steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

chore: format with alejandra

Browse source
This commit is contained in:
steveej 2023-02-07 18:24:28 +01:00
parent 05f0cbdfb4
commit 89f5f65f2d
181 changed files with 2720 additions and 2560 deletions
Download patch file Download diff file Expand all files Collapse all files

1
_archive/environments/dev/cross.nix
View file

@ -87,3 +87,4 @@ import /home/steveej/src/github/NixOS/nixpkgs/default.nix {
# };
# };
# };

41
_archive/environments/dev/go/default.nix
View file

@ -1,6 +1,11 @@
{ gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }, pkgs ? gitpkgs
, name ? "generic", version, extraBuildInputs ? [ ], extraShellHook ? "" }:
let
{
gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {},
pkgs ? gitpkgs,
name ? "generic",
version,
extraBuildInputs ? [],
extraShellHook ? "",
}: let
go = builtins.getAttr "go_${version}" pkgs;
commonVimRC = ''
let g:tagbar_type_go = {
@ -66,19 +71,19 @@ let
# ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } )
# ( import ./neovim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } )
];
in
pkgs.stdenv.mkDerivation {
inherit name;
buildInputs = extraBuildInputs ++ buildInputs;
shellHook = ''
goname=${go.version}_$name
# FIXME: setPS1 $goname
export GOROOT=${go}/share/go
export GOPATH="$HOME/.gopath_$goname"
export PATH="$HOME/.gopath_$goname/bin:$PATH"
unset name
unset SSL_CERT_FILE
in pkgs.stdenv.mkDerivation {
inherit name;
buildInputs = extraBuildInputs ++ buildInputs;
shellHook = ''
goname=${go.version}_$name
# FIXME: setPS1 $goname
export GOROOT=${go}/share/go
export GOPATH="$HOME/.gopath_$goname"
export PATH="$HOME/.gopath_$goname/bin:$PATH"
unset name
unset SSL_CERT_FILE
${extraShellHook}
'';
}
${extraShellHook}
'';
}

23
_archive/environments/dev/go/neovim-go.nix
View file

@ -1,11 +1,12 @@
{ commonRC, ... }@args:
(import ../../pkg-configuration/vim-derivates/neovim.nix args // {
additionalRC = commonRC + ''
" deoplete {
let g:deoplete#enable_at_startup = 1
let g:deoplete#enable_smart_case = 1
" }
'';
additionalPlugins = [ "deoplete-go" "deoplete-nvim" "vim-go" ];
})
{commonRC, ...} @ args: (import ../../pkg-configuration/vim-derivates/neovim.nix args
// {
additionalRC =
commonRC
+ ''
" deoplete {
let g:deoplete#enable_at_startup = 1
let g:deoplete#enable_smart_case = 1
" }
'';
additionalPlugins = ["deoplete-go" "deoplete-nvim" "vim-go"];
})

55
_archive/environments/dev/pandoc.nix
View file

@ -1,24 +1,31 @@
{ gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }, pkgs ? gitpkgs
, name ? "generic", version ? "Stable", extraBuildInputs ? [ ] }:
let commonVimRC = "";
in pkgs.stdenv.mkDerivation {
inherit name;
buildInputs = with pkgs;
[
(import ./vim-pandoc.nix {
pkgs = gitpkgs;
commonRC = commonVimRC;
})
pandoc
texlive.combined.scheme-medium
python27Packages.pandocfilters
python27Packages.htmltreediff
python27Packages.html5lib
python27Packages.dbus-python
] ++ extraBuildInputs;
shellHook = ''
pandocname=pandoc_${pkgs.pandoc.version}
setPS1 $pandocname
unset name
'';
}
{
gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {},
pkgs ? gitpkgs,
name ? "generic",
version ? "Stable",
extraBuildInputs ? [],
}: let
commonVimRC = "";
in
pkgs.stdenv.mkDerivation {
inherit name;
buildInputs = with pkgs;
[
(import ./vim-pandoc.nix {
pkgs = gitpkgs;
commonRC = commonVimRC;
})
pandoc
texlive.combined.scheme-medium
python27Packages.pandocfilters
python27Packages.htmltreediff
python27Packages.html5lib
python27Packages.dbus-python
]
++ extraBuildInputs;
shellHook = ''
pandocname=pandoc_${pkgs.pandoc.version}
setPS1 $pandocname
unset name
'';
}

8
_archive/environments/dev/rkt.nix
View file

@ -1,6 +1,8 @@
{ pkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }
, mkGoEnv ? import ./go.nix, rktPath, }:
let
{
pkgs ? import /home/steveej/src/github/NixOS/nixpkgs {},
mkGoEnv ? import ./go.nix,
rktPath,
}: let
rktBasebuildInputs = with pkgs; [
glibc.out
glibc.static

52
_archive/environments/dev/rust/default.nix
View file

@ -1,29 +1,39 @@
{ gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs { }, pkgs ? gitpkgs
, name ? "generic", version ? "Stable", extraBuildInputs ? [ ] }:
let
{
gitpkgs ? import /home/steveej/src/github/NixOS/nixpkgs {},
pkgs ? gitpkgs,
name ? "generic",
version ? "Stable",
extraBuildInputs ? [],
}: let
rustPackages = builtins.getAttr "rust${version}" pkgs;
rustc = rustPackages.rustc;
rustShellHook = { rustc, name }: ''
rustShellHook = {
rustc,
name,
}: ''
rustname=rust_${rustc.version}_${name}
setPS1 $rustname
unset name
'';
commonVimRC = "";
in pkgs.stdenv.mkDerivation {
inherit name;
buildInputs = with rustPackages;
[
(import ./vim-rust.nix {
pkgs = gitpkgs;
commonRC = commonVimRC;
inherit rustc;
racerd = pkgs.rustracerd;
})
rustc
cargo
] ++ [ pkgs.rustfmt ] ++ extraBuildInputs;
shellHook = (rustShellHook) {
in
pkgs.stdenv.mkDerivation {
inherit name;
inherit rustc;
};
}
buildInputs = with rustPackages;
[
(import ./vim-rust.nix {
pkgs = gitpkgs;
commonRC = commonVimRC;
inherit rustc;
racerd = pkgs.rustracerd;
})
rustc
cargo
]
++ [pkgs.rustfmt]
++ extraBuildInputs;
shellHook = rustShellHook {
inherit name;
inherit rustc;
};
}

36
_archive/environments/dev/vim-go.nix
View file

@ -1,17 +1,19 @@
{ commonRC, ... }@args:
import ../../pkg-configuration/vim-derivates/vim.nix (args // {
name = "vim-for-go";
additionalRC = commonRC + ''
" Disable AutoComplPop.
let g:acp_enableAtStartup = 0
" Use neocomplete.
let g:neocomplete#enable_at_startup = 1
" Use smartcase.
let g:neocomplete#enable_smart_case = 1
if !exists('g:neocomplete#sources#omni#input_patterns')
let g:neocomplete#sources#omni#input_patterns = {}
endif
'';
additionalPlugins = [ "neocomplete" "vim-go" ];
})
{commonRC, ...} @ args:
import ../../pkg-configuration/vim-derivates/vim.nix (args
// {
name = "vim-for-go";
additionalRC =
commonRC
+ ''
" Disable AutoComplPop.
let g:acp_enableAtStartup = 0
" Use neocomplete.
let g:neocomplete#enable_at_startup = 1
" Use smartcase.
let g:neocomplete#enable_smart_case = 1
if !exists('g:neocomplete#sources#omni#input_patterns')
let g:neocomplete#sources#omni#input_patterns = {}
endif
'';
additionalPlugins = ["neocomplete" "vim-go"];
})

32
_archive/environments/dev/vim-pandoc.nix
View file

@ -1,16 +1,18 @@
{ commonRC, ... }@args:
{commonRC, ...} @ args:
import ../../pkg-configuration/vim-derivates/vim.nix (args
// {
name = "vim-for-pandoc";
additionalRC =
commonRC
+ ''
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
import ../../pkg-configuration/vim-derivates/vim.nix (args // {
name = "vim-for-pandoc";
additionalRC = commonRC + ''
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
'';
additionalPlugins = [ "vim-pandoc" "vim-pandoc-syntax" "vimpreviewpandoc" ];
})
let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
'';
additionalPlugins = ["vim-pandoc" "vim-pandoc-syntax" "vimpreviewpandoc"];
})

77
_archive/environments/dev/vim-rust.nix
View file

@ -1,41 +1,48 @@
{ commonRC, rustc, racerd, ... }@args:
{
commonRC,
rustc,
racerd,
...
} @ args:
import ../../pkg-configuration/vim-derivates/vim.nix (args
// {
name = "vim-for-rust";
additionalRC =
commonRC
+ ''
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
import ../../pkg-configuration/vim-derivates/vim.nix (args // {
name = "vim-for-rust";
additionalRC = commonRC + ''
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
" tagbar
let g:tagbar_type_rust = {
\ 'ctagstype' : 'rust',
\ 'kinds' : [
\'T:types,type definitions',
\'f:functions,function definitions',
\'g:enum,enumeration names',
\'s:structure names',
\'m:modules,module names',
\'c:consts,static constants',
\'t:traits,traits',
\'i:impls,trait implementations',
\]
\}
" tagbar
let g:tagbar_type_rust = {
\ 'ctagstype' : 'rust',
\ 'kinds' : [
\'T:types,type definitions',
\'f:functions,function definitions',
\'g:enum,enumeration names',
\'s:structure names',
\'m:modules,module names',
\'c:consts,static constants',
\'t:traits,traits',
\'i:impls,trait implementations',
\]
\}
let g:syntastic_rust_checkers = ["rustc"]
let g:syntastic_rust_checkers = ["rustc"]
"rustfmt
let g:rustfmt_autosave = 1
"rustfmt
let g:rustfmt_autosave = 1
let g:ycm_auto_trigger = 1
let g:ycm_rust_src_path = '${rustc.src}/src'
let g:ycm_racerd_binary_path = '${racerd.out}/bin/racerd'
let g:ycm_auto_trigger = 1
let g:ycm_rust_src_path = '${rustc.src}/src'
let g:ycm_racerd_binary_path = '${racerd.out}/bin/racerd'
'';
additionalPlugins = [ "rust-vim" ];
})
'';
additionalPlugins = ["rust-vim"];
})

