From 153422f74b1ed5cae37c9424514a9e9d1f79acb4 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 11 Jul 2015 19:44:12 +0200
Subject: move old stuff
---
old/modules/nomic/default.nix | 105 +++++++++++++++++++++++++++
old/modules/nomic/hardware-configuration.nix | 49 +++++++++++++
old/modules/nomic/paths.nix | 12 +++
old/modules/nomic/users.nix | 42 +++++++++++
4 files changed, 208 insertions(+)
create mode 100644 old/modules/nomic/default.nix
create mode 100644 old/modules/nomic/hardware-configuration.nix
create mode 100644 old/modules/nomic/paths.nix
create mode 100644 old/modules/nomic/users.nix
(limited to 'old/modules/nomic')
diff --git a/old/modules/nomic/default.nix b/old/modules/nomic/default.nix
new file mode 100644
index 0000000..f61f97a
--- /dev/null
+++ b/old/modules/nomic/default.nix
@@ -0,0 +1,105 @@
+{ config, pkgs, ... }:
+
+let
+ location = pkgs.lib.nameValuePair; # TODO this is also in modules/tv/git/cgit.nix
+in
+
+{
+ imports = [
+ ./hardware-configuration.nix
+ ./users.nix
+ ../tv/base.nix
+ ../tv/config/consul-server.nix
+ ../tv/environment.nix
+ ../tv/exim-retiolum.nix
+ ../tv/git/public.nix
+ ../tv/sanitize.nix
+ ../tv/smartd.nix
+ {
+ imports = [ ../tv/identity ];
+ tv.identity = {
+ enable = true;
+ self = config.tv.identity.hosts.nomic;
+ };
+ }
+ {
+ imports = [ ../tv/iptables ];
+ tv.iptables = {
+ enable = true;
+ input-internet-accept-new-tcp = [
+ "ssh"
+ "http"
+ "tinc"
+ "smtp"
+ ];
+ };
+ }
+ {
+ imports = [ ../tv/nginx ];
+ tv.nginx = {
+ enable = true;
+ retiolum-locations = [
+ (location "~ ^/~(.+?)(/.*)?\$" ''
+ alias /home/$1/public_html$2;
+ '')
+ ];
+ };
+ }
+ {
+ imports = [ ../tv/retiolum ];
+ tv.retiolum = {
+ enable = true;
+ hosts = <retiolum-hosts>;
+ connectTo = [
+ "gum"
+ "pigstarter"
+ ];
+ };
+ }
+ ];
+
+ boot.kernel.sysctl = {
+ # Enable IPv6 Privacy Extensions
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+
+ boot.tmpOnTmpfs = true;
+
+ environment.systemPackages = with pkgs; [
+ (writeScriptBin "play" ''
+ #! /bin/sh
+ set -euf
+ mpv() { exec ${mpv}/bin/mpv "$@"; }
+ case $1 in
+ deepmix) mpv http://deepmix.ru/deepmix128.pls;;
+ groovesalad) mpv http://somafm.com/play/groovesalad;;
+ ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;;
+ *)
+ echo "$0: bad argument: $*" >&2
+ exit 23
+ esac
+ '')
+ rxvt_unicode.terminfo
+ tmux
+ ];
+
+ networking = {
+ hostName = "nomic";
+ wireless.enable = true;
+ };
+
+ services.logind.extraConfig = ''
+ HandleHibernateKey=ignore
+ HandleLidSwitch=ignore
+ HandlePowerKey=ignore
+ HandleSuspendKey=ignore
+ '';
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+}
diff --git a/old/modules/nomic/hardware-configuration.nix b/old/modules/nomic/hardware-configuration.nix
new file mode 100644
index 0000000..8a00730
--- /dev/null
+++ b/old/modules/nomic/hardware-configuration.nix
@@ -0,0 +1,49 @@
+{ config, ... }:
+
+{
+ boot.initrd.luks = {
+ cryptoModules = [ "aes" "sha1" "xts" ];
+ devices = [
+ {
+ name = "luks1";
+ device = "/dev/disk/by-uuid/cac73902-1023-4906-8e95-3a8b245337d4";
+ }
+ ];
+ };
+
+ boot.initrd.availableKernelModules = [ "ahci" ];
+ boot.kernelModules = [ "kvm-intel" "wl" ];
+ boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
+
+ boot.loader.grub = {
+ device = "/dev/sda";
+ splashImage = null;
+ };
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/de4780fc-0473-4708-81df-299b7383274c";
+ fsType = "btrfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/be3a1d80-3157-4d7c-86cc-ef01b64eff5e";
+ fsType = "ext4";
+ };
+
+ fileSystems."/home" =
+ { device = "/dev/disk/by-uuid/9db9c8ff-51da-4cbd-9f0a-0cd3333bbaff";
+ fsType = "btrfs";
+ };
+
+ swapDevices = [ ];
+
+ nix = {
+ buildCores = 2;
+ maxJobs = 2;
+ daemonIONiceLevel = 1;
+ daemonNiceLevel = 1;
+ };
+
+ # For config.boot.kernelPackages.broadcom_sta
+ nixpkgs.config.allowUnfree = true;
+}
diff --git a/old/modules/nomic/paths.nix b/old/modules/nomic/paths.nix
new file mode 100644
index 0000000..0bcf1d3
--- /dev/null
+++ b/old/modules/nomic/paths.nix
@@ -0,0 +1,12 @@
+{
+ lib.file.url = ../../lib;
+ modules.file.url = ../../modules;
+ nixpkgs.git = {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "4e5e441";
+ cache = ../../tmp/git-cache;
+ };
+ pubkeys.file.url = ../../pubkeys;
+ retiolum-hosts.file.url = ../../hosts;
+ secrets.file.url = ../../secrets/nomic/nix;
+}
diff --git a/old/modules/nomic/users.nix b/old/modules/nomic/users.nix
new file mode 100644
index 0000000..70e1d8d
--- /dev/null
+++ b/old/modules/nomic/users.nix
@@ -0,0 +1,42 @@
+{ pkgs, ... }:
+
+{
+ imports = [
+ { users = import <secrets/users.nix>; }
+ {
+ users.extraUsers = {
+ root = {
+ openssh.authorizedKeys.keys = [
+ (pkgs.lib.readFile <pubkeys/tv_wu.ssh.pub>)
+ ];
+ };
+ tv = {
+ uid = 1337;
+ group = "users";
+ home = "/home/tv";
+ createHome = true;
+ useDefaultShell = true;
+ extraGroups = [
+ "audio"
+ "video"
+ "wheel"
+ ];
+ openssh.authorizedKeys.keys = [
+ (pkgs.lib.readFile <pubkeys/tv_wu.ssh.pub>)
+ ];
+ };
+ };
+ }
+ ];
+
+ users.defaultUserShell = "/run/current-system/sw/bin/bash";
+ users.mutableUsers = false;
+
+ security.setuidPrograms = [
+ "sendmail" # for sudo
+ ];
+
+ security.sudo.extraConfig = ''
+ Defaults mailto="tv@wu.retiolum"
+ '';
+}
--
cgit v1.2.3