steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'staging' into 'master'

Browse source 
Merge staging to master

See merge request steveeJ/infra!6
This commit is contained in:
steveej 2018-11-10 11:10:55 +00:00
commit 097d8dfd35
46 changed files with 628 additions and 623 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc Normal file
View file

@ -0,0 +1 @@
use nix

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
*.swp *.swp
*.qcow2 *.qcow2
.*.log

116
Justfile
View file

@ -1,16 +1,110 @@
devices action dir +moreargs="": _usage:
just -l
_device action dir +moreargs="":
#!/usr/bin/env bash #!/usr/bin/env bash
set -x set -ex
sudo $(nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A {{action}} --argstr dir {{dir}} {{moreargs}} ) sudo $(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A {{action}} --argstr dir {{dir}} {{moreargs}})
diskMount dir: _rebuild-device dir rebuildarg="dry-activate" +moreargs="":
just -v devices diskMount {{dir}} #!/usr/bin/env bash
nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix
just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} {{moreargs}}
diskUmount dir: # Rebulid this device's NixOS
just -v devices diskUmount {{dir}} rebuild-this-device rebuildarg="dry-activate":
#!/usr/bin/env bash
set -e
diskInstall dir: function parse_hm_rebuildarg() {
just -v devices diskInstall {{dir}} case $1 in
switch)
echo switch
;;
*)
echo build
;;
esac
}
device-rebuild dir rebuildarg="build": export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log
just -v devices rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} export HOMEREBUILD_LOG=.$(hostname -s)_homerebuild.log
echo Rebuilding system in {{rebuildarg}}-mode...
if just -v _rebuild-device nix/os/devices/$(hostname -s) {{rebuildarg}} > ${SYSREBUILD_LOG} 2>&1 ; then
echo System rebuild successful
else
cat ${SYSREBUILD_LOG}
echo System rebuild failed
fi
if type home-manager > /dev/null 2>&1; then
echo Rebuilding home in $(parse_hm_rebuildarg {{rebuildarg}})-mode...
if home-manager -v $(parse_hm_rebuildarg {{rebuildarg}}) > ${HOMEREBUILD_LOG} 2>&1 ; then
echo Home rebuild successful
else
cat ${HOMEREBUILD_LOG}
echo Home rebuild failed
fi
fi
# This could be used to inject another channel
# --argstr moreargs "\'-I nixos-unstable=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz\'"
# Update nix-channels and switch to updated NixOS and home environments
update-this-device:
#!/usr/bin/env bash
set -e
export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log
echo Updating system channels...
sudo nix-channel --update
just -v rebuild-this-device switch
hm-iterate-qtile:
#!/usr/bin/env bash
set -xe
home-manager switch || just -v rebuild-this-device switch
Xephyr -ac -br -resizeable :1 &
XEPHYR_PID=$!
echo ${XEPHYR_PID}
DISPLAY=:1 $(grep qtile ~/.xsession) &
wait $!
kill ${XEPHYR_PID}
# Sorry, this is a manual step for now. Please see nix/os/modules/encryptedDisk.nix for the layout
disk-prepare:
echo NOT IMPLEMENTED
# GPT partition table
# part1: size: 1MiB type: 4 BIOS BOOT
# part2: size: 512MiB label: 2-DISKID (36 char limit?)
# part3: size: * label: 3-DISKID (36 char limit?)
# cryptsetup format part3
# vgcreate DISKID part3
# lvcreate DISKID -L 8G -n swap
# lvcreate DISKID -l 100%FREE -n root
# sudo mkfs.vfat -F32 part2
# sudo mkfs.btrfs /dev/DISKID/root
# sudo mkswap /dev/DISKID/swap
# sudo mount /dev/DISKID/root /mnt
# sudo btrfs subvolume create nixos
# sudo btrfs subvolume create home
# sudo mount /dev/disk/by-partlabel/3-DISKID /mnt/DISKID-root
# pushd /dev/disk/by-partlabel/3-DISKID /mnt/DISKID-root
# sudo btrfs subvolume create nixos
# sudo mkdir nixos/{boot,home}
# sudo btrfs subvolume create home
#
# Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6'
disk-mount dir:
just -v _device diskMount {{dir}} --argstr rebuildarg "dummy"
# Unmount target disk, specified by device configuration directory
disk-umount dir:
just -v _device diskUmount {{dir}} --argstr rebuildarg "dummy"
# Perform an offline installation on the mounted the target disk, specified by device configuration directory
disk-install dir:
just -v _device diskInstall {{dir}} --argstr rebuildarg "dummy"

23
README.md
View file

@ -5,12 +5,13 @@ This is mostly achieved with the help of [Nix](https://nixos.org).
In the unlikely case that you actually read this and have any questions please don't hesitate to reach out. In the unlikely case that you actually read this and have any questions please don't hesitate to reach out.
## Roadmap ## Roadmap
- All graphical systems (incl. install media) must have - All graphical systems (incl. install media) must have
- [x] Full-disk encryption by default - [x] Full-disk encryption by default
- [x] Yubikey support with SSH auth - [x] Yubikey support with SSH auth
- [ ] Migrate all devices to new structure - [ ] Migrate all devices to new structure
- [x] Encrypted Install media - [x] Encrypted Install media
- [ ] steveej-laptop - [x] steveej-laptop
- [ ] steveej-laptop-work - [ ] steveej-laptop-work
- [ ] Migrate home environment to new structure - [ ] Migrate home environment to new structure
- [x] home-manager - [x] home-manager
@ -25,21 +26,33 @@ In the unlikely case that you actually read this and have any questions please d
- [x] mount/umount disks - [x] mount/umount disks
- [x] install to mounted disk - [x] install to mounted disk
- [x] rebuild running system - [x] rebuild running system
- [ ] update running system - [x] update running system
- [x] annotate recipes with some documentation
- [x] declare shell.nix with runtime deps
- [ ] partition/encrypt/format disks - [ ] partition/encrypt/format disks
- [ ] annotate recipes with some documentation
- [ ] declare shell.nix with runtime deps
- [ ] Document bootstrap process - [ ] Document bootstrap process
- [ ] a new machine
- [ ] an install media
- [ ] Design disaster recovery
- [ ] Automatic backups - [ ] Automatic backups
- [ ] tracked dotfiles - [ ] tracked dotfiles
- [ ] detect new and untracked dotfiles? - [ ] detect new and untracked dotfiles?
- [ ] Design disaster recovery
- [ ] Recycle *\_archived* - [ ] Recycle *\_archived*
- [ ] Maybe make this a nix-overlay - [ ] Maybe make this a nix-overlay
## Bugs
- [ ] home-manager leaves ~/.gnupg at 0755
## Usage ## Usage
*(These are reminders for my future self)* *(These are reminders for my future self)*
``` ```
just --list just --list
``` ```
## Bootstrap
### A new machine
1. boot with an install media
2. clone infra repository

