - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - autoStart = false; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.3"; - localAddress = "10.233.2.4"; - }; - } - { - users.users.download.openssh.authorizedKeys.keys = [ - ]; - } { lass.nichtparasoup.enable = true; services.nginx = { -- cgit v1.2.3 From c05b4517786b63516a18b834af895af39f7e6918 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:16:58 +0200 Subject: l prism.r: increase wiregrill network size --- lass/1systems/prism/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 797e4e3ed..03c673caa 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -169,7 +169,7 @@ with import ; ]; krebs.iptables.tables.nat.PREROUTING.rules = mkOrder 999 [ - { v6 = false; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } + { v6 = false; predicate = "-s 10.244.0.0/16"; target = "ACCEPT"; } { v4 = false; predicate = "-s 42:1::/32"; target = "ACCEPT"; } ]; krebs.iptables.tables.filter.FORWARD.rules = mkBefore [ @@ -178,7 +178,7 @@ with import ; ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; } - { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } + { v6 = false; predicate = "-s 10.244.0.0/16 ! -d 10.244.0.0/16"; target = "MASQUERADE"; } ]; services.dnsmasq = { enable = true; -- cgit v1.2.3 From 0e34328a449486325882a95d9b08f66eec7105a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:17:29 +0200 Subject: l prism.r: listen dnsmasq on all internal interfaces --- lass/1systems/prism/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 03c673caa..db53ae22d 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -185,9 +185,9 @@ with import ; resolveLocalQueries = false; extraConfig= '' - listen-address=42:1:ce16::1,10.244.1.103 - except-interface=lo + bind-interfaces interface=wiregrill + interface=retiolum ''; }; } -- cgit v1.2.3 From 6700eb015e8581386c5452c854da1f68a6f372a4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:17:57 +0200 Subject: l prism.r: disable yellow --- lass/1systems/prism/config.nix | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index db53ae22d..26eb17a71 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -199,21 +199,6 @@ with import ; { - systemd.services."container@yellow".reloadIfChanged = mkForce false; - containers.yellow = { - config = { ... }: { - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - autoStart = false; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.13"; - localAddress = "10.233.2.14"; - }; services.nginx.virtualHosts."jelly.r" = { locations."/".extraConfig = '' -- cgit v1.2.3 From 53b6ca655127488e4a160d4f570bc839728b515f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:18:42 +0200 Subject: l prism.r: disable jelly.r and flix.r --- lass/1systems/prism/config.nix | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 26eb17a71..4cc72d2f0 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -200,17 +200,6 @@ with import ; { - services.nginx.virtualHosts."jelly.r" = { - locations."/".extraConfig = '' - proxy_pass http://10.233.2.14:8096/; - proxy_set_header Accept-Encoding ""; - ''; - }; - services.nginx.virtualHosts."flix.r" = { - locations."/".extraConfig = '' - proxy_pass http://10.233.2.14:80/; - proxy_set_header Accept-Encoding ""; - ''; }; services.nginx.virtualHosts."lassul.us" = { locations."^~ /flix/".extraConfig = '' -- cgit v1.2.3 From dcb9216d5c5e916378cca66aa09960a108d7b05e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:19:12 +0200 Subject: l prism.r: proxy flix to yellow.r --- lass/1systems/prism/config.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 4cc72d2f0..0753b69b5 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -200,6 +200,14 @@ with import ; { + services.nginx.virtualHosts."flix.lassul.us" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://yellow.r:8096"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; }; services.nginx.virtualHosts."lassul.us" = { locations."