diff --git a/.git-crypt/keys/default/0/6F7069FE6B96E894E60EC45C6EEFA706CB17E89B.gpg b/.git-crypt/keys/default/0/6F7069FE6B96E894E60EC45C6EEFA706CB17E89B.gpg index fc0a498..9587742 100644 Binary files a/.git-crypt/keys/default/0/6F7069FE6B96E894E60EC45C6EEFA706CB17E89B.gpg and b/.git-crypt/keys/default/0/6F7069FE6B96E894E60EC45C6EEFA706CB17E89B.gpg differ diff --git a/.gitignore b/.gitignore index fe9ad7f..5e0fed2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ *.swp *.qcow2 .*.log +.env diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..4ab2b64 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,10 @@ +stages: + - build + +build: + stage: build + tags: + - nix + script: + # Test the nix-shell + - nix-shell --run "echo OK" diff --git a/Justfile b/Justfile index e26cd24..8e8aac4 100755 --- a/Justfile +++ b/Justfile @@ -1,14 +1,19 @@ _usage: just -l -_device action dir +moreargs="": +_get_nix_path versionsPath: + echo $(set -x; nix-build --no-link --show-trace {{invocation_directory()}}/nix/default.nix -A channelSources --argstr versionsPath {{versionsPath}} --argstr rebuildarg "dummy") + +_device recipe dir +moreargs="": #!/usr/bin/env bash set -ex - sudo $(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A {{action}} --argstr dir {{dir}} {{moreargs}}) + source $(just -v _get_nix_path {{invocation_directory()}}/{{dir}}/versions.nix) + $(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A recipes.{{recipe}} --argstr dir {{dir}} {{moreargs}}) _render_templates: #!/usr/bin/env bash set -ex + source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix) nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix _rebuild-device dir rebuildarg="dry-activate" +moreargs="": _render_templates @@ -16,6 +21,11 @@ _rebuild-device dir rebuildarg="dry-activate" +moreargs="": _render_templates set -ex just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} {{moreargs}} +rebuild-remote-device dir target rebuildarg="dry-activate" : + #!/usr/bin/env bash + set -ex + just -v _rebuild-device {{dir}} {{rebuildarg}} --argstr moreargs "'--target-host\ {{target}}'" + # Rebulid this device's NixOS rebuild-this-device rebuildarg="dry-activate": #!/usr/bin/env bash @@ -45,6 +55,7 @@ rebuild-this-device rebuildarg="dry-activate": if type home-manager > /dev/null 2>&1; then echo Rebuilding home in $(parse_hm_rebuildarg {{rebuildarg}})-mode... + source $(just -v _get_nix_path {{invocation_directory()}}/nix/os/devices/$(hostname -s)/versions.nix) if home-manager -v $(parse_hm_rebuildarg {{rebuildarg}}) > ${HOMEREBUILD_LOG} 2>&1 ; then echo Home rebuild successful else @@ -57,16 +68,34 @@ rebuild-this-device rebuildarg="dry-activate": # --argstr moreargs "\'-I nixos-unstable=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz\'" -# Update nix-channels and switch to updated NixOS and home environments -update-this-device: +# Update the channel versions and (by default) switch to new environment +update-this-device rebuild-mode='switch': #!/usr/bin/env bash - set -e + set -xe + + template=nix/os/devices/$(hostname -s)/versions.tmpl.nix + outfile=nix/os/devices/$(hostname -s)/versions.nix + + esh -o ${outfile} ${template} + if ! test "$(git diff ${outfile})"; then + echo Already on latest versions + exit 0 + fi + export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log + just -v rebuild-this-device dry-activate || { + echo ERROR: Update failed, reverting ${outfile}... + git checkout ${outfile} + exit 1 + } - echo Updating system channels... - sudo nix-channel --update - just -v rebuild-this-device switch + git commit -v ${outfile} -m "nix/os/devices/$(hostname -s): bump versions" + just -v rebuild-this-device {{rebuild-mode}} || { + echo WARNING: Rebuilding in {{rebuild-mode}}-mode failed + } + +# Iterate on a qtile config by running it inside Xephyr. (un-/grab the mouse with Ctrl + Shift-L) hm-iterate-qtile: #!/usr/bin/env bash set -xe @@ -82,6 +111,9 @@ hm-iterate-qtile: disk-prepare dir: just -v _device diskPrepare {{dir}} --argstr rebuildarg "dummy" +disk-relabel dir previous: + just -v _device diskRelabel {{dir}} --argstr rebuildarg "dummy" --argstr previousDiskId {{previous}} + # Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6' disk-mount dir: just -v _device diskMount {{dir}} --argstr rebuildarg "dummy" @@ -93,3 +125,75 @@ disk-umount dir: # Perform an offline installation on the mounted target disk, specified by device configuration directory disk-install dir: _render_templates just -v _device diskInstall {{dir}} --argstr rebuildarg "dummy" + +verify-n-unlock sshserver attempts="10": + #!/usr/bin/env bash + set -e + : ${VNCSOCK:?VNCSOCK must be set} + : ${VNCPW:?VNCPW must be set} + + export MAGICK_ARGS="-filter Catrom -density 72 -resample 300 -contrast -normalize -despeckle -type grayscale -sharpen 1 -posterize 3 -negate -gamma 100 -blur 1x65535" + export TESS_ARGS="-c debug_file=/dev/null --psm 4" + + function send() { + local what="${1:?need something to send}" + ssh -4 ${SSHOPTS:?need sshopts} root@{{sshserver}} "echo -e ${what}>> /dev/tty0" &>/dev/null + } + + function expect() { + local what="${1:?need something to expect}" + vncdo --server=${VNCSOCK} --password=${VNCPW} --disable-desktop-resizing --nocursor capture $PWD/screenshot.bmp + convert ${MAGICK_ARGS} screenshot.bmp screenshot.tiff + tesseract ${TESS_ARGS} screenshot.tiff screenshot + grep --quiet "${what}" screenshot.txt + } + + function send_and_expect() { + local send="${1:?need something to send}" + local expect="${2:?need something to expect}" + if ! send "${send}"; then + echo warning: cannot send > /dev/stderr + return -1 + fi + expect "${expect}" + } + + trap 'E=$?; set +e; rm screenshot.