394
nix/home-manager/configuration/fullblown-workstation.nix
View file

@ -1,394 +0,0 @@
{ pkgs
, config,
... }:
let
# gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
unstablepkgs = import <nixos-unstable> {};
in {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
../programs/emacs.nix
../programs/firefox.nix
../programs/chromium.nix
../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
../programs/zsh.nix
];
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
};
packageOverrides = pkgs: with pkgs; {
busyboxStatic = busybox.override {
enableStatic = true;
extraConfig = ''
CONFIG_STATIC y
CONFIG_INSTALL_APPLET_DONT y
CONFIG_INSTALL_APPLET_SYMLINKS n
'';
};
dropbearStatic = dropbear.override {
enableStatic = true;
};
myPython36 = python36Full.withPackages (ps: with ps; [
pylint pep8 yapf flake8
# autopep8 (broken)
# pylint (broken)
ipython
llfuse
dugong
defusedxml
wheel
pip
virtualenv
pypi2nix
cffi
pyopenssl
urllib3
mistune
flask
pyaml
] ++ [
pkgs.libffi
]);
staruml = callPackage ../../pkgs/staruml.nix { inherit (gnome2) GConf; libgcrypt = libgcrypt_1_5; };
};
};
home.sessionVariables = {
GOPATH="$HOME/src/go";
PATH=pkgs.lib.concatStringsSep ":" [
"$HOME/.local/bin"
"$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/bin"
"$HOME/.cargo/bin"
"$HOME/.gem/ruby/2.3.0/bin"
"$HOME/.npm-packages/bin"
"$GOPATH/bin"
"$PATH"
];
};
home.packages = []
++ (with pkgs; [
# Authentication
cacert
fprintd
openssl
mkpasswd
# Nix package related tools
patchelf
nix-index
nox
nix-prefetch-scripts
# Version Control Systems
git-crypt
unstablepkgs.pijul
gitFull
gitless
mr
gitRepo
# Cloud/Remote System Management
google-cloud-sdk
ansible
nixops
unstablepkgs.terraform
awscli
hcloud
# Process/System Administration
htop
gnome3.gnome-tweak-tool
xorg.xhost
dmidecode
python36Packages.glances
evtest
# Archive Managers
sshfsFuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Password Management
gnupg
yubikey-neo-manager
yubikey-personalization
yubikey-personalization-gui
gnome3.gnome_keyring
gnome3.seahorse
# Security
tpm-tools
tpmmanager
# Web Browsers
links2
# Language Support
hunspellDicts.en-us
hunspellDicts.de-de
# Messaging/Communication
pidgin
hexchat
aspellDicts.en
aspellDicts.de
unstablepkgs.skype
zoom-us
unstablepkgs.bluejeans-gui
thunderbird
gnome3.evolution # gnome4.glib_networking
tdesktop
gnome3.cheese
# Virtualization
virtmanager
qemu
# virtualbox
vagrant
unstablepkgs.rkt
python27Packages.docker_compose
# unstablepkgs.kubernetes
unstablepkgs.minikube
unstablepkgs.openshift
# (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
# patches = oldAttrs.patches ++ [
# (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
# ];
# }))
# Remote Control Tools
remmina
freerdp
x2goclient
teamviewer
# Audio/Video Players
ffmpeg
vlc
audacity
spotify
smtube
python27Packages.youtube-dl-light
screenkey
quvi
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# samba
iptables
nftables
wireshark
# Code Editors
xclip
xsel
unstablepkgs.vscode
# (vscode-with-extensions.override {
# # When the extension is already available in the default extensions set.
# vscodeExtensions = with vscode-extensions; [
# ]
# # Concise version from the vscode market place when not available in the default set.
# ++ vscode-utils.extensionsFromVscodeMarketplace [
# {
# name = "vsliveshare";
# publisher = "MS-vsliveshare";
# version = "0.3.198";
# sha256 = "019ffyxca3qnqyz1fr7vh0plfdkc3ikr8v295z846lghvwlzjqdh";
# }
# ];
# })
unstablepkgs.atom
# Image/Graphic/Design Tools
gnome3.eog
gimp
imagemagick
exiv2
graphviz
inkscape
## barcode
qrencode
zbar
feh
# digikam
# Modelling Tools
plantuml
umlet
staruml
eclipses.eclipse-modeling
dia
astah-community
# Misc Development Tools
qrcode
travis
jq
prometheus
cdrtools
# Document Processing and Management
unstablepkgs.zathura
mendeley
jabref
zotero
hugo
pandoc
# LaTeX
perlPackages.YAMLTiny
perlPackages.FileHomeDir
perlPackages.UnicodeLineBreak
(texlive.combine {
inherit (texlive)
scheme-small
texlive-de
texlive-en
texlive-scripts
collection-langgerman
latexindent
latexmk
algorithms
cm-super
preprint
enumitem
draftwatermark
everypage
ulem
placeins
minted ifplatform fvextra xstring framed
;
})
pdftk
masterpdfeditor
# File Synchronzation
seafile-client
syncthing
grive2
dropbox
# gocryptfs
# hubicfuse
# s3ql
# rclone
rsync
# Filesystem Tools
ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
python27Packages.binwalk
gptfdisk
# games
zeroad
# Compilers & Toolchains
autoconf
automake
libtool
gcc
pkgconfig
binutils
valgrind
gdb
cgdb
man-pages
gnumake
shellcheck
bazel
## Android
androidsdk
## Java
jre
openjdk
## Ruby
ruby
## Python
myPython36
pypi2nix
## Webdev
nodejs-8_x
npm2nix
emscripten
etcd
sigal
# Code generators
unstablepkgs.swagger-codegen
# Misc Desktop Tools
ltunify
solaar
dex
roxterm
# kitty
busyboxStatic
xorg.xbacklight
coreutils
lsof
pavucontrol
x11_ssh_askpass
xdotool
xdg_utils
xdg-user-dirs
gnome3.dconf
picocom
glib.dev # contains gdbus tool
# Screen recording
gtk-recordmydesktop # can't select the window
qt-recordmydesktop
vokoscreen
shutter
# kazam # doesn't start
# xvidcap # doesn't keep the recording rectangle
obs-studio
shotcut
openshot-qt
]);
}

