From fbc8032fd28863a89c2cf955487867af5f8e5321 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 30 Oct 2019 21:30:50 +0100 Subject: [PATCH 01/24] devices/steveej-t480s-work: use experimental docker features --- nix/os/devices/steveej-t480s-work/system.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix index 30b26d5..ef5e466 100644 --- a/nix/os/devices/steveej-t480s-work/system.nix +++ b/nix/os/devices/steveej-t480s-work/system.nix @@ -65,9 +65,13 @@ in { }; virtualbox.host.enable = true; virtualbox.host.addNetworkInterface = true; - docker.enable = true; + docker = { + enable = true; + extraOptions = "--experimental"; + }; }; + boot.initrd.network = { enable = true; useDHCP = true; From 3aa93b3678531175c7e1eecf1ad0b173ce628667 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 30 Oct 2019 21:31:20 +0100 Subject: [PATCH 02/24] shell: remove alacritty --- shell.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/shell.nix b/shell.nix index ed7bde4..5ccc005 100644 --- a/shell.nix +++ b/shell.nix @@ -22,10 +22,6 @@ stdenv.mkDerivation { esh xorg.xwininfo - - - # testing - alacritty ]; # Set Environment Variables From 90664451b1c510dfeb57f76d18b1c112777676d7 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 31 Oct 2019 11:12:37 +0100 Subject: [PATCH 03/24] nix/home/graphical-fullblown: exclude cloud tools --- .../configuration/graphical-fullblown.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 3315702..fc3d454 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -90,18 +90,18 @@ in { nix-prefetch-github # Version Control Systems - unstablepkgs.pijul + pijul gitless gitRepo git-lfs - # Cloud/Remote System Management - google-cloud-sdk - ansible - nixops - unstablepkgs.terraform - awscli - hcloud + # TODO: move Cloud/Remote System Management to a dev environment + # google-cloud-sdk + # ansible + # nixops + # terraform + # awscli + # hcloud # Process/System Administration htop From 627c02275735576ccc01b0a9cb85570e261bd52e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 6 Nov 2019 12:26:35 +0100 Subject: [PATCH 04/24] nix/home/graphicall-fullblown: remove some webdev tools --- nix/home-manager/configuration/graphical-fullblown.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index fc3d454..6578cbf 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -338,16 +338,17 @@ in { pypi2nix ## Webdev - nodejs-8_x - npm2nix - emscripten + # TODO: move this to dev environment + # nodejs-8_x + # npm2nix + # emscripten # Code generators unstablepkgs.swagger-codegen # Misc Desktop Tools ltunify - solaar + # solaar # TODO: conflicts with solar over udev rules dex # kitty busyboxStatic From 265ed7d982c7eb989174b769d01ba4e0d9b64940 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 6 Nov 2019 12:28:17 +0100 Subject: [PATCH 05/24] *: formatting fixes --- nix/os/profiles/graphical/system.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index 287a6d5..b8bf258 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -1,5 +1,5 @@ { pkgs -, ... +, ... }: { @@ -30,7 +30,7 @@ }; }; # required for running blueman-applet in user sessions - services.dbus.packages = with pkgs; [ + services.dbus.packages = with pkgs; [ blueman ]; From edbeaf50dfcc4058d54b77e12167b237ccafe52e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 31 Oct 2019 10:45:37 +0100 Subject: [PATCH 06/24] nix-channels: bump 19.03 -> 19.09 and adapt --- .../configuration/graphical-fullblown.nix | 2 +- .../devices/steveej-t480s-work/versions.nix | 10 +++++----- nix/os/profiles/graphical/system.nix | 19 ++++++++++++------- nix/overlay.nix | 3 +++ nix/variables/versions.tmpl.nix | 4 ++-- 5 files changed, 23 insertions(+), 15 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 6578cbf..357ba6b 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -139,7 +139,7 @@ in { aspellDicts.en aspellDicts.de unstablepkgs.skype - zoom-us + # zoom-us # broken as of 2019-10-30 unstablepkgs.bluejeans-gui thunderbird gnome3.evolution # gnome4.glib_networking diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index 6d94e8b..acc8b1b 