steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat: flakify, gnome3

Browse source 
chore: nix fmt
refactor: split out more home-manager programs
feat: migrate shell as flake devShell
feat: initial flake structure with colmena
feat: migrate elias-e525 to colmena
feat: migrate steveej-t14 with colmena
feat: configure chromium extensions
chore: remove all overlays and package overrides
chore: delete some of _archive
feat: migrate vmd102066
feat: migrate sj-vps-htz0
This commit is contained in:
steveej 2023-04-15 12:21:22 +02:00
parent 4fcddef112
commit 33e0c3f4c6
79 changed files with 1797 additions and 1578 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.envrc
View file

@ -1,7 +1 @@
# if ! has nix_direnv_version || ! nix_direnv_version 1.5.1; then
# source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/1.5.1/direnvrc" "sha256-p4CDMJjuBmEh9pkn2aoJrZqr0DlPZHPU7eXOSDzzcuo="
# fi
# use_flake . --impure
use nix
use_flake . --impure

1
.gitignore vendored
View file

@ -3,3 +3,4 @@
.*.log
.env
**/result
.direnv/

5
.vscode/settings.json vendored
View file

@ -1,3 +1,6 @@
{
"nixEnvSelector.nixFile": "${workspaceRoot}/shell.nix"
"nixEnvSelector.nixFile": "${workspaceRoot}/shell.nix",
"[nix]": {
"editor.defaultFormatter": "kamadorueda.alejandra"
},
}

31
README.md
View file

@ -29,14 +29,41 @@ In the unlikely case that you actually read this and have any questions please d
- [x] annotate recipes with some documentation
- [x] declare shell.nix with runtime deps
- [x] partition/encrypt/format disks
- [ ] Document bootstrap process
- [x] Maybe make this a nix-overlay
- [x] refactor as a nix flake and adopt an existing framework
- [x] devShell version
- [x] ~~version templating~~ obsolete due to the usage of flakes
- [x] elias-e525
- [x] steveej-t14
- [x] contabo vps
- [x] sj-pve0
- [ ] use an existing secret management framework
- [ ] adapt (or abandon?) _just_ recipes
- [ ] `rebuild-this-device`
- [ ] `update-this-device`
- [ ] `rebuild-remote-device`
- [ ] `update-remote-device`
evaluate, and understand a path to using these tools in a pull-based fashion:
- [x] [colmena](https://github.com/zhaofengli/colmena)
* bootstrapping: https://github.com/zhaofengli/colmena/issues/68
- [ ] deploy-rs
- [ ] 🚧 find a better alternative for the qtile-desktop
current issues:
- floating windows often get lost in the background
- plugging in-/out- screen crashes the desktop
evaluate:
- [ ] 🚧 gnome3 + pop-shell
- [ ] leftwm + eww (+ wayland?)
- [ ] (Re-)document bootstrap process
- [ ] `apt install sudo cryptsetup` as a requirements on a deb admin machine
- [ ] a new machine
- [ ] an install media
- [ ] Design disaster recovery
- [ ] Automatic synchronization of other state files - see https://gitlab.com/steveeJ/nix-expressions/issues/2
- [ ] Recycle *\_archived*
- [x] Maybe make this a nix-overlay
- [ ] container migrations
- [ ] ensure DDNS is updated _before_ the containers are started

10
_archive/nixos-configuration/common/pkg/neovim.nix
View file

@ -1,10 +0,0 @@
{
config,
pkgs,
...
} @ args: {
environment.systemPackages = [
pkgs.xsel
(import ../../../pkg-configuration/vim-derivates/neovim.nix args)
];
}

7
_archive/nixos-configuration/common/pkg/vim.nix
View file

@ -1,7 +0,0 @@
{pkgs, ...} @ args: {
environment.systemPackages = [
pkgs.xsel
(import ../../../pkg-configuration/vim-derivates/vim.nix
(args // {name = "vim";}))
];
}

20
_archive/nixos-configuration/common/user/steveej.nix
View file

@ -1,20 +0,0 @@
{
config,
pkgs,
...
}: let
passwords = import ../passwords.crypt.nix;
keys = import ../keys.nix;
inherit (import ../lib) mkUser;
in {
users.mutableUsers = false;
users.defaultUserShell = pkgs.zsh;
users.extraUsers.steveej = mkUser {
uid = 1000;
hashedPassword = passwords.users.steveej;
};
security.pam.enableU2F = true;
security.pam.services.steveej.u2fAuth = true;
}

1
default.nix
View file

@ -5,6 +5,5 @@
# commands such as:
# nix-build -A mypackage
{pkgs ? import <nixpkgs> {}}: {
overlays = import ./nix/overlays;
pkgs = import ./nix/pkgs {inherit pkgs;};
}

27
flake-sandbox/flake.lock generated Normal file
View file

@ -0,0 +1,27 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1681091990,
"narHash": "sha256-ifIzhksUBZKp5WgCuoVhDY32qaEplXp7khzrB6zkaFc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ea96b4af6148114421fda90df33cf236ff5ecf1d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

142
flake-sandbox/flake.nix Normal file
View file

@ -0,0 +1,142 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
};
outputs = {
self,
nixpkgs,
}: let
system = "x86_64-linux";
pkgs = import nixpkgs {inherit system;};
in {
devShells."${system}".default = pkgs.mkShell {
packages = with pkgs;
with pkgs.gnome; [
hexchat
audacity
proot
yubikey-manager-qt
cheese
remmina
exiv2
wireshark-qt
seahorse
kotatogram-desktop
usbutils
networkmanagerapplet
sshfs-fuse
pavucontrol
libwebcam
just
eog
git-crypt
espanso
unetbootin
vcsh
skypeforlinux
du-dust
bind
teamviewer
gparted
neovim
inkscape
rustdesk
gnome-themes-extra
pass
xdg-user-dirs
cbatticon
yubikey-personalization-gui
zoom
signal-desktop
xorg.xbacklight
vscode
ripgrep
lightdm
nixpkgs-fmt
git-lfs
qtpass
gimp
lxappearance
flameshot
thunderbird
fprintd
chromium
evtest
alejandra
vlc
pastebinit
evolution
zbar
libreoffice
brave
pidgin
direnv
xorg.xhost
lorri
firefox
logseq
x11_ssh_askpass
xsel
feh
htop
openvpn
syncthing
ncdu
rofi-pass
testdisk
vanilla-dmz
wireguard-tools
xarchive
gnome-icon-theme
wget
nix-index
mr
passff-host
browserpass
xorg.xcursorthemes
gitRepo
gitSVN
androidenv.androidPkgs_9_0.platform-tools
# introduces python
(qtile.passthru.unwrapped.overrideAttrs (oldAttrs: {
propagatedBuildInputs =
[]
# ++ oldAttrs.passthru.unwrapped.propagatedBuildInputs
# ++ (with pkgs.python3Packages; [
# # python-wifi
# # iwlib
# keyring
# ])
;
makeWrapperArgs =
oldAttrs.makeWrapperArgs
++ [
"--prefix PATH : ${pkgs.lib.makeBinPath oldAttrs.propagatedBuildInputs}"
];
}))
# gi-docgen
# yelp-tools
# scons
# autorandr
# arandr
# meson
# mercurial
# unrar-wrapper
# orca
# radicale
# criu
# gnome-music
# gnome-browser-connector
# radicale
# hplip
# qtile
# gtk-doc
# asciidoc
# meson
];
};
};
}

146
flake.lock generated
View file

@ -1,12 +1,131 @@
{
"nodes": {
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"stable": "stable"
},
"locked": {
"lastModified": 1675730932,
"narHash": "sha256-XcmirehPIcZGS7PzkS3WvAYQ9GBlBvCxYToIOIV2PVE=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "e034c15825c439131e4489de5a82cf8e5398fa61",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "colmena",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1680392223,
"narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"get-flake": {
"locked": {
"lastModified": 1673819588,
"narHash": "sha256-gRtwKAlu4htvS6dxyZnW3n+vMS1acqnMGVHqxUdETeY=",
"owner": "ursi",
"repo": "get-flake",
"rev": "e0917b6f564aa5acefb1484b5baf76da21746c3c",
"type": "github"
},
"original": {
"owner": "ursi",
"repo": "get-flake",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1679224734,
"narHash": "sha256-1Ab3xY7Wgo1h1TNwRt6fp2XjV+KUo+hP1Bolh0KiDJs=",
"lastModified": 1674641431,
"narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1680213900,
"narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e3652e0735fbec227f342712f180f4f21f0594f2",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1681696129,
"narHash": "sha256-Ba2y1lmsWmmAOAoTD5G9UnTS/UqV0ZFyzysgdfu7qag=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "eac7da7b519a5aefe92c33c90b4450a24ebe0ab3",
"rev": "de66115c552acc4e0c0f92c5a5efb32e37dfa216",
"type": "github"
},
"original": {
@ -18,7 +137,26 @@
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
"colmena": "colmena",
"flake-parts": "flake-parts",
"get-flake": "get-flake",
"nixpkgs": "nixpkgs_2"
}
},
"stable": {
"locked": {
"lastModified": 1669735802,
"narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "731cc710aeebecbf45a258e977e8b68350549522",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
}
},