73
_archive/environments/fhs/android.nix
View file

@ -1,43 +1,42 @@
{ pkgs ? import <nixpkgs> { } }:
{pkgs ? import <nixpkgs> {}}:
(pkgs.buildFHSUserEnv {
name = "devfhs";
multiPkgs = pkgs:
(with pkgs; [
android-udev-rules
sudo
gawk
bzip2
file
gcc
getopt
git
gnumake
ncurses
openssl
patch
perl
pkgconfig
python
openssh
subversion
unzip
wget
which
vim
zlib
libusb
libusb1
systemd
strace
swt
xorg.libXtst
glib
gtk2
gnome.gtk
]);
multiPkgs = pkgs: (with pkgs; [
android-udev-rules
sudo
gawk
bzip2
file
gcc
getopt
git
gnumake
ncurses
openssl
patch
perl
pkgconfig
python
openssh
subversion
unzip
wget
which
vim
zlib
libusb
libusb1
systemd
strace
swt
xorg.libXtst
glib
gtk2
gnome.gtk
]);
profile = ''
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/lib:/lib64:/lib32:/usr/lib32:/usr/lib64:${pkgs.xorg.libXtst}/lib:${pkgs.glib}/lib:${pkgs.gtk2}/lib
'';
runScript = "bash";
}).env
})
.env

55
_archive/environments/fhs/vscode.nix
View file

@ -1,37 +1,36 @@
{ pkgs ? import <nixpkgs> { } }:
{pkgs ? import <nixpkgs> {}}:
(pkgs.buildFHSUserEnv {
name = "everydayFHS";
targetPkgs = pkgs:
(with pkgs; [
which
gitFull
zsh
file
direnv
targetPkgs = pkgs: (with pkgs; [
which
gitFull
zsh
file
direnv
xdg_utils
xsel
xdg_utils
xsel
vscode
vscode
# vscode live share
gnome3.gcr
libgnome_keyring3
liburcu
libunwind
lttng-ust
curl
openssl
libkrb5
libuuid
icu
zlib
libsecret
]);
multiPkgs = pkgs: (with pkgs; [ ]);
# vscode live share
gnome3.gcr
libgnome_keyring3
liburcu
libunwind
lttng-ust
curl
openssl
libkrb5
libuuid
icu
zlib
libsecret
]);
multiPkgs = pkgs: (with pkgs; []);
profile = ''
export SHELL=/bin/zsh
'';
# FIXME runScript = "$SHELL";
}).env
})
.env

6
_archive/nixos-configuration/common/pkg/neovim.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }@args:
{
config,
pkgs,
...
} @ args: {
environment.systemPackages = [
pkgs.xsel
(import ../../../pkg-configuration/vim-derivates/neovim.nix args)

6
_archive/nixos-configuration/common/pkg/vim.nix
View file

@ -1,9 +1,7 @@
{ pkgs, ... }@args:
{
{pkgs, ...} @ args: {
environment.systemPackages = [
pkgs.xsel
(import ../../../pkg-configuration/vim-derivates/vim.nix
(args // { name = "vim"; }))
(args // {name = "vim";}))
];
}

8
_archive/nixos-configuration/common/user/steveej.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../passwords.crypt.nix;
keys = import ../keys.nix;
inherit (import ../lib) mkUser;

7
default.nix
View file

@ -4,10 +4,7 @@
# Having pkgs default to <nixpkgs> is fine though, and it lets you use short
# commands such as:
# nix-build -A mypackage
{ pkgs ? import <nixpkgs> { } }:
{
{pkgs ? import <nixpkgs> {}}: {
overlays = import ./nix/overlays;
pkgs = import ./nix/pkgs { inherit pkgs; };
pkgs = import ./nix/pkgs {inherit pkgs;};
}

83
nix/container-images/default.nix
View file

@ -1,9 +1,6 @@
{ pkgs ? import <nixpkgs> { } }:
let baseEnv = [ "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
{pkgs ? import <nixpkgs> {}}: let
baseEnv = ["SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
in rec {
base = pkgs.dockerTools.buildImage rec {
name = "base";
@ -24,9 +21,9 @@ in rec {
interactive_base = pkgs.dockerTools.buildImage {
name = "interactive_base";
fromImage = base;
contents = with pkgs; [ procps zsh coreutils neovim ];
contents = with pkgs; [procps zsh coreutils neovim];
config = { Cmd = [ "/bin/zsh" ]; };
config = {Cmd = ["/bin/zsh"];};
};
s3ql = let
@ -72,35 +69,38 @@ in rec {
# FIXME: touch .isbucket after mount
'';
in pkgs.dockerTools.buildImage {
name = "s3ql";
fromImage = interactive_base;
contents = [ pkgs.s3ql pkgs.fuse ];
in
pkgs.dockerTools.buildImage {
name = "s3ql";
fromImage = interactive_base;
contents = [pkgs.s3ql pkgs.fuse];
runAsRoot = ''
#!${pkgs.stdenv.shell}
mkdir -p /usr/bin
cp -a ${pkgs.fuse}/bin/fusermount /usr/bin
chmod +s /usr/bin/fusermount
echo user_allow_other >> /etc/fuse.conf
'';
runAsRoot = ''
#!${pkgs.stdenv.shell}
mkdir -p /usr/bin
cp -a ${pkgs.fuse}/bin/fusermount /usr/bin
chmod +s /usr/bin/fusermount
echo user_allow_other >> /etc/fuse.conf
'';
config = {
Env = baseEnv ++ [
"HOME=/home/s3ql"
"S3QL_CACHE_DIR=/var/cache/s3ql"
"S3QL_AUTHINFO2=/etc/s3ql/authinfo2"
"CONTAINER_ENTRYPOINT=${entrypoint}"
];
Cmd = [ entrypoint ];
Volumes = {
"/var/cache/s3ql" = { };
"/etc/s3ql/authinfo2" = { };
"/buckets" = { };
"/tmp" = { };
config = {
Env =
baseEnv
++ [
"HOME=/home/s3ql"
"S3QL_CACHE_DIR=/var/cache/s3ql"
"S3QL_AUTHINFO2=/etc/s3ql/authinfo2"
"CONTAINER_ENTRYPOINT=${entrypoint}"
];
Cmd = [entrypoint];
Volumes = {
"/var/cache/s3ql" = {};
"/etc/s3ql/authinfo2" = {};
"/buckets" = {};
"/tmp" = {};
};
};
};
};
syncthing = let
entrypoint = pkgs.writeScript "entrypoint" ''
@ -125,15 +125,16 @@ in rec {
-gui-address=$SYNCTHING_GUI_ADDRESS \
-no-browser
'';
in pkgs.dockerTools.buildImage {
name = "syncthing";
fromImage = interactive_base;
contents = pkgs.syncthing;
in
pkgs.dockerTools.buildImage {
name = "syncthing";
fromImage = interactive_base;
contents = pkgs.syncthing;
config = {
Env = baseEnv ++ [ "SYNCTHING_HOME=/home/syncthing" ];
Cmd = [ entrypoint ];
Volumes = { "/data" = { }; };
config = {
Env = baseEnv ++ ["SYNCTHING_HOME=/home/syncthing"];
Cmd = [entrypoint];
Volumes = {"/data" = {};};
};
};
};
}

33
nix/default.nix
View file

@ -1,23 +1,24 @@
{ versionsPath }:
let
channelVersions = (import versionsPath);
mkChannelSource = name:
let channelVersion = builtins.getAttr name channelVersions;
in builtins.fetchGit {
{versionsPath}: let
channelVersions = import versionsPath;
mkChannelSource = name: let
channelVersion = builtins.getAttr name channelVersions;
in
builtins.fetchGit {
# Descriptive name to make the store path easier to identify
inherit name;
inherit (channelVersion) url ref rev;
};
nixPath = builtins.concatStringsSep ":" (builtins.map (elemName:
let
elem = builtins.getAttr elemName channelVersions;
elemPath = (mkChannelSource elemName);
suffix = if builtins.hasAttr "suffix" elem then elem.suffix else "";
in builtins.concatStringsSep "=" [ elemName elemPath ] + suffix)
(builtins.attrNames channelVersions));
pkgs = import (mkChannelSource "nixpkgs") { };
nixPath = builtins.concatStringsSep ":" (builtins.map (elemName: let
elem = builtins.getAttr elemName channelVersions;
elemPath = mkChannelSource elemName;
suffix =
if builtins.hasAttr "suffix" elem
then elem.suffix
else "";
in
builtins.concatStringsSep "=" [elemName elemPath] + suffix)
(builtins.attrNames channelVersions));
pkgs = import (mkChannelSource "nixpkgs") {};
in {
inherit nixPath;
channelSources = pkgs.writeText "channels.rc" ''

