diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..1d953f4 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use nix diff --git a/.gitignore b/.gitignore index 8288ed7..fe9ad7f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *.swp *.qcow2 +.*.log diff --git a/Justfile b/Justfile index 24094b4..18b7c37 100755 --- a/Justfile +++ b/Justfile @@ -1,16 +1,110 @@ -devices action dir +moreargs="": +_usage: + just -l + +_device action dir +moreargs="": #!/usr/bin/env bash - set -x - sudo $(nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A {{action}} --argstr dir {{dir}} {{moreargs}} ) + set -ex + sudo $(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A {{action}} --argstr dir {{dir}} {{moreargs}}) -diskMount dir: - just -v devices diskMount {{dir}} +_rebuild-device dir rebuildarg="dry-activate" +moreargs="": + #!/usr/bin/env bash + nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix + just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} {{moreargs}} -diskUmount dir: - just -v devices diskUmount {{dir}} +# Rebulid this device's NixOS +rebuild-this-device rebuildarg="dry-activate": + #!/usr/bin/env bash + set -e -diskInstall dir: - just -v devices diskInstall {{dir}} + function parse_hm_rebuildarg() { + case $1 in + switch) + echo switch + ;; + *) + echo build + ;; + esac + } -device-rebuild dir rebuildarg="build": - just -v devices rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} + export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log + export HOMEREBUILD_LOG=.$(hostname -s)_homerebuild.log + + echo Rebuilding system in {{rebuildarg}}-mode... + if just -v _rebuild-device nix/os/devices/$(hostname -s) {{rebuildarg}} > ${SYSREBUILD_LOG} 2>&1 ; then + echo System rebuild successful + else + cat ${SYSREBUILD_LOG} + echo System rebuild failed + fi + + if type home-manager > /dev/null 2>&1; then + echo Rebuilding home in $(parse_hm_rebuildarg {{rebuildarg}})-mode... + if home-manager -v $(parse_hm_rebuildarg {{rebuildarg}}) > ${HOMEREBUILD_LOG} 2>&1 ; then + echo Home rebuild successful + else + cat ${HOMEREBUILD_LOG} + echo Home rebuild failed + fi + fi + +# This could be used to inject another channel +# --argstr moreargs "\'-I nixos-unstable=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz\'" + + +# Update nix-channels and switch to updated NixOS and home environments +update-this-device: + #!/usr/bin/env bash + set -e + export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log + + echo Updating system channels... + sudo nix-channel --update + just -v rebuild-this-device switch + +hm-iterate-qtile: + #!/usr/bin/env bash + set -xe + home-manager switch || just -v rebuild-this-device switch + Xephyr -ac -br -resizeable :1 & + XEPHYR_PID=$! + echo ${XEPHYR_PID} + DISPLAY=:1 $(grep qtile ~/.xsession) & + wait $! + kill ${XEPHYR_PID} + +# Sorry, this is a manual step for now. Please see nix/os/modules/encryptedDisk.nix for the layout +disk-prepare: + echo NOT IMPLEMENTED + # GPT partition table + # part1: size: 1MiB type: 4 BIOS BOOT + # part2: size: 512MiB label: 2-DISKID (36 char limit?) + # part3: size: * label: 3-DISKID (36 char limit?) + # cryptsetup format part3 + # vgcreate DISKID part3 + # lvcreate DISKID -L 8G -n swap + # lvcreate DISKID -l 100%FREE -n root + # sudo mkfs.vfat -F32 part2 + # sudo mkfs.btrfs /dev/DISKID/root + # sudo mkswap /dev/DISKID/swap + # sudo mount /dev/DISKID/root /mnt + # sudo btrfs subvolume create nixos + # sudo btrfs subvolume create home + # sudo mount /dev/disk/by-partlabel/3-DISKID /mnt/DISKID-root + # pushd /dev/disk/by-partlabel/3-DISKID /mnt/DISKID-root + # sudo btrfs subvolume create nixos + # sudo mkdir nixos/{boot,home} + # sudo btrfs subvolume create home + # + +# Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6' +disk-mount dir: + just -v _device diskMount {{dir}} --argstr rebuildarg "dummy" + +# Unmount target disk, specified by device configuration directory +disk-umount dir: + just -v _device diskUmount {{dir}} --argstr rebuildarg "dummy" + +# Perform an offline installation on the mounted the target disk, specified by device configuration directory +disk-install dir: + just -v _device diskInstall {{dir}} --argstr rebuildarg "dummy" diff --git a/README.md b/README.md index 16d479d..69a5680 100644 --- a/README.md +++ b/README.md @@ -5,12 +5,13 @@ This is mostly achieved with the help of [Nix](https://nixos.org). In the unlikely case that you actually read this and have any questions please don't hesitate to reach out. ## Roadmap + - All graphical systems (incl. install media) must have - [x] Full-disk encryption by default - [x] Yubikey support with SSH auth - [ ] Migrate all devices to new structure - [x] Encrypted Install media - - [ ] steveej-laptop + - [x] steveej-laptop - [ ] steveej-laptop-work - [ ] Migrate home environment to new structure - [x] home-manager @@ -25,21 +26,33 @@ In the unlikely case that you actually read this and have any questions please d - [x] mount/umount disks - [x] install to mounted disk - [x] rebuild running system - - [ ] update running system + - [x] update running system + - [x] annotate recipes with some documentation + - [x] declare shell.nix with runtime deps - [ ] partition/encrypt/format disks - - [ ] annotate recipes with some documentation - - [ ] declare shell.nix with runtime deps - [ ] Document bootstrap process + - [ ] a new machine + - [ ] an install media +- [ ] Design disaster recovery - [ ] Automatic backups - [ ] tracked dotfiles - [ ] detect new and untracked dotfiles? -- [ ] Design disaster recovery - [ ] Recycle *\_archived* - [ ] Maybe make this a nix-overlay +## Bugs +- [ ] home-manager leaves ~/.gnupg at 0755 + ## Usage *(These are reminders for my future self)* ``` just --list ``` + +## Bootstrap + +### A new machine + +1. boot with an install media +2. clone infra repository diff --git a/nix/home-manager/configuration/fullblown-workstation.nix b/nix/home-manager/configuration/fullblown-workstation.nix deleted file mode 100644 index 6cc45d6..0000000 --- a/nix/home-manager/configuration/fullblown-workstation.nix +++ /dev/null @@ -1,394 +0,0 @@ -{ pkgs -, config, -... }: - -let - # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; - unstablepkgs = import {}; - -in { - imports = [ - ../profiles/common.nix - ../profiles/qtile-desktop.nix - ../programs/emacs.nix - ../programs/firefox.nix - ../programs/chromium.nix - ../programs/homeshick.nix - ../programs/libreoffice.nix - ../programs/neovim.nix - ../programs/pass.nix - ../programs/zsh.nix - ]; - - nixpkgs.config = { - pidgin = { - openssl = true; - gnutls = true; - }; - - packageOverrides = pkgs: with pkgs; { - busyboxStatic = busybox.override { - enableStatic = true; - extraConfig = '' - CONFIG_STATIC y - CONFIG_INSTALL_APPLET_DONT y - CONFIG_INSTALL_APPLET_SYMLINKS n - ''; - }; - - dropbearStatic = dropbear.override { - enableStatic = true; - }; - - myPython36 = python36Full.withPackages (ps: with ps; [ - pylint pep8 yapf flake8 - # autopep8 (broken) - # pylint (broken) - ipython - llfuse - dugong - defusedxml - wheel - pip - virtualenv - pypi2nix - cffi - pyopenssl - urllib3 - mistune - - flask - - pyaml - ] ++ [ - pkgs.libffi - ]); - - staruml = callPackage ../../pkgs/staruml.nix { inherit (gnome2) GConf; libgcrypt = libgcrypt_1_5; }; - }; - }; - - home.sessionVariables = { - GOPATH="$HOME/src/go"; - - PATH=pkgs.lib.concatStringsSep ":" [ - "$HOME/.local/bin" - "$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/bin" - "$HOME/.cargo/bin" - "$HOME/.gem/ruby/2.3.0/bin" - "$HOME/.npm-packages/bin" - "$GOPATH/bin" - "$PATH" - ]; - }; - - home.packages = [] - ++ (with pkgs; [ - # Authentication - cacert - fprintd - openssl - mkpasswd - - # Nix package related tools - patchelf - nix-index - nox - nix-prefetch-scripts - - # Version Control Systems - git-crypt - unstablepkgs.pijul - gitFull - gitless - mr - - gitRepo - - # Cloud/Remote System Management - google-cloud-sdk - ansible - nixops - unstablepkgs.terraform - awscli - hcloud - - # Process/System Administration - htop - gnome3.gnome-tweak-tool - xorg.xhost - dmidecode - python36Packages.glances - evtest - - # Archive Managers - sshfsFuse - xarchive - p7zip - zip - unzip - gzip - lzop - - # Password Management - gnupg - yubikey-neo-manager - yubikey-personalization - yubikey-personalization-gui - gnome3.gnome_keyring - gnome3.seahorse - - # Security - tpm-tools - tpmmanager - - # Web Browsers - links2 - - # Language Support - hunspellDicts.en-us - hunspellDicts.de-de - - # Messaging/Communication - pidgin - hexchat - aspellDicts.en - aspellDicts.de - unstablepkgs.skype - zoom-us - unstablepkgs.bluejeans-gui - thunderbird - gnome3.evolution # gnome4.glib_networking - tdesktop - gnome3.cheese - - # Virtualization - virtmanager - qemu - # virtualbox - vagrant - unstablepkgs.rkt - python27Packages.docker_compose - # unstablepkgs.kubernetes - unstablepkgs.minikube - unstablepkgs.openshift - # (unstablepkgs.minikube.overrideAttrs (oldAttrs: { - # patches = oldAttrs.patches ++ [ - # (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; }) - # ]; - # })) - - # Remote Control Tools - remmina - freerdp - x2goclient - teamviewer - - # Audio/Video Players - ffmpeg - vlc - audacity - spotify - smtube - python27Packages.youtube-dl-light - screenkey - quvi - - # Network Tools - openvpn - tcpdump - iftop - iperf - bind - socat - - # samba - iptables - nftables - wireshark - - # Code Editors - xclip - xsel - unstablepkgs.vscode - # (vscode-with-extensions.override { - # # When the extension is already available in the default extensions set. - # vscodeExtensions = with vscode-extensions; [ - # ] - # # Concise version from the vscode market place when not available in the default set. - # ++ vscode-utils.extensionsFromVscodeMarketplace [ - # { - # name = "vsliveshare"; - # publisher = "MS-vsliveshare"; - # version = "0.3.198"; - # sha256 = "019ffyxca3qnqyz1fr7vh0plfdkc3ikr8v295z846lghvwlzjqdh"; - # } - # ]; - # }) - - unstablepkgs.atom - - # Image/Graphic/Design Tools - gnome3.eog - gimp - imagemagick - exiv2 - graphviz - inkscape - ## barcode - qrencode - zbar - feh - # digikam - - - # Modelling Tools - plantuml - umlet - staruml - eclipses.eclipse-modeling - dia - astah-community - - # Misc Development Tools - qrcode - travis - jq - prometheus - cdrtools - - # Document Processing and Management - unstablepkgs.zathura - mendeley - jabref - zotero - hugo - pandoc - - # LaTeX - perlPackages.YAMLTiny - perlPackages.FileHomeDir - perlPackages.UnicodeLineBreak - (texlive.combine { - inherit (texlive) - scheme-small - texlive-de - texlive-en - texlive-scripts - collection-langgerman - - latexindent - latexmk - - algorithms - cm-super - - preprint - enumitem - draftwatermark - everypage - ulem - placeins - minted ifplatform fvextra xstring framed - ; - }) - - pdftk - masterpdfeditor - - # File Synchronzation - seafile-client - syncthing - grive2 - dropbox - # gocryptfs - # hubicfuse - # s3ql - # rclone - rsync - - # Filesystem Tools - ntfs3g - ddrescue - ncdu - unstablepkgs.woeusb - unetbootin - pcmanfm - hdparm - testdisk - python27Packages.binwalk - gptfdisk - - # games - zeroad - - # Compilers & Toolchains - autoconf - automake - libtool - gcc - pkgconfig - binutils - valgrind - gdb - cgdb - man-pages - gnumake - shellcheck - bazel - - ## Android - androidsdk - - ## Java - jre - openjdk - - ## Ruby - ruby - - ## Python - myPython36 - pypi2nix - - ## Webdev - nodejs-8_x - npm2nix - emscripten - etcd - sigal - - # Code generators - unstablepkgs.swagger-codegen - - # Misc Desktop Tools - ltunify - solaar - dex - roxterm - # kitty - busyboxStatic - xorg.xbacklight - coreutils - lsof - pavucontrol - x11_ssh_askpass - xdotool - xdg_utils - xdg-user-dirs - gnome3.dconf - picocom - glib.dev # contains gdbus tool - - # Screen recording - gtk-recordmydesktop # can't select the window - qt-recordmydesktop - vokoscreen - shutter - # kazam # doesn't start - # xvidcap # doesn't keep the recording rectangle - obs-studio - shotcut - openshot-qt - ]); -} diff --git a/nix/home-manager/configuration/steveej-qtile-desktop.nix b/nix/home-manager/configuration/graphical-fullblown.nix similarity index 92% rename from nix/home-manager/configuration/steveej-qtile-desktop.nix rename to nix/home-manager/configuration/graphical-fullblown.nix index eef2f4f..701971c 100644 --- a/nix/home-manager/configuration/steveej-qtile-desktop.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -1,15 +1,16 @@ { pkgs -, config, -... }: +, config +, ... }: let # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; - unstablepkgs = import {}; + unstablepkgs = import { config = config.nixpkgs.config; }; in { imports = [ ../profiles/common.nix ../profiles/qtile-desktop.nix + ../profiles/dotfiles.nix ../programs/emacs.nix ../programs/firefox.nix ../programs/chromium.nix @@ -27,7 +28,7 @@ in { }; packageOverrides = pkgs: with pkgs; { - myPython36 = python36Full.withPackages (ps: with ps; [ + myPython36 = python36Full.withPackages (ps: with ps; [ pylint pep8 yapf flake8 # autopep8 (broken) # pylint (broken) @@ -56,9 +57,13 @@ in { }; home.sessionVariables = { + # TODO: find a way to prevent using a store path for the current file + # HM_CONFIG_PATH=builtins.toString "${./.}"; + HM_CONFIG="graphical-fullblown"; + GOPATH="$HOME/src/go"; - PATH=pkgs.lib.concatStringsSep ":" [ + PATH=pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" "$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/bin" "$HOME/.cargo/bin" @@ -84,12 +89,8 @@ in { nix-prefetch-scripts # Version Control Systems - git-crypt unstablepkgs.pijul - gitFull gitless - mr - gitRepo # Cloud/Remote System Management @@ -187,7 +188,7 @@ in { iftop iperf bind - socat + socat # samba iptables @@ -201,7 +202,7 @@ in { # (vscode-with-extensions.override { # # When the extension is already available in the default extensions set. # vscodeExtensions = with vscode-extensions; [ - # ] + # ] # # Concise version from the vscode market place when not available in the default set. # ++ vscode-utils.extensionsFromVscodeMarketplace [ # { @@ -236,7 +237,7 @@ in { eclipses.eclipse-modeling dia astah-community - + # Misc Development Tools qrcode travis @@ -245,7 +246,7 @@ in { cdrtools # Document Processing and Management - unstablepkgs.zathura + zathura mendeley jabref zotero @@ -257,12 +258,12 @@ in { perlPackages.FileHomeDir perlPackages.UnicodeLineBreak (texlive.combine { - inherit (texlive) + inherit (texlive) scheme-small texlive-de texlive-en texlive-scripts - collection-langgerman + collection-langgerman latexindent latexmk @@ -354,11 +355,10 @@ in { dex roxterm # kitty - busyboxStatic + busyboxStatic xorg.xbacklight coreutils lsof - pavucontrol x11_ssh_askpass xdotool xdg_utils @@ -377,5 +377,5 @@ in { obs-studio shotcut openshot-qt - ]); + ]); } diff --git a/nix/home-manager/configuration/removable-desktop.nix b/nix/home-manager/configuration/graphical-removable.nix similarity index 85% rename from nix/home-manager/configuration/removable-desktop.nix rename to nix/home-manager/configuration/graphical-removable.nix index 2046dcb..2396faa 100644 --- a/nix/home-manager/configuration/removable-desktop.nix +++ b/nix/home-manager/configuration/graphical-removable.nix @@ -1,15 +1,14 @@ { pkgs -, config, +, config, ... }: let - # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; - unstablepkgs = import {}; - + unstablepkgs = import { config = config.nixpkgs.config; }; in { imports = [ ../profiles/common.nix ../profiles/qtile-desktop.nix + ../profiles/dotfiles.nix ../programs/emacs.nix ../programs/firefox.nix ../programs/chromium.nix @@ -27,7 +26,7 @@ in { }; packageOverrides = pkgs: with pkgs; { - myPython36 = python36Full.withPackages (ps: with ps; [ + myPython36 = python36Full.withPackages (ps: with ps; [ pylint pep8 yapf flake8 # autopep8 (broken) # pylint (broken) @@ -53,30 +52,22 @@ in { }; }; + # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; + # unstablepkgs = import { config = { allowUnfree = true; }; }; + home.sessionVariables = { }; - home.packages = [] - ++ (with pkgs; [ - # Authentication - cacert - fprintd - openssl - mkpasswd + home.packages = + [] ++ (with pkgs; [ # Nix package related tools patchelf nix-index - nox nix-prefetch-scripts # Version Control Systems - git-crypt - unstablepkgs.pijul - gitFull gitless - mr - gitRepo # Process/System Administration htop @@ -96,7 +87,6 @@ in { lzop # Password Management - gnupg gnome3.gnome_keyring gnome3.seahorse @@ -111,7 +101,7 @@ in { iftop iperf bind - socat + socat # samba iptables @@ -156,6 +146,6 @@ in { ## Python myPython36 - busyboxStatic - ]); + busyboxStatic + ]); } diff --git a/nix/home-manager/configuration/text-minimal.txt b/nix/home-manager/configuration/text-minimal.txt new file mode 100644 index 0000000..42bb7e8 --- /dev/null +++ b/nix/home-manager/configuration/text-minimal.txt @@ -0,0 +1,26 @@ +{ pkgs +, config, +... }: + +let + +in { + imports = [ + ../profiles/common.nix + ../profiles/nix-channels.nix + ../programs/neovim.nix + ../programs/zsh.nix + ]; + + nixpkgs.config = { + packageOverrides = pkgs: with pkgs; { + }; + }; + + home.sessionVariables = { + }; + + home.packages = [] + ++ (with pkgs; [ + ]); +} diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 06fe50c..e0d029a 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -25,6 +25,8 @@ in { dropbearStatic = dropbear.override { enableStatic = true; }; + + just = pkgs.callPackage ../../pkgs/just.nix {}; }; }; @@ -43,10 +45,22 @@ in { NIXPKGS_ALLOW_UNFREE = "1"; # Don't create .pyc files. PYTHONDONTWRITEBYTECODE = "1"; - - HOMESHICK_DIR="${pkgs.homeshick}"; }; programs.command-not-found.enable = true; programs.fzf.enable = true; + + home.packages = + [] ++ (with pkgs; [ + # git helpers + git-crypt + + vcsh + # Authentication + cacert + openssl + mkpasswd + + just + ]); } diff --git a/nix/home-manager/profiles/dotfiles.nix b/nix/home-manager/profiles/dotfiles.nix new file mode 100644 index 0000000..2609ee2 --- /dev/null +++ b/nix/home-manager/profiles/dotfiles.nix @@ -0,0 +1,13 @@ +{ pkgs +, config +, ... +}: + +let + vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix {}; + +in { + home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] '' + $DRY_RUN_CMD ${vcshActivationScript} + ''; +} diff --git a/nix/home-manager/profiles/dotfiles/.gitignore b/nix/home-manager/profiles/dotfiles/.gitignore new file mode 100644 index 0000000..f3f979e --- /dev/null +++ b/nix/home-manager/profiles/dotfiles/.gitignore @@ -0,0 +1 @@ +vcsh.nix diff --git a/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix b/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix new file mode 100644 index 0000000..fe99c8d --- /dev/null +++ b/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix @@ -0,0 +1,38 @@ +{ pkgs +, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git" +, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git" +, ... +}: + +let + repoHttps = "https://gitlab.com/steveeJ/dotfiles.git"; + repoSsh = "git@gitlab.com:/steveeJ/dotfiles.git"; + repoBareLocal = pkgs.runCommand "fetchbare" { + outputHashMode = "recursive"; + outputHashAlgo = "sha256"; + outputHash = "0000000000000000000000000000000000000000000000000000"; + } '' + export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + ${pkgs.git}/bin/git clone --mirror ${repoHttps} $out + ''; + +in pkgs.writeScript "activation-script" '' + export HOST=$(hostname -s) + + function set_remotes { + ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1 + ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2 + } + + if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then + echo Cloning dotfiles for $HOST... + ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} + set_remotes ${repoHttps} ${repoSsh} + else + set_remotes ${repoBareLocal} ${repoSsh} + echo Updating dotfiles for $HOST... + ${pkgs.vcsh}/bin/vcsh pull $HOST || true + set_remotes ${repoHttps} ${repoSsh} + fi + '' diff --git a/nix/home-manager/profiles/nix-channels.nix b/nix/home-manager/profiles/nix-channels.nix new file mode 100644 index 0000000..faa9984 --- /dev/null +++ b/nix/home-manager/profiles/nix-channels.nix @@ -0,0 +1,24 @@ +{ pkgs +, config +, ... +}: + +let +in { + home.file.".nix-channels".text = '' + https://nixos.org/channels/nixos-18.09 nixos + https://nixos.org/channels/nixos-unstable nixos-unstable + ''; + + home.activation.removeExistingNixChannels = config.lib.dag.entryBefore ["checkLinkTargets"] '' + $DRY_RUN_CMD ${pkgs.writeScript "activation-script" '' + set -ex + if test -f $HOME/.nix-channels; then + echo Moving existing file away... + touch $HOME/.nix-channels.dummy + mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels + rm $HOME/.nix-channels + fi + ''}; + ''; +} diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix index dd35838..97d4f26 100644 --- a/nix/home-manager/profiles/qtile-desktop.nix +++ b/nix/home-manager/profiles/qtile-desktop.nix @@ -6,8 +6,35 @@ let inherit (import ../lib.nix { }) mkSimpleTrayService ; - - qtileConfig = pkgs.writeScript "config.py" '' + + audio = pkgs.writeScript "audio" '' + #!${pkgs.bash}/bin/bash + export PATH=${with pkgs; lib.makeBinPath [ + pulseaudio findutils gnugrep + ]}:$PATH + + export MUTEFILE=''${TEMPDIR:-/tmp}./.qtilemute + case $1 in + mute) + newstate=$(( $(cat $MUTEFILE || echo 0 ) ^ 1 )) + echo -n $newstate > $MUTEFILE + pactl list short sinks | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-mute {} $newstate + ;; + lower) + pactl list short sinks | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-volume {} -10% + ;; + raise) + pactl list short sinks | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-volume {} +10% + ;; + *) + echo Unknown command: $1 + exit 1 + ;; + esac + + ''; + + qtileConfig = pkgs.writeScript "qtile_config.py" '' from libqtile.config import Key, Screen, Group, Drag, Click from libqtile.command import lazy from libqtile import layout, bar, widget @@ -18,51 +45,51 @@ logger = logging.getLogger() logger.setLevel(logging.WARN) handler = logging.handlers.RotatingFileHandler( - os.path.join(os.getenv('HOME'), '.qtilelog'), maxBytes=10240000, + os.path.join(os.getenv('TEMPDIR', default="/tmp"), '.qtilelog'), maxBytes=10240000, backupCount=7 ) handler.setLevel(logging.WARN) logger.addHandler(handler) -@hook.subscribe.screen_change -def restart_on_randr(qtile, ev): - import time - - with open(os.path.join(os.environ['HOME'], ".qtilelastrestart"), "w"): - pass - - lastRestart = 0 - with open(os.path.join(os.environ['HOME'], ".qtilelastrestart"), "r+") as lastRestartFile: - lastRestartStr = lastRestartFile.read() - if len(lastRestartStr) > 0: - lastRestart = float(lastRestartStr) - - print("screen changed. (last change: %s)" % lastRestart) - - delta=time.time()-lastRestart - if