diff --git a/Justfile b/Justfile
index ccb5215..c58d80b 100755
--- a/Justfile
+++ b/Justfile
@@ -150,8 +150,8 @@ rebuild-disk device:
set -xe
just -v disk-mount {{device}}
+ trap "set +e; just -v disk-umount {{device}}" EXIT
just -v disk-install {{device}}
- just -v disk-umount {{device}}
# Re-render the versions of the given offline system and reinstall it in offline-mode
update-disk dir:
diff --git a/nix/default.nix b/nix/default.nix
index 5941a14..2512b43 100644
--- a/nix/default.nix
+++ b/nix/default.nix
@@ -2,28 +2,23 @@
let
channelVersions = (import versionsPath);
- mkChannelSource = channel:
+ mkChannelSource = name:
let
- channelVersion = builtins.getAttr channel channelVersions;
+ channelVersion = builtins.getAttr name channelVersions;
in builtins.fetchGit {
# Descriptive name to make the store path easier to identify
- name = "nixpkgs-channels-${channel}";
- url = if builtins.hasAttr "url" channelVersion
- then channelVersion."url"
- else "https://github.com/NixOS/nixpkgs-channels/"
- ;
- ref = (builtins.getAttr channel channelVersions)."ref";
- rev = (builtins.getAttr channel channelVersions)."rev";
+ inherit name;
+ inherit (channelVersion) url ref rev;
};
- nixPath = builtins.foldl' (sum: elem: sum +":" + builtins.concatStringsSep "=" elem) "" [
- [ "nixpkgs" (mkChannelSource "channelsNixosStable") ]
- [ "nixos" (mkChannelSource "channelsNixosStable" + "/nixos") ]
- [ "channels-nixos-stable" (mkChannelSource "channelsNixosStable") ]
- [ "channels-nixos-unstable" (mkChannelSource "channelsNixosUnstable") ]
- [ "nixpkgs-master" (mkChannelSource "nixpkgsMaster") ]
- [ "home-manager-module" (mkChannelSource "homeManagerModule") ]
- ];
- pkgs = import (mkChannelSource "channelsNixosStable") {};
+ nixPath = builtins.foldl' (path: elemName:
+ let
+ elem = builtins.getAttr elemName channelVersions;
+ elemPath = (mkChannelSource elemName);
+ suffix = if builtins.hasAttr "suffix" elem then elem.suffix else "";
+ in
+ path + ":" + builtins.concatStringsSep "=" [ elemName elemPath ] + suffix
+ ) "" (builtins.attrNames channelVersions);
+ pkgs = import (mkChannelSource "nixpkgs") {};
in
{
diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix
index 46cbd3e..23ac774 100644
--- a/nix/home-manager/configuration/graphical-fullblown.nix
+++ b/nix/home-manager/configuration/graphical-fullblown.nix
@@ -36,29 +36,6 @@ in {
};
packageOverrides = pkgs: with pkgs; {
- myPython = python37Full.withPackages (ps: with ps; [
- pep8 yapf flake8
- # autopep8 (broken)
- # pylint (broken)
- ipython
- llfuse
- dugong
- defusedxml
- wheel
- pip
- virtualenv
- pypi2nix
- cffi
- pyopenssl
- urllib3
- mistune
-
- flask
-
- pyaml
- ] ++ [
- pkgs.libffi
- ]);
};
};
@@ -101,7 +78,6 @@ in {
gnome3.gnome-tweak-tool
xorg.xhost
dmidecode
- python36Packages.glances
evtest
# Archive Managers
@@ -138,18 +114,19 @@ in {
bluejeans-gui
thunderbird
gnome3.evolution # gnome4.glib_networking
- tdesktop
+ # telegram
+ unstablepkgs.tdesktop
gnome3.cheese