524
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -1,289 +1,305 @@
{ pkgs }:
{pkgs}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
# gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
unstablepkgs =
import <channels-nixos-unstable-small> {config = config.nixpkgs.config;};
masterpkgs = import <nixpkgs-master> {config = config.nixpkgs.config;};
in {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
../profiles/dotfiles.nix
../programs/firefox.nix
../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
../programs/podman.nix
../programs/vscode
../programs/holochain-launcher.nix
../programs/radicale.nix
];
let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
};
in { pkgs, config, ... }:
let
# gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
unstablepkgs =
import <channels-nixos-unstable-small> { config = config.nixpkgs.config; };
masterpkgs = import <nixpkgs-master> { config = config.nixpkgs.config; };
in {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
../profiles/dotfiles.nix
../programs/firefox.nix
../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
../programs/podman.nix
../programs/vscode
../programs/holochain-launcher.nix
../programs/radicale.nix
];
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
packageOverrides = pkgs: with pkgs; {};
};
packageOverrides = pkgs: with pkgs; { };
};
home.sessionVariables = {
# TODO: find a way to prevent using a store path for the current file
# HM_CONFIG_PATH=builtins.toString "${./.}";
HM_CONFIG = "graphical-fullblown";
home.sessionVariables = {
# TODO: find a way to prevent using a store path for the current file
# HM_CONFIG_PATH=builtins.toString "${./.}";
HM_CONFIG = "graphical-fullblown";
GOPATH = "$HOME/src/go";
GOPATH = "$HOME/src/go";
PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"];
};
PATH = pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" "$PATH" ];
};
home.packages =
[]
++ (with pkgs; [
# Authentication
cacert
fprintd
openssl
mkpasswd
home.packages = [ ] ++ (with pkgs; [
# Authentication
cacert
fprintd
openssl
mkpasswd
# Nix package related tools
patchelf
nix-index
nox
nix-prefetch-scripts
nix-prefetch-github
# Nix package related tools
patchelf
nix-index
nox
nix-prefetch-scripts
nix-prefetch-github
# Version Control Systems
pijul
gitless
gitRepo
git-lfs
# Version Control Systems
pijul
gitless
gitRepo
git-lfs
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Password Management
gnupg
yubikey-manager
yubikey-manager-qt
yubikey-personalization
yubikey-personalization-gui
gnome.gnome-keyring
gnome.seahorse
# Password Management
gnupg
yubikey-manager
yubikey-manager-qt
yubikey-personalization
yubikey-personalization-gui
gnome.gnome-keyring
gnome.seahorse
# Language Support
hunspellDicts.en-us
hunspellDicts.de-de
# Language Support
hunspellDicts.en-us
hunspellDicts.de-de
# Messaging/Communication
signal-desktop
pidgin
hexchat
aspellDicts.en
aspellDicts.de
skypeforlinux
unstablepkgs.jitsi-meet-electron
unstablepkgs.zoom-us
thunderbird
evolution # gnome4.glib_networking
kotatogram-desktop
gnome.cheese
masterpkgs.discord
# Messaging/Communication
signal-desktop
pidgin
hexchat
aspellDicts.en
aspellDicts.de
skypeforlinux
unstablepkgs.jitsi-meet-electron
unstablepkgs.zoom-us
thunderbird
evolution # gnome4.glib_networking
kotatogram-desktop
gnome.cheese
masterpkgs.discord
# Virtualization
virtmanager
# (pkgs.lib.hiPrio qemu)
# virtualbox
# vagrant
# docker_compose
# unstablepkgs.kubernetes
# unstablepkgs.minikube
# unstablepkgs.openshift
# (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
# patches = oldAttrs.patches ++ [
# (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
# ];
# }))
appimage-run
# Virtualization
virtmanager
# (pkgs.lib.hiPrio qemu)
# virtualbox
# vagrant
# docker_compose
# unstablepkgs.kubernetes
# unstablepkgs.minikube
# unstablepkgs.openshift
# (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
# patches = oldAttrs.patches ++ [
# (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
# ];
# }))
appimage-run
# Remote Control Tools
remmina
freerdp
teamviewer
rustdesk
# Remote Control Tools
remmina
freerdp
teamviewer
rustdesk
# Audio/Video Players
ffmpeg
vlc
audacity
spotify
youtube-dl-light
libwebcam
# Audio/Video Players
ffmpeg
vlc
audacity
spotify
youtube-dl-light
libwebcam
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# 2019-03-05: broken on 19.03 linssid
iptraf-ng
ipmitool
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# 2019-03-05: broken on 19.03 linssid
iptraf-ng
ipmitool
# samba
iptables
nftables
wireshark
# samba
iptables
nftables
wireshark
# Code Editors
# unstablepkgs.atom
xclip
xsel
# Code Editors
# unstablepkgs.atom
xclip
xsel
# Image/Graphic/Design Tools
gnome.eog
gimp
imagemagick
exiv2
graphviz
inkscape
# barcode
qrencode
zbar
feh
# digikam
# Image/Graphic/Design Tools
gnome.eog
gimp
imagemagick
exiv2
graphviz
inkscape
# barcode
qrencode
zbar
feh
# digikam
# Modelling Tools
# plantuml
# umlet
# staruml
# eclipses.eclipse-modeling
# dia
# astah-community
# Modelling Tools
# plantuml
# umlet
# staruml
# eclipses.eclipse-modeling
# dia
# astah-community
# Misc Development Tools
qrcode
# travis
jq
# prometheus
cdrtools
# Misc Development Tools
qrcode
# travis
jq
# prometheus
cdrtools
# Document Processing and Management
# zathura
mendeley
# zotero
pandoc
unstablepkgs.logseq
# Document Processing and Management
# zathura
mendeley
# zotero
pandoc
unstablepkgs.logseq
# has an EOL version of electron
# obsidian
# has an EOL version of electron
# obsidian
# LaTeX
perlPackages.YAMLTiny
perlPackages.FileHomeDir
perlPackages.UnicodeLineBreak
(texlive.combine {
inherit
(texlive)
scheme-small
texlive-de
texlive-en
texlive-scripts
collection-langgerman
latexindent
latexmk
algorithms
cm-super
preprint
enumitem
draftwatermark
everypage
ulem
placeins
minted
ifplatform
fvextra
xstring
framed
;
})
# LaTeX
perlPackages.YAMLTiny
perlPackages.FileHomeDir
perlPackages.UnicodeLineBreak
(texlive.combine {
inherit (texlive)
scheme-small texlive-de texlive-en texlive-scripts collection-langgerman
pdftk
# broken as of 2021-04-24
# masterpdfeditor
latexindent latexmk
# File Synchronzation
# seafile-client
# grive2
dropbox
rsync
algorithms cm-super
# Filesystem Tools
ntfs3g
ddrescue
ncdu
woeusb
unetbootin
pcmanfm
hdparm
testdisk
binwalk
gptfdisk
gparted
smartmontools
preprint enumitem draftwatermark everypage ulem placeins minted
ifplatform fvextra xstring framed;
})
## Android
androidenv.androidPkgs_9_0.platform-tools
pdftk
# broken as of 2021-04-24
# masterpdfeditor
## Python
myPython
# File Synchronzation
# seafile-client
# grive2
dropbox
rsync
# Code generators
# unstablepkgs.swagger-codegen
# Filesystem Tools
ntfs3g
ddrescue
ncdu
woeusb
unetbootin
pcmanfm
hdparm
testdisk
binwalk
gptfdisk
gparted
smartmontools
# Misc Desktop Tools
# TODO: this may be required if brightness control isn't working
# brightnessctl
ltunify
# solaar # TODO: conflicts with solar over udev rules
dex
# kitty
busyboxStatic
xorg.xbacklight
coreutils
lsof
x11_ssh_askpass
xdotool
xdg_utils
xdg-user-dirs
dconf
picocom
glib.dev # contains gdbus tool
alacritty
unstablepkgs.wally-cli
man-pages
## Android
androidenv.androidPkgs_9_0.platform-tools
# Screen recording
# gtk-recordmydesktop # can't select the window
# qt-recordmydesktop
# vokoscreen
# shutter
# kazam # doesn't start
# xvidcap # doesn't keep the recording rectangle
obs-studio
screenkey
# shotcut
# openshot-qt
## Python
myPython
# Code generators
# unstablepkgs.swagger-codegen
# Misc Desktop Tools
# TODO: this may be required if brightness control isn't working
# brightnessctl
ltunify
# solaar # TODO: conflicts with solar over udev rules
dex
# kitty
busyboxStatic
xorg.xbacklight
coreutils
lsof
x11_ssh_askpass
xdotool
xdg_utils
xdg-user-dirs
dconf
picocom
glib.dev # contains gdbus tool
alacritty
unstablepkgs.wally-cli
man-pages
# Screen recording
# gtk-recordmydesktop # can't select the window
# qt-recordmydesktop
# vokoscreen
# shutter
# kazam # doesn't start
# xvidcap # doesn't keep the recording rectangle
obs-studio
screenkey
# shotcut
# openshot-qt
unstablepkgs.ledger-live-desktop
]);
}
unstablepkgs.ledger-live-desktop
]);
}

204
nix/home-manager/configuration/graphical-gnome3.nix
View file

@ -1,122 +1,124 @@
{ pkgs }:
{pkgs}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
unstablepkgs =
import <channels-nixos-unstable> {config = config.nixpkgs.config;};
in {
imports = [
../profiles/common.nix
../programs/firefox.nix
# ../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
];
let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
};
in { pkgs, config, ... }:
let
unstablepkgs =
import <channels-nixos-unstable> { config = config.nixpkgs.config; };
in {
imports = [
../profiles/common.nix
../programs/firefox.nix
# ../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
];
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
packageOverrides = pkgs: with pkgs; {};
};
packageOverrides = pkgs: with pkgs; { };
};
home.sessionVariables = {};
home.sessionVariables = { };
home.packages =
[]
++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
nix-prefetch-scripts
home.packages = [ ] ++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
nix-prefetch-scripts
# Version Control Systems
gitless
# Version Control Systems
gitless
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Password Management
gnome.gnome-keyring
gnome.seahorse
# Password Management
gnome.gnome-keyring
gnome.seahorse
# Remote Control Tools
remmina
freerdp
# Remote Control Tools
remmina
freerdp
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# samba
iptables
nftables
wireshark
# samba
iptables
nftables
wireshark
# Code Editors
xclip
xsel
unstablepkgs.vscode
# Code Editors
xclip
xsel
unstablepkgs.vscode
# Image/Graphic/Design Tools
gnome.eog
gimp
inkscape
# Image/Graphic/Design Tools
gnome.eog
gimp
inkscape
# Misc Development Tools
qrcode
jq
cdrtools
# Misc Development Tools
qrcode
jq
cdrtools
# Document Processing and Management
zathura
# Document Processing and Management
zathura
# File Synchronzation
rsync
# File Synchronzation
rsync
# Filesystem Tools
ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
python38Packages.binwalk
gptfdisk
# Filesystem Tools
ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
python38Packages.binwalk
gptfdisk
## Python
myPython
## Python
myPython
busyboxStatic
busyboxStatic
# Virtualization
virtmanager
]);
}
# Virtualization
virtmanager
]);
}

