From d5c580daa1c1fd878dad9f08ea699bc531791a08 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 19 Apr 2019 16:14:53 +0200
Subject: init mb
---
mb/1systems/orange/configuration.nix | 232 ++++++++++++++++++++++++++
mb/1systems/orange/hardware-configuration.nix | 28 ++++
mb/2configs/default.nix | 198 ++++++++++++++++++++++
mb/2configs/retiolum.nix | 33 ++++
mb/2configs/tests/dummy-secrets/retiolum.rsa | 4 +
mb/3modules/default.nix | 6 +
mb/3modules/hosts.nix | 12 ++
mb/5pkgs/default.nix | 11 ++
mb/default.nix | 14 ++
mb/krops.nix | 54 ++++++
10 files changed, 592 insertions(+)
create mode 100644 mb/1systems/orange/configuration.nix
create mode 100644 mb/1systems/orange/hardware-configuration.nix
create mode 100644 mb/2configs/default.nix
create mode 100644 mb/2configs/retiolum.nix
create mode 100644 mb/2configs/tests/dummy-secrets/retiolum.rsa
create mode 100644 mb/3modules/default.nix
create mode 100644 mb/3modules/hosts.nix
create mode 100644 mb/5pkgs/default.nix
create mode 100644 mb/default.nix
create mode 100644 mb/krops.nix
(limited to 'mb')
diff --git a/mb/1systems/orange/configuration.nix b/mb/1systems/orange/configuration.nix
new file mode 100644
index 000000000..4ac0996a4
--- /dev/null
+++ b/mb/1systems/orange/configuration.nix
@@ -0,0 +1,232 @@
+{ config, pkgs, callPackage, ... }: let
+ unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
+in {
+ imports =
+ [ # Include the results of the hardware scan.
+ ./hardware-configuration.nix
+ <stockholm/mb>
+ ];
+
+ krebs.build.host = config.krebs.hosts.orange;
+
+ boot.kernelPackages = pkgs.linuxPackages_latest;
+ boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
+
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ boot.initrd.luks.devices = [
+ {
+ name = "root";
+ device = "/dev/disk/by-uuid/09a36f91-a713-4b82-8b41-4e7a6acc4acf";
+ preLVM = true;
+ allowDiscards = true;
+ }
+ ];
+
+ fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
+ fileSystems."/mnt/public" = {
+ device = "//192.168.88.252/public";
+ fsType = "cifs";
+ options = let
+ automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+ in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
+ };
+
+ #networking.hostName = "0r4n93";
+ networking.wireless.enable = false;
+
+ # Select internationalisation properties.
+ i18n = {
+ consoleFont = "Lat2-Terminus16";
+ consoleKeyMap = "de";
+ defaultLocale = "en_US.UTF-8";
+ };
+
+ time.timeZone = "Europe/Berlin";
+
+ nixpkgs.config.packageOverrides = super: {
+ openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; };
+ };
+
+ nixpkgs.config.allowUnfree = true;
+
+ fonts = {
+ enableCoreFonts = true;
+ enableGhostscriptFonts = true;
+ fonts = with pkgs; [
+ anonymousPro
+ corefonts
+ dejavu_fonts
+ envypn-font
+ fira
+ gentium
+ gohufont
+ inconsolata
+ liberation_ttf
+ powerline-fonts
+ source-code-pro
+ terminus_font
+ ttf_bitstream_vera
+ ubuntu_font_family
+ unifont
+ unstable.cherry
+ xorg.fontbitstream100dpi
+ xorg.fontbitstream75dpi
+ xorg.fontbitstreamtype1
+ ];
+ };
+
+ environment.systemPackages = with pkgs; [
+ adapta-gtk-theme
+ aircrackng
+ ag
+ arandr
+ binutils
+ chromium
+ cifs-utils
+ curl
+ evince
+ exfat
+ feh
+ file
+ firefox
+ freetype
+ gimp
+ git
+ gnupg
+ graphite2
+ hicolor_icon_theme
+ htop
+ i3lock
+ jq
+ keepassx2
+ kvm
+ lxappearance
+ man-pages
+ moc
+ mpv
+ mpvc
+ mupdf
+ ncdu
+ nmap
+ openvpn
+ pass
+ p7zip
+ powertop
+ ranger
+ rofi
+ sshfs
+ tcpdump
+ tmux
+ traceroute
+ tree
+ unstable.alacritty
+ unstable.ponyc
+ unstable.sublime3
+ unstable.youtube-dl
+ vim
+ virt-viewer
+ virtmanager
+ vulnix
+ wcalc
+ wget
+ wireshark-gtk
+ xz
+ ];
+
+ environment.shellAliases = {
+ ll = "ls -alh";
+ ls = "ls --color=tty";
+ };
+
+ virtualisation.libvirtd.enable = true;
+ #virtualisation.kvmgt.enable = true;
+
+ programs.gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+
+ sound.enable = true;
+ hardware.pulseaudio.enable = true;
+
+ services.xserver = {
+ enable = true;
+ layout = "de";
+ xkbVariant = "nodeadkeys";
+ libinput.enable = true;
+ desktopManager = {
+ default = "xfce";
