From dba0db28d96978d51284512c6b57a48fbfa9f492 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 17 Nov 2015 19:04:32 +0100 Subject: mv: init --- mv/1systems/stro.nix | 245 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 245 insertions(+) create mode 100644 mv/1systems/stro.nix (limited to 'mv/1systems') diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix new file mode 100644 index 000000000..9edcea007 --- /dev/null +++ b/mv/1systems/stro.nix @@ -0,0 +1,245 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + krebs.build.host = config.krebs.hosts.stro; + + krebs.build.source.git.nixpkgs.rev = + "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a"; + + krebs.build.target = "lolwat"; + + imports = [ + ../2configs/hw/x220.nix + ../2configs/mail-client.nix + ../2configs/xserver + { + environment.systemPackages = with pkgs; [ + + # stockholm + genid + gnumake + hashPassword + lentil + parallel + (pkgs.writeScriptBin "im" '' + #! ${pkgs.bash}/bin/bash + export PATH=${makeSearchPath "bin" (with pkgs; [ + tmux + gnugrep + weechat + ])} + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + + # root + cryptsetup + ntp # ntpate + + # tv + bc + bind # dig + #cac + dic + file + gnupg21 + haskellPackages.hledger + htop + jq + manpages + mkpasswd + netcat + nix-repl + nmap + nq + p7zip + pass + posix_man_pages + qrencode + texLive + tmux + + #ack + #apache-httpd + #ascii + #emacs + #es + #esniper + #gcc + #gptfdisk + #graphviz + #haskellPackages.cabal2nix + #haskellPackages.ghc + #haskellPackages.shake + #hdparm + #i7z + #iftop + #imagemagick + #inotifyTools + #iodine + #iotop + #lshw + #lsof + #minicom + #mtools + #ncmpc + #nethogs + #nix-prefetch-scripts #cvs bug + #openssl + #openswan + #parted + #perl + #powertop + #ppp + #proot + #pythonPackages.arandr + #pythonPackages.youtube-dl + #racket + #rxvt_unicode-with-plugins + #scrot + #sec + #silver-searcher + #sloccount + #smartmontools + #socat + #sshpass + #strongswan + #sysdig + #sysstat + #tcpdump + #tlsdate + #unetbootin + #utillinuxCurses + #wvdial + #xdotool + #xkill + #xl2tpd + #xsel + + unison + ]; + } + { + tv.iptables = { + enable = true; + input-internet-accept-new-tcp = [ + "ssh" + "http" + "tinc" + "smtp" + ]; + }; + } + { + krebs.exim-retiolum.enable = true; + } + { + krebs.nginx = { + enable = true; + servers.default.locations = [ + (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' + alias /home/$1/public_html$2; + '') + ]; + }; + } + { + krebs.retiolum = { + enable = true; + connectTo = [ + "cd" + "gum" + "pigstarter" + ]; + }; + } + ]; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ + { name = "xuca"; device = "/dev/sda2"; } + ]; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/xuvga-root"; + fsType = "btrfs"; + options = "defaults,noatime,ssd,compress=lzo"; + }; + "/home" = { + device = "/dev/mapper/xuvga-home"; + fsType = "btrfs"; + options = "defaults,noatime,ssd,compress=lzo"; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = "nosuid,nodev,noatime"; + }; + }; + + nixpkgs.config.chromium.enablePepperFlash = true; + + #nixpkgs.config.allowUnfreePredicate = pkg: + # pkgs.lib.hasPrefix "virtualbox" pkg.name; + + #nixpkgs.config.allowUnfree = true; + #hardware.bumblebee.enable = true; + #hardware.bumblebee.group = "video"; + hardware.enableAllFirmware = true; + #hardware.opengl.driSupport32Bit = true; + hardware.pulseaudio.enable = true; + + environment.systemPackages = with pkgs; [ + #xlibs.fontschumachermisc + #slock + ethtool + #firefoxWrapper # with plugins + #chromiumDevWrapper + tinc + iptables + #jack2 + + gptfdisk + ]; + + security.setuidPrograms = [ + "sendmail" # for cron + ]; + + services.printing.enable = true; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; + + #virtualisation.libvirtd.enable = true; + + #services.bitlbee.enable = true; + #services.tor.client.enable = true; + #services.tor.enable = true; + + #nixpkgs.config.virtualbox.enableExtensionPack = true; + + # XXX Enable for maximum slowness: + virtualisation.virtualbox.host.enable = true; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; +} -- cgit v1.2.3