From 7a10782170388d390fa567a1c1215e5d7aea93e3 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 8 Mar 2023 19:13:59 +0100 Subject: [PATCH] feat(167.233.1.14): migrate all containers here --- nix/ops/nano/configuration.nix | 65 ------ nix/ops/nano/hardware-configuration.nix | 24 --- nix/ops/nanos@kn.nix | 25 --- nix/os/containers/ipxe.nix | 170 --------------- nix/os/containers/syncthing.nix | 55 ++--- nix/os/containers/webserver.nix | 202 +++++++----------- nix/os/devices/167.233.1.14/README.md | 18 ++ nix/os/devices/167.233.1.14/configuration.nix | 5 +- nix/os/devices/167.233.1.14/hw.nix | 34 +-- nix/os/devices/167.233.1.14/pkg.nix | 21 +- nix/os/devices/167.233.1.14/system.nix | 95 ++++---- nix/os/devices/167.233.1.14/versions.nix | 46 ++-- nix/os/devices/167.233.1.14/versions.tmpl.nix | 47 ++-- .../vmd102066.contaboserver.net/system.nix | 60 ++---- .../vmd102066.contaboserver.net/versions.nix | 16 +- .../versions.tmpl.nix | 11 +- .../vmd32387.contaboserver.net/boot.nix | 4 - .../configuration.nix | 12 -- .../devices/vmd32387.contaboserver.net/hw.nix | 25 --- .../vmd32387.contaboserver.net/pkg.nix | 54 ----- .../vmd32387.contaboserver.net/system.nix | 114 ---------- .../vmd32387.contaboserver.net/versions.nix | 20 -- .../versions.tmpl.nix | 26 --- nix/os/profiles/common/system.nix | 29 ++- nix/overlays/overrides.nix | 16 +- nix/pkgs/default.nix | 125 +++-------- nix/sources.json | 12 -- nix/tests/buildvmwithbootloader/result | 1 - 28 files changed, 310 insertions(+), 1022 deletions(-) delete mode 100644 nix/ops/nano/configuration.nix delete mode 100644 nix/ops/nano/hardware-configuration.nix delete mode 100644 nix/ops/nanos@kn.nix delete mode 100644 nix/os/containers/ipxe.nix create mode 100644 nix/os/devices/167.233.1.14/README.md delete mode 100644 nix/os/devices/vmd32387.contaboserver.net/boot.nix delete mode 100644 nix/os/devices/vmd32387.contaboserver.net/configuration.nix delete mode 100644 nix/os/devices/vmd32387.contaboserver.net/hw.nix delete mode 100644 nix/os/devices/vmd32387.contaboserver.net/pkg.nix delete mode 100644 nix/os/devices/vmd32387.contaboserver.net/system.nix delete mode 100644 nix/os/devices/vmd32387.contaboserver.net/versions.nix delete mode 100644 nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix delete mode 120000 nix/tests/buildvmwithbootloader/result diff --git a/nix/ops/nano/configuration.nix b/nix/ops/nano/configuration.nix deleted file mode 100644 index cf5070e..0000000 --- a/nix/ops/nano/configuration.nix +++ /dev/null @@ -1,65 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ - n, - pkgs, - ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sdb"; - - networking.hostName = "nano${toString n}"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Select internationalisation properties. - # i18n = { - # consoleFont = "Lat2-Terminus16"; - # consoleKeyMap = "us"; - # defaultLocale = "en_US.UTF-8"; - # }; - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget - # environment.systemPackages = with pkgs; [ - # wget - # ]; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - services.openssh.permitRootLogin = "yes"; - - # Enable CUPS to print documents. - services.printing.enable = false; - - # Enable the X11 windowing system. - services.xserver.enable = false; - # services.xserver.layout = "us"; - # services.xserver.xkbOptions = "eurosign:e"; - - # Enable the KDE Desktop Environment. - # services.xserver.displayManager.kdm.enable = true; - # services.xserver.desktopManager.kde4.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.extraUsers.guest = { - # isNormalUser = true; - # uid = 1000; - # }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "16.03"; -} diff --git a/nix/ops/nano/hardware-configuration.nix b/nix/ops/nano/hardware-configuration.nix deleted file mode 100644 index 0297e9c..0000000 --- a/nix/ops/nano/hardware-configuration.nix +++ /dev/null @@ -1,24 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - ... -}: { - imports = []; - - boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/e02a410e-5044-440f-90e9-b573e51f1315"; - fsType = "ext4"; - }; - - swapDevices = []; - - nix.maxJobs = 2; -} diff --git a/nix/ops/nanos@kn.nix b/nix/ops/nanos@kn.nix deleted file mode 100644 index 3d45a49..0000000 --- a/nix/ops/nanos@kn.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - nixpkgs ? import {}, - nrNanos ? 1, # Number of nanos -}: let - pkgs = nixpkgs; - webserver = { - services.httpd.enable = true; - services.httpd.adminAddr = "mail@stefanjunker.de"; - services.httpd.documentRoot = "${pkgs.nixops}/share/doc/nixops/"; - networking.firewall.allowedTCPPorts = [80]; - }; - - mkNano = {n}: { - imports = [ - (import ./nano/configuration.nix {inherit pkgs n;}) - ../configuration/common/user/root.nix - ]; - deployment.targetEnv = "none"; - deployment.targetHost = "nano${toString n}"; - }; - - mkNanos = n: - nixpkgs.lib.nameValuePair "nano${toString n}" (mkNano {inherit n;}); -in - nixpkgs.lib.listToAttrs (map mkNanos (nixpkgs.lib.range 0 (nrNanos - 1))) diff --git a/nix/os/containers/ipxe.nix b/nix/os/containers/ipxe.nix deleted file mode 100644 index 3623b44..0000000 --- a/nix/os/containers/ipxe.nix +++ /dev/null @@ -1,170 +0,0 @@ -{ - hostAddress, - localAddress, - httpPort ? 80, - httpsPort ? 