steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

format and change

Browse source
This commit is contained in:
steveej 2023-02-07 18:23:51 +01:00
parent 882ff4e5e9
commit 28c116337c
181 changed files with 2748 additions and 2578 deletions
Download patch file Download diff file Expand all files Collapse all files

1
_archive/environments/dev/cross.nix
View file

@ -87,3 +87,4 @@ import /home/steveej/src/github/NixOS/nixpkgs/default.nix {
# }; # };
# }; # };
# }; # };

41
_archive/environments/dev/go/default.nix
View file

@ -1,6 +1,11 @@
{ gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }, pkgs ? gitpkgs {
, name ? "generic", version, extraBuildInputs ? [ ], extraShellHook ? "" }: gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {},
let pkgs ? gitpkgs,
name ? "generic",
version,
extraBuildInputs ? [],
extraShellHook ? "",
}: let
go = builtins.getAttr "go_${version}" pkgs; go = builtins.getAttr "go_${version}" pkgs;
commonVimRC = '' commonVimRC = ''
let g:tagbar_type_go = { let g:tagbar_type_go = {
@ -66,19 +71,19 @@ let
# ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } ) # ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } )
# ( import ./neovim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } ) # ( import ./neovim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } )
]; ];
in
pkgs.stdenv.mkDerivation {
inherit name;
buildInputs = extraBuildInputs ++ buildInputs;
shellHook = ''
goname=${go.version}_$name
# FIXME: setPS1 $goname
export GOROOT=${go}/share/go
export GOPATH="$HOME/.gopath_$goname"
export PATH="$HOME/.gopath_$goname/bin:$PATH"
unset name
unset SSL_CERT_FILE
in pkgs.stdenv.mkDerivation { ${extraShellHook}
inherit name; '';
buildInputs = extraBuildInputs ++ buildInputs; }
shellHook = ''
goname=${go.version}_$name
# FIXME: setPS1 $goname
export GOROOT=${go}/share/go
export GOPATH="$HOME/.gopath_$goname"
export PATH="$HOME/.gopath_$goname/bin:$PATH"
unset name
unset SSL_CERT_FILE
${extraShellHook}
'';
}

23
_archive/environments/dev/go/neovim-go.nix
View file

@ -1,11 +1,12 @@
{ commonRC, ... }@args: {commonRC, ...} @ args: (import ../../pkg-configuration/vim-derivates/neovim.nix args
// {
(import ../../pkg-configuration/vim-derivates/neovim.nix args // { additionalRC =
additionalRC = commonRC + '' commonRC
" deoplete { + ''
let g:deoplete#enable_at_startup = 1 " deoplete {
let g:deoplete#enable_smart_case = 1 let g:deoplete#enable_at_startup = 1
" } let g:deoplete#enable_smart_case = 1
''; " }
additionalPlugins = [ "deoplete-go" "deoplete-nvim" "vim-go" ]; '';
}) additionalPlugins = ["deoplete-go" "deoplete-nvim" "vim-go"];
})

55
_archive/environments/dev/pandoc.nix
View file

@ -1,24 +1,31 @@
{ gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }, pkgs ? gitpkgs {
, name ? "generic", version ? "Stable", extraBuildInputs ? [ ] }: gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {},
let commonVimRC = ""; pkgs ? gitpkgs,
in pkgs.stdenv.mkDerivation { name ? "generic",
inherit name; version ? "Stable",
buildInputs = with pkgs; extraBuildInputs ? [],
[ }: let
(import ./vim-pandoc.nix { commonVimRC = "";
pkgs = gitpkgs; in
commonRC = commonVimRC; pkgs.stdenv.mkDerivation {
}) inherit name;
pandoc buildInputs = with pkgs;
texlive.combined.scheme-medium [
python27Packages.pandocfilters (import ./vim-pandoc.nix {
python27Packages.htmltreediff pkgs = gitpkgs;
python27Packages.html5lib commonRC = commonVimRC;
python27Packages.dbus-python })
] ++ extraBuildInputs; pandoc
shellHook = '' texlive.combined.scheme-medium
pandocname=pandoc_${pkgs.pandoc.version} python27Packages.pandocfilters
setPS1 $pandocname python27Packages.htmltreediff
unset name python27Packages.html5lib
''; python27Packages.dbus-python
} ]
++ extraBuildInputs;
shellHook = ''
pandocname=pandoc_${pkgs.pandoc.version}
setPS1 $pandocname
unset name
'';
}

8
_archive/environments/dev/rkt.nix
View file

@ -1,6 +1,8 @@
{ pkgs ? import /home/steveej/src/github/NixOS/nixpkgs { } {
, mkGoEnv ? import ./go.nix, rktPath, }: pkgs ? import /home/steveej/src/github/NixOS/nixpkgs {},
let mkGoEnv ? import ./go.nix,
rktPath,
}: let
rktBasebuildInputs = with pkgs; [ rktBasebuildInputs = with pkgs; [
glibc.out glibc.out
glibc.static glibc.static

52
_archive/environments/dev/rust/default.nix
View file

@ -1,29 +1,39 @@
{ gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }, pkgs ? gitpkgs {
, name ? "generic", version ? "Stable", extraBuildInputs ? [ ] }: gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {},
let pkgs ? gitpkgs,
name ? "generic",
version ? "Stable",
extraBuildInputs ? [],
}: let
rustPackages = builtins.getAttr "rust${version}" pkgs; rustPackages = builtins.getAttr "rust${version}" pkgs;
rustc = rustPackages.rustc; rustc = rustPackages.rustc;
rustShellHook = { rustc, name }: '' rustShellHook = {
rustc,
name,
}: ''
rustname=rust_${rustc.version}_${name} rustname=rust_${rustc.version}_${name}
setPS1 $rustname setPS1 $rustname
unset name unset name
''; '';
commonVimRC = ""; commonVimRC = "";
in pkgs.stdenv.mkDerivation { in
inherit name; pkgs.stdenv.mkDerivation {
buildInputs = with rustPackages;
[
(import ./vim-rust.nix {
pkgs = gitpkgs;
commonRC = commonVimRC;
inherit rustc;
racerd = pkgs.rustracerd;
})
rustc
cargo
] ++ [ pkgs.rustfmt ] ++ extraBuildInputs;
shellHook = (rustShellHook) {
inherit name; inherit name;
inherit rustc; buildInputs = with rustPackages;
}; [
} (import ./vim-rust.nix {
pkgs = gitpkgs;
commonRC = commonVimRC;
inherit rustc;
racerd = pkgs.rustracerd;
})
rustc
cargo
]
++ [pkgs.rustfmt]
++ extraBuildInputs;
shellHook = rustShellHook {
inherit name;
inherit rustc;
};
}

36
_archive/environments/dev/vim-go.nix
View file

@ -1,17 +1,19 @@
{ commonRC, ... }@args: {commonRC, ...} @ args:
import ../../pkg-configuration/vim-derivates/vim.nix (args
import ../../pkg-configuration/vim-derivates/vim.nix (args // { // {
name = "vim-for-go"; name = "vim-for-go";
additionalRC = commonRC + '' additionalRC =
" Disable AutoComplPop. commonRC
let g:acp_enableAtStartup = 0 + ''
" Use neocomplete. " Disable AutoComplPop.
let g:neocomplete#enable_at_startup = 1 let g:acp_enableAtStartup = 0
" Use smartcase. " Use neocomplete.
let g:neocomplete#enable_smart_case = 1 let g:neocomplete#enable_at_startup = 1
if !exists('g:neocomplete#sources#omni#input_patterns') " Use smartcase.
let g:neocomplete#sources#omni#input_patterns = {} let g:neocomplete#enable_smart_case = 1
endif if !exists('g:neocomplete#sources#omni#input_patterns')
''; let g:neocomplete#sources#omni#input_patterns = {}
additionalPlugins = [ "neocomplete" "vim-go" ]; endif
}) '';
additionalPlugins = ["neocomplete" "vim-go"];
})

32
_archive/environments/dev/vim-pandoc.nix
View file

@ -1,16 +1,18 @@
{ commonRC, ... }@args: {commonRC, ...} @ args:
import ../../pkg-configuration/vim-derivates/vim.nix (args
// {
name = "vim-for-pandoc";
additionalRC =
commonRC
+ ''
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
import ../../pkg-configuration/vim-derivates/vim.nix (args // { let g:syntastic_always_populate_loc_list = 1
name = "vim-for-pandoc"; let g:syntastic_auto_loc_list = 1
additionalRC = commonRC + '' let g:syntastic_check_on_open = 1
set statusline+=%#warningmsg# let g:syntastic_check_on_wq = 0
set statusline+=%{SyntasticStatuslineFlag()} '';
set statusline+=%* additionalPlugins = ["vim-pandoc" "vim-pandoc-syntax" "vimpreviewpandoc"];
})
let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
'';
additionalPlugins = [ "vim-pandoc" "vim-pandoc-syntax" "vimpreviewpandoc" ];
})

77
_archive/environments/dev/vim-rust.nix
View file

@ -1,41 +1,48 @@
{ commonRC, rustc, racerd, ... }@args: {
commonRC,
rustc,
racerd,
...
} @ args:
import ../../pkg-configuration/vim-derivates/vim.nix (args
// {
name = "vim-for-rust";
additionalRC =
commonRC
+ ''
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
import ../../pkg-configuration/vim-derivates/vim.nix (args // { let g:syntastic_always_populate_loc_list = 1
name = "vim-for-rust"; let g:syntastic_auto_loc_list = 1
additionalRC = commonRC + '' let g:syntastic_check_on_open = 1
set statusline+=%#warningmsg# let g:syntastic_check_on_wq = 0
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
let g:syntastic_always_populate_loc_list = 1 " tagbar
let g:syntastic_auto_loc_list = 1 let g:tagbar_type_rust = {
let g:syntastic_check_on_open = 1 \ 'ctagstype' : 'rust',
let g:syntastic_check_on_wq = 0 \ 'kinds' : [
\'T:types,type definitions',
\'f:functions,function definitions',
\'g:enum,enumeration names',
\'s:structure names',
\'m:modules,module names',
\'c:consts,static constants',
\'t:traits,traits',
\'i:impls,trait implementations',
\]
\}
" tagbar let g:syntastic_rust_checkers = ["rustc"]
let g:tagbar_type_rust = {
\ 'ctagstype' : 'rust',
\ 'kinds' : [
\'T:types,type definitions',
\'f:functions,function definitions',
\'g:enum,enumeration names',
\'s:structure names',
\'m:modules,module names',
\'c:consts,static constants',
\'t:traits,traits',
\'i:impls,trait implementations',
\]
\}
let g:syntastic_rust_checkers = ["rustc"] "rustfmt
let g:rustfmt_autosave = 1
"rustfmt let g:ycm_auto_trigger = 1
let g:rustfmt_autosave = 1 let g:ycm_rust_src_path = '${rustc.src}/src'
let g:ycm_racerd_binary_path = '${racerd.out}/bin/racerd'
let g:ycm_auto_trigger = 1 '';
let g:ycm_rust_src_path = '${rustc.src}/src' additionalPlugins = ["rust-vim"];
let g:ycm_racerd_binary_path = '${racerd.out}/bin/racerd' })
'';
additionalPlugins = [ "rust-vim" ];
})

73
_archive/environments/fhs/android.nix
View file

@ -1,43 +1,42 @@
{ pkgs ? import <nixpkgs> { } }: {pkgs ? import <nixpkgs> {}}:
(pkgs.buildFHSUserEnv { (pkgs.buildFHSUserEnv {
name = "devfhs"; name = "devfhs";
multiPkgs = pkgs: multiPkgs = pkgs: (with pkgs; [
(with pkgs; [ android-udev-rules
android-udev-rules sudo
sudo gawk
gawk bzip2
bzip2 file
file gcc
gcc getopt
getopt git
git gnumake
gnumake ncurses
ncurses openssl
openssl patch
patch perl
perl pkgconfig
pkgconfig python
python openssh
openssh subversion
subversion unzip
unzip wget
wget which
which vim
vim zlib
zlib libusb
libusb libusb1
libusb1 systemd
systemd strace
strace swt
swt xorg.libXtst
xorg.libXtst glib
glib gtk2
gtk2 gnome.gtk
gnome.gtk ]);
]);
profile = '' profile = ''
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/lib:/lib64:/lib32:/usr/lib32:/usr/lib64:${pkgs.xorg.libXtst}/lib:${pkgs.glib}/lib:${pkgs.gtk2}/lib export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/lib:/lib64:/lib32:/usr/lib32:/usr/lib64:${pkgs.xorg.libXtst}/lib:${pkgs.glib}/lib:${pkgs.gtk2}/lib
''; '';
runScript = "bash"; runScript = "bash";
}).env })
.env