36
nix/home-manager/configuration/steveej-qtile-desktop.nix → nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -1,15 +1,16 @@
{ pkgs { pkgs
, config, , config
... }: , ... }:
let let
# gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
unstablepkgs = import <nixos-unstable> {}; unstablepkgs = import <nixos-unstable> { config = config.nixpkgs.config; };
in { in {
imports = [ imports = [
../profiles/common.nix ../profiles/common.nix
../profiles/qtile-desktop.nix ../profiles/qtile-desktop.nix
../profiles/dotfiles.nix
../programs/emacs.nix ../programs/emacs.nix
../programs/firefox.nix ../programs/firefox.nix
../programs/chromium.nix ../programs/chromium.nix
@ -27,7 +28,7 @@ in {
}; };
packageOverrides = pkgs: with pkgs; { packageOverrides = pkgs: with pkgs; {
myPython36 = python36Full.withPackages (ps: with ps; [ myPython36 = python36Full.withPackages (ps: with ps; [
pylint pep8 yapf flake8 pylint pep8 yapf flake8
# autopep8 (broken) # autopep8 (broken)
# pylint (broken) # pylint (broken)
@ -56,9 +57,13 @@ in {
}; };
home.sessionVariables = { home.sessionVariables = {
# TODO: find a way to prevent using a store path for the current file
# HM_CONFIG_PATH=builtins.toString "${./.}";
HM_CONFIG="graphical-fullblown";
GOPATH="$HOME/src/go"; GOPATH="$HOME/src/go";
PATH=pkgs.lib.concatStringsSep ":" [ PATH=pkgs.lib.concatStringsSep ":" [
"$HOME/.local/bin" "$HOME/.local/bin"
"$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/bin" "$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/bin"
"$HOME/.cargo/bin" "$HOME/.cargo/bin"
@ -84,12 +89,8 @@ in {
nix-prefetch-scripts nix-prefetch-scripts
# Version Control Systems # Version Control Systems
git-crypt
unstablepkgs.pijul unstablepkgs.pijul
gitFull
gitless gitless
mr
gitRepo gitRepo
# Cloud/Remote System Management # Cloud/Remote System Management
@ -187,7 +188,7 @@ in {
iftop iftop
iperf iperf
bind bind
socat socat
# samba # samba
iptables iptables
@ -201,7 +202,7 @@ in {
# (vscode-with-extensions.override { # (vscode-with-extensions.override {
# # When the extension is already available in the default extensions set. # # When the extension is already available in the default extensions set.
# vscodeExtensions = with vscode-extensions; [ # vscodeExtensions = with vscode-extensions; [
# ] # ]
# # Concise version from the vscode market place when not available in the default set. # # Concise version from the vscode market place when not available in the default set.
# ++ vscode-utils.extensionsFromVscodeMarketplace [ # ++ vscode-utils.extensionsFromVscodeMarketplace [
# { # {
@ -236,7 +237,7 @@ in {
eclipses.eclipse-modeling eclipses.eclipse-modeling
dia dia
astah-community astah-community
# Misc Development Tools # Misc Development Tools
qrcode qrcode
travis travis
@ -245,7 +246,7 @@ in {
cdrtools cdrtools
# Document Processing and Management # Document Processing and Management
unstablepkgs.zathura zathura
mendeley mendeley
jabref jabref
zotero zotero
@ -257,12 +258,12 @@ in {
perlPackages.FileHomeDir perlPackages.FileHomeDir
perlPackages.UnicodeLineBreak perlPackages.UnicodeLineBreak
(texlive.combine { (texlive.combine {
inherit (texlive) inherit (texlive)
scheme-small scheme-small
texlive-de texlive-de
texlive-en texlive-en
texlive-scripts texlive-scripts
collection-langgerman collection-langgerman
latexindent latexindent
latexmk latexmk
@ -354,11 +355,10 @@ in {
dex dex
roxterm roxterm
# kitty # kitty
busyboxStatic busyboxStatic
xorg.xbacklight xorg.xbacklight
coreutils coreutils
lsof lsof
pavucontrol
x11_ssh_askpass x11_ssh_askpass
xdotool xdotool
xdg_utils xdg_utils
@ -377,5 +377,5 @@ in {
obs-studio obs-studio
shotcut shotcut
openshot-qt openshot-qt
]); ]);
} }

34
nix/home-manager/configuration/removable-desktop.nix → nix/home-manager/configuration/graphical-removable.nix
View file

@ -1,15 +1,14 @@
{ pkgs { pkgs
, config, , config,
... }: ... }:
let let
# gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; unstablepkgs = import <nixos-unstable> { config = config.nixpkgs.config; };
unstablepkgs = import <nixos-unstable> {};
in { in {
imports = [ imports = [
../profiles/common.nix ../profiles/common.nix
../profiles/qtile-desktop.nix ../profiles/qtile-desktop.nix
../profiles/dotfiles.nix
../programs/emacs.nix ../programs/emacs.nix
../programs/firefox.nix ../programs/firefox.nix
../programs/chromium.nix ../programs/chromium.nix
@ -27,7 +26,7 @@ in {
}; };
packageOverrides = pkgs: with pkgs; { packageOverrides = pkgs: with pkgs; {
myPython36 = python36Full.withPackages (ps: with ps; [ myPython36 = python36Full.withPackages (ps: with ps; [
pylint pep8 yapf flake8 pylint pep8 yapf flake8
# autopep8 (broken) # autopep8 (broken)
# pylint (broken) # pylint (broken)
@ -53,30 +52,22 @@ in {
}; };
}; };
# gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
# unstablepkgs = import <nixos-unstable> { config = { allowUnfree = true; }; };
home.sessionVariables = { home.sessionVariables = {
}; };
home.packages = []
++ (with pkgs; [
# Authentication
cacert
fprintd
openssl
mkpasswd
home.packages =
[] ++ (with pkgs; [
# Nix package related tools # Nix package related tools
patchelf patchelf
nix-index nix-index
nox
nix-prefetch-scripts nix-prefetch-scripts
# Version Control Systems # Version Control Systems
git-crypt
unstablepkgs.pijul
gitFull
gitless gitless
mr
gitRepo
# Process/System Administration # Process/System Administration
htop htop
@ -96,7 +87,6 @@ in {
lzop lzop
# Password Management # Password Management
gnupg
gnome3.gnome_keyring gnome3.gnome_keyring
gnome3.seahorse gnome3.seahorse
@ -111,7 +101,7 @@ in {
iftop iftop
iperf iperf
bind bind
socat socat
# samba # samba
iptables iptables
@ -156,6 +146,6 @@ in {
## Python ## Python
myPython36 myPython36
busyboxStatic busyboxStatic
]); ]);
} }

