summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/blue/config.nix41
-rw-r--r--lass/1systems/blue/physical.nix8
-rw-r--r--lass/1systems/blue/source.nix4
-rw-r--r--lass/1systems/cabal/config.nix16
-rw-r--r--lass/1systems/cabal/physical.nix12
-rw-r--r--lass/1systems/daedalus/config.nix15
-rw-r--r--lass/1systems/daedalus/physical.nix20
-rw-r--r--lass/1systems/dishfire/config.nix34
-rw-r--r--lass/1systems/dishfire/physical.nix39
-rw-r--r--lass/1systems/helios/config.nix56
-rw-r--r--lass/1systems/helios/physical.nix64
-rw-r--r--lass/1systems/icarus/config.nix22
-rw-r--r--lass/1systems/icarus/physical.nix20
-rw-r--r--lass/1systems/littleT/config.nix15
-rw-r--r--lass/1systems/littleT/physical.nix7
-rw-r--r--lass/1systems/mors/config.nix44
-rw-r--r--lass/1systems/mors/physical.nix44
-rw-r--r--lass/1systems/prism/config.nix147
-rw-r--r--lass/1systems/prism/physical.nix85
-rw-r--r--lass/1systems/red/config.nix3
-rw-r--r--lass/1systems/red/physical.nix8
-rw-r--r--lass/1systems/shodan/config.nix42
-rw-r--r--lass/1systems/shodan/physical.nix47
-rw-r--r--lass/1systems/skynet/config.nix15
-rw-r--r--lass/1systems/skynet/physical.nix12
-rw-r--r--lass/1systems/uriel/config.nix55
-rw-r--r--lass/1systems/uriel/physical.nix59
-rw-r--r--lass/1systems/xerxes/config.nix24
-rw-r--r--lass/1systems/xerxes/physical.nix29
-rw-r--r--lass/2configs/AP.nix22
-rw-r--r--lass/2configs/IM.nix73
-rw-r--r--lass/2configs/backup.nix1
-rw-r--r--lass/2configs/baseX.nix11
-rw-r--r--lass/2configs/bitlbee.nix15
-rw-r--r--lass/2configs/blue-host.nix22
-rw-r--r--lass/2configs/blue.nix55
-rw-r--r--lass/2configs/container-networking.nix15
-rw-r--r--lass/2configs/default.nix6
-rw-r--r--lass/2configs/exim-smarthost.nix5
-rw-r--r--lass/2configs/games.nix1
-rw-r--r--lass/2configs/git.nix12
-rw-r--r--lass/2configs/libvirt.nix3
-rw-r--r--lass/2configs/monitoring/prometheus-server.nix1
-rw-r--r--lass/2configs/steam.nix2
-rw-r--r--lass/2configs/websites/domsen.nix15
-rw-r--r--lass/2configs/websites/util.nix16
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/nichtparasoup.nix48
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix2
-rw-r--r--lass/5pkgs/l-gen-secrets/default.nix4
-rw-r--r--lass/5pkgs/nichtparasoup/default.nix15
-rw-r--r--lass/5pkgs/nichtparasoup/exception.patch13
-rw-r--r--lass/kops.nix2
-rw-r--r--lass/source.nix2
54 files changed, 807 insertions, 542 deletions
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
new file mode 100644
index 000000000..aef055cf0
--- /dev/null
+++ b/lass/1systems/blue/config.nix
@@ -0,0 +1,41 @@
+with import <stockholm/lib>;
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+
+ <stockholm/lass/2configs/blue.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.blue;
+
+ networking.nameservers = [ "1.1.1.1" ];
+
+ lass.restic = genAttrs [
+ "daedalus"
+ "icarus"
+ "littleT"
+ "prism"
+ "shodan"
+ "skynet"
+ ] (dest: {
+ dirs = [
+ "/home/"
+ "/var/lib"
+ ];
+ passwordFile = (toString <secrets>) + "/restic/${dest}";
+ repo = "sftp:backup@${dest}.r:/backups/blue";
+ extraArguments = [
+ "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
+ ];
+ timerConfig = {
+ OnCalendar = "00:05";
+ RandomizedDelaySec = "5h";
+ };
+ });
+ time.timeZone = "Europe/Berlin";
+ users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
+}
diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix
new file mode 100644
index 000000000..7499ff723
--- /dev/null
+++ b/lass/1systems/blue/physical.nix
@@ -0,0 +1,8 @@
+{
+ imports = [
+ ./config.nix
+ ];
+ boot.isContainer = true;
+ networking.useDHCP = false;
+ environment.variables.NIX_REMOTE = "daemon";
+}
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
new file mode 100644
index 000000000..d8b979812
--- /dev/null
+++ b/lass/1systems/blue/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/lass/source.nix> {
+ name = "blue";
+ secure = true;
+}
diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix
index 9ac3cb681..64c179e67 100644
--- a/lass/1systems/cabal/config.nix
+++ b/lass/1systems/cabal/config.nix
@@ -3,8 +3,6 @@
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
@@ -16,20 +14,8 @@
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/AP.nix>
+ <stockholm/lass/2configs/blue-host.nix>
];
krebs.build.host = config.krebs.hosts.cabal;
-
- #fileSystems = {
- # "/bku" = {
- # device = "/dev/mapper/pool-bku";
- # fsType = "btrfs";
- # options = ["defaults" "noatime" "ssd" "compress=lzo"];
