steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

format and change

Browse source
This commit is contained in:
steveej 2023-02-07 18:23:51 +01:00
parent 882ff4e5e9
commit 28c116337c
181 changed files with 2748 additions and 2578 deletions
Download patch file Download diff file Expand all files Collapse all files

72
nix/os/containers/backup-target.nix
View file

@ -1,9 +1,19 @@
{ hostAddress, localAddress, containerBackupCfg
, sshPort ? containerBackupCfg.portInt, autoStart ? false }: {
config = { config, pkgs, lib, ... }: {
{
hostAddress,
localAddress,
containerBackupCfg,
sshPort ? containerBackupCfg.portInt,
autoStart ? false,
}: {
config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "22.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false;
@ -23,30 +33,32 @@
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNI3H0BRSYOZ/MbTs9J80doJwSd1HymFOP5quNt0J48vxZ5FPVrT2FHpQiNrCcYbCKRsU4X8AiGUHiXC0PapQQ3JDkqp6WZoqBNDx6BI7RadyH1TqVQPlou3pQmCAogzfBInruR53YTDmQqXiPwfM0okPOXgiBNjDfZXOX4+CyUfkmZZwASoicTInqWGkn1sFnh4tyXIkgWflg0njlVmfkVvH71+evvKLYHtoNpVXazkQ0SXbyuW5f3mSta7TNkpC3HbBm+4n+WxYGySrlRLWQhTo+aoWUKk9h5zvECDNpwRtbqzt+bA9nKrdg180ceu8hruwvWNiC6PPA2GW9Z1+VKROviGu1C3dliE/pPCBtK+ZoRVv2CGE+pmAuQsB9Nif9tk5tY6HJhuLNxKYiMfQkiLsDYv6KdZXUIVK/4BIDkZuQNnjhdOQBLnea0ANOhutA9gnjxnsd3UT6ovfazg5gud7n3u4yBtzjTkRrqWZ63eM1NmUVOgMWHQ715pV+hJfOFGqzRBEe3g/p3bWNgpROBYJbG1H8l9DN7emG4FGWsb1HeNFwQ5lS0Zsezb7qzahr4vSmHNugVw7w8ONt5dPbPI9wQnWvkkuHH76P/NYy6OC6lHrN1rXyA1okqdPr06YAZnCot+Pqdgn/ijxgp06J3dtkhin+Q7PoQbGff3ERIw== bkp"
];
packages = with pkgs; [ btrfs-progs ];
packages = with pkgs; [btrfs-progs];
isSystemUser = true;
};
security.sudo = {
enable = true;
extraRules = [{
users = [ "bkp" ];
commands = [
{
command = "/etc/profiles/per-user/bkp/bin/btrfs";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/readlink";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/test";
options = [ "NOPASSWD" ];
}
];
}];
extraRules = [
{
users = ["bkp"];
commands = [
{
command = "/etc/profiles/per-user/bkp/bin/btrfs";
options = ["NOPASSWD"];
}
{
command = "/run/current-system/sw/bin/readlink";
options = ["NOPASSWD"];
}
{
command = "/run/current-system/sw/bin/test";
options = ["NOPASSWD"];
}
];
}
];
};
};
@ -59,15 +71,17 @@
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [{
# ssh
containerPort = 22;
hostPort = sshPort;
protocol = "tcp";
}];
forwardPorts = [
{
# ssh
containerPort = 22;
hostPort = sshPort;
protocol = "tcp";
}
];
inherit hostAddress localAddress;
}

51
nix/os/containers/backup.nix
View file

@ -1,17 +1,20 @@
{ config, hostAddress, localAddress, subvolumes, targetPathSuffix ? ""
, autoStart ? false }:
let
{
config,
hostAddress,
localAddress,
subvolumes,
targetPathSuffix ? "",
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix;
subvolumeParentDir = "/var/lib/container-volumes";
in {
config = { pkgs, ... }: {
config = {pkgs, ...}: {
system.stateVersion = "20.03"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
environment.systemPackages = with pkgs; [ btrfs-progs btrbk ];
environment.systemPackages = with pkgs; [btrfs-progs btrbk];
networking.firewall.enable = true;
@ -19,13 +22,13 @@ in {
enable = true;
description = "bkp-sync service";
serviceConfig = { Type = "oneshot"; };
serviceConfig = {Type = "oneshot";};
after = [ "bkp-run.service" ];
after = ["bkp-run.service"];
requires = [ "bkp-run.service" ];
requires = ["bkp-run.service"];
path = with pkgs; [ utillinux ];
path = with pkgs; [utillinux];
script = ''
set -x
true
@ -36,11 +39,11 @@ in {
enable = true;
description = "bkp-run";
serviceConfig = { Type = "oneshot"; };
serviceConfig = {Type = "oneshot";};
partOf = [ "bkp-sync.service" ];
partOf = ["bkp-sync.service"];
path = with pkgs; [ btrfs-progs btrbk coreutils ];
path = with pkgs; [btrfs-progs btrbk coreutils];
script = let
btrbkConf = pkgs.writeText "cfg" ''
@ -60,7 +63,7 @@ in {
volume ${subvolumeParentDir}
target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix}
${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") ""
subvolumes}
subvolumes}
'';
in ''
#! ${pkgs.bash}/bin/bash
@ -73,7 +76,7 @@ in {
systemd.timers."bkp" = {
description = "Timer to trigger bkp periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
wantedBy = ["timer.target" "multi-user.target"];
timerConfig = {
# Obtained using `systemd-analyze calendar "Wed 23:00"`
# OnCalendar = "Wed *-*-* 23:00:00";
@ -104,15 +107,17 @@ in {
};
};
allowedDevices = [{
node = "/dev/fuse";
modifier = "rw";
}];
allowedDevices = [
{
node = "/dev/fuse";
modifier = "rw";
}
];
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [ ];
forwardPorts = [];
inherit hostAddress localAddress;
}

29
nix/os/containers/ipxe.nix
View file

@ -1,9 +1,18 @@
{ hostAddress, localAddress, httpPort ? 80, httpsPort ? 443 }:
let passwords = import ../../variables/passwords.crypt.nix;
{
hostAddress,
localAddress,
httpPort ? 80,
httpsPort ? 443,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in {
config = { config, pkgs, lib, ... }: {
imports = [ ../profiles/containers/configuration.nix ];
config = {
config,
pkgs,
lib,
...
}: {
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false;
@ -48,7 +57,7 @@ in {
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
locations."/fi" = { index = "index.php"; };
locations."/fi" = {index = "index.php";};
locations."~ ^(.+.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$;
@ -57,13 +66,12 @@ in {
fastcgi_index index.php;
'';
locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; };
locations."/hedgedoc/" = {proxyPass = "http://127.0.0.1:3000/";};
locations."/hedgedoc/socket.io/" = {
proxyPass = "http://127.0.0.1:3000/socket.io/";
proxyWebsockets = true;
};
};
services.phpfpm.pools.mypool = {
@ -78,14 +86,13 @@ in {
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
"php_admin_value[error_reporting]" =
"E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
"php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
};
};
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
systemd.services."phpfpm-mypool" = {
serviceConfig = { Type = lib.mkForce "simple"; };
serviceConfig = {Type = lib.mkForce "simple";};
};
services.mysql = {