# Virtualization
virtmanager
- (pkgs.lib.hiPrio qemu)
+ # (pkgs.lib.hiPrio qemu)
# virtualbox
- vagrant
- docker_compose
+ # vagrant
+ # docker_compose
# unstablepkgs.kubernetes
- unstablepkgs.minikube
- unstablepkgs.openshift
+ # unstablepkgs.minikube
+ # unstablepkgs.openshift
# (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
# patches = oldAttrs.patches ++ [
# (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
@@ -166,10 +143,7 @@ in {
vlc
audacity
spotify
- smtube
- python27Packages.youtube-dl-light
- screenkey
- quvi
+ python38Packages.youtube-dl-light
libwebcam
# Network Tools
@@ -189,7 +163,7 @@ in {
wireshark
# Code Editors
- unstablepkgs.atom
+ # unstablepkgs.atom
xclip
xsel
unstablepkgs.vscode
@@ -232,17 +206,15 @@ in {
# Misc Development Tools
qrcode
- travis
+ # travis
jq
- prometheus
+ # prometheus
cdrtools
# Document Processing and Management
- zathura
+ # zathura
mendeley
- jabref
- zotero
- hugo
+ # zotero
pandoc
# LaTeX
@@ -291,7 +263,7 @@ in {
pcmanfm
hdparm
testdisk
- python27Packages.binwalk
+ python38Packages.binwalk
gptfdisk
gparted
@@ -303,7 +275,7 @@ in {
myPython
# Code generators
- unstablepkgs.swagger-codegen
+ # unstablepkgs.swagger-codegen
# Misc Desktop Tools
# TODO: this may be required if brightness control isn't working
@@ -325,7 +297,7 @@ in {
glib.dev # contains gdbus tool
alacritty
roxterm
- masterpkgs.wally-cli
+ unstablepkgs.wally-cli
man-pages
# Screen recording
@@ -336,6 +308,7 @@ in {
# kazam # doesn't start
# xvidcap # doesn't keep the recording rectangle
obs-studio
+ screenkey
# shotcut
# openshot-qt
]);
diff --git a/nix/home-manager/configuration/graphical-removable.nix b/nix/home-manager/configuration/graphical-removable.nix
index 322415c..f663f31 100644
--- a/nix/home-manager/configuration/graphical-removable.nix
+++ b/nix/home-manager/configuration/graphical-removable.nix
@@ -19,7 +19,8 @@ in {
../programs/emacs.nix
../programs/firefox.nix
../programs/chromium.nix
- ../programs/homeshick.nix
+ # FIXME: fix homeshick when no WAN connection is available
+ # ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
@@ -33,29 +34,6 @@ in {
};
packageOverrides = pkgs: with pkgs; {
- myPython36 = python36Full.withPackages (ps: with ps; [
- pylint pep8 yapf flake8
- # autopep8 (broken)
- # pylint (broken)
- ipython
- llfuse
- dugong
- defusedxml
- wheel
- pip
- virtualenv
- pypi2nix
- cffi
- pyopenssl
- urllib3
- mistune
-
- flask
-
- pyaml
- ] ++ [
- pkgs.libffi
- ]);
};
};
@@ -78,7 +56,6 @@ in {
gnome3.gnome-tweak-tool
xorg.xhost
dmidecode
- python36Packages.glances
evtest
# Archive Managers
@@ -145,7 +122,7 @@ in {
gptfdisk
## Python
- myPython36
+ myPython
busyboxStatic
diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix
index 6b7a443..121ba47 100644
--- a/nix/home-manager/profiles/qtile-desktop.nix
+++ b/nix/home-manager/profiles/qtile-desktop.nix
@@ -302,8 +302,7 @@ in {
services = {
gnome-keyring.enable = true;
- # TODO: this has been broken for a while, removing for now.
