From 0e2f704aa3737708e92fa7442ad8130d1c66061e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 31 Oct 2018 22:49:43 +0100 Subject: [PATCH 01/30] add envrc and shell.nix with 'just' pkg --- .envrc | 1 + README.md | 2 +- shell.nix | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 .envrc create mode 100644 shell.nix diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..1d953f4 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use nix diff --git a/README.md b/README.md index 16d479d..dda02f6 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ In the unlikely case that you actually read this and have any questions please d - [ ] update running system - [ ] partition/encrypt/format disks - [ ] annotate recipes with some documentation - - [ ] declare shell.nix with runtime deps + - [x] declare shell.nix with runtime deps - [ ] Document bootstrap process - [ ] Automatic backups - [ ] tracked dotfiles diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..b79404e --- /dev/null +++ b/shell.nix @@ -0,0 +1,34 @@ +with import {}; + +let + just = rustPlatform.buildRustPackage rec { + name = "just-${version}"; + version = "git"; + src = builtins.fetchGit { + url = "https://github.com/casey/just.git"; + rev = "6430d38a6a489ba4e818b6a892e8bbbbacbfe8f3"; + }; + + cargoSha256 = "0awfq9fhcin2q6mvv54xw6i6pxhdp9xa1cpx3jmpf3a6h8l6s9wp"; + + doCheck = false; + + meta = with stdenv.lib; { + description = "Just a command runner "; + homepage = https://github.com/casey/just; + license = licenses.unlicense; + maintainers = [ ]; + platforms = platforms.all; + }; + }; + +in +stdenv.mkDerivation { + name = "infra-env"; + buildInputs = [ + just + ]; + + # Set Environment Variables + RUST_BACKTRACE = 1; +} From 239c2c9c44c6194297b94de87e24c6b058a79ff0 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Nov 2018 11:03:03 +0100 Subject: [PATCH 02/30] nix config udpate; polish top-level Justfile --- .gitignore | 1 + Justfile | 53 +++++++++++++++---- .../configuration/fullblown-workstation.nix | 7 +-- .../configuration/steveej-qtile-desktop.nix | 2 + .../devices/steveej-laptop/configuration.nix | 5 ++ nix/os/devices/steveej-laptop/system.nix | 15 +++--- nix/os/profiles/common/pkg.nix | 19 ++++++- nix/os/profiles/removable-medium/pkg.nix | 16 ------ 8 files changed, 81 insertions(+), 37 deletions(-) diff --git a/.gitignore b/.gitignore index 8288ed7..fe9ad7f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *.swp *.qcow2 +.*.log diff --git a/Justfile b/Justfile index 24094b4..0f2f8f8 100755 --- a/Justfile +++ b/Justfile @@ -1,16 +1,49 @@ -devices action dir +moreargs="": +_device action dir +moreargs="": #!/usr/bin/env bash - set -x + set -e sudo $(nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A {{action}} --argstr dir {{dir}} {{moreargs}} ) -diskMount dir: - just -v devices diskMount {{dir}} -diskUmount dir: - just -v devices diskUmount {{dir}} +_rebuild-device dir rebuildarg="dry-activate": + just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} -diskInstall dir: - just -v devices diskInstall {{dir}} +# Rebulid this device's NixOS +rebuild-this-device rebuildarg="dry-activate": + just -v _rebuild-device nix/os/devices/$(hostname -s) {{rebuildarg}} -device-rebuild dir rebuildarg="build": - just -v devices rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} +# Update nix-channels and switch to updated NixOS and home environments +update-this-device: + #!/usr/bin/env bash + echo Updating system channels... + sudo nix-channel --update > .$(hostname -s)_sysupdate.log 2>&1 + echo Updating system... + if just -v rebuild-this-device >> .$(hostname -s)_sysupdate.log 2>&1 ; then + echo System update successful + else + System update failed + fi + + if type home-manager > /dev/null 2>&1; then + echo Updating home... + if home-manager -v switch > .$(hostname -s)_homeupdate.log 2>&1 ; then + echo Home update successful + else + echo Home update failed + fi + fi + +# Sorry, this is a manual step for now. Please see nix/os/modules/encryptedDisk.nix for the layout +disk-prepare: + echo NOT IMPLEMENTED + +# Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6' +disk-mount dir: + just -v _device diskMount {{dir}} + +# Unmount target disk, specified by device configuration directory +disk-umount dir: + just -v _device diskUmount {{dir}} + +# Perform an offline installation on the mounted the target disk, specified by device configuration directory +disk-install dir: + just -v _device diskInstall {{dir}} diff --git a/nix/home-manager/configuration/fullblown-workstation.nix b/nix/home-manager/configuration/fullblown-workstation.nix index 6cc45d6..6deb633 100644 --- a/nix/home-manager/configuration/fullblown-workstation.nix +++ b/nix/home-manager/configuration/fullblown-workstation.nix @@ -69,6 +69,10 @@ in { }; home.sessionVariables = { + # TODO: find a way to prevent using a store path for the current file + # HM_CONFIG_PATH=builtins.toString "${./.}"; + HM_CONFIG="fullblown-workstation"; + GOPATH="$HOME/src/go"; PATH=pkgs.lib.concatStringsSep ":" [ @@ -99,10 +103,7 @@ in { # Version Control Systems git-crypt unstablepkgs.pijul - gitFull gitless - mr - gitRepo # Cloud/Remote System Management diff --git a/nix/home-manager/configuration/steveej-qtile-desktop.nix b/nix/home-manager/configuration/steveej-qtile-desktop.nix index eef2f4f..8b91980 100644 --- a/nix/home-manager/configuration/steveej-qtile-desktop.nix +++ b/nix/home-manager/configuration/steveej-qtile-desktop.nix @@ -56,6 +56,8 @@ in { }; home.sessionVariables = { + HM_CONFIG=builtins.toString ./.; + GOPATH="$HOME/src/go"; PATH=pkgs.lib.concatStringsSep ":" [ diff --git a/nix/os/devices/steveej-laptop/configuration.nix b/nix/os/devices/steveej-laptop/configuration.nix index da100b3..c0d100e 100644 --- a/nix/os/devices/steveej-laptop/configuration.nix +++ b/nix/os/devices/steveej-laptop/configuration.nix @@ -1,6 +1,11 @@ { ... }: { + nixpkgs.config = { + allowBroken = false; + allowUnfree = true; + }; + imports = [ ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix diff --git a/nix/os/devices/steveej-laptop/system.nix b/nix/os/devices/steveej-laptop/system.nix index 6935be2..1f55f91 100644 --- a/nix/os/devices/steveej-laptop/system.nix +++ b/nix/os/devices/steveej-laptop/system.nix @@ -5,9 +5,9 @@ }: let - unstablepkgs = import {}; + unstablepkgs = import { config = config.nixpkgs; }; -in rec { +in { # The NixOS release to be compatible with for stateful data such as databases. # system.stateVersion = "unstable"; @@ -19,6 +19,7 @@ in rec { server=/tectonic-ci.de/192.168.124.1 server=/tectonic-ci.lan/192.168.124.1 ''; + networking.firewall.enable = lib.mkForce false; networking.firewall.checkReversePath = false; networking.bridges."virbr1".interfaces = []; @@ -28,11 +29,11 @@ in rec { services.printing = { enable = true; - drivers = [ - pkgs.hplip - unstablepkgs.cups-kyodialog3 - unstablepkgs.mfcj6510dwlpr - unstablepkgs.mfcj6510dw-cupswrapper + drivers = with pkgs; [ + hplip + cups-kyodialog3 + mfcj6510dwlpr + mfcj6510dw-cupswrapper ]; }; diff --git a/nix/os/profiles/common/pkg.nix b/nix/os/profiles/common/pkg.nix index b29250a..eef45ef 100644 --- a/nix/os/profiles/common/pkg.nix +++ b/nix/os/profiles/common/pkg.nix @@ -2,6 +2,22 @@ { # Package configuration + nixpkgs.config = { + allowBroken = false; + allowUnfree = true; + + packageOverrides = pkgs: with pkgs; { + busyboxStatic = busybox.override { + enableStatic = true; + extraConfig = '' + CONFIG_STATIC y + CONFIG_INSTALL_APPLET_DONT y + CONFIG_INSTALL_APPLET_SYMLINKS n + ''; + }; + }; + }; + environment.systemPackages = with pkgs; [ elfutils exfat @@ -16,9 +32,10 @@ wget curl - git + gitFull pastebinit gist + mr usbutils pciutils diff --git a/nix/os/profiles/removable-medium/pkg.nix b/nix/os/profiles/removable-medium/pkg.nix index ae8f8e9..33ebb38 100644 --- a/nix/os/profiles/removable-medium/pkg.nix +++ b/nix/os/profiles/removable-medium/pkg.nix @@ -7,21 +7,5 @@ "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos" ]; - nixpkgs.config = { - allowBroken = false; - allowUnfree = true; - - packageOverrides = pkgs: with pkgs; { - busyboxStatic = busybox.override { - enableStatic = true; - extraConfig = '' - CONFIG_STATIC y - CONFIG_INSTALL_APPLET_DONT y - CONFIG_INSTALL_APPLET_SYMLINKS n - ''; - }; - }; - }; - home-manager.users.steveej = import ../../../home-manager/configuration/removable-desktop.nix; } From dd4cd9aaf4df44f31e0f7662627e60df1023810e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Nov 2018 11:45:40 +0100 Subject: [PATCH 03/30] nix: add channel configuration and rework update process --- Justfile | 30 +++++++++++----- .../configuration/removable-desktop.nix | 24 ++++++------- nix/home-manager/configuration/root.nix | 35 +++++++++++++++++++ nix/home-manager/profiles/common.nix | 2 -- nix/home-manager/profiles/nix-channels.nix | 34 ++++++++++++++++++ nix/home-manager/programs/homeshick.nix | 19 +++++----- nix/home-manager/programs/zsh.nix | 13 ++++--- nix/os/devices/default.nix | 10 +++--- nix/os/devices/steveej-laptop/pkg.nix | 5 +-- .../system.nix | 5 --- .../configuration.nix | 0 .../hw.nix | 0 .../system.nix | 5 +++ nix/os/profiles/common/pkg.nix | 6 ++++ 14 files changed, 137 insertions(+), 51 deletions(-) create mode 100644 nix/home-manager/configuration/root.nix create mode 100644 nix/home-manager/profiles/nix-channels.nix delete mode 100644 nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/system.nix rename nix/os/devices/{steveej-live-mmc-SL32G_0x259093f6 => steveej-rmvbl-mmc-SL32G_0x259093f6}/configuration.nix (100%) rename nix/os/devices/{steveej-live-mmc-SL32G_0x259093f6 => steveej-rmvbl-mmc-SL32G_0x259093f6}/hw.nix (100%) create mode 100644 nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix diff --git a/Justfile b/Justfile index 0f2f8f8..60614e0 100755 --- a/Justfile +++ b/Justfile @@ -1,33 +1,45 @@ +_usage: + just -l + _device action dir +moreargs="": #!/usr/bin/env bash - set -e - sudo $(nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A {{action}} --argstr dir {{dir}} {{moreargs}} ) + set -ex + sudo $(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A {{action}} --argstr dir {{dir}} {{moreargs}}) +_rebuild-device dir rebuildarg="dry-activate" +moreargs="": + just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} {{moreargs}} -_rebuild-device dir rebuildarg="dry-activate": - just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} # Rebulid this device's NixOS rebuild-this-device rebuildarg="dry-activate": just -v _rebuild-device nix/os/devices/$(hostname -s) {{rebuildarg}} +# This could be used to inject another channel +# --argstr moreargs "\'-I nixos-unstable=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz\'" + + # Update nix-channels and switch to updated NixOS and home environments update-this-device: #!