steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

chore: nixfmt *

Browse source
This commit is contained in:
steveej 2022-10-31 11:04:38 +01:00
parent dc761a5271
commit d039179898
161 changed files with 2688 additions and 3024 deletions
Download patch file Download diff file Expand all files Collapse all files

101
nix/container-images/default.nix
View file

@ -1,11 +1,6 @@
{ pkgs ? import <nixpkgs> {}
}:
let
baseEnv = [
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
{ pkgs ? import <nixpkgs> { } }:
let baseEnv = [ "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
in rec {
@ -29,19 +24,12 @@ in rec {
interactive_base = pkgs.dockerTools.buildImage {
name = "interactive_base";
fromImage = base;
contents = with pkgs; [
procps
zsh
coreutils
neovim
];
contents = with pkgs; [ procps zsh coreutils neovim ];
config = {
Cmd = [ "/bin/zsh" ];
};
config = { Cmd = [ "/bin/zsh" ]; };
};
s3ql = let
s3ql = let
entrypoint = pkgs.writeScript "entrypoint" ''
#!${pkgs.stdenv.shell}
@ -84,40 +72,37 @@ in rec {
# FIXME: touch .isbucket after mount
'';
in pkgs.dockerTools.buildImage {
name = "s3ql";
fromImage = interactive_base;
contents = [
pkgs.s3ql
pkgs.fuse
];
in pkgs.dockerTools.buildImage {
name = "s3ql";
fromImage = interactive_base;
contents = [ pkgs.s3ql pkgs.fuse ];
runAsRoot = ''
#!${pkgs.stdenv.shell}
mkdir -p /usr/bin
cp -a ${pkgs.fuse}/bin/fusermount /usr/bin
chmod +s /usr/bin/fusermount
echo user_allow_other >> /etc/fuse.conf
'';
config = {
Env = baseEnv ++ [
"HOME=/home/s3ql"
"S3QL_CACHE_DIR=/var/cache/s3ql"
"S3QL_AUTHINFO2=/etc/s3ql/authinfo2"
"CONTAINER_ENTRYPOINT=${entrypoint}"
];
Cmd = [ entrypoint ];
Volumes = {
"/var/cache/s3ql" = {};
"/etc/s3ql/authinfo2" = {};
"/buckets" = {};
"/tmp" = {};
runAsRoot = ''
#!${pkgs.stdenv.shell}
mkdir -p /usr/bin
cp -a ${pkgs.fuse}/bin/fusermount /usr/bin
chmod +s /usr/bin/fusermount
echo user_allow_other >> /etc/fuse.conf
'';
config = {
Env = baseEnv ++ [
"HOME=/home/s3ql"
"S3QL_CACHE_DIR=/var/cache/s3ql"
"S3QL_AUTHINFO2=/etc/s3ql/authinfo2"
"CONTAINER_ENTRYPOINT=${entrypoint}"
];
Cmd = [ entrypoint ];
Volumes = {
"/var/cache/s3ql" = { };
"/etc/s3ql/authinfo2" = { };
"/buckets" = { };
"/tmp" = { };
};
};
};
syncthing = let
syncthing = let
entrypoint = pkgs.writeScript "entrypoint" ''
#!${pkgs.stdenv.shell}
set -x
@ -140,19 +125,15 @@ in rec {
-gui-address=$SYNCTHING_GUI_ADDRESS \
-no-browser
'';
in pkgs.dockerTools.buildImage {
name = "syncthing";
fromImage = interactive_base;
contents = pkgs.syncthing;
config = {
Env = baseEnv ++ [
"SYNCTHING_HOME=/home/syncthing"
];
Cmd = [ entrypoint ];
Volumes = {
"/data" = {};
};
};
in pkgs.dockerTools.buildImage {
name = "syncthing";
fromImage = interactive_base;
contents = pkgs.syncthing;
config = {
Env = baseEnv ++ [ "SYNCTHING_HOME=/home/syncthing" ];
Cmd = [ entrypoint ];
Volumes = { "/data" = { }; };
};
};
}

15
nix/default.nix
View file

@ -3,25 +3,22 @@
let
channelVersions = (import versionsPath);
mkChannelSource = name:
let
channelVersion = builtins.getAttr name channelVersions;
let channelVersion = builtins.getAttr name channelVersions;
in builtins.fetchGit {
# Descriptive name to make the store path easier to identify
inherit name;
inherit (channelVersion) url ref rev;
};
};
nixPath = builtins.concatStringsSep ":" (builtins.map (elemName:
let
elem = builtins.getAttr elemName channelVersions;
elemPath = (mkChannelSource elemName);
suffix = if builtins.hasAttr "suffix" elem then elem.suffix else "";
in
builtins.concatStringsSep "=" [ elemName elemPath ] + suffix
) (builtins.attrNames channelVersions));
pkgs = import (mkChannelSource "nixpkgs") {};
in
in builtins.concatStringsSep "=" [ elemName elemPath ] + suffix)
(builtins.attrNames channelVersions));
pkgs = import (mkChannelSource "nixpkgs") { };
{
in {
inherit nixPath;
channelSources = pkgs.writeText "channels.rc" ''
export NIX_PATH=${nixPath}

450
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -1,16 +1,13 @@
{ pkgs }:
let
zshCurried = import ../programs/zsh.nix { inherit pkgs; };
in
let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
{ pkgs
, config
, ... }:
in { pkgs, config, ... }:
let
# gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
unstablepkgs = import <channels-nixos-unstable-small> { config = config.nixpkgs.config; };
unstablepkgs =
import <channels-nixos-unstable-small> { config = config.nixpkgs.config; };
masterpkgs = import <nixpkgs-master> { config = config.nixpkgs.config; };
in {
@ -37,274 +34,255 @@ in {
gnutls = true;
};
packageOverrides = pkgs: with pkgs; {
};
packageOverrides = pkgs: with pkgs; { };
};
home.sessionVariables = {
# TODO: find a way to prevent using a store path for the current file
# HM_CONFIG_PATH=builtins.toString "${./.}";
HM_CONFIG="graphical-fullblown";
HM_CONFIG = "graphical-fullblown";
GOPATH="$HOME/src/go";
GOPATH = "$HOME/src/go";
PATH=pkgs.lib.concatStringsSep ":" [
"$HOME/.local/bin"
"$PATH"
];
PATH = pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" "$PATH" ];
};
home.packages = []
++ (with pkgs; [
# Authentication
cacert
fprintd
openssl
mkpasswd
home.packages = [ ] ++ (with pkgs; [
# Authentication
cacert
fprintd
openssl
mkpasswd
# Nix package related tools
patchelf
nix-index
nox
nix-prefetch-scripts
nix-prefetch-github
# Nix package related tools
patchelf
nix-index
nox
nix-prefetch-scripts
nix-prefetch-github
# Version Control Systems
pijul
gitless
gitRepo
git-lfs
# Version Control Systems
pijul
gitless
gitRepo
git-lfs
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Password Management
gnupg
yubikey-manager
yubikey-manager-qt
yubikey-personalization
yubikey-personalization-gui
gnome.gnome-keyring
gnome.seahorse
# Password Management
gnupg
yubikey-manager
yubikey-manager-qt
yubikey-personalization
yubikey-personalization-gui
gnome.gnome-keyring
gnome.seahorse
# Language Support
hunspellDicts.en-us
hunspellDicts.de-de
# Language Support
hunspellDicts.en-us
hunspellDicts.de-de
# Messaging/Communication
signal-desktop
pidgin
hexchat
aspellDicts.en
aspellDicts.de
skypeforlinux
unstablepkgs.jitsi-meet-electron
unstablepkgs.zoom-us
thunderbird
evolution # gnome4.glib_networking
kotatogram-desktop
gnome.cheese
masterpkgs.discord
# Messaging/Communication
signal-desktop
pidgin
hexchat
aspellDicts.en
aspellDicts.de
skypeforlinux
unstablepkgs.jitsi-meet-electron
unstablepkgs.zoom-us
thunderbird
evolution # gnome4.glib_networking
kotatogram-desktop
gnome.cheese
masterpkgs.discord
# Virtualization
virtmanager
# (pkgs.lib.hiPrio qemu)
# virtualbox
# vagrant
# docker_compose
# unstablepkgs.kubernetes
# unstablepkgs.minikube
# unstablepkgs.openshift
# (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
# patches = oldAttrs.patches ++ [
# (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
# ];
# }))
appimage-run
# Virtualization
virtmanager
# (pkgs.lib.hiPrio qemu)
# virtualbox
# vagrant
# docker_compose
# unstablepkgs.kubernetes
# unstablepkgs.minikube
# unstablepkgs.openshift
# (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
# patches = oldAttrs.patches ++ [
# (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
# ];
# }))
appimage-run
# Remote Control Tools
remmina
freerdp
teamviewer
rustdesk
# Remote Control Tools
remmina
freerdp
teamviewer
rustdesk
# Audio/Video Players
ffmpeg
vlc
audacity
spotify
youtube-dl-light
libwebcam
# Audio/Video Players
ffmpeg
vlc
audacity
spotify
youtube-dl-light
libwebcam
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# 2019-03-05: broken on 19.03 linssid
iptraf-ng
ipmitool
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# 2019-03-05: broken on 19.03 linssid
iptraf-ng
ipmitool
# samba
iptables
nftables
wireshark
# samba
iptables
nftables
wireshark
# Code Editors
# unstablepkgs.atom
xclip
xsel
# Code Editors
# unstablepkgs.atom
xclip
xsel
# Image/Graphic/Design Tools
gnome.eog
gimp
imagemagick
exiv2
graphviz
inkscape
# barcode
qrencode
zbar
feh
# digikam
# Image/Graphic/Design Tools
gnome.eog
gimp
imagemagick
exiv2
graphviz
inkscape
# barcode
qrencode
zbar
feh
# digikam
# Modelling Tools
# plantuml
# umlet
# staruml
# eclipses.eclipse-modeling
# dia
# astah-community
# Misc Development Tools
qrcode
# travis
jq
# prometheus
cdrtools
# Modelling Tools
# plantuml
# umlet
# staruml
# eclipses.eclipse-modeling
# dia
# astah-community
# Document Processing and Management
# zathura
mendeley
# zotero
pandoc
unstablepkgs.logseq
# Misc Development Tools
qrcode
# travis
jq
# prometheus
cdrtools
# has an EOL version of electron
# obsidian
# Document Processing and Management
# zathura
mendeley
# zotero
pandoc
unstablepkgs.logseq
# LaTeX
perlPackages.YAMLTiny
perlPackages.FileHomeDir
perlPackages.UnicodeLineBreak
(texlive.combine {
inherit (texlive)
scheme-small texlive-de texlive-en texlive-scripts collection-langgerman
# has an EOL version of electron
# obsidian
latexindent latexmk
# LaTeX
perlPackages.YAMLTiny
perlPackages.FileHomeDir
perlPackages.UnicodeLineBreak
(texlive.combine {
inherit (texlive)
scheme-small
texlive-de
texlive-en
texlive-scripts
collection-langgerman
algorithms cm-super
latexindent
latexmk
preprint enumitem draftwatermark everypage ulem placeins minted
ifplatform fvextra xstring framed;
})
algorithms
cm-super
pdftk
# broken as of 2021-04-24
# masterpdfeditor
preprint
enumitem
draftwatermark
everypage
ulem
placeins
minted ifplatform fvextra xstring framed
;
})
# File Synchronzation
# seafile-client
# grive2
dropbox
rsync
pdftk
# broken as of 2021-04-24
# masterpdfeditor
# Filesystem Tools
ntfs3g
ddrescue
ncdu
woeusb
unetbootin
pcmanfm
hdparm
testdisk
binwalk
gptfdisk
gparted
smartmontools
# File Synchronzation
# seafile-client
# grive2
dropbox
rsync
## Android
androidenv.androidPkgs_9_0.platform-tools
# Filesystem Tools
ntfs3g
ddrescue
ncdu
woeusb
unetbootin
pcmanfm
hdparm
testdisk
binwalk
gptfdisk
gparted
smartmontools
## Python
myPython
## Android
androidenv.androidPkgs_9_0.platform-tools
# Code generators
# unstablepkgs.swagger-codegen
## Python
myPython
# Misc Desktop Tools
# TODO: this may be required if brightness control isn't working
# brightnessctl
ltunify
# solaar # TODO: conflicts with solar over udev rules
dex
# kitty
busyboxStatic
xorg.xbacklight
coreutils
lsof
x11_ssh_askpass
xdotool
xdg_utils
xdg-user-dirs
dconf
picocom
glib.dev # contains gdbus tool
alacritty
unstablepkgs.wally-cli
man-pages
# Code generators
# unstablepkgs.swagger-codegen
# Screen recording
# gtk-recordmydesktop # can't select the window
# qt-recordmydesktop
# vokoscreen
# shutter
# kazam # doesn't start
# xvidcap # doesn't keep the recording rectangle
obs-studio
screenkey
# shotcut
# openshot-qt
# Misc Desktop Tools
# TODO: this may be required if brightness control isn't working
# brightnessctl
ltunify
# solaar # TODO: conflicts with solar over udev rules
dex
# kitty
busyboxStatic
xorg.xbacklight
coreutils
lsof
x11_ssh_askpass
xdotool
xdg_utils
xdg-user-dirs
dconf
picocom
glib.dev # contains gdbus tool
alacritty
unstablepkgs.wally-cli
man-pages
# Screen recording
# gtk-recordmydesktop # can't select the window
# qt-recordmydesktop
# vokoscreen
# shutter
# kazam # doesn't start
# xvidcap # doesn't keep the recording rectangle
obs-studio
screenkey
# shotcut
# openshot-qt
unstablepkgs.ledger-live-desktop
unstablepkgs.ledger-live-desktop
]);
}