- # blueman-applet.enable = true;
+ blueman-applet.enable = true;
screen-locker = {
enable = true;
inactiveInterval = 7;
diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix
index 931d54a..089f266 100644
--- a/nix/os/containers/webserver.nix
+++ b/nix/os/containers/webserver.nix
@@ -2,7 +2,7 @@
, localAddress
, httpsPort ? 443
}: {
- config = { config, pkgs, ... }: {
+ config = { config, pkgs, lib, ... }: {
imports = [
../profiles/containers/configuration.nix
];
@@ -30,23 +30,16 @@
locations."~ ^(.+\.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$;
- fastcgi_pass 127.0.0.1:9000;
+ fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket};
fastcgi_index index.php;
'';
};
- nixpkgs.config.php = {
- imap = false;
- openssl = false;
- curl = false;
- ldap = false;
- };
-
services.phpfpm.pools.mypool = {
- phpPackage = pkgs.php56;
- listen = "127.0.0.1:9000";
user = "nobody";
+ phpPackage = pkgs.php5;
settings = {
+ "listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 5;
"pm.start_servers" = 2;
@@ -58,6 +51,13 @@
};
};
+ # the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
+ systemd.services."phpfpm-mypool" = {
+ serviceConfig = {
+ Type = lib.mkForce "simple";
+ };
+ };
+
services.mysql = {
enable = true;
package = pkgs.mariadb;
diff --git a/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix b/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix
index 87284bc..860f09f 100644
--- a/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix
+++ b/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix
@@ -1,6 +1,10 @@
{ ... }:
{
+ nixpkgs.config.packageOverrides = pkgs: with pkgs; {
+ nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
+ };
+
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix
diff --git a/nix/os/devices/steveej-rmvbl-sdep0/versions.nix b/nix/os/devices/steveej-rmvbl-sdep0/versions.nix
index 0d3ca95..d619cd2 100644
--- a/nix/os/devices/steveej-rmvbl-sdep0/versions.nix
+++ b/nix/os/devices/steveej-rmvbl-sdep0/versions.nix
@@ -1,20 +1,30 @@
+let
+ nixpkgs = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "nixos-20.09";
+ rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+ };
+in
+
{
- channelsNixosStable = {
- ref = "nixos-20.03";
- rev = "5659cb448e9b615d642c5fe52779c2223e72f7eb";
+ inherit nixpkgs;
+ nixos = nixpkgs // {
+ suffix = "/nixos";
};
- channelsNixosUnstable = {
+ "channels-nixos-stable" = nixpkgs;
+ "channels-nixos-unstable" = {
+ url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
- rev = "daaa0e33505082716beb52efefe3064f0332b521";
+ rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
};
- nixpkgsMaster = {
+ "nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
- rev = "55dc3b76f0ca1dd62d158b92a637fe484df5227d";
+ rev = "396f3407a28a0ce8ee537d6f4440d3e6cb359570";
};
- homeManagerModule = {
- url = "https://github.com/rycee/home-manager";
- ref = "release-20.03";
- rev = "e6f96b6aa3e99495f9f6f3488ecf78dd316e5bec";
+ "home-manager-module" = {
+ url = "https://github.com/nix-community/home-manager";
+ ref = "release-20.09";
+ rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
};
}
diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix
index a7a9c52..4a8f712 100644
--- a/nix/os/devices/steveej-t480s-work/system.nix
+++ b/nix/os/devices/steveej-t480s-work/system.nix
@@ -75,6 +75,10 @@ in {
ssh = {
enable = true;
authorizedKeys = keys.users.steveej.openssh;
+ hostKeys = [
+ "/etc/secrets/initrd/ssh_host_rsa_key"
+ "/etc/secrets/initrd/ssh_host_ed25519_key"
+ ];
};
};
@@ -90,7 +94,9 @@ in {
Option "SuspendTime" "0"
Option "OffTime" "0"
'';
- boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
+
+ # the default profile uses linuxPackages_latest
+ # boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
krb5 = {
enable = true;
diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix
index 5738178..cb7387b 100644