delta > 3: - import subprocess - lastRestartFile.seek(0) - lastRestartFile.write("%s" % time.time()) - lastRestartFile.truncate() - - subprocess.call(["autorandr","-c"]) - qtile.cmd_restart() - else: - print("screen is changing too fast: %s" % delta) - -active_screen = 0 -@hook.subscribe.client_focus -def focus_changed(window): - global active_screen - pass - active_screen = window.group.screen.index - -@hook.subscribe.current_screen_change -def move_widget(): - global active_screen - systray = widget.Systray() - logging.warn("Screen changed to %i" % active_screen) +# @hook.subscribe.screen_change +# def restart_on_randr(qtile, ev): +# import time +# +# with open(os.path.join(os.environ['TEMPDIR', default="/tmp"], ".qtilelastrestart"), "w"): +# pass +# +# lastRestart = 0 +# with open(os.path.join(os.environ['TEMPDIR', default="/tmp"], ".qtilelastrestart"), "r+") as lastRestartFile: +# lastRestartStr = lastRestartFile.read() +# if len(lastRestartStr) > 0: +# lastRestart = float(lastRestartStr) +# +# print("screen changed. (last change: %s)" % lastRestart) +# +# delta=time.time()-lastRestart +# if delta > 3: +# import subprocess +# lastRestartFile.seek(0) +# lastRestartFile.write("%s" % time.time()) +# lastRestartFile.truncate() +# +# subprocess.call(["autorandr","-c"]) +# qtile.cmd_restart() +# else: +# print("screen is changing too fast: %s" % delta) +# +# active_screen = 0 +# @hook.subscribe.client_focus +# def focus_changed(window): +# global active_screen +# pass +# active_screen = window.group.screen.index +# +# @hook.subscribe.current_screen_change +# def move_widget(): +# global active_screen +# systray = widget.Systray() +# logging.warn("Screen changed to %i" % active_screen) key_super = "mod4" key_alt = "mod1" @@ -76,14 +103,11 @@ keys = [ Key([key_super], "r", lazy.spawncmd()), Key([key_super], "w", lazy.window.kill()), -# Key([key_alt, key_super], "l", lazy.spawn("xscreensaver-command -lock")), -# Key([key_alt, key_super], "l", lazy.spawn("sh -c '(sleep 1; xset dpms force off) & xautolock -locknow'")), -# Key([key_alt, key_super], "l", lazy.spawn("light-locker-command -l")), -# Key([key_alt, key_super], "l", lazy.spawn("dm-tool lock")), Key([key_alt, key_super], "l", lazy.spawn('${pkgs.bash}/bin/sh -c "loginctl lock-session $XDG_SESSION_ID"')), Key([key_alt, key_super], "s", lazy.spawn("${pkgs.systemd}/bin/systemctl suspend")), - Key([key_super, key_control], "r", lazy.restart()), + # Key([key_super, key_control], "r", lazy.restart()), + Key([key_super, key_control], "r", lazy.spawn("${pkgs.autorandr}/bin/autorandr -c"), lazy.restart()), Key([key_super, key_control], "q", lazy.shutdown()), # Toggle between different layouts as defined below @@ -134,14 +158,12 @@ keys = [ Key([], "XF86AudioPlay", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.PlayPause")), Key([], "XF86AudioPrev", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Previous")), Key([], "XF86AudioNext", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Next")), - ## Microsoft Comfort Curve specific + ## Microsoft Comfort Curve specific Key([key_super, "shift"], "XF86TouchpadToggle", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Previous")), Key([key_alt, key_super], "XF86TouchpadToggle", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Next")), - - # FIXME: Backlight currently broken -# Key([], "XF86MonBrightnessDown", lazy.spawn("xbacklight -inc -5")), -# Key([], "XF86MonBrightnessUp", lazy.spawn("xbacklight -inc 5")), - + Key([], "XF86AudioMute", lazy.spawn("${audio} mute")), + Key([], "XF86AudioLowerVolume", lazy.spawn("${audio} lower")), + Key([], "XF86AudioRaiseVolume", lazy.spawn("${audio} raise")), Key([], "Print", lazy.spawn("${pkgs.flameshot}/bin/flameshot gui")), ] groups = [Group(i) for i in "1234567890"] @@ -224,7 +246,7 @@ in { }; pasystray = mkSimpleTrayService { - execStart = "${pkgs.pasystray}/bin/pasystray"; + execStart = "${pkgs.pasystray}/bin/pasystray"; }; cbatticon = mkSimpleTrayService { @@ -274,5 +296,6 @@ in { gnome3.adwaita-icon-theme lxappearance xorg.xcursorthemes + pavucontrol ]; } diff --git a/nix/home-manager/programs/homeshick.nix b/nix/home-manager/programs/homeshick.nix index 7238ea5..bb50b31 100644 --- a/nix/home-manager/programs/homeshick.nix +++ b/nix/home-manager/programs/homeshick.nix @@ -4,7 +4,14 @@ }: let - bootstrapRepos = pkgs.writeScript "bootstrapRepos" '' + +in { + home.sessionVariables = { + HOMESHICK_DIR="${pkgs.homeshick}"; + }; + + home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] '' + $DRY_RUN_CMD ${pkgs.writeScript "activation-script" '' set -e echo home-manager path is ${config.home.path} echo home is $HOME @@ -15,15 +22,7 @@ let # echo Updating homeshick # ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick # mv -Tf "$HOMESICK_REPOS"/{.,}homeshick - ''; - -in { - home.sessionVariables = { - HOMESHICK_DIR="${pkgs.homeshick}"; - }; - - home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] '' - $DRY_RUN_CMD ${bootstrapRepos} + ''}; ''; nixpkgs.config = { diff --git a/nix/home-manager/programs/pass.nix b/nix/home-manager/programs/pass.nix index 78eb69f..39cdb19 100644 --- a/nix/home-manager/programs/pass.nix +++ b/nix/home-manager/programs/pass.nix @@ -19,6 +19,7 @@ pass-otp qtpass rofi-pass + gnupg ]; } diff --git a/nix/home-manager/programs/zsh.nix b/nix/home-manager/programs/zsh.nix index f035372..54eda37 100644 --- a/nix/home-manager/programs/zsh.nix +++ b/nix/home-manager/programs/zsh.nix @@ -3,7 +3,7 @@ , ... }: -let +let in { programs.zsh = { enable = true; @@ -16,15 +16,18 @@ in { %_%F{%(!.red.green)}$(prompt_char)%f ' RPROMPT="" - # Automatic rehash + # Automatic rehash zstyle ':completion:*' rehash true if [ -f $HOME/.shrc.d/sh_aliases ]; then - . $HOME/.shrc.d/sh_aliases + . $HOME/.shrc.d/sh_aliases fi - source ${pkgs.homeshick}/homeshick.sh - fpath=(${pkgs.homeshick}/completions $fpath) + ${if builtins.hasAttr "homeshick" pkgs then '' + source ${pkgs.homeshick}/homeshick.sh + fpath=(${pkgs.homeshick}/completions $fpath) + '' else '' + ''} # Disable intercepting of ctrl-s and ctrl-q as flow control. stty stop ''' -ixoff -ixon diff --git a/nix/os/devices/default.nix b/nix/os/devices/default.nix index acba03a..7c620af 100644 --- a/nix/os/devices/default.nix +++ b/nix/os/devices/default.nix @@ -1,23 +1,25 @@ { pkgs ? import {} , dir -, rebuildarg ? null +, rebuildarg +, moreargs ? "" }: let diskId = (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId; + GIT_ROOT=''''$(git rev-parse --show-toplevel)''; in { rebuild = pkgs.writeScript "script" '' #!/usr/bin/env bash set -xe - pushd ${dir} + pushd ${GIT_ROOT}/${dir} export NIXOS_CONFIG="$PWD"/configuration.nix export INSTALL_ROOT="/mnt/$ID-root" [[ -e "''${NIXOS_CONFIG}" ]] - nixos-rebuild -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} + nixos-rebuild -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs} if test -L result; then rm result fi @@ -29,12 +31,12 @@ in { ID=${diskId} echo Mounting $ID set -xe - cryptsetup luksOpen /dev/disk/by-partlabel/$ID-part3 $ID-part3 + cryptsetup luksOpen /dev/disk/by-id/$ID-part3 $ID-part3 vgchange -ay $ID mkdir -p /mnt/$ID-root mount /dev/$ID/root /mnt/$ID-root -o subvol=nixos mount /dev/$ID/root /mnt/$ID-root/home -o subvol=home - mount /dev/disk/by-partlabel/$ID-part2 /mnt/$ID-root/boot + mount /dev/disk/by-id/$ID-part2 /mnt/$ID-root/boot ''; diskUmount = pkgs.writeScript "script" '' @@ -52,7 +54,7 @@ in { #!/usr/bin/env bash set -xe ID=${diskId} - pushd ${dir} + pushd ${GIT_ROOT}/${dir} export NIXOS_CONFIG="$PWD"/configuration.nix export INSTALL_ROOT="/mnt/$ID-root" diff --git a/nix/os/devices/steveej-laptop/boot.nix b/nix/os/devices/steveej-laptop/boot.nix index 975fc6e..7c689ce 100644 --- a/nix/os/devices/steveej-laptop/boot.nix +++ b/nix/os/devices/steveej-laptop/boot.nix @@ -4,10 +4,4 @@ # workaround to disable CPU wining # current CPU has 9 idle cstates. boot.kernelParams = [ "intel_idle.max_cstate=9" ]; - - # Workaround for nm-pptp to enforce module load - boot.kernelModules = [ - "nf_conntrack_proto_gre" - "nf_conntrack_pptp" - ]; } diff --git a/nix/os/devices/steveej-laptop/hw.nix b/nix/os/devices/steveej-laptop/hw.nix index 8af9706..9e66240 100644 --- a/nix/os/devices/steveej-laptop/hw.nix +++ b/nix/os/devices/steveej-laptop/hw.nix @@ -4,26 +4,21 @@ { config, lib, pkgs, ... }: { - nix.maxJobs = 3; - nix.buildCores = 3; + boot.initrd.availableKernelModules = [ + "aesni_intel" + "kvm-intel" + "aes_x86_64" + ]; - hardware.enableAllFirmware = true; - hardware.trackpoint.emulateWheel = true; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; boot.extraModprobeConfig = '' options kvm-intel nested=1 options kvm-intel enable_shadow_vmcs=1 options kvm-intel enable_apicv=1 options kvm-intel ept=1 ''; - boot.extraModulePackages = [ ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - fileSystems."/boot" = { + # TODO: migrate this to the encryptedDisk module + fileSystems."/boot" = { device = "/dev/disk/by-uuid/445D-DBAA"; fsType = "vfat"; }; diff --git a/nix/os/devices/steveej-laptop/pkg.nix b/nix/os/devices/steveej-laptop/pkg.nix index becd2da..4c01731 100644 --- a/nix/os/devices/steveej-laptop/pkg.nix +++ b/nix/os/devices/steveej-laptop/pkg.nix @@ -3,11 +3,8 @@ ... }: let - gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; - unstablepkgs = import {}; -in -{ +in { nixpkgs.config = { allowBroken = false; allowUnfree = true; diff --git a/nix/os/devices/steveej-laptop/system.nix b/nix/os/devices/steveej-laptop/system.nix index 6935be2..1f55f91 100644 --- a/nix/os/devices/steveej-laptop/system.nix +++ b/nix/os/devices/steveej-laptop/system.nix @@ -5,9 +5,9 @@ }: let - unstablepkgs = import {}; + unstablepkgs = import { config = config.nixpkgs; }; -in rec { +in { # The NixOS release to be compatible with for stateful data such as databases. # system.stateVersion = "unstable"; @@ -19,6 +19,7 @@ in rec { server=/tectonic-ci.de/192.168.124.1 server=/tectonic-ci.lan/192.168.124.1 ''; + networking.firewall.enable = lib.mkForce false; networking.firewall.checkReversePath = false; networking.bridges."virbr1".interfaces = []; @@ -28,11 +29,11 @@ in rec { services.printing = { enable = true; - drivers = [ - pkgs.hplip - unstablepkgs.cups-kyodialog3 - unstablepkgs.mfcj6510dwlpr - unstablepkgs.mfcj6510dw-cupswrapper + drivers = with pkgs; [ + hplip + cups-kyodialog3 + mfcj6510dwlpr + mfcj6510dw-cupswrapper ]; }; diff --git a/nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/hw.nix b/nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/hw.nix deleted file mode 100644 index 6aa9818..0000000 --- a/nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/hw.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - hardware.encryptedDisk.diskId = "mmc-SL32G_0x259093f6"; -} diff --git a/nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/system.nix b/nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/system.nix deleted file mode 100644 index e453def..0000000 --- a/nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/system.