34
nix/os/containers/mailserver.nix
View file

@ -1,15 +1,16 @@
{ hostAddress, localAddress, imapsPort ? 993, sievePort ? 4190
, autoStart ? false }:
let passwords = import ../../variables/passwords.crypt.nix;
{
hostAddress,
localAddress,
imapsPort ? 993,
sievePort ? 4190,
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in {
config = { pkgs, ... }: {
config = {pkgs, ...}: {
system.stateVersion = "21.11"; # Did you read the comment?
imports =
[ ../profiles/containers/configuration.nix ../profiles/common/user.nix ];
imports = [../profiles/containers/configuration.nix ../profiles/common/user.nix];
networking.firewall.enable = false;
@ -21,8 +22,8 @@ in {
services.dovecot2 = {
enable = true;
modules = [ pkgs.dovecot_pigeonhole ];
protocols = [ "sieve" ];
modules = [pkgs.dovecot_pigeonhole];
protocols = ["sieve"];
enableImap = true;
enableLmtp = true;
@ -51,7 +52,6 @@ in {
mail_max_userip_connections = 64
}
'';
};
environment.etc."dovecot/users".text = ''
@ -60,13 +60,13 @@ in {
systemd.services.steveej-getmail-stefanjunker = {
enable = true;
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
serviceConfig.User = "steveej";
serviceConfig.Group = "dovecot2";
serviceConfig.RestartSec = 600;
serviceConfig.Restart = "always";
description = "Getmail service";
path = [ pkgs.getmail6 ];
path = [pkgs.getmail6];
script = let
rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
[options]
@ -93,11 +93,11 @@ in {
systemd.services.steveej-getmail-webde = {
enable = true;
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
serviceConfig.User = "steveej";
serviceConfig.Group = "dovecot2";
description = "Getmail service";
path = [ pkgs.getmail6 ];
path = [pkgs.getmail6];
serviceConfig.RestartSec = 1000;
serviceConfig.Restart = "always";
script = let
@ -139,7 +139,7 @@ in {
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [

20
nix/os/containers/syncthing.nix
View file

@ -1,12 +1,18 @@
{ hostAddress, localAddress, syncthingPort ? 22000
, syncthingLocalAnnouncePort ? 21027, autoStart ? false }:
{
config = { config, pkgs, ... }: {
hostAddress,
localAddress,
syncthingPort ? 22000,
syncthingLocalAnnouncePort ? 21027,
autoStart ? false,
}: {
config = {
config,
pkgs,
...
}: {
system.stateVersion = "20.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
@ -30,7 +36,7 @@
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [

33
nix/os/containers/webserver.nix
View file

@ -1,12 +1,21 @@
{ hostAddress, localAddress, httpPort ? 80, httpsPort ? 443, autoStart ? false
}:
let passwords = import ../../variables/passwords.crypt.nix;
{
hostAddress,
localAddress,
httpPort ? 80,
httpsPort ? 443,
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in {
config = { config, pkgs, lib, ... }: {
config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "22.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false;
@ -51,7 +60,7 @@ in {
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
locations."/fi" = { index = "index.php"; };
locations."/fi" = {index = "index.php";};
locations."~ ^(.+.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$;
@ -60,13 +69,12 @@ in {
fastcgi_index index.php;
'';
locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; };
locations."/hedgedoc/" = {proxyPass = "http://127.0.0.1:3000/";};
locations."/hedgedoc/socket.io/" = {
proxyPass = "http://127.0.0.1:3000/socket.io/";
proxyWebsockets = true;
};
};
services.phpfpm.pools.mypool = {
@ -81,14 +89,13 @@ in {
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
"php_admin_value[error_reporting]" =
"E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
"php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
};
};
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
systemd.services."phpfpm-mypool" = {
serviceConfig = { Type = lib.mkForce "simple"; };
serviceConfig = {Type = lib.mkForce "simple";};
};
services.mysql = {
@ -146,7 +153,7 @@ in {
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [

6
nix/os/devices/167.233.1.14/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiSupport = lib.mkForce false;
boot.extraModulePackages = [ ];
boot.extraModulePackages = [];
}

6
nix/os/devices/167.233.1.14/configuration.nix
View file

@ -1,7 +1,5 @@
{ ... }:
{
disabledModules = [ ];
{...}: {
disabledModules = [];
imports = [
../../profiles/common/configuration.nix

14
nix/os/devices/167.233.1.14/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"virtio_balloon"
"virtio_scsi"
@ -17,7 +15,6 @@ let
"pata_acpi"
"ata_generic"
];
in {
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02";
@ -27,21 +24,20 @@ in {
fileSystems."/" = {
device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
fsType = "btrfs";
options = [ "subvol=root" ];
options = ["subvol=root"];
neededForBoot = true;
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
fsType = "btrfs";
options = [ "subvol=home" ];
options = ["subvol=home"];
neededForBoot = true;
};
swapDevices =
[{ device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; }];
swapDevices = [{device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d";}];
boot.loader.grub = { device = "/dev/vda"; };
boot.loader.grub = {device = "/dev/vda";};
boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;

50
nix/os/devices/167.233.1.14/pkg.nix
View file

@ -1,29 +1,35 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
extraPackages = [
# required by vscode's remote-ssh plugin
pkgs.nodejs
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
extraPackages = [
# required by vscode's remote-ssh plugin
pkgs.nodejs
# allow clipboard exchanges
pkgs.xsel
pkgs.xclip
];
};
# allow clipboard exchanges
pkgs.xsel
pkgs.xclip
];
};
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}];
nix.buildMachines = [
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
}

39
nix/os/devices/167.233.1.14/system.nix
View file

@ -1,9 +1,12 @@
{ pkgs, lib, config, ... }:
let keys = import ../../../variables/keys.nix;
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in {
nix.binaryCaches = [ "https://cache.holo.host" ];
nix.binaryCaches = ["https://cache.holo.host"];
nix.binaryCachePublicKeys = [
"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
@ -26,11 +29,13 @@ in {
networking.interfaces.eth0 = {
mtu = 1400;
useDHCP = false;
ipv4.addresses = [{
"address" = "167.233.1.14";
"prefixLength" = 29;
}];
ipv6.addresses = [ ];
ipv4.addresses = [
{
"address" = "167.233.1.14";
"prefixLength" = 29;
}
];
ipv6.addresses = [];
};
networking.defaultGateway = {
@ -43,11 +48,11 @@ in {
interface = "eth0";
};
networking.nameservers = [ "1.1.1.1" ];
networking.nameservers = ["1.1.1.1"];
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
internalInterfaces = ["ve-+"];
externalInterface = "eth0";
};
@ -55,7 +60,7 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = { docker.enable = true; };
virtualisation = {docker.enable = true;};
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
@ -63,18 +68,18 @@ in {
systemd.services."sshd-status" = {
enable = true;
description = "sshd-status service";
path = [ pkgs.systemd ];
path = [pkgs.systemd];
script = ''
systemctl status sshd | grep -i tasks
'';
};
systemd.services.sshd.serviceConfig = { TasksMax = 32; };
systemd.services.sshd.serviceConfig = {TasksMax = 32;};
systemd.timers."sshd-status" = {
description = "Timer to trigger sshd-status periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
wantedBy = ["timer.target" "multi-user.target"];
timerConfig = {
OnActiveSec = "360s";
OnUnitActiveSec = "360s";
@ -83,7 +88,7 @@ in {
};
};
nix.gc = { automatic = true; };
nix.gc = {automatic = true;};
networking.useHostResolvConf = true;

1
nix/os/devices/167.233.1.14/versions.nix
View file

@ -4,7 +4,6 @@ let
ref = "nixos-21.11";
rev = "e34c5379866833f41e2a36f309912fa675d687c7";
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

