From 9ea664b63c348a5855299250ec45f622c1404c5d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Oct 2021 12:13:53 +0200 Subject: l coaxmetal.r: use nixos-unstable --- lass/1systems/coaxmetal/source.nix | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 lass/1systems/coaxmetal/source.nix (limited to 'lass/1systems') diff --git a/lass/1systems/coaxmetal/source.nix b/lass/1systems/coaxmetal/source.nix new file mode 100644 index 000000000..0e2628b5b --- /dev/null +++ b/lass/1systems/coaxmetal/source.nix @@ -0,0 +1,4 @@ +{ lib, pkgs, ... }: +{ + nixpkgs.git.ref = lib.mkForce (lib.importJSON ../../../krebs/nixpkgs-unstable.json).rev; +} -- cgit v1.2.3 From d1a55f88766b72769e5f756f8b4724e13e1c6981 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Oct 2021 19:03:02 +0200 Subject: l coaxmetal.r: build with unstable --- lass/1systems/coaxmetal/source.nix | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/coaxmetal/source.nix b/lass/1systems/coaxmetal/source.nix index 0e2628b5b..7f335ec05 100644 --- a/lass/1systems/coaxmetal/source.nix +++ b/lass/1systems/coaxmetal/source.nix @@ -1,4 +1,21 @@ -{ lib, pkgs, ... }: -{ - nixpkgs.git.ref = lib.mkForce (lib.importJSON ../../../krebs/nixpkgs-unstable.json).rev; +{ lib, pkgs, test, ... }: let + npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; +in { + nixpkgs = lib.mkForce (if test then { derivation = let + rev = npkgs.rev; + sha256 = npkgs.sha256; + in '' + with import (builtins.fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; + sha256 = "${sha256}"; + }) {}; + pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = "${rev}"; + sha256 = "${sha256}"; + } + ''; } else { + git.ref = npkgs.rev; + }); } -- cgit v1.2.3 From ddac84e9e6eb49805ad244829ea5add7370a7829 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Oct 2021 21:53:26 +0200 Subject: l green.r: make source.nix ci compatible --- lass/1systems/green/source.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix index 48499c9db..cc7617f92 100644 --- a/lass/1systems/green/source.nix +++ b/lass/1systems/green/source.nix @@ -1,5 +1,4 @@ -{ lib, pkgs, ... }: -{ +{ lib, pkgs, test, ... }: +if test then { nixpkgs-unstable = lib.mkForce { file = "/var/empty"; }; - nixpkgs.git.shallow = true; -} +} else {} -- cgit v1.2.3 From bd8baec395d258cf9201ef243d4237f64aaef26b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Oct 2021 22:02:15 +0200 Subject: l blue.r: don't delete nixpkgs-unstable in ci --- lass/1systems/blue/source.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 2b4158211..2a4e1336b 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,5 +1,5 @@ { lib, pkgs, test, ... }: -{ +if test then { nixpkgs = lib.mkIf (! test) (lib.mkForce { file = { path = toString (pkgs.fetchFromGitHub { @@ -14,4 +14,4 @@ nixpkgs-unstable = lib.mkForce { file.path = "/var/empty"; }; -} +} else {} -- cgit v1.2.3 From 3ea4c8f5735cd99d8ede55d67deb51d44795db59 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Oct 2021 22:22:38 +0200 Subject: l: fix test sources --- lass/1systems/blue/source.nix | 4 ++-- lass/1systems/green/source.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 2a4e1336b..0b2bf5f5b 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,5 +1,5 @@ { lib, pkgs, test, ... }: -if test then { +if test then {} else { nixpkgs = lib.mkIf (! test) (lib.mkForce { file = { path = toString (pkgs.fetchFromGitHub { @@ -14,4 +14,4 @@ if test then { nixpkgs-unstable = lib.mkForce { file.path = "/var/empty"; }; -} else {} +} diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix index cc7617f92..da137e064 100644 --- a/lass/1systems/green/source.nix +++ b/lass/1systems/green/source.nix @@ -1,4 +1,4 @@ { lib, pkgs, test, ... }: -if test then { +if test then {} else { nixpkgs-unstable = lib.mkForce { file = "/var/empty"; }; -} else {} +} -- cgit v1.2.3 From f455668ff33d7555f8fe8d02ae9cf1b72cab596c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Oct 2021 11:06:43 +0200 Subject: l: remove red.r morpheus.r uriel.r --- lass/1systems/morpheus/config.nix | 29 ------------------ lass/1systems/morpheus/physical.nix | 44 --------------------------- lass/1systems/red/config.nix | 28 ------------------ lass/1systems/red/physical.nix | 7 ----- lass/1systems/uriel/config.nix | 47 ----------------------------- lass/1systems/uriel/physical.nix | 59 ------------------------------------- 6 files changed, 214 deletions(-) delete mode 100644 lass/1systems/morpheus/config.nix delete mode 100644 lass/1systems/morpheus/physical.nix delete mode 100644 lass/1systems/red/config.nix delete mode 100644 lass/1systems/red/physical.nix delete mode 100644 lass/1systems/uriel/config.nix delete mode 100644 lass/1systems/uriel/physical.nix (limited to 'lass/1systems') diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix deleted file mode 100644 index 79d4f528d..000000000 --- a/lass/1systems/morpheus/config.