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - networking.hostName = "mmc-sandiskultra32gb"; # Define your hostname. -} diff --git a/nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/configuration.nix b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/configuration.nix similarity index 100% rename from nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/configuration.nix rename to nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/configuration.nix diff --git a/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix new file mode 100644 index 0000000..1c7f7a3 --- /dev/null +++ b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + # TASK: new device + hardware.encryptedDisk = { + enable = true; + diskId = "mmc-SL32G_0x259093f6"; + }; +} diff --git a/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix new file mode 100644 index 0000000..4ac0ac9 --- /dev/null +++ b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + networking.hostName = "steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname. +} diff --git a/nix/os/devices/steveej-t480s-work/configuration.nix b/nix/os/devices/steveej-t480s-work/configuration.nix new file mode 100644 index 0000000..6fd394a --- /dev/null +++ b/nix/os/devices/steveej-t480s-work/configuration.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + imports = [ + ../../profiles/common/configuration.nix + ../../profiles/graphical/configuration.nix + ../../modules/encryptedDisk.nix + + ./system.nix + ./hw.nix + ./pkg.nix + ]; +} diff --git a/nix/os/devices/steveej-t480s-work/hw.nix b/nix/os/devices/steveej-t480s-work/hw.nix new file mode 100644 index 0000000..d8b4ab8 --- /dev/null +++ b/nix/os/devices/steveej-t480s-work/hw.nix @@ -0,0 +1,28 @@ +{ ... }: + +let + stage1Modules = [ + "aesni_intel" + "kvm-intel" + "aes_x86_64" + "nvme" + "nvme_core" + ]; + +in +{ + # TASK: new device + hardware.encryptedDisk = { + enable = true; + diskId = "nvme-SAMSUNG_MZVLW256HEHP-000L7_S35ENX0K827498"; + }; + + # boot.initrd.availableKernelModules = stage1Modules; + boot.initrd.kernelModules = stage1Modules; + boot.extraModprobeConfig = '' + options kvm-intel nested=1 + options kvm-intel enable_shadow_vmcs=1 + options kvm-intel enable_apicv=1 + options kvm-intel ept=1 + ''; +} diff --git a/nix/os/devices/steveej-t480s-work/pkg.nix b/nix/os/devices/steveej-t480s-work/pkg.nix new file mode 100644 index 0000000..0bbf536 --- /dev/null +++ b/nix/os/devices/steveej-t480s-work/pkg.nix @@ -0,0 +1,7 @@ +{ +... +}: + +{ + home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix; +} diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix new file mode 100644 index 0000000..a44044f --- /dev/null +++ b/nix/os/devices/steveej-t480s-work/system.nix @@ -0,0 +1,50 @@ +{ pkgs +, lib +, ... }: + +{ + # TASK: new device + networking.hostName = "steveej-t480s-work"; # Define your hostname. + + # Used for testing local Tectonic clusters + environment.etc."NetworkManager/dnsmasq.d/tectonic.conf".text = '' + server=/tt.testing/192.168.124.1 + server=/tectonic-ci.de/192.168.124.1 + server=/tectonic-ci.lan/192.168.124.1 + ''; + networking.firewall.enable = lib.mkForce false; + networking.firewall.checkReversePath = false; + + networking.bridges."virbr1".interfaces = []; + networking.interfaces."virbr1".ipv4.addresses = [ + { address = "10.254.254.254"; prefixLength = 24; } + ]; + + services.printing = { + enable = true; + drivers = with pkgs; [ + hplip + cups-kyodialog3 + mfcj6510dwlpr + mfcj6510dw-cupswrapper + ]; + }; + +# TODO: get external fingerprint reader +# services.fprintd.enable = true; +# security.pam.services = { +# login.fprintAuth = true; +# sudo.fprintAuth = true; +# }; + + # Kubernetes + # services.kubernetes.roles = ["master" "node"]; + + # virtualization + virtualisation = { + libvirtd.enable = true; + virtualbox.host.enable = true; + virtualbox.host.addNetworkInterface = true; + docker.enable = true; + }; +} diff --git a/nix/os/modules/encryptedDisk.nix b/nix/os/modules/encryptedDisk.nix index 74e865c..961a99c 100644 --- a/nix/os/modules/encryptedDisk.nix +++ b/nix/os/modules/encryptedDisk.nix @@ -6,13 +6,23 @@ with lib; let cfg = config.hardware.encryptedDisk; + volumeGroup = cfg.diskId; + + # This is important at install-time bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ]; - bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part2" ]; - bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part3" ]; + + # These are guaranteed by LVM rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ]; swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ]; + # TODO: verify the GPT PARTLABEL cap at 36 chars + shortenPartlabel = name: (builtins.substring 0 36 name); + # Cannot use the disk ID here because might be different at install vs. runtime. + # Example: MMC card which is used in the internal reader vs. USB reader + bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("2-"+cfg.diskId))]; + bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("3-"+cfg.diskId))]; + in { options.hardware.encryptedDisk = { enable = mkEnableOption "Enable encrypted filesystem layout"; diff --git a/nix/os/profiles/common/boot.nix b/nix/os/profiles/common/boot.nix index 8e1a03c..3d035cc 100644 --- a/nix/os/profiles/common/boot.nix +++ b/nix/os/profiles/common/boot.nix @@ -11,7 +11,14 @@ version = 2; }; + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.tmpOnTmpfs = true; + + # Workaround for nm-pptp to enforce module load + boot.kernelModules = [ + "nf_conntrack_proto_gre" + "nf_conntrack_pptp" + ]; } diff --git a/nix/os/profiles/common/configuration.nix b/nix/os/profiles/common/configuration.nix index a2519ca..0540f85 100644 --- a/nix/os/profiles/common/configuration.nix +++ b/nix/os/profiles/common/configuration.nix @@ -6,5 +6,6 @@ ./pkg.nix ./user.nix ./system.nix + ./hw.nix ]; } diff --git a/nix/os/profiles/common/hw.nix b/nix/os/profiles/common/hw.nix new file mode 100644 index 0000000..885663e --- /dev/null +++ b/nix/os/profiles/common/hw.