steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

chore: nixfmt *

Browse source
This commit is contained in:
steveej 2022-10-31 11:04:38 +01:00
parent aae3fd4090
commit 47c5c9dc56
161 changed files with 2693 additions and 3029 deletions
Download patch file Download diff file Expand all files Collapse all files

13
_archive/environments/dev/go/default.nix
View file

@ -1,10 +1,5 @@
{ gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {} { gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }, pkgs ? gitpkgs
, pkgs ? gitpkgs , name ? "generic", version, extraBuildInputs ? [ ], extraShellHook ? "" }:
, name ? "generic"
, version
, extraBuildInputs ? []
, extraShellHook ? ""
}:
let let
go = builtins.getAttr "go_${version}" pkgs; go = builtins.getAttr "go_${version}" pkgs;
commonVimRC = '' commonVimRC = ''
@ -68,8 +63,8 @@ let
gox.bin gox.bin
#ginkgo ginkgo.bin #ginkgo ginkgo.bin
#gomega #gomega
# ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } ) # ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } )
# ( import ./neovim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } ) # ( import ./neovim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } )
]; ];
in pkgs.stdenv.mkDerivation { in pkgs.stdenv.mkDerivation {

8
_archive/environments/dev/go/neovim-go.nix
View file

@ -1,4 +1,4 @@
{ commonRC, ... } @ args : { commonRC, ... }@args:
(import ../../pkg-configuration/vim-derivates/neovim.nix args // { (import ../../pkg-configuration/vim-derivates/neovim.nix args // {
additionalRC = commonRC + '' additionalRC = commonRC + ''
@ -7,9 +7,5 @@
let g:deoplete#enable_smart_case = 1 let g:deoplete#enable_smart_case = 1
" } " }
''; '';
additionalPlugins = [ additionalPlugins = [ "deoplete-go" "deoplete-nvim" "vim-go" ];
"deoplete-go"
"deoplete-nvim"
"vim-go"
];
}) })

20
_archive/environments/dev/pandoc.nix
View file

@ -1,16 +1,14 @@
{ gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {} { gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }, pkgs ? gitpkgs
, pkgs ? gitpkgs , name ? "generic", version ? "Stable", extraBuildInputs ? [ ] }:
, name ? "generic" let commonVimRC = "";
, version ? "Stable"
, extraBuildInputs ? []
}:
let
commonVimRC = ''
'';
in pkgs.stdenv.mkDerivation { in pkgs.stdenv.mkDerivation {
inherit name; inherit name;
buildInputs = with pkgs; [ buildInputs = with pkgs;
( import ./vim-pandoc.nix { pkgs=gitpkgs; commonRC=commonVimRC; }) [
(import ./vim-pandoc.nix {
pkgs = gitpkgs;
commonRC = commonVimRC;
})
pandoc pandoc
texlive.combined.scheme-medium texlive.combined.scheme-medium
python27Packages.pandocfilters python27Packages.pandocfilters

7
_archive/environments/dev/rkt.nix
View file

@ -1,8 +1,5 @@
{ { pkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }
pkgs ? import /home/steveej/src/github/NixOS/nixpkgs {}, , mkGoEnv ? import ./go.nix, rktPath, }:
mkGoEnv ? import ./go.nix,
rktPath,
}:
let let
rktBasebuildInputs = with pkgs; [ rktBasebuildInputs = with pkgs; [
glibc.out glibc.out

29
_archive/environments/dev/rust/default.nix
View file

@ -1,9 +1,5 @@
{ gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {} { gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }, pkgs ? gitpkgs
, pkgs ? gitpkgs , name ? "generic", version ? "Stable", extraBuildInputs ? [ ] }:
, name ? "generic"
, version ? "Stable"
, extraBuildInputs ? []
}:
let let
rustPackages = builtins.getAttr "rust${version}" pkgs; rustPackages = builtins.getAttr "rust${version}" pkgs;
rustc = rustPackages.rustc; rustc = rustPackages.rustc;
@ -12,20 +8,21 @@ let
setPS1 $rustname setPS1 $rustname
unset name unset name
''; '';
commonVimRC = '' commonVimRC = "";
'';
in pkgs.stdenv.mkDerivation { in pkgs.stdenv.mkDerivation {
inherit name; inherit name;
buildInputs = with rustPackages;[ buildInputs = with rustPackages;
( import ./vim-rust.nix { pkgs=gitpkgs; commonRC=commonVimRC; [
(import ./vim-rust.nix {
pkgs = gitpkgs;
commonRC = commonVimRC;
inherit rustc; inherit rustc;
racerd=pkgs.rustracerd; racerd = pkgs.rustracerd;
}) })
rustc cargo rustc
] ++ [ cargo
pkgs.rustfmt ] ++ [ pkgs.rustfmt ] ++ extraBuildInputs;
] ++ extraBuildInputs; shellHook = (rustShellHook) {
shellHook = (rustShellHook){
inherit name; inherit name;
inherit rustc; inherit rustc;
}; };

7
_archive/environments/dev/vim-go.nix
View file

@ -1,4 +1,4 @@
{ commonRC, ... } @ args : { commonRC, ... }@args:
import ../../pkg-configuration/vim-derivates/vim.nix (args // { import ../../pkg-configuration/vim-derivates/vim.nix (args // {
name = "vim-for-go"; name = "vim-for-go";
@ -13,8 +13,5 @@ import ../../pkg-configuration/vim-derivates/vim.nix (args // {
let g:neocomplete#sources#omni#input_patterns = {} let g:neocomplete#sources#omni#input_patterns = {}
endif endif
''; '';
additionalPlugins = [ additionalPlugins = [ "neocomplete" "vim-go" ];
"neocomplete"
"vim-go"
];
}) })

10
_archive/environments/dev/vim-pandoc.nix
View file

@ -1,6 +1,4 @@
{ commonRC { commonRC, ... }@args:
,
... } @ args :
import ../../pkg-configuration/vim-derivates/vim.nix (args // { import ../../pkg-configuration/vim-derivates/vim.nix (args // {
name = "vim-for-pandoc"; name = "vim-for-pandoc";
@ -14,9 +12,5 @@ import ../../pkg-configuration/vim-derivates/vim.nix (args // {
let g:syntastic_check_on_open = 1 let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0 let g:syntastic_check_on_wq = 0
''; '';
additionalPlugins = [ additionalPlugins = [ "vim-pandoc" "vim-pandoc-syntax" "vimpreviewpandoc" ];
"vim-pandoc"
"vim-pandoc-syntax"
"vimpreviewpandoc"
];
}) })

9
_archive/environments/dev/vim-rust.nix
View file

@ -1,7 +1,4 @@
{ commonRC { commonRC, rustc, racerd, ... }@args:
, rustc
, racerd,
... } @ args :
import ../../pkg-configuration/vim-derivates/vim.nix (args // { import ../../pkg-configuration/vim-derivates/vim.nix (args // {
name = "vim-for-rust"; name = "vim-for-rust";
@ -40,7 +37,5 @@ import ../../pkg-configuration/vim-derivates/vim.nix (args // {
let g:ycm_racerd_binary_path = '${racerd.out}/bin/racerd' let g:ycm_racerd_binary_path = '${racerd.out}/bin/racerd'
''; '';
additionalPlugins = [ additionalPlugins = [ "rust-vim" ];
"rust-vim"
];
}) })

5
_archive/environments/fhs/android.nix
View file

@ -1,8 +1,9 @@
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> { } }:
(pkgs.buildFHSUserEnv { (pkgs.buildFHSUserEnv {
name = "devfhs"; name = "devfhs";
multiPkgs = pkgs: (with pkgs; [ multiPkgs = pkgs:
(with pkgs; [
android-udev-rules android-udev-rules
sudo sudo
gawk gawk

11
_archive/environments/fhs/vscode.nix
View file

@ -1,9 +1,10 @@
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> { } }:
(pkgs.buildFHSUserEnv { (pkgs.buildFHSUserEnv {
name = "everydayFHS"; name = "everydayFHS";
targetPkgs = pkgs: (with pkgs; targetPkgs = pkgs:
[ which (with pkgs; [
which
gitFull gitFull
zsh zsh
file file
@ -28,9 +29,7 @@
zlib zlib
libsecret libsecret
]); ]);
multiPkgs = pkgs: (with pkgs; multiPkgs = pkgs: (with pkgs; [ ]);
[
]);
profile = '' profile = ''
export SHELL=/bin/zsh export SHELL=/bin/zsh
''; '';

4
_archive/nixos-configuration/common/pkg/neovim.nix
View file

@ -1,6 +1,4 @@
{ config { config, pkgs, ... }@args:
, pkgs
, ... } @ args:
{ {
environment.systemPackages = [ environment.systemPackages = [

6
_archive/nixos-configuration/common/pkg/vim.nix
View file

@ -1,9 +1,9 @@
{ pkgs { pkgs, ... }@args:
, ... } @ args:
{ {
environment.systemPackages = [ environment.systemPackages = [
pkgs.xsel pkgs.xsel
(import ../../../pkg-configuration/vim-derivates/vim.nix (args // { name = "vim"; })) (import ../../../pkg-configuration/vim-derivates/vim.nix
(args // { name = "vim"; }))
]; ];
} }

4
_archive/nixos-configuration/common/user/steveej.nix
View file

@ -1,6 +1,4 @@
{ config { config, pkgs, ... }:
, pkgs
, ... }:
let let
passwords = import ../passwords.crypt.nix; passwords = import ../passwords.crypt.nix;

3
default.nix
View file

@ -5,8 +5,7 @@
# commands such as: # commands such as:
# nix-build -A mypackage # nix-build -A mypackage
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> { } }:
{ {
overlays = import ./nix/overlays; overlays = import ./nix/overlays;

41
nix/container-images/default.nix
View file

@ -1,11 +1,6 @@
{ pkgs ? import <nixpkgs> {} { pkgs ? import <nixpkgs> { } }:
}:
let
baseEnv = [
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
let baseEnv = [ "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
in rec { in rec {
@ -29,16 +24,9 @@ in rec {
interactive_base = pkgs.dockerTools.buildImage { interactive_base = pkgs.dockerTools.buildImage {
name = "interactive_base"; name = "interactive_base";
fromImage = base; fromImage = base;
contents = with pkgs; [ contents = with pkgs; [ procps zsh coreutils neovim ];
procps
zsh
coreutils
neovim
];
config = { config = { Cmd = [ "/bin/zsh" ]; };
Cmd = [ "/bin/zsh" ];
};
}; };
s3ql = let s3ql = let
@ -87,10 +75,7 @@ in rec {
in pkgs.dockerTools.buildImage { in pkgs.dockerTools.buildImage {
name = "s3ql"; name = "s3ql";
fromImage = interactive_base; fromImage = interactive_base;
contents = [ contents = [ pkgs.s3ql pkgs.fuse ];
pkgs.s3ql
pkgs.fuse
];
runAsRoot = '' runAsRoot = ''
#!${pkgs.stdenv.shell} #!${pkgs.stdenv.shell}
@ -109,10 +94,10 @@ in rec {
]; ];
Cmd = [ entrypoint ]; Cmd = [ entrypoint ];
Volumes = { Volumes = {
"/var/cache/s3ql" = {}; "/var/cache/s3ql" = { };
"/etc/s3ql/authinfo2" = {}; "/etc/s3ql/authinfo2" = { };
"/buckets" = {}; "/buckets" = { };
"/tmp" = {}; "/tmp" = { };
}; };
}; };
}; };
@ -146,13 +131,9 @@ in rec {
contents = pkgs.syncthing; contents = pkgs.syncthing;
config = { config = {
Env = baseEnv ++ [ Env = baseEnv ++ [ "SYNCTHING_HOME=/home/syncthing" ];
"SYNCTHING_HOME=/home/syncthing"
];
Cmd = [ entrypoint ]; Cmd = [ entrypoint ];
Volumes = { Volumes = { "/data" = { }; };
"/data" = {};
};
}; };
}; };
} }

