steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

move all expressions to nix/; include modularized home-manager config

Browse source
This commit is contained in:
steveej 2018-10-31 19:52:39 +01:00
parent d76a7f963b
commit 13bd5e9000
65 changed files with 1726 additions and 511 deletions
Download patch file Download diff file Expand all files Collapse all files

64
nix/os/devices/default.nix Normal file
View file

@ -0,0 +1,64 @@
{ pkgs ? import <nixpkgs> {}
, dir
, rebuildarg ? null
}:
let
diskId = (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId;
in {
rebuild = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
pushd ${dir}
export NIXOS_CONFIG="$PWD"/configuration.nix
export INSTALL_ROOT="/mnt/$ID-root"
[[ -e "''${NIXOS_CONFIG}" ]]
nixos-rebuild -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg}
if test -L result; then
rm result
fi
'';
diskMount = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
ID=${diskId}
echo Mounting $ID
set -xe
cryptsetup luksOpen /dev/disk/by-partlabel/$ID-part3 $ID-part3
vgchange -ay $ID
mkdir -p /mnt/$ID-root
mount /dev/$ID/root /mnt/$ID-root -o subvol=nixos
mount /dev/$ID/root /mnt/$ID-root/home -o subvol=home
mount /dev/disk/by-partlabel/$ID-part2 /mnt/$ID-root/boot
'';
diskUmount = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
ID=${diskId}
umount -R /mnt/$ID-root
rmdir /mnt/$ID-root
vgchange -an $ID
cryptsetup luksClose $ID-part3
sync
'';
diskInstall = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
ID=${diskId}
pushd ${dir}
export NIXOS_CONFIG="$PWD"/configuration.nix
export INSTALL_ROOT="/mnt/$ID-root"
[[ -e "''${NIXOS_CONFIG}" ]]
[[ -e "''${INSTALL_ROOT}" ]]
nixos-install --max-jobs 5 --cores 4 --no-channel-copy --no-root-passwd --root "''${INSTALL_ROOT}"
'';
}

13
nix/os/devices/steveej-laptop/boot.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, pkgs, ... }:
{
# workaround to disable CPU wining
# current CPU has 9 idle cstates.
boot.kernelParams = [ "intel_idle.max_cstate=9" ];
# Workaround for nm-pptp to enforce module load
boot.kernelModules = [
"nf_conntrack_proto_gre"
"nf_conntrack_pptp"
];
}

14
nix/os/devices/steveej-laptop/configuration.nix Normal file
View file

@ -0,0 +1,14 @@
{ ... }:
{
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix
./pkg.nix
./system.nix
./hw.nix
./user.nix
./boot.nix
];
}

67
nix/os/devices/steveej-laptop/hw.nix Normal file
View file

@ -0,0 +1,67 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
nix.maxJobs = 3;
nix.buildCores = 3;
hardware.enableAllFirmware = true;
hardware.trackpoint.emulateWheel = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModprobeConfig = ''
options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1
options kvm-intel enable_apicv=1
options kvm-intel ept=1
'';
boot.extraModulePackages = [ ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/445D-DBAA";
fsType = "vfat";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/948e84dc-5c4f-4051-8a13-efb30155839f";
fsType = "btrfs";
options = [ "subvol=nixos" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/948e84dc-5c4f-4051-8a13-efb30155839f";
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/var/lib/rkt" = {
fsType = "tmpfs";
};
fileSystems."/var/lib/cni" = {
fsType = "tmpfs";
};
swapDevices = [
{ label = "vg0swap"; }
];
boot.loader.grub = {
device = "/dev/sda";
efiSupport = true;
};
boot.initrd.luks.devices = [ {
name = "btrfsroot";
device = "/dev/disk/by-uuid/0e6b5751-0e6d-4de7-84c3-17fe525c4c72";
preLVM = true;
allowDiscards = true;
}
];
}

