From 397a1c89319cce2c0f37ef5eb308e40954727108 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:32:22 +0100 Subject: ma {vbob,sdev}.r: disable vbox guest extensions for now --- makefu/1systems/sdev/config.nix | 6 ++++-- makefu/1systems/vbob/config.nix | 6 +++++- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 38c044be4..3e9548aa1 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -6,7 +6,9 @@ [ # Include the results of the hardware scan. (toString ) - (toString ) + { ## Guest Extensions are currently broken + # virtualisation.virtualbox.guest.enable = true; + } # @@ -50,7 +52,7 @@ fileSystems."/media/share" = { fsType = "vboxsf"; device = "share"; - options = [ "rw" "uid=9001" "gid=9001" ]; + options = [ "rw" "uid=9001" "gid=9001" "nofail" ]; }; } diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index ffd9deaee..24d42a69b 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -8,8 +8,12 @@ { imports = [ ]; boot.loader.grub.device = "/dev/sda"; - virtualisation.virtualbox.guest.enable = true; } + + { ## Virtualbox guest is broken on newer kernel + # virtualisation.virtualbox.guest.enable = true; + } + # { # imports = [ # -- cgit v1.2.3 From ac824ebe74912dc8cc3224a10f0d10973f6449c5 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:33:29 +0100 Subject: ma gum.r: add workr --- makefu/1systems/gum/config.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'makefu/1systems') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index a656fdce3..b859efc94 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -148,6 +148,11 @@ in { allowedIPs = [ "10.244.0.5/32" ]; publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } ]; }; } -- cgit v1.2.3 From f2eedeff52caa97245db1e47d2e2413d1c991d09 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:33:51 +0100 Subject: ma omo.r: add cryptDisk3 --- makefu/1systems/omo/config.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 1e087fef4..4e0d2a05f 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -25,16 +25,18 @@ let # | | # |* | # |* d2 | - # | * r0 | + # | * | + # | * | # |_______| cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; + cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; # all physical disks # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ]; + dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; allDisks = [ rootDisk ] ++ dataDisks; in { imports = @@ -127,6 +129,7 @@ in { makefu.snapraid = { enable = true; + # TODO: 3 is not protected disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; @@ -139,7 +142,7 @@ in { ''; environment.systemPackages = with pkgs;[ mergerfs # hard requirement for mount - wol # wake up filepimp + wol # wake up filepimp f3 ]; fileSystems = let @@ -151,6 +154,7 @@ in { in cryptMount "crypt0" // cryptMount "crypt1" // cryptMount "crypt2" + // cryptMount "crypt3" // { "/media/cryptX" = { device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]); fsType = "mergerfs"; @@ -179,6 +183,7 @@ in { (usbkey "crypt0" cryptDisk0) (usbkey "crypt1" cryptDisk1) (usbkey "crypt2" cryptDisk2) + (usbkey "crypt3" cryptDisk3) ]; }; loader.grub.device = lib.mkForce rootDisk; -- cgit v1.2.3 From 372d965133cfe224d4cd47f63ec1fd2c8475c1ae Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 08:37:59 +0100 Subject: ma sdev.r: force virtualisation.virtualbox.guest.enable = false --- makefu/1systems/sdev/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 3e9548aa1..a60a8db66 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -5,9 +5,10 @@ imports = [ # Include the results of the hardware scan. + (toString ) { ## Guest Extensions are currently broken - # virtualisation.virtualbox.guest.enable = true; + virtualisation.virtualbox.guest.enable = lib.mkForce true; } # -- cgit v1.2.3 From 931e25894dc43f7c7e37026f3cc29427aa07ba80 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 09:41:59 +0100 Subject: ma vbox-guest: init --- makefu/1systems/sdev/config.nix | 19 ++++++------------- makefu/1systems/vbob/config.nix | 40 ++++------------------------------------ 2 files changed, 10 insertions(+), 49 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index a60a8db66..81e8cd4d1 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -6,9 +6,12 @@ [ # Include the results of the hardware scan. - (toString ) - { ## Guest Extensions are currently broken - virtualisation.virtualbox.guest.enable = lib.mkForce true; + + { # until virtualbox-image is fixed + imports = [ + + ]; + boot.loader.grub.device = "/dev/sda"; } # @@ -17,11 +20,6 @@ ]; - # workaround for https://github.com/NixOS/nixpkgs/issues/16641 - services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; - - nixpkgs.config.allowUnfree = true; - # allow sdev to deploy self users.extraUsers = { root = { @@ -50,10 +48,5 @@ 8010 ]; - fileSystems."/media/share" = { - fsType = "vboxsf"; - device = "share"; - options = [ "rw" "uid=9001" "gid=9001" "nofail" ]; - }; } diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index 24d42a69b..c74f6edbe 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -9,33 +9,8 @@ imports = [ ]; boot.loader.grub.device = "/dev/sda"; } - - { ## Virtualbox guest is broken on newer kernel - # virtualisation.virtualbox.guest.enable = true; - } - - # { - # imports = [ - # - # ]; - # virtualbox.baseImageSize = 35 * 1024; - # fileSystems."/media/share" = { - # fsType = "vboxsf"; - # device = "share"; - # options = [ "rw" "uid=9001" "gid=9001" ]; - # }; - # } - - # { - # imports = [ - # - # ]; - # fileSystems."