54
flake.nix
View file

@ -2,12 +2,60 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
flake-parts.url = "github:hercules-ci/flake-parts";
get-flake.url = "github:ursi/get-flake";
colmena.url = "github:zhaofengli/colmena";
# colmena.url = "/home/steveej/src/others/colmena";
};
outputs = {
nixpkgs,
outputs = inputs @ {
self,
flake-parts,
nixpkgs,
...
}: let
inherit (nixpkgs) lib;
systems = [
"x86_64-linux"
"aarch64-linux"
];
in
flake-parts.lib.mkFlake {inherit inputs;} {
flake.colmena =
lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur)
{
meta.nixpkgs = import inputs.nixpkgs.outPath {
system = builtins.elemAt systems 0;
};
}
(builtins.map (nodeName:
import ./nix/os/devices/${nodeName} {
repoFlake = self;
}) [
"steveej-t14"
"elias-e525"
"vmd102066.contaboserver.net"
"sj-vps-htz0.infra.stefanjunker.de"
]);
inherit systems;
perSystem = {
inputs',
system,
config,
lib,
pkgs,
...
}: {
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
imports = [
./nix/modules/flake-parts/perSystem/default.nix
];
formatter = pkgs.alejandra;
devShells.default = import ./nix/devShells.nix {inherit inputs' pkgs;};
};
};
}

58
nix/devShells.nix Normal file
View file

@ -0,0 +1,58 @@
{
inputs',
pkgs,
}:
pkgs.stdenv.mkDerivation {
name = "infra-env";
buildInputs =
[
(with pkgs.callPackage (pkgs.path + "/nixos") {configuration = {};};
with config.system.build; [
nixos-generate-config
nixos-install
nixos-enter
manual.manpages
])
]
++ (with pkgs; [
inputs'.colmena.packages.colmena
nixos-install-tools
dconf2nix
just
git-crypt
vcsh
gnupg
git
ripgrep
lm_sensors
apacheHttpd
vncdo
tesseract
imagemagick
nmap
sysstat
lshw
xxHash
linssid
wavemon
wirelesstools
zathura
xorg.xwininfo
glxinfo
autorandr
arandr
playerctl
x11docker
fwupd
ntfy
]);
# Set Environment Variables
RUST_BACKTRACE = 1;
}

173
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -1,52 +1,42 @@
{pkgs}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
{
inputs,
pkgs,
config,
# these come in via home-manager.extraSpecialArgs and are specific to each node
nodeFlake,
packages',
...
}: let
# gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
unstablepkgs =
import <channels-nixos-unstable-small> {config = config.nixpkgs.config;};
masterpkgs = import <nixpkgs-master> {config = config.nixpkgs.config;};
in {
}: let
pkgsUnstable = pkgs.callPackage nodeFlake.inputs.nixpkgs-unstable.outPath {};
pkgsMaster = pkgs.callPackage nodeFlake.inputs.nixpkgs-master.outPath {};
in {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
../profiles/dotfiles.nix
../programs/firefox.nix
../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/redshift.nix
../programs/espanso.nix
../programs/gnome-desktop.nix
../programs/gpg-agent.nix
../programs/radicale.nix
../programs/firefox.nix
../programs/chromium.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
../programs/podman.nix
../programs/vscode
../programs/holochain-launcher.nix
../programs/radicale.nix
];
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
};
packageOverrides = pkgs: with pkgs; {};
};
home.sessionVariables = {
# TODO: find a way to prevent using a store path for the current file
# HM_CONFIG_PATH=builtins.toString "${./.}";
HM_CONFIG = "graphical-fullblown";
GOPATH = "$HOME/src/go";
PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"];
};
home.sessionVariables.HM_CONFIG = "graphical-fullblown";
home.sessionVariables.GOPATH = "$HOME/src/go";
home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"];
home.packages =
[]
@ -60,19 +50,19 @@ in
# Nix package related tools
patchelf
nix-index
nox
nix-prefetch-scripts
nix-prefetch-github
# nix-prefetch-github
# Version Control Systems
gitFull
pijul
gitless
# gitless
gitRepo
git-lfs
# Process/System Administration
htop
gnome.gnome-tweaks
# gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
@ -88,12 +78,12 @@ in
# Password Management
gnupg
yubikey-manager
# yubikey-manager
yubikey-manager-qt
yubikey-personalization
yubikey-personalization-gui
gnome.gnome-keyring
gnome.seahorse
# gnome.seahorse
# Language Support
hunspellDicts.en-us
@ -106,31 +96,17 @@ in
aspellDicts.en
aspellDicts.de
skypeforlinux
unstablepkgs.jitsi-meet-electron
pkgsUnstable.jitsi-meet-electron
thunderbird
evolution # gnome4.glib_networking
kotatogram-desktop
zoom-us
thunderbird
evolution # gnome4.glib_networking
gnome.cheese
masterpkgs.discord
pkgsMaster.discord
# Virtualization
virtmanager
# (pkgs.lib.hiPrio qemu)
# virtualbox
# vagrant
# docker_compose
# unstablepkgs.kubernetes
# unstablepkgs.minikube
# unstablepkgs.openshift
# (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
# patches = oldAttrs.patches ++ [
# (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
# ];
# }))
appimage-run
# virtmanager
# Remote Control Tools
remmina
@ -143,7 +119,7 @@ in
vlc
audacity
spotify
youtube-dl-light
# youtube-dl-light
libwebcam
# Network Tools
@ -163,7 +139,6 @@ in
wireguard-tools
# Code Editors
# unstablepkgs.atom
xclip
xsel
@ -174,13 +149,11 @@ in
exiv2
graphviz
inkscape
# barcode
qrencode
zbar
feh
# digikam
# Modelling Tools
# TODO: remove or move these: Modelling Tools
# plantuml
# umlet
# staruml
@ -190,58 +163,14 @@ in
# Misc Development Tools
qrcode
# travis
jq
# prometheus
cdrtools
# Document Processing and Management
# zathura
mendeley
# zotero
pandoc
unstablepkgs.logseq
# has an EOL version of electron
# obsidian
# LaTeX
perlPackages.YAMLTiny
perlPackages.FileHomeDir
perlPackages.UnicodeLineBreak
(texlive.combine {
inherit
(texlive)
scheme-small
texlive-de
texlive-en
texlive-scripts
collection-langgerman
latexindent
latexmk
algorithms
cm-super
preprint
enumitem
draftwatermark
everypage
ulem
placeins
minted
ifplatform
fvextra
xstring
framed
;
})
pdftk
# broken as of 2021-04-24
# masterpdfeditor
(pkgsUnstable.logseq.override (_: {electron = pkgs.electron_20;}))
# File Synchronzation
# seafile-client
# grive2
dropbox
rsync
@ -249,12 +178,10 @@ in
ntfs3g
ddrescue
ncdu
woeusb
unetbootin
pcmanfm
hdparm
testdisk
binwalk
# binwalk
gptfdisk
gparted
smartmontools
@ -263,23 +190,14 @@ in
androidenv.androidPkgs_9_0.platform-tools
## Python
myPython
# Code generators
# unstablepkgs.swagger-codegen
packages'.myPython
# Misc Desktop Tools
# TODO: this may be required if brightness control isn't working
# brightnessctl
ltunify
# solaar # TODO: conflicts with solar over udev rules
dex
# kitty
busyboxStatic
# dex
xorg.xbacklight
coreutils
lsof
x11_ssh_askpass
xdotool
xdg_utils
xdg-user-dirs
@ -287,7 +205,7 @@ in
picocom
glib.dev # contains gdbus tool
alacritty
unstablepkgs.wally-cli
wally-cli
man-pages
# Screen recording
@ -297,11 +215,14 @@ in
# shutter
# kazam # doesn't start
# xvidcap # doesn't keep the recording rectangle
obs-studio
screenkey
# obs-studio
# shotcut
# openshot-qt
# introduces python: screenkey
unstablepkgs.ledger-live-desktop
pkgsUnstable.ledger-live-desktop
]);
}
systemd.user.startServices = true;
services.syncthing.enable = true;
}