63
nix/os/devices/steveej-laptop/pkg.nix Normal file
View file

@ -0,0 +1,63 @@
{ config,
pkgs,
... }:
let
gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
unstablepkgs = import <nixos-unstable> {};
in
{
nixpkgs.config = {
allowBroken = false;
allowUnfree = true;
packageOverrides = pkgs: rec {
# libvirt = unstablepkgs.libvirt;
myLinuxPackages = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor
(pkgs.linux_latest.override {
kernelPatches = pkgs.linux_latest.kernelPatches ++ [
{
name = "bfq1";
patch = pkgs.fetchurl {
url = "ftp://teambelgium.net/bfq/patches/4.7.0-v8r3/0001-block-cgroups-kconfig-build-bits-for-BFQ-v7r11-4.7.0.patch";
sha256 = "116jfdgjgmy1fv6kzz7dm1c7rjy1pbsfzzcjv5mgsb7pnaxq3gd6";
};
}
{
name = "bfq2";
patch = pkgs.fetchurl {
url = "ftp://teambelgium.net/bfq/patches/4.7.0-v8r3/0002-block-introduce-the-BFQ-v7r11-I-O-sched-for-4.7.0.patch";
sha256 = "0wjmnym2ycglx42f513n97b45x3xqi33q7z4cs0aiz0zbblm8jql";
};
}
{
name = "bfq3";
patch = pkgs.fetchurl {
url = "ftp://teambelgium.net/bfq/patches/4.7.0-v8r3/0003-block-bfq-add-Early-Queue-Merge-EQM-to-BFQ-v7r11-for.patch";
sha256 = "0898aklynxb9dr0nb0kdhc2incjkjihds9dakxvdy0mwjqr0jd6v";
};
}
{
name = "bfq4";
patch = pkgs.fetchurl {
url = "ftp://teambelgium.net/bfq/patches/4.7.0-v8r3/0004-block-bfq-turn-BFQ-v7r11-for-4.7.0-into-BFQ-v8r3-for.patch";
sha256 = "09ya3g39zk9k3hzjx4fkl60qkxdgzllnx3kk9dyi7lvydmhp4y6v";
};
}
];
extraConfig = ''
BFQ_GROUP_IOSCHED y
IOSCHED_BFQ y
DEFAULT_BFQ y
'';
})
pkgs.linuxPackages_latest
);
};
};
environment.systemPackages = with pkgs; [
];
}

57
nix/os/devices/steveej-laptop/system.nix Normal file
View file

@ -0,0 +1,57 @@
{ config
, lib
, pkgs
, ...
}:
let
unstablepkgs = import <nixos-unstable> {};
in rec {
# The NixOS release to be compatible with for stateful data such as databases.
# system.stateVersion = "unstable";
networking.hostName = "steveej-laptop"; # Define your hostname.
# Used for testing local Tectonic clusters
environment.etc."NetworkManager/dnsmasq.d/tectonic.conf".text = ''
server=/tt.testing/192.168.124.1
server=/tectonic-ci.de/192.168.124.1
server=/tectonic-ci.lan/192.168.124.1
'';
networking.firewall.checkReversePath = false;
networking.bridges."virbr1".interfaces = [];
networking.interfaces."virbr1".ipv4.addresses = [
{ address = "10.254.254.254"; prefixLength = 24; }
];
services.printing = {
enable = true;
drivers = [
pkgs.hplip
unstablepkgs.cups-kyodialog3
unstablepkgs.mfcj6510dwlpr
unstablepkgs.mfcj6510dw-cupswrapper
];
};
services.nix-serve.enable = true;
services.fprintd.enable = true;
security.pam.services = {
login.fprintAuth = true;
sudo.fprintAuth = true;
};
# Kubernetes
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = {
libvirtd.enable = true;
virtualbox.host.enable = true;
virtualbox.host.addNetworkInterface = true;
docker.enable = true;
};
}

18
nix/os/devices/steveej-laptop/user.nix Normal file
View file

@ -0,0 +1,18 @@
{ config
, pkgs
, ... }:
let
inherit (import ../../lib/default.nix { }) mkUser;
in
{
users.extraUsers.steveej2 = mkUser {
uid = 1001;
};
users.extraUsers.steveej3 = mkUser {
uid = 1002;
};
}

12
nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/configuration.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix
../../profiles/removable-medium/configuration.nix
./system.nix
./hw.nix
];
}

5
nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/hw.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }:
{
hardware.encryptedDisk.diskId = "mmc-SL32G_0x259093f6";
}

5
nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/system.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }:
{
networking.hostName = "mmc-sandiskultra32gb"; # Define your hostname.
}

