Merge branch 'staging' into 'master'

environments with direnv and vm based config tests

See merge request steveeJ/nix-expressions!3

.gitignore

@@ -1,2 +1,2 @@
 *.swp
-result
+*.qcow2

container-images/default.nix

@@ -33,7 +33,7 @@ in rec {
       procps
       zsh
       coreutils
-      vim
+      neovim
     ];
 
     config = {

environments/dev/go/default.nix

@@ -68,7 +68,7 @@ let
       gox.bin
       #ginkgo ginkgo.bin
       #gomega
-      ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } )
+#      ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } )
 #      ( import ./neovim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } )
   ];
 
@@ -77,22 +77,13 @@ in pkgs.stdenv.mkDerivation {
   buildInputs = extraBuildInputs ++ buildInputs;
   shellHook = ''
     goname=${go.version}_$name
-    setPS1 $goname
+    # FIXME: setPS1 $goname
     export GOROOT=${go}/share/go
     export GOPATH="$HOME/.gopath_$goname"
     export PATH="$HOME/.gopath_$goname/bin:$PATH"
     unset name
     unset SSL_CERT_FILE
 
-    go get -u github.com/Masterminds/glide
-    go get -u github.com/sgotti/glide-vc
-    go get -u github.com/alecthomas/gometalinter
-    go get -u github.com/golang/lint/golint
-    go get -u github.com/rogpeppe/godef
-    go get -u github.com/kisielk/errcheck
-    go get -u github.com/jstemmer/gotags
-    go get -u github.com/klauspost/asmfmt/cmd/asmfmt
-    go get -u github.com/nsf/gocode
     ${extraShellHook}
   '';
 }

environments/dev/rust/.envrc

@@ -0,0 +1 @@
+use nix

environments/fhs/vscode.nix

@@ -0,0 +1,38 @@
+{ pkgs ? import <nixpkgs> {} }:
+
+(pkgs.buildFHSUserEnv {
+  name = "everydayFHS";
+  targetPkgs = pkgs: (with pkgs;
+    [ which
+      gitFull
+      zsh
+      file
+      direnv
+
+      xdg_utils
+      xsel
+
+      vscode
+
+      # vscode live share
+      gnome3.gcr
+      libgnome_keyring3
+      liburcu
+      libunwind
+      lttng-ust
+      curl
+      openssl
+      libkrb5
+      libuuid
+      icu
+      zlib
+      libsecret
+    ]);
+  multiPkgs = pkgs: (with pkgs;
+    [ 
+    ]);
+  profile = ''
+    export SHELL=/bin/zsh
+  '';
+  # FIXME runScript = "$SHELL";
+}).env

nixos-configuration/live-usb/boot.nix

@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+{
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # Bootloader, initrd and Kernel
+  boot.loader.grub.enable = true;
+  boot.loader.grub.enableCryptodisk = true;
+  boot.loader.grub.version = 2;
+
+  # workaround to disable CPU wining
+  # current CPU has 9 idle cstates.
+
+  # Workaround for nm-pptp to enforce module load
+  boot.kernelModules = [ 
+      "nf_conntrack_proto_gre"
+      "nf_conntrack_pptp"
+  ];
+
+  boot.tmpOnTmpfs = true;
+}

nixos-configuration/live-usb/configuration.nix

@@ -0,0 +1,15 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports = [ 
+    ./pkg.nix
+    ./hw.nix
+    ./system.nix
+    ./user.nix
+    ./boot.nix
+  ];
+}