/usr/bin/env bash + export SYSUPDATE_LOG=.$(hostname -s)_sysupdate.log + export HOMEUPDATE_LOG=.$(hostname -s)_homeupdate.log + echo Updating system channels... - sudo nix-channel --update > .$(hostname -s)_sysupdate.log 2>&1 + sudo nix-channel --update > ${SYSUPDATE_LOG} 2>&1 echo Updating system... - if just -v rebuild-this-device >> .$(hostname -s)_sysupdate.log 2>&1 ; then + if just -v rebuild-this-device switch >> ${SYSUPDATE_LOG} 2>&1 ; then echo System update successful else - System update failed + cat ${SYSUPDATE_LOG} + echo System update failed fi if type home-manager > /dev/null 2>&1; then echo Updating home... - if home-manager -v switch > .$(hostname -s)_homeupdate.log 2>&1 ; then + if home-manager -v switch > ${HOMEUPDATE_LOG} 2>&1 ; then echo Home update successful - else + else + cat ${HOMEUPDATE_LOG} echo Home update failed fi fi diff --git a/nix/home-manager/configuration/removable-desktop.nix b/nix/home-manager/configuration/removable-desktop.nix index 2046dcb..f09788f 100644 --- a/nix/home-manager/configuration/removable-desktop.nix +++ b/nix/home-manager/configuration/removable-desktop.nix @@ -1,11 +1,9 @@ { pkgs -, config, +, config, ... }: let - # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; - unstablepkgs = import {}; - + unstablepkgs = import { config = config.nixpkgs.config; }; in { imports = [ ../profiles/common.nix @@ -27,7 +25,7 @@ in { }; packageOverrides = pkgs: with pkgs; { - myPython36 = python36Full.withPackages (ps: with ps; [ + myPython36 = python36Full.withPackages (ps: with ps; [ pylint pep8 yapf flake8 # autopep8 (broken) # pylint (broken) @@ -53,11 +51,15 @@ in { }; }; + # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; + # unstablepkgs = import { config = { allowUnfree = true; }; }; + home.sessionVariables = { }; - home.packages = [] - ++ (with pkgs; [ + + home.packages = + [] ++ (with pkgs; [ # Authentication cacert fprintd @@ -67,12 +69,10 @@ in { # Nix package related tools patchelf nix-index - nox nix-prefetch-scripts # Version Control Systems git-crypt - unstablepkgs.pijul gitFull gitless mr @@ -111,7 +111,7 @@ in { iftop iperf bind - socat + socat # samba iptables @@ -156,6 +156,6 @@ in { ## Python myPython36 - busyboxStatic - ]); + busyboxStatic + ]); } diff --git a/nix/home-manager/configuration/root.nix b/nix/home-manager/configuration/root.nix new file mode 100644 index 0000000..7430825 --- /dev/null +++ b/nix/home-manager/configuration/root.nix @@ -0,0 +1,35 @@ +{ pkgs +, config, +... }: + +let + # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; + # unstablepkgs = import {}; + +in { + imports = [ + ../profiles/common.nix + ../profiles/nix-channels.nix + ../programs/neovim.nix + ../programs/zsh.nix + ]; + + nixpkgs.config = { + packageOverrides = pkgs: with pkgs; { + }; + }; + + home.sessionVariables = { + }; + + home.packages = [] + ++ (with pkgs; [ + # Authentication + mkpasswd + + # Version Control Systems + git-crypt + gitFull + mr + ]); +} diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 06fe50c..ddfd3c7 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -43,8 +43,6 @@ in { NIXPKGS_ALLOW_UNFREE = "1"; # Don't create .pyc files. PYTHONDONTWRITEBYTECODE = "1"; - - HOMESHICK_DIR="${pkgs.homeshick}"; }; programs.command-not-found.enable = true; diff --git a/nix/home-manager/profiles/nix-channels.nix b/nix/home-manager/profiles/nix-channels.nix new file mode 100644 index 0000000..e038319 --- /dev/null +++ b/nix/home-manager/profiles/nix-channels.nix @@ -0,0 +1,34 @@ +{ pkgs +, config +, ... +}: + +let +in { + home.file.".nix-channels".text = '' + https://nixos.org/channels/nixos-18.09 nixos + https://nixos.org/channels/nixos-unstable nixos-unstable + ''; + + home.activation._removeExistingNixChannels = config.lib.dag.entryBefore ["checkLinkTargets"] '' + $DRY_RUN_CMD ${pkgs.writeScript "activation-script" '' + set -ex + if test -f $HOME/.nix-channels; then + echo Moving existing file away... + touch $HOME/.nix-channels.dummy + mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels + rm $HOME/.nix-channels + fi + ''}; + ''; + + nixpkgs.config = { + + packageOverrides = pkgs: with pkgs; { + homeshick = builtins.fetchGit { + url = "https://github.com/andsens/homeshick.git"; + ref = "master"; + }; + }; + }; +} diff --git a/nix/home-manager/programs/homeshick.nix b/nix/home-manager/programs/homeshick.nix index 7238ea5..bb50b31 100644 --- a/nix/home-manager/programs/homeshick.nix +++ b/nix/home-manager/programs/homeshick.nix @@ -4,7 +4,14 @@ }: let - bootstrapRepos = pkgs.writeScript "bootstrapRepos" '' + +in { + home.sessionVariables = { + HOMESHICK_DIR="${pkgs.homeshick}"; + }; + + home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] '' + $DRY_RUN_CMD ${pkgs.writeScript "activation-script" '' set -e echo home-manager path is ${config.home.path} echo home is $HOME @@ -15,15 +22,7 @@ let # echo Updating homeshick # ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick # mv -Tf "$HOMESICK_REPOS"/{.,}homeshick - ''; - -in { - home.sessionVariables = { - HOMESHICK_DIR="${pkgs.homeshick}"; - }; - - home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] '' - $DRY_RUN_CMD ${bootstrapRepos} + ''}; ''; nixpkgs.config = { diff --git a/nix/home-manager/programs/zsh.nix b/nix/home-manager/programs/zsh.nix index f035372..54eda37 100644 --- a/nix/home-manager/programs/zsh.nix +++ b/nix/home-manager/programs/zsh.nix @@ -3,7 +3,7 @@ , ... }: -let +let in { programs.zsh = { enable = true; @@ -16,15 +16,18 @@ in { %_%F{%(!.red.green)}$(prompt_char)%f ' RPROMPT="" - # Automatic rehash + # Automatic rehash zstyle ':completion:*' rehash true if [ -f $HOME/.shrc.d/sh_aliases ]; then - . $HOME/.shrc.d/sh_aliases + . $HOME/.shrc.d/sh_aliases fi - source ${pkgs.homeshick}/homeshick.sh - fpath=(${pkgs.homeshick}/completions $fpath) + ${if builtins.hasAttr "homeshick" pkgs then '' + source ${pkgs.homeshick}/homeshick.sh + fpath=(${pkgs.homeshick}/completions $fpath) + '' else '' + ''} # Disable intercepting of ctrl-s and ctrl-q as flow control. stty stop ''' -ixoff -ixon diff --git a/nix/os/devices/default.nix b/nix/os/devices/default.nix index acba03a..071d1e8 100644 --- a/nix/os/devices/default.nix +++ b/nix/os/devices/default.nix @@ -1,23 +1,25 @@ { pkgs ? import {} , dir -, rebuildarg ? null +, rebuildarg +, moreargs ? "" }: let diskId = (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId; + GIT_ROOT=''''$(git rev-parse --show-toplevel)''; in { rebuild = pkgs.writeScript "script" '' #!/usr/bin/env bash set -xe - pushd ${dir} + pushd ${GIT_ROOT}/${dir} export NIXOS_CONFIG="$PWD"/configuration.nix export INSTALL_ROOT="/mnt/$ID-root" [[ -e "''${NIXOS_CONFIG}" ]] - nixos-rebuild -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} + nixos-rebuild -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs} if test -L result; then rm result fi @@ -52,7 +54,7 @@ in { #!/usr/bin/env bash set -xe ID=${diskId} - pushd ${dir} + pushd ${GIT_ROOT}/${dir} export NIXOS_CONFIG="$PWD"/configuration.nix export INSTALL_ROOT="/mnt/$ID-root" diff --git a/nix/os/devices/steveej-laptop/pkg.nix b/nix/os/devices/steveej-laptop/pkg.nix index becd2da..4c01731 100644 --- a/nix/os/devices/steveej-laptop/pkg.nix +++ b/nix/os/devices/steveej-laptop/pkg.nix @@ -3,11 +3,8 @@ ... }: let - gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; - unstablepkgs = import {}; -in -{ +in { nixpkgs.config = { allowBroken = false; allowUnfree = true; diff --git a/nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/system.nix b/nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/system.nix deleted file mode 100644 index e453def..0000000 --- a/nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/system.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - networking.hostName = "mmc-sandiskultra32gb"; # Define your hostname. -} diff --git a/nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/configuration.nix b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/configuration.nix similarity index 100% rename from nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/configuration.nix rename to nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/configuration.nix diff --git a/nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/hw.nix b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix similarity index 100% rename from nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/hw.nix rename to nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix diff --git a/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix new file mode 100644 index 0000000..4ac0ac9 --- /dev/null +++ b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + networking.hostName = "steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname. +} diff --git a/nix/os/profiles/common/pkg.nix b/nix/os/profiles/common/pkg.nix index eef45ef..4c3adb5 100644 --- a/nix/os/profiles/common/pkg.nix +++ b/nix/os/profiles/common/pkg.nix @@ -40,4 +40,10 @@ usbutils pciutils ]; + + imports = [ + "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos" + ]; + + home-manager.users.root = import ../../../home-manager/configuration/root.nix; } From b53ad263e65628ac0a5eca3646c9200d35d1eb91 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Nov 2018 18:43:22 +0100 Subject: [PATCH 04/30] home/qtile: add volume keys and ease testing --- Justfile | 11 ++ .../configuration/fullblown-workstation.nix | 20 +-- nix/home-manager/profiles/qtile-desktop.nix | 121 ++++++++++-------- 3 files changed, 89 insertions(+), 63 deletions(-) diff --git a/Justfile b/Justfile index 60614e0..6caf3fe 100755 --- a/Justfile +++ b/Justfile @@ -44,6 +44,17 @@ update-this-device: fi fi +hm-iterate-qtile: + #!