From 0024a2ca7918be83ad812b02348cb49dd2ff2d57 Mon Sep 17 00:00:00 2001 From: Adrian Kummerlaender Date: Fri, 21 Sep 2018 17:49:51 +0200 Subject: Add basic automatix config Extract desktop-specific settings that are shared by asterix and obelix into desktop role. --- .../role/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem | 23 +++++++++++ host/role/conf/vpn/kit.ovpn.nix | 19 +++++++++ host/role/desktop.nix | 45 ++++++++++++++++++++++ 3 files changed, 87 insertions(+) create mode 100644 host/role/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem create mode 100644 host/role/conf/vpn/kit.ovpn.nix create mode 100644 host/role/desktop.nix (limited to 'host/role') diff --git a/host/role/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem b/host/role/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem new file mode 100644 index 0000000..374b050 --- /dev/null +++ b/host/role/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd +AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC +FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi +1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq +jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ +wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ +WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy +NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC +uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw +IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 +g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP +BSeOE6Fuwg== +-----END CERTIFICATE----- diff --git a/host/role/conf/vpn/kit.ovpn.nix b/host/role/conf/vpn/kit.ovpn.nix new file mode 100644 index 0000000..82a21ee --- /dev/null +++ b/host/role/conf/vpn/kit.ovpn.nix @@ -0,0 +1,19 @@ +# adapted from https://www.scc.kit.edu/scc/net/openvpn/os/debian/kit.ovpn + +'' +client +remote 141.52.8.20 +port 1194 +dev tun +proto udp +auth-user-pass +nobind +comp-lzo no +tls-version-min 1.2 +ca ${./T-TeleSec_GlobalRoot_Class_2.pem} +verify-x509-name "C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, OU=Steinbuch Centre for Computing, CN=ovpn.scc.kit.edu" subject +cipher AES-256-CBC +auth SHA384 +verb 3 +script-security 2 +'' diff --git a/host/role/desktop.nix b/host/role/desktop.nix new file mode 100644 index 0000000..cf20500 --- /dev/null +++ b/host/role/desktop.nix @@ -0,0 +1,45 @@ +{ pkgs, ... }: + +{ + fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; + + sound.enable = true; + hardware = { + opengl.driSupport32Bit = true; + pulseaudio = { + enable = true; + support32Bit = true; + }; + }; + + services = { + journald = { + extraConfig = ''Storage=volatile''; + }; + + openvpn.servers = { + KIT = { + config = import ./conf/vpn/kit.ovpn.nix; + autoStart = false; + }; + }; + + xserver = { + enable = true; + layout = "de"; + xkbOptions = "caps:escape"; + + displayManager.slim = { + enable = true; + autoLogin = true; + defaultUser = "common"; + }; + + desktopManager.default = "none"; + }; + }; + + environment.systemPackages = with pkgs; [ + hdparm ntfs3g + ]; +} -- cgit v1.2.3