From 8245579c8af73c8f40f5978878c7944c814ba04f Mon Sep 17 00:00:00 2001 From: Benedikt Peetz Date: Tue, 24 Dec 2024 17:59:52 +0100 Subject: [WIP] --- flake.lock | 8 +- flake.nix | 13 +- hardware_config_server2.nix | 2425 +++++++++++++++++++++++++++++++ hosts/by-name/server1/configuration.nix | 36 + hosts/by-name/server1/hardware.nix | 14 + hosts/by-name/server1/networking.nix | 50 + hosts/by-name/server2/configuration.nix | 36 + hosts/by-name/server2/hardware.nix | 14 + hosts/by-name/server2/networking.nix | 50 + hosts/default.nix | 25 + hosts/server1/configuration.nix | 34 - hosts/server1/hardware.nix | 14 - hosts/server1/networking.nix | 50 - modules/by-name/fa/fail2ban/module.nix | 57 + modules/by-name/ru/rust-motd/module.nix | 82 ++ modules/by-name/us/users/module.nix | 82 ++ notes/deploy.md | 7 +- prepare-commit-msg | 24 + scripts/deploy.sh | 16 + system/default.nix | 2 - system/services/default.nix | 2 - system/services/fail2ban/default.nix | 45 - system/services/rust-motd/default.nix | 91 -- system/users/default.nix | 100 -- 24 files changed, 2921 insertions(+), 356 deletions(-) create mode 100644 hardware_config_server2.nix create mode 100644 hosts/by-name/server1/configuration.nix create mode 100644 hosts/by-name/server1/hardware.nix create mode 100644 hosts/by-name/server1/networking.nix create mode 100644 hosts/by-name/server2/configuration.nix create mode 100644 hosts/by-name/server2/hardware.nix create mode 100644 hosts/by-name/server2/networking.nix create mode 100644 hosts/default.nix delete mode 100644 hosts/server1/configuration.nix delete mode 100644 hosts/server1/hardware.nix delete mode 100644 hosts/server1/networking.nix create mode 100644 modules/by-name/fa/fail2ban/module.nix create mode 100644 modules/by-name/ru/rust-motd/module.nix create mode 100644 modules/by-name/us/users/module.nix create mode 100755 prepare-commit-msg create mode 100755 scripts/deploy.sh delete mode 100644 system/services/fail2ban/default.nix delete mode 100644 system/services/rust-motd/default.nix delete mode 100644 system/users/default.nix diff --git a/flake.lock b/flake.lock index 662b7ff..ed95f0b 100644 --- a/flake.lock +++ b/flake.lock @@ -172,11 +172,11 @@ }, "library": { "locked": { - "lastModified": 1734626644, - "narHash": "sha256-p/RVC4Rp5AGN3qwlVoQJHkbEkvcilSr2lWfRgnlRXlQ=", + "lastModified": 1735055361, + "narHash": "sha256-wZmUlcUG6ktcMuI3DVO2HsnpqX7z5iLdMwOo0YgVdGM=", "ref": "prime", - "rev": "1021c1ffe1dd8dd75380dac618b93ff2cefd81f4", - "revCount": 1, + "rev": "10c82665cb197b68ff0d9bb02e12a4287f1b8925", + "revCount": 2, "type": "git", "url": "https://git.vhack.eu/vhack.eu/nix-library" }, diff --git a/flake.nix b/flake.nix index 9378a15..a462584 100644 --- a/flake.nix +++ b/flake.nix @@ -114,19 +114,12 @@ tests = import ./tests {inherit pkgs specialArgs nixLib;}; vhackPackages = import ./pkgs {inherit pkgs nixLib;}; + hosts = import ./hosts {inherit pkgs nixLib nixpkgs specialArgs extraModules;}; + inherit (library) nixLib; treefmtEval = import ./treefmt.nix {inherit treefmt-nix pkgs;}; in { - nixosConfigurations."server1" = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - inherit specialArgs; - modules = - extraModules - ++ [ - ./modules - ./hosts/server1/configuration.nix - ]; - }; + nixosConfigurations = hosts; checks."${system}" = nixLib.warnMerge tests { formatting = diff --git a/hardware_config_server2.nix b/hardware_config_server2.nix new file mode 100644 index 0000000..4e55b91 --- /dev/null +++ b/hardware_config_server2.nix @@ -0,0 +1,2425 @@ +{ + "version": 1, + "system": "x86_64-linux", + "virtualisation": "kvm", + "hardware": { + "bios": { + "apm_info": { + "supported": false, + "enabled": false, + "version": 0, + "sub_version": 0, + "bios_flags": 0 + }, + "vbe_info": { + "version": 0, + "video_memory": 0 + }, + "pnp": true, + "pnp_id": 0, + "lba_support": false, + "low_memory_size": 654336, + "smbios_version": 520 + }, + "bridge": [ + { + "index": 11, + "attached_to": 0, + "class_list": [ + "pci", + "bridge" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 1 + }, + "base_class": { + "hex": "0006", + "name": "Bridge", + "value": 6 + }, + "sub_class": { + "hex": "0001", + "name": "ISA bridge", + "value": 1 + }, + "vendor": { + "hex": "8086", + "name": "Intel Corporation", + "value": 32902 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "7000", + "value": 28672 + }, + "sub_device": { + "hex": "1100", + "value": 4352 + }, + "model": "Intel ISA bridge", + "sysfs_id": "/devices/pci0000:00/0000:00:01.0", + "sysfs_bus_id": "0000:00:01.0", + "detail": { + "function": 0, + "command": 259, + "header_type": 0, + "secondary_bus": 0, + "irq": 0, + "prog_if": 0 + }, + "module_alias": "pci:v00008086d00007000sv00001AF4sd00001100bc06sc01i00" + }, + { + "index": 13, + "attached_to": 0, + "class_list": [ + "pci", + "bridge" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "hex": "0006", + "name": "Bridge", + "value": 6 + }, + "sub_class": { + "hex": "0000", + "name": "Host bridge", + "value": 0 + }, + "vendor": { + "hex": "8086", + "name": "Intel Corporation", + "value": 32902 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "1237", + "value": 4663 + }, + "sub_device": { + "hex": "1100", + "value": 4352 + }, + "revision": { + "hex": "0002", + "value": 2 + }, + "model": "Intel Host bridge", + "sysfs_id": "/devices/pci0000:00/0000:00:00.0", + "sysfs_bus_id": "0000:00:00.0", + "detail": { + "function": 0, + "command": 259, + "header_type": 0, + "secondary_bus": 0, + "irq": 0, + "prog_if": 0 + }, + "module_alias": "pci:v00008086d00001237sv00001AF4sd00001100bc06sc00i00" + }, + { + "index": 14, + "attached_to": 0, + "class_list": [ + "pci", + "bridge" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 1 + }, + "base_class": { + "hex": "0006", + "name": "Bridge", + "value": 6 + }, + "sub_class": { + "hex": "0080", + "name": "Bridge", + "value": 128 + }, + "vendor": { + "hex": "8086", + "name": "Intel Corporation", + "value": 32902 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "7113", + "value": 28947 + }, + "sub_device": { + "hex": "1100", + "value": 4352 + }, + "revision": { + "hex": "0003", + "value": 3 + }, + "model": "Intel Bridge", + "sysfs_id": "/devices/pci0000:00/0000:00:01.3", + "sysfs_bus_id": "0000:00:01.3", + "resources": [ + { + "type": "irq", + "base": 9, + "triggered": 0, + "enabled": true + } + ], + "detail": { + "function": 3, + "command": 259, + "header_type": 0, + "secondary_bus": 0, + "irq": 9, + "prog_if": 0 + }, + "driver": "piix4_smbus", + "driver_module": "i2c_piix4", + "drivers": [ + "piix4_smbus" + ], + "driver_modules": [ + "i2c_piix4" + ], + "module_alias": "pci:v00008086d00007113sv00001AF4sd00001100bc06sc80i00" + } + ], + "cdrom": [ + { + "index": 23, + "attached_to": 16, + "class_list": [ + "cdrom", + "scsi", + "block_device" + ], + "bus_type": { + "hex": "0084", + "name": "SCSI", + "value": 132 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "hex": "0106", + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "hex": "0002", + "name": "CD-ROM", + "value": 2 + }, + "pci_interface": { + "hex": "0003", + "name": "DVD", + "value": 3 + }, + "vendor": { + "hex": "0000", + "name": "QEMU", + "value": 0 + }, + "device": { + "hex": "0000", + "name": "QEMU DVD-ROM", + "value": 0 + }, + "revision": { + "hex": "0000", + "name": "2.5+", + "value": 0 + }, + "model": "QEMU DVD-ROM", + "sysfs_id": "/class/block/sr0", + "sysfs_bus_id": "0:0:0:0", + "sysfs_device_link": "/devices/pci0000:00/0000:00:01.1/ata1/host0/target0:0:0/0:0:0:0", + "unix_device_name": "/dev/sr0", + "unix_device_number": { + "type": 98, + "major": 11, + "minor": 0, + "range": 1 + }, + "unix_device_names": [ + "/dev/cdrom", + "/dev/disk/by-diskseq/11", + "/dev/disk/by-id/ata-QEMU_DVD-ROM_QM00001", + "/dev/disk/by-path/pci-0000:00:01.1-ata-1", + "/dev/disk/by-path/pci-0000:00:01.1-ata-1.0", + "/dev/sr0" + ], + "unix_device_name2": "/dev/sg0", + "unix_device_number2": { + "type": 99, + "major": 21, + "minor": 0, + "range": 1 + }, + "driver": "ata_piix", + "driver_module": "ata_piix", + "drivers": [ + "ata_piix", + "sr" + ], + "driver_modules": [ + "ata_piix", + "sr_mod" + ] + } + ], + "cpu": [ + { + "architecture": "x86_64", + "vendor_name": "AuthenticAMD", + "family": 23, + "model": 49, + "stepping": 0, + "features": [ + "fpu", + "vme", + "de", + "pse", + "tsc", + "msr", + "pae", + "mce", + "cx8", + "apic", + "sep", + "mtrr", + "pge", + "mca", + "cmov", + "pat", + "pse36", + "clflush", + "mmx", + "fxsr", + "sse", + "sse2", + "syscall", + "nx", + "mmxext", + "fxsr_opt", + "pdpe1gb", + "rdtscp", + "lm", + "rep_good", + "nopl", + "xtopology", + "cpuid", + "extd_apicid", + "tsc_known_freq", + "pni", + "pclmulqdq", + "ssse3", + "fma", + "cx16", + "sse4_1", + "sse4_2", + "x2apic", + "movbe", + "popcnt", + "tsc_deadline_timer", + "aes", + "xsave", + "avx", + "f16c", + "rdrand", + "hypervisor", + "lahf_lm", + "cmp_legacy", + "cr8_legacy", + "abm", + "sse4a", + "misalignsse", + "3dnowprefetch", + "osvw", + "topoext", + "perfctr_core", + "ssbd", + "ibrs", + "ibpb", + "stibp", + "vmmcall", + "fsgsbase", + "tsc_adjust", + "bmi1", + "avx2", + "smep", + "bmi2", + "rdseed", + "adx", + "smap", + "clflushopt", + "clwb", + "sha_ni", + "xsaveopt", + "xsavec", + "xgetbv1", + "clzero", + "xsaveerptr", + "wbnoinvd", + "arat", + "umip", + "rdpid", + "arch_capabilities" + ], + "bugs": [ + "sysret_ss_attrs", + "null_seg", + "spectre_v1", + "spectre_v2", + "spec_store_bypass", + "retbleed", + "smt_rsb", + "srso", + "ibpb_no_ret" + ], + "bogo": 3992.49, + "cache": 512, + "physical_id": 0, + "siblings": 1, + "cores": 1, + "fpu": true, + "fpu_exception": true, + "cpuid_level": 13, + "write_protect": false, + "tlb_size": 1024, + "clflush_size": 64, + "cache_alignment": 64, + "address_sizes": { + "physical": 40, + "virtual": 48 + } + }, + { + "architecture": "x86_64", + "vendor_name": "AuthenticAMD", + "family": 23, + "model": 49, + "stepping": 0, + "features": [ + "fpu", + "vme", + "de", + "pse", + "tsc", + "msr", + "pae", + "mce", + "cx8", + "apic", + "sep", + "mtrr", + "pge", + "mca", + "cmov", + "pat", + "pse36", + "clflush", + "mmx", + "fxsr", + "sse", + "sse2", + "syscall", + "nx", + "mmxext", + "fxsr_opt", + "pdpe1gb", + "rdtscp", + "lm", + "rep_good", + "nopl", + "xtopology", + "cpuid", + "extd_apicid", + "tsc_known_freq", + "pni", + "pclmulqdq", + "ssse3", + "fma", + "cx16", + "sse4_1", + "sse4_2", + "x2apic", + "movbe", + "popcnt", + "tsc_deadline_timer", + "aes", + "xsave", + "avx", + "f16c", + "rdrand", + "hypervisor", + "lahf_lm", + "cmp_legacy", + "cr8_legacy", + "abm", + "sse4a", + "misalignsse", + "3dnowprefetch", + "osvw", + "topoext", + "perfctr_core", + "ssbd", + "ibrs", + "ibpb", + "stibp", + "vmmcall", + "fsgsbase", + "tsc_adjust", + "bmi1", + "avx2", + "smep", + "bmi2", + "rdseed", + "adx", + "smap", + "clflushopt", + "clwb", + "sha_ni", + "xsaveopt", + "xsavec", + "xgetbv1", + "clzero", + "xsaveerptr", + "wbnoinvd", + "arat", + "umip", + "rdpid", + "arch_capabilities" + ], + "bugs": [ + "sysret_ss_attrs", + "null_seg", + "spectre_v1", + "spectre_v2", + "spec_store_bypass", + "retbleed", + "smt_rsb", + "srso", + "ibpb_no_ret" + ], + "bogo": 3992.49, + "cache": 512, + "physical_id": 1, + "siblings": 1, + "cores": 1, + "fpu": true, + "fpu_exception": true, + "cpuid_level": 13, + "write_protect": false, + "tlb_size": 1024, + "clflush_size": 64, + "cache_alignment": 64, + "address_sizes": { + "physical": 40, + "virtual": 48 + } + }, + { + "architecture": "x86_64", + "vendor_name": "AuthenticAMD", + "family": 23, + "model": 49, + "stepping": 0, + "features": [ + "fpu", + "vme", + "de", + "pse", + "tsc", + "msr", + "pae", + "mce", + "cx8", + "apic", + "sep", + "mtrr", + "pge", + "mca", + "cmov", + "pat", + "pse36", + "clflush", + "mmx", + "fxsr", + "sse", + "sse2", + "syscall", + "nx", + "mmxext", + "fxsr_opt", + "pdpe1gb", + "rdtscp", + "lm", + "rep_good", + "nopl", + "xtopology", + "cpuid", + "extd_apicid", + "tsc_known_freq", + "pni", + "pclmulqdq", + "ssse3", + "fma", + "cx16", + "sse4_1", + "sse4_2", + "x2apic", + "movbe", + "popcnt", + "tsc_deadline_timer", + "aes", + "xsave", + "avx", + "f16c", + "rdrand", + "hypervisor", + "lahf_lm", + "cmp_legacy", + "cr8_legacy", + "abm", + "sse4a", + "misalignsse", + "3dnowprefetch", + "osvw", + "topoext", + "perfctr_core", + "ssbd", + "ibrs", + "ibpb", + "stibp", + "vmmcall", + "fsgsbase", + "tsc_adjust", + "bmi1", + "avx2", + "smep", + "bmi2", + "rdseed", + "adx", + "smap", + "clflushopt", + "clwb", + "sha_ni", + "xsaveopt", + "xsavec", + "xgetbv1", + "clzero", + "xsaveerptr", + "wbnoinvd", + "arat", + "umip", + "rdpid", + "arch_capabilities" + ], + "bugs": [ + "sysret_ss_attrs", + "null_seg", + "spectre_v1", + "spectre_v2", + "spec_store_bypass", + "retbleed", + "smt_rsb", + "srso", + "ibpb_no_ret" + ], + "bogo": 3992.49, + "cache": 512, + "physical_id": 2, + "siblings": 1, + "cores": 1, + "fpu": true, + "fpu_exception": true, + "cpuid_level": 13, + "write_protect": false, + "tlb_size": 1024, + "clflush_size": 64, + "cache_alignment": 64, + "address_sizes": { + "physical": 40, + "virtual": 48 + } + }, + { + "architecture": "x86_64", + "vendor_name": "AuthenticAMD", + "family": 23, + "model": 49, + "stepping": 0, + "features": [ + "fpu", + "vme", + "de", + "pse", + "tsc", + "msr", + "pae", + "mce", + "cx8", + "apic", + "sep", + "mtrr", + "pge", + "mca", + "cmov", + "pat", + "pse36", + "clflush", + "mmx", + "fxsr", + "sse", + "sse2", + "syscall", + "nx", + "mmxext", + "fxsr_opt", + "pdpe1gb", + "rdtscp", + "lm", + "rep_good", + "nopl", + "xtopology", + "cpuid", + "extd_apicid", + "tsc_known_freq", + "pni", + "pclmulqdq", + "ssse3", + "fma", + "cx16", + "sse4_1", + "sse4_2", + "x2apic", + "movbe", + "popcnt", + "tsc_deadline_timer", + "aes", + "xsave", + "avx", + "f16c", + "rdrand", + "hypervisor", + "lahf_lm", + "cmp_legacy", + "cr8_legacy", + "abm", + "sse4a", + "misalignsse", + "3dnowprefetch", + "osvw", + "topoext", + "perfctr_core", + "ssbd", + "ibrs", + "ibpb", + "stibp", + "vmmcall", + "fsgsbase", + "tsc_adjust", + "bmi1", + "avx2", + "smep", + "bmi2", + "rdseed", + "adx", + "smap", + "clflushopt", + "clwb", + "sha_ni", + "xsaveopt", + "xsavec", + "xgetbv1", + "clzero", + "xsaveerptr", + "wbnoinvd", + "arat", + "umip", + "rdpid", + "arch_capabilities" + ], + "bugs": [ + "sysret_ss_attrs", + "null_seg", + "spectre_v1", + "spectre_v2", + "spec_store_bypass", + "retbleed", + "smt_rsb", + "srso", + "ibpb_no_ret" + ], + "bogo": 3992.49, + "cache": 512, + "physical_id": 3, + "siblings": 1, + "cores": 1, + "fpu": true, + "fpu_exception": true, + "cpuid_level": 13, + "write_protect": false, + "tlb_size": 1024, + "clflush_size": 64, + "cache_alignment": 64, + "address_sizes": { + "physical": 40, + "virtual": 48 + } + } + ], + "disk": [ + { + "index": 24, + "attached_to": 18, + "class_list": [ + "disk", + "block_device" + ], + "base_class": { + "hex": "0106", + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "hex": "0000", + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/vda", + "sysfs_bus_id": "virtio1", + "sysfs_device_link": "/devices/pci0000:00/0000:00:10.0/virtio1", + "unix_device_name": "/dev/vda", + "unix_device_number": { + "type": 98, + "major": 253, + "minor": 0, + "range": 16 + }, + "unix_device_names": [ + "/dev/disk/by-diskseq/9", + "/dev/disk/by-path/pci-0000:00:10.0", + "/dev/disk/by-path/virtio-pci-0000:00:10.0", + "/dev/vda" + ], + "rom_id": "0x80", + "resources": [ + { + "type": "disk_geo", + "cylinders": 1065220, + "heads": 16, + "sectors": 63, + "size": 0, + "geo_type": "logical" + }, + { + "type": "size", + "unit": "sectors", + "value_1": 1073741824, + "value_2": 512 + } + ], + "driver": "virtio-pci", + "driver_module": "virtio_pci", + "drivers": [ + "virtio-pci", + "virtio_blk" + ], + "driver_modules": [ + "virtio_blk", + "virtio_pci" + ] + } + ], + "graphics_card": [ + { + "index": 17, + "attached_to": 0, + "class_list": [ + "graphics_card", + "pci" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 2 + }, + "base_class": { + "hex": "0003", + "name": "Display controller", + "value": 3 + }, + "sub_class": { + "hex": "0000", + "name": "VGA compatible controller", + "value": 0 + }, + "pci_interface": { + "hex": "0000", + "name": "VGA", + "value": 0 + }, + "vendor": { + "hex": "1234", + "value": 4660 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "1111", + "value": 4369 + }, + "sub_device": { + "hex": "1100", + "value": 4352 + }, + "revision": { + "hex": "0002", + "value": 2 + }, + "model": "VGA compatible controller", + "sysfs_id": "/devices/pci0000:00/0000:00:02.0", + "sysfs_bus_id": "0000:00:02.0", + "resources": [ + { + "type": "mem", + "base": 4261412864, + "range": 8388608, + "enabled": true, + "access": "read_only", + "prefetch": "no" + }, + { + "type": "mem", + "base": 4273799168, + "range": 4096, + "enabled": true, + "access": "read_write", + "prefetch": "no" + }, + { + "type": "mem", + "base": 786432, + "range": 131072, + "enabled": false, + "access": "read_write", + "prefetch": "no" + } + ], + "detail": { + "function": 0, + "command": 3, + "header_type": 0, + "secondary_bus": 0, + "irq": 0, + "prog_if": 0 + }, + "driver": "bochs-drm", + "driver_module": "bochs", + "drivers": [ + "bochs-drm" + ], + "driver_modules": [ + "bochs" + ], + "module_alias": "pci:v00001234d00001111sv00001AF4sd00001100bc03sc00i00" + } + ], + "hub": [ + { + "index": 25, + "attached_to": 9, + "class_list": [ + "usb", + "hub" + ], + "bus_type": { + "hex": "0086", + "name": "USB", + "value": 134 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "hex": "010a", + "name": "Hub", + "value": 266 + }, + "vendor": { + "hex": "1d6b", + "name": "Linux 6.11.10 uhci_hcd", + "value": 7531 + }, + "device": { + "hex": "0001", + "name": "UHCI Host Controller", + "value": 1 + }, + "revision": { + "hex": "0000", + "name": "6.11", + "value": 0 + }, + "serial": "0000:00:01.2", + "model": "Linux 6.11.10 uhci_hcd UHCI Host Controller", + "sysfs_id": "/devices/pci0000:00/0000:00:01.2/usb1/1-0:1.0", + "sysfs_bus_id": "1-0:1.0", + "resources": [ + { + "type": "baud", + "speed": 12000000, + "bits": 0, + "stop_bits": 0, + "parity": 0, + "handshake": 0 + } + ], + "detail": { + "device_class": { + "hex": "0009", + "name": "hub", + "value": 9 + }, + "device_subclass": { + "hex": "0000", + "name": "per_interface", + "value": 0 + }, + "device_protocol": 0, + "interface_class": { + "hex": "0009", + "name": "hub", + "value": 9 + }, + "interface_subclass": { + "hex": "0000", + "name": "per_interface", + "value": 0 + }, + "interface_protocol": 0, + "interface_number": 0, + "interface_alternate_setting": 0 + }, + "hotplug": "usb", + "driver": "hub", + "drivers": [ + "hub" + ], + "module_alias": "usb:v1D6Bp0001d0611dc09dsc00dp00ic09isc00ip00in00" + } + ], + "memory": [ + { + "index": 7, + "attached_to": 0, + "class_list": [ + "memory" + ], + "base_class": { + "hex": "0101", + "name": "Internally Used Class", + "value": 257 + }, + "sub_class": { + "hex": "0002", + "name": "Main Memory", + "value": 2 + }, + "model": "Main Memory", + "resources": [ + { + "type": "mem", + "base": 0, + "range": 8283017216, + "enabled": true, + "access": "read_write", + "prefetch": "unknown" + }, + { + "type": "phys_mem", + "range": 8053063680 + } + ] + } + ], + "monitor": [ + { + "index": 22, + "attached_to": 17, + "class_list": [ + "monitor" + ], + "base_class": { + "hex": "0100", + "name": "Monitor", + "value": 256 + }, + "sub_class": { + "hex": "0002", + "name": "LCD Monitor", + "value": 2 + }, + "vendor": { + "hex": "4914", + "value": 18708 + }, + "device": { + "hex": "1234", + "name": "QEMU Monitor", + "value": 4660 + }, + "serial": "0", + "model": "QEMU Monitor", + "resources": [ + { + "type": "monitor", + "width": 1024, + "height": 768, + "vertical_frequency": 60, + "interlaced": false + }, + { + "type": "monitor", + "width": 1600, + "height": 1200, + "vertical_frequency": 60, + "interlaced": false + }, + { + "type": "monitor", + "width": 1920, + "height": 1080, + "vertical_frequency": 60, + "interlaced": false + }, + { + "type": "monitor", + "width": 2048, + "height": 1152, + "vertical_frequency": 60, + "interlaced": false + }, + { + "type": "monitor", + "width": 640, + "height": 480, + "vertical_frequency": 60, + "interlaced": false + }, + { + "type": "monitor", + "width": 800, + "height": 600, + "vertical_frequency": 60, + "interlaced": false + }, + { + "type": "size", + "unit": "mm", + "value_1": 260, + "value_2": 195 + } + ], + "detail": { + "manufacture_year": 2014, + "manufacture_week": 42, + "vertical_sync": { + "min": 50, + "max": 125 + }, + "horizontal_sync": { + "min": 30, + "max": 160 + }, + "horizontal_sync_timings": { + "disp": 1024, + "sync_start": 1280, + "sync_end": 1310, + "total": 1382 + }, + "vertical_sync_timings": { + "disp": 768, + "sync_start": 771, + "sync_end": 774, + "total": 794 + }, + "clock": 82290, + "width": 1024, + "height": 768, + "width_millimetres": 260, + "height_millimetres": 195, + "horizontal_flag": 45, + "vertical_flag": 45, + "vendor": "", + "name": "QEMU Monitor" + }, + "driver_info": { + "type": "display", + "width": 2048, + "height": 1152, + "vertical_sync": { + "min": 50, + "max": 125 + }, + "horizontal_sync": { + "min": 30, + "max": 160 + }, + "bandwidth": 0, + "horizontal_sync_timings": { + "disp": 1024, + "sync_start": 1280, + "sync_end": 1310, + "total": 1382 + }, + "vertical_sync_timings": { + "disp": 768, + "sync_start": 771, + "sync_end": 774, + "total": 794 + }, + "horizontal_flag": 45, + "vertical_flag": 45 + } + } + ], + "mouse": [ + { + "index": 26, + "attached_to": 25, + "class_list": [ + "mouse", + "usb" + ], + "bus_type": { + "hex": "0086", + "name": "USB", + "value": 134 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "hex": "0105", + "name": "Mouse", + "value": 261 + }, + "sub_class": { + "hex": "0003", + "name": "USB Mouse", + "value": 3 + }, + "vendor": { + "hex": "0627", + "name": "QEMU", + "value": 1575 + }, + "device": { + "hex": "0001", + "name": "QEMU USB Tablet", + "value": 1 + }, + "serial": "28754-0000:00:01.2-1", + "compat_vendor": "Unknown", + "compat_device": "Generic USB Mouse", + "model": "QEMU USB Tablet", + "sysfs_id": "/devices/pci0000:00/0000:00:01.2/usb1/1-1/1-1:1.0", + "sysfs_bus_id": "1-1:1.0", + "unix_device_name": "/dev/input/mice", + "unix_device_number": { + "type": 99, + "major": 13, + "minor": 63, + "range": 1 + }, + "unix_device_names": [ + "/dev/input/mice" + ], + "unix_device_name2": "/dev/input/mouse0", + "unix_device_number2": { + "type": 99, + "major": 13, + "minor": 32, + "range": 1 + }, + "resources": [ + { + "type": "baud", + "speed": 12000000, + "bits": 0, + "stop_bits": 0, + "parity": 0, + "handshake": 0 + } + ], + "detail": { + "device_class": { + "hex": "0000", + "name": "per_interface", + "value": 0 + }, + "device_subclass": { + "hex": "0000", + "name": "per_interface", + "value": 0 + }, + "device_protocol": 0, + "interface_class": { + "hex": "0003", + "name": "hid", + "value": 3 + }, + "interface_subclass": { + "hex": "0000", + "name": "per_interface", + "value": 0 + }, + "interface_protocol": 0, + "interface_number": 0, + "interface_alternate_setting": 