steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

format and change

Browse source
This commit is contained in:
steveej 2023-02-07 18:23:51 +01:00
parent 882ff4e5e9
commit 28c116337c
181 changed files with 2748 additions and 2578 deletions
Download patch file Download diff file Expand all files Collapse all files

1
_archive/environments/dev/cross.nix
View file

@ -87,3 +87,4 @@ import /home/steveej/src/github/NixOS/nixpkgs/default.nix {
# };
# };
# };

17
_archive/environments/dev/go/default.nix
View file

@ -1,6 +1,11 @@
{ gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }, pkgs ? gitpkgs
, name ? "generic", version, extraBuildInputs ? [ ], extraShellHook ? "" }:
let
{
gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {},
pkgs ? gitpkgs,
name ? "generic",
version,
extraBuildInputs ? [],
extraShellHook ? "",
}: let
go = builtins.getAttr "go_${version}" pkgs;
commonVimRC = ''
let g:tagbar_type_go = {
@ -66,8 +71,8 @@ let
# ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } )
# ( import ./neovim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } )
];
in pkgs.stdenv.mkDerivation {
in
pkgs.stdenv.mkDerivation {
inherit name;
buildInputs = extraBuildInputs ++ buildInputs;
shellHook = ''
@ -81,4 +86,4 @@ in pkgs.stdenv.mkDerivation {
${extraShellHook}
'';
}
}

13
_archive/environments/dev/go/neovim-go.nix
View file

@ -1,11 +1,12 @@
{ commonRC, ... }@args:
(import ../../pkg-configuration/vim-derivates/neovim.nix args // {
additionalRC = commonRC + ''
{commonRC, ...} @ args: (import ../../pkg-configuration/vim-derivates/neovim.nix args
// {
additionalRC =
commonRC
+ ''
" deoplete {
let g:deoplete#enable_at_startup = 1
let g:deoplete#enable_smart_case = 1
" }
'';
additionalPlugins = [ "deoplete-go" "deoplete-nvim" "vim-go" ];
})
additionalPlugins = ["deoplete-go" "deoplete-nvim" "vim-go"];
})

19
_archive/environments/dev/pandoc.nix
View file

@ -1,7 +1,13 @@
{ gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }, pkgs ? gitpkgs
, name ? "generic", version ? "Stable", extraBuildInputs ? [ ] }:
let commonVimRC = "";
in pkgs.stdenv.mkDerivation {
{
gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {},
pkgs ? gitpkgs,
name ? "generic",
version ? "Stable",
extraBuildInputs ? [],
}: let
commonVimRC = "";
in
pkgs.stdenv.mkDerivation {
inherit name;
buildInputs = with pkgs;
[
@ -15,10 +21,11 @@ in pkgs.stdenv.mkDerivation {
python27Packages.htmltreediff
python27Packages.html5lib
python27Packages.dbus-python
] ++ extraBuildInputs;
]
++ extraBuildInputs;
shellHook = ''
pandocname=pandoc_${pkgs.pandoc.version}
setPS1 $pandocname
unset name
'';
}
}

8
_archive/environments/dev/rkt.nix
View file

@ -1,6 +1,8 @@
{ pkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }
, mkGoEnv ? import ./go.nix, rktPath, }:
let
{
pkgs ? import /home/steveej/src/github/NixOS/nixpkgs {},
mkGoEnv ? import ./go.nix,
rktPath,
}: let
rktBasebuildInputs = with pkgs; [
glibc.out
glibc.static

26
_archive/environments/dev/rust/default.nix
View file

@ -1,15 +1,23 @@
{ gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }, pkgs ? gitpkgs
, name ? "generic", version ? "Stable", extraBuildInputs ? [ ] }:
let
{
gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {},
pkgs ? gitpkgs,
name ? "generic",
version ? "Stable",
extraBuildInputs ? [],
}: let
rustPackages = builtins.getAttr "rust${version}" pkgs;
rustc = rustPackages.rustc;
rustShellHook = { rustc, name }: ''
rustShellHook = {
rustc,
name,
}: ''
rustname=rust_${rustc.version}_${name}
setPS1 $rustname
unset name
'';
commonVimRC = "";
in pkgs.stdenv.mkDerivation {
in
pkgs.stdenv.mkDerivation {
inherit name;
buildInputs = with rustPackages;
[
@ -21,9 +29,11 @@ in pkgs.stdenv.mkDerivation {
})
rustc
cargo
] ++ [ pkgs.rustfmt ] ++ extraBuildInputs;
shellHook = (rustShellHook) {
]
++ [pkgs.rustfmt]
++ extraBuildInputs;
shellHook = rustShellHook {
inherit name;
inherit rustc;
};
}
}

14
_archive/environments/dev/vim-go.nix
View file

@ -1,8 +1,10 @@
{ commonRC, ... }@args:
import ../../pkg-configuration/vim-derivates/vim.nix (args // {
{commonRC, ...} @ args:
import ../../pkg-configuration/vim-derivates/vim.nix (args
// {
name = "vim-for-go";
additionalRC = commonRC + ''
additionalRC =
commonRC
+ ''
" Disable AutoComplPop.
let g:acp_enableAtStartup = 0
" Use neocomplete.
@ -13,5 +15,5 @@ import ../../pkg-configuration/vim-derivates/vim.nix (args // {
let g:neocomplete#sources#omni#input_patterns = {}
endif
'';
additionalPlugins = [ "neocomplete" "vim-go" ];
})
additionalPlugins = ["neocomplete" "vim-go"];
})

14
_archive/environments/dev/vim-pandoc.nix
View file

@ -1,8 +1,10 @@
{ commonRC, ... }@args:
import ../../pkg-configuration/vim-derivates/vim.nix (args // {
{commonRC, ...} @ args:
import ../../pkg-configuration/vim-derivates/vim.nix (args
// {
name = "vim-for-pandoc";
additionalRC = commonRC + ''
additionalRC =
commonRC
+ ''
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
@ -12,5 +14,5 @@ import ../../pkg-configuration/vim-derivates/vim.nix (args // {
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
'';
additionalPlugins = [ "vim-pandoc" "vim-pandoc-syntax" "vimpreviewpandoc" ];
})
additionalPlugins = ["vim-pandoc" "vim-pandoc-syntax" "vimpreviewpandoc"];
})

19
_archive/environments/dev/vim-rust.nix
View file

@ -1,8 +1,15 @@
{ commonRC, rustc, racerd, ... }@args:
import ../../pkg-configuration/vim-derivates/vim.nix (args // {
{
commonRC,
rustc,
racerd,
...
} @ args:
import ../../pkg-configuration/vim-derivates/vim.nix (args
// {
name = "vim-for-rust";
additionalRC = commonRC + ''
additionalRC =
commonRC
+ ''
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
@ -37,5 +44,5 @@ import ../../pkg-configuration/vim-derivates/vim.nix (args // {
let g:ycm_racerd_binary_path = '${racerd.out}/bin/racerd'
'';
additionalPlugins = [ "rust-vim" ];
})
additionalPlugins = ["rust-vim"];
})

9
_archive/environments/fhs/android.nix
View file

@ -1,9 +1,7 @@
{ pkgs ? import <nixpkgs> { } }:
{pkgs ? import <nixpkgs> {}}:
(pkgs.buildFHSUserEnv {
name = "devfhs";
multiPkgs = pkgs:
(with pkgs; [
multiPkgs = pkgs: (with pkgs; [
android-udev-rules
sudo
gawk
@ -40,4 +38,5 @@
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/lib:/lib64:/lib32:/usr/lib32:/usr/lib64:${pkgs.xorg.libXtst}/lib:${pkgs.glib}/lib:${pkgs.gtk2}/lib
'';
runScript = "bash";
}).env
})
.env