13
nix/default.nix
View file

@ -3,8 +3,7 @@
let let
channelVersions = (import versionsPath); channelVersions = (import versionsPath);
mkChannelSource = name: mkChannelSource = name:
let let channelVersion = builtins.getAttr name channelVersions;
channelVersion = builtins.getAttr name channelVersions;
in builtins.fetchGit { in builtins.fetchGit {
# Descriptive name to make the store path easier to identify # Descriptive name to make the store path easier to identify
inherit name; inherit name;
@ -15,13 +14,11 @@ let
elem = builtins.getAttr elemName channelVersions; elem = builtins.getAttr elemName channelVersions;
elemPath = (mkChannelSource elemName); elemPath = (mkChannelSource elemName);
suffix = if builtins.hasAttr "suffix" elem then elem.suffix else ""; suffix = if builtins.hasAttr "suffix" elem then elem.suffix else "";
in in builtins.concatStringsSep "=" [ elemName elemPath ] + suffix)
builtins.concatStringsSep "=" [ elemName elemPath ] + suffix (builtins.attrNames channelVersions));
) (builtins.attrNames channelVersions)); pkgs = import (mkChannelSource "nixpkgs") { };
pkgs = import (mkChannelSource "nixpkgs") {};
in
{ in {
inherit nixPath; inherit nixPath;
channelSources = pkgs.writeText "channels.rc" '' channelSources = pkgs.writeText "channels.rc" ''
export NIX_PATH=${nixPath} export NIX_PATH=${nixPath}

50
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -1,16 +1,13 @@
{ pkgs }: { pkgs }:
let let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
zshCurried = import ../programs/zsh.nix { inherit pkgs; };
in
{ pkgs in { pkgs, config, ... }:
, config
, ... }:
let let
# gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
unstablepkgs = import <channels-nixos-unstable-small> { config = config.nixpkgs.config; }; unstablepkgs =
import <channels-nixos-unstable-small> { config = config.nixpkgs.config; };
masterpkgs = import <nixpkgs-master> { config = config.nixpkgs.config; }; masterpkgs = import <nixpkgs-master> { config = config.nixpkgs.config; };
in { in {
@ -37,25 +34,20 @@ in {
gnutls = true; gnutls = true;
}; };
packageOverrides = pkgs: with pkgs; { packageOverrides = pkgs: with pkgs; { };
};
}; };
home.sessionVariables = { home.sessionVariables = {
# TODO: find a way to prevent using a store path for the current file # TODO: find a way to prevent using a store path for the current file
# HM_CONFIG_PATH=builtins.toString "${./.}"; # HM_CONFIG_PATH=builtins.toString "${./.}";
HM_CONFIG="graphical-fullblown"; HM_CONFIG = "graphical-fullblown";
GOPATH="$HOME/src/go"; GOPATH = "$HOME/src/go";
PATH=pkgs.lib.concatStringsSep ":" [ PATH = pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" "$PATH" ];
"$HOME/.local/bin"
"$PATH"
];
}; };
home.packages = [] home.packages = [ ] ++ (with pkgs; [
++ (with pkgs; [
# Authentication # Authentication
cacert cacert
fprintd fprintd
@ -135,7 +127,6 @@ in {
# })) # }))
appimage-run appimage-run
# Remote Control Tools # Remote Control Tools
remmina remmina
freerdp freerdp
@ -184,7 +175,6 @@ in {
feh feh
# digikam # digikam
# Modelling Tools # Modelling Tools
# plantuml # plantuml
# umlet # umlet
@ -216,26 +206,14 @@ in {
perlPackages.UnicodeLineBreak perlPackages.UnicodeLineBreak
(texlive.combine { (texlive.combine {
inherit (texlive) inherit (texlive)
scheme-small scheme-small texlive-de texlive-en texlive-scripts collection-langgerman
texlive-de
texlive-en
texlive-scripts
collection-langgerman
latexindent latexindent latexmk
latexmk
algorithms algorithms cm-super
cm-super
preprint preprint enumitem draftwatermark everypage ulem placeins minted
enumitem ifplatform fvextra xstring framed;
draftwatermark
everypage
ulem
placeins
minted ifplatform fvextra xstring framed
;
}) })
pdftk pdftk

21
nix/home-manager/configuration/graphical-gnome3.nix
View file

@ -1,15 +1,12 @@
{ pkgs }: { pkgs }:
let let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
zshCurried = import ../programs/zsh.nix { inherit pkgs; };
in
{ pkgs in { pkgs, config, ... }:
, config,
... }:
let let
unstablepkgs = import <channels-nixos-unstable> { config = config.nixpkgs.config; }; unstablepkgs =
import <channels-nixos-unstable> { config = config.nixpkgs.config; };
in { in {
imports = [ imports = [
@ -30,16 +27,12 @@ in {
gnutls = true; gnutls = true;
}; };
packageOverrides = pkgs: with pkgs; { packageOverrides = pkgs: with pkgs; { };
};
}; };
home.sessionVariables = { home.sessionVariables = { };
};
home.packages = [ ] ++ (with pkgs; [
home.packages =
[] ++ (with pkgs; [
# Nix package related tools # Nix package related tools
patchelf patchelf
nix-index nix-index

21
nix/home-manager/configuration/graphical-removable.nix
View file

@ -1,15 +1,12 @@
{ pkgs }: { pkgs }:
let let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
zshCurried = import ../programs/zsh.nix { inherit pkgs; };
in
{ pkgs in { pkgs, config, ... }:
, config,
... }:
let let
unstablepkgs = import <channels-nixos-unstable> { config = config.nixpkgs.config; }; unstablepkgs =
import <channels-nixos-unstable> { config = config.nixpkgs.config; };
in { in {
imports = [ imports = [
@ -32,16 +29,12 @@ in {
gnutls = true; gnutls = true;
}; };
packageOverrides = pkgs: with pkgs; { packageOverrides = pkgs: with pkgs; { };
};
}; };
home.sessionVariables = { home.sessionVariables = { };
};
home.packages = [ ] ++ (with pkgs; [
home.packages =
[] ++ (with pkgs; [
# Nix package related tools # Nix package related tools
patchelf patchelf
nix-index nix-index

24
nix/home-manager/configuration/text-minimal.nix
View file

@ -1,12 +1,8 @@
{ pkgs, extraPackages ? [] }: { pkgs, extraPackages ? [ ] }:
let let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
zshCurried = import ../programs/zsh.nix { inherit pkgs; };
in
{ pkgs in { pkgs, config, ... }:
, config
, ... }:
let let
@ -18,18 +14,10 @@ in {
zshCurried zshCurried
]; ];
nixpkgs.config = { nixpkgs.config = { packageOverrides = pkgs: with pkgs; { }; };
packageOverrides = pkgs: with pkgs; {
};
};
home.sessionVariables = { home.sessionVariables = { };
};
home.packages = extraPackages home.packages = extraPackages
++ (with pkgs; [ ++ (with pkgs; [ iperf3 inetutils speedtest-cli ]);
iperf3
inetutils
speedtest-cli
]);
} }

11
nix/home-manager/lib.nix
View file

@ -1,5 +1,4 @@
{ { }:
}:
let let
@ -11,12 +10,8 @@ in {
PartOf = [ "graphical-session.target" ]; PartOf = [ "graphical-session.target" ];
}; };
Install = { Install = { WantedBy = [ "graphical-session.target" ]; };
WantedBy = [ "graphical-session.target" ];
};
Service = { Service = { ExecStart = execStart; };
ExecStart = execStart;
};
}; };
} }

7
nix/home-manager/profiles/common.nix
View file

@ -1,6 +1,4 @@
{ pkgs { pkgs, ... }:
, ...
}:
let let
in { in {
@ -36,8 +34,7 @@ in {
programs.command-not-found.enable = true; programs.command-not-found.enable = true;
programs.fzf.enable = true; programs.fzf.enable = true;
home.packages = home.packages = [ ] ++ (with pkgs; [
[] ++ (with pkgs; [
# git helpers # git helpers
git-crypt git-crypt

8
nix/home-manager/profiles/dotfiles.nix
View file

@ -1,10 +1,6 @@
{ pkgs { pkgs, config, ... }:
, config
, ...
}:
let let vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix { };
vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix {};
in { in {
# TODO: fix the dotfiles # TODO: fix the dotfiles

9
nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix
View file

@ -1,8 +1,5 @@
{ pkgs { pkgs, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git"
, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git" , repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git", ... }:
, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git"
, ...
}:
let let
repoBareLocal = pkgs.runCommand "fetchbare" { repoBareLocal = pkgs.runCommand "fetchbare" {
@ -36,4 +33,4 @@ in pkgs.writeScript "activation-script" ''
${pkgs.vcsh}/bin/vcsh pull $HOST || true ${pkgs.vcsh}/bin/vcsh pull $HOST || true
set_remotes ${repoHttps} ${repoSsh} set_remotes ${repoHttps} ${repoSsh}
fi fi
'' ''

17
nix/home-manager/profiles/nix-channels.nix
View file

@ -1,15 +1,13 @@
{ pkgs { pkgs, config, ... }:
, config
, ...
}:
let let
in { in {
home.file.".nix-channels".text = '' home.file.".nix-channels".text = "";
'';
home.activation.removeExistingNixChannels = config.lib.dag.entryBefore ["checkLinkTargets"] '' home.activation.removeExistingNixChannels =
$DRY_RUN_CMD ${pkgs.writeScript "activation-script" '' config.lib.dag.entryBefore [ "checkLinkTargets" ] ''
$DRY_RUN_CMD ${
pkgs.writeScript "activation-script" ''
set -ex set -ex
if test -f $HOME/.nix-channels; then if test -f $HOME/.nix-channels; then
echo Uninstalling available channels... echo Uninstalling available channels...
@ -23,6 +21,7 @@ in {
mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels
rm $HOME/.nix-channels rm $HOME/.nix-channels
fi fi
''}; ''
};
''; '';
} }