55
_archive/environments/fhs/vscode.nix
View file

@ -1,37 +1,36 @@
{ pkgs ? import <nixpkgs> { } }: {pkgs ? import <nixpkgs> {}}:
(pkgs.buildFHSUserEnv { (pkgs.buildFHSUserEnv {
name = "everydayFHS"; name = "everydayFHS";
targetPkgs = pkgs: targetPkgs = pkgs: (with pkgs; [
(with pkgs; [ which
which gitFull
gitFull zsh
zsh file
file direnv
direnv
xdg_utils xdg_utils
xsel xsel
vscode vscode
# vscode live share # vscode live share
gnome3.gcr gnome3.gcr
libgnome_keyring3 libgnome_keyring3
liburcu liburcu
libunwind libunwind
lttng-ust lttng-ust
curl curl
openssl openssl
libkrb5 libkrb5
libuuid libuuid
icu icu
zlib zlib
libsecret libsecret
]); ]);
multiPkgs = pkgs: (with pkgs; [ ]); multiPkgs = pkgs: (with pkgs; []);
profile = '' profile = ''
export SHELL=/bin/zsh export SHELL=/bin/zsh
''; '';
# FIXME runScript = "$SHELL"; # FIXME runScript = "$SHELL";
}).env })
.env

6
_archive/nixos-configuration/common/pkg/neovim.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }@args:
{ {
config,
pkgs,
...
} @ args: {
environment.systemPackages = [ environment.systemPackages = [
pkgs.xsel pkgs.xsel
(import ../../../pkg-configuration/vim-derivates/neovim.nix args) (import ../../../pkg-configuration/vim-derivates/neovim.nix args)

6
_archive/nixos-configuration/common/pkg/vim.nix
View file

@ -1,9 +1,7 @@
{ pkgs, ... }@args: {pkgs, ...} @ args: {
{
environment.systemPackages = [ environment.systemPackages = [
pkgs.xsel pkgs.xsel
(import ../../../pkg-configuration/vim-derivates/vim.nix (import ../../../pkg-configuration/vim-derivates/vim.nix
(args // { name = "vim"; })) (args // {name = "vim";}))
]; ];
} }

8
_archive/nixos-configuration/common/user/steveej.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: {
config,
let pkgs,
...
}: let
passwords = import ../passwords.crypt.nix; passwords = import ../passwords.crypt.nix;
keys = import ../keys.nix; keys = import ../keys.nix;
inherit (import ../lib) mkUser; inherit (import ../lib) mkUser;

7
default.nix
View file

@ -4,10 +4,7 @@
# Having pkgs default to <nixpkgs> is fine though, and it lets you use short # Having pkgs default to <nixpkgs> is fine though, and it lets you use short
# commands such as: # commands such as:
# nix-build -A mypackage # nix-build -A mypackage
{pkgs ? import <nixpkgs> {}}: {
{ pkgs ? import <nixpkgs> { } }:
{
overlays = import ./nix/overlays; overlays = import ./nix/overlays;
pkgs = import ./nix/pkgs { inherit pkgs; }; pkgs = import ./nix/pkgs {inherit pkgs;};
} }

83
nix/container-images/default.nix
View file

@ -1,9 +1,6 @@
{ pkgs ? import <nixpkgs> { } }: {pkgs ? import <nixpkgs> {}}: let
baseEnv = ["SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
let baseEnv = [ "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
in rec { in rec {
base = pkgs.dockerTools.buildImage rec { base = pkgs.dockerTools.buildImage rec {
name = "base"; name = "base";
@ -24,9 +21,9 @@ in rec {
interactive_base = pkgs.dockerTools.buildImage { interactive_base = pkgs.dockerTools.buildImage {
name = "interactive_base"; name = "interactive_base";
fromImage = base; fromImage = base;
contents = with pkgs; [ procps zsh coreutils neovim ]; contents = with pkgs; [procps zsh coreutils neovim];
config = { Cmd = [ "/bin/zsh" ]; }; config = {Cmd = ["/bin/zsh"];};
}; };
s3ql = let s3ql = let
@ -72,35 +69,38 @@ in rec {
# FIXME: touch .isbucket after mount # FIXME: touch .isbucket after mount
''; '';
in pkgs.dockerTools.buildImage { in
name = "s3ql"; pkgs.dockerTools.buildImage {
fromImage = interactive_base; name = "s3ql";
contents = [ pkgs.s3ql pkgs.fuse ]; fromImage = interactive_base;
contents = [pkgs.s3ql pkgs.fuse];
runAsRoot = '' runAsRoot = ''
#!${pkgs.stdenv.shell} #!${pkgs.stdenv.shell}
mkdir -p /usr/bin mkdir -p /usr/bin
cp -a ${pkgs.fuse}/bin/fusermount /usr/bin cp -a ${pkgs.fuse}/bin/fusermount /usr/bin
chmod +s /usr/bin/fusermount chmod +s /usr/bin/fusermount
echo user_allow_other >> /etc/fuse.conf echo user_allow_other >> /etc/fuse.conf
''; '';
config = { config = {
Env = baseEnv ++ [ Env =
"HOME=/home/s3ql" baseEnv
"S3QL_CACHE_DIR=/var/cache/s3ql" ++ [
"S3QL_AUTHINFO2=/etc/s3ql/authinfo2" "HOME=/home/s3ql"
"CONTAINER_ENTRYPOINT=${entrypoint}" "S3QL_CACHE_DIR=/var/cache/s3ql"
]; "S3QL_AUTHINFO2=/etc/s3ql/authinfo2"
Cmd = [ entrypoint ]; "CONTAINER_ENTRYPOINT=${entrypoint}"
Volumes = { ];
"/var/cache/s3ql" = { }; Cmd = [entrypoint];
"/etc/s3ql/authinfo2" = { }; Volumes = {
"/buckets" = { }; "/var/cache/s3ql" = {};
"/tmp" = { }; "/etc/s3ql/authinfo2" = {};
"/buckets" = {};
"/tmp" = {};
};
}; };
}; };
};
syncthing = let syncthing = let
entrypoint = pkgs.writeScript "entrypoint" '' entrypoint = pkgs.writeScript "entrypoint" ''
@ -125,15 +125,16 @@ in rec {
-gui-address=$SYNCTHING_GUI_ADDRESS \ -gui-address=$SYNCTHING_GUI_ADDRESS \
-no-browser -no-browser
''; '';
in pkgs.dockerTools.buildImage { in
name = "syncthing"; pkgs.dockerTools.buildImage {
fromImage = interactive_base; name = "syncthing";
contents = pkgs.syncthing; fromImage = interactive_base;
contents = pkgs.syncthing;
config = { config = {
Env = baseEnv ++ [ "SYNCTHING_HOME=/home/syncthing" ]; Env = baseEnv ++ ["SYNCTHING_HOME=/home/syncthing"];
Cmd = [ entrypoint ]; Cmd = [entrypoint];
Volumes = { "/data" = { }; }; Volumes = {"/data" = {};};
};
}; };
};
} }

30
nix/default.nix
View file

@ -1,23 +1,25 @@
{ versionsPath }: {versionsPath}: let
channelVersions = import versionsPath;
let mkChannelSource = name: let
channelVersions = (import versionsPath); channelVersion = builtins.getAttr name channelVersions;
mkChannelSource = name: in
let channelVersion = builtins.getAttr name channelVersions; builtins.fetchGit {
in builtins.fetchGit {
# Descriptive name to make the store path easier to identify # Descriptive name to make the store path easier to identify
inherit name; inherit name;
inherit (channelVersion) url ref rev; inherit (channelVersion) url ref rev;
}; };
nixPath = builtins.concatStringsSep ":" (builtins.map (elemName: nixPath = builtins.concatStringsSep ":" (builtins.map
let (elemName: let
elem = builtins.getAttr elemName channelVersions; elem = builtins.getAttr elemName channelVersions;
elemPath = (mkChannelSource elemName); elemPath = mkChannelSource elemName;
suffix = if builtins.hasAttr "suffix" elem then elem.suffix else ""; suffix =
in builtins.concatStringsSep "=" [ elemName elemPath ] + suffix) if builtins.hasAttr "suffix" elem
then elem.suffix
else "";
in
builtins.concatStringsSep "=" [elemName elemPath] + suffix)
(builtins.attrNames channelVersions)); (builtins.attrNames channelVersions));
pkgs = import (mkChannelSource "nixpkgs") { }; pkgs = import (mkChannelSource "nixpkgs") {};
in { in {
inherit nixPath; inherit nixPath;
channelSources = pkgs.writeText "channels.rc" '' channelSources = pkgs.writeText "channels.rc" ''

524
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -1,289 +1,305 @@
{ pkgs }: {pkgs}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
# gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
unstablepkgs =
import <channels-nixos-unstable-small> {config = config.nixpkgs.config;};
masterpkgs = import <nixpkgs-master> {config = config.nixpkgs.config;};
in {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
../profiles/dotfiles.nix
../programs/firefox.nix
../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
../programs/podman.nix
../programs/vscode
../programs/holochain-launcher.nix
../programs/radicale.nix
];
let zshCurried = import ../programs/zsh.nix { inherit pkgs; }; nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
};
in { pkgs, config, ... }: packageOverrides = pkgs: with pkgs; {};
let
# gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
unstablepkgs =
import <channels-nixos-unstable-small> { config = config.nixpkgs.config; };
masterpkgs = import <nixpkgs-master> { config = config.nixpkgs.config; };
in {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
../profiles/dotfiles.nix
../programs/firefox.nix
../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
../programs/podman.nix
../programs/vscode
../programs/holochain-launcher.nix
../programs/radicale.nix
];
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
}; };
packageOverrides = pkgs: with pkgs; { }; home.sessionVariables = {
}; # TODO: find a way to prevent using a store path for the current file
# HM_CONFIG_PATH=builtins.toString "${./.}";
HM_CONFIG = "graphical-fullblown";
home.sessionVariables = { GOPATH = "$HOME/src/go";
# TODO: find a way to prevent using a store path for the current file
# HM_CONFIG_PATH=builtins.toString "${./.}";
HM_CONFIG = "graphical-fullblown";
GOPATH = "$HOME/src/go"; PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"];
};
PATH = pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" "$PATH" ]; home.packages =
}; []
++ (with pkgs; [
# Authentication
cacert
fprintd
openssl
mkpasswd
home.packages = [ ] ++ (with pkgs; [ # Nix package related tools
# Authentication patchelf
cacert nix-index
fprintd nox
openssl nix-prefetch-scripts
mkpasswd nix-prefetch-github
# Nix package related tools # Version Control Systems
patchelf pijul
nix-index gitless
nox gitRepo
nix-prefetch-scripts git-lfs
nix-prefetch-github
# Version Control Systems # Process/System Administration
pijul htop
gitless gnome.gnome-tweaks
gitRepo xorg.xhost
git-lfs dmidecode
evtest
# Process/System Administration # Archive Managers
htop sshfs-fuse
gnome.gnome-tweaks xarchive
xorg.xhost p7zip
dmidecode zip
evtest unzip
gzip
lzop
# Archive Managers # Password Management
sshfs-fuse gnupg
xarchive yubikey-manager
p7zip yubikey-manager-qt
zip yubikey-personalization
unzip yubikey-personalization-gui
gzip gnome.gnome-keyring
lzop gnome.seahorse
# Password Management # Language Support
gnupg hunspellDicts.en-us
yubikey-manager hunspellDicts.de-de
yubikey-manager-qt
yubikey-personalization
yubikey-personalization-gui
gnome.gnome-keyring
gnome.seahorse
# Language Support # Messaging/Communication
hunspellDicts.en-us signal-desktop
hunspellDicts.de-de pidgin
hexchat
aspellDicts.en
aspellDicts.de
skypeforlinux
unstablepkgs.jitsi-meet-electron
zoom-us
thunderbird
evolution # gnome4.glib_networking
masterpkgs.kotatogram-desktop
gnome.cheese
masterpkgs.discord
# Messaging/Communication # Virtualization
signal-desktop virtmanager
pidgin # (pkgs.lib.hiPrio qemu)
hexchat # virtualbox
aspellDicts.en # vagrant
aspellDicts.de # docker_compose
skypeforlinux # unstablepkgs.kubernetes
unstablepkgs.jitsi-meet-electron # unstablepkgs.minikube
unstablepkgs.zoom-us # unstablepkgs.openshift
thunderbird # (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
evolution # gnome4.glib_networking # patches = oldAttrs.patches ++ [
masterpkgs.kotatogram-desktop # (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
gnome.cheese # ];
masterpkgs.discord # }))
appimage-run
# Virtualization # Remote Control Tools
virtmanager remmina
# (pkgs.lib.hiPrio qemu) freerdp
# virtualbox teamviewer
# vagrant rustdesk
# docker_compose
# unstablepkgs.kubernetes
# unstablepkgs.minikube
# unstablepkgs.openshift
# (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
# patches = oldAttrs.patches ++ [
# (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
# ];
# }))
appimage-run
# Remote Control Tools # Audio/Video Players
remmina ffmpeg
freerdp vlc
teamviewer audacity
rustdesk spotify
youtube-dl-light
libwebcam
# Audio/Video Players # Network Tools
ffmpeg openvpn
vlc tcpdump
audacity iftop
spotify iperf
youtube-dl-light bind
libwebcam socat
# 2019-03-05: broken on 19.03 linssid
iptraf-ng
ipmitool
# Network Tools # samba
openvpn iptables
tcpdump nftables
iftop wireshark
iperf
bind
socat
# 2019-03-05: broken on 19.03 linssid
iptraf-ng
ipmitool
# samba # Code Editors
iptables # unstablepkgs.atom
nftables xclip
wireshark xsel
# Code Editors # Image/Graphic/Design Tools
# unstablepkgs.atom gnome.eog
xclip gimp
xsel imagemagick
exiv2
graphviz
inkscape
# barcode
qrencode
zbar
feh
# digikam
# Image/Graphic/Design Tools # Modelling Tools
gnome.eog # plantuml
gimp # umlet
imagemagick # staruml
exiv2 # eclipses.eclipse-modeling
graphviz # dia
inkscape # astah-community
# barcode
qrencode
zbar
feh
# digikam
# Modelling Tools # Misc Development Tools
# plantuml qrcode
# umlet # travis
# staruml jq
# eclipses.eclipse-modeling # prometheus
# dia cdrtools
# astah-community
# Misc Development Tools # Document Processing and Management
qrcode # zathura
# travis mendeley
jq # zotero
# prometheus pandoc
cdrtools unstablepkgs.logseq
# Document Processing and Management # has an EOL version of electron
# zathura # obsidian
mendeley
# zotero
pandoc
unstablepkgs.logseq
# has an EOL version of electron # LaTeX
# obsidian perlPackages.YAMLTiny
perlPackages.FileHomeDir
perlPackages.UnicodeLineBreak
(texlive.combine {
inherit
(texlive)
scheme-small
texlive-de
texlive-en
texlive-scripts
collection-langgerman
latexindent
latexmk
algorithms
cm-super
preprint
enumitem
draftwatermark
everypage
ulem
placeins
minted
ifplatform
fvextra
xstring
framed
;
})
# LaTeX pdftk
perlPackages.YAMLTiny # broken as of 2021-04-24
perlPackages.FileHomeDir # masterpdfeditor
perlPackages.UnicodeLineBreak
(texlive.combine {
inherit (texlive)
scheme-small texlive-de texlive-en texlive-scripts collection-langgerman
latexindent latexmk # File Synchronzation
# seafile-client
# grive2
dropbox
rsync
algorithms cm-super # Filesystem Tools
ntfs3g
ddrescue
ncdu
woeusb
unetbootin
pcmanfm
hdparm
testdisk
binwalk
gptfdisk
gparted
smartmontools
preprint enumitem draftwatermark everypage ulem placeins minted ## Android
ifplatform fvextra xstring framed; androidenv.androidPkgs_9_0.platform-tools
})
pdftk ## Python
# broken as of 2021-04-24 myPython
# masterpdfeditor
# File Synchronzation # Code generators
# seafile-client # unstablepkgs.swagger-codegen
# grive2
dropbox
rsync
# Filesystem Tools # Misc Desktop Tools
ntfs3g # TODO: this may be required if brightness control isn't working
ddrescue # brightnessctl
ncdu ltunify
woeusb # solaar # TODO: conflicts with solar over udev rules
unetbootin dex
pcmanfm # kitty
hdparm busyboxStatic
testdisk xorg.xbacklight
binwalk coreutils
gptfdisk lsof
gparted x11_ssh_askpass
smartmontools xdotool
xdg_utils
xdg-user-dirs
dconf
picocom
glib.dev # contains gdbus tool
alacritty
unstablepkgs.wally-cli
man-pages
## Android # Screen recording
androidenv.androidPkgs_9_0.platform-tools # gtk-recordmydesktop # can't select the window
# qt-recordmydesktop
# vokoscreen
# shutter
# kazam # doesn't start
# xvidcap # doesn't keep the recording rectangle
obs-studio
screenkey
# shotcut
# openshot-qt
## Python unstablepkgs.ledger-live-desktop
myPython ]);
}
# Code generators
# unstablepkgs.swagger-codegen
# Misc Desktop Tools
# TODO: this may be required if brightness control isn't working
# brightnessctl
ltunify
# solaar # TODO: conflicts with solar over udev rules
dex
# kitty
busyboxStatic
xorg.xbacklight
coreutils
lsof
x11_ssh_askpass
xdotool
xdg_utils
xdg-user-dirs
dconf
picocom
glib.dev # contains gdbus tool
alacritty
unstablepkgs.wally-cli
man-pages
# Screen recording
# gtk-recordmydesktop # can't select the window
# qt-recordmydesktop
# vokoscreen
# shutter
# kazam # doesn't start
# xvidcap # doesn't keep the recording rectangle
obs-studio
screenkey
# shotcut
# openshot-qt
unstablepkgs.ledger-live-desktop
]);
}