11
_archive/environments/fhs/vscode.nix
View file

@ -1,9 +1,7 @@
{ pkgs ? import <nixpkgs> { } }:
{pkgs ? import <nixpkgs> {}}:
(pkgs.buildFHSUserEnv {
name = "everydayFHS";
targetPkgs = pkgs:
(with pkgs; [
targetPkgs = pkgs: (with pkgs; [
which
gitFull
zsh
@ -29,9 +27,10 @@
zlib
libsecret
]);
multiPkgs = pkgs: (with pkgs; [ ]);
multiPkgs = pkgs: (with pkgs; []);
profile = ''
export SHELL=/bin/zsh
'';
# FIXME runScript = "$SHELL";
}).env
})
.env

6
_archive/nixos-configuration/common/pkg/neovim.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }@args:
{
config,
pkgs,
...
} @ args: {
environment.systemPackages = [
pkgs.xsel
(import ../../../pkg-configuration/vim-derivates/neovim.nix args)

6
_archive/nixos-configuration/common/pkg/vim.nix
View file

@ -1,9 +1,7 @@
{ pkgs, ... }@args:
{
{pkgs, ...} @ args: {
environment.systemPackages = [
pkgs.xsel
(import ../../../pkg-configuration/vim-derivates/vim.nix
(args // { name = "vim"; }))
(args // {name = "vim";}))
];
}

8
_archive/nixos-configuration/common/user/steveej.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../passwords.crypt.nix;
keys = import ../keys.nix;
inherit (import ../lib) mkUser;

7
default.nix
View file

@ -4,10 +4,7 @@
# Having pkgs default to <nixpkgs> is fine though, and it lets you use short
# commands such as:
# nix-build -A mypackage
{ pkgs ? import <nixpkgs> { } }:
{
{pkgs ? import <nixpkgs> {}}: {
overlays = import ./nix/overlays;
pkgs = import ./nix/pkgs { inherit pkgs; };
pkgs = import ./nix/pkgs {inherit pkgs;};
}

39
nix/container-images/default.nix
View file

@ -1,9 +1,6 @@
{ pkgs ? import <nixpkgs> { } }:
let baseEnv = [ "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
{pkgs ? import <nixpkgs> {}}: let
baseEnv = ["SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
in rec {
base = pkgs.dockerTools.buildImage rec {
name = "base";
@ -24,9 +21,9 @@ in rec {
interactive_base = pkgs.dockerTools.buildImage {
name = "interactive_base";
fromImage = base;
contents = with pkgs; [ procps zsh coreutils neovim ];
contents = with pkgs; [procps zsh coreutils neovim];
config = { Cmd = [ "/bin/zsh" ]; };
config = {Cmd = ["/bin/zsh"];};
};
s3ql = let
@ -72,10 +69,11 @@ in rec {
# FIXME: touch .isbucket after mount
'';
in pkgs.dockerTools.buildImage {
in
pkgs.dockerTools.buildImage {
name = "s3ql";
fromImage = interactive_base;
contents = [ pkgs.s3ql pkgs.fuse ];
contents = [pkgs.s3ql pkgs.fuse];
runAsRoot = ''
#!${pkgs.stdenv.shell}
@ -86,18 +84,20 @@ in rec {
'';
config = {
Env = baseEnv ++ [
Env =
baseEnv
++ [
"HOME=/home/s3ql"
"S3QL_CACHE_DIR=/var/cache/s3ql"
"S3QL_AUTHINFO2=/etc/s3ql/authinfo2"
"CONTAINER_ENTRYPOINT=${entrypoint}"
];
Cmd = [ entrypoint ];
Cmd = [entrypoint];
Volumes = {
"/var/cache/s3ql" = { };
"/etc/s3ql/authinfo2" = { };
"/buckets" = { };
"/tmp" = { };
"/var/cache/s3ql" = {};
"/etc/s3ql/authinfo2" = {};
"/buckets" = {};
"/tmp" = {};
};
};
};
@ -125,15 +125,16 @@ in rec {
-gui-address=$SYNCTHING_GUI_ADDRESS \
-no-browser
'';
in pkgs.dockerTools.buildImage {
in
pkgs.dockerTools.buildImage {
name = "syncthing";
fromImage = interactive_base;
contents = pkgs.syncthing;
config = {
Env = baseEnv ++ [ "SYNCTHING_HOME=/home/syncthing" ];
Cmd = [ entrypoint ];
Volumes = { "/data" = { }; };
Env = baseEnv ++ ["SYNCTHING_HOME=/home/syncthing"];
Cmd = [entrypoint];
Volumes = {"/data" = {};};
};
};
}

30
nix/default.nix
View file

@ -1,23 +1,25 @@
{ versionsPath }:
let
channelVersions = (import versionsPath);
mkChannelSource = name:
let channelVersion = builtins.getAttr name channelVersions;
in builtins.fetchGit {
{versionsPath}: let
channelVersions = import versionsPath;
mkChannelSource = name: let
channelVersion = builtins.getAttr name channelVersions;
in
builtins.fetchGit {
# Descriptive name to make the store path easier to identify
inherit name;
inherit (channelVersion) url ref rev;
};
nixPath = builtins.concatStringsSep ":" (builtins.map (elemName:
let
nixPath = builtins.concatStringsSep ":" (builtins.map
(elemName: let
elem = builtins.getAttr elemName channelVersions;
elemPath = (mkChannelSource elemName);
suffix = if builtins.hasAttr "suffix" elem then elem.suffix else "";
in builtins.concatStringsSep "=" [ elemName elemPath ] + suffix)
elemPath = mkChannelSource elemName;
suffix =
if builtins.hasAttr "suffix" elem
then elem.suffix
else "";
in
builtins.concatStringsSep "=" [elemName elemPath] + suffix)
(builtins.attrNames channelVersions));
pkgs = import (mkChannelSource "nixpkgs") { };
pkgs = import (mkChannelSource "nixpkgs") {};
in {
inherit nixPath;
channelSources = pkgs.writeText "channels.rc" ''

66
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -1,16 +1,16 @@
{ pkgs }:
let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
in { pkgs, config, ... }:
let
{pkgs}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
# gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
unstablepkgs =
import <channels-nixos-unstable-small> { config = config.nixpkgs.config; };
masterpkgs = import <nixpkgs-master> { config = config.nixpkgs.config; };
in {
import <channels-nixos-unstable-small> {config = config.nixpkgs.config;};
masterpkgs = import <nixpkgs-master> {config = config.nixpkgs.config;};
in {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
@ -35,7 +35,7 @@ in {
gnutls = true;
};
packageOverrides = pkgs: with pkgs; { };
packageOverrides = pkgs: with pkgs; {};
};
home.sessionVariables = {
@ -45,10 +45,12 @@ in {
GOPATH = "$HOME/src/go";
PATH = pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" "$PATH" ];
PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"];
};
home.packages = [ ] ++ (with pkgs; [
home.packages =
[]
++ (with pkgs; [
# Authentication
cacert
fprintd
@ -105,7 +107,7 @@ in {
aspellDicts.de
skypeforlinux
unstablepkgs.jitsi-meet-electron
unstablepkgs.zoom-us
zoom-us
thunderbird
evolution # gnome4.glib_networking
masterpkgs.kotatogram-desktop
@ -206,15 +208,29 @@ in {
perlPackages.FileHomeDir
perlPackages.UnicodeLineBreak
(texlive.combine {
inherit (texlive)
scheme-small texlive-de texlive-en texlive-scripts collection-langgerman
latexindent latexmk
algorithms cm-super
preprint enumitem draftwatermark everypage ulem placeins minted
ifplatform fvextra xstring framed;
inherit
(texlive)
scheme-small
texlive-de
texlive-en
texlive-scripts
collection-langgerman
latexindent
latexmk
algorithms
cm-super
preprint
enumitem
draftwatermark
everypage
ulem
placeins
minted
ifplatform
fvextra
xstring
framed
;
})
pdftk
@ -286,4 +302,4 @@ in {
unstablepkgs.ledger-live-desktop
]);
}
}

