From f6a9514d461cc88fd8f70e8ab109b089ed95d11b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 15 Jan 2020 21:22:49 +0100 Subject: [PATCH 01/15] nix/os/devices/steveej-t480s-work: bump versions --- nix/os/devices/steveej-t480s-work/versions.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index 7a9321e..6f49ec7 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,16 +1,16 @@ { channelsNixosStable = { ref = "nixos-19.09"; - rev = "f7d050ed4e3af90502c88bf0ae1fef62dcbde265"; + rev = "eb65d1dae626f4b149566c4cbccdad7ec24af189"; }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "100012e55bc2a82fc680cba31a426ad38ead6fab"; + rev = "7184df6beb88c4f5f3186e5b73d5437a3461ceaf"; }; nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "0834d16531df583e161bd53ad5aee86854ad85b0"; + rev = "712bf54f1be519c4258b16eca589b47cada37536"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; From 89bd6a268ad4e7fa5e1fe3c974b1db8c0546bffc Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 17 Jan 2020 19:24:28 +0100 Subject: [PATCH 02/15] nix/os/devices/steveej-t480s-work: bump versions --- nix/os/devices/steveej-t480s-work/versions.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index 6f49ec7..1144ab9 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -5,12 +5,12 @@ }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "7184df6beb88c4f5f3186e5b73d5437a3461ceaf"; + rev = "2628f20267d0c917772abc4c0a7c35788a740b31"; }; nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "712bf54f1be519c4258b16eca589b47cada37536"; + rev = "b3c85349110f193d5b234b7855c400fccd26499d"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; From c7546336bee400487292343ca6754d2e90892387 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 17 Jan 2020 19:27:54 +0100 Subject: [PATCH 03/15] nix/overlay: don't override qtile --- nix/overlays/overrides.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nix/overlays/overrides.nix b/nix/overlays/overrides.nix index 0e00859..f8c7aa4 100644 --- a/nix/overlays/overrides.nix +++ b/nix/overlays/overrides.nix @@ -31,6 +31,4 @@ in { # TODO: facetimehd is currfently broken (https://github.com/NixOS/nixpkgs/pull/72804) facetimehd-firmware = super.hello; - - qtile = self.nixpkgs-master.qtile; } From 8ce63e4d92c07d2b51e4c041d1bc1cba68a8ab99 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 21 Jan 2020 17:27:41 +0100 Subject: [PATCH 04/15] nix/os/devices/steveej-t480s-work: bump versions --- nix/os/devices/steveej-t480s-work/versions.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index 1144ab9..72fbad1 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,20 +1,20 @@ { channelsNixosStable = { ref = "nixos-19.09"; - rev = "eb65d1dae626f4b149566c4cbccdad7ec24af189"; + rev = "d14cea0dec2dd59e19457180feef315054ba8c57"; }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "2628f20267d0c917772abc4c0a7c35788a740b31"; + rev = "a65f338ccbd679c1d9f6886d17758d99c80cd938"; }; nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "b3c85349110f193d5b234b7855c400fccd26499d"; + rev = "a055d4d4a41f5cb1f7f0828ef3608c449c2d9fee"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; ref = "release-19.09"; - rev = "8d663335eb7b5032f637d8b719416ae4f2c1f612"; + rev = "f5c9303cedd67a57121f0cbe69b585fb74ba82d9"; }; } From e0d1c9e59f7cc973fcbeba109efe0de0b2115f61 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 21 Jan 2020 17:38:47 +0100 Subject: [PATCH 05/15] Revert "nix/overlay: don't override qtile" This reverts commit c7546336bee400487292343ca6754d2e90892387. --- nix/overlays/overrides.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nix/overlays/overrides.nix b/nix/overlays/overrides.nix index f8c7aa4..0e00859 100644 --- a/nix/overlays/overrides.nix +++ b/nix/overlays/overrides.nix @@ -31,4 +31,6 @@ in { # TODO: facetimehd is currfently broken (https://github.com/NixOS/nixpkgs/pull/72804) facetimehd-firmware = super.hello; + + qtile = self.nixpkgs-master.qtile; } From ae7c86ae68b2cd4bc839e4ebd71e1333f48707fd Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 23 Jan 2020 18:52:37 +0100 Subject: [PATCH 06/15] nix/os/devices/steveej-t480s-work: bump versions --- nix/os/devices/steveej-t480s-work/versions.