0 + }, + "hotplug": "usb", + "driver": "usbhid", + "driver_module": "usbhid", + "drivers": [ + "usbhid" + ], + "driver_modules": [ + "usbhid" + ], + "driver_info": { + "type": "mouse", + "db_entry_0": [ + "explorerps/2", + "exps2" + ], + "xf86": "explorerps/2", + "gpm": "exps2", + "buttons": -1, + "wheels": -1 + }, + "module_alias": "usb:v0627p0001d0000dc00dsc00dp00ic03isc00ip00in00" + } + ], + "network_controller": [ + { + "index": 20, + "attached_to": 15, + "class_list": [ + "network_controller" + ], + "bus_type": { + "hex": "008f", + "name": "Virtio", + "value": 143 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "hex": "0002", + "name": "Network controller", + "value": 2 + }, + "sub_class": { + "hex": "0000", + "name": "Ethernet controller", + "value": 0 + }, + "vendor": "Virtio", + "device": "Ethernet Card 0", + "model": "Virtio Ethernet Card 0", + "sysfs_id": "/devices/pci0000:00/0000:00:03.0/virtio0", + "sysfs_bus_id": "virtio0", + "unix_device_name": "ens3", + "unix_device_names": [ + "ens3" + ], + "resources": [ + { + "type": "hwaddr", + "address": 54 + }, + { + "type": "phwaddr", + "address": 54 + } + ], + "driver": "virtio_net", + "driver_module": "virtio_net", + "drivers": [ + "virtio_net" + ], + "driver_modules": [ + "virtio_net" + ], + "module_alias": "virtio:d00000001v00001AF4" + } + ], + "network_interface": [ + { + "index": 27, + "attached_to": 0, + "class_list": [ + "network_interface" + ], + "base_class": { + "hex": "0107", + "name": "Network Interface", + "value": 263 + }, + "sub_class": { + "hex": "0000", + "name": "Loopback", + "value": 0 + }, + "model": "Loopback network interface", + "sysfs_id": "/class/net/lo", + "unix_device_name": "lo", + "unix_device_names": [ + "lo" + ] + }, + { + "index": 28, + "attached_to": 20, + "class_list": [ + "network_interface" + ], + "base_class": { + "hex": "0107", + "name": "Network Interface", + "value": 263 + }, + "sub_class": { + "hex": "0001", + "name": "Ethernet", + "value": 1 + }, + "model": "Ethernet network interface", + "sysfs_id": "/class/net/ens3", + "sysfs_device_link": "/devices/pci0000:00/0000:00:03.0/virtio0", + "unix_device_name": "ens3", + "unix_device_names": [ + "ens3" + ], + "resources": [ + { + "type": "hwaddr", + "address": 54 + }, + { + "type": "phwaddr", + "address": 54 + } + ], + "driver": "virtio_net", + "driver_module": "virtio_net", + "drivers": [ + "virtio_net" + ], + "driver_modules": [ + "virtio_net" + ] + } + ], + "pci": [ + { + "index": 8, + "attached_to": 0, + "class_list": [ + "pci", + "unknown" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 28 + }, + "base_class": { + "hex": "0007", + "name": "Communication controller", + "value": 7 + }, + "sub_class": { + "hex": "0080", + "name": "Communication controller", + "value": 128 + }, + "vendor": { + "hex": "1af4", + "value": 6900 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "1003", + "value": 4099 + }, + "sub_device": { + "hex": "0003", + "value": 3 + }, + "model": "Communication controller", + "sysfs_id": "/devices/pci0000:00/0000:00:1c.0", + "sysfs_bus_id": "0000:00:1c.0", + "resources": [ + { + "type": "io", + "base": 49344, + "range": 64, + "enabled": true, + "access": "read_write" + }, + { + "type": "irq", + "base": 11, + "triggered": 0, + "enabled": true + }, + { + "type": "mem", + "base": 4269834240, + "range": 16384, + "enabled": true, + "access": "read_only", + "prefetch": "no" + }, + { + "type": "mem", + "base": 4273811456, + "range": 4096, + "enabled": true, + "access": "read_write", + "prefetch": "no" + } + ], + "detail": { + "function": 0, + "command": 1287, + "header_type": 0, + "secondary_bus": 0, + "irq": 11, + "prog_if": 0 + }, + "driver": "virtio-pci", + "driver_module": "virtio_pci", + "drivers": [ + "virtio-pci" + ], + "driver_modules": [ + "virtio_pci" + ], + "module_alias": "pci:v00001AF4d00001003sv00001AF4sd00000003bc07sc80i00" + }, + { + "index": 10, + "attached_to": 0, + "class_list": [ + "pci", + "unknown" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 16 + }, + "base_class": { + "hex": "0001", + "name": "Mass storage controller", + "value": 1 + }, + "sub_class": { + "hex": "0000", + "name": "SCSI storage controller", + "value": 0 + }, + "vendor": { + "hex": "1af4", + "value": 6900 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "1001", + "value": 4097 + }, + "sub_device": { + "hex": "0002", + "value": 2 + }, + "model": "SCSI storage controller", + "sysfs_id": "/devices/pci0000:00/0000:00:10.0", + "sysfs_bus_id": "0000:00:10.0", + "resources": [ + { + "type": "io", + "base": 49152, + "range": 128, + "enabled": true, + "access": "read_write" + }, + { + "type": "irq", + "base": 11, + "triggered": 0, + "enabled": true + }, + { + "type": "mem", + "base": 4269817856, + "range": 16384, + "enabled": true, + "access": "read_only", + "prefetch": "no" + }, + { + "type": "mem", + "base": 4273807360, + "range": 4096, + "enabled": true, + "access": "read_write", + "prefetch": "no" + } + ], + "detail": { + "function": 0, + "command": 1287, + "header_type": 0, + "secondary_bus": 0, + "irq": 11, + "prog_if": 0 + }, + "driver": "virtio-pci", + "driver_module": "virtio_pci", + "drivers": [ + "virtio-pci" + ], + "driver_modules": [ + "virtio_pci" + ], + "module_alias": "pci:v00001AF4d00001001sv00001AF4sd00000002bc01sc00i00" + }, + { + "index": 12, + "attached_to": 0, + "class_list": [ + "pci", + "unknown" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 30 + }, + "base_class": { + "hex": "0000", + "name": "Unclassified device", + "value": 0 + }, + "sub_class": { + "hex": "00ff", + "value": 255 + }, + "vendor": { + "hex": "1af4", + "value": 6900 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "1002", + "value": 4098 + }, + "sub_device": { + "hex": "0005", + "value": 5 + }, + "model": "Unclassified device", + "sysfs_id": "/devices/pci0000:00/0000:00:1e.0", + "sysfs_bus_id": "0000:00:1e.0", + "resources": [ + { + "type": "io", + "base": 49408, + "range": 64, + "enabled": true, + "access": "read_write" + }, + { + "type": "irq", + "base": 10, + "triggered": 0, + "enabled": true + }, + { + "type": "mem", + "base": 4269850624, + "range": 16384, + "enabled": true, + "access": "read_only", + "prefetch": "no" + } + ], + "detail": { + "function": 0, + "command": 263, + "header_type": 0, + "secondary_bus": 0, + "irq": 10, + "prog_if": 0 + }, + "driver": "virtio-pci", + "driver_module": "virtio_pci", + "drivers": [ + "virtio-pci" + ], + "driver_modules": [ + "virtio_pci" + ], + "module_alias": "pci:v00001AF4d00001002sv00001AF4sd00000005bc00scFFi00" + }, + { + "index": 15, + "attached_to": 0, + "class_list": [ + "pci", + "unknown" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 3 + }, + "base_class": { + "hex": "0002", + "name": "Network controller", + "value": 2 + }, + "sub_class": { + "hex": "0000", + "name": "Ethernet controller", + "value": 0 + }, + "vendor": { + "hex": "1af4", + "value": 6900 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "1000", + "value": 4096 + }, + "sub_device": { + "hex": "0001", + "value": 1 + }, + "model": "Ethernet controller", + "sysfs_id": "/devices/pci0000:00/0000:00:03.0", + "sysfs_bus_id": "0000:00:03.0", + "resources": [ + { + "type": "io", + "base": 49280, + "range": 64, + "enabled": true, + "access": "read_write" + }, + { + "type": "irq", + "base": 10, + "triggered": 0, + "enabled": true + }, + { + "type": "mem", + "base": 4269801472, + "range": 16384, + "enabled": true, + "access": "read_only", + "prefetch": "no" + }, + { + "type": "mem", + "base": 4273471488, + "range": 262144, + "enabled": false, + "access": "read_only", + "prefetch": "no" + }, + { + "type": "mem", + "base": 4273803264, + "range": 