443, -}: let - passwords = import ../../variables/passwords.crypt.nix; -in { - config = { - config, - pkgs, - lib, - ... - }: { - imports = [../profiles/containers/configuration.nix]; - - networking.firewall.enable = false; - - services.ddclientovh = { - enable = true; - domain = "www.stefanjunker.de"; - }; - - security.acme = { - acceptTerms = true; - certs."www.stefanjunker.de".email = "mail@stefanjunker.de"; - preliminarySelfsigned = true; - - # can be used for debugging - # server = "https://acme-staging-v02.api.letsencrypt.org/directory"; - }; - - services.nginx.enable = true; - services.nginx.recommendedProxySettings = true; - services.nginx.virtualHosts."www.stefanjunker.de" = { - default = true; - addSSL = true; - listen = [ - { - addr = "0.0.0.0"; - port = httpPort; - ssl = false; - } - { - addr = "0.0.0.0"; - port = httpsPort; - ssl = true; - } - ]; - - root = "/var/www/stefanjunker.de/htdocs"; - - enableACME = true; - # serverAliases = [ - # "www.stefanjunker.de" - # ]; - # sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt"; - # sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key"; - - locations."/fi" = {index = "index.php";}; - - locations."~ ^(.+.php)(.*)$".extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(.*)$; - - fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket}; - fastcgi_index index.php; - ''; - - locations."/hedgedoc/" = {proxyPass = "http://127.0.0.1:3000/";}; - - locations."/hedgedoc/socket.io/" = { - proxyPass = "http://127.0.0.1:3000/socket.io/"; - proxyWebsockets = true; - }; - }; - - services.phpfpm.pools.mypool = { - user = "nobody"; - phpPackage = pkgs.php5; - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 5; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 1; - "pm.max_spare_servers" = 3; - "pm.max_requests" = 500; - - "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED"; - }; - }; - - # the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work - systemd.services."phpfpm-mypool" = { - serviceConfig = {Type = lib.mkForce "simple";}; - }; - - services.mysql = { - enable = true; - package = pkgs.mariadb; - }; - - services.hedgedoc = { - enable = true; - configuration = { - domain = "www.stefanjunker.de"; - urlPath = "hedgedoc"; - protocolUseSSL = true; - db = { - dialect = "sqlite"; - storage = "/var/lib/codimd/db.codimd.sqlite"; - }; - - allowAnonymous = false; - allowAnonymousEdits = false; - allowGravatar = false; - allowFreeURL = false; - defaultPermission = "private"; - allowEmailRegister = false; - - # oauth2 provider config - inherit (passwords.www_stefanjunker_de_hedgedoc) dropbox; - - uploadsPath = "/var/lib/codimd/uploads"; - }; - }; - }; - - autoStart = true; - - bindMounts = { - "/etc/secrets/" = { - hostPath = "/var/lib/container-volumes/webserver/etc-secrets"; - isReadOnly = true; - }; - - "/var/www" = { - hostPath = "/var/lib/container-volumes/webserver/var-www"; - isReadOnly = false; - }; - - "/var/lib/mysql" = { - hostPath = "/var/lib/container-volumes/webserver/var-lib-mysql"; - isReadOnly = false; - }; - - "/var/lib/codimd" = { - hostPath = "/var/lib/container-volumes/webserver/var-lib-codimd"; - isReadOnly = false; - }; - }; - - privateNetwork = true; - forwardPorts = [ - { - # http - containerPort = 80; - hostPort = httpPort; - protocol = "tcp"; - } - { - # https - containerPort = 443; - hostPort = httpsPort; - protocol = "tcp"; - } - ]; - - inherit hostAddress localAddress; -} diff --git a/nix/os/containers/syncthing.nix b/nix/os/containers/syncthing.nix index d67728b..a13e2ae 100644 --- a/nix/os/containers/syncthing.nix +++ b/nix/os/containers/syncthing.nix @@ -1,31 +1,31 @@ -{ - hostAddress, - localAddress, - syncthingPort ? 22000, - syncthingLocalAnnouncePort ? 21027, - autoStart ? false, +{ hostAddress +, localAddress +, syncthingPort ? 22000 +, syncthingLocalAnnouncePort ? 21027 +, autoStart ? false +, }: { - config = { - config, - pkgs, - ... - }: { - system.stateVersion = "20.05"; # Did you read the comment? + config = + { config + , pkgs + , ... + }: { + system.stateVersion = "20.05"; # Did you read the comment? - imports = [../profiles/containers/configuration.nix]; + imports = [ ../profiles/containers/configuration.nix ]; - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ - # syncthing gui - 8384 - ]; + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ + # syncthing gui + 8384 + ]; - services.syncthing = { - enable = true; - openDefaultPorts = true; - guiAddress = "0.0.0.0:8384"; + services.syncthing = { + enable = true; + openDefaultPorts = true; + guiAddress = "0.0.0.0:8384"; + }; }; - }; inherit autoStart; @@ -36,7 +36,7 @@ }; }; - extraFlags = ["--resolv-conf=bind-host"]; + extraFlags = [ "--resolv-conf=bind-host" ]; privateNetwork = true; forwardPorts = [ @@ -45,10 +45,15 @@ hostPort = syncthingPort; protocol = "tcp"; } + { + containerPort = 22000; + hostPort = syncthingPort; + protocol = "udp"; + } { containerPort = 21027; hostPort = syncthingLocalAnnouncePort; - protocol = "tcp"; + protocol = "udp"; } ]; diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index 40af570..86b7b83 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -1,133 +1,95 @@ -{ - hostAddress, - localAddress, - httpPort ? 80, - httpsPort ? 443, - autoStart ? false, -}: let +{ hostAddress +, localAddress +, httpPort ? 80 +, httpsPort ? 