From aaccab58237a75c9bb0e1432da91ecd26c5b7546 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Fri, 31 Jan 2020 22:40:14 +1300 Subject: [PATCH] porani migration --- configs/porani/configuration.nix | 17 ++++-- configs/porani/hardware-configuration.nix | 62 ++++++++++----------- configs/porani/syncthing.nix | 27 +-------- configs/workhorse/syncthing.nix | 5 ++ shell.nix | 67 +++++++++++++++-------- system/all/sshd-known-hosts-private.nix | 9 +-- system/all/syncthing.nix | 23 ++------ system/desktop/remote-install.nix | 4 +- 8 files changed, 105 insertions(+), 109 deletions(-) diff --git a/configs/porani/configuration.nix b/configs/porani/configuration.nix index 4f84a80..d5b4d4d 100644 --- a/configs/porani/configuration.nix +++ b/configs/porani/configuration.nix @@ -16,13 +16,20 @@ networking.hostName = "porani"; - # enable initrd ssh - configuration.init-ssh = { - enable = "enabled"; - kernelModules = [ "e1000e" ]; - hostECDSAKey = ; + backup.services.restic = { + "on-porani.private".enable = false; + "on-workhorse.private".enable = false; + "on-workout.private".enable = false; }; + # not needed because not encrypted + # enable initrd ssh + #configuration.init-ssh = { + # enable = "enabled"; + # kernelModules = [ "e1000e" ]; + # hostECDSAKey = ; + #}; + # programs programs.custom.vim.enable = true; environment.systemPackages = [ pkgs.mosh ]; diff --git a/configs/porani/hardware-configuration.nix b/configs/porani/hardware-configuration.nix index fd64236..fa5cd78 100644 --- a/configs/porani/hardware-configuration.nix +++ b/configs/porani/hardware-configuration.nix @@ -1,29 +1,28 @@ { config, lib, pkgs, ... }: { imports = [ - { + # boot loader + # ----------- + { + # Use the systemd-boot EFI boot loader, not grub + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + #boot.loader.grub = { + # device = "/dev/sda"; + # enable = true; + # version = 2; + #}; + } + + # kernel + # ------ + { boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - - # grub configuration - # ------------------ - boot.loader.grub = { - device = "/dev/sda"; - enable = true; - version = 2; - }; - - # lvm volume group - # ---------------- - boot.initrd.luks.devices = [{ - name = "vg"; - device = "/dev/sda2"; - preLVM = true; - }]; } # automount @@ -54,23 +53,24 @@ # ------------ environment.systemPackages = [ pkgs.ntfs3g ]; - # root - # ---- - fileSystems."/" = { - options = [ "noatime" "nodiratime" "discard" ]; - device = "/dev/vg/root"; - fsType = "ext4"; - }; - - # boot - # ---- - fileSystems."/boot" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; + # partitions + # ---------- + fileSystems."/" = + { device = "/dev/disk/by-uuid/77a3e839-5a80-4777-93c3-31be7f0cb99d"; + fsType = "ext4"; + }; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/FBFB-8DA5"; + fsType = "vfat"; + }; + fileSystems."/home" = + { device = "/dev/disk/by-uuid/192a8bd6-e5f7-4e66-b69e-f3da701da343"; + fsType = "ext4"; + }; swapDevices = [ ]; nix.maxJobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + } diff --git a/configs/porani/syncthing.nix b/configs/porani/syncthing.nix index 8acabdf..8f89968 100644 --- a/configs/porani/syncthing.nix +++ b/configs/porani/syncthing.nix @@ -17,29 +17,6 @@ key = toString ; overrideFolders = true; folders = { - # on encrypted device - # ------------------- - desktop = { - enable = true; - path = "/var/lib/syncthing/desktop"; - }; - finance = { - enable = true; - path = "/var/lib/syncthing/finance"; - versioning = { - type = "simple"; - params.keep = "10"; - }; - }; - fotos = { - enable = true; - path = "/var/lib/syncthing/fotos"; - }; - lost-fotos = { - enable = true; - path = "/var/lib/syncthing/lost-fotos.ct"; - }; - # on media hard drive (not encrypted) # ----------------------------------- movies = { @@ -62,9 +39,9 @@ path = "/media/series"; rescanInterval = 8 * 3600; }; - smartphone-music = { + porn = { enable = true; - path = "/media/smartphone-music"; + path = "/media/porn"; rescanInterval = 8 * 3600; }; }; diff --git a/configs/workhorse/syncthing.nix b/configs/workhorse/syncthing.nix index c27f3e8..bce88b8 100644 --- a/configs/workhorse/syncthing.nix +++ b/configs/workhorse/syncthing.nix @@ -70,6 +70,11 @@ path = "/media/syncthing/music-library-free"; rescanInterval = 8 * 3600; }; + porn = { + enable = true; + path = "/media/syncthing/porn"; + rescanInterval = 8 * 3600; + }; samples = { enable = true; path = "/media/syncthing/samples"; diff --git a/shell.nix b/shell.nix index b4ec764..8e9e0ed 100644 --- a/shell.nix +++ b/shell.nix @@ -114,7 +114,7 @@ let ref = "76260ad60cd99d40ab25df1400b0663d48e736db"; }; - wetten.file = toString ./wetten; + # wetten.file = toString ./wetten; }; @@ -122,29 +122,45 @@ let hostPattern = name: "${name}.private"; - serverDeployment = name: - { host ? (hostPattern name), user ? "root" }: - with ops; - jobs "deploy-${name}" "${user}@${host}" [ - (populateTmpfs (source.keys name)) - (populate (source.secrets name)) - (populate (source.system name)) - (populate source.modules) - (populate source.nixPkgs) - switch - ]; - - desktopDeployment = name: + deployment = populateCommands: name: { host ? (hostPattern name), target ? "/var/src/", user ? "root" , commandPrefix ? "deploy", enableSwitch ? true }: with ops; - jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ([ - (populate (source.secrets name)) - (populate (source.system name)) - (populate source.modules) - (populate source.desktopSecrets) - (populate source.nixPkgs) - ] ++ (if enableSwitch then [ switch ] else [ ])); + jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ( + populateCommands + ++ (if enableSwitch then [ switch ] else [ ])); + + #serverDeployment = name: + # { host ? (hostPattern name), target ? "/var/src/", user ? "root" + # , commandPrefix ? "deploy", enableSwitch ? true }: + # with ops; + # jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ([ + # ] ++ (if enableSwitch then [ switch ] else [ ])); + serverDeployment = name: deployment [ + (ops.populate source.nixPkgs) + (ops.populate source.modules) + (ops.populate (source.secrets name)) + (ops.populate (source.system name)) + ] name; + + #desktopDeployment = name: + # { host ? (hostPattern name), target ? "/var/src/", user ? "root" + # , commandPrefix ? "deploy", enableSwitch ? true }: + # with ops; + # jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ([ + # (populate source.nixPkgs) + # (populate source.modules) + # (populate (source.secrets name)) + # (populate (source.system name)) + # (populate source.desktopSecrets) + # ] ++ (if enableSwitch then [ switch ] else [ ])); + desktopDeployment = name: deployment [ + (ops.populate source.nixPkgs) + (ops.populate source.modules) + (ops.populate (source.secrets name)) + (ops.populate (source.system name)) + (ops.populate source.desktopSecrets) + ] name; cleanupNix = name: let @@ -168,7 +184,14 @@ let serverList = [ "workhorse" "sputnik" "porani" ]; deployments = flip map serverList (name: serverDeployment name { }); cleanup = flip map serverList (name: cleanupNix name); - in deployments ++ cleanup; + install = flip map serverList (name: + serverDeployment name { + commandPrefix = "install"; + host = installHost; + target = "/mnt/var/src"; + enableSwitch = false; + }); + in deployments ++ cleanup ++ install ; desktops = with lib; let diff --git a/system/all/sshd-known-hosts-private.nix b/system/all/sshd-known-hosts-private.nix index e022e48..1c121a4 100644 --- a/system/all/sshd-known-hosts-private.nix +++ b/system/all/sshd-known-hosts-private.nix @@ -9,7 +9,6 @@ ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt"; - }; "workout.private" = { hostNames = [ @@ -18,7 +17,6 @@ ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjotuQJHDaL0fPY7yA2dIBVWRYOkp7/ablY60psMQ6w"; - }; "sputnik.private" = { hostNames = [ @@ -27,7 +25,6 @@ ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8"; - }; "workhorse.private" = { hostNames = [ @@ -36,7 +33,6 @@ ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB"; - }; "porani.private" = { hostNames = [ @@ -44,9 +40,9 @@ config.module.cluster.services.tinc.private.hosts.porani.tincIp ]; publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWWUcI7Oc8iAJx0PABv2jhDTKIxFlOdoREsM6VdCQ8M"; - + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK"; }; + "pepe.private" = { hostNames = [ "pepe.private" @@ -54,7 +50,6 @@ ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz"; - }; "mobi.private" = { hostNames = [ diff --git a/system/all/syncthing.nix b/system/all/syncthing.nix index 05165c8..73af6e4 100644 --- a/system/all/syncthing.nix +++ b/system/all/syncthing.nix @@ -53,22 +53,22 @@ with lib; { private = { enable = lib.mkDefault false; watch = false; - devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ]; + devices = [ "workout" "workhorse" "pepe" "sterni" ]; }; desktop = { enable = lib.mkDefault false; watch = false; - devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ]; + devices = [ "workout" "workhorse" "pepe" "sterni" ]; }; finance = { enable = lib.mkDefault false; watch = false; - devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ]; + devices = [ "workout" "workhorse" "pepe" "sterni" ]; }; fotos = { enable = lib.mkDefault false; watch = false; - devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ]; + devices = [ "workout" "workhorse" "pepe" "sterni" ]; }; # no need to be stored on encrypted drives @@ -82,7 +82,7 @@ with lib; { lost-fotos = { enable = lib.mkDefault false; watch = false; - devices = [ "workout" "workhorse" "sterni" "porani" ]; + devices = [ "workout" "workhorse" "sterni" ]; }; movies = { enable = lib.mkDefault false; @@ -135,7 +135,7 @@ with lib; { enable = lib.mkDefault false; id = "0vjze-xvs8n"; watch = false; - devices = [ "sterni" "porani" "smartphone" ]; + devices = [ "sterni" "smartphone" ]; }; smartphone-fotos = { enable = lib.mkDefault false; @@ -150,17 +150,6 @@ with lib; { devices = [ "workout" "workhorse" ]; }; - # one on one - porani-workout = { - enable = lib.mkDefault false; - devices = [ "porani" "workout" ]; - watch = false; - }; - porani-pepe = { - enable = lib.mkDefault false; - devices = [ "porani" "pepe" ]; - watch = false; - }; windows-sync = { enable = lib.mkDefault false; id = "hcity-p5ikc"; diff --git a/system/desktop/remote-install.nix b/system/desktop/remote-install.nix index c8e16b2..0e923fd 100644 --- a/system/desktop/remote-install.nix +++ b/system/desktop/remote-install.nix @@ -1,8 +1,8 @@ { pkgs, ... }: { services.tor = { - enable = false; - client.enable = false; + enable = true; + client.enable = true; hiddenServices.liveos.map = [{ port = 1337; }]; };