1
nix/os/devices/167.233.1.14/versions.tmpl.nix
View file

@ -6,7 +6,6 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

61
nix/os/devices/default.nix
View file

@ -1,15 +1,20 @@
{ dir, pkgs ? import <channels-nixos-stable> { }
, ownLib ? import ../lib/default.nix { }, gitRoot ?
"$(git rev-parse --show-toplevel)"
{
dir,
pkgs ? import <channels-nixos-stable> {},
ownLib ? import ../lib/default.nix {},
gitRoot ? "$(git rev-parse --show-toplevel)",
# FIXME: why do these need explicit mentioning?
, moreargs ? "", rebuildarg ? "", ... }@args:
let
rebuildargsSudo = [ "switch" "boot" ];
rebuild = { gitRoot, rebuildarg ? "dry-activate", moreargs ? ""
, ... }:
moreargs ? "",
rebuildarg ? "",
...
} @ args: let
rebuildargsSudo = ["switch" "boot"];
rebuild = {
gitRoot,
rebuildarg ? "dry-activate",
moreargs ? "",
...
}:
pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
@ -23,23 +28,27 @@ let
rm result
fi
${if (builtins.elem rebuildarg rebuildargsSudo)
&& (builtins.match ".*--target-host.*" moreargs) == null then
"sudo -E \\"
else
""}
${
if
(builtins.elem rebuildarg rebuildargsSudo)
&& (builtins.match ".*--target-host.*" moreargs) == null
then "sudo -E \\"
else ""
}
nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs}
'';
in {
recipes = {
rebuild = rebuild {
inherit gitRoot;
inherit moreargs;
inherit rebuildarg;
recipes =
{
rebuild =
rebuild {
inherit gitRoot;
inherit moreargs;
inherit rebuildarg;
}
# // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
# // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
;
}
# // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
# // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
;
} // (import ./disk.nix (args // { inherit pkgs ownLib gitRoot; }));
// (import ./disk.nix (args // {inherit pkgs ownLib gitRoot;}));
}

43
nix/os/devices/disk.nix
View file

@ -1,13 +1,24 @@
{ pkgs, ownLib, dir, gitRoot, diskId ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{ }).hardware.opinionatedDisk.diskId, encrypted ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{ }).hardware.opinionatedDisk.encrypted, previousDiskId ? ""
, ... }:
let mntRootVol = "/mnt/${diskId}-root";
{
pkgs,
ownLib,
dir,
gitRoot,
diskId ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{})
.hardware
.opinionatedDisk
.diskId,
encrypted ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{})
.hardware
.opinionatedDisk
.encrypted,
previousDiskId ? "",
...
}: let
mntRootVol = "/mnt/${diskId}-root";
in rec {
diskMount = pkgs.writeScript "script" ''
#!/usr/bin/env bash
@ -177,12 +188,12 @@ in rec {
if test "${previousDiskId}"; then
${
pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''
}
pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''
}
sync
sleep 1
if sudo vgs ${previousDiskId}; then

4
nix/os/devices/elias-e525/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

4
nix/os/devices/elias-e525/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix

4
nix/os/devices/elias-e525/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;

23
nix/os/devices/elias-e525/pkg.nix
View file

@ -1,6 +1,8 @@
{ pkgs, lib, ... }:
let
{
pkgs,
lib,
...
}: let
homeEnv = keyboard: {
imports = [
(import ../../../home-manager/configuration/graphical-gnome3.nix {
@ -18,13 +20,14 @@ let
jitsi
];
};
in {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) {
@ -39,19 +42,19 @@ in {
home-manager.users.steveej = homeEnv {
layout = "en";
options = [ "nodeadkey" ];
options = ["nodeadkey"];
variant = "altgr-intl";
};
home-manager.users.elias = homeEnv {
layout = "de";
options = [ ];
options = [];
variant = "";
};
home-manager.users.justyna = homeEnv {
layout = "de";
options = [ ];
options = [];
variant = "";
};

17
nix/os/devices/elias-e525/system.nix
View file

@ -1,7 +1,9 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
in {
# TASK: new device
networking.hostName = "elias-e525"; # Define your hostname.
@ -17,7 +19,7 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [ mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
drivers = with pkgs; [mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
};
services.fprintd.enable = true;
@ -41,10 +43,9 @@ in {
# udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
};
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.videoDrivers = ["modesetting"];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

11
nix/os/devices/elias-e525/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.elias = mkUser {
uid = 1001;

3
nix/os/devices/elias-e525/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

3
nix/os/devices/elias-e525/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

4
nix/os/devices/fwhost1/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

4
nix/os/devices/fwhost1/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

5
nix/os/devices/fwhost1/hw.nix
View file

@ -1,7 +1,4 @@
{ ... }:
let
{...}: let
in {
# TASK: new device
hardware.opinionatedDisk = {

21
nix/os/devices/fwhost1/pkg.nix
View file

@ -1,18 +1,17 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
environment.systemPackages = with pkgs; [ iw wirelesstools ];
environment.systemPackages = with pkgs; [iw wirelesstools];
system.stateVersion = "21.11";
}

45
nix/os/devices/fwhost1/system.nix
View file

@ -1,10 +1,12 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix;
in {
# TASK: new device
networking.hostName = "fwhost1"; # Define your hostname.
@ -19,34 +21,40 @@ in {
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
networking.bridges.breth.interfaces = [ "eth0" "eth1" ];
networking.bridges.breth.interfaces = ["eth0" "eth1"];
networking.bridges.breth.rstp = true;
networking.defaultGateway.address = "172.172.171.10";
networking.nameservers = [ "172.172.171.10" ];
networking.nameservers = ["172.172.171.10"];
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{
address = "192.168.0.15";
prefixLength = 24;
}];
networking.interfaces.wan1.ipv4.addresses = [
{
address = "192.168.0.15";
prefixLength = 24;
}
];
networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{
address = "172.16.0.15";
prefixLength = 12;
}];
networking.interfaces.wan2.ipv4.addresses = [
{
address = "172.16.0.15";
prefixLength = 12;
}
];
# Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{
address = "172.172.171.15";
prefixLength = 24;
}];
networking.interfaces.lan.ipv4.addresses = [
{
address = "172.172.171.15";
prefixLength = 24;
}
];
networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth";
@ -77,4 +85,3 @@ in {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

13
nix/os/devices/fwhost1/user.nix
View file

@ -1,8 +1,9 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
in { }
inherit (import ../../lib/default.nix {}) mkUser;
in {}

3
nix/os/devices/fwhost1/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

3
nix/os/devices/fwhost1/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

4
nix/os/devices/fwhost2/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

4
nix/os/devices/fwhost2/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

5
nix/os/devices/fwhost2/hw.nix
View file

@ -1,7 +1,4 @@
{ ... }:
let
{...}: let
in {
# TASK: new device
hardware.opinionatedDisk = {

21
nix/os/devices/fwhost2/pkg.nix
View file

@ -1,18 +1,17 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
environment.systemPackages = with pkgs; [ iw wirelesstools ];
environment.systemPackages = with pkgs; [iw wirelesstools];
system.stateVersion = "21.11";
}

46
nix/os/devices/fwhost2/system.nix
View file

@ -1,10 +1,13 @@
{ pkgs, lib, config, utils, ... }:
let
{
pkgs,
lib,
config,
utils,
...
}: let
keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix;
in {
# TASK: new device
networking.hostName = "fwhost2"; # Define your hostname.
@ -19,34 +22,40 @@ in {
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
networking.bridges.breth.interfaces = [ "eth0" "eth1" ];
networking.bridges.breth.interfaces = ["eth0" "eth1"];
networking.bridges.breth.rstp = true;
networking.defaultGateway.address = "172.172.171.10";
networking.nameservers = [ "172.172.171.10" ];
networking.nameservers = ["172.172.171.10"];
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{
address = "192.168.0.16";
prefixLength = 24;
}];
networking.interfaces.wan1.ipv4.addresses = [
{
address = "192.168.0.16";
prefixLength = 24;
}
];
networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{
address = "172.16.0.16";
prefixLength = 12;
}];
networking.interfaces.wan2.ipv4.addresses = [
{
address = "172.16.0.16";
prefixLength = 12;
}
];
# Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{
address = "172.172.171.16";
prefixLength = 24;
}];
networking.interfaces.lan.ipv4.addresses = [
{
address = "172.172.171.16";
prefixLength = 24;
}
];
networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth";
@ -77,4 +86,3 @@ in {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

11
nix/os/devices/fwhost2/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
# users.extraUsers.steveej2 = mkUser {
# uid = 1001;