130
nix/home-manager/profiles/qtile-desktop.nix
View file

@ -1,16 +1,13 @@
{ pkgs { pkgs, ... }:
, ...
}:
let let
inherit (import ../lib.nix { }) inherit (import ../lib.nix { }) mkSimpleTrayService;
mkSimpleTrayService
;
audio = pkgs.writeShellScript "audio" '' audio = pkgs.writeShellScript "audio" ''
export PATH=${with pkgs; lib.makeBinPath [ export PATH=${
pulseaudio findutils gnugrep with pkgs;
]}:$PATH lib.makeBinPath [ pulseaudio findutils gnugrep ]
}:$PATH
export MUTEFILE=''${TEMPDIR:-/tmp}/.qtilemute export MUTEFILE=''${TEMPDIR:-/tmp}/.qtilemute
case $1 in case $1 in
@ -34,9 +31,7 @@ let
terminalCommand = "${pkgs.alacritty}/bin/alacritty"; terminalCommand = "${pkgs.alacritty}/bin/alacritty";
dpmsScript = pkgs.writeShellScript "dpmsScript" '' dpmsScript = pkgs.writeShellScript "dpmsScript" ''
export PATH=${with pkgs; lib.makeBinPath [ export PATH=${with pkgs; lib.makeBinPath [ xorg.xset ]}:$PATH
xorg.xset
]}:$PATH
set -xe set -xe
@ -59,9 +54,7 @@ let
''; '';
screenLockCommand = pkgs.writeShellScript "screenLock" '' screenLockCommand = pkgs.writeShellScript "screenLock" ''
export PATH=${with pkgs; lib.makeBinPath [ export PATH=${with pkgs; lib.makeBinPath [ i3lock ]}:$PATH
i3lock
]}:$PATH
revert() { revert() {
${dpmsScript} default ${dpmsScript} default
@ -82,27 +75,27 @@ let
''; '';
qtileConfig = pkgs.writeScript "qtile_config.py" '' qtileConfig = pkgs.writeScript "qtile_config.py" ''
from libqtile.config import Key, Screen, Group, Drag, Click from libqtile.config import Key, Screen, Group, Drag, Click
from libqtile.command import lazy from libqtile.command import lazy
from libqtile import layout, bar, widget from libqtile import layout, bar, widget
from libqtile import hook from libqtile import hook
import logging, os import logging, os
logger = logging.getLogger() logger = logging.getLogger()
logger.setLevel(logging.WARN) logger.setLevel(logging.WARN)
handler = logging.handlers.RotatingFileHandler( handler = logging.handlers.RotatingFileHandler(
os.path.join(os.getenv('TEMPDIR', default="/tmp"), '.qtilelog'), maxBytes=10240000, os.path.join(os.getenv('TEMPDIR', default="/tmp"), '.qtilelog'), maxBytes=10240000,
backupCount=7 backupCount=7
) )
handler.setLevel(logging.WARN) handler.setLevel(logging.WARN)
logger.addHandler(handler) logger.addHandler(handler)
key_super = "mod4" key_super = "mod4"
key_alt = "mod1" key_alt = "mod1"
key_control = "control" key_control = "control"
keys = [ keys = [
# https://github.com/qtile/qtile/blob/master/libqtile/backend/x11/xkeysyms.py # https://github.com/qtile/qtile/blob/master/libqtile/backend/x11/xkeysyms.py
Key([key_super], "Return", lazy.spawn("${terminalCommand}")), Key([key_super], "Return", lazy.spawn("${terminalCommand}")),
Key([key_super], "r", lazy.spawncmd()), Key([key_super], "r", lazy.spawncmd()),
@ -179,10 +172,10 @@ keys = [
Key([], "XF86AudioLowerVolume", lazy.spawn("${audio} lower")), Key([], "XF86AudioLowerVolume", lazy.spawn("${audio} lower")),
Key([], "XF86AudioRaiseVolume", lazy.spawn("${audio} raise")), Key([], "XF86AudioRaiseVolume", lazy.spawn("${audio} raise")),
Key([], "Print", lazy.spawn("${pkgs.flameshot}/bin/flameshot gui")), Key([], "Print", lazy.spawn("${pkgs.flameshot}/bin/flameshot gui")),
] ]
groups = [Group(i) for i in "1234567890"] groups = [Group(i) for i in "1234567890"]
for i in groups: for i in groups:
# super + letter of group = switch to group # super + letter of group = switch to group
keys.append( keys.append(
Key([key_super], i.name, lazy.group[i.name].toscreen()) Key([key_super], i.name, lazy.group[i.name].toscreen())
@ -193,23 +186,23 @@ for i in groups:
Key([key_super, key_control], i.name, lazy.window.togroup(i.name)) Key([key_super, key_control], i.name, lazy.window.togroup(i.name))
) )
layouts = [ layouts = [
layout.Columns(num_columns=3, border_focus='#00ff00', border_width=2), layout.Columns(num_columns=3, border_focus='#00ff00', border_width=2),
layout.Max(), layout.Max(),
# layout.Stack(num_stacks=3, border_focus='#00ff00', border_width=2, autosplit=True, previous_on_rm=True), # layout.Stack(num_stacks=3, border_focus='#00ff00', border_width=2, autosplit=True, previous_on_rm=True),
# layout.Wmii(border_focus='#00ff00'), # layout.Wmii(border_focus='#00ff00'),
# layout.MonadTall(ratio=0.6, border_focus='#00ff00'), # layout.MonadTall(ratio=0.6, border_focus='#00ff00'),
] ]
widget_defaults = dict( widget_defaults = dict(
font='Arial', font='Arial',
fontsize=16, fontsize=16,
padding=3, padding=3,
) )
screens_count = 4 screens_count = 4
screens = [] screens = []
for i in range(0, screens_count+1): for i in range(0, screens_count+1):
j = i+1 j = i+1
widgets = [ widgets = [
widget.TextBox("Screen %i" % j, name="Screen %i" % j), widget.TextBox("Screen %i" % j, name="Screen %i" % j),
@ -230,38 +223,37 @@ for i in range(0, screens_count+1):
keys.append(Key([key_super, "shift"], "%i" % (i+1), lazy.to_screen(i))) keys.append(Key([key_super, "shift"], "%i" % (i+1), lazy.to_screen(i)))
dgroups_key_binder = None dgroups_key_binder = None
dgroups_app_rules = [] dgroups_app_rules = []
follow_mouse_focus = False follow_mouse_focus = False
bring_front_click = False bring_front_click = False
cursor_warp = False cursor_warp = False
auto_fullscreen = True auto_fullscreen = True
auto_minimize = False auto_minimize = False
# focus_on_window_activation = "urgent" # focus_on_window_activation = "urgent"
# Drag floating layouts. # Drag floating layouts.
mouse = [ mouse = [
# Drag([key_super,key_control], "Button1", lazy.window.set_position_floating(), start=lazy.window.get_position()), # Drag([key_super,key_control], "Button1", lazy.window.set_position_floating(), start=lazy.window.get_position()),
# Drag([key_super,key_control], "Button2", lazy.window.set_size_floating(), start=lazy.window.get_size()), # Drag([key_super,key_control], "Button2", lazy.window.set_size_floating(), start=lazy.window.get_size()),
Click([key_super,key_control], "Button3", lazy.window.disable_floating()) Click([key_super,key_control], "Button3", lazy.window.disable_floating())
] ]
# disable any floating # disable any floating
@hook.subscribe.client_new @hook.subscribe.client_new
def disable_floating_for_all_new_windows(window): def disable_floating_for_all_new_windows(window):
window.floating = False window.floating = False
@hook.subscribe.client_new @hook.subscribe.client_new
def print_new_window(window): def print_new_window(window):
print("new window: ", window) print("new window: ", window)
''; '';
in { in {
systemd.user = { systemd.user = {
startServices = true; startServices = true;
services = { services = { };
};
}; };
services = { services = {
@ -306,13 +298,13 @@ in {
enable = true; enable = true;
settings = { settings = {
matches = let matches = let
playerctl = ''${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl''; playerctl = ''
${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl'';
in [ in [
{ {
trigger = ":vpos"; trigger = ":vpos";
replace = "{{output}}"; replace = "{{output}}";
vars = [ vars = [{
{
name = "output"; name = "output";
type = "script"; type = "script";
params = { params = {
@ -331,25 +323,21 @@ in {
'') '')
]; ];
}; };
} }];
];
} }
{ {
trigger = ":vtit"; trigger = ":vtit";
replace = "{{output}}"; replace = "{{output}}";
vars = [ vars = [{
{
name = "output"; name = "output";
type = "script"; type = "script";
params = { params = {
args = [ args = [
(pkgs.writeShellScript "espanso" '' (pkgs.writeShellScript "espanso"
${playerctl} metadata title'' "${playerctl} metadata title")
)
]; ];
}; };
} }];
];
} }
{ {
trigger = ":dunno"; trigger = ":dunno";

19
nix/home-manager/programs/chromium.nix
View file

@ -1,15 +1,9 @@
{ { ... }:
...
}:
{ {
programs.chromium = { programs.chromium = { enable = true; };
enable = true;
};
programs.brave = { programs.brave = { enable = true; };
enable = true;
};
nixpkgs.config = { nixpkgs.config = {
chromium = { chromium = {
@ -18,11 +12,6 @@
}; };
}; };
programs.browserpass = { programs.browserpass = { browsers = [ "chromium" "brave" ]; };
browsers = [
"chromium"
"brave"
];
};
} }

14
nix/home-manager/programs/emacs.nix
View file

@ -1,23 +1,21 @@
{ pkgs, { pkgs, ... }:
...
}:
{ {
programs.emacs = { programs.emacs = {
enable = true; enable = true;
extraPackages = epkgs: (with epkgs; [ extraPackages = epkgs:
(with epkgs; [
nix-mode nix-mode
magit # ; Integrate git <C-x g> magit # ; Integrate git <C-x g>
zerodark-theme # ; Nicolas' theme zerodark-theme # ; Nicolas' theme
undo-tree # ; <C-x u> to show the undo tree undo-tree # ; <C-x u> to show the undo tree
# zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+> # zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
]) ++ (with epkgs.melpaPackages; [ ]) ++ (with epkgs.melpaPackages; [ evil ]) ++ (with epkgs.elpaPackages; [
evil
]) ++ (with epkgs.elpaPackages; [
auctex # ; LaTeX mode auctex # ; LaTeX mode
beacon # ; highlight my cursor when scrolling beacon # ; highlight my cursor when scrolling
nameless # ; hide current package name everywhere in elisp code nameless # ; hide current package name everywhere in elisp code
]) ++ (with pkgs; [ ]) ++ (with pkgs;
[
pkgs.notmuch # From main packages set pkgs.notmuch # From main packages set
]); ]);
}; };

15
nix/home-manager/programs/firefox.nix
View file

@ -1,19 +1,14 @@
{ pkgs { pkgs, ... }:
, ...
}:
{ {
programs.firefox = { programs.firefox = { enable = true; };
enable = true;
};
programs.browserpass = { programs.browserpass = {
enable = true; enable = true;
browsers = [ browsers = [ "firefox" ];
"firefox"
];
}; };
home.file.".mozilla/native-messaging-hosts/passff.json".source = "${pkgs.passff-host}/share/passff-host/passff.json"; home.file.".mozilla/native-messaging-hosts/passff.json".source =
"${pkgs.passff-host}/share/passff-host/passff.json";
} }

4
nix/home-manager/programs/holochain-launcher.nix
View file

@ -1,7 +1,5 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home.packages = [ home.packages = [ pkgs.holochain-launcher ];
pkgs.holochain-launcher
];
} }