208
nix/home-manager/configuration/graphical-removable.nix
View file

@ -1,124 +1,126 @@
{ pkgs }:
{pkgs}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
unstablepkgs =
import <channels-nixos-unstable> {config = config.nixpkgs.config;};
in {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
../profiles/dotfiles.nix
../programs/firefox.nix
../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
];
let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
};
in { pkgs, config, ... }:
let
unstablepkgs =
import <channels-nixos-unstable> { config = config.nixpkgs.config; };
in {
imports = [
../profiles/common.nix
../profiles/qtile-desktop.nix
../profiles/dotfiles.nix
../programs/firefox.nix
../programs/chromium.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
../programs/libreoffice.nix
../programs/neovim.nix
../programs/pass.nix
zshCurried
];
nixpkgs.config = {
pidgin = {
openssl = true;
gnutls = true;
packageOverrides = pkgs: with pkgs; {};
};
packageOverrides = pkgs: with pkgs; { };
};
home.sessionVariables = {};
home.sessionVariables = { };
home.packages =
[]
++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
nix-prefetch-scripts
home.packages = [ ] ++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
nix-prefetch-scripts
# Version Control Systems
gitless
# Version Control Systems
gitless
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Password Management
gnome.gnome-keyring
gnome.seahorse
# Password Management
gnome.gnome-keyring
gnome.seahorse
# Remote Control Tools
remmina
freerdp
# Remote Control Tools
remmina
freerdp
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# samba
iptables
nftables
wireshark
# samba
iptables
nftables
wireshark
# Code Editors
xclip
xsel
unstablepkgs.vscode
# Code Editors
xclip
xsel
unstablepkgs.vscode
# Image/Graphic/Design Tools
gnome.eog
gimp
inkscape
# Image/Graphic/Design Tools
gnome.eog
gimp
inkscape
# Misc Development Tools
qrcode
jq
cdrtools
# Misc Development Tools
qrcode
jq
cdrtools
# Document Processing and Management
zathura
# Document Processing and Management
zathura
# File Synchronzation
rsync
# File Synchronzation
rsync
# Filesystem Tools
ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
binwalk
gptfdisk
# Filesystem Tools
ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
binwalk
gptfdisk
## Python
myPython
## Python
myPython
busyboxStatic
busyboxStatic
# Virtualization
virtmanager
]);
}
# Virtualization
virtmanager
]);
}

44
nix/home-manager/configuration/text-minimal.nix
View file

@ -1,23 +1,27 @@
{ pkgs, extraPackages ? [ ] }:
{
pkgs,
extraPackages ? [],
}: let
zshCurried = import ../programs/zsh.nix {inherit pkgs;};
in
{
pkgs,
config,
...
}: let
in {
imports = [
../profiles/common.nix
# ../profiles/nix-channels.nix
../programs/neovim.nix
zshCurried
];
let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
nixpkgs.config = {packageOverrides = pkgs: with pkgs; {};};
in { pkgs, config, ... }:
home.sessionVariables = {};
let
in {
imports = [
../profiles/common.nix
# ../profiles/nix-channels.nix
../programs/neovim.nix
zshCurried
];
nixpkgs.config = { packageOverrides = pkgs: with pkgs; { }; };
home.sessionVariables = { };
home.packages = extraPackages
++ (with pkgs; [ iperf3 inetutils speedtest-cli ]);
}
home.packages =
extraPackages
++ (with pkgs; [iperf3 inetutils speedtest-cli]);
}

15
nix/home-manager/lib.nix
View file

@ -1,17 +1,14 @@
{ }:
let
{}: let
in {
mkSimpleTrayService = { execStart }: {
mkSimpleTrayService = {execStart}: {
Unit = {
Description = "pasystray applet";
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
After = ["graphical-session-pre.target"];
PartOf = ["graphical-session.target"];
};
Install = { WantedBy = [ "graphical-session.target" ]; };
Install = {WantedBy = ["graphical-session.target"];};
Service = { ExecStart = execStart; };
Service = {ExecStart = execStart;};
};
}

30
nix/home-manager/profiles/common.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
in {
# TODO: re-enable this with the appropriate version
# programs.home-manager.enable = true;
@ -34,18 +32,20 @@ in {
programs.command-not-found.enable = true;
programs.fzf.enable = true;
home.packages = [ ] ++ (with pkgs; [
# git helpers
git-crypt
home.packages =
[]
++ (with pkgs; [
# git helpers
git-crypt
vcsh
# Authentication
cacert
openssl
mkpasswd
vcsh
# Authentication
cacert
openssl
mkpasswd
just
ripgrep
du-dust
]);
just
ripgrep
du-dust
]);
}

10
nix/home-manager/profiles/dotfiles.nix
View file

@ -1,7 +1,9 @@
{ pkgs, config, ... }:
let vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix { };
{
pkgs,
config,
...
}: let
vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix {};
in {
# TODO: fix the dotfiles
# home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] ''

71
nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix
View file

@ -1,36 +1,39 @@
{ pkgs, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git"
, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git", ... }:
{
pkgs,
repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git",
repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git",
...
}: let
repoBareLocal =
pkgs.runCommand "fetchbare" {
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = "0000000000000000000000000000000000000000000000000000";
} ''
(
set -xe
export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
${pkgs.git}/bin/git clone --mirror ${repoHttps} $out
)
'';
in
pkgs.writeScript "activation-script" ''
export HOST=$(hostname -s)
let
repoBareLocal = pkgs.runCommand "fetchbare" {
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = "0000000000000000000000000000000000000000000000000000";
} ''
(
set -xe
export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
${pkgs.git}/bin/git clone --mirror ${repoHttps} $out
)
'';
function set_remotes {
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2
}
in pkgs.writeScript "activation-script" ''
export HOST=$(hostname -s)
function set_remotes {
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2
}
if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then
echo Cloning dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles
set_remotes ${repoHttps} ${repoSsh}
else
set_remotes ${repoBareLocal} ${repoSsh}
echo Updating dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh pull $HOST || true
set_remotes ${repoHttps} ${repoSsh}
fi
''
if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then
echo Cloning dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles
set_remotes ${repoHttps} ${repoSsh}
else
set_remotes ${repoBareLocal} ${repoSsh}
echo Updating dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh pull $HOST || true
set_remotes ${repoHttps} ${repoSsh}
fi
''

45
nix/home-manager/profiles/nix-channels.nix
View file

@ -1,27 +1,28 @@
{ pkgs, config, ... }:
let
{
pkgs,
config,
...
}: let
in {
home.file.".nix-channels".text = "";
home.activation.removeExistingNixChannels =
config.lib.dag.entryBefore [ "checkLinkTargets" ] ''
$DRY_RUN_CMD ${
pkgs.writeScript "activation-script" ''
set -ex
if test -f $HOME/.nix-channels; then
echo Uninstalling available channels...
if test -f $HOME/.nix-channel; then
while read url channel; do
nix-channel --remove $channel
done < $HOME/.nix-channel
fi
echo Moving existing file away...
touch $HOME/.nix-channels.dummy
mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels
rm $HOME/.nix-channels
home.activation.removeExistingNixChannels = config.lib.dag.entryBefore ["checkLinkTargets"] ''
$DRY_RUN_CMD ${
pkgs.writeScript "activation-script" ''
set -ex
if test -f $HOME/.nix-channels; then
echo Uninstalling available channels...
if test -f $HOME/.nix-channel; then
while read url channel; do
nix-channel --remove $channel
done < $HOME/.nix-channel
fi
''
};
'';
echo Moving existing file away...
touch $HOME/.nix-channels.dummy
mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels
rm $HOME/.nix-channels
fi
''
};
'';
}

75
nix/home-manager/profiles/qtile-desktop.nix
View file

@ -1,12 +1,10 @@
{ pkgs, ... }:
let
inherit (import ../lib.nix { }) mkSimpleTrayService;
{pkgs, ...}: let
inherit (import ../lib.nix {}) mkSimpleTrayService;
audio = pkgs.writeShellScript "audio" ''
export PATH=${
with pkgs;
lib.makeBinPath [ pulseaudio findutils gnugrep ]
lib.makeBinPath [pulseaudio findutils gnugrep]
}:$PATH
export MUTEFILE=''${TEMPDIR:-/tmp}/.qtilemute
@ -31,7 +29,7 @@ let
terminalCommand = "${pkgs.alacritty}/bin/alacritty";
dpmsScript = pkgs.writeShellScript "dpmsScript" ''
export PATH=${with pkgs; lib.makeBinPath [ xorg.xset ]}:$PATH
export PATH=${with pkgs; lib.makeBinPath [xorg.xset]}:$PATH
set -xe
@ -54,7 +52,7 @@ let
'';
screenLockCommand = pkgs.writeShellScript "screenLock" ''
export PATH=${with pkgs; lib.makeBinPath [ i3lock ]}:$PATH
export PATH=${with pkgs; lib.makeBinPath [i3lock]}:$PATH
revert() {
${dpmsScript} default
@ -249,11 +247,10 @@ let
def print_new_window(window):
print("new window: ", window)
'';
in {
systemd.user = {
startServices = true;
services = { };
services = {};
};
services = {
@ -304,40 +301,44 @@ in {
{
trigger = ":vpos";
replace = "{{output}}";
vars = [{
name = "output";
type = "script";
params = {
args = [
(pkgs.writeScript "espanso" ''
#! ${pkgs.python3}/bin/python
import subprocess, os, math, datetime
vars = [
{
name = "output";
type = "script";
params = {
args = [
(pkgs.writeScript "espanso" ''
#! ${pkgs.python3}/bin/python
import subprocess, os, math, datetime
id=str(os.getuid())
result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True)
result.check_returncode()
id=str(os.getuid())
result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True)
result.check_returncode()
position_secs = math.trunc(float(result.stdout))
position_human = datetime.timedelta(seconds=position_secs)
print("%s - %s" % (position_human, position_secs))
'')
];
};
}];
position_secs = math.trunc(float(result.stdout))
position_human = datetime.timedelta(seconds=position_secs)
print("%s - %s" % (position_human, position_secs))
'')
];
};
}
];
}
{
trigger = ":vtit";
replace = "{{output}}";
vars = [{
name = "output";
type = "script";
params = {
args = [
(pkgs.writeShellScript "espanso"
"${playerctl} metadata title")
];
};
}];
vars = [
{
name = "output";
type = "script";
params = {
args = [
(pkgs.writeShellScript "espanso"
"${playerctl} metadata title")
];
};
}
];
}
{
trigger = ":dunno";