159
nix/home-manager/configuration/graphical-gnome3.nix
View file

@ -1,15 +1,12 @@
{ pkgs }:
let
zshCurried = import ../programs/zsh.nix { inherit pkgs; };
in
let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
{ pkgs
, config,
... }:
in { pkgs, config, ... }:
let
unstablepkgs = import <channels-nixos-unstable> { config = config.nixpkgs.config; };
unstablepkgs =
import <channels-nixos-unstable> { config = config.nixpkgs.config; };
in {
imports = [
@ -30,100 +27,96 @@ in {
gnutls = true;
};
packageOverrides = pkgs: with pkgs; {
};
packageOverrides = pkgs: with pkgs; { };
};
home.sessionVariables = {
};
home.sessionVariables = { };
home.packages = [ ] ++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
nix-prefetch-scripts
home.packages =
[] ++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
nix-prefetch-scripts
# Version Control Systems
gitless
# Version Control Systems
gitless
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Password Management
gnome.gnome-keyring
gnome.seahorse
# Password Management
gnome.gnome-keyring
gnome.seahorse
# Remote Control Tools
remmina
freerdp
# Remote Control Tools
remmina
freerdp
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# samba
iptables
nftables
wireshark
# samba
iptables
nftables
wireshark
# Code Editors
xclip
xsel
unstablepkgs.vscode
# Code Editors
xclip
xsel
unstablepkgs.vscode
# Image/Graphic/Design Tools
gnome.eog
gimp
inkscape
# Image/Graphic/Design Tools
gnome.eog
gimp
inkscape
# Misc Development Tools
qrcode
jq
cdrtools
# Misc Development Tools
qrcode
jq
cdrtools
# Document Processing and Management
zathura
# Document Processing and Management
zathura
# File Synchronzation
rsync
# File Synchronzation
rsync
# Filesystem Tools
ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
python38Packages.binwalk
gptfdisk
# Filesystem Tools
ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
python38Packages.binwalk
gptfdisk
## Python
myPython
## Python
myPython
busyboxStatic
busyboxStatic
# Virtualization
virtmanager
# Virtualization
virtmanager
]);
}

159
nix/home-manager/configuration/graphical-removable.nix
View file

@ -1,15 +1,12 @@
{ pkgs }:
let
zshCurried = import ../programs/zsh.nix { inherit pkgs; };
in
let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
{ pkgs
, config,
... }:
in { pkgs, config, ... }:
let
unstablepkgs = import <channels-nixos-unstable> { config = config.nixpkgs.config; };
unstablepkgs =
import <channels-nixos-unstable> { config = config.nixpkgs.config; };
in {
imports = [
@ -32,100 +29,96 @@ in {
gnutls = true;
};
packageOverrides = pkgs: with pkgs; {
};
packageOverrides = pkgs: with pkgs; { };
};
home.sessionVariables = {
};
home.sessionVariables = { };
home.packages = [ ] ++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
nix-prefetch-scripts
home.packages =
[] ++ (with pkgs; [
# Nix package related tools
patchelf
nix-index
nix-prefetch-scripts
# Version Control Systems
gitless
# Version Control Systems
gitless
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Process/System Administration
htop
gnome.gnome-tweaks
xorg.xhost
dmidecode
evtest
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Archive Managers
sshfs-fuse
xarchive
p7zip
zip
unzip
gzip
lzop
# Password Management
gnome.gnome-keyring
gnome.seahorse
# Password Management
gnome.gnome-keyring
gnome.seahorse
# Remote Control Tools
remmina
freerdp
# Remote Control Tools
remmina
freerdp
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# samba
iptables
nftables
wireshark
# samba
iptables
nftables
wireshark
# Code Editors
xclip
xsel
unstablepkgs.vscode
# Code Editors
xclip
xsel
unstablepkgs.vscode
# Image/Graphic/Design Tools
gnome.eog
gimp
inkscape
# Image/Graphic/Design Tools
gnome.eog
gimp
inkscape
# Misc Development Tools
qrcode
jq
cdrtools
# Misc Development Tools
qrcode
jq
cdrtools
# Document Processing and Management
zathura
# Document Processing and Management
zathura
# File Synchronzation
rsync
# File Synchronzation
rsync
# Filesystem Tools
ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
binwalk
gptfdisk
# Filesystem Tools
ntfs3g
ddrescue
ncdu
unstablepkgs.woeusb
unetbootin
pcmanfm
hdparm
testdisk
binwalk
gptfdisk
## Python
myPython
## Python
myPython
busyboxStatic
busyboxStatic
# Virtualization
virtmanager
# Virtualization
virtmanager
]);
}

24
nix/home-manager/configuration/text-minimal.nix
View file

@ -1,12 +1,8 @@
{ pkgs, extraPackages ? [] }:
{ pkgs, extraPackages ? [ ] }:
let
zshCurried = import ../programs/zsh.nix { inherit pkgs; };
in
let zshCurried = import ../programs/zsh.nix { inherit pkgs; };
{ pkgs
, config
, ... }:
in { pkgs, config, ... }:
let
@ -18,18 +14,10 @@ in {
zshCurried
];
nixpkgs.config = {
packageOverrides = pkgs: with pkgs; {
};
};
nixpkgs.config = { packageOverrides = pkgs: with pkgs; { }; };
home.sessionVariables = {
};
home.sessionVariables = { };
home.packages = extraPackages
++ (with pkgs; [
iperf3
inetutils
speedtest-cli
]);
++ (with pkgs; [ iperf3 inetutils speedtest-cli ]);
}

13
nix/home-manager/lib.nix
View file

@ -1,7 +1,6 @@
{
}:
{ }:
let
let
in {
mkSimpleTrayService = { execStart }: {
@ -11,12 +10,8 @@ in {
PartOf = [ "graphical-session.target" ];
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Install = { WantedBy = [ "graphical-session.target" ]; };
Service = {
ExecStart = execStart;
};
Service = { ExecStart = execStart; };
};
}

35
nix/home-manager/profiles/common.nix
View file

@ -1,8 +1,6 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
let
let
in {
# TODO: re-enable this with the appropriate version
# programs.home-manager.enable = true;
@ -18,9 +16,9 @@ in {
home.keyboard = {
layout = "us";
variant = "altgr-intl";
options = [
options = [
"nodeadkeys"
# "caps:swapescape"
# "caps:swapescape"
];
};
@ -36,19 +34,18 @@ in {
programs.command-not-found.enable = true;
programs.fzf.enable = true;
home.packages =
[] ++ (with pkgs; [
# git helpers
git-crypt
home.packages = [ ] ++ (with pkgs; [
# git helpers
git-crypt
vcsh
# Authentication
cacert
openssl
mkpasswd
vcsh
# Authentication
cacert
openssl
mkpasswd
just
ripgrep
du-dust
]);
just
ripgrep
du-dust
]);
}

8
nix/home-manager/profiles/dotfiles.nix
View file

@ -1,10 +1,6 @@
{ pkgs
, config
, ...
}:
{ pkgs, config, ... }:
let
vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix {};
let vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix { };
in {
# TODO: fix the dotfiles

49
nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix
View file

@ -1,39 +1,36 @@
{ pkgs
, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git"
, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git"
, ...
}:
{ pkgs, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git"
, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git", ... }:
let
repoBareLocal = pkgs.runCommand "fetchbare" {
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = "0000000000000000000000000000000000000000000000000000";
} ''
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = "0000000000000000000000000000000000000000000000000000";
} ''
(
set -xe
export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
${pkgs.git}/bin/git clone --mirror ${repoHttps} $out
)
'';
'';
in pkgs.writeScript "activation-script" ''
export HOST=$(hostname -s)
export HOST=$(hostname -s)
function set_remotes {
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2
}
function set_remotes {
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2
}
if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then
echo Cloning dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles
set_remotes ${repoHttps} ${repoSsh}
else
set_remotes ${repoBareLocal} ${repoSsh}
echo Updating dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh pull $HOST || true
set_remotes ${repoHttps} ${repoSsh}
fi
''
if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then
echo Cloning dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles
set_remotes ${repoHttps} ${repoSsh}
else
set_remotes ${repoBareLocal} ${repoSsh}
echo Updating dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh pull $HOST || true
set_remotes ${repoHttps} ${repoSsh}
fi
''

45
nix/home-manager/profiles/nix-channels.nix
View file

@ -1,28 +1,27 @@
{ pkgs
, config
, ...
}:
{ pkgs, config, ... }:
let
in {
home.file.".nix-channels".text = ''
'';
home.file.".nix-channels".text = "";
home.activation.removeExistingNixChannels = config.lib.dag.entryBefore ["checkLinkTargets"] ''
$DRY_RUN_CMD ${pkgs.writeScript "activation-script" ''
set -ex
if test -f $HOME/.nix-channels; then
echo Uninstalling available channels...
if test -f $HOME/.nix-channel; then
while read url channel; do
nix-channel --remove $channel
done < $HOME/.nix-channel
fi
echo Moving existing file away...
touch $HOME/.nix-channels.dummy
mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels
rm $HOME/.nix-channels
fi
''};
'';
home.activation.removeExistingNixChannels =
config.lib.dag.entryBefore [ "checkLinkTargets" ] ''
$DRY_RUN_CMD ${
pkgs.writeScript "activation-script" ''
set -ex
if test -f $HOME/.nix-channels; then
echo Uninstalling available channels...
if test -f $HOME/.nix-channel; then
while read url channel; do
nix-channel --remove $channel
done < $HOME/.nix-channel
fi
echo Moving existing file away...
touch $HOME/.nix-channels.dummy
mv --backup=numbered $HOME/.nix-channels.dummy $HOME/.nix-channels
rm $HOME/.nix-channels
fi
''
};
'';
}