nixos-configuration/live-usb/hw.nix

@@ -0,0 +1,59 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+    nix.maxJobs = lib.mkDefault 3;
+    nix.buildCores = 3;
+
+    hardware.enableAllFirmware = true;
+    hardware.trackpoint.emulateWheel = true;
+
+    boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+    boot.kernelModules = [ "kvm-intel" ];
+    boot.extraModprobeConfig = ''
+      options kvm-intel nested=1
+      options kvm-intel enable_shadow_vmcs=1
+      options kvm-intel enable_apicv=1
+      options kvm-intel ept=1
+    '';
+    boot.extraModulePackages = [ ];
+
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    fileSystems."/boot" = { 
+        device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0-part2";
+        fsType = "vfat";
+    };
+
+    fileSystems."/" = {
+        device = "/dev/mapper/live--usb-live--usb--root";
+        fsType = "btrfs";
+        options = [ "subvol=nixos" ];
+    };
+
+    fileSystems."/home" = {
+        device = "/dev/mapper/live--usb-live--usb--root";
+        fsType = "btrfs";
+        options = [ "subvol=home" ];
+    };
+
+    swapDevices = [
+        { device = "/dev/mapper/live--usb-live--usb--root"; }
+    ];
+
+    boot.loader.grub = {
+        device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0";
+        efiSupport = true;
+    };
+
+    boot.initrd.luks.devices = [ {
+            name = "crypt-live-usb";
+            device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0-part3";
+            preLVM = true;
+            allowDiscards = true;
+        }
+    ];
+}

nixos-configuration/live-usb/pkg.nix

@@ -0,0 +1,29 @@
+{ config,
+  pkgs,
+  ... }:
+
+let
+
+in
+{
+  nixpkgs.config = {
+    allowBroken = false;
+    allowUnfree = true;
+
+    packageOverrides = pkgs: rec {
+
+    };
+  };
+
+  imports =
+    [
+      ../common/pkg/default.nix
+    ];
+
+  environment.systemPackages = with pkgs; [
+    firefox
+    gitFull
+    gpg2
+    nvim
+  ];
+}