^~ /flix/".extraConfig = '' @@ -210,7 +218,7 @@ with import ; auth_basic_user_file ${pkgs.writeText "flix-user-pass" '' krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 ''}; - proxy_pass http://10.233.2.14:80/; + proxy_pass http://yellow.r:80/; proxy_set_header Accept-Encoding ""; sub_filter "https://lassul.us/" "https://lassul.us/flix/"; sub_filter_once off; -- cgit v1.2.3 From 472e71f1d67e9df8ba5248bcf0854dc475fdb95b Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:19:43 +0200 Subject: l prism.r: allow samba from wiregrill --- lass/1systems/prism/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 0753b69b5..e93183c9e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -292,7 +292,7 @@ with import ; netbios name = PRISM server string = ${config.networking.hostName} # only allow retiolum addresses - hosts allow = 42::/16 10.243.0.0/16 + hosts allow = 42::/16 10.243.0.0/16 10.244.0.0/16 # Use sendfile() for performance gain use sendfile = true @@ -334,13 +334,13 @@ with import ; krebs.iptables.tables.filter.INPUT.rules = [ # smbd { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; } { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; } { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } -- cgit v1.2.3 From 591680e58f94e2fc6a65378c0baf190c2f2a5b68 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 10:24:39 +0200 Subject: l prism.r: remove mic92 & shannan users --- lass/1systems/prism/config.nix | 19 ------------------- 1 file changed, 19 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e93183c9e..990dac091 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -349,25 +349,6 @@ with import ; { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } ]; } - { - users.users.shannan = { - uid = genid_uint31 "shannan"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.shannan.pubkey - ]; - }; - } - { - nix.trustedUsers = [ "mic92" ]; - users.users.mic92 = { - uid = genid_uint31 "mic92"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.mic92.pubkey - ]; - }; - } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 6cfb2fa930b8da1d9e519b4223cd3ad53f0bdeef Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 11:01:45 +0200 Subject: Revert "l aergia.r: remove broken bank package" This reverts commit c4eb2afdb6e2ca28bf68f558d8cbef71a6f512f7. --- lass/1systems/aergia/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix index 3e0ae23f7..618938ce8 100644 --- a/lass/1systems/aergia/config.nix +++ b/lass/1systems/aergia/config.nix @@ -112,6 +112,7 @@ environment.systemPackages = with pkgs; [ brain + bank l-gen-secrets generate-secrets nixpkgs-review -- cgit v1.2.3 From 73eb150756608ee0c04dbf69a177d9ac021f8f9f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 12:28:53 +0200 Subject: l aergia.r: add docked1_hack atuorandr config due to broken usb-c out --- lass/1systems/aergia/config.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix index 618938ce8..9b7409bcc 100644 --- a/lass/1systems/aergia/config.nix +++ b/lass/1systems/aergia/config.nix @@ -101,6 +101,25 @@ }; }; }; + docked1_hack = { + fingerprint = { + eDP = config.services.autorandr.profiles.default.fingerprint.eDP; + HDMI-A-0 = "00ffffffffffff0010ac31d14c3346300f20010380462878ea26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030901ee63c000a20202020202001db020346f14d030212110113042f141f05103f2309070783010000e200ea67030c001000383c67d85dc4017888006d1a0000020b3090e607622c622ce305c000e606050162622c40e7006aa0a0675008209804b9882100001a6fc200a0a0a05550302035001d4e3100001a000000000000000000000000000000000000000000fc"; + }; + config = { + HDMI-A-0 = { + enable = true; + primary = true; + position = "0x0"; + mode = "2560x1440"; + rate = "165.08"; + }; + eDP = config.services.autorandr.profiles.default.config.eDP // { + primary = false; + position = "640x1440"; + }; + }; + }; }; }; } -- cgit v1.2.3 From 754faee1a004573daaa0cc8e81019075b5986a94 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 12:29:59 +0200 Subject: l icarus.r: remove some services, add consul --- lass/1systems/icarus/config.