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + hardware.trackpoint.emulateWheel = true; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + "cryptd" + ]; +} diff --git a/nix/os/profiles/common/pkg.nix b/nix/os/profiles/common/pkg.nix index b29250a..544ea83 100644 --- a/nix/os/profiles/common/pkg.nix +++ b/nix/os/profiles/common/pkg.nix @@ -1,7 +1,27 @@ { config, pkgs, ... }: { - # Package configuration + imports = [ + "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos" + ]; + home-manager.users.root = import ../../../home-manager/configuration/text-minimal.txt; + + nixpkgs.config = { + allowBroken = false; + allowUnfree = true; + + packageOverrides = pkgs: with pkgs; { + busyboxStatic = busybox.override { + enableStatic = true; + extraConfig = '' + CONFIG_STATIC y + CONFIG_INSTALL_APPLET_DONT y + CONFIG_INSTALL_APPLET_SYMLINKS n + ''; + }; + }; + }; + environment.systemPackages = with pkgs; [ elfutils exfat @@ -16,9 +36,10 @@ wget curl - git + gitFull pastebinit gist + mr usbutils pciutils diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index b6fc3ef..d7a596f 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -48,6 +48,7 @@ # Activation scripts for impure set up of paths in / system.activationScripts.bin = '' echo "setting up /bin..." + mkdir -p /bin ln -sfT ${pkgs.bash}/bin/bash /bin/.bash mv -Tf /bin/.bash /bin/bash ''; diff --git a/nix/os/profiles/graphical/boot.nix b/nix/os/profiles/graphical/boot.nix new file mode 100644 index 0000000..e4d35b0 --- /dev/null +++ b/nix/os/profiles/graphical/boot.nix @@ -0,0 +1,7 @@ + +{ lib +, ... +}: + +{ +} diff --git a/nix/os/profiles/graphical/configuration.nix b/nix/os/profiles/graphical/configuration.nix index ee53530..1ab66e9 100644 --- a/nix/os/profiles/graphical/configuration.nix +++ b/nix/os/profiles/graphical/configuration.nix @@ -1,9 +1,11 @@ { pkgs -, ... +, ... }: { - imports = [ + imports = [ + ./boot.nix ./system.nix + ./hw.nix ]; } diff --git a/nix/os/profiles/graphical/hw.nix b/nix/os/profiles/graphical/hw.nix new file mode 100644 index 0000000..7cc04be --- /dev/null +++ b/nix/os/profiles/graphical/hw.nix @@ -0,0 +1,7 @@ +{ +... +}: + +{ + hardware.enableAllFirmware = true; +} diff --git a/nix/os/profiles/removable-medium/boot.nix b/nix/os/profiles/removable-medium/boot.nix index 7c3d25b..b3939cb 100644 --- a/nix/os/profiles/removable-medium/boot.nix +++ b/nix/os/profiles/removable-medium/boot.nix @@ -5,33 +5,5 @@ { boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.efi.canTouchEfiVariables = lib.mkForce false; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "rtsx_pci_sdmmc" - "aes_x86_64" - "aesni_intel" - "cryptd" - ]; - - boot.kernelModules = [ - "kvm-intel" - - # Workaround for nm-pptp to enforce module load - "nf_conntrack_proto_gre" - "nf_conntrack_pptp" - ]; - - boot.extraModprobeConfig = '' - options kvm-intel nested=1 - options kvm-intel enable_shadow_vmcs=1 - options kvm-intel enable_apicv=1 - options kvm-intel ept=1 - ''; boot.extraModulePackages = [ ]; - - boot.loader.systemd-boot.enable = true; } diff --git a/nix/os/profiles/removable-medium/hw.nix b/nix/os/profiles/removable-medium/hw.nix index dc39ae9..99f014f 100644 --- a/nix/os/profiles/removable-medium/hw.nix +++ b/nix/os/profiles/removable-medium/hw.nix @@ -3,5 +3,4 @@ { hardware.encryptedDisk.enable = true; hardware.enableAllFirmware = true; - hardware.trackpoint.emulateWheel = true; } diff --git a/nix/os/profiles/removable-medium/pkg.nix b/nix/os/profiles/removable-medium/pkg.nix index ae8f8e9..fa43b2e 100644 --- a/nix/os/profiles/removable-medium/pkg.nix +++ b/nix/os/profiles/removable-medium/pkg.nix @@ -1,27 +1,7 @@ -{ +{ ... }: { - imports = [ - "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos" - ]; - - nixpkgs.config = { - allowBroken = false; - allowUnfree = true; - - packageOverrides = pkgs: with pkgs; { - busyboxStatic = busybox.override { - enableStatic = true; - extraConfig = '' - CONFIG_STATIC y - CONFIG_INSTALL_APPLET_DONT y - CONFIG_INSTALL_APPLET_SYMLINKS n - ''; - }; - }; - }; - - home-manager.users.steveej = import ../../../home-manager/configuration/removable-desktop.nix; + home-manager.users.steveej = import ../../../home-manager/configuration/graphical-removable.nix; } diff --git a/nix/pkgs/just.nix b/nix/pkgs/just.nix new file mode 100644 index 0000000..f1a0fa5 --- /dev/null +++ b/nix/pkgs/just.nix @@ -0,0 +1,24 @@ +{ rustPlatform +, stdenv +}: + + rustPlatform.buildRustPackage rec { + name = "just-${version}"; + version = "849cdcb37fb42feb5e8724ec9fb3b34027e0da4f"; + src = builtins.fetchGit { + url = "https://github.com/casey/just.git"; + rev = version; + }; + + cargoSha256 = "0awfq9fhcin2q6mvv54xw6i6pxhdp9xa1cpx3jmpf3a6h8l6s9wp"; + + doCheck = false; + + meta = with stdenv.lib; { + description = "Just a command runner "; + homepage = https://github.com/casey/just; + license = licenses.unlicense; + maintainers = [ ]; + platforms = platforms.all; + }; + } diff --git a/nix/scripts/pre-eval-fixed.sh b/nix/scripts/pre-eval-fixed.sh new file mode 100755 index 0000000..0b22a4f --- /dev/null +++ b/nix/scripts/pre-eval-fixed.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +INFILE="${1:?Please set arg1 to INFILE}" +OUTFILE="${2:?Please set arg2 to OUTFILE}" +hash=$(nix-build ${INFILE} --arg pkgs 'import {}' --arg config 'null' 2>&1 | grep -oE '[0-9a-z]{52}' | head -n1) +sed -E "s/0{52}/${hash}/" ${INFILE} > ${OUTFILE} diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..a0f6894 --- /dev/null +++ b/shell.nix @@ -0,0 +1,17 @@ +with import {}; + +let + +in +stdenv.mkDerivation { + name = "infra-env"; + buildInputs = [ + (pkgs.callPackage ./nix/pkgs/just.nix {}) + git-crypt + vcsh + gnupg + ]; + + # Set Environment Variables + RUST_BACKTRACE = 1; +}