30
nix/home-manager/configuration/graphical-gnome3.nix
View file

@ -1,14 +1,14 @@
{ pkgs }:
let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
in { pkgs, config, ... }:
let
{pkgs}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
unstablepkgs =
import <channels-nixos-unstable> { config = config.nixpkgs.config; };
in {
import <channels-nixos-unstable> {config = config.nixpkgs.config;};
in {
imports = [
../profiles/common.nix
../programs/firefox.nix
@ -27,12 +27,14 @@ in {
gnutls = true;
};
packageOverrides = pkgs: with pkgs; { };
packageOverrides = pkgs: with pkgs; {};
};
home.sessionVariables = { };
home.sessionVariables = {};
home.packages = [ ] ++ (with pkgs; [
home.packages =
[]
++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
@ -119,4 +121,4 @@ in {
# Virtualization
virtmanager
]);
}
}

30
nix/home-manager/configuration/graphical-removable.nix
View file

@ -1,14 +1,14 @@
{ pkgs }:
let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
in { pkgs, config, ... }:
let
{pkgs}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
unstablepkgs =
import <channels-nixos-unstable> { config = config.nixpkgs.config; };
in {
import <channels-nixos-unstable> {config = config.nixpkgs.config;};
in {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
@ -29,12 +29,14 @@ in {
gnutls = true;
};
packageOverrides = pkgs: with pkgs; { };
packageOverrides = pkgs: with pkgs; {};
};
home.sessionVariables = { };
home.sessionVariables = {};
home.packages = [ ] ++ (with pkgs; [
home.packages =
[]
++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
@ -121,4 +123,4 @@ in {
# Virtualization
virtmanager
]);
}
}

32
nix/home-manager/configuration/text-minimal.nix
View file

@ -1,12 +1,15 @@
{ pkgs, extraPackages ? [ ] }:
let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
in { pkgs, config, ... }:
let
in {
{
pkgs,
extraPackages ? [],
}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
in {
imports = [
../profiles/common.nix
# ../profiles/nix-channels.nix
@ -14,10 +17,11 @@ in {
zshCurried
];
nixpkgs.config = { packageOverrides = pkgs: with pkgs; { }; };
nixpkgs.config = {packageOverrides = pkgs: with pkgs; {};};
home.sessionVariables = { };
home.sessionVariables = {};
home.packages = extraPackages
++ (with pkgs; [ iperf3 inetutils speedtest-cli ]);
}
home.packages =
extraPackages
++ (with pkgs; [iperf3 inetutils speedtest-cli]);
}

15
nix/home-manager/lib.nix
View file

@ -1,17 +1,14 @@
{ }:
let
{}: let
in {
mkSimpleTrayService = { execStart }: {
mkSimpleTrayService = {execStart}: {
Unit = {
Description = "pasystray applet";
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
After = ["graphical-session-pre.target"];
PartOf = ["graphical-session.target"];
};
Install = { WantedBy = [ "graphical-session.target" ]; };
Install = {WantedBy = ["graphical-session.target"];};
Service = { ExecStart = execStart; };
Service = {ExecStart = execStart;};
};
}

16
nix/home-manager/profiles/common.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
in {
# TODO: re-enable this with the appropriate version
# programs.home-manager.enable = true;
@ -12,13 +10,11 @@ in {
allowBroken = false;
allowUnfree = true;
permittedInsecurePackages = [ ];
permittedInsecurePackages = [];
};
nix.settings = {
experimental-features =
[ "nix-command" "flakes" "impure-derivations" "ca-derivations" ];
};
nix.settings.experimental-features = ["nix-command" "flakes" "impure-derivations" "ca-derivations" "recursive-nix"];
nix.settings.sandbox = "relaxed";
home.keyboard = {
layout = "us";
@ -41,7 +37,9 @@ in {
programs.command-not-found.enable = true;
programs.fzf.enable = true;
home.packages = [ ] ++ (with pkgs; [
home.packages =
[]
++ (with pkgs; [
# git helpers
git-crypt

10
nix/home-manager/profiles/dotfiles.nix
View file

@ -1,7 +1,9 @@
{ pkgs, config, ... }:
let vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix { };
{
pkgs,
config,
...
}: let
vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix {};
in {
# TODO: fix the dotfiles
# home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] ''

20
nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix
View file

@ -1,8 +1,12 @@
{ pkgs, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git"
, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git", ... }:
let
repoBareLocal = pkgs.runCommand "fetchbare" {
{
pkgs,
repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git",
repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git",
...
}: let
repoBareLocal =
pkgs.runCommand "fetchbare"
{
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = "0000000000000000000000000000000000000000000000000000";
@ -14,8 +18,8 @@ let
${pkgs.git}/bin/git clone --mirror ${repoHttps} $out
)
'';
in pkgs.writeScript "activation-script" ''
in
pkgs.writeScript "activation-script" ''
export HOST=$(hostname -s)
function set_remotes {
@ -33,4 +37,4 @@ in pkgs.writeScript "activation-script" ''
${pkgs.vcsh}/bin/vcsh pull $HOST || true
set_remotes ${repoHttps} ${repoSsh}
fi
''
''

11
nix/home-manager/profiles/nix-channels.nix
View file

@ -1,11 +1,12 @@
{ pkgs, config, ... }:
let
{
pkgs,
config,
...
}: let
in {
home.file.".nix-channels".text = "";
home.activation.removeExistingNixChannels =
config.lib.dag.entryBefore [ "checkLinkTargets" ] ''
home.activation.removeExistingNixChannels = config.lib.dag.entryBefore ["checkLinkTargets"] ''
$DRY_RUN_CMD ${
pkgs.writeScript "activation-script" ''
set -ex

27
nix/home-manager/profiles/qtile-desktop.nix
View file

@ -1,14 +1,12 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
passwords = import ../../variables/passwords.crypt.nix;
inherit (import ../lib.nix { }) mkSimpleTrayService;
inherit (import ../lib.nix {}) mkSimpleTrayService;
audio = pkgs.writeShellScript "audio" ''
export PATH=${
with pkgs;
lib.makeBinPath [ pulseaudio findutils gnugrep ]
lib.makeBinPath [pulseaudio findutils gnugrep]
}:$PATH
export MUTEFILE=''${TEMPDIR:-/tmp}/.qtilemute
@ -33,7 +31,7 @@ let
terminalCommand = "${pkgs.alacritty}/bin/alacritty";
dpmsScript = pkgs.writeShellScript "dpmsScript" ''
export PATH=${with pkgs; lib.makeBinPath [ xorg.xset ]}:$PATH
export PATH=${with pkgs; lib.makeBinPath [xorg.xset]}:$PATH
set -xe
@ -56,7 +54,7 @@ let
'';
screenLockCommand = pkgs.writeShellScript "screenLock" ''
export PATH=${with pkgs; lib.makeBinPath [ i3lock ]}:$PATH
export PATH=${with pkgs; lib.makeBinPath [i3lock]}:$PATH
revert() {
${dpmsScript} default
@ -251,11 +249,10 @@ let
def print_new_window(window):
print("new window: ", window)
'';
in {
systemd.user = {
startServices = true;
services = { };
services = {};
};
# systemd.user.sockets.gpg-agent.Socket.Accept = true;
@ -310,7 +307,8 @@ in {
{
trigger = ":vpos";
replace = "{{output}}";
vars = [{
vars = [
{
name = "output";
type = "script";
params = {
@ -329,12 +327,14 @@ in {
'')
];
};
}];
}
];
}
{
trigger = ":vtit";
replace = "{{output}}";
vars = [{
vars = [
{
name = "output";
type = "script";
params = {
@ -343,7 +343,8 @@ in {
"${playerctl} metadata title")
];
};
}];
}
];
}
{
trigger = ":dunno";