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,20 +1,20 @@ { channelsNixosStable = { - ref = "nixos-19.03"; - rev = "aef662d2eb532eeb9976068fd1705e3cf3663054"; + ref = "nixos-19.09"; + rev = "c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31"; }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "73392e79aa62e406683d6a732eb4f4101f4732be"; + rev = "7827d3f4497ed722fedca57fd4d5ca1a65c38256"; }; nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "51aa3cc4855c5964a6e71adcf7b79c1a0c23f322"; + rev = "f6501c42cdf723d8c2c50aef5b96cc54826ae18f"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; ref = "master"; - rev = "95382060ebaa19ec49a861921216b1db8460b314"; + rev = "450571056552c9311fcb2894328696b535265593"; }; } diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index b8bf258..008464c 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -68,19 +68,24 @@ }; }; + services.gvfs.enable = true; + programs.seahorse.enable = true; + programs.gpaste.enable = false; + programs.gnome-terminal.enable = false; + programs.gnome-documents.enable = false; + programs.gnome-disks.enable = false; + services.gnome3 = { - gnome-disks.enable = false; - gnome-documents.enable = false; - gnome-online-miners.enable = false; + # gnome-online-miners.enable = false; TODO: enable this again + games.enable = false; + gnome-remote-desktop.enable = false; gnome-user-share.enable = false; - gnome-terminal-server.enable = false; - gpaste.enable = false; + rygel.enable = false; sushi.enable = false; tracker.enable = false; + tracker-miners.enable = false; # FIXME: gnome should be moved to user session - seahorse.enable = true; - gvfs.enable = true; at-spi2-core.enable = true; evolution-data-server.enable = true; gnome-online-accounts.enable = true; diff --git a/nix/overlay.nix b/nix/overlay.nix index 886dfa8..eb71e23 100644 --- a/nix/overlay.nix +++ b/nix/overlay.nix @@ -71,4 +71,7 @@ in { }); rdedup = super.callPackages ./pkgs/rdedup {}; + + # TODO: facetimehd is currfently broken (https://github.com/NixOS/nixpkgs/pull/72804) + facetimehd-firmware = super.hello; } diff --git a/nix/variables/versions.tmpl.nix b/nix/variables/versions.tmpl.nix index 9f35d77..92eaa01 100644 --- a/nix/variables/versions.tmpl.nix +++ b/nix/variables/versions.tmpl.nix @@ -1,7 +1,7 @@ { channelsNixosStable = { - ref = "nixos-19.03"; - rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-19.03 | awk '{ print $1 }' | tr -d '\n' -%>"; + ref = "nixos-19.09"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>"; }; channelsNixosUnstable = { ref = "nixos-unstable"; From 73f0ac227ff318136b57f595094b14b29ba27e06 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 6 Nov 2019 13:29:45 +0100 Subject: [PATCH 07/24] nix: bump default versions --- nix/variables/versions.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/nix/variables/versions.nix b/nix/variables/versions.nix index 3d8fc1c..2739d8a 100644 --- a/nix/variables/versions.nix +++ b/nix/variables/versions.nix @@ -1,20 +1,20 @@ { channelsNixosStable = { - ref = "nixos-19.03"; - rev = "3a4ffdd38b56801ce616aa08791121d36769e884"; + ref = "nixos-19.09"; + rev = "c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31"; }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "07b42ccf2de451342982b550657636d891c4ba35"; + rev = "7827d3f4497ed722fedca57fd4d5ca1a65c38256"; }; nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "d8c7f0bd3f42bc9e687b12ce7f0a4ef747f27933"; + rev = "abe853b84c58ddbb7c5c07e80090d47480d56c11"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; ref = "master"; - rev = "03162970cd6dadfac58f169cd50aed5a5aeec14f"; + rev = "450571056552c9311fcb2894328696b535265593"; }; } From ee718a3a5085ae461f1a45ce3ae29b84bdae2250 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 10 Nov 2019 22:46:57 +0100 Subject: [PATCH 08/24] nix/os/devices/steveej-t480s-work: bump versions --- nix/os/devices/steveej-t480s-work/versions.