+ xterm.enable = false;
+ xfce = {
+ enable = true;
+ noDesktop = true;
+ enableXfwm = false;
+ };
+ };
+ windowManager.ratpoison.enable = true;
+ };
+
+ services.openssh.enable = true;
+ #services.openssh.permitRootLogin = "yes";
+ services.openssh.passwordAuthentication = false;
+
+ networking.networkmanager.enable = false;
+ #networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
+ networking.enableIPv6 = false;
+
+ programs.fish = {
+ enable = true;
+ shellInit = ''
+ function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
+ if begin
+ set -q SSH_AGENT_PID
+ and kill -0 $SSH_AGENT_PID
+ and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
+ end
+ echo "ssh-agent running on pid $SSH_AGENT_PID"
+ else
+ eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
+ end
+ set -l identity $HOME/.ssh/id_rsa
+ set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
+ ssh-add -l | grep -q $fingerprint
+ or ssh-add $identity
+ end
+ '';
+ promptInit = ''
+ function fish_prompt --description 'Write out the prompt'
+ set -l color_cwd
+ set -l suffix
+ set -l nix_shell_info (
+ if test "$IN_NIX_SHELL" != ""
+ echo -n " <nix-shell>"
+ end
+ )
+ switch "$USER"
+ case root toor
+ if set -q fish_color_cwd_root
+ set color_cwd $fish_color_cwd_root
+ else
+ set color_cwd $fish_color_cwd
+ end
+ set suffix '#'
+ case '*'
+ set color_cwd $fish_color_cwd
+ set suffix '>'
+ end
+
+ echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
+ end
+ '';
+ };
+
+ nix.maxJobs = 4;
+ nix.buildCores = 4;
+ system.autoUpgrade.enable = false;
+ system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
+ system.stateVersion = "19.03";
+
+}
diff --git a/mb/1systems/orange/hardware-configuration.nix b/mb/1systems/orange/hardware-configuration.nix
new file mode 100644
index 000000000..8aa191269
--- /dev/null
+++ b/mb/1systems/orange/hardware-configuration.nix
@@ -0,0 +1,28 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+ imports =
+ [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/b1d32c54-35f8-4bf1-9fd2-82adc760af01";
+ fsType = "btrfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/BF9B-03A2";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+}
diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix
new file mode 100644
index 000000000..75189e192
--- /dev/null
+++ b/mb/2configs/default.nix
@@ -0,0 +1,198 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }:
+{
+ imports = [
+ {
+ users.users = {
+ root = {
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.mb.pubkey
+ ];
+ };
+ mb = {
+ name = "mb";
+ uid = 1337;
+ home = "/home/mb";
+ group = "users";
+ createHome = true;
+ shell = "/run/current-system/sw/bin/fish";
+ extraGroups = [
+ "audio"
+ "video"
+ "fuse"
+ "wheel"
+ ];
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.mb.pubkey
+ ];
+ };
+ };
+ }
+ {
+ environment.variables = {
+ NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
+ };
+ }
+ (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in {
+ environment.variables = {
+ CURL_CA_BUNDLE = ca-bundle;
+ GIT_SSL_CAINFO = ca-bundle;
+ SSL_CERT_FILE = ca-bundle;
+ };
+ })
+ ];
+
+ networking.hostName = config.krebs.build.host.name;
+
+ krebs = {
+ enable = true;
+ build.user = config.krebs.users.mb;
+ };
+
+ users.mutableUsers = false;
+
+ services.timesyncd.enable = mkForce true;
+
+ systemd.tmpfiles.rules = [
+ "d /tmp 1777 root root - -"
+ ];
+
+ # multiple-definition-problem when defining environment.variables.EDITOR
+ environment.extraInit = ''
+ EDITOR=vim
+ '';
+
+ nixpkgs.config.allowUnfree = true;
+
+ environment.systemPackages = with pkgs; [
+ #stockholm
+ git
+ gnumake
+ jq
+ parallel
+ proot
+ populate
+
+ #style
+ most
+ rxvt_unicode.terminfo
+
+ #monitoring tools
+ htop
+ iotop
+
+ #network
+ iptables
+ iftop
+ tcpdump
+
+ #stuff for dl
+ aria2
+
+ #neat utils
+ fish
+ file
+ kpaste
+ krebspaste
+ mosh
+ pciutils
+ psmisc
+ tmux
+ untilport
+ usbutils
+
+ #unpack stuff
+ p7zip
+
+ (pkgs.writeDashBin "sshn" ''
+ ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
+ '')
+ ];
+
+ services.openssh = {