408
nix/home-manager/profiles/qtile-desktop.nix
View file

@ -1,16 +1,13 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
let
inherit (import ../lib.nix { })
mkSimpleTrayService
;
inherit (import ../lib.nix { }) mkSimpleTrayService;
audio = pkgs.writeShellScript "audio" ''
export PATH=${with pkgs; lib.makeBinPath [
pulseaudio findutils gnugrep
]}:$PATH
export PATH=${
with pkgs;
lib.makeBinPath [ pulseaudio findutils gnugrep ]
}:$PATH
export MUTEFILE=''${TEMPDIR:-/tmp}/.qtilemute
case $1 in
@ -34,9 +31,7 @@ let
terminalCommand = "${pkgs.alacritty}/bin/alacritty";
dpmsScript = pkgs.writeShellScript "dpmsScript" ''
export PATH=${with pkgs; lib.makeBinPath [
xorg.xset
]}:$PATH
export PATH=${with pkgs; lib.makeBinPath [ xorg.xset ]}:$PATH
set -xe
@ -59,9 +54,7 @@ let
'';
screenLockCommand = pkgs.writeShellScript "screenLock" ''
export PATH=${with pkgs; lib.makeBinPath [
i3lock
]}:$PATH
export PATH=${with pkgs; lib.makeBinPath [ i3lock ]}:$PATH
revert() {
${dpmsScript} default
@ -82,186 +75,185 @@ let
'';
qtileConfig = pkgs.writeScript "qtile_config.py" ''
from libqtile.config import Key, Screen, Group, Drag, Click
from libqtile.command import lazy
from libqtile import layout, bar, widget
from libqtile import hook
from libqtile.config import Key, Screen, Group, Drag, Click
from libqtile.command import lazy
from libqtile import layout, bar, widget
from libqtile import hook
import logging, os
logger = logging.getLogger()
logger.setLevel(logging.WARN)
import logging, os
logger = logging.getLogger()
logger.setLevel(logging.WARN)
handler = logging.handlers.RotatingFileHandler(
os.path.join(os.getenv('TEMPDIR', default="/tmp"), '.qtilelog'), maxBytes=10240000,
backupCount=7
)
handler.setLevel(logging.WARN)
logger.addHandler(handler)
key_super = "mod4"
key_alt = "mod1"
key_control = "control"
keys = [
# https://github.com/qtile/qtile/blob/master/libqtile/backend/x11/xkeysyms.py
Key([key_super], "Return", lazy.spawn("${terminalCommand}")),
Key([key_super], "r", lazy.spawncmd()),
Key([key_super], "w", lazy.window.kill()),
Key([key_alt, key_super], "l", lazy.spawn('${pkgs.bash}/bin/sh -c "loginctl lock-session $XDG_SESSION_ID"')),
Key([key_alt, key_super], "s", lazy.spawn("${pkgs.systemd}/bin/systemctl suspend")),
Key([key_super, key_control], "r", lazy.spawn("${initScreen}")),
Key([key_super, key_control], "q", lazy.shutdown()),
# Toggle between different layouts as defined below
Key([key_super], "Tab", lazy.next_layout()),
# this is usefull when floating windows get buried
Key([key_super], "Escape", lazy.window.bring_to_front()),
# common to all layouts
Key([key_control, key_alt], "h", lazy.layout.grow_left()),
Key([key_control, key_alt], "j", lazy.layout.grow_down()),
Key([key_control, key_alt], "k", lazy.layout.grow_up()),
Key([key_control, key_alt], "l", lazy.layout.grow_right()),
Key([key_super], "n", lazy.layout.normalize()),
Key([key_super], "o", lazy.layout.maximize()),
# MonadTall keybindings
Key([key_super], "h", lazy.layout.left().when(layout="monad")),
Key([key_super], "l", lazy.layout.right().when(layout="monad")),
Key([key_super], "j", lazy.layout.down().when(layout="monad")),
Key([key_super], "k", lazy.layout.up().when(layout="monad")),
Key([key_super, key_control], "h", lazy.layout.shuffle_left().when(layout="monad")),
Key([key_super, key_control], "l", lazy.layout.shuffle_right().when(layout="monad")),
Key([key_super, key_control], "j", lazy.layout.shuffle_down().when(layout="monad")),
Key([key_super, key_control], "k", lazy.layout.shuffle_up().when(layout="monad")),
Key([key_super, key_control], "space", lazy.layout.toggle_split().when(layout="monad")),
# Stack
Key([key_super], "h", lazy.layout.previous().when(layout='stack')),
Key([key_super], "l", lazy.layout.next().when(layout='stack')),
Key([key_super], "j", lazy.layout.up().when(layout='stack')),
Key([key_super], "k", lazy.layout.down().when(layout='stack')),
Key([key_super, key_control], "j", lazy.layout.shuffle_up().when(layout='stack')),
Key([key_super, key_control], "k", lazy.layout.shuffle_down().when(layout='stack')),
Key([key_super, key_control], "h", lazy.layout.client_to_previous().when(layout='stack')),
Key([key_super, key_control], "l", lazy.layout.client_to_next().when(layout='stack')),
# Columns
Key([key_super], "h", lazy.layout.left().when(layout="columns")),
Key([key_super], "l", lazy.layout.right().when(layout="columns")),
Key([key_super], "j", lazy.layout.next().when(layout="columns")),
Key([key_super], "k", lazy.layout.previous().when(layout="columns")),
Key([key_super, key_control], "j", lazy.layout.shuffle_down().when(layout="columns")),
Key([key_super, key_control], "k", lazy.layout.shuffle_up().when(layout="columns")),
Key([key_super, key_control], "h", lazy.layout.shuffle_left().when(layout="columns")),
Key([key_super, key_control], "l", lazy.layout.shuffle_right().when(layout="columns")),
Key([key_super, key_control], "space", lazy.layout.toggle_split().when(layout="columns")),
# Max
Key([key_super], "j", lazy.layout.down().when(layout="max")),
Key([key_super], "k", lazy.layout.up().when(layout="max")),
# TODO: these are required to make the 'columns' layout work, but why?
Key([key_super], "j", lazy.layout.next()),
Key([key_super], "k", lazy.layout.previous()),
# Multimedia Keys
Key([], "XF86AudioPlay", lazy.spawn("${pkgs.playerctl}/bin/playerctl play-pause")),
Key([], "XF86AudioPrev", lazy.spawn("${pkgs.playerctl}/bin/playerctl previous")),
Key([], "XF86AudioNext", lazy.spawn("${pkgs.playerctl}/bin/playerctl next")),
# TODO: the next two don't work yet
Key([], "XF86AudioRewind", lazy.spawn("${pkgs.playerctl}/bin/playerctl offset 10-")),
Key([], "XF86BackForward", lazy.spawn("${pkgs.playerctl}/bin/playerctl offset 10+")),
Key([], "XF86AudioMute", lazy.spawn("${audio} mute")),
Key([], "XF86AudioLowerVolume", lazy.spawn("${audio} lower")),
Key([], "XF86AudioRaiseVolume", lazy.spawn("${audio} raise")),
Key([], "Print", lazy.spawn("${pkgs.flameshot}/bin/flameshot gui")),
]
groups = [Group(i) for i in "1234567890"]
for i in groups:
# super + letter of group = switch to group
keys.append(
Key([key_super], i.name, lazy.group[i.name].toscreen())
handler = logging.handlers.RotatingFileHandler(
os.path.join(os.getenv('TEMPDIR', default="/tmp"), '.qtilelog'), maxBytes=10240000,
backupCount=7
)
handler.setLevel(logging.WARN)
logger.addHandler(handler)
# super + shift + letter of group = switch to & move focused window to group
keys.append(
Key([key_super, key_control], i.name, lazy.window.togroup(i.name))
)
key_super = "mod4"
key_alt = "mod1"
key_control = "control"
layouts = [
layout.Columns(num_columns=3, border_focus='#00ff00', border_width=2),
layout.Max(),
# layout.Stack(num_stacks=3, border_focus='#00ff00', border_width=2, autosplit=True, previous_on_rm=True),
# layout.Wmii(border_focus='#00ff00'),
# layout.MonadTall(ratio=0.6, border_focus='#00ff00'),
]
keys = [
# https://github.com/qtile/qtile/blob/master/libqtile/backend/x11/xkeysyms.py
Key([key_super], "Return", lazy.spawn("${terminalCommand}")),
Key([key_super], "r", lazy.spawncmd()),
Key([key_super], "w", lazy.window.kill()),
widget_defaults = dict(
font='Arial',
fontsize=16,
padding=3,
)
Key([key_alt, key_super], "l", lazy.spawn('${pkgs.bash}/bin/sh -c "loginctl lock-session $XDG_SESSION_ID"')),
Key([key_alt, key_super], "s", lazy.spawn("${pkgs.systemd}/bin/systemctl suspend")),
screens_count = 4
screens = []
for i in range(0, screens_count+1):
j = i+1
widgets = [
widget.TextBox("Screen %i" % j, name="Screen %i" % j),
widget.GroupBox(),
widget.WindowName(),
widget.Prompt(),
widget.CPUGraph(),
widget.ThermalSensor(),
widget.Memory(),
widget.Net(interface='eth0'),
widget.Net(interface='wlan0'),
widget.Clock(format='%Y-%m-%d %a %I:%M %p'),
Key([key_super, key_control], "r", lazy.spawn("${initScreen}")),
Key([key_super, key_control], "q", lazy.shutdown()),
# Toggle between different layouts as defined below
Key([key_super], "Tab", lazy.next_layout()),
# this is usefull when floating windows get buried
Key([key_super], "Escape", lazy.window.bring_to_front()),
# common to all layouts
Key([key_control, key_alt], "h", lazy.layout.grow_left()),
Key([key_control, key_alt], "j", lazy.layout.grow_down()),
Key([key_control, key_alt], "k", lazy.layout.grow_up()),
Key([key_control, key_alt], "l", lazy.layout.grow_right()),
Key([key_super], "n", lazy.layout.normalize()),
Key([key_super], "o", lazy.layout.maximize()),
# MonadTall keybindings
Key([key_super], "h", lazy.layout.left().when(layout="monad")),
Key([key_super], "l", lazy.layout.right().when(layout="monad")),
Key([key_super], "j", lazy.layout.down().when(layout="monad")),
Key([key_super], "k", lazy.layout.up().when(layout="monad")),
Key([key_super, key_control], "h", lazy.layout.shuffle_left().when(layout="monad")),
Key([key_super, key_control], "l", lazy.layout.shuffle_right().when(layout="monad")),
Key([key_super, key_control], "j", lazy.layout.shuffle_down().when(layout="monad")),
Key([key_super, key_control], "k", lazy.layout.shuffle_up().when(layout="monad")),
Key([key_super, key_control], "space", lazy.layout.toggle_split().when(layout="monad")),
# Stack
Key([key_super], "h", lazy.layout.previous().when(layout='stack')),
Key([key_super], "l", lazy.layout.next().when(layout='stack')),
Key([key_super], "j", lazy.layout.up().when(layout='stack')),
Key([key_super], "k", lazy.layout.down().when(layout='stack')),
Key([key_super, key_control], "j", lazy.layout.shuffle_up().when(layout='stack')),
Key([key_super, key_control], "k", lazy.layout.shuffle_down().when(layout='stack')),
Key([key_super, key_control], "h", lazy.layout.client_to_previous().when(layout='stack')),
Key([key_super, key_control], "l", lazy.layout.client_to_next().when(layout='stack')),
# Columns
Key([key_super], "h", lazy.layout.left().when(layout="columns")),
Key([key_super], "l", lazy.layout.right().when(layout="columns")),
Key([key_super], "j", lazy.layout.next().when(layout="columns")),
Key([key_super], "k", lazy.layout.previous().when(layout="columns")),
Key([key_super, key_control], "j", lazy.layout.shuffle_down().when(layout="columns")),
Key([key_super, key_control], "k", lazy.layout.shuffle_up().when(layout="columns")),
Key([key_super, key_control], "h", lazy.layout.shuffle_left().when(layout="columns")),
Key([key_super, key_control], "l", lazy.layout.shuffle_right().when(layout="columns")),
Key([key_super, key_control], "space", lazy.layout.toggle_split().when(layout="columns")),
# Max
Key([key_super], "j", lazy.layout.down().when(layout="max")),
Key([key_super], "k", lazy.layout.up().when(layout="max")),
# TODO: these are required to make the 'columns' layout work, but why?
Key([key_super], "j", lazy.layout.next()),
Key([key_super], "k", lazy.layout.previous()),
# Multimedia Keys
Key([], "XF86AudioPlay", lazy.spawn("${pkgs.playerctl}/bin/playerctl play-pause")),
Key([], "XF86AudioPrev", lazy.spawn("${pkgs.playerctl}/bin/playerctl previous")),
Key([], "XF86AudioNext", lazy.spawn("${pkgs.playerctl}/bin/playerctl next")),
# TODO: the next two don't work yet
Key([], "XF86AudioRewind", lazy.spawn("${pkgs.playerctl}/bin/playerctl offset 10-")),
Key([], "XF86BackForward", lazy.spawn("${pkgs.playerctl}/bin/playerctl offset 10+")),
Key([], "XF86AudioMute", lazy.spawn("${audio} mute")),
Key([], "XF86AudioLowerVolume", lazy.spawn("${audio} lower")),
Key([], "XF86AudioRaiseVolume", lazy.spawn("${audio} raise")),
Key([], "Print", lazy.spawn("${pkgs.flameshot}/bin/flameshot gui")),
]
if i is 0:
widgets.insert(-1, widget.Systray())
groups = [Group(i) for i in "1234567890"]
screens.append(Screen(bottom=bar.Bar(widgets, 30)))
for i in groups:
# super + letter of group = switch to group
keys.append(
Key([key_super], i.name, lazy.group[i.name].toscreen())
)
keys.append(Key([key_super, "shift"], "%i" % (i+1), lazy.to_screen(i)))
# super + shift + letter of group = switch to & move focused window to group
keys.append(
Key([key_super, key_control], i.name, lazy.window.togroup(i.name))
)
dgroups_key_binder = None
dgroups_app_rules = []
follow_mouse_focus = False
bring_front_click = False
cursor_warp = False
auto_fullscreen = True
auto_minimize = False
# focus_on_window_activation = "urgent"
layouts = [
layout.Columns(num_columns=3, border_focus='#00ff00', border_width=2),
layout.Max(),
# layout.Stack(num_stacks=3, border_focus='#00ff00', border_width=2, autosplit=True, previous_on_rm=True),
# layout.Wmii(border_focus='#00ff00'),
# layout.MonadTall(ratio=0.6, border_focus='#00ff00'),
]
widget_defaults = dict(
font='Arial',
fontsize=16,
padding=3,
)
screens_count = 4
screens = []
for i in range(0, screens_count+1):
j = i+1
widgets = [
widget.TextBox("Screen %i" % j, name="Screen %i" % j),
widget.GroupBox(),
widget.WindowName(),
widget.Prompt(),
widget.CPUGraph(),
widget.ThermalSensor(),
widget.Memory(),
widget.Net(interface='eth0'),
widget.Net(interface='wlan0'),
widget.Clock(format='%Y-%m-%d %a %I:%M %p'),
]
if i is 0:
widgets.insert(-1, widget.Systray())
screens.append(Screen(bottom=bar.Bar(widgets, 30)))
keys.append(Key([key_super, "shift"], "%i" % (i+1), lazy.to_screen(i)))
dgroups_key_binder = None
dgroups_app_rules = []
follow_mouse_focus = False
bring_front_click = False
cursor_warp = False
auto_fullscreen = True
auto_minimize = False
# focus_on_window_activation = "urgent"
# Drag floating layouts.
mouse = [
# Drag([key_super,key_control], "Button1", lazy.window.set_position_floating(), start=lazy.window.get_position()),
# Drag([key_super,key_control], "Button2", lazy.window.set_size_floating(), start=lazy.window.get_size()),
Click([key_super,key_control], "Button3", lazy.window.disable_floating())
]
# Drag floating layouts.
mouse = [
# Drag([key_super,key_control], "Button1", lazy.window.set_position_floating(), start=lazy.window.get_position()),
# Drag([key_super,key_control], "Button2", lazy.window.set_size_floating(), start=lazy.window.get_size()),
Click([key_super,key_control], "Button3", lazy.window.disable_floating())
]
# disable any floating
@hook.subscribe.client_new
def disable_floating_for_all_new_windows(window):
window.floating = False
# disable any floating
@hook.subscribe.client_new
def disable_floating_for_all_new_windows(window):
window.floating = False
@hook.subscribe.client_new
def print_new_window(window):
print("new window: ", window)
'';
@hook.subscribe.client_new
def print_new_window(window):
print("new window: ", window)
'';
in {
systemd.user = {
startServices = true;
services = {
};
services = { };
};
services = {
@ -306,50 +298,46 @@ in {
enable = true;
settings = {
matches = let
playerctl = ''${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl'';
playerctl = ''
${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl'';
in [
{
trigger = ":vpos";
replace = "{{output}}";
vars = [
{
name = "output";
type = "script";
params = {
args = [
(pkgs.writeScript "espanso" ''
#! ${pkgs.python3}/bin/python
import subprocess, os, math, datetime
vars = [{
name = "output";
type = "script";
params = {
args = [
(pkgs.writeScript "espanso" ''
#! ${pkgs.python3}/bin/python
import subprocess, os, math, datetime
id=str(os.getuid())
result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True)
result.check_returncode()
id=str(os.getuid())
result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True)
result.check_returncode()
position_secs = math.trunc(float(result.stdout))
position_human = datetime.timedelta(seconds=position_secs)
print("%s - %s" % (position_human, position_secs))
'')
];
};
}
];
position_secs = math.trunc(float(result.stdout))
position_human = datetime.timedelta(seconds=position_secs)
print("%s - %s" % (position_human, position_secs))
'')
];
};
}];
}
{
trigger = ":vtit";
replace = "{{output}}";
vars = [
{
name = "output";
type = "script";
params = {
args = [
(pkgs.writeShellScript "espanso" ''
${playerctl} metadata title''
)
];
};
}
];
vars = [{
name = "output";
type = "script";
params = {
args = [
(pkgs.writeShellScript "espanso"
"${playerctl} metadata title")
];
};
}];
}
{
trigger = ":dunno";

19
nix/home-manager/programs/chromium.nix
View file

@ -1,15 +1,9 @@
{
...
}:
{ ... }:
{
programs.chromium = {
enable = true;
};
programs.chromium = { enable = true; };
programs.brave = {
enable = true;
};
programs.brave = { enable = true; };
nixpkgs.config = {
chromium = {
@ -18,11 +12,6 @@
};
};
programs.browserpass = {
browsers = [
"chromium"
"brave"
];
};
programs.browserpass = { browsers = [ "chromium" "brave" ]; };
}

34
nix/home-manager/programs/emacs.nix
View file

@ -1,24 +1,22 @@
{ pkgs,
...
}:
{ pkgs, ... }:
{
programs.emacs = {
enable = true;
extraPackages = epkgs: (with epkgs; [
nix-mode
magit # ; Integrate git <C-x g>
zerodark-theme # ; Nicolas' theme
undo-tree # ; <C-x u> to show the undo tree
# zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
]) ++ (with epkgs.melpaPackages; [
evil
]) ++ (with epkgs.elpaPackages; [
auctex # ; LaTeX mode
beacon # ; highlight my cursor when scrolling
nameless # ; hide current package name everywhere in elisp code
]) ++ (with pkgs; [
pkgs.notmuch # From main packages set
]);
extraPackages = epkgs:
(with epkgs; [
nix-mode
magit # ; Integrate git <C-x g>
zerodark-theme # ; Nicolas' theme
undo-tree # ; <C-x u> to show the undo tree
# zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
]) ++ (with epkgs.melpaPackages; [ evil ]) ++ (with epkgs.elpaPackages; [
auctex # ; LaTeX mode
beacon # ; highlight my cursor when scrolling
nameless # ; hide current package name everywhere in elisp code
]) ++ (with pkgs;
[
pkgs.notmuch # From main packages set
]);
};
}