443 +, autoStart ? false +, +}: +let passwords = import ../../variables/passwords.crypt.nix; -in { - config = { - config, - pkgs, - lib, - ... - }: { - system.stateVersion = "22.05"; # Did you read the comment? +in +{ + config = + { config + , pkgs + , lib + , ... + }: { + system.stateVersion = "22.05"; # Did you read the comment? - imports = [../profiles/containers/configuration.nix]; + imports = [ ../profiles/containers/configuration.nix ]; - networking.firewall.enable = false; + networking.firewall.enable = false; - services.ddclientovh = { - enable = true; - domain = "www.stefanjunker.de"; - }; - - security.acme = { - acceptTerms = true; - certs."www.stefanjunker.de".email = "mail@stefanjunker.de"; - preliminarySelfsigned = true; - - # can be used for debugging - # server = "https://acme-staging-v02.api.letsencrypt.org/directory"; - }; - - services.nginx.enable = true; - services.nginx.recommendedProxySettings = true; - services.nginx.virtualHosts."www.stefanjunker.de" = { - default = true; - addSSL = true; - listen = [ - { - addr = "0.0.0.0"; - port = httpPort; - ssl = false; - } - { - addr = "0.0.0.0"; - port = httpsPort; - ssl = true; - } - ]; - - root = "/var/www/stefanjunker.de/htdocs"; - - enableACME = true; - # serverAliases = [ - # "www.stefanjunker.de" - # ]; - # sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt"; - # sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key"; - - locations."/fi" = {index = "index.php";}; - - locations."~ ^(.+.php)(.*)$".extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(.*)$; - - fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket}; - fastcgi_index index.php; - ''; - - locations."/hedgedoc/" = {proxyPass = "http://127.0.0.1:3000/";}; - - locations."/hedgedoc/socket.io/" = { - proxyPass = "http://127.0.0.1:3000/socket.io/"; - proxyWebsockets = true; - }; - }; - - services.phpfpm.pools.mypool = { - user = "nobody"; - phpPackage = pkgs.php5; - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 5; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 1; - "pm.max_spare_servers" = 3; - "pm.max_requests" = 500; - - "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED"; - }; - }; - - # the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work - systemd.services."phpfpm-mypool" = { - serviceConfig = {Type = lib.mkForce "simple";}; - }; - - services.mysql = { - enable = true; - package = pkgs.mariadb_104; - }; - - services.hedgedoc = { - enable = true; - configuration = { + services.ddclientovh = { + enable = true; domain = "www.stefanjunker.de"; - urlPath = "hedgedoc"; - protocolUseSSL = true; - db = { - dialect = "sqlite"; - storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; + }; + + security.acme = { + acceptTerms = true; + certs."www.stefanjunker.de".email = "mail@stefanjunker.de"; + preliminarySelfsigned = true; + + # can be used for debugging + # server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + }; + + services.nginx.enable = true; + services.nginx.recommendedProxySettings = true; + services.nginx.virtualHosts."www.stefanjunker.de" = { + default = true; + addSSL = true; + listen = [ + { + addr = "0.0.0.0"; + port = httpPort; + ssl = false; + } + { + addr = "0.0.0.0"; + port = httpsPort; + ssl = true; + } + ]; + + root = "/var/www/stefanjunker.de/htdocs"; + + enableACME = true; + + locations."/hedgedoc/" = { proxyPass = "http://[::1]:3000/"; }; + + locations."/hedgedoc/socket.io/" = { + proxyPass = "http://[::1]:3000/socket.io/"; + proxyWebsockets = true; }; + }; - allowAnonymous = false; - allowAnonymousEdits = false; - allowGravatar = false; - allowFreeURL = false; - defaultPermission = "private"; - allowEmailRegister = false; + services.hedgedoc = { + enable = true; + settings = { + domain = "www.stefanjunker.de"; + urlPath = "hedgedoc"; + protocolUseSSL = true; + db = { + dialect = "sqlite"; + storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; + }; - # oauth2 provider config - inherit (passwords.www_stefanjunker_de_hedgedoc) dropbox; + allowAnonymous = false; + allowAnonymousEdits = false; + allowGravatar = false; + allowFreeURL = false; + defaultPermission = "private"; + allowEmailRegister = false; - uploadsPath = "/var/lib/codimd/uploads"; + # oauth2 provider config + inherit (passwords.www_stefanjunker_de_hedgedoc) dropbox; + + uploadsPath = "/var/lib/hedgedoc/uploads"; + }; }; }; - }; inherit autoStart; @@ -153,7 +115,7 @@ in { }; }; - extraFlags = ["--resolv-conf=bind-host"]; + extraFlags = [ "--resolv-conf=bind-host" ]; privateNetwork = true; forwardPorts = [ diff --git a/nix/os/devices/167.233.1.14/README.md b/nix/os/devices/167.233.1.14/README.md new file mode 100644 index 0000000..5c32f8e --- /dev/null +++ b/nix/os/devices/167.233.1.14/README.md @@ -0,0 +1,18 @@ +## bootstrapping + +``` +systemctl stop dhcpcd +ip a add 167.233.1.14/29 dev ens18 +ip l set mtu 1400 dev ens18 +ip r add default via 167.233.1.9 +echo "nameserver 1.1.1.1" >> /etc/resolv.conf +mkdir ~/.ssh +``` + +### ssh key + +run locally: + +``` +ssh-add -L | tr \\n \\r | xdotool selectwindow windowfocus type --delay 50 --window %@ --file - +``` diff --git a/nix/os/devices/167.233.1.14/configuration.nix b/nix/os/devices/167.233.1.14/configuration.nix index a405714..1658e6c 100644 --- a/nix/os/devices/167.233.1.14/configuration.nix +++ b/nix/os/devices/167.233.1.14/configuration.nix @@ -1,7 +1,8 @@ -{...}: { - disabledModules = []; +{ ... }: { + disabledModules = [ ]; imports = [ ../../profiles/common/configuration.nix + ../../modules/opinionatedDisk.nix ./system.nix ./hw.nix diff --git a/nix/os/devices/167.233.1.14/hw.nix b/nix/os/devices/167.233.1.14/hw.nix index 31cd4e2..9eb01fc 100644 --- a/nix/os/devices/167.233.1.14/hw.nix +++ b/nix/os/devices/167.233.1.14/hw.nix @@ -1,4 +1,5 @@ -{...