+ enable = true;
+ permitRootLogin = "yes";
+ passwordAuthentication = false;
+ hostKeys = [
+ # XXX bits here make no science
+ { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+
+ programs.fish = {
+ enable = true;
+ shellInit = ''
+ function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
+ if begin
+ set -q SSH_AGENT_PID
+ and kill -0 $SSH_AGENT_PID
+ and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
+ end
+ echo "ssh-agent running on pid $SSH_AGENT_PID"
+ else
+ eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
+ end
+ set -l identity $HOME/.ssh/id_rsa
+ set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
+ ssh-add -l | grep -q $fingerprint
+ or ssh-add $identity
+ end
+ '';
+ promptInit = ''
+ function fish_prompt --description 'Write out the prompt'
+ set -l color_cwd
+ set -l suffix
+ set -l nix_shell_info (
+ if test "$IN_NIX_SHELL" != ""
+ echo -n " <nix-shell>"
+ end
+ )
+ switch "$USER"
+ case root toor
+ if set -q fish_color_cwd_root
+ set color_cwd $fish_color_cwd_root
+ else
+ set color_cwd $fish_color_cwd
+ end
+ set suffix '#'
+ case '*'
+ set color_cwd $fish_color_cwd
+ set suffix '>'
+ end
+
+ echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
+ end
+ '';
+ };
+
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+
+ krebs.iptables = {
+ enable = true;
+ tables = {
+ nat.PREROUTING.rules = [
+ { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
+ { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
+ ];
+ nat.OUTPUT.rules = [
+ { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
+ ];
+ filter.INPUT.policy = "DROP";
+ filter.FORWARD.policy = "DROP";
+ filter.INPUT.rules = [
+ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
+ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
+ { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+ { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
+ { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
+ { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
+ { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
+ { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
+ { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
+ ];
+ };
+ };
+}
diff --git a/mb/2configs/retiolum.nix b/mb/2configs/retiolum.nix
new file mode 100644
index 000000000..5a87d52af
--- /dev/null
+++ b/mb/2configs/retiolum.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+{
+
+ krebs.iptables = {
+ tables = {
+ filter.INPUT.rules = let
+ tincport = toString config.krebs.build.host.nets.retiolum.tinc.port;
+ in [
+ { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; }
+ ];
+ };
+ };
+
+ krebs.tinc.retiolum = {
+ enableLegacy = true;
+ enable = true;
+ connectTo = [
+ "prism"
+ "gum"
+ "ni"
+ ];
+ };
+
+ nixpkgs.config.packageOverrides = pkgs: {
+ tinc = pkgs.tinc_pre;
+ };
+
+ environment.systemPackages = [
+ pkgs.tinc
+ ];
+}
diff --git a/mb/2configs/tests/dummy-secrets/retiolum.rsa b/mb/2configs/tests/dummy-secrets/retiolum.rsa
new file mode 100644
index 000000000..99a4033f6
--- /dev/null
+++ b/mb/2configs/tests/dummy-secrets/retiolum.rsa
@@ -0,0 +1,4 @@
+
+-----BEGIN RSA PRIVATE KEY-----
+this is a private key
+-----END RSA PRIVATE KEY-----
diff --git a/mb/3modules/default.nix b/mb/3modules/default.nix
new file mode 100644
index 000000000..99d09d4ec
--- /dev/null
+++ b/mb/3modules/default.nix
@@ -0,0 +1,6 @@
+_:
+{
+ imports = [
+ ./hosts.nix
+ ];
+}
diff --git a/mb/3modules/hosts.nix b/mb/3modules/hosts.nix
new file mode 100644
index 000000000..5dc9b5ca4
--- /dev/null
+++ b/mb/3modules/hosts.nix
@@ -0,0 +1,12 @@
+{ config, ... }:
+
+with import <stockholm/lib>;
+
+{
+ options.mb.hosts = mkOption {
+ type = types.attrsOf types.host;
+ default =
+ filterAttrs (_: host: host.owner.name == "mb" && host.ci)
+ config.krebs.hosts;
+ };
+}
diff --git a/mb/5pkgs/default.nix b/mb/5pkgs/default.nix
new file mode 100644
index 000000000..3fa5b5e85
--- /dev/null
+++ b/mb/5pkgs/default.nix
@@ -0,0 +1,11 @@
+with import <stockholm/lib>;
+
+self: super:
+
+# Import files and subdirectories like they are overlays.