11
nix/home-manager/programs/chromium.nix
View file

@ -1,9 +1,7 @@
{ ... }:
{...}: {
programs.chromium = {enable = true;};
{
programs.chromium = { enable = true; };
programs.brave = { enable = true; };
programs.brave = {enable = true;};
nixpkgs.config = {
chromium = {
@ -12,6 +10,5 @@
};
};
programs.browserpass = { browsers = [ "chromium" "brave" ]; };
programs.browserpass = {browsers = ["chromium" "brave"];};
}

12
nix/home-manager/programs/emacs.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
programs.emacs = {
enable = true;
extraPackages = epkgs:
@ -10,12 +8,14 @@
zerodark-theme # ; Nicolas' theme
undo-tree # ; <C-x u> to show the undo tree
# zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
]) ++ (with epkgs.melpaPackages; [ evil ]) ++ (with epkgs.elpaPackages; [
])
++ (with epkgs.melpaPackages; [evil])
++ (with epkgs.elpaPackages; [
auctex # ; LaTeX mode
beacon # ; highlight my cursor when scrolling
nameless # ; hide current package name everywhere in elisp code
]) ++ (with pkgs;
[
])
++ (with pkgs; [
pkgs.notmuch # From main packages set
]);
};

12
nix/home-manager/programs/firefox.nix
View file

@ -1,14 +1,10 @@
{ pkgs, ... }:
{
programs.firefox = { enable = true; };
{pkgs, ...}: {
programs.firefox = {enable = true;};
programs.browserpass = {
enable = true;
browsers = [ "firefox" ];
browsers = ["firefox"];
};
home.file.".mozilla/native-messaging-hosts/passff.json".source =
"${pkgs.passff-host}/share/passff-host/passff.json";
home.file.".mozilla/native-messaging-hosts/passff.json".source = "${pkgs.passff-host}/share/passff-host/passff.json";
}

6
nix/home-manager/programs/holochain-launcher.nix
View file

@ -1,5 +1,3 @@
{ pkgs, ... }:
{
home.packages = [ pkgs.holochain-launcher ];
{pkgs, ...}: {
home.packages = [pkgs.holochain-launcher];
}

15
nix/home-manager/programs/homeshick.nix
View file

@ -1,13 +1,13 @@
{ pkgs, config, ... }:
let
{
pkgs,
config,
...
}: let
# TODO: clean up the impurity in here
in {
home.sessionVariables = { HOMESHICK_DIR = "${pkgs.homeshick}"; };
home.sessionVariables = {HOMESHICK_DIR = "${pkgs.homeshick}";};
home.activation.bootstrapRepos =
config.lib.dag.entryAfter [ "writeBoundary" ] ''
home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] ''
$DRY_RUN_CMD ${
pkgs.writeScript "activation-script" ''
set -e
@ -25,7 +25,6 @@ in {
'';
nixpkgs.config = {
packageOverrides = pkgs:
with pkgs; {
homeshick = builtins.fetchGit {

6
nix/home-manager/programs/libreoffice.nix
View file

@ -1,10 +1,8 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home.sessionVariables = {
# Workaround for Libreoffice to force gtk3
SAL_USE_VCLPLUGIN = "gtk3";
};
home.packages = with pkgs; [ libreoffice-fresh ];
home.packages = with pkgs; [libreoffice-fresh];
}

14
nix/home-manager/programs/neovim.nix
View file

@ -1,14 +1,11 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
in {
home.sessionVariables = { EDITOR = "nvim"; };
home.sessionVariables = {EDITOR = "nvim";};
programs.neovim = {
enable = true;
extraPython3Packages = (ps: with ps; [ ]);
extraPython3Packages = ps: with ps; [];
extraConfig = builtins.readFile ./neovim/vimrc;
@ -24,7 +21,7 @@ in {
rev = "890ccd8e5370808d569e96dbb06cbeca2cf5993a";
sha256 = "018z6xcwrq58q6lj6gwhrifjaxkmrlkkg0n86s6mjjlwkbs2qa4m";
};
buildInputs = [ zip vim ];
buildInputs = [zip vim];
};
}
@ -77,7 +74,8 @@ in {
};
};
}
] ++ (with pkgs.vimPlugins; [
]
++ (with pkgs.vimPlugins; [
delimitMate
vim-airline
vim-airline-themes

12
nix/home-manager/programs/pass.nix
View file

@ -1,15 +1,11 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home.sessionVariables = {
# required by pass-otp
PASSWORD_STORE_EXTENSIONS_DIR =
"$HOME/.nix-profile/lib/password-store/extensions";
PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
};
programs.browserpass = { enable = true; };
programs.browserpass = {enable = true;};
home.packages = with pkgs; [ pass qtpass rofi-pass gnupg ];
home.packages = with pkgs; [pass qtpass rofi-pass gnupg];
}

9
nix/home-manager/programs/podman.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
cniConfigDir = let
loopback = pkgs.writeText "00-loopback.conf" ''
{
@ -36,7 +34,8 @@ let
]
}
'';
in pkgs.runCommand "cniConfig" { } ''
in
pkgs.runCommand "cniConfig" {} ''
set -x
mkdir $out;
ln -s ${loopback} $out/${loopback.name}
@ -105,7 +104,7 @@ let
default_network = "podman"
'';
in {
home.packages = with pkgs; [ podman ];
home.packages = with pkgs; [podman];
home.file.".config/containers/containers.conf".source = containersConf;

20
nix/home-manager/programs/radicale.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
passwords = import ../../variables/passwords.crypt.nix;
libdecsync = pkgs.python3Packages.buildPythonPackage rec {
@ -21,12 +24,13 @@ let
hash = "sha256-X+0MT5o2PjsKxca5EDI+rYyQDmUtbRoELDr6e4YXKCg=";
};
buildInputs = [ pkgs.radicale ];
propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ];
buildInputs = [pkgs.radicale];
propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools];
};
radicale-decsync = pkgs.radicale.overrideAttrs (old: {
propagatedBuildInputs = old.propagatedBuildInputs
++ [ radicale-storage-decsync ];
propagatedBuildInputs =
old.propagatedBuildInputs
++ [radicale-storage-decsync];
});
radicale-config = pkgs.writeText "radicale-config" ''
[auth]
@ -50,6 +54,6 @@ in {
ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}";
Restart = "on-failure";
};
Install.WantedBy = [ "default.target" ];
Install.WantedBy = ["default.target"];
};
}