11
nix/home-manager/programs/chromium.nix
View file

@ -1,9 +1,7 @@
{ ... }:
{...}: {
programs.chromium = {enable = true;};
{
programs.chromium = { enable = true; };
programs.brave = { enable = true; };
programs.brave = {enable = true;};
nixpkgs.config = {
chromium = {
@ -12,6 +10,5 @@
};
};
programs.browserpass = { browsers = [ "chromium" "brave" ]; };
programs.browserpass = {browsers = ["chromium" "brave"];};
}

16
nix/home-manager/programs/emacs.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
programs.emacs = {
enable = true;
extraPackages = epkgs:
@ -10,13 +8,15 @@
zerodark-theme # ; Nicolas' theme
undo-tree # ; <C-x u> to show the undo tree
# zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
]) ++ (with epkgs.melpaPackages; [ evil ]) ++ (with epkgs.elpaPackages; [
])
++ (with epkgs.melpaPackages; [evil])
++ (with epkgs.elpaPackages; [
auctex # ; LaTeX mode
beacon # ; highlight my cursor when scrolling
nameless # ; hide current package name everywhere in elisp code
]) ++ (with pkgs;
[
pkgs.notmuch # From main packages set
]);
])
++ (with pkgs; [
pkgs.notmuch # From main packages set
]);
};
}

12
nix/home-manager/programs/firefox.nix
View file

@ -1,14 +1,10 @@
{ pkgs, ... }:
{
programs.firefox = { enable = true; };
{pkgs, ...}: {
programs.firefox = {enable = true;};
programs.browserpass = {
enable = true;
browsers = [ "firefox" ];
browsers = ["firefox"];
};
home.file.".mozilla/native-messaging-hosts/passff.json".source =
"${pkgs.passff-host}/share/passff-host/passff.json";
home.file.".mozilla/native-messaging-hosts/passff.json".source = "${pkgs.passff-host}/share/passff-host/passff.json";
}

6
nix/home-manager/programs/holochain-launcher.nix
View file

@ -1,5 +1,3 @@
{ pkgs, ... }:
{
home.packages = [ pkgs.holochain-launcher ];
{pkgs, ...}: {
home.packages = [pkgs.holochain-launcher];
}

41
nix/home-manager/programs/homeshick.nix
View file

@ -1,31 +1,30 @@
{ pkgs, config, ... }:
let
{
pkgs,
config,
...
}: let
# TODO: clean up the impurity in here
in {
home.sessionVariables = { HOMESHICK_DIR = "${pkgs.homeshick}"; };
home.sessionVariables = {HOMESHICK_DIR = "${pkgs.homeshick}";};
home.activation.bootstrapRepos =
config.lib.dag.entryAfter [ "writeBoundary" ] ''
$DRY_RUN_CMD ${
pkgs.writeScript "activation-script" ''
set -e
echo home-manager path is ${config.home.path}
echo home is $HOME
home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] ''
$DRY_RUN_CMD ${
pkgs.writeScript "activation-script" ''
set -e
echo home-manager path is ${config.home.path}
echo home is $HOME
source ${pkgs.homeshick}/homeshick.sh
type homeshick
source ${pkgs.homeshick}/homeshick.sh
type homeshick
# echo Updating homeshick
# ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick
# mv -Tf "$HOMESICK_REPOS"/{.,}homeshick
''
};
'';
# echo Updating homeshick
# ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick
# mv -Tf "$HOMESICK_REPOS"/{.,}homeshick
''
};
'';
nixpkgs.config = {
packageOverrides = pkgs:
with pkgs; {
homeshick = builtins.fetchGit {

6
nix/home-manager/programs/libreoffice.nix
View file

@ -1,10 +1,8 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home.sessionVariables = {
# Workaround for Libreoffice to force gtk3
SAL_USE_VCLPLUGIN = "gtk3";
};
home.packages = with pkgs; [ libreoffice-fresh ];
home.packages = with pkgs; [libreoffice-fresh];
}

14
nix/home-manager/programs/neovim.nix
View file

@ -1,14 +1,11 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
in {
home.sessionVariables = { EDITOR = "nvim"; };
home.sessionVariables = {EDITOR = "nvim";};
programs.neovim = {
enable = true;
extraPython3Packages = (ps: with ps; [ ]);
extraPython3Packages = ps: with ps; [];
extraConfig = builtins.readFile ./neovim/vimrc;
@ -24,7 +21,7 @@ in {
rev = "890ccd8e5370808d569e96dbb06cbeca2cf5993a";
sha256 = "018z6xcwrq58q6lj6gwhrifjaxkmrlkkg0n86s6mjjlwkbs2qa4m";
};
buildInputs = [ zip vim ];
buildInputs = [zip vim];
};
}
@ -77,7 +74,8 @@ in {
};
};
}
] ++ (with pkgs.vimPlugins; [
]
++ (with pkgs.vimPlugins; [
delimitMate
vim-airline
vim-airline-themes

12
nix/home-manager/programs/pass.nix
View file

@ -1,15 +1,11 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home.sessionVariables = {
# required by pass-otp
PASSWORD_STORE_EXTENSIONS_DIR =
"$HOME/.nix-profile/lib/password-store/extensions";
PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
};
programs.browserpass = { enable = true; };
programs.browserpass = {enable = true;};
home.packages = with pkgs; [ pass qtpass rofi-pass gnupg ];
home.packages = with pkgs; [pass qtpass rofi-pass gnupg];
}

19
nix/home-manager/programs/podman.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
cniConfigDir = let
loopback = pkgs.writeText "00-loopback.conf" ''
{
@ -36,12 +34,13 @@ let
]
}
'';
in pkgs.runCommand "cniConfig" { } ''
set -x
mkdir $out;
ln -s ${loopback} $out/${loopback.name}
ln -s ${podman-bridge} $out/${podman-bridge.name}
'';
in
pkgs.runCommand "cniConfig" {} ''
set -x
mkdir $out;
ln -s ${loopback} $out/${loopback.name}
ln -s ${podman-bridge} $out/${podman-bridge.name}
'';
containersConf = pkgs.writeText "containers.conf" ''
# containers.conf is the default configuration file for all tools using libpod to
@ -105,7 +104,7 @@ let
default_network = "podman"
'';
in {
home.packages = with pkgs; [ podman ];
home.packages = with pkgs; [podman];
home.file.".config/containers/containers.conf".source = containersConf;

20
nix/home-manager/programs/radicale.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
passwords = import ../../variables/passwords.crypt.nix;
libdecsync = pkgs.python3Packages.buildPythonPackage rec {
@ -21,12 +24,13 @@ let
hash = "sha256-X+0MT5o2PjsKxca5EDI+rYyQDmUtbRoELDr6e4YXKCg=";
};
buildInputs = [ pkgs.radicale ];
propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ];
buildInputs = [pkgs.radicale];
propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools];
};
radicale-decsync = pkgs.radicale.overrideAttrs (old: {
propagatedBuildInputs = old.propagatedBuildInputs
++ [ radicale-storage-decsync ];
propagatedBuildInputs =
old.propagatedBuildInputs
++ [radicale-storage-decsync];
});
radicale-config = pkgs.writeText "radicale-config" ''
[auth]
@ -50,6 +54,6 @@ in {
ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}";
Restart = "on-failure";
};
Install.WantedBy = [ "default.target" ];
Install.WantedBy = ["default.target"];
};
}

15
nix/home-manager/programs/vscode/default.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
packagedExtensions = with pkgs.vscode-extensions; [
# bbenoist.Nix
ms-vscode-remote.remote-ssh
@ -462,24 +460,22 @@ let
sha256 = "1jmmbz3i0hxq5ka4rsk07mynxh3pkh5g736d9ryv1czhnrb06lwf";
}
];
in {
programs.vscode = {
enable = true;
extensions = [ ] ++ packagedExtensions
extensions =
[] ++ packagedExtensions
# ++ marketPlaceExtensions
;
;
};
home.packages = [ pkgs.nixpkgs-fmt ];
home.packages = [pkgs.nixpkgs-fmt];
}
# TODO: automate
# rustup install stable
# rustup component add rust-analysis --toolchain stable
# rustup component add rust-src --toolchain stable
# rustup component add rls --toolchain stable
### original list:
# 74th.Theme-NaturalContrast-With-HC
# AlanWalk.markdown-toc
@ -553,3 +549,4 @@ in {
# xyz.plsql-language
# yzane.markdown-pdf
# zxh404.vscode-proto3

49
nix/home-manager/programs/zsh.nix
View file

@ -1,8 +1,4 @@
{ pkgs }:
{ ... }:
let
{pkgs}: {...}: let
just-plugin = let
plugin_file = pkgs.writeText "_just" ''
#compdef just
@ -22,19 +18,18 @@ let
_describe 'command' subcmds
'';
in pkgs.stdenv.mkDerivation {
name = "just-completions";
version = "0.1.0";
phases = "installPhase";
installPhase = ''
PLUGIN_PATH=$out/share/oh-my-zsh/plugins/just
mkdir -p $PLUGIN_PATH
cp ${plugin_file} $PLUGIN_PATH/_just
chmod --recursive a-w $out
'';
};
in
pkgs.stdenv.mkDerivation {
name = "just-completions";
version = "0.1.0";
phases = "installPhase";
installPhase = ''
PLUGIN_PATH=$out/share/oh-my-zsh/plugins/just
mkdir -p $PLUGIN_PATH
cp ${plugin_file} $PLUGIN_PATH/_just
chmod --recursive a-w $out
'';
};
in {
programs.zsh = {
enable = true;
@ -42,7 +37,8 @@ in {
# will be called again by oh-my-zsh
enableCompletion = false;
enableAutosuggestions = true;
initExtra = let inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
initExtra = let
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
in ''
PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f '
RPROMPT=""
@ -54,11 +50,14 @@ in {
. $HOME/.shrc.d/sh_aliases
fi
${if builtins.hasAttr "homeshick" pkgs then ''
source ${pkgs.homeshick}/homeshick.sh
fpath=(${pkgs.homeshick}/completions $fpath)
'' else
""}
${
if builtins.hasAttr "homeshick" pkgs
then ''
source ${pkgs.homeshick}/homeshick.sh
fpath=(${pkgs.homeshick}/completions $fpath)
''
else ""
}
# Disable intercepting of ctrl-s and ctrl-q as flow control.
stty stop ''' -ixoff -ixon
@ -115,7 +114,7 @@ in {
oh-my-zsh = {
enable = true;
theme = "tjkirch";
plugins = [ "git" "sudo" ];
plugins = ["git" "sudo"];
};
};
}