26
nix/home-manager/configuration/text-minimal.txt Normal file
View file

@ -0,0 +1,26 @@
{ pkgs
, config,
... }:
let
in {
imports = [
../profiles/common.nix
../profiles/nix-channels.nix
../programs/neovim.nix
../programs/zsh.nix
];
nixpkgs.config = {
packageOverrides = pkgs: with pkgs; {
};
};
home.sessionVariables = {
};
home.packages = []
++ (with pkgs; [
]);
}

18
nix/home-manager/profiles/common.nix
View file

@ -25,6 +25,8 @@ in {
dropbearStatic = dropbear.override { dropbearStatic = dropbear.override {
enableStatic = true; enableStatic = true;
}; };
just = pkgs.callPackage ../../pkgs/just.nix {};
}; };
}; };
@ -43,10 +45,22 @@ in {
NIXPKGS_ALLOW_UNFREE = "1"; NIXPKGS_ALLOW_UNFREE = "1";
# Don't create .pyc files. # Don't create .pyc files.
PYTHONDONTWRITEBYTECODE = "1"; PYTHONDONTWRITEBYTECODE = "1";
HOMESHICK_DIR="${pkgs.homeshick}";
}; };
programs.command-not-found.enable = true; programs.command-not-found.enable = true;
programs.fzf.enable = true; programs.fzf.enable = true;
home.packages =
[] ++ (with pkgs; [
# git helpers
git-crypt
vcsh
# Authentication
cacert
openssl
mkpasswd
just
]);
} }

13
nix/home-manager/profiles/dotfiles.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs
, config
, ...
}:
let
vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix {};
in {
home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] ''
$DRY_RUN_CMD ${vcshActivationScript}
'';
}

1
nix/home-manager/profiles/dotfiles/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
vcsh.nix

38
nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix Normal file
View file

@ -0,0 +1,38 @@
{ pkgs
, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git"
, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git"
, ...
}:
let
repoHttps = "https://gitlab.com/steveeJ/dotfiles.git";
repoSsh = "git@gitlab.com:/steveeJ/dotfiles.git";
repoBareLocal = pkgs.runCommand "fetchbare" {
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = "0000000000000000000000000000000000000000000000000000";
} ''
export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
${pkgs.git}/bin/git clone --mirror ${repoHttps} $out
'';
in pkgs.writeScript "activation-script" ''
export HOST=$(hostname -s)
function set_remotes {
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2
}
if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then
echo Cloning dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal}
set_remotes ${repoHttps} ${repoSsh}
else
set_remotes ${repoBareLocal} ${repoSsh}
echo Updating dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh pull $HOST || true
set_remotes ${repoHttps} ${repoSsh}
fi
''

24
nix/home-manager/profiles/nix-channels.nix Normal file
View file

@ -0,0 +1,24 @@
{ pkgs
, config
, ...
}:
let
in {
home.file.".nix-channels".text = ''
https://nixos.org/channels/nixos-18.09 nixos
https://nixos.org/channels/nixos-unstable nixos-unstable
'';
home.activation.removeExistingNixChannels = config.lib.dag.entryBefore ["checkLinkTargets"] ''
$DRY_RUN_CMD ${pkgs.writeScript "activation-script" ''
set -ex
if test -f $HOME/.nix-channels; then
echo Moving existing file away...
touch $HOME/.nix-channels.dummy
mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels
rm $HOME/.nix-channels
fi
''};
'';
}