13
nix/home-manager/programs/vscode/default.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
packagedExtensions = with pkgs.vscode-extensions; [
# bbenoist.Nix
ms-vscode-remote.remote-ssh
@ -462,24 +460,22 @@ let
sha256 = "1jmmbz3i0hxq5ka4rsk07mynxh3pkh5g736d9ryv1czhnrb06lwf";
}
];
in {
programs.vscode = {
enable = true;
extensions = [ ] ++ packagedExtensions
extensions =
[] ++ packagedExtensions
# ++ marketPlaceExtensions
;
};
home.packages = [ pkgs.nixpkgs-fmt pkgs.nixfmt ];
home.packages = [pkgs.nixpkgs-fmt pkgs.alejandra];
}
# TODO: automate
# rustup install stable
# rustup component add rust-analysis --toolchain stable
# rustup component add rust-src --toolchain stable
# rustup component add rls --toolchain stable
### original list:
# 74th.Theme-NaturalContrast-With-HC
# AlanWalk.markdown-toc
@ -553,3 +549,4 @@ in {
# xyz.plsql-language
# yzane.markdown-pdf
# zxh404.vscode-proto3

25
nix/home-manager/programs/zsh.nix
View file

@ -1,8 +1,4 @@
{ pkgs }:
{ ... }:
let
{pkgs}: {...}: let
just-plugin = let
plugin_file = pkgs.writeText "_just" ''
#compdef just
@ -22,8 +18,8 @@ let
_describe 'command' subcmds
'';
in pkgs.stdenv.mkDerivation {
in
pkgs.stdenv.mkDerivation {
name = "just-completions";
version = "0.1.0";
phases = "installPhase";
@ -34,7 +30,6 @@ let
chmod --recursive a-w $out
'';
};
in {
programs.zsh = {
enable = true;
@ -42,7 +37,8 @@ in {
# will be called again by oh-my-zsh
enableCompletion = false;
enableAutosuggestions = true;
initExtra = let inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
initExtra = let
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
in ''
PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f '
RPROMPT=""
@ -54,11 +50,14 @@ in {
. $HOME/.shrc.d/sh_aliases
fi
${if builtins.hasAttr "homeshick" pkgs then ''
${
if builtins.hasAttr "homeshick" pkgs
then ''
source ${pkgs.homeshick}/homeshick.sh
fpath=(${pkgs.homeshick}/completions $fpath)
'' else
""}
''
else ""
}
# Disable intercepting of ctrl-s and ctrl-q as flow control.
stty stop ''' -ixoff -ixon
@ -115,7 +114,7 @@ in {
oh-my-zsh = {
enable = true;
theme = "tjkirch";
plugins = [ "git" "sudo" ];
plugins = ["git" "sudo"];
};
};
}

11
nix/ops/nano/configuration.nix
View file

@ -1,11 +1,13 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ n, pkgs, ... }:
{
imports = [ # Include the results of the hardware scan.
n,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
@ -60,5 +62,4 @@
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.03";
}

18
nix/ops/nano/hardware-configuration.nix
View file

@ -1,22 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
config,
lib,
pkgs,
...
}: {
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/e02a410e-5044-440f-90e9-b573e51f1315";
fsType = "ext4";
};
swapDevices = [ ];
swapDevices = [];
nix.maxJobs = 2;
}

20
nix/ops/nanos@kn.nix
View file

@ -1,18 +1,18 @@
{ nixpkgs ? import <nixpkgs> { }, nrNanos ? 1 # Number of nanos
}:
let
{
nixpkgs ? import <nixpkgs> {},
nrNanos ? 1, # Number of nanos
}: let
pkgs = nixpkgs;
webserver = {
services.httpd.enable = true;
services.httpd.adminAddr = "mail@stefanjunker.de";
services.httpd.documentRoot = "${pkgs.nixops}/share/doc/nixops/";
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowedTCPPorts = [80];
};
mkNano = { n }: {
mkNano = {n}: {
imports = [
(import ./nano/configuration.nix { inherit pkgs n; })
(import ./nano/configuration.nix {inherit pkgs n;})
../configuration/common/user/root.nix
];
deployment.targetEnv = "none";
@ -20,6 +20,6 @@ let
};
mkNanos = n:
nixpkgs.lib.nameValuePair "nano${toString n}" (mkNano { inherit n; });
in nixpkgs.lib.listToAttrs (map mkNanos (nixpkgs.lib.range 0 (nrNanos - 1)))
nixpkgs.lib.nameValuePair "nano${toString n}" (mkNano {inherit n;});
in
nixpkgs.lib.listToAttrs (map mkNanos (nixpkgs.lib.range 0 (nrNanos - 1)))

42
nix/os/containers/backup-target.nix
View file

@ -1,9 +1,19 @@
{ hostAddress, localAddress, containerBackupCfg
, sshPort ? containerBackupCfg.portInt, autoStart ? false }: {
config = { config, pkgs, lib, ... }: {
{
hostAddress,
localAddress,
containerBackupCfg,
sshPort ? containerBackupCfg.portInt,
autoStart ? false,
}: {
config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "22.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false;
@ -23,30 +33,32 @@
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNI3H0BRSYOZ/MbTs9J80doJwSd1HymFOP5quNt0J48vxZ5FPVrT2FHpQiNrCcYbCKRsU4X8AiGUHiXC0PapQQ3JDkqp6WZoqBNDx6BI7RadyH1TqVQPlou3pQmCAogzfBInruR53YTDmQqXiPwfM0okPOXgiBNjDfZXOX4+CyUfkmZZwASoicTInqWGkn1sFnh4tyXIkgWflg0njlVmfkVvH71+evvKLYHtoNpVXazkQ0SXbyuW5f3mSta7TNkpC3HbBm+4n+WxYGySrlRLWQhTo+aoWUKk9h5zvECDNpwRtbqzt+bA9nKrdg180ceu8hruwvWNiC6PPA2GW9Z1+VKROviGu1C3dliE/pPCBtK+ZoRVv2CGE+pmAuQsB9Nif9tk5tY6HJhuLNxKYiMfQkiLsDYv6KdZXUIVK/4BIDkZuQNnjhdOQBLnea0ANOhutA9gnjxnsd3UT6ovfazg5gud7n3u4yBtzjTkRrqWZ63eM1NmUVOgMWHQ715pV+hJfOFGqzRBEe3g/p3bWNgpROBYJbG1H8l9DN7emG4FGWsb1HeNFwQ5lS0Zsezb7qzahr4vSmHNugVw7w8ONt5dPbPI9wQnWvkkuHH76P/NYy6OC6lHrN1rXyA1okqdPr06YAZnCot+Pqdgn/ijxgp06J3dtkhin+Q7PoQbGff3ERIw== bkp"
];
packages = with pkgs; [ btrfs-progs ];
packages = with pkgs; [btrfs-progs];
isSystemUser = true;
};
security.sudo = {
enable = true;
extraRules = [{
users = [ "bkp" ];
extraRules = [
{
users = ["bkp"];
commands = [
{
command = "/etc/profiles/per-user/bkp/bin/btrfs";
options = [ "NOPASSWD" ];
options = ["NOPASSWD"];
}
{
command = "/run/current-system/sw/bin/readlink";
options = [ "NOPASSWD" ];
options = ["NOPASSWD"];
}
{
command = "/run/current-system/sw/bin/test";
options = [ "NOPASSWD" ];
options = ["NOPASSWD"];
}
];
}
];
}];
};
};
@ -59,15 +71,17 @@
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [{
forwardPorts = [
{
# ssh
containerPort = 22;
hostPort = sshPort;
protocol = "tcp";
}];
}
];
inherit hostAddress localAddress;
}