nixos-configuration/live-usb/system.nix

@@ -0,0 +1,242 @@
+{ config, lib, pkgs, ... }:
+
+
+let
+
+in 
+
+rec {
+  nix.binaryCachePublicKeys = [
+    # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+  ];
+  nix.binaryCaches = [
+    "https://cache.nixos.org"
+    # "https://hydra.nixos.org"
+  ];
+  nix.trustedBinaryCaches = [
+    "https://cache.nixos.org"
+    # "https://hydra.nixos.org"
+  ];
+
+  nix.daemonNiceLevel = 19;
+  nix.daemonIONiceLevel = 7;
+
+  nix.useSandbox = true;
+
+  # The NixOS release to be compatible with for stateful data such as databases.
+  # system.stateVersion = "unstable";
+  networking.hostName = "steveej-liveusb"; # Define your hostname.
+
+  networking.firewall.enable = true;
+  networking.firewall.checkReversePath = false;
+
+  # Provide a NAT/DHCP Router
+  #
+  # networking.nat.enable = true;
+  # networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ];
+  # networking.nat.externalInterface = "wlp1s0";
+  # networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [
+  #     { address = "10.254.253.254"; prefixLength = 24; }
+  # ];
+  # services.dnsmasq = {
+  #   enable = true;
+  #   servers = [ "8.8.8.8" "8.8.4.4" ];
+  #   extraConfig = ''
+  #     domain=lan
+  #     interface=enp0s20f0u4u1u3
+  #     bind-interfaces
+  #     dhcp-range=10.254.253.100,10.254.253.199,1h
+  #   '';
+  # };
+
+  networking.networkmanager = {
+    enable = true;
+    dns = "dnsmasq";
+    unmanaged = [
+      "interface-name:veth*"
+      "interface-name:virbr*"
+      "interface-name:br*"
+      "interface-name:*vbox*"
+      "interface-name:*cni*"
+    ];
+  };
+
+  programs.zsh = {
+    enable = false;
+  };
+
+  environment.sessionVariables = {
+    NIXPKGS_ALLOW_UNFREE = "1";
+
+    # Don't create .pyc files.
+    PYTHONDONTWRITEBYTECODE = "1";
+  };
+
+  environment.etc."lvm/lvm.conf".text = ''
+    devices {
+      issue_discards = 1
+    }
+  '';
+
+  environment.pathsToLink = [ "/share/zsh" ];
+
+  # Fonts, I18N, Date ...
+  fonts = {
+    enableCoreFonts = true;
+  };
+
+  i18n = {
+    consoleFont = "lat9w-16";
+    defaultLocale = "en_US.UTF-8";
+  };
+  time.timeZone = "Europe/Berlin";
+  #time.timeZone = "America/Los_Angeles";
+
+  # Services
+  services.gpm.enable = true;
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "yes";
+
+  services.gnome3 = {
+    gnome-disks.enable = false;
+    gnome-documents.enable = false;
+    gnome-online-miners.enable = false;
+    gnome-user-share.enable = false;
+    gnome-terminal-server.enable = false;
+    gpaste.enable = false;
+    sushi.enable = false;
+    tracker.enable = false;
+
+    # FIXME: gnome should be moved to user session
+    seahorse.enable = true;
+    gvfs.enable = true;
+    at-spi2-core.enable = true;
+    evolution-data-server.enable = true;
+    gnome-online-accounts.enable = true;
+    gnome-keyring.enable = true;
+  };
+
+  services.teamviewer.enable = false;
+
+  services.printing = {
+    enable = false;
+  };
+
+  services.pcscd.enable = true;
+  services.xserver = {
+    enable = true;
+    libinput.enable = true;
+    libinput.naturalScrolling = true;
+
+    videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];
+    xkbVariant = "altgr-intl";
+    xkbOptions = "nodeadkeys";
+
+    desktopManager = {
+      # FIXME: gnome should be moved to user session
+      gnome3.enable = true;
+
+      xterm.enable = true;
+      plasma5.enable = false;
+    };
+
+    displayManager = {
+      gdm.enable = false;
+
+      lightdm = {
+        enable = true;
+        autoLogin = {
+          enable = true;
+          user = "steveej";
+        };
+        background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
+      };
+
+      sessionCommands = ''
+      '';
+    };
+  };
+
+ # Package configuration
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # More Services
+  services.udev.packages = [
+    pkgs.libu2f-host
+    pkgs.yubikey-personalization
+  ];
+  services.udev.extraRules = ''
+    # OnePlusOne
+    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
+    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
+
+    # Plantronics BackBeat PRO
+    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777"
+    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777"
+    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777"
+  ''
+      ;
+
+  services.packagekit.enable = true;
+
+  services.resolved.enable = false;
+  services.nix-serve.enable = false;
+
+  services.samba.enable = true;
+  services.samba.extraConfig = ''
+  client max protocol = SMB3
+  '';
+
+  # hardware related services
+  services.illum.enable = true;
+
+  hardware = {
+    bluetooth.enable = true;
+    pulseaudio = {
+      enable = true;
+      package = pkgs.pulseaudioFull;
+      support32Bit = true;
+    };
+  };
+
+  services.fprintd.enable = true;
+  security.pam.services = {
+    login.fprintAuth = true;
+    sudo.fprintAuth = true;
+  };
+
+  # required for running blueman-applet in user sessions
+  services.dbus.packages = with pkgs; [ 
+    blueman
+  ];
+
+  # Kubernetes
+  # services.kubernetes.roles = ["master" "node"];
+
+  # virtualization
+  virtualisation = {
+    libvirtd.enable = false;
+    virtualbox.enable = false;
+    docker.enable = true;
+  };
+
+  # Activation scripts for impure set up of paths in /
+  system.activationScripts.bin = ''
+    echo "setting up /bin..."
+    ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
+    mv -Tf /bin/.bash /bin/bash
+  '';
+  system.activationScripts.etcX11sessinos = ''
+    echo "setting up /etc/X11/sessions..."
+    mkdir -p /etc/X11
+    ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions
+    mv -Tf /etc/X11/.sessions /etc/X11/sessions
+  '';
+  system.activationScripts.lib64 = ''
+    echo "setting up /lib64..."
+    mkdir -p /lib64
+    ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
+    mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
+  '';
+}

