From f3683fcda97b37f9a1bb61dbe7b59ef3db44bb6a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 4 May 2018 09:13:54 +0200 Subject: [PATCH] steveej-laptop: commit current config * disable CPU wining * migrate system packages away to out-of-tree home-manger * vim: disable deoplete * enable the firewall * upgrade syntax for release 18.03 * enable gnome services (again) --- .../common/passwords.crypt.nix | Bin 407 -> 400 bytes nixos-configuration/common/pkg/default.nix | 9 - nixos-configuration/steveej-laptop/boot.nix | 7 +- nixos-configuration/steveej-laptop/pkg.nix | 1 + nixos-configuration/steveej-laptop/system.nix | 121 +++++++-- pkg-configuration/config.nix | 235 +----------------- pkg-configuration/vim-derivates/neovim.nix | 6 +- 7 files changed, 113 insertions(+), 266 deletions(-) diff --git a/nixos-configuration/common/passwords.crypt.nix b/nixos-configuration/common/passwords.crypt.nix index de6680875c98b85f04ec37d53b2f98a2275791db..caeb2715098e6f457988a6f1754dd7b52f3b05a1 100644 GIT binary patch literal 400 zcmZQ@_Y83kiVO&0*nTj$*+1o(-`aZ(b2lV6G2TyfdNp@NvS9f0*JZ1YyuAH<=HJY+ z{gRm{>vqc+?8qs+{Kij@%R2evg-d@f>^;ZG=BTgrPP{1B?PjO#x!|+$T}c~0o_ZvI zvMZAP?b=m01Lqs&UY~y};%^KyPkuuF5iyrz9hTZDf11=vRbJlPJ4feI7Vw3&0Trz%5&eV*%sHItKAv1!OJosLiBQ7dIq~v?)sTVvX0$qCVs8l z&)Qz^nD&0vwX4P)$?9brilPo!Z`M?ualkM3>VDIn`t^o_I?MJIZrZZcQM64_Vqd_P zkL_yqOtUurH?%+7)q2y1ck9N?$v&%p$vxlpa>k!)Iv2J(1^bAt3hdpbubsLm!lJFY zM(MSg-=$T;duKUcvOWKOvFAMK3E2TWvcRo&; zBl+bATPWAVs;epQ`@=l1mQ7=nTwSN;B@`BS{yf98fN$5IwElhYCS-EH%d1yXQTt6^ MCKsh{cE8gH09bCv&j0`b literal 407 zcmZQ@_Y83kiVO&05Yd;mp8K?G0o#%P`$Es`n_d$0sQ3Gq*Wa73c~?l4Et@oRg~&X) zzwN94>ePj$Tz7l7@Z&XxH)`we76tNMzt`bz$+609+Ci?3W)sq1@I*0P)0mT;*|1^J zKr2FCF_szZHqOQ!!YCWZ%cc0nrrf9C1%0uS(=S$Dc>3<{_ zvUTR7B>4bFjw!KbOb0udMby}oSSlJa8NMDpHtE#e%t^oB&D<-LS##zayPU~H{@$6s zo38MG2~Ol$ZaZ-q|CA}sywAAV4jH|W>P+N3dP%Wa@$p{IMKy;X-~HgRq~yjv6aH-L zK#83lC%l&&yc#N!^VLByf8OVvcdqKpOk-x*)t_{Fk9J*byx(excJW`8m*$n01=Qze zF}E7+cP{^9x>e57?5;`V{T++l;|k8q{xkLK54XP6{~4H1XYbzscX9tYp^rz_J>PKF zOnQcu>?7u^>8CV0J4+bfH~#89a-DJN>z@Ak?kZol-2QesXb!I#hvX+?e}g<{9 diff --git a/nixos-configuration/common/pkg/default.nix b/nixos-configuration/common/pkg/default.nix index b328140..b29250a 100644 --- a/nixos-configuration/common/pkg/default.nix +++ b/nixos-configuration/common/pkg/default.nix @@ -3,15 +3,6 @@ { # Package configuration environment.systemPackages = with pkgs; [ - nix-repl -# ( busybox.override { -# extraConfig = '' -# CONFIG_STATIC y -# CONFIG_INSTALL_APPLET_DONT y -# CONFIG_INSTALL_APPLET_SYMLINKS n -# ''; -# }) - elfutils exfat file diff --git a/nixos-configuration/steveej-laptop/boot.nix b/nixos-configuration/steveej-laptop/boot.nix index 08fe544..441a468 100644 --- a/nixos-configuration/steveej-laptop/boot.nix +++ b/nixos-configuration/steveej-laptop/boot.nix @@ -2,14 +2,17 @@ { boot.kernelPackages = pkgs.linuxPackages_latest; - #boot.kernelPackages = pkgs.myLinuxPackages; # Bootloader, initrd and Kernel boot.loader.grub.enable = true; boot.loader.grub.enableCryptodisk = true; boot.loader.grub.version = 2; - # Workaround for nm-pptp + # workaround to disable CPU wining + # current CPU has 9 idle cstates. + boot.kernelParams = [ "intel_idle.max_cstate=0" ]; + + # Workaround for nm-pptp to enforce module load boot.kernelModules = [ "nf_conntrack_proto_gre" "nf_conntrack_pptp" diff --git a/nixos-configuration/steveej-laptop/pkg.nix b/nixos-configuration/steveej-laptop/pkg.nix index b4a4426..77fe7e0 100644 --- a/nixos-configuration/steveej-laptop/pkg.nix +++ b/nixos-configuration/steveej-laptop/pkg.nix @@ -3,6 +3,7 @@ ... }: let + gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; in { diff --git a/nixos-configuration/steveej-laptop/system.nix