+foldl' mergeAttrs {}
+ (map
+ (name: import (./. + "/${name}") self super)
+ (filter
+ (name: name != "default.nix" && !hasPrefix "." name)
+ (attrNames (readDir ./.))))
diff --git a/mb/default.nix b/mb/default.nix
new file mode 100644
index 000000000..0bec0c2c2
--- /dev/null
+++ b/mb/default.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+{
+ imports = [
+ ../krebs
+ ./2configs
+ ./3modules
+ ];
+ nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
+ krebs.tinc.retiolum.privkey = {
+ source-path = toString <secrets> + "/${config.krebs.tinc.retiolum.netname}.rsa";
+ path = "${config.krebs.tinc.retiolum.user.home}/tinc.rsa_key.priv";
+ owner = config.krebs.tinc.retiolum.user;
+ };
+}
diff --git a/mb/krops.nix b/mb/krops.nix
new file mode 100644
index 000000000..cb9ab3fdb
--- /dev/null
+++ b/mb/krops.nix
@@ -0,0 +1,54 @@
+{ name }: let
+ inherit (import ../krebs/krops.nix { inherit name; })
+ krebs-source
+ lib
+ pkgs
+ ;
+
+ host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then
+ import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; }
+ else
+ {}
+ ;
+
+ source = { test }: lib.evalSource ([
+ (krebs-source { test = test; })
+ {
+ nixos-config.symlink = "stockholm/mb/1systems/${name}/configuration.nix";
+ nixpkgs-unstable.git = {
+ url = "https://github.com/nixos/nixpkgs-channels";
+ ref = "nixos-unstable";
+ };
+ secrets = if test then {
+ file = toString ./2configs/tests/dummy-secrets;
+ } else {
+ pass = {
+ dir = "${lib.getEnv "HOME"}/.password-store";
+ name = "hosts/${name}";
+ };
+ };
+ }
+ ] ++ (lib.optional (! test) host-source));
+
+in {
+
+ # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
+ deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
+ source = source { test = false; };
+ inherit target;
+ };
+
+ # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
+ populate = { target, force ? false }: pkgs.populate {
+ inherit force;
+ source = source { test = false; };
+ target = lib.mkTarget target;
+ };
+
+ # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
+ test = { target }: pkgs.krops.writeTest "${name}-test" {
+ force = true;
+ inherit target;
+ source = source { test = true; };
+ };
+}
--
cgit v1.2.3
From 3dc61a8f2d525f7f6c1260ca97a918f78242cb1c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Apr 2019 20:11:30 +0200
Subject: mb: add p1nk.r
---
mb/1systems/p1nk/configuration.nix | 223 ++++++++++++++++++++++++++++
mb/1systems/p1nk/hardware-configuration.nix | 29 ++++
2 files changed, 252 insertions(+)
create mode 100644 mb/1systems/p1nk/configuration.nix
create mode 100644 mb/1systems/p1nk/hardware-configuration.nix
(limited to 'mb')
diff --git a/mb/1systems/p1nk/configuration.nix b/mb/1systems/p1nk/configuration.nix
new file mode 100644
index 000000000..28a7c7776
--- /dev/null
+++ b/mb/1systems/p1nk/configuration.nix
@@ -0,0 +1,223 @@
+{ config, pkgs, callPackage, ... }: let
+ unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
+in {
+ imports =
+ [ # Include the results of the hardware scan.