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index 72fbad1..f16fb97 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,16 +1,16 @@ { channelsNixosStable = { ref = "nixos-19.09"; - rev = "d14cea0dec2dd59e19457180feef315054ba8c57"; + rev = "a0fedb11078bb52dded54e341a9e9bc0699bd2b1"; }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "a65f338ccbd679c1d9f6886d17758d99c80cd938"; + rev = "d1ba7dae91d691d1f14a9aa361138acef1f2ac7f"; }; nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "a055d4d4a41f5cb1f7f0828ef3608c449c2d9fee"; + rev = "ace14c5b388ae63b8d38f7f67be1562cf1ad92aa"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; From cc95a261c1e0af7a332a6667f8793f926929fc22 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 7 Feb 2020 15:52:42 +0100 Subject: [PATCH 07/15] nix/os/devices/steveej-t480s-work: bump versions --- nix/os/devices/steveej-t480s-work/versions.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index f16fb97..ac0ab98 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,16 +1,16 @@ { channelsNixosStable = { ref = "nixos-19.09"; - rev = "a0fedb11078bb52dded54e341a9e9bc0699bd2b1"; + rev = "2de9367299f325c2b2021a44c2f63c810f8ad023"; }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "d1ba7dae91d691d1f14a9aa361138acef1f2ac7f"; + rev = "a21c2fa3ea2b88e698db6fc151d9c7259ae14d96"; }; nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "ace14c5b388ae63b8d38f7f67be1562cf1ad92aa"; + rev = "310316701f0cb6a4a0191bc90c229cef1861dd06"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; From c740026b2b25615fb2600eff8331803d6dd85ca2 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 10 Feb 2020 14:09:04 +0100 Subject: [PATCH 08/15] nix: use lorri with direnv --- .envrc | 2 +- _archive/environments/dev/rust/.envrc | 2 +- nix/home-manager/profiles/common.nix | 1 + nix/pkgs/duplicacy/.envrc | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.envrc b/.envrc index 1d953f4..051d09d 100644 --- a/.envrc +++ b/.envrc @@ -1 +1 @@ -use nix +eval "$(lorri direnv)" diff --git a/_archive/environments/dev/rust/.envrc b/_archive/environments/dev/rust/.envrc index 1d953f4..051d09d 100644 --- a/_archive/environments/dev/rust/.envrc +++ b/_archive/environments/dev/rust/.envrc @@ -1 +1 @@ -use nix +eval "$(lorri direnv)" diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 43c25c2..d501d0d 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -25,6 +25,7 @@ in { }; programs.direnv.enable = true; + services.lorri.enable = true; home.sessionVariables = { NIXPKGS_ALLOW_UNFREE = "1"; diff --git a/nix/pkgs/duplicacy/.envrc b/nix/pkgs/duplicacy/.envrc index 1d953f4..051d09d 100644 --- a/nix/pkgs/duplicacy/.envrc +++ b/nix/pkgs/duplicacy/.envrc @@ -1 +1 @@ -use nix +eval "$(lorri direnv)" From 35e9a85fc6353708e27167a0f6b3a70766693c6c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 10 Feb 2020 14:09:36 +0100 Subject: [PATCH 09/15] home/router-wan: restart utthpd in post-setup --- services/home-ch/router-wan.lan/Justfile | 1 + 1 file changed, 1 insertion(+) diff --git a/services/home-ch/router-wan.lan/Justfile b/services/home-ch/router-wan.lan/Justfile index 79a278a..8792f32 100644 --- a/services/home-ch/router-wan.lan/Justfile +++ b/services/home-ch/router-wan.lan/Justfile @@ -6,3 +6,4 @@ post-setup: just -v _run_ssh_cmd "opkg install luci-ssl" just -v _run_ssh_cmd "opkg install luci-app-samba samba36-server" just -v _run_ssh_cmd "opkg install block-mount blockd kmod-fs-vfat kmod-usb-storage usbutils" + just -v _run_ssh_cmd "/etc/init.d/uhttpd restart" From 1091051df6629ecc0053a45c1af3e330424860ea Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 10 Feb 2020 14:14:57 +0100 Subject: [PATCH 10/15] nix/os/devices/steveej-t480s-work: bump versions --- nix/os/devices/steveej-t480s-work/versions.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index ac0ab98..25840d8 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,16 +1,16 @@ { channelsNixosStable = { ref = "nixos-19.09"; - rev = "2de9367299f325c2b2021a44c2f63c810f8ad023"; + rev = "c49da6435f314e04fc58ca29807221817ac2ac6b"; }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "a21c2fa3ea2b88e698db6fc151d9c7259ae14d96"; + rev = "8130f3c1c2bb0e533b5e150c39911d6e61dcecc2"; }; nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "310316701f0cb6a4a0191bc90c229cef1861dd06"; + rev = "b94c1c89f69563a9fc2ceee487b9bc19e5234d6a"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; From 620b39e371dd76077599ec970cde5d8bc357262c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 13 Feb 2020 12:28:38 +0100 Subject: [PATCH 11/15] nix/os/devices/steveej-t480s-work: bump versions --- nix/os/devices/steveej-t480s-work/versions.