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index acc8b1b..144ce5c 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,7 +1,7 @@ { channelsNixosStable = { ref = "nixos-19.09"; - rev = "c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31"; + rev = "2d896998dc9b1b0daeb8a180dc170733f1225678"; }; channelsNixosUnstable = { ref = "nixos-unstable"; @@ -10,7 +10,7 @@ nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "f6501c42cdf723d8c2c50aef5b96cc54826ae18f"; + rev = "84c44d8cafd909105a78bfcf191a0f6c7858c54d"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; From 1d2bbe2eea33b460559525e327d83efde2e71b8b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 11 Nov 2019 13:11:16 +0100 Subject: [PATCH 09/24] nix/os/devices/steveej-t480s-work: bump versions --- nix/os/devices/steveej-t480s-work/versions.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index 144ce5c..bb6d64a 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -10,7 +10,7 @@ nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "84c44d8cafd909105a78bfcf191a0f6c7858c54d"; + rev = "542fb7715bc4117c62a33a57d2c82c087f7cd39d"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; From dff5737e83f5949b8fd11f70fb3e35a232095379 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 17 Nov 2019 19:26:50 +0100 Subject: [PATCH 10/24] nix/os/devices/steveej-t480s-work: bump versions --- nix/os/devices/steveej-t480s-work/versions.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index bb6d64a..77a3ba8 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,20 +1,20 @@ { channelsNixosStable = { ref = "nixos-19.09"; - rev = "2d896998dc9b1b0daeb8a180dc170733f1225678"; + rev = "c0c062da7b3e20ec3b6c9416bc03cb3fc61df4b8"; }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "7827d3f4497ed722fedca57fd4d5ca1a65c38256"; + rev = "c1966522d7d5fa54db068140d212cba18731dd98"; }; nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "542fb7715bc4117c62a33a57d2c82c087f7cd39d"; + rev = "f0d170bb49a143db4c93acb2e9ed5c74c081d204"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; ref = "master"; - rev = "450571056552c9311fcb2894328696b535265593"; + rev = "595150be86639cd1e41c9eba1cf02dc503d10c23"; }; } From 105945ed3083167074828624f18976606131e9d0 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 22 Nov 2019 16:37:46 +0100 Subject: [PATCH 11/24] bump and adapt work and removable devices --- .../configuration/graphical-fullblown.nix | 2 +- .../configuration/graphical-removable.nix | 4 ---- .../steveej-rmvbl-sduusb3128g/versions.nix | 16 +++++++++++++--- nix/os/devices/steveej-t480s-work/versions.nix | 8 ++++---- nix/overlay.nix | 2 ++ 5 files changed, 20 insertions(+), 12 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 357ba6b..55a7922 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -139,7 +139,7 @@ in { aspellDicts.en aspellDicts.de unstablepkgs.skype - # zoom-us # broken as of 2019-10-30 + zoom-us # broken as of 2019-10-30 unstablepkgs.bluejeans-gui thunderbird gnome3.evolution # gnome4.glib_networking diff --git a/nix/home-manager/configuration/graphical-removable.nix b/nix/home-manager/configuration/graphical-removable.nix index 2c11681..ec34ea1 100644 --- a/nix/home-manager/configuration/graphical-removable.nix +++ b/nix/home-manager/configuration/graphical-removable.nix @@ -26,8 +26,6 @@ in { gnutls = true; }; - android_sdk.accept_license = true; - packageOverrides = pkgs: with pkgs; { myPython36 = python36Full.withPackages (ps: with ps; [ pylint pep8 yapf flake8 @@ -141,8 +139,6 @@ in { python27Packages.binwalk gptfdisk - androidsdk - ## Python myPython36 diff --git a/nix/os/devices/steveej-rmvbl-sduusb3128g/versions.nix b/nix/os/devices/steveej-rmvbl-sduusb3128g/versions.nix index 19d8582..f96fccc 100644 --- a/nix/os/devices/steveej-rmvbl-sduusb3128g/versions.nix +++ b/nix/os/devices/steveej-rmvbl-sduusb3128g/versions.nix @@ -1,10 +1,20 @@ { channelsNixosStable = { - ref = "nixos-18.09"; - rev = "c2950341d038995bf46a7b72db961bb3d3e9ac12"; + ref = "nixos-19.09"; + rev = "e6d584f6dd22b587d5cdf5019f5e7dd2be370f61"; }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "eebd1a9263716a04689a37b6537e50801d376b5e"; + rev = "41d921292e922a6cd1aba64259341c244d4c2cc7"; + }; + nixpkgsMaster = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "master"; + rev = "a6934e36534f8a87a78f877eee65c08fa9867ba5"; + }; + homeManagerModule = { + url = "https://github.com/rycee/home-manager"; + ref = "master"; + rev = "286dd9b3088298e5a4625b517f8e72b1c62e4f74"; }; } diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index 77a3ba8..f96fccc 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,20 +1,20 @@ { channelsNixosStable = { ref = "nixos-19.09"; - rev = "c0c062da7b3e20ec3b6c9416bc03cb3fc61df4b8"; + rev = "e6d584f6dd22b587d5cdf5019f5e7dd2be370f61"; }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "c1966522d7d5fa54db068140d212cba18731dd98"; + rev = "41d921292e922a6cd1aba64259341c244d4c2cc7"; }; nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "f0d170bb49a143db4c93acb2e9ed5c74c081d204"; + rev = "a6934e36534f8a87a78f877eee65c08fa9867ba5"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; ref = "master"; - rev = "595150be86639cd1e41c9eba1cf02dc503d10c23"; + rev = "286dd9b3088298e5a4625b517f8e72b1c62e4f74"; }; } diff --git a/nix/overlay.nix b/nix/overlay.nix index eb71e23..c0316ce 100644 --- a/nix/overlay.nix +++ b/nix/overlay.nix @@ -74,4 +74,6 @@ in { # TODO: facetimehd is currfently broken (https://github.com/NixOS/nixpkgs/pull/72804) facetimehd-firmware = super.hello; + + qtile = nixpkgs-master.qtile; } From 6bea703f6dc57c4f4cecd24a1d51c24e1ef247c6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 22 Nov 2019 16:38:19 +0100 Subject: [PATCH 12/24] nix/os/devices/disk: try lazy unmount --- nix/os/devices/disk.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/disk.nix b/nix/os/devices/disk.nix index 73796f7..8a925f5 100644 --- a/nix/os/devices/disk.nix +++ b/nix/os/devices/disk.nix @@ -28,11 +28,11 @@ in rec { diskUmount = pkgs.writeScript "script" '' #!/usr/bin/env bash - set -xe - sudo umount -R ${mntRootVol} + set -x + sudo umount -Rl ${mntRootVol} sudo rmdir ${mntRootVol} sudo vgchange -an ${ownLib.disk.volumeGroup diskId} - sudo cryptsetup luksClose ${ownLib.disk.luksName diskId} + sudo cryptsetup close ${ownLib.disk.luksName diskId} sync ''; From e515d26fbfeb5410955c38c48faac77c78d77cb3 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 22 Nov 2019 16:38:49 +0100 Subject: [PATCH 13/24] WIP nix/os/devices: add NUC for work --- .../steveej-nuc7pjyh-work/configuration.nix | 11 +++++++ nix/os/devices/steveej-nuc7pjyh-work/hw.nix | 9 ++++++ .../devices/steveej-nuc7pjyh-work/system.nix | 31 +++++++++++++++++++ .../steveej-nuc7pjyh-work/versions.nix | 20 ++++++++++++ 4 files changed, 71 insertions(+) create mode 100644 nix/os/devices/steveej-nuc7pjyh-work/configuration.nix create mode 100644 nix/os/devices/steveej-nuc7pjyh-work/hw.nix create mode 100644 nix/os/devices/steveej-nuc7pjyh-work/system.nix create mode 100644 nix/os/devices/steveej-nuc7pjyh-work/versions.nix diff --git a/nix/os/devices/steveej-nuc7pjyh-work/configuration.nix b/nix/os/devices/steveej-nuc7pjyh-work/configuration.nix new file mode 100644 index 0000000..5901da0 --- /dev/null +++ b/nix/os/devices/steveej-nuc7pjyh-work/configuration.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + imports = [ + ../../profiles/common/configuration.nix + ../../profiles/graphical/configuration.nix + + ./system.nix + ./hw.nix + ]; +} diff --git a/nix/os/devices/steveej-nuc7pjyh-work/hw.nix b/nix/os/devices/steveej-nuc7pjyh-work/hw.nix new file mode 100644 index 0000000..30186d1 --- /dev/null +++ b/nix/os/devices/steveej-nuc7pjyh-work/hw.