3
nix/os/devices/fwhost2/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

3
nix/os/devices/fwhost2/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

6
nix/os/devices/srv0.home-ch.stefanjunker.de/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiSupport = true;
boot.extraModulePackages = [ ];
boot.extraModulePackages = [];
}

6
nix/os/devices/srv0.home-ch.stefanjunker.de/configuration.nix
View file

@ -1,7 +1,5 @@
{ ... }:
{
disabledModules = [ ];
{...}: {
disabledModules = [];
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

5
nix/os/devices/srv0.home-ch.stefanjunker.de/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -19,7 +17,6 @@ let
"xhci_hcd"
"xhci_pci"
];
in {
# TASK: new device
hardware.opinionatedDisk = {

36
nix/os/devices/srv0.home-ch.stefanjunker.de/pkg.nix
View file

@ -1,23 +1,29 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}];
nix.buildMachines = [
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
# services.hydra = {
# enable = false;

21
nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix
View file

@ -1,7 +1,10 @@
{ pkgs, lib, config, ... }:
let keys = import ../../../variables/keys.nix;
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in {
# TASK: new device
networking.hostName = "srv0"; # Define your hostname.
@ -34,7 +37,7 @@ in {
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
internalInterfaces = ["ve-+"];
externalInterface = "eth0";
};
@ -42,14 +45,14 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = { docker.enable = true; };
virtualisation = {docker.enable = true;};
nix.gc = { automatic = true; };
nix.gc = {automatic = true;};
networking.useHostResolvConf = false;
services.resolved = { enable = true; };
services.resolved = {enable = true;};
containers = { };
containers = {};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

1
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.nix
View file

@ -4,7 +4,6 @@ let
ref = "nixos-22.05";
rev = "040c6d8374d090f46ab0e99f1f7c27a4529ecffd";
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

1
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.tmpl.nix
View file

@ -6,7 +6,6 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

4
nix/os/devices/steveej-nuc7pjyh-work/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix

4
nix/os/devices/steveej-nuc7pjyh-work/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
# TASK: new device
hardware.encryptedDisk = {
enable = true;

10
nix/os/devices/steveej-nuc7pjyh-work/system.nix
View file

@ -1,9 +1,11 @@
{ pkgs, lib, ... }:
let
{
pkgs,
lib,
...
}: let
in {
services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"'';
users.groups.sgx = { };
users.groups.sgx = {};
networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname.
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest;
}

33
nix/os/devices/steveej-nuc7pjyh-work/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.sjunker = mkUser {
uid = 1001;
@ -13,15 +14,19 @@ in {
image = "quay.io/enarx/fedora";
run_args = "-v /dev/sgx:/dev/sgx";
};
extraGroups = [ "sgx" ];
extraGroups = ["sgx"];
subUidRanges = [{
startUid = 100000;
count = 65536;
}];
subGidRanges = [{
startGid = 100000;
count = 65536;
}];
subUidRanges = [
{
startUid = 100000;
count = 65536;
}
];
subGidRanges = [
{
startGid = 100000;
count = 65536;
}
];
};
}

4
nix/os/devices/steveej-pa600/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

4
nix/os/devices/steveej-pa600/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix

5
nix/os/devices/steveej-pa600/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -9,7 +7,6 @@ let
"xhci_pci"
"hxci_hcd"
];
in {
# TASK: new device
hardware.opinionatedDisk = {

19
nix/os/devices/steveej-pa600/pkg.nix
View file

@ -1,16 +1,15 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
services.teamviewer.enable = true;
system.stateVersion = "20.09";
}

18
nix/os/devices/steveej-pa600/system.nix
View file

@ -1,8 +1,11 @@
{ pkgs, lib, config, ... }:
let keys = import ../../../variables/keys.nix;
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in {
# TASK: new device
networking.hostName = "steveej-pa600"; # Define your hostname.
@ -17,7 +20,7 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
drivers = with pkgs; [hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
};
services.fprintd.enable = true;
@ -26,10 +29,9 @@ in {
sudo.fprintAuth = true;
};
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.videoDrivers = ["modesetting"];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"

11
nix/os/devices/steveej-pa600/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.steveej2 = mkUser {
uid = 1001;

3
nix/os/devices/steveej-pa600/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-20.09";
rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

3
nix/os/devices/steveej-pa600/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

4
nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix

4
nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
# TASK: new device
hardware.encryptedDisk = {
enable = true;

7
nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix
View file

@ -1,6 +1,3 @@
{ ... }:
{
networking.hostName =
"steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname.
{...}: {
networking.hostName = "steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname.
}

12
nix/os/devices/steveej-rmvbl-sdep0/configuration.nix
View file

@ -1,11 +1,11 @@
{ ... }:
{
{...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
imports = [

4
nix/os/devices/steveej-rmvbl-sdep0/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
# TASK: new device
hardware.opinionatedDisk.diskId = "usb-SanDisk_Extreme_Pro_12345978EC62-0:0";
hardware.opinionatedDisk.encrypted = true;

4
nix/os/devices/steveej-rmvbl-sdep0/system.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
networking.hostName = "steveej-rmvbl-sdep0"; # Define your hostname.
system.stateVersion = "21.05";
}

3
nix/os/devices/steveej-rmvbl-sdep0/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
# "channels-nixos-21.05" = {

11
nix/os/devices/steveej-t14/boot.nix
View file

@ -1,7 +1,14 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
# boot.tmpOnTmpfs = lib.mkForce false;
boot.tmpOnTmpfsSize = "100%";
# TODO: make this work
# systemd.tmpfiles.rules = lib.mkForce [ "d /tmp 1777 root root 1d" ];
}

4
nix/os/devices/steveej-t14/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix

5
nix/os/devices/steveej-t14/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"aesni_intel"
"kvm_amd"
@ -10,7 +8,6 @@ let
"thunderbolt"
"e1000e"
];
in {
# TASK: new device
hardware.opinionatedDisk = {

19
nix/os/devices/steveej-t14/pkg.nix
View file

@ -1,16 +1,15 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
services.teamviewer.enable = true;
system.stateVersion = "20.09";
}

37
nix/os/devices/steveej-t14/system.nix
View file

@ -1,30 +1,34 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix;
in {
nix = {
binaryCaches =
[ "https://holochain-ci.cachix.org" "https://cache.holo.host/" ];
binaryCaches = ["https://holochain-ci.cachix.org" "https://cache.holo.host/"];
binaryCachePublicKeys = [
"holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8="
"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
"cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ="
];
settings = { extra-experimental-features = [ "impure-derivations" ]; };
settings.extra-experimental-features = ["impure-derivations"];
settings.system-features = ["recursive-nix"];
};
# TASK: new device
networking.hostName = "steveej-t14"; # Define your hostname.
networking.bridges."virbr1".interfaces = [ ];
networking.interfaces."virbr1".ipv4.addresses = [{
address = "10.254.254.254";
prefixLength = 24;
}];
networking.bridges."virbr1".interfaces = [];
networking.interfaces."virbr1".ipv4.addresses = [
{
address = "10.254.254.254";
prefixLength = 24;
}
];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
@ -40,7 +44,7 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
drivers = with pkgs; [hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
};
services.fprintd.enable = true;
@ -51,7 +55,7 @@ in {
# virtualization
virtualisation = {
libvirtd = { enable = true; };
libvirtd = {enable = true;};
virtualbox.host = {
enable = false;
@ -68,10 +72,9 @@ in {
# client min protocol = NT1
'';
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ];
services.xserver.videoDrivers = lib.mkForce ["amdgpu"];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"

13
nix/os/devices/steveej-t14/user.nix
View file

@ -1,15 +1,16 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.steveej2 = mkUser {
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
};
nix.settings.trusted-users = [ "steveej" ];
nix.settings.trusted-users = ["steveej"];
}

3
nix/os/devices/steveej-t14/versions.nix
View file

@ -5,10 +5,9 @@ let
rev = ''
0218941ea68b4c625533bead7bbb94ccce52dceb'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