45
nix/os/containers/backup.nix
View file

@ -1,17 +1,20 @@
{ config, hostAddress, localAddress, subvolumes, targetPathSuffix ? ""
, autoStart ? false }:
let
{
config,
hostAddress,
localAddress,
subvolumes,
targetPathSuffix ? "",
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix;
subvolumeParentDir = "/var/lib/container-volumes";
in {
config = { pkgs, ... }: {
config = {pkgs, ...}: {
system.stateVersion = "20.03"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
environment.systemPackages = with pkgs; [ btrfs-progs btrbk ];
environment.systemPackages = with pkgs; [btrfs-progs btrbk];
networking.firewall.enable = true;
@ -19,13 +22,13 @@ in {
enable = true;
description = "bkp-sync service";
serviceConfig = { Type = "oneshot"; };
serviceConfig = {Type = "oneshot";};
after = [ "bkp-run.service" ];
after = ["bkp-run.service"];
requires = [ "bkp-run.service" ];
requires = ["bkp-run.service"];
path = with pkgs; [ utillinux ];
path = with pkgs; [utillinux];
script = ''
set -x
true
@ -36,11 +39,11 @@ in {
enable = true;
description = "bkp-run";
serviceConfig = { Type = "oneshot"; };
serviceConfig = {Type = "oneshot";};
partOf = [ "bkp-sync.service" ];
partOf = ["bkp-sync.service"];
path = with pkgs; [ btrfs-progs btrbk coreutils ];
path = with pkgs; [btrfs-progs btrbk coreutils];
script = let
btrbkConf = pkgs.writeText "cfg" ''
@ -73,7 +76,7 @@ in {
systemd.timers."bkp" = {
description = "Timer to trigger bkp periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
wantedBy = ["timer.target" "multi-user.target"];
timerConfig = {
# Obtained using `systemd-analyze calendar "Wed 23:00"`
# OnCalendar = "Wed *-*-* 23:00:00";
@ -104,15 +107,17 @@ in {
};
};
allowedDevices = [{
allowedDevices = [
{
node = "/dev/fuse";
modifier = "rw";
}];
}
];
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [ ];
forwardPorts = [];
inherit hostAddress localAddress;
}

29
nix/os/containers/ipxe.nix
View file

@ -1,9 +1,18 @@
{ hostAddress, localAddress, httpPort ? 80, httpsPort ? 443 }:
let passwords = import ../../variables/passwords.crypt.nix;
{
hostAddress,
localAddress,
httpPort ? 80,
httpsPort ? 443,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in {
config = { config, pkgs, lib, ... }: {
imports = [ ../profiles/containers/configuration.nix ];
config = {
config,
pkgs,
lib,
...
}: {
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false;
@ -48,7 +57,7 @@ in {
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
locations."/fi" = { index = "index.php"; };
locations."/fi" = {index = "index.php";};
locations."~ ^(.+.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$;
@ -57,13 +66,12 @@ in {
fastcgi_index index.php;
'';
locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; };
locations."/hedgedoc/" = {proxyPass = "http://127.0.0.1:3000/";};
locations."/hedgedoc/socket.io/" = {
proxyPass = "http://127.0.0.1:3000/socket.io/";
proxyWebsockets = true;
};
};
services.phpfpm.pools.mypool = {
@ -78,14 +86,13 @@ in {
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
"php_admin_value[error_reporting]" =
"E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
"php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
};
};
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
systemd.services."phpfpm-mypool" = {
serviceConfig = { Type = lib.mkForce "simple"; };
serviceConfig = {Type = lib.mkForce "simple";};
};
services.mysql = {

34
nix/os/containers/mailserver.nix
View file

@ -1,15 +1,16 @@
{ hostAddress, localAddress, imapsPort ? 993, sievePort ? 4190
, autoStart ? false }:
let passwords = import ../../variables/passwords.crypt.nix;
{
hostAddress,
localAddress,
imapsPort ? 993,
sievePort ? 4190,
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in {
config = { pkgs, ... }: {
config = {pkgs, ...}: {
system.stateVersion = "21.11"; # Did you read the comment?
imports =
[ ../profiles/containers/configuration.nix ../profiles/common/user.nix ];
imports = [../profiles/containers/configuration.nix ../profiles/common/user.nix];
networking.firewall.enable = false;
@ -21,8 +22,8 @@ in {
services.dovecot2 = {
enable = true;
modules = [ pkgs.dovecot_pigeonhole ];
protocols = [ "sieve" ];
modules = [pkgs.dovecot_pigeonhole];
protocols = ["sieve"];
enableImap = true;
enableLmtp = true;
@ -51,7 +52,6 @@ in {
mail_max_userip_connections = 64
}
'';
};
environment.etc."dovecot/users".text = ''
@ -60,13 +60,13 @@ in {
systemd.services.steveej-getmail-stefanjunker = {
enable = true;
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
serviceConfig.User = "steveej";
serviceConfig.Group = "dovecot2";
serviceConfig.RestartSec = 600;
serviceConfig.Restart = "always";
description = "Getmail service";
path = [ pkgs.getmail6 ];
path = [pkgs.getmail6];
script = let
rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
[options]
@ -93,11 +93,11 @@ in {
systemd.services.steveej-getmail-webde = {
enable = true;
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
serviceConfig.User = "steveej";
serviceConfig.Group = "dovecot2";
description = "Getmail service";
path = [ pkgs.getmail6 ];
path = [pkgs.getmail6];
serviceConfig.RestartSec = 1000;
serviceConfig.Restart = "always";
script = let
@ -139,7 +139,7 @@ in {
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [

20
nix/os/containers/syncthing.nix
View file

@ -1,12 +1,18 @@
{ hostAddress, localAddress, syncthingPort ? 22000
, syncthingLocalAnnouncePort ? 21027, autoStart ? false }:
{
config = { config, pkgs, ... }: {
hostAddress,
localAddress,
syncthingPort ? 22000,
syncthingLocalAnnouncePort ? 21027,
autoStart ? false,
}: {
config = {
config,
pkgs,
...
}: {
system.stateVersion = "20.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
@ -30,7 +36,7 @@
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [

33
nix/os/containers/webserver.nix
View file

@ -1,12 +1,21 @@
{ hostAddress, localAddress, httpPort ? 80, httpsPort ? 443, autoStart ? false
}:
let passwords = import ../../variables/passwords.crypt.nix;
{
hostAddress,
localAddress,
httpPort ? 80,
httpsPort ? 443,
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in {
config = { config, pkgs, lib, ... }: {
config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "22.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false;
@ -51,7 +60,7 @@ in {
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
locations."/fi" = { index = "index.php"; };
locations."/fi" = {index = "index.php";};
locations."~ ^(.+.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$;
@ -60,13 +69,12 @@ in {
fastcgi_index index.php;
'';
locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; };
locations."/hedgedoc/" = {proxyPass = "http://127.0.0.1:3000/";};
locations."/hedgedoc/socket.io/" = {
proxyPass = "http://127.0.0.1:3000/socket.io/";
proxyWebsockets = true;
};
};
services.phpfpm.pools.mypool = {
@ -81,14 +89,13 @@ in {
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
"php_admin_value[error_reporting]" =
"E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
"php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
};
};
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
systemd.services."phpfpm-mypool" = {
serviceConfig = { Type = lib.mkForce "simple"; };
serviceConfig = {Type = lib.mkForce "simple";};
};
services.mysql = {
@ -146,7 +153,7 @@ in {
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [

6
nix/os/devices/167.233.1.14/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiSupport = lib.mkForce false;
boot.extraModulePackages = [ ];
boot.extraModulePackages = [];
}

6
nix/os/devices/167.233.1.14/configuration.nix
View file

@ -1,7 +1,5 @@
{ ... }:
{
disabledModules = [ ];
{...}: {
disabledModules = [];
imports = [
../../profiles/common/configuration.nix