nixos-configuration/live-usb/user.nix

@@ -0,0 +1,51 @@
+{ config
+, pkgs
+, ... }:
+
+let 
+  passwords = import ../common/passwords.crypt.nix;
+  mkUser = {uid, hashedPassword, ... } @ args: args // {
+    inherit uid hashedPassword;
+    isNormalUser = true;
+    extraGroups = [
+      "docker"
+      "wheel"
+      "libvirtd"
+      "networkmanager"
+      "vboxusers"
+      "users"
+      "input"
+      "audio"
+      "video"
+      "cdrom"
+    ];
+  };
+
+in
+{
+  users.mutableUsers = false;
+  users.defaultUserShell = pkgs.zsh;
+
+  users.extraUsers.root = {
+    hashedPassword = passwords.users.root;
+    openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
+  };
+
+  users.extraUsers.steveej = mkUser {
+    uid = 1000;
+    hashedPassword = passwords.users.steveej;
+  };
+
+  users.extraUsers.steveej2 = mkUser {
+    uid = 1001;
+    hashedPassword = passwords.users.steveej2;
+  };
+
+  users.extraUsers.steveej3 = mkUser {
+    uid = 1002;
+    hashedPassword = passwords.users.steveej;
+  };
+
+  security.pam.enableU2F = true;
+  security.pam.services.steveej.u2fAuth = true;
+}

nixos-configuration/steveej-laptop/boot.nix

@@ -10,7 +10,7 @@
 
   # workaround to disable CPU wining
   # current CPU has 9 idle cstates.
-  boot.kernelParams = [ "intel_idle.max_cstate=0" ]; 
+  boot.kernelParams = [ "intel_idle.max_cstate=9" ];
 
   # Workaround for nm-pptp to enforce module load
   boot.kernelModules = [ 

nixos-configuration/steveej-laptop/hw.nix

@@ -12,6 +12,12 @@
 
     boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
     boot.kernelModules = [ "kvm-intel" ];
+    boot.extraModprobeConfig = ''
+      options kvm-intel nested=1
+      options kvm-intel enable_shadow_vmcs=1
+      options kvm-intel enable_apicv=1
+      options kvm-intel ept=1
+    '';
     boot.extraModulePackages = [ ];
 
     boot.loader.systemd-boot.enable = true;
@@ -42,7 +48,9 @@
         fsType = "tmpfs";
     };
 
-    swapDevices = [ ];
+    swapDevices = [
+        { label = "vg0swap"; }
+    ];
 
     boot.loader.grub = {
         device = "/dev/sda";

nixos-configuration/steveej-laptop/pkg.nix

@@ -4,6 +4,7 @@
 
 let
   gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
+  unstablepkgs = import <nixos-unstable> {};
 
 in
 {
@@ -23,6 +24,8 @@ in
       #   };
       # });
 
+      libvirt = unstablepkgs.libvirt;
+
       myLinuxPackages = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor
         (pkgs.linux_latest.override {
         kernelPatches = pkgs.linux_latest.kernelPatches ++ [
@@ -69,7 +72,6 @@ in
   imports =
     [
       ../common/pkg/default.nix
-      ../common/pkg/vim.nix
     ];
 
   environment.systemPackages = with pkgs; [

nixos-configuration/steveej-laptop/system.nix

@@ -5,7 +5,7 @@ let
   gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
   unstablepkgs = import <nixos-unstable> {};
 
-in 
+in
 
 rec {
   nix.binaryCachePublicKeys = [
@@ -23,7 +23,7 @@ rec {
   nix.daemonNiceLevel = 19;
   nix.daemonIONiceLevel = 7;
 
-  nix.package = pkgs.nixUnstable;
+  nix.package = unstablepkgs.nixStable;
 
   nix.useSandbox = true;
 
@@ -57,9 +57,9 @@ rec {
   #   '';
   # };
 