131
nix/home-manager/profiles/qtile-desktop.nix
View file

@ -6,8 +6,35 @@ let
inherit (import ../lib.nix { }) inherit (import ../lib.nix { })
mkSimpleTrayService mkSimpleTrayService
; ;
qtileConfig = pkgs.writeScript "config.py" '' audio = pkgs.writeScript "audio" ''
#!${pkgs.bash}/bin/bash
export PATH=${with pkgs; lib.makeBinPath [
pulseaudio findutils gnugrep
]}:$PATH
export MUTEFILE=''${TEMPDIR:-/tmp}./.qtilemute
case $1 in
mute)
newstate=$(( $(cat $MUTEFILE || echo 0 ) ^ 1 ))
echo -n $newstate > $MUTEFILE
pactl list short sinks | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-mute {} $newstate
;;
lower)
pactl list short sinks | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-volume {} -10%
;;
raise)
pactl list short sinks | awk '{ print $1 }' | xargs -L1 -I {} pactl set-sink-volume {} +10%
;;
*)
echo Unknown command: $1
exit 1
;;
esac
'';
qtileConfig = pkgs.writeScript "qtile_config.py" ''
from libqtile.config import Key, Screen, Group, Drag, Click from libqtile.config import Key, Screen, Group, Drag, Click
from libqtile.command import lazy from libqtile.command import lazy
from libqtile import layout, bar, widget from libqtile import layout, bar, widget
@ -18,51 +45,51 @@ logger = logging.getLogger()
logger.setLevel(logging.WARN) logger.setLevel(logging.WARN)
handler = logging.handlers.RotatingFileHandler( handler = logging.handlers.RotatingFileHandler(
os.path.join(os.getenv('HOME'), '.qtilelog'), maxBytes=10240000, os.path.join(os.getenv('TEMPDIR', default="/tmp"), '.qtilelog'), maxBytes=10240000,
backupCount=7 backupCount=7
) )
handler.setLevel(logging.WARN) handler.setLevel(logging.WARN)
logger.addHandler(handler) logger.addHandler(handler)
@hook.subscribe.screen_change # @hook.subscribe.screen_change
def restart_on_randr(qtile, ev): # def restart_on_randr(qtile, ev):
import time # import time
#
with open(os.path.join(os.environ['HOME'], ".qtilelastrestart"), "w"): # with open(os.path.join(os.environ['TEMPDIR', default="/tmp"], ".qtilelastrestart"), "w"):
pass # pass
#
lastRestart = 0 # lastRestart = 0
with open(os.path.join(os.environ['HOME'], ".qtilelastrestart"), "r+") as lastRestartFile: # with open(os.path.join(os.environ['TEMPDIR', default="/tmp"], ".qtilelastrestart"), "r+") as lastRestartFile:
lastRestartStr = lastRestartFile.read() # lastRestartStr = lastRestartFile.read()
if len(lastRestartStr) > 0: # if len(lastRestartStr) > 0:
lastRestart = float(lastRestartStr) # lastRestart = float(lastRestartStr)
#
print("screen changed. (last change: %s)" % lastRestart) # print("screen changed. (last change: %s)" % lastRestart)
#
delta=time.time()-lastRestart # delta=time.time()-lastRestart
if delta > 3: # if delta > 3:
import subprocess # import subprocess
lastRestartFile.seek(0) # lastRestartFile.seek(0)
lastRestartFile.write("%s" % time.time()) # lastRestartFile.write("%s" % time.time())
lastRestartFile.truncate() # lastRestartFile.truncate()
#
subprocess.call(["autorandr","-c"]) # subprocess.call(["autorandr","-c"])
qtile.cmd_restart() # qtile.cmd_restart()
else: # else:
print("screen is changing too fast: %s" % delta) # print("screen is changing too fast: %s" % delta)
#
active_screen = 0 # active_screen = 0
@hook.subscribe.client_focus # @hook.subscribe.client_focus
def focus_changed(window): # def focus_changed(window):
global active_screen # global active_screen
pass # pass
active_screen = window.group.screen.index # active_screen = window.group.screen.index
#
@hook.subscribe.current_screen_change # @hook.subscribe.current_screen_change
def move_widget(): # def move_widget():
global active_screen # global active_screen
systray = widget.Systray() # systray = widget.Systray()
logging.warn("Screen changed to %i" % active_screen) # logging.warn("Screen changed to %i" % active_screen)
key_super = "mod4" key_super = "mod4"
key_alt = "mod1" key_alt = "mod1"
@ -76,14 +103,11 @@ keys = [
Key([key_super], "r", lazy.spawncmd()), Key([key_super], "r", lazy.spawncmd()),
Key([key_super], "w", lazy.window.kill()), Key([key_super], "w", lazy.window.kill()),
# Key([key_alt, key_super], "l", lazy.spawn("xscreensaver-command -lock")),
# Key([key_alt, key_super], "l", lazy.spawn("sh -c '(sleep 1; xset dpms force off) & xautolock -locknow'")),
# Key([key_alt, key_super], "l", lazy.spawn("light-locker-command -l")),
# Key([key_alt, key_super], "l", lazy.spawn("dm-tool lock")),
Key([key_alt, key_super], "l", lazy.spawn('${pkgs.bash}/bin/sh -c "loginctl lock-session $XDG_SESSION_ID"')), Key([key_alt, key_super], "l", lazy.spawn('${pkgs.bash}/bin/sh -c "loginctl lock-session $XDG_SESSION_ID"')),
Key([key_alt, key_super], "s", lazy.spawn("${pkgs.systemd}/bin/systemctl suspend")), Key([key_alt, key_super], "s", lazy.spawn("${pkgs.systemd}/bin/systemctl suspend")),
Key([key_super, key_control], "r", lazy.restart()), # Key([key_super, key_control], "r", lazy.restart()),
Key([key_super, key_control], "r", lazy.spawn("${pkgs.autorandr}/bin/autorandr -c"), lazy.restart()),
Key([key_super, key_control], "q", lazy.shutdown()), Key([key_super, key_control], "q", lazy.shutdown()),
# Toggle between different layouts as defined below # Toggle between different layouts as defined below
@ -134,14 +158,12 @@ keys = [
Key([], "XF86AudioPlay", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.PlayPause")), Key([], "XF86AudioPlay", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.PlayPause")),
Key([], "XF86AudioPrev", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Previous")), Key([], "XF86AudioPrev", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Previous")),
Key([], "XF86AudioNext", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Next")), Key([], "XF86AudioNext", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Next")),
## Microsoft Comfort Curve specific ## Microsoft Comfort Curve specific
Key([key_super, "shift"], "XF86TouchpadToggle", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Previous")), Key([key_super, "shift"], "XF86TouchpadToggle", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Previous")),
Key([key_alt, key_super], "XF86TouchpadToggle", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Next")), Key([key_alt, key_super], "XF86TouchpadToggle", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Next")),
Key([], "XF86AudioMute", lazy.spawn("${audio} mute")),
# FIXME: Backlight currently broken Key([], "XF86AudioLowerVolume", lazy.spawn("${audio} lower")),
# Key([], "XF86MonBrightnessDown", lazy.spawn("xbacklight -inc -5")), Key([], "XF86AudioRaiseVolume", lazy.spawn("${audio} raise")),
# Key([], "XF86MonBrightnessUp", lazy.spawn("xbacklight -inc 5")),
Key([], "Print", lazy.spawn("${pkgs.flameshot}/bin/flameshot gui")), Key([], "Print", lazy.spawn("${pkgs.flameshot}/bin/flameshot gui")),
] ]
groups = [Group(i) for i in "1234567890"] groups = [Group(i) for i in "1234567890"]
@ -224,7 +246,7 @@ in {
}; };
pasystray = mkSimpleTrayService { pasystray = mkSimpleTrayService {
execStart = "${pkgs.pasystray}/bin/pasystray"; execStart = "${pkgs.pasystray}/bin/pasystray";
}; };
cbatticon = mkSimpleTrayService { cbatticon = mkSimpleTrayService {
@ -274,5 +296,6 @@ in {
gnome3.adwaita-icon-theme gnome3.adwaita-icon-theme
lxappearance lxappearance
xorg.xcursorthemes xorg.xcursorthemes
pavucontrol
]; ];
} }