21
nix/home-manager/programs/homeshick.nix
View file

@ -1,18 +1,15 @@
{ pkgs { pkgs, config, ... }:
, config
, ...
}:
let let
# TODO: clean up the impurity in here # TODO: clean up the impurity in here
in { in {
home.sessionVariables = { home.sessionVariables = { HOMESHICK_DIR = "${pkgs.homeshick}"; };
HOMESHICK_DIR="${pkgs.homeshick}";
};
home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] '' home.activation.bootstrapRepos =
$DRY_RUN_CMD ${pkgs.writeScript "activation-script" '' config.lib.dag.entryAfter [ "writeBoundary" ] ''
$DRY_RUN_CMD ${
pkgs.writeScript "activation-script" ''
set -e set -e
echo home-manager path is ${config.home.path} echo home-manager path is ${config.home.path}
echo home is $HOME echo home is $HOME
@ -23,12 +20,14 @@ in {
# echo Updating homeshick # echo Updating homeshick
# ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick # ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick
# mv -Tf "$HOMESICK_REPOS"/{.,}homeshick # mv -Tf "$HOMESICK_REPOS"/{.,}homeshick
''}; ''
};
''; '';
nixpkgs.config = { nixpkgs.config = {
packageOverrides = pkgs: with pkgs; { packageOverrides = pkgs:
with pkgs; {
homeshick = builtins.fetchGit { homeshick = builtins.fetchGit {
url = "https://github.com/andsens/homeshick.git"; url = "https://github.com/andsens/homeshick.git";
ref = "master"; ref = "master";

8
nix/home-manager/programs/libreoffice.nix
View file

@ -1,6 +1,4 @@
{ pkgs, { pkgs, ... }:
...
}:
{ {
home.sessionVariables = { home.sessionVariables = {
@ -8,7 +6,5 @@
SAL_USE_VCLPLUGIN = "gtk3"; SAL_USE_VCLPLUGIN = "gtk3";
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [ libreoffice-fresh ];
libreoffice-fresh
];
} }

23
nix/home-manager/programs/neovim.nix
View file

@ -1,13 +1,9 @@
{ pkgs, { pkgs, ... }:
...
}:
let let
in { in {
home.sessionVariables = { home.sessionVariables = { EDITOR = "nvim"; };
EDITOR = "nvim";
};
programs.neovim = { programs.neovim = {
enable = true; enable = true;
@ -16,7 +12,8 @@ in {
extraConfig = builtins.readFile ./neovim/vimrc; extraConfig = builtins.readFile ./neovim/vimrc;
plugins = with pkgs; [ plugins = with pkgs;
[
# yaml-folds # yaml-folds
{ {
plugin = vimUtils.buildVimPlugin { plugin = vimUtils.buildVimPlugin {
@ -80,8 +77,7 @@ in {
}; };
}; };
} }
] ] ++ (with pkgs.vimPlugins; [
++ (with pkgs.vimPlugins; [
delimitMate delimitMate
vim-airline vim-airline
vim-airline-themes vim-airline-themes
@ -109,7 +105,8 @@ in {
tabular tabular
# Nix # Nix
vim-addon-nix tlib vim-addon-nix
tlib
vim-addon-vim2nix vim-addon-vim2nix
# LaTeX # LaTeX
@ -124,8 +121,8 @@ in {
vim-markdown-toc vim-markdown-toc
# misc syntax support # misc syntax support
vim-bazel maktaba vim-bazel
]) maktaba
; ]);
}; };
} }

18
nix/home-manager/programs/pass.nix
View file

@ -1,23 +1,15 @@
{ pkgs { pkgs, ... }:
, ...
}:
{ {
home.sessionVariables = { home.sessionVariables = {
# required by pass-otp # required by pass-otp
PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions"; PASSWORD_STORE_EXTENSIONS_DIR =
"$HOME/.nix-profile/lib/password-store/extensions";
PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
}; };
programs.browserpass = { programs.browserpass = { enable = true; };
enable = true;
};
home.packages = with pkgs; [ home.packages = with pkgs; [ pass qtpass rofi-pass gnupg ];
pass
qtpass
rofi-pass
gnupg
];
} }

10
nix/home-manager/programs/podman.nix
View file

@ -1,6 +1,4 @@
{ pkgs { pkgs, ... }:
, ...
}:
let let
cniConfigDir = let cniConfigDir = let
@ -38,7 +36,7 @@ let
] ]
} }
''; '';
in pkgs.runCommand "cniConfig" {} '' in pkgs.runCommand "cniConfig" { } ''
set -x set -x
mkdir $out; mkdir $out;
ln -s ${loopback} $out/${loopback.name} ln -s ${loopback} $out/${loopback.name}
@ -107,9 +105,7 @@ let
default_network = "podman" default_network = "podman"
''; '';
in { in {
home.packages = with pkgs; [ home.packages = with pkgs; [ podman ];
podman
];
home.file.".config/containers/containers.conf".source = containersConf; home.file.".config/containers/containers.conf".source = containersConf;

10
nix/home-manager/programs/vscode/default.nix
View file

@ -462,20 +462,16 @@ let
sha256 = "1jmmbz3i0hxq5ka4rsk07mynxh3pkh5g736d9ryv1czhnrb06lwf"; sha256 = "1jmmbz3i0hxq5ka4rsk07mynxh3pkh5g736d9ryv1czhnrb06lwf";
} }
]; ];
in
{ in {
programs.vscode = { programs.vscode = {
enable = true; enable = true;
extensions = [] extensions = [ ] ++ packagedExtensions
++ packagedExtensions
# ++ marketPlaceExtensions # ++ marketPlaceExtensions
; ;
}; };
home.packages = [ home.packages = [ pkgs.nixpkgs-fmt ];
pkgs.nixpkgs-fmt
];
} }
# TODO: automate # TODO: automate

15
nix/home-manager/programs/zsh.nix
View file

@ -3,8 +3,7 @@
{ ... }: { ... }:
let let
just-plugin = just-plugin = let
let
plugin_file = pkgs.writeText "_just" '' plugin_file = pkgs.writeText "_just" ''
#compdef just #compdef just
#autload #autload
@ -43,8 +42,7 @@ in {
# will be called again by oh-my-zsh # will be called again by oh-my-zsh
enableCompletion = false; enableCompletion = false;
enableAutosuggestions = true; enableAutosuggestions = true;
initExtra = let initExtra = let inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
in '' in ''
PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f '
RPROMPT="" RPROMPT=""
@ -59,8 +57,8 @@ in {
${if builtins.hasAttr "homeshick" pkgs then '' ${if builtins.hasAttr "homeshick" pkgs then ''
source ${pkgs.homeshick}/homeshick.sh source ${pkgs.homeshick}/homeshick.sh
fpath=(${pkgs.homeshick}/completions $fpath) fpath=(${pkgs.homeshick}/completions $fpath)
'' else '' '' else
''} ""}
# Disable intercepting of ctrl-s and ctrl-q as flow control. # Disable intercepting of ctrl-s and ctrl-q as flow control.
stty stop ''' -ixoff -ixon stty stop ''' -ixoff -ixon
@ -117,10 +115,7 @@ in {
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
theme = "tjkirch"; theme = "tjkirch";
plugins = [ plugins = [ "git" "sudo" ];
"git"
"sudo"
];
}; };
}; };
} }

3
nix/ops/nano/configuration.nix
View file

@ -5,8 +5,7 @@
{ n, pkgs, ... }: { n, pkgs, ... }:
{ {
imports = imports = [ # Include the results of the hardware scan.
[ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
]; ];

11
nix/ops/nano/hardware-configuration.nix
View file

@ -4,16 +4,15 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules =
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/e02a410e-5044-440f-90e9-b573e51f1315"; device = "/dev/disk/by-uuid/e02a410e-5044-440f-90e9-b573e51f1315";
fsType = "ext4"; fsType = "ext4";
}; };

13
nix/ops/nanos@kn.nix
View file

@ -1,10 +1,10 @@
{ nixpkgs ? import <nixpkgs> {} { nixpkgs ? import <nixpkgs> { }, nrNanos ? 1 # Number of nanos
, nrNanos ? 1 # Number of nanos
}: }:
let let
pkgs = nixpkgs; pkgs = nixpkgs;
webserver = { services.httpd.enable = true; webserver = {
services.httpd.enable = true;
services.httpd.adminAddr = "mail@stefanjunker.de"; services.httpd.adminAddr = "mail@stefanjunker.de";
services.httpd.documentRoot = "${pkgs.nixops}/share/doc/nixops/"; services.httpd.documentRoot = "${pkgs.nixops}/share/doc/nixops/";
networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedTCPPorts = [ 80 ];
@ -12,15 +12,14 @@ let
mkNano = { n }: { mkNano = { n }: {
imports = [ imports = [
(import ./nano/configuration.nix {inherit pkgs n;}) (import ./nano/configuration.nix { inherit pkgs n; })
../configuration/common/user/root.nix ../configuration/common/user/root.nix
]; ];
deployment.targetEnv = "none"; deployment.targetEnv = "none";
deployment.targetHost = "nano${toString n}"; deployment.targetHost = "nano${toString n}";
}; };
mkNanos = n: nixpkgs.lib.nameValuePair "nano${toString n}" ( mkNanos = n:
mkNano { inherit n; } nixpkgs.lib.nameValuePair "nano${toString n}" (mkNano { inherit n; });
);
in nixpkgs.lib.listToAttrs (map mkNanos (nixpkgs.lib.range 0 (nrNanos - 1))) in nixpkgs.lib.listToAttrs (map mkNanos (nixpkgs.lib.range 0 (nrNanos - 1)))