117
nix/home-manager/configuration/graphical-gnome3.nix
View file

@ -1,124 +1,13 @@
{pkgs}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
{
pkgs,
config,
...
}: let
unstablepkgs =
import <channels-nixos-unstable> {config = config.nixpkgs.config;};
in {
imports = [
../profiles/common.nix
../programs/firefox.nix
# ../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
];
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
};
packageOverrides = pkgs: with pkgs; {};
};
home.sessionVariables = {};
}: {
home.packages =
[]
++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
nix-prefetch-scripts
# Version Control Systems
gitless
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Password Management
gnome.gnome-keyring
gnome.seahorse
# Remote Control Tools
remmina
freerdp
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# samba
iptables
nftables
wireshark
# Code Editors
xclip
xsel
unstablepkgs.vscode
# Image/Graphic/Design Tools
gnome.eog
gimp
inkscape
# Misc Development Tools
qrcode
jq
cdrtools
# Document Processing and Management
zathura
# File Synchronzation
rsync
# Filesystem Tools
ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
python38Packages.binwalk
gptfdisk
## Python
myPython
busyboxStatic
# Virtualization
virtmanager
]);
}
}

32
nix/home-manager/configuration/graphical-removable.nix
View file

@ -1,14 +1,8 @@
{pkgs}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
{
pkgs,
config,
...
}: let
unstablepkgs =
import <channels-nixos-unstable> {config = config.nixpkgs.config;};
in {
}: {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
@ -20,20 +14,8 @@ in
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
];
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
};
packageOverrides = pkgs: with pkgs; {};
};
home.sessionVariables = {};
home.packages =
[]
++ (with pkgs; [
@ -85,7 +67,6 @@ in
# Code Editors
xclip
xsel
unstablepkgs.vscode
# Image/Graphic/Design Tools
gnome.eog
@ -107,7 +88,7 @@ in
ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
woeusb
unetbootin
pcmanfm
hdparm
@ -115,12 +96,9 @@ in
binwalk
gptfdisk
## Python
myPython
busyboxStatic
packages'.myPython
# Virtualization
virtmanager
]);
}
}

29
nix/home-manager/configuration/text-minimal.nix
View file

@ -1,27 +1,12 @@
{
pkgs,
extraPackages ? [],
}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
in {
{pkgs, ...}: {
imports = [
../profiles/common.nix
# ../profiles/nix-channels.nix
../programs/neovim.nix
zshCurried
];
nixpkgs.config = {packageOverrides = pkgs: with pkgs; {};};
home.sessionVariables = {};
home.packages =
extraPackages
++ (with pkgs; [iperf3 inetutils speedtest-cli]);
}
home.packages = with pkgs; [
iperf3
inetutils
speedtest-cli
];
}

45
nix/home-manager/profiles/common.nix
View file

@ -1,10 +1,11 @@
{pkgs, ...}: let
in {
# TODO: re-enable this with the appropriate version
{pkgs, ...}: {
# TODO: re-enable this with the appropriate version?
# programs.home-manager.enable = true;
# programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz;
nixpkgs.overlays = builtins.attrValues (import ../../overlays);
imports = [
../programs/zsh.nix
];
nixpkgs.config = {
allowBroken = false;
@ -25,14 +26,14 @@ in {
];
};
xdg.enable = true;
programs.direnv.enable = true;
services.lorri.enable = true;
home.sessionVariables = {
NIXPKGS_ALLOW_UNFREE = "1";
home.sessionVariables.NIXPKGS_ALLOW_UNFREE = "1";
# Don't create .pyc files.
PYTHONDONTWRITEBYTECODE = "1";
};
home.sessionVariables.PYTHONDONTWRITEBYTECODE = "1";
programs.command-not-found.enable = true;
programs.fzf.enable = true;
@ -40,10 +41,9 @@ in {
home.packages =
[]
++ (with pkgs; [
# git helpers
git-crypt
htop
vcsh
# Authentication
cacert
openssl
@ -52,6 +52,29 @@ in {
just
ripgrep
du-dust
elfutils
exfat
file
tree
pwgen
proot
parted
pv
tmux
wget
curl
# git helpers
git-crypt
gitFull
pastebinit
gist
mr
usbutils
pciutils
]);
home.stateVersion = "22.05";

103
nix/home-manager/profiles/qtile-desktop.nix
View file

@ -1,6 +1,8 @@
{pkgs, ...}: let
passwords = import ../../variables/passwords.crypt.nix;
{
pkgs,
config,
...
}: let
inherit (import ../lib.nix {}) mkSimpleTrayService;
audio = pkgs.writeShellScript "audio" ''
@ -250,13 +252,6 @@
print("new window: ", window)
'';
in {
systemd.user = {
startServices = true;
services = {};
};
# systemd.user.sockets.gpg-agent.Socket.Accept = true;
services = {
gnome-keyring.enable = true;
blueman-applet.enable = true;
@ -266,93 +261,9 @@ in {
lockCmd = "${screenLockCommand}";
};
network-manager-applet.enable = true;
syncthing.enable = true;
gpg-agent = {
enable = true;
enableScDaemon = true;
enableSshSupport = true;
grabKeyboardAndMouse = true;
pinentryFlavor = "gtk2";
extraConfig = "";
defaultCacheTtl = 0;
maxCacheTtl = 0;
};
flameshot.enable = true;
pasystray.enable = true;
cbatticon.enable = true;
redshift = {
enable = true;
inherit (passwords.location.stefan) longitude latitude;
temperature = {
day = 6700;
night = 3700;
};
tray = true;
settings = {
redshift = {
brightness-day = 1.0;
brightness-night = 0.8;
adjustment-method = "randr";
};
};
};
espanso = {
enable = true;
settings = {
matches = let
playerctl = ''
${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl'';
in [
{
trigger = ":vpos";
replace = "{{output}}";
vars = [
{
name = "output";
type = "script";
params = {
args = [
(pkgs.writeScript "espanso" ''
#! ${pkgs.python3}/bin/python
import subprocess, os, math, datetime
id=str(os.getuid())
result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True)
result.check_returncode()
position_secs = math.trunc(float(result.stdout))
position_human = datetime.timedelta(seconds=position_secs)
print("%s - %s" % (position_human, position_secs))
'')
];
};
}
];
}
{
trigger = ":vtit";
replace = "{{output}}";
vars = [
{
name = "output";
type = "script";
params = {
args = [
(pkgs.writeShellScript "espanso"
"${playerctl} metadata title")
];
};
}
];
}
{
trigger = ":dunno";
replace = "¯\\_()_/¯";
}
];
};
};
};
home.pointerCursor = {
@ -364,7 +275,7 @@ in {
};
xsession = {
enable = true;
enable = false;
windowManager.command = "${pkgs.qtile}/bin/qtile start -c ${qtileConfig}";
initExtra = "${initScreen}";
};
@ -373,8 +284,6 @@ in {
# X Tools/Libraries
lightdm
networkmanagerapplet
autorandr
arandr
gnome-icon-theme
gnome.gnome-themes-extra
gnome.adwaita-icon-theme

54
nix/home-manager/programs/chromium.nix
View file

@ -1,14 +1,50 @@
{...}: {
programs.chromium = {enable = true;};
{
name,
lib,
...
}: {
programs.chromium = {
enable = true;
extensions =
[
#undetectable adblocker
{id = "gcfcpohokifjldeandkfjoboemihipmb";}
# ublock origin
{id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";}
# # YT ad block
# {id = "cmedhionkhpnakcndndgjdbohmhepckk";}
# # Adblock Plus
# {id = "cfhdojbkjhnklbpkdaibdccddilifddb";}
# Cookie Notice Blocker
{id = "odhmfmnoejhihkmfebnolljiibpnednn";}
# i don't care about cookies
{id = "fihnjjcciajhdojfnbdddfaoknhalnja";}
# NopeCHA
{id = "dknlfmjaanfblgfdfebhijalfmhmjjjo";}
# h264ify
{id = "aleakchihdccplidncghkekgioiakgal";}
# clippy
# {id = "honbeilkanbghjimjoniipnnehlmhggk"}
{
id = "dcpihecpambacapedldabdbpakmachpb";
updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml";
}
]
++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [
# Vimium C
{id = "hfjbmagddngcpeloejdejnfgbamkjaeg";}
]);
};
programs.brave = {enable = true;};
nixpkgs.config = {
chromium = {
# 2019-03-05: missing on 19.03 enablePepperPDF = true;
# 2021-03-16: missing enablePepperFlash = false;
};
};
programs.browserpass = {browsers = ["chromium" "brave"];};
}