- # };
- #};
-
- #services.udev.extraRules = ''
- # SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
- # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- #'';
}
diff --git a/lass/1systems/cabal/physical.nix b/lass/1systems/cabal/physical.nix
new file mode 100644
index 000000000..3cc4af03b
--- /dev/null
+++ b/lass/1systems/cabal/physical.nix
@@ -0,0 +1,12 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/stock-x220.nix>
+ ];
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0"
+ '';
+}
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index c15fcdc21..eafc0d06c 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -4,8 +4,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/coreboot.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/games.nix>
@@ -94,17 +92,4 @@ with import <stockholm/lib>;
'';
krebs.build.host = config.krebs.hosts.daedalus;
-
- fileSystems = {
- "/bku" = {
- device = "/dev/mapper/pool-bku";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- '';
}
diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix
new file mode 100644
index 000000000..33a0cb473
--- /dev/null
+++ b/lass/1systems/daedalus/physical.nix
@@ -0,0 +1,20 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/coreboot.nix>
+ ];
+
+ fileSystems = {
+ "/bku" = {
+ device = "/dev/mapper/pool-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+ '';
+}
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
index 7993c763e..3d5f32180 100644
--- a/lass/1systems/dishfire/config.nix
+++ b/lass/1systems/dishfire/config.nix
@@ -4,42 +4,8 @@
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
- <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/lass/2configs/git.nix>
{
- boot.loader.grub = {
- device = "/dev/vda";
- splashImage = null;
- };
-
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "ehci_pci"
- "uhci_hcd"
- "virtio_pci"
- "virtio_blk"
- ];
-
- fileSystems."/" = {
- device = "/dev/mapper/pool-nix";
- fsType = "ext4";
- };
-
- fileSystems."/srv/http" = {
- device = "/dev/pool/srv_http";
- fsType = "ext4";
- };
-
- fileSystems."/boot" = {
- device = "/dev/vda1";
- fsType = "ext4";
- };
- fileSystems."/bku" = {
- device = "/dev/pool/bku";
- fsType = "ext4";
- };
- }
- {
networking.dhcpcd.allowInterfaces = [
"enp*"
"eth*"
diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix
new file mode 100644
index 000000000..64e3904e0
--- /dev/null
+++ b/lass/1systems/dishfire/physical.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ ./config.nix
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ];
+
+ boot.loader.grub = {
+ device = "/dev/vda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "ehci_pci"
+ "uhci_hcd"
+ "virtio_pci"
+ "virtio_blk"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/mapper/pool-nix";
+ fsType = "ext4";
+ };
+
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/srv_http";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/vda1";
+ fsType = "ext4";
+ };
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
+}
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index 759bb6d06..bd7f75c3e 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -12,48 +12,12 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/otp-ssh.nix>
# TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
#<stockholm/lass/2configs/git.nix>
- <stockholm/lass/2configs/dcso-vpn.nix>
+ #<stockholm/lass/2configs/dcso-vpn.nix>
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
- { # automatic hardware detection
- boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
-
- fileSystems."/" = {
- device = "/dev/pool/root";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/1F60-17C6";
- fsType = "vfat";
- };
-
- fileSystems."/home" = {
- device = "/dev/pool/home";
- fsType = "btrfs";
- };
-
- fileSystems."/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
-
- nix.maxJobs = lib.mkDefault 8;
- }
- { # crypto stuff
- boot.initrd.luks = {
- cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- devices = [{
- name = "luksroot";
- device = "/dev/nvme0n1p3";
- }];
- };
- }
{
services.xserver.dpi = 200;
fonts.fontconfig.dpi = 200;
@@ -99,13 +63,6 @@ with import <stockholm/lib>;
}
];
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- networking.wireless.enable = true;
- hardware.enableRedistributableFirmware = true;
-
environment.systemPackages = with pkgs; [
ag
vim
@@ -124,17 +81,6 @@ with import <stockholm/lib>;
services.tlp.enable = true;