39
nix/os/containers/backup-target.nix
View file

@ -1,14 +1,9 @@
{ hostAddress { hostAddress, localAddress, containerBackupCfg
, localAddress , sshPort ? containerBackupCfg.portInt }: {
, containerBackupCfg
, sshPort ? containerBackupCfg.portInt
}: {
config = { config, pkgs, lib, ... }: { config = { config, pkgs, lib, ... }: {
system.stateVersion = "21.11"; # Did you read the comment? system.stateVersion = "21.11"; # Did you read the comment?
imports = [ imports = [ ../profiles/containers/configuration.nix ];
../profiles/containers/configuration.nix
];
networking.firewall.enable = false; networking.firewall.enable = false;
@ -28,7 +23,8 @@
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNI3H0BRSYOZ/MbTs9J80doJwSd1HymFOP5quNt0J48vxZ5FPVrT2FHpQiNrCcYbCKRsU4X8AiGUHiXC0PapQQ3JDkqp6WZoqBNDx6BI7RadyH1TqVQPlou3pQmCAogzfBInruR53YTDmQqXiPwfM0okPOXgiBNjDfZXOX4+CyUfkmZZwASoicTInqWGkn1sFnh4tyXIkgWflg0njlVmfkVvH71+evvKLYHtoNpVXazkQ0SXbyuW5f3mSta7TNkpC3HbBm+4n+WxYGySrlRLWQhTo+aoWUKk9h5zvECDNpwRtbqzt+bA9nKrdg180ceu8hruwvWNiC6PPA2GW9Z1+VKROviGu1C3dliE/pPCBtK+ZoRVv2CGE+pmAuQsB9Nif9tk5tY6HJhuLNxKYiMfQkiLsDYv6KdZXUIVK/4BIDkZuQNnjhdOQBLnea0ANOhutA9gnjxnsd3UT6ovfazg5gud7n3u4yBtzjTkRrqWZ63eM1NmUVOgMWHQ715pV+hJfOFGqzRBEe3g/p3bWNgpROBYJbG1H8l9DN7emG4FGWsb1HeNFwQ5lS0Zsezb7qzahr4vSmHNugVw7w8ONt5dPbPI9wQnWvkkuHH76P/NYy6OC6lHrN1rXyA1okqdPr06YAZnCot+Pqdgn/ijxgp06J3dtkhin+Q7PoQbGff3ERIw== bkp" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNI3H0BRSYOZ/MbTs9J80doJwSd1HymFOP5quNt0J48vxZ5FPVrT2FHpQiNrCcYbCKRsU4X8AiGUHiXC0PapQQ3JDkqp6WZoqBNDx6BI7RadyH1TqVQPlou3pQmCAogzfBInruR53YTDmQqXiPwfM0okPOXgiBNjDfZXOX4+CyUfkmZZwASoicTInqWGkn1sFnh4tyXIkgWflg0njlVmfkVvH71+evvKLYHtoNpVXazkQ0SXbyuW5f3mSta7TNkpC3HbBm+4n+WxYGySrlRLWQhTo+aoWUKk9h5zvECDNpwRtbqzt+bA9nKrdg180ceu8hruwvWNiC6PPA2GW9Z1+VKROviGu1C3dliE/pPCBtK+ZoRVv2CGE+pmAuQsB9Nif9tk5tY6HJhuLNxKYiMfQkiLsDYv6KdZXUIVK/4BIDkZuQNnjhdOQBLnea0ANOhutA9gnjxnsd3UT6ovfazg5gud7n3u4yBtzjTkRrqWZ63eM1NmUVOgMWHQ715pV+hJfOFGqzRBEe3g/p3bWNgpROBYJbG1H8l9DN7emG4FGWsb1HeNFwQ5lS0Zsezb7qzahr4vSmHNugVw7w8ONt5dPbPI9wQnWvkkuHH76P/NYy6OC6lHrN1rXyA1okqdPr06YAZnCot+Pqdgn/ijxgp06J3dtkhin+Q7PoQbGff3ERIw== bkp"
]; ];
packages = with pkgs; [ packages = with pkgs;
[
btrfsProgs btrfsProgs
# btrbk # btrbk
]; ];
@ -38,16 +34,23 @@
security.sudo = { security.sudo = {
enable = true; enable = true;
extraRules = [ extraRules = [{
{
users = [ "bkp" ]; users = [ "bkp" ];
commands = [ commands = [
{ command = "/etc/profiles/per-user/bkp/bin/btrfs"; options = [ "NOPASSWD" ]; } {
{ command = "/run/current-system/sw/bin/readlink"; options = [ "NOPASSWD" ]; } command = "/etc/profiles/per-user/bkp/bin/btrfs";
{ command = "/run/current-system/sw/bin/test"; options = [ "NOPASSWD" ]; } options = [ "NOPASSWD" ];
]; }
{
command = "/run/current-system/sw/bin/readlink";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/test";
options = [ "NOPASSWD" ];
} }
]; ];
}];
}; };
}; };
@ -61,14 +64,12 @@
}; };
privateNetwork = true; privateNetwork = true;
forwardPorts = [ forwardPorts = [{
{
# ssh # ssh
containerPort = 22; containerPort = 22;
hostPort = sshPort; hostPort = sshPort;
protocol = "tcp"; protocol = "tcp";
} }];
];
inherit hostAddress localAddress; inherit hostAddress localAddress;
} }

55
nix/os/containers/backup.nix
View file

@ -1,9 +1,4 @@
{ config { config, hostAddress, localAddress, subvolumes, targetPathSuffix ? "" }:
, hostAddress
, localAddress
, subvolumes
, targetPathSuffix ? ""
}:
let let
passwords = import ../../variables/passwords.crypt.nix; passwords = import ../../variables/passwords.crypt.nix;
@ -13,14 +8,9 @@ in {
config = { pkgs, ... }: { config = { pkgs, ... }: {
system.stateVersion = "20.03"; # Did you read the comment? system.stateVersion = "20.03"; # Did you read the comment?
imports = [ imports = [ ../profiles/containers/configuration.nix ];
../profiles/containers/configuration.nix
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ btrfs-progs btrbk ];
btrfs-progs
btrbk
];
networking.firewall.enable = true; networking.firewall.enable = true;
@ -28,17 +18,11 @@ in {
enable = true; enable = true;
description = "bkp-sync service"; description = "bkp-sync service";
serviceConfig = { serviceConfig = { Type = "oneshot"; };
Type = "oneshot";
};
after = [ after = [ "bkp-run.service" ];
"bkp-run.service"
];
requires = [ requires = [ "bkp-run.service" ];
"bkp-run.service"
];
path = with pkgs; [ utillinux ]; path = with pkgs; [ utillinux ];
script = '' script = ''
@ -51,13 +35,9 @@ in {
enable = true; enable = true;
description = "bkp-run"; description = "bkp-run";
serviceConfig = { serviceConfig = { Type = "oneshot"; };
Type = "oneshot";
};
partOf = [ partOf = [ "bkp-sync.service" ];
"bkp-sync.service"
];
path = with pkgs; [ btrfs-progs btrbk coreutils ]; path = with pkgs; [ btrfs-progs btrbk coreutils ];
@ -78,7 +58,8 @@ in {
volume ${subvolumeParentDir} volume ${subvolumeParentDir}
target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix} target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix}
${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") "" subvolumes} ${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") ""
subvolumes}
''; '';
in '' in ''
#! ${pkgs.bash}/bin/bash #! ${pkgs.bash}/bin/bash
@ -95,10 +76,10 @@ in {
timerConfig = { timerConfig = {
# Obtained using `systemd-analyze calendar "Wed 23:00"` # Obtained using `systemd-analyze calendar "Wed 23:00"`
# OnCalendar = "Wed *-*-* 23:00:00"; # OnCalendar = "Wed *-*-* 23:00:00";
OnStartupSec="1m"; OnStartupSec = "1m";
Unit = "bkp-sync.service"; Unit = "bkp-sync.service";
OnUnitInactiveSec="2h"; OnUnitInactiveSec = "2h";
Persistent="true"; Persistent = "true";
}; };
}; };
}; };
@ -122,13 +103,13 @@ in {
}; };
}; };
allowedDevices = [ allowedDevices = [{
{ node = "/dev/fuse"; modifier = "rw"; } node = "/dev/fuse";
]; modifier = "rw";
}];
privateNetwork = true; privateNetwork = true;
forwardPorts = [ forwardPorts = [ ];
];
inherit hostAddress localAddress; inherit hostAddress localAddress;
} }

20
nix/os/containers/mailserver.nix
View file

@ -1,22 +1,14 @@
{ hostAddress { hostAddress, localAddress, imapsPort ? 993, sievePort ? 4190 }:
, localAddress
, imapsPort ? 993
, sievePort ? 4190
}:
let let passwords = import ../../variables/passwords.crypt.nix;
passwords = import ../../variables/passwords.crypt.nix;
in in {
{
config = { pkgs, ... }: { config = { pkgs, ... }: {
system.stateVersion = "21.11"; # Did you read the comment? system.stateVersion = "21.11"; # Did you read the comment?
imports = [ imports =
../profiles/containers/configuration.nix [ ../profiles/containers/configuration.nix ../profiles/common/user.nix ];
../profiles/common/user.nix
];
networking.firewall.enable = false; networking.firewall.enable = false;
@ -146,7 +138,7 @@ in
}; };
}; };
privateNetwork = true ; privateNetwork = true;
forwardPorts = [ forwardPorts = [
{ {
# imaps # imaps

11
nix/os/containers/syncthing.nix
View file

@ -1,17 +1,12 @@
{ hostAddress { hostAddress, localAddress, syncthingPort ? 22000
, localAddress , syncthingLocalAnnouncePort ? 21027 }:
, syncthingPort ? 22000
, syncthingLocalAnnouncePort ? 21027
}:
{ {
config = { config, pkgs, ... }: { config = { config, pkgs, ... }: {
system.stateVersion = "20.05"; # Did you read the comment? system.stateVersion = "20.05"; # Did you read the comment?
imports = [ imports = [ ../profiles/containers/configuration.nix ];
../profiles/containers/configuration.nix
];
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [

33
nix/os/containers/webserver.nix
View file

@ -1,19 +1,11 @@
{ hostAddress { hostAddress, localAddress, httpPort ? 80, httpsPort ? 443 }:
, localAddress
, httpPort ? 80
, httpsPort ? 443
}:
let let passwords = import ../../variables/passwords.crypt.nix;
passwords = import ../../variables/passwords.crypt.nix; in {
in
{
config = { config, pkgs, lib, ... }: { config = { config, pkgs, lib, ... }: {
system.stateVersion = "22.05"; # Did you read the comment? system.stateVersion = "22.05"; # Did you read the comment?
imports = [ imports = [ ../profiles/containers/configuration.nix ];
../profiles/containers/configuration.nix
];
networking.firewall.enable = false; networking.firewall.enable = false;
@ -58,20 +50,16 @@ in
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt"; # sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key"; # sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
locations."/fi" = { locations."/fi" = { index = "index.php"; };
index = "index.php";
};
locations."~ ^(.+\.php)(.*)$".extraConfig = '' locations."~ ^(.+.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket}; fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket};
fastcgi_index index.php; fastcgi_index index.php;
''; '';
locations."/hedgedoc/" = { locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; };
proxyPass = "http://127.0.0.1:3000/";
};
locations."/hedgedoc/socket.io/" = { locations."/hedgedoc/socket.io/" = {
proxyPass = "http://127.0.0.1:3000/socket.io/"; proxyPass = "http://127.0.0.1:3000/socket.io/";
@ -92,15 +80,14 @@ in
"pm.max_spare_servers" = 3; "pm.max_spare_servers" = 3;
"pm.max_requests" = 500; "pm.max_requests" = 500;
"php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED"; "php_admin_value[error_reporting]" =
"E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
}; };
}; };
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work # the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
systemd.services."phpfpm-mypool" = { systemd.services."phpfpm-mypool" = {
serviceConfig = { serviceConfig = { Type = lib.mkForce "simple"; };
Type = lib.mkForce "simple";
};
}; };
services.mysql = { services.mysql = {

4
nix/os/devices/167.233.1.14/boot.nix
View file

@ -1,6 +1,4 @@
{ lib { lib, ... }:
, ...
}:
{ {
boot.loader.grub.efiSupport = lib.mkForce false; boot.loader.grub.efiSupport = lib.mkForce false;

3
nix/os/devices/167.233.1.14/configuration.nix
View file

@ -1,8 +1,7 @@
{ ... }: { ... }:
{ {
disabledModules = [ disabledModules = [ ];
];
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix

13
nix/os/devices/167.233.1.14/hw.nix
View file

@ -18,8 +18,7 @@ let
"ata_generic" "ata_generic"
]; ];
in in {
{
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02"; device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02";
fsType = "ext4"; fsType = "ext4";
@ -39,14 +38,12 @@ in
neededForBoot = true; neededForBoot = true;
}; };
swapDevices = [ { device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; } ]; swapDevices =
[{ device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; }];
boot.loader.grub = { boot.loader.grub = { device = "/dev/vda"; };
device = "/dev/vda";
};
boot.initrd.availableKernelModules = stage1Modules; boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules; boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = '' boot.extraModprobeConfig = "";
'';
} }