204
nix/home-manager/configuration/graphical-gnome3.nix
View file

@ -1,122 +1,124 @@
{ pkgs }: {pkgs}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
unstablepkgs =
import <channels-nixos-unstable> {config = config.nixpkgs.config;};
in {
imports = [
../profiles/common.nix
../programs/firefox.nix
# ../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
];
let zshCurried = import ../programs/zsh.nix { inherit pkgs; }; nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
};
in { pkgs, config, ... }: packageOverrides = pkgs: with pkgs; {};
let
unstablepkgs =
import <channels-nixos-unstable> { config = config.nixpkgs.config; };
in {
imports = [
../profiles/common.nix
../programs/firefox.nix
# ../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
];
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
}; };
packageOverrides = pkgs: with pkgs; { }; home.sessionVariables = {};
};
home.sessionVariables = { }; home.packages =
[]
++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
nix-prefetch-scripts
home.packages = [ ] ++ (with pkgs; [ # Version Control Systems
# Nix package related tools gitless
patchelf
nix-index
nix-prefetch-scripts
# Version Control Systems # Process/System Administration
gitless htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Process/System Administration # Archive Managers
htop sshfs-fuse
gnome.gnome-tweaks xarchive
xorg.xhost p7zip
dmidecode zip
evtest unzip
gzip
lzop
# Archive Managers # Password Management
sshfs-fuse gnome.gnome-keyring
xarchive gnome.seahorse
p7zip
zip
unzip
gzip
lzop
# Password Management # Remote Control Tools
gnome.gnome-keyring remmina
gnome.seahorse freerdp
# Remote Control Tools # Network Tools
remmina openvpn
freerdp tcpdump
iftop
iperf
bind
socat
# Network Tools # samba
openvpn iptables
tcpdump nftables
iftop wireshark
iperf
bind
socat
# samba # Code Editors
iptables xclip
nftables xsel
wireshark unstablepkgs.vscode
# Code Editors # Image/Graphic/Design Tools
xclip gnome.eog
xsel gimp
unstablepkgs.vscode inkscape
# Image/Graphic/Design Tools # Misc Development Tools
gnome.eog qrcode
gimp jq
inkscape cdrtools
# Misc Development Tools # Document Processing and Management
qrcode zathura
jq
cdrtools
# Document Processing and Management # File Synchronzation
zathura rsync
# File Synchronzation # Filesystem Tools
rsync ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
python38Packages.binwalk
gptfdisk
# Filesystem Tools ## Python
ntfs3g myPython
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
python38Packages.binwalk
gptfdisk
## Python busyboxStatic
myPython
busyboxStatic # Virtualization
virtmanager
# Virtualization ]);
virtmanager }
]);
}

208
nix/home-manager/configuration/graphical-removable.nix
View file

@ -1,124 +1,126 @@
{ pkgs }: {pkgs}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
unstablepkgs =
import <channels-nixos-unstable> {config = config.nixpkgs.config;};
in {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
../profiles/dotfiles.nix
../programs/firefox.nix
../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
];
let zshCurried = import ../programs/zsh.nix { inherit pkgs; }; nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
};
in { pkgs, config, ... }: packageOverrides = pkgs: with pkgs; {};
let
unstablepkgs =
import <channels-nixos-unstable> { config = config.nixpkgs.config; };
in {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
../profiles/dotfiles.nix
../programs/firefox.nix
../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
];
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
}; };
packageOverrides = pkgs: with pkgs; { }; home.sessionVariables = {};
};
home.sessionVariables = { }; home.packages =
[]
++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
nix-prefetch-scripts
home.packages = [ ] ++ (with pkgs; [ # Version Control Systems
# Nix package related tools gitless
patchelf
nix-index
nix-prefetch-scripts
# Version Control Systems # Process/System Administration
gitless htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Process/System Administration # Archive Managers
htop sshfs-fuse
gnome.gnome-tweaks xarchive
xorg.xhost p7zip
dmidecode zip
evtest unzip
gzip
lzop
# Archive Managers # Password Management
sshfs-fuse gnome.gnome-keyring
xarchive gnome.seahorse
p7zip
zip
unzip
gzip
lzop
# Password Management # Remote Control Tools
gnome.gnome-keyring remmina
gnome.seahorse freerdp
# Remote Control Tools # Network Tools
remmina openvpn
freerdp tcpdump
iftop
iperf
bind
socat
# Network Tools # samba
openvpn iptables
tcpdump nftables
iftop wireshark
iperf
bind
socat
# samba # Code Editors
iptables xclip
nftables xsel
wireshark unstablepkgs.vscode
# Code Editors # Image/Graphic/Design Tools
xclip gnome.eog
xsel gimp
unstablepkgs.vscode inkscape
# Image/Graphic/Design Tools # Misc Development Tools
gnome.eog qrcode
gimp jq
inkscape cdrtools
# Misc Development Tools # Document Processing and Management
qrcode zathura
jq
cdrtools
# Document Processing and Management # File Synchronzation
zathura rsync
# File Synchronzation # Filesystem Tools
rsync ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
binwalk
gptfdisk
# Filesystem Tools ## Python
ntfs3g myPython
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
binwalk
gptfdisk
## Python busyboxStatic
myPython
busyboxStatic # Virtualization
virtmanager
# Virtualization ]);
virtmanager }
]);
}

44
nix/home-manager/configuration/text-minimal.nix
View file

@ -1,23 +1,27 @@
{ pkgs, extraPackages ? [ ] }: {
pkgs,
extraPackages ? [],
}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
in {
imports = [
../profiles/common.nix
# ../profiles/nix-channels.nix
../programs/neovim.nix
zshCurried
];
let zshCurried = import ../programs/zsh.nix { inherit pkgs; }; nixpkgs.config = {packageOverrides = pkgs: with pkgs; {};};
in { pkgs, config, ... }: home.sessionVariables = {};
let home.packages =
extraPackages
in { ++ (with pkgs; [iperf3 inetutils speedtest-cli]);
imports = [ }
../profiles/common.nix
# ../profiles/nix-channels.nix
../programs/neovim.nix
zshCurried
];
nixpkgs.config = { packageOverrides = pkgs: with pkgs; { }; };
home.sessionVariables = { };
home.packages = extraPackages
++ (with pkgs; [ iperf3 inetutils speedtest-cli ]);
}

15
nix/home-manager/lib.nix
View file

@ -1,17 +1,14 @@
{ }: {}: let
let
in { in {
mkSimpleTrayService = { execStart }: { mkSimpleTrayService = {execStart}: {
Unit = { Unit = {
Description = "pasystray applet"; Description = "pasystray applet";
After = [ "graphical-session-pre.target" ]; After = ["graphical-session-pre.target"];
PartOf = [ "graphical-session.target" ]; PartOf = ["graphical-session.target"];
}; };
Install = { WantedBy = [ "graphical-session.target" ]; }; Install = {WantedBy = ["graphical-session.target"];};
Service = { ExecStart = execStart; }; Service = {ExecStart = execStart;};
}; };
} }

38
nix/home-manager/profiles/common.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: let
let
in { in {
# TODO: re-enable this with the appropriate version # TODO: re-enable this with the appropriate version
# programs.home-manager.enable = true; # programs.home-manager.enable = true;
@ -12,13 +10,11 @@ in {
allowBroken = false; allowBroken = false;
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ ]; permittedInsecurePackages = [];
}; };
nix.settings = { nix.settings.experimental-features = ["nix-command" "flakes" "impure-derivations" "ca-derivations" "recursive-nix"];
experimental-features = nix.settings.sandbox = "relaxed";
[ "nix-command" "flakes" "impure-derivations" "ca-derivations" ];
};
home.keyboard = { home.keyboard = {
layout = "us"; layout = "us";
@ -41,20 +37,22 @@ in {
programs.command-not-found.enable = true; programs.command-not-found.enable = true;
programs.fzf.enable = true; programs.fzf.enable = true;
home.packages = [ ] ++ (with pkgs; [ home.packages =
# git helpers []
git-crypt ++ (with pkgs; [
# git helpers
git-crypt
vcsh vcsh
# Authentication # Authentication
cacert cacert
openssl openssl
mkpasswd mkpasswd
just just
ripgrep ripgrep
du-dust du-dust
]); ]);
home.stateVersion = "22.05"; home.stateVersion = "22.05";
} }

10
nix/home-manager/profiles/dotfiles.nix
View file

@ -1,7 +1,9 @@
{ pkgs, config, ... }: {
pkgs,
let vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix { }; config,
...
}: let
vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix {};
in { in {
# TODO: fix the dotfiles # TODO: fix the dotfiles
# home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] '' # home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] ''