*; echo Exiting...; kill $(jobs -p | cut -d " " -f 4); exit $E' EXIT + + for i in `seq 1 {{attempts}}`; do + echo Attempt $i... + expect="$(pwgen -0 12)" + send="'\0033\0143'${expect}" + if send_and_expect "${send}" "${expect}"; then + pipe=$(mktemp -u) + mkfifo ${pipe} + exec 3<>${pipe} + rm ${pipe} + + echo Verification succeeded at attempt $i. Unlocking remote drive... + ssh -4 ${SSHOPTS} root@{{sshserver}} "cryptsetup-askpass" <&3 &>/dev/null & + eval ${GETPW} | head -n1 >&3 + + for j in `seq 1 120`; do + sleep 0.5 + if expect '— success'; then + echo Unlock successful. + exit 0 + fi + done + + echo Unlock failed... + exit 1 + fi + done + echo Verification failed {{attempts}} times. Giving up... + exit 1 + +_get_pass_entry path key: + pass show {{path}}| grep -E "^{{key}}:" | awk '{ print $2 }' + # jq -sR 'split("\n") | map(split(":"))' <(pass show Infrastructure/VPS/CFB4ED74 | grep -E "^[A-Za-z_]+:") + +run-with-channels +cmds: + #!/usr/bin/env bash + source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix) + {{cmds}} diff --git a/_archive/container-images/build.sh b/nix/container-images/build.sh similarity index 100% rename from _archive/container-images/build.sh rename to nix/container-images/build.sh diff --git a/_archive/container-images/default.nix b/nix/container-images/default.nix similarity index 100% rename from _archive/container-images/default.nix rename to nix/container-images/default.nix diff --git a/nix/default.nix b/nix/default.nix new file mode 100644 index 0000000..038994e --- /dev/null +++ b/nix/default.nix @@ -0,0 +1,26 @@ +{ versionsPath }: + +{ + channelSources = + let + # channelVersions = (import ((builtins.getEnv "PWD")+"/${dir}/versions.nix")); + channelVersions = (import versionsPath); + mkChannelSource = channel: builtins.fetchGit { + # Descriptive name to make the store path easier to identify + url = "https://github.com/NixOS/nixpkgs-channels/"; + # Commit hash for nixos-unstable as of 2018-09-12 + # `git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable` + ref = (builtins.getAttr channel channelVersions)."ref"; + rev = (builtins.getAttr channel channelVersions)."rev"; + name = "nixpkgs-channels-${channel}"; + }; + nix_path = builtins.foldl' (sum: elem: sum +":" + builtins.concatStringsSep "=" elem) "" [ + [ "nixpkgs" (mkChannelSource "channelsNixosStable") ] + [ "nixos" (mkChannelSource "channelsNixosStable" + "/nixos") ] + [ "channels-nixos-stable" (mkChannelSource "channelsNixosStable") ] + [ "channels-nixos-unstable" (mkChannelSource "channelsNixosUnstable") ] + ]; + in (import (mkChannelSource "channelsNixosStable") {}).writeText "channels.rc" '' + export NIX_PATH=${nix_path} + ''; + } diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 967d92b..ecd1850 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -4,7 +4,7 @@ let # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; - unstablepkgs = import { config = config.nixpkgs.config; }; + unstablepkgs = import { config = config.nixpkgs.config; }; in { imports = [ @@ -27,9 +27,11 @@ in { gnutls = true; }; + android_sdk.accept_license = true; + packageOverrides = pkgs: with pkgs; { myPython36 = python36Full.withPackages (ps: with ps; [ - pylint pep8 yapf flake8 + pep8 yapf flake8 # autopep8 (broken) # pylint (broken) ipython @@ -92,6 +94,7 @@ in { unstablepkgs.pijul gitless gitRepo + git-lfs # Cloud/Remote System Management google-cloud-sdk @@ -120,19 +123,13 @@ in { # Password Management gnupg + yubikey-manager yubikey-neo-manager yubikey-personalization yubikey-personalization-gui gnome3.gnome_keyring gnome3.seahorse - # Security - tpm-tools - tpmmanager - - # Web Browsers - links2 - # Language Support hunspellDicts.en-us hunspellDicts.de-de @@ -142,7 +139,7 @@ in { hexchat aspellDicts.en aspellDicts.de - unstablepkgs.skype + skype zoom-us unstablepkgs.bluejeans-gui thunderbird @@ -152,10 +149,10 @@ in { # Virtualization virtmanager - qemu + (pkgs.lib.hiPrio qemu) # virtualbox vagrant - unstablepkgs.rkt + rkt python27Packages.docker_compose # unstablepkgs.kubernetes unstablepkgs.minikube @@ -189,6 +186,8 @@ in { iperf bind socat + linssid + iptraf-ng # samba iptables @@ -230,12 +229,12 @@ in { # Modelling Tools - plantuml - umlet + # plantuml + # umlet staruml - eclipses.eclipse-modeling - dia - astah-community + # eclipses.eclipse-modeling + # dia + # astah-community # Misc Development Tools qrcode @@ -293,12 +292,13 @@ in { # s3ql # rclone rsync + duplicacy # Filesystem Tools ntfs3g ddrescue ncdu - unstablepkgs.woeusb + woeusb unetbootin pcmanfm hdparm @@ -328,11 +328,11 @@ in { androidsdk ## Java - jre - openjdk + # jre + # openjdk ## Ruby - ruby + # ruby ## Python myPython36 @@ -342,8 +342,6 @@ in { nodejs-8_x npm2nix emscripten - etcd - sigal # Code generators unstablepkgs.swagger-codegen @@ -352,7 +350,6 @@ in { ltunify solaar dex - roxterm # kitty busyboxStatic xorg.xbacklight @@ -367,14 +364,14 @@ in { glib.dev # contains gdbus tool # Screen recording - gtk-recordmydesktop # can't select the window - qt-recordmydesktop - vokoscreen - shutter + # gtk-recordmydesktop # can't select the window + # qt-recordmydesktop + # vokoscreen + # shutter # kazam # doesn't start # xvidcap # doesn't keep the recording rectangle obs-studio - shotcut - openshot-qt + # shotcut + # openshot-qt ]); } diff --git a/nix/home-manager/configuration/graphical-removable.nix b/nix/home-manager/configuration/graphical-removable.nix index aade69f..2c11681 100644 --- a/nix/home-manager/configuration/graphical-removable.nix +++ b/nix/home-manager/configuration/graphical-removable.nix @@ -3,7 +3,8 @@ ... }: let - unstablepkgs = import { config = config.nixpkgs.config; }; + unstablepkgs = import { config = config.nixpkgs.config; }; + in { imports = [ ../profiles/common.nix @@ -25,6 +26,8 @@ in { gnutls = true; }; + android_sdk.accept_license = true; + packageOverrides = pkgs: with pkgs; { myPython36 = python36Full.withPackages (ps: with ps; [ pylint pep8 yapf flake8 @@ -52,9 +55,6 @@ in { }; }; - # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; - # unstablepkgs = import { config = { allowUnfree = true; }; }; - home.sessionVariables = { }; @@ -147,5 +147,8 @@ in { myPython36 busyboxStatic + + # Virtualization + virtmanager ]); } diff --git a/nix/home-manager/configuration/text-minimal.txt b/nix/home-manager/configuration/text-minimal.txt index 42bb7e8..79d653d 100644 --- a/nix/home-manager/configuration/text-minimal.txt +++ b/nix/home-manager/configuration/text-minimal.txt @@ -22,5 +22,6 @@ in { home.packages = [] ++ (with pkgs; [ + iperf3 ]); } diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index e0d029a..4077ab5 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -27,6 +27,7 @@ in { }; just = pkgs.callPackage ../../pkgs/just.nix {}; + duplicacy = pkgs.callPackage ../../pkgs/duplicacy {}; }; }; diff --git a/nix/home-manager/profiles/nix-channels.nix b/nix/home-manager/profiles/nix-channels.nix index faa9984..4a0eebe 100644 --- a/nix/home-manager/profiles/nix-channels.nix +++ b/nix/home-manager/profiles/nix-channels.nix @@ -6,14 +6,16 @@ let in { home.file.".nix-channels".text = '' - https://nixos.org/channels/nixos-18.09 nixos - https://nixos.org/channels/nixos-unstable nixos-unstable ''; home.activation.removeExistingNixChannels = config.lib.dag.entryBefore ["checkLinkTargets"] '' $DRY_RUN_CMD ${pkgs.writeScript "activation-script" '' set -ex if test -f $HOME/.nix-channels; then + echo Uninstalling available channels... + while read url channel; do + nix-channel --remove $channel + done < $HOME/.nix-channel echo Moving existing file away... touch $HOME/.nix-channels.dummy mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix index 97d4f26..e1c31b3 100644 --- a/nix/home-manager/profiles/qtile-desktop.nix +++ b/nix/home-manager/profiles/qtile-desktop.nix @@ -13,7 +13,7 @@ let pulseaudio findutils gnugrep ]}:$PATH - export MUTEFILE=''${TEMPDIR:-/tmp}./.qtilemute + export MUTEFILE=''${TEMPDIR:-/tmp}/.qtilemute case $1 in mute) newstate=$(( $(cat $MUTEFILE || echo 0 ) ^ 1 )) @@ -203,9 +203,9 @@ for i in range(0, screens_count+1): widget.WindowName(), widget.Prompt(), widget.CPUGraph(), - widget.MemoryGraph(), - widget.NetGraph(bandwidth_type='down'), - widget.NetGraph(bandwidth_type='up'), + widget.Memory(), + widget.Net(interface='eth0'), + widget.Net(interface='wlan0'), widget.Clock(format='%Y-%m-%d %a %I:%M %p'), ] if i is 0: @@ -282,6 +282,12 @@ in { ${pkgs.autorandr}/bin/autorandr -c ${pkgs.feh}/bin/feh --bg-scale ${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png ''; + + pointerCursor = { + name = "Vanilla-DMZ-AA"; + package = pkgs.vanilla-dmz; + size = 32; + }; }; home.packages = with pkgs; [ diff --git a/nix/home-manager/programs/firefox.nix b/nix/home-manager/programs/firefox.nix index b49b51e..89d436f 100644 --- a/nix/home-manager/programs/firefox.nix +++ b/nix/home-manager/programs/firefox.nix @@ -1,5 +1,5 @@ -{ -... +{ pkgs +, ... }: { @@ -15,5 +15,7 @@ "firefox" ]; }; + + home.file.".mozilla/native-messaging-hosts/passff.json".source = "${pkgs.passff-host}/share/passff-host/passff.json"; } diff --git a/nix/home-manager/programs/neovim.nix b/nix/home-manager/programs/neovim.nix index 8b5a343..1c250ae 100644 --- a/nix/home-manager/programs/neovim.nix +++ b/nix/home-manager/programs/neovim.nix @@ -3,7 +3,7 @@ }: let - unstablepkgs = import {}; + unstablepkgs = import {}; in { home.sessionVariables = { @@ -54,6 +54,17 @@ in { buildInputs = [ zip vim ]; }; + vim-yaml = vimUtils.buildVimPlugin { + name = "vim-yaml"; + src = fetchFromGitHub { + owner = "stephpy"; + repo = "vim-yaml"; + rev = "e97e063b16eba4e593d620676a0a15fa98613979"; + sha256 = "0vqahbrnr43lxanpziyrmzaqqb3cmyny8ry1xvmy2xyd1larzfrk"; + }; + }; + + vim-markdown-toc = vimUtils.buildVimPlugin { name = "vim-markdown-toc"; src = fetchFromGitHub { @@ -88,6 +99,7 @@ in { default = [ "delimitMate" "vim-airline" + "vim-airline-themes" "ctrlp" "vim-css-color" "rainbow_parentheses" @@ -123,6 +135,7 @@ in { # YAML "yaml-folds" + "vim-yaml" # Perl # "vim-perl" diff --git