--- a/nix/os/devices/steveej-t480s-work/versions.nix
+++ b/nix/os/devices/steveej-t480s-work/versions.nix
@@ -1,20 +1,30 @@
+let
+ nixpkgs = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "nixos-20.09";
+ rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+ };
+in
+
{
- channelsNixosStable = {
- ref = "nixos-20.03-small";
- rev = "eabc31612eabea2573a09ce5bcacdad3bfccd264";
+ inherit nixpkgs;
+ nixos = nixpkgs // {
+ suffix = "/nixos";
};
- channelsNixosUnstable = {
+ "channels-nixos-stable" = nixpkgs;
+ "channels-nixos-unstable" = {
+ url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
- rev = "84d74ae9c9cbed73274b8e4e00be14688ffc93fe";
+ rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
};
- nixpkgsMaster = {
+ "nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
- rev = "c0e65c63401c9c75c403df207e4bd6439b965cb4";
+ rev = "7c4305be84ae74499e1ddd9b8e97bcaaf6da0f7d";
};
- homeManagerModule = {
- url = "https://github.com/rycee/home-manager";
- ref = "release-20.03";
- rev = "e6f96b6aa3e99495f9f6f3488ecf78dd316e5bec";
+ "home-manager-module" = {
+ url = "https://github.com/nix-community/home-manager";
+ ref = "release-20.09";
+ rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
};
}
diff --git a/nix/os/devices/steveej-t480s-work/versions.tmpl.nix b/nix/os/devices/steveej-t480s-work/versions.tmpl.nix
index af80588..09f95fd 100644
--- a/nix/os/devices/steveej-t480s-work/versions.tmpl.nix
+++ b/nix/os/devices/steveej-t480s-work/versions.tmpl.nix
@@ -1,20 +1,30 @@
+let
+ nixpkgs = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "nixos-20.09";
+ rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+ };
+in
+
{
- channelsNixosStable = {
- ref = "nixos-20.03-small";
- rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-20.03-small | awk '{ print $1 }' | tr -d '\n' -%>";
+ inherit nixpkgs;
+ nixos = nixpkgs // {
+ suffix = "/nixos";
};
- channelsNixosUnstable = {
+ "channels-nixos-stable" = nixpkgs;
+ "channels-nixos-unstable" = {
+ url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
- rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+ rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
};
- nixpkgsMaster = {
+ "nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
};
- homeManagerModule = {
- url = "https://github.com/rycee/home-manager";
- ref = "release-20.03";
- rev = "<% git ls-remote https://github.com/rycee/home-manager.git release-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+ "home-manager-module" = {
+ url = "https://github.com/nix-community/home-manager";
+ ref = "release-20.09";
+ rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
};
}
diff --git a/nix/os/devices/vmd32387.contaboserver.net/configuration.nix b/nix/os/devices/vmd32387.contaboserver.net/configuration.nix
index 48f44d9..ffce549 100644
--- a/nix/os/devices/vmd32387.contaboserver.net/configuration.nix
+++ b/nix/os/devices/vmd32387.contaboserver.net/configuration.nix
@@ -2,12 +2,10 @@
{
disabledModules = [
- "services/continuous-integration/gitlab-runner.nix"
];
imports = [
../../profiles/common/configuration.nix
../../modules/encryptedDisk.nix
- ../../modules/gitlab-runner.nix
./system.nix
./hw.nix
diff --git a/nix/os/devices/vmd32387.contaboserver.net/pkg.nix b/nix/os/devices/vmd32387.contaboserver.net/pkg.nix
index aa1b460..f8ee564 100644
--- a/nix/os/devices/vmd32387.contaboserver.net/pkg.nix
+++ b/nix/os/devices/vmd32387.contaboserver.net/pkg.nix
@@ -10,7 +10,15 @@
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
- services.hydra = {
+ nix.buildMachines = [
+ { hostName = "localhost";
+ system = "x86_64-linux";
+ supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
+ maxJobs = 4;
+ }
+ ];
+
+ services.hydra = {
enable = false;
hydraURL = "http://localhost:3000"; # externally visible URL
notificationSender = "hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service
@@ -20,18 +28,10 @@
useSubstitutes = true;