19
nix/home-manager/programs/homeshick.nix
View file

@ -4,7 +4,14 @@
}: }:
let let
bootstrapRepos = pkgs.writeScript "bootstrapRepos" ''
in {
home.sessionVariables = {
HOMESHICK_DIR="${pkgs.homeshick}";
};
home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] ''
$DRY_RUN_CMD ${pkgs.writeScript "activation-script" ''
set -e set -e
echo home-manager path is ${config.home.path} echo home-manager path is ${config.home.path}
echo home is $HOME echo home is $HOME
@ -15,15 +22,7 @@ let
# echo Updating homeshick # echo Updating homeshick
# ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick # ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick
# mv -Tf "$HOMESICK_REPOS"/{.,}homeshick # mv -Tf "$HOMESICK_REPOS"/{.,}homeshick
''; ''};
in {
home.sessionVariables = {
HOMESHICK_DIR="${pkgs.homeshick}";
};
home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] ''
$DRY_RUN_CMD ${bootstrapRepos}
''; '';
nixpkgs.config = { nixpkgs.config = {

1
nix/home-manager/programs/pass.nix
View file

@ -19,6 +19,7 @@
pass-otp pass-otp
qtpass qtpass
rofi-pass rofi-pass
gnupg
]; ];
} }

13
nix/home-manager/programs/zsh.nix
View file

@ -3,7 +3,7 @@
, ... , ...
}: }:
let let
in { in {
programs.zsh = { programs.zsh = {
enable = true; enable = true;
@ -16,15 +16,18 @@ in {
%_%F{%(!.red.green)}$(prompt_char)%f ' %_%F{%(!.red.green)}$(prompt_char)%f '
RPROMPT="" RPROMPT=""
# Automatic rehash # Automatic rehash
zstyle ':completion:*' rehash true zstyle ':completion:*' rehash true
if [ -f $HOME/.shrc.d/sh_aliases ]; then if [ -f $HOME/.shrc.d/sh_aliases ]; then
. $HOME/.shrc.d/sh_aliases . $HOME/.shrc.d/sh_aliases
fi fi
source ${pkgs.homeshick}/homeshick.sh ${if builtins.hasAttr "homeshick" pkgs then ''
fpath=(${pkgs.homeshick}/completions $fpath) source ${pkgs.homeshick}/homeshick.sh
fpath=(${pkgs.homeshick}/completions $fpath)
'' else ''
''}
# Disable intercepting of ctrl-s and ctrl-q as flow control. # Disable intercepting of ctrl-s and ctrl-q as flow control.
stty stop ''' -ixoff -ixon stty stop ''' -ixoff -ixon

14
nix/os/devices/default.nix
View file

@ -1,23 +1,25 @@
{ pkgs ? import <nixpkgs> {} { pkgs ? import <nixpkgs> {}
, dir , dir
, rebuildarg ? null , rebuildarg
, moreargs ? ""
}: }:
let let
diskId = (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId; diskId = (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId;
GIT_ROOT=''''$(git rev-parse --show-toplevel)'';
in { in {
rebuild = pkgs.writeScript "script" '' rebuild = pkgs.writeScript "script" ''
#!/usr/bin/env bash #!/usr/bin/env bash
set -xe set -xe
pushd ${dir} pushd ${GIT_ROOT}/${dir}
export NIXOS_CONFIG="$PWD"/configuration.nix export NIXOS_CONFIG="$PWD"/configuration.nix
export INSTALL_ROOT="/mnt/$ID-root" export INSTALL_ROOT="/mnt/$ID-root"
[[ -e "''${NIXOS_CONFIG}" ]] [[ -e "''${NIXOS_CONFIG}" ]]
nixos-rebuild -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} nixos-rebuild -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs}
if test -L result; then if test -L result; then
rm result rm result
fi fi
@ -29,12 +31,12 @@ in {
ID=${diskId} ID=${diskId}
echo Mounting $ID echo Mounting $ID
set -xe set -xe
cryptsetup luksOpen /dev/disk/by-partlabel/$ID-part3 $ID-part3 cryptsetup luksOpen /dev/disk/by-id/$ID-part3 $ID-part3
vgchange -ay $ID vgchange -ay $ID
mkdir -p /mnt/$ID-root mkdir -p /mnt/$ID-root
mount /dev/$ID/root /mnt/$ID-root -o subvol=nixos mount /dev/$ID/root /mnt/$ID-root -o subvol=nixos
mount /dev/$ID/root /mnt/$ID-root/home -o subvol=home mount /dev/$ID/root /mnt/$ID-root/home -o subvol=home
mount /dev/disk/by-partlabel/$ID-part2 /mnt/$ID-root/boot mount /dev/disk/by-id/$ID-part2 /mnt/$ID-root/boot
''; '';
diskUmount = pkgs.writeScript "script" '' diskUmount = pkgs.writeScript "script" ''
@ -52,7 +54,7 @@ in {
#!/usr/bin/env bash #!/usr/bin/env bash
set -xe set -xe
ID=${diskId} ID=${diskId}
pushd ${dir} pushd ${GIT_ROOT}/${dir}
export NIXOS_CONFIG="$PWD"/configuration.nix export NIXOS_CONFIG="$PWD"/configuration.nix
export INSTALL_ROOT="/mnt/$ID-root" export INSTALL_ROOT="/mnt/$ID-root"

6
nix/os/devices/steveej-laptop/boot.nix
View file

@ -4,10 +4,4 @@
# workaround to disable CPU wining # workaround to disable CPU wining
# current CPU has 9 idle cstates. # current CPU has 9 idle cstates.
boot.kernelParams = [ "intel_idle.max_cstate=9" ]; boot.kernelParams = [ "intel_idle.max_cstate=9" ];
# Workaround for nm-pptp to enforce module load
boot.kernelModules = [
"nf_conntrack_proto_gre"
"nf_conntrack_pptp"
];
} }