72
nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix
View file

@ -1,36 +1,40 @@
{ pkgs, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git" {
, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git", ... }: pkgs,
repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git",
repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git",
...
}: let
repoBareLocal =
pkgs.runCommand "fetchbare"
{
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = "0000000000000000000000000000000000000000000000000000";
} ''
(
set -xe
export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
${pkgs.git}/bin/git clone --mirror ${repoHttps} $out
)
'';
in
pkgs.writeScript "activation-script" ''
export HOST=$(hostname -s)
let function set_remotes {
repoBareLocal = pkgs.runCommand "fetchbare" { ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1
outputHashMode = "recursive"; ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2
outputHashAlgo = "sha256"; }
outputHash = "0000000000000000000000000000000000000000000000000000";
} ''
(
set -xe
export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
${pkgs.git}/bin/git clone --mirror ${repoHttps} $out
)
'';
in pkgs.writeScript "activation-script" '' if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then
export HOST=$(hostname -s) echo Cloning dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles
function set_remotes { set_remotes ${repoHttps} ${repoSsh}
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1 else
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2 set_remotes ${repoBareLocal} ${repoSsh}
} echo Updating dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh pull $HOST || true
if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then set_remotes ${repoHttps} ${repoSsh}
echo Cloning dotfiles for $HOST... fi
${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles ''
set_remotes ${repoHttps} ${repoSsh}
else
set_remotes ${repoBareLocal} ${repoSsh}
echo Updating dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh pull $HOST || true
set_remotes ${repoHttps} ${repoSsh}
fi
''

45
nix/home-manager/profiles/nix-channels.nix
View file

@ -1,27 +1,28 @@
{ pkgs, config, ... }: {
pkgs,
let config,
...
}: let
in { in {
home.file.".nix-channels".text = ""; home.file.".nix-channels".text = "";
home.activation.removeExistingNixChannels = home.activation.removeExistingNixChannels = config.lib.dag.entryBefore ["checkLinkTargets"] ''
config.lib.dag.entryBefore [ "checkLinkTargets" ] '' $DRY_RUN_CMD ${
$DRY_RUN_CMD ${ pkgs.writeScript "activation-script" ''
pkgs.writeScript "activation-script" '' set -ex
set -ex if test -f $HOME/.nix-channels; then
if test -f $HOME/.nix-channels; then echo Uninstalling available channels...
echo Uninstalling available channels... if test -f $HOME/.nix-channel; then
if test -f $HOME/.nix-channel; then while read url channel; do
while read url channel; do nix-channel --remove $channel
nix-channel --remove $channel done < $HOME/.nix-channel
done < $HOME/.nix-channel
fi
echo Moving existing file away...
touch $HOME/.nix-channels.dummy
mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels
rm $HOME/.nix-channels
fi fi
'' echo Moving existing file away...
}; touch $HOME/.nix-channels.dummy
''; mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels
rm $HOME/.nix-channels
fi
''
};
'';
} }

75
nix/home-manager/profiles/qtile-desktop.nix
View file

@ -1,14 +1,12 @@
{ pkgs, ... }: {pkgs, ...}: let
let
passwords = import ../../variables/passwords.crypt.nix; passwords = import ../../variables/passwords.crypt.nix;
inherit (import ../lib.nix { }) mkSimpleTrayService; inherit (import ../lib.nix {}) mkSimpleTrayService;
audio = pkgs.writeShellScript "audio" '' audio = pkgs.writeShellScript "audio" ''
export PATH=${ export PATH=${
with pkgs; with pkgs;
lib.makeBinPath [ pulseaudio findutils gnugrep ] lib.makeBinPath [pulseaudio findutils gnugrep]
}:$PATH }:$PATH
export MUTEFILE=''${TEMPDIR:-/tmp}/.qtilemute export MUTEFILE=''${TEMPDIR:-/tmp}/.qtilemute
@ -33,7 +31,7 @@ let
terminalCommand = "${pkgs.alacritty}/bin/alacritty"; terminalCommand = "${pkgs.alacritty}/bin/alacritty";
dpmsScript = pkgs.writeShellScript "dpmsScript" '' dpmsScript = pkgs.writeShellScript "dpmsScript" ''
export PATH=${with pkgs; lib.makeBinPath [ xorg.xset ]}:$PATH export PATH=${with pkgs; lib.makeBinPath [xorg.xset]}:$PATH
set -xe set -xe
@ -56,7 +54,7 @@ let
''; '';
screenLockCommand = pkgs.writeShellScript "screenLock" '' screenLockCommand = pkgs.writeShellScript "screenLock" ''
export PATH=${with pkgs; lib.makeBinPath [ i3lock ]}:$PATH export PATH=${with pkgs; lib.makeBinPath [i3lock]}:$PATH
revert() { revert() {
${dpmsScript} default ${dpmsScript} default
@ -251,11 +249,10 @@ let
def print_new_window(window): def print_new_window(window):
print("new window: ", window) print("new window: ", window)
''; '';
in { in {
systemd.user = { systemd.user = {
startServices = true; startServices = true;
services = { }; services = {};
}; };
# systemd.user.sockets.gpg-agent.Socket.Accept = true; # systemd.user.sockets.gpg-agent.Socket.Accept = true;
@ -310,40 +307,44 @@ in {
{ {
trigger = ":vpos"; trigger = ":vpos";
replace = "{{output}}"; replace = "{{output}}";
vars = [{ vars = [
name = "output"; {
type = "script"; name = "output";
params = { type = "script";
args = [ params = {
(pkgs.writeScript "espanso" '' args = [
#! ${pkgs.python3}/bin/python (pkgs.writeScript "espanso" ''
import subprocess, os, math, datetime #! ${pkgs.python3}/bin/python
import subprocess, os, math, datetime
id=str(os.getuid()) id=str(os.getuid())
result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True) result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True)
result.check_returncode() result.check_returncode()
position_secs = math.trunc(float(result.stdout)) position_secs = math.trunc(float(result.stdout))
position_human = datetime.timedelta(seconds=position_secs) position_human = datetime.timedelta(seconds=position_secs)
print("%s - %s" % (position_human, position_secs)) print("%s - %s" % (position_human, position_secs))
'') '')
]; ];
}; };
}]; }
];
} }
{ {
trigger = ":vtit"; trigger = ":vtit";
replace = "{{output}}"; replace = "{{output}}";
vars = [{ vars = [
name = "output"; {
type = "script"; name = "output";
params = { type = "script";
args = [ params = {
(pkgs.writeShellScript "espanso" args = [
"${playerctl} metadata title") (pkgs.writeShellScript "espanso"
]; "${playerctl} metadata title")
}; ];
}]; };
}
];
} }
{ {
trigger = ":dunno"; trigger = ":dunno";

11
nix/home-manager/programs/chromium.nix
View file

@ -1,9 +1,7 @@
{ ... }: {...}: {
programs.chromium = {enable = true;};
{ programs.brave = {enable = true;};
programs.chromium = { enable = true; };
programs.brave = { enable = true; };
nixpkgs.config = { nixpkgs.config = {
chromium = { chromium = {
@ -12,6 +10,5 @@
}; };
}; };
programs.browserpass = { browsers = [ "chromium" "brave" ]; }; programs.browserpass = {browsers = ["chromium" "brave"];};
} }

16
nix/home-manager/programs/emacs.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
programs.emacs = { programs.emacs = {
enable = true; enable = true;
extraPackages = epkgs: extraPackages = epkgs:
@ -10,13 +8,15 @@
zerodark-theme # ; Nicolas' theme zerodark-theme # ; Nicolas' theme
undo-tree # ; <C-x u> to show the undo tree undo-tree # ; <C-x u> to show the undo tree
# zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+> # zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
]) ++ (with epkgs.melpaPackages; [ evil ]) ++ (with epkgs.elpaPackages; [ ])
++ (with epkgs.melpaPackages; [evil])
++ (with epkgs.elpaPackages; [
auctex # ; LaTeX mode auctex # ; LaTeX mode
beacon # ; highlight my cursor when scrolling beacon # ; highlight my cursor when scrolling
nameless # ; hide current package name everywhere in elisp code nameless # ; hide current package name everywhere in elisp code
]) ++ (with pkgs; ])
[ ++ (with pkgs; [
pkgs.notmuch # From main packages set pkgs.notmuch # From main packages set
]); ]);
}; };
} }

12
nix/home-manager/programs/firefox.nix
View file

@ -1,14 +1,10 @@
{ pkgs, ... }: {pkgs, ...}: {
programs.firefox = {enable = true;};
{
programs.firefox = { enable = true; };
programs.browserpass = { programs.browserpass = {
enable = true; enable = true;
browsers = [ "firefox" ]; browsers = ["firefox"];
}; };
home.file.".mozilla/native-messaging-hosts/passff.json".source = home.file.".mozilla/native-messaging-hosts/passff.json".source = "${pkgs.passff-host}/share/passff-host/passff.json";
"${pkgs.passff-host}/share/passff-host/passff.json";
} }

6
nix/home-manager/programs/holochain-launcher.nix
View file

@ -1,5 +1,3 @@
{ pkgs, ... }: {pkgs, ...}: {
home.packages = [pkgs.holochain-launcher];
{
home.packages = [ pkgs.holochain-launcher ];
} }

41
nix/home-manager/programs/homeshick.nix
View file

@ -1,31 +1,30 @@
{ pkgs, config, ... }: {
pkgs,
let config,
...
}: let
# TODO: clean up the impurity in here # TODO: clean up the impurity in here
in { in {
home.sessionVariables = { HOMESHICK_DIR = "${pkgs.homeshick}"; }; home.sessionVariables = {HOMESHICK_DIR = "${pkgs.homeshick}";};
home.activation.bootstrapRepos = home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] ''
config.lib.dag.entryAfter [ "writeBoundary" ] '' $DRY_RUN_CMD ${
$DRY_RUN_CMD ${ pkgs.writeScript "activation-script" ''
pkgs.writeScript "activation-script" '' set -e
set -e echo home-manager path is ${config.home.path}
echo home-manager path is ${config.home.path} echo home is $HOME
echo home is $HOME
source ${pkgs.homeshick}/homeshick.sh source ${pkgs.homeshick}/homeshick.sh
type homeshick type homeshick
# echo Updating homeshick # echo Updating homeshick
# ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick # ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick
# mv -Tf "$HOMESICK_REPOS"/{.,}homeshick # mv -Tf "$HOMESICK_REPOS"/{.,}homeshick
'' ''
}; };
''; '';
nixpkgs.config = { nixpkgs.config = {
packageOverrides = pkgs: packageOverrides = pkgs:
with pkgs; { with pkgs; {
homeshick = builtins.fetchGit { homeshick = builtins.fetchGit {

6
nix/home-manager/programs/libreoffice.nix
View file

@ -1,10 +1,8 @@
{ pkgs, ... }: {pkgs, ...}: {
{
home.sessionVariables = { home.sessionVariables = {
# Workaround for Libreoffice to force gtk3 # Workaround for Libreoffice to force gtk3
SAL_USE_VCLPLUGIN = "gtk3"; SAL_USE_VCLPLUGIN = "gtk3";
}; };
home.packages = with pkgs; [ libreoffice-fresh ]; home.packages = with pkgs; [libreoffice-fresh];
} }

14
nix/home-manager/programs/neovim.nix
View file

@ -1,14 +1,11 @@
{ pkgs, ... }: {pkgs, ...}: let
let
in { in {
home.sessionVariables = { EDITOR = "nvim"; }; home.sessionVariables = {EDITOR = "nvim";};
programs.neovim = { programs.neovim = {
enable = true; enable = true;
extraPython3Packages = (ps: with ps; [ ]); extraPython3Packages = ps: with ps; [];
extraConfig = builtins.readFile ./neovim/vimrc; extraConfig = builtins.readFile ./neovim/vimrc;
@ -24,7 +21,7 @@ in {
rev = "890ccd8e5370808d569e96dbb06cbeca2cf5993a"; rev = "890ccd8e5370808d569e96dbb06cbeca2cf5993a";
sha256 = "018z6xcwrq58q6lj6gwhrifjaxkmrlkkg0n86s6mjjlwkbs2qa4m"; sha256 = "018z6xcwrq58q6lj6gwhrifjaxkmrlkkg0n86s6mjjlwkbs2qa4m";
}; };
buildInputs = [ zip vim ]; buildInputs = [zip vim];
}; };
} }
@ -77,7 +74,8 @@ in {
}; };
}; };
} }
] ++ (with pkgs.vimPlugins; [ ]
++ (with pkgs.vimPlugins; [
delimitMate delimitMate
vim-airline vim-airline
vim-airline-themes vim-airline-themes

12
nix/home-manager/programs/pass.nix
View file

@ -1,15 +1,11 @@
{ pkgs, ... }: {pkgs, ...}: {
{
home.sessionVariables = { home.sessionVariables = {
# required by pass-otp # required by pass-otp
PASSWORD_STORE_EXTENSIONS_DIR = PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
"$HOME/.nix-profile/lib/password-store/extensions";
PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
}; };
programs.browserpass = { enable = true; }; programs.browserpass = {enable = true;};
home.packages = with pkgs; [ pass qtpass rofi-pass gnupg ]; home.packages = with pkgs; [pass qtpass rofi-pass gnupg];
} }