3
nix/os/devices/steveej-t14/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

6
nix/os/devices/steveej-t480s-work/configuration.nix
View file

@ -1,7 +1,5 @@
{ ... }:
{
disabledModules = [ "system/boot/initrd-network.nix" ];
{...}: {
disabledModules = ["system/boot/initrd-network.nix"];
imports = [
../../modules/initrd-network.nix

5
nix/os/devices/steveej-t480s-work/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -14,7 +12,6 @@ let
"xhci_pci"
"hxci_hcd"
];
in {
# TASK: new device
hardware.encryptedDisk = {

19
nix/os/devices/steveej-t480s-work/pkg.nix
View file

@ -1,16 +1,15 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
services.teamviewer.enable = true;
system.stateVersion = "19.09";
}

31
nix/os/devices/steveej-t480s-work/system.nix
View file

@ -1,8 +1,11 @@
{ pkgs, lib, config, ... }:
let keys = import ../../../variables/keys.nix;
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in {
# TASK: new device
networking.hostName = "steveej-t480s-work"; # Define your hostname.
@ -18,15 +21,17 @@ in {
networking.firewall.enable = lib.mkForce false;
networking.firewall.checkReversePath = false;
networking.bridges."virbr1".interfaces = [ ];
networking.interfaces."virbr1".ipv4.addresses = [{
address = "10.254.254.254";
prefixLength = 24;
}];
networking.bridges."virbr1".interfaces = [];
networking.interfaces."virbr1".ipv4.addresses = [
{
address = "10.254.254.254";
prefixLength = 24;
}
];
services.printing = {
enable = true;
drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
drivers = with pkgs; [hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
};
services.fprintd.enable = true;
@ -40,7 +45,7 @@ in {
# virtualization
virtualisation = {
libvirtd = { enable = true; };
libvirtd = {enable = true;};
virtualbox.host = {
enable = false;
@ -56,7 +61,7 @@ in {
boot.initrd.network = {
enable = true;
useDHCP = true;
udhcpc.extraArgs = [ "-x hostname:${config.networking.hostName}" ];
udhcpc.extraArgs = ["-x hostname:${config.networking.hostName}"];
ssh = {
enable = true;
@ -73,7 +78,7 @@ in {
../../../../certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt
];
services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.videoDrivers = ["modesetting"];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"

13
nix/os/devices/steveej-t480s-work/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.steveej2 = mkUser {
uid = 1001;
@ -14,6 +15,6 @@ in {
users.extraUsers.steveej3 = mkUser {
uid = 1002;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
shell = pkgs.posh { image = "quay.io/enarx/fedora"; };
shell = pkgs.posh {image = "quay.io/enarx/fedora";};
};
}

3
nix/os/devices/steveej-t480s-work/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-20.09";
rev = "b94726217f7cdc02ddf277b65553762d520da196";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

3
nix/os/devices/steveej-t480s-work/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