19
nix/os/devices/steveej-laptop/hw.nix
View file

@ -4,26 +4,21 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
nix.maxJobs = 3; boot.initrd.availableKernelModules = [
nix.buildCores = 3; "aesni_intel"
"kvm-intel"
"aes_x86_64"
];
hardware.enableAllFirmware = true;
hardware.trackpoint.emulateWheel = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options kvm-intel nested=1 options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1 options kvm-intel enable_shadow_vmcs=1
options kvm-intel enable_apicv=1 options kvm-intel enable_apicv=1
options kvm-intel ept=1 options kvm-intel ept=1
''; '';
boot.extraModulePackages = [ ];
boot.loader.systemd-boot.enable = true; # TODO: migrate this to the encryptedDisk module
boot.loader.efi.canTouchEfiVariables = true; fileSystems."/boot" = {
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/445D-DBAA"; device = "/dev/disk/by-uuid/445D-DBAA";
fsType = "vfat"; fsType = "vfat";
}; };

5
nix/os/devices/steveej-laptop/pkg.nix
View file

@ -3,11 +3,8 @@
... }: ... }:
let let
gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
unstablepkgs = import <nixos-unstable> {};
in in {
{
nixpkgs.config = { nixpkgs.config = {
allowBroken = false; allowBroken = false;
allowUnfree = true; allowUnfree = true;

15
nix/os/devices/steveej-laptop/system.nix
View file

@ -5,9 +5,9 @@
}: }:
let let
unstablepkgs = import <nixos-unstable> {}; unstablepkgs = import <nixos-unstable> { config = config.nixpkgs; };
in rec { in {
# The NixOS release to be compatible with for stateful data such as databases. # The NixOS release to be compatible with for stateful data such as databases.
# system.stateVersion = "unstable"; # system.stateVersion = "unstable";
@ -19,6 +19,7 @@ in rec {
server=/tectonic-ci.de/192.168.124.1 server=/tectonic-ci.de/192.168.124.1
server=/tectonic-ci.lan/192.168.124.1 server=/tectonic-ci.lan/192.168.124.1
''; '';
networking.firewall.enable = lib.mkForce false;
networking.firewall.checkReversePath = false; networking.firewall.checkReversePath = false;
networking.bridges."virbr1".interfaces = []; networking.bridges."virbr1".interfaces = [];
@ -28,11 +29,11 @@ in rec {
services.printing = { services.printing = {
enable = true; enable = true;
drivers = [ drivers = with pkgs; [
pkgs.hplip hplip
unstablepkgs.cups-kyodialog3 cups-kyodialog3
unstablepkgs.mfcj6510dwlpr mfcj6510dwlpr
unstablepkgs.mfcj6510dw-cupswrapper mfcj6510dw-cupswrapper
]; ];
}; };

5
nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/hw.nix
View file

@ -1,5 +0,0 @@
{ ... }:
{
hardware.encryptedDisk.diskId = "mmc-SL32G_0x259093f6";
}

5
nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/system.nix
View file

@ -1,5 +0,0 @@
{ ... }:
{
networking.hostName = "mmc-sandiskultra32gb"; # Define your hostname.
}

0
nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/configuration.nix → nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/configuration.nix
View file

9
nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
# TASK: new device
hardware.encryptedDisk = {
enable = true;
diskId = "mmc-SL32G_0x259093f6";
};
}

5
nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }:
{
networking.hostName = "steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname.
}

13
nix/os/devices/steveej-t480s-work/configuration.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix
../../modules/encryptedDisk.nix
./system.nix
./hw.nix
./pkg.nix
];
}

28
nix/os/devices/steveej-t480s-work/hw.nix Normal file
View file

@ -0,0 +1,28 @@
{ ... }:
let
stage1Modules = [
"aesni_intel"
"kvm-intel"
"aes_x86_64"
"nvme"
"nvme_core"
];
in
{
# TASK: new device
hardware.encryptedDisk = {
enable = true;
diskId = "nvme-SAMSUNG_MZVLW256HEHP-000L7_S35ENX0K827498";
};
# boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = ''
options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1
options kvm-intel enable_apicv=1
options kvm-intel ept=1
'';
}

7
nix/os/devices/steveej-t480s-work/pkg.nix Normal file
View file

@ -0,0 +1,7 @@
{
...
}:
{
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix;
}

50
nix/os/devices/steveej-t480s-work/system.nix Normal file
View file

@ -0,0 +1,50 @@
{ pkgs
, lib
, ... }:
{
# TASK: new device
networking.hostName = "steveej-t480s-work"; # Define your hostname.
# Used for testing local Tectonic clusters
environment.etc."NetworkManager/dnsmasq.d/tectonic.conf".text = ''
server=/tt.testing/192.168.124.1
server=/tectonic-ci.de/192.168.124.1
server=/tectonic-ci.lan/192.168.124.1
'';
networking.firewall.enable = lib.mkForce false;
networking.firewall.checkReversePath = false;
networking.bridges."virbr1".interfaces = [];
networking.interfaces."virbr1".ipv4.addresses = [
{ address = "10.254.254.254"; prefixLength = 24; }
];
services.printing = {
enable = true;
drivers = with pkgs; [
hplip
cups-kyodialog3
mfcj6510dwlpr
mfcj6510dw-cupswrapper
];
};
# TODO: get external fingerprint reader
# services.fprintd.enable = true;
# security.pam.services = {
# login.fprintAuth = true;
# sudo.fprintAuth = true;
# };
# Kubernetes
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = {
libvirtd.enable = true;
virtualbox.host.enable = true;
virtualbox.host.addNetworkInterface = true;
docker.enable = true;
};
}

14
nix/os/modules/encryptedDisk.nix
View file

@ -6,13 +6,23 @@ with lib;
let let
cfg = config.hardware.encryptedDisk; cfg = config.hardware.encryptedDisk;
volumeGroup = cfg.diskId; volumeGroup = cfg.diskId;
# This is important at install-time
bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ]; bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ];
bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part2" ];
bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part3" ]; # These are guaranteed by LVM
rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ]; rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ];
swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ]; swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ];
# TODO: verify the GPT PARTLABEL cap at 36 chars
shortenPartlabel = name: (builtins.substring 0 36 name);
# Cannot use the disk ID here because might be different at install vs. runtime.
# Example: MMC card which is used in the internal reader vs. USB reader
bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("2-"+cfg.diskId))];
bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("3-"+cfg.diskId))];
in { in {
options.hardware.encryptedDisk = { options.hardware.encryptedDisk = {
enable = mkEnableOption "Enable encrypted filesystem layout"; enable = mkEnableOption "Enable encrypted filesystem layout";