15
nix/home-manager/programs/firefox.nix
View file

@ -1,19 +1,14 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
programs.firefox = {
enable = true;
};
programs.firefox = { enable = true; };
programs.browserpass = {
enable = true;
browsers = [
"firefox"
];
browsers = [ "firefox" ];
};
home.file.".mozilla/native-messaging-hosts/passff.json".source = "${pkgs.passff-host}/share/passff-host/passff.json";
home.file.".mozilla/native-messaging-hosts/passff.json".source =
"${pkgs.passff-host}/share/passff-host/passff.json";
}

4
nix/home-manager/programs/holochain-launcher.nix
View file

@ -1,7 +1,5 @@
{ pkgs, ... }:
{
home.packages = [
pkgs.holochain-launcher
];
home.packages = [ pkgs.holochain-launcher ];
}

49
nix/home-manager/programs/homeshick.nix
View file

@ -1,38 +1,37 @@
{ pkgs
, config
, ...
}:
{ pkgs, config, ... }:
let
# TODO: clean up the impurity in here
in {
home.sessionVariables = {
HOMESHICK_DIR="${pkgs.homeshick}";
};
home.sessionVariables = { HOMESHICK_DIR = "${pkgs.homeshick}"; };
home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] ''
$DRY_RUN_CMD ${pkgs.writeScript "activation-script" ''
set -e
echo home-manager path is ${config.home.path}
echo home is $HOME
home.activation.bootstrapRepos =
config.lib.dag.entryAfter [ "writeBoundary" ] ''
$DRY_RUN_CMD ${
pkgs.writeScript "activation-script" ''
set -e
echo home-manager path is ${config.home.path}
echo home is $HOME
source ${pkgs.homeshick}/homeshick.sh
type homeshick
# echo Updating homeshick
# ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick
# mv -Tf "$HOMESICK_REPOS"/{.,}homeshick
''};
'';
source ${pkgs.homeshick}/homeshick.sh
type homeshick
# echo Updating homeshick
# ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick
# mv -Tf "$HOMESICK_REPOS"/{.,}homeshick
''
};
'';
nixpkgs.config = {
packageOverrides = pkgs: with pkgs; {
homeshick = builtins.fetchGit {
url = "https://github.com/andsens/homeshick.git";
ref = "master";
packageOverrides = pkgs:
with pkgs; {
homeshick = builtins.fetchGit {
url = "https://github.com/andsens/homeshick.git";
ref = "master";
};
};
};
};
}

8
nix/home-manager/programs/libreoffice.nix
View file

@ -1,6 +1,4 @@
{ pkgs,
...
}:
{ pkgs, ... }:
{
home.sessionVariables = {
@ -8,7 +6,5 @@
SAL_USE_VCLPLUGIN = "gtk3";
};
home.packages = with pkgs; [
libreoffice-fresh
];
home.packages = with pkgs; [ libreoffice-fresh ];
}

205
nix/home-manager/programs/neovim.nix
View file

@ -1,13 +1,9 @@
{ pkgs,
...
}:
{ pkgs, ... }:
let
in {
home.sessionVariables = {
EDITOR = "nvim";
};
home.sessionVariables = { EDITOR = "nvim"; };
programs.neovim = {
enable = true;
@ -16,116 +12,117 @@ in {
extraConfig = builtins.readFile ./neovim/vimrc;
plugins = with pkgs; [
# yaml-folds
{
plugin = vimUtils.buildVimPlugin {
name = "vim-yaml-folds";
src = fetchFromGitHub {
owner = "pedrohdz";
repo = "vim-yaml-folds";
rev = "890ccd8e5370808d569e96dbb06cbeca2cf5993a";
sha256 = "018z6xcwrq58q6lj6gwhrifjaxkmrlkkg0n86s6mjjlwkbs2qa4m";
plugins = with pkgs;
[
# yaml-folds
{
plugin = vimUtils.buildVimPlugin {
name = "vim-yaml-folds";
src = fetchFromGitHub {
owner = "pedrohdz";
repo = "vim-yaml-folds";
rev = "890ccd8e5370808d569e96dbb06cbeca2cf5993a";
sha256 = "018z6xcwrq58q6lj6gwhrifjaxkmrlkkg0n86s6mjjlwkbs2qa4m";
};
buildInputs = [ zip vim ];
};
buildInputs = [ zip vim ];
};
}
}
{
plugin = vimUtils.buildVimPlugin {
name = "vim-yaml";
src = fetchFromGitHub {
owner = "stephpy";
repo = "vim-yaml";
rev = "e97e063b16eba4e593d620676a0a15fa98613979";
sha256 = "0vqahbrnr43lxanpziyrmzaqqb3cmyny8ry1xvmy2xyd1larzfrk";
};
};
}
{
plugin = vimUtils.buildVimPlugin {
name = "vim-yaml";
src = fetchFromGitHub {
owner = "stephpy";
repo = "vim-yaml";
rev = "e97e063b16eba4e593d620676a0a15fa98613979";
sha256 = "0vqahbrnr43lxanpziyrmzaqqb3cmyny8ry1xvmy2xyd1larzfrk";
};
};
}
# broken 2021-06-08
# {
# plugin = vimUtils.buildVimPlugin {
# name = "vim-markdown-toc";
# src = fetchFromGitHub {
# owner = "mzlogin";
# repo = "vim-markdown-toc";
# rev = "b7bb6c37033d3a6c93906af48dc0e689bd948638";
# sha256 = "026xf2gid4qivwawh7if3nfk7zja9di0flhdzdx82lvil9x48lyz";
# };
# };
# }
# broken 2021-06-08
# {
# plugin = vimUtils.buildVimPlugin {
# name = "vim-markdown-toc";
# src = fetchFromGitHub {
# owner = "mzlogin";
# repo = "vim-markdown-toc";
# rev = "b7bb6c37033d3a6c93906af48dc0e689bd948638";
# sha256 = "026xf2gid4qivwawh7if3nfk7zja9di0flhdzdx82lvil9x48lyz";
# };
# };
# }
# broken 2021-06-08
# {
# plugin = vimUtils.buildVimPlugin {
# name = "vim-perl";
# src = fetchFromGitHub {
# owner = "vim-perl";
# repo = "vim-perl";
# rev = "f330b5d474c44e6cfae22ba50868093dea3e9adb";
# sha256 = "1dy40ixgixj0536c5ggra51b4yd1lbw4j6l0j5zc3diasb7m2gvr";
# };
# };
# }
# broken 2021-06-08
# {
# plugin = vimUtils.buildVimPlugin {
# name = "vim-perl";
# src = fetchFromGitHub {
# owner = "vim-perl";
# repo = "vim-perl";
# rev = "f330b5d474c44e6cfae22ba50868093dea3e9adb";
# sha256 = "1dy40ixgixj0536c5ggra51b4yd1lbw4j6l0j5zc3diasb7m2gvr";
# };
# };
# }
{
plugin = vimUtils.buildVimPlugin {
name = "git-blame";
src = fetchFromGitHub {
"owner" = "zivyangll";
"repo" = "git-blame.vim";
"rev" = "9d144b7bed5d8f1c9259551768b7f3b3d1294917";
"sha256" = "06zb5xcc59k25rpwl46j82fcqckiznmj97v6i0mwlb8jhqqrhy9j";
};
};
}
]
++ (with pkgs.vimPlugins; [
delimitMate
vim-airline
vim-airline-themes
ctrlp
vim-css-color
rainbow_parentheses
vim-colorschemes
vim-colorstepper
vim-signify
fugitive
vim-indent-guides
UltiSnips
fzfWrapper
{
plugin = vimUtils.buildVimPlugin {
name = "git-blame";
src = fetchFromGitHub {
"owner" = "zivyangll";
"repo" = "git-blame.vim";
"rev" = "9d144b7bed5d8f1c9259551768b7f3b3d1294917";
"sha256" = "06zb5xcc59k25rpwl46j82fcqckiznmj97v6i0mwlb8jhqqrhy9j";
};
};
}
] ++ (with pkgs.vimPlugins; [
delimitMate
vim-airline
vim-airline-themes
ctrlp
vim-css-color
rainbow_parentheses
vim-colorschemes
vim-colorstepper
vim-signify
fugitive
vim-indent-guides
UltiSnips
fzfWrapper
ncm2
ncm2-bufword
ncm2-path
ncm2-tmux
ncm2-ultisnips
nvim-yarp
ncm2
ncm2-bufword
ncm2-path
ncm2-tmux
ncm2-ultisnips
nvim-yarp
LanguageClient-neovim
LanguageClient-neovim
Improved-AnsiEsc
tabular
Improved-AnsiEsc
tabular
# Nix
vim-addon-nix tlib
vim-addon-vim2nix
# Nix
vim-addon-nix
tlib
vim-addon-vim2nix
# LaTeX
vim-latex-live-preview
vimtex
# LaTeX
vim-latex-live-preview
vimtex
# YAML
vim-yaml
# YAML
vim-yaml
# markdown
vim-markdown
vim-markdown-toc
# markdown
vim-markdown
vim-markdown-toc
# misc syntax support
vim-bazel maktaba
])
;
# misc syntax support
vim-bazel
maktaba
]);
};
}

20
nix/home-manager/programs/pass.nix
View file

@ -1,23 +1,15 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
home.sessionVariables = {
# required by pass-otp
PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
PASSWORD_STORE_EXTENSIONS_DIR =
"$HOME/.nix-profile/lib/password-store/extensions";
PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
};
programs.browserpass = {
enable = true;
};
home.packages = with pkgs; [
pass
qtpass
rofi-pass
gnupg
];
programs.browserpass = { enable = true; };
home.packages = with pkgs; [ pass qtpass rofi-pass gnupg ];
}

86
nix/home-manager/programs/podman.nix
View file

@ -1,50 +1,48 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
let
cniConfigDir = let
loopback = pkgs.writeText "00-loopback.conf" ''
{
"cniVersion": "0.3.0",
"type": "loopback"
}
'';
podman-bridge = pkgs.writeText "87-podman-bridge.conflist" ''
{
"cniVersion": "0.3.0",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.88.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
'';
in pkgs.runCommand "cniConfig" {} ''
set -x
mkdir $out;
ln -s ${loopback} $out/${loopback.name}
ln -s ${podman-bridge} $out/${podman-bridge.name}
loopback = pkgs.writeText "00-loopback.conf" ''
{
"cniVersion": "0.3.0",
"type": "loopback"
}
'';
podman-bridge = pkgs.writeText "87-podman-bridge.conflist" ''
{
"cniVersion": "0.3.0",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.88.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
'';
in pkgs.runCommand "cniConfig" { } ''
set -x
mkdir $out;
ln -s ${loopback} $out/${loopback.name}
ln -s ${podman-bridge} $out/${podman-bridge.name}
'';
containersConf = pkgs.writeText "containers.conf" ''
# containers.conf is the default configuration file for all tools using libpod to
# manage containers
@ -107,9 +105,7 @@ let
default_network = "podman"
'';
in {
home.packages = with pkgs; [
podman
];
home.packages = with pkgs; [ podman ];
home.file.".config/containers/containers.conf".source = containersConf;

14
nix/home-manager/programs/vscode/default.nix
View file

@ -462,20 +462,16 @@ let
sha256 = "1jmmbz3i0hxq5ka4rsk07mynxh3pkh5g736d9ryv1czhnrb06lwf";
}
];
in
{
in {
programs.vscode = {
enable = true;
extensions = []
++ packagedExtensions
# ++ marketPlaceExtensions
;
extensions = [ ] ++ packagedExtensions
# ++ marketPlaceExtensions
;
};
home.packages = [
pkgs.nixpkgs-fmt
];
home.packages = [ pkgs.nixpkgs-fmt ];
}
# TODO: automate

63
nix/home-manager/programs/zsh.nix
View file

@ -3,37 +3,36 @@
{ ... }:
let
just-plugin =
let
plugin_file = pkgs.writeText "_just" ''
#compdef just
#autload
just-plugin = let
plugin_file = pkgs.writeText "_just" ''
#compdef just
#autload
alias justl="\just --list"
alias juste="\just --evaluate"
alias justl="\just --list"
alias juste="\just --evaluate"
local subcmds=()
local subcmds=()
while read -r line ; do
if [[ ! $line == Available* ]] ;
then
subcmds+=(''${line/[[:space:]]*\#/:})
fi
done < <(just --list)
while read -r line ; do
if [[ ! $line == Available* ]] ;
then
subcmds+=(''${line/[[:space:]]*\#/:})
fi
done < <(just --list)
_describe 'command' subcmds
'';
_describe 'command' subcmds
'';
in pkgs.stdenv.mkDerivation {
name = "just-completions";
version = "0.1.0";
phases = "installPhase";
installPhase = ''
PLUGIN_PATH=$out/share/oh-my-zsh/plugins/just
mkdir -p $PLUGIN_PATH
cp ${plugin_file} $PLUGIN_PATH/_just
chmod --recursive a-w $out
'';
in pkgs.stdenv.mkDerivation {
name = "just-completions";
version = "0.1.0";
phases = "installPhase";
installPhase = ''
PLUGIN_PATH=$out/share/oh-my-zsh/plugins/just
mkdir -p $PLUGIN_PATH
cp ${plugin_file} $PLUGIN_PATH/_just
chmod --recursive a-w $out
'';
};
in {
@ -43,8 +42,7 @@ in {
# will be called again by oh-my-zsh
enableCompletion = false;
enableAutosuggestions = true;
initExtra = let
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
initExtra = let inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
in ''
PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f '
RPROMPT=""
@ -59,8 +57,8 @@ in {
${if builtins.hasAttr "homeshick" pkgs then ''
source ${pkgs.homeshick}/homeshick.sh
fpath=(${pkgs.homeshick}/completions $fpath)
'' else ''
''}
'' else
""}
# Disable intercepting of ctrl-s and ctrl-q as flow control.
stty stop ''' -ixoff -ixon
@ -117,10 +115,7 @@ in {
oh-my-zsh = {
enable = true;
theme = "tjkirch";
plugins = [
"git"
"sudo"
];
plugins = [ "git" "sudo" ];
};
};
}