b/nixos-configuration/steveej-laptop/system.nix index 4497121..7457f70 100644 --- a/nixos-configuration/steveej-laptop/system.nix +++ b/nixos-configuration/steveej-laptop/system.nix @@ -1,26 +1,62 @@ { config, lib, pkgs, ... }: + +let + gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; + +in + rec { nix.binaryCachePublicKeys = [ - "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; nix.binaryCaches = [ "https://cache.nixos.org" - "https://hydra.nixos.org" + # "https://hydra.nixos.org" ]; nix.trustedBinaryCaches = [ "https://cache.nixos.org" - "https://hydra.nixos.org" + # "https://hydra.nixos.org" ]; nix.daemonNiceLevel = 19; nix.daemonIONiceLevel = 7; + nix.package = pkgs.nixUnstable; + + nix.useSandbox = true; + # The NixOS release to be compatible with for stateful data such as databases. # system.stateVersion = "unstable"; networking.hostName = "steveej-laptop"; # Define your hostname. - networking.firewall.enable = false; + networking.hosts = { + "160.85.37.177" = [ "splabchat" ]; + }; + + networking.firewall.enable = true; + networking.firewall.checkReversePath = false; + + # Provide a NAT/DHCP Router + # + # networking.nat.enable = true; + # networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ]; + # networking.nat.externalInterface = "wlp1s0"; + # networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [ + # { address = "10.254.253.254"; prefixLength = 24; } + # ]; + # services.dnsmasq = { + # enable = true; + # servers = [ "8.8.8.8" "8.8.4.4" ]; + # extraConfig = '' + # domain=lan + # interface=enp0s20f0u4u1u3 + # bind-interfaces + # dhcp-range=10.254.253.100,10.254.253.199,1h + # ''; + # }; + + networking.networkmanager = { enable = true; unmanaged = [ @@ -33,7 +69,7 @@ rec { }; networking.bridges."virbr1".interfaces = []; - networking.interfaces."virbr1".ip4 = [ + networking.interfaces."virbr1".ipv4.addresses = [ { address = "10.254.254.254"; prefixLength = 24; } ]; @@ -94,9 +130,6 @@ rec { ''; }; - # Package configuration - environment.systemPackages = with pkgs; [ - ]; environment.sessionVariables = { EDITOR = "vim"; @@ -129,11 +162,33 @@ rec { services.openssh.enable = true; services.openssh.permitRootLogin = "yes"; + services.gnome3 = { + gnome-disks.enable = false; + gnome-documents.enable = false; + gnome-online-miners.enable = false; + gnome-user-share.enable = false; + gnome-terminal-server.enable = false; + gpaste.enable = false; + sushi.enable = false; + tracker.enable = false; + + # FIXME: gnome should be moved to user session + seahorse.enable = true; + gvfs.enable = true; + at-spi2-core.enable = true; + evolution-data-server.enable = true; + gnome-online-accounts.enable = true; + gnome-keyring.enable = true; + }; + services.teamviewer.enable = false; services.printing = { enable = true; - drivers = [ pkgs.hplip ]; + drivers = [ + pkgs.hplip + gitpkgs.cups-kyodialog3 + ]; }; services.pcscd.enable = true; @@ -146,31 +201,38 @@ rec { xkbVariant = "altgr-intl"; xkbOptions = "nodeadkeys,caps:swapescape"; - windowManager.qtile.enable = true; - windowManager.default = "qtile"; desktopManager = { + # FIXME: gnome should be moved to user session gnome3.enable = true; + xterm.enable = true; plasma5.enable = false; }; displayManager = { - gdm.enable = true; - gdm.wayland = false; - # ${pkgs.xautolock}/bin/xautolock -time 10 -locker slimlock & - # ${pkgs.redshift}/bin/redshift-gtk -v -b 1.0:1.0 -l 47.6691:9.1698 -t 7000:4500 -m randr & + lightdm = { + enable = true; + autoLogin = { + enable = true; + user = "steveej"; + }; + background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png"; + }; + sessionCommands = '' - ${pkgs.redshift}/bin/redshift-gtk -v -l 47.6691:9.1698 -t 7000:4500 -m randr & - ${pkgs.networkmanagerapplet}/bin/nm-applet & - ${pkgs.xorg.xsetroot}/bin/xsetroot -solid darkblue & - ${pkgs.autorandr}/bin/autorandr -l common & ''; }; }; + + # Package configuration + environment.systemPackages = with pkgs; [ + ]; + + # More Services services.udev.packages = [ - pkgs.libu2f-host - pkgs.yubikey-personalization - ]; + pkgs.libu2f-host + pkgs.yubikey-personalization + ]; services.udev.extraRules = '' # OnePlusOne ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" @@ -205,9 +267,24 @@ rec { }; }; + services.fprintd.enable = true; + security.pam.services = { + login.fprintAuth = true; + sudo.fprintAuth = true; + }; + + # required for running blueman-applet in user sessions + services.dbus.packages = with pkgs; [ + blueman + ]; + + # Kubernetes + # services.kubernetes.roles = ["master" "node"]; + # virtualization virtualisation = { libvirtd.enable = true; + libvirtd.qemuPackage = pkgs.qemu; virtualbox.host.enable = true; virtualbox.host.addNetworkInterface = true; docker.enable = true; diff --git a/pkg-configuration/config.nix b/pkg-configuration/config.nix index f3f9173..b7bcdab 100644 --- a/pkg-configuration/config.nix +++ b/pkg-configuration/config.nix @@ -1,239 +1,14 @@ { ... } @ args: + +# unused, switched to home-manager + let - gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; - unstablepkgs = import {}; - + stablepkgs = import {}; in { - # required by nox - permittedInsecurePackages = [ - "linux-4.13.16" - ]; - - allowBroken = true; - - chromium = { - enablePepperFlash = true; - enablePepperPDF = true; - }; - - firefox = { - enableGoogleTalkPlugin = true; - enableAdobeFlash = false; - }; - - pidgin = { - openssl = true; - gnutls = true; - }; - packageOverrides = stablepkgs: rec { - -# virtmanager = stablepkgs.virtmanager.overrideDerivation (oldAttrs: { -# patchPhase = '' -# sed -i "/'install_egg_info'/d" setup.py -# sed -i "s|self.cli_usbredir = None|self.cli_usbredir = True|" virtManager/config.py -# ''; -# }); - -# labshell = (import (unstablepkgs.fetchFromGitHub { -# owner = "htwg-syslab"; -# repo = "nix-expressions"; -# rev = "89040d81cf6147b1ebaae8eca059f4718400a01a"; -# sha256 = "1ci8xbbnj7bdcciq7ibqz8vfhs3ml7k4yx6m8f8whgwrhzk4c8wa"; -# }) { labshellExpressionsRemoteRev = "master"; } -# ).labshell; -# labshell - busyboxStatic = stablepkgs.busybox.override { - enableStatic = true; - extraConfig = '' - CONFIG_STATIC y - CONFIG_INSTALL_APPLET_DONT y - CONFIG_INSTALL_APPLET_SYMLINKS n - ''; - }; - - dropbearStatic = stablepkgs.dropbear.override { - enableStatic = true; - }; - userPackages = with stablepkgs; buildEnv { name = "userPackages"; - paths = [ - patchelf - nix-index - - busyboxStatic - #nixUnstable - #nox - unetbootin - - androidsdk - - #nixops - git-crypt - unstablepkgs.ansible2 - pijul - - picocom - roxterm - xorg.xbacklight - coreutils - lsof - pavucontrol - xscreensaver - x11_ssh_askpass - xdotool - xdg_utils - xdg-user-dirs - - exiv2 - htop - -# gnome3.nautilus -# gnome3.gvfs - #(with xfce; - # thunar.override { thunarPlugins = [ - # thunar_volman - # thunar-archive-plugin - # ]; - #}) - #xfce.gvfs - #xfce.xfce4icontheme - sshfsFuse - xarchive - p7zip - zip - unzip - gzip - - python - python3Packages.ipython - python3 - jre - openjdk - - - gnupg - pass - qtpass - yubikey-neo-manager - yubikey-personalization - yubikey-personalization-gui - - unstablepkgs.chromium - unstablepkgs.firefox - seafile-client - grive2 - dropbox - zathura - thunderbird - unstablepkgs.libreoffice - - pidgin - hexchat - gitpkgs.hunspellDicts.en-us - gitpkgs.hunspellDicts.de-any - aspellDicts.en - aspellDicts.de - unstablepkgs.skype - #zoom-us - - virtmanager - -# gnome3.