372
nix/os/devices/steveej-utilitepro/configuration.nix
View file

@ -1,10 +1,12 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
let passwords = import ../common/passwords.crypt.nix;
{
config,
pkgs,
...
}: let
passwords = import ../common/passwords.crypt.nix;
in {
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.03";
@ -17,12 +19,13 @@ in {
'';
nixpkgs.config = {
packageOverrides = super:
let self = super.pkgs;
in {
linux_4_1 = super.linux_4_1.override {
kernelPatches = super.linux_4_1.kernelPatches ++ [
packageOverrides = super: let
self = super.pkgs;
in {
linux_4_1 = super.linux_4_1.override {
kernelPatches =
super.linux_4_1.kernelPatches
++ [
{
patch = ./patches/utilitepro-kernel-dts.patch;
name = "utilitepro-dts";
@ -32,192 +35,193 @@ in {
name = "utilitepro-dts-Makefile";
}
];
# add "CONFIG_PPP_FILTER y" option to the set of kernel options
extraConfig = ''
BTRFS_FS y
BTRFS_FS_POSIX_ACL y
FUSE_FS y
OVERLAY_FS y
# add "CONFIG_PPP_FILTER y" option to the set of kernel options
extraConfig = ''
BTRFS_FS y
BTRFS_FS_POSIX_ACL y
FUSE_FS y
OVERLAY_FS y
BLK_DEV_DM y
DM_THIN_PROVISIONING y
BLK_DEV_DM y
DM_THIN_PROVISIONING y
NAMESPACES y
NET_NS y
PID_NS y
IPC_NS y
UTS_NS y
DEVPTS_MULTIPLE_INSTANCES y
CGROUPS y
CGROUP_CPUACCT y
CGROUP_DEVICE y
CGROUP_FREEZER y
CGROUP_SCHED y
CPUSETS y
MEMCG y
POSIX_MQUEUE y
NAMESPACES y
NET_NS y
PID_NS y
IPC_NS y
UTS_NS y
DEVPTS_MULTIPLE_INSTANCES y
CGROUPS y
CGROUP_CPUACCT y
CGROUP_DEVICE y
CGROUP_FREEZER y
CGROUP_SCHED y
CPUSETS y
MEMCG y
POSIX_MQUEUE y
MACVLAN m
VETH m
BRIDGE m
MACVLAN m
VETH m
BRIDGE m
NF_TABLES m
NETFILTER y
NETFILTER_ADVANCED y
NF_NAT_IPV4 m
IP_NF_FILTER m
IP_NF_TARGET_MASQUERADE m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_CONNTRACK m
NF_NAT m
NF_NAT_NEEDED m
BRIDGE_NETFILTER m
NETFILTER_INGRESS y
NETFILTER_NETLINK m
NETFILTER_NETLINK_ACCT m
NETFILTER_NETLINK_QUEUE m
NETFILTER_NETLINK_LOG m
NETFILTER_SYNPROXY m
NETFILTER_XTABLES m
NETFILTER_XT_MARK m
NETFILTER_XT_CONNMARK m
NETFILTER_XT_SET m
NETFILTER_XT_TARGET_AUDIT m
NETFILTER_XT_TARGET_CHECKSUM m
NETFILTER_XT_TARGET_CLASSIFY m
NETFILTER_XT_TARGET_CONNMARK m
NETFILTER_XT_TARGET_CONNSECMARK m
NETFILTER_XT_TARGET_CT m
NETFILTER_XT_TARGET_DSCP m
NETFILTER_XT_TARGET_HL m
NETFILTER_XT_TARGET_HMARK m
NETFILTER_XT_TARGET_IDLETIMER m
NETFILTER_XT_TARGET_LED m
NETFILTER_XT_TARGET_LOG m
NETFILTER_XT_TARGET_MARK m
NETFILTER_XT_NAT m
NETFILTER_XT_TARGET_NETMAP m
NETFILTER_XT_TARGET_NFLOG m
NETFILTER_XT_TARGET_NFQUEUE m
NETFILTER_XT_TARGET_NOTRACK m
NETFILTER_XT_TARGET_RATEEST m
NETFILTER_XT_TARGET_REDIRECT m
NETFILTER_XT_TARGET_TEE m
NETFILTER_XT_TARGET_TPROXY m
NETFILTER_XT_TARGET_TRACE m
NETFILTER_XT_TARGET_SECMARK m
NETFILTER_XT_TARGET_TCPMSS m
NETFILTER_XT_TARGET_TCPOPTSTRIP m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_BPF m
NETFILTER_XT_MATCH_CGROUP m
NETFILTER_XT_MATCH_CLUSTER m
NETFILTER_XT_MATCH_COMMENT m
NETFILTER_XT_MATCH_CONNBYTES m
NETFILTER_XT_MATCH_CONNLABEL m
NETFILTER_XT_MATCH_CONNLIMIT m
NETFILTER_XT_MATCH_CONNMARK m
NETFILTER_XT_MATCH_CONNTRACK m
NETFILTER_XT_MATCH_CPU m
NETFILTER_XT_MATCH_DCCP m
NETFILTER_XT_MATCH_DEVGROUP m
NETFILTER_XT_MATCH_DSCP m
NETFILTER_XT_MATCH_ECN m
NETFILTER_XT_MATCH_ESP m
NETFILTER_XT_MATCH_HASHLIMIT m
NETFILTER_XT_MATCH_HELPER m
NETFILTER_XT_MATCH_HL m
NETFILTER_XT_MATCH_IPCOMP m
NETFILTER_XT_MATCH_IPRANGE m
NETFILTER_XT_MATCH_IPVS m
NETFILTER_XT_MATCH_L2TP m
NETFILTER_XT_MATCH_LENGTH m
NETFILTER_XT_MATCH_LIMIT m
NETFILTER_XT_MATCH_MAC m
NETFILTER_XT_MATCH_MARK m
NETFILTER_XT_MATCH_MULTIPORT m
NETFILTER_XT_MATCH_NFACCT m
NETFILTER_XT_MATCH_OSF m
NETFILTER_XT_MATCH_OWNER m
NETFILTER_XT_MATCH_POLICY m
NETFILTER_XT_MATCH_PHYSDEV m
NETFILTER_XT_MATCH_PKTTYPE m
NETFILTER_XT_MATCH_QUOTA m
NETFILTER_XT_MATCH_RATEEST m
NETFILTER_XT_MATCH_REALM m
NETFILTER_XT_MATCH_RECENT m
NETFILTER_XT_MATCH_SCTP m
NETFILTER_XT_MATCH_SOCKET m
NETFILTER_XT_MATCH_STATE m
NETFILTER_XT_MATCH_STATISTIC m
NETFILTER_XT_MATCH_STRING m
NETFILTER_XT_MATCH_TCPMSS m
NETFILTER_XT_MATCH_TIME m
NETFILTER_XT_MATCH_U32 m
NF_TABLES m
NETFILTER y
NETFILTER_ADVANCED y
NF_NAT_IPV4 m
IP_NF_FILTER m
IP_NF_TARGET_MASQUERADE m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_CONNTRACK m
NF_NAT m
NF_NAT_NEEDED m
BRIDGE_NETFILTER m
NETFILTER_INGRESS y
NETFILTER_NETLINK m
NETFILTER_NETLINK_ACCT m
NETFILTER_NETLINK_QUEUE m
NETFILTER_NETLINK_LOG m
NETFILTER_SYNPROXY m
NETFILTER_XTABLES m
NETFILTER_XT_MARK m
NETFILTER_XT_CONNMARK m
NETFILTER_XT_SET m
NETFILTER_XT_TARGET_AUDIT m
NETFILTER_XT_TARGET_CHECKSUM m
NETFILTER_XT_TARGET_CLASSIFY m
NETFILTER_XT_TARGET_CONNMARK m
NETFILTER_XT_TARGET_CONNSECMARK m
NETFILTER_XT_TARGET_CT m
NETFILTER_XT_TARGET_DSCP m
NETFILTER_XT_TARGET_HL m
NETFILTER_XT_TARGET_HMARK m
NETFILTER_XT_TARGET_IDLETIMER m
NETFILTER_XT_TARGET_LED m
NETFILTER_XT_TARGET_LOG m
NETFILTER_XT_TARGET_MARK m
NETFILTER_XT_NAT m
NETFILTER_XT_TARGET_NETMAP m
NETFILTER_XT_TARGET_NFLOG m
NETFILTER_XT_TARGET_NFQUEUE m
NETFILTER_XT_TARGET_NOTRACK m
NETFILTER_XT_TARGET_RATEEST m
NETFILTER_XT_TARGET_REDIRECT m
NETFILTER_XT_TARGET_TEE m
NETFILTER_XT_TARGET_TPROXY m
NETFILTER_XT_TARGET_TRACE m
NETFILTER_XT_TARGET_SECMARK m
NETFILTER_XT_TARGET_TCPMSS m
NETFILTER_XT_TARGET_TCPOPTSTRIP m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_BPF m
NETFILTER_XT_MATCH_CGROUP m
NETFILTER_XT_MATCH_CLUSTER m
NETFILTER_XT_MATCH_COMMENT m
NETFILTER_XT_MATCH_CONNBYTES m
NETFILTER_XT_MATCH_CONNLABEL m
NETFILTER_XT_MATCH_CONNLIMIT m
NETFILTER_XT_MATCH_CONNMARK m
NETFILTER_XT_MATCH_CONNTRACK m
NETFILTER_XT_MATCH_CPU m
NETFILTER_XT_MATCH_DCCP m
NETFILTER_XT_MATCH_DEVGROUP m
NETFILTER_XT_MATCH_DSCP m
NETFILTER_XT_MATCH_ECN m
NETFILTER_XT_MATCH_ESP m
NETFILTER_XT_MATCH_HASHLIMIT m
NETFILTER_XT_MATCH_HELPER m
NETFILTER_XT_MATCH_HL m
NETFILTER_XT_MATCH_IPCOMP m
NETFILTER_XT_MATCH_IPRANGE m
NETFILTER_XT_MATCH_IPVS m
NETFILTER_XT_MATCH_L2TP m
NETFILTER_XT_MATCH_LENGTH m
NETFILTER_XT_MATCH_LIMIT m
NETFILTER_XT_MATCH_MAC m
NETFILTER_XT_MATCH_MARK m
NETFILTER_XT_MATCH_MULTIPORT m
NETFILTER_XT_MATCH_NFACCT m
NETFILTER_XT_MATCH_OSF m
NETFILTER_XT_MATCH_OWNER m
NETFILTER_XT_MATCH_POLICY m
NETFILTER_XT_MATCH_PHYSDEV m
NETFILTER_XT_MATCH_PKTTYPE m
NETFILTER_XT_MATCH_QUOTA m
NETFILTER_XT_MATCH_RATEEST m
NETFILTER_XT_MATCH_REALM m
NETFILTER_XT_MATCH_RECENT m
NETFILTER_XT_MATCH_SCTP m
NETFILTER_XT_MATCH_SOCKET m
NETFILTER_XT_MATCH_STATE m
NETFILTER_XT_MATCH_STATISTIC m
NETFILTER_XT_MATCH_STRING m
NETFILTER_XT_MATCH_TCPMSS m
NETFILTER_XT_MATCH_TIME m
NETFILTER_XT_MATCH_U32 m
MEMCG_KMEM y
MEMCG_SWAP y
MEMCG_SWAP_ENABLED y
BLK_CGROUP y
IOSCHED_CFQ y
BLK_DEV_THROTTLING y
CGROUP_PERF y
CGROUP_HUGETLB y
NET_CLS_CGROUP y
CGROUP_NET_PRIO y
CFS_BANDWIDTH y
FAIR_GROUP_SCHED y
RT_GROUP_SCHED y
EXT3_FS y
EXT3_FS_XATTR y
EXT3_FS_POSIX_ACL y
EXT3_FS_SECURITY y
MEMCG_KMEM y
MEMCG_SWAP y
MEMCG_SWAP_ENABLED y
BLK_CGROUP y
IOSCHED_CFQ y
BLK_DEV_THROTTLING y
CGROUP_PERF y
CGROUP_HUGETLB y
NET_CLS_CGROUP y
CGROUP_NET_PRIO y
CFS_BANDWIDTH y
FAIR_GROUP_SCHED y
RT_GROUP_SCHED y
EXT3_FS y
EXT3_FS_XATTR y
EXT3_FS_POSIX_ACL y
EXT3_FS_SECURITY y
PPP_FILTER y
HAVE_IMX_ANATOP y
HAVE_IMX_GPC y
HAVE_IMX_MMDC y
HAVE_IMX_SRC y
SOC_IMX6 y
SOC_IMX6Q y
SOC_IMX6SL y
PCI_IMX6 y
ARM_IMX6Q_CPUFREQ y
IMX_WEIM y
AHCI_IMX y
SERIAL_IMX y
SERIAL_IMX_CONSOLE y
I2C_IMX y
SPI_IMX y
PINCTRL_IMX y
PINCTRL_IMX6Q y
PINCTRL_IMX6SL y
POWER_RESET_IMX y
IMX_THERMAL y
IMX2_WDT y
IMX_IPUV3_CORE y
DRM_IMX y
DRM_IMX_FB_HELPER y
DRM_IMX_PARALLEL_DISPLAY y
DRM_IMX_TVE y
DRM_IMX_LDB y
DRM_IMX_IPUV3 y
DRM_IMX_HDMI y
MMC_SDHCI_ESDHC_IMX y
IMX_SDMA y
PWM_IMX y
DEBUG_IMX6Q_UART y
PPP_FILTER y
HAVE_IMX_ANATOP y
HAVE_IMX_GPC y
HAVE_IMX_MMDC y
HAVE_IMX_SRC y
SOC_IMX6 y
SOC_IMX6Q y
SOC_IMX6SL y
PCI_IMX6 y
ARM_IMX6Q_CPUFREQ y
IMX_WEIM y
AHCI_IMX y
SERIAL_IMX y
SERIAL_IMX_CONSOLE y
I2C_IMX y
SPI_IMX y
PINCTRL_IMX y
PINCTRL_IMX6Q y
PINCTRL_IMX6SL y
POWER_RESET_IMX y
IMX_THERMAL y
IMX2_WDT y
IMX_IPUV3_CORE y
DRM_IMX y
DRM_IMX_FB_HELPER y
DRM_IMX_PARALLEL_DISPLAY y
DRM_IMX_TVE y
DRM_IMX_LDB y
DRM_IMX_IPUV3 y
DRM_IMX_HDMI y
MMC_SDHCI_ESDHC_IMX y
IMX_SDMA y
PWM_IMX y
DEBUG_IMX6Q_UART y
'';
};
# pkgs.linux_4_2 = "/nix/store/jc1h6mcc6sq420q2i572qba4b0xzw4gm-linux-4.3-armv7l-unknown-linux-gnueabi";
'';
};
# pkgs.linux_4_2 = "/nix/store/jc1h6mcc6sq420q2i572qba4b0xzw4gm-linux-4.3-armv7l-unknown-linux-gnueabi";
};
allowUnfree = true;
};
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
@ -274,7 +278,7 @@ in {
uid = 1000;
isNormalUser = true;
home = "/home/steveej";
extraGroups = [ "wheel" "libvirtd" ];
extraGroups = ["wheel" "libvirtd"];
hashedPassword = passwords.users.steveej;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"