22
nix/home-manager/programs/emacs.nix
View file

@ -1,22 +0,0 @@
{pkgs, ...}: {
programs.emacs = {
enable = true;
extraPackages = epkgs:
(with epkgs; [
nix-mode
magit # ; Integrate git <C-x g>
zerodark-theme # ; Nicolas' theme
undo-tree # ; <C-x u> to show the undo tree
# zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
])
++ (with epkgs.melpaPackages; [evil])
++ (with epkgs.elpaPackages; [
auctex # ; LaTeX mode
beacon # ; highlight my cursor when scrolling
nameless # ; hide current package name everywhere in elisp code
])
++ (with pkgs; [
pkgs.notmuch # From main packages set
]);
};
}

64
nix/home-manager/programs/espanso.nix Normal file
View file

@ -0,0 +1,64 @@
{
pkgs,
config,
...
}: let
passwords = import ../../variables/passwords.crypt.nix;
in {
services.espanso = {
enable = true;
settings = {
matches = let
playerctl = ''
${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl'';
in [
{
trigger = ":vpos";
replace = "{{output}}";
vars = [
{
name = "output";
type = "script";
params = {
args = [
(pkgs.writeScript "espanso" ''
#! ${pkgs.python3}/bin/python
import subprocess, os, math, datetime
id=str(os.getuid())
result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True)
result.check_returncode()
position_secs = math.trunc(float(result.stdout))
position_human = datetime.timedelta(seconds=position_secs)
print("%s - %s" % (position_human, position_secs))
'')
];
};
}
];
}
{
trigger = ":vtit";
replace = "{{output}}";
vars = [
{
name = "output";
type = "script";
params = {
args = [
(pkgs.writeShellScript "espanso"
"${playerctl} metadata title")
];
};
}
];
}
{
trigger = ":dunno";
replace = "¯\\_()_/¯";
}
];
};
};
}

112
nix/home-manager/programs/gnome-desktop.nix Normal file
View file

@ -0,0 +1,112 @@
{
pkgs,
config,
lib,
...
}: let
in {
services = {
gnome-keyring.enable = false;
blueman-applet.enable = true;
flameshot.enable = true;
};
# TODO: remove this comment once i'm sure everything works
# xdg.configFile."autostart/gnome-keyring-ssh.desktop".text = ''
# [Desktop Entry]
# Type=Application
# Hidden=true
# '';
services.gpg-agent.pinentryFlavor = "gnome3";
# workaround: usually created by 'home.xsession.enabled=true' and i don't use with gnome
systemd.user.targets.tray = {
Unit = {
Description = "Home Manager System Tray";
Requires = ["graphical-session-pre.target"];
};
};
home.packages = [
pkgs.wmctrl
];
home.sessionVariables.MOZ_ENABLE_WAYLAND = "1";
dconf.settings = let
manualKeybindings = [
{
binding = "Print";
command = "flameshot gui";
name = "flameshot";
}
{
binding = "<Super>t";
command = "alacritty";
name = "alacritty";
}
];
numWorkspaces = 10;
customKeybindingBaseName = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom";
customKeybindingsNames =
builtins.genList (i: "/${customKeybindingBaseName}${toString i}/")
(
(builtins.length manualKeybindings)
+ numWorkspaces # for sending to the workspace
);
workspacesKeyBindingsOffset = builtins.length manualKeybindings;
# with this we can make use of all number keys [0-9]
mapToNumber = i:
if i < 10
then i
else if i == 10
then 0
else throw "i exceeds 10: ${i}";
in
{
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = customKeybindingsNames;
screenreader = "@as []";
screensaver = ["<Alt><Super>l"];
};
# disable the builtin <Super>[1-9] functionality
"org/gnome/shell/keybindings" = builtins.listToAttrs (builtins.genList
(i: {
name = "switch-to-application-${toString (i + 1)}";
value = [];
})
numWorkspaces);
# remap it to switching to the workspaces
"org/gnome/desktop/wm/keybindings" = builtins.listToAttrs (builtins.genList
(i: {
name = "switch-to-workspace-${toString (i + 1)}";
value = [
"<Super>${toString (mapToNumber (i + 1))}"
];
})
numWorkspaces);
}
// builtins.listToAttrs (builtins.genList
(i: {
name = "${customKeybindingBaseName}${toString i}";
value = builtins.elemAt manualKeybindings i;
})
(builtins.length manualKeybindings))
// builtins.listToAttrs (builtins.genList
(i: {
name = "${customKeybindingBaseName}${toString (workspacesKeyBindingsOffset + i)}";
value = {
binding = "<Control><Super>${toString (mapToNumber (i + 1))}";
command = "wmctrl -r :ACTIVE: -t ${toString i}";
name = "Send to workspace ${toString (i + 1)}";
};
})
numWorkspaces);
}

14
nix/home-manager/programs/gpg-agent.nix Normal file
View file

@ -0,0 +1,14 @@
{lib, ...}: {
programs.gpg.enable = true;
services.gpg-agent = {
enable = true;
enableScDaemon = true;
enableSshSupport = true;
grabKeyboardAndMouse = true;
pinentryFlavor = lib.mkDefault "gtk2";
extraConfig = "";
defaultCacheTtl = 0;
maxCacheTtl = 0;
};
}

2
nix/home-manager/programs/homeshick.nix
View file

@ -5,7 +5,7 @@
}: let
# TODO: clean up the impurity in here
in {
home.sessionVariables = {HOMESHICK_DIR = "${pkgs.homeshick}";};
home.sessionVariables.HOMESHICK_DIR = "${pkgs.homeshick}";
home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] ''
$DRY_RUN_CMD ${

5
nix/home-manager/programs/libreoffice.nix
View file

@ -1,8 +1,3 @@
{pkgs, ...}: {
home.sessionVariables = {
# Workaround for Libreoffice to force gtk3
SAL_USE_VCLPLUGIN = "gtk3";
};
home.packages = with pkgs; [libreoffice-fresh];
}

9
nix/home-manager/programs/neovim.nix
View file

@ -1,6 +1,11 @@
{pkgs, ...}: let
{
pkgs,
lib,
...
}: let
in {
home.sessionVariables = {EDITOR = "nvim";};
# FIXME: this doesn't work
home.sessionVariables.EDITOR = "nvim";
programs.neovim = {
enable = true;

10
nix/home-manager/programs/pass.nix
View file

@ -1,11 +1,9 @@
{pkgs, ...}: {
home.sessionVariables = {
# required by pass-otp
PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
};
home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
programs.browserpass = {enable = true;};
programs.browserpass.enable = true;
home.packages = with pkgs; [pass qtpass rofi-pass gnupg];
home.packages = with pkgs; [pass rofi-pass gnupg];
}