+ ./hardware-configuration.nix
+ <stockholm/mb>
+ ];
+
+ krebs.build.host = config.krebs.hosts.p1nk;
+
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ boot.initrd.luks.devices = [
+ {
+ name = "root";
+ device = "/dev/disk/by-uuid/0392257b-f6cf-484d-8c46-e20aab4fddb7";
+ preLVM = true;
+ allowDiscards = true;
+ }
+ ];
+ fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
+ fileSystems."/mnt/public" = {
+ device = "//192.168.88.252/public";
+ fsType = "cifs";
+ options = let
+ automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+ in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
+ };
+
+ networking.wireless.enable = true;
+
+ i18n = {
+ consoleFont = "Lat2-Terminus16";
+ consoleKeyMap = "de";
+ defaultLocale = "en_US.UTF-8";
+ };
+
+ time.timeZone = "Europe/Berlin";
+
+ fonts = {
+ enableCoreFonts = true;
+ enableGhostscriptFonts = true;
+ fonts = with pkgs; [
+ anonymousPro
+ corefonts
+ dejavu_fonts
+ envypn-font
+ fira
+ gentium
+ gohufont
+ inconsolata
+ liberation_ttf
+ powerline-fonts
+ source-code-pro
+ terminus_font
+ ttf_bitstream_vera
+ ubuntu_font_family
+ unifont
+ unstable.cherry
+ xorg.fontbitstream100dpi
+ xorg.fontbitstream75dpi
+ xorg.fontbitstreamtype1
+ ];
+ };
+
+ nixpkgs.config.packageOverrides = super: {
+ openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; };
+ };
+
+ nixpkgs.config.allowUnfree = true;
+
+ environment.systemPackages = with pkgs; [
+ adapta-gtk-theme
+ aircrackng
+ ag
+ arandr
+ binutils
+ chromium
+ cifs-utils
+ curl
+ evince
+ exfat
+ feh
+ file
+ firefox
+ freetype
+ gimp
+ git
+ gnupg
+ graphite2
+ hicolor_icon_theme
+ htop
+ i3lock
+ jq
+ keepassx2
+ kvm
+ lxappearance
+ man-pages
+ moc
+ mpv
+ mpvc
+ mupdf
+ ncdu
+ nmap
+ openvpn
+ pass
+ p7zip
+ powertop
+ ranger
+ rofi
+ sshfs
+ tcpdump
+ tmux
+ traceroute
+ tree
+ unstable.alacritty
+ unstable.ponyc
+ unstable.sublime3
+ youtube-dl
+ vim
+ virt-viewer
+ virtmanager
+ vulnix
+ wcalc
+ wget
+ xz
+ ];
+
+ environment.shellAliases = {
+ ll = "ls -alh";
+ ls = "ls --color=tty";
+ };
+
+ virtualisation.libvirtd.enable = true;
+ virtualisation.kvmgt.enable = true;
+
+ programs.gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+
+ sound.enable = true;
+ hardware.pulseaudio.enable = true;
+
+ services.xserver = {
+ enable = true;
+ layout = "de";
+ xkbOptions = "neo";
+ libinput.enable = true;
+ desktopManager = {
+ default = "xfce";
+ xterm.enable = false;
+ xfce = {
+ enable = true;
+ noDesktop = true;
+ enableXfwm = false;
+ };
+ };
+ windowManager.ratpoison.enable = true;
+ };
+
+ services.openssh.enable = true;
+ services.openssh.passwordAuthentication = false;
+
+ networking.networkmanager.enable = false;
+ networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
+ networking.enableIPv6 = false;
+
+ programs.fish = {
+ enable = true;
+ shellInit = ''
+ function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
+ if begin
+ set -q SSH_AGENT_PID
+ and kill -0 $SSH_AGENT_PID
+ and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
+ end
+ echo "ssh-agent running on pid $SSH_AGENT_PID"
+ else
+ eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
+ end
+ set -l identity $HOME/.ssh/id_rsa
+ set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
+ ssh-add -l | grep -q $fingerprint
+ or ssh-add $identity
+ end
+ '';
+ promptInit = ''
+ function fish_prompt --description 'Write out the prompt'
+ set -l color_cwd
+ set -l suffix
+ set -l nix_shell_info (
+ if test "$IN_NIX_SHELL" != ""
+ echo -n " <nix-shell>"
+ end
+ )
+ switch "$USER"
+ case root toor
+ if set -q fish_color_cwd_root
+ set color_cwd $fish_color_cwd_root
+ else
+ set color_cwd $fish_color_cwd
+ end
+ set suffix '#'
+ case '*'
+ set color_cwd $fish_color_cwd
+ set suffix '>'
+ end
+
+ echo -n -s "$USER" @ (set_color magenta) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
+ end
+ '';
+ };
+
+ nix.maxJobs = 4;
+ nix.buildCores = 4;
+ system.autoUpgrade.enable = false;
+ system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
+ system.stateVersion = "19.03";
+
+}
diff --git a/mb/1systems/p1nk/hardware-configuration.nix b/mb/1systems/p1nk/hardware-configuration.nix
new file mode 100644
index 000000000..ab5b6e204
--- /dev/null
+++ b/mb/1systems/p1nk/hardware-configuration.nix
@@ -0,0 +1,29 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+ imports =
+ [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/4cc2add6-ed19-4685-bbd9-b992bd8d51fb";
+ fsType = "btrfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/9F87-AEAA";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
--
cgit v1.2.3