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 2d2f23f95..e789b09da 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -17,20 +17,14 @@ with import ; - - # - + ]; krebs.build.host = config.krebs.hosts.icarus; - services.xserver.displayManager.lightdm.autoLogin = { - enable = true; - user = "media"; - }; environment.systemPackages = [ pkgs.chromium ]; } -- cgit v1.2.3 From 90436a4d49be93f08efcd26180e75850ffe09816 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 12:31:35 +0200 Subject: l mors.r: update imports --- lass/1systems/mors/config.nix | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 1b205f25c..cd389480c 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,13 +33,13 @@ with import ; - - - + # # + + { krebs.iptables.tables.filter.INPUT.rules = [ @@ -133,13 +133,17 @@ with import ; nixpkgs.config.android_sdk.accept_license = true; programs.adb.enable = true; - users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; - virtualisation.docker.enable = true; - virtualisation.libvirtd.enable = true; services.earlyoom = { enable = true; freeMemThreshold = 5; }; + + + + nix.trustedUsers = [ "root" "lass" ]; + + services.nscd.enableNsncd = true; + } -- cgit v1.2.3 From ced758208aba91337d35831c69c47dbf7058f8df Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 12:32:33 +0200 Subject: l mors.r: add fast binfmt --- lass/1systems/mors/config.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cd389480c..23f8a1184 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -141,6 +141,24 @@ with import ; }; + # It may leak your data, but look how FAST it is!1!! + # https://make-linux-fast-again.com/ + boot.kernelParams = [ + "noibrs" + "noibpb" + "nopti" + "nospectre_v2" + "nospectre_v1" + "l1tf=off" + "nospec_store_bypass_disable" + "no_stf_barrier" + "mds=off" + "mitigations=off" + ]; + + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + ]; nix.trustedUsers = [ "root" "lass" ]; -- cgit v1.2.3 From 941203838900b2b46847022e1173af0a0e24828e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 12:35:35 +0200 Subject: l prism.r: cleanup --- lass/1systems/prism/config.nix | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 990dac091..7234e7f22 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -9,7 +9,9 @@ with import ; + + { services.nginx.enable = true; imports = [ @@ -114,11 +116,9 @@ with import ; - - @@ -139,13 +139,9 @@ with import ; "= /wallpaper.png".extraConfig = '' alias /var/realwallpaper/realwallpaper.png; ''; - }; - } - { - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; + "= /wallpaper-stars-berlin.png".extraConfig = '' + alias /var/realwallpaper/realwallpaper-krebs-stars-berlin.png; + ''; }; } @@ -196,8 +192,8 @@ with import ; { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT"; } ]; } + - { services.nginx.virtualHosts."flix.lassul.us" = { @@ -243,7 +239,7 @@ with import ; users.groups.download = {}; users.users = { download = { - createHome = true; + createHome = false; group = "download"; name = "download"; home = "/var/download"; -- cgit v1.2.3 From 60b4a4c2253b9b7d4da42c39dec7fa5c7e4991d2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 12:36:02 +0200 Subject: l prism.r: add migration config --- lass/1systems/prism/config.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7234e7f22..29244f8a3 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -345,6 +345,25 @@ with import ; { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } ]; } + { # acme fallback for neoprism migration + services.nginx.virtualHosts."lassul.us".acmeFallbackHost = "orange.r"; + services.nginx.virtualHosts."radio.lassul.us".acmeFallbackHost = "neoprism.r"; + services.nginx.virtualHosts."flix.lassul.us".acmeFallbackHost = "neoprism.r"; + services.nginx.virtualHosts."jitsi.lassul.us".acmeFallbackHost = "neoprism.r"; + services.nginx.virtualHosts."cgit.lassul.us".acmeFallbackHost = "orange.r"; + services.nginx.virtualHosts."mail.lassul.us".acmeFallbackHost = "neoprism.r"; + services.nginx.virtualHosts."mumble.lassul.us".acmeFallbackHost = "neoprism.r"; + services.nginx.virtualHosts."mail.ubikmedia.eu" = { + enableACME = true; + forceSSL = true; + acmeFallbackHost = "ubik.r"; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "https://ubik.r"; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From f55307fd73af235069744dd5155fda0bc73fe613 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Sep 2023 12:26:31 +0200 Subject: lass: migrate away --- lass/1systems/aergia/config.nix | 167 --------------- lass/1systems/aergia/disk.nix | 63 ------ lass/1systems/aergia/install.sh | 3 - lass/1systems/aergia/physical.nix | 117 ----------- lass/1systems/aergia/source.nix | 21 -- lass/1systems/blue/config.nix | 22 -- lass/1systems/blue/physical.nix | 7 - lass/1systems/blue/source.nix | 17 -- lass/1systems/coaxmetal/config.nix | 63 ------ lass/1systems/coaxmetal/physical.nix | 59 ------ lass/1systems/coaxmetal/source.nix | 21 -- lass/1systems/daedalus/config.nix | 115 ----------- lass/1systems/daedalus/physical.nix | 24 --- lass/1systems/dishfire/config.nix | 13 -- lass/1systems/dishfire/physical.nix | 21 -- lass/1systems/echelon/config.nix | 17 -- lass/1systems/echelon/physical.nix | 33 --- lass/1systems/green/config.nix | 75 ------- lass/1systems/green/physical.nix | 7 - lass/1systems/green/source.nix | 6 - lass/1systems/hilum/config.nix | 33 --- lass/1systems/hilum/disk.nix | 43 ---- lass/1systems/hilum/flash-stick.sh | 43 ---- lass/1systems/hilum/physical.nix | 53 ----- lass/1systems/icarus/config.nix | 30 --- lass/1systems/icarus/physical.nix | 49 ----- lass/1systems/lasspi/config.nix | 25 --- lass/1systems/lasspi/physical.nix | 45 ----- lass/1systems/littleT/config.nix | 30 --- lass/1systems/littleT/physical.nix | 25 --- lass/1systems/mors/config.nix | 167 --------------- lass/1systems/mors/physical.nix | 48 ----- lass/1systems/mors/source.nix | 21 -- lass/1systems/neoprism/config.nix | 51 ----- lass/1systems/neoprism/disk.nix | 118 ----------- lass/1systems/neoprism/physical.nix | 79 -------- lass/1systems/orange/config.nix | 25 --- lass/1systems/orange/physical.nix | 7 - lass/1systems/prism/backup.nix | 37 ---- lass/1systems/prism/config.nix | 380 ----------------------------------- lass/1systems/prism/physical.nix | 107 ---------- lass/1systems/radio/config.nix | 24 --- lass/1systems/radio/physical.nix | 7 - lass/1systems/radio/source.nix | 6 - lass/1systems/shodan/config.nix | 28 --- lass/1systems/shodan/physical.nix | 45 ----- lass/1systems/skynet/config.nix | 41 ---- lass/1systems/skynet/physical.nix | 29 --- lass/1systems/styx/config.nix | 116 ----------- lass/1systems/styx/physical.nix | 38 ---- lass/1systems/ubik/config.nix | 276 ------------------------- lass/1systems/ubik/physical.nix | 7 - lass/1systems/wizard/config.nix | 287 -------------------------- lass/1systems/wizard/generate-iso.sh | 7 - lass/1systems/wizard/run-vm.sh | 7 - lass/1systems/wizard/test.nix | 10 - lass/1systems/xerxes/config.nix | 76 ------- lass/1systems/xerxes/physical.nix | 73 ------- lass/1systems/yellow/config.nix | 45 ----- lass/1systems/yellow/physical.nix | 7 - 60 files changed, 3416 deletions(-) delete mode 100644 lass/1systems/aergia/config.nix delete mode 100644 lass/1systems/aergia/disk.nix delete mode 100644 lass/1systems/aergia/install.sh delete mode 100644 lass/1systems/aergia/physical.nix delete mode 100644 lass/1systems/aergia/source.nix delete mode 100644 lass/1systems/blue/config.nix delete mode 100644 lass/1systems/blue/physical.nix delete mode 100644 lass/1systems/blue/source.nix delete mode 100644 lass/1systems/coaxmetal/config.nix delete mode 100644 lass/1systems/coaxmetal/physical.nix delete mode 100644 lass/1systems/coaxmetal/source.nix delete mode 100644 lass/1systems/daedalus/config.nix delete mode 100644 lass/1systems/daedalus/physical.nix delete mode 100644 lass/1systems/dishfire/config.nix delete mode 100644 lass/1systems/dishfire/physical.nix delete mode 100644 lass/1systems/echelon/config.nix