144
nix/home-manager/programs/podman.nix
View file

@ -1,144 +0,0 @@
{pkgs, ...}: let
cniConfigDir = let
loopback = pkgs.writeText "00-loopback.conf" ''
{
"cniVersion": "0.3.0",
"type": "loopback"
}
'';
podman-bridge = pkgs.writeText "87-podman-bridge.conflist" ''
{
"cniVersion": "0.3.0",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.88.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
'';
in
pkgs.runCommand "cniConfig" {} ''
set -x
mkdir $out;
ln -s ${loopback} $out/${loopback.name}
ln -s ${podman-bridge} $out/${podman-bridge.name}
'';
containersConf = pkgs.writeText "containers.conf" ''
# containers.conf is the default configuration file for all tools using libpod to
# manage containers
[containers]
# Maximum size of log files (in bytes)
# -1 is unlimited
log_size_max = -1
[engine]
# Default transport method for pulling and pushing for images
image_default_transport = "docker://"
# Paths to search for the conmon container manager binary. If the paths are empty or no valid path was found, then the $PATH environment variable will be used as the fallback.
conmon_path = [
"${pkgs.conmon}/bin/conmon"
]
# --runtime ${pkgs.crun}/bin/crun \
runtime = "crun"
# Environment variables to pass into conmon
conmon_env_vars = [
]
# CGroup Manager - valid values are "systemd" and "cgroupfs"
cgroup_manager = "systemd"
# Whether to use chroot instead of pivot_root in the runtime
no_pivot_root = false
# Determines whether libpod will reserve ports on the host when they are
# forwarded to containers. When enabled, when ports are forwarded to containers,
# they are held open by conmon as long as the container is running, ensuring that
# they cannot be reused by other programs on the host. However, this can cause
# significant memory usage if a container has many ports forwarded to it.
# Disabling this can save memory.
enable_port_reservation = true
[network]
# Directory containing CNI plugin configuration files
network_config_dir = "${cniConfigDir}"
# Directories where the CNI plugin binaries may be located
cni_plugin_dirs = [
"${pkgs.cni-plugins}/bin"
]
# Default CNI network for libpod.
# If multiple CNI network configs are present, libpod will use the network with
# the name given here for containers unless explicitly overridden.
# The default here is set to the name we set in the
# 87-podman-bridge.conflist included in the repository.
# Not setting this, or setting it to the empty string, will use normal CNI
# precedence rules for selecting between multiple networks.
default_network = "podman"
'';
in {
home.packages = with pkgs; [podman];
home.file.".config/containers/containers.conf".source = containersConf;
home.file.".config/containers/registries.conf".text = ''
[registries.search]
registries = ['docker.io', 'quay.io', 'registry.fedoraproject.org']
[registries.insecure]
registries = []
#blocked (docker only)
[registries.block]
registries = []
'';
home.file.".config/containers/storage.conf".text = ''
[storage]
driver = "btrfs"
'';
home.file.".config/containers/policy.json".text = ''
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
}
}
}
'';
}

24
nix/home-manager/programs/redshift.nix Normal file
View file

@ -0,0 +1,24 @@
{
pkgs,
config,
...
}: let
passwords = import ../../variables/passwords.crypt.nix;
in {
services.redshift = {
enable = true;
inherit (passwords.location.stefan) longitude latitude;
temperature = {
day = 6700;
night = 3000;
};
tray = true;
settings = {
redshift = {
brightness-day = 1.0;
brightness-night = 0.5;
adjustment-method = "randr";
};
};
};
}

1
nix/home-manager/programs/vscode/default.nix
View file

@ -463,6 +463,7 @@
in {
programs.vscode = {
enable = true;
package = pkgs.vscodium;
extensions =
[] ++ packagedExtensions
# ++ marketPlaceExtensions

25
nix/home-manager/programs/zsh.nix
View file

@ -1,4 +1,9 @@
{pkgs}: {...}: let
{
config,
lib,
pkgs,
...
}: let
just-plugin = let
plugin_file = pkgs.writeText "_just" ''
#compdef just
@ -31,6 +36,10 @@
'';
};
in {
home.file.".profile".text = ''
. "${config.home.profileDirectory}/etc/profile.d/hm-session-vars.sh"
'';
programs.zsh = {
enable = true;
@ -65,17 +74,21 @@ in {
# don't cd into directories when executed
unsetopt AUTO_CD
export NIX_PATH="${pkgs.nixPath}"
export NIX_PATH="${pkgs.path}"
# print lines without termination
setopt PROMPT_CR
setopt PROMPT_SP
export PROMPT_EOL_MARK=""
'';
sessionVariables = {
# Add more envrionment variables here
};
${lib.optionalString config.services.gpg-agent.enable ''
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh"
''}
${lib.optionalString config.programs.neovim.enable ''
export EDITOR="nvim"
''}
'';
plugins = [
{

7
nix/modules/flake-parts/colmena.nix Normal file
View file

@ -0,0 +1,7 @@
{lib, ...}: {
options.flake.colmena = lib.mkOption {
# type = lib.types.attrsOf lib.types.unspecified;
type = lib.types.raw;
default = {};
};
}

38
nix/modules/flake-parts/perSystem/default.nix Normal file
View file

@ -0,0 +1,38 @@
{
inputs',
system,
config,
lib,
pkgs,
...
}: {
packages = {
myPython = pkgs.python310.withPackages (ps:
with ps;
[
pep8
yapf
flake8
# autopep8 (broken)
# pylint (broken)
ipython
llfuse
dugong
defusedxml
wheel
pip
virtualenv
cffi
pyopenssl
urllib3
# mistune (insecure)
sympy
flask
pyaml
requests
]
++ [pkgs.pypi2nix pkgs.libffi]);
};
}

29
nix/os/devices/elias-e525/default.nix Normal file
View file

@ -0,0 +1,29 @@
{repoFlake}: let
nodeName = "elias-e525";
system = "x86_64-linux";
nodeFlake = repoFlake.inputs.get-flake ./.;
in {
meta.nodeSpecialArgs.${nodeName} = {
inherit nodeName nodeFlake;
packages' = repoFlake.packages.${system};
};
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
inherit system;
};
# TODO: build a module with "meta" and "freeformtype" for all the others
${nodeName} = {
deployment.targetHost = nodeName;
deployment.replaceUnknownProfiles = false;
# deployment.allowLocalDeployment = true;
imports = [
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
nodeFlake.inputs.home-manager.nixosModules.home-manager
];
};
}

65
nix/os/devices/elias-e525/flake.lock generated Normal file
View file

@ -0,0 +1,65 @@
{
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1681092193,
"narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-22.11",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1681696129,
"narHash": "sha256-Ba2y1lmsWmmAOAoTD5G9UnTS/UqV0ZFyzysgdfu7qag=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "de66115c552acc4e0c0f92c5a5efb32e37dfa216",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

10
nix/os/devices/elias-e525/flake.nix Normal file
View file

@ -0,0 +1,10 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
inputs.home-manager = {
url = "github:nix-community/home-manager/release-22.11";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs = _: {};
}

32
nix/os/devices/elias-e525/pkg.nix
View file

@ -5,9 +5,13 @@
}: let
homeEnv = keyboard: {
imports = [
(import ../../../home-manager/configuration/graphical-gnome3.nix {
inherit pkgs;
})
../../../home-manager/profiles/common.nix
../../../home-manager/configuration/graphical-gnome3.nix
../../../home-manager/programs/firefox.nix
../../../home-manager/programs/libreoffice.nix
../../../home-manager/programs/neovim.nix
];
home.keyboard = keyboard;
@ -16,28 +20,17 @@
rhythmbox
lollypop
dia
rustdesk
kotatogram-desktop
jitsi
jitsi-meet-electron
signal-desktop
];
};
in {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) {
games.enable = true;
gnome-remote-desktop.enable = true;
gnome-user-share.enable = true;
rygel.enable = true;
sushi.enable = true;
tracker.enable = true;
tracker-miners.enable = true;
};
home-manager.users.steveej = homeEnv {
@ -58,6 +51,5 @@ in {
variant = "";
};
services.teamviewer.enable = true;
system.stateVersion = "21.11";
}

5
nix/os/devices/elias-e525/system.nix
View file

@ -17,11 +17,6 @@ in {
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
services.printing = {
enable = true;
drivers = with pkgs; [mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
};
services.fprintd.enable = true;
security.pam.services = {
login.fprintAuth = true;

26
nix/os/devices/elias-e525/versions.nix
View file

@ -1,26 +0,0 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in {
inherit nixpkgs;
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "5aaed40d22f0d9376330b6fa413223435ad6fee5";
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "c4d1eff44eb12cb5500fb2ab05a1a7303711254e";
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.11";
rev = "697cc8c68ed6a606296efbbe9614c32537078756";
};
}

34
nix/os/devices/elias-e525/versions.tmpl.nix
View file

@ -1,34 +0,0 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.11";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

0
nix/os/devices/167.233.1.14/README.md → nix/os/devices/sj-vps-htz0.infra.stefanjunker.de/README.md
View file

0
nix/os/devices/167.233.1.14/boot.nix → nix/os/devices/sj-vps-htz0.infra.stefanjunker.de/boot.nix
View file

0
nix/os/devices/167.233.1.14/configuration.nix → nix/os/devices/sj-vps-htz0.infra.stefanjunker.de/configuration.nix
View file

26
nix/os/devices/sj-vps-htz0.infra.stefanjunker.de/default.nix Normal file
View file

@ -0,0 +1,26 @@
{repoFlake}: let
nodeName = "sj-vps-htz0.infra.stefanjunker.de";
system = "x86_64-linux";
nodeFlake = repoFlake.inputs.get-flake ./.;
in {
meta.nodeSpecialArgs.${nodeName} = {
inherit nodeName nodeFlake;
packages' = repoFlake.packages.${system};
};
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
inherit system;
};
${nodeName} = {
deployment.targetHost = nodeName;
deployment.replaceUnknownProfiles = true;
imports = [
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
nodeFlake.inputs.home-manager.nixosModules.home-manager
];
};
}