-
   networking.networkmanager = {
     enable = true;
+    dns = "dnsmasq";
     unmanaged = [
       "interface-name:veth*"
       "interface-name:virbr*"
@@ -68,6 +68,12 @@ rec {
       "interface-name:*cni*"
     ];
   };
+  # Used for testing local Tectonic clusters
+  environment.etc."NetworkManager/dnsmasq.d/tectonic.conf".text = ''
+    server=/tt.testing/192.168.124.1
+    server=/tectonic-ci.de/192.168.124.1
+    server=/tectonic-ci.lan/192.168.124.1
+  '';
 
   networking.bridges."virbr1".interfaces = [];
   networking.interfaces."virbr1".ipv4.addresses = [
@@ -131,7 +137,6 @@ rec {
   };
 
   environment.sessionVariables = {
-    EDITOR = "vim";
     NIXPKGS_ALLOW_UNFREE = "1";
 
     # Don't create .pyc files.
@@ -186,9 +191,11 @@ rec {
 
   services.printing = {
     enable = true;
-    drivers = [ 
+    drivers = [
       pkgs.hplip
       unstablepkgs.cups-kyodialog3
+      unstablepkgs.mfcj6510dwlpr
+      unstablepkgs.mfcj6510dw-cupswrapper
     ];
   };
 
@@ -211,6 +218,8 @@ rec {
     };
 
     displayManager = {
+      gdm.enable = false;
+
       lightdm = {
         enable = true;
         autoLogin = {
@@ -275,7 +284,7 @@ rec {
   };
 
   # required for running blueman-applet in user sessions
-  services.dbus.packages = with pkgs; [ 
+  services.dbus.packages = with pkgs; [
     blueman
   ];
 
@@ -285,7 +294,6 @@ rec {
   # virtualization
   virtualisation = {
     libvirtd.enable = true;
-    libvirtd.qemuPackage = pkgs.qemu;
     virtualbox.host.enable = true;
     virtualbox.host.addNetworkInterface = true;
     docker.enable = true;
@@ -294,14 +302,19 @@ rec {
   # Activation scripts for impure set up of paths in /
   system.activationScripts.bin = ''
     echo "setting up /bin..."
-    ln -sfn ${pkgs.bash}/bin/bash /tmp/.binbash
-    mv /tmp/.binbash /bin/bash
+    ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
+    mv -Tf /bin/.bash /bin/bash
   '';
   system.activationScripts.etcX11sessinos = ''
     echo "setting up /etc/X11/sessions..."
     mkdir -p /etc/X11
-    [[ ! -L /etc/X11/sessions ]] || rm /etc/X11/sessions
-    ln -sf ${config.services.xserver.displayManager.session.desktops} /etc/X11/sessions
+    ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions
+    mv -Tf /etc/X11/.sessions /etc/X11/sessions
+  '';
+  system.activationScripts.lib64 = ''
+    echo "setting up /lib64..."
+    mkdir -p /lib64
+    ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
+    mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
   '';
-
 }

nixos-configuration/steveej-laptop/user.nix

@@ -41,6 +41,11 @@ in
     hashedPassword = passwords.users.steveej2;
   };
 
+  users.extraUsers.steveej3 = mkUser {
+    uid = 1002;
+    hashedPassword = passwords.users.steveej;
+  };
+
   security.pam.enableU2F = true;
   security.pam.services.steveej.u2fAuth = true;
 }

nixos-configuration/vm-install-iso/Justfile

@@ -0,0 +1,2 @@
+build:
+  nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix