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + # TASK: new device + hardware.encryptedDisk = { + enable = true; + diskId = "ata-KINGSTON_SV100S2128G_08BAB0020855"; + }; +} diff --git a/nix/os/devices/steveej-nuc7pjyh-work/system.nix b/nix/os/devices/steveej-nuc7pjyh-work/system.nix new file mode 100644 index 0000000..045c53d --- /dev/null +++ b/nix/os/devices/steveej-nuc7pjyh-work/system.nix @@ -0,0 +1,31 @@ +{ pkgs, lib, ... }: + +let + sgx_linuxpackages = let + linux_sgx_pkg = { stdenv, fetchurl, buildLinux, ... } @ args: + + with stdenv.lib; + + buildLinux (args // rec { + version = "5.4.0-rc3"; + modDirVersion = "5.4.0-rc3"; + + src = fetchurl { + url = "https://github.com/jsakkine-intel/linux-sgx/archive/v23.tar.gz"; + sha256 = "11rwlwv7s071ia889dk1dgrxprxiwgi7djhg47vi56dj81jgib20"; + }; + kernelPatches = []; + + extraConfig = '' + INTEL_SGX y + ''; + + extraMeta.branch = "5.4"; + } // (args.argsOverride or {})); + linux_sgx = pkgs.callPackage linux_sgx_pkg{}; + in + pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_sgx); +in { + networking.hostName = "steveej-nuc7pjyh-work-"; # Define your hostname. + boot.kernelPackages = lib.mkForce sgx_linuxpackages; +} diff --git a/nix/os/devices/steveej-nuc7pjyh-work/versions.nix b/nix/os/devices/steveej-nuc7pjyh-work/versions.nix new file mode 100644 index 0000000..f96fccc --- /dev/null +++ b/nix/os/devices/steveej-nuc7pjyh-work/versions.nix @@ -0,0 +1,20 @@ +{ + channelsNixosStable = { + ref = "nixos-19.09"; + rev = "e6d584f6dd22b587d5cdf5019f5e7dd2be370f61"; + }; + channelsNixosUnstable = { + ref = "nixos-unstable"; + rev = "41d921292e922a6cd1aba64259341c244d4c2cc7"; + }; + nixpkgsMaster = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "master"; + rev = "a6934e36534f8a87a78f877eee65c08fa9867ba5"; + }; + homeManagerModule = { + url = "https://github.com/rycee/home-manager"; + ref = "master"; + rev = "286dd9b3088298e5a4625b517f8e72b1c62e4f74"; + }; +} From cf18b61720222dfd22ee9240bc41cb016ed79d06 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 24 Nov 2019 00:16:14 +0100 Subject: [PATCH 14/24] nix/os/devices: refactor sduusb3128g -> sdep0 --- .../configuration.nix | 0 .../hw.nix | 2 +- nix/os/devices/steveej-rmvbl-sdep0/system.nix | 5 +++++ .../versions.nix | 0 nix/os/devices/steveej-rmvbl-sduusb3128g/system.nix | 5 ----- 5 files changed, 6 insertions(+), 6 deletions(-) rename nix/os/devices/{steveej-rmvbl-sduusb3128g => steveej-rmvbl-sdep0}/configuration.nix (100%) rename nix/os/devices/{steveej-rmvbl-sduusb3128g => steveej-rmvbl-sdep0}/hw.nix (56%) create mode 100644 nix/os/devices/steveej-rmvbl-sdep0/system.nix rename nix/os/devices/{steveej-rmvbl-sduusb3128g => steveej-rmvbl-sdep0}/versions.nix (100%) delete mode 100644 nix/os/devices/steveej-rmvbl-sduusb3128g/system.nix diff --git a/nix/os/devices/steveej-rmvbl-sduusb3128g/configuration.nix b/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix similarity index 100% rename from nix/os/devices/steveej-rmvbl-sduusb3128g/configuration.nix rename to nix/os/devices/steveej-rmvbl-sdep0/configuration.nix diff --git a/nix/os/devices/steveej-rmvbl-sduusb3128g/hw.nix b/nix/os/devices/steveej-rmvbl-sdep0/hw.nix similarity index 56% rename from nix/os/devices/steveej-rmvbl-sduusb3128g/hw.nix rename to nix/os/devices/steveej-rmvbl-sdep0/hw.nix index 0cc84ec..34dd81c 100644 --- a/nix/os/devices/steveej-rmvbl-sduusb3128g/hw.nix +++ b/nix/os/devices/steveej-rmvbl-sdep0/hw.nix @@ -4,6 +4,6 @@ # TASK: new device hardware.encryptedDisk = { enable = true; - diskId = "usb-SanDisk_Ultra_USB_3.0_4C530001280509108321-0:0"; + diskId = "usb-SanDisk_Extreme_Pro_12345978EC62-0:0"; }; } diff --git a/nix/os/devices/steveej-rmvbl-sdep0/system.nix b/nix/os/devices/steveej-rmvbl-sdep0/system.nix new file mode 100644 index 0000000..4374ff2 --- /dev/null +++ b/nix/os/devices/steveej-rmvbl-sdep0/system.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + networking.hostName = "steveej-rmvbl-sdep0"; # Define your hostname. +} diff --git a/nix/os/devices/steveej-rmvbl-sduusb3128g/versions.nix b/nix/os/devices/steveej-rmvbl-sdep0/versions.nix similarity index 100% rename from nix/os/devices/steveej-rmvbl-sduusb3128g/versions.nix rename to nix/os/devices/steveej-rmvbl-sdep0/versions.nix diff --git a/nix/os/devices/steveej-rmvbl-sduusb3128g/system.nix b/nix/os/devices/steveej-rmvbl-sduusb3128g/system.nix deleted file mode 100644 index 2d68b50..0000000 --- a/nix/os/devices/steveej-rmvbl-sduusb3128g/system.