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index 25840d8..2056dc3 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,7 +1,7 @@ { channelsNixosStable = { ref = "nixos-19.09"; - rev = "c49da6435f314e04fc58ca29807221817ac2ac6b"; + rev = "b9cb3b2fb2f45ac8f3a8f670c90739eb34207b0e"; }; channelsNixosUnstable = { ref = "nixos-unstable"; @@ -10,7 +10,7 @@ nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "b94c1c89f69563a9fc2ceee487b9bc19e5234d6a"; + rev = "a83b52dd254489001ca4723346fa3da35ff08a10"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; From ffe11b3a009032be4d3e9c7b742d6a3c524d791c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 17 Feb 2020 18:05:31 +0100 Subject: [PATCH 12/15] nix/home/graphical-fullblown: remove hardcoded rust nightly from PATH --- nix/home-manager/configuration/graphical-fullblown.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 544f85b..64dfa02 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -65,7 +65,6 @@ in { PATH=pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" - "$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/bin" "$HOME/.cargo/bin" "$HOME/.gem/ruby/2.3.0/bin" "$HOME/.npm-packages/bin" From 4d17dafa27f3238fe21cdd09ab977f1c512b312d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 18 Feb 2020 11:01:20 +0100 Subject: [PATCH 13/15] steveej-t480s-work: use stable kernel and force modesetting video driver --- nix/os/devices/steveej-t480s-work/system.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix index 2f0dcae..99ef011 100644 --- a/nix/os/devices/steveej-t480s-work/system.nix +++ b/nix/os/devices/steveej-t480s-work/system.nix @@ -91,4 +91,7 @@ in { "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ../../../../certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt ]; + + services.xserver.videoDrivers = [ "modesetting" ]; + boot.kernelPackages = lib.mkForce pkgs.linuxPackages; } From dcccdbbae191633d9efbb1f7062bce583acd540d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 18 Feb 2020 11:03:55 +0100 Subject: [PATCH 14/15] nix/os/devices/steveej-t480s-work: bump versions --- nix/os/devices/steveej-t480s-work/versions.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index 2056dc3..1dabb6a 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,7 +1,7 @@ { channelsNixosStable = { ref = "nixos-19.09"; - rev = "b9cb3b2fb2f45ac8f3a8f670c90739eb34207b0e"; + rev = "8731aaaf8b30888bc24994096db830993090d7c4"; }; channelsNixosUnstable = { ref = "nixos-unstable"; @@ -10,11 +10,11 @@ nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "a83b52dd254489001ca4723346fa3da35ff08a10"; + rev = "329102c47bd1c68f0acdf4feec64232202948c7a"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; ref = "release-19.09"; - rev = "f5c9303cedd67a57121f0cbe69b585fb74ba82d9"; + rev = "0d1ca254d0f213a118459c5be8ae465018132f74"; }; } From 8b6a73f73d0227f539b2dbf172e18389de431922 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 26 Feb 2020 21:41:38 +0100 Subject: [PATCH 15/15] nix/os/devices/steveej-t480s-work: krb5 redhat setup --- nix/os/devices/steveej-t480s-work/system.nix | 41 ++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix index 99ef011..c68cb26 100644 --- a/nix/os/devices/steveej-t480s-work/system.nix +++ b/nix/os/devices/steveej-t480s-work/system.nix @@ -94,4 +94,45 @@ in { services.xserver.videoDrivers = [ "modesetting" ]; boot.kernelPackages = lib.mkForce pkgs.linuxPackages; + + krb5 = { + enable = true; + config = let + pkinit_crt = pkgs.fetchurl { + url = "https://password.corp.redhat.com/ipa.crt"; + sha256 = "0cflhkb7szzlakjmz2rmw8l8j5jqsyy2rl7ciclmi5fdfjrrx1cd"; + }; + in '' + [libdefaults] + default_realm = IPA.REDHAT.COM + dns_lookup_realm = true + dns_lookup_kdc = true + rdns = false + dns_canonicalize_hostname = true + ticket_lifetime = 24h + forwardable = true + udp_preference_limit = 0 + default_ccache_name = KEYRING:persistent:%{uid} + + [realms] + REDHAT.COM = { + default_domain = redhat.com + dns_lookup_kdc = true + master_kdc = kerberos.corp.redhat.com + admin_server = kerberos.corp.redhat.com + } + + #make sure to save the IPA CA cert + #mkdir /etc/ipa && curl -o /etc/ipa/ca.crt https://password.corp.redhat.com/ipa.crt + IPA.REDHAT.COM = { + pkinit_anchors = FILE:${pkinit_crt} + pkinit_pool = FILE:${pkinit_crt} + default_domain = ipa.redhat.com + dns_lookup_kdc = true + # Trust tickets issued by legacy realm on this host + auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*// + auth_to_local = DEFAULT + } + ''; + }; }