};
- nix.buildMachines = [
- { hostName = "localhost";
- system = "x86_64-linux";
- supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
- maxJobs = 4;
- }
- ];
-
services.gitlab-runner = {
enable = true;
- packages = with pkgs; [
+ extraPackages = with pkgs; [
bash
gitlab-runner
nix
@@ -39,18 +39,16 @@
git-crypt
];
- configFile = let
- nixRunnerToken = "/etc/secrets/gitlab-runner/nix-runner.token";
- in pkgs.writeText "config.toml" ''
- concurrent = 2
- check_interval = 0
- [[runners]]
- name = "nix-runner"
- url = "https://gitlab.com"
- token = "<% sed -z 's/[\n\s]//g' ${nixRunnerToken} %>"
- executor = "shell"
- shell = "bash"
- [runners.cache]
- '';
+ concurrent = 2;
+ checkInterval = 0;
+ services = {
+ nixRunner = {
+ executor = "shell";
+ runUntagged = true;
+ registrationConfigFile = "/etc/secrets/gitlab-runner/nix-runner.registration";
+ tagList = [ "nix" ];
+ };
+ };
+
};
}
diff --git a/nix/os/devices/vmd32387.contaboserver.net/system.nix b/nix/os/devices/vmd32387.contaboserver.net/system.nix
index bdf8d72..2944e09 100644
--- a/nix/os/devices/vmd32387.contaboserver.net/system.nix
+++ b/nix/os/devices/vmd32387.contaboserver.net/system.nix
@@ -88,6 +88,10 @@ in {
ssh = {
enable = true;
authorizedKeys = keys.users.steveej.openssh;
+ hostKeys = [
+ "/etc/secrets/initrd/ssh_host_rsa_key"
+ "/etc/secrets/initrd/ssh_host_ed25519_key"
+ ];
};
};
diff --git a/nix/os/devices/vmd32387.contaboserver.net/versions.nix b/nix/os/devices/vmd32387.contaboserver.net/versions.nix
index 6547285..519781a 100644
--- a/nix/os/devices/vmd32387.contaboserver.net/versions.nix
+++ b/nix/os/devices/vmd32387.contaboserver.net/versions.nix
@@ -1,20 +1,37 @@
+let
+ nixpkgs = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "nixos-20.09";
+ rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+ };
+in
+
{
- channelsNixosStable = {
+ inherit nixpkgs;
+ "channels-nixos-stable" = nixpkgs;
+ "channels-nixos-20.03" = {
+ url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.03";
rev = "ff6fda61600cc60404bab5cb6b18b8636785b7bc";
};
- channelsNixosUnstable = {
- ref = "nixos-unstable";
- rev = "84d74ae9c9cbed73274b8e4e00be14688ffc93fe";
+ "channels-nixos-19.09" = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "nixos-19.09";
+ rev = "75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1";
};
- nixpkgsMaster = {
+ "channels-nixos-unstable" = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "nixos-unstable";
+ rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
+ };
+ "nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
- rev = "50e986ba967811afdb5edb3b6eda4369059e4238";
+ rev = "9b3e35d991ea6a43f256069dcb2e006006730d05";
};
- homeManagerModule = {
- url = "https://github.com/rycee/home-manager";
- ref = "release-20.03";
- rev = "e6f96b6aa3e99495f9f6f3488ecf78dd316e5bec";
+ "home-manager-module" = {
+ url = "https://github.com/nix-community/home-manager";
+ ref = "release-20.09";
+ rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
};
}
diff --git a/nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix b/nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix
new file mode 100644
index 0000000..a19cc09
--- /dev/null
+++ b/nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix
@@ -0,0 +1,37 @@
+let
+ nixpkgs = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "nixos-20.09";
+ rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+ };
+in
+
+{
+ inherit nixpkgs;
+ "channels-nixos-stable" = nixpkgs;
+ "channels-nixos-20.03" = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "nixos-20.03";
+ rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+ };
+ "channels-nixos-19.09" = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "nixos-19.09";
+ rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+ };
+ "channels-nixos-unstable" = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "nixos-unstable";
+ rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+ };
+ "nixpkgs-master" = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "master";
+ rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
+ };
+ "home-manager-module" = {
+ url = "https://github.com/nix-community/home-manager";
+ ref = "release-20.09";
+ rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+ };
+}
diff --git a/nix/os/modules/ddclient-ovh.nix b/nix/os/modules/ddclient-ovh.nix
index 43d9c1c..f7f9893 100644
--- a/nix/os/modules/ddclient-ovh.nix
+++ b/nix/os/modules/ddclient-ovh.nix
@@ -12,7 +12,7 @@ in {
options.services.ddclientovh = with lib; {
enable = mkEnableOption "Enable ddclient-ovh";
domain = mkOption {
- type = types.string;
+ type = types.str;
};
};
diff --git a/nix/os/modules/encryptedDisk.nix b/nix/os/modules/encryptedDisk.nix
index cb7ffd0..b70c7be 100644
--- a/nix/os/modules/encryptedDisk.nix
+++ b/nix/os/modules/encryptedDisk.nix
@@ -10,7 +10,7 @@ in {
options.hardware.encryptedDisk = {
enable = mkEnableOption "Enable encrypted filesystem layout";
diskId = mkOption {
- type = types.string;
+ type = types.str;
};
};
diff --git a/nix/os/modules/gitlab-runner.nix b/nix/os/modules/gitlab-runner.nix
deleted file mode 100644
index 6091350..0000000
--- a/nix/os/modules/gitlab-runner.nix
+++ /dev/null
@@ -1,149 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
- cfg = config.services.gitlab-runner;
- configFile =
- if (cfg.configFile == null) then
- (pkgs.runCommand "config.toml" {
- buildInputs = [ pkgs.remarshal ];
- } ''
- remarshal -if json -of toml \
- < ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \
- > $out
- '')
- else
- cfg.configFile;
- hasDocker = config.virtualisation.docker.enable;
-in
-{
- options.services.gitlab-runner = {
- enable = mkEnableOption "Gitlab Runner";
-
- configFile = mkOption {
- default = null;
- description = ''
- Configuration file for gitlab-runner.
- Use this option in favor of configOptions to avoid placing CI tokens in the nix store.
-
- takes precedence over .
-
- Warning: Not using will potentially result in secrets
- leaking into the WORLD-READABLE nix store.
- '';
- type = types.nullOr types.path;
- };
-
- configOptions = mkOption {
- description = ''
- Configuration for gitlab-runner
- will take precedence over this option.
-
- Warning: all Configuration, especially CI token, will be stored in a
- WORLD-READABLE file in the Nix Store.
-
- If you want to protect your CI token use instead.
- '';
- type = types.attrs;
- example = {
- concurrent = 2;
- runners = [{
- name = "docker-nix-1.11";
- url = "https://CI/";
- token = "TOKEN";
- executor = "docker";
- builds_dir = "";
- docker = {
- host = "";
- image = "nixos/nix:1.11";
- privileged = true;
- disable_cache = true;
- cache_dir = "";
- };
- }];
- };
- };
-
- gracefulTermination = mkOption {
- default = false;
- type = types.bool;
- description = ''
- Finish all remaining jobs before stopping, restarting or reconfiguring.
- If not set gitlab-runner will stop immediatly without waiting for jobs to finish,
- which will lead to failed builds.
- '';
- };
-
- gracefulTimeout = mkOption {
- default = "infinity";
- type = types.str;
- example = "5min 20s";
- description = ''Time to wait until a graceful shutdown is turned into a forceful one.'';
- };
-
- workDir = mkOption {
- default = "/var/lib/gitlab-runner";
- type = types.path;
- description = "The working directory used";
- };
-
- package = mkOption {
- description = "Gitlab Runner package to use";
- default = pkgs.gitlab-runner;
- defaultText = "pkgs.gitlab-runner";
- type = types.package;
- example = literalExample "pkgs.gitlab-runner_1_11";
- };
-
- packages = mkOption {
- default = [ pkgs.bash pkgs.docker-machine ];
- defaultText = "[ pkgs.bash pkgs.docker-machine ]";
- type = types.listOf types.package;
- description = ''
- Packages to add to PATH for the gitlab-runner process.