4096, + "enabled": true, + "access": "read_write", + "prefetch": "no" + } + ], + "detail": { + "function": 0, + "command": 1287, + "header_type": 0, + "secondary_bus": 0, + "irq": 10, + "prog_if": 0 + }, + "driver": "virtio-pci", + "driver_module": "virtio_pci", + "drivers": [ + "virtio-pci" + ], + "driver_modules": [ + "virtio_pci" + ], + "module_alias": "pci:v00001AF4d00001000sv00001AF4sd00000001bc02sc00i00" + } + ], + "storage_controller": [ + { + "index": 16, + "attached_to": 0, + "class_list": [ + "storage_controller", + "pci" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 1 + }, + "base_class": { + "hex": "0001", + "name": "Mass storage controller", + "value": 1 + }, + "sub_class": { + "hex": "0001", + "name": "IDE interface", + "value": 1 + }, + "pci_interface": { + "hex": "0080", + "value": 128 + }, + "vendor": { + "hex": "8086", + "name": "Intel Corporation", + "value": 32902 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "7010", + "value": 28688 + }, + "sub_device": { + "hex": "1100", + "value": 4352 + }, + "model": "Intel IDE interface", + "sysfs_id": "/devices/pci0000:00/0000:00:01.1", + "sysfs_bus_id": "0000:00:01.1", + "resources": [ + { + "type": "io", + "base": 1014, + "range": 1, + "enabled": true, + "access": "read_write" + }, + { + "type": "io", + "base": 368, + "range": 8, + "enabled": true, + "access": "read_write" + }, + { + "type": "io", + "base": 49504, + "range": 16, + "enabled": true, + "access": "read_write" + }, + { + "type": "io", + "base": 496, + "range": 8, + "enabled": true, + "access": "read_write" + }, + { + "type": "io", + "base": 886, + "range": 1, + "enabled": true, + "access": "read_write" + } + ], + "detail": { + "function": 1, + "command": 263, + "header_type": 0, + "secondary_bus": 0, + "irq": 0, + "prog_if": 128 + }, + "driver": "ata_piix", + "driver_module": "ata_piix", + "drivers": [ + "ata_piix" + ], + "driver_modules": [ + "ata_piix" + ], + "module_alias": "pci:v00008086d00007010sv00001AF4sd00001100bc01sc01i80" + }, + { + "index": 18, + "attached_to": 10, + "class_list": [ + "storage_controller" + ], + "bus_type": { + "hex": "008f", + "name": "Virtio", + "value": 143 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "hex": "0001", + "name": "Mass storage controller", + "value": 1 + }, + "sub_class": { + "hex": "0080", + "name": "Storage controller", + "value": 128 + }, + "vendor": "Virtio", + "device": "Storage 0", + "model": "Virtio Storage 0", + "sysfs_id": "/devices/pci0000:00/0000:00:10.0/virtio1", + "sysfs_bus_id": "virtio1", + "driver": "virtio_blk", + "driver_module": "virtio_blk", + "drivers": [ + "virtio_blk" + ], + "driver_modules": [ + "virtio_blk" + ], + "module_alias": "virtio:d00000002v00001AF4" + } + ], + "system": { + "form_factor": "desktop" + }, + "unknown": [ + { + "index": 19, + "attached_to": 8, + "class_list": [ + "unknown" + ], + "base_class": { + "hex": "0000", + "name": "Unclassified device", + "value": 0 + }, + "sub_class": { + "hex": "0000", + "name": "Unclassified device", + "value": 0 + }, + "vendor": "Virtio", + "device": "", + "model": "Virtio Unclassified device", + "sysfs_id": "/devices/pci0000:00/0000:00:1c.0/virtio2", + "sysfs_bus_id": "virtio2", + "driver": "virtio_console", + "driver_module": "virtio_console", + "drivers": [ + "virtio_console" + ], + "driver_modules": [ + "virtio_console" + ], + "module_alias": "virtio:d00000003v00001AF4" + }, + { + "index": 21, + "attached_to": 12, + "class_list": [ + "unknown" + ], + "base_class": { + "hex": "0000", + "name": "Unclassified device", + "value": 0 + }, + "sub_class": { + "hex": "0000", + "name": "Unclassified device", + "value": 0 + }, + "vendor": "Virtio", + "device": "", + "model": "Virtio Unclassified device", + "sysfs_id": "/devices/pci0000:00/0000:00:1e.0/virtio3", + "sysfs_bus_id": "virtio3", + "driver": "virtio_balloon", + "driver_module": "virtio_balloon", + "drivers": [ + "virtio_balloon" + ], + "driver_modules": [ + "virtio_balloon" + ], + "module_alias": "virtio:d00000005v00001AF4" + } + ], + "usb_controller": [ + { + "index": 9, + "attached_to": 0, + "class_list": [ + "usb_controller", + "pci" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 1 + }, + "base_class": { + "hex": "000c", + "name": "Serial bus controller", + "value": 12 + }, + "sub_class": { + "hex": "0003", + "name": "USB Controller", + "value": 3 + }, + "pci_interface": { + "hex": "0000", + "name": "UHCI", + "value": 0 + }, + "vendor": { + "hex": "8086", + "name": "Intel Corporation", + "value": 32902 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "7020", + "value": 28704 + }, + "sub_device": { + "hex": "1100", + "value": 4352 + }, + "revision": { + "hex": "0001", + "value": 1 + }, + "model": "Intel USB Controller", + "sysfs_id": "/devices/pci0000:00/0000:00:01.2", + "sysfs_bus_id": "0000:00:01.2", + "resources": [ + { + "type": "io", + "base": 49472, + "range": 32, + "enabled": true, + "access": "read_write" + }, + { + "type": "irq", + "base": 11, + "triggered": 0, + "enabled": true + } + ], + "detail": { + "function": 2, + "command": 263, + "header_type": 0, + "secondary_bus": 0, + "irq": 11, + "prog_if": 0 + }, + "driver": "uhci_hcd", + "driver_module": "uhci_hcd", + "drivers": [ + "uhci_hcd" + ], + "driver_modules": [ + "uhci_hcd" + ], + "driver_info": { + "type": "module", + "db_entry_0": [ + "uhci-hcd" + ], + "active": true, + "modprobe": true, + "names": [ + "uhci-hcd" + ], + "module_args": [ + "" + ], + "conf": "" + }, + "module_alias": "pci:v00008086d00007020sv00001AF4sd00001100bc0Csc03i00" + } + ] + }, + "smbios": { + "bios": { + "handle": 0, + "vendor": "netcup", + "version": "VPS 1000 G11 SE", + "date": "12/04/2024", + "features": null, + "start_address": "0xe8000", + "rom_size": 65536 + }, + "chassis": { + "handle": 768, + "manufacturer": "QEMU", + "version": "pc-i440fx-6.2", + "chassis_type": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "lock_present": false, + "bootup_state": { + "hex": "0003", + "name": "Safe", + "value": 3 + }, + "power_state": { + "hex": "0003", + "name": "Safe", + "value": 3 + }, + "thermal_state": { + "hex": "0003", + "name": "Safe", + "value": 3 + }, + "security_state": { + "hex": "0002", + "name": "Unknown", + "value": 2 + }, + "oem": "0x0" + }, + "memory_array": [ + { + "handle": 4096, + "location": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "usage": { + "hex": "0003", + "name": "System memory", + "value": 3 + }, + "ecc": { + "hex": "0006", + "name": "Multi-bit", + "value": 6 + }, + "max_size": 8388608, + "error_handle": 65534, + "slots": 1 + } + ], + "memory_array_mapped_address": [ + { + "handle": 4864, + "array_handle": 4096, + "start_address": 0, + "end_address": 3221225472, + "part_width": 1 + }, + { + "handle": 4865, + "array_handle": 4096, + "start_address": 4294967296, + "end_address": 9663676416, + "part_width": 1 + } + ], + "memory_device": [ + { + "handle": 4352, + "location": "DIMM 0", + "bank_location": "", + "manufacturer": "QEMU", + "part_number": "", + "array_handle": 4096, + "error_handle": 65534, + "width": 0, + "ecc_bits": 0, + "size": 8388608, + "form_factor": { + "hex": "0009", + "name": "DIMM", + "value": 9 + }, + "set": 0, + "memory_type": { + "hex": "0007", + "name": "RAM", + "value": 7 + }, + "memory_type_details": [ + "Other" + ], + "speed": 0 + } + ], + "processor": [ + { + "handle": 1024, + "socket": "CPU 0", + "socket_type": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "socket_populated": true, + "manufacturer": "QEMU", + "version": "pc-i440fx-6.2", + "part": "", + "processor_type": { + "hex": "0003", + "name": "CPU", + "value": 3 + }, + "processor_family": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "processor_status": { + "hex": "0001", + "name": "Enabled", + "value": 