25
nix/os/devices/167.233.1.14/pkg.nix
View file

@ -1,14 +1,14 @@
{ config { config, pkgs, lib, ... }:
, pkgs
, lib
, ...
}:
{ {
nixpkgs.config.packageOverrides = pkgs: with pkgs; { nixpkgs.config.packageOverrides = pkgs:
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath; with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs; inherit pkgs;
extraPackages = [ extraPackages = [
# required by vscode's remote-ssh plugin # required by vscode's remote-ssh plugin
@ -20,11 +20,10 @@
]; ];
}; };
nix.buildMachines = [ nix.buildMachines = [{
{ hostName = "localhost"; hostName = "localhost";
system = "x86_64-linux"; system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4; maxJobs = 4;
} }];
];
} }

44
nix/os/devices/167.233.1.14/system.nix
View file

@ -1,15 +1,9 @@
{ pkgs { pkgs, lib, config, ... }:
, lib
, config
, ... }:
let let keys = import ../../../variables/keys.nix;
keys = import ../../../variables/keys.nix;
in { in {
nix.binaryCaches = [ nix.binaryCaches = [ "https://cache.holo.host" ];
"https://cache.holo.host"
];
nix.binaryCachePublicKeys = [ nix.binaryCachePublicKeys = [
"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE=" "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
@ -32,11 +26,11 @@ in {
networking.interfaces.eth0 = { networking.interfaces.eth0 = {
mtu = 1400; mtu = 1400;
useDHCP = false; useDHCP = false;
ipv4.addresses = [ ipv4.addresses = [{
{ "address" = "167.233.1.14"; "prefixLength" = 29; } "address" = "167.233.1.14";
]; "prefixLength" = 29;
ipv6.addresses = [ }];
]; ipv6.addresses = [ ];
}; };
networking.defaultGateway = { networking.defaultGateway = {
@ -49,9 +43,7 @@ in {
interface = "eth0"; interface = "eth0";
}; };
networking.nameservers = [ networking.nameservers = [ "1.1.1.1" ];
"1.1.1.1"
];
networking.nat = { networking.nat = {
enable = true; enable = true;
@ -63,9 +55,7 @@ in {
# services.kubernetes.roles = ["master" "node"]; # services.kubernetes.roles = ["master" "node"];
# virtualization # virtualization
virtualisation = { virtualisation = { docker.enable = true; };
docker.enable = true;
};
services.spice-vdagentd.enable = true; services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
@ -79,25 +69,21 @@ in {
''; '';
}; };
systemd.services.sshd.serviceConfig = { systemd.services.sshd.serviceConfig = { TasksMax = 32; };
TasksMax = 32;
};
systemd.timers."sshd-status" = { systemd.timers."sshd-status" = {
description = "Timer to trigger sshd-status periodically"; description = "Timer to trigger sshd-status periodically";
enable = true; enable = true;
wantedBy = [ "timer.target" "multi-user.target" ]; wantedBy = [ "timer.target" "multi-user.target" ];
timerConfig = { timerConfig = {
OnActiveSec="360s"; OnActiveSec = "360s";
OnUnitActiveSec="360s"; OnUnitActiveSec = "360s";
AccuracySec="1s"; AccuracySec = "1s";
Unit = "sshd-status.service"; Unit = "sshd-status.service";
}; };
}; };
nix.gc = { nix.gc = { automatic = true; };
automatic = true;
};
networking.useHostResolvConf = true; networking.useHostResolvConf = true;

3
nix/os/devices/167.233.1.14/versions.nix
View file

@ -4,9 +4,8 @@ let
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "e34c5379866833f41e2a36f309912fa675d687c7"; rev = "e34c5379866833f41e2a36f309912fa675d687c7";
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-21.05" = { "channels-nixos-21.05" = {

35
nix/os/devices/167.233.1.14/versions.tmpl.nix
View file

@ -2,46 +2,61 @@ let
nixpkgs = { nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-21.05" = { "channels-nixos-21.05" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.05"; ref = "nixos-21.05";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.05 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.05 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"channels-nixos-20.09" = { "channels-nixos-20.09" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09"; ref = "nixos-20.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"channels-nixos-20.03" = { "channels-nixos-20.03" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.03"; ref = "nixos-20.03";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"channels-nixos-19.09" = { "channels-nixos-19.09" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-19.09"; ref = "nixos-19.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable"; ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"nixpkgs-master" = { "nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "master"; ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"home-manager-module" = { "home-manager-module" = {
url = "https://github.com/nix-community/home-manager"; url = "https://github.com/nix-community/home-manager";
ref = "release-21.05"; ref = "release-21.05";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.05 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.05 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
} }

33
nix/os/devices/default.nix
View file

@ -1,23 +1,16 @@
{ dir { dir, pkgs ? import <channels-nixos-stable> { }
, pkgs ? import <channels-nixos-stable> {} , ownLib ? import ../lib/default.nix { }, gitRoot ?
, ownLib ? import ../lib/default.nix { } "$(git rev-parse --show-toplevel)"
, gitRoot ? "$(git rev-parse --show-toplevel)"
# FIXME: why do these need explicit mentioning? # FIXME: why do these need explicit mentioning?
, moreargs ? "" , moreargs ? "", rebuildarg ? "", ... }@args:
, rebuildarg ? ""
, ...
} @ args :
let let
rebuildargsSudo = [ "switch" "boot" ]; rebuildargsSudo = [ "switch" "boot" ];
rebuild = { rebuild = { gitRoot, rebuildarg ? "dry-activate", moreargs ? ""
gitRoot
, rebuildarg ? "dry-activate"
, moreargs ? ""
, ... , ... }:
}: pkgs.writeScript "script" '' pkgs.writeScript "script" ''
#!/usr/bin/env bash #!/usr/bin/env bash
set -xe set -xe
@ -31,16 +24,13 @@ let
fi fi
${if (builtins.elem rebuildarg rebuildargsSudo) ${if (builtins.elem rebuildarg rebuildargsSudo)
&& (builtins.match ".*--target-host.*" moreargs) == null && (builtins.match ".*--target-host.*" moreargs) == null then
then
"sudo -E \\" "sudo -E \\"
else else
"" ""}
}
nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs} nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs}
''; '';
in { in {
recipes = { recipes = {
rebuild = rebuild { rebuild = rebuild {
@ -51,6 +41,5 @@ in {
# // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; } # // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
# // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; } # // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
; ;
} // (import ./disk.nix (args // { inherit pkgs ownLib gitRoot; })) } // (import ./disk.nix (args // { inherit pkgs ownLib gitRoot; }));
;
} }

52
nix/os/devices/disk.nix
View file

@ -1,16 +1,12 @@
{ pkgs { pkgs, ownLib, dir, gitRoot, diskId ?
, ownLib (import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
, dir { }).hardware.opinionatedDisk.diskId, encrypted ?
, gitRoot (import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
, diskId ? (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.opinionatedDisk.diskId { }).hardware.opinionatedDisk.encrypted, previousDiskId ? ""
, encrypted ? (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.opinionatedDisk.encrypted
, previousDiskId ? ""
, ... , ... }:
}:
let let mntRootVol = "/mnt/${diskId}-root";
mntRootVol="/mnt/${diskId}-root";
in rec { in rec {
diskMount = pkgs.writeScript "script" '' diskMount = pkgs.writeScript "script" ''
@ -18,14 +14,18 @@ in rec {
set -xe set -xe
echo Mounting ${diskId} echo Mounting ${diskId}
${pkgs.lib.strings.optionalString encrypted '' ${pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId} sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''} ''}
sleep 1 sleep 1
sudo vgchange -ay ${ownLib.disk.volumeGroup diskId} sudo vgchange -ay ${ownLib.disk.volumeGroup diskId}
sudo mkdir -p /mnt sudo mkdir -p /mnt
sudo mkdir ${mntRootVol} sudo mkdir ${mntRootVol}
sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol} sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}
sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}/nixos/home -o subvol=home sudo mount ${
ownLib.disk.rootFsDevice diskId
} ${mntRootVol}/nixos/home -o subvol=home
sudo mount ${ownLib.disk.bootFsDevice diskId} ${mntRootVol}/nixos/boot sudo mount ${ownLib.disk.bootFsDevice diskId} ${mntRootVol}/nixos/boot
''; '';
@ -62,7 +62,9 @@ in rec {
#!/usr/bin/env bash #!/usr/bin/env bash
set -xe set -xe
read -p "Continue to format ${ownLib.disk.bootGrubDevice diskId} (YES/n)? " choice read -p "Continue to format ${
ownLib.disk.bootGrubDevice diskId
} (YES/n)? " choice
case "$choice" in case "$choice" in
YES ) echo "Continuing in 3 seconds..."; sleep 3;; YES ) echo "Continuing in 3 seconds..."; sleep 3;;
n|N ) echo "Exiting..."; exit 0;; n|N ) echo "Exiting..."; exit 0;;
@ -109,11 +111,15 @@ in rec {
${pkgs.lib.strings.optionalString encrypted '' ${pkgs.lib.strings.optionalString encrypted ''
# Encrypt # Encrypt
sudo cryptsetup luksFormat ${ownLib.disk.bootLuksDevice diskId} - sudo cryptsetup luksFormat ${ownLib.disk.bootLuksDevice diskId} -
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId} sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''} ''}
# LVM # LVM
sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${ownLib.disk.lvmPv diskId encrypted} sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${
ownLib.disk.lvmPv diskId encrypted
}
sudo lvcreate ${ownLib.disk.volumeGroup diskId} -L 2G -n swap sudo lvcreate ${ownLib.disk.volumeGroup diskId} -L 2G -n swap
sudo lvcreate ${ownLib.disk.volumeGroup diskId} -l 100%FREE -n root sudo lvcreate ${ownLib.disk.volumeGroup diskId} -l 100%FREE -n root
@ -137,7 +143,9 @@ in rec {
#!/usr/bin/env bash #!/usr/bin/env bash
set -xe set -xe
read -p "Continue to relabel ${ownLib.disk.bootGrubDevice diskId} (YES/n)?" choice read -p "Continue to relabel ${
ownLib.disk.bootGrubDevice diskId
} (YES/n)?" choice
case "$choice" in case "$choice" in
YES ) echo "Continuing in 3 seconds..."; sleep 3;; YES ) echo "Continuing in 3 seconds..."; sleep 3;;
n|N ) echo "Exiting..."; exit 0;; n|N ) echo "Exiting..."; exit 0;;
@ -168,9 +176,13 @@ in rec {
if test "${previousDiskId}"; then if test "${previousDiskId}"; then
${pkgs.lib.strings.optionalString encrypted '' ${
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId} pkgs.lib.strings.optionalString encrypted ''
''} sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''
}
sync sync
sleep 1 sleep 1
if sudo vgs ${previousDiskId}; then if sudo vgs ${previousDiskId}; then

4
nix/os/devices/elias-e525/boot.nix
View file

@ -1,6 +1,4 @@
{ lib { lib, ... }:
, ...
}:
{ {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;

3
nix/os/devices/elias-e525/hw.nix
View file

@ -9,6 +9,5 @@
}; };
# boot.initrd.availableKernelModules = stage1Modules; # boot.initrd.availableKernelModules = stage1Modules;
boot.extraModprobeConfig = '' boot.extraModprobeConfig = "";
'';
} }