a/nix/home-manager/programs/neovim/vimrc b/nix/home-manager/programs/neovim/vimrc index f1742e2..7b3ed3f 100644 --- a/nix/home-manager/programs/neovim/vimrc +++ b/nix/home-manager/programs/neovim/vimrc @@ -53,14 +53,18 @@ let g:ctrlp_custom_ignore = { "let g:ctrlp_match_func = { 'match': 'pymatcher#PyMatch' } "let g:pydiction_location = '~/.vim/bundle/pydiction/complete-dict' -" allways show status line +" always show status line set ls=2 +" let g:airline#extensions#tabline#formatter = 'default' +" let g:airline#extensions#tabline#enabled=1 +let g:airline_theme='papercolor' set tabstop=4 set shiftwidth=4 set softtabstop=4 set expandtab "set textwidth=80 + set backspace=indent,eol,start set wildignore+=*/site/*,*.so,*.swp,*.zip @@ -111,6 +115,7 @@ au Syntax * RainbowParenthesesLoadBraces " } set t_ut= +set background=light colorscheme PaperColor " Python {{{ @@ -124,7 +129,7 @@ augroup END " YAML {{{ augroup ft_yaml au! -setlocal autoindent sw=2 et tabstop=2 shiftwidth=2 softtabstop=2 +setlocal tabstop=2 shiftwidth=2 softtabstop=2 expandtab augroup END " }}} diff --git a/nix/home-manager/programs/zsh.nix b/nix/home-manager/programs/zsh.nix index 54eda37..330d949 100644 --- a/nix/home-manager/programs/zsh.nix +++ b/nix/home-manager/programs/zsh.nix @@ -4,6 +4,9 @@ }: let + channelSources = (import ../../default.nix { + versionsPath = ../../variables/versions.nix; + }).channelSources; in { programs.zsh = { enable = true; @@ -34,6 +37,8 @@ in { # don't cd into directories when executed unsetopt AUTO_CD + + source ${channelSources} ''; sessionVariables = { diff --git a/nix/os/devices/CFB4ED74/boot.nix b/nix/os/devices/CFB4ED74/boot.nix new file mode 100644 index 0000000..18fcc13 --- /dev/null +++ b/nix/os/devices/CFB4ED74/boot.nix @@ -0,0 +1,8 @@ +{ lib +, ... +}: + +{ + boot.loader.grub.efiSupport = lib.mkForce false; + boot.extraModulePackages = [ ]; +} diff --git a/nix/os/devices/CFB4ED74/configuration.nix b/nix/os/devices/CFB4ED74/configuration.nix new file mode 100644 index 0000000..2239b54 --- /dev/null +++ b/nix/os/devices/CFB4ED74/configuration.nix @@ -0,0 +1,16 @@ +{ ... }: + +{ + disabledModules = [ + "services/continuous-integration/gitlab-runner.nix" + ]; + imports = [ + ../../profiles/common/configuration.nix + ../../modules/encryptedDisk.nix + ../../modules/gitlab-runner.nix + + ./system.nix + ./hw.nix + ./pkg.nix + ]; +} diff --git a/nix/os/devices/CFB4ED74/hw.nix b/nix/os/devices/CFB4ED74/hw.nix new file mode 100644 index 0000000..7a04340 --- /dev/null +++ b/nix/os/devices/CFB4ED74/hw.nix @@ -0,0 +1,30 @@ +{ ... }: + +let + stage1Modules = [ + "aesni_intel" + "kvm-intel" + "aes_x86_64" + + "virtio_balloon" + "virtio_scsi" + "virtio_net" + "virtio_pci" + "virtio_ring" + "virtio" + "scsi_mod" + ]; + +in +{ + # TASK: new device + hardware.encryptedDisk = { + enable = true; + diskId = "scsi-0QEMU_QEMU_HARDDISK_drive-scsi0"; + }; + + boot.initrd.availableKernelModules = stage1Modules; + boot.initrd.kernelModules = stage1Modules; + boot.extraModprobeConfig = '' + ''; +} diff --git a/nix/os/devices/CFB4ED74/pkg.nix b/nix/os/devices/CFB4ED74/pkg.nix new file mode 100644 index 0000000..0964d90 --- /dev/null +++ b/nix/os/devices/CFB4ED74/pkg.nix @@ -0,0 +1,58 @@ +{ config +, pkgs +, lib +, ... +}: + +{ + home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.txt; + + services.syncthing = { + enable = true; + openDefaultPorts = true; + }; + + services.hydra = { + enable = true; + hydraURL = "http://localhost:3000"; # externally visible URL + notificationSender = "hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service + # a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines + buildMachinesFiles = []; + # you will probably also want, otherwise *everything* will be built from scratch + useSubstitutes = true; + }; + + nix.buildMachines = [ + { hostName = "localhost"; + system = "x86_64-linux"; + supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; + maxJobs = 4; + } + ]; + + services.gitlab-runner = { + enable = true; + + packages = with pkgs; [ + bash + gitlab-runner + nix + gitFull + git-crypt + ]; + + configFile = let + nixRunnerToken = "/etc/secrets/gitlab-runner/nix-runner.token"; + in pkgs.writeText "config.toml" '' + concurrent = 2 + check_interval = 0 + [[runners]] + name = "nix-runner" + url = "https://gitlab.com" + token = "<% sed -z 's/[\n\s]//g' ${nixRunnerToken} %>" + executor = "shell" + shell = "bash" + [runners.cache] + ''; + }; +} diff --git a/nix/os/devices/CFB4ED74/system.nix b/nix/os/devices/CFB4ED74/system.nix new file mode 100644 index 0000000..257996d --- /dev/null +++ b/nix/os/devices/CFB4ED74/system.nix @@ -0,0 +1,60 @@ +{ pkgs +, lib +, config +, ... }: + +let + keys = import ../../../variables/keys.nix; + +in { + # TASK: new device + networking.hostName = "contabo1"; # Define your hostname. + networking.domain = "bootstrap.clusters.stefanjunker.de"; + + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ + # iperf3 + 5201 + ]; + + networking.useDHCP = true; + networking.usePredictableInterfaceNames = false; + networking.interfaces.eth0 = { + ipv6.addresses = [ + { address = "2a02:c207:3003:2387::1"; prefixLength = 64; } + ]; + }; + networking.defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + + # Kubernetes + # services.kubernetes.roles = ["master" "node"]; + + # virtualization + virtualisation = { + docker.enable = true; + }; + + services.spice-vdagentd.enable = true; + services.qemuGuest.enable = true; + + boot.initrd.network = { + enable = true; + udhcpc.extraArgs = [ "-x hostname:${config.networking.hostName}" ]; + + ssh = { + enable = true; + authorizedKeys = keys.users.steveej.openssh; + }; + }; + + boot.initrd.postMountCommands = '' + for iface in $(cd /sys/class/net && ls); do + echo "Bringing down $iface..." + ip address flush dev $iface + ip link set $iface down + done + ''; +} diff --git a/nix/os/devices/CFB4ED74/versions.nix b/nix/os/devices/CFB4ED74/versions.nix new file mode 100644 index 0000000..207c7c8 --- /dev/null +++ b/nix/os/devices/CFB4ED74/versions.nix @@ -0,0 +1,10 @@ +{ + channelsNixosStable = { + ref = "nixos-18.09"; + rev = "c2950341d038995bf46a7b72db961bb3d3e9ac12"; + }; + channelsNixosUnstable = { + ref = "nixos-unstable"; + rev = "44b02b52ea6a49674f124f50009299f192ed78bb"; + }; +} diff --git a/nix/os/devices/default.nix b/nix/os/devices/default.nix index aef8f58..932f730 100644 --- a/nix/os/devices/default.nix +++ b/nix/os/devices/default.nix @@ -1,16 +1,15 @@ -{ pkgs ? import {} +{ pkgs ? import {} , ownLib ? import ../lib/default.nix { } , dir , rebuildarg , moreargs ? "" , diskId ? (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId , gitRoot ? "$(git rev-parse --show-toplevel)" +, previousDiskId ? "" }: let - mntRootVol="/mnt/${diskId}-root"; - -in rec { + rebuildargsSudo = [ "switch" "boot" ]; rebuild = pkgs.writeScript "script" '' #!/usr/bin/env bash set -xe @@ -20,115 +19,22 @@ in rec { [[ -e "''${NIXOS_CONFIG}" ]] - nixos-rebuild -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs} + ${if (builtins.elem rebuildarg rebuildargsSudo) + && builtins.match ".*--target-host.*" moreargs == null + then + "sudo -E \\" + else + "" + } + nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs} if test -L result; then rm result fi ''; - diskMount = pkgs.writeScript "script" '' - #!/usr/bin/env bash - set -xe - echo Mounting ${diskId} - cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId} - vgchange -ay ${ownLib.disk.volumeGroup diskId} - mkdir -p /mnt - mkdir ${mntRootVol} - mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol} - mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}/nixos/home -o subvol=home - mount ${ownLib.disk.bootFsDevice diskId} ${mntRootVol}/nixos/boot - ''; - diskUmount = pkgs.writeScript "script" '' - #!/usr/bin/env bash - set -xe - umount -R ${mntRootVol} - rmdir ${mntRootVol} - vgchange -an ${ownLib.disk.volumeGroup diskId} - cryptsetup luksClose ${ownLib.disk.luksName diskId} - sync - ''; - - diskInstall = pkgs.writeScript "script" '' - #!/usr/bin/env bash - set -xe - pushd ${gitRoot}/${dir} - export NIXOS_CONFIG="$PWD"/configuration.nix - - [[ -e "''${NIXOS_CONFIG}" ]] - [[ -e "${mntRootVol}/nixos" ]] - - nixos-install --max-jobs 5 --cores 4 --no-root-passwd --root ${mntRootVol}/nixos - ''; - - diskPrepare = pkgs.writeScript "script" '' - #!/usr/bin/env bash - set -xe - - read -p "Continue to format ${ownLib.disk.bootGrubDevice diskId} (YES/n)?" choice - case "$choice" in - YES ) echo "Continuing in 3 seconds..."; sleep 3;; - n|N ) echo "Exiting..."; exit 0;; - * ) echo "Exiting..."; exit 1;; - esac - - # Partition - sync - { - fdisk -w always -W always ${ownLib.disk.bootGrubDevice diskId} < { config = config.nixpkgs; }; + unstablepkgs = import { config = config.nixpkgs; }; in { # The NixOS release to be compatible with for stateful data such as databases. diff --git a/nix/os/devices/steveej-laptop/versions.nix b/nix/os/devices/steveej-laptop/versions.nix new file mode 100644 index 0000000..52734ca --- /dev/null +++ b/nix/os/devices/steveej-laptop/versions.nix @@ -0,0 +1,10 @@ +{ + channelsNixosStable = { + ref = "nixos-18.09"; + rev = "7e88992a8c7b2de0bcb89182d8686b27bd93e46a"; + }; + channelsNixosUnstable = { + ref = "nixos-unstable"; + rev = "44b02b52ea6a49674f124f50009299f192ed78bb"; + }; +} diff --git a/nix/os/devices/steveej-rmvbl-sduusb3128g/versions.nix b/nix/os/devices/steveej-rmvbl-sduusb3128g/versions.nix new file mode 100644 index 0000000..19d8582 --- /dev/null +++ b/nix/os/devices/steveej-rmvbl-sduusb3128g/versions.nix @@ -0,0 +1,10 @@ +{ + channelsNixosStable = { + ref = "nixos-18.09"; + rev = "c2950341d038995bf46a7b72db961bb3d3e9ac12"; + }; + channelsNixosUnstable = { + ref = "nixos-unstable"; + rev = "eebd1a9263716a04689a37b6537e50801d376b5e"; + }; +} diff --git a/nix/os/devices/steveej-t480s-work/configuration.nix b/nix/os/devices/steveej-t480s-work/configuration.nix index 6fd394a..a7700f1 100644 --- a/nix/os/devices/steveej-t480s-work/configuration.nix +++ b/nix/os/devices/steveej-t480s-work/configuration.nix @@ -1,7 +1,13 @@ { ... }: { + disabledModules = [ + "system/boot/initrd-network.nix" + ]; + imports = [ + ../../modules/initrd-network.nix + ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix ../../modules/encryptedDisk.nix diff --git a/nix/os/devices/steveej-t480s-work/hw.nix b/nix/os/devices/steveej-t480s-work/hw.nix index d8b4ab8..a5ed9af 100644 --- a/nix/os/devices/steveej-t480s-work/hw.nix +++ b/nix/os/devices/steveej-t480s-work/hw.nix @@ -7,6 +7,12 @@ let "aes_x86_64" "nvme" "nvme_core" + + "pcieport" + "thunderbolt" + "e1000e" + "xhci_pci" + "hxci_hcd" ]; in @@ -14,7 +20,7 @@ in # TASK: new device hardware.encryptedDisk = { enable = true; - diskId = "nvme-SAMSUNG_MZVLW256HEHP-000L7_S35ENX0K827498"; + diskId = "nvme-Samsung_SSD_970_PRO_1TB_S462NF0K904663D"; }; # boot.initrd.availableKernelModules = stage1Modules; @@ -25,4 +31,6 @@ in options kvm-intel enable_apicv=1 options kvm-intel ept=1 ''; + + hardware.brightnessctl.enable = false; } diff --git a/nix/os/devices/steveej-t480s-work/pkg.nix b/nix/os/devices/steveej-t480s-work/pkg.nix index 0bbf536..fa0e20a 100644 --- a/nix/os/devices/steveej-t480s-work/pkg.nix +++ b/nix/os/devices/steveej-t480s-work/pkg.nix @@ -4,4 +4,5 @@ { home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix; + services.teamviewer.enable = true; } diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix index a44044f..0d95cd7 100644 --- a/nix/os/devices/steveej-t480s-work/system.nix +++ b/nix/os/devices/steveej-t480s-work/system.nix @@ -1,16 +1,18 @@ { pkgs , lib +, config , ... }: -{ +let + keys = import ../../../variables/keys.nix; +in { + # TASK: new device networking.hostName = "steveej-t480s-work"; # Define your hostname. - # Used for testing local Tectonic clusters + # Used for testing local Openshift clusters environment.etc."NetworkManager/dnsmasq.d/tectonic.conf".text = '' - server=/tt.testing/192.168.124.1 - server=/tectonic-ci.de/192.168.124.1 - server=/tectonic-ci.lan/192.168.124.1 + server=/openshift.testing/192.168.126.1 ''; networking.firewall.enable = lib.mkForce false; networking.firewall.checkReversePath = false; @@ -30,21 +32,42 @@ ]; }; -# TODO: get external fingerprint reader -# services.fprintd.enable = true; -# security.pam.services = { -# login.fprintAuth = true; -# sudo.fprintAuth = true; -# }; + services.fprintd.enable = true; + security.pam.services = { + login.fprintAuth = true; + sudo.fprintAuth = true; + }; # Kubernetes # services.kubernetes.roles = ["master" "node"]; # virtualization virtualisation = { - libvirtd.enable = true; + libvirtd = { + enable = true; + extraOptions = [ + "--listen" + ]; + extraConfig = '' + listen_tls = 0 + listen_tcp = 1 + auth_tcp="none" + tcp_port = "16509" + ''; + }; virtualbox.host.enable = true; virtualbox.host.addNetworkInterface = true; docker.enable = true; }; + + boot.initrd.network = { + enable = true; + useDHCP = true; + udhcpc.extraArgs = [ "-x hostname:${config.networking.hostName}" ]; + + ssh = { + enable = true; + authorizedKeys = keys.users.steveej.openssh; + }; + }; } diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix new file mode 100644 index 0000000..027884a --- /dev/null +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -0,0 +1,10 @@ +{ + channelsNixosStable = { + ref = "nixos-18.09"; + rev = "97e0d53d669cd07f0750a42fd535524b3cdd46d1"; + }; + channelsNixosUnstable = { + ref = "nixos-unstable"; + rev = "be445a9074f139d63e704fa82610d25456562c3d"; + }; +} diff --git a/nix/os/devices/steveej-t480s-work/versions.tmpl.nix b/nix/os/devices/steveej-t480s-work/versions.tmpl.nix new file mode 100644 index 0000000..655e1b1 --- /dev/null +++ b/nix/os/devices/steveej-t480s-work/versions.tmpl.nix @@ -0,0 +1,10 @@ +{ + channelsNixosStable = { + ref = "nixos-18.09"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-18.09 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; + channelsNixosUnstable = { + ref = "nixos-unstable"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>"; + }; +} diff --git a/nix/os/modules/gitlab-runner.nix b/nix/os/modules/gitlab-runner.nix new file mode 100644 index 0000000..6091350 --- /dev/null +++ b/nix/os/modules/gitlab-runner.nix @@ -0,0 +1,149 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.gitlab-runner; + configFile = + if (cfg.configFile == null) then + (pkgs.runCommand "config.toml" { + buildInputs = [ pkgs.remarshal ]; + } '' + remarshal -if json -of toml \ + < ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \ + > $out + '') + else + cfg.configFile; + hasDocker = config.virtualisation.docker.enable; +in +{ + options.services.gitlab-runner = { + enable = mkEnableOption "Gitlab Runner"; + + configFile = mkOption { + default = null; + description = '' + Configuration file for gitlab-runner. + Use this option in favor of configOptions to avoid placing CI tokens in the nix store. + + takes precedence over . + + Warning: Not using will potentially result in secrets + leaking into the WORLD-READABLE nix store. + ''; + type = types.nullOr types.path; + }; + + configOptions = mkOption { + description = '' + Configuration for gitlab-runner + will take precedence over this option. + + Warning: all Configuration, especially CI token, will be stored in a + WORLD-READABLE file in the Nix Store. + + If you want to protect your CI token use instead. + ''; + type = types.attrs; + example = { + concurrent = 2; + runners = [{ + name = "docker-nix-1.11"; + url = "https://CI/"; + token = "TOKEN"; + executor = "docker"; + builds_dir = ""; + docker = { + host = ""; + image = "nixos/nix:1.11"; + privileged = true; + disable_cache = true; + cache_dir = ""; + }; + }]; + }; + }; + + gracefulTermination = mkOption { + default = false; + type = types.bool; + description = '' + Finish all remaining jobs before stopping, restarting or reconfiguring. + If not set gitlab-runner will stop immediatly without waiting for jobs to finish, + which will lead to failed builds. + ''; + }; + + gracefulTimeout = mkOption { + default = "infinity"; + type = types.str; + example = "5min 20s"; + description = ''Time to wait until a graceful shutdown is turned into a forceful one.''; + }; + + workDir = mkOption { + default = "/var/lib/gitlab-runner"; + type = types.path; + description = "The working directory used"; + }; + + package = mkOption { + description = "Gitlab Runner package to use"; + default = pkgs.gitlab-runner; + defaultText = "pkgs.gitlab-runner"; + type = types.package; + example = literalExample "pkgs.gitlab-runner_1_11"; + }; + + packages = mkOption { + default = [ pkgs.bash pkgs.docker-machine ]; + defaultText = "[ pkgs.bash pkgs.docker-machine ]"; + type = types.listOf types.package; + description = '' + Packages to add to PATH for the gitlab-runner process. + ''; + }; + + }; + + config = mkIf cfg.enable { + systemd.services.gitlab-runner = { + path = cfg.packages; + environment = config.networking.proxy.envVars; + description = "Gitlab Runner"; + after = [ "network.target" ] + ++ optional hasDocker "docker.service"; + requires = optional hasDocker "docker.service"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "gitlab-runner"; + Group = "gitlab-runner"; + WorkingDirectory = cfg.workDir; + ExecStart = ''/usr/bin/env bash -c "exec ${cfg.package.bin}/bin/gitlab-runner run \ + --working-directory ${cfg.workDir} \ + --config <(${pkgs.esh}/bin/esh -o - -- ${configFile}) \ + --service gitlab-runner \ + "''; + + } // optionalAttrs (cfg.gracefulTermination) { + TimeoutStopSec = "${cfg.gracefulTimeout}"; + KillSignal = "SIGQUIT"; + KillMode = "process"; + }; + }; + + # Make the gitlab-runner command availabe so users can query the runner + environment.systemPackages = [ cfg.package ]; + + users.users.gitlab-runner = { + group = "gitlab-runner"; + extraGroups = optional hasDocker "docker"; + uid = config.ids.uids.gitlab-runner; + home = cfg.workDir; + createHome = true; + }; + + users.groups.gitlab-runner.gid = config.ids.gids.gitlab-runner; + }; +} diff --git a/nix/os/modules/initrd-network.nix b/nix/os/modules/initrd-network.nix new file mode 100644 index 0000000..4c9da89 --- /dev/null +++ b/nix/os/modules/initrd-network.nix @@ -0,0 +1,129 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.boot.initrd.network; + + udhcpcScript = pkgs.writeScript "udhcp-script" + '' + #! /bin/sh + if [ "$1" = bound ]; then + ip address add "$ip/$mask" dev "$interface" + if [ -n "$router" ]; then + ip route add "$router" dev "$interface" # just in case if "$router" is not within "$ip/$mask" (e.g. Hetzner Cloud) + ip route add default via "$router" dev "$interface" + fi + if [ -n "$dns" ]; then + rm -f /etc/resolv.conf + for i in $dns; do + echo "nameserver $dns" >> /etc/resolv.conf + done + fi + fi + ''; + + udhcpcArgs = toString cfg.udhcpc.extraArgs; + +in + +{ + + options = { + + boot.initrd.network.enable = mkOption { + type = types.bool; + default = false; + description = '' + Add network connectivity support to initrd. The network may be + configured using the ip kernel parameter, + as described in the + kernel documentation. Otherwise, if + is enabled, an IP address + is acquired using DHCP. + + You should add the module(s) required for your network card to + boot.initrd.availableKernelModules. lspci -v -s <ethernet controller> + will tell you which. + ''; + }; + + boot.initrd.network.udhcpc.extraArgs = mkOption { + default = []; + type = types.listOf types.str; + description = '' + Additional command-line arguments passed verbatim to udhcpc if + and + are enabled. + ''; + }; + + boot.initrd.network.postCommands = mkOption { + default = ""; + type = types.lines; + description = '' + Shell commands to be executed after stage 1 of the + boot has initialised the network. + ''; + }; + + boot.initrd.network.useDHCP = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable DHCP for the network interfaces. + ''; + }; + + }; + + config = mkIf cfg.enable { + + warnings = [ "Enabled SSH for stage1" ]; + + boot.initrd.kernelModules = [ "af_packet" ]; + + boot.initrd.extraUtilsCommands = '' + copy_bin_and_libs ${pkgs.mkinitcpio-nfs-utils}/bin/ipconfig + ''; + + boot.initrd.preLVMCommands = mkBefore ( + # Search for interface definitions in command line. + '' + for o in $(cat /proc/cmdline); do + case $o in + ip=*) + ipconfig $o && hasNetwork=1 + ;; + esac + done + '' + + # Otherwise, use DHCP. + + optionalString cfg.useDHCP '' + if [ -z "$hasNetwork" ]; then + + # Bring up all interfaces. + for iface in $(cd /sys/class/net && ls); do + echo "bringing up network interface $iface..." + ip link set "$iface" up + done + + # Acquire a DHCP lease. + echo "acquiring IP address via DHCP..." + udhcpc --quit --now --script ${udhcpcScript} ${udhcpcArgs} && hasNetwork=1 + fi + '' + + + '' + if [ -n "$hasNetwork" ]; then + echo "networking is up!" + ${cfg.postCommands} + fi + ''); + + }; + +} diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index d7a596f..b00e912 