17
nix/os/devices/steveej-utilitepro/hardware-configuration.nix
View file

@ -1,14 +1,17 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
config,
lib,
pkgs,
...
}: {
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
boot.initrd.availableKernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
hardware.enableAllFirmware = true;
@ -21,5 +24,5 @@
device = "/dev/disk/by-uuid/f1e7e913-93a0-4258-88f9-f65041d91d66";
};
swapDevices = [ ];
swapDevices = [];
}

6
nix/os/devices/vmd102066.contaboserver.net/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiSupport = lib.mkForce false;
boot.extraModulePackages = [ ];
boot.extraModulePackages = [];
}

6
nix/os/devices/vmd102066.contaboserver.net/configuration.nix
View file

@ -1,7 +1,5 @@
{ ... }:
{
disabledModules = [ ];
{...}: {
disabledModules = [];
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

5
nix/os/devices/vmd102066.contaboserver.net/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -13,7 +11,6 @@ let
"virtio"
"scsi_mod"
];
in {
# TASK: new device
hardware.opinionatedDisk = {

49
nix/os/devices/vmd102066.contaboserver.net/pkg.nix
View file

@ -1,31 +1,36 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}];
nix.buildMachines = [
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
services.hydra = {
enable = false;
hydraURL = "http://localhost:3000"; # externally visible URL
notificationSender =
"hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service
notificationSender = "hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service
# a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [ ];
buildMachinesFiles = [];
# you will probably also want, otherwise *everything* will be built from scratch
useSubstitutes = true;
};
@ -33,7 +38,7 @@
services.gitlab-runner = {
enable = false;
extraPackages = with pkgs; [ bash gitlab-runner nix gitFull git-crypt ];
extraPackages = with pkgs; [bash gitlab-runner nix gitFull git-crypt];
concurrent = 2;
checkInterval = 0;
@ -41,11 +46,9 @@
nixRunner = {
executor = "shell";
runUntagged = true;
registrationConfigFile =
"/etc/secrets/gitlab-runner/nix-runner.registration";
tagList = [ "nix" ];
registrationConfigFile = "/etc/secrets/gitlab-runner/nix-runner.registration";
tagList = ["nix"];
};
};
};
}

36
nix/os/devices/vmd102066.contaboserver.net/system.nix
View file

@ -1,9 +1,11 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix;
in {
# TASK: new device
networking.hostName = "vmd102066"; # Define your hostname.
@ -24,10 +26,12 @@ in {
networking.interfaces.eth0 = {
useDHCP = true;
ipv6.addresses = [{
address = "2a02:c206:3010:2066::1";
prefixLength = 64;
}];
ipv6.addresses = [
{
address = "2a02:c206:3010:2066::1";
prefixLength = 64;
}
];
};
networking.defaultGateway6 = {
address = "fe80::1";
@ -36,7 +40,7 @@ in {
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
internalInterfaces = ["ve-+"];
externalInterface = "eth0";
};
@ -44,7 +48,7 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = { docker.enable = true; };
virtualisation = {docker.enable = true;};
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
@ -52,18 +56,18 @@ in {
systemd.services."sshd-status" = {
enable = true;
description = "sshd-status service";
path = [ pkgs.systemd ];
path = [pkgs.systemd];
script = ''
systemctl status sshd | grep -i tasks
'';
};
systemd.services.sshd.serviceConfig = { TasksMax = 32; };
systemd.services.sshd.serviceConfig = {TasksMax = 32;};
systemd.timers."sshd-status" = {
description = "Timer to trigger sshd-status periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
wantedBy = ["timer.target" "multi-user.target"];
timerConfig = {
OnActiveSec = "5s";
OnUnitActiveSec = "5s";
@ -72,11 +76,11 @@ in {
};
};
nix.gc = { automatic = true; };
nix.gc = {automatic = true;};
boot.initrd.network = {
enable = true;
udhcpc.extraArgs = [ "-x hostname:${config.networking.hostName}" ];
udhcpc.extraArgs = ["-x hostname:${config.networking.hostName}"];
ssh = {
enable = true;
@ -134,7 +138,7 @@ in {
inherit config;
hostAddress = "192.168.100.16";
localAddress = "192.168.100.17";
subvolumes = [ "mailserver" "webserver" "backup" "syncthing" ];
subvolumes = ["mailserver" "webserver" "backup" "syncthing"];
};
bkpTarget = import ../../containers/backup-target.nix {

1
nix/os/devices/vmd102066.contaboserver.net/versions.nix
View file

@ -4,7 +4,6 @@ let
ref = "nixos-22.05";
rev = "b3a8f7ed267e0a7ed100eb7d716c9137ff120fe3";
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

1
nix/os/devices/vmd102066.contaboserver.net/versions.tmpl.nix
View file

@ -6,7 +6,6 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

6
nix/os/devices/vmd32387.contaboserver.net/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiSupport = lib.mkForce false;
boot.extraModulePackages = [ ];
boot.extraModulePackages = [];
}

6
nix/os/devices/vmd32387.contaboserver.net/configuration.nix
View file

@ -1,7 +1,5 @@
{ ... }:
{
disabledModules = [ ];
{...}: {
disabledModules = [];
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

5
nix/os/devices/vmd32387.contaboserver.net/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -13,7 +11,6 @@ let
"virtio"
"scsi_mod"
];
in {
# TASK: new device
hardware.opinionatedDisk = {