35
nix/os/devices/elias-e525/pkg.nix
View file

@ -1,13 +1,11 @@
{ pkgs { pkgs, lib, ... }:
, lib
, ...
}:
let let
homeEnv = keyboard: homeEnv = keyboard: {
{
imports = [ imports = [
(import ../../../home-manager/configuration/graphical-gnome3.nix { inherit pkgs; }) (import ../../../home-manager/configuration/graphical-gnome3.nix {
inherit pkgs;
})
]; ];
home.keyboard = keyboard; home.keyboard = keyboard;
@ -20,17 +18,16 @@ let
jitsi jitsi
]; ];
}; };
in
{ in {
nixpkgs.config.packageOverrides = pkgs: with pkgs; { nixpkgs.config.packageOverrides = pkgs:
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath; with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
}; };
services.gnome = services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) {
builtins.mapAttrs
(attr: value: lib.mkForce value)
{
games.enable = true; games.enable = true;
gnome-remote-desktop.enable = true; gnome-remote-desktop.enable = true;
gnome-user-share.enable = true; gnome-user-share.enable = true;
@ -38,8 +35,7 @@ in
sushi.enable = true; sushi.enable = true;
tracker.enable = true; tracker.enable = true;
tracker-miners.enable = true; tracker-miners.enable = true;
} };
;
home-manager.users.steveej = homeEnv { home-manager.users.steveej = homeEnv {
layout = "en"; layout = "en";
@ -49,17 +45,16 @@ in
home-manager.users.elias = homeEnv { home-manager.users.elias = homeEnv {
layout = "de"; layout = "de";
options = []; options = [ ];
variant = ""; variant = "";
}; };
home-manager.users.justyna = homeEnv { home-manager.users.justyna = homeEnv {
layout = "de"; layout = "de";
options = []; options = [ ];
variant = ""; variant = "";
}; };
services.teamviewer.enable = true; services.teamviewer.enable = true;
system.stateVersion = "21.11"; system.stateVersion = "21.11";
} }

19
nix/os/devices/elias-e525/system.nix
View file

@ -1,13 +1,8 @@
{ pkgs { pkgs, lib, config, ... }:
, lib
, config
, ... }:
let let
in in {
{
# TASK: new device # TASK: new device
networking.hostName = "elias-e525"; # Define your hostname. networking.hostName = "elias-e525"; # Define your hostname.
@ -22,10 +17,7 @@ in
services.printing = { services.printing = {
enable = true; enable = true;
drivers = with pkgs; [ drivers = with pkgs; [ mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
}; };
services.fprintd.enable = true; services.fprintd.enable = true;
@ -49,9 +41,8 @@ in
# udev.packages = [ pkgs.gnome3.gnome-settings-daemon ]; # udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
}; };
security.pki.certificateFiles = [ security.pki.certificateFiles =
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
];
services.xserver.videoDrivers = [ "modesetting" ]; services.xserver.videoDrivers = [ "modesetting" ];

4
nix/os/devices/elias-e525/user.nix
View file

@ -1,6 +1,4 @@
{ config { config, pkgs, ... }:
, pkgs
, ... }:
let let
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/elias-e525/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb"; rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { nixos = nixpkgs // { suffix = "/nixos"; };
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";

23
nix/os/devices/elias-e525/versions.tmpl.nix
View file

@ -2,29 +2,34 @@ let
nixpkgs = { nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { nixos = nixpkgs // { suffix = "/nixos"; };
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable"; ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"nixpkgs-master" = { "nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "master"; ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"home-manager-module" = { "home-manager-module" = {
url = "https://github.com/nix-community/home-manager"; url = "https://github.com/nix-community/home-manager";
ref = "release-21.11"; ref = "release-21.11";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
} }

4
nix/os/devices/fwhost1/boot.nix
View file

@ -1,6 +1,4 @@
{ lib { lib, ... }:
, ...
}:
{ {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;

6
nix/os/devices/fwhost1/hw.nix
View file

@ -2,8 +2,7 @@
let let
in in {
{
# TASK: new device # TASK: new device
hardware.opinionatedDisk = { hardware.opinionatedDisk = {
enable = true; enable = true;
@ -12,6 +11,5 @@ in
}; };
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
boot.extraModprobeConfig = '' boot.extraModprobeConfig = "";
'';
} }

22
nix/os/devices/fwhost1/pkg.nix
View file

@ -1,18 +1,18 @@
{ pkgs { pkgs, ... }:
, ...
}:
{ {
nixpkgs.config.packageOverrides = pkgs: with pkgs; { nixpkgs.config.packageOverrides = pkgs:
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath; with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
environment.systemPackages = with pkgs; [ iw wirelesstools ];
environment.systemPackages = with pkgs; [
iw
wirelesstools
];
system.stateVersion = "21.11"; system.stateVersion = "21.11";
} }

20
nix/os/devices/fwhost1/system.nix
View file

@ -1,7 +1,4 @@
{ pkgs { pkgs, lib, config, ... }:
, lib
, config
, ... }:
let let
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
@ -31,16 +28,25 @@ in {
# WAN interfaces, currently unused because the OPNsense guest acts as a router. # WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3; networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth"; networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.15"; prefixLength = 24; } ]; networking.interfaces.wan1.ipv4.addresses = [{
address = "192.168.0.15";
prefixLength = 24;
}];
networking.vlans.wan2.id = 4; networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth"; networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.15"; prefixLength = 12; } ]; networking.interfaces.wan2.ipv4.addresses = [{
address = "172.16.0.15";
prefixLength = 12;
}];
# Local interfaces, all accessed via VLAN tags on the main bridge # Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1; networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth"; networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{ address = "172.172.171.15"; prefixLength = 24; } ]; networking.interfaces.lan.ipv4.addresses = [{
address = "172.172.171.15";
prefixLength = 24;
}];
networking.vlans.dmz.id = 5; networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth"; networking.vlans.dmz.interface = "breth";

7
nix/os/devices/fwhost1/user.nix
View file

@ -1,11 +1,8 @@
{ config { config, pkgs, ... }:
, pkgs
, ... }:
let let
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser; inherit (import ../../lib/default.nix { }) mkUser;
in { in { }
}

7
nix/os/devices/fwhost1/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb"; rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { nixos = nixpkgs // { suffix = "/nixos"; };
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {

23
nix/os/devices/fwhost1/versions.tmpl.nix
View file

@ -2,30 +2,35 @@ let
nixpkgs = { nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { nixos = nixpkgs // { suffix = "/nixos"; };
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable"; ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"nixpkgs-master" = { "nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "master"; ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"home-manager-module" = { "home-manager-module" = {
url = "https://github.com/nix-community/home-manager"; url = "https://github.com/nix-community/home-manager";
ref = "release-21.11"; ref = "release-21.11";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
} }

4
nix/os/devices/fwhost2/boot.nix
View file

@ -1,6 +1,4 @@
{ lib { lib, ... }:
, ...
}:
{ {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;

6
nix/os/devices/fwhost2/hw.nix
View file

@ -2,8 +2,7 @@
let let
in in {
{
# TASK: new device # TASK: new device
hardware.opinionatedDisk = { hardware.opinionatedDisk = {
enable = true; enable = true;
@ -12,6 +11,5 @@ in
}; };
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
boot.extraModprobeConfig = '' boot.extraModprobeConfig = "";
'';
} }

22
nix/os/devices/fwhost2/pkg.nix
View file

@ -1,18 +1,18 @@
{ pkgs { pkgs, ... }:
, ...
}:
{ {
nixpkgs.config.packageOverrides = pkgs: with pkgs; { nixpkgs.config.packageOverrides = pkgs:
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath; with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
environment.systemPackages = with pkgs; [ iw wirelesstools ];
environment.systemPackages = with pkgs; [
iw
wirelesstools
];
system.stateVersion = "21.11"; system.stateVersion = "21.11";
} }

21
nix/os/devices/fwhost2/system.nix
View file

@ -1,8 +1,4 @@
{ pkgs { pkgs, lib, config, utils, ... }:
, lib
, config
, utils
, ... }:
let let
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
@ -32,16 +28,25 @@ in {
# WAN interfaces, currently unused because the OPNsense guest acts as a router. # WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3; networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth"; networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.16"; prefixLength = 24; } ]; networking.interfaces.wan1.ipv4.addresses = [{
address = "192.168.0.16";
prefixLength = 24;
}];
networking.vlans.wan2.id = 4; networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth"; networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.16"; prefixLength = 12; } ]; networking.interfaces.wan2.ipv4.addresses = [{
address = "172.16.0.16";
prefixLength = 12;
}];
# Local interfaces, all accessed via VLAN tags on the main bridge # Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1; networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth"; networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{ address = "172.172.171.16"; prefixLength = 24; } ]; networking.interfaces.lan.ipv4.addresses = [{
address = "172.172.171.16";
prefixLength = 24;
}];
networking.vlans.dmz.id = 5; networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth"; networking.vlans.dmz.interface = "breth";

4
nix/os/devices/fwhost2/user.nix
View file

@ -1,6 +1,4 @@
{ config { config, pkgs, ... }:
, pkgs
, ... }:
let let
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/fwhost2/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb"; rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { nixos = nixpkgs // { suffix = "/nixos"; };
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {

23
nix/os/devices/fwhost2/versions.tmpl.nix
View file

@ -2,30 +2,35 @@ let
nixpkgs = { nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { nixos = nixpkgs // { suffix = "/nixos"; };
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable"; ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"nixpkgs-master" = { "nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "master"; ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"home-manager-module" = { "home-manager-module" = {
url = "https://github.com/nix-community/home-manager"; url = "https://github.com/nix-community/home-manager";
ref = "release-21.11"; ref = "release-21.11";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
} }

4
nix/os/devices/srv0.home-ch.stefanjunker.de/boot.nix
View file

@ -1,6 +1,4 @@
{ lib { lib, ... }:
, ...
}:
{ {
boot.loader.grub.efiSupport = true; boot.loader.grub.efiSupport = true;

3
nix/os/devices/srv0.home-ch.stefanjunker.de/configuration.nix
View file

@ -1,8 +1,7 @@
{ ... }: { ... }:
{ {
disabledModules = [ disabledModules = [ ];
];
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix ../../modules/opinionatedDisk.nix

6
nix/os/devices/srv0.home-ch.stefanjunker.de/hw.nix
View file

@ -20,8 +20,7 @@ let
"xhci_pci" "xhci_pci"
]; ];
in in {
{
# TASK: new device # TASK: new device
hardware.opinionatedDisk = { hardware.opinionatedDisk = {
enable = true; enable = true;
@ -31,6 +30,5 @@ in
boot.initrd.availableKernelModules = stage1Modules; boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules; boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = '' boot.extraModprobeConfig = "";
'';
} }

27
nix/os/devices/srv0.home-ch.stefanjunker.de/pkg.nix
View file

@ -1,22 +1,23 @@
{ config { config, pkgs, lib, ... }:
, pkgs
, lib
, ...
}:
{ {
nixpkgs.config.packageOverrides = pkgs: with pkgs; { nixpkgs.config.packageOverrides = pkgs:
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath; with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
nix.buildMachines = [ nix.buildMachines = [{
{ hostName = "localhost"; hostName = "localhost";
system = "x86_64-linux"; system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4; maxJobs = 4;
} }];
];
# services.hydra = { # services.hydra = {
# enable = false; # enable = false;