11
nix/ops/nano/configuration.nix
View file

@ -1,11 +1,13 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ n, pkgs, ... }:
{
imports = [ # Include the results of the hardware scan.
n,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
@ -60,5 +62,4 @@
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.03";
}

18
nix/ops/nano/hardware-configuration.nix
View file

@ -1,22 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
config,
lib,
pkgs,
...
}: {
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/e02a410e-5044-440f-90e9-b573e51f1315";
fsType = "ext4";
};
swapDevices = [ ];
swapDevices = [];
nix.maxJobs = 2;
}

20
nix/ops/nanos@kn.nix
View file

@ -1,18 +1,18 @@
{ nixpkgs ? import <nixpkgs> { }, nrNanos ? 1 # Number of nanos
}:
let
{
nixpkgs ? import <nixpkgs> {},
nrNanos ? 1, # Number of nanos
}: let
pkgs = nixpkgs;
webserver = {
services.httpd.enable = true;
services.httpd.adminAddr = "mail@stefanjunker.de";
services.httpd.documentRoot = "${pkgs.nixops}/share/doc/nixops/";
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowedTCPPorts = [80];
};
mkNano = { n }: {
mkNano = {n}: {
imports = [
(import ./nano/configuration.nix { inherit pkgs n; })
(import ./nano/configuration.nix {inherit pkgs n;})
../configuration/common/user/root.nix
];
deployment.targetEnv = "none";
@ -20,6 +20,6 @@ let
};
mkNanos = n:
nixpkgs.lib.nameValuePair "nano${toString n}" (mkNano { inherit n; });
in nixpkgs.lib.listToAttrs (map mkNanos (nixpkgs.lib.range 0 (nrNanos - 1)))
nixpkgs.lib.nameValuePair "nano${toString n}" (mkNano {inherit n;});
in
nixpkgs.lib.listToAttrs (map mkNanos (nixpkgs.lib.range 0 (nrNanos - 1)))

72
nix/os/containers/backup-target.nix
View file

@ -1,9 +1,19 @@
{ hostAddress, localAddress, containerBackupCfg
, sshPort ? containerBackupCfg.portInt, autoStart ? false }: {
config = { config, pkgs, lib, ... }: {
{
hostAddress,
localAddress,
containerBackupCfg,
sshPort ? containerBackupCfg.portInt,
autoStart ? false,
}: {
config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "22.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false;
@ -23,30 +33,32 @@
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNI3H0BRSYOZ/MbTs9J80doJwSd1HymFOP5quNt0J48vxZ5FPVrT2FHpQiNrCcYbCKRsU4X8AiGUHiXC0PapQQ3JDkqp6WZoqBNDx6BI7RadyH1TqVQPlou3pQmCAogzfBInruR53YTDmQqXiPwfM0okPOXgiBNjDfZXOX4+CyUfkmZZwASoicTInqWGkn1sFnh4tyXIkgWflg0njlVmfkVvH71+evvKLYHtoNpVXazkQ0SXbyuW5f3mSta7TNkpC3HbBm+4n+WxYGySrlRLWQhTo+aoWUKk9h5zvECDNpwRtbqzt+bA9nKrdg180ceu8hruwvWNiC6PPA2GW9Z1+VKROviGu1C3dliE/pPCBtK+ZoRVv2CGE+pmAuQsB9Nif9tk5tY6HJhuLNxKYiMfQkiLsDYv6KdZXUIVK/4BIDkZuQNnjhdOQBLnea0ANOhutA9gnjxnsd3UT6ovfazg5gud7n3u4yBtzjTkRrqWZ63eM1NmUVOgMWHQ715pV+hJfOFGqzRBEe3g/p3bWNgpROBYJbG1H8l9DN7emG4FGWsb1HeNFwQ5lS0Zsezb7qzahr4vSmHNugVw7w8ONt5dPbPI9wQnWvkkuHH76P/NYy6OC6lHrN1rXyA1okqdPr06YAZnCot+Pqdgn/ijxgp06J3dtkhin+Q7PoQbGff3ERIw== bkp"
];
packages = with pkgs; [ btrfs-progs ];
packages = with pkgs; [btrfs-progs];
isSystemUser = true;
};
security.sudo = {
enable = true;
extraRules = [{
users = [ "bkp" ];
commands = [
{
command = "/etc/profiles/per-user/bkp/bin/btrfs";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/readlink";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/test";
options = [ "NOPASSWD" ];
}
];
}];
extraRules = [
{
users = ["bkp"];
commands = [
{
command = "/etc/profiles/per-user/bkp/bin/btrfs";
options = ["NOPASSWD"];
}
{
command = "/run/current-system/sw/bin/readlink";
options = ["NOPASSWD"];
}
{
command = "/run/current-system/sw/bin/test";
options = ["NOPASSWD"];
}
];
}
];
};
};
@ -59,15 +71,17 @@
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [{
# ssh
containerPort = 22;
hostPort = sshPort;
protocol = "tcp";
}];
forwardPorts = [
{
# ssh
containerPort = 22;
hostPort = sshPort;
protocol = "tcp";
}
];
inherit hostAddress localAddress;
}

51
nix/os/containers/backup.nix
View file

@ -1,17 +1,20 @@
{ config, hostAddress, localAddress, subvolumes, targetPathSuffix ? ""
, autoStart ? false }:
let
{
config,
hostAddress,
localAddress,
subvolumes,
targetPathSuffix ? "",
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix;
subvolumeParentDir = "/var/lib/container-volumes";
in {
config = { pkgs, ... }: {
config = {pkgs, ...}: {
system.stateVersion = "20.03"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
environment.systemPackages = with pkgs; [ btrfs-progs btrbk ];
environment.systemPackages = with pkgs; [btrfs-progs btrbk];
networking.firewall.enable = true;
@ -19,13 +22,13 @@ in {
enable = true;
description = "bkp-sync service";
serviceConfig = { Type = "oneshot"; };
serviceConfig = {Type = "oneshot";};
after = [ "bkp-run.service" ];
after = ["bkp-run.service"];
requires = [ "bkp-run.service" ];
requires = ["bkp-run.service"];
path = with pkgs; [ utillinux ];
path = with pkgs; [utillinux];
script = ''
set -x
true
@ -36,11 +39,11 @@ in {
enable = true;
description = "bkp-run";
serviceConfig = { Type = "oneshot"; };
serviceConfig = {Type = "oneshot";};
partOf = [ "bkp-sync.service" ];
partOf = ["bkp-sync.service"];
path = with pkgs; [ btrfs-progs btrbk coreutils ];
path = with pkgs; [btrfs-progs btrbk coreutils];
script = let
btrbkConf = pkgs.writeText "cfg" ''
@ -60,7 +63,7 @@ in {
volume ${subvolumeParentDir}
target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix}
${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") ""
subvolumes}
subvolumes}
'';
in ''
#! ${pkgs.bash}/bin/bash
@ -73,7 +76,7 @@ in {
systemd.timers."bkp" = {
description = "Timer to trigger bkp periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
wantedBy = ["timer.target" "multi-user.target"];
timerConfig = {
# Obtained using `systemd-analyze calendar "Wed 23:00"`
# OnCalendar = "Wed *-*-* 23:00:00";
@ -104,15 +107,17 @@ in {
};
};
allowedDevices = [{
node = "/dev/fuse";
modifier = "rw";
}];
allowedDevices = [
{
node = "/dev/fuse";
modifier = "rw";
}
];
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [ ];
forwardPorts = [];
inherit hostAddress localAddress;
}

29
nix/os/containers/ipxe.nix
View file

@ -1,9 +1,18 @@
{ hostAddress, localAddress, httpPort ? 80, httpsPort ? 443 }:
let passwords = import ../../variables/passwords.crypt.nix;
{
hostAddress,
localAddress,
httpPort ? 80,
httpsPort ? 443,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in {
config = { config, pkgs, lib, ... }: {
imports = [ ../profiles/containers/configuration.nix ];
config = {
config,
pkgs,
lib,
...
}: {
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false;
@ -48,7 +57,7 @@ in {
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
locations."/fi" = { index = "index.php"; };
locations."/fi" = {index = "index.php";};
locations."~ ^(.+.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$;
@ -57,13 +66,12 @@ in {
fastcgi_index index.php;
'';
locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; };
locations."/hedgedoc/" = {proxyPass = "http://127.0.0.1:3000/";};
locations."/hedgedoc/socket.io/" = {
proxyPass = "http://127.0.0.1:3000/socket.io/";
proxyWebsockets = true;
};
};
services.phpfpm.pools.mypool = {
@ -78,14 +86,13 @@ in {
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
"php_admin_value[error_reporting]" =
"E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
"php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
};
};
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
systemd.services."phpfpm-mypool" = {
serviceConfig = { Type = lib.mkForce "simple"; };
serviceConfig = {Type = lib.mkForce "simple";};
};
services.mysql = {

