diff --git a/.gitignore b/.gitignore index 4cc9af5..8288ed7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ *.swp -result +*.qcow2 diff --git a/container-images/default.nix b/container-images/default.nix index c85ba1a..e6d6f0b 100644 --- a/container-images/default.nix +++ b/container-images/default.nix @@ -33,7 +33,7 @@ in rec { procps zsh coreutils - vim + neovim ]; config = { diff --git a/derivations/dev/cross.nix b/environments/dev/cross.nix similarity index 100% rename from derivations/dev/cross.nix rename to environments/dev/cross.nix diff --git a/derivations/dev/go.nix b/environments/dev/go/default.nix similarity index 81% rename from derivations/dev/go.nix rename to environments/dev/go/default.nix index 19833ff..e67468d 100644 --- a/derivations/dev/go.nix +++ b/environments/dev/go/default.nix @@ -68,7 +68,7 @@ let gox.bin #ginkgo ginkgo.bin #gomega - ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } ) +# ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } ) # ( import ./neovim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } ) ]; @@ -77,22 +77,13 @@ in pkgs.stdenv.mkDerivation { buildInputs = extraBuildInputs ++ buildInputs; shellHook = '' goname=${go.version}_$name - setPS1 $goname + # FIXME: setPS1 $goname export GOROOT=${go}/share/go export GOPATH="$HOME/.gopath_$goname" export PATH="$HOME/.gopath_$goname/bin:$PATH" unset name unset SSL_CERT_FILE - go get -u github.com/Masterminds/glide - go get -u github.com/sgotti/glide-vc - go get -u github.com/alecthomas/gometalinter - go get -u github.com/golang/lint/golint - go get -u github.com/rogpeppe/godef - go get -u github.com/kisielk/errcheck - go get -u github.com/jstemmer/gotags - go get -u github.com/klauspost/asmfmt/cmd/asmfmt - go get -u github.com/nsf/gocode ${extraShellHook} ''; } diff --git a/derivations/dev/neovim-go.nix b/environments/dev/go/neovim-go.nix similarity index 100% rename from derivations/dev/neovim-go.nix rename to environments/dev/go/neovim-go.nix diff --git a/derivations/dev/pandoc.nix b/environments/dev/pandoc.nix similarity index 100% rename from derivations/dev/pandoc.nix rename to environments/dev/pandoc.nix diff --git a/derivations/dev/rkt.nix b/environments/dev/rkt.nix similarity index 100% rename from derivations/dev/rkt.nix rename to environments/dev/rkt.nix diff --git a/environments/dev/rust/.envrc b/environments/dev/rust/.envrc new file mode 100644 index 0000000..1d953f4 --- /dev/null +++ b/environments/dev/rust/.envrc @@ -0,0 +1 @@ +use nix diff --git a/derivations/dev/rust.nix b/environments/dev/rust/default.nix similarity index 100% rename from derivations/dev/rust.nix rename to environments/dev/rust/default.nix diff --git a/derivations/dev/vim-go.nix b/environments/dev/vim-go.nix similarity index 100% rename from derivations/dev/vim-go.nix rename to environments/dev/vim-go.nix diff --git a/derivations/dev/vim-pandoc.nix b/environments/dev/vim-pandoc.nix similarity index 100% rename from derivations/dev/vim-pandoc.nix rename to environments/dev/vim-pandoc.nix diff --git a/derivations/dev/vim-rust.nix b/environments/dev/vim-rust.nix similarity index 100% rename from derivations/dev/vim-rust.nix rename to environments/dev/vim-rust.nix diff --git a/derivations/fhs/default.nix b/environments/fhs/android.nix similarity index 100% rename from derivations/fhs/default.nix rename to environments/fhs/android.nix diff --git a/environments/fhs/vscode.nix b/environments/fhs/vscode.nix new file mode 100644 index 0000000..e6d3b4b --- /dev/null +++ b/environments/fhs/vscode.nix @@ -0,0 +1,38 @@ +{ pkgs ? import {} }: + +(pkgs.buildFHSUserEnv { + name = "everydayFHS"; + targetPkgs = pkgs: (with pkgs; + [ which + gitFull + zsh + file + direnv + + xdg_utils + xsel + + vscode + + # vscode live share + gnome3.gcr + libgnome_keyring3 + liburcu + libunwind + lttng-ust + curl + openssl + libkrb5 + libuuid + icu + zlib + libsecret + ]); + multiPkgs = pkgs: (with pkgs; + [ + ]); + profile = '' + export SHELL=/bin/zsh + ''; + # FIXME runScript = "$SHELL"; +}).env diff --git a/nixos-configuration/live-usb/boot.nix b/nixos-configuration/live-usb/boot.nix new file mode 100644 index 0000000..95780ab --- /dev/null +++ b/nixos-configuration/live-usb/boot.