/usr/bin/env bash + set -xe + home-manager switch + Xephyr -ac -br -resizeable :1 & + XEPHYR_PID=$! + echo ${XEPHYR_PID} + DISPLAY=:1 $(grep qtile ~/.xsession) & + wait $! + kill ${XEPHYR_PID} + # Sorry, this is a manual step for now. Please see nix/os/modules/encryptedDisk.nix for the layout disk-prepare: echo NOT IMPLEMENTED diff --git a/nix/home-manager/configuration/fullblown-workstation.nix b/nix/home-manager/configuration/fullblown-workstation.nix index 6deb633..bb62534 100644 --- a/nix/home-manager/configuration/fullblown-workstation.nix +++ b/nix/home-manager/configuration/fullblown-workstation.nix @@ -1,5 +1,5 @@ { pkgs -, config, +, config, ... }: let @@ -40,7 +40,7 @@ in { enableStatic = true; }; - myPython36 = python36Full.withPackages (ps: with ps; [ + myPython36 = python36Full.withPackages (ps: with ps; [ pylint pep8 yapf flake8 # autopep8 (broken) # pylint (broken) @@ -75,7 +75,7 @@ in { GOPATH="$HOME/src/go"; - PATH=pkgs.lib.concatStringsSep ":" [ + PATH=pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" "$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/bin" "$HOME/.cargo/bin" @@ -201,7 +201,7 @@ in { iftop iperf bind - socat + socat # samba iptables @@ -215,7 +215,7 @@ in { # (vscode-with-extensions.override { # # When the extension is already available in the default extensions set. # vscodeExtensions = with vscode-extensions; [ - # ] + # ] # # Concise version from the vscode market place when not available in the default set. # ++ vscode-utils.extensionsFromVscodeMarketplace [ # { @@ -250,7 +250,7 @@ in { eclipses.eclipse-modeling dia astah-community - + # Misc Development Tools qrcode travis @@ -271,12 +271,12 @@ in { perlPackages.FileHomeDir perlPackages.UnicodeLineBreak (texlive.combine { - inherit (texlive) + inherit (texlive) scheme-small texlive-de texlive-en texlive-scripts - collection-langgerman + collection-langgerman latexindent latexmk @@ -368,7 +368,7 @@ in { dex roxterm # kitty - busyboxStatic + busyboxStatic xorg.xbacklight coreutils lsof @@ -391,5 +391,5 @@ in { obs-studio shotcut openshot-qt - ]); + ]); } diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix index dd35838..307ac01 100644 --- a/nix/home-manager/profiles/qtile-desktop.nix +++ b/nix/home-manager/profiles/qtile-desktop.nix @@ -6,8 +6,28 @@ let inherit (import ../lib.nix { }) mkSimpleTrayService ; - - qtileConfig = pkgs.writeScript "config.py" '' + + audio = pkgs.writeScript "audio" '' + #!${pkgs.bash}/bin/bash + case $1 in + mute) + ${pkgs.pulseaudio}/bin/pactl set-sink-mute $(${pkgs.pulseaudio}/bin/pactl list short sinks | grep RUNNING | awk '{ print $1 }') toggle + ;; + lower) + ${pkgs.pulseaudio}/bin/pactl set-sink-volume $(${pkgs.pulseaudio}/bin/pactl list short sinks | grep RUNNING | awk '{ print $1 }') -10% + ;; + raise) + ${pkgs.pulseaudio}/bin/pactl set-sink-volume $(${pkgs.pulseaudio}/bin/pactl list short sinks | grep RUNNING | awk '{ print $1 }') +10% + ;; + *) + echo Unknown command: $1 + exit 1 + ;; + esac + + ''; + + qtileConfig = pkgs.writeScript "qtile_config.py" '' from libqtile.config import Key, Screen, Group, Drag, Click from libqtile.command import lazy from libqtile import layout, bar, widget @@ -24,45 +44,45 @@ handler = logging.handlers.RotatingFileHandler( handler.setLevel(logging.WARN) logger.addHandler(handler) -@hook.subscribe.screen_change -def restart_on_randr(qtile, ev): - import time - - with open(os.path.join(os.environ['HOME'], ".qtilelastrestart"), "w"): - pass - - lastRestart = 0 - with open(os.path.join(os.environ['HOME'], ".qtilelastrestart"), "r+") as lastRestartFile: - lastRestartStr = lastRestartFile.read() - if len(lastRestartStr) > 0: - lastRestart = float(lastRestartStr) - - print("screen changed. (last change: %s)" % lastRestart) - - delta=time.time()-lastRestart - if delta > 3: - import subprocess - lastRestartFile.seek(0) - lastRestartFile.write("%s" % time.time()) - lastRestartFile.truncate() - - subprocess.call(["autorandr","-c"]) - qtile.cmd_restart() - else: - print("screen is changing too fast: %s" % delta) - -active_screen = 0 -@hook.subscribe.client_focus -def focus_changed(window): - global active_screen - pass - active_screen = window.group.screen.index - -@hook.subscribe.current_screen_change -def move_widget(): - global active_screen - systray = widget.Systray() - logging.warn("Screen changed to %i" % active_screen) +# @hook.subscribe.screen_change +# def restart_on_randr(qtile, ev): +# import time +# +# with open(os.path.join(os.environ['HOME'], ".qtilelastrestart"), "w"): +# pass +# +# lastRestart = 0 +# with open(os.path.join(os.environ['HOME'], ".qtilelastrestart"), "r+") as lastRestartFile: +# lastRestartStr = lastRestartFile.read() +# if len(lastRestartStr) > 0: +# lastRestart = float(lastRestartStr) +# +# print("screen changed. (last change: %s)" % lastRestart) +# +# delta=time.time()-lastRestart +# if delta > 3: +# import subprocess +# lastRestartFile.seek(0) +# lastRestartFile.write("%s" % time.time()) +# lastRestartFile.truncate() +# +# subprocess.call(["autorandr","-c"]) +# qtile.cmd_restart() +# else: +# print("screen is changing too fast: %s" % delta) +# +# active_screen = 0 +# @hook.subscribe.client_focus +# def focus_changed(window): +# global active_screen +# pass +# active_screen = window.group.screen.index +# +# @hook.subscribe.current_screen_change +# def move_widget(): +# global active_screen +# systray = widget.Systray() +# logging.warn("Screen changed to %i" % active_screen) key_super = "mod4" key_alt = "mod1" @@ -76,14 +96,11 @@ keys = [ Key([key_super], "r", lazy.spawncmd()), Key([key_super], "w", lazy.window.kill()), -# Key([key_alt, key_super], "l", lazy.spawn("xscreensaver-command -lock")), -# Key([key_alt, key_super], "l", lazy.spawn("sh -c '(sleep 1; xset dpms force off) & xautolock -locknow'")), -# Key([key_alt, key_super], "l", lazy.spawn("light-locker-command -l")), -# Key([key_alt, key_super], "l", lazy.spawn("dm-tool lock")), Key([key_alt, key_super], "l", lazy.spawn('${pkgs.bash}/bin/sh -c "loginctl lock-session $XDG_SESSION_ID"')), Key([key_alt, key_super], "s", lazy.spawn("${pkgs.systemd}/bin/systemctl suspend")), - Key([key_super, key_control], "r", lazy.restart()), + # Key([key_super, key_control], "r", lazy.restart()), + Key([key_super, key_control], "r", lazy.spawn("${pkgs.autorandr}/bin/autorandr -c"), lazy.restart()), Key([key_super, key_control], "q", lazy.shutdown()), # Toggle between different layouts as defined below @@ -134,14 +151,12 @@ keys = [ Key([], "XF86AudioPlay", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.PlayPause")), Key([], "XF86AudioPrev", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Previous")), Key([], "XF86AudioNext", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Next")), - ## Microsoft Comfort Curve specific + ## Microsoft Comfort Curve specific Key([key_super, "shift"], "XF86TouchpadToggle", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Previous")), Key([key_alt, key_super], "XF86TouchpadToggle", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Next")), - - # FIXME: Backlight currently broken -# Key([], "XF86MonBrightnessDown", lazy.spawn("xbacklight -inc -5")), -# Key([], "XF86MonBrightnessUp", lazy.spawn("xbacklight -inc 5")), - + Key([], "XF86AudioMute", lazy.spawn("${audio} mute")), + Key([], "XF86AudioLowerVolume", lazy.spawn("${audio} lower")), + Key([], "XF86AudioRaiseVolume", lazy.spawn("${audio} raise")), Key([], "Print", lazy.spawn("${pkgs.flameshot}/bin/flameshot gui")), ] groups = [Group(i) for i in "1234567890"] @@ -224,7 +239,7 @@ in { }; pasystray = mkSimpleTrayService { - execStart = "${pkgs.pasystray}/bin/pasystray"; + execStart = "${pkgs.pasystray}/bin/pasystray"; }; cbatticon = mkSimpleTrayService { From a208015c62e50eba0f4451281ffb33a21f434931 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Nov 2018 18:47:47 +0100 Subject: [PATCH 05/30] Update roadmap --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index dda02f6..afa63d2 100644 --- a/README.md +++ b/README.md @@ -5,12 +5,13 @@ This is mostly achieved with the help of [Nix](https://nixos.org). In the unlikely case that you actually read this and have any questions please don't hesitate to reach out. ## Roadmap + - All graphical systems (incl. install media) must have - [x] Full-disk encryption by default - [x] Yubikey support with SSH auth - [ ] Migrate all devices to new structure - [x] Encrypted Install media - - [ ] steveej-laptop + - [x] steveej-laptop - [ ] steveej-laptop-work - [ ] Migrate home environment to new structure - [x] home-manager @@ -25,10 +26,10 @@ In the unlikely case that you actually read this and have any questions please d - [x] mount/umount disks - [x] install to mounted disk - [x] rebuild running system - - [ ] update running system - - [ ] partition/encrypt/format disks - - [ ] annotate recipes with some documentation + - [x] update running system + - [x] annotate recipes with some documentation - [x] declare shell.nix with runtime deps + - [ ] partition/encrypt/format disks - [ ] Document bootstrap process - [ ] Automatic backups - [ ] tracked dotfiles From eced1a3bc14fb85a608297db8a9d29b1d3419158 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Nov 2018 19:33:58 +0100 Subject: [PATCH 06/30] home-manager: cleanup&rename configuration --- ...orkstation.nix => graphical-fullblown.nix} | 13 - ...le-desktop.nix => graphical-removable.nix} | 0 .../configuration/steveej-qtile-desktop.nix | 383 ------------------ .../{root.nix => text-minimal.txt} | 2 - nix/os/profiles/common/pkg.nix | 12 +- nix/os/profiles/removable-medium/pkg.nix | 2 +- 6 files changed, 6 insertions(+), 406 deletions(-) rename nix/home-manager/configuration/{fullblown-workstation.nix => graphical-fullblown.nix} (95%) rename nix/home-manager/configuration/{removable-desktop.nix => graphical-removable.nix} (100%) delete mode 100644 nix/home-manager/configuration/steveej-qtile-desktop.nix rename nix/home-manager/configuration/{root.nix => text-minimal.txt} (79%) diff --git a/nix/home-manager/configuration/fullblown-workstation.nix b/nix/home-manager/configuration/graphical-fullblown.nix similarity index 95% rename from nix/home-manager/configuration/fullblown-workstation.nix rename to nix/home-manager/configuration/graphical-fullblown.nix index bb62534..e766ab8 100644 --- a/nix/home-manager/configuration/fullblown-workstation.