7
nix/ops/nano/configuration.nix
View file

@ -5,10 +5,9 @@
{ n, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;

15
nix/ops/nano/hardware-configuration.nix
View file

@ -4,18 +4,17 @@
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e02a410e-5044-440f-90e9-b573e51f1315";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/e02a410e-5044-440f-90e9-b573e51f1315";
fsType = "ext4";
};
swapDevices = [ ];

31
nix/ops/nanos@kn.nix
View file

@ -1,26 +1,25 @@
{ nixpkgs ? import <nixpkgs> {}
, nrNanos ? 1 # Number of nanos
{ nixpkgs ? import <nixpkgs> { }, nrNanos ? 1 # Number of nanos
}:
let
let
pkgs = nixpkgs;
webserver = { services.httpd.enable = true;
services.httpd.adminAddr = "mail@stefanjunker.de";
services.httpd.documentRoot = "${pkgs.nixops}/share/doc/nixops/";
networking.firewall.allowedTCPPorts = [ 80 ];
webserver = {
services.httpd.enable = true;
services.httpd.adminAddr = "mail@stefanjunker.de";
services.httpd.documentRoot = "${pkgs.nixops}/share/doc/nixops/";
networking.firewall.allowedTCPPorts = [ 80 ];
};
mkNano = { n }: {
imports = [
(import ./nano/configuration.nix {inherit pkgs n;})
../configuration/common/user/root.nix
];
deployment.targetEnv = "none";
deployment.targetHost = "nano${toString n}";
imports = [
(import ./nano/configuration.nix { inherit pkgs n; })
../configuration/common/user/root.nix
];
deployment.targetEnv = "none";
deployment.targetHost = "nano${toString n}";
};
mkNanos = n: nixpkgs.lib.nameValuePair "nano${toString n}" (
mkNano { inherit n; }
);
mkNanos = n:
nixpkgs.lib.nameValuePair "nano${toString n}" (mkNano { inherit n; });
in nixpkgs.lib.listToAttrs (map mkNanos (nixpkgs.lib.range 0 (nrNanos - 1)))

56
nix/os/containers/backup-target.nix
View file

@ -1,20 +1,15 @@
{ hostAddress
, localAddress
, containerBackupCfg
, sshPort ? containerBackupCfg.portInt
}: {
{ hostAddress, localAddress, containerBackupCfg
, sshPort ? containerBackupCfg.portInt }: {
config = { config, pkgs, lib, ... }: {
system.stateVersion = "21.11"; # Did you read the comment?
imports = [
../profiles/containers/configuration.nix
];
imports = [ ../profiles/containers/configuration.nix ];
networking.firewall.enable = false;
services.ddclientovh = {
enable = true;
domain = containerBackupCfg.addr;
enable = true;
domain = containerBackupCfg.addr;
};
services.openssh.enable = true;
@ -35,16 +30,23 @@
security.sudo = {
enable = true;
extraRules = [
{
users = [ "bkp" ];
commands = [
{ command = "/etc/profiles/per-user/bkp/bin/btrfs"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/readlink"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/test"; options = [ "NOPASSWD" ]; }
];
}
];
extraRules = [{
users = [ "bkp" ];
commands = [
{
command = "/etc/profiles/per-user/bkp/bin/btrfs";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/readlink";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/test";
options = [ "NOPASSWD" ];
}
];
}];
};
};
@ -58,14 +60,12 @@
};
privateNetwork = true;
forwardPorts = [
{
# ssh
containerPort = 22;
hostPort = sshPort;
protocol = "tcp";
}
];
forwardPorts = [{
# ssh
containerPort = 22;
hostPort = sshPort;
protocol = "tcp";
}];
inherit hostAddress localAddress;
}

57
nix/os/containers/backup.nix
View file

@ -1,9 +1,4 @@
{ config
, hostAddress
, localAddress
, subvolumes
, targetPathSuffix ? ""
}:
{ config, hostAddress, localAddress, subvolumes, targetPathSuffix ? "" }:
let
passwords = import ../../variables/passwords.crypt.nix;
@ -13,14 +8,9 @@ in {
config = { pkgs, ... }: {
system.stateVersion = "20.03"; # Did you read the comment?
imports = [
../profiles/containers/configuration.nix
];
imports = [ ../profiles/containers/configuration.nix ];
environment.systemPackages = with pkgs; [
btrfs-progs
btrbk
];
environment.systemPackages = with pkgs; [ btrfs-progs btrbk ];
networking.firewall.enable = true;
@ -28,17 +18,11 @@ in {
enable = true;
description = "bkp-sync service";
serviceConfig = {
Type = "oneshot";
};
serviceConfig = { Type = "oneshot"; };
after = [
"bkp-run.service"
];
after = [ "bkp-run.service" ];
requires = [
"bkp-run.service"
];
requires = [ "bkp-run.service" ];
path = with pkgs; [ utillinux ];
script = ''
@ -51,17 +35,13 @@ in {
enable = true;
description = "bkp-run";
serviceConfig = {
Type = "oneshot";
};
serviceConfig = { Type = "oneshot"; };
partOf = [
"bkp-sync.service"
];
partOf = [ "bkp-sync.service" ];
path = with pkgs; [ btrfs-progs btrbk coreutils ];
script = let
script = let
btrbkConf = pkgs.writeText "cfg" ''
timestamp_format long
ssh_identity ${passwords.storage.backupTarget.keyPath}
@ -78,7 +58,8 @@ in {
volume ${subvolumeParentDir}
target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix}
${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") "" subvolumes}
${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") ""
subvolumes}
'';
in ''
#! ${pkgs.bash}/bin/bash
@ -95,10 +76,10 @@ in {
timerConfig = {
# Obtained using `systemd-analyze calendar "Wed 23:00"`
# OnCalendar = "Wed *-*-* 23:00:00";
OnStartupSec="1m";
OnStartupSec = "1m";
Unit = "bkp-sync.service";
OnUnitInactiveSec="2h";
Persistent="true";
OnUnitInactiveSec = "2h";
Persistent = "true";
};
};
};
@ -122,13 +103,13 @@ in {
};
};
allowedDevices = [
{ node = "/dev/fuse"; modifier = "rw"; }
];
allowedDevices = [{
node = "/dev/fuse";
modifier = "rw";
}];
privateNetwork = true;
forwardPorts = [
];
forwardPorts = [ ];
inherit hostAddress localAddress;
}

104
nix/os/containers/mailserver.nix
View file

@ -1,28 +1,20 @@
{ hostAddress
, localAddress
, imapsPort ? 993
, sievePort ? 4190
}:
{ hostAddress, localAddress, imapsPort ? 993, sievePort ? 4190 }:
let
passwords = import ../../variables/passwords.crypt.nix;
let passwords = import ../../variables/passwords.crypt.nix;
in
{
in {
config = { pkgs, ... }: {
system.stateVersion = "21.11"; # Did you read the comment?
imports = [
../profiles/containers/configuration.nix
../profiles/common/user.nix
];
imports =
[ ../profiles/containers/configuration.nix ../profiles/common/user.nix ];
networking.firewall.enable = false;
services.ddclientovh = {
enable = true;
domain = "mailserver.svc.stefanjunker.de";
enable = true;
domain = "mailserver.svc.stefanjunker.de";
};
services.dovecot2 = {
@ -43,7 +35,7 @@ in
extraConfig = ''
auth_mechanisms = cram-md5 digest-md5
auth_verbose = yes
passdb {
driver = passwd-file
args = scheme=CRYPT username_format=%u /etc/dovecot/users
@ -75,26 +67,26 @@ in
description = "Getmail service";
path = [ pkgs.getmail6 ];
script = let
rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
[options]
verbose = 1
read_all = 0
delete_after = 30
rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
[options]
verbose = 1
read_all = 0
delete_after = 30
[retriever]
type = SimpleIMAPSSLRetriever
server = ssl0.ovh.net
port = 993
username = mail@stefanjunker.de
password = ${passwords.email.mailStefanjunkerDe}
mailboxes = ('INBOX',)
[retriever]
type = SimpleIMAPSSLRetriever
server = ssl0.ovh.net
port = 993
username = mail@stefanjunker.de
password = ${passwords.email.mailStefanjunkerDe}
mailboxes = ('INBOX',)
[destination]
type = MDA_external
path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda
'';
in ''
getmail --rcfile=${rc} --idle=INBOX
[destination]
type = MDA_external
path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda
'';
in ''
getmail --rcfile=${rc} --idle=INBOX
'';
};
@ -108,45 +100,45 @@ in
serviceConfig.RestartSec = 1000;
serviceConfig.Restart = "always";
script = let
rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''
[options]
verbose = 1
read_all = 0
delete_after = 30
rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''
[options]
verbose = 1
read_all = 0
delete_after = 30
[retriever]
type = SimpleIMAPSSLRetriever
server = imap.web.de
port = 993
username = schtif
password = ${passwords.email.schtifATwebDe}
mailboxes = ('INBOX',)
[retriever]
type = SimpleIMAPSSLRetriever
server = imap.web.de
port = 993
username = schtif
password = ${passwords.email.schtifATwebDe}
mailboxes = ('INBOX',)
[destination]
type = Maildir
path = ~/.maildir/
'';
in ''
getmail --rcfile=${rc}
[destination]
type = Maildir
path = ~/.maildir/
'';
in ''
getmail --rcfile=${rc}
'';
};
};
};
autoStart = true;
bindMounts = {
"/etc/secrets/" = {
"/etc/secrets/" = {
hostPath = "/var/lib/container-volumes/mailserver/etc-secrets";
isReadOnly = false;
};
"/home" = {
"/home" = {
hostPath = "/var/lib/container-volumes/mailserver/home";
isReadOnly = false;
};
};
privateNetwork = true ;
privateNetwork = true;
forwardPorts = [
{
# imaps

11
nix/os/containers/syncthing.nix
View file

@ -1,17 +1,12 @@
{ hostAddress
, localAddress
, syncthingPort ? 22000
, syncthingLocalAnnouncePort ? 21027
}:
{ hostAddress, localAddress, syncthingPort ? 22000
, syncthingLocalAnnouncePort ? 21027 }:
{
config = { config, pkgs, ... }: {
system.stateVersion = "20.05"; # Did you read the comment?
imports = [
../profiles/containers/configuration.nix
];
imports = [ ../profiles/containers/configuration.nix ];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [

37
nix/os/containers/webserver.nix
View file

@ -1,25 +1,17 @@
{ hostAddress
, localAddress
, httpPort ? 80
, httpsPort ? 443
}:
{ hostAddress, localAddress, httpPort ? 80, httpsPort ? 443 }:
let
passwords = import ../../variables/passwords.crypt.nix;
in
{
let passwords = import ../../variables/passwords.crypt.nix;
in {
config = { config, pkgs, lib, ... }: {
system.stateVersion = "22.05"; # Did you read the comment?
imports = [
../profiles/containers/configuration.nix
];
imports = [ ../profiles/containers/configuration.nix ];
networking.firewall.enable = false;
services.ddclientovh = {
enable = true;
domain = "www.stefanjunker.de";
enable = true;
domain = "www.stefanjunker.de";
};
security.acme = {
@ -58,20 +50,16 @@ in
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
locations."/fi" = {
index = "index.php";
};
locations."/fi" = { index = "index.php"; };
locations."~ ^(.+\.php)(.*)$".extraConfig = ''
locations."~ ^(.+.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket};
fastcgi_index index.php;
'';
locations."/hedgedoc/" = {
proxyPass = "http://127.0.0.1:3000/";
};
locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; };
locations."/hedgedoc/socket.io/" = {
proxyPass = "http://127.0.0.1:3000/socket.io/";
@ -92,15 +80,14 @@ in
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
"php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
"php_admin_value[error_reporting]" =
"E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
};
};
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
systemd.services."phpfpm-mypool" = {
serviceConfig = {
Type = lib.mkForce "simple";
};
serviceConfig = { Type = lib.mkForce "simple"; };
};
services.mysql = {

4
nix/os/devices/167.233.1.14/boot.nix
View file

@ -1,6 +1,4 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiSupport = lib.mkForce false;

3
nix/os/devices/167.233.1.14/configuration.nix
View file

@ -1,8 +1,7 @@
{ ... }:
{
disabledModules = [
];
disabledModules = [ ];
imports = [
../../profiles/common/configuration.nix

15
nix/os/devices/167.233.1.14/hw.nix
View file

@ -1,7 +1,7 @@
{ ... }:
let
stage1Modules = [
stage1Modules = [
"virtio_balloon"
"virtio_scsi"
"virtio_net"
@ -18,8 +18,7 @@ let
"ata_generic"
];
in
{
in {
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02";
fsType = "ext4";
@ -39,14 +38,12 @@ in
neededForBoot = true;
};
swapDevices = [ { device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; } ];
swapDevices =
[{ device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; }];
boot.loader.grub = {
device = "/dev/vda";
};
boot.loader.grub = { device = "/dev/vda"; };
boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

49
nix/os/devices/167.233.1.14/pkg.nix
View file

@ -1,30 +1,29 @@
{ config
, pkgs
, lib
, ...
}:
{ config, pkgs, lib, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
extraPackages = [
# required by vscode's remote-ssh plugin
pkgs.nodejs
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
extraPackages = [
# required by vscode's remote-ssh plugin
pkgs.nodejs
# allow clipboard exchanges
pkgs.xsel
pkgs.xclip
];
};
# allow clipboard exchanges
pkgs.xsel
pkgs.xclip
];
};
nix.buildMachines = [
{ hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}];
}