}: let +{ ... }: +let stage1Modules = [ "virtio_balloon" "virtio_scsi" @@ -10,36 +11,17 @@ "virtio_blk" "virtio_ring" - "bochs_drm" "ata_piix" "pata_acpi" "ata_generic" ]; -in { - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02"; - fsType = "ext4"; +in +{ + hardware.opinionatedDisk = { + enable = true; + encrypted = false; + diskId = "virtio-virtio-paeNi8Fof9Oe"; }; - fileSystems."/" = { - device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b"; - fsType = "btrfs"; - options = ["subvol=root"]; - neededForBoot = true; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b"; - fsType = "btrfs"; - options = ["subvol=home"]; - neededForBoot = true; - }; - - swapDevices = [{device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d";}]; - - boot.loader.grub = {device = "/dev/vda";}; - - boot.initrd.availableKernelModules = stage1Modules; boot.initrd.kernelModules = stage1Modules; - boot.extraModprobeConfig = ""; } diff --git a/nix/os/devices/167.233.1.14/pkg.nix b/nix/os/devices/167.233.1.14/pkg.nix index ea9d216..717b523 100644 --- a/nix/os/devices/167.233.1.14/pkg.nix +++ b/nix/os/devices/167.233.1.14/pkg.nix @@ -1,16 +1,14 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: { nixpkgs.config.packageOverrides = pkgs: with pkgs; { nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; - }) - .nixPath; + }).nixPath; }; home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; @@ -23,13 +21,4 @@ pkgs.xclip ]; }; - - nix.buildMachines = [ - { - hostName = "localhost"; - system = "x86_64-linux"; - supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; - maxJobs = 4; - } - ]; } diff --git a/nix/os/devices/167.233.1.14/system.nix b/nix/os/devices/167.233.1.14/system.nix index 76f35e0..735760d 100644 --- a/nix/os/devices/167.233.1.14/system.nix +++ b/nix/os/devices/167.233.1.14/system.nix @@ -1,20 +1,14 @@ -{ - pkgs, - lib, - config, - ... -}: let +{ pkgs +, lib +, config +, ... +}: +let keys = import ../../../variables/keys.nix; -in { - nix.binaryCaches = ["https://cache.holo.host"]; - - nix.binaryCachePublicKeys = [ - "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE=" - "cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ=" - ]; - +in +{ # TASK: new device - networking.hostName = "sj-pvehtz-0"; # Define your hostname. + networking.hostName = "sj-pvehtz0"; # Define your hostname. # networking.domain = ""; networking.firewall.enable = true; @@ -26,6 +20,8 @@ in { networking.usePredictableInterfaceNames = false; + networking.dhcpcd.enable = false; + networking.interfaces.eth0 = { mtu = 1400; useDHCP = false; @@ -35,7 +31,7 @@ in { "prefixLength" = 29; } ]; - ipv6.addresses = []; + ipv6.addresses = [ ]; }; networking.defaultGateway = { @@ -48,11 +44,11 @@ in { interface = "eth0"; }; - networking.nameservers = ["1.1.1.1"]; + networking.nameservers = [ "1.1.1.1" ]; networking.nat = { enable = true; - internalInterfaces = ["ve-+"]; + internalInterfaces = [ "ve-+" ]; externalInterface = "eth0"; }; @@ -60,45 +56,54 @@ in { # services.kubernetes.roles = ["master" "node"]; # virtualization - virtualisation = {docker.enable = true;}; + virtualisation = { docker.enable = true; }; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; - systemd.services."sshd-status" = { - enable = true; - description = "sshd-status service"; - path = [pkgs.systemd]; - script = '' - systemctl status sshd | grep -i tasks - ''; - }; + nix.gc = { automatic = true; }; - systemd.services.sshd.serviceConfig = {TasksMax = 32;}; - - systemd.timers."sshd-status" = { - description = "Timer to trigger sshd-status periodically"; - enable = true; - wantedBy = ["timer.target" "multi-user.target"]; - timerConfig = { - OnActiveSec = "360s"; - OnUnitActiveSec = "360s"; - AccuracySec = "1s"; - Unit = "sshd-status.service"; - }; - }; - - nix.gc = {automatic = true;}; - - networking.useHostResolvConf = true; + # networking.useHostResolvConf = true; services.openssh.forwardX11 = true; + containers = { + mailserver = import ../../containers/mailserver.nix { + autoStart = true; + + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.11"; + + imapsPort = 993; + sievePort = 4190; + }; + + webserver = import ../../containers/webserver.nix + { + autoStart = true; + + hostAddress = "192.168.100.12"; + localAddress = "192.168.100.13"; + + httpPort = 80; + httpsPort = 443; + }; + + syncthing = import ../../containers/syncthing.nix { + autoStart = true; + + hostAddress = "192.168.100.14"; + localAddress = "192.168.100.15"; + + syncthingPort = 22000; + }; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.09"; # Did you read the comment? + system.stateVersion = "22.11"; # Did you read the comment? } diff --git a/nix/os/devices/167.233.1.14/versions.nix b/nix/os/devices/167.233.1.14/versions.nix index 95d0174..b8df054 100644 --- a/nix/os/devices/167.233.1.14/versions.nix +++ b/nix/os/devices/167.233.1.14/versions.nix @@ -1,45 +1,37 @@ let nixpkgs = { url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-21.11"; - rev = "e34c5379866833f41e2a36f309912fa675d687c7"; + ref = "nixos-22.11"; + rev = '' + a7cc81913bb3cd1ef05ed0ece048b773e1839e51''; }; -in { +in +{ inherit nixpkgs; + nixos = nixpkgs // { suffix = "/nixos"; }; "channels-nixos-stable" = nixpkgs; - "channels-nixos-21.05" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-21.05"; - rev = ""; - }; - "channels-nixos-20.09" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-20.09"; - rev = "1c1f5649bb9c1b0d98637c8c365228f57126f361"; - }; - "channels-nixos-20.03" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-20.03"; - rev = "1db42b7fe3878f3f5f7a4f2dc210772fd080e205"; - }; - "channels-nixos-19.09" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-19.09"; - rev = "75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1"; - }; "channels-nixos-unstable" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable"; - rev = "c71f061c68ba8ce53471b767d5049cbd0f3d8490"; + rev = '' + c707238dc262923da5a53a5a11914117caac07a2''; + }; + "channels-nixos-unstable-small" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-unstable-small"; + rev = '' + 09c509a5075931382582dee69f3e44bf1535c092''; }; "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "fb881b80f64d1b672135533a8c2fbc86e6ed8898"; + rev = '' + 3d57138bd9abe31bae25704cebaab7527010cc5e''; }; "home-manager-module" = { url = "https://github.com/nix-community/home-manager"; - ref = "release-21.05"; - rev = "7329ffc6e911106494183557fc249180d5422929"; + ref = "release-22.11"; + rev = '' + b0be47978de5cfd729a79c3f57ace4c86364ff45''; }; } diff --git a/nix/os/devices/167.233.1.14/versions.tmpl.nix b/nix/os/devices/167.233.1.14/versions.tmpl.nix index 88ee53e..1fe5eb8 100644 --- a/nix/os/devices/167.233.1.14/versions.tmpl.nix +++ b/nix/os/devices/167.233.1.14/versions.tmpl.nix @@ -1,42 +1,16 @@ let nixpkgs = { url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-21.11"; + ref = "nixos-22.11"; rev = '' - <% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d ' + <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; -in { +in +{ inherit nixpkgs; + nixos = nixpkgs // { suffix = "/nixos"; }; "channels-nixos-stable" = nixpkgs; - "channels-nixos-21.05" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-21.05"; - rev = '' - <% git ls-remote https://github.com/nixos/nixpkgs nixos-20.05 | awk '{ print $1 }' | tr -d ' - ' -%>''; - }; - "channels-nixos-20.09" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-20.09"; - rev = '' - <% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d ' - ' -%>''; - }; - "channels-nixos-20.03" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-20.03"; - rev = '' - <% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d ' - ' -%>''; - }; - "channels-nixos-19.09" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-19.09"; - rev = '' - <% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d ' - ' -%>''; - }; "channels-nixos-unstable" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable"; @@ -44,6 +18,13 @@ in { <% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d ' ' -%>''; }; + "channels-nixos-unstable-small" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-unstable-small"; + rev = '' + <% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable-small | awk '{ print $1 }' | tr -d ' + ' -%>''; + }; "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; @@ -53,9 +34,9 @@ in { }; "home-manager-module" = { url = "https://github.com/nix-community/home-manager"; - ref = "release-21.05"; + ref = "release-22.11"; rev = '' - <% git ls-remote https://github.com/nix-community/home-manager.git release-21.05 | awk '{ print $1 }' | tr -d ' + <% git ls-remote https://github.com/nix-community/home-manager.git release-22.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; } diff --git a/nix/os/devices/vmd102066.contaboserver.net/system.nix b/nix/os/devices/vmd102066.contaboserver.net/system.nix index 861689d..a80129b 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/system.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/system.nix @@ -1,12 +1,13 @@ -{ - pkgs, - lib, - config, - ... -}: let +{ pkgs +, lib +, config +, ... +}: +let keys = import ../../../variables/keys.nix; passwords = import ../../../variables/passwords.crypt.nix; -in { +in +{ # TASK: new device networking.hostName = "vmd102066"; # Define your hostname. networking.domain = "contaboserver.net"; @@ -40,7 +41,7 @@ in { networking.nat = { enable = true; - internalInterfaces = ["ve-+"]; + internalInterfaces = [ "ve-+" ]; externalInterface = "eth0"; }; @@ -48,7 +49,7 @@ in { # services.kubernetes.roles = ["master" "node"]; # virtualization - virtualisation = {docker.enable = true;}; + virtualisation = { docker.enable = true; }; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; @@ -56,18 +57,18 @@ in { systemd.services."sshd-status" = { enable = true; description = "sshd-status service"; - path = [pkgs.systemd]; + path = [ pkgs.systemd ]; script = '' systemctl status sshd | grep -i tasks ''; }; - systemd.services.sshd.serviceConfig = {TasksMax = 32;}; + systemd.services.sshd.serviceConfig = { TasksMax = 32; }; systemd.timers."sshd-status" = { description = "Timer to trigger sshd-status periodically"; enable = true; - wantedBy = ["timer.target" "multi-user.target"]; + wantedBy = [ "timer.target" "multi-user.target" ]; timerConfig = { OnActiveSec = "5s"; OnUnitActiveSec = "5s"; @@ -76,11 +77,11 @@ in { }; }; - nix.gc = {automatic = true;}; + nix.gc = { automatic = true; }; boot.initrd.network = { enable = true; - udhcpc.extraArgs = ["-x hostname:${config.networking.hostName}"]; + udhcpc.extraArgs = [ "-x hostname:${config.networking.hostName}" ]; ssh = { enable = true; @@ -103,42 +104,13 @@ in { # networking.useHostResolvConf = true; containers = { - mailserver = import ../../containers/mailserver.nix { - autoStart = true; - - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.11"; - - imapsPort = 993; - sievePort = 4190; - }; - - webserver = import ../../containers/webserver.nix { - autoStart = true; - - hostAddress = "192.168.100.12"; - localAddress = "192.168.100.13"; - - httpPort = 80; - httpsPort = 443; - }; - - syncthing = import ../../containers/syncthing.nix { - autoStart = true; - - hostAddress = "192.168.100.14"; - localAddress = "192.168.100.15"; - - syncthingPort = 22000; - }; - backup = import ../../containers/backup.nix { autoStart = false; inherit config; hostAddress = "192.168.100.16"; localAddress = "192.168.100.17"; - subvolumes = ["mailserver" "webserver" "backup" "syncthing"]; + subvolumes = [ "mailserver" "webserver" "backup" "syncthing" ]; }; bkpTarget = import ../../containers/backup-target.nix { diff --git a/nix/os/devices/vmd102066.contaboserver.net/versions.nix b/nix/os/devices/vmd102066.contaboserver.net/versions.nix index c15fcee..0359b70 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/versions.