99
nix/os/devices/sj-vps-htz0.infra.stefanjunker.de/flake.lock generated Normal file
View file

@ -0,0 +1,99 @@
{
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1681092193,
"narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-22.11",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1681759395,
"narHash": "sha256-7aaRtLxLAy8qFVIA26ulB+Q5nDVzuQ71qi0s0wMjAws=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "cd749f58ba83f7155b7062dd49d08e5e47e44d50",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1681895322,
"narHash": "sha256-dtduardGFljEIh0Whlnhzda7Au0s1WnnSdzh2ZhCu9c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "57aad37a2eab85fb5522cbc8568fe27872071a1c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1681770396,
"narHash": "sha256-tq+GZOkRA3uF3I/jIzuBGfnTRQFT4QnnRCWJ8DKSaMg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4df48038a44e9f3a3da8e9b42ca182726b743de4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

12
nix/os/devices/sj-vps-htz0.infra.stefanjunker.de/flake.nix Normal file
View file

@ -0,0 +1,12 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master";
inputs.home-manager = {
url = "github:nix-community/home-manager/release-22.11";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs = _: {};
}

0
nix/os/devices/167.233.1.14/hw.nix → nix/os/devices/sj-vps-htz0.infra.stefanjunker.de/hw.nix
View file

0
nix/os/devices/167.233.1.14/pkg.nix → nix/os/devices/sj-vps-htz0.infra.stefanjunker.de/pkg.nix
View file

4
nix/os/devices/167.233.1.14/system.nix → nix/os/devices/sj-vps-htz0.infra.stefanjunker.de/system.nix
View file

@ -6,10 +6,6 @@
}: let
keys = import ../../../variables/keys.nix;
in {
# TASK: new device
networking.hostName = "sj-pvehtz0"; # Define your hostname.
# networking.domain = "";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
# iperf3

0
nix/os/devices/167.233.1.14/versions.nix → nix/os/devices/sj-vps-htz0.infra.stefanjunker.de/versions.nix
View file

0
nix/os/devices/167.233.1.14/versions.tmpl.nix → nix/os/devices/sj-vps-htz0.infra.stefanjunker.de/versions.tmpl.nix
View file

27
nix/os/devices/steveej-t14/default.nix Normal file
View file

@ -0,0 +1,27 @@
{repoFlake}: let
nodeName = "steveej-t14";
system = "x86_64-linux";
nodeFlake = repoFlake.inputs.get-flake ./.;
in {
meta.nodeSpecialArgs.${nodeName} = {
inherit nodeName nodeFlake;
packages' = repoFlake.packages.${system};
};
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
inherit system;
};
${nodeName} = {
deployment.targetHost = nodeName;
deployment.replaceUnknownProfiles = false;
# deployment.allowLocalDeployment = true;
imports = [
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
nodeFlake.inputs.home-manager.nixosModules.home-manager
];
};
}

99
nix/os/devices/steveej-t14/flake.lock generated Normal file
View file

@ -0,0 +1,99 @@
{
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1681092193,
"narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-22.11",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1681759395,
"narHash": "sha256-7aaRtLxLAy8qFVIA26ulB+Q5nDVzuQ71qi0s0wMjAws=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "cd749f58ba83f7155b7062dd49d08e5e47e44d50",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1681895322,
"narHash": "sha256-dtduardGFljEIh0Whlnhzda7Au0s1WnnSdzh2ZhCu9c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "57aad37a2eab85fb5522cbc8568fe27872071a1c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1681770396,
"narHash": "sha256-tq+GZOkRA3uF3I/jIzuBGfnTRQFT4QnnRCWJ8DKSaMg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4df48038a44e9f3a3da8e9b42ca182726b743de4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

12
nix/os/devices/steveej-t14/flake.nix Normal file
View file

@ -0,0 +1,12 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master";
inputs.home-manager = {
url = "github:nix-community/home-manager/release-22.11";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs = _: {};
}

29
nix/os/devices/steveej-t14/pkg.nix
View file

@ -1,15 +1,26 @@
{pkgs, ...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
home-manager.users.steveej = _: {
imports = [
../../../home-manager/configuration/graphical-fullblown.nix
(_: {
programs.chromium.extensions = [
# can define host-specific extensions here
];
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
];
};
services.teamviewer.enable = true;
system.stateVersion = "20.09";
# TODO: move this into home-manager
environment.systemPackages = with pkgs.gnomeExtensions; [
pop-shell
vitals
# TODO: currently not compatible
# window-switcher-current-workspace-first
# mmod-panel
];
}

24
nix/os/devices/steveej-t14/system.nix
View file

@ -2,26 +2,26 @@
pkgs,
lib,
config,
nodeName,
...
}: let
keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix;
in {
nix = {
binaryCaches = ["https://holochain-ci.cachix.org" "https://cache.holo.host/"];
binaryCaches = [
"https://holochain-ci.cachix.org"
# "https://cache.holo.host/"
];
binaryCachePublicKeys = [
"holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8="
"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
"cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ="
# "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
# "cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ="
];
settings.extra-experimental-features = ["impure-derivations"];
settings.system-features = ["recursive-nix"];
};
# TASK: new device
networking.hostName = "steveej-t14"; # Define your hostname.
networking.bridges."virbr1".interfaces = [];
networking.interfaces."virbr1".ipv4.addresses = [
{
@ -42,10 +42,7 @@ in {
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
services.printing = {
enable = true;
drivers = with pkgs; [hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
};
services.fwupd.enable = true;
services.fprintd.enable = true;
security.pam.services = {
@ -62,9 +59,10 @@ in {
addNetworkInterface = false;
};
docker = {
podman = {
enable = true;
extraOptions = "--experimental";
dockerCompat = true;
defaultNetwork.dnsname.enable = true;
};
};

36
nix/os/devices/steveej-t14/versions.nix
View file

@ -1,36 +0,0 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-22.11";
rev = ''
ea96b4af6148114421fda90df33cf236ff5ecf1d'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = ''
db24d86dd8a4769c50d6b7295e81aa280cd93f35'';
};
"channels-nixos-unstable-small" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable-small";
rev = ''
2d79f0ccbd2a418f1582b7a97a57683403512188'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = ''
152a7b64ae22d2b0c5f6043868d2c98b74390517'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-22.11";
rev = ''
f9edbedaf015013eb35f8caacbe0c9666bbc16af'';
};
}

41
nix/os/devices/steveej-t14/versions.tmpl.nix
View file

@ -1,41 +0,0 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-22.11";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-unstable-small" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable-small";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable-small | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-22.11";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-22.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

26
nix/os/devices/vmd102066.contaboserver.net/default.nix Normal file
View file

@ -0,0 +1,26 @@
{repoFlake}: let
nodeName = "vmd102066.contaboserver.net";
system = "x86_64-linux";
nodeFlake = repoFlake.inputs.get-flake ./.;
in {
meta.nodeSpecialArgs.${nodeName} = {
inherit nodeName nodeFlake;
packages' = repoFlake.packages.${system};
};
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
inherit system;
};
${nodeName} = {
deployment.targetHost = nodeName;
deployment.replaceUnknownProfiles = true;
imports = [
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
nodeFlake.inputs.home-manager.nixosModules.home-manager
];
};
}

99
nix/os/devices/vmd102066.contaboserver.net/flake.lock generated Normal file
View file

@ -0,0 +1,99 @@
{
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1681092193,
"narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-22.11",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1681759395,
"narHash": "sha256-7aaRtLxLAy8qFVIA26ulB+Q5nDVzuQ71qi0s0wMjAws=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "cd749f58ba83f7155b7062dd49d08e5e47e44d50",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1681895322,
"narHash": "sha256-dtduardGFljEIh0Whlnhzda7Au0s1WnnSdzh2ZhCu9c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "57aad37a2eab85fb5522cbc8568fe27872071a1c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1681770396,
"narHash": "sha256-tq+GZOkRA3uF3I/jIzuBGfnTRQFT4QnnRCWJ8DKSaMg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4df48038a44e9f3a3da8e9b42ca182726b743de4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

12
nix/os/devices/vmd102066.contaboserver.net/flake.nix Normal file
View file

@ -0,0 +1,12 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master";
inputs.home-manager = {
url = "github:nix-community/home-manager/release-22.11";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs = _: {};
}