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -27,19 +27,6 @@ in { }; packageOverrides = pkgs: with pkgs; { - busyboxStatic = busybox.override { - enableStatic = true; - extraConfig = '' - CONFIG_STATIC y - CONFIG_INSTALL_APPLET_DONT y - CONFIG_INSTALL_APPLET_SYMLINKS n - ''; - }; - - dropbearStatic = dropbear.override { - enableStatic = true; - }; - myPython36 = python36Full.withPackages (ps: with ps; [ pylint pep8 yapf flake8 # autopep8 (broken) diff --git a/nix/home-manager/configuration/removable-desktop.nix b/nix/home-manager/configuration/graphical-removable.nix similarity index 100% rename from nix/home-manager/configuration/removable-desktop.nix rename to nix/home-manager/configuration/graphical-removable.nix diff --git a/nix/home-manager/configuration/steveej-qtile-desktop.nix b/nix/home-manager/configuration/steveej-qtile-desktop.nix deleted file mode 100644 index 8b91980..0000000 --- a/nix/home-manager/configuration/steveej-qtile-desktop.nix +++ /dev/null @@ -1,383 +0,0 @@ -{ pkgs -, config, -... }: - -let - # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; - unstablepkgs = import {}; - -in { - imports = [ - ../profiles/common.nix - ../profiles/qtile-desktop.nix - ../programs/emacs.nix - ../programs/firefox.nix - ../programs/chromium.nix - ../programs/homeshick.nix - ../programs/libreoffice.nix - ../programs/neovim.nix - ../programs/pass.nix - ../programs/zsh.nix - ]; - - nixpkgs.config = { - pidgin = { - openssl = true; - gnutls = true; - }; - - packageOverrides = pkgs: with pkgs; { - myPython36 = python36Full.withPackages (ps: with ps; [ - pylint pep8 yapf flake8 - # autopep8 (broken) - # pylint (broken) - ipython - llfuse - dugong - defusedxml - wheel - pip - virtualenv - pypi2nix - cffi - pyopenssl - urllib3 - mistune - - flask - - pyaml - ] ++ [ - pkgs.libffi - ]); - - staruml = callPackage ../../pkgs/staruml.nix { inherit (gnome2) GConf; libgcrypt = libgcrypt_1_5; }; - }; - }; - - home.sessionVariables = { - HM_CONFIG=builtins.toString ./.; - - GOPATH="$HOME/src/go"; - - PATH=pkgs.lib.concatStringsSep ":" [ - "$HOME/.local/bin" - "$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/bin" - "$HOME/.cargo/bin" - "$HOME/.gem/ruby/2.3.0/bin" - "$HOME/.npm-packages/bin" - "$GOPATH/bin" - "$PATH" - ]; - }; - - home.packages = [] - ++ (with pkgs; [ - # Authentication - cacert - fprintd - openssl - mkpasswd - - # Nix package related tools - patchelf - nix-index - nox - nix-prefetch-scripts - - # Version Control Systems - git-crypt - unstablepkgs.pijul - gitFull - gitless - mr - - gitRepo - - # Cloud/Remote System Management - google-cloud-sdk - ansible - nixops - unstablepkgs.terraform - awscli - hcloud - - # Process/System Administration - htop - gnome3.gnome-tweak-tool - xorg.xhost - dmidecode - python36Packages.glances - evtest - - # Archive Managers - sshfsFuse - xarchive - p7zip - zip - unzip - gzip - lzop - - # Password Management - gnupg - yubikey-neo-manager - yubikey-personalization - yubikey-personalization-gui - gnome3.gnome_keyring - gnome3.seahorse - - # Security - tpm-tools - tpmmanager - - # Web Browsers - links2 - - # Language Support - hunspellDicts.en-us - hunspellDicts.de-de - - # Messaging/Communication - pidgin - hexchat - aspellDicts.en - aspellDicts.de - unstablepkgs.skype - zoom-us - unstablepkgs.bluejeans-gui - thunderbird - gnome3.evolution # gnome4.glib_networking - tdesktop - gnome3.cheese - - # Virtualization - virtmanager - qemu - # virtualbox - vagrant - unstablepkgs.rkt - python27Packages.docker_compose - # unstablepkgs.kubernetes - unstablepkgs.minikube - unstablepkgs.openshift - # (unstablepkgs.minikube.overrideAttrs (oldAttrs: { - # patches = oldAttrs.patches ++ [ - # (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; }) - # ]; - # })) - - # Remote Control Tools - remmina - freerdp - x2goclient - teamviewer - - # Audio/Video Players - ffmpeg - vlc - audacity - spotify - smtube - python27Packages.youtube-dl-light - screenkey - quvi - - # Network Tools - openvpn - tcpdump - iftop - iperf - bind - socat - - # samba - iptables - nftables - wireshark - - # Code Editors - xclip - xsel - unstablepkgs.vscode - # (vscode-with-extensions.override { - # # When the extension is already available in the default extensions set. - # vscodeExtensions = with vscode-extensions; [ - # ] - # # Concise version from the vscode market place when not available in the default set. - # ++ vscode-utils.extensionsFromVscodeMarketplace [ - # { - # name = "vsliveshare"; - # publisher = "MS-vsliveshare"; - # version = "0.3.198"; - # sha256 = "019ffyxca3qnqyz1fr7vh0plfdkc3ikr8v295z846lghvwlzjqdh"; - # } - # ]; - # }) - - unstablepkgs.atom - - # Image/Graphic/Design Tools - gnome3.eog - gimp - imagemagick - exiv2 - graphviz - inkscape - ## barcode - qrencode - zbar - feh - # digikam - - - # Modelling Tools - plantuml - umlet - staruml - eclipses.eclipse-modeling - dia - astah-community - - # Misc Development Tools - qrcode - travis - jq - prometheus - cdrtools - - # Document Processing and Management - unstablepkgs.zathura - mendeley - jabref - zotero - hugo - pandoc - - # LaTeX - perlPackages.YAMLTiny - perlPackages.FileHomeDir - perlPackages.UnicodeLineBreak - (texlive.combine { - inherit (texlive) - scheme-small - texlive-de - texlive-en - texlive-scripts - collection-langgerman - - latexindent - latexmk - - algorithms - cm-super - - preprint - enumitem - draftwatermark - everypage - ulem - placeins - minted ifplatform fvextra xstring framed - ; - }) - - pdftk - masterpdfeditor - - # File Synchronzation - seafile-client - syncthing - grive2 - dropbox - # gocryptfs - # hubicfuse - # s3ql - # rclone - rsync - - # Filesystem Tools - ntfs3g - ddrescue - ncdu - unstablepkgs.woeusb - unetbootin - pcmanfm - hdparm - testdisk - python27Packages.binwalk - gptfdisk - - # games - zeroad - - # Compilers & Toolchains - autoconf - automake - libtool - gcc - pkgconfig - binutils - valgrind - gdb - cgdb - man-pages - gnumake - shellcheck - bazel - - ## Android - androidsdk - - ## Java - jre - openjdk - - ## Ruby - ruby - - ## Python - myPython36 - pypi2nix - - ## Webdev - nodejs-8_x - npm2nix - emscripten - etcd - sigal - - # Code generators - unstablepkgs.swagger-codegen - - # Misc Desktop Tools - ltunify - solaar - dex - roxterm - # kitty - busyboxStatic - xorg.xbacklight - coreutils - lsof - pavucontrol - x11_ssh_askpass - xdotool - xdg_utils - xdg-user-dirs - gnome3.dconf - picocom - glib.dev # contains gdbus tool - - # Screen recording - gtk-recordmydesktop # can't select the window - qt-recordmydesktop - vokoscreen - shutter - # kazam # doesn't start - # xvidcap # doesn't keep the recording rectangle - obs-studio - shotcut - openshot-qt - ]); -} diff --git a/nix/home-manager/configuration/root.nix b/nix/home-manager/configuration/text-minimal.txt similarity index 79% rename from nix/home-manager/configuration/root.nix rename to nix/home-manager/configuration/text-minimal.txt index 7430825..51d3e57 100644 --- a/nix/home-manager/configuration/root.nix +++ b/nix/home-manager/configuration/text-minimal.txt @@ -3,8 +3,6 @@ ... }: let - # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; - # unstablepkgs = import {}; in { imports = [ diff --git a/nix/os/profiles/common/pkg.nix b/nix/os/profiles/common/pkg.nix index 4c3adb5..544ea83 100644 --- a/nix/os/profiles/common/pkg.nix +++ b/nix/os/profiles/common/pkg.nix @@ -1,7 +1,11 @@ { config, pkgs, ... }: { - # Package configuration + imports = [ + "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos" + ]; + home-manager.users.root = import ../../../home-manager/configuration/text-minimal.txt; + nixpkgs.config = { allowBroken = false; allowUnfree = true; @@ -40,10 +44,4 @@ usbutils pciutils ]; - - imports = [ - "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos" - ]; - - home-manager.users.root = import ../../../home-manager/configuration/root.nix; } diff --git a/nix/os/profiles/removable-medium/pkg.nix b/nix/os/profiles/removable-medium/pkg.nix index 33ebb38..25e09ff 100644 --- a/nix/os/profiles/removable-medium/pkg.nix +++ b/nix/os/profiles/removable-medium/pkg.nix @@ -7,5 +7,5 @@ "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos" ]; - home-manager.users.steveej = import ../../../home-manager/configuration/removable-desktop.nix; + home-manager.users.steveej = import ../../../home-manager/configuration/graphical-removable.nix; } From f476755ac396ce72fdb56dbfa56cf315092fccd7 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Nov 2018 19:33:58 +0100 Subject: [PATCH 07/30] home-manager: cleanup&rename configuration --- nix/home-manager/configuration/graphical-fullblown.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index e766ab8..df7a829 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -58,7 +58,7 @@ in { home.sessionVariables = { # TODO: find a way to prevent using a store path for the current file # HM_CONFIG_PATH=builtins.toString "${./.}"; - HM_CONFIG="fullblown-workstation"; + HM_CONFIG="graphical-fullblown"; GOPATH="$HOME/src/go"; From 3316605df5662727841c5951625ce80399166dff Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Nov 2018 19:33:58 +0100 Subject: [PATCH 08/30] nix/{os,home-manager}: cleanup --- .../configuration/graphical-removable.nix | 11 ----------- nix/home-manager/configuration/text-minimal.txt | 7 ------- nix/home-manager/profiles/common.nix | 8 ++++++++ nix/home-manager/profiles/nix-channels.nix | 10 ---------- nix/home-manager/programs/pass.nix | 1 + nix/os/profiles/removable-medium/pkg.nix | 6 +----- 6 files changed, 10 insertions(+), 33 deletions(-) diff --git a/nix/home-manager/configuration/graphical-removable.nix b/nix/home-manager/configuration/graphical-removable.nix index f09788f..a9cc11a 100644 --- a/nix/home-manager/configuration/graphical-removable.nix +++ b/nix/home-manager/configuration/graphical-removable.nix @@ -60,23 +60,13 @@ in { home.packages = [] ++ (with pkgs; [ - # Authentication - cacert - fprintd - openssl - mkpasswd - # Nix package related tools patchelf nix-index nix-prefetch-scripts # Version Control Systems - git-crypt - gitFull gitless - mr - gitRepo # Process/System Administration htop @@ -96,7 +86,6 @@ in { lzop # Password Management - gnupg gnome3.gnome_keyring gnome3.seahorse diff --git a/nix/home-manager/configuration/text-minimal.txt b/nix/home-manager/configuration/text-minimal.txt index 51d3e57..42bb7e8 100644 --- a/nix/home-manager/configuration/text-minimal.txt +++ b/nix/home-manager/configuration/text-minimal.txt @@ -22,12 +22,5 @@ in { home.packages = [] ++ (with pkgs; [ - # Authentication - mkpasswd - - # Version Control Systems - git-crypt - gitFull - mr ]); } diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index ddfd3c7..8fa49be 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -47,4 +47,12 @@ in { programs.command-not-found.enable = true; programs.fzf.enable = true; + + home.packages = + [] ++ (with pkgs; [ + # Authentication + cacert + openssl + mkpasswd + ]); } diff --git a/nix/home-manager/profiles/nix-channels.nix b/nix/home-manager/profiles/nix-channels.nix index e038319..d8ac0b7 100644 --- a/nix/home-manager/profiles/nix-channels.nix +++ b/nix/home-manager/profiles/nix-channels.nix @@ -21,14 +21,4 @@ in { fi ''}; ''; - - nixpkgs.config = { - - packageOverrides = pkgs: with pkgs; { - homeshick = builtins.fetchGit { - url = "https://github.com/andsens/homeshick.git"; - ref = "master"; - }; - }; - }; } diff --git a/nix/home-manager/programs/pass.nix b/nix/home-manager/programs/pass.nix index 78eb69f..39cdb19 100644 --- a/nix/home-manager/programs/pass.nix +++ b/nix/home-manager/programs/pass.nix @@ -19,6 +19,7 @@ pass-otp qtpass rofi-pass + gnupg ]; } diff --git a/nix/os/profiles/removable-medium/pkg.nix b/nix/os/profiles/removable-medium/pkg.nix index 25e09ff..fa43b2e 100644 --- a/nix/os/profiles/removable-medium/pkg.nix +++ b/nix/os/profiles/removable-medium/pkg.nix @@ -1,11 +1,7 @@ -{ +{ ... }: { - imports = [ - "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos" - ]; - home-manager.users.steveej = import ../../../home-manager/configuration/graphical-removable.nix; } From a852067f4bb014bac03527b03a04a102bc5b143e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Nov 2018 22:06:00 +0100 Subject: [PATCH 09/30] home/qtile: make volume keys work on multiple sinks --- nix/home-manager/profiles/qtile-desktop.