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -65,25 +65,7 @@ mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 ''; - programs.zsh = { - enable = false; -# TODO: basic zsh config -# enableAutosuggestions = true; # enableCompletion = true; -# syntaxHighlighting.enable = true; -# syntaxHighlighting.patterns = {}; -# ohMyZsh = { -# enable = true; -# theme = "tjkirch"; -# }; -# promptInit = '' -# autoload -U promptinit -# promptinit -# ZSH_THEME_GIT_PROMPT_PREFIX='@ ' -# PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f %F{magenta}$(git_prompt_info)%f -#%_%F{%(!.red.green)}$(prompt_char)%f ' -# RPROMPT="" -# ''; -# interactiveShellInit = '' -# ''; - }; + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + environment.pathsToLink = [ "/share/zsh" ]; } diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index a924cf8..5a23113 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -14,10 +14,9 @@ "interface-name:*cni*" ]; }; - services.resolved.enable = false; + networking.usePredictableInterfaceNames = false; - users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = [ "/share/zsh" ]; + services.resolved.enable = false; # hardware related services services.illum.enable = true; diff --git a/nix/os/profiles/removable-medium/system.nix b/nix/os/profiles/removable-medium/system.nix index 92fc62c..fccfc9e 100644 --- a/nix/os/profiles/removable-medium/system.nix +++ b/nix/os/profiles/removable-medium/system.nix @@ -12,7 +12,7 @@ in { services.qemuGuest.enable = true; virtualisation = { - libvirtd.enable = false; + libvirtd.enable = true; virtualbox.host.enable = false; docker.enable = true; }; diff --git a/nix/scripts/pre-eval-fixed.sh b/nix/scripts/pre-eval-fixed.sh index 0b22a4f..314346f 100755 --- a/nix/scripts/pre-eval-fixed.sh +++ b/nix/scripts/pre-eval-fixed.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash +set -xe INFILE="${1:?Please set arg1 to INFILE}" OUTFILE="${2:?Please set arg2 to OUTFILE}" -hash=$(nix-build ${INFILE} --arg pkgs 'import {}' --arg config 'null' 2>&1 | grep -oE '[0-9a-z]{52}' | head -n1) +hash=$(nix-build ${INFILE} --arg pkgs 'import {}' --arg config 'null' 2>&1 | grep -oE '[0-9a-z]{52}' | head -n1) sed -E "s/0{52}/${hash}/" ${INFILE} > ${OUTFILE} diff --git a/nix/variables/keys.nix b/nix/variables/keys.nix index 92cbb88..8eb8229 100644 --- a/nix/variables/keys.nix +++ b/nix/variables/keys.nix @@ -2,8 +2,12 @@ users = { steveej = { openssh = [ + # active, current + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAIODJoJ7Chi8jPTGmKQ5MlB7+TgNGznreeRW/K34v1ey23/FlnIxP9XyyLkzojKALTfAQYgqzrQV3HDSRwhd1rXB7YLq1/CiVWRJvDMTkJiOCV515eiUJGXu1G8e12d/USPNBMEzMJGvqBCIGYen5OxXkyIHIREfePNi5k337G5z9fiuiggxJl9ty6qZ4XIRgFQj9jAoShixP/+99I7XrGWeFQ1BmLZWzi20SQGKvogYnOszDZFqBAHGFnCFYHaTz2jOXXCtQsa27gr8D2iLRFaxvhB7XMK+VbpDcZGjmfRJ701XxFv15GFnFAV71hTaYqj/Ebpw9Vs02+gUp3+tt cardno:000608695695" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAIODJoJ7Chi8jPTGmKQ5MlB7+TgNGznreeRW/K34v1ey23/FlnIxP9XyyLkzojKALTfAQYgqzrQV3HDSRwhd1rXB7YLq1/CiVWRJvDMTkJiOCV515eiUJGXu1G8e12d/USPNBMEzMJGvqBCIGYen5OxXkyIHIREfePNi5k337G5z9fiuiggxJl9ty6qZ4XIRgFQj9jAoShixP/+99I7XrGWeFQ1BmLZWzi20SQGKvogYnOszDZFqBAHGFnCFYHaTz2jOXXCtQsa27gr8D2iLRFaxvhB7XMK+VbpDcZGjmfRJ701XxFv15GFnFAV71hTaYqj/Ebpw9Vs02+gUp3+tt cardno:000605247559" + + # active but deprecated "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4RFtHz0sE5y0AyZZm/tH7bBBgsx55gLPt5tGsl9yZlOzih6n4qbJE/9OOdwnOY2AHRe2lrlTekbW5ewWSBBCbiBE3Vux86sLgy7LM9zoKaNC+E3hmxaoS9SExn0BTkb3kNlOcj2k6UyJhkZWEsqVMV5C21R8EWmMlLY/qm3AxptNjOyzKDwNX2zlHZ5IyjgzO4ZjIxjawmJlUrVEn7/m+M7qK3I1Tyg/ZvDSfmxVJS97sVzseYE0rVwLEWJQOnHh0wnfl27smr2McAB7Cy6sxKyPKvEGyXbNqqb8fqk4okZlRRxhq/XkKlC7IZr+uqYxlL4HN8vjkTRNlgenDUSVT cardno:000604870382" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnrvnvECGpBU4OXK7m7oJOOu7aJzAxOQyvEWhkRBEEyme8/eIiTJMi99wX5kKMWtpbUvinIyZ37VIrnVZv0bJ3WpJQJQkrqAkV1Bs3m5dE7AGIH0BrxgLXHuNxkW3BwmAaqUOq21r4MaYVu2xF38xwKrrk57nQkNjuZ2eiv7XyHaDn+n352jULJzcIXVKyJExhsiGomrwEXq/cmmD+s6M3yUp559fw4cQTdg6iaK76gUAFukL35HCWN3sFKPVEC/yxvfKUIhVsKuwjHfvsSxJgSjcS5yXEtJOB1RhlJ3dLfSyJzuY/AHSqSpMwUSCksMn4xTUKHLGD4wJJI8tRHbsp cardno:000605247559" ]; }; }; diff --git a/nix/variables/versions.nix b/nix/variables/versions.nix new file mode 100644 index 0000000..52734ca --- /dev/null +++ b/nix/variables/versions.nix @@ -0,0 +1,10 @@ +{ + channelsNixosStable = { + ref = "nixos-18.09"; + rev = "7e88992a8c7b2de0bcb89182d8686b27bd93e46a"; + }; + channelsNixosUnstable = { + ref = "nixos-unstable"; + rev = "44b02b52ea6a49674f124f50009299f192ed78bb"; + }; +} diff --git a/shell.nix b/shell.nix index a0f6894..d83e92f 100644 --- a/shell.nix +++ b/shell.nix @@ -1,15 +1,25 @@ -with import {}; +{ ... }: -let +let + channels-nixos-stable-path = (builtins.fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/7e88992a8c7b2de0bcb89182d8686b27bd93e46a.tar.gz); + channels-nixos-stable = import channels-nixos-stable-path {}; -in +in +with channels-nixos-stable; stdenv.mkDerivation { name = "infra-env"; buildInputs = [ + (with import (channels-nixos-stable-path+"/nixos") { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]) (pkgs.callPackage ./nix/pkgs/just.nix {}) git-crypt vcsh gnupg + + vncdo + tesseract + imagemagick + + esh ]; # Set Environment Variables