From 5dbb36955870955f643c89d65430d2440e747e3a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 20:22:06 +0200 Subject: l prism.r: add telegraf.nix --- lass/1systems/prism/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 421afab2a..6ce4332da 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -7,11 +7,12 @@ with import ; + + { services.nginx.enable = true; imports = [ - ]; # needed by domsen.nix ^^ lass.usershadow = { -- cgit v1.3.1 From 5129440d6f13676cdeb998e6db705f820d9fbbbd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 22:52:06 +0200 Subject: l wizard: fix autologinUser --- lass/1systems/wizard/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/wizard/config.nix b/lass/1systems/wizard/config.nix index 8f9db7d3c..e158fa728 100644 --- a/lass/1systems/wizard/config.nix +++ b/lass/1systems/wizard/config.nix @@ -271,7 +271,7 @@ in { message = "lassulus: torify sshn root@"; }; systemd.services.hidden-ssh-announce.wantedBy = mkForce []; - services.mingetty.autologinUser = lib.mkForce "root"; + services.getty.autologinUser = lib.mkForce "root"; nixpkgs.config.packageOverrides = super: { dmenu = pkgs.writeDashBin "dmenu" '' -- cgit v1.3.1 From f2287d2024a5e3634ffb2115204aa4065afe2a4f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 09:22:08 +0200 Subject: l: add mumble.lassul.us for mumble-web --- krebs/3modules/lass/default.nix | 1 + lass/1systems/prism/config.nix | 14 +------------- lass/2configs/murmur.nix | 39 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 13 deletions(-) create mode 100644 lass/2configs/murmur.nix (limited to 'lass/1systems') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index b19e2e6fc..7ad725cd8 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -47,6 +47,7 @@ in { radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6ce4332da..3a6ab25a4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -276,19 +276,7 @@ with import ; { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} ]; } - { - services.murmur = { - enable = true; - bandwidth = 10000000; - registerName = "lassul.us"; - autobanTime = 30; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} - { predicate = "-p udp --dport 64738"; target = "ACCEPT";} - ]; - - } + { systemd.services."container@yellow".reloadIfChanged = mkForce false; containers.yellow = { diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix new file mode 100644 index 000000000..9f325d0af --- /dev/null +++ b/lass/2configs/murmur.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: +{ + services.murmur = { + enable = true; + bandwidth = 10000000; + registerName = "lassul.us"; + autobanTime = 30; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + { predicate = "-p udp --dport 64738"; target = "ACCEPT";} + ]; + + systemd.services.docker-mumble-web.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + virtualisation.oci-containers.containers.mumble-web = { + image = "rankenstein/mumble-web"; + environment = { + MUMBLE_SERVER = "lassul.us:64738"; + }; + ports = [ + "64739:8080" + ]; + }; + + services.nginx.virtualHosts."mumble.lassul.us" = { + enableACME = true; + forceSSL = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:64739/; + proxy_set_header Accept-Encoding ""; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + ''; + }; +} -- cgit v1.3.1 From b8cd625a70fdd8811b8c5bfd0abf17a00c2e628c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 09:23:02 +0200 Subject: l: add lasspi & domsen-pixel hosts --- krebs/3modules/lass/default.nix | 55 +++++++++++++++++++++++++++++++++++++++ lass/1systems/lasspi/config.nix | 26 ++++++++++++++++++ lass/1systems/lasspi/physical.nix | 43 ++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+) create mode 100644 lass/1systems/lasspi/config.nix create mode 100644 lass/1systems/lasspi/physical.nix (limited to 'lass/1systems') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 7ad725cd8..693e04e6e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -786,6 +786,61 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; }; + lasspi = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.1.89"; + ip6.addr = r6 "189"; + aliases = [ + "lasspi.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3zUXIiw8/9okrGaxlAR1 + JvoXNxAzLj5wwE2B0A+9ppev7Vl52HJarNoM6+0RN4aZDGMhDWg8J5ZQSdGUNm5F + CIdxE1TwLXxzW5nd7BIb+MVsjtw0pxId7Gxq6Wgtx1QljUdsp8OVrJActqsmXYMl + oYEWdENHRONYTCyhs+Kd18MERyxQCqOXOnD170iaFuCcHiIa2nSOtlk+aIPNIE/P + Qsp7Q0RCRvqd5LszsI7bp3gZL9mgGquQEW+3ZxSaIYHGTdK/zI4PHYpEa7IvdJFS + BJjJj+PbilnSxy7iL826O8ckxBqA0rNS0EynCKCI0DoVimCeklk20vLagDyXiDyC + VW2774j1rF35eIowPTBVJNfquEptNDl9MLV3MC2P8gnCZp5x+7dEwpqsvecBQ7Z8 + +Ry9JZ/zlWi5qT86SrwKKqJqRhWHjZZSRzWdo4ypaNOy0cKHb2DcVfgn38Kf16xs + QM11XLCRE8VLIVl5UFgrF6q/0f8JP1BG8RO90NDsLwIW/EwKiJ9OGFtayvxkmgHP + zgmzgws8cn50762OPkp4OVzVexN77d9N8GU9QXAlsFyn2FJlO26DvFON4fHIf0bP + 6lqI1Up2jAy0eSl2txlxxKbKRlkIaebHulhxIxQ1djA+xPb/5cfasom9Qqwf6/Lc + 287nChBcbY+HlshTe0lZdrkCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "189"; + aliases = [ + "lasspi.w" + ]; + wireguard.pubkey = '' + IIBAiG7jZEliQJJsNUQswLsB5FQFkAfq5IwyHAp71Vw= + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjYOaTQE9OvvIaWWjO+3/uSy7rvnhnJA48rWYeB2DfB"; + }; + + domsen-pixel = { + nets = { + wiregrill = { + ip4.addr = "10.244.1.17"; + ip6.addr = w6 "d0"; + aliases = [ + "domsen-pixel.w" + ]; + wireguard.pubkey = "cGuBSB1DftIsanbxrSG/i4FiC+TmQrs+Z0uE6SPscHY="; + }; + }; + external = true; + ci = false; + }; + }; users = rec { lass = lass-yubikey; diff --git a/lass/1systems/lasspi/config.nix b/lass/1systems/lasspi/config.nix new file mode 100644 index 000000000..9f823dfc8 --- /dev/null +++ b/lass/1systems/lasspi/config.nix @@ -0,0 +1,26 @@ +with import ; +{ config, lib, pkgs, ... }: +let +in +{ + imports = [ + + + + ]; + + krebs.build.host = config.krebs.hosts.lasspi; + + networking = { + networkmanager = { + enable = true; + }; + }; + environment.systemPackages = with pkgs; [ + vim + rxvt_unicode.terminfo + ]; + services.openssh.enable = true; + + system.stateVersion = "21.05"; +} diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix new file mode 100644 index 000000000..80c459a95 --- /dev/null +++ b/lass/1systems/lasspi/physical.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +{ + # This configuration worked on 09-03-2021 nixos-unstable @ commit 102eb68ceec + # The image used https://hydra.nixos.org/build/134720986 + imports = [ + ./config.nix + ]; + + boot = { + # kernelPackages = pkgs.linuxPackages_rpi4; + tmpOnTmpfs = true; + initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; + # ttyAMA0 is the serial console broken out to the GPIO + kernelParams = [ + "8250.nr_uarts=1" + "console=ttyAMA0,115200" + "console=tty1" + # Some gui programs need this + "cma=128M" + ]; + }; + + boot.loader.raspberryPi = { + enable = true; + version = 4; + }; + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + + # Required for the Wireless firmware + hardware.enableRedistributableFirmware = true; + + # Assuming this is installed on top of the disk image. + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + + powerManagement.cpuFreqGovernor = "ondemand"; +} -- cgit v1.3.1 From 04ba40838dc4d3b644bf8af2d4da7c0ea417e7c4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Sep 2021 19:18:53 +0200 Subject: l coaxmetal.r: use default kernel --- lass/1systems/coaxmetal/physical.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix index 3632ffd3e..d3810e768 100644 --- a/lass/1systems/coaxmetal/physical.nix +++ b/lass/1systems/coaxmetal/physical.nix @@ -22,8 +22,6 @@ ]; hardware.opengl.extraPackages = [ pkgs.amdvlk ]; - # is required for amd graphics support ( xorg wont boot otherwise ) - boot.kernelPackages = pkgs.linuxPackages_latest; environment.variables.VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; -- cgit v1.3.1 From 8acf89ffdb51e4727abe7538c89f854329ef7fa3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 15 Sep 2021 21:23:29 +0200 Subject: l prism.r: add docker workaround for mumble-web firewall --- lass/1systems/prism/config.nix | 1 + lass/2configs/docker.nix | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 lass/2configs/docker.nix (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 3a6ab25a4..d43fb804a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -277,6 +277,7 @@ with import ; ]; } + { systemd.services."container@yellow".reloadIfChanged = mkForce false; containers.yellow = { diff --git a/lass/2configs/docker.nix b/lass/2configs/docker.nix new file mode 100644 index 000000000..2bc3a2361 --- /dev/null +++ b/lass/2configs/docker.nix @@ -0,0 +1,6 @@ +{ pkgs, lib, config, ... }: +{ + systemd.services.krebs-iptables.serviceConfig.ExecStartPost = pkgs.writeDash "kick_docker" '' + ${pkgs.systemd}/bin/systemctl restart docker.service + ''; +} -- cgit v1.3.1 From bcc305c30723c167f5189229edd2480214f0bebf Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Sep 2021 08:32:30 +0200 Subject: l coaxmetal.r: add config for trackpoint/trackpad --- lass/1systems/coaxmetal/physical.nix | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix index d3810e768..b033477fe 100644 --- a/lass/1systems/coaxmetal/physical.nix +++ b/lass/1systems/coaxmetal/physical.nix @@ -45,7 +45,25 @@ services.logind.lidSwitch = "ignore"; services.logind.lidSwitchDocked = "ignore"; - boot.extraModprobeConfig = '' - options psmouse proto=imps + + # Mouse stuff + services.xserver.libinput.enable = lib.mkForce false; + services.xserver.synaptics.enable = true; + + services.xserver.displayManager.sessionCommands = '' + xinput disable 'ETPS/2 Elantech Touchpad' + xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation' 1 + xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Button' 2 + xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Axes' 6 7 4 5 ''; + + # https://forums.lenovo.com/t5/Fedora/T14s-AMD-Trackpoint-almost-unusable/m-p/5064952?page=4 + # https://bugzilla.kernel.org/show_bug.cgi?id=209167#c1 + boot.kernelPatches = [{ + name = "fix-trackpoint-jumping"; + patch = pkgs.fetchurl { + url = "https://patchwork.kernel.org/project/linux-input/patch/20210729010940.5752-1-phoenix@emc.com.tw/raw/"; + sha256 = "0apbf7c8w830dbdsrmxpip90d5zbg74a939x89jfgpvm5gbdqdjg"; + }; + }]; } -- cgit v1.3.1