From d863bdc05962e00df2d20d44c4adb83e69ddb561 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 17 Oct 2020 15:26:21 +0200 Subject: [PATCH 1/7] Justfile: improve error handling in rebuild-disk recipe --- Justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index ccb5215..c58d80b 100755 --- a/Justfile +++ b/Justfile @@ -150,8 +150,8 @@ rebuild-disk device: set -xe just -v disk-mount {{device}} + trap "set +e; just -v disk-umount {{device}}" EXIT just -v disk-install {{device}} - just -v disk-umount {{device}} # Re-render the versions of the given offline system and reinstall it in offline-mode update-disk dir: From eaad3a11b4b3b88f163045b665a80c6e8888bcbd Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 17 Oct 2020 00:52:33 +0200 Subject: [PATCH 2/7] encryptedDisk: use str instead of string --- nix/os/modules/encryptedDisk.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/os/modules/encryptedDisk.nix b/nix/os/modules/encryptedDisk.nix index cb7ffd0..b70c7be 100644 --- a/nix/os/modules/encryptedDisk.nix +++ b/nix/os/modules/encryptedDisk.nix @@ -10,7 +10,7 @@ in { options.hardware.encryptedDisk = { enable = mkEnableOption "Enable encrypted filesystem layout"; diskId = mkOption { - type = types.string; + type = types.str; }; }; From 89c9f9e6062887e670fe80fe199e26a1b9c32fc3 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 17 Oct 2020 15:25:47 +0200 Subject: [PATCH 3/7] versions: bump to 20.09 and improve NIX_PATH assembly The NIX_PATH assembly now walks over all keys in the given channel repositories and assembles a NIX_PATH entry from it. Previously it made assumptions about a set of hardcoded keys being available, which wasn't ideal as it didn't allow device-entries. --- nix/default.nix | 31 +++++++--------- .../configuration/graphical-fullblown.nix | 26 +------------ .../configuration/graphical-removable.nix | 29 ++------------- .../steveej-rmvbl-sdep0/configuration.nix | 4 ++ .../devices/steveej-rmvbl-sdep0/versions.nix | 32 ++++++++++------ nix/os/devices/steveej-t480s-work/system.nix | 4 ++ .../devices/steveej-t480s-work/versions.nix | 32 ++++++++++------ .../steveej-t480s-work/versions.tmpl.nix | 30 ++++++++++----- .../vmd32387.contaboserver.net/versions.nix | 37 ++++++++++++++----- .../versions.tmpl.nix | 37 +++++++++++++++++++ nix/os/profiles/graphical/system.nix | 9 +++-- nix/os/profiles/removable-medium/pkg.nix | 3 -- nix/pkgs/default.nix | 24 ++++++++++++ nix/variables/versions.nix | 32 ++++++++++------ nix/variables/versions.tmpl.nix | 30 ++++++++++----- 15 files changed, 221 insertions(+), 139 deletions(-) create mode 100644 nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix diff --git a/nix/default.nix b/nix/default.nix index 5941a14..2512b43 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -2,28 +2,23 @@ let channelVersions = (import versionsPath); - mkChannelSource = channel: + mkChannelSource = name: let - channelVersion = builtins.getAttr channel channelVersions; + channelVersion = builtins.getAttr name channelVersions; in builtins.fetchGit { # Descriptive name to make the store path easier to identify - name = "nixpkgs-channels-${channel}"; - url = if builtins.hasAttr "url" channelVersion - then channelVersion."url" - else "https://github.com/NixOS/nixpkgs-channels/" - ; - ref = (builtins.getAttr channel channelVersions)."ref"; - rev = (builtins.getAttr channel channelVersions)."rev"; + inherit name; + inherit (channelVersion) url ref rev; }; - nixPath = builtins.foldl' (sum: elem: sum +":" + builtins.concatStringsSep "=" elem) "" [ - [ "nixpkgs" (mkChannelSource "channelsNixosStable") ] - [ "nixos" (mkChannelSource "channelsNixosStable" + "/nixos") ] - [ "channels-nixos-stable" (mkChannelSource "channelsNixosStable") ] - [ "channels-nixos-unstable" (mkChannelSource "channelsNixosUnstable") ] - [ "nixpkgs-master" (mkChannelSource "nixpkgsMaster") ] - [ "home-manager-module" (mkChannelSource "homeManagerModule") ] - ]; - pkgs = import (mkChannelSource "channelsNixosStable") {}; + nixPath = builtins.foldl' (path: elemName: + let + elem = builtins.getAttr elemName channelVersions; + elemPath = (mkChannelSource elemName); + suffix = if builtins.hasAttr "suffix" elem then elem.suffix else ""; + in + path + ":" + builtins.concatStringsSep "=" [ elemName elemPath ] + suffix + ) "" (builtins.attrNames channelVersions); + pkgs = import (mkChannelSource "nixpkgs") {}; in { diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 46cbd3e..0029b41 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -36,29 +36,6 @@ in { }; packageOverrides = pkgs: with pkgs; { - myPython = python37Full.withPackages (ps: with ps; [ - pep8 yapf flake8 - # autopep8 (broken) - # pylint (broken) - ipython - llfuse - dugong - defusedxml - wheel - pip - virtualenv - pypi2nix - cffi - pyopenssl - urllib3 - mistune - - flask - - pyaml - ] ++ [ - pkgs.libffi - ]); }; }; @@ -101,7 +78,6 @@ in { gnome3.gnome-tweak-tool xorg.xhost dmidecode - python36Packages.glances evtest # Archive Managers @@ -325,7 +301,7 @@ in { glib.dev # contains gdbus tool alacritty roxterm - masterpkgs.wally-cli + unstablepkgs.wally-cli man-pages # Screen recording diff --git a/nix/home-manager/configuration/graphical-removable.nix b/nix/home-manager/configuration/graphical-removable.nix index 322415c..f663f31 100644 --- a/nix/home-manager/configuration/graphical-removable.nix +++ b/nix/home-manager/configuration/graphical-removable.nix @@ -19,7 +19,8 @@ in { ../programs/emacs.nix ../programs/firefox.nix ../programs/chromium.nix - ../programs/homeshick.nix + # FIXME: fix homeshick when no WAN connection is available + # ../programs/homeshick.nix ../programs/libreoffice.nix ../programs/neovim.nix ../programs/pass.nix @@ -33,29 +34,6 @@ in { }; packageOverrides = pkgs: with pkgs; { - myPython36 = python36Full.withPackages (ps: with ps; [ - pylint pep8 yapf flake8 - # autopep8 (broken) - # pylint (broken) - ipython - llfuse - dugong - defusedxml - wheel - pip - virtualenv - pypi2nix - cffi - pyopenssl - urllib3 - mistune - - flask - - pyaml - ] ++ [ - pkgs.libffi - ]); }; }; @@ -78,7 +56,6 @@ in { gnome3.gnome-tweak-tool xorg.xhost dmidecode - python36Packages.glances evtest # Archive Managers @@ -145,7 +122,7 @@ in { gptfdisk ## Python - myPython36 + myPython busyboxStatic diff --git a/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix b/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix index 87284bc..860f09f 100644 --- a/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix +++ b/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix @@ -1,6 +1,10 @@ { ... }: { + nixpkgs.config.packageOverrides = pkgs: with pkgs; { + nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath; + }; + imports = [ ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix diff --git a/nix/os/devices/steveej-rmvbl-sdep0/versions.nix b/nix/os/devices/steveej-rmvbl-sdep0/versions.nix index 0d3ca95..d619cd2 100644 --- a/nix/os/devices/steveej-rmvbl-sdep0/versions.nix +++ b/nix/os/devices/steveej-rmvbl-sdep0/versions.nix @@ -1,20 +1,30 @@ +let + nixpkgs = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-20.09"; + rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67"; + }; +in + { - channelsNixosStable = { - ref = "nixos-20.03"; - rev = "5659cb448e9b615d642c5fe52779c2223e72f7eb"; + inherit nixpkgs; + nixos = nixpkgs // { + suffix = "/nixos"; }; - channelsNixosUnstable = { + "channels-nixos-stable" = nixpkgs; + "channels-nixos-unstable" = { + url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable"; - rev = "daaa0e33505082716beb52efefe3064f0332b521"; + rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb"; }; - nixpkgsMaster = { + "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "55dc3b76f0ca1dd62d158b92a637fe484df5227d"; + rev = "396f3407a28a0ce8ee537d6f4440d3e6cb359570"; }; - homeManagerModule = { - url = "https://github.com/rycee/home-manager"; - ref = "release-20.03"; - rev = "e6f96b6aa3e99495f9f6f3488ecf78dd316e5bec"; + "home-manager-module" = { + url = "https://github.com/nix-community/home-manager"; + ref = "release-20.09"; + rev = "7339784e07217ed0232e08d1ea33b610c94657d8"; }; } diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix index a7a9c52..8237b75 100644 --- a/nix/os/devices/steveej-t480s-work/system.nix +++ b/nix/os/devices/steveej-t480s-work/system.nix @@ -75,6 +75,10 @@ in { ssh = { enable = true; authorizedKeys = keys.users.steveej.openssh; + hostKeys = [ + "/etc/secrets/initrd/ssh_host_rsa_key" + "/etc/secrets/initrd/ssh_host_ed25519_key" + ]; }; }; diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index 5738178..cb7387b 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,20 +1,30 @@ +let + nixpkgs = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-20.09"; + rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67"; + }; +in + { - channelsNixosStable = { - ref = "nixos-20.03-small"; - rev = "eabc31612eabea2573a09ce5bcacdad3bfccd264"; + inherit nixpkgs; + nixos = nixpkgs // { + suffix = "/nixos"; }; - channelsNixosUnstable = { + "channels-nixos-stable" = nixpkgs; + "channels-nixos-unstable" = { + url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable"; - rev = "84d74ae9c9cbed73274b8e4e00be14688ffc93fe"; + rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb"; }; - nixpkgsMaster = { + "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "c0e65c63401c9c75c403df207e4bd6439b965cb4"; + rev = "7c4305be84ae74499e1ddd9b8e97bcaaf6da0f7d"; }; - homeManagerModule = { - url = "https://github.com/rycee/home-manager"; - ref = "release-20.03"; - rev = "e6f96b6aa3e99495f9f6f3488ecf78dd316e5bec"; + "home-manager-module" = { + url = "https://github.com/nix-community/home-manager"; + ref = "release-20.09"; + rev = "7339784e07217ed0232e08d1ea33b610c94657d8"; }; } diff --git a/nix/os/devices/steveej-t480s-work/versions.tmpl.nix b/nix/os/devices/steveej-t480s-work/versions.tmpl.nix index af80588..09f95fd 100644 --- a/nix/os/devices/steveej-t480s-work/versions.tmpl.nix +++ b/nix/os/devices/steveej-t480s-work/versions.tmpl.nix @@ -1,20 +1,30 @@ +let + nixpkgs = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-20.09"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; +in + { - channelsNixosStable = { - ref = "nixos-20.03-small"; - rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-20.03-small | awk '{ print $1 }' | tr -d '\n' -%>"; + inherit nixpkgs; + nixos = nixpkgs // { + suffix = "/nixos"; }; - channelsNixosUnstable = { + "channels-nixos-stable" = nixpkgs; + "channels-nixos-unstable" = { + url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable"; - rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>"; }; - nixpkgsMaster = { + "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>"; }; - homeManagerModule = { - url = "https://github.com/rycee/home-manager"; - ref = "release-20.03"; - rev = "<% git ls-remote https://github.com/rycee/home-manager.git release-20.03 | awk '{ print $1 }' | tr -d '\n' -%>"; + "home-manager-module" = { + url = "https://github.com/nix-community/home-manager"; + ref = "release-20.09"; + rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>"; }; } diff --git a/nix/os/devices/vmd32387.contaboserver.net/versions.nix b/nix/os/devices/vmd32387.contaboserver.net/versions.nix index 6547285..519781a 100644 --- a/nix/os/devices/vmd32387.contaboserver.net/versions.nix +++ b/nix/os/devices/vmd32387.contaboserver.net/versions.nix @@ -1,20 +1,37 @@ +let + nixpkgs = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-20.09"; + rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67"; + }; +in + { - channelsNixosStable = { + inherit nixpkgs; + "channels-nixos-stable" = nixpkgs; + "channels-nixos-20.03" = { + url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-20.03"; rev = "ff6fda61600cc60404bab5cb6b18b8636785b7bc"; }; - channelsNixosUnstable = { - ref = "nixos-unstable"; - rev = "84d74ae9c9cbed73274b8e4e00be14688ffc93fe"; + "channels-nixos-19.09" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-19.09"; + rev = "75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1"; }; - nixpkgsMaster = { + "channels-nixos-unstable" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-unstable"; + rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb"; + }; + "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "50e986ba967811afdb5edb3b6eda4369059e4238"; + rev = "9b3e35d991ea6a43f256069dcb2e006006730d05"; }; - homeManagerModule = { - url = "https://github.com/rycee/home-manager"; - ref = "release-20.03"; - rev = "e6f96b6aa3e99495f9f6f3488ecf78dd316e5bec"; + "home-manager-module" = { + url = "https://github.com/nix-community/home-manager"; + ref = "release-20.09"; + rev = "7339784e07217ed0232e08d1ea33b610c94657d8"; }; } diff --git a/nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix b/nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix new file mode 100644 index 0000000..a19cc09 --- /dev/null +++ b/nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix @@ -0,0 +1,37 @@ +let + nixpkgs = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-20.09"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; +in + +{ + inherit nixpkgs; + "channels-nixos-stable" = nixpkgs; + "channels-nixos-20.03" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-20.03"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; + "channels-nixos-19.09" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-19.09"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; + "channels-nixos-unstable" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-unstable"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>"; + }; + "nixpkgs-master" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "master"; + rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; + "home-manager-module" = { + url = "https://github.com/nix-community/home-manager"; + ref = "release-20.09"; + rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; +} diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index 008464c..38243fc 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -54,12 +54,13 @@ displayManager = { gdm.enable = false; + autoLogin = { + enable = true; + user = "steveej"; + }; + lightdm = { enable = true; - autoLogin = { - enable = true; - user = "steveej"; - }; background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png"; }; diff --git a/nix/os/profiles/removable-medium/pkg.nix b/nix/os/profiles/removable-medium/pkg.nix index bc04f92..7b9ee0e 100644 --- a/nix/os/profiles/removable-medium/pkg.nix +++ b/nix/os/profiles/removable-medium/pkg.nix @@ -3,8 +3,5 @@ }: { - nixpkgs.config.packageOverrides = pkgs: with pkgs; { - nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath; - }; home-manager.users.steveej = import ../../../home-manager/configuration/graphical-removable.nix { inherit pkgs; }; } diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index bc20d8f..1c24ed7 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -66,4 +66,28 @@ in rec { duplicacy = pkgs.callPackage ../pkgs/duplicacy {}; mfcl3770cdw = pkgs.callPackage ../pkgs/mfcl3770cdw.nix {}; staruml = pkgs.callPackage ../pkgs/staruml.nix { inherit (pkgs.gnome2) GConf; libgcrypt = pkgs.libgcrypt_1_5; }; + + myPython = pkgs.python37Full.withPackages (ps: with ps; [ + pep8 yapf flake8 + # autopep8 (broken) + # pylint (broken) + ipython + llfuse + dugong + defusedxml + wheel + pip + virtualenv + cffi + pyopenssl + urllib3 + mistune + + flask + + pyaml + ] ++ [ + pkgs.pypi2nix + pkgs.libffi + ]); } diff --git a/nix/variables/versions.nix b/nix/variables/versions.nix index 77f44eb..4a3e8f4 100644 --- a/nix/variables/versions.nix +++ b/nix/variables/versions.nix @@ -1,20 +1,30 @@ +let + nixpkgs = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-20.09"; + rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67"; + }; +in + { - channelsNixosStable = { - ref = "nixos-20.03"; - rev = "70717a337f7ae4e486ba71a500367cad697e5f09"; + inherit nixpkgs; + nixos = nixpkgs // { + suffix = "/nixos"; }; - channelsNixosUnstable = { + "channels-nixos-stable" = nixpkgs; + "channels-nixos-unstable" = { + url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable"; - rev = "029a5de08390bb03c3f44230b064fd1850c6658a"; + rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb"; }; - nixpkgsMaster = { + "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "7a4ee350b007bcb4c689123ad21a8468f91a19b9"; + rev = "3312e1c3ba80506c435876f016d7b3888f297c4e"; }; - homeManagerModule = { - url = "https://github.com/rycee/home-manager"; - ref = "release-20.03"; - rev = "96fcf3b017d813fac300ecb821b6db6b7b5d0c40"; + "home-manager-module" = { + url = "https://github.com/nix-community/home-manager"; + ref = "release-20.09"; + rev = "7339784e07217ed0232e08d1ea33b610c94657d8"; }; } diff --git a/nix/variables/versions.tmpl.nix b/nix/variables/versions.tmpl.nix index fb5d7a8..09f95fd 100644 --- a/nix/variables/versions.tmpl.nix +++ b/nix/variables/versions.tmpl.nix @@ -1,20 +1,30 @@ +let + nixpkgs = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-20.09"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; +in + { - channelsNixosStable = { - ref = "nixos-20.03"; - rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>"; + inherit nixpkgs; + nixos = nixpkgs // { + suffix = "/nixos"; }; - channelsNixosUnstable = { + "channels-nixos-stable" = nixpkgs; + "channels-nixos-unstable" = { + url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable"; - rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>"; }; - nixpkgsMaster = { + "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>"; }; - homeManagerModule = { - url = "https://github.com/rycee/home-manager"; - ref = "release-20.03"; - rev = "<% git ls-remote https://github.com/rycee/home-manager.git release-20.03 | awk '{ print $1 }' | tr -d '\n' -%>"; + "home-manager-module" = { + url = "https://github.com/nix-community/home-manager"; + ref = "release-20.09"; + rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>"; }; } From 405ca2ade4f88948c89b03e6239aedf314978f66 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 18 Oct 2020 20:14:11 +0200 Subject: [PATCH 4/7] nixos: adjust to 20.09 changes Most notably the php5 expression needed to be reworked. --- nix/os/containers/webserver.nix | 22 +++++----- .../vmd32387.contaboserver.net/system.nix | 4 ++ nix/os/modules/ddclient-ovh.nix | 2 +- nix/pkgs/default.nix | 43 +++++++++++++------ 4 files changed, 47 insertions(+), 24 deletions(-) diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index 931d54a..089f266 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -2,7 +2,7 @@ , localAddress , httpsPort ? 443 }: { - config = { config, pkgs, ... }: { + config = { config, pkgs, lib, ... }: { imports = [ ../profiles/containers/configuration.nix ]; @@ -30,23 +30,16 @@ locations."~ ^(.+\.php)(.*)$".extraConfig = '' fastcgi_split_path_info ^(.+\.php)(.*)$; - fastcgi_pass 127.0.0.1:9000; + fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket}; fastcgi_index index.php; ''; }; - nixpkgs.config.php = { - imap = false; - openssl = false; - curl = false; - ldap = false; - }; - services.phpfpm.pools.mypool = { - phpPackage = pkgs.php56; - listen = "127.0.0.1:9000"; user = "nobody"; + phpPackage = pkgs.php5; settings = { + "listen.owner" = config.services.nginx.user; "pm" = "dynamic"; "pm.max_children" = 5; "pm.start_servers" = 2; @@ -58,6 +51,13 @@ }; }; + # the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work + systemd.services."phpfpm-mypool" = { + serviceConfig = { + Type = lib.mkForce "simple"; + }; + }; + services.mysql = { enable = true; package = pkgs.mariadb; diff --git a/nix/os/devices/vmd32387.contaboserver.net/system.nix b/nix/os/devices/vmd32387.contaboserver.net/system.nix index bdf8d72..2944e09 100644 --- a/nix/os/devices/vmd32387.contaboserver.net/system.nix +++ b/nix/os/devices/vmd32387.contaboserver.net/system.nix @@ -88,6 +88,10 @@ in { ssh = { enable = true; authorizedKeys = keys.users.steveej.openssh; + hostKeys = [ + "/etc/secrets/initrd/ssh_host_rsa_key" + "/etc/secrets/initrd/ssh_host_ed25519_key" + ]; }; }; diff --git a/nix/os/modules/ddclient-ovh.nix b/nix/os/modules/ddclient-ovh.nix index 43d9c1c..f7f9893 100644 --- a/nix/os/modules/ddclient-ovh.nix +++ b/nix/os/modules/ddclient-ovh.nix @@ -12,7 +12,7 @@ in { options.services.ddclientovh = with lib; { enable = mkEnableOption "Enable ddclient-ovh"; domain = mkOption { - type = types.string; + type = types.str; }; }; diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index 1c24ed7..a4c21e9 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -1,12 +1,5 @@ { pkgs }: let - # one application requires php5 - nixpkgsWithPhp5 = pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs-channels"; - rev = "846d8f8305192dcc3a63139102698b4ac6b9ef9f"; - sha256 = "1qifgc1q2i4g0ivpfjnxp4jl2cc82gfjws08dsllgw7q7kw4b4rb"; - }; in rec { nixpkgs-master = import {}; @@ -31,7 +24,7 @@ in rec { extraMeta.branch = "5.4"; } // (args.argsOverride or {})); linux_sgx = pkgs.callPackage linux_sgx_pkg {}; - in + in pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_sgx); linuxPackages_sgx_latest = linuxPackages_sgx_540rc3; @@ -47,11 +40,32 @@ in rec { enableStatic = true; }; - php56 = (pkgs.callPackages - "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" { + php5 = let + nixpkgsWithPhp5 = pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs-channels"; + rev = "pkgs"; + sha256 = "1qifgc1q2i4g0ivpfjnxp4jl2cc82gfjws08dsllgw7q7kw4b4rb"; + }; + php5 = (pkgs.callPackage "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" { + config = (pkgs.lib.attrsets.recursiveUpdate + pkgs.config + { + php = { + imap = false; + openssl = false; + curl = false; + ldap = false; + mcrypt = false; + }; + } + ); + stdenv = pkgs.llvmPackages_6.stdenv; #broken icu = pkgs.icu60; - }) - .php56.overrideAttrs(drv: rec { + }).php56; + in + php5 + .overrideAttrs(attrs: rec { # See https://secure.php.net/ChangeLog-5.php version = "5.6.40"; name = "php-${version}"; @@ -61,6 +75,11 @@ in rec { url = "http://www.php.net/distributions/php-${version}.tar.bz2"; inherit sha256; }; + + configureFlags = attrs.configureFlags ++ [ + "--without-fpm-systemd" + ]; + }); duplicacy = pkgs.callPackage ../pkgs/duplicacy {}; From 4ca173efd4f0a78b2d88e63223e261b3296f88bd Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 17 Oct 2020 16:17:09 +0200 Subject: [PATCH 5/7] nix: use upstream gitlab-runner module This migrates to the upstream gitlab-runner module and allows removing the custom one \o/ --- .../configuration.nix | 2 - .../vmd32387.contaboserver.net/pkg.nix | 44 +++--- nix/os/modules/gitlab-runner.nix | 149 ------------------ 3 files changed, 21 insertions(+), 174 deletions(-) delete mode 100644 nix/os/modules/gitlab-runner.nix diff --git a/nix/os/devices/vmd32387.contaboserver.net/configuration.nix b/nix/os/devices/vmd32387.contaboserver.net/configuration.nix index 48f44d9..ffce549 100644 --- a/nix/os/devices/vmd32387.contaboserver.net/configuration.nix +++ b/nix/os/devices/vmd32387.contaboserver.net/configuration.nix @@ -2,12 +2,10 @@ { disabledModules = [ - "services/continuous-integration/gitlab-runner.nix" ]; imports = [ ../../profiles/common/configuration.nix ../../modules/encryptedDisk.nix - ../../modules/gitlab-runner.nix ./system.nix ./hw.nix diff --git a/nix/os/devices/vmd32387.contaboserver.net/pkg.nix b/nix/os/devices/vmd32387.contaboserver.net/pkg.nix index aa1b460..f8ee564 100644 --- a/nix/os/devices/vmd32387.contaboserver.net/pkg.nix +++ b/nix/os/devices/vmd32387.contaboserver.net/pkg.nix @@ -10,7 +10,15 @@ }; home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; }; - services.hydra = { + nix.buildMachines = [ + { hostName = "localhost"; + system = "x86_64-linux"; + supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; + maxJobs = 4; + } + ]; + + services.hydra = { enable = false; hydraURL = "http://localhost:3000"; # externally visible URL notificationSender = "hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service @@ -20,18 +28,10 @@ useSubstitutes = true; }; - nix.buildMachines = [ - { hostName = "localhost"; - system = "x86_64-linux"; - supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; - maxJobs = 4; - } - ]; - services.gitlab-runner = { enable = true; - packages = with