1 + }, + "clock_ext": 0, + "clock_max": 2000, + "cache_handle_l1": 0, + "cache_handle_l2": 0, + "cache_handle_l3": 0 + }, + { + "handle": 1025, + "socket": "CPU 1", + "socket_type": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "socket_populated": true, + "manufacturer": "QEMU", + "version": "pc-i440fx-6.2", + "part": "", + "processor_type": { + "hex": "0003", + "name": "CPU", + "value": 3 + }, + "processor_family": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "processor_status": { + "hex": "0001", + "name": "Enabled", + "value": 1 + }, + "clock_ext": 0, + "clock_max": 2000, + "cache_handle_l1": 0, + "cache_handle_l2": 0, + "cache_handle_l3": 0 + }, + { + "handle": 1026, + "socket": "CPU 2", + "socket_type": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "socket_populated": true, + "manufacturer": "QEMU", + "version": "pc-i440fx-6.2", + "part": "", + "processor_type": { + "hex": "0003", + "name": "CPU", + "value": 3 + }, + "processor_family": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "processor_status": { + "hex": "0001", + "name": "Enabled", + "value": 1 + }, + "clock_ext": 0, + "clock_max": 2000, + "cache_handle_l1": 0, + "cache_handle_l2": 0, + "cache_handle_l3": 0 + }, + { + "handle": 1027, + "socket": "CPU 3", + "socket_type": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "socket_populated": true, + "manufacturer": "QEMU", + "version": "pc-i440fx-6.2", + "part": "", + "processor_type": { + "hex": "0003", + "name": "CPU", + "value": 3 + }, + "processor_family": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "processor_status": { + "hex": "0001", + "name": "Enabled", + "value": 1 + }, + "clock_ext": 0, + "clock_max": 2000, + "cache_handle_l1": 0, + "cache_handle_l2": 0, + "cache_handle_l3": 0 + } + ], + "system": { + "handle": 256, + "manufacturer": "netcup", + "product": "KVM Server", + "version": "VPS 1000 G11 SE", + "wake_up": { + "hex": "0006", + "name": "Power Switch", + "value": 6 + } + } + } +} diff --git a/hosts/by-name/server1/configuration.nix b/hosts/by-name/server1/configuration.nix new file mode 100644 index 0000000..c0e76db --- /dev/null +++ b/hosts/by-name/server1/configuration.nix @@ -0,0 +1,36 @@ +{config, ...}: { + imports = [ + ./networking.nix # network configuration that just works + ./hardware.nix + + ../../../system + ]; + + vhack = { + back = { + enable = true; + repositories = { + "${config.services.gitolite.dataDir}/vhack.eu/nixos-config.git" = { + domain = "issues.vhack.eu"; + port = 9220; + }; + }; + }; + etesync.enable = true; + git-server.enable = true; + nginx.enable = true; + nix-sync.enable = true; + openssh.enable = true; + peertube.enable = true; + postgresql.enable = true; + redlib.enable = true; + users.enable = true; + }; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + networking.hostName = "server1"; + networking.domain = "vhack.eu"; + + system.stateVersion = "22.11"; +} diff --git a/hosts/by-name/server1/hardware.nix b/hosts/by-name/server1/hardware.nix new file mode 100644 index 0000000..9abc64c --- /dev/null +++ b/hosts/by-name/server1/hardware.nix @@ -0,0 +1,14 @@ +{modulesPath, ...}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + (modulesPath + "/profiles/headless.nix") + ]; + + vhack.disko = { + enable = true; + # FIXME: Find a better way to specify the disk + disk = "/dev/vda"; + }; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; + boot.initrd.kernelModules = []; +} diff --git a/hosts/by-name/server1/networking.nix b/hosts/by-name/server1/networking.nix new file mode 100644 index 0000000..cd0484f --- /dev/null +++ b/hosts/by-name/server1/networking.nix @@ -0,0 +1,50 @@ +{lib, ...}: { + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = [ + "8.8.8.8" + ]; + defaultGateway = { + address = "89.58.56.1"; + interface = "eth0"; + }; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4.addresses = [ + { + address = "89.58.58.33"; + prefixLength = 22; + } + ]; + ipv6.addresses = [ + { + address = "2a03:4000:6a:3f3::1"; + prefixLength = 64; + } + ]; + ipv4.routes = [ + { + address = "89.58.56.1"; + prefixLength = 32; + } + ]; + ipv6.routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } + ]; + }; + }; + }; + services.udev.extraRules = '' + ATTR{address}=="66:22:6d:82:93:9b", NAME="eth0" + ''; +} diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix new file mode 100644 index 0000000..571a235 --- /dev/null +++ b/hosts/by-name/server2/configuration.nix @@ -0,0 +1,36 @@ +{config, ...}: { + imports = [ + ./networking.nix # network configuration that just works + ./hardware.nix + ]; + + vhack = { + back = { + enable = true; + repositories = { + "${config.services.gitolite.dataDir}/vhack.eu/nixos-server.git" = { + domain = "issues.foss-syndicate.org"; + port = 9220; + }; + }; + }; + fail2ban.enable = true; + git-server = { + enable = true; + domain = "git.foss-syndicate.org"; + gitolite.adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532"; + }; + nginx.enable = true; + openssh.enable = true; + persist.enable = true; + rust-motd.enable = true; + users.enable = true; + }; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + networking.hostName = "server2"; + networking.domain = "vhack.eu"; + + system.stateVersion = "24.11"; +} diff --git a/hosts/by-name/server2/hardware.nix b/hosts/by-name/server2/hardware.nix new file mode 100644 index 0000000..9abc64c --- /dev/null +++ b/hosts/by-name/server2/hardware.nix @@ -0,0 +1,14 @@ +{modulesPath, ...}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + (modulesPath + "/profiles/headless.nix") + ]; + + vhack.disko = { + enable = true; + # FIXME: Find a better way to specify the disk + disk = "/dev/vda"; + }; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; + boot.initrd.kernelModules = []; +} diff --git a/hosts/by-name/server2/networking.nix b/hosts/by-name/server2/networking.nix new file mode 100644 index 0000000..cd0484f --- /dev/null +++ b/hosts/by-name/server2/networking.nix @@ -0,0 +1,50 @@ +{lib, ...}: { + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = [ + "8.8.8.8" + ]; + defaultGateway = { + address = "89.58.56.1"; + interface = "eth0"; + }; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4.addresses = [ + { + address = "89.58.58.33"; + prefixLength = 22; + } + ]; + ipv6.addresses = [ + { + address = "2a03:4000:6a:3f3::1"; + prefixLength = 64; + } + ]; + ipv4.routes = [ + { + address = "89.58.56.1"; + prefixLength = 32; + } + ]; + ipv6.routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } + ]; + }; + }; + }; + services.udev.extraRules = '' + ATTR{address}=="66:22:6d:82:93:9b", NAME="eth0" + ''; +} diff --git a/hosts/default.nix b/hosts/default.nix new file mode 100644 index 0000000..f7df5d3 --- /dev/null +++ b/hosts/default.nix @@ -0,0 +1,25 @@ +{ + pkgs, + nixLib, + nixpkgs, + specialArgs, + extraModules, +}: let + hosts = nixLib.mkByName { + useShards = false; + baseDirectory = ./by-name; + fileName = "configuration.nix"; + finalizeFunction = name: value: + nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + inherit specialArgs; + modules = + extraModules + ++ [ + ../modules + value + ]; + }; + }; +in + hosts diff --git a/hosts/server1/configuration.nix b/hosts/server1/configuration.nix deleted file mode 100644 index e21327e..0000000 --- a/hosts/server1/configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -{config, ...