14
nix/os/devices/167.233.1.14/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"virtio_balloon"
"virtio_scsi"
@ -17,7 +15,6 @@ let
"pata_acpi"
"ata_generic"
];
in {
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02";
@ -27,21 +24,20 @@ in {
fileSystems."/" = {
device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
fsType = "btrfs";
options = [ "subvol=root" ];
options = ["subvol=root"];
neededForBoot = true;
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
fsType = "btrfs";
options = [ "subvol=home" ];
options = ["subvol=home"];
neededForBoot = true;
};
swapDevices =
[{ device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; }];
swapDevices = [{device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d";}];
boot.loader.grub = { device = "/dev/vda"; };
boot.loader.grub = {device = "/dev/vda";};
boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;

24
nix/os/devices/167.233.1.14/pkg.nix
View file

@ -1,14 +1,18 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
})
.nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
extraPackages = [
# required by vscode's remote-ssh plugin
@ -20,10 +24,12 @@
];
};
nix.buildMachines = [{
nix.buildMachines = [
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}];
}
];
}

35
nix/os/devices/167.233.1.14/system.nix
View file

@ -1,9 +1,12 @@
{ pkgs, lib, config, ... }:
let keys = import ../../../variables/keys.nix;
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in {
nix.binaryCaches = [ "https://cache.holo.host" ];
nix.binaryCaches = ["https://cache.holo.host"];
nix.binaryCachePublicKeys = [
"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
@ -26,11 +29,13 @@ in {
networking.interfaces.eth0 = {
mtu = 1400;
useDHCP = false;
ipv4.addresses = [{
ipv4.addresses = [
{
"address" = "167.233.1.14";
"prefixLength" = 29;
}];
ipv6.addresses = [ ];
}
];
ipv6.addresses = [];
};
networking.defaultGateway = {
@ -43,11 +48,11 @@ in {
interface = "eth0";
};
networking.nameservers = [ "1.1.1.1" ];
networking.nameservers = ["1.1.1.1"];
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
internalInterfaces = ["ve-+"];
externalInterface = "eth0";
};
@ -55,7 +60,7 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = { docker.enable = true; };
virtualisation = {docker.enable = true;};
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
@ -63,18 +68,18 @@ in {
systemd.services."sshd-status" = {
enable = true;
description = "sshd-status service";
path = [ pkgs.systemd ];
path = [pkgs.systemd];
script = ''
systemctl status sshd | grep -i tasks
'';
};
systemd.services.sshd.serviceConfig = { TasksMax = 32; };
systemd.services.sshd.serviceConfig = {TasksMax = 32;};
systemd.timers."sshd-status" = {
description = "Timer to trigger sshd-status periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
wantedBy = ["timer.target" "multi-user.target"];
timerConfig = {
OnActiveSec = "360s";
OnUnitActiveSec = "360s";
@ -83,7 +88,7 @@ in {
};
};
nix.gc = { automatic = true; };
nix.gc = {automatic = true;};
networking.useHostResolvConf = true;

1
nix/os/devices/167.233.1.14/versions.nix
View file

@ -4,7 +4,6 @@ let
ref = "nixos-21.11";
rev = "e34c5379866833f41e2a36f309912fa675d687c7";
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

1
nix/os/devices/167.233.1.14/versions.tmpl.nix
View file

@ -6,7 +6,6 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

49
nix/os/devices/default.nix
View file

@ -1,15 +1,20 @@
{ dir, pkgs ? import <channels-nixos-stable> { }
, ownLib ? import ../lib/default.nix { }, gitRoot ?
"$(git rev-parse --show-toplevel)"
{
dir,
pkgs ? import <channels-nixos-stable> {},
ownLib ? import ../lib/default.nix {},
gitRoot ? "$(git rev-parse --show-toplevel)",
# FIXME: why do these need explicit mentioning?
, moreargs ? "", rebuildarg ? "", ... }@args:
let
rebuildargsSudo = [ "switch" "boot" ];
rebuild = { gitRoot, rebuildarg ? "dry-activate", moreargs ? ""
, ... }:
moreargs ? "",
rebuildarg ? "",
...
} @ args: let
rebuildargsSudo = ["switch" "boot"];
rebuild = {
gitRoot,
rebuildarg ? "dry-activate",
moreargs ? "",
...
}:
pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
@ -23,17 +28,20 @@ let
rm result
fi
${if (builtins.elem rebuildarg rebuildargsSudo)
&& (builtins.match ".*--target-host.*" moreargs) == null then
"sudo -E \\"
else
""}
${
if
(builtins.elem rebuildarg rebuildargsSudo)
&& (builtins.match ".*--target-host.*" moreargs) == null
then "sudo -E \\"
else ""
}
nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs}
'';
in {
recipes = {
rebuild = rebuild {
recipes =
{
rebuild =
rebuild {
inherit gitRoot;
inherit moreargs;
inherit rebuildarg;
@ -41,5 +49,6 @@ in {
# // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
# // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
;
} // (import ./disk.nix (args // { inherit pkgs ownLib gitRoot; }));
}
// (import ./disk.nix (args // {inherit pkgs ownLib gitRoot;}));
}

27
nix/os/devices/disk.nix
View file

@ -1,13 +1,24 @@
{ pkgs, ownLib, dir, gitRoot, diskId ?
{
pkgs,
ownLib,
dir,
gitRoot,
diskId ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{ }).hardware.opinionatedDisk.diskId, encrypted ?
{})
.hardware
.opinionatedDisk
.diskId,
encrypted ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{ }).hardware.opinionatedDisk.encrypted, previousDiskId ? ""
, ... }:
let mntRootVol = "/mnt/${diskId}-root";
{})
.hardware
.opinionatedDisk
.encrypted,
previousDiskId ? "",
...
}: let
mntRootVol = "/mnt/${diskId}-root";
in rec {
diskMount = pkgs.writeScript "script" ''
#!/usr/bin/env bash

4
nix/os/devices/elias-e525/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

4
nix/os/devices/elias-e525/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix

4
nix/os/devices/elias-e525/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;

21
nix/os/devices/elias-e525/pkg.nix
View file

@ -1,6 +1,8 @@
{ pkgs, lib, ... }:
let
{
pkgs,
lib,
...
}: let
homeEnv = keyboard: {
imports = [
(import ../../../home-manager/configuration/graphical-gnome3.nix {
@ -18,13 +20,14 @@ let
jitsi
];
};
in {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
})
.nixPath;
};
services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) {
@ -39,19 +42,19 @@ in {
home-manager.users.steveej = homeEnv {
layout = "en";
options = [ "nodeadkey" ];
options = ["nodeadkey"];
variant = "altgr-intl";
};
home-manager.users.elias = homeEnv {
layout = "de";
options = [ ];
options = [];
variant = "";
};
home-manager.users.justyna = homeEnv {
layout = "de";
options = [ ];
options = [];
variant = "";
};

17
nix/os/devices/elias-e525/system.nix
View file

@ -1,7 +1,9 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
in {
# TASK: new device
networking.hostName = "elias-e525"; # Define your hostname.
@ -17,7 +19,7 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [ mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
drivers = with pkgs; [mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
};
services.fprintd.enable = true;
@ -41,10 +43,9 @@ in {
# udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
};
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.videoDrivers = ["modesetting"];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

11
nix/os/devices/elias-e525/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.elias = mkUser {
uid = 1001;

3
nix/os/devices/elias-e525/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

3
nix/os/devices/elias-e525/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

4
nix/os/devices/fwhost1/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

4
nix/os/devices/fwhost1/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

5
nix/os/devices/fwhost1/hw.nix
View file

@ -1,7 +1,4 @@
{ ... }:
let
{...}: let
in {
# TASK: new device
hardware.opinionatedDisk = {

15
nix/os/devices/fwhost1/pkg.nix
View file

@ -1,18 +1,17 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
})
.nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
environment.systemPackages = with pkgs; [ iw wirelesstools ];
environment.systemPackages = with pkgs; [iw wirelesstools];
system.stateVersion = "21.11";
}