8
nix/os/devices/vmd102066.contaboserver.net/pkg.nix
View file

@ -4,14 +4,6 @@
lib,
...
}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};

31
nix/os/devices/vmd102066.contaboserver.net/system.nix
View file

@ -2,15 +2,12 @@
pkgs,
lib,
config,
nodeName,
...
}: let
keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix;
in {
# TASK: new device
networking.hostName = "vmd102066"; # Define your hostname.
networking.domain = "contaboserver.net";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
# iperf3
@ -62,19 +59,19 @@ in {
'';
};
systemd.services.sshd.serviceConfig = {TasksMax = 32;};
# systemd.services.sshd.serviceConfig = {TasksMax = 32;};
systemd.timers."sshd-status" = {
description = "Timer to trigger sshd-status periodically";
enable = true;
wantedBy = ["timer.target" "multi-user.target"];
timerConfig = {
OnActiveSec = "5s";
OnUnitActiveSec = "5s";
AccuracySec = "1s";
Unit = "sshd-status.service";
};
};
# systemd.timers."sshd-status" = {
# description = "Timer to trigger sshd-status periodically";
# enable = true;
# wantedBy = ["timer.target" "multi-user.target"];
# timerConfig = {
# OnActiveSec = "5s";
# OnUnitActiveSec = "5s";
# AccuracySec = "1s";
# Unit = "sshd-status.service";
# };
# };
nix.gc = {automatic = true;};
@ -100,8 +97,6 @@ in {
done
'';
# networking.useHostResolvConf = true;
containers = {
backup = import ../../containers/backup.nix {
autoStart = false;

23
nix/os/devices/vmd102066.contaboserver.net/versions.nix
View file

@ -1,23 +0,0 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-22.11";
rev = ''
a7cc81913bb3cd1ef05ed0ece048b773e1839e51'';
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = ''
3b12bfe6c4e11e91865f4d244d13fdc9860bd322'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-22.11";
rev = ''
b0be47978de5cfd729a79c3f57ace4c86364ff45'';
};
}

26
nix/os/devices/vmd102066.contaboserver.net/versions.tmpl.nix
View file

@ -1,26 +0,0 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-22.11";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-22.11";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-22.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

2
nix/os/profiles/common/configuration.nix
View file

@ -1,5 +1,3 @@
{...}: {
nixpkgs.overlays = builtins.attrValues (import ../../../overlays);
imports = [./boot.nix ./pkg.nix ./user.nix ./system.nix ./hw.nix];
}

49
nix/os/profiles/common/pkg.nix
View file

@ -1,40 +1,31 @@
{
config,
flake,
pkgs,
# these come in via nodeSpecialArgs and are expected to be defined for every node
nodeFlake,
packages',
...
}: {
imports = ["${<home-manager-module>}/nixos"];
home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
imports = [
];
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
home-manager.useGlobalPkgs = false;
home-manager.useUserPackages = true;
home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix;
# TODO: investigate an issue with the "name" arg contained here, which causes problems with home-manager
# home-manager.extraSpecialArgs = specialArgs;
# hence, opt for passing the arguments selectively instead
home-manager.extraSpecialArgs = {
inherit
packages'
nodeFlake
;
};
nixpkgs.config = {
allowBroken = false;
allowUnfree = true;
packageOverrides = pkgs: with pkgs; {};
};
environment.systemPackages = with pkgs; [
elfutils
exfat
file
tree
pwgen
proot
parted
pv
tmux
wget
curl
gitFull
pastebinit
gist
mr
usbutils
pciutils
];
}

17
nix/os/profiles/common/system.nix
View file

@ -2,25 +2,18 @@
config,
pkgs,
lib,
nodeName,
...
}: {
nix.settings.trusted-public-keys = [
# "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
nix.settings.substituters = [
"https://cache.nixos.org"
# "https://hydra.nixos.org"
];
nix.settings.trusted-substituters = [
"https://cache.nixos.org"
# "https://hydra.nixos.org"
];
networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname.
networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2;
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
nix.settings.max-jobs = lib.mkDefault "auto";
nix.settings.cores = lib.mkDefault 0;
nix.settings.sandbox = true;
nix.nixPath = ["nixpkgs=${pkgs.path}"];
environment.etc."lvm/lvm.conf".text = ''
devices {
@ -28,8 +21,6 @@
}
'';
environment.variables = {NIX_PATH = lib.mkForce pkgs.nixPath;};
# Fonts, I18N, Date ...
fonts.fonts = [pkgs.corefonts];

2
nix/os/profiles/containers/configuration.nix
View file

@ -1,6 +1,4 @@
{...}: {
nixpkgs.overlays = builtins.attrValues (import ../../../overlays);
networking.useHostResolvConf = false;
services.resolved = {enable = true;};

63
nix/os/profiles/graphical/system.nix
View file

@ -1,4 +1,8 @@
{pkgs, ...}: {
{
pkgs,
lib,
...
}: {
networking.networkmanager = {
enable = true;
dns = "systemd-resolved";
@ -26,7 +30,7 @@
};
};
# required for running blueman-applet in user sessions
services.dbus.packages = with pkgs; [blueman];
services.dbus.packages = with pkgs; [blueman dconf];
services.blueman.enable = true;
services.xserver = {
@ -57,31 +61,23 @@
};
displayManager = {
gdm.enable = false;
gdm.enable = true;
autoLogin = {
enable = true;
user = "steveej";
};
lightdm = {
enable = true;
background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
};
sessionCommands = "";
};
};
services.gvfs.enable = true;
programs.seahorse.enable = true;
# gnome, most of it is disabled and ideally it could live entirely in the user's home config
programs.gpaste.enable = false;
programs.gnome-terminal.enable = false;
programs.gnome-documents.enable = false;
programs.gnome-disks.enable = false;
services.gnome = {
# gnome-online-miners.enable = false; TODO: enable this again
gnome-online-miners.enable = lib.mkForce false;
games.enable = false;
gnome-remote-desktop.enable = false;
gnome-user-share.enable = false;
@ -90,15 +86,47 @@
tracker.enable = false;
tracker-miners.enable = false;
# FIXME: gnome should be moved to user session
gnome-browser-connector.enable = false;
gnome-initial-setup.enable = false;
# FIXME: gnome should be moved to home config
gnome-settings-daemon.enable = true;
core-os-services.enable = true;
at-spi2-core.enable = true;
evolution-data-server.enable = true;
gnome-online-accounts.enable = true;
gnome-keyring.enable = true;
gnome-keyring.enable = lib.mkForce false;
};
# FIXME: gnome should be moved to user session
services.gvfs.enable = true;
programs.seahorse.enable = true;
programs.dconf.enable = true;
environment.gnome.excludePackages =
(with pkgs; [
orca
gnome-photos
gnome-tour
])
++ (with pkgs.gnome; [
cheese # webcam tool
gnome-music
gnome-terminal
gedit # text editor
epiphany # web browser
geary # email reader
evince # document viewer
gnome-characters
totem # video player
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
# More Services
environment.systemPackages = [pkgs.gnome.adwaita-icon-theme pkgs.gnomeExtensions.appindicator];
services.udev.packages = [pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules];
services.udev.extraRules = ''
# OnePlusOne
@ -120,4 +148,9 @@
'';
services.logind.lidSwitchExternalPower = "ignore";
services.printing = {
enable = true;
drivers = with pkgs; [mfcl3770cdwlpr mfcl3770cdwcupswrapper];
};
}