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix index 307ac01..fb5b3c1 100644 --- a/nix/home-manager/profiles/qtile-desktop.nix +++ b/nix/home-manager/profiles/qtile-desktop.nix @@ -9,15 +9,18 @@ let audio = pkgs.writeScript "audio" '' #!${pkgs.bash}/bin/bash + export PATH=${with pkgs; lib.makeBinPath [ + pulseaudio findutils gnugrep + ]}:$PATH case $1 in mute) - ${pkgs.pulseaudio}/bin/pactl set-sink-mute $(${pkgs.pulseaudio}/bin/pactl list short sinks | grep RUNNING | awk '{ print $1 }') toggle + pactl list short sinks | grep RUNNING | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-mute {} toggle ;; lower) - ${pkgs.pulseaudio}/bin/pactl set-sink-volume $(${pkgs.pulseaudio}/bin/pactl list short sinks | grep RUNNING | awk '{ print $1 }') -10% + pactl list short sinks | grep RUNNING | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-volume {} -10% ;; raise) - ${pkgs.pulseaudio}/bin/pactl set-sink-volume $(${pkgs.pulseaudio}/bin/pactl list short sinks | grep RUNNING | awk '{ print $1 }') +10% + pactl list short sinks | grep RUNNING | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-volume {} +10% ;; *) echo Unknown command: $1 From 9d9862816a594dde9ad4a42713334af62edf7b3a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Nov 2018 22:06:00 +0100 Subject: [PATCH 10/30] home/qtile: use external mute state and act on all sinks --- nix/home-manager/profiles/qtile-desktop.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix index fb5b3c1..610b5e0 100644 --- a/nix/home-manager/profiles/qtile-desktop.nix +++ b/nix/home-manager/profiles/qtile-desktop.nix @@ -12,15 +12,19 @@ let export PATH=${with pkgs; lib.makeBinPath [ pulseaudio findutils gnugrep ]}:$PATH + + export MUTEFILE=$HOME/.qtilemute case $1 in mute) - pactl list short sinks | grep RUNNING | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-mute {} toggle + newstate=$(( $(cat $MUTEFILE || echo 0 ) ^ 1 )) + echo -n $newstate > $MUTEFILE + pactl list short sinks | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-mute {} $newstate ;; lower) - pactl list short sinks | grep RUNNING | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-volume {} -10% + pactl list short sinks | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-volume {} -10% ;; raise) - pactl list short sinks | grep RUNNING | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-volume {} +10% + pactl list short sinks | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-volume {} +10% ;; *) echo Unknown command: $1 From 220685dd9ae5ca704959bee0b08449f876aefbb8 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Nov 2018 22:55:50 +0100 Subject: [PATCH 11/30] Justfile: move rebuild functionality into rebuild --- Justfile | 59 ++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 21 deletions(-) diff --git a/Justfile b/Justfile index 6caf3fe..0b68157 100755 --- a/Justfile +++ b/Justfile @@ -12,7 +12,40 @@ _rebuild-device dir rebuildarg="dry-activate" +moreargs="": # Rebulid this device's NixOS rebuild-this-device rebuildarg="dry-activate": - just -v _rebuild-device nix/os/devices/$(hostname -s) {{rebuildarg}} + #!/usr/bin/env bash + set -e + + function parse_hm_rebuildarg() { + case $1 in + switch) + echo switch + ;; + *) + echo build + ;; + esac + } + + export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log + export HOMEREBUILD_LOG=.$(hostname -s)_homerebuild.log + + echo Rebuilding system in {{rebuildarg}}-mode... + if just -v _rebuild-device nix/os/devices/$(hostname -s) {{rebuildarg}} > ${SYSREBUILD_LOG} 2>&1 ; then + echo System rebuild successful + else + cat ${SYSREBUILD_LOG} + echo System rebuild failed + fi + + if type home-manager > /dev/null 2>&1; then + echo Rebuilding home in $(parse_hm_rebuildarg {{rebuildarg}})-mode... + if home-manager -v $(parse_hm_rebuildarg {{rebuildarg}}) > ${HOMEREBUILD_LOG} 2>&1 ; then + echo Home rebuild successful + else + cat ${HOMEREBUILD_LOG} + echo Home rebuild failed + fi + fi # This could be used to inject another channel # --argstr moreargs "\'-I nixos-unstable=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz\'" @@ -21,28 +54,12 @@ rebuild-this-device rebuildarg="dry-activate": # Update nix-channels and switch to updated NixOS and home environments update-this-device: #!/usr/bin/env bash - export SYSUPDATE_LOG=.$(hostname -s)_sysupdate.log - export HOMEUPDATE_LOG=.$(hostname -s)_homeupdate.log + set -e + export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log echo Updating system channels... - sudo nix-channel --update > ${SYSUPDATE_LOG} 2>&1 - echo Updating system... - if just -v rebuild-this-device switch >> ${SYSUPDATE_LOG} 2>&1 ; then - echo System update successful - else - cat ${SYSUPDATE_LOG} - echo System update failed - fi - - if type home-manager > /dev/null 2>&1; then - echo Updating home... - if home-manager -v switch > ${HOMEUPDATE_LOG} 2>&1 ; then - echo Home update successful - else - cat ${HOMEUPDATE_LOG} - echo Home update failed - fi - fi + sudo nix-channel --update + just -v rebuild-this-device switch hm-iterate-qtile: #!/usr/bin/env bash From 952417f6c4a7008656035439082c8d7a4500ecb7 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 3 Nov 2018 22:56:58 +0100 Subject: [PATCH 12/30] home/qtile-desktop: add pavucontrol --- nix/home-manager/configuration/graphical-fullblown.nix | 1 - nix/home-manager/profiles/qtile-desktop.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index df7a829..13cf320 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -359,7 +359,6 @@ in { xorg.xbacklight coreutils lsof - pavucontrol x11_ssh_askpass xdotool xdg_utils diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix index 610b5e0..c954083 100644 --- a/nix/home-manager/profiles/qtile-desktop.nix +++ b/nix/home-manager/profiles/qtile-desktop.nix @@ -296,5 +296,6 @@ in { gnome3.adwaita-icon-theme lxappearance xorg.xcursorthemes + pavucontrol ]; } From c98002b7921618094d67abcff0607ae6e40f4817 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Nov 2018 01:39:37 +0100 Subject: [PATCH 13/30] Update roadmap --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index afa63d2..21dc4c2 100644 --- a/README.md +++ b/README.md @@ -31,10 +31,12 @@ In the unlikely case that you actually read this and have any questions please d - [x] declare shell.nix with runtime deps - [ ] partition/encrypt/format disks - [ ] Document bootstrap process + - [ ] a new machine + - [ ] an install media +- [ ] Design disaster recovery - [ ] Automatic backups - [ ] tracked dotfiles - [ ] detect new and untracked dotfiles? -- [ ] Design disaster recovery - [ ] Recycle *\_archived* - [ ] Maybe make this a nix-overlay @@ -44,3 +46,10 @@ In the unlikely case that you actually read this and have any questions please d ``` just --list ``` + +## Bootstrap + +### A new machine + +1. boot with an install media +2. clone infra repository From 52695c611bb4870d334bb04756185c46b60c3ce6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Nov 2018 13:10:13 +0100 Subject: [PATCH 14/30] home/qtile: store tmpfiles in $TEMPDIR --- nix/home-manager/profiles/qtile-desktop.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix index c954083..0ad46a4 100644 --- a/nix/home-manager/profiles/qtile-desktop.nix +++ b/nix/home-manager/profiles/qtile-desktop.nix @@ -13,7 +13,7 @@ let pulseaudio findutils gnugrep ]}:$PATH - export MUTEFILE=$HOME/.qtilemute + export MUTEFILE=$TEMPDIR/.qtilemute case $1 in mute) newstate=$(( $(cat $MUTEFILE || echo 0 ) ^ 1 )) @@ -45,7 +45,7 @@ logger = logging.getLogger() logger.setLevel(logging.WARN) handler = logging.handlers.RotatingFileHandler( - os.path.join(os.getenv('HOME'), '.qtilelog'), maxBytes=10240000, + os.path.join(os.getenv('TEMPDIR'), '.qtilelog'), maxBytes=10240000, backupCount=7 ) handler.setLevel(logging.WARN) @@ -55,11 +55,11 @@ logger.addHandler(handler) # def restart_on_randr(qtile, ev): # import time # -# with open(os.path.join(os.environ['HOME'], ".qtilelastrestart"), "w"): +# with open(os.path.join(os.environ['TEMPDIR'], ".qtilelastrestart"), "w"): # pass # # lastRestart = 0 -# with open(os.path.join(os.environ['HOME'], ".qtilelastrestart"), "r+") as lastRestartFile: +# with open(os.path.join(os.environ['TEMPDIR'], ".qtilelastrestart"), "r+") as lastRestartFile: # lastRestartStr = lastRestartFile.read() # if len(lastRestartStr) > 0: # lastRestart = float(lastRestartStr) From 726e32d40821a0cc0c8ee13f0d1bb6951e611677 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Nov 2018 13:41:45 +0100 Subject: [PATCH 15/30] shell: add emergency tools --- shell.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/shell.nix b/shell.nix index b79404e..9ea28a3 100644 --- a/shell.nix +++ b/shell.nix @@ -27,6 +27,9 @@ stdenv.mkDerivation { name = "infra-env"; buildInputs = [ just + git-crypt + vcsh + gnupg ]; # Set Environment Variables From fa8eab4b753dfa42c9bebb561730882df2cce0ae Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Nov 2018 14:01:04 +0100 Subject: [PATCH 16/30] home/qtile: handle missing TEMPDIR --- nix/home-manager/profiles/qtile-desktop.