delete mode 100644 lass/1systems/echelon/physical.nix delete mode 100644 lass/1systems/green/config.nix delete mode 100644 lass/1systems/green/physical.nix delete mode 100644 lass/1systems/green/source.nix delete mode 100644 lass/1systems/hilum/config.nix delete mode 100644 lass/1systems/hilum/disk.nix delete mode 100755 lass/1systems/hilum/flash-stick.sh delete mode 100644 lass/1systems/hilum/physical.nix delete mode 100644 lass/1systems/icarus/config.nix delete mode 100644 lass/1systems/icarus/physical.nix delete mode 100644 lass/1systems/lasspi/config.nix delete mode 100644 lass/1systems/lasspi/physical.nix delete mode 100644 lass/1systems/littleT/config.nix delete mode 100644 lass/1systems/littleT/physical.nix delete mode 100644 lass/1systems/mors/config.nix delete mode 100644 lass/1systems/mors/physical.nix delete mode 100644 lass/1systems/mors/source.nix delete mode 100644 lass/1systems/neoprism/config.nix delete mode 100644 lass/1systems/neoprism/disk.nix delete mode 100644 lass/1systems/neoprism/physical.nix delete mode 100644 lass/1systems/orange/config.nix delete mode 100644 lass/1systems/orange/physical.nix delete mode 100644 lass/1systems/prism/backup.nix delete mode 100644 lass/1systems/prism/config.nix delete mode 100644 lass/1systems/prism/physical.nix delete mode 100644 lass/1systems/radio/config.nix delete mode 100644 lass/1systems/radio/physical.nix delete mode 100644 lass/1systems/radio/source.nix delete mode 100644 lass/1systems/shodan/config.nix delete mode 100644 lass/1systems/shodan/physical.nix delete mode 100644 lass/1systems/skynet/config.nix delete mode 100644 lass/1systems/skynet/physical.nix delete mode 100644 lass/1systems/styx/config.nix delete mode 100644 lass/1systems/styx/physical.nix delete mode 100644 lass/1systems/ubik/config.nix delete mode 100644 lass/1systems/ubik/physical.nix delete mode 100644 lass/1systems/wizard/config.nix delete mode 100755 lass/1systems/wizard/generate-iso.sh delete mode 100755 lass/1systems/wizard/run-vm.sh delete mode 100644 lass/1systems/wizard/test.nix delete mode 100644 lass/1systems/xerxes/config.nix delete mode 100644 lass/1systems/xerxes/physical.nix delete mode 100644 lass/1systems/yellow/config.nix delete mode 100644 lass/1systems/yellow/physical.nix (limited to 'lass/1systems') diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix deleted file mode 100644 index 9b7409bcc..000000000 --- a/lass/1systems/aergia/config.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - - - - - - - - - - - - - - - - # - - - - - - # steam-deck like experience https://github.com/Jovian-Experiments/Jovian-NixOS - { - imports = [ - "${builtins.fetchTarball "https://github.com/Jovian-Experiments/Jovian-NixOS/archive/master.tar.gz"}/modules" - ]; - jovian.steam.enable = true; - } - { # autorandrs - services.autorandr = { - enable = true; - hooks.postswitch.reset_usb = '' - echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized - ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert - ''; - profiles = { - default = { - fingerprint = { - eDP = "00ffffffffffff00288931000100000016200104805932780a0dc9a05747982712484c0000000101010101010101010101010101010108700088a1401360c820a300d9870000001ead4a0088a1401360c820a30020c23100001e000000fd0016480f5a1e000a202020202020000000fc0047504431303031480a2020202000cf"; - }; - config = { - eDP = { - enable = true; - primary = true; - position = "0x0"; - mode = "2560x1600"; - rate = "60.01"; - transform = [ - [ 0.750000 0.000000 0.000000 ] - [ 0.000000 0.750000 0.000000 ] - [ 0.000000 0.000000 1.000000 ] - ]; - # scale = { - # x = 0.599991; - # y = 0.599991; - # }; - }; - }; - }; - docked2 = { - fingerprint = { - eDP = config.services.autorandr.profiles.default.fingerprint.eDP; - DisplayPort-8 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c5a8780a070384d4030203500b9882100001af4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000009"; - DisplayPort-7 = "00ffffffffffff0020a32f00010000000c190103807341780acf74a3574cb02309484c21080081c0814081800101010101010101010104740030f2705a80b0588a00501d7400001e023a801871382d40582c4500501d7400001e000000fc00484953454e53450a2020202020000000fd00324b0f451e000a2020202020200172020333714f5f5e5d01020400101113001f2021222909070715075057070083010000e200f96d030c002000183c200060010203662150b051001b304070360056005300001e011d8018711c1620582c2500c48e2100009e011d007251d01e206e285500c48e2100001800000000000000000000000000000000000000000000ea"; - }; - config = { - DisplayPort-7 = { - enable = true; - position = "2560x0"; - mode = "1920x1080"; - rate = "60.00"; - }; - DisplayPort-8 = config.services.autorandr.profiles.docked1.config.DisplayPort-1; - eDP = config.services.autorandr.profiles.docked1.config.eDP; - }; - }; - docked1 = { - fingerprint = { - eDP = config.services.autorandr.profiles.default.fingerprint.eDP; - DisplayPort-1 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c000000000000000000000000000000000000f4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000040"; - }; - config = { - DisplayPort-1 = { - enable = true; - primary = true; - position = "0x0"; - mode = "2560x1440"; - rate = "165.08"; - }; - eDP = config.services.autorandr.profiles.default.config.eDP // { - primary = false; - position = "640x1440"; - }; - }; - }; - docked1_hack = { - fingerprint = { - eDP = config.services.autorandr.profiles.default.fingerprint.eDP; - HDMI-A-0 = "00ffffffffffff0010ac31d14c3346300f20010380462878ea26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030901ee63c000a20202020202001db020346f14d030212110113042f141f05103f2309070783010000e200ea67030c001000383c67d85dc4017888006d1a0000020b3090e607622c622ce305c000e606050162622c40e7006aa0a0675008209804b9882100001a6fc200a0a0a05550302035001d4e3100001a000000000000000000000000000000000000000000fc"; - }; - config = { - HDMI-A-0 = { - enable = true; - primary = true; - position = "0x0"; - mode = "2560x1440"; - rate = "165.08"; - }; - eDP = config.services.autorandr.profiles.default.config.eDP // { - primary = false; - position = "640x1440"; - }; - }; - }; - }; - }; - } - ]; - - system.stateVersion = "22.11"; - - krebs.build.host = config.krebs.hosts.aergia; - - environment.systemPackages = with pkgs; [ - brain - bank - l-gen-secrets - generate-secrets - nixpkgs-review - pipenv - ]; - - programs.adb.enable = true; - - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - }; - hardware.pulseaudio.package = pkgs.pulseaudioFull; - - nix.trustedUsers = [ "root" "lass" ]; - - # nix.extraOptions = '' - # extra-experimental-features = nix-command flakes - # ''; - - services.tor = { - enable = true; - client.enable = true; - }; - - documentation.nixos.enable = true; - boot.binfmt.emulatedSystems = [ - "aarch64-linux" - ]; - - boot.cleanTmpDir = true; - programs.noisetorch.enable = true; -} diff --git a/lass/1systems/aergia/disk.nix b/lass/1systems/aergia/disk.nix deleted file mode 100644 index 233b320e4..000000000 --- a/lass/1systems/aergia/disk.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ lib, ... }: -{ - disk = { - main = { - type = "disk"; - device = "/dev/nvme0n1"; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "boot"; - start = "0"; - end = "1M"; - part-type = "primary"; - flags = ["bios_grub"]; - } - { - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - fs-type = "fat32"; - bootable = true; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - } - { - name = "root"; - start = "1GiB"; - end = "100%"; - content = { - type = "luks"; - name = "aergia1"; - content = { - type = "btrfs"; - extraArgs = "-f"; # Override existing partition - subvolumes = { - # Subvolume name is different from mountpoint - "/rootfs" = { - mountpoint = "/"; - }; - # Mountpoints inferred from subvolume name - "/home" = { - mountOptions = []; - mountpoint = "/home"; - }; - "/nix" = { - mountOptions = []; - mountpoint = "/nix"; - }; - }; - }; - }; - } - ]; - }; - }; - }; -} - diff --git a/lass/1systems/aergia/install.sh b/lass/1systems/aergia/install.sh deleted file mode 100644 index 0e4f0ab4c..000000000 --- a/lass/1systems/aergia/install.