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - networking.hostName = "steveej-rmvbl-sduusb3128g"; # Define your hostname. -} From 7bac7cd42ac553959da78cef5db62a5fec313c45 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 24 Nov 2019 00:17:03 +0100 Subject: [PATCH 15/24] nix/os/devices/disk: use sudo in prepareDisk script --- nix/os/devices/disk.nix | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/nix/os/devices/disk.nix b/nix/os/devices/disk.nix index 8a925f5..58fb360 100644 --- a/nix/os/devices/disk.nix +++ b/nix/os/devices/disk.nix @@ -66,7 +66,7 @@ in rec { # Partition sync { - fdisk -w always -W always ${ownLib.disk.bootGrubDevice diskId} < Date: Sun, 24 Nov 2019 01:05:41 +0100 Subject: [PATCH 16/24] nix/os/devices/nuc-work: continue setup --- nix/os/devices/steveej-nuc7pjyh-work/configuration.nix | 2 ++ nix/os/devices/steveej-nuc7pjyh-work/system.nix | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/nix/os/devices/steveej-nuc7pjyh-work/configuration.nix b/nix/os/devices/steveej-nuc7pjyh-work/configuration.nix index 5901da0..2bf3a41 100644 --- a/nix/os/devices/steveej-nuc7pjyh-work/configuration.nix +++ b/nix/os/devices/steveej-nuc7pjyh-work/configuration.nix @@ -4,8 +4,10 @@ imports = [ ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix + ../../modules/encryptedDisk.nix ./system.nix ./hw.nix + ../../profiles/removable-medium/pkg.nix ]; } diff --git a/nix/os/devices/steveej-nuc7pjyh-work/system.nix b/nix/os/devices/steveej-nuc7pjyh-work/system.nix index 045c53d..9643d45 100644 --- a/nix/os/devices/steveej-nuc7pjyh-work/system.nix +++ b/nix/os/devices/steveej-nuc7pjyh-work/system.nix @@ -26,6 +26,6 @@ let in pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_sgx); in { - networking.hostName = "steveej-nuc7pjyh-work-"; # Define your hostname. + networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname. boot.kernelPackages = lib.mkForce sgx_linuxpackages; } From 3ee072f7ad543c16730998a65a4dba5537ce14af Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 28 Nov 2019 01:05:14 +0100 Subject: [PATCH 17/24] Justfile: describe the update recipes --- Justfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Justfile b/Justfile index 54d7f32..dfff21d 100755 --- a/Justfile +++ b/Justfile @@ -7,6 +7,7 @@ _DEFAULT_VERSION: _usage: just -l +# Re-render the default versions update-default-versions: #!/usr/bin/env bash template="$(just _DEFAULT_VERSION_TMPL)" @@ -82,6 +83,7 @@ rebuild-this-device rebuildarg="dry-activate": fi fi +# Re-render the versions of a remote device and rebuild its environment update-remote-device device target rebuildmode='switch': #!/usr/bin/env bash set -e @@ -111,7 +113,7 @@ update-remote-device device target rebuildmode='switch': git commit -v ${outfile} -m "nix/os/devices/{{ device }}: bump versions" -# Update the channel versions and (by default) switch to new environment +# Re-render the versions of the current device and rebuild its environment update-this-device rebuild-mode='switch': #!/usr/bin/env bash set -e From 1f36b6f458cb9be87131d7f67124418ba8e5b2cd Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 28 Nov 2019 01:05:57 +0100 Subject: [PATCH 18/24] README: minor bootstrap docs --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 342fe55..486235b 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,9 @@ just --list ## Bootstrap ### A new machine +* ensure the dotfiles repo has a branch with the new machine's hostname -1. boot with an install media -2. clone infra repository +* boot with an install media and go through setup + +#### Post-Install Setup +* `gpg2 --edit-card; fetch` From 1c84c702d09dbdc687156f14cc5a2cb122be0abe Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 28 Nov 2019 01:06:22 +0100 Subject: [PATCH 19/24] nix/os/devices/nuc: bump versions --- nix/os/devices/steveej-nuc7pjyh-work/versions.