34
nix/os/containers/mailserver.nix
View file

@ -1,15 +1,16 @@
{ hostAddress, localAddress, imapsPort ? 993, sievePort ? 4190
, autoStart ? false }:
let passwords = import ../../variables/passwords.crypt.nix;
{
hostAddress,
localAddress,
imapsPort ? 993,
sievePort ? 4190,
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in {
config = { pkgs, ... }: {
config = {pkgs, ...}: {
system.stateVersion = "21.11"; # Did you read the comment?
imports =
[ ../profiles/containers/configuration.nix ../profiles/common/user.nix ];
imports = [../profiles/containers/configuration.nix ../profiles/common/user.nix];
networking.firewall.enable = false;
@ -21,8 +22,8 @@ in {
services.dovecot2 = {
enable = true;
modules = [ pkgs.dovecot_pigeonhole ];
protocols = [ "sieve" ];
modules = [pkgs.dovecot_pigeonhole];
protocols = ["sieve"];
enableImap = true;
enableLmtp = true;
@ -51,7 +52,6 @@ in {
mail_max_userip_connections = 64
}
'';
};
environment.etc."dovecot/users".text = ''
@ -60,13 +60,13 @@ in {
systemd.services.steveej-getmail-stefanjunker = {
enable = true;
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
serviceConfig.User = "steveej";
serviceConfig.Group = "dovecot2";
serviceConfig.RestartSec = 600;
serviceConfig.Restart = "always";
description = "Getmail service";
path = [ pkgs.getmail6 ];
path = [pkgs.getmail6];
script = let
rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
[options]
@ -93,11 +93,11 @@ in {
systemd.services.steveej-getmail-webde = {
enable = true;
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
serviceConfig.User = "steveej";
serviceConfig.Group = "dovecot2";
description = "Getmail service";
path = [ pkgs.getmail6 ];
path = [pkgs.getmail6];
serviceConfig.RestartSec = 1000;
serviceConfig.Restart = "always";
script = let
@ -139,7 +139,7 @@ in {
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [

20
nix/os/containers/syncthing.nix
View file

@ -1,12 +1,18 @@
{ hostAddress, localAddress, syncthingPort ? 22000
, syncthingLocalAnnouncePort ? 21027, autoStart ? false }:
{
config = { config, pkgs, ... }: {
hostAddress,
localAddress,
syncthingPort ? 22000,
syncthingLocalAnnouncePort ? 21027,
autoStart ? false,
}: {
config = {
config,
pkgs,
...
}: {
system.stateVersion = "20.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
@ -30,7 +36,7 @@
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [

33
nix/os/containers/webserver.nix
View file

@ -1,12 +1,21 @@
{ hostAddress, localAddress, httpPort ? 80, httpsPort ? 443, autoStart ? false
}:
let passwords = import ../../variables/passwords.crypt.nix;
{
hostAddress,
localAddress,
httpPort ? 80,
httpsPort ? 443,
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in {
config = { config, pkgs, lib, ... }: {
config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "22.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false;
@ -51,7 +60,7 @@ in {
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
locations."/fi" = { index = "index.php"; };
locations."/fi" = {index = "index.php";};
locations."~ ^(.+.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$;
@ -60,13 +69,12 @@ in {
fastcgi_index index.php;
'';
locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; };
locations."/hedgedoc/" = {proxyPass = "http://127.0.0.1:3000/";};
locations."/hedgedoc/socket.io/" = {
proxyPass = "http://127.0.0.1:3000/socket.io/";
proxyWebsockets = true;
};
};
services.phpfpm.pools.mypool = {
@ -81,14 +89,13 @@ in {
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
"php_admin_value[error_reporting]" =
"E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
"php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
};
};
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
systemd.services."phpfpm-mypool" = {
serviceConfig = { Type = lib.mkForce "simple"; };
serviceConfig = {Type = lib.mkForce "simple";};
};
services.mysql = {
@ -146,7 +153,7 @@ in {
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [

6
nix/os/devices/167.233.1.14/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiSupport = lib.mkForce false;
boot.extraModulePackages = [ ];
boot.extraModulePackages = [];
}

6
nix/os/devices/167.233.1.14/configuration.nix
View file

@ -1,7 +1,5 @@
{ ... }:
{
disabledModules = [ ];
{...}: {
disabledModules = [];
imports = [
../../profiles/common/configuration.nix

14
nix/os/devices/167.233.1.14/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"virtio_balloon"
"virtio_scsi"
@ -17,7 +15,6 @@ let
"pata_acpi"
"ata_generic"
];
in {
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02";
@ -27,21 +24,20 @@ in {
fileSystems."/" = {
device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
fsType = "btrfs";
options = [ "subvol=root" ];
options = ["subvol=root"];
neededForBoot = true;
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
fsType = "btrfs";
options = [ "subvol=home" ];
options = ["subvol=home"];
neededForBoot = true;
};
swapDevices =
[{ device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; }];
swapDevices = [{device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d";}];
boot.loader.grub = { device = "/dev/vda"; };
boot.loader.grub = {device = "/dev/vda";};
boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;

50
nix/os/devices/167.233.1.14/pkg.nix
View file

@ -1,29 +1,35 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
extraPackages = [
# required by vscode's remote-ssh plugin
pkgs.nodejs
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
extraPackages = [
# required by vscode's remote-ssh plugin
pkgs.nodejs
# allow clipboard exchanges
pkgs.xsel
pkgs.xclip
];
};
# allow clipboard exchanges
pkgs.xsel
pkgs.xclip
];
};
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}];
nix.buildMachines = [
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
}

39
nix/os/devices/167.233.1.14/system.nix
View file

@ -1,9 +1,12 @@
{ pkgs, lib, config, ... }:
let keys = import ../../../variables/keys.nix;
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in {
nix.binaryCaches = [ "https://cache.holo.host" ];
nix.binaryCaches = ["https://cache.holo.host"];
nix.binaryCachePublicKeys = [
"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
@ -26,11 +29,13 @@ in {
networking.interfaces.eth0 = {
mtu = 1400;
useDHCP = false;
ipv4.addresses = [{
"address" = "167.233.1.14";
"prefixLength" = 29;
}];
ipv6.addresses = [ ];
ipv4.addresses = [
{
"address" = "167.233.1.14";
"prefixLength" = 29;
}
];
ipv6.addresses = [];
};
networking.defaultGateway = {
@ -43,11 +48,11 @@ in {
interface = "eth0";
};
networking.nameservers = [ "1.1.1.1" ];
networking.nameservers = ["1.1.1.1"];
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
internalInterfaces = ["ve-+"];
externalInterface = "eth0";
};
@ -55,7 +60,7 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = { docker.enable = true; };
virtualisation = {docker.enable = true;};
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
@ -63,18 +68,18 @@ in {
systemd.services."sshd-status" = {
enable = true;
description = "sshd-status service";
path = [ pkgs.systemd ];
path = [pkgs.systemd];
script = ''
systemctl status sshd | grep -i tasks
'';
};
systemd.services.sshd.serviceConfig = { TasksMax = 32; };
systemd.services.sshd.serviceConfig = {TasksMax = 32;};
systemd.timers."sshd-status" = {
description = "Timer to trigger sshd-status periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
wantedBy = ["timer.target" "multi-user.target"];
timerConfig = {
OnActiveSec = "360s";
OnUnitActiveSec = "360s";
@ -83,7 +88,7 @@ in {
};
};
nix.gc = { automatic = true; };
nix.gc = {automatic = true;};
networking.useHostResolvConf = true;

1
nix/os/devices/167.233.1.14/versions.nix
View file

@ -4,7 +4,6 @@ let
ref = "nixos-21.11";
rev = "e34c5379866833f41e2a36f309912fa675d687c7";
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

1
nix/os/devices/167.233.1.14/versions.tmpl.nix
View file

@ -6,7 +6,6 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

61
nix/os/devices/default.nix
View file

@ -1,15 +1,20 @@
{ dir, pkgs ? import <channels-nixos-stable> { }
, ownLib ? import ../lib/default.nix { }, gitRoot ?
"$(git rev-parse --show-toplevel)"
{
dir,
pkgs ? import <channels-nixos-stable> {},
ownLib ? import ../lib/default.nix {},
gitRoot ? "$(git rev-parse --show-toplevel)",
# FIXME: why do these need explicit mentioning?
, moreargs ? "", rebuildarg ? "", ... }@args:
let
rebuildargsSudo = [ "switch" "boot" ];
rebuild = { gitRoot, rebuildarg ? "dry-activate", moreargs ? ""
, ... }:
moreargs ? "",
rebuildarg ? "",
...
} @ args: let
rebuildargsSudo = ["switch" "boot"];
rebuild = {
gitRoot,
rebuildarg ? "dry-activate",
moreargs ? "",
...
}:
pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
@ -23,23 +28,27 @@ let
rm result
fi
${if (builtins.elem rebuildarg rebuildargsSudo)
&& (builtins.match ".*--target-host.*" moreargs) == null then
"sudo -E \\"
else
""}
${
if
(builtins.elem rebuildarg rebuildargsSudo)
&& (builtins.match ".*--target-host.*" moreargs) == null
then "sudo -E \\"
else ""
}
nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs}
'';
in {
recipes = {
rebuild = rebuild {
inherit gitRoot;
inherit moreargs;
inherit rebuildarg;
recipes =
{
rebuild =
rebuild {
inherit gitRoot;
inherit moreargs;
inherit rebuildarg;
}
# // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
# // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
;
}
# // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
# // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
;
} // (import ./disk.nix (args // { inherit pkgs ownLib gitRoot; }));
// (import ./disk.nix (args // {inherit pkgs ownLib gitRoot;}));
}

43
nix/os/devices/disk.nix
View file

@ -1,13 +1,24 @@
{ pkgs, ownLib, dir, gitRoot, diskId ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{ }).hardware.opinionatedDisk.diskId, encrypted ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{ }).hardware.opinionatedDisk.encrypted, previousDiskId ? ""
, ... }:
let mntRootVol = "/mnt/${diskId}-root";
{
pkgs,
ownLib,
dir,
gitRoot,
diskId ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{})
.hardware
.opinionatedDisk
.diskId,
encrypted ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{})
.hardware
.opinionatedDisk
.encrypted,
previousDiskId ? "",
...
}: let
mntRootVol = "/mnt/${diskId}-root";
in rec {
diskMount = pkgs.writeScript "script" ''
#!/usr/bin/env bash
@ -177,12 +188,12 @@ in rec {
if test "${previousDiskId}"; then
${
pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''
}
pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''
}
sync
sleep 1
if sudo vgs ${previousDiskId}; then

4
nix/os/devices/elias-e525/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

4
nix/os/devices/elias-e525/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix

4
nix/os/devices/elias-e525/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;