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix index 0ad46a4..97d4f26 100644 --- a/nix/home-manager/profiles/qtile-desktop.nix +++ b/nix/home-manager/profiles/qtile-desktop.nix @@ -13,7 +13,7 @@ let pulseaudio findutils gnugrep ]}:$PATH - export MUTEFILE=$TEMPDIR/.qtilemute + export MUTEFILE=''${TEMPDIR:-/tmp}./.qtilemute case $1 in mute) newstate=$(( $(cat $MUTEFILE || echo 0 ) ^ 1 )) @@ -45,7 +45,7 @@ logger = logging.getLogger() logger.setLevel(logging.WARN) handler = logging.handlers.RotatingFileHandler( - os.path.join(os.getenv('TEMPDIR'), '.qtilelog'), maxBytes=10240000, + os.path.join(os.getenv('TEMPDIR', default="/tmp"), '.qtilelog'), maxBytes=10240000, backupCount=7 ) handler.setLevel(logging.WARN) @@ -55,11 +55,11 @@ logger.addHandler(handler) # def restart_on_randr(qtile, ev): # import time # -# with open(os.path.join(os.environ['TEMPDIR'], ".qtilelastrestart"), "w"): +# with open(os.path.join(os.environ['TEMPDIR', default="/tmp"], ".qtilelastrestart"), "w"): # pass # # lastRestart = 0 -# with open(os.path.join(os.environ['TEMPDIR'], ".qtilelastrestart"), "r+") as lastRestartFile: +# with open(os.path.join(os.environ['TEMPDIR', default="/tmp"], ".qtilelastrestart"), "r+") as lastRestartFile: # lastRestartStr = lastRestartFile.read() # if len(lastRestartStr) > 0: # lastRestart = float(lastRestartStr) From 7572248be006a91ff5d8a5aca580148eb4efaf05 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Nov 2018 14:01:21 +0100 Subject: [PATCH 17/30] home/common: add git helpers --- nix/home-manager/configuration/graphical-fullblown.nix | 1 - nix/home-manager/profiles/common.nix | 4 ++++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 13cf320..5240adc 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -88,7 +88,6 @@ in { nix-prefetch-scripts # Version Control Systems - git-crypt unstablepkgs.pijul gitless gitRepo diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 8fa49be..5088769 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -50,6 +50,10 @@ in { home.packages = [] ++ (with pkgs; [ + # git helpers + git-crypt + + vcsh # Authentication cacert openssl From c996484c84f8f6edb874f5e33d771f1df7e06654 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Nov 2018 14:07:02 +0100 Subject: [PATCH 18/30] Justfile/hm-iterate-qtile: fallback to building system --- Justfile | 2 +- nix/variables/passwords.crypt.nix | Bin 283 -> 3 bytes 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index 0b68157..34fa1e5 100755 --- a/Justfile +++ b/Justfile @@ -64,7 +64,7 @@ update-this-device: hm-iterate-qtile: #!/usr/bin/env bash set -xe - home-manager switch + home-manager switch || just -v rebuild-this-device switch Xephyr -ac -br -resizeable :1 & XEPHYR_PID=$! echo ${XEPHYR_PID} diff --git a/nix/variables/passwords.crypt.nix b/nix/variables/passwords.crypt.nix index 2ff89f73359171e1e0f5e91f79a8da423d56eaaf..0967ef424bce6791893e9a57bb952f80fd536e93 100644 GIT binary patch literal 3 Kcmb=f^Sm`#{SArfAI?sA6jYzuxE1zsy)xlWY_6_0Ru>a%#RJ203N-BZ`DyykJ5|v zOBQc;SuA%X-FoHc?Jsf_{><7Cki7SNbLE=lF8?=e_#!(Y|E&3TjV84?r8%;?-gP(F zoYqXay?NHj-c9xj8FQDtdofY+)OyXvg{-^G(<1DjW|T}+WuIdxr9JViRb9mYLdGTg uG9IdBGwJ)JE4OP^oxF84t*oI Date: Sun, 4 Nov 2018 14:53:10 +0100 Subject: [PATCH 19/30] nix/home: fix typo --- nix/home-manager/profiles/nix-channels.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/home-manager/profiles/nix-channels.nix b/nix/home-manager/profiles/nix-channels.nix index d8ac0b7..faa9984 100644 --- a/nix/home-manager/profiles/nix-channels.nix +++ b/nix/home-manager/profiles/nix-channels.nix @@ -10,7 +10,7 @@ in { https://nixos.org/channels/nixos-unstable nixos-unstable ''; - home.activation._removeExistingNixChannels = config.lib.dag.entryBefore ["checkLinkTargets"] '' + home.activation.removeExistingNixChannels = config.lib.dag.entryBefore ["checkLinkTargets"] '' $DRY_RUN_CMD ${pkgs.writeScript "activation-script" '' set -ex if test -f $HOME/.nix-channels; then From 4081bc6328ea00985ef47c9358d4db190a38cbc5 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Nov 2018 14:52:52 +0100 Subject: [PATCH 20/30] nix/home: handle dotfiles via vcsh --- .../configuration/graphical-fullblown.nix | 1 + .../configuration/graphical-removable.nix | 1 + nix/home-manager/profiles/dotfiles.nix | 31 +++++++++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 nix/home-manager/profiles/dotfiles.nix diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 5240adc..9d0c8aa 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -10,6 +10,7 @@ in { imports = [ ../profiles/common.nix ../profiles/qtile-desktop.nix + ../profiles/dotfiles.nix ../programs/emacs.nix ../programs/firefox.nix ../programs/chromium.nix diff --git a/nix/home-manager/configuration/graphical-removable.nix b/nix/home-manager/configuration/graphical-removable.nix index a9cc11a..2396faa 100644 --- a/nix/home-manager/configuration/graphical-removable.nix +++ b/nix/home-manager/configuration/graphical-removable.nix @@ -8,6 +8,7 @@ in { imports = [ ../profiles/common.nix ../profiles/qtile-desktop.nix + ../profiles/dotfiles.nix ../programs/emacs.nix ../programs/firefox.nix ../programs/chromium.nix diff --git a/nix/home-manager/profiles/dotfiles.nix b/nix/home-manager/profiles/dotfiles.nix new file mode 100644 index 0000000..e0c18f6 --- /dev/null +++ b/nix/home-manager/profiles/dotfiles.nix @@ -0,0 +1,31 @@ +{ pkgs +, config +, ... +}: + +let + repoHttps = "https://gitlab.com/steveeJ/dotfiles.git"; + repoSsh = "git@gitlab.com:/steveeJ/dotfiles.git"; +in { + home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] '' + $DRY_RUN_CMD ${pkgs.writeScript "activation-script" '' + set -e + export HOST=$(hostname -s) + + function set_remotes { + ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin ${repoHttps} + ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin ${repoSsh} + } + + if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then + echo Cloning dotfiles for $HOST... + ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoHttps} + set_remotes + else + echo Updating dotfiles for $HOST... + set_remotes + ${pkgs.vcsh}/bin/vcsh pull $HOST + fi + ''}; + ''; +} From a71fe67e78749e82d9a365c94fcdcf5979840e5c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Nov 2018 19:27:12 +0100 Subject: [PATCH 21/30] readd pws --- nix/variables/passwords.crypt.nix | Bin 3 -> 283 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/nix/variables/passwords.crypt.nix b/nix/variables/passwords.crypt.nix index 0967ef424bce6791893e9a57bb952f80fd536e93..2ff89f73359171e1e0f5e91f79a8da423d56eaaf 100644 GIT binary patch literal 283 zcmZQ@_Y83kiVO&0n3Axr(@Z2lCHbBItZBM0O}W=<-RTbf8E~$IUB-67E6pE!Pwv&c zaqRx}??)ECJ$mqpW!&YMZTFZ?CZ7{cRDT`4wj{4>^Sm`#{SArfAI?sA6jYzuxE1zsy)xlWY_6_0Ru>a%#RJ203N-BZ`DyykJ5|v zOBQc;SuA%X-FoHc?Jsf_{><7Cki7SNbLE=lF8?=e_#!(Y|E&3TjV84?r8%;?-gP(F zoYqXay?NHj-c9xj8FQDtdofY+)OyXvg{-^G(<1DjW|T}+WuIdxr9JViRb9mYLdGTg uG9IdBGwJ)JE4OP^oxF84t*oI Date: Sun, 4 Nov 2018 22:04:22 +0100 Subject: [PATCH 22/30] dotfiles/vcsh: populate nix store with dotfiles mirror --- Justfile | 3 +- nix/home-manager/profiles/dotfiles.nix | 24 ++---------- nix/home-manager/profiles/dotfiles/.gitignore | 1 + .../profiles/dotfiles/vcsh.tmpl.nix | 38 +++++++++++++++++++ nix/scripts/pre-eval-fixed.sh | 5 +++ 5 files changed, 49 insertions(+), 22 deletions(-) create mode 100644 nix/home-manager/profiles/dotfiles/.gitignore create mode 100644 nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix create mode 100755 nix/scripts/pre-eval-fixed.sh diff --git a/Justfile b/Justfile index 34fa1e5..eba55da 100755 --- a/Justfile +++ b/Justfile @@ -7,9 +7,10 @@ _device action dir +moreargs="": sudo $(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A {{action}} --argstr dir {{dir}} {{moreargs}}) _rebuild-device dir rebuildarg="dry-activate" +moreargs="": + #!/usr/bin/env bash + nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} {{moreargs}} - # Rebulid this device's NixOS rebuild-this-device rebuildarg="dry-activate": #!/usr/bin/env bash diff --git a/nix/home-manager/profiles/dotfiles.nix b/nix/home-manager/profiles/dotfiles.nix index e0c18f6..2609ee2 100644 --- a/nix/home-manager/profiles/dotfiles.nix +++ b/nix/home-manager/profiles/dotfiles.nix @@ -4,28 +4,10 @@ }: let - repoHttps = "https://gitlab.com/steveeJ/dotfiles.git"; - repoSsh = "git@gitlab.com:/steveeJ/dotfiles.git"; + vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix {}; + in { home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] '' - $DRY_RUN_CMD ${pkgs.writeScript "activation-script" '' - set -e - export HOST=$(hostname -s) - - function set_remotes { - ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin ${repoHttps} - ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin ${repoSsh} - } - - if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then - echo Cloning dotfiles for $HOST... - ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoHttps} - set_remotes - else - echo Updating dotfiles for $HOST... - set_remotes - ${pkgs.vcsh}/bin/vcsh pull $HOST - fi - ''}; + $DRY_RUN_CMD ${vcshActivationScript} ''; } diff --git a/nix/home-manager/profiles/dotfiles/.gitignore b/nix/home-manager/profiles/dotfiles/.gitignore new file mode 100644 index 0000000..f3f979e --- /dev/null +++ b/nix/home-manager/profiles/dotfiles/.gitignore @@ -0,0 +1 @@ +vcsh.nix diff --git a/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix b/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix new file mode 100644 index 0000000..fe99c8d --- /dev/null +++ b/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix @@ -0,0 +1,38 @@ +{ pkgs +, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git" +, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git" +, ... +}: + +let + repoHttps = "https://gitlab.com/steveeJ/dotfiles.git"; + repoSsh = "git@gitlab.com:/steveeJ/dotfiles.git"; + repoBareLocal = pkgs.runCommand "fetchbare" { + outputHashMode = "recursive"; + outputHashAlgo = "sha256"; + outputHash = "0000000000000000000000000000000000000000000000000000"; + } '' + export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + ${pkgs.git}/bin/git clone --mirror ${repoHttps} $out + ''; + +in pkgs.writeScript "activation-script" '' + export HOST=$(hostname -s) + + function set_remotes { + ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1 + ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2 + } + + if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then + echo Cloning dotfiles for $HOST... + ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} + set_remotes ${repoHttps} ${repoSsh} + else + set_remotes ${repoBareLocal} ${repoSsh} + echo Updating dotfiles for $HOST... + ${pkgs.vcsh}/bin/vcsh pull $HOST || true + set_remotes ${repoHttps} ${repoSsh} + fi + '' diff --git a/nix/scripts/pre-eval-fixed.sh b/nix/scripts/pre-eval-fixed.sh new file mode 100755 index 0000000..0b22a4f --- /dev/null +++ b/nix/scripts/pre-eval-fixed.