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +{ + boot.kernelPackages = pkgs.linuxPackages_latest; + + # Bootloader, initrd and Kernel + boot.loader.grub.enable = true; + boot.loader.grub.enableCryptodisk = true; + boot.loader.grub.version = 2; + + # workaround to disable CPU wining + # current CPU has 9 idle cstates. + + # Workaround for nm-pptp to enforce module load + boot.kernelModules = [ + "nf_conntrack_proto_gre" + "nf_conntrack_pptp" + ]; + + boot.tmpOnTmpfs = true; +} diff --git a/nixos-configuration/live-usb/configuration.nix b/nixos-configuration/live-usb/configuration.nix new file mode 100644 index 0000000..b49f937 --- /dev/null +++ b/nixos-configuration/live-usb/configuration.nix @@ -0,0 +1,15 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = [ + ./pkg.nix + ./hw.nix + ./system.nix + ./user.nix + ./boot.nix + ]; +} diff --git a/nixos-configuration/live-usb/hw.nix b/nixos-configuration/live-usb/hw.nix new file mode 100644 index 0000000..3eebc18 --- /dev/null +++ b/nixos-configuration/live-usb/hw.nix @@ -0,0 +1,59 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + nix.maxJobs = lib.mkDefault 3; + nix.buildCores = 3; + + hardware.enableAllFirmware = true; + hardware.trackpoint.emulateWheel = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModprobeConfig = '' + options kvm-intel nested=1 + options kvm-intel enable_shadow_vmcs=1 + options kvm-intel enable_apicv=1 + options kvm-intel ept=1 + ''; + boot.extraModulePackages = [ ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + fileSystems."/boot" = { + device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0-part2"; + fsType = "vfat"; + }; + + fileSystems."/" = { + device = "/dev/mapper/live--usb-live--usb--root"; + fsType = "btrfs"; + options = [ "subvol=nixos" ]; + }; + + fileSystems."/home" = { + device = "/dev/mapper/live--usb-live--usb--root"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + swapDevices = [ + { device = "/dev/mapper/live--usb-live--usb--root"; } + ]; + + boot.loader.grub = { + device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0"; + efiSupport = true; + }; + + boot.initrd.luks.devices = [ { + name = "crypt-live-usb"; + device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0-part3"; + preLVM = true; + allowDiscards = true; + } + ]; +} diff --git a/nixos-configuration/live-usb/pkg.nix b/nixos-configuration/live-usb/pkg.nix new file mode 100644 index 0000000..50145ca --- /dev/null +++ b/nixos-configuration/live-usb/pkg.nix @@ -0,0 +1,29 @@ +{ config, + pkgs, + ... }: + +let + +in +{ + nixpkgs.config = { + allowBroken = false; + allowUnfree = true; + + packageOverrides = pkgs: rec { + + }; + }; + + imports = + [ + ../common/pkg/default.nix + ]; + + environment.systemPackages = with pkgs; [ + firefox + gitFull + gpg2 + nvim + ]; +} diff --git a/nixos-configuration/live-usb/system.nix b/nixos-configuration/live-usb/system.nix new file mode 100644 index 0000000..691e3d1 --- /dev/null +++ b/nixos-configuration/live-usb/system.nix @@ -0,0 +1,242 @@ +{ config, lib, pkgs, ... }: + + +let + +in + +rec { + nix.binaryCachePublicKeys = [ + # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; + nix.binaryCaches = [ + "https://cache.nixos.org" + # "https://hydra.nixos.org" + ]; + nix.trustedBinaryCaches = [ + "https://cache.nixos.org" + # "https://hydra.nixos.org" + ]; + + nix.daemonNiceLevel = 19; + nix.daemonIONiceLevel = 7; + + nix.useSandbox = true; + + # The NixOS release to be compatible with for stateful data such as databases. + # system.stateVersion = "unstable"; + networking.hostName = "steveej-liveusb"; # Define your hostname. + + networking.firewall.enable = true; + networking.firewall.checkReversePath = false; + + # Provide a NAT/DHCP Router + # + # networking.nat.enable = true; + # networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ]; + # networking.nat.externalInterface = "wlp1s0"; + # networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [ + # { address = "10.254.253.254"; prefixLength = 24; } + # ]; + # services.dnsmasq = { + # enable = true; + # servers = [ "8.8.8.8" "8.8.4.4" ]; + # extraConfig = '' + # domain=lan + # interface=enp0s20f0u4u1u3 + # bind-interfaces + # dhcp-range=10.254.253.100,10.254.253.199,1h + # ''; + # }; + + networking.networkmanager = { + enable = true; + dns = "dnsmasq"; + unmanaged = [ + "interface-name:veth*" + "interface-name:virbr*" + "interface-name:br*" + "interface-name:*vbox*" + "interface-name:*cni*" + ]; + }; + + programs.zsh = { + enable = false; + }; + + environment.sessionVariables = { + NIXPKGS_ALLOW_UNFREE = "1"; + + # Don't create .pyc files. + PYTHONDONTWRITEBYTECODE = "1"; + }; + + environment.etc."lvm/lvm.conf".text = '' + devices { + issue_discards = 1 + } + ''; + + environment.pathsToLink = [ "/share/zsh" ]; + + # Fonts, I18N, Date ... + fonts = { + enableCoreFonts = true; + }; + + i18n = { + consoleFont = "lat9w-16"; + defaultLocale = "en_US.UTF-8"; + }; + time.timeZone = "Europe/Berlin"; + #time.timeZone = "America/Los_Angeles"; + + # Services + services.gpm.enable = true; + services.openssh.enable = true; + services.openssh.permitRootLogin = "yes"; + + services.gnome3 = { + gnome-disks.enable = false; + gnome-documents.enable = false; + gnome-online-miners.enable = false; + gnome-user-share.enable = false; + gnome-terminal-server.enable = false; + gpaste.enable = false; + sushi.enable = false; + tracker.enable = false; + + # FIXME: gnome should be moved to user session + seahorse.enable = true; + gvfs.enable = true; + at-spi2-core.enable = true; + evolution-data-server.enable = true; + gnome-online-accounts.enable = true; + gnome-keyring.enable = true; + }; + + services.teamviewer.enable = false; + + services.printing = { + enable = false; + }; + + services.pcscd.enable = true; + services.xserver = { + enable = true; + libinput.enable = true; + libinput.naturalScrolling = true; + + videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ]; + xkbVariant = "altgr-intl"; + xkbOptions = "nodeadkeys"; + + desktopManager = { + # FIXME: gnome should be moved to user session + gnome3.enable = true; + + xterm.enable = true; + plasma5.enable = false; + }; + + displayManager = { + gdm.enable = false; + + lightdm = { + enable = true; + autoLogin = { + enable = true; + user = "steveej"; + }; + background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png"; + }; + + sessionCommands = '' + ''; + }; + }; + + # Package configuration + environment.systemPackages = with pkgs; [ + ]; + + # More Services + services.udev.packages = [ + pkgs.libu2f-host + pkgs.yubikey-personalization + ]; + services.udev.extraRules = '' + # OnePlusOne + ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" + ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" + + # Plantronics BackBeat PRO + SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777" + SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777" + SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777" + '' + ; + + services.packagekit.enable = true; + + services.resolved.enable = false; + services.nix-serve.enable = false; + + services.samba.enable = true; + services.samba.extraConfig = '' + client max protocol = SMB3 + ''; + + # hardware related services + services.illum.enable = true; + + hardware = { + bluetooth.enable = true; + pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + support32Bit = true; + }; + }; + + services.fprintd.enable = true; + security.pam.services = { + login.fprintAuth = true; + sudo.fprintAuth = true; + }; + + # required for running blueman-applet in user sessions + services.dbus.packages = with pkgs; [ + blueman + ]; + + # Kubernetes + # services.kubernetes.roles = ["master" "node"]; + + # virtualization + virtualisation = { + libvirtd.enable = false; + virtualbox.enable = false; + docker.enable = true; + }; + + # Activation scripts for impure set up of paths in / + system.activationScripts.bin = '' + echo "setting up /bin..." + ln -sfT ${pkgs.bash}/bin/bash /bin/.bash + mv -Tf /bin/.bash /bin/bash + ''; + system.activationScripts.etcX11sessinos = '' + echo "setting up /etc/X11/sessions..." + mkdir -p /etc/X11 + ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions + mv -Tf /etc/X11/.sessions /etc/X11/sessions + ''; + system.activationScripts.lib64 = '' + echo "setting up /lib64..." + mkdir -p /lib64 + ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2 + mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 + ''; +} diff --git a/nixos-configuration/live-usb/user.nix b/nixos-configuration/live-usb/user.nix new file mode 100644 index 0000000..6d53acd --- /dev/null +++ b/nixos-configuration/live-usb/user.nix @@ -0,0 +1,51 @@ +{ config +, pkgs +, ... }: + +let + passwords = import ../common/passwords.crypt.nix; + mkUser = {uid, hashedPassword, ... } @ args: args // { + inherit uid hashedPassword; + isNormalUser = true; + extraGroups = [ + "docker" + "wheel" + "libvirtd" + "networkmanager" + "vboxusers" + "users" + "input" + "audio" + "video" + "cdrom" + ]; + }; + +in +{ + users.mutableUsers = false; + users.defaultUserShell = pkgs.zsh; + + users.extraUsers.root = { + hashedPassword = passwords.users.root; + openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"]; + }; + + users.extraUsers.steveej = mkUser { + uid = 1000; + hashedPassword = passwords.users.steveej; + }; + + users.extraUsers.steveej2 = mkUser { + uid = 1001; + hashedPassword = passwords.users.steveej2; + }; + + users.extraUsers.steveej3 = mkUser { + uid = 1002; + hashedPassword = passwords.users.steveej; + }; + + security.pam.enableU2F = true; + security.pam.services.steveej.u2fAuth = true; +} diff --git a/nixos-configuration/steveej-laptop/boot.nix b/nixos-configuration/steveej-laptop/boot.nix index 441a468..fe71bea 100644 --- a/nixos-configuration/steveej-laptop/boot.nix +++ b/nixos-configuration/steveej-laptop/boot.nix @@ -10,7 +10,7 @@ # workaround to disable CPU wining # current CPU has 9 idle cstates. - boot.kernelParams = [ "intel_idle.max_cstate=0" ]; + boot.kernelParams = [ "intel_idle.max_cstate=9" ]; # Workaround for nm-pptp to enforce module load boot.kernelModules = [ diff --git a/nixos-configuration/steveej-laptop/hw.nix b/nixos-configuration/steveej-laptop/hw.nix index ee038cd..992fe47 100644 --- a/nixos-configuration/steveej-laptop/hw.nix +++ b/nixos-configuration/steveej-laptop/hw.nix @@ -12,6 +12,12 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; + boot.extraModprobeConfig = '' + options kvm-intel nested=1 + options kvm-intel enable_shadow_vmcs=1 + options kvm-intel enable_apicv=1 + options kvm-intel ept=1 + ''; boot.extraModulePackages = [ ]; boot.loader.systemd-boot.enable = true; @@ -42,7 +48,9 @@ fsType = "tmpfs"; }; - swapDevices = [ ]; + swapDevices = [ + { label = "vg0swap"; } + ]; boot.loader.grub = { device = "/dev/sda"; diff --git a/nixos-configuration/steveej-laptop/pkg.nix b/nixos-configuration/steveej-laptop/pkg.nix index 77fe7e0..334036d 100644 --- a/nixos-configuration/steveej-laptop/pkg.nix +++ b/nixos-configuration/steveej-laptop/pkg.nix @@ -4,6 +4,7 @@ let gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; + unstablepkgs = import {}; in { @@ -23,6 +24,8 @@ in # }; # }); + libvirt = unstablepkgs.libvirt; + myLinuxPackages = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor (pkgs.linux_latest.override { kernelPatches = pkgs.linux_latest.kernelPatches ++ [ @@ -69,7 +72,6 @@ in imports = [ ../common/pkg/default.nix - ../common/pkg/vim.nix ]; environment.systemPackages = with pkgs; [ diff --git a/nixos-configuration/steveej-laptop/system.nix b/nixos-configuration/steveej-laptop/system.nix index a67acfd..3cb446b 100644 --- a/nixos-configuration/steveej-laptop/system.nix +++ b/nixos-configuration/steveej-laptop/system.nix @@ -5,7 +5,7 @@ let gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; unstablepkgs = import {}; -in +in rec { nix.binaryCachePublicKeys = [ @@ -23,7 +23,7 @@ rec { nix.daemonNiceLevel = 19; nix.daemonIONiceLevel = 7; - nix.package = pkgs.nixUnstable; + nix.package = unstablepkgs.nixStable; nix.useSandbox = true; @@ -57,9 +57,9 @@ rec { # ''; # }; - networking.networkmanager = { enable = true; + dns = "dnsmasq"; unmanaged = [ "interface-name:veth*" "interface-name:virbr*" @@ -68,6 +68,12 @@ rec { "interface-name:*cni*" ]; }; + # Used for testing local Tectonic clusters + environment.etc."NetworkManager/dnsmasq.d/tectonic.conf".text = '' + server=/tt.testing/192.168.124.1 + server=/tectonic-ci.de/192.168.124.1 + server=/tectonic-ci.lan/192.168.124.1 + ''; networking.bridges."virbr1".interfaces = []; networking.interfaces."virbr1".ipv4.addresses = [ @@ -131,7 +137,6 @@ rec { }; environment.sessionVariables = { - EDITOR = "vim"; NIXPKGS_ALLOW_UNFREE = "1"; # Don't create .pyc files. @@ -186,9 +191,11 @@ rec { services.printing = { enable = true; - drivers = [ + drivers = [ pkgs.hplip unstablepkgs.cups-kyodialog3 + unstablepkgs.mfcj6510dwlpr + unstablepkgs.mfcj6510dw-cupswrapper ]; }; @@ -211,6 +218,8 @@ rec { }; displayManager = { + gdm.enable = false; + lightdm = { enable = true; autoLogin = { @@ -275,7 +284,7 @@ rec { }; # required for running blueman-applet in user sessions - services.dbus.packages = with pkgs; [ + services.dbus.packages = with pkgs; [ blueman ]; @@ -285,7 +294,6 @@ rec { # virtualization virtualisation = { libvirtd.enable = true; - libvirtd.qemuPackage = pkgs.qemu; virtualbox.host.enable = true; virtualbox.host.addNetworkInterface = true; docker.enable = true; @@ -294,14 +302,19 @@ rec { # Activation scripts for impure set up of paths in / system.activationScripts.bin = '' echo "setting up /bin..." - ln -sfn ${pkgs.bash}/bin/bash /tmp/.binbash - mv /tmp/.binbash /bin/bash + ln -sfT ${pkgs.bash}/bin/bash /bin/.bash + mv -Tf /bin/.bash /bin/bash ''; system.activationScripts.etcX11sessinos = '' echo "setting up /etc/X11/sessions..." mkdir -p /etc/X11 - [[ ! -L /etc/X11/sessions ]] || rm /etc/X11/sessions - ln -sf ${config.services.xserver.displayManager.session.desktops} /etc/X11/sessions + ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions + mv -Tf /etc/X11/.sessions /etc/X11/sessions + ''; + system.activationScripts.lib64 = '' + echo "setting up /lib64..." + mkdir -p /lib64 + ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2 + mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 ''; - } diff --git a/nixos-configuration/steveej-laptop/user.nix b/nixos-configuration/steveej-laptop/user.nix index 9cab86b..6d53acd 100644 --- a/nixos-configuration/steveej-laptop/user.nix +++ b/nixos-configuration/steveej-laptop/user.nix @@ -41,6 +41,11 @@ in