- '';
- };
-
- };
-
- config = mkIf cfg.enable {
- systemd.services.gitlab-runner = {
- path = cfg.packages;
- environment = config.networking.proxy.envVars;
- description = "Gitlab Runner";
- after = [ "network.target" ]
- ++ optional hasDocker "docker.service";
- requires = optional hasDocker "docker.service";
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = "gitlab-runner";
- Group = "gitlab-runner";
- WorkingDirectory = cfg.workDir;
- ExecStart = ''/usr/bin/env bash -c "exec ${cfg.package.bin}/bin/gitlab-runner run \
- --working-directory ${cfg.workDir} \
- --config <(${pkgs.esh}/bin/esh -o - -- ${configFile}) \
- --service gitlab-runner \
- "'';
-
- } // optionalAttrs (cfg.gracefulTermination) {
- TimeoutStopSec = "${cfg.gracefulTimeout}";
- KillSignal = "SIGQUIT";
- KillMode = "process";
- };
- };
-
- # Make the gitlab-runner command availabe so users can query the runner
- environment.systemPackages = [ cfg.package ];
-
- users.users.gitlab-runner = {
- group = "gitlab-runner";
- extraGroups = optional hasDocker "docker";
- uid = config.ids.uids.gitlab-runner;
- home = cfg.workDir;
- createHome = true;
- };
-
- users.groups.gitlab-runner.gid = config.ids.gids.gitlab-runner;
- };
-}
diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix
index 008464c..ff3def4 100644
--- a/nix/os/profiles/graphical/system.nix
+++ b/nix/os/profiles/graphical/system.nix
@@ -33,6 +33,7 @@
services.dbus.packages = with pkgs; [
blueman
];
+ services.blueman.enable = true;
services.xserver = {
enable = true;
@@ -54,12 +55,13 @@
displayManager = {
gdm.enable = false;
+ autoLogin = {
+ enable = true;
+ user = "steveej";
+ };
+
lightdm = {
enable = true;
- autoLogin = {
- enable = true;
- user = "steveej";
- };
background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
};
diff --git a/nix/os/profiles/removable-medium/pkg.nix b/nix/os/profiles/removable-medium/pkg.nix
index bc04f92..7b9ee0e 100644
--- a/nix/os/profiles/removable-medium/pkg.nix
+++ b/nix/os/profiles/removable-medium/pkg.nix
@@ -3,8 +3,5 @@
}:
{
- nixpkgs.config.packageOverrides = pkgs: with pkgs; {
- nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
- };
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-removable.nix { inherit pkgs; };
}
diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix
index bc20d8f..a4c21e9 100644
--- a/nix/pkgs/default.nix
+++ b/nix/pkgs/default.nix
@@ -1,12 +1,5 @@
{ pkgs }:
let
- # one application requires php5
- nixpkgsWithPhp5 = pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs-channels";
- rev = "846d8f8305192dcc3a63139102698b4ac6b9ef9f";
- sha256 = "1qifgc1q2i4g0ivpfjnxp4jl2cc82gfjws08dsllgw7q7kw4b4rb";
- };
in rec {
nixpkgs-master = import {};
@@ -31,7 +24,7 @@ in rec {
extraMeta.branch = "5.4";
} // (args.argsOverride or {}));
linux_sgx = pkgs.callPackage linux_sgx_pkg {};
- in
+ in
pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_sgx);
linuxPackages_sgx_latest = linuxPackages_sgx_540rc3;
@@ -47,11 +40,32 @@ in rec {
enableStatic = true;
};
- php56 = (pkgs.callPackages
- "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" {
+ php5 = let
+ nixpkgsWithPhp5 = pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs-channels";
+ rev = "pkgs";
+ sha256 = "1qifgc1q2i4g0ivpfjnxp4jl2cc82gfjws08dsllgw7q7kw4b4rb";
+ };
+ php5 = (pkgs.callPackage "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" {
+ config = (pkgs.lib.attrsets.recursiveUpdate
+ pkgs.config
+ {
+ php = {
+ imap = false;
+ openssl = false;
+ curl = false;
+ ldap = false;
+ mcrypt = false;
+ };