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/versions.nix @@ -1,20 +1,24 @@ let nixpkgs = { url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-22.05"; - rev = "b3a8f7ed267e0a7ed100eb7d716c9137ff120fe3"; + ref = "nixos-22.11"; + rev = '' + a7cc81913bb3cd1ef05ed0ece048b773e1839e51''; }; -in { +in +{ inherit nixpkgs; "channels-nixos-stable" = nixpkgs; "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "6b10854c8194f1ebaa5bce623e71c6da1c008861"; + rev = '' + 3b12bfe6c4e11e91865f4d244d13fdc9860bd322''; }; "home-manager-module" = { url = "https://github.com/nix-community/home-manager"; - ref = "release-22.05"; - rev = "f0ecd4b1db5e15103e955b18cb94bea4296e5c45"; + ref = "release-22.11"; + rev = '' + b0be47978de5cfd729a79c3f57ace4c86364ff45''; }; } diff --git a/nix/os/devices/vmd102066.contaboserver.net/versions.tmpl.nix b/nix/os/devices/vmd102066.contaboserver.net/versions.tmpl.nix index 511138c..273f449 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/versions.tmpl.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/versions.tmpl.nix @@ -1,12 +1,13 @@ let nixpkgs = { url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-22.05"; + ref = "nixos-22.11"; rev = '' - <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d ' + <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; -in { +in +{ inherit nixpkgs; "channels-nixos-stable" = nixpkgs; "nixpkgs-master" = { @@ -18,9 +19,9 @@ in { }; "home-manager-module" = { url = "https://github.com/nix-community/home-manager"; - ref = "release-22.05"; + ref = "release-22.11"; rev = '' - <% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d ' + <% git ls-remote https://github.com/nix-community/home-manager.git release-22.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; } diff --git a/nix/os/devices/vmd32387.contaboserver.net/boot.nix b/nix/os/devices/vmd32387.contaboserver.net/boot.nix deleted file mode 100644 index 5713789..0000000 --- a/nix/os/devices/vmd32387.contaboserver.net/boot.nix +++ /dev/null @@ -1,4 +0,0 @@ -{lib, ...}: { - boot.loader.grub.efiSupport = lib.mkForce false; - boot.extraModulePackages = []; -} diff --git a/nix/os/devices/vmd32387.contaboserver.net/configuration.nix b/nix/os/devices/vmd32387.contaboserver.net/configuration.nix deleted file mode 100644 index 28a63fb..0000000 --- a/nix/os/devices/vmd32387.contaboserver.net/configuration.nix +++ /dev/null @@ -1,12 +0,0 @@ -{...}: { - disabledModules = []; - imports = [ - ../../profiles/common/configuration.nix - ../../modules/opinionatedDisk.nix - - ./system.nix - ./hw.nix - ./pkg.nix - ./boot.nix - ]; -} diff --git a/nix/os/devices/vmd32387.contaboserver.net/hw.nix b/nix/os/devices/vmd32387.contaboserver.net/hw.nix deleted file mode 100644 index e09b10e..0000000 --- a/nix/os/devices/vmd32387.contaboserver.net/hw.nix +++ /dev/null @@ -1,25 +0,0 @@ -{...}: let - stage1Modules = [ - "aesni_intel" - "kvm-intel" - - "virtio_balloon" - "virtio_scsi" - "virtio_net" - "virtio_pci" - "virtio_ring" - "virtio" - "scsi_mod" - ]; -in { - # TASK: new device - hardware.opinionatedDisk = { - enable = true; - encrypted = true; - diskId = "scsi-0QEMU_QEMU_HARDDISK_drive-scsi0"; - }; - - boot.initrd.availableKernelModules = stage1Modules; - boot.initrd.kernelModules = stage1Modules; - boot.extraModprobeConfig = ""; -} diff --git a/nix/os/devices/vmd32387.contaboserver.net/pkg.nix b/nix/os/devices/vmd32387.contaboserver.net/pkg.nix deleted file mode 100644 index 821775e..0000000 --- a/nix/os/devices/vmd32387.contaboserver.net/pkg.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - nixpkgs.config.packageOverrides = pkgs: - with pkgs; { - nixPath = - (import ../../../default.nix { - versionsPath = ./versions.nix; - }) - .nixPath; - }; - home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { - inherit pkgs; - }; - - nix.buildMachines = [ - { - hostName = "localhost"; - system = "x86_64-linux"; - supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; - maxJobs = 4; - } - ]; - - services.hydra = { - enable = false; - hydraURL = "http://localhost:3000"; # externally visible URL - notificationSender = "hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service - # a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines - buildMachinesFiles = []; - # you will probably also want, otherwise *everything* will be built from scratch - useSubstitutes = true; - }; - - services.gitlab-runner = { - enable = false; - - extraPackages = with pkgs; [bash gitlab-runner nix gitFull git-crypt]; - - concurrent = 2; - checkInterval = 0; - services = { - nixRunner = { - executor = "shell"; - runUntagged = true; - registrationConfigFile = "/etc/secrets/gitlab-runner/nix-runner.registration"; - tagList = ["nix"]; - }; - }; - }; -} diff --git a/nix/os/devices/vmd32387.contaboserver.net/system.nix b/nix/os/devices/vmd32387.contaboserver.net/system.nix deleted file mode 100644 index bc741f7..0000000 --- a/nix/os/devices/vmd32387.contaboserver.net/system.