- services.xserver.videoDrivers = [ "nvidia" ];
- services.xserver.xrandrHeads = [
- { output = "DP-2"; primary = true; }
- { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
- { output = "DP-0"; }
- ];
-
- services.xserver.displayManager.sessionCommands = ''
- ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
- '';
-
networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [
diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix
new file mode 100644
index 000000000..a5212454f
--- /dev/null
+++ b/lass/1systems/helios/physical.nix
@@ -0,0 +1,64 @@
+{ pkgs, ... }:
+{
+ imports = [
+ ./config.nix
+ { # automatic hardware detection
+ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+ boot.kernelModules = [ "kvm-intel" ];
+
+ fileSystems."/" = {
+ device = "/dev/pool/root";
+ fsType = "btrfs";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/1F60-17C6";
+ fsType = "vfat";
+ };
+
+ fileSystems."/home" = {
+ device = "/dev/pool/home";
+ fsType = "btrfs";
+ };
+
+ fileSystems."/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
+ };
+ }
+ { # crypto stuff
+ boot.initrd.luks = {
+ cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ devices = [{
+ name = "luksroot";
+ device = "/dev/nvme0n1p3";
+ }];
+ };
+ }
+ ];
+
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ networking.wireless.enable = true;
+ hardware.enableRedistributableFirmware = true;
+
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0"
+ '';
+
+ services.xserver.videoDrivers = [ "nvidia" ];
+ services.xserver.xrandrHeads = [
+ { output = "DP-2"; primary = true; }
+ { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
+ { output = "DP-0"; }
+ ];
+
+ services.xserver.displayManager.sessionCommands = ''
+ ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
+ '';
+}
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index b6a0822b9..d54bd3e9e 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -3,8 +3,6 @@
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/coreboot.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
@@ -17,20 +15,18 @@
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
+ <stockholm/lass/2configs/wine.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
- fileSystems = {
- "/bku" = {
- device = "/dev/mapper/pool-bku";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
+ environment.systemPackages = with pkgs; [
+ macchanger
+ dpass
+ ];
+ services.redshift = {
+ enable = true;
+ provider = "geoclue2";
};
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- '';
+ programs.adb.enable = true;
}
diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix
new file mode 100644
index 000000000..6cc77a47d
--- /dev/null
+++ b/lass/1systems/icarus/physical.nix
@@ -0,0 +1,20 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/coreboot.nix>
+ ];
+
+ fileSystems = {
+ "/bku" = {
+ device = "/dev/mapper/pool-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+ '';
+}
diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
index ef19e8d16..44617d3e7 100644
--- a/lass/1systems/littleT/config.nix
+++ b/lass/1systems/littleT/config.nix
@@ -4,8 +4,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/backup.nix>
@@ -68,17 +66,4 @@ with import <stockholm/lib>;
'';
krebs.build.host = config.krebs.hosts.littleT;
-
- #fileSystems = {
- # "/bku" = {
- # device = "/dev/mapper/pool-bku";
- # fsType = "btrfs";
- # options = ["defaults" "noatime" "ssd" "compress=lzo"];
- # };
- #};
-
- #services.udev.extraRules = ''
- # SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
- # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- #'';
}
diff --git a/lass/1systems/littleT/physical.nix b/lass/1systems/littleT/physical.nix
new file mode 100644
index 000000000..9776211ae
--- /dev/null
+++ b/lass/1systems/littleT/physical.nix
@@ -0,0 +1,7 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/stock-x220.nix>
+ ];
+}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index f8a16ad2e..de6963eb5 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -4,8 +4,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
@@ -35,9 +33,11 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
{
- #risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
+ #risk of rain
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
+ #chromecast
+ { predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; }
];
}
{
@@ -86,43 +86,6 @@ with import <stockholm/lib>;