19
nix/home-manager/programs/podman.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: let
let
cniConfigDir = let cniConfigDir = let
loopback = pkgs.writeText "00-loopback.conf" '' loopback = pkgs.writeText "00-loopback.conf" ''
{ {
@ -36,12 +34,13 @@ let
] ]
} }
''; '';
in pkgs.runCommand "cniConfig" { } '' in
set -x pkgs.runCommand "cniConfig" {} ''
mkdir $out; set -x
ln -s ${loopback} $out/${loopback.name} mkdir $out;
ln -s ${podman-bridge} $out/${podman-bridge.name} ln -s ${loopback} $out/${loopback.name}
''; ln -s ${podman-bridge} $out/${podman-bridge.name}
'';
containersConf = pkgs.writeText "containers.conf" '' containersConf = pkgs.writeText "containers.conf" ''
# containers.conf is the default configuration file for all tools using libpod to # containers.conf is the default configuration file for all tools using libpod to
@ -105,7 +104,7 @@ let
default_network = "podman" default_network = "podman"
''; '';
in { in {
home.packages = with pkgs; [ podman ]; home.packages = with pkgs; [podman];
home.file.".config/containers/containers.conf".source = containersConf; home.file.".config/containers/containers.conf".source = containersConf;

20
nix/home-manager/programs/radicale.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
let pkgs,
lib,
...
}: let
passwords = import ../../variables/passwords.crypt.nix; passwords = import ../../variables/passwords.crypt.nix;
libdecsync = pkgs.python3Packages.buildPythonPackage rec { libdecsync = pkgs.python3Packages.buildPythonPackage rec {
@ -21,12 +24,13 @@ let
hash = "sha256-X+0MT5o2PjsKxca5EDI+rYyQDmUtbRoELDr6e4YXKCg="; hash = "sha256-X+0MT5o2PjsKxca5EDI+rYyQDmUtbRoELDr6e4YXKCg=";
}; };
buildInputs = [ pkgs.radicale ]; buildInputs = [pkgs.radicale];
propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ]; propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools];
}; };
radicale-decsync = pkgs.radicale.overrideAttrs (old: { radicale-decsync = pkgs.radicale.overrideAttrs (old: {
propagatedBuildInputs = old.propagatedBuildInputs propagatedBuildInputs =
++ [ radicale-storage-decsync ]; old.propagatedBuildInputs
++ [radicale-storage-decsync];
}); });
radicale-config = pkgs.writeText "radicale-config" '' radicale-config = pkgs.writeText "radicale-config" ''
[auth] [auth]
@ -50,6 +54,6 @@ in {
ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}";
Restart = "on-failure"; Restart = "on-failure";
}; };
Install.WantedBy = [ "default.target" ]; Install.WantedBy = ["default.target"];
}; };
} }

15
nix/home-manager/programs/vscode/default.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: let
let
packagedExtensions = with pkgs.vscode-extensions; [ packagedExtensions = with pkgs.vscode-extensions; [
# bbenoist.Nix # bbenoist.Nix
ms-vscode-remote.remote-ssh ms-vscode-remote.remote-ssh
@ -462,24 +460,22 @@ let
sha256 = "1jmmbz3i0hxq5ka4rsk07mynxh3pkh5g736d9ryv1czhnrb06lwf"; sha256 = "1jmmbz3i0hxq5ka4rsk07mynxh3pkh5g736d9ryv1czhnrb06lwf";
} }
]; ];
in { in {
programs.vscode = { programs.vscode = {
enable = true; enable = true;
extensions = [ ] ++ packagedExtensions extensions =
[] ++ packagedExtensions
# ++ marketPlaceExtensions # ++ marketPlaceExtensions
; ;
}; };
home.packages = [ pkgs.nixpkgs-fmt pkgs.nixfmt ]; home.packages = [pkgs.nixpkgs-fmt pkgs.alejandra];
} }
# TODO: automate # TODO: automate
# rustup install stable # rustup install stable
# rustup component add rust-analysis --toolchain stable # rustup component add rust-analysis --toolchain stable
# rustup component add rust-src --toolchain stable # rustup component add rust-src --toolchain stable
# rustup component add rls --toolchain stable # rustup component add rls --toolchain stable
### original list: ### original list:
# 74th.Theme-NaturalContrast-With-HC # 74th.Theme-NaturalContrast-With-HC
# AlanWalk.markdown-toc # AlanWalk.markdown-toc
@ -553,3 +549,4 @@ in {
# xyz.plsql-language # xyz.plsql-language
# yzane.markdown-pdf # yzane.markdown-pdf
# zxh404.vscode-proto3 # zxh404.vscode-proto3

49
nix/home-manager/programs/zsh.nix
View file

@ -1,8 +1,4 @@
{ pkgs }: {pkgs}: {...}: let
{ ... }:
let
just-plugin = let just-plugin = let
plugin_file = pkgs.writeText "_just" '' plugin_file = pkgs.writeText "_just" ''
#compdef just #compdef just
@ -22,19 +18,18 @@ let
_describe 'command' subcmds _describe 'command' subcmds
''; '';
in
in pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
name = "just-completions"; name = "just-completions";
version = "0.1.0"; version = "0.1.0";
phases = "installPhase"; phases = "installPhase";
installPhase = '' installPhase = ''
PLUGIN_PATH=$out/share/oh-my-zsh/plugins/just PLUGIN_PATH=$out/share/oh-my-zsh/plugins/just
mkdir -p $PLUGIN_PATH mkdir -p $PLUGIN_PATH
cp ${plugin_file} $PLUGIN_PATH/_just cp ${plugin_file} $PLUGIN_PATH/_just
chmod --recursive a-w $out chmod --recursive a-w $out
''; '';
}; };
in { in {
programs.zsh = { programs.zsh = {
enable = true; enable = true;
@ -42,7 +37,8 @@ in {
# will be called again by oh-my-zsh # will be called again by oh-my-zsh
enableCompletion = false; enableCompletion = false;
enableAutosuggestions = true; enableAutosuggestions = true;
initExtra = let inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; initExtra = let
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
in '' in ''
PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f '
RPROMPT="" RPROMPT=""
@ -54,11 +50,14 @@ in {
. $HOME/.shrc.d/sh_aliases . $HOME/.shrc.d/sh_aliases
fi fi
${if builtins.hasAttr "homeshick" pkgs then '' ${
source ${pkgs.homeshick}/homeshick.sh if builtins.hasAttr "homeshick" pkgs
fpath=(${pkgs.homeshick}/completions $fpath) then ''
'' else source ${pkgs.homeshick}/homeshick.sh
""} fpath=(${pkgs.homeshick}/completions $fpath)
''
else ""
}
# Disable intercepting of ctrl-s and ctrl-q as flow control. # Disable intercepting of ctrl-s and ctrl-q as flow control.
stty stop ''' -ixoff -ixon stty stop ''' -ixoff -ixon
@ -115,7 +114,7 @@ in {
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
theme = "tjkirch"; theme = "tjkirch";
plugins = [ "git" "sudo" ]; plugins = ["git" "sudo"];
}; };
}; };
} }

11
nix/ops/nano/configuration.nix
View file

@ -1,11 +1,13 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ n, pkgs, ... }:
{ {
imports = [ # Include the results of the hardware scan. n,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
@ -60,5 +62,4 @@
# The NixOS release to be compatible with for stateful data such as databases. # The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.03"; system.stateVersion = "16.03";
} }

18
nix/ops/nano/hardware-configuration.nix
View file

@ -1,22 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{ {
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ]; config,
lib,
pkgs,
...
}: {
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
boot.initrd.availableKernelModules = boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.kernelModules = ["kvm-intel"];
boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/e02a410e-5044-440f-90e9-b573e51f1315"; device = "/dev/disk/by-uuid/e02a410e-5044-440f-90e9-b573e51f1315";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ ]; swapDevices = [];
nix.maxJobs = 2; nix.maxJobs = 2;
} }

20
nix/ops/nanos@kn.nix
View file

@ -1,18 +1,18 @@
{ nixpkgs ? import <nixpkgs> { }, nrNanos ? 1 # Number of nanos {
}: nixpkgs ? import <nixpkgs> {},
nrNanos ? 1, # Number of nanos
let }: let
pkgs = nixpkgs; pkgs = nixpkgs;
webserver = { webserver = {
services.httpd.enable = true; services.httpd.enable = true;
services.httpd.adminAddr = "mail@stefanjunker.de"; services.httpd.adminAddr = "mail@stefanjunker.de";
services.httpd.documentRoot = "${pkgs.nixops}/share/doc/nixops/"; services.httpd.documentRoot = "${pkgs.nixops}/share/doc/nixops/";
networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedTCPPorts = [80];
}; };
mkNano = { n }: { mkNano = {n}: {
imports = [ imports = [
(import ./nano/configuration.nix { inherit pkgs n; }) (import ./nano/configuration.nix {inherit pkgs n;})
../configuration/common/user/root.nix ../configuration/common/user/root.nix
]; ];
deployment.targetEnv = "none"; deployment.targetEnv = "none";
@ -20,6 +20,6 @@ let
}; };
mkNanos = n: mkNanos = n:
nixpkgs.lib.nameValuePair "nano${toString n}" (mkNano { inherit n; }); nixpkgs.lib.nameValuePair "nano${toString n}" (mkNano {inherit n;});
in
in nixpkgs.lib.listToAttrs (map mkNanos (nixpkgs.lib.range 0 (nrNanos - 1))) nixpkgs.lib.listToAttrs (map mkNanos (nixpkgs.lib.range 0 (nrNanos - 1)))

72
nix/os/containers/backup-target.nix
View file

@ -1,9 +1,19 @@
{ hostAddress, localAddress, containerBackupCfg {
, sshPort ? containerBackupCfg.portInt, autoStart ? false }: { hostAddress,
config = { config, pkgs, lib, ... }: { localAddress,
containerBackupCfg,
sshPort ? containerBackupCfg.portInt,
autoStart ? false,
}: {
config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "22.05"; # Did you read the comment? system.stateVersion = "22.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ]; imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false; networking.firewall.enable = false;
@ -23,30 +33,32 @@
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNI3H0BRSYOZ/MbTs9J80doJwSd1HymFOP5quNt0J48vxZ5FPVrT2FHpQiNrCcYbCKRsU4X8AiGUHiXC0PapQQ3JDkqp6WZoqBNDx6BI7RadyH1TqVQPlou3pQmCAogzfBInruR53YTDmQqXiPwfM0okPOXgiBNjDfZXOX4+CyUfkmZZwASoicTInqWGkn1sFnh4tyXIkgWflg0njlVmfkVvH71+evvKLYHtoNpVXazkQ0SXbyuW5f3mSta7TNkpC3HbBm+4n+WxYGySrlRLWQhTo+aoWUKk9h5zvECDNpwRtbqzt+bA9nKrdg180ceu8hruwvWNiC6PPA2GW9Z1+VKROviGu1C3dliE/pPCBtK+ZoRVv2CGE+pmAuQsB9Nif9tk5tY6HJhuLNxKYiMfQkiLsDYv6KdZXUIVK/4BIDkZuQNnjhdOQBLnea0ANOhutA9gnjxnsd3UT6ovfazg5gud7n3u4yBtzjTkRrqWZ63eM1NmUVOgMWHQ715pV+hJfOFGqzRBEe3g/p3bWNgpROBYJbG1H8l9DN7emG4FGWsb1HeNFwQ5lS0Zsezb7qzahr4vSmHNugVw7w8ONt5dPbPI9wQnWvkkuHH76P/NYy6OC6lHrN1rXyA1okqdPr06YAZnCot+Pqdgn/ijxgp06J3dtkhin+Q7PoQbGff3ERIw== bkp" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNI3H0BRSYOZ/MbTs9J80doJwSd1HymFOP5quNt0J48vxZ5FPVrT2FHpQiNrCcYbCKRsU4X8AiGUHiXC0PapQQ3JDkqp6WZoqBNDx6BI7RadyH1TqVQPlou3pQmCAogzfBInruR53YTDmQqXiPwfM0okPOXgiBNjDfZXOX4+CyUfkmZZwASoicTInqWGkn1sFnh4tyXIkgWflg0njlVmfkVvH71+evvKLYHtoNpVXazkQ0SXbyuW5f3mSta7TNkpC3HbBm+4n+WxYGySrlRLWQhTo+aoWUKk9h5zvECDNpwRtbqzt+bA9nKrdg180ceu8hruwvWNiC6PPA2GW9Z1+VKROviGu1C3dliE/pPCBtK+ZoRVv2CGE+pmAuQsB9Nif9tk5tY6HJhuLNxKYiMfQkiLsDYv6KdZXUIVK/4BIDkZuQNnjhdOQBLnea0ANOhutA9gnjxnsd3UT6ovfazg5gud7n3u4yBtzjTkRrqWZ63eM1NmUVOgMWHQ715pV+hJfOFGqzRBEe3g/p3bWNgpROBYJbG1H8l9DN7emG4FGWsb1HeNFwQ5lS0Zsezb7qzahr4vSmHNugVw7w8ONt5dPbPI9wQnWvkkuHH76P/NYy6OC6lHrN1rXyA1okqdPr06YAZnCot+Pqdgn/ijxgp06J3dtkhin+Q7PoQbGff3ERIw== bkp"
]; ];
packages = with pkgs; [ btrfs-progs ]; packages = with pkgs; [btrfs-progs];
isSystemUser = true; isSystemUser = true;
}; };
security.sudo = { security.sudo = {
enable = true; enable = true;
extraRules = [{ extraRules = [
users = [ "bkp" ]; {
commands = [ users = ["bkp"];
{ commands = [
command = "/etc/profiles/per-user/bkp/bin/btrfs"; {
options = [ "NOPASSWD" ]; command = "/etc/profiles/per-user/bkp/bin/btrfs";
} options = ["NOPASSWD"];
{ }
command = "/run/current-system/sw/bin/readlink"; {
options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/readlink";
} options = ["NOPASSWD"];
{ }
command = "/run/current-system/sw/bin/test"; {
options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/test";
} options = ["NOPASSWD"];
]; }
}]; ];
}
];
}; };
}; };
@ -59,15 +71,17 @@
}; };
}; };
extraFlags = [ "--resolv-conf=bind-host" ]; extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true; privateNetwork = true;
forwardPorts = [{ forwardPorts = [
# ssh {
containerPort = 22; # ssh
hostPort = sshPort; containerPort = 22;
protocol = "tcp"; hostPort = sshPort;
}]; protocol = "tcp";
}
];
inherit hostAddress localAddress; inherit hostAddress localAddress;
} }