49
nix/os/devices/vmd32387.contaboserver.net/pkg.nix
View file

@ -1,31 +1,36 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}];
nix.buildMachines = [
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
services.hydra = {
enable = false;
hydraURL = "http://localhost:3000"; # externally visible URL
notificationSender =
"hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service
notificationSender = "hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service
# a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [ ];
buildMachinesFiles = [];
# you will probably also want, otherwise *everything* will be built from scratch
useSubstitutes = true;
};
@ -33,7 +38,7 @@
services.gitlab-runner = {
enable = false;
extraPackages = with pkgs; [ bash gitlab-runner nix gitFull git-crypt ];
extraPackages = with pkgs; [bash gitlab-runner nix gitFull git-crypt];
concurrent = 2;
checkInterval = 0;
@ -41,11 +46,9 @@
nixRunner = {
executor = "shell";
runUntagged = true;
registrationConfigFile =
"/etc/secrets/gitlab-runner/nix-runner.registration";
tagList = [ "nix" ];
registrationConfigFile = "/etc/secrets/gitlab-runner/nix-runner.registration";
tagList = ["nix"];
};
};
};
}

36
nix/os/devices/vmd32387.contaboserver.net/system.nix
View file

@ -1,9 +1,11 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix;
in {
# TASK: new device
networking.hostName = "vmd32387"; # Define your hostname.
@ -24,10 +26,12 @@ in {
networking.interfaces.eth0 = {
useDHCP = true;
ipv6.addresses = [{
address = "2a02:c207:3003:2387::1";
prefixLength = 64;
}];
ipv6.addresses = [
{
address = "2a02:c207:3003:2387::1";
prefixLength = 64;
}
];
};
networking.defaultGateway6 = {
address = "fe80::1";
@ -36,7 +40,7 @@ in {
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
internalInterfaces = ["ve-+"];
externalInterface = "eth0";
};
@ -44,7 +48,7 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = { docker.enable = true; };
virtualisation = {docker.enable = true;};
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
@ -52,18 +56,18 @@ in {
systemd.services."sshd-status" = {
enable = true;
description = "sshd-status service";
path = [ pkgs.systemd ];
path = [pkgs.systemd];
script = ''
systemctl status sshd | grep -i tasks
'';
};
systemd.services.sshd.serviceConfig = { TasksMax = 32; };
systemd.services.sshd.serviceConfig = {TasksMax = 32;};
systemd.timers."sshd-status" = {
description = "Timer to trigger sshd-status periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
wantedBy = ["timer.target" "multi-user.target"];
timerConfig = {
OnActiveSec = "5s";
OnUnitActiveSec = "5s";
@ -72,11 +76,11 @@ in {
};
};
nix.gc = { automatic = true; };
nix.gc = {automatic = true;};
boot.initrd.network = {
enable = true;
udhcpc.extraArgs = [ "-x hostname:${config.networking.hostName}" ];
udhcpc.extraArgs = ["-x hostname:${config.networking.hostName}"];
ssh = {
enable = true;
@ -98,7 +102,7 @@ in {
networking.useHostResolvConf = true;
containers = { };
containers = {};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

1
nix/os/devices/vmd32387.contaboserver.net/versions.nix
View file

@ -4,7 +4,6 @@ let
ref = "nixos-22.05";
rev = "b3a8f7ed267e0a7ed100eb7d716c9137ff120fe3";
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

1
nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix
View file

@ -6,7 +6,6 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

29
nix/os/lib/default.nix
View file

@ -1,14 +1,19 @@
{ keys ? import ../../variables/keys.nix
, passwords ? import ../../variables/passwords.crypt.nix }:
{
mkRoot = { }@args:
keys ? import ../../variables/keys.nix,
passwords ? import ../../variables/passwords.crypt.nix,
}: {
mkRoot = {} @ args:
{
hashedPassword = passwords.users.root;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
} // args;
}
// args;
mkUser = { uid, hashedPassword ? passwords.users.steveej, ... }@args:
mkUser = {
uid,
hashedPassword ? passwords.users.steveej,
...
} @ args:
{
inherit uid hashedPassword;
isNormalUser = true;
@ -26,7 +31,8 @@
"adbusers"
];
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
} // args;
}
// args;
disk = rec {
# TODO: verify the GPT PARTLABEL cap at 36 chars
@ -34,7 +40,7 @@
# LVM doesn't allow most characters in VG names
# TODO: replace this with a whitelist for: [a-zA-Z0-9.-_+]
volumeGroup = diskId: builtins.replaceStrings [ ":" ] [ "" ] diskId;
volumeGroup = diskId: builtins.replaceStrings [":"] [""] diskId;
# This is important at install-time
bootGrubDevice = diskId: "/dev/disk/by-id/" + diskId;
@ -52,9 +58,8 @@
luksName = diskId: (volumeGroup diskId) + "pv";
luksPhysicalVolume = diskId: "/dev/mapper/" + (luksName diskId);
lvmPv = diskId: encrypted:
if encrypted == true then
luksPhysicalVolume diskId
else
bootLuksDevice diskId;
if encrypted == true
then luksPhysicalVolume diskId
else bootLuksDevice diskId;
};
}

17
nix/os/modules/ddclient-ovh.nix
View file

@ -1,15 +1,15 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
cfg = config.services.ddclientovh;
passwords = import ../../variables/passwords.crypt.nix;
in {
options.services.ddclientovh = with lib; {
enable = mkEnableOption "Enable ddclient-ovh";
domain = mkOption { type = types.str; };
domain = mkOption {type = types.str;};
};
config = lib.mkIf cfg.enable {
@ -18,10 +18,11 @@ in {
protocol = "dyndns2";
server = "www.ovh.com";
ssl = true;
domains = [ cfg.domain ];
domains = [cfg.domain];
use = "web";
inherit (passwords.dyndns.${cfg.domain}) username;
passwordFile = builtins.toFile passwords.dyndns._filename
passwordFile =
builtins.toFile passwords.dyndns._filename
passwords.dyndns.${cfg.domain}.password;
};
};

31
nix/os/modules/initrd-network.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
with lib;
let
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.boot.initrd.network;
udhcpcScript = pkgs.writeScript "udhcp-script" ''
@ -24,11 +25,8 @@ let
'';
udhcpcArgs = toString cfg.udhcpc.extraArgs;
in {
options = {
boot.initrd.network.enable = mkOption {
type = types.bool;
default = false;
@ -48,7 +46,7 @@ in {
};
boot.initrd.network.udhcpc.extraArgs = mkOption {
default = [ ];
default = [];
type = types.listOf types.str;
description = ''
Additional command-line arguments passed verbatim to udhcpc if
@ -73,14 +71,12 @@ in {
Whether to enable DHCP for the network interfaces.
'';
};
};
config = mkIf cfg.enable {
warnings = ["Enabled SSH for stage1"];
warnings = [ "Enabled SSH for stage1" ];
boot.initrd.kernelModules = [ "af_packet" ];
boot.initrd.kernelModules = ["af_packet"];
boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.mkinitcpio-nfs-utils}/bin/ipconfig
@ -97,7 +93,6 @@ in {
esac
done
''
# Otherwise, use DHCP.
+ optionalString cfg.useDHCP ''
if [ -z "$hasNetwork" ]; then
@ -113,14 +108,12 @@ in {
udhcpc --quit --now --script ${udhcpcScript} ${udhcpcArgs} && hasNetwork=1
fi
''
+ ''
if [ -n "$hasNetwork" ]; then
echo "networking is up!"
${cfg.postCommands}
fi
'');
''
);
};
}

8
nix/os/modules/natrouter.nix
View file

@ -1,7 +1,9 @@
{ lib, config, ... }:
with lib;
{
lib,
config,
...
}:
with lib; {
# TODO
# Provide a NAT/DHCP Router
#

Some files were not shown because too many files have changed in this diff Show more