44
nix/os/devices/167.233.1.14/system.nix
View file

@ -1,15 +1,9 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
keys = import ../../../variables/keys.nix;
let keys = import ../../../variables/keys.nix;
in {
nix.binaryCaches = [
"https://cache.holo.host"
];
nix.binaryCaches = [ "https://cache.holo.host" ];
nix.binaryCachePublicKeys = [
"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
@ -32,11 +26,11 @@ in {
networking.interfaces.eth0 = {
mtu = 1400;
useDHCP = false;
ipv4.addresses = [
{ "address" = "167.233.1.14"; "prefixLength" = 29; }
];
ipv6.addresses = [
];
ipv4.addresses = [{
"address" = "167.233.1.14";
"prefixLength" = 29;
}];
ipv6.addresses = [ ];
};
networking.defaultGateway = {
@ -49,9 +43,7 @@ in {
interface = "eth0";
};
networking.nameservers = [
"1.1.1.1"
];
networking.nameservers = [ "1.1.1.1" ];
networking.nat = {
enable = true;
@ -63,9 +55,7 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = {
docker.enable = true;
};
virtualisation = { docker.enable = true; };
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
@ -79,25 +69,21 @@ in {
'';
};
systemd.services.sshd.serviceConfig = {
TasksMax = 32;
};
systemd.services.sshd.serviceConfig = { TasksMax = 32; };
systemd.timers."sshd-status" = {
description = "Timer to trigger sshd-status periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
timerConfig = {
OnActiveSec="360s";
OnUnitActiveSec="360s";
AccuracySec="1s";
OnActiveSec = "360s";
OnUnitActiveSec = "360s";
AccuracySec = "1s";
Unit = "sshd-status.service";
};
};
nix.gc = {
automatic = true;
};
nix.gc = { automatic = true; };
networking.useHostResolvConf = true;

3
nix/os/devices/167.233.1.14/versions.nix
View file

@ -4,9 +4,8 @@ let
ref = "nixos-21.11";
rev = "e34c5379866833f41e2a36f309912fa675d687c7";
};
in
{
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;
"channels-nixos-21.05" = {

35
nix/os/devices/167.233.1.14/versions.tmpl.nix
View file

@ -2,46 +2,61 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;
"channels-nixos-21.05" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.05";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-20.09" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-20.03" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.03";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-19.09" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-19.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.05";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

61
nix/os/devices/default.nix
View file

@ -1,45 +1,35 @@
{ dir
, pkgs ? import <channels-nixos-stable> {}
, ownLib ? import ../lib/default.nix { }
, gitRoot ? "$(git rev-parse --show-toplevel)"
{ dir, pkgs ? import <channels-nixos-stable> { }
, ownLib ? import ../lib/default.nix { }, gitRoot ?
"$(git rev-parse --show-toplevel)"
# FIXME: why do these need explicit mentioning?
, moreargs ? ""
, rebuildarg ? ""
, ...
} @ args :
# FIXME: why do these need explicit mentioning?
, moreargs ? "", rebuildarg ? "", ... }@args:
let
rebuildargsSudo = [ "switch" "boot" ];
rebuild = {
gitRoot
, rebuildarg ? "dry-activate"
, moreargs ? ""
rebuild = { gitRoot, rebuildarg ? "dry-activate", moreargs ? ""
, ...
}: pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
, ... }:
pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
pushd ${gitRoot}/${dir}
export NIXOS_CONFIG="$PWD"/configuration.nix
pushd ${gitRoot}/${dir}
export NIXOS_CONFIG="$PWD"/configuration.nix
[[ -e "''${NIXOS_CONFIG}" ]]
[[ -e "''${NIXOS_CONFIG}" ]]
if test -L result; then
rm result
fi
if test -L result; then
rm result
fi
${if (builtins.elem rebuildarg rebuildargsSudo)
&& (builtins.match ".*--target-host.*" moreargs) == null
then
${if (builtins.elem rebuildarg rebuildargsSudo)
&& (builtins.match ".*--target-host.*" moreargs) == null then
"sudo -E \\"
else
""
}
nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs}
'';
""}
nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs}
'';
in {
recipes = {
@ -48,9 +38,8 @@ in {
inherit moreargs;
inherit rebuildarg;
}
# // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
# // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
;
} // (import ./disk.nix (args // { inherit pkgs ownLib gitRoot; }))
;
# // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
# // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
;
} // (import ./disk.nix (args // { inherit pkgs ownLib gitRoot; }));
}

60
nix/os/devices/disk.nix
View file

@ -1,16 +1,12 @@
{ pkgs
, ownLib
, dir
, gitRoot
, diskId ? (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.opinionatedDisk.diskId
, encrypted ? (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.opinionatedDisk.encrypted
, previousDiskId ? ""
{ pkgs, ownLib, dir, gitRoot, diskId ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{ }).hardware.opinionatedDisk.diskId, encrypted ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{ }).hardware.opinionatedDisk.encrypted, previousDiskId ? ""
, ...
}:
, ... }:
let
mntRootVol="/mnt/${diskId}-root";
let mntRootVol = "/mnt/${diskId}-root";
in rec {
diskMount = pkgs.writeScript "script" ''
@ -18,14 +14,18 @@ in rec {
set -xe
echo Mounting ${diskId}
${pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''}
sleep 1
sudo vgchange -ay ${ownLib.disk.volumeGroup diskId}
sudo mkdir -p /mnt
sudo mkdir ${mntRootVol}
sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}
sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}/nixos/home -o subvol=home
sudo mount ${
ownLib.disk.rootFsDevice diskId
} ${mntRootVol}/nixos/home -o subvol=home
sudo mount ${ownLib.disk.bootFsDevice diskId} ${mntRootVol}/nixos/boot
'';
@ -62,7 +62,9 @@ in rec {
#!/usr/bin/env bash
set -xe
read -p "Continue to format ${ownLib.disk.bootGrubDevice diskId} (YES/n)? " choice
read -p "Continue to format ${
ownLib.disk.bootGrubDevice diskId
} (YES/n)? " choice
case "$choice" in
YES ) echo "Continuing in 3 seconds..."; sleep 3;;
n|N ) echo "Exiting..."; exit 0;;
@ -76,16 +78,16 @@ in rec {
g
n
1
+1M
n
2
+512M
n
3
t
1
4
@ -109,11 +111,15 @@ in rec {
${pkgs.lib.strings.optionalString encrypted ''
# Encrypt
sudo cryptsetup luksFormat ${ownLib.disk.bootLuksDevice diskId} -
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''}
# LVM
sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${ownLib.disk.lvmPv diskId encrypted}
sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${
ownLib.disk.lvmPv diskId encrypted
}
sudo lvcreate ${ownLib.disk.volumeGroup diskId} -L 2G -n swap
sudo lvcreate ${ownLib.disk.volumeGroup diskId} -l 100%FREE -n root
@ -137,7 +143,9 @@ in rec {
#!/usr/bin/env bash
set -xe
read -p "Continue to relabel ${ownLib.disk.bootGrubDevice diskId} (YES/n)?" choice
read -p "Continue to relabel ${
ownLib.disk.bootGrubDevice diskId
} (YES/n)?" choice
case "$choice" in
YES ) echo "Continuing in 3 seconds..."; sleep 3;;
n|N ) echo "Exiting..."; exit 0;;
@ -168,9 +176,13 @@ in rec {
if test "${previousDiskId}"; then
${pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
''}
${
pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''
}
sync
sleep 1
if sudo vgs ${previousDiskId}; then

6
nix/os/devices/elias-e525/boot.nix
View file

@ -1,8 +1,6 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

3
nix/os/devices/elias-e525/hw.nix
View file

@ -9,6 +9,5 @@
};
# boot.initrd.availableKernelModules = stage1Modules;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

73
nix/os/devices/elias-e525/pkg.nix
View file

@ -1,45 +1,41 @@
{ pkgs
, lib
, ...
}:
{ pkgs, lib, ... }:
let
homeEnv = keyboard:
{
imports = [
(import ../../../home-manager/configuration/graphical-gnome3.nix { inherit pkgs; })
];
homeEnv = keyboard: {
imports = [
(import ../../../home-manager/configuration/graphical-gnome3.nix {
inherit pkgs;
})
];
home.keyboard = keyboard;
home.keyboard = keyboard;
home.packages = with pkgs; [
rhythmbox
lollypop
dia
kotatogram-desktop
jitsi
];
};
in
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
home.packages = with pkgs; [
rhythmbox
lollypop
dia
kotatogram-desktop
jitsi
];
};
services.gnome =
builtins.mapAttrs
(attr: value: lib.mkForce value)
{
games.enable = true;
gnome-remote-desktop.enable = true;
gnome-user-share.enable = true;
rygel.enable = true;
sushi.enable = true;
tracker.enable = true;
tracker-miners.enable = true;
}
;
in {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) {
games.enable = true;
gnome-remote-desktop.enable = true;
gnome-user-share.enable = true;
rygel.enable = true;
sushi.enable = true;
tracker.enable = true;
tracker-miners.enable = true;
};
home-manager.users.steveej = homeEnv {
layout = "en";
@ -49,17 +45,16 @@ in
home-manager.users.elias = homeEnv {
layout = "de";
options = [];
options = [ ];
variant = "";
};
home-manager.users.justyna = homeEnv {
layout = "de";
options = [];
options = [ ];
variant = "";
};
services.teamviewer.enable = true;
system.stateVersion = "21.11";
}

19
nix/os/devices/elias-e525/system.nix
View file

@ -1,13 +1,8 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
in
{
in {
# TASK: new device
networking.hostName = "elias-e525"; # Define your hostname.
@ -22,10 +17,7 @@ in
services.printing = {
enable = true;
drivers = with pkgs; [
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
drivers = with pkgs; [ mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
};
services.fprintd.enable = true;
@ -49,9 +41,8 @@ in
# udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
};
security.pki.certificateFiles = [
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = [ "modesetting" ];

4
nix/os/devices/elias-e525/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/elias-e525/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

23
nix/os/devices/elias-e525/versions.tmpl.nix
View file

@ -2,29 +2,34 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.11";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

6
nix/os/devices/fwhost1/boot.nix
View file

@ -1,8 +1,6 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

6
nix/os/devices/fwhost1/hw.nix
View file

@ -2,8 +2,7 @@
let
in
{
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
@ -12,6 +11,5 @@ in
};
hardware.enableRedistributableFirmware = true;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

24
nix/os/devices/fwhost1/pkg.nix
View file

@ -1,18 +1,18 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
environment.systemPackages = with pkgs; [
iw
wirelesstools
];
environment.systemPackages = with pkgs; [ iw wirelesstools ];
system.stateVersion = "21.11";
}

20
nix/os/devices/fwhost1/system.nix
View file

@ -1,7 +1,4 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
keys = import ../../../variables/keys.nix;
@ -31,16 +28,25 @@ in {
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.15"; prefixLength = 24; } ];
networking.interfaces.wan1.ipv4.addresses = [{
address = "192.168.0.15";
prefixLength = 24;
}];
networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.15"; prefixLength = 12; } ];
networking.interfaces.wan2.ipv4.addresses = [{
address = "172.16.0.15";
prefixLength = 12;
}];
# Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{ address = "172.172.171.15"; prefixLength = 24; } ];
networking.interfaces.lan.ipv4.addresses = [{
address = "172.172.171.15";
prefixLength = 24;
}];
networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth";

7
nix/os/devices/fwhost1/user.nix
View file

@ -1,11 +1,8 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
in {
}
in { }

7
nix/os/devices/fwhost1/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

23
nix/os/devices/fwhost1/versions.tmpl.nix
View file

@ -2,30 +2,35 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.11";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

6
nix/os/devices/fwhost2/boot.nix
View file

@ -1,8 +1,6 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

6
nix/os/devices/fwhost2/hw.nix
View file

@ -2,8 +2,7 @@
let
in
{
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
@ -12,6 +11,5 @@ in
};
hardware.enableRedistributableFirmware = true;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

24
nix/os/devices/fwhost2/pkg.nix
View file

@ -1,18 +1,18 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
environment.systemPackages = with pkgs; [
iw
wirelesstools
];
environment.systemPackages = with pkgs; [ iw wirelesstools ];
system.stateVersion = "21.11";
}

21
nix/os/devices/fwhost2/system.nix
View file

@ -1,8 +1,4 @@
{ pkgs
, lib
, config
, utils
, ... }:
{ pkgs, lib, config, utils, ... }:
let
keys = import ../../../variables/keys.nix;
@ -32,16 +28,25 @@ in {
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.16"; prefixLength = 24; } ];
networking.interfaces.wan1.ipv4.addresses = [{
address = "192.168.0.16";
prefixLength = 24;
}];
networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.16"; prefixLength = 12; } ];
networking.interfaces.wan2.ipv4.addresses = [{
address = "172.16.0.16";
prefixLength = 12;
}];
# Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{ address = "172.172.171.16"; prefixLength = 24; } ];
networking.interfaces.lan.ipv4.addresses = [{
address = "172.172.171.16";
prefixLength = 24;
}];
networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth";

4
nix/os/devices/fwhost2/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/fwhost2/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

23
nix/os/devices/fwhost2/versions.tmpl.nix
View file

@ -2,30 +2,35 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.11";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

4
nix/os/devices/srv0.home-ch.stefanjunker.de/boot.nix
View file

@ -1,6 +1,4 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiSupport = true;

3
nix/os/devices/srv0.home-ch.stefanjunker.de/configuration.nix
View file

@ -1,8 +1,7 @@
{ ... }:
{
disabledModules = [
];
disabledModules = [ ];
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

8
nix/os/devices/srv0.home-ch.stefanjunker.de/hw.nix
View file

@ -1,7 +1,7 @@
{ ... }:
let
stage1Modules = [
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -20,8 +20,7 @@ let
"xhci_pci"
];
in
{
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
@ -31,6 +30,5 @@ in
boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

33
nix/os/devices/srv0.home-ch.stefanjunker.de/pkg.nix
View file

@ -1,22 +1,23 @@
{ config
, pkgs
, lib
, ...
}:
{ config, pkgs, lib, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
nix.buildMachines = [
{ hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}];
# services.hydra = {
# enable = false;

26
nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix
View file

@ -1,9 +1,6 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
let
keys = import ../../../variables/keys.nix;
in {
@ -46,18 +43,12 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = {
docker.enable = true;
};
virtualisation = { docker.enable = true; };
nix.gc = {
automatic = true;
};
nix.gc = { automatic = true; };
networking.useHostResolvConf = false;
services.resolved = {
enable = true;
};
services.resolved = { enable = true; };
containers = {
mailserver = import ../../containers/mailserver.nix {
@ -87,12 +78,7 @@ in {
inherit config;
hostAddress = "192.168.100.16";
localAddress = "192.168.100.17";
subvolumes = [
"mailserver"
"webserver"
"backup"
"syncthing"
];
subvolumes = [ "mailserver" "webserver" "backup" "syncthing" ];
};
};