}: { - imports = [ - ./networking.nix # network configuration that just works - ./hardware.nix - - ../../system - ]; - - vhack = { - back = { - enable = true; - repositories = { - "${config.services.gitolite.dataDir}/vhack.eu/nixos-config.git" = { - domain = "issues.vhack.eu"; - port = 9220; - }; - }; - }; - etesync.enable = true; - git-server.enable = true; - nginx.enable = true; - nix-sync.enable = true; - openssh.enable = true; - peertube.enable = true; - redlib.enable = true; - }; - - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; - networking.hostName = "server1"; - networking.domain = "vhack.eu"; - - system.stateVersion = "22.11"; -} diff --git a/hosts/server1/hardware.nix b/hosts/server1/hardware.nix deleted file mode 100644 index 9abc64c..0000000 --- a/hosts/server1/hardware.nix +++ /dev/null @@ -1,14 +0,0 @@ -{modulesPath, ...}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - (modulesPath + "/profiles/headless.nix") - ]; - - vhack.disko = { - enable = true; - # FIXME: Find a better way to specify the disk - disk = "/dev/vda"; - }; - boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; - boot.initrd.kernelModules = []; -} diff --git a/hosts/server1/networking.nix b/hosts/server1/networking.nix deleted file mode 100644 index cd0484f..0000000 --- a/hosts/server1/networking.nix +++ /dev/null @@ -1,50 +0,0 @@ -{lib, ...}: { - # This file was populated at runtime with the networking - # details gathered from the active system. - networking = { - nameservers = [ - "8.8.8.8" - ]; - defaultGateway = { - address = "89.58.56.1"; - interface = "eth0"; - }; - defaultGateway6 = { - address = "fe80::1"; - interface = "eth0"; - }; - dhcpcd.enable = false; - usePredictableInterfaceNames = lib.mkForce false; - interfaces = { - eth0 = { - ipv4.addresses = [ - { - address = "89.58.58.33"; - prefixLength = 22; - } - ]; - ipv6.addresses = [ - { - address = "2a03:4000:6a:3f3::1"; - prefixLength = 64; - } - ]; - ipv4.routes = [ - { - address = "89.58.56.1"; - prefixLength = 32; - } - ]; - ipv6.routes = [ - { - address = "fe80::1"; - prefixLength = 128; - } - ]; - }; - }; - }; - services.udev.extraRules = '' - ATTR{address}=="66:22:6d:82:93:9b", NAME="eth0" - ''; -} diff --git a/modules/by-name/fa/fail2ban/module.nix b/modules/by-name/fa/fail2ban/module.nix new file mode 100644 index 0000000..a95e267 --- /dev/null +++ b/modules/by-name/fa/fail2ban/module.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + ... +}: let + cfg = config.vhack.fail2ban; +in { + options.vhack.fail2ban = { + enable = lib.mkEnableOption "fail2ban"; + }; + + config = lib.mkIf cfg.enable { + vhack.persist.directories = [ + { + directory = "/var/lib/fail2ban"; + user = "fail2ban"; + group = "fail2ban"; + mode = "0700"; + } + ]; + + services.fail2ban = { + enable = true; + maxretry = 7; # ban after 7 failures + daemonSettings = { + Definition = { + logtarget = "SYSLOG"; + socket = "/run/fail2ban/fail2ban.sock"; + pidfile = "/run/fail2ban/fail2ban.pid"; + dbfile = "/var/lib/fail2ban/db.sqlite3"; + }; + }; + bantime-increment = { + enable = true; + rndtime = "8m"; + overalljails = true; + multipliers = "2 4 16 128 256"; + maxtime = "72h"; + }; + jails = { + dovecot = '' + # block IPs which failed to log-in + # aggressive mode add blocking for aborted connections + enabled = true + filter = dovecot[mode=aggressive] + maxretry = 2 + ''; + postfix = '' + enabled = true + filter = postfix[mode=aggressive] + findtime = 600 + maxretry = 3 + ''; + }; + }; + }; +} diff --git a/modules/by-name/ru/rust-motd/module.nix b/modules/by-name/ru/rust-motd/module.nix new file mode 100644 index 0000000..ee88762 --- /dev/null +++ b/modules/by-name/ru/rust-motd/module.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.vhack.rust-motd; +in { + options.vhack.rust-motd = { + enable = lib.mkEnableOption "rust-motd"; + }; + + config = lib.mkIf cfg.enable { + systemd.services.rust-motd = { + path = with pkgs; [ + bash + fail2ban # Needed for rust-motd fail2ban integration + ]; + }; + + programs.rust-motd = { + enable = true; + enableMotdInSSHD = true; + refreshInterval = "*:0/5"; # 0/5 means: hour 0 AND all hour wich match (0 + 5 * x) (is the same as: 0, 5, 10, 15, 20) + + # An example is here: https://raw.githubusercontent.com/rust-motd/rust-motd/refs/heads/main/example_config.toml + settings = { + global = { + progress_full_character = "="; + progress_empty_character = "-"; + progress_prefix = "["; + progress_suffix = "]"; + time_format = "%Y-%m-%d %H:%M:%S"; + }; + + banner = { + color = "red"; + command = "${pkgs.hostname}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant"; + # if you don't want a dependency on figlet, you can generate your + # banner however you want, put it in a file, and then use something like: + # command = "cat banner.txt" + }; + + uptime = { + prefix = "Uptime:"; + }; + + # ssl_certificates = { + # sort_method = "manual"; + # + # certs = { + # "server1.vhack.eu" = "/var/lib/acme/server1.vhack.eu/cert.pem"; + # "vhack.eu" = "/var/lib/acme/vhack.eu/cert.pem"; + # }; + # }; + + filesystems = { + root = "/"; + persistent = "/srv"; + store = "/nix"; + boot = "/boot"; + }; + + memory = { + swap_pos = "beside"; # or "below" or "none" + }; + + fail2_ban = { + jails = ["sshd"]; #, "anotherjail"] + }; + + last_login = { + sils = 2; + soispha = 2; + nightingale = 2; + }; + + last_run = {}; + }; + }; + }; +} diff --git a/modules/by-name/us/users/module.nix b/modules/by-name/us/users/module.nix new file mode 100644 index 0000000..bdffbdc --- /dev/null +++ b/modules/by-name/us/users/module.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.vhack.users; + + mkUser = { + name, + password, + uid, + sshKey, + }: { + inherit name; + value = { + inherit name uid; + isNormalUser = true; + home = "/home/${name}"; + initialHashedPassword = password; + extraGroups = [ + "wheel" + ]; + openssh.authorizedKeys.keys = [ + sshKey + ]; + }; + }; + + extraUsers = lib.listToAttrs (builtins.map mkUser [ + { + name = "soispha"; + password = "$y$jFT$3.8XmUyukZvpExMUxDZkI.$IVrJgm8ysNDF/0vDD2kF6w73ozXgr1LMVRNN4Bq7pv1"; + sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532"; + uid = 1000; + } + { + name = "sils"; + password = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC"; + sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe4o1PM6VasT3KZNl5NYvgkkBrPOg36dqsywd10FztS openpgp:0x21D20D6A"; + uid = 1001; + } + ]); +in { + options.vhack.users = { + enable = lib.mkEnableOption "user setup"; + }; + + config = lib.mkIf cfg.enable { + users = { + mutableUsers = false; + defaultUserShell = pkgs.bashInteractive; + + users = + { + root = { + initialHashedPassword = null; # to lock root + openssh.authorizedKeys.keys = []; + }; + } + // extraUsers; + + # TODO(@bpeetz): Is this still relevant? + # If it is, it should be moved to a separate module. <2024-12-24> + # nixremote = { + # name = "nixremote"; + # isNormalUser = true; + # createHome = true; + # home = "/home/nixremote"; + # uid = 1003; + # group = "nixremote"; + # openssh.authorizedKeys.keys = [ + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCbSWqFzb+WTq2JVoRGoTkCkP7AM3bNY91bsUBeoQQc8gKAWuqCrpAOmr2Q2QMaTTGEOM0CsWfWLs3ZYtynHmc7wIFc4T/sUloV+dB9oSCmOk5ePxtj8+gpPK35Ja+ug5zmXsaI4s+n9mEbuuEjn33MxDYCUzAI+aWvWe68u/j+FM3u9c3Ta009rotajjSZ/cmIltgNLsG1rnAZRpwmLVg5UL4cb9um54o/NLYFd2KAekQFVbwUQDzzqriZhWmzkfhnznBMDblf9R1xvZ18Lqv3JF21shdaR43NW1wtuntBvAdsVYK2VUEbj+3MxTkK0aQ/E9SHMtH8MRE4oxU74TeTWfIhuSZk9/wekzSNMkHP3ReFC6B9xCMYa+ZqaTaGSWLQi78AQDeM2F9rAfp3hQzyRa7T7qKlgbae/hEb07xZglqmG7eml9vPSt4AHv5Y176Q95NiiWduGoLQOmjvSBMU9/KEGrGKyLfGH1Wa2EOfPxKKcvcHW0Xi9PlPiuP0nYk= root@thinklappi" + # ]; + # }; + # }; + # groups.nixremote = { + # gid = 1004; + # }; + }; + }; +} diff --git a/notes/deploy.md b/notes/deploy.md index 2b274b5..127d0e9 100644 --- a/notes/deploy.md +++ b/notes/deploy.md @@ -1,8 +1,7 @@ # Full redeployment -After a complete server purge just load up the newest NixOS ISO, set the root password and run: +After a complete server purge just run (requires a root password and _some_ Linux distribution running on it.): -```bash -ipv4_address=$(dig +short ""); # ipv6 seems to fail in this context -nix run github:numtide/nixos-anywhere -- --flake .