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +INFILE="${1:?Please set arg1 to INFILE}" +OUTFILE="${2:?Please set arg2 to OUTFILE}" +hash=$(nix-build ${INFILE} --arg pkgs 'import {}' --arg config 'null' 2>&1 | grep -oE '[0-9a-z]{52}' | head -n1) +sed -E "s/0{52}/${hash}/" ${INFILE} > ${OUTFILE} From f94d349398801414bf991327f46c9fe12d07b32b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Nov 2018 23:56:36 +0100 Subject: [PATCH 23/30] nix/os: more work on partition handling --- Justfile | 26 +++++++++++++++++++++++--- nix/os/devices/default.nix | 4 ++-- nix/os/modules/encryptedDisk.nix | 14 ++++++++++++-- 3 files changed, 37 insertions(+), 7 deletions(-) diff --git a/Justfile b/Justfile index eba55da..18b7c37 100755 --- a/Justfile +++ b/Justfile @@ -76,15 +76,35 @@ hm-iterate-qtile: # Sorry, this is a manual step for now. Please see nix/os/modules/encryptedDisk.nix for the layout disk-prepare: echo NOT IMPLEMENTED + # GPT partition table + # part1: size: 1MiB type: 4 BIOS BOOT + # part2: size: 512MiB label: 2-DISKID (36 char limit?) + # part3: size: * label: 3-DISKID (36 char limit?) + # cryptsetup format part3 + # vgcreate DISKID part3 + # lvcreate DISKID -L 8G -n swap + # lvcreate DISKID -l 100%FREE -n root + # sudo mkfs.vfat -F32 part2 + # sudo mkfs.btrfs /dev/DISKID/root + # sudo mkswap /dev/DISKID/swap + # sudo mount /dev/DISKID/root /mnt + # sudo btrfs subvolume create nixos + # sudo btrfs subvolume create home + # sudo mount /dev/disk/by-partlabel/3-DISKID /mnt/DISKID-root + # pushd /dev/disk/by-partlabel/3-DISKID /mnt/DISKID-root + # sudo btrfs subvolume create nixos + # sudo mkdir nixos/{boot,home} + # sudo btrfs subvolume create home + # # Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6' disk-mount dir: - just -v _device diskMount {{dir}} + just -v _device diskMount {{dir}} --argstr rebuildarg "dummy" # Unmount target disk, specified by device configuration directory disk-umount dir: - just -v _device diskUmount {{dir}} + just -v _device diskUmount {{dir}} --argstr rebuildarg "dummy" # Perform an offline installation on the mounted the target disk, specified by device configuration directory disk-install dir: - just -v _device diskInstall {{dir}} + just -v _device diskInstall {{dir}} --argstr rebuildarg "dummy" diff --git a/nix/os/devices/default.nix b/nix/os/devices/default.nix index 071d1e8..7c620af 100644 --- a/nix/os/devices/default.nix +++ b/nix/os/devices/default.nix @@ -31,12 +31,12 @@ in { ID=${diskId} echo Mounting $ID set -xe - cryptsetup luksOpen /dev/disk/by-partlabel/$ID-part3 $ID-part3 + cryptsetup luksOpen /dev/disk/by-id/$ID-part3 $ID-part3 vgchange -ay $ID mkdir -p /mnt/$ID-root mount /dev/$ID/root /mnt/$ID-root -o subvol=nixos mount /dev/$ID/root /mnt/$ID-root/home -o subvol=home - mount /dev/disk/by-partlabel/$ID-part2 /mnt/$ID-root/boot + mount /dev/disk/by-id/$ID-part2 /mnt/$ID-root/boot ''; diskUmount = pkgs.writeScript "script" '' diff --git a/nix/os/modules/encryptedDisk.nix b/nix/os/modules/encryptedDisk.nix index 74e865c..961a99c 100644 --- a/nix/os/modules/encryptedDisk.nix +++ b/nix/os/modules/encryptedDisk.nix @@ -6,13 +6,23 @@ with lib; let cfg = config.hardware.encryptedDisk; + volumeGroup = cfg.diskId; + + # This is important at install-time bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ]; - bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part2" ]; - bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part3" ]; + + # These are guaranteed by LVM rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ]; swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ]; + # TODO: verify the GPT PARTLABEL cap at 36 chars + shortenPartlabel = name: (builtins.substring 0 36 name); + # Cannot use the disk ID here because might be different at install vs. runtime. + # Example: MMC card which is used in the internal reader vs. USB reader + bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("2-"+cfg.diskId))]; + bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("3-"+cfg.diskId))]; + in { options.hardware.encryptedDisk = { enable = mkEnableOption "Enable encrypted filesystem layout"; From 4ded9d0d70672a6fbd0f634d05f3d67ca0723900 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Nov 2018 23:56:48 +0100 Subject: [PATCH 24/30] nix/os: fix /bin activation and some cleanup --- nix/os/devices/steveej-laptop/configuration.nix | 5 ----- nix/os/profiles/common/system.nix | 1 + 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/nix/os/devices/steveej-laptop/configuration.nix b/nix/os/devices/steveej-laptop/configuration.nix index c0d100e..da100b3 100644 --- a/nix/os/devices/steveej-laptop/configuration.nix +++ b/nix/os/devices/steveej-laptop/configuration.nix @@ -1,11 +1,6 @@ { ... }: { - nixpkgs.config = { - allowBroken = false; - allowUnfree = true; - }; - imports = [ ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index b6fc3ef..d7a596f 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -48,6 +48,7 @@ # Activation scripts for impure set up of paths in / system.activationScripts.bin = '' echo "setting up /bin..." + mkdir -p /bin ln -sfT ${pkgs.bash}/bin/bash /bin/.bash mv -Tf /bin/.bash /bin/bash ''; From 40fd476f0b937c37d7e649b3646f430f133a3055 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 5 Nov 2018 00:05:45 +0100 Subject: [PATCH 25/30] nix/os/devices: add steveej-t480s-work --- .../steveej-t480s-work/configuration.nix | 12 +++++ nix/os/devices/steveej-t480s-work/hw.nix | 24 +++++++++ nix/os/devices/steveej-t480s-work/system.nix | 49 +++++++++++++++++++ 3 files changed, 85 insertions(+) create mode 100644 nix/os/devices/steveej-t480s-work/configuration.nix create mode 100644 nix/os/devices/steveej-t480s-work/hw.nix create mode 100644 nix/os/devices/steveej-t480s-work/system.nix diff --git a/nix/os/devices/steveej-t480s-work/configuration.nix b/nix/os/devices/steveej-t480s-work/configuration.nix new file mode 100644 index 0000000..913e25e --- /dev/null +++ b/nix/os/devices/steveej-t480s-work/configuration.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + imports = [ + ../../profiles/common/configuration.nix + ../../profiles/graphical/configuration.nix + ../../modules/encryptedDisk.nix + + ./system.nix + ./hw.nix + ]; +} diff --git a/nix/os/devices/steveej-t480s-work/hw.nix b/nix/os/devices/steveej-t480s-work/hw.nix new file mode 100644 index 0000000..074a132 --- /dev/null +++ b/nix/os/devices/steveej-t480s-work/hw.nix @@ -0,0 +1,24 @@ +{ ... }: + +{ + # TASK: new device + hardware.encryptedDisk = { + enable = true; + diskId = "nvme-SAMSUNG_MZVLW256HEHP-000L7_S35ENX0K827498"; + }; + + nix.maxJobs = 3; + nix.buildCores = 3; + + hardware.enableAllFirmware = true; + hardware.trackpoint.emulateWheel = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModprobeConfig = '' + options kvm-intel nested=1 + options kvm-intel enable_shadow_vmcs=1 + options kvm-intel enable_apicv=1 + options kvm-intel ept=1 + ''; +} diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix new file mode 100644 index 0000000..3c819b8 --- /dev/null +++ b/nix/os/devices/steveej-t480s-work/system.nix @@ -0,0 +1,49 @@ +{ pkgs +, lib +, ... }: + +{ + # TASK: new device + networking.hostName = "steveej-t480s-work"; # Define your hostname. + + # Used for testing local Tectonic clusters + environment.etc."NetworkManager/dnsmasq.d/tectonic.conf".text = '' + server=/tt.testing/192.168.124.1 + server=/tectonic-ci.de/192.168.124.1 + server=/tectonic-ci.lan/192.168.124.1 + ''; + networking.firewall.enable = lib.mkForce false; + networking.firewall.checkReversePath = false; + + networking.bridges."virbr1".interfaces = []; + networking.interfaces."virbr1".ipv4.addresses = [ + { address = "10.254.254.254"; prefixLength = 24; } + ]; + + services.printing = { + enable = true; + drivers = with pkgs; [ + hplip + cups-kyodialog3 + mfcj6510dwlpr + mfcj6510dw-cupswrapper + ]; + }; + + services.fprintd.enable = true; + security.pam.services = { + login.fprintAuth = true; + sudo.fprintAuth = true; + }; + + # Kubernetes + # services.kubernetes.roles = ["master" "node"]; + + # virtualization + virtualisation = { + libvirtd.enable = true; + virtualbox.host.enable = true; + virtualbox.host.addNetworkInterface = true; + docker.enable = true; + }; +} From 8baa3cf42d12f076bd3aaa35c5f8185c974dca73 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 5 Nov 2018 12:04:06 +0100 Subject: [PATCH 26/30] nix/os: tidy up hw/boot handling --- nix/os/devices/steveej-laptop/boot.nix | 6 ---- nix/os/devices/steveej-laptop/hw.nix | 19 +++++-------- .../steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix | 6 +++- nix/os/devices/steveej-t480s-work/hw.nix | 12 ++++---- nix/os/devices/steveej-t480s-work/system.nix | 11 ++++---- nix/os/profiles/common/boot.nix | 7 +++++ nix/os/profiles/common/configuration.nix | 1 + nix/os/profiles/common/hw.nix | 14 ++++++++++ nix/os/profiles/graphical/boot.nix | 7 +++++ nix/os/profiles/graphical/configuration.nix | 6 ++-- nix/os/profiles/graphical/hw.nix | 7 +++++ nix/os/profiles/removable-medium/boot.nix | 28 ------------------- nix/os/profiles/removable-medium/hw.nix | 1 - 13 files changed, 63 insertions(+), 62 deletions(-) create mode 100644 nix/os/profiles/common/hw.nix create mode 100644 nix/os/profiles/graphical/boot.nix create mode 100644 nix/os/profiles/graphical/hw.nix diff --git a/nix/os/devices/steveej-laptop/boot.nix b/nix/os/devices/steveej-laptop/boot.nix index 975fc6e..7c689ce 100644 --- a/nix/os/devices/steveej-laptop/boot.nix +++ b/nix/os/devices/steveej-laptop/boot.nix @@ -4,10 +4,4 @@ # workaround to disable CPU wining # current CPU has 9 idle cstates. boot.kernelParams = [ "intel_idle.max_cstate=9" ]; - - # Workaround for nm-pptp to enforce module load - boot.kernelModules = [ - "nf_conntrack_proto_gre" - "nf_conntrack_pptp" - ]; } diff --git a/nix/os/devices/steveej-laptop/hw.nix b/nix/os/devices/steveej-laptop/hw.nix index 8af9706..9e66240 100644 --- a/nix/os/devices/steveej-laptop/hw.nix +++ b/nix/os/devices/steveej-laptop/hw.nix @@ -4,26 +4,21 @@ { config, lib, pkgs, ... }: { - nix.maxJobs = 3; - nix.buildCores = 3; + boot.initrd.availableKernelModules = [ + "aesni_intel" + "kvm-intel" + "aes_x86_64" + ]; - hardware.enableAllFirmware = true; - hardware.trackpoint.emulateWheel = true; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; boot.extraModprobeConfig = '' options kvm-intel nested=1 options kvm-intel enable_shadow_vmcs=1 options kvm-intel enable_apicv=1 options kvm-intel ept=1 ''; - boot.extraModulePackages = [ ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - fileSystems."