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, pkgs, ... }: -with import ; -{ - imports = [ - - - - - - ]; - - krebs.build.host = config.krebs.hosts.morpheus; - - networking.wireless.enable = false; - networking.networkmanager.enable = true; - - services.logind.lidSwitch = "ignore"; - services.logind.lidSwitchDocked = "ignore"; - - environment.systemPackages = with pkgs; [ - gitAndTools.hub - nix-review - firefox - ag - ]; - - services.openssh.forwardX11 = true; - programs.x2goserver.enable = true; -} diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix deleted file mode 100644 index 6e59a2273..000000000 --- a/lass/1systems/morpheus/physical.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - imports = [ - ./config.nix - - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.efiInstallAsRemovable = true; - boot.loader.grub.device = "nodev"; - - networking.hostId = "06442b9a"; - - fileSystems."/" = { - device = "/dev/pool/root"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/1F60-17C6"; - fsType = "vfat"; - }; - - fileSystems."/home" = { - device = "/dev/pool/home"; - fsType = "btrfs"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices.luksroot.device = "/dev/nvme0n1p3"; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0" - ''; -} diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix deleted file mode 100644 index 3139e94a2..000000000 --- a/lass/1systems/red/config.nix +++ /dev/null @@ -1,28 +0,0 @@ -with import ; -{ config, lib, pkgs, ... }: -let - inherit (import {inherit lib pkgs;}) - servephpBB - ; -in -{ - imports = [ - - - - - - (servephpBB [ "rote-allez-fraktion.de" ]) - ]; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } - ]; - - krebs.build.host = config.krebs.hosts.red; - - services.nginx.enable = true; - environment.systemPackages = [ - pkgs.mk_sql_pair - ]; -} diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix deleted file mode 100644 index b6aa3a894..000000000 --- a/lass/1systems/red/physical.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - boot.isContainer = true; - networking.useDHCP = false; -} diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix deleted file mode 100644 index c3ce8fced..000000000 --- a/lass/1systems/uriel/config.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, pkgs, ... }: - -with builtins; -with import ; -{ - imports = [ - - - - { - # locke config - i18n.defaultLocale ="de_DE.UTF-8"; - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - services.xserver.libinput.enable = false; - users.users.locke = { - uid = genid "locke"; - home = "/home/locke"; - group = "users"; - createHome = true; - extraGroups = [ - "audio" - "networkmanager" - ]; - useDefaultShell = true; - isNormalUser = true; - }; - networking.networkmanager.enable = true; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - environment.systemPackages = with pkgs; [ - pavucontrol - firefox - hexchat - networkmanagerapplet - ]; - services.xserver.desktopManager.xfce = { - enable = true; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.uriel; - nixpkgs.config.allowUnfree = true; -} diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix deleted file mode 100644 index 82a088643..000000000 --- a/lass/1systems/uriel/physical.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - - hardware.enableRedistributableFirmware = true; - boot = { - #kernelParams = [ - # "acpi.brightness_switch_enabled=0" - #]; - #loader.grub.enable = true; - #loader.grub.version = 2; - #loader.grub.device = "/dev/sda"; - - loader.systemd-boot.enable = true; - loader.timeout = 5; - - initrd.luks.devices.luksroot.device = "/dev/sda2"; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/pool/root"; - fsType = "ext4"; - }; - - "/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - ''; - - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - additionalOptions = '' - Option "FingerHigh" "60" - Option "FingerLow" "60" - ''; - }; -} -- cgit v1.2.3 From 4c15270e18861dd84036d776dd3143a74f7ea9b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Oct 2021 16:54:23 +0200 Subject: l prism.r: remove ts3 server --- lass/1systems/prism/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d43fb804a..356b8d182 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -112,7 +112,6 @@ with import ; }; } - -- cgit v1.2.3 From 566951d3f0aa9fcc64df3ef5d7bf1fcf0eff04ab Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Oct 2021 16:58:08 +0200 Subject: l prism.r: fix mdmonitor service error --- lass/1systems/prism/config.nix | 10 ---------- lass/1systems/prism/physical.nix | 6 ++++++ 2 files changed, 6 insertions(+), 10 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 356b8d182..45f9ae00e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -123,16 +123,6 @@ with import ; - { # quasi bepasty.nix - imports = [ - - ]; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { - return 403; - } - ''; - } { services.tor = { enable = true; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 1a3bee850..26ecd1cda 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -65,6 +65,12 @@ fsType = "ext4"; }; + # silence mdmonitor.service failures + # https://github.com/NixOS/nixpkgs/issues/72394 + environment.etc."mdadm.conf".text = '' + MAILADDR root + ''; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -- cgit v1.2.3 From ee50871bd10676e26b280084417bcbc9963ffe70 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Oct 2021 20:34:17 +0200 Subject: l coaxmetal.r: force only git.ref --- lass/1systems/coaxmetal/source.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/coaxmetal/source.nix b/lass/1systems/coaxmetal/source.nix index 7f335ec05..abbf26c75 100644 --- a/lass/1systems/coaxmetal/source.nix +++ b/lass/1systems/coaxmetal/source.nix @@ -1,7 +1,7 @@ { lib, pkgs, test, ... }: let npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; in { - nixpkgs = lib.mkForce (if test then { derivation = let + nixpkgs = (if test then lib.mkForce ({ derivation = let rev = npkgs.rev; sha256 = npkgs.sha256; in '' @@ -15,7 +15,7 @@ in { rev = "${rev}"; sha256 = "${sha256}"; } - ''; } else { - git.ref = npkgs.rev; + ''; }) else { + git.ref = lib.mkForce npkgs.rev; }); } -- cgit v1.2.3 From ff39fb0d1f436e1587c71ffa1feb462fd4d784e6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Oct 2021 21:35:54 +0200 Subject: l echelon.r: import green-host --- lass/1systems/coaxmetal/config.nix | 2 +- lass/1systems/echelon/config.nix | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index 227c5e1e9..0e6bddf5e 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -16,7 +16,7 @@ - # + diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix index 9e72916b3..eacdff782 100644 --- a/lass/1systems/echelon/config.nix +++ b/lass/1systems/echelon/config.nix @@ -5,10 +5,13 @@ + + ]; krebs.build.host = config.krebs.hosts.echelon; boot.tmpOnTmpfs = true; + } -- cgit v1.2.3 From 3a7c33394328108cc9159de89367a90701fcbc80 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Oct 2021 19:52:54 +0200 Subject: l green.r: add brain repo --- lass/1systems/green/config.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index d7bf62b40..b41e396c9 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -17,6 +17,8 @@ with import ; + + ]; krebs.build.host = config.krebs.hosts.green; @@ -68,6 +70,13 @@ with import ; ]; clearTarget = true; }; + "/var/lib/git" = { + source = "/var/state/git"; + options = [ + "-M ${toString config.users.users.git.uid}" + ]; + clearTarget = true; + }; }; systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" '' -- cgit v1.2.3 From 4dea6681b4726a749e4cfc56c45f289a9cfdcf37 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Nov 2021 14:07:22 +0100 Subject: l mors.r: use unstable --- lass/1systems/mors/source.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 lass/1systems/mors/source.nix (limited to 'lass/1systems') diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix new file mode 100644 index 000000000..abbf26c75 --- /dev/null +++ b/lass/1systems/mors/source.nix @@ -0,0 +1,21 @@ +{ lib, pkgs, test, ... }: let + npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; +in { + nixpkgs = (if test then lib.mkForce ({ derivation = let + rev = npkgs.rev; + sha256 = npkgs.sha256; + in '' + with import (builtins.fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; + sha256 = "${sha256}"; + }) {}; + pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = "${rev}"; + sha256 = "${sha256}"; + } + ''; }) else { + git.ref = lib.mkForce npkgs.rev; + }); +} -- cgit v1.2.3 From b244950e5d0b7ce3ebaf4f63a00f93abab46a893 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 14 Nov 2021 17:13:08 +0100 Subject: l mors.r: remove deprecated restic setup --- lass/1systems/mors/config.nix | 29 ----------------------------- 1 file changed, 29 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 95b688590..88ac90de4 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -183,35 +183,6 @@ with import ; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; - lass.restic = genAttrs [ - "daedalus" - "icarus" - "littleT" - "prism" - "shodan" - "skynet" - ] (dest: { - dirs = [ - "/home/lass/src" - "/home/lass/work" - "/home/lass/.gnupg" - "/home/lass/Maildir" - "/home/lass/stockholm" - "/home/lass/.password-store" - "/home/bitcoin" - "/home/bch" - ]; - passwordFile = (toString ) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/mors"; - #sshPrivateKey = config.krebs.build.host.ssh.privkey.path; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }); virtualisation.libvirtd.enable = true; services.earlyoom = { -- cgit v1.2.3