3
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.nix
View file

@ -4,9 +4,8 @@ let
ref = "nixos-22.05";
rev = "040c6d8374d090f46ab0e99f1f7c27a4529ecffd";
};
in
{
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;
"nixpkgs-master" = {

15
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.tmpl.nix
View file

@ -2,21 +2,26 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-22.05";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-22.05";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

2
nix/os/devices/steveej-nuc7pjyh-work/system.nix
View file

@ -3,7 +3,7 @@
let
in {
services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"'';
users.groups.sgx = {};
users.groups.sgx = { };
networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname.
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest;
}

19
nix/os/devices/steveej-nuc7pjyh-work/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;
@ -11,10 +9,19 @@ in {
users.extraUsers.sjunker = mkUser {
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
shell = pkgs.posh { image = "quay.io/enarx/fedora"; run_args = "-v /dev/sgx:/dev/sgx"; };
shell = pkgs.posh {
image = "quay.io/enarx/fedora";
run_args = "-v /dev/sgx:/dev/sgx";
};
extraGroups = [ "sgx" ];
subUidRanges = [{ startUid = 100000; count = 65536; }];
subGidRanges = [{ startGid = 100000; count = 65536; }];
subUidRanges = [{
startUid = 100000;
count = 65536;
}];
subGidRanges = [{
startGid = 100000;
count = 65536;
}];
};
}

6
nix/os/devices/steveej-pa600/boot.nix
View file

@ -1,8 +1,6 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

8
nix/os/devices/steveej-pa600/hw.nix
View file

@ -1,7 +1,7 @@
{ ... }:
let
stage1Modules = [
stage1Modules = [
"aesni_intel"
"kvm-intel"
"aes_x86_64"
@ -10,8 +10,7 @@ let
"hxci_hcd"
];
in
{
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
@ -21,6 +20,5 @@ in
# boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

18
nix/os/devices/steveej-pa600/pkg.nix
View file

@ -1,12 +1,16 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
services.teamviewer.enable = true;
system.stateVersion = "20.09";
}

19
nix/os/devices/steveej-pa600/system.nix
View file

@ -1,10 +1,6 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
keys = import ../../../variables/keys.nix;
let keys = import ../../../variables/keys.nix;
in {
# TASK: new device
@ -21,11 +17,7 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [
hplip
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
};
services.fprintd.enable = true;
@ -34,9 +26,8 @@ in {
sudo.fprintAuth = true;
};
security.pki.certificateFiles = [
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.serverFlagsSection = ''

4
nix/os/devices/steveej-pa600/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/steveej-pa600/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-20.09";
rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

23
nix/os/devices/steveej-pa600/versions.tmpl.nix
View file

@ -2,29 +2,34 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-20.09";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

3
nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix
View file

@ -1,5 +1,6 @@
{ ... }:
{
networking.hostName = "steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname.
networking.hostName =
"steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname.
}

9
nix/os/devices/steveej-rmvbl-sdep0/configuration.nix
View file

@ -1,9 +1,12 @@
{ ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
imports = [
../../profiles/common/configuration.nix

17
nix/os/devices/steveej-rmvbl-sdep0/versions.nix
View file

@ -4,20 +4,17 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
# "channels-nixos-21.05" = {
# url = "https://github.com/NixOS/nixpkgs/";
# ref = "nixos-21.05";
# rev = "df123677560db3b0db7c19d71981b11091fbeaf6";
# };
# "channels-nixos-21.05" = {
# url = "https://github.com/NixOS/nixpkgs/";
# ref = "nixos-21.05";
# rev = "df123677560db3b0db7c19d71981b11091fbeaf6";
# };
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";

7
nix/os/devices/steveej-t14/boot.nix
View file

@ -1,10 +1,7 @@
{ lib
, pkgs
, ...
}:
{ lib, pkgs, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

5
nix/os/devices/steveej-t14/hw.nix
View file

@ -1,7 +1,7 @@
{ ... }:
let
stage1Modules = [
stage1Modules = [
"aesni_intel"
"kvm_amd"
"nvme"
@ -11,8 +11,7 @@ let
"e1000e"
];
in
{
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;

18
nix/os/devices/steveej-t14/pkg.nix
View file

@ -1,12 +1,16 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
services.teamviewer.enable = true;
system.stateVersion = "20.09";
}

45
nix/os/devices/steveej-t14/system.nix
View file

@ -1,16 +1,10 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
keys = import ../../../variables/keys.nix;
let keys = import ../../../variables/keys.nix;
in {
nix = {
binaryCaches = [
"https://holochain-ci.cachix.org"
"https://cache.holo.host/"
];
binaryCaches =
[ "https://holochain-ci.cachix.org" "https://cache.holo.host/" ];
binaryCachePublicKeys = [
"holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8="
"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
@ -21,10 +15,11 @@ in {
# TASK: new device
networking.hostName = "steveej-t14"; # Define your hostname.
networking.bridges."virbr1".interfaces = [];
networking.interfaces."virbr1".ipv4.addresses = [
{ address = "10.254.254.254"; prefixLength = 24; }
];
networking.bridges."virbr1".interfaces = [ ];
networking.interfaces."virbr1".ipv4.addresses = [{
address = "10.254.254.254";
prefixLength = 24;
}];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
@ -40,11 +35,7 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [
hplip
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
};
services.fprintd.enable = true;
@ -55,12 +46,10 @@ in {
# virtualization
virtualisation = {
libvirtd = {
enable = true;
};
libvirtd = { enable = true; };
virtualbox.host = {
enable = false ;
enable = false;
addNetworkInterface = false;
};
@ -74,14 +63,10 @@ in {
# client min protocol = NT1
'';
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
security.pki.certificateFiles = [
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
services.xserver.videoDrivers = lib.mkForce [
"amdgpu"
];
services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"

4
nix/os/devices/steveej-t14/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/steveej-t14/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-22.05";
rev = "6107f97012a0c134c5848125b5aa1b149b76d2c9";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

27
nix/os/devices/steveej-t14/versions.tmpl.nix
View file

@ -2,34 +2,41 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-22.05";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-unstable-small" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable-small";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable-small | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable-small | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-22.05";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

4
nix/os/devices/steveej-t480s-work/configuration.nix
View file

@ -1,9 +1,7 @@
{ ... }:
{
disabledModules = [
"system/boot/initrd-network.nix"
];
disabledModules = [ "system/boot/initrd-network.nix" ];
imports = [
../../modules/initrd-network.nix

5
nix/os/devices/steveej-t480s-work/hw.nix
View file

@ -1,7 +1,7 @@
{ ... }:
let
stage1Modules = [
stage1Modules = [
"aesni_intel"
"kvm-intel"
"aes_x86_64"
@ -15,8 +15,7 @@ let
"hxci_hcd"
];
in
{
in {
# TASK: new device
hardware.encryptedDisk = {
enable = true;

18
nix/os/devices/steveej-t480s-work/pkg.nix
View file

@ -1,12 +1,16 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
services.teamviewer.enable = true;
system.stateVersion = "19.09";
}

47
nix/os/devices/steveej-t480s-work/system.nix
View file

@ -1,40 +1,32 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
keys = import ../../../variables/keys.nix;
let keys = import ../../../variables/keys.nix;
in {
# TASK: new device
networking.hostName = "steveej-t480s-work"; # Define your hostname.
# Used for testing local Openshift clusters
environment.etc."NetworkManager/dnsmasq.d/openshift.conf".text =
let
openshiftClusterName = "openshift-steveej";
openshiftDomain = "openshift.testing";
openshiftSubnetBase = "192.168.126";
in ''
server=/${openshiftDomain}/${openshiftSubnetBase}.1
address=/.apps.${openshiftClusterName}.${openshiftDomain}/${openshiftSubnetBase}.51
environment.etc."NetworkManager/dnsmasq.d/openshift.conf".text = let
openshiftClusterName = "openshift-steveej";
openshiftDomain = "openshift.testing";
openshiftSubnetBase = "192.168.126";
in ''
server=/${openshiftDomain}/${openshiftSubnetBase}.1
address=/.apps.${openshiftClusterName}.${openshiftDomain}/${openshiftSubnetBase}.51
'';
networking.firewall.enable = lib.mkForce false;
networking.firewall.checkReversePath = false;
networking.bridges."virbr1".interfaces = [];
networking.interfaces."virbr1".ipv4.addresses = [
{ address = "10.254.254.254"; prefixLength = 24; }
];
networking.bridges."virbr1".interfaces = [ ];
networking.interfaces."virbr1".ipv4.addresses = [{
address = "10.254.254.254";
prefixLength = 24;
}];
services.printing = {
enable = true;
drivers = with pkgs; [
hplip
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
};
services.fprintd.enable = true;
@ -48,12 +40,10 @@ in {
# virtualization
virtualisation = {
libvirtd = {
enable = true;
};
libvirtd = { enable = true; };
virtualbox.host = {
enable = false ;
enable = false;
addNetworkInterface = false;
};
@ -63,7 +53,6 @@ in {
};
};
boot.initrd.network = {
enable = true;
useDHCP = true;
@ -133,7 +122,7 @@ in {
auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*//
auth_to_local = DEFAULT
}
'';
'';
};
hardware.ledger.enable = true;

4
nix/os/devices/steveej-t480s-work/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/steveej-t480s-work/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-20.09";
rev = "b94726217f7cdc02ddf277b65553762d520da196";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

23
nix/os/devices/steveej-t480s-work/versions.tmpl.nix
View file

@ -2,29 +2,34 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-20.09";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