+ }
+ );
+ stdenv = pkgs.llvmPackages_6.stdenv; #broken
icu = pkgs.icu60;
- })
- .php56.overrideAttrs(drv: rec {
+ }).php56;
+ in
+ php5
+ .overrideAttrs(attrs: rec {
# See https://secure.php.net/ChangeLog-5.php
version = "5.6.40";
name = "php-${version}";
@@ -61,9 +75,38 @@ in rec {
url = "http://www.php.net/distributions/php-${version}.tar.bz2";
inherit sha256;
};
+
+ configureFlags = attrs.configureFlags ++ [
+ "--without-fpm-systemd"
+ ];
+
});
duplicacy = pkgs.callPackage ../pkgs/duplicacy {};
mfcl3770cdw = pkgs.callPackage ../pkgs/mfcl3770cdw.nix {};
staruml = pkgs.callPackage ../pkgs/staruml.nix { inherit (pkgs.gnome2) GConf; libgcrypt = pkgs.libgcrypt_1_5; };
+
+ myPython = pkgs.python37Full.withPackages (ps: with ps; [
+ pep8 yapf flake8
+ # autopep8 (broken)
+ # pylint (broken)
+ ipython
+ llfuse
+ dugong
+ defusedxml
+ wheel
+ pip
+ virtualenv
+ cffi
+ pyopenssl
+ urllib3
+ mistune
+
+ flask
+
+ pyaml
+ ] ++ [
+ pkgs.pypi2nix
+ pkgs.libffi
+ ]);
}
diff --git a/nix/variables/versions.nix b/nix/variables/versions.nix
index 77f44eb..4a3e8f4 100644
--- a/nix/variables/versions.nix
+++ b/nix/variables/versions.nix
@@ -1,20 +1,30 @@
+let
+ nixpkgs = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "nixos-20.09";
+ rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+ };
+in
+
{
- channelsNixosStable = {
- ref = "nixos-20.03";
- rev = "70717a337f7ae4e486ba71a500367cad697e5f09";
+ inherit nixpkgs;
+ nixos = nixpkgs // {
+ suffix = "/nixos";
};
- channelsNixosUnstable = {
+ "channels-nixos-stable" = nixpkgs;
+ "channels-nixos-unstable" = {
+ url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
- rev = "029a5de08390bb03c3f44230b064fd1850c6658a";
+ rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
};
- nixpkgsMaster = {
+ "nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
- rev = "7a4ee350b007bcb4c689123ad21a8468f91a19b9";
+ rev = "3312e1c3ba80506c435876f016d7b3888f297c4e";
};
- homeManagerModule = {
- url = "https://github.com/rycee/home-manager";
- ref = "release-20.03";
- rev = "96fcf3b017d813fac300ecb821b6db6b7b5d0c40";
+ "home-manager-module" = {
+ url = "https://github.com/nix-community/home-manager";
+ ref = "release-20.09";
+ rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
};
}
diff --git a/nix/variables/versions.tmpl.nix b/nix/variables/versions.tmpl.nix
index fb5d7a8..09f95fd 100644
--- a/nix/variables/versions.tmpl.nix
+++ b/nix/variables/versions.tmpl.nix
@@ -1,20 +1,30 @@
+let
+ nixpkgs = {
+ url = "https://github.com/NixOS/nixpkgs/";
+ ref = "nixos-20.09";
+ rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+ };
+in
+
{
- channelsNixosStable = {
- ref = "nixos-20.03";
- rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+ inherit nixpkgs;
+ nixos = nixpkgs // {
+ suffix = "/nixos";
};
- channelsNixosUnstable = {
+ "channels-nixos-stable" = nixpkgs;
+ "channels-nixos-unstable" = {
+ url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
- rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+ rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
};
- nixpkgsMaster = {
+ "nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
};
- homeManagerModule = {
- url = "https://github.com/rycee/home-manager";
- ref = "release-20.03";
- rev = "<% git ls-remote https://github.com/rycee/home-manager.git release-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+ "home-manager-module" = {
+ url = "https://github.com/nix-community/home-manager";
+ ref = "release-20.09";
+ rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
};
}