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -target=$1 diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix deleted file mode 100644 index e76460d20..000000000 --- a/lass/1systems/aergia/physical.nix +++ /dev/null @@ -1,117 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - imports = [ - ./config.nix - (modulesPath + "/installer/scan/not-detected.nix") - - ]; - disko.devices = import ./disk.nix; - - networking.hostId = "deadbeef"; - # boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub = { - enable = true; - device = "/dev/nvme0n1"; - efiSupport = true; - efiInstallAsRemovable = true; - }; - - # boot.kernelPackages = pkgs.linuxPackages_latest; - - boot.kernelParams = [ - # use less power with pstate - "amd_pstate=passive" - - # suspend - "resume_offset=178345675" - ]; - - boot.kernelModules = [ - # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html - # On recent AMD CPUs this can be more energy efficient. - "amd-pstate" - "kvm-amd" - ]; - - # hardware.cpu.amd.updateMicrocode = true; - - services.xserver.videoDrivers = [ - "amdgpu" - ]; - - boot.initrd.availableKernelModules = [ - "nvme" - "thunderbolt" - "xhci_pci" - "usbhid" - ]; - - boot.initrd.kernelModules = [ - "amdgpu" - ]; - - environment.systemPackages = [ - pkgs.vulkan-tools - (pkgs.writers.writeDashBin "set_tdp" '' - set -efux - watt=$1 - value=$(( $watt * 1000 )) - ${pkgs.ryzenadj}/bin/ryzenadj --stapm-limit="$value" --fast-limit="$value" --slow-limit="$value" - '') - ]; - - # corectrl - programs.corectrl = { - enable = true; - gpuOverclock = { - enable = true; - ppfeaturemask = "0xffffffff"; - }; - }; - users.users.mainUser.extraGroups = [ "corectrl" ]; - - # keyboard quirks - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert - ''; - services.udev.extraHwdb = /* sh */ '' - # disable back buttons - evdev:input:b0003v2F24p0135* # /dev/input/event2 - KEYBOARD_KEY_70026=reserved - KEYBOARD_KEY_70027=reserved - ''; - - # update cpu microcode - hardware.cpu.amd.updateMicrocode = true; - - hardware.opengl.enable = true; - hardware.opengl.extraPackages = [ - pkgs.amdvlk - pkgs.rocm-opencl-icd - pkgs.rocm-opencl-runtime - ]; - - # suspend to disk - swapDevices = [{ - device = "/swapfile"; - }]; - boot.resumeDevice = "/dev/mapper/aergia1"; - services.logind.lidSwitch = "suspend-then-hibernate"; - services.logind.extraConfig = '' - HandlePowerKey=hibernate - ''; - # systemd.sleep.extraConfig = '' - # HibernateDelaySec=1800 - # ''; - - # firefox touchscreen support - environment.sessionVariables.MOZ_USE_XINPUT2 = "1"; - - # enable thunderbolt - services.hardware.bolt.enable = true; - - # reinit usb after docking station connect - services.udev.extraRules = '' - SUBSYSTEM=="drm", ACTION=="change", RUN+="${pkgs.dash}/bin/dash -c 'echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized'" - ''; -} diff --git a/lass/1systems/aergia/source.nix b/lass/1systems/aergia/source.nix deleted file mode 100644 index abbf26c75..000000000 --- a/lass/1systems/aergia/source.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, pkgs, test, ... }: let - npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; -in { - nixpkgs = (if test then lib.mkForce ({ derivation = let - rev = npkgs.rev; - sha256 = npkgs.sha256; - in '' - with import (builtins.fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; - sha256 = "${sha256}"; - }) {}; - pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = "${rev}"; - sha256 = "${sha256}"; - } - ''; }) else { - git.ref = lib.mkForce npkgs.rev; - }); -} diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix deleted file mode 100644 index c4286cca3..000000000 --- a/lass/1systems/blue/config.nix +++ /dev/null @@ -1,22 +0,0 @@ -with import ; -{ config, lib, pkgs, ... }: -{ - imports = [ - - - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.blue; - - networking.nameservers = [ "1.1.1.1" ]; - - time.timeZone = "Europe/Berlin"; - use