51
nix/os/containers/backup.nix
View file

@ -1,17 +1,20 @@
{ config, hostAddress, localAddress, subvolumes, targetPathSuffix ? "" {
, autoStart ? false }: config,
hostAddress,
let localAddress,
subvolumes,
targetPathSuffix ? "",
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix; passwords = import ../../variables/passwords.crypt.nix;
subvolumeParentDir = "/var/lib/container-volumes"; subvolumeParentDir = "/var/lib/container-volumes";
in { in {
config = { pkgs, ... }: { config = {pkgs, ...}: {
system.stateVersion = "20.03"; # Did you read the comment? system.stateVersion = "20.03"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ]; imports = [../profiles/containers/configuration.nix];
environment.systemPackages = with pkgs; [ btrfs-progs btrbk ]; environment.systemPackages = with pkgs; [btrfs-progs btrbk];
networking.firewall.enable = true; networking.firewall.enable = true;
@ -19,13 +22,13 @@ in {
enable = true; enable = true;
description = "bkp-sync service"; description = "bkp-sync service";
serviceConfig = { Type = "oneshot"; }; serviceConfig = {Type = "oneshot";};
after = [ "bkp-run.service" ]; after = ["bkp-run.service"];
requires = [ "bkp-run.service" ]; requires = ["bkp-run.service"];
path = with pkgs; [ utillinux ]; path = with pkgs; [utillinux];
script = '' script = ''
set -x set -x
true true
@ -36,11 +39,11 @@ in {
enable = true; enable = true;
description = "bkp-run"; description = "bkp-run";
serviceConfig = { Type = "oneshot"; }; serviceConfig = {Type = "oneshot";};
partOf = [ "bkp-sync.service" ]; partOf = ["bkp-sync.service"];
path = with pkgs; [ btrfs-progs btrbk coreutils ]; path = with pkgs; [btrfs-progs btrbk coreutils];
script = let script = let
btrbkConf = pkgs.writeText "cfg" '' btrbkConf = pkgs.writeText "cfg" ''
@ -60,7 +63,7 @@ in {
volume ${subvolumeParentDir} volume ${subvolumeParentDir}
target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix} target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix}
${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") "" ${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") ""
subvolumes} subvolumes}
''; '';
in '' in ''
#! ${pkgs.bash}/bin/bash #! ${pkgs.bash}/bin/bash
@ -73,7 +76,7 @@ in {
systemd.timers."bkp" = { systemd.timers."bkp" = {
description = "Timer to trigger bkp periodically"; description = "Timer to trigger bkp periodically";
enable = true; enable = true;
wantedBy = [ "timer.target" "multi-user.target" ]; wantedBy = ["timer.target" "multi-user.target"];
timerConfig = { timerConfig = {
# Obtained using `systemd-analyze calendar "Wed 23:00"` # Obtained using `systemd-analyze calendar "Wed 23:00"`
# OnCalendar = "Wed *-*-* 23:00:00"; # OnCalendar = "Wed *-*-* 23:00:00";
@ -104,15 +107,17 @@ in {
}; };
}; };
allowedDevices = [{ allowedDevices = [
node = "/dev/fuse"; {
modifier = "rw"; node = "/dev/fuse";
}]; modifier = "rw";
}
];
extraFlags = [ "--resolv-conf=bind-host" ]; extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true; privateNetwork = true;
forwardPorts = [ ]; forwardPorts = [];
inherit hostAddress localAddress; inherit hostAddress localAddress;
} }

29
nix/os/containers/ipxe.nix
View file

@ -1,9 +1,18 @@
{ hostAddress, localAddress, httpPort ? 80, httpsPort ? 443 }: {
hostAddress,
let passwords = import ../../variables/passwords.crypt.nix; localAddress,
httpPort ? 80,
httpsPort ? 443,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in { in {
config = { config, pkgs, lib, ... }: { config = {
imports = [ ../profiles/containers/configuration.nix ]; config,
pkgs,
lib,
...
}: {
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false; networking.firewall.enable = false;
@ -48,7 +57,7 @@ in {
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt"; # sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key"; # sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
locations."/fi" = { index = "index.php"; }; locations."/fi" = {index = "index.php";};
locations."~ ^(.+.php)(.*)$".extraConfig = '' locations."~ ^(.+.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_split_path_info ^(.+\.php)(.*)$;
@ -57,13 +66,12 @@ in {
fastcgi_index index.php; fastcgi_index index.php;
''; '';
locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; }; locations."/hedgedoc/" = {proxyPass = "http://127.0.0.1:3000/";};
locations."/hedgedoc/socket.io/" = { locations."/hedgedoc/socket.io/" = {
proxyPass = "http://127.0.0.1:3000/socket.io/"; proxyPass = "http://127.0.0.1:3000/socket.io/";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
services.phpfpm.pools.mypool = { services.phpfpm.pools.mypool = {
@ -78,14 +86,13 @@ in {
"pm.max_spare_servers" = 3; "pm.max_spare_servers" = 3;
"pm.max_requests" = 500; "pm.max_requests" = 500;
"php_admin_value[error_reporting]" = "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
"E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
}; };
}; };
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work # the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
systemd.services."phpfpm-mypool" = { systemd.services."phpfpm-mypool" = {
serviceConfig = { Type = lib.mkForce "simple"; }; serviceConfig = {Type = lib.mkForce "simple";};
}; };
services.mysql = { services.mysql = {

34
nix/os/containers/mailserver.nix
View file

@ -1,15 +1,16 @@
{ hostAddress, localAddress, imapsPort ? 993, sievePort ? 4190 {
, autoStart ? false }: hostAddress,
localAddress,
let passwords = import ../../variables/passwords.crypt.nix; imapsPort ? 993,
sievePort ? 4190,
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in { in {
config = {pkgs, ...}: {
config = { pkgs, ... }: {
system.stateVersion = "21.11"; # Did you read the comment? system.stateVersion = "21.11"; # Did you read the comment?
imports = imports = [../profiles/containers/configuration.nix ../profiles/common/user.nix];
[ ../profiles/containers/configuration.nix ../profiles/common/user.nix ];
networking.firewall.enable = false; networking.firewall.enable = false;
@ -21,8 +22,8 @@ in {
services.dovecot2 = { services.dovecot2 = {
enable = true; enable = true;
modules = [ pkgs.dovecot_pigeonhole ]; modules = [pkgs.dovecot_pigeonhole];
protocols = [ "sieve" ]; protocols = ["sieve"];
enableImap = true; enableImap = true;
enableLmtp = true; enableLmtp = true;
@ -51,7 +52,6 @@ in {
mail_max_userip_connections = 64 mail_max_userip_connections = 64
} }
''; '';
}; };
environment.etc."dovecot/users".text = '' environment.etc."dovecot/users".text = ''
@ -60,13 +60,13 @@ in {
systemd.services.steveej-getmail-stefanjunker = { systemd.services.steveej-getmail-stefanjunker = {
enable = true; enable = true;
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
serviceConfig.User = "steveej"; serviceConfig.User = "steveej";
serviceConfig.Group = "dovecot2"; serviceConfig.Group = "dovecot2";
serviceConfig.RestartSec = 600; serviceConfig.RestartSec = 600;
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
description = "Getmail service"; description = "Getmail service";
path = [ pkgs.getmail6 ]; path = [pkgs.getmail6];
script = let script = let
rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" '' rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
[options] [options]
@ -93,11 +93,11 @@ in {
systemd.services.steveej-getmail-webde = { systemd.services.steveej-getmail-webde = {
enable = true; enable = true;
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
serviceConfig.User = "steveej"; serviceConfig.User = "steveej";
serviceConfig.Group = "dovecot2"; serviceConfig.Group = "dovecot2";
description = "Getmail service"; description = "Getmail service";
path = [ pkgs.getmail6 ]; path = [pkgs.getmail6];
serviceConfig.RestartSec = 1000; serviceConfig.RestartSec = 1000;
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
script = let script = let
@ -139,7 +139,7 @@ in {
}; };
}; };
extraFlags = [ "--resolv-conf=bind-host" ]; extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true; privateNetwork = true;
forwardPorts = [ forwardPorts = [

20
nix/os/containers/syncthing.nix
View file

@ -1,12 +1,18 @@
{ hostAddress, localAddress, syncthingPort ? 22000
, syncthingLocalAnnouncePort ? 21027, autoStart ? false }:
{ {
hostAddress,
config = { config, pkgs, ... }: { localAddress,
syncthingPort ? 22000,
syncthingLocalAnnouncePort ? 21027,
autoStart ? false,
}: {
config = {
config,
pkgs,
...
}: {
system.stateVersion = "20.05"; # Did you read the comment? system.stateVersion = "20.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ]; imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
@ -30,7 +36,7 @@
}; };
}; };
extraFlags = [ "--resolv-conf=bind-host" ]; extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true; privateNetwork = true;
forwardPorts = [ forwardPorts = [

33
nix/os/containers/webserver.nix
View file

@ -1,12 +1,21 @@
{ hostAddress, localAddress, httpPort ? 80, httpsPort ? 443, autoStart ? false {
}: hostAddress,
localAddress,
let passwords = import ../../variables/passwords.crypt.nix; httpPort ? 80,
httpsPort ? 443,
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in { in {
config = { config, pkgs, lib, ... }: { config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "22.05"; # Did you read the comment? system.stateVersion = "22.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ]; imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false; networking.firewall.enable = false;
@ -51,7 +60,7 @@ in {
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt"; # sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key"; # sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
locations."/fi" = { index = "index.php"; }; locations."/fi" = {index = "index.php";};
locations."~ ^(.+.php)(.*)$".extraConfig = '' locations."~ ^(.+.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_split_path_info ^(.+\.php)(.*)$;
@ -60,13 +69,12 @@ in {
fastcgi_index index.php; fastcgi_index index.php;
''; '';
locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; }; locations."/hedgedoc/" = {proxyPass = "http://127.0.0.1:3000/";};
locations."/hedgedoc/socket.io/" = { locations."/hedgedoc/socket.io/" = {
proxyPass = "http://127.0.0.1:3000/socket.io/"; proxyPass = "http://127.0.0.1:3000/socket.io/";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
services.phpfpm.pools.mypool = { services.phpfpm.pools.mypool = {
@ -81,14 +89,13 @@ in {
"pm.max_spare_servers" = 3; "pm.max_spare_servers" = 3;
"pm.max_requests" = 500; "pm.max_requests" = 500;
"php_admin_value[error_reporting]" = "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
"E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
}; };
}; };
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work # the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
systemd.services."phpfpm-mypool" = { systemd.services."phpfpm-mypool" = {
serviceConfig = { Type = lib.mkForce "simple"; }; serviceConfig = {Type = lib.mkForce "simple";};
}; };
services.mysql = { services.mysql = {
@ -146,7 +153,7 @@ in {
}; };
}; };
extraFlags = [ "--resolv-conf=bind-host" ]; extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true; privateNetwork = true;
forwardPorts = [ forwardPorts = [

6
nix/os/devices/167.233.1.14/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }: {lib, ...}: {
{
boot.loader.grub.efiSupport = lib.mkForce false; boot.loader.grub.efiSupport = lib.mkForce false;
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
} }

6
nix/os/devices/167.233.1.14/configuration.nix
View file

@ -1,7 +1,5 @@
{ ... }: {...}: {
disabledModules = [];
{
disabledModules = [ ];
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix

14
nix/os/devices/167.233.1.14/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: let
let
stage1Modules = [ stage1Modules = [
"virtio_balloon" "virtio_balloon"
"virtio_scsi" "virtio_scsi"
@ -17,7 +15,6 @@ let
"pata_acpi" "pata_acpi"
"ata_generic" "ata_generic"
]; ];
in { in {
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02"; device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02";
@ -27,21 +24,20 @@ in {
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b"; device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=root" ]; options = ["subvol=root"];
neededForBoot = true; neededForBoot = true;
}; };
fileSystems."/home" = { fileSystems."/home" = {
device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b"; device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=home" ]; options = ["subvol=home"];
neededForBoot = true; neededForBoot = true;
}; };
swapDevices = swapDevices = [{device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d";}];
[{ device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; }];
boot.loader.grub = { device = "/dev/vda"; }; boot.loader.grub = {device = "/dev/vda";};
boot.initrd.availableKernelModules = stage1Modules; boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules; boot.initrd.kernelModules = stage1Modules;