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: let - keys = import ../../../variables/keys.nix; - passwords = import ../../../variables/passwords.crypt.nix; -in { - # TASK: new device - networking.hostName = "vmd32387"; # Define your hostname. - networking.domain = "contaboserver.net"; - - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ - # iperf3 - 5201 - ]; - networking.firewall.logRefusedConnections = false; - - networking.usePredictableInterfaceNames = false; - networking.dhcpcd = { - enable = true; - persistent = true; - }; - - networking.interfaces.eth0 = { - useDHCP = true; - ipv6.addresses = [ - { - address = "2a02:c207:3003:2387::1"; - prefixLength = 64; - } - ]; - }; - networking.defaultGateway6 = { - address = "fe80::1"; - interface = "eth0"; - }; - - networking.nat = { - enable = true; - internalInterfaces = ["ve-+"]; - externalInterface = "eth0"; - }; - - # Kubernetes - # services.kubernetes.roles = ["master" "node"]; - - # virtualization - virtualisation = {docker.enable = true;}; - - services.spice-vdagentd.enable = true; - services.qemuGuest.enable = true; - - systemd.services."sshd-status" = { - enable = true; - description = "sshd-status service"; - path = [pkgs.systemd]; - script = '' - systemctl status sshd | grep -i tasks - ''; - }; - - systemd.services.sshd.serviceConfig = {TasksMax = 32;}; - - systemd.timers."sshd-status" = { - description = "Timer to trigger sshd-status periodically"; - enable = true; - wantedBy = ["timer.target" "multi-user.target"]; - timerConfig = { - OnActiveSec = "5s"; - OnUnitActiveSec = "5s"; - AccuracySec = "1s"; - Unit = "sshd-status.service"; - }; - }; - - nix.gc = {automatic = true;}; - - boot.initrd.network = { - enable = true; - udhcpc.extraArgs = ["-x hostname:${config.networking.hostName}"]; - - ssh = { - enable = true; - authorizedKeys = keys.users.steveej.openssh; - hostKeys = [ - "/etc/secrets/initrd/ssh_host_rsa_key" - "/etc/secrets/initrd/ssh_host_ed25519_key" - ]; - }; - }; - - boot.initrd.postMountCommands = '' - for iface in $(cd /sys/class/net && ls); do - echo "Bringing down $iface..." - ip address flush dev $iface - ip link set $iface down - done - ''; - - networking.useHostResolvConf = true; - - containers = {}; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.03"; # Did you read the comment? -} diff --git a/nix/os/devices/vmd32387.contaboserver.net/versions.nix b/nix/os/devices/vmd32387.contaboserver.net/versions.nix deleted file mode 100644 index c15fcee..0000000 --- a/nix/os/devices/vmd32387.contaboserver.net/versions.nix +++ /dev/null @@ -1,20 +0,0 @@ -let - nixpkgs = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-22.05"; - rev = "b3a8f7ed267e0a7ed100eb7d716c9137ff120fe3"; - }; -in { - inherit nixpkgs; - "channels-nixos-stable" = nixpkgs; - "nixpkgs-master" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "master"; - rev = "6b10854c8194f1ebaa5bce623e71c6da1c008861"; - }; - "home-manager-module" = { - url = "https://github.com/nix-community/home-manager"; - ref = "release-22.05"; - rev = "f0ecd4b1db5e15103e955b18cb94bea4296e5c45"; - }; -} diff --git a/nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix b/nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix deleted file mode 100644 index 511138c..0000000 --- a/nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix +++ /dev/null @@ -1,26 +0,0 @@ -let - nixpkgs = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-22.05"; - rev = '' - <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d ' - ' -%>''; - }; -in { - inherit nixpkgs; - "channels-nixos-stable" = nixpkgs; - "nixpkgs-master" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "master"; - rev = '' - <% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d ' - ' -%>''; - }; - "home-manager-module" = { - url = "https://github.com/nix-community/home-manager"; - ref = "release-22.05"; - rev = '' - <% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d ' - ' -%>''; - }; -} diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index 72c7a7f..058bd2e 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -1,26 +1,25 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: { - nix.binaryCachePublicKeys = [ + nix.settings.trusted-public-keys = [ # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; - nix.binaryCaches = [ + nix.settings.substituters = [ "https://cache.nixos.org" # "https://hydra.nixos.org" ]; - nix.trustedBinaryCaches = [ + nix.settings.trusted-substituters = [ "https://cache.nixos.org" # "https://hydra.nixos.org" ]; nix.daemonCPUSchedPolicy = "idle"; nix.daemonIOSchedClass = "idle"; - nix.maxJobs = lib.mkDefault "auto"; - nix.buildCores = lib.mkDefault 0; - nix.useSandbox = true; + nix.settings.max-jobs = lib.mkDefault "auto"; + nix.settings.cores = lib.mkDefault 0; + nix.settings.sandbox = true; environment.etc."lvm/lvm.conf".text = '' devices { @@ -28,14 +27,14 @@ } ''; - environment.variables = {NIX_PATH = lib.mkForce pkgs.nixPath;}; + environment.variables = { NIX_PATH = lib.mkForce pkgs.nixPath; }; # Fonts, I18N, Date ... - fonts.fonts = [pkgs.corefonts]; + fonts.fonts = [ pkgs.corefonts ]; console.font = "lat9w-16"; - i18n = {defaultLocale = "en_US.UTF-8";}; + i18n = { defaultLocale = "en_US.UTF-8"; }; time.timeZone = "Etc/UTC"; services.gpm.enable = true; @@ -68,6 +67,6 @@ programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = ["/share/zsh"]; + environment.pathsToLink = [ "/share/zsh" ]; programs.fuse.userAllowOther = true; } diff --git a/nix/overlays/overrides.nix b/nix/overlays/overrides.nix index ab37a6d..1fba733 100644 --- a/nix/overlays/overrides.nix +++ b/nix/overlays/overrides.nix @@ -1,20 +1,20 @@ # This overlay is used for overriding upstream packages. -self: super: let +self: super: +let sources = import ../../nix/sources.nix; - nixpkgs-master = import {inherit (super) config;}; + nixpkgs-master = import { inherit (super) config; }; nixpkgs-unstable = - import {inherit (super) config;}; - pr-holochain-launcher-bin = - import sources.pr-holochain-launcher-bin {inherit (super) config;}; -in { + import { inherit (super) config; }; +in +{ inherit nixpkgs-master; inherit nixpkgs-unstable; # alacritty = nixpkgs-master.alacritty; alacritty = super.stdenv.mkDerivation { name = "alacritty-custom"; - buildInputs = [super.makeWrapper]; + buildInputs = [ super.makeWrapper ]; phases = "installPhase"; installPhase = '' makeWrapper ${super.alacritty}/bin/alacritty $out/bin/alacritty \ @@ -32,7 +32,5 @@ in { ]); }); - inherit (pr-holochain-launcher-bin) holochain-launcher; - # logseq = nixpkgs-staging-steveej.logseq; } diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index 959d466..b60e7df 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -1,35 +1,7 @@ -{pkgs}: let +{ pkgs }: +let in rec { - nixpkgs-master = import {}; - - linuxPackages_sgx_540rc3 = let - linux_sgx_pkg = { - fetchurl, - buildLinux, - ... - } @ args: - buildLinux (args - // rec { - version = "5.4.0-rc3"; - modDirVersion = version; - - src = fetchurl { - url = "https://github.com/jsakkine-intel/linux-sgx/archive/v23.tar.gz"; - sha256 = "11rwlwv7s071ia889dk1dgrxprxiwgi7djhg47vi56dj81jgib20"; - }; - kernelPatches = []; - - extraConfig = '' - INTEL_SGX y - ''; - - extraMeta.branch = "5.4"; - } - // (args.argsOverride or {})); - linux_sgx = pkgs.callPackage linux_sgx_pkg {}; - in - pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_sgx); - linuxPackages_sgx_latest = linuxPackages_sgx_540rc3; + nixpkgs-master = import { }; busyboxStatic = pkgs.busybox.override { enableStatic = true; @@ -39,51 +11,10 @@ in rec { CONFIG_INSTALL_APPLET_SYMLINKS n ''; }; - dropbearStatic = pkgs.dropbear.override {enableStatic = true;}; + dropbearStatic = pkgs.dropbear.override { enableStatic = true; }; - php5 = let - nixpkgsWithPhp5 = pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs-channels"; - rev = "846d8f8305192dcc3a63139102698b4ac6b9ef9f"; - sha256 = "1qifgc1q2i4g0ivpfjnxp4jl2cc82gfjws08dsllgw7q7kw4b4rb"; - }; - php5 = - (pkgs.callPackage - "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" - { - config = pkgs.lib.attrsets.recursiveUpdate pkgs.config { - php = { - imap = false; - openssl = false; - curl = false; - ldap = false; - mcrypt = false; - }; - }; - stdenv = pkgs.llvmPackages_6.stdenv; # broken - icu = pkgs.icu60; - }) - .php56; - in - php5.overrideAttrs (attrs: rec { - # See https://secure.php.net/ChangeLog-5.php - version = "5.6.40"; - name = "php-${version}"; - - sha256 = "005s7w167dypl41wlrf51niryvwy1hfv53zxyyr3lm938v9jbl7z"; - src = pkgs.fetchurl { - url = "http://www.php.net/distributions/php-${version}.tar.bz2"; - inherit sha256; - }; - - configureFlags = attrs.configureFlags ++ ["--without-fpm-systemd"]; - - meta.license = null; - }); - - duplicacy = pkgs.callPackage ../pkgs/duplicacy {}; - mfcl3770cdw = pkgs.callPackage ../pkgs/mfcl3770cdw.nix {}; + duplicacy = pkgs.callPackage ../pkgs/duplicacy { }; + mfcl3770cdw = pkgs.callPackage ../pkgs/mfcl3770cdw.nix { }; staruml = pkgs.callPackage ../pkgs/staruml.nix { inherit (pkgs.gnome2) GConf; libgcrypt = pkgs.libgcrypt_1_5; @@ -92,28 +23,28 @@ in rec { pythonPackages = myPython; myPython = pkgs.python310.withPackages (ps: with ps; - [ - pep8 - yapf - flake8 - # autopep8 (broken) - # pylint (broken) - ipython - llfuse - dugong - defusedxml - wheel - pip - virtualenv - cffi - pyopenssl - urllib3 - # mistune (insecure) - sympy + [ + pep8 + yapf + flake8 + # autopep8 (broken) + # pylint (broken) + ipython + llfuse + dugong + defusedxml + wheel + pip + virtualenv + cffi + pyopenssl + urllib3 + # mistune (insecure) + sympy - flask + flask - pyaml - ] - ++ [pkgs.pypi2nix pkgs.libffi]); + pyaml + ] + ++ [ pkgs.pypi2nix pkgs.libffi ]); } diff --git a/nix/sources.json b/nix/sources.json index ff4275b..49bfd31 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -10,17 +10,5 @@ "type": "tarball", "url": "https://github.com/NixOS/nixpkgs/archive/26fe7618c7efbbfe28db9a52a21fb87e67ebaf06.tar.gz", "url_template": "https://github.com///archive/.tar.gz" - }, - "pr-holochain-launcher-bin": { - "branch": "pr-holochain-launcher-bin", - "description": "Nix Packages collection", - "homepage": null, - "owner": "steveeJ-forks", - "repo": "nixpkgs", - "rev": "11f978d53355759a47d60d688709921f2e0fb158", - "sha256": "03mdx63gjynj297b55wkjcnaicsm8n2chgpp2v80sx8ixgllmxiw", - "type": "tarball", - "url": "https://github.com/steveeJ-forks/nixpkgs/archive/11f978d53355759a47d60d688709921f2e0fb158.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" } } diff --git a/nix/tests/buildvmwithbootloader/result b/nix/tests/buildvmwithbootloader/result deleted file mode 120000 index a5fdbfc..0000000 --- a/nix/tests/buildvmwithbootloader/result +++ /dev/null @@ -1 +0,0 @@ -/nix/store/xh6p394kh1bncmc3lr6l9fb81284ckhf-nixos-vm \ No newline at end of file