nixos-configuration/vm-install-iso/iso.nix

@@ -0,0 +1,92 @@
+# This module defines a small NixOS installation CD.  It does not
+# contain any graphical stuff.
+{config, pkgs, lib, ...}:
+
+let nixos-init-script = ''
+  #!${pkgs.stdenv.shell}
+
+  export HOME=/root
+  export PATH=${pkgs.lib.makeBinPath [ 
+    config.nix.package pkgs.systemd pkgs.gnugrep pkgs.gnused config.system.build.nixos-rebuild
+    config.system.build.nixos-install pkgs.utillinux pkgs.e2fsprogs pkgs.coreutils pkgs.hdparm
+  ]}:$PATH
+  export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
+
+  set -xe
+
+  fdisk -w always -W always /dev/vda <<EOF
+g
+n
+1
+
++8M
+n
+2
+
++1G
+n
+3
+
+
+t
+1
+4
+w
+EOF
+  lsblk
+
+  mkfs.ext4 -m0 -L nixos /dev/vda3
+  mount -L nixos /mnt
+  mkswap -L swap /dev/vda2
+  swapon -L swap
+
+  mkdir /mnt/etc/nixos -p
+  cp /dev/vdb /mnt/etc/nixos/configuration.nix
+
+  nix-channel --update
+  nixos-install
+  reboot
+  '';
+in {
+  imports = [
+    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix>
+
+    # Provide an initial copy of the NixOS channel so that the user
+    # doesn't need to run "nix-channel --update" first.
+    # <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+  ];
+
+  isoImage.isoName = lib.mkForce "${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
+  boot.loader.timeout = lib.mkForce 0;
+  boot.postBootCommands = ''
+  '';
+
+  environment.systemPackages = [];
+
+  users.users.root = {
+    openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4RFtHz0sE5y0AyZZm/tH7bBBgsx55gLPt5tGsl9yZlOzih6n4qbJE/9OOdwnOY2AHRe2lrlTekbW5ewWSBBCbiBE3Vux86sLgy7LM9zoKaNC+E3hmxaoS9SExn0BTkb3kNlOcj2k6UyJhkZWEsqVMV5C21R8EWmMlLY/qm3AxptNjOyzKDwNX2zlHZ5IyjgzO4ZjIxjawmJlUrVEn7/m+M7qK3I1Tyg/ZvDSfmxVJS97sVzseYE0rVwLEWJQOnHh0wnfl27smr2McAB7Cy6sxKyPKvEGyXbNqqb8fqk4okZlRRxhq/XkKlC7IZr+uqYxlL4HN8vjkTRNlgenDUSVT cardno:000604870382" ];
+  };
+
+  services.gpm.enable = true;
+  systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
+
+  systemd.services.nixos-init = {
+    script = nixos-init-script;
+    path = with pkgs; [ ];
+
+    description = "Initialize /dev/vda from configuration.nix found at /dev/vdb";
+    enable = true;
+
+    wantedBy = [ "multi-user.target" ];
+    after = [ "multi-user.target" ];
+    requires = [ "network-online.target" ];
+ 
+    restartIfChanged = false;
+    unitConfig.X-StopOnRemoval = false;
+
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+  };
+}

pkg-configuration/vim-derivates/commonrc.nix

@@ -4,7 +4,8 @@ set nocompatible
 set mouse=
 
 " leader
-let mapleader = '\'
+let mapleader = ','
+let maplocalleader = ','
 
 " save on ctrl-s
 nnoremap <c-s> :w<CR>
@@ -113,5 +114,11 @@ augroup ft_yaml
 augroup END
 " }}}
 
+" markdown {
+augroup filetypedetect
+  " gitit page files
+  au BufRead,BufNewFile *.page set filetype=markdown
+augroup END
+" } markdown
 ''
 

pkg-configuration/vim-derivates/neovim.nix

@@ -8,9 +8,11 @@ pkgs.neovim.override {
   configure = {
     # add custom .vimrc lines like this:
     customRC = (import ./commonrc.nix {}) + ''
+      let g:indent_guides_enable_on_vim_startup = 1
+
       " deoplete {
-      " let g:deoplete#enable_at_startup = 1
-      " let g:deoplete#enable_smart_case = 1
+      let g:deoplete#enable_at_startup = 1
+      let g:deoplete#enable_smart_case = 1
       " }
     '' + additionalRC;
 