27
nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix
View file

@ -1,10 +1,6 @@
{ pkgs { pkgs, lib, config, ... }:
, lib
, config
, ... }:
let let keys = import ../../../variables/keys.nix;
keys = import ../../../variables/keys.nix;
in { in {
# TASK: new device # TASK: new device
@ -46,18 +42,12 @@ in {
# services.kubernetes.roles = ["master" "node"]; # services.kubernetes.roles = ["master" "node"];
# virtualization # virtualization
virtualisation = { virtualisation = { docker.enable = true; };
docker.enable = true;
};
nix.gc = { nix.gc = { automatic = true; };
automatic = true;
};
networking.useHostResolvConf = false; networking.useHostResolvConf = false;
services.resolved = { services.resolved = { enable = true; };
enable = true;
};
containers = { containers = {
mailserver = import ../../containers/mailserver.nix { mailserver = import ../../containers/mailserver.nix {
@ -87,12 +77,7 @@ in {
inherit config; inherit config;
hostAddress = "192.168.100.16"; hostAddress = "192.168.100.16";
localAddress = "192.168.100.17"; localAddress = "192.168.100.17";
subvolumes = [ subvolumes = [ "mailserver" "webserver" "backup" "syncthing" ];
"mailserver"
"webserver"
"backup"
"syncthing"
];
}; };
}; };

3
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.nix
View file

@ -4,9 +4,8 @@ let
ref = "nixos-22.05"; ref = "nixos-22.05";
rev = "040c6d8374d090f46ab0e99f1f7c27a4529ecffd"; rev = "040c6d8374d090f46ab0e99f1f7c27a4529ecffd";
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"nixpkgs-master" = { "nixpkgs-master" = {

15
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.tmpl.nix
View file

@ -2,21 +2,26 @@ let
nixpkgs = { nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-22.05"; ref = "nixos-22.05";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"nixpkgs-master" = { "nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "master"; ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"home-manager-module" = { "home-manager-module" = {
url = "https://github.com/nix-community/home-manager"; url = "https://github.com/nix-community/home-manager";
ref = "release-22.05"; ref = "release-22.05";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
} }

2
nix/os/devices/steveej-nuc7pjyh-work/system.nix
View file

@ -3,7 +3,7 @@
let let
in { in {
services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"''; services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"'';
users.groups.sgx = {}; users.groups.sgx = { };
networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname. networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname.
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest;
} }

19
nix/os/devices/steveej-nuc7pjyh-work/user.nix
View file

@ -1,6 +1,4 @@
{ config { config, pkgs, ... }:
, pkgs
, ... }:
let let
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;
@ -11,10 +9,19 @@ in {
users.extraUsers.sjunker = mkUser { users.extraUsers.sjunker = mkUser {
uid = 1001; uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh; openssh.authorizedKeys.keys = keys.users.steveej.openssh;
shell = pkgs.posh { image = "quay.io/enarx/fedora"; run_args = "-v /dev/sgx:/dev/sgx"; }; shell = pkgs.posh {
image = "quay.io/enarx/fedora";
run_args = "-v /dev/sgx:/dev/sgx";
};
extraGroups = [ "sgx" ]; extraGroups = [ "sgx" ];
subUidRanges = [{ startUid = 100000; count = 65536; }]; subUidRanges = [{
subGidRanges = [{ startGid = 100000; count = 65536; }]; startUid = 100000;
count = 65536;
}];
subGidRanges = [{
startGid = 100000;
count = 65536;
}];
}; };
} }

4
nix/os/devices/steveej-pa600/boot.nix
View file

@ -1,6 +1,4 @@
{ lib { lib, ... }:
, ...
}:
{ {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;

6
nix/os/devices/steveej-pa600/hw.nix
View file

@ -10,8 +10,7 @@ let
"hxci_hcd" "hxci_hcd"
]; ];
in in {
{
# TASK: new device # TASK: new device
hardware.opinionatedDisk = { hardware.opinionatedDisk = {
enable = true; enable = true;
@ -21,6 +20,5 @@ in
# boot.initrd.availableKernelModules = stage1Modules; # boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules; boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = '' boot.extraModprobeConfig = "";
'';
} }

16
nix/os/devices/steveej-pa600/pkg.nix
View file

@ -1,12 +1,16 @@
{ pkgs { pkgs, ... }:
, ...
}:
{ {
nixpkgs.config.packageOverrides = pkgs: with pkgs; { nixpkgs.config.packageOverrides = pkgs:
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath; with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { inherit pkgs; };
services.teamviewer.enable = true; services.teamviewer.enable = true;
system.stateVersion = "20.09"; system.stateVersion = "20.09";
} }

19
nix/os/devices/steveej-pa600/system.nix
View file

@ -1,10 +1,6 @@
{ pkgs { pkgs, lib, config, ... }:
, lib
, config
, ... }:
let let keys = import ../../../variables/keys.nix;
keys = import ../../../variables/keys.nix;
in { in {
# TASK: new device # TASK: new device
@ -21,11 +17,7 @@ in {
services.printing = { services.printing = {
enable = true; enable = true;
drivers = with pkgs; [ drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
hplip
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
}; };
services.fprintd.enable = true; services.fprintd.enable = true;
@ -34,9 +26,8 @@ in {
sudo.fprintAuth = true; sudo.fprintAuth = true;
}; };
security.pki.certificateFiles = [ security.pki.certificateFiles =
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
];
services.xserver.videoDrivers = [ "modesetting" ]; services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.serverFlagsSection = '' services.xserver.serverFlagsSection = ''

4
nix/os/devices/steveej-pa600/user.nix
View file

@ -1,6 +1,4 @@
{ config { config, pkgs, ... }:
, pkgs
, ... }:
let let
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/steveej-pa600/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-20.09"; ref = "nixos-20.09";
rev = "e065200fc90175a8f6e50e76ef10a48786126e1c"; rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { nixos = nixpkgs // { suffix = "/nixos"; };
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";

23
nix/os/devices/steveej-pa600/versions.tmpl.nix
View file

@ -2,29 +2,34 @@ let
nixpkgs = { nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09"; ref = "nixos-20.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { nixos = nixpkgs // { suffix = "/nixos"; };
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable"; ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"nixpkgs-master" = { "nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "master"; ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
"home-manager-module" = { "home-manager-module" = {
url = "https://github.com/nix-community/home-manager"; url = "https://github.com/nix-community/home-manager";
ref = "release-20.09"; ref = "release-20.09";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>"; rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
}; };
} }

3
nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix
View file

@ -1,5 +1,6 @@
{ ... }: { ... }:
{ {
networking.hostName = "steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname. networking.hostName =
"steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname.
} }

7
nix/os/devices/steveej-rmvbl-sdep0/configuration.nix
View file

@ -1,8 +1,11 @@
{ ... }: { ... }:
{ {
nixpkgs.config.packageOverrides = pkgs: with pkgs; { nixpkgs.config.packageOverrides = pkgs:
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath; with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
}; };
imports = [ imports = [

17
nix/os/devices/steveej-rmvbl-sdep0/versions.nix
View file

@ -4,20 +4,17 @@ let
ref = "nixos-21.11"; ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb"; rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { nixos = nixpkgs // { suffix = "/nixos"; };
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
# "channels-nixos-21.05" = { # "channels-nixos-21.05" = {
# url = "https://github.com/NixOS/nixpkgs/"; # url = "https://github.com/NixOS/nixpkgs/";
# ref = "nixos-21.05"; # ref = "nixos-21.05";
# rev = "df123677560db3b0db7c19d71981b11091fbeaf6"; # rev = "df123677560db3b0db7c19d71981b11091fbeaf6";
# }; # };
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable"; ref = "nixos-unstable";

5
nix/os/devices/steveej-t14/boot.nix
View file

@ -1,7 +1,4 @@
{ lib { lib, pkgs, ... }:
, pkgs
, ...
}:
{ {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;

3
nix/os/devices/steveej-t14/hw.nix
View file

@ -11,8 +11,7 @@ let
"e1000e" "e1000e"
]; ];
in in {
{
# TASK: new device # TASK: new device
hardware.opinionatedDisk = { hardware.opinionatedDisk = {
enable = true; enable = true;

16
nix/os/devices/steveej-t14/pkg.nix
View file

@ -1,12 +1,16 @@
{ pkgs { pkgs, ... }:
, ...
}:
{ {
nixpkgs.config.packageOverrides = pkgs: with pkgs; { nixpkgs.config.packageOverrides = pkgs:
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath; with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { inherit pkgs; };
services.teamviewer.enable = true; services.teamviewer.enable = true;
system.stateVersion = "20.09"; system.stateVersion = "20.09";
} }

45
nix/os/devices/steveej-t14/system.nix
View file

@ -1,16 +1,10 @@
{ pkgs { pkgs, lib, config, ... }:
, lib
, config
, ... }:
let let keys = import ../../../variables/keys.nix;
keys = import ../../../variables/keys.nix;
in { in {
nix = { nix = {
binaryCaches = [ binaryCaches =
"https://holochain-ci.cachix.org" [ "https://holochain-ci.cachix.org" "https://cache.holo.host/" ];
"https://cache.holo.host/"
];
binaryCachePublicKeys = [ binaryCachePublicKeys = [
"holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8=" "holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8="
"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE=" "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
@ -21,10 +15,11 @@ in {
# TASK: new device # TASK: new device
networking.hostName = "steveej-t14"; # Define your hostname. networking.hostName = "steveej-t14"; # Define your hostname.
networking.bridges."virbr1".interfaces = []; networking.bridges."virbr1".interfaces = [ ];
networking.interfaces."virbr1".ipv4.addresses = [ networking.interfaces."virbr1".ipv4.addresses = [{
{ address = "10.254.254.254"; prefixLength = 24; } address = "10.254.254.254";
]; prefixLength = 24;
}];
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
@ -40,11 +35,7 @@ in {
services.printing = { services.printing = {
enable = true; enable = true;
drivers = with pkgs; [ drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
hplip
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
}; };
services.fprintd.enable = true; services.fprintd.enable = true;
@ -55,12 +46,10 @@ in {
# virtualization # virtualization
virtualisation = { virtualisation = {
libvirtd = { libvirtd = { enable = true; };
enable = true;
};
virtualbox.host = { virtualbox.host = {
enable = false ; enable = false;
addNetworkInterface = false; addNetworkInterface = false;
}; };
@ -74,14 +63,10 @@ in {
# client min protocol = NT1 # client min protocol = NT1
''; '';
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
security.pki.certificateFiles = [ services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ];
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
services.xserver.videoDrivers = lib.mkForce [
"amdgpu"
];
services.xserver.serverFlagsSection = '' services.xserver.serverFlagsSection = ''
Option "BlankTime" "0" Option "BlankTime" "0"
Option "StandbyTime" "0" Option "StandbyTime" "0"

4
nix/os/devices/steveej-t14/user.nix
View file

@ -1,6 +1,4 @@
{ config { config, pkgs, ... }:
, pkgs
, ... }:
let let
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/steveej-t14/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-22.05"; ref = "nixos-22.05";
rev = "6107f97012a0c134c5848125b5aa1b149b76d2c9"; rev = "6107f97012a0c134c5848125b5aa1b149b76d2c9";
}; };
in
{ in {
inherit nixpkgs; inherit nixpkgs;
nixos = nixpkgs // { nixos = nixpkgs // { suffix = "/nixos"; };
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs; "channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = { "channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/"; url = "https://github.com/NixOS/nixpkgs/";

Some files were not shown because too many files have changed in this diff Show more