33
nix/os/devices/fwhost1/system.nix
View file

@ -1,10 +1,12 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix;
in {
# TASK: new device
networking.hostName = "fwhost1"; # Define your hostname.
@ -19,34 +21,40 @@ in {
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
networking.bridges.breth.interfaces = [ "eth0" "eth1" ];
networking.bridges.breth.interfaces = ["eth0" "eth1"];
networking.bridges.breth.rstp = true;
networking.defaultGateway.address = "172.172.171.10";
networking.nameservers = [ "172.172.171.10" ];
networking.nameservers = ["172.172.171.10"];
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{
networking.interfaces.wan1.ipv4.addresses = [
{
address = "192.168.0.15";
prefixLength = 24;
}];
}
];
networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{
networking.interfaces.wan2.ipv4.addresses = [
{
address = "172.16.0.15";
prefixLength = 12;
}];
}
];
# Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{
networking.interfaces.lan.ipv4.addresses = [
{
address = "172.172.171.15";
prefixLength = 24;
}];
}
];
networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth";
@ -77,4 +85,3 @@ in {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

13
nix/os/devices/fwhost1/user.nix
View file

@ -1,8 +1,9 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
in { }
inherit (import ../../lib/default.nix {}) mkUser;
in {}

3
nix/os/devices/fwhost1/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

3
nix/os/devices/fwhost1/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

4
nix/os/devices/fwhost2/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

4
nix/os/devices/fwhost2/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

5
nix/os/devices/fwhost2/hw.nix
View file

@ -1,7 +1,4 @@
{ ... }:
let
{...}: let
in {
# TASK: new device
hardware.opinionatedDisk = {

15
nix/os/devices/fwhost2/pkg.nix
View file

@ -1,18 +1,17 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
})
.nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
environment.systemPackages = with pkgs; [ iw wirelesstools ];
environment.systemPackages = with pkgs; [iw wirelesstools];
system.stateVersion = "21.11";
}

34
nix/os/devices/fwhost2/system.nix
View file

@ -1,10 +1,13 @@
{ pkgs, lib, config, utils, ... }:
let
{
pkgs,
lib,
config,
utils,
...
}: let
keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix;
in {
# TASK: new device
networking.hostName = "fwhost2"; # Define your hostname.
@ -19,34 +22,40 @@ in {
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
networking.bridges.breth.interfaces = [ "eth0" "eth1" ];
networking.bridges.breth.interfaces = ["eth0" "eth1"];
networking.bridges.breth.rstp = true;
networking.defaultGateway.address = "172.172.171.10";
networking.nameservers = [ "172.172.171.10" ];
networking.nameservers = ["172.172.171.10"];
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{
networking.interfaces.wan1.ipv4.addresses = [
{
address = "192.168.0.16";
prefixLength = 24;
}];
}
];
networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{
networking.interfaces.wan2.ipv4.addresses = [
{
address = "172.16.0.16";
prefixLength = 12;
}];
}
];
# Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{
networking.interfaces.lan.ipv4.addresses = [
{
address = "172.172.171.16";
prefixLength = 24;
}];
}
];
networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth";
@ -77,4 +86,3 @@ in {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

11
nix/os/devices/fwhost2/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
# users.extraUsers.steveej2 = mkUser {
# uid = 1001;

3
nix/os/devices/fwhost2/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

3
nix/os/devices/fwhost2/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

6
nix/os/devices/srv0.home-ch.stefanjunker.de/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiSupport = true;
boot.extraModulePackages = [ ];
boot.extraModulePackages = [];
}

6
nix/os/devices/srv0.home-ch.stefanjunker.de/configuration.nix
View file

@ -1,7 +1,5 @@
{ ... }:
{
disabledModules = [ ];
{...}: {
disabledModules = [];
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

5
nix/os/devices/srv0.home-ch.stefanjunker.de/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -19,7 +17,6 @@ let
"xhci_hcd"
"xhci_pci"
];
in {
# TASK: new device
hardware.opinionatedDisk = {

24
nix/os/devices/srv0.home-ch.stefanjunker.de/pkg.nix
View file

@ -1,23 +1,29 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
})
.nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
nix.buildMachines = [{
nix.buildMachines = [
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}];
}
];
# services.hydra = {
# enable = false;

21
nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix
View file

@ -1,7 +1,10 @@
{ pkgs, lib, config, ... }:
let keys = import ../../../variables/keys.nix;
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in {
# TASK: new device
networking.hostName = "srv0"; # Define your hostname.
@ -34,7 +37,7 @@ in {
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
internalInterfaces = ["ve-+"];
externalInterface = "eth0";
};
@ -42,14 +45,14 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = { docker.enable = true; };
virtualisation = {docker.enable = true;};
nix.gc = { automatic = true; };
nix.gc = {automatic = true;};
networking.useHostResolvConf = false;
services.resolved = { enable = true; };
services.resolved = {enable = true;};
containers = { };
containers = {};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

1
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.nix
View file

@ -4,7 +4,6 @@ let
ref = "nixos-22.05";
rev = "040c6d8374d090f46ab0e99f1f7c27a4529ecffd";
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

1
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.tmpl.nix
View file

@ -6,7 +6,6 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

4
nix/os/devices/steveej-nuc7pjyh-work/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix

4
nix/os/devices/steveej-nuc7pjyh-work/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
# TASK: new device
hardware.encryptedDisk = {
enable = true;

10
nix/os/devices/steveej-nuc7pjyh-work/system.nix
View file

@ -1,9 +1,11 @@
{ pkgs, lib, ... }:
let
{
pkgs,
lib,
...
}: let
in {
services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"'';
users.groups.sgx = { };
users.groups.sgx = {};
networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname.
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest;
}

25
nix/os/devices/steveej-nuc7pjyh-work/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.sjunker = mkUser {
uid = 1001;
@ -13,15 +14,19 @@ in {
image = "quay.io/enarx/fedora";
run_args = "-v /dev/sgx:/dev/sgx";
};
extraGroups = [ "sgx" ];
extraGroups = ["sgx"];
subUidRanges = [{
subUidRanges = [
{
startUid = 100000;
count = 65536;
}];
subGidRanges = [{
}
];
subGidRanges = [
{
startGid = 100000;
count = 65536;
}];
}
];
};
}

4
nix/os/devices/steveej-pa600/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

4
nix/os/devices/steveej-pa600/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix

5
nix/os/devices/steveej-pa600/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -9,7 +7,6 @@ let
"xhci_pci"
"hxci_hcd"
];
in {
# TASK: new device
hardware.opinionatedDisk = {

13
nix/os/devices/steveej-pa600/pkg.nix
View file

@ -1,14 +1,13 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
})
.nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
services.teamviewer.enable = true;

18
nix/os/devices/steveej-pa600/system.nix
View file

@ -1,8 +1,11 @@
{ pkgs, lib, config, ... }:
let keys = import ../../../variables/keys.nix;
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in {
# TASK: new device
networking.hostName = "steveej-pa600"; # Define your hostname.
@ -17,7 +20,7 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
drivers = with pkgs; [hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
};
services.fprintd.enable = true;
@ -26,10 +29,9 @@ in {
sudo.fprintAuth = true;
};
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.videoDrivers = ["modesetting"];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"

11
nix/os/devices/steveej-pa600/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.steveej2 = mkUser {
uid = 1001;

3
nix/os/devices/steveej-pa600/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-20.09";
rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

3
nix/os/devices/steveej-pa600/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

Some files were not shown because too many files have changed in this diff Show more