@@ -25,7 +27,10 @@ pkgs.neovim.override {
       "vim-colorschemes"
       "vim-colorstepper"
       "vim-signify"
-      # "deoplete-nvim"
+      "deoplete-nvim"
+      "fugitive"
+      "ctrlp"
+      "vim-indent-guides"
     ] ++ additionalPlugins;
   };
   extraPythonPackages = [];

pkgs/staruml.nix

@@ -0,0 +1,57 @@
+{ stdenv, fetchurl, makeWrapper
+, dpkg, patchelf
+, gtk2, glib, gdk_pixbuf, alsaLib, nss, nspr, GConf, cups, libgcrypt, dbus, systemd
+}:
+
+let
+  inherit (stdenv) lib;
+  LD_LIBRARY_PATH = lib.makeLibraryPath
+    [ glib gtk2 gdk_pixbuf alsaLib nss nspr GConf cups libgcrypt dbus ];
+in
+stdenv.mkDerivation rec {
+  version = "2.8.1";
+  name = "staruml-${version}";
+
+  src =
+    if stdenv.system == "i686-linux" then fetchurl {
+      url = "http://staruml.io/download/release/v${version}/StarUML-v${version}-32-bit.deb";
+      sha256 = "0vb3k9m3l6pmsid4shlk0xdjsriq3gxzm8q7l04didsppg0vvq1n";
+    } else fetchurl {
+      url = "https://s3.amazonaws.com/staruml-bucket/releases-v2/StarUML-v${version}-64-bit.deb";
+      sha256 = "05gzrnlssjkhyh0wv019d4r7p40lxnsa1sghazll6f233yrqmxb0";
+    };
+
+  buildInputs = [ dpkg ];
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  unpackPhase = ''
+    mkdir pkg
+    dpkg-deb -x $src pkg
+    sourceRoot=pkg
+  '';
+
+  installPhase = ''
+    mkdir $out
+    mv opt/staruml $out/bin
+
+    mkdir -p $out/lib
+    ln -s ${stdenv.cc.cc.lib}/lib/libstdc++.so.6 $out/lib/
+    ln -s ${systemd.lib}/lib/libudev.so.1 $out/lib/libudev.so.0
+
+    for binary in StarUML Brackets-node; do
+      ${patchelf}/bin/patchelf \
+        --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
+        $out/bin/$binary
+      wrapProgram $out/bin/$binary \
+        --prefix LD_LIBRARY_PATH : $out/lib:${LD_LIBRARY_PATH}
+    done
+  '';
+
+  meta = with stdenv.lib; {
+    description = "A sophisticated software modeler";
+    homepage = http://staruml.io/;
+    license = licenses.unfree;
+    platforms = [ "i686-linux" "x86_64-linux" ];
+  };
+}

tests/buildvmwithbootloader/build-vm.nix

@@ -0,0 +1,32 @@
+{ system ? builtins.currentSystem
+, vmPkgsPath
+, buildPkgsPath
+, nixosConfigPath
+}:
+
+let
+  buildPkgs = import buildPkgsPath {};
+  vmPkgs'= import vmPkgsPath {};
+  vmPkgs = vmPkgs' // {
+    runtimeShell = "${vmPkgs'.bash}/${vmPkgs'.bash.shellPath}";
+  };
+
+  importWithPkgs = { path, pkgs }: args: import path (args // { inherit pkgs; });
+ 
+  nixosConfig = importWithPkgs { path = "${nixosConfigPath}"; pkgs = vmPkgs; };
+  vmConfig = importWithPkgs { path = "${buildPkgsPath}/nixos/modules/virtualisation/qemu-vm.nix"; pkgs = vmPkgs; };
+  evalConfig = importWithPkgs { path = "${vmPkgsPath}/nixos/lib/eval-config.nix"; pkgs = null; };
+
+  vmWithBootLoaderConfigMixed = (evalConfig {
+    modules = [
+      nixosConfig
+      vmConfig
+      {
+        virtualisation.useBootLoader = true; 
+      }
+
+    ];
+  }).config;
+in {
+  vmWithBootLoaderMixed = vmWithBootLoaderConfigMixed.system.build.vm;
+}

tests/buildvmwithbootloader/build-vm.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -x
+rm *.qcow2
+rm result*
+set -e
+
+BUILD_NIXPKGS="${BUILD_NIXPKGS:-${HOME}/src/github/NixOS/nixpkgs.dev}"
+NIXOS_CONFIG="${NIXOS_CONFIG_OVERRIDE:-${PWD}/configuration.nix}"
+
+nix-build -K --show-trace build-vm.nix \
+    --arg vmPkgsPath '<nixos-18.03>' \
+    --argstr buildPkgsPath "${BUILD_NIXPKGS}" \
+    --argstr nixosConfigPath "${NIXOS_CONFIG}" \
+    -A vmWithBootLoaderMixed
+
+./result/bin/run-*-vm 