pkgs; [ + extraPackages = with pkgs; [ bash gitlab-runner nix @@ -39,18 +39,16 @@ git-crypt ]; - configFile = let - nixRunnerToken = "/etc/secrets/gitlab-runner/nix-runner.token"; - in pkgs.writeText "config.toml" '' - concurrent = 2 - check_interval = 0 - [[runners]] - name = "nix-runner" - url = "https://gitlab.com" - token = "<% sed -z 's/[\n\s]//g' ${nixRunnerToken} %>" - executor = "shell" - shell = "bash" - [runners.cache] - ''; + concurrent = 2; + checkInterval = 0; + services = { + nixRunner = { + executor = "shell"; + runUntagged = true; + registrationConfigFile = "/etc/secrets/gitlab-runner/nix-runner.registration"; + tagList = [ "nix" ]; + }; + }; + }; } diff --git a/nix/os/modules/gitlab-runner.nix b/nix/os/modules/gitlab-runner.nix deleted file mode 100644 index 6091350..0000000 --- a/nix/os/modules/gitlab-runner.nix +++ /dev/null @@ -1,149 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.gitlab-runner; - configFile = - if (cfg.configFile == null) then - (pkgs.runCommand "config.toml" { - buildInputs = [ pkgs.remarshal ]; - } '' - remarshal -if json -of toml \ - < ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \ - > $out - '') - else - cfg.configFile; - hasDocker = config.virtualisation.docker.enable; -in -{ - options.services.gitlab-runner = { - enable = mkEnableOption "Gitlab Runner"; - - configFile = mkOption { - default = null; - description = '' - Configuration file for gitlab-runner. - Use this option in favor of configOptions to avoid placing CI tokens in the nix store. - - takes precedence over . - - Warning: Not using will potentially result in secrets - leaking into the WORLD-READABLE nix store. - ''; - type = types.nullOr types.path; - }; - - configOptions = mkOption { - description = '' - Configuration for gitlab-runner - will take precedence over this option. - - Warning: all Configuration, especially CI token, will be stored in a - WORLD-READABLE file in the Nix Store. - - If you want to protect your CI token use instead. - ''; - type = types.attrs; - example = { - concurrent = 2; - runners = [{ - name = "docker-nix-1.11"; - url = "https://CI/"; - token = "TOKEN"; - executor = "docker"; - builds_dir = ""; - docker = { - host = ""; - image = "nixos/nix:1.11"; - privileged = true; - disable_cache = true; - cache_dir = ""; - }; - }]; - }; - }; - - gracefulTermination = mkOption { - default = false; - type = types.bool; - description = '' - Finish all remaining jobs before stopping, restarting or reconfiguring. - If not set gitlab-runner will stop immediatly without waiting for jobs to finish, - which will lead to failed builds. - ''; - }; - - gracefulTimeout = mkOption { - default = "infinity"; - type = types.str; - example = "5min 20s"; - description = ''Time to wait until a graceful shutdown is turned into a forceful one.''; - }; - - workDir = mkOption { - default = "/var/lib/gitlab-runner"; - type = types.path; - description = "The working directory used"; - }; - - package = mkOption { - description = "Gitlab Runner package to use"; - default = pkgs.gitlab-runner; - defaultText = "pkgs.gitlab-runner"; - type = types.package; - example = literalExample "pkgs.gitlab-runner_1_11"; - }; - - packages = mkOption { - default = [ pkgs.bash pkgs.docker-machine ]; - defaultText = "[ pkgs.bash pkgs.docker-machine ]"; - type = types.listOf types.package; - description = '' - Packages to add to PATH for the gitlab-runner process. - ''; - }; - - }; - - config = mkIf cfg.enable { - systemd.services.gitlab-runner = { - path = cfg.packages; - environment = config.networking.proxy.envVars; - description = "Gitlab Runner"; - after = [ "network.target" ] - ++ optional hasDocker "docker.service"; - requires = optional hasDocker "docker.service"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "gitlab-runner"; - Group = "gitlab-runner"; - WorkingDirectory = cfg.workDir; - ExecStart = ''/usr/bin/env bash -c "exec ${cfg.package.bin}/bin/gitlab-runner run \ - --working-directory ${cfg.workDir} \ - --config <(${pkgs.esh}/bin/esh -o - -- ${configFile}) \ - --service gitlab-runner \ - "''; - - } // optionalAttrs (cfg.gracefulTermination) { - TimeoutStopSec = "${cfg.gracefulTimeout}"; - KillSignal = "SIGQUIT"; - KillMode = "process"; - }; - }; - - # Make the gitlab-runner command availabe so users can query the runner - environment.systemPackages = [ cfg.package ]; - - users.users.gitlab-runner = { - group = "gitlab-runner"; - extraGroups = optional hasDocker "docker"; - uid = config.ids.uids.gitlab-runner; - home = cfg.workDir; - createHome = true; - }; - - users.groups.gitlab-runner.gid = config.ids.gids.gitlab-runner; - }; -} From ceb12b6e92f610285f567a4a3870e20559b69f9a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 18 Oct 2020 20:20:46 +0200 Subject: [PATCH 6/7] graphical-fullblown,t480s: cleanup packages --- .../configuration/graphical-fullblown.nix | 35 +++++++++---------- nix/os/devices/steveej-t480s-work/system.nix | 4 ++- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 0029b41..23ac774 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -114,18 +114,19 @@ in { bluejeans-gui thunderbird gnome3.evolution # gnome4.glib_networking - tdesktop + # telegram + unstablepkgs.tdesktop gnome3.cheese # Virtualization virtmanager - (pkgs.lib.hiPrio qemu) + # (pkgs.lib.hiPrio qemu) # virtualbox - vagrant - docker_compose + # vagrant + # docker_compose # unstablepkgs.kubernetes - unstablepkgs.minikube - unstablepkgs.openshift + # unstablepkgs.minikube + # unstablepkgs.openshift # (unstablepkgs.minikube.overrideAttrs (oldAttrs: { # patches = oldAttrs.patches ++ [ # (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; }) @@ -142,10 +143,7 @@ in { vlc audacity spotify - smtube - python27Packages.youtube-dl-light - screenkey - quvi + python38Packages.youtube-dl-light libwebcam # Network Tools @@ -165,7 +163,7 @@ in { wireshark # Code Editors - unstablepkgs.atom + # unstablepkgs.atom xclip xsel unstablepkgs.vscode @@ -208,17 +206,15 @@ in { # Misc Development Tools qrcode - travis + # travis jq - prometheus + # prometheus cdrtools # Document Processing and Management - zathura + # zathura mendeley - jabref - zotero - hugo + # zotero pandoc # LaTeX @@ -267,7 +263,7 @@ in { pcmanfm hdparm testdisk - python27Packages.binwalk + python38Packages.binwalk gptfdisk gparted @@ -279,7 +275,7 @@ in { myPython # Code generators - unstablepkgs.swagger-codegen + # unstablepkgs.swagger-codegen # Misc Desktop Tools # TODO: this may be required if brightness control isn't working @@ -312,6 +308,7 @@ in { # kazam # doesn't start # xvidcap # doesn't keep the recording rectangle obs-studio + screenkey # shotcut # openshot-qt ]); diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix index 8237b75..4a8f712 100644 --- a/nix/os/devices/steveej-t480s-work/system.nix +++ b/nix/os/devices/steveej-t480s-work/system.nix @@ -94,7 +94,9 @@ in { Option "SuspendTime" "0" Option "OffTime" "0" ''; - boot.kernelPackages = lib.mkForce pkgs.linuxPackages; + + # the default profile uses linuxPackages_latest + # boot.kernelPackages = lib.mkForce pkgs.linuxPackages; krb5 = { enable = true; From bf17d2f259a1efc574cf362e4ed3b40218f1750b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 17 Oct 2020 15:28:19 +0200 Subject: [PATCH 7/7] nix/graphical: fix bluetooth-applet --- nix/home-manager/profiles/qtile-desktop.nix | 3 +-- nix/os/profiles/graphical/system.nix | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix index 6b7a443..121ba47 100644 --- a/nix/home-manager/profiles/qtile-desktop.nix +++ b/nix/home-manager/profiles/qtile-desktop.nix @@ -302,8 +302,7 @@ in { services = { gnome-keyring.enable = true; - # TODO: this has been broken for a while, removing for now. - # blueman-applet.enable = true; + blueman-applet.enable = true; screen-locker = { enable = true; inactiveInterval = 7; diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index 38243fc..ff3def4 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -33,6 +33,7 @@ services.dbus.packages = with pkgs; [ blueman ]; + services.blueman.enable = true; services.xserver = { enable = true;