7
nix/os/profiles/common/boot.nix
View file

@ -11,7 +11,14 @@
version = 2; version = 2;
}; };
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.tmpOnTmpfs = true; boot.tmpOnTmpfs = true;
# Workaround for nm-pptp to enforce module load
boot.kernelModules = [
"nf_conntrack_proto_gre"
"nf_conntrack_pptp"
];
} }

1
nix/os/profiles/common/configuration.nix
View file

@ -6,5 +6,6 @@
./pkg.nix ./pkg.nix
./user.nix ./user.nix
./system.nix ./system.nix
./hw.nix
]; ];
} }

14
nix/os/profiles/common/hw.nix Normal file
View file

@ -0,0 +1,14 @@
{ ... }:
{
hardware.trackpoint.emulateWheel = true;
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
"cryptd"
];
}

25
nix/os/profiles/common/pkg.nix
View file

@ -1,7 +1,27 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
# Package configuration imports = [
"${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos"
];
home-manager.users.root = import ../../../home-manager/configuration/text-minimal.txt;
nixpkgs.config = {
allowBroken = false;
allowUnfree = true;
packageOverrides = pkgs: with pkgs; {
busyboxStatic = busybox.override {
enableStatic = true;
extraConfig = ''
CONFIG_STATIC y
CONFIG_INSTALL_APPLET_DONT y
CONFIG_INSTALL_APPLET_SYMLINKS n
'';
};
};
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
elfutils elfutils
exfat exfat
@ -16,9 +36,10 @@
wget wget
curl curl
git gitFull
pastebinit pastebinit
gist gist
mr
usbutils usbutils
pciutils pciutils

1
nix/os/profiles/common/system.nix
View file

@ -48,6 +48,7 @@
# Activation scripts for impure set up of paths in / # Activation scripts for impure set up of paths in /
system.activationScripts.bin = '' system.activationScripts.bin = ''
echo "setting up /bin..." echo "setting up /bin..."
mkdir -p /bin
ln -sfT ${pkgs.bash}/bin/bash /bin/.bash ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
mv -Tf /bin/.bash /bin/bash mv -Tf /bin/.bash /bin/bash
''; '';

7
nix/os/profiles/graphical/boot.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib
, ...
}:
{
}

6
nix/os/profiles/graphical/configuration.nix
View file

@ -1,9 +1,11 @@
{ pkgs { pkgs
, ... , ...
}: }:
{ {
imports = [ imports = [
./boot.nix
./system.nix ./system.nix
./hw.nix
]; ];
} }

7
nix/os/profiles/graphical/hw.nix Normal file
View file

@ -0,0 +1,7 @@
{
...
}:
{
hardware.enableAllFirmware = true;
}

28
nix/os/profiles/removable-medium/boot.nix
View file

@ -5,33 +5,5 @@
{ {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
"aes_x86_64"
"aesni_intel"
"cryptd"
];
boot.kernelModules = [
"kvm-intel"
# Workaround for nm-pptp to enforce module load
"nf_conntrack_proto_gre"
"nf_conntrack_pptp"
];
boot.extraModprobeConfig = ''
options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1
options kvm-intel enable_apicv=1
options kvm-intel ept=1
'';
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.loader.systemd-boot.enable = true;
} }

1
nix/os/profiles/removable-medium/hw.nix
View file

@ -3,5 +3,4 @@
{ {
hardware.encryptedDisk.enable = true; hardware.encryptedDisk.enable = true;
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
hardware.trackpoint.emulateWheel = true;
} }

24
nix/os/profiles/removable-medium/pkg.nix
View file

@ -1,27 +1,7 @@
{ {
... ...
}: }:
{ {
imports = [ home-manager.users.steveej = import ../../../home-manager/configuration/graphical-removable.nix;
"${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos"
];
nixpkgs.config = {
allowBroken = false;
allowUnfree = true;
packageOverrides = pkgs: with pkgs; {
busyboxStatic = busybox.override {
enableStatic = true;
extraConfig = ''
CONFIG_STATIC y
CONFIG_INSTALL_APPLET_DONT y
CONFIG_INSTALL_APPLET_SYMLINKS n
'';
};
};
};
home-manager.users.steveej = import ../../../home-manager/configuration/removable-desktop.nix;
} }

24
nix/pkgs/just.nix Normal file
View file

@ -0,0 +1,24 @@
{ rustPlatform
, stdenv
}:
rustPlatform.buildRustPackage rec {
name = "just-${version}";
version = "849cdcb37fb42feb5e8724ec9fb3b34027e0da4f";
src = builtins.fetchGit {
url = "https://github.com/casey/just.git";
rev = version;
};
cargoSha256 = "0awfq9fhcin2q6mvv54xw6i6pxhdp9xa1cpx3jmpf3a6h8l6s9wp";
doCheck = false;
meta = with stdenv.lib; {
description = "Just a command runner ";
homepage = https://github.com/casey/just;
license = licenses.unlicense;
maintainers = [ ];
platforms = platforms.all;
};
}

5
nix/scripts/pre-eval-fixed.sh Executable file
View file

@ -0,0 +1,5 @@
#!/usr/bin/env bash
INFILE="${1:?Please set arg1 to INFILE}"
OUTFILE="${2:?Please set arg2 to OUTFILE}"
hash=$(nix-build ${INFILE} --arg pkgs 'import <nixpkgs> {}' --arg config 'null' 2>&1 | grep -oE '[0-9a-z]{52}' | head -n1)
sed -E "s/0{52}/${hash}/" ${INFILE} > ${OUTFILE}

17
shell.nix Normal file
View file

@ -0,0 +1,17 @@
with import <nixpkgs> {};
let
in
stdenv.mkDerivation {
name = "infra-env";
buildInputs = [
(pkgs.callPackage ./nix/pkgs/just.nix {})
git-crypt
vcsh
gnupg
];
# Set Environment Variables
RUST_BACKTRACE = 1;
}