/nix" = { - # device ="/dev/disk/by-label/nixstore"; - # fsType = "ext4"; - # }; - # } - + + # # base gui # @@ -79,14 +54,8 @@ ]; networking.extraHosts = import (toString ); - nixpkgs.config.allowUnfree = true; - # allow vbob to deploy self - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; - }; - }; + users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; environment.shellAliases = { forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; @@ -107,7 +76,6 @@ #devpi-client ansible ]; - # virtualisation.docker.enable = true; networking.firewall.allowedTCPPorts = [ @@ -115,6 +83,6 @@ 80 8010 ]; - + # required for qemu systemd.services."serial-getty@ttyS0".enable = true; } -- cgit v1.2.3 From cd31fcaefa6349248bd1a437027e83c7e05b22af Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 09:49:57 +0100 Subject: ma docker: use 2configs --- makefu/1systems/omo/config.nix | 2 +- makefu/1systems/sdev/config.nix | 4 +--- makefu/1systems/vbob/config.nix | 1 - 3 files changed, 2 insertions(+), 5 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 4e0d2a05f..01438397e 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -71,6 +71,7 @@ in { + # security @@ -119,7 +120,6 @@ in { services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - virtualisation.docker.enable = true; makefu.ps3netsrv = { enable = true; servedir = "/media/cryptX/emu/ps3"; diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 81e8cd4d1..7a87362d8 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -18,6 +18,7 @@ # environment + ]; # allow sdev to deploy self @@ -31,7 +32,6 @@ ppp xclip get passwdqc-utils - docker gnupg populate (pkgs.writeScriptBin "tor-browser" '' @@ -40,8 +40,6 @@ '') ]; - virtualisation.docker.enable = true; - networking.firewall.allowedTCPPorts = [ 25 80 diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index c74f6edbe..1f68ad9c2 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -71,7 +71,6 @@ fortclientsslvpn ppp xclip get logstash - # docker #devpi-web #devpi-client ansible -- cgit v1.2.3 From 1ccef680d2497903a988663e4114487315a99f39 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 15 Feb 2018 10:17:41 +0100 Subject: ma x.r: init wireguard, disable wifi, enable pcmanfm --- makefu/1systems/x/config.nix | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index d5a9bdcfb..8d18b4506 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -60,7 +60,7 @@ with import ; # Hardware # - + # # @@ -78,6 +78,38 @@ with import ; # # # + # + + { + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.2/24" ]; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # gum + endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820"; + allowedIPs = [ "10.244.0.0/24" ]; + publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; + } + #{ + # # vbob + # allowedIPs = [ "10.244.0.3/32" ]; + # publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + #} + ]; + }; + } + + { # auto-mounting + services.udisks2.enable = true; + services.devmon.enable = true; + # services.gnome3.gvfs.enable = true; + users.users.makefu.packages = with pkgs;[ + gvfs pcmanfm lxmenu-data + ]; + environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + } ]; -- cgit v1.2.3 From cdf69ce25896caf40932c0389b33b2fa9c3ab77a Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 16 Feb 2018 20:48:56 +0100 Subject: ma vbox-guest: remove from vhosts, prepare for working upstream --- makefu/1systems/sdev/config.nix | 2 +- makefu/1systems/vbob/config.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 7a87362d8..d209a0781 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -6,7 +6,7 @@ [ # Include the results of the hardware scan. - + # { # until virtualbox-image is fixed imports = [ diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index 1f68ad9c2..64709de3c 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -9,7 +9,7 @@ imports = [ ]; boot.loader.grub.device = "/dev/sda"; } - + # # # base gui -- cgit v1.2.3 From 24b8fbc40be4008bb32697309c729df72132454d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 16 Feb 2018 21:56:41 +0100 Subject: ma x.r: vbox+extensionpack does not build --- makefu/1systems/x/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 8d18b4506..b4d4aa66e 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -40,7 +40,7 @@ with import ; # Virtualization - + # { networking.firewall.allowedTCPPorts = [ 8080 ]; networking.nat = { -- cgit v1.2.3 From b28b86580d22e67d9a0552e96841643f77e03927 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 16 Feb 2018 21:57:05 +0100 Subject: ma sdev.,vbob.r: allow unfree --- makefu/1systems/sdev/config.nix | 2 ++ makefu/1systems/vbob/config.nix | 4 ++++ 2 files changed, 6 insertions(+) (limited to 'makefu/1systems') diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index d209a0781..c2cd23d1e 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -27,6 +27,8 @@ openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; }; }; + # corefonts + nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs;[ ppp xclip diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index 64709de3c..208dd1ff7 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -67,6 +67,10 @@ ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail ''; + + # for forticlient + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs;[ fortclientsslvpn ppp xclip get -- cgit v1.2.3 From c4fdec7ce910c319c675388c59a65c44d202d5b1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Feb 2018 16:00:33 +0100 Subject: ma x.r: add bluetooth --- makefu/1systems/x/config.nix | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'makefu/1systems') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index b4d4aa66e..ad2ad8779 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -100,7 +100,43 @@ with import ; ]; }; } + { # bluetooth+pulse config + # for blueman-applet + users.users.makefu.packages = [ + pkgs.blueman + ]; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + # systemWide = true; + support32Bit = true; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + load-module module-switch-on-connect + ''; + }; + # presumably a2dp Sink + # Enable profile: + ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink + hardware.bluetooth.extraConfig = ''; + [general] + Enable=Source,Sink,Media,Socket + ''; + + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; + } { # auto-mounting services.udisks2.enable = true; services.devmon.enable = true; -- cgit v1.2.3 From c222aadefe4c07a5ebc96b59cd274191e765bd75 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Feb 2018 18:59:43 +0100 Subject: ma hydra.wbob.r: init --- makefu/1systems/wbob/config.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 6434ba273..637d8e2d8 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -29,7 +29,8 @@ in { # # Services - + + (let musicDirectory = "/data/music"; @@ -83,6 +84,9 @@ in { load-module module-filter-apply load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 load-module module-switch-on-connect + # may be required for "system-wide" pulse to connect to bluetooth + #module-bluez5-device + #module-bluez5-discover ''; }; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio -- cgit v1.2.3