50
nix/os/devices/167.233.1.14/pkg.nix
View file

@ -1,29 +1,35 @@
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
nixpkgs.config.packageOverrides = pkgs: nixpkgs.config.packageOverrides = pkgs:
with pkgs; { with pkgs; {
nixPath = (import ../../../default.nix { nixPath =
versionsPath = ./versions.nix; (import ../../../default.nix {
}).nixPath; versionsPath = ./versions.nix;
})
.nixPath;
}; };
home-manager.users.steveej = home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs;
inherit pkgs; extraPackages = [
extraPackages = [ # required by vscode's remote-ssh plugin
# required by vscode's remote-ssh plugin pkgs.nodejs
pkgs.nodejs
# allow clipboard exchanges # allow clipboard exchanges
pkgs.xsel pkgs.xsel
pkgs.xclip pkgs.xclip
]; ];
}; };
nix.buildMachines = [{ nix.buildMachines = [
hostName = "localhost"; {
system = "x86_64-linux"; hostName = "localhost";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; system = "x86_64-linux";
maxJobs = 4; supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
}]; maxJobs = 4;
}
];
} }

39
nix/os/devices/167.233.1.14/system.nix
View file

@ -1,9 +1,12 @@
{ pkgs, lib, config, ... }: {
pkgs,
let keys = import ../../../variables/keys.nix; lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in { in {
nix.binaryCaches = [ "https://cache.holo.host" ]; nix.binaryCaches = ["https://cache.holo.host"];
nix.binaryCachePublicKeys = [ nix.binaryCachePublicKeys = [
"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE=" "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
@ -26,11 +29,13 @@ in {
networking.interfaces.eth0 = { networking.interfaces.eth0 = {
mtu = 1400; mtu = 1400;
useDHCP = false; useDHCP = false;
ipv4.addresses = [{ ipv4.addresses = [
"address" = "167.233.1.14"; {
"prefixLength" = 29; "address" = "167.233.1.14";
}]; "prefixLength" = 29;
ipv6.addresses = [ ]; }
];
ipv6.addresses = [];
}; };
networking.defaultGateway = { networking.defaultGateway = {
@ -43,11 +48,11 @@ in {
interface = "eth0"; interface = "eth0";
}; };
networking.nameservers = [ "1.1.1.1" ]; networking.nameservers = ["1.1.1.1"];
networking.nat = { networking.nat = {
enable = true; enable = true;
internalInterfaces = [ "ve-+" ]; internalInterfaces = ["ve-+"];
externalInterface = "eth0"; externalInterface = "eth0";
}; };
@ -55,7 +60,7 @@ in {
# services.kubernetes.roles = ["master" "node"]; # services.kubernetes.roles = ["master" "node"];
# virtualization # virtualization
virtualisation = { docker.enable = true; }; virtualisation = {docker.enable = true;};
services.spice-vdagentd.enable = true; services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
@ -63,18 +68,18 @@ in {
systemd.services."sshd-status" = { systemd.services."sshd-status" = {
enable = true; enable = true;
description = "sshd-status service"; description = "sshd-status service";
path = [ pkgs.systemd ]; path = [pkgs.systemd];
script = '' script = ''
systemctl status sshd | grep -i tasks systemctl status sshd | grep -i tasks
''; '';
}; };
systemd.services.sshd.serviceConfig = { TasksMax = 32; }; systemd.services.sshd.serviceConfig = {TasksMax = 32;};
systemd.timers."sshd-status" = { systemd.timers."sshd-status" = {
description = "Timer to trigger sshd-status periodically"; description = "Timer to trigger sshd-status periodically";
enable = true; enable = true;
wantedBy = [ "timer.target" "multi-user.target" ]; wantedBy = ["timer.target" "multi-user.target"];
timerConfig = { timerConfig = {
OnActiveSec = "360s"; OnActiveSec = "360s";
OnUnitActiveSec = "360s"; OnUnitActiveSec = "360s";
@ -83,7 +88,7 @@ in {
}; };
}; };
nix.gc = { automatic = true; }; nix.gc = {automatic = true;};
networking.useHostResolvConf = true; networking.useHostResolvConf = true;

1
nix/os/devices/167.233.1.14/versions.nix
View file

@ -4,7 +4,6 @@ let
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "e34c5379866833f41e2a36f309912fa675d687c7"; rev = "e34c5379866833f41e2a36f309912fa675d687c7";
}; };
in { in {
inherit nixpkgs; inherit nixpkgs;
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;

1
nix/os/devices/167.233.1.14/versions.tmpl.nix
View file

@ -6,7 +6,6 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d ' <% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>''; ' -%>'';
}; };
in { in {
inherit nixpkgs; inherit nixpkgs;
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;

61
nix/os/devices/default.nix
View file

@ -1,15 +1,20 @@
{ dir, pkgs ? import <channels-nixos-stable> { } {
, ownLib ? import ../lib/default.nix { }, gitRoot ? dir,
"$(git rev-parse --show-toplevel)" pkgs ? import <channels-nixos-stable> {},
ownLib ? import ../lib/default.nix {},
gitRoot ? "$(git rev-parse --show-toplevel)",
# FIXME: why do these need explicit mentioning? # FIXME: why do these need explicit mentioning?
, moreargs ? "", rebuildarg ? "", ... }@args: moreargs ? "",
rebuildarg ? "",
let ...
rebuildargsSudo = [ "switch" "boot" ]; } @ args: let
rebuild = { gitRoot, rebuildarg ? "dry-activate", moreargs ? "" rebuildargsSudo = ["switch" "boot"];
rebuild = {
, ... }: gitRoot,
rebuildarg ? "dry-activate",
moreargs ? "",
...
}:
pkgs.writeScript "script" '' pkgs.writeScript "script" ''
#!/usr/bin/env bash #!/usr/bin/env bash
set -xe set -xe
@ -23,23 +28,27 @@ let
rm result rm result
fi fi
${if (builtins.elem rebuildarg rebuildargsSudo) ${
&& (builtins.match ".*--target-host.*" moreargs) == null then if
"sudo -E \\" (builtins.elem rebuildarg rebuildargsSudo)
else && (builtins.match ".*--target-host.*" moreargs) == null
""} then "sudo -E \\"
else ""
}
nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs} nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs}
''; '';
in { in {
recipes = { recipes =
rebuild = rebuild { {
inherit gitRoot; rebuild =
inherit moreargs; rebuild {
inherit rebuildarg; inherit gitRoot;
inherit moreargs;
inherit rebuildarg;
}
# // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
# // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
;
} }
# // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; } // (import ./disk.nix (args // {inherit pkgs ownLib gitRoot;}));
# // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
;
} // (import ./disk.nix (args // { inherit pkgs ownLib gitRoot; }));
} }

43
nix/os/devices/disk.nix
View file

@ -1,13 +1,24 @@
{ pkgs, ownLib, dir, gitRoot, diskId ? {
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix") pkgs,
{ }).hardware.opinionatedDisk.diskId, encrypted ? ownLib,
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix") dir,
{ }).hardware.opinionatedDisk.encrypted, previousDiskId ? "" gitRoot,
diskId ?
, ... }: (import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{})
let mntRootVol = "/mnt/${diskId}-root"; .hardware
.opinionatedDisk
.diskId,
encrypted ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{})
.hardware
.opinionatedDisk
.encrypted,
previousDiskId ? "",
...
}: let
mntRootVol = "/mnt/${diskId}-root";
in rec { in rec {
diskMount = pkgs.writeScript "script" '' diskMount = pkgs.writeScript "script" ''
#!/usr/bin/env bash #!/usr/bin/env bash
@ -177,12 +188,12 @@ in rec {
if test "${previousDiskId}"; then if test "${previousDiskId}"; then
${ ${
pkgs.lib.strings.optionalString encrypted '' pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId ownLib.disk.luksName diskId
} }
'' ''
} }
sync sync
sleep 1 sleep 1
if sudo vgs ${previousDiskId}; then if sudo vgs ${previousDiskId}; then

4
nix/os/devices/elias-e525/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }: {lib, ...}: {
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
} }

4
nix/os/devices/elias-e525/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix ../../profiles/graphical/configuration.nix

4
nix/os/devices/elias-e525/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
# TASK: new device # TASK: new device
hardware.opinionatedDisk = { hardware.opinionatedDisk = {
enable = true; enable = true;

23
nix/os/devices/elias-e525/pkg.nix
View file

@ -1,6 +1,8 @@
{ pkgs, lib, ... }: {
pkgs,
let lib,
...
}: let
homeEnv = keyboard: { homeEnv = keyboard: {
imports = [ imports = [
(import ../../../home-manager/configuration/graphical-gnome3.nix { (import ../../../home-manager/configuration/graphical-gnome3.nix {
@ -18,13 +20,14 @@ let
jitsi jitsi
]; ];
}; };
in { in {
nixpkgs.config.packageOverrides = pkgs: nixpkgs.config.packageOverrides = pkgs:
with pkgs; { with pkgs; {
nixPath = (import ../../../default.nix { nixPath =
versionsPath = ./versions.nix; (import ../../../default.nix {
}).nixPath; versionsPath = ./versions.nix;
})
.nixPath;
}; };
services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) { services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) {
@ -39,19 +42,19 @@ in {
home-manager.users.steveej = homeEnv { home-manager.users.steveej = homeEnv {
layout = "en"; layout = "en";
options = [ "nodeadkey" ]; options = ["nodeadkey"];
variant = "altgr-intl"; variant = "altgr-intl";
}; };
home-manager.users.elias = homeEnv { home-manager.users.elias = homeEnv {
layout = "de"; layout = "de";
options = [ ]; options = [];
variant = ""; variant = "";
}; };
home-manager.users.justyna = homeEnv { home-manager.users.justyna = homeEnv {
layout = "de"; layout = "de";
options = [ ]; options = [];
variant = ""; variant = "";
}; };

17
nix/os/devices/elias-e525/system.nix
View file

@ -1,7 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
let lib,
config,
...
}: let
in { in {
# TASK: new device # TASK: new device
networking.hostName = "elias-e525"; # Define your hostname. networking.hostName = "elias-e525"; # Define your hostname.
@ -17,7 +19,7 @@ in {
services.printing = { services.printing = {
enable = true; enable = true;
drivers = with pkgs; [ mfcl3770cdw.driver mfcl3770cdw.cupswrapper ]; drivers = with pkgs; [mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
}; };
services.fprintd.enable = true; services.fprintd.enable = true;
@ -41,10 +43,9 @@ in {
# udev.packages = [ pkgs.gnome3.gnome-settings-daemon ]; # udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
}; };
security.pki.certificateFiles = security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = [ "modesetting" ]; services.xserver.videoDrivers = ["modesetting"];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
} }

11
nix/os/devices/elias-e525/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }: {
config,
let pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser; inherit (import ../../lib/default.nix {}) mkUser;
in { in {
users.extraUsers.elias = mkUser { users.extraUsers.elias = mkUser {
uid = 1001; uid = 1001;

3
nix/os/devices/elias-e525/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb"; rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
}; };
in { in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; }; nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";

3
nix/os/devices/elias-e525/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d ' <% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>''; ' -%>'';
}; };
in { in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; }; nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";

4
nix/os/devices/fwhost1/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }: {lib, ...}: {
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
} }

4
nix/os/devices/fwhost1/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix ../../modules/opinionatedDisk.nix

5
nix/os/devices/fwhost1/hw.nix
View file

@ -1,7 +1,4 @@
{ ... }: {...}: let
let
in { in {
# TASK: new device # TASK: new device
hardware.opinionatedDisk = { hardware.opinionatedDisk = {

21
nix/os/devices/fwhost1/pkg.nix
View file

@ -1,18 +1,17 @@
{ pkgs, ... }: {pkgs, ...}: {
{
nixpkgs.config.packageOverrides = pkgs: nixpkgs.config.packageOverrides = pkgs:
with pkgs; { with pkgs; {
nixPath = (import ../../../default.nix { nixPath =
versionsPath = ./versions.nix; (import ../../../default.nix {
}).nixPath; versionsPath = ./versions.nix;
}; })
home-manager.users.steveej = .nixPath;
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
environment.systemPackages = with pkgs; [ iw wirelesstools ]; environment.systemPackages = with pkgs; [iw wirelesstools];
system.stateVersion = "21.11"; system.stateVersion = "21.11";
} }