hashedPassword = passwords.users.steveej2; }; + users.extraUsers.steveej3 = mkUser { + uid = 1002; + hashedPassword = passwords.users.steveej; + }; + security.pam.enableU2F = true; security.pam.services.steveej.u2fAuth = true; } diff --git a/nixos-configuration/vm-install-iso/Justfile b/nixos-configuration/vm-install-iso/Justfile new file mode 100644 index 0000000..bcd3c66 --- /dev/null +++ b/nixos-configuration/vm-install-iso/Justfile @@ -0,0 +1,2 @@ +build: + nix-build '' -A config.system.build.isoImage -I nixos-config=iso.nix diff --git a/nixos-configuration/vm-install-iso/iso.nix b/nixos-configuration/vm-install-iso/iso.nix new file mode 100644 index 0000000..a93f3d9 --- /dev/null +++ b/nixos-configuration/vm-install-iso/iso.nix @@ -0,0 +1,92 @@ +# This module defines a small NixOS installation CD. It does not +# contain any graphical stuff. +{config, pkgs, lib, ...}: + +let nixos-init-script = '' + #!${pkgs.stdenv.shell} + + export HOME=/root + export PATH=${pkgs.lib.makeBinPath [ + config.nix.package pkgs.systemd pkgs.gnugrep pkgs.gnused config.system.build.nixos-rebuild + config.system.build.nixos-install pkgs.utillinux pkgs.e2fsprogs pkgs.coreutils pkgs.hdparm + ]}:$PATH + export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels + + set -xe + + fdisk -w always -W always /dev/vda < + + # Provide an initial copy of the NixOS channel so that the user + # doesn't need to run "nix-channel --update" first. + # + ]; + + isoImage.isoName = lib.mkForce "${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso"; + boot.loader.timeout = lib.mkForce 0; + boot.postBootCommands = '' + ''; + + environment.systemPackages = []; + + users.users.root = { + openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4RFtHz0sE5y0AyZZm/tH7bBBgsx55gLPt5tGsl9yZlOzih6n4qbJE/9OOdwnOY2AHRe2lrlTekbW5ewWSBBCbiBE3Vux86sLgy7LM9zoKaNC+E3hmxaoS9SExn0BTkb3kNlOcj2k6UyJhkZWEsqVMV5C21R8EWmMlLY/qm3AxptNjOyzKDwNX2zlHZ5IyjgzO4ZjIxjawmJlUrVEn7/m+M7qK3I1Tyg/ZvDSfmxVJS97sVzseYE0rVwLEWJQOnHh0wnfl27smr2McAB7Cy6sxKyPKvEGyXbNqqb8fqk4okZlRRxhq/XkKlC7IZr+uqYxlL4HN8vjkTRNlgenDUSVT cardno:000604870382" ]; + }; + + services.gpm.enable = true; + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; + + systemd.services.nixos-init = { + script = nixos-init-script; + path = with pkgs; [ ]; + + description = "Initialize /dev/vda from configuration.nix found at /dev/vdb"; + enable = true; + + wantedBy = [ "multi-user.target" ]; + after = [ "multi-user.target" ]; + requires = [ "network-online.target" ]; + + restartIfChanged = false; + unitConfig.X-StopOnRemoval = false; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + }; +} diff --git a/pkg-configuration/vim-derivates/commonrc.nix b/pkg-configuration/vim-derivates/commonrc.nix index 05458a2..cfb9524 100644 --- a/pkg-configuration/vim-derivates/commonrc.nix +++ b/pkg-configuration/vim-derivates/commonrc.nix @@ -4,7 +4,8 @@ set nocompatible set mouse= " leader -let mapleader = '\' +let mapleader = ',' +let maplocalleader = ',' " save on ctrl-s nnoremap :w @@ -113,5 +114,11 @@ augroup ft_yaml augroup END " }}} +" markdown { +augroup filetypedetect + " gitit page files + au BufRead,BufNewFile *.page set filetype=markdown +augroup END +" } markdown '' diff --git a/pkg-configuration/vim-derivates/neovim.nix b/pkg-configuration/vim-derivates/neovim.nix index 49f199f..9bd7807 100644 --- a/pkg-configuration/vim-derivates/neovim.nix +++ b/pkg-configuration/vim-derivates/neovim.nix @@ -8,9 +8,11 @@ pkgs.neovim.override { configure = { # add custom .vimrc lines like this: customRC = (import ./commonrc.nix {}) + '' + let g:indent_guides_enable_on_vim_startup = 1 + " deoplete { - " let g:deoplete#enable_at_startup = 1 - " let g:deoplete#enable_smart_case = 1 + let g:deoplete#enable_at_startup = 1 + let g:deoplete#enable_smart_case = 1 " } '' + additionalRC; @@ -25,7 +27,10 @@ pkgs.neovim.override { "vim-colorschemes" "vim-colorstepper" "vim-signify" - # "deoplete-nvim" + "deoplete-nvim" + "fugitive" + "ctrlp" + "vim-indent-guides" ] ++ additionalPlugins; }; extraPythonPackages = []; diff --git a/derivations/pkgs/browserpass/default.nix b/pkgs/browserpass/default.nix similarity index 100% rename from derivations/pkgs/browserpass/default.nix rename to pkgs/browserpass/default.nix diff --git a/derivations/pkgs/nomad/default.nix b/pkgs/nomad/default.nix similarity index 100% rename from derivations/pkgs/nomad/default.nix rename to pkgs/nomad/default.nix diff --git a/derivations/pkgs/nozbe/default.nix b/pkgs/nozbe/default.nix similarity index 100% rename from derivations/pkgs/nozbe/default.nix rename to pkgs/nozbe/default.nix diff --git a/pkgs/staruml.nix b/pkgs/staruml.nix new file mode 100644 index 0000000..7886d1b --- /dev/null +++ b/pkgs/staruml.nix @@ -0,0 +1,57 @@ +{ stdenv, fetchurl, makeWrapper +, dpkg, patchelf +, gtk2, glib, gdk_pixbuf, alsaLib, nss, nspr, GConf, cups, libgcrypt, dbus, systemd +}: + +let + inherit (stdenv) lib; + LD_LIBRARY_PATH = lib.makeLibraryPath + [ glib gtk2 gdk_pixbuf alsaLib nss nspr GConf cups libgcrypt dbus ]; +in +stdenv.mkDerivation rec { + version = "2.8.1"; + name = "staruml-${version}"; + + src = + if stdenv.system == "i686-linux" then fetchurl { + url = "http://staruml.io/download/release/v${version}/StarUML-v${version}-32-bit.deb"; + sha256 = "0vb3k9m3l6pmsid4shlk0xdjsriq3gxzm8q7l04didsppg0vvq1n"; + } else fetchurl { + url = "https://s3.amazonaws.com/staruml-bucket/releases-v2/StarUML-v${version}-64-bit.deb"; + sha256 = "05gzrnlssjkhyh0wv019d4r7p40lxnsa1sghazll6f233yrqmxb0"; + }; + + buildInputs = [ dpkg ]; + + nativeBuildInputs = [ makeWrapper ]; + + unpackPhase = '' + mkdir pkg + dpkg-deb -x $src pkg + sourceRoot=pkg + ''; + + installPhase = '' + mkdir $out + mv opt/staruml $out/bin + + mkdir -p $out/lib + ln -s ${stdenv.cc.cc.lib}/lib/libstdc++.so.6 $out/lib/ + ln -s ${systemd.lib}/lib/libudev.so.1 $out/lib/libudev.so.0 + + for binary in StarUML Brackets-node; do + ${patchelf}/bin/patchelf \ + --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ + $out/bin/$binary + wrapProgram $out/bin/$binary \ + --prefix LD_LIBRARY_PATH : $out/lib:${LD_LIBRARY_PATH} + done + ''; + + meta = with stdenv.lib; { + description = "A sophisticated software modeler"; + homepage = http://staruml.io/; + license = licenses.unfree; + platforms = [ "i686-linux" "x86_64-linux" ]; + }; +} diff --git a/tests/buildvmwithbootloader/build-vm.nix b/tests/buildvmwithbootloader/build-vm.nix new file mode 100644 index 0000000..8347b45 --- /dev/null +++ b/tests/buildvmwithbootloader/build-vm.nix @@ -0,0 +1,32 @@ +{ system ? builtins.currentSystem +, vmPkgsPath +, buildPkgsPath +, nixosConfigPath +}: + +let + buildPkgs = import buildPkgsPath {}; + vmPkgs'= import vmPkgsPath {}; + vmPkgs = vmPkgs' // { + runtimeShell = "${vmPkgs'.bash}/${vmPkgs'.bash.shellPath}"; + }; + + importWithPkgs = { path, pkgs }: args: import path (args // { inherit pkgs; }); + + nixosConfig = importWithPkgs { path = "${nixosConfigPath}"; pkgs = vmPkgs; }; + vmConfig = importWithPkgs { path = "${buildPkgsPath}/nixos/modules/virtualisation/qemu-vm.nix"; pkgs = vmPkgs; }; + evalConfig = importWithPkgs { path = "${vmPkgsPath}/nixos/lib/eval-config.nix"; pkgs = null; }; + + vmWithBootLoaderConfigMixed = (evalConfig { + modules = [ + nixosConfig + vmConfig + { + virtualisation.useBootLoader = true; + } + + ]; + }).config; +in { + vmWithBootLoaderMixed = vmWithBootLoaderConfigMixed.system.build.vm; +} diff --git a/tests/buildvmwithbootloader/build-vm.sh b/tests/buildvmwithbootloader/build-vm.sh new file mode 100755 index 0000000..520e0c8 --- /dev/null +++ b/tests/buildvmwithbootloader/build-vm.