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nix/os/devices/steveej-nuc7pjyh-work/versions.nix b/nix/os/devices/steveej-nuc7pjyh-work/versions.nix index f96fccc..631edb6 100644 --- a/nix/os/devices/steveej-nuc7pjyh-work/versions.nix +++ b/nix/os/devices/steveej-nuc7pjyh-work/versions.nix @@ -1,20 +1,20 @@ { channelsNixosStable = { ref = "nixos-19.09"; - rev = "e6d584f6dd22b587d5cdf5019f5e7dd2be370f61"; + rev = "4ad6f1404a8cd69a11f16edba09cc569e5012e42"; }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "41d921292e922a6cd1aba64259341c244d4c2cc7"; + rev = "e89b21504f3e61e535229afa0b121defb52d2a50"; }; nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "a6934e36534f8a87a78f877eee65c08fa9867ba5"; + rev = "35d99698aecce66f5b6597d3b8efa2b23e120636"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; ref = "master"; - rev = "286dd9b3088298e5a4625b517f8e72b1c62e4f74"; + rev = "9781f3766de7293a67aa8098edb5dbe367939b36"; }; } From 352a0ed5e1c1fde52bd1bf980ab4ba8d0a7805e8 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 28 Nov 2019 01:02:39 +0100 Subject: [PATCH 20/24] nix/overlay: add posh and use podman/conman from master --- nix/overlay.nix | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/nix/overlay.nix b/nix/overlay.nix index c0316ce..f8864df 100644 --- a/nix/overlay.nix +++ b/nix/overlay.nix @@ -23,15 +23,9 @@ in { ''; }; - - - podman = nixpkgs-master.podman; - conmon = nixpkgs-master.conmon; - duplicacy = super.callPackage ./pkgs/duplicacy {}; just = super.callPackage ./pkgs/just.nix {}; mfcl3770cdw = super.callPackage ./pkgs/mfcl3770cdw.nix {}; - slirp4netns = super.callPackage ./pkgs/slirp4netns.nix {}; staruml = super.callPackage ./pkgs/staruml.nix { inherit (super.gnome2) GConf; libgcrypt = super.libgcrypt_1_5; }; roxterm = super.stdenv.mkDerivation { @@ -76,4 +70,35 @@ in { facetimehd-firmware = super.hello; qtile = nixpkgs-master.qtile; + + inherit (nixpkgs-master) podman conmon slirp4netns; + + # posh makes use of podman to run an encapsulated shell session + posh = { image, pull ? "always", global_args ? "", run_args ? "" }: + (super.writeScriptBin "posh" '' + #! ${super.bash}/bin/bash + source /etc/profile + + tty -s && tty="-t" || quiet="-q" + + POSH_IMAGE=${image} + POSH_PULL=${pull} + + if [ "$1" == "-c" ]; then + # we've most likely been spawned by sshd + # $2 contains the command string + shift + # TODO: make the variables overridable via the command_string + fi + + exec ${self.podman}/bin/podman \ + ${global_args} run --rm -i $tty -v ~/:/root -w /root --pull=always --network host --pull=''${POSH_PULL} \ + ${run_args} ''${POSH_IMAGE} $@ + '') + .overrideAttrs(attrs: attrs // { + passthru = { + shellPath = "/bin/posh"; + }; + }); + } From 7ac2f2dc324bec0f080bd1fc42dabb4f573b3f6a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 27 Nov 2019 18:54:18 +0100 Subject: [PATCH 21/24] nix/os/devices/steveej-t480s-work/user: experiment with podman login shell --- .../steveej-t480s-work/configuration.nix | 1 + nix/os/devices/steveej-t480s-work/user.nix | 27 +++++++++++++++++++ nix/os/profiles/common/user.nix | 3 +++ nix/os/profiles/podman/configuration.nix | 7 ----- 4 files changed, 31 insertions(+), 7 deletions(-) create mode 100644 nix/os/devices/steveej-t480s-work/user.nix diff --git a/nix/os/devices/steveej-t480s-work/configuration.nix b/nix/os/devices/steveej-t480s-work/configuration.nix index 17a021d..5b6e97a 100644 --- a/nix/os/devices/steveej-t480s-work/configuration.nix +++ b/nix/os/devices/steveej-t480s-work/configuration.nix @@ -15,6 +15,7 @@ ./system.nix ./hw.nix ./pkg.nix + ./user.nix ../../profiles/podman/configuration.nix ]; diff --git a/nix/os/devices/steveej-t480s-work/user.nix b/nix/os/devices/steveej-t480s-work/user.nix new file mode 100644 index 0000000..0defb97 --- /dev/null +++ b/nix/os/devices/steveej-t480s-work/user.nix @@ -0,0 +1,27 @@ +{ config +, pkgs +, ... }: + +let + passwords = import ../../../variables/passwords.crypt.nix; + keys = import ../../../variables/keys.nix; + inherit (import ../../lib/default.nix { }) mkUser; + +in { + users.extraUsers.steveej2 = mkUser { + uid = 1001; + openssh.authorizedKeys.keys = keys.users.steveej.openssh; + + subUidRanges = [{ startUid = 200000; count = 100000; }]; + subGidRanges = [{ startGid = 200000; count = 100000; }]; + }; + + users.extraUsers.steveej3 = mkUser { + uid = 1002; + openssh.authorizedKeys.keys = keys.users.steveej.openssh; + shell = pkgs.posh { image = "quay.io/enarx/fedora"; }; + + subUidRanges = [{ startUid = 300000; count = 100000; }]; + subGidRanges = [{ startGid = 300000; count = 100000; }]; + }; +} diff --git a/nix/os/profiles/common/user.nix b/nix/os/profiles/common/user.nix index 673bc49..8b10967 100644 --- a/nix/os/profiles/common/user.nix +++ b/nix/os/profiles/common/user.nix @@ -11,6 +11,9 @@ in { users.extraUsers.root = mkRoot { }; users.extraUsers.steveej = mkUser { uid = 1000; + + subUidRanges = [{ startUid = 100000; count = 100000; }]; + subGidRanges = [{ startGid = 100000; count = 100000; }]; }; security.pam.u2f.enable = true; diff --git a/nix/os/profiles/podman/configuration.nix b/nix/os/profiles/podman/configuration.nix index 3d2b3a7..d15563e 100644 --- a/nix/os/profiles/podman/configuration.nix +++ b/nix/os/profiles/podman/configuration.nix @@ -177,11 +177,4 @@ "${pkgs.runc}/bin/runc" ] ''; - - environment.etc."subuid".text = '' - steveej:10000:65536 - ''; - environment.etc."subgid".text = '' - steveej:10000:65536 - ''; } From 591ea7db7371344bb3fa906e06d59b2743952b16 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 24 Nov 2019 01:05:41 +0100 Subject: [PATCH 22/24] nix/os/devices/nuc-work: continue setup --- nix/os/devices/steveej-nuc7pjyh-work/system.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/nix/os/devices/steveej-nuc7pjyh-work/system.nix b/nix/os/devices/steveej-nuc7pjyh-work/system.nix index 9643d45..fe22876 100644 --- a/nix/os/devices/steveej-nuc7pjyh-work/system.nix +++ b/nix/os/devices/steveej-nuc7pjyh-work/system.nix @@ -2,13 +2,11 @@ let sgx_linuxpackages = let - linux_sgx_pkg = { stdenv, fetchurl, buildLinux, ... } @ args: - - with stdenv.lib; + linux_sgx_pkg = { fetchurl, buildLinux, ... } @ args: buildLinux (args // rec { version = "5.4.0-rc3"; - modDirVersion = "5.4.0-rc3"; + modDirVersion = version; src = fetchurl { url = "https://github.com/jsakkine-intel/linux-sgx/archive/v23.tar.gz"; From 8b278d2f801987391e9174f885f402f432f2d9b1 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 4 Dec 2019 18:35:46 +0100 Subject: [PATCH 23/24] nix/pkgs/posh: enable ssh agent forwarding --- nix/overlay.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nix/overlay.nix b/nix/overlay.nix index f8864df..5e4649a 100644 --- a/nix/overlay.nix +++ b/nix/overlay.nix @@ -79,6 +79,7 @@ in { #! ${super.bash}/bin/bash source /etc/profile + test -S "$SSH_AUTH_SOCK" && ssh="-v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK" tty -s && tty="-t" || quiet="-q" POSH_IMAGE=${image} @@ -92,7 +93,7 @@ in { fi exec ${self.podman}/bin/podman \ - ${global_args} run --rm -i $tty -v ~/:/root -w /root --pull=always --network host --pull=''${POSH_PULL} \ + ${global_args} run --rm -i $tty $ssh -v ~/:/root -w /root --pull=always --network host --pull=''${POSH_PULL} \ ${run_args} ''${POSH_IMAGE} $@ '') .overrideAttrs(attrs: attrs // { From 3ecf7f47716e0b0cff6fcff3acc309ca7a7a6a02 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 4 Dec 2019 19:27:31 +0100 Subject: [PATCH 24/24] nix/pkgs/posh: remove hardcoded pull argument --- nix/overlay.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nix/overlay.nix b/nix/overlay.nix index 5e4649a..2f20583 100644 --- a/nix/overlay.nix +++ b/nix/overlay.nix @@ -82,18 +82,18 @@ in { test -S "$SSH_AUTH_SOCK" && ssh="-v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK" tty -s && tty="-t" || quiet="-q" + # define these as variables so we can override them at runtime POSH_IMAGE=${image} POSH_PULL=${pull} if [ "$1" == "-c" ]; then - # we've most likely been spawned by sshd - # $2 contains the command string + # We've most likely been spawned by sshd and are interested in $2 whitch contains the command string shift - # TODO: make the variables overridable via the command_string + # TODO parse the beginning of the command for POSH_* overrides fi exec ${self.podman}/bin/podman \ - ${global_args} run --rm -i $tty $ssh -v ~/:/root -w /root --pull=always --network host --pull=''${POSH_PULL} \ + ${global_args} run --rm -i $tty $ssh -v ~/:/root -w /root --network host --pull=''${POSH_PULL} \ ${run_args} ''${POSH_IMAGE} $@ '') .overrideAttrs(attrs: attrs // {