182
nix/os/profiles/podman/configuration.nix
View file

@ -1,182 +0,0 @@
{
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [
podman
runc
conmon
cni
cni-plugins
slirp4netns
];
environment.etc."containers/registries.conf".text = ''
# This is a system-wide configuration file used to
# keep track of registries for various container backends.
# It adheres to TOML format and does not support recursive
# lists of registries.
[registries.search]
registries = [ 'docker.io'
, 'registry.fedoraproject.org'
, 'registry.access.redhat.com'
, 'quay.io'
]
# If you need to access insecure registries, add the registry's fully-qualified name.
# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
[registries.insecure]
registries = ['localhost:5000']
'';
environment.etc."containers/policy.json".text = ''
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
}
}
}
'';
environment.etc."cni/net.d/00-loopback.conf".text = ''
{
"cniVersion": "0.3.0",
"type": "loopback"
}
'';
environment.etc."cni/net.d/87-podman-bridge.conflist".text = ''
{
"cniVersion": "0.3.0",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.88.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
'';
environment.etc."containers/libpod.conf".text = ''
# libpod.conf is the default configuration file for all tools using libpod to
# manage containers
# Default transport method for pulling and pushing for images
image_default_transport = "docker://"
# Paths to search for the Conmon container manager binary
runtime_path = [
"${pkgs.runc}/bin/runc"
]
# Paths to look for the Conmon container manager binary
conmon_path = [
"${pkgs.conmon}/bin/conmon"
]
# Environment variables to pass into conmon
conmon_env_vars = [
# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
]
# CGroup Manager - valid values are "systemd" and "cgroupfs"
cgroup_manager = "systemd"
# Container init binary
#init_path = "/usr/libexec/podman/catatonit"
# Directory for persistent libpod files (database, etc)
# By default, this will be configured relative to where containers/storage
# stores containers
# Uncomment to change location from this default
#static_dir = "/var/lib/containers/storage/libpod"
# Directory for temporary files. Must be tmpfs (wiped after reboot)
tmp_dir = "/var/run/libpod"
# Maximum size of log files (in bytes)
# -1 is unlimited
max_log_size = -1
# Whether to use chroot instead of pivot_root in the runtime
no_pivot_root = false
# Directory containing CNI plugin configuration files
cni_config_dir = "/etc/cni/net.d/"
# Directories where the CNI plugin binaries may be located
cni_plugin_dir = [
"${pkgs.cni-plugins}/bin"
]
# Default CNI network for libpod.
# If multiple CNI network configs are present, libpod will use the network with
# the name given here for containers unless explicitly overridden.
# The default here is set to the name we set in the
# 87-podman-bridge.conflist included in the repository.
# Not setting this, or setting it to the empty string, will use normal CNI
# precedence rules for selecting between multiple networks.
cni_default_network = "podman"
# Default libpod namespace
# If libpod is joined to a namespace, it will see only containers and pods
# that were created in the same namespace, and will create new containers and
# pods in that namespace.
# The default namespace is "", which corresponds to no namespace. When no
# namespace is set, all containers and pods are visible.
#namespace = ""
# Default pause image name for pod pause containers
pause_image = "k8s.gcr.io/pause:3.1"
# Default command to run the pause container
pause_command = "/pause"
# Determines whether libpod will reserve ports on the host when they are
# forwarded to containers. When enabled, when ports are forwarded to containers,
# they are held open by conmon as long as the container is running, ensuring that
# they cannot be reused by other programs on the host. However, this can cause
# significant memory usage if a container has many ports forwarded to it.
# Disabling this can save memory.
#enable_port_reservation = true
# Default libpod support for container labeling
# label=true
# Paths to look for a valid OCI runtime (runc, runv, etc)
# FIXME: this doesn't seem to take effect
[runtimes]
runc = [
"${pkgs.runc}/bin/runc"
]
'';
}

5
nix/overlays/default.nix
View file

@ -1,5 +0,0 @@
{
overrides = import ./overrides.nix;
pkgs = import ./pkgs.nix;
posh = import ./posh.nix;
}

34
nix/overlays/overrides.nix
View file

@ -1,34 +0,0 @@
# This overlay is used for overriding upstream packages.
self: super: let
sources = import ../../nix/sources.nix;
nixpkgs-master = import <nixpkgs-master> {inherit (super) config;};
nixpkgs-unstable =
import <channels-nixos-unstable> {inherit (super) config;};
in {
inherit nixpkgs-master;
inherit nixpkgs-unstable;
# alacritty = nixpkgs-master.alacritty;
alacritty = super.stdenv.mkDerivation {
name = "alacritty-custom";
buildInputs = [super.makeWrapper];
phases = "installPhase";
installPhase = ''
makeWrapper ${super.alacritty}/bin/alacritty $out/bin/alacritty \
--set-default WINIT_X11_SCALE_FACTOR 1.4
'';
};
qtile = super.qtile.overrideAttrs (oldAttrs: {
propagatedBuildInputs =
oldAttrs.passthru.unwrapped.propagatedBuildInputs
++ (with self.python3Packages; [
# python-wifi
# iwlib
keyring
]);
});
# logseq = nixpkgs-staging-steveej.logseq;
}

14
nix/overlays/pkgs.nix
View file

@ -1,14 +0,0 @@
# This overlay includes all packages defined by the top-level default.nix.
# The code is copied from the NUR repository [0].
#
# [0]: https://github.com/nix-community/nur-packages-template/blob/2610a5b60bd926cea3e6395511da8f0d14c613b9/overlay.nix
self: super: let
isReserved = n: n == "lib" || n == "overlays" || n == "modules";
nameValuePair = n: v: {
name = n;
value = v;
};
nurAttrs = import ../pkgs {pkgs = super;};
in
builtins.listToAttrs (map (n: nameValuePair n nurAttrs.${n})
(builtins.filter (n: !isReserved n) (builtins.attrNames nurAttrs)))

16
nix/overlays/posh.nix
View file

@ -1,16 +0,0 @@
self: super: let
nixpkgs-master = import <nixpkgs-master> {};
inherit (nixpkgs-master) crun;
crun_10_6_0 = crun.overrideAttrs (oldAttrs: rec {
version = "0.10.6";
src = super.fetchgit {
inherit (crun.src) url;
rev = version;
sha256 = "0v1hrlpnln0c976fb0k2ig4jv11qbyzf95z0wy92fd8r8in16rc1";
};
});
in {
inherit (nixpkgs-master) podman conmon slirp4netns;
posh = self.callPackage ../pkgs/posh.nix {};
}

44
nix/pkgs/default.nix
View file

@ -1,49 +1,7 @@
{pkgs}: let
in rec {
nixpkgs-master = import <nixpkgs-master> {};
busyboxStatic = pkgs.busybox.override {
enableStatic = true;
extraConfig = ''
CONFIG_STATIC y
CONFIG_INSTALL_APPLET_DONT y
CONFIG_INSTALL_APPLET_SYMLINKS n
'';
};
dropbearStatic = pkgs.dropbear.override {enableStatic = true;};
{pkgs}: {
duplicacy = pkgs.callPackage ../pkgs/duplicacy {};
mfcl3770cdw = pkgs.callPackage ../pkgs/mfcl3770cdw.nix {};
staruml = pkgs.callPackage ../pkgs/staruml.nix {
inherit (pkgs.gnome2) GConf;
libgcrypt = pkgs.libgcrypt_1_5;
};
pythonPackages = myPython;
myPython = pkgs.python310.withPackages (ps:
with ps;
[
pep8
yapf
flake8
# autopep8 (broken)
# pylint (broken)
ipython
llfuse
dugong
defusedxml
wheel
pip
virtualenv
cffi
pyopenssl
urllib3
# mistune (insecure)
sympy
flask
pyaml
]
++ [pkgs.pypi2nix pkgs.libffi]);
}

12
nix/variables/versions.nix
View file

@ -2,7 +2,8 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-22.11";
rev = "dac57a4eccf1442e8bf4030df6fcbb55883cb682";
rev = ''
5b7cd5c39befee629be284970415b6eb3b0ff000'';
};
in {
inherit nixpkgs;
@ -11,16 +12,19 @@ in {
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "1eb875e811dd59e21e77f6337f2c1592889b48b3";
rev = ''
4bb072f0a8b267613c127684e099a70e1f6ff106'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "590321a5defbbabe96f8def70013d5b45406dee4";
rev = ''
a8636efe2df64047cd58898010a72f73efd56722'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-22.11";
rev = "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706";
rev = ''
83110c259889230b324bb2d35bef78bf5f214a1f'';
};
}

58
shell.nix
View file

@ -1,58 +0,0 @@
{...}: let
pkgsPath = (import ./nix/sources.nix).nixpkgs;
pkgs =
import pkgsPath {overlays = builtins.attrValues (import ./nix/overlays);};
in
pkgs.stdenv.mkDerivation {
name = "infra-env";
buildInputs =
[
(with import (pkgsPath + "/nixos") {configuration = {};};
with config.system.build; [
nixos-generate-config
nixos-install
nixos-enter
manual.manpages
])
]
++ (with pkgs; [
just
git-crypt
vcsh
gnupg
git
nixUnstable
niv
nixos-install-tools
apacheHttpd
vncdo
tesseract
imagemagick
esh
xorg.xwininfo
nmap
sysstat
lshw
xxHash
linssid
wavemon
wirelesstools
lm_sensors
zathura
ripgrep
glxinfo
nixfmt
ntfy
playerctl
]);
# Set Environment Variables
RUST_BACKTRACE = 1;
}