45
nix/os/devices/fwhost1/system.nix
View file

@ -1,10 +1,12 @@
{ pkgs, lib, config, ... }: {
pkgs,
let lib,
config,
...
}: let
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;
in { in {
# TASK: new device # TASK: new device
networking.hostName = "fwhost1"; # Define your hostname. networking.hostName = "fwhost1"; # Define your hostname.
@ -19,34 +21,40 @@ in {
networking.firewall.logRefusedConnections = false; networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false; networking.usePredictableInterfaceNames = false;
networking.bridges.breth.interfaces = [ "eth0" "eth1" ]; networking.bridges.breth.interfaces = ["eth0" "eth1"];
networking.bridges.breth.rstp = true; networking.bridges.breth.rstp = true;
networking.defaultGateway.address = "172.172.171.10"; networking.defaultGateway.address = "172.172.171.10";
networking.nameservers = [ "172.172.171.10" ]; networking.nameservers = ["172.172.171.10"];
# WAN interfaces, currently unused because the OPNsense guest acts as a router. # WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3; networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth"; networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{ networking.interfaces.wan1.ipv4.addresses = [
address = "192.168.0.15"; {
prefixLength = 24; address = "192.168.0.15";
}]; prefixLength = 24;
}
];
networking.vlans.wan2.id = 4; networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth"; networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{ networking.interfaces.wan2.ipv4.addresses = [
address = "172.16.0.15"; {
prefixLength = 12; address = "172.16.0.15";
}]; prefixLength = 12;
}
];
# Local interfaces, all accessed via VLAN tags on the main bridge # Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1; networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth"; networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{ networking.interfaces.lan.ipv4.addresses = [
address = "172.172.171.15"; {
prefixLength = 24; address = "172.172.171.15";
}]; prefixLength = 24;
}
];
networking.vlans.dmz.id = 5; networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth"; networking.vlans.dmz.interface = "breth";
@ -77,4 +85,3 @@ in {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
} }

13
nix/os/devices/fwhost1/user.nix
View file

@ -1,8 +1,9 @@
{ config, pkgs, ... }: {
config,
let pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser; inherit (import ../../lib/default.nix {}) mkUser;
in {}
in { }

3
nix/os/devices/fwhost1/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb"; rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
}; };
in { in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; }; nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {

3
nix/os/devices/fwhost1/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d ' <% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>''; ' -%>'';
}; };
in { in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; }; nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {

4
nix/os/devices/fwhost2/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }: {lib, ...}: {
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
} }

4
nix/os/devices/fwhost2/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix ../../modules/opinionatedDisk.nix

5
nix/os/devices/fwhost2/hw.nix
View file

@ -1,7 +1,4 @@
{ ... }: {...}: let
let
in { in {
# TASK: new device # TASK: new device
hardware.opinionatedDisk = { hardware.opinionatedDisk = {

21
nix/os/devices/fwhost2/pkg.nix
View file

@ -1,18 +1,17 @@
{ pkgs, ... }: {pkgs, ...}: {
{
nixpkgs.config.packageOverrides = pkgs: nixpkgs.config.packageOverrides = pkgs:
with pkgs; { with pkgs; {
nixPath = (import ../../../default.nix { nixPath =
versionsPath = ./versions.nix; (import ../../../default.nix {
}).nixPath; versionsPath = ./versions.nix;
}; })
home-manager.users.steveej = .nixPath;
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
environment.systemPackages = with pkgs; [ iw wirelesstools ]; environment.systemPackages = with pkgs; [iw wirelesstools];
system.stateVersion = "21.11"; system.stateVersion = "21.11";
} }

46
nix/os/devices/fwhost2/system.nix
View file

@ -1,10 +1,13 @@
{ pkgs, lib, config, utils, ... }: {
pkgs,
let lib,
config,
utils,
...
}: let
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;
in { in {
# TASK: new device # TASK: new device
networking.hostName = "fwhost2"; # Define your hostname. networking.hostName = "fwhost2"; # Define your hostname.
@ -19,34 +22,40 @@ in {
networking.firewall.logRefusedConnections = false; networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false; networking.usePredictableInterfaceNames = false;
networking.bridges.breth.interfaces = [ "eth0" "eth1" ]; networking.bridges.breth.interfaces = ["eth0" "eth1"];
networking.bridges.breth.rstp = true; networking.bridges.breth.rstp = true;
networking.defaultGateway.address = "172.172.171.10"; networking.defaultGateway.address = "172.172.171.10";
networking.nameservers = [ "172.172.171.10" ]; networking.nameservers = ["172.172.171.10"];
# WAN interfaces, currently unused because the OPNsense guest acts as a router. # WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3; networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth"; networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{ networking.interfaces.wan1.ipv4.addresses = [
address = "192.168.0.16"; {
prefixLength = 24; address = "192.168.0.16";
}]; prefixLength = 24;
}
];
networking.vlans.wan2.id = 4; networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth"; networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{ networking.interfaces.wan2.ipv4.addresses = [
address = "172.16.0.16"; {
prefixLength = 12; address = "172.16.0.16";
}]; prefixLength = 12;
}
];
# Local interfaces, all accessed via VLAN tags on the main bridge # Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1; networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth"; networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{ networking.interfaces.lan.ipv4.addresses = [
address = "172.172.171.16"; {
prefixLength = 24; address = "172.172.171.16";
}]; prefixLength = 24;
}
];
networking.vlans.dmz.id = 5; networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth"; networking.vlans.dmz.interface = "breth";
@ -77,4 +86,3 @@ in {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
} }

11
nix/os/devices/fwhost2/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }: {
config,
let pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser; inherit (import ../../lib/default.nix {}) mkUser;
in { in {
# users.extraUsers.steveej2 = mkUser { # users.extraUsers.steveej2 = mkUser {
# uid = 1001; # uid = 1001;

3
nix/os/devices/fwhost2/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb"; rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
}; };
in { in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; }; nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {

3
nix/os/devices/fwhost2/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d ' <% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>''; ' -%>'';
}; };
in { in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; }; nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {

6
nix/os/devices/srv0.home-ch.stefanjunker.de/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }: {lib, ...}: {
{
boot.loader.grub.efiSupport = true; boot.loader.grub.efiSupport = true;
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
} }

6
nix/os/devices/srv0.home-ch.stefanjunker.de/configuration.nix
View file

@ -1,7 +1,5 @@
{ ... }: {...}: {
disabledModules = [];
{
disabledModules = [ ];
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix ../../modules/opinionatedDisk.nix

5
nix/os/devices/srv0.home-ch.stefanjunker.de/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: let
let
stage1Modules = [ stage1Modules = [
"aesni_intel" "aesni_intel"
"kvm-intel" "kvm-intel"
@ -19,7 +17,6 @@ let
"xhci_hcd" "xhci_hcd"
"xhci_pci" "xhci_pci"
]; ];
in { in {
# TASK: new device # TASK: new device
hardware.opinionatedDisk = { hardware.opinionatedDisk = {

36
nix/os/devices/srv0.home-ch.stefanjunker.de/pkg.nix
View file

@ -1,23 +1,29 @@
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
nixpkgs.config.packageOverrides = pkgs: nixpkgs.config.packageOverrides = pkgs:
with pkgs; { with pkgs; {
nixPath = (import ../../../default.nix { nixPath =
versionsPath = ./versions.nix; (import ../../../default.nix {
}).nixPath; versionsPath = ./versions.nix;
}; })
home-manager.users.steveej = .nixPath;
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
nix.buildMachines = [{ nix.buildMachines = [
hostName = "localhost"; {
system = "x86_64-linux"; hostName = "localhost";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; system = "x86_64-linux";
maxJobs = 4; supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
}]; maxJobs = 4;
}
];
# services.hydra = { # services.hydra = {
# enable = false; # enable = false;

21
nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix
View file

@ -1,7 +1,10 @@
{ pkgs, lib, config, ... }: {
pkgs,
let keys = import ../../../variables/keys.nix; lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in { in {
# TASK: new device # TASK: new device
networking.hostName = "srv0"; # Define your hostname. networking.hostName = "srv0"; # Define your hostname.
@ -34,7 +37,7 @@ in {
networking.nat = { networking.nat = {
enable = true; enable = true;
internalInterfaces = [ "ve-+" ]; internalInterfaces = ["ve-+"];
externalInterface = "eth0"; externalInterface = "eth0";
}; };
@ -42,14 +45,14 @@ in {
# services.kubernetes.roles = ["master" "node"]; # services.kubernetes.roles = ["master" "node"];
# virtualization # virtualization
virtualisation = { docker.enable = true; }; virtualisation = {docker.enable = true;};
nix.gc = { automatic = true; }; nix.gc = {automatic = true;};
networking.useHostResolvConf = false; networking.useHostResolvConf = false;
services.resolved = { enable = true; }; services.resolved = {enable = true;};
containers = { }; containers = {};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions

1
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.nix
View file

@ -4,7 +4,6 @@ let
ref = "nixos-22.05"; ref = "nixos-22.05";
rev = "040c6d8374d090f46ab0e99f1f7c27a4529ecffd"; rev = "040c6d8374d090f46ab0e99f1f7c27a4529ecffd";
}; };
in { in {
inherit nixpkgs; inherit nixpkgs;
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;

1
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.tmpl.nix
View file

@ -6,7 +6,6 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d ' <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
' -%>''; ' -%>'';
}; };
in { in {
inherit nixpkgs; inherit nixpkgs;
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;

4
nix/os/devices/steveej-nuc7pjyh-work/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix ../../profiles/graphical/configuration.nix

4
nix/os/devices/steveej-nuc7pjyh-work/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
# TASK: new device # TASK: new device
hardware.encryptedDisk = { hardware.encryptedDisk = {
enable = true; enable = true;

10
nix/os/devices/steveej-nuc7pjyh-work/system.nix
View file

@ -1,9 +1,11 @@
{ pkgs, lib, ... }: {
pkgs,
let lib,
...
}: let
in { in {
services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"''; services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"'';
users.groups.sgx = { }; users.groups.sgx = {};
networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname. networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname.
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest;
} }

33
nix/os/devices/steveej-nuc7pjyh-work/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }: {
config,
let pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser; inherit (import ../../lib/default.nix {}) mkUser;
in { in {
users.extraUsers.sjunker = mkUser { users.extraUsers.sjunker = mkUser {
uid = 1001; uid = 1001;
@ -13,15 +14,19 @@ in {
image = "quay.io/enarx/fedora"; image = "quay.io/enarx/fedora";
run_args = "-v /dev/sgx:/dev/sgx"; run_args = "-v /dev/sgx:/dev/sgx";
}; };
extraGroups = [ "sgx" ]; extraGroups = ["sgx"];
subUidRanges = [{ subUidRanges = [
startUid = 100000; {
count = 65536; startUid = 100000;
}]; count = 65536;
subGidRanges = [{ }
startGid = 100000; ];
count = 65536; subGidRanges = [
}]; {
startGid = 100000;
count = 65536;
}
];
}; };
} }

4
nix/os/devices/steveej-pa600/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }: {lib, ...}: {
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
} }

4
nix/os/devices/steveej-pa600/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix ../../profiles/graphical/configuration.nix

5
nix/os/devices/steveej-pa600/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: let
let
stage1Modules = [ stage1Modules = [
"aesni_intel" "aesni_intel"
"kvm-intel" "kvm-intel"
@ -9,7 +7,6 @@ let
"xhci_pci" "xhci_pci"
"hxci_hcd" "hxci_hcd"
]; ];
in { in {
# TASK: new device # TASK: new device
hardware.opinionatedDisk = { hardware.opinionatedDisk = {

19
nix/os/devices/steveej-pa600/pkg.nix
View file

@ -1,16 +1,15 @@
{ pkgs, ... }: {pkgs, ...}: {
{
nixpkgs.config.packageOverrides = pkgs: nixpkgs.config.packageOverrides = pkgs:
with pkgs; { with pkgs; {
nixPath = (import ../../../default.nix { nixPath =
versionsPath = ./versions.nix; (import ../../../default.nix {
}).nixPath; versionsPath = ./versions.nix;
}; })
home-manager.users.steveej = .nixPath;
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
services.teamviewer.enable = true; services.teamviewer.enable = true;
system.stateVersion = "20.09"; system.stateVersion = "20.09";
} }

18
nix/os/devices/steveej-pa600/system.nix
View file

@ -1,8 +1,11 @@
{ pkgs, lib, config, ... }: {
pkgs,
let keys = import ../../../variables/keys.nix; lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in { in {
# TASK: new device # TASK: new device
networking.hostName = "steveej-pa600"; # Define your hostname. networking.hostName = "steveej-pa600"; # Define your hostname.
@ -17,7 +20,7 @@ in {
services.printing = { services.printing = {
enable = true; enable = true;
drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ]; drivers = with pkgs; [hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
}; };
services.fprintd.enable = true; services.fprintd.enable = true;
@ -26,10 +29,9 @@ in {
sudo.fprintAuth = true; sudo.fprintAuth = true;
}; };
security.pki.certificateFiles = security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = [ "modesetting" ]; services.xserver.videoDrivers = ["modesetting"];
services.xserver.serverFlagsSection = '' services.xserver.serverFlagsSection = ''
Option "BlankTime" "0" Option "BlankTime" "0"
Option "StandbyTime" "0" Option "StandbyTime" "0"

11
nix/os/devices/steveej-pa600/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }: {
config,
let pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser; inherit (import ../../lib/default.nix {}) mkUser;
in { in {
users.extraUsers.steveej2 = mkUser { users.extraUsers.steveej2 = mkUser {
uid = 1001; uid = 1001;

3
nix/os/devices/steveej-pa600/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-20.09"; ref = "nixos-20.09";
rev = "e065200fc90175a8f6e50e76ef10a48786126e1c"; rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
}; };
in { in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; }; nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";

3
nix/os/devices/steveej-pa600/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d ' <% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>''; ' -%>'';
}; };
in { in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; }; nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";

Some files were not shown because too many files have changed in this diff Show more