/boot" = { + # TODO: migrate this to the encryptedDisk module + fileSystems."/boot" = { device = "/dev/disk/by-uuid/445D-DBAA"; fsType = "vfat"; }; diff --git a/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix index 6aa9818..1c7f7a3 100644 --- a/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix +++ b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix @@ -1,5 +1,9 @@ { ... }: { - hardware.encryptedDisk.diskId = "mmc-SL32G_0x259093f6"; + # TASK: new device + hardware.encryptedDisk = { + enable = true; + diskId = "mmc-SL32G_0x259093f6"; + }; } diff --git a/nix/os/devices/steveej-t480s-work/hw.nix b/nix/os/devices/steveej-t480s-work/hw.nix index 074a132..b2b8293 100644 --- a/nix/os/devices/steveej-t480s-work/hw.nix +++ b/nix/os/devices/steveej-t480s-work/hw.nix @@ -7,14 +7,12 @@ diskId = "nvme-SAMSUNG_MZVLW256HEHP-000L7_S35ENX0K827498"; }; - nix.maxJobs = 3; - nix.buildCores = 3; + boot.initrd.availableKernelModules = [ + "aesni_intel" + "kvm-intel" + "aes_x86_64" + ]; - hardware.enableAllFirmware = true; - hardware.trackpoint.emulateWheel = true; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; boot.extraModprobeConfig = '' options kvm-intel nested=1 options kvm-intel enable_shadow_vmcs=1 diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix index 3c819b8..a44044f 100644 --- a/nix/os/devices/steveej-t480s-work/system.nix +++ b/nix/os/devices/steveej-t480s-work/system.nix @@ -30,11 +30,12 @@ ]; }; - services.fprintd.enable = true; - security.pam.services = { - login.fprintAuth = true; - sudo.fprintAuth = true; - }; +# TODO: get external fingerprint reader +# services.fprintd.enable = true; +# security.pam.services = { +# login.fprintAuth = true; +# sudo.fprintAuth = true; +# }; # Kubernetes # services.kubernetes.roles = ["master" "node"]; diff --git a/nix/os/profiles/common/boot.nix b/nix/os/profiles/common/boot.nix index 8e1a03c..3d035cc 100644 --- a/nix/os/profiles/common/boot.nix +++ b/nix/os/profiles/common/boot.nix @@ -11,7 +11,14 @@ version = 2; }; + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.tmpOnTmpfs = true; + + # Workaround for nm-pptp to enforce module load + boot.kernelModules = [ + "nf_conntrack_proto_gre" + "nf_conntrack_pptp" + ]; } diff --git a/nix/os/profiles/common/configuration.nix b/nix/os/profiles/common/configuration.nix index a2519ca..0540f85 100644 --- a/nix/os/profiles/common/configuration.nix +++ b/nix/os/profiles/common/configuration.nix @@ -6,5 +6,6 @@ ./pkg.nix ./user.nix ./system.nix + ./hw.nix ]; } diff --git a/nix/os/profiles/common/hw.nix b/nix/os/profiles/common/hw.nix new file mode 100644 index 0000000..885663e --- /dev/null +++ b/nix/os/profiles/common/hw.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + hardware.trackpoint.emulateWheel = true; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + "cryptd" + ]; +} diff --git a/nix/os/profiles/graphical/boot.nix b/nix/os/profiles/graphical/boot.nix new file mode 100644 index 0000000..e4d35b0 --- /dev/null +++ b/nix/os/profiles/graphical/boot.nix @@ -0,0 +1,7 @@ + +{ lib +, ... +}: + +{ +} diff --git a/nix/os/profiles/graphical/configuration.nix b/nix/os/profiles/graphical/configuration.nix index ee53530..1ab66e9 100644 --- a/nix/os/profiles/graphical/configuration.nix +++ b/nix/os/profiles/graphical/configuration.nix @@ -1,9 +1,11 @@ { pkgs -, ... +, ... }: { - imports = [ + imports = [ + ./boot.nix ./system.nix + ./hw.nix ]; } diff --git a/nix/os/profiles/graphical/hw.nix b/nix/os/profiles/graphical/hw.nix new file mode 100644 index 0000000..7cc04be --- /dev/null +++ b/nix/os/profiles/graphical/hw.nix @@ -0,0 +1,7 @@ +{ +... +}: + +{ + hardware.enableAllFirmware = true; +} diff --git a/nix/os/profiles/removable-medium/boot.nix b/nix/os/profiles/removable-medium/boot.nix index 7c3d25b..b3939cb 100644 --- a/nix/os/profiles/removable-medium/boot.nix +++ b/nix/os/profiles/removable-medium/boot.nix @@ -5,33 +5,5 @@ { boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.efi.canTouchEfiVariables = lib.mkForce false; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "rtsx_pci_sdmmc" - "aes_x86_64" - "aesni_intel" - "cryptd" - ]; - - boot.kernelModules = [ - "kvm-intel" - - # Workaround for nm-pptp to enforce module load - "nf_conntrack_proto_gre" - "nf_conntrack_pptp" - ]; - - boot.extraModprobeConfig = '' - options kvm-intel nested=1 - options kvm-intel enable_shadow_vmcs=1 - options kvm-intel enable_apicv=1 - options kvm-intel ept=1 - ''; boot.extraModulePackages = [ ]; - - boot.loader.systemd-boot.enable = true; } diff --git a/nix/os/profiles/removable-medium/hw.nix b/nix/os/profiles/removable-medium/hw.nix index dc39ae9..99f014f 100644 --- a/nix/os/profiles/removable-medium/hw.nix +++ b/nix/os/profiles/removable-medium/hw.nix @@ -3,5 +3,4 @@ { hardware.encryptedDisk.enable = true; hardware.enableAllFirmware = true; - hardware.trackpoint.emulateWheel = true; } From ed6aac61854509555e39a7ee6e7fa2ac0e463173 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 5 Nov 2018 14:31:58 +0100 Subject: [PATCH 27/30] steveej-t480-work: add NVMe support and user packages --- .../configuration/graphical-fullblown.nix | 6 +++--- .../steveej-t480s-work/configuration.nix | 1 + nix/os/devices/steveej-t480s-work/hw.nix | 18 ++++++++++++------ nix/os/devices/steveej-t480s-work/pkg.nix | 7 +++++++ 4 files changed, 23 insertions(+), 9 deletions(-) create mode 100644 nix/os/devices/steveej-t480s-work/pkg.nix diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 9d0c8aa..b18a0df 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -1,10 +1,10 @@ { pkgs -, config, -... }: +, config +, ... }: let # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; - unstablepkgs = import {}; + unstablepkgs = import { config = config.nixpkgs.config; }; in { imports = [ diff --git a/nix/os/devices/steveej-t480s-work/configuration.nix b/nix/os/devices/steveej-t480s-work/configuration.nix index 913e25e..6fd394a 100644 --- a/nix/os/devices/steveej-t480s-work/configuration.nix +++ b/nix/os/devices/steveej-t480s-work/configuration.nix @@ -8,5 +8,6 @@ ./system.nix ./hw.nix + ./pkg.nix ]; } diff --git a/nix/os/devices/steveej-t480s-work/hw.nix b/nix/os/devices/steveej-t480s-work/hw.nix index b2b8293..d8b4ab8 100644 --- a/nix/os/devices/steveej-t480s-work/hw.nix +++ b/nix/os/devices/steveej-t480s-work/hw.nix @@ -1,5 +1,15 @@ { ... }: +let + stage1Modules = [ + "aesni_intel" + "kvm-intel" + "aes_x86_64" + "nvme" + "nvme_core" + ]; + +in { # TASK: new device hardware.encryptedDisk = { @@ -7,12 +17,8 @@ diskId = "nvme-SAMSUNG_MZVLW256HEHP-000L7_S35ENX0K827498"; }; - boot.initrd.availableKernelModules = [ - "aesni_intel" - "kvm-intel" - "aes_x86_64" - ]; - + # boot.initrd.availableKernelModules = stage1Modules; + boot.initrd.kernelModules = stage1Modules; boot.extraModprobeConfig = '' options kvm-intel nested=1 options kvm-intel enable_shadow_vmcs=1 diff --git a/nix/os/devices/steveej-t480s-work/pkg.nix b/nix/os/devices/steveej-t480s-work/pkg.nix new file mode 100644 index 0000000..0bbf536 --- /dev/null +++ b/nix/os/devices/steveej-t480s-work/pkg.nix @@ -0,0 +1,7 @@ +{ +... +}: + +{ + home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix; +} From b3d3c8b0869a1d4b8b21af90eb617518ed091c3a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 5 Nov 2018 13:58:06 +0100 Subject: [PATCH 28/30] README: add bugs --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 21dc4c2..69a5680 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,9 @@ In the unlikely case that you actually read this and have any questions please d - [ ] Recycle *\_archived* - [ ] Maybe make this a nix-overlay +## Bugs +- [ ] home-manager leaves ~/.gnupg at 0755 + ## Usage *(These are reminders for my future self)* From ef8d63c80e8596012f9c3bf801e9852bc33c80cf Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 10 Nov 2018 11:29:42 +0100 Subject: [PATCH 29/30] nix: bump just and add to common profile --- nix/home-manager/profiles/common.nix | 4 ++++ nix/pkgs/just.nix | 24 ++++++++++++++++++++++++ shell.nix | 22 +--------------------- 3 files changed, 29 insertions(+), 21 deletions(-) create mode 100644 nix/pkgs/just.nix diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 5088769..e0d029a 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -25,6 +25,8 @@ in { dropbearStatic = dropbear.override { enableStatic = true; }; + + just = pkgs.callPackage ../../pkgs/just.nix {}; }; }; @@ -58,5 +60,7 @@ in { cacert openssl mkpasswd + + just ]); } diff --git a/nix/pkgs/just.nix b/nix/pkgs/just.nix new file mode 100644 index 0000000..f1a0fa5 --- /dev/null +++ b/nix/pkgs/just.nix @@ -0,0 +1,24 @@ +{ rustPlatform +, stdenv +}: + + rustPlatform.buildRustPackage rec { + name = "just-${version}"; + version = "849cdcb37fb42feb5e8724ec9fb3b34027e0da4f"; + src = builtins.fetchGit { + url = "https://github.com/casey/just.git"; + rev = version; + }; + + cargoSha256 = "0awfq9fhcin2q6mvv54xw6i6pxhdp9xa1cpx3jmpf3a6h8l6s9wp"; + + doCheck = false; + + meta = with stdenv.lib; { + description = "Just a command runner "; + homepage = https://github.com/casey/just; + license = licenses.unlicense; + maintainers = [ ]; + platforms = platforms.all; + }; + } diff --git a/shell.nix b/shell.nix index 9ea28a3..a0f6894 100644 --- a/shell.nix +++ b/shell.nix @@ -1,32 +1,12 @@ with import {}; let - just = rustPlatform.buildRustPackage rec { - name = "just-${version}"; - version = "git"; - src = builtins.fetchGit { - url = "https://github.com/casey/just.git"; - rev = "6430d38a6a489ba4e818b6a892e8bbbbacbfe8f3"; - }; - - cargoSha256 = "0awfq9fhcin2q6mvv54xw6i6pxhdp9xa1cpx3jmpf3a6h8l6s9wp"; - - doCheck = false; - - meta = with stdenv.lib; { - description = "Just a command runner "; - homepage = https://github.com/casey/just; - license = licenses.unlicense; - maintainers = [ ]; - platforms = platforms.all; - }; - }; in stdenv.mkDerivation { name = "infra-env"; buildInputs = [ - just + (pkgs.callPackage ./nix/pkgs/just.nix {}) git-crypt vcsh gnupg From 8e2f936aba60312eb2bebb7b7657102428f6f5a7 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 10 Nov 2018 11:32:20 +0100 Subject: [PATCH 30/30] nix/home: use zathura from stable --- nix/home-manager/configuration/graphical-fullblown.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index b18a0df..701971c 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -246,7 +246,7 @@ in { cdrtools # Document Processing and Management - unstablepkgs.zathura + zathura mendeley jabref zotero