tests/buildvmwithbootloader/configuration.nix

@@ -0,0 +1,38 @@
+{ pkgs, lib, ... }:
+let
+
+in
+
+{
+  boot.loader.grub = {
+    enable = true;
+    version = 2;
+    device = "/dev/vda";
+    efiSupport = true;
+    enableCryptodisk = true;
+  };
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.systemd-boot.enable = true;
+
+  boot.initrd.luks.devices = [ {
+      name = "crypt";
+      device = "/dev/disk/uuid/463d886d-7dfe-421b-8cef-f9af3a3fa09d";
+      preLVM = true;
+      allowDiscards = true;
+    }
+  ];
+  fileSystems."/" = {
+      label = "root";
+  };
+
+  fileSystems."/boot" = {
+      label = "boot";
+  };
+
+  boot.tmpOnTmpfs = true;
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  
+  users.extraUsers.root.initialPassword = lib.mkForce "toorroot";
+  users.mutableUsers = false;
+}

tests/buildvmwithbootloader/debug-vm.sh

@@ -0,0 +1,30 @@
+# /nix/store/lya9qyl9z5xb4vzdzh4vzcr7gfssk47z-qemu-host-cpu-only-for-vm-tests-2.12.0/bin/qemu-kvm \
+# -cpu \
+# kvm64 \
+# -name \
+# nixos \
+# -m \
+# 384 \
+# -smp \
+# 1 \
+# -device \
+# virtio-rng-pci \
+# -net \
+# nic,netdev=user.0,model=virtio \
+# -netdev \
+# user,id=user.0 \
+# -virtfs \
+# local,path=/nix/store,security_model=none,mount_tag=store \
+# -virtfs \
+# local,path=/tmp/nix-vm.j7eRAzkZvB/xchg,security_model=none,mount_tag=xchg \
+# -virtfs \
+# local,path=/tmp/nix-vm.j7eRAzkZvB/xchg,security_model=none,mount_tag=shared \
+# -drive \
+# index=1,id=drive2,file=/tmp/nix-vm.j7eRAzkZvB/disk.img,media=disk,if=virtio \
+# -drive \
+# index=0,id=drive1,file=/home/steveej/src/steveej/nix-expressions/nixos.qcow2,cache=writeback,werror=report,if=virtio \
+
+
+/nix/store/0i6fr8vv559a50w0vipvd22r0kkg1kx1-qemu-host-cpu-only-for-vm-tests-3.0.0/bin/qemu-kvm -cpu kvm64 -name nixos -m 384 -smp 1 -device virtio-rng-pci -net nic,netdev=user.0,model=virtio -netdev user,id=user.0 -virtfs local,path=/nix/store,security_model=none,mount_tag=store -virtfs local,path=/tmp/nix-vm.BXlbOnli8K/xchg,security_model=none,mount_tag=xchg -virtfs local,path=/tmp/nix-vm.BXlbOnli8K/xchg,security_model=none,mount_tag=shared \
+    -drive index=1,id=drive2,file=/tmp/nix-vm.BXlbOnli8K/disk.img,media=disk,if=virtio \
+    -drive index=0,id=drive1,file=/home/steveej/src/steveej/nix-expressions/tests/nixos.qcow2,cache=writeback,werror=report,if=virtio \

tests/buildvmwithbootloader/result

@@ -0,0 +1 @@
+/nix/store/xh6p394kh1bncmc3lr6l9fb81284ckhf-nixos-vm

tests/test-vm.nix

@@ -0,0 +1,7 @@
+{ lib, config, pkgs, fetchgit, ... }:
+{
+  boot.consoleLogLevel=6;
+  users.users.root.initialPassword = "root";
+  systemd.services."serial-getty@ttyS0".enable = true;
+  networking.firewall.enable = false;
+}