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +set -x +rm *.qcow2 +rm result* +set -e + +BUILD_NIXPKGS="${BUILD_NIXPKGS:-${HOME}/src/github/NixOS/nixpkgs.dev}" +NIXOS_CONFIG="${NIXOS_CONFIG_OVERRIDE:-${PWD}/configuration.nix}" + +nix-build -K --show-trace build-vm.nix \ + --arg vmPkgsPath '' \ + --argstr buildPkgsPath "${BUILD_NIXPKGS}" \ + --argstr nixosConfigPath "${NIXOS_CONFIG}" \ + -A vmWithBootLoaderMixed + +./result/bin/run-*-vm diff --git a/tests/buildvmwithbootloader/configuration.nix b/tests/buildvmwithbootloader/configuration.nix new file mode 100644 index 0000000..874bea1 --- /dev/null +++ b/tests/buildvmwithbootloader/configuration.nix @@ -0,0 +1,38 @@ +{ pkgs, lib, ... }: +let + +in + +{ + boot.loader.grub = { + enable = true; + version = 2; + device = "/dev/vda"; + efiSupport = true; + enableCryptodisk = true; + }; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + + boot.initrd.luks.devices = [ { + name = "crypt"; + device = "/dev/disk/uuid/463d886d-7dfe-421b-8cef-f9af3a3fa09d"; + preLVM = true; + allowDiscards = true; + } + ]; + fileSystems."/" = { + label = "root"; + }; + + fileSystems."/boot" = { + label = "boot"; + }; + + boot.tmpOnTmpfs = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + + users.extraUsers.root.initialPassword = lib.mkForce "toorroot"; + users.mutableUsers = false; +} diff --git a/tests/buildvmwithbootloader/debug-vm.sh b/tests/buildvmwithbootloader/debug-vm.sh new file mode 100755 index 0000000..0d11067 --- /dev/null +++ b/tests/buildvmwithbootloader/debug-vm.sh @@ -0,0 +1,30 @@ +# /nix/store/lya9qyl9z5xb4vzdzh4vzcr7gfssk47z-qemu-host-cpu-only-for-vm-tests-2.12.0/bin/qemu-kvm \ +# -cpu \ +# kvm64 \ +# -name \ +# nixos \ +# -m \ +# 384 \ +# -smp \ +# 1 \ +# -device \ +# virtio-rng-pci \ +# -net \ +# nic,netdev=user.0,model=virtio \ +# -netdev \ +# user,id=user.0 \ +# -virtfs \ +# local,path=/nix/store,security_model=none,mount_tag=store \ +# -virtfs \ +# local,path=/tmp/nix-vm.j7eRAzkZvB/xchg,security_model=none,mount_tag=xchg \ +# -virtfs \ +# local,path=/tmp/nix-vm.j7eRAzkZvB/xchg,security_model=none,mount_tag=shared \ +# -drive \ +# index=1,id=drive2,file=/tmp/nix-vm.j7eRAzkZvB/disk.img,media=disk,if=virtio \ +# -drive \ +# index=0,id=drive1,file=/home/steveej/src/steveej/nix-expressions/nixos.qcow2,cache=writeback,werror=report,if=virtio \ + + +/nix/store/0i6fr8vv559a50w0vipvd22r0kkg1kx1-qemu-host-cpu-only-for-vm-tests-3.0.0/bin/qemu-kvm -cpu kvm64 -name nixos -m 384 -smp 1 -device virtio-rng-pci -net nic,netdev=user.0,model=virtio -netdev user,id=user.0 -virtfs local,path=/nix/store,security_model=none,mount_tag=store -virtfs local,path=/tmp/nix-vm.BXlbOnli8K/xchg,security_model=none,mount_tag=xchg -virtfs local,path=/tmp/nix-vm.BXlbOnli8K/xchg,security_model=none,mount_tag=shared \ + -drive index=1,id=drive2,file=/tmp/nix-vm.BXlbOnli8K/disk.img,media=disk,if=virtio \ + -drive index=0,id=drive1,file=/home/steveej/src/steveej/nix-expressions/tests/nixos.qcow2,cache=writeback,werror=report,if=virtio \ diff --git a/tests/buildvmwithbootloader/result b/tests/buildvmwithbootloader/result new file mode 120000 index 0000000..a5fdbfc --- /dev/null +++ b/tests/buildvmwithbootloader/result @@ -0,0 +1 @@ +/nix/store/xh6p394kh1bncmc3lr6l9fb81284ckhf-nixos-vm \ No newline at end of file diff --git a/tests/test-vm.nix b/tests/test-vm.nix new file mode 100644 index 0000000..d647b3c --- /dev/null +++ b/tests/test-vm.nix @@ -0,0 +1,7 @@ +{ lib, config, pkgs, fetchgit, ... }: +{ + boot.consoleLogLevel=6; + users.users.root.initialPassword = "root"; + systemd.services."serial-getty@ttyS0".enable = true; + networking.firewall.enable = false; +}