23
nix/os/devices/elias-e525/pkg.nix
View file

@ -1,6 +1,8 @@
{ pkgs, lib, ... }:
let
{
pkgs,
lib,
...
}: let
homeEnv = keyboard: {
imports = [
(import ../../../home-manager/configuration/graphical-gnome3.nix {
@ -18,13 +20,14 @@ let
jitsi
];
};
in {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) {
@ -39,19 +42,19 @@ in {
home-manager.users.steveej = homeEnv {
layout = "en";
options = [ "nodeadkey" ];
options = ["nodeadkey"];
variant = "altgr-intl";
};
home-manager.users.elias = homeEnv {
layout = "de";
options = [ ];
options = [];
variant = "";
};
home-manager.users.justyna = homeEnv {
layout = "de";
options = [ ];
options = [];
variant = "";
};

17
nix/os/devices/elias-e525/system.nix
View file

@ -1,7 +1,9 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
in {
# TASK: new device
networking.hostName = "elias-e525"; # Define your hostname.
@ -17,7 +19,7 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [ mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
drivers = with pkgs; [mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
};
services.fprintd.enable = true;
@ -41,10 +43,9 @@ in {
# udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
};
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.videoDrivers = ["modesetting"];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

11
nix/os/devices/elias-e525/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.elias = mkUser {
uid = 1001;

3
nix/os/devices/elias-e525/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

3
nix/os/devices/elias-e525/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

4
nix/os/devices/fwhost1/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

4
nix/os/devices/fwhost1/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

5
nix/os/devices/fwhost1/hw.nix
View file

@ -1,7 +1,4 @@
{ ... }:
let
{...}: let
in {
# TASK: new device
hardware.opinionatedDisk = {

21
nix/os/devices/fwhost1/pkg.nix
View file

@ -1,18 +1,17 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
environment.systemPackages = with pkgs; [ iw wirelesstools ];
environment.systemPackages = with pkgs; [iw wirelesstools];
system.stateVersion = "21.11";
}

45
nix/os/devices/fwhost1/system.nix
View file

@ -1,10 +1,12 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix;
in {
# TASK: new device
networking.hostName = "fwhost1"; # Define your hostname.
@ -19,34 +21,40 @@ in {
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
networking.bridges.breth.interfaces = [ "eth0" "eth1" ];
networking.bridges.breth.interfaces = ["eth0" "eth1"];
networking.bridges.breth.rstp = true;
networking.defaultGateway.address = "172.172.171.10";
networking.nameservers = [ "172.172.171.10" ];
networking.nameservers = ["172.172.171.10"];
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{
address = "192.168.0.15";
prefixLength = 24;
}];
networking.interfaces.wan1.ipv4.addresses = [
{
address = "192.168.0.15";
prefixLength = 24;
}
];
networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{
address = "172.16.0.15";
prefixLength = 12;
}];
networking.interfaces.wan2.ipv4.addresses = [
{
address = "172.16.0.15";
prefixLength = 12;
}
];
# Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{
address = "172.172.171.15";
prefixLength = 24;
}];
networking.interfaces.lan.ipv4.addresses = [
{
address = "172.172.171.15";
prefixLength = 24;
}
];
networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth";
@ -77,4 +85,3 @@ in {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

13
nix/os/devices/fwhost1/user.nix
View file

@ -1,8 +1,9 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
in { }
inherit (import ../../lib/default.nix {}) mkUser;
in {}

3
nix/os/devices/fwhost1/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

3
nix/os/devices/fwhost1/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

4
nix/os/devices/fwhost2/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

4
nix/os/devices/fwhost2/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

5
nix/os/devices/fwhost2/hw.nix
View file

@ -1,7 +1,4 @@
{ ... }:
let
{...}: let
in {
# TASK: new device
hardware.opinionatedDisk = {

21
nix/os/devices/fwhost2/pkg.nix
View file

@ -1,18 +1,17 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
environment.systemPackages = with pkgs; [ iw wirelesstools ];
environment.systemPackages = with pkgs; [iw wirelesstools];
system.stateVersion = "21.11";
}

46
nix/os/devices/fwhost2/system.nix
View file

@ -1,10 +1,13 @@
{ pkgs, lib, config, utils, ... }:
let
{
pkgs,
lib,
config,
utils,
...
}: let
keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix;
in {
# TASK: new device
networking.hostName = "fwhost2"; # Define your hostname.
@ -19,34 +22,40 @@ in {
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
networking.bridges.breth.interfaces = [ "eth0" "eth1" ];
networking.bridges.breth.interfaces = ["eth0" "eth1"];
networking.bridges.breth.rstp = true;
networking.defaultGateway.address = "172.172.171.10";
networking.nameservers = [ "172.172.171.10" ];
networking.nameservers = ["172.172.171.10"];
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{
address = "192.168.0.16";
prefixLength = 24;
}];
networking.interfaces.wan1.ipv4.addresses = [
{
address = "192.168.0.16";
prefixLength = 24;
}
];
networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{
address = "172.16.0.16";
prefixLength = 12;
}];
networking.interfaces.wan2.ipv4.addresses = [
{
address = "172.16.0.16";
prefixLength = 12;
}
];
# Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{
address = "172.172.171.16";
prefixLength = 24;
}];
networking.interfaces.lan.ipv4.addresses = [
{
address = "172.172.171.16";
prefixLength = 24;
}
];
networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth";
@ -77,4 +86,3 @@ in {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

11
nix/os/devices/fwhost2/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
# users.extraUsers.steveej2 = mkUser {
# uid = 1001;

3
nix/os/devices/fwhost2/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

3
nix/os/devices/fwhost2/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

6
nix/os/devices/srv0.home-ch.stefanjunker.de/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiSupport = true;
boot.extraModulePackages = [ ];
boot.extraModulePackages = [];
}

6
nix/os/devices/srv0.home-ch.stefanjunker.de/configuration.nix
View file

@ -1,7 +1,5 @@
{ ... }:
{
disabledModules = [ ];
{...}: {
disabledModules = [];
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

5
nix/os/devices/srv0.home-ch.stefanjunker.de/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -19,7 +17,6 @@ let
"xhci_hcd"
"xhci_pci"
];
in {
# TASK: new device
hardware.opinionatedDisk = {

36
nix/os/devices/srv0.home-ch.stefanjunker.de/pkg.nix
View file

@ -1,23 +1,29 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}];
nix.buildMachines = [
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
# services.hydra = {
# enable = false;

21
nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix
View file

@ -1,7 +1,10 @@
{ pkgs, lib, config, ... }:
let keys = import ../../../variables/keys.nix;
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in {
# TASK: new device
networking.hostName = "srv0"; # Define your hostname.
@ -34,7 +37,7 @@ in {
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
internalInterfaces = ["ve-+"];
externalInterface = "eth0";
};
@ -42,14 +45,14 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = { docker.enable = true; };
virtualisation = {docker.enable = true;};
nix.gc = { automatic = true; };
nix.gc = {automatic = true;};
networking.useHostResolvConf = false;
services.resolved = { enable = true; };
services.resolved = {enable = true;};
containers = { };
containers = {};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

1
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.nix
View file

@ -4,7 +4,6 @@ let
ref = "nixos-22.05";
rev = "040c6d8374d090f46ab0e99f1f7c27a4529ecffd";
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

1
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.tmpl.nix
View file

@ -6,7 +6,6 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;

4
nix/os/devices/steveej-nuc7pjyh-work/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix

4
nix/os/devices/steveej-nuc7pjyh-work/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
# TASK: new device
hardware.encryptedDisk = {
enable = true;

10
nix/os/devices/steveej-nuc7pjyh-work/system.nix
View file

@ -1,9 +1,11 @@
{ pkgs, lib, ... }:
let
{
pkgs,
lib,
...
}: let
in {
services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"'';
users.groups.sgx = { };
users.groups.sgx = {};
networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname.
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest;
}

33
nix/os/devices/steveej-nuc7pjyh-work/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.sjunker = mkUser {
uid = 1001;
@ -13,15 +14,19 @@ in {
image = "quay.io/enarx/fedora";
run_args = "-v /dev/sgx:/dev/sgx";
};
extraGroups = [ "sgx" ];
extraGroups = ["sgx"];
subUidRanges = [{
startUid = 100000;
count = 65536;
}];
subGidRanges = [{
startGid = 100000;
count = 65536;
}];
subUidRanges = [
{
startUid = 100000;
count = 65536;
}
];
subGidRanges = [
{
startGid = 100000;
count = 65536;
}
];
};
}

4
nix/os/devices/steveej-pa600/boot.nix
View file

@ -1,6 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

4
nix/os/devices/steveej-pa600/configuration.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix

5
nix/os/devices/steveej-pa600/hw.nix
View file

@ -1,6 +1,4 @@
{ ... }:
let
{...}: let
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -9,7 +7,6 @@ let
"xhci_pci"
"hxci_hcd"
];
in {
# TASK: new device
hardware.opinionatedDisk = {

19
nix/os/devices/steveej-pa600/pkg.nix
View file

@ -1,16 +1,15 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
nixPath =
(import ../../../default.nix {
versionsPath = ./versions.nix;
})
.nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
services.teamviewer.enable = true;
system.stateVersion = "20.09";
}

18
nix/os/devices/steveej-pa600/system.nix
View file

@ -1,8 +1,11 @@
{ pkgs, lib, config, ... }:
let keys = import ../../../variables/keys.nix;
{
pkgs,
lib,
config,
...
}: let
keys = import ../../../variables/keys.nix;
in {
# TASK: new device
networking.hostName = "steveej-pa600"; # Define your hostname.
@ -17,7 +20,7 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
drivers = with pkgs; [hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
};
services.fprintd.enable = true;
@ -26,10 +29,9 @@ in {
sudo.fprintAuth = true;
};
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.videoDrivers = ["modesetting"];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"

11
nix/os/devices/steveej-pa600/user.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.steveej2 = mkUser {
uid = 1001;

3
nix/os/devices/steveej-pa600/versions.nix
View file

@ -4,10 +4,9 @@ let
ref = "nixos-20.09";
rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

3
nix/os/devices/steveej-pa600/versions.tmpl.nix
View file

@ -6,10 +6,9 @@ let
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in {
inherit nixpkgs;
nixos = nixpkgs // { suffix = "/nixos"; };
nixos = nixpkgs // {suffix = "/nixos";};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

Some files were not shown because too many files have changed in this diff Show more