421
nix/os/devices/steveej-utilitepro/configuration.nix
View file

@ -4,224 +4,227 @@
{ config, pkgs, ... }:
let
passwords = import ../common/passwords.crypt.nix;
in
{
let passwords = import ../common/passwords.crypt.nix;
in {
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.03";
nix.maxJobs = 4;
nix.buildCores = 4;
nix.maxJobs = 4;
nix.buildCores = 4;
nix.extraOptions = ''
nix.extraOptions = ''
gc-keep-outputs = true
gc-keep-derivations = true
'';
'';
nixpkgs.config = {
packageOverrides = super:
let self = super.pkgs;
in {
linux_4_1 = super.linux_4_1.override {
kernelPatches = super.linux_4_1.kernelPatches ++ [
{
patch = ./patches/utilitepro-kernel-dts.patch;
name = "utilitepro-dts";
}
{
patch = ./patches/utilitepro-kernel-dts-Makefile.patch;
name = "utilitepro-dts-Makefile";
}
];
# add "CONFIG_PPP_FILTER y" option to the set of kernel options
extraConfig = ''
BTRFS_FS y
BTRFS_FS_POSIX_ACL y
FUSE_FS y
OVERLAY_FS y
BLK_DEV_DM y
DM_THIN_PROVISIONING y
NAMESPACES y
NET_NS y
PID_NS y
IPC_NS y
UTS_NS y
DEVPTS_MULTIPLE_INSTANCES y
CGROUPS y
CGROUP_CPUACCT y
CGROUP_DEVICE y
CGROUP_FREEZER y
CGROUP_SCHED y
CPUSETS y
MEMCG y
POSIX_MQUEUE y
MACVLAN m
VETH m
BRIDGE m
NF_TABLES m
NETFILTER y
NETFILTER_ADVANCED y
NF_NAT_IPV4 m
IP_NF_FILTER m
IP_NF_TARGET_MASQUERADE m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_CONNTRACK m
NF_NAT m
NF_NAT_NEEDED m
BRIDGE_NETFILTER m
NETFILTER_INGRESS y
NETFILTER_NETLINK m
NETFILTER_NETLINK_ACCT m
NETFILTER_NETLINK_QUEUE m
NETFILTER_NETLINK_LOG m
NETFILTER_SYNPROXY m
NETFILTER_XTABLES m
NETFILTER_XT_MARK m
NETFILTER_XT_CONNMARK m
NETFILTER_XT_SET m
NETFILTER_XT_TARGET_AUDIT m
NETFILTER_XT_TARGET_CHECKSUM m
NETFILTER_XT_TARGET_CLASSIFY m
NETFILTER_XT_TARGET_CONNMARK m
NETFILTER_XT_TARGET_CONNSECMARK m
NETFILTER_XT_TARGET_CT m
NETFILTER_XT_TARGET_DSCP m
NETFILTER_XT_TARGET_HL m
NETFILTER_XT_TARGET_HMARK m
NETFILTER_XT_TARGET_IDLETIMER m
NETFILTER_XT_TARGET_LED m
NETFILTER_XT_TARGET_LOG m
NETFILTER_XT_TARGET_MARK m
NETFILTER_XT_NAT m
NETFILTER_XT_TARGET_NETMAP m
NETFILTER_XT_TARGET_NFLOG m
NETFILTER_XT_TARGET_NFQUEUE m
NETFILTER_XT_TARGET_NOTRACK m
NETFILTER_XT_TARGET_RATEEST m
NETFILTER_XT_TARGET_REDIRECT m
NETFILTER_XT_TARGET_TEE m
NETFILTER_XT_TARGET_TPROXY m
NETFILTER_XT_TARGET_TRACE m
NETFILTER_XT_TARGET_SECMARK m
NETFILTER_XT_TARGET_TCPMSS m
NETFILTER_XT_TARGET_TCPOPTSTRIP m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_BPF m
NETFILTER_XT_MATCH_CGROUP m
NETFILTER_XT_MATCH_CLUSTER m
NETFILTER_XT_MATCH_COMMENT m
NETFILTER_XT_MATCH_CONNBYTES m
NETFILTER_XT_MATCH_CONNLABEL m
NETFILTER_XT_MATCH_CONNLIMIT m
NETFILTER_XT_MATCH_CONNMARK m
NETFILTER_XT_MATCH_CONNTRACK m
NETFILTER_XT_MATCH_CPU m
NETFILTER_XT_MATCH_DCCP m
NETFILTER_XT_MATCH_DEVGROUP m
NETFILTER_XT_MATCH_DSCP m
NETFILTER_XT_MATCH_ECN m
NETFILTER_XT_MATCH_ESP m
NETFILTER_XT_MATCH_HASHLIMIT m
NETFILTER_XT_MATCH_HELPER m
NETFILTER_XT_MATCH_HL m
NETFILTER_XT_MATCH_IPCOMP m
NETFILTER_XT_MATCH_IPRANGE m
NETFILTER_XT_MATCH_IPVS m
NETFILTER_XT_MATCH_L2TP m
NETFILTER_XT_MATCH_LENGTH m
NETFILTER_XT_MATCH_LIMIT m
NETFILTER_XT_MATCH_MAC m
NETFILTER_XT_MATCH_MARK m
NETFILTER_XT_MATCH_MULTIPORT m
NETFILTER_XT_MATCH_NFACCT m
NETFILTER_XT_MATCH_OSF m
NETFILTER_XT_MATCH_OWNER m
NETFILTER_XT_MATCH_POLICY m
NETFILTER_XT_MATCH_PHYSDEV m
NETFILTER_XT_MATCH_PKTTYPE m
NETFILTER_XT_MATCH_QUOTA m
NETFILTER_XT_MATCH_RATEEST m
NETFILTER_XT_MATCH_REALM m
NETFILTER_XT_MATCH_RECENT m
NETFILTER_XT_MATCH_SCTP m
NETFILTER_XT_MATCH_SOCKET m
NETFILTER_XT_MATCH_STATE m
NETFILTER_XT_MATCH_STATISTIC m
NETFILTER_XT_MATCH_STRING m
NETFILTER_XT_MATCH_TCPMSS m
NETFILTER_XT_MATCH_TIME m
NETFILTER_XT_MATCH_U32 m
nixpkgs.config = {
MEMCG_KMEM y
MEMCG_SWAP y
MEMCG_SWAP_ENABLED y
BLK_CGROUP y
IOSCHED_CFQ y
BLK_DEV_THROTTLING y
CGROUP_PERF y
CGROUP_HUGETLB y
NET_CLS_CGROUP y
CGROUP_NET_PRIO y
CFS_BANDWIDTH y
FAIR_GROUP_SCHED y
RT_GROUP_SCHED y
EXT3_FS y
EXT3_FS_XATTR y
EXT3_FS_POSIX_ACL y
EXT3_FS_SECURITY y
packageOverrides = super: let self = super.pkgs; in {
linux_4_1 = super.linux_4_1.override {
kernelPatches = super.linux_4_1.kernelPatches ++ [
{ patch = ./patches/utilitepro-kernel-dts.patch; name = "utilitepro-dts"; }
{ patch = ./patches/utilitepro-kernel-dts-Makefile.patch; name = "utilitepro-dts-Makefile"; }
];
# add "CONFIG_PPP_FILTER y" option to the set of kernel options
extraConfig = ''
BTRFS_FS y
BTRFS_FS_POSIX_ACL y
FUSE_FS y
OVERLAY_FS y
PPP_FILTER y
HAVE_IMX_ANATOP y
HAVE_IMX_GPC y
HAVE_IMX_MMDC y
HAVE_IMX_SRC y
SOC_IMX6 y
SOC_IMX6Q y
SOC_IMX6SL y
PCI_IMX6 y
ARM_IMX6Q_CPUFREQ y
IMX_WEIM y
AHCI_IMX y
SERIAL_IMX y
SERIAL_IMX_CONSOLE y
I2C_IMX y
SPI_IMX y
PINCTRL_IMX y
PINCTRL_IMX6Q y
PINCTRL_IMX6SL y
POWER_RESET_IMX y
IMX_THERMAL y
IMX2_WDT y
IMX_IPUV3_CORE y
DRM_IMX y
DRM_IMX_FB_HELPER y
DRM_IMX_PARALLEL_DISPLAY y
DRM_IMX_TVE y
DRM_IMX_LDB y
DRM_IMX_IPUV3 y
DRM_IMX_HDMI y
MMC_SDHCI_ESDHC_IMX y
IMX_SDMA y
PWM_IMX y
DEBUG_IMX6Q_UART y
BLK_DEV_DM y
DM_THIN_PROVISIONING y
NAMESPACES y
NET_NS y
PID_NS y
IPC_NS y
UTS_NS y
DEVPTS_MULTIPLE_INSTANCES y
CGROUPS y
CGROUP_CPUACCT y
CGROUP_DEVICE y
CGROUP_FREEZER y
CGROUP_SCHED y
CPUSETS y
MEMCG y
POSIX_MQUEUE y
MACVLAN m
VETH m
BRIDGE m
NF_TABLES m
NETFILTER y
NETFILTER_ADVANCED y
NF_NAT_IPV4 m
IP_NF_FILTER m
IP_NF_TARGET_MASQUERADE m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_CONNTRACK m
NF_NAT m
NF_NAT_NEEDED m
BRIDGE_NETFILTER m
NETFILTER_INGRESS y
NETFILTER_NETLINK m
NETFILTER_NETLINK_ACCT m
NETFILTER_NETLINK_QUEUE m
NETFILTER_NETLINK_LOG m
NETFILTER_SYNPROXY m
NETFILTER_XTABLES m
NETFILTER_XT_MARK m
NETFILTER_XT_CONNMARK m
NETFILTER_XT_SET m
NETFILTER_XT_TARGET_AUDIT m
NETFILTER_XT_TARGET_CHECKSUM m
NETFILTER_XT_TARGET_CLASSIFY m
NETFILTER_XT_TARGET_CONNMARK m
NETFILTER_XT_TARGET_CONNSECMARK m
NETFILTER_XT_TARGET_CT m
NETFILTER_XT_TARGET_DSCP m
NETFILTER_XT_TARGET_HL m
NETFILTER_XT_TARGET_HMARK m
NETFILTER_XT_TARGET_IDLETIMER m
NETFILTER_XT_TARGET_LED m
NETFILTER_XT_TARGET_LOG m
NETFILTER_XT_TARGET_MARK m
NETFILTER_XT_NAT m
NETFILTER_XT_TARGET_NETMAP m
NETFILTER_XT_TARGET_NFLOG m
NETFILTER_XT_TARGET_NFQUEUE m
NETFILTER_XT_TARGET_NOTRACK m
NETFILTER_XT_TARGET_RATEEST m
NETFILTER_XT_TARGET_REDIRECT m
NETFILTER_XT_TARGET_TEE m
NETFILTER_XT_TARGET_TPROXY m
NETFILTER_XT_TARGET_TRACE m
NETFILTER_XT_TARGET_SECMARK m
NETFILTER_XT_TARGET_TCPMSS m
NETFILTER_XT_TARGET_TCPOPTSTRIP m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_BPF m
NETFILTER_XT_MATCH_CGROUP m
NETFILTER_XT_MATCH_CLUSTER m
NETFILTER_XT_MATCH_COMMENT m
NETFILTER_XT_MATCH_CONNBYTES m
NETFILTER_XT_MATCH_CONNLABEL m
NETFILTER_XT_MATCH_CONNLIMIT m
NETFILTER_XT_MATCH_CONNMARK m
NETFILTER_XT_MATCH_CONNTRACK m
NETFILTER_XT_MATCH_CPU m
NETFILTER_XT_MATCH_DCCP m
NETFILTER_XT_MATCH_DEVGROUP m
NETFILTER_XT_MATCH_DSCP m
NETFILTER_XT_MATCH_ECN m
NETFILTER_XT_MATCH_ESP m
NETFILTER_XT_MATCH_HASHLIMIT m
NETFILTER_XT_MATCH_HELPER m
NETFILTER_XT_MATCH_HL m
NETFILTER_XT_MATCH_IPCOMP m
NETFILTER_XT_MATCH_IPRANGE m
NETFILTER_XT_MATCH_IPVS m
NETFILTER_XT_MATCH_L2TP m
NETFILTER_XT_MATCH_LENGTH m
NETFILTER_XT_MATCH_LIMIT m
NETFILTER_XT_MATCH_MAC m
NETFILTER_XT_MATCH_MARK m
NETFILTER_XT_MATCH_MULTIPORT m
NETFILTER_XT_MATCH_NFACCT m
NETFILTER_XT_MATCH_OSF m
NETFILTER_XT_MATCH_OWNER m
NETFILTER_XT_MATCH_POLICY m
NETFILTER_XT_MATCH_PHYSDEV m
NETFILTER_XT_MATCH_PKTTYPE m
NETFILTER_XT_MATCH_QUOTA m
NETFILTER_XT_MATCH_RATEEST m
NETFILTER_XT_MATCH_REALM m
NETFILTER_XT_MATCH_RECENT m
NETFILTER_XT_MATCH_SCTP m
NETFILTER_XT_MATCH_SOCKET m
NETFILTER_XT_MATCH_STATE m
NETFILTER_XT_MATCH_STATISTIC m
NETFILTER_XT_MATCH_STRING m
NETFILTER_XT_MATCH_TCPMSS m
NETFILTER_XT_MATCH_TIME m
NETFILTER_XT_MATCH_U32 m
MEMCG_KMEM y
MEMCG_SWAP y
MEMCG_SWAP_ENABLED y
BLK_CGROUP y
IOSCHED_CFQ y
BLK_DEV_THROTTLING y
CGROUP_PERF y
CGROUP_HUGETLB y
NET_CLS_CGROUP y
CGROUP_NET_PRIO y
CFS_BANDWIDTH y
FAIR_GROUP_SCHED y
RT_GROUP_SCHED y
EXT3_FS y
EXT3_FS_XATTR y
EXT3_FS_POSIX_ACL y
EXT3_FS_SECURITY y
PPP_FILTER y
HAVE_IMX_ANATOP y
HAVE_IMX_GPC y
HAVE_IMX_MMDC y
HAVE_IMX_SRC y
SOC_IMX6 y
SOC_IMX6Q y
SOC_IMX6SL y
PCI_IMX6 y
ARM_IMX6Q_CPUFREQ y
IMX_WEIM y
AHCI_IMX y
SERIAL_IMX y
SERIAL_IMX_CONSOLE y
I2C_IMX y
SPI_IMX y
PINCTRL_IMX y
PINCTRL_IMX6Q y
PINCTRL_IMX6SL y
POWER_RESET_IMX y
IMX_THERMAL y
IMX2_WDT y
IMX_IPUV3_CORE y
DRM_IMX y
DRM_IMX_FB_HELPER y
DRM_IMX_PARALLEL_DISPLAY y
DRM_IMX_TVE y
DRM_IMX_LDB y
DRM_IMX_IPUV3 y
DRM_IMX_HDMI y
MMC_SDHCI_ESDHC_IMX y
IMX_SDMA y
PWM_IMX y
DEBUG_IMX6Q_UART y
'';
'';
};
# pkgs.linux_4_2 = "/nix/store/jc1h6mcc6sq420q2i572qba4b0xzw4gm-linux-4.3-armv7l-unknown-linux-gnueabi";
};
# pkgs.linux_4_2 = "/nix/store/jc1h6mcc6sq420q2i572qba4b0xzw4gm-linux-4.3-armv7l-unknown-linux-gnueabi";
};
allowUnfree = true;
};
allowUnfree = true;
};
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.hostName = "steveej-utilitepro"; # Define your hostname.
#networking.wireless.enable = true; # Enables wireless support viawpa_supplicant.
#networking.wireless.enable = true; # Enables wireless support viawpa_supplicant.
boot.kernelPackages = pkgs.linuxPackages_4_1;
boot.kernelPackages = pkgs.linuxPackages_4_1;
boot.extraKernelParams = [
"cm_fx6_v4l_msize=128M"
"vmalloc=256M"
@ -263,7 +266,9 @@ in
users.mutableUsers = false;
users.extraUsers.root = {
hashedPassword = passwords.users.root;
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"
];
};
users.extraUsers.steveej = {
uid = 1000;
@ -271,9 +276,11 @@ in
home = "/home/steveej";
extraGroups = [ "wheel" "libvirtd" ];
hashedPassword = passwords.users.steveej;
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
};
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"
];
};
networking.firewall.enable = false;
networking.useNetworkd = true;
networking.useNetworkd = true;
}

20
nix/os/devices/steveej-utilitepro/hardware-configuration.nix
View file

@ -4,9 +4,7 @@
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules = [ ];
boot.kernelModules = [ ];
@ -14,14 +12,14 @@
hardware.enableAllFirmware = true;
fileSystems."/" =
{ device = "/dev/disk/by-uuid/09d1e4a2-d57b-4de8-a42b-671c4c188367";
fsType = "btrfs";
options = "subvol=nixos";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/f1e7e913-93a0-4258-88f9-f65041d91d66";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/09d1e4a2-d57b-4de8-a42b-671c4c188367";
fsType = "btrfs";
options = "subvol=nixos";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/f1e7e913-93a0-4258-88f9-f65041d91d66";
};
swapDevices = [ ];
}

4
nix/os/devices/vmd32387.contaboserver.net/boot.nix
View file

@ -1,6 +1,4 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiSupport = lib.mkForce false;

3
nix/os/devices/vmd32387.contaboserver.net/configuration.nix
View file

@ -1,8 +1,7 @@
{ ... }:
{
disabledModules = [
];
disabledModules = [ ];
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

8
nix/os/devices/vmd32387.contaboserver.net/hw.nix
View file

@ -1,7 +1,7 @@
{ ... }:
let
stage1Modules = [
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -14,8 +14,7 @@ let
"scsi_mod"
];
in
{
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
@ -25,6 +24,5 @@ in
boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

49
nix/os/devices/vmd32387.contaboserver.net/pkg.nix
View file

@ -1,29 +1,31 @@
{ config
, pkgs
, lib
, ...
}:
{ config, pkgs, lib, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
nix.buildMachines = [
{ hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}];
services.hydra = {
enable = false;
hydraURL = "http://localhost:3000"; # externally visible URL
notificationSender = "hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service
notificationSender =
"hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service
# a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [];
buildMachinesFiles = [ ];
# you will probably also want, otherwise *everything* will be built from scratch
useSubstitutes = true;
};
@ -31,13 +33,7 @@
services.gitlab-runner = {
enable = true;
extraPackages = with pkgs; [
bash
gitlab-runner
nix
gitFull
git-crypt
];
extraPackages = with pkgs; [ bash gitlab-runner nix gitFull git-crypt ];
concurrent = 2;
checkInterval = 0;
@ -45,7 +41,8 @@
nixRunner = {
executor = "shell";
runUntagged = true;
registrationConfigFile = "/etc/secrets/gitlab-runner/nix-runner.registration";
registrationConfigFile =
"/etc/secrets/gitlab-runner/nix-runner.registration";
tagList = [ "nix" ];
};
};

Some files were not shown because too many files have changed in this diff Show more