279
nix/os/devices/steveej-utilitepro/configuration.nix Normal file
View file

@ -0,0 +1,279 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
let
passwords = import ../common/passwords.crypt.nix;
in
{
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.03";
nix.maxJobs = 4;
nix.buildCores = 4;
nix.extraOptions = ''
gc-keep-outputs = true
gc-keep-derivations = true
'';
nixpkgs.config = {
packageOverrides = super: let self = super.pkgs; in {
linux_4_1 = super.linux_4_1.override {
kernelPatches = super.linux_4_1.kernelPatches ++ [
{ patch = ./patches/utilitepro-kernel-dts.patch; name = "utilitepro-dts"; }
{ patch = ./patches/utilitepro-kernel-dts-Makefile.patch; name = "utilitepro-dts-Makefile"; }
];
# add "CONFIG_PPP_FILTER y" option to the set of kernel options
extraConfig = ''
BTRFS_FS y
BTRFS_FS_POSIX_ACL y
FUSE_FS y
OVERLAY_FS y
BLK_DEV_DM y
DM_THIN_PROVISIONING y
NAMESPACES y
NET_NS y
PID_NS y
IPC_NS y
UTS_NS y
DEVPTS_MULTIPLE_INSTANCES y
CGROUPS y
CGROUP_CPUACCT y
CGROUP_DEVICE y
CGROUP_FREEZER y
CGROUP_SCHED y
CPUSETS y
MEMCG y
POSIX_MQUEUE y
MACVLAN m
VETH m
BRIDGE m
NF_TABLES m
NETFILTER y
NETFILTER_ADVANCED y
NF_NAT_IPV4 m
IP_NF_FILTER m
IP_NF_TARGET_MASQUERADE m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_CONNTRACK m
NF_NAT m
NF_NAT_NEEDED m
BRIDGE_NETFILTER m
NETFILTER_INGRESS y
NETFILTER_NETLINK m
NETFILTER_NETLINK_ACCT m
NETFILTER_NETLINK_QUEUE m
NETFILTER_NETLINK_LOG m
NETFILTER_SYNPROXY m
NETFILTER_XTABLES m
NETFILTER_XT_MARK m
NETFILTER_XT_CONNMARK m
NETFILTER_XT_SET m
NETFILTER_XT_TARGET_AUDIT m
NETFILTER_XT_TARGET_CHECKSUM m
NETFILTER_XT_TARGET_CLASSIFY m
NETFILTER_XT_TARGET_CONNMARK m
NETFILTER_XT_TARGET_CONNSECMARK m
NETFILTER_XT_TARGET_CT m
NETFILTER_XT_TARGET_DSCP m
NETFILTER_XT_TARGET_HL m
NETFILTER_XT_TARGET_HMARK m
NETFILTER_XT_TARGET_IDLETIMER m
NETFILTER_XT_TARGET_LED m
NETFILTER_XT_TARGET_LOG m
NETFILTER_XT_TARGET_MARK m
NETFILTER_XT_NAT m
NETFILTER_XT_TARGET_NETMAP m
NETFILTER_XT_TARGET_NFLOG m
NETFILTER_XT_TARGET_NFQUEUE m
NETFILTER_XT_TARGET_NOTRACK m
NETFILTER_XT_TARGET_RATEEST m
NETFILTER_XT_TARGET_REDIRECT m
NETFILTER_XT_TARGET_TEE m
NETFILTER_XT_TARGET_TPROXY m
NETFILTER_XT_TARGET_TRACE m
NETFILTER_XT_TARGET_SECMARK m
NETFILTER_XT_TARGET_TCPMSS m
NETFILTER_XT_TARGET_TCPOPTSTRIP m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_BPF m
NETFILTER_XT_MATCH_CGROUP m
NETFILTER_XT_MATCH_CLUSTER m
NETFILTER_XT_MATCH_COMMENT m
NETFILTER_XT_MATCH_CONNBYTES m
NETFILTER_XT_MATCH_CONNLABEL m
NETFILTER_XT_MATCH_CONNLIMIT m
NETFILTER_XT_MATCH_CONNMARK m
NETFILTER_XT_MATCH_CONNTRACK m
NETFILTER_XT_MATCH_CPU m
NETFILTER_XT_MATCH_DCCP m
NETFILTER_XT_MATCH_DEVGROUP m
NETFILTER_XT_MATCH_DSCP m
NETFILTER_XT_MATCH_ECN m
NETFILTER_XT_MATCH_ESP m
NETFILTER_XT_MATCH_HASHLIMIT m
NETFILTER_XT_MATCH_HELPER m
NETFILTER_XT_MATCH_HL m
NETFILTER_XT_MATCH_IPCOMP m
NETFILTER_XT_MATCH_IPRANGE m
NETFILTER_XT_MATCH_IPVS m
NETFILTER_XT_MATCH_L2TP m
NETFILTER_XT_MATCH_LENGTH m
NETFILTER_XT_MATCH_LIMIT m
NETFILTER_XT_MATCH_MAC m
NETFILTER_XT_MATCH_MARK m
NETFILTER_XT_MATCH_MULTIPORT m
NETFILTER_XT_MATCH_NFACCT m
NETFILTER_XT_MATCH_OSF m
NETFILTER_XT_MATCH_OWNER m
NETFILTER_XT_MATCH_POLICY m
NETFILTER_XT_MATCH_PHYSDEV m
NETFILTER_XT_MATCH_PKTTYPE m
NETFILTER_XT_MATCH_QUOTA m
NETFILTER_XT_MATCH_RATEEST m
NETFILTER_XT_MATCH_REALM m
NETFILTER_XT_MATCH_RECENT m
NETFILTER_XT_MATCH_SCTP m
NETFILTER_XT_MATCH_SOCKET m
NETFILTER_XT_MATCH_STATE m
NETFILTER_XT_MATCH_STATISTIC m
NETFILTER_XT_MATCH_STRING m
NETFILTER_XT_MATCH_TCPMSS m
NETFILTER_XT_MATCH_TIME m
NETFILTER_XT_MATCH_U32 m
MEMCG_KMEM y
MEMCG_SWAP y
MEMCG_SWAP_ENABLED y
BLK_CGROUP y
IOSCHED_CFQ y
BLK_DEV_THROTTLING y
CGROUP_PERF y
CGROUP_HUGETLB y
NET_CLS_CGROUP y
CGROUP_NET_PRIO y
CFS_BANDWIDTH y
FAIR_GROUP_SCHED y
RT_GROUP_SCHED y
EXT3_FS y
EXT3_FS_XATTR y
EXT3_FS_POSIX_ACL y
EXT3_FS_SECURITY y
PPP_FILTER y
HAVE_IMX_ANATOP y
HAVE_IMX_GPC y
HAVE_IMX_MMDC y
HAVE_IMX_SRC y
SOC_IMX6 y
SOC_IMX6Q y
SOC_IMX6SL y
PCI_IMX6 y
ARM_IMX6Q_CPUFREQ y
IMX_WEIM y
AHCI_IMX y
SERIAL_IMX y
SERIAL_IMX_CONSOLE y
I2C_IMX y
SPI_IMX y
PINCTRL_IMX y
PINCTRL_IMX6Q y
PINCTRL_IMX6SL y
POWER_RESET_IMX y
IMX_THERMAL y
IMX2_WDT y
IMX_IPUV3_CORE y
DRM_IMX y
DRM_IMX_FB_HELPER y
DRM_IMX_PARALLEL_DISPLAY y
DRM_IMX_TVE y
DRM_IMX_LDB y
DRM_IMX_IPUV3 y
DRM_IMX_HDMI y
MMC_SDHCI_ESDHC_IMX y
IMX_SDMA y
PWM_IMX y
DEBUG_IMX6Q_UART y
'';
};
# pkgs.linux_4_2 = "/nix/store/jc1h6mcc6sq420q2i572qba4b0xzw4gm-linux-4.3-armv7l-unknown-linux-gnueabi";
};
allowUnfree = true;
};
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.hostName = "steveej-utilitepro"; # Define your hostname.
#networking.wireless.enable = true; # Enables wireless support viawpa_supplicant.
boot.kernelPackages = pkgs.linuxPackages_4_1;
boot.extraKernelParams = [
"cm_fx6_v4l_msize=128M"
"vmalloc=256M"
"root=/dev/sda3"
"rootflags=subvol=nixos"
"console=ttymxc3,115200"
];
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.grub.enable = false;
# Select internationalisation properties.
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search by name, run:
environment.systemPackages = with pkgs; [
iptables
wget
vim
sshfsFuse
pastebinit
git
];
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.permitRootLogin = "yes";
# Disable CUPS to print documents.
services.printing.enable = false;
users.mutableUsers = false;
users.extraUsers.root = {
hashedPassword = passwords.users.root;
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
};
users.extraUsers.steveej = {
uid = 1000;
isNormalUser = true;
home = "/home/steveej";
extraGroups = [ "wheel" "libvirtd" ];
hashedPassword = passwords.users.steveej;
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
};
networking.firewall.enable = false;
networking.useNetworkd = true;
}