# root@"$ipv4_address" +```sh +./scripts/deploy.sh "" "" ``` diff --git a/prepare-commit-msg b/prepare-commit-msg new file mode 100755 index 0000000..6066d40 --- /dev/null +++ b/prepare-commit-msg @@ -0,0 +1,24 @@ +#!/bin/sh +# +# Insert selected git-bug issue identifier in the comment. +# if no selected issue, print in comments the list of open issues. +# +cmtChar=`git config --get core.commentchar` +hashChar="#" +if [ "$cmtChar" = "" ] +then + cmtChar="#" +fi +if [ "$cmtChar" = "#" ] +then + hashChar=":" +fi + +ISSUE=`git bug show --field shortId` +if [ "$ISSUE" = "" ] +then + echo "$cmtChar !!!!! insert $hashChar in your comment, pick one in list below." >> "$1" + git bug ls status:open |sed 's/ open\t/ /'| sed "s/^/$cmtChar/" >> "$1" +else + sed -i "1i$hashChar$ISSUE " "$1" +fi diff --git a/scripts/deploy.sh b/scripts/deploy.sh new file mode 100755 index 0000000..9d27e5a --- /dev/null +++ b/scripts/deploy.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env sh + +[ "$#" -ne 2 ] && { + echo "Usage: $1 " + exit 2 +} +ssh_url="$1" +host_name="$2" +root="$(git rev-parse --show-toplevel)" + +nix run github:numtide/nixos-anywhere -- \ + --flake ".#$host_name" \ + --target-host "$ssh_url" \ + --generate-hardware-config nixos-facter "$root/hardware_config_$host_name.nix" + +# vim: ft=sh diff --git a/system/default.nix b/system/default.nix index 4c80ed9..9fdd937 100644 --- a/system/default.nix +++ b/system/default.nix @@ -1,9 +1,7 @@ {...}: { imports = [ - ./impermanence ./packages ./secrets ./services - ./users ]; } diff --git a/system/services/default.nix b/system/services/default.nix index b8b617e..db7ca4f 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./fail2ban ./invidious ./invidious-router ./mail @@ -11,7 +10,6 @@ ./murmur ./nix ./restic - ./rust-motd ./taskserver ]; } diff --git a/system/services/fail2ban/default.nix b/system/services/fail2ban/default.nix deleted file mode 100644 index 1c47568..0000000 --- a/system/services/fail2ban/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{...}: { - vhack.persist.directories = [ - { - directory = "/var/lib/fail2ban"; - user = "fail2ban"; - group = "fail2ban"; - mode = "0700"; - } - ]; - - services.fail2ban = { - enable = true; - maxretry = 7; # ban after 7 failures - daemonSettings = { - Definition = { - logtarget = "SYSLOG"; - socket = "/run/fail2ban/fail2ban.sock"; - pidfile = "/run/fail2ban/fail2ban.pid"; - dbfile = "/var/lib/fail2ban/db.sqlite3"; - }; - }; - bantime-increment = { - enable = true; - rndtime = "8m"; - overalljails = true; - multipliers = "2 4 16 128 256"; - maxtime = "72h"; - }; - jails = { - dovecot = '' - # block IPs which failed to log-in - # aggressive mode add blocking for aborted connections - enabled = true - filter = dovecot[mode=aggressive] - maxretry = 2 - ''; - postfix = '' - enabled = true - filter = postfix[mode=aggressive] - findtime = 600 - maxretry = 3 - ''; - }; - }; -} diff --git a/system/services/rust-motd/default.nix b/system/services/rust-motd/default.nix deleted file mode 100644 index 1a41b32..0000000 --- a/system/services/rust-motd/default.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ - config, - pkgs, - ... -}: { - systemd.services.rust-motd = { - path = builtins.attrValues { - inherit - (pkgs) - bash - fail2ban # Needed for rust-motd fail2ban integration - ; - }; - }; - programs.rust-motd = { - enable = true; - enableMotdInSSHD = true; - refreshInterval = "*:0/5"; # 0/5 means: hour 0 AND all hour wich match (0 + 5 * x) (is the same as: 0, 5, 10, 15, 20) - settings = { - global = { - progress_full_character = "="; - progress_empty_character = "-"; - progress_prefix = "["; - progress_suffix = "]"; - time_format = "%Y-%m-%d %H:%M:%S"; - }; - - banner = { - color = "red"; - command = "${pkgs.hostname}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant"; - # if you don't want a dependency on figlet, you can generate your - # banner however you want, put it in a file, and then use something like: - # command = "cat banner.txt" - }; - - # [weather] - # url = "https://wttr.in/New+York,New+York?0" - # proxy = "http://proxy:8080" - - # [service_status] - # Accounts = "accounts-daemon" - # Cron = "cron" - - # [docker_status] - # Local containers MUST start with a slash - # https://github.com/moby/moby/issues/6705 - #"/nextcloud-nextcloud-1" = "Nextcloud" - #"/nextcloud-nextcloud-mariadb-1" = "Nextcloud Database" - - uptime = { - prefix = "Uptime:"; - }; - - # [user_service_status] - # gpg-agent = "gpg-agent" - - s_s_l_certs = { - sort_method = "manual"; - - certs = { - "server1.vhack.eu" = "/var/lib/acme/server1.vhack.eu/cert.pem"; - "vhack.eu" = "/var/lib/acme/vhack.eu/cert.pem"; - }; - }; - - filesystems = { - root = "/"; - persistent = "/srv"; - store = "/nix"; - boot = "/boot"; - }; - - memory = { - swap_pos = "beside"; # or "below" or "none" - }; - - fail2_ban = { - jails = ["sshd"]; #, "anotherjail"] - }; - - last_login = { - sils = 2; - soispha = 2; - nightingale = 2; - }; - - last_run = { - }; - }; - }; -} diff --git a/system/users/default.nix b/system/users/default.nix deleted file mode 100644 index 0da0515..0000000 --- a/system/users/default.nix +++ /dev/null @@ -1,100 +0,0 @@ -{pkgs, ...}: { - vhack.persist.directories = [ - { - directory = "/home"; - user = "root"; - group = "root"; - mode = "0755"; - } - { - directory = "/home/sils"; - user = "sils"; - group = "sils"; - mode = "0700"; - } - { - directory = "/home/soispha"; - user = "soispha"; - group = "soispha"; - mode = "0700"; - } - { - directory = "/home/nightingale"; - user = "nightingale"; - group = "nightingale"; - mode = "0700"; - } - { - directory = "/root/.ssh"; - user = "root"; - group = "root"; - mode = "0700"; - } - ]; - - users = { - mutableUsers = false; - defaultUserShell = pkgs.zsh; - users = { - root = { - initialHashedPassword = null; # to lock root - openssh.authorizedKeys.keys = []; - }; - - sils = { - name = "sils"; - isNormalUser = true; - home = "/home/sils"; - initialHashedPassword = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC"; - uid = 1000; - extraGroups = [ - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe4o1PM6VasT3KZNl5NYvgkkBrPOg36dqsywd10FztS openpgp:0x21D20D6A" - ]; - }; - - soispha = { - name = "soispha"; - isNormalUser = true; - home = "/home/soispha"; - initialHashedPassword = "$y$jFT$3.8XmUyukZvpExMUxDZkI.$IVrJgm8ysNDF/0vDD2kF6w73ozXgr1LMVRNN4Bq7pv1"; - uid = 1001; - extraGroups = [ - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532" - ]; - }; - - nightingale = { - name = "nightingale"; - isNormalUser = true; - home = "/home/nightingale"; - initialHashedPassword = null; # TODO CHANGE - uid = 1002; - extraGroups = [ - "wheel" - ]; - openssh.authorizedKeys.keys = [ - ]; - }; - nixremote = { - name = "nixremote"; - isNormalUser = true; - createHome = true; - home = "/home/nixremote"; - uid = 1003; - group = "nixremote"; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCbSWqFzb+WTq2JVoRGoTkCkP7AM3bNY91bsUBeoQQc8gKAWuqCrpAOmr2Q2QMaTTGEOM0CsWfWLs3ZYtynHmc7wIFc4T/sUloV+dB9oSCmOk5ePxtj8+gpPK35Ja+ug5zmXsaI4s+n9mEbuuEjn33MxDYCUzAI+aWvWe68u/j+FM3u9c3Ta009rotajjSZ/cmIltgNLsG1rnAZRpwmLVg5UL4cb9um54o/NLYFd2KAekQFVbwUQDzzqriZhWmzkfhnznBMDblf9R1xvZ18Lqv3JF21shdaR43NW1wtuntBvAdsVYK2VUEbj+3MxTkK0aQ/E9SHMtH8MRE4oxU74TeTWfIhuSZk9/wekzSNMkHP3ReFC6B9xCMYa+ZqaTaGSWLQi78AQDeM2F9rAfp3hQzyRa7T7qKlgbae/hEb07xZglqmG7eml9vPSt4AHv5Y176Q95NiiWduGoLQOmjvSBMU9/KEGrGKyLfGH1Wa2EOfPxKKcvcHW0Xi9PlPiuP0nYk= root@thinklappi" - ]; - }; - }; - groups.nixremote = { - gid = 1004; - }; - }; -} -- cgit 1.4.1