From 1f341a2e5e4a6215213bd239a519f13aa732f4e1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 10:06:48 +0200 Subject: l dishfire.r: open port 993 (for tinc) --- lass/1systems/dishfire/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix index 416edeb82..25e8759b1 100644 --- a/lass/1systems/dishfire/config.nix +++ b/lass/1systems/dishfire/config.nix @@ -88,6 +88,7 @@ }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 993"; target = "ACCEPT"; } ]; } ]; -- cgit v1.3.1 From 2d1160c0623461ea94d2f573d114909b64ab2b4d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 11:51:22 +0200 Subject: l retiolum: open configured tinc port --- lass/1systems/dishfire/config.nix | 1 - lass/2configs/retiolum.nix | 10 ++++++---- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix index 25e8759b1..416edeb82 100644 --- a/lass/1systems/dishfire/config.nix +++ b/lass/1systems/dishfire/config.nix @@ -88,7 +88,6 @@ }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 993"; target = "ACCEPT"; } ]; } ]; diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index e7779f53e..fb76c5735 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -1,12 +1,14 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { krebs.iptables = { tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + filter.INPUT.rules = let + tincport = toString config.krebs.build.host.nets.retiolum.tinc.port; + in [ + { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; } + { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; } ]; }; }; -- cgit v1.3.1 From e822f88199f11fe75e2a38a0e5f9806a8c9ba5cf Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 12:34:43 +0200 Subject: l: add helios.r config + source --- lass/1systems/helios/config.nix | 86 +++++++++++++++++++++++++++++++++++++++++ lass/1systems/helios/source.nix | 4 ++ 2 files changed, 90 insertions(+) create mode 100644 lass/1systems/helios/config.nix create mode 100644 lass/1systems/helios/source.nix (limited to 'lass/1systems') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix new file mode 100644 index 000000000..89949bcbf --- /dev/null +++ b/lass/1systems/helios/config.nix @@ -0,0 +1,86 @@ +with import ; +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + + + + + + { # automatic hardware detection + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = + { device = "/dev/pool/root"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/1F60-17C6"; + fsType = "vfat"; + }; + + fileSystems."/home" = + { device = "/dev/pool/home"; + fsType = "btrfs"; + }; + + nix.maxJobs = lib.mkDefault 8; + powerManagement.cpuFreqGovernor = "powersave"; + } + { # crypto stuff + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + devices = [{ + name = "luksroot"; + device = "/dev/nvme0n1p3"; + }]; + }; + } + { + services.xserver.dpi = 200; + fonts.fontconfig.dpi = 200; + lass.myFont = "-schumacher-clean-*-*-*-*-26-*-*-*-*-*-iso10646-1"; + } + ]; + krebs.build.host = config.krebs.hosts.helios; + + krebs.git.rules = [ + { + user = [ config.krebs.users.lass-helios ]; + repo = [ config.krebs.git.repos.stockholm ]; + perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ]; + } + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.wireless.enable = true; + hardware.enableRedistributableFirmware = true; + + environment.systemPackages = with pkgs; [ + vim + rxvt_unicode + git + rsync + hashPassword + thunderbird + dpass + ]; + + users.users = { + root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass-helios.pubkey + ]; + }; + + programs.ssh.startAgent = lib.mkForce true; + +} diff --git a/lass/1systems/helios/source.nix b/lass/1systems/helios/source.nix new file mode 100644 index 000000000..bfe4dca4c --- /dev/null +++ b/lass/1systems/helios/source.nix @@ -0,0 +1,4 @@ +import { + name = "helios"; + secure = true; +} -- cgit v1.3.1 From 3fdae8f6828c3a07ae03f607672431c1db4b3220 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 13:44:17 +0200 Subject: l helios.r: set fontsize to 25 --- lass/1systems/helios/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 89949bcbf..dc6eb8290 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -45,7 +45,7 @@ with import ; { services.xserver.dpi = 200; fonts.fontconfig.dpi = 200; - lass.myFont = "-schumacher-clean-*-*-*-*-26-*-*-*-*-*-iso10646-1"; + lass.myFont = "-schumacher-clean-*-*-*-*-25-*-*-*-*-*-iso10646-1"; } ]; krebs.build.host = config.krebs.hosts.helios; -- cgit v1.3.1 From 2a6bf899567b2038433d46fc5c52f9e75cfb17e3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 15:16:55 +0200 Subject: l helios.r: fetch the wallpaper --- lass/1systems/helios/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index dc6eb8290..923304fad 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -11,6 +11,7 @@ with import ; + { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; -- cgit v1.3.1 From 8b4a4df05669a16e29ab08626f7897fd5c0760d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 15:17:09 +0200 Subject: l helios.r: enable tlp --- lass/1systems/helios/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 923304fad..37bdc0290 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -32,7 +32,6 @@ with import ; }; nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = "powersave"; } { # crypto stuff boot.initrd.luks = { @@ -84,4 +83,5 @@ with import ; programs.ssh.startAgent = lib.mkForce true; + services.tlp.enable = true; } -- cgit v1.3.1 From d930510e42b011fb6e571a0eea6bb417e43705b8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 20:07:05 +0200 Subject: l mors.r: fix modem path --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 4d2f8b0f8..f6bfa02b3 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -38,7 +38,7 @@ with import ; { lass.umts = { enable = true; - modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_C12AD95CB7B78F90-if09"; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09"; initstrings = '' Init1 = AT+CFUN=1 Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 -- cgit v1.3.1 From 9701906f18838e02696a2bb416f2f4e2a54f7ead Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 20:11:43 +0200 Subject: l mors.r: add dpass to pkgs --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f6bfa02b3..8b90cce77 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -133,6 +133,7 @@ with import ; iodine macchanger + dpass ]; #TODO: fix this shit -- cgit v1.3.1