27
nix/os/devices/steveej-utilitepro/hardware-configuration.nix Normal file
View file

@ -0,0 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
hardware.enableAllFirmware = true;
fileSystems."/" =
{ device = "/dev/disk/by-uuid/09d1e4a2-d57b-4de8-a42b-671c4c188367";
fsType = "btrfs";
options = "subvol=nixos";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/f1e7e913-93a0-4258-88f9-f65041d91d66";
};
swapDevices = [ ];
}

13
nix/os/devices/steveej-utilitepro/patches/utilitepro-kernel-dts-Makefile.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
index 992736b..6ff9735 100644
--- a/arch/arm/boot/dts/Makefile
+++ b/arch/arm/boot/dts/Makefile
@@ -296,6 +296,8 @@ dtb-$(CONFIG_SOC_IMX6Q) += \
imx6q-sabreauto.dtb \
imx6q-sabrelite.dtb \
imx6q-sabresd.dtb \
+ imx6q-sbc-fx6.dtb \
+ imx6q-sbc-fx6m.dtb \
imx6q-sbc6x.dtb \
imx6q-tbs2910.dtb \
imx6q-tx6q-1010.dtb \

1920
nix/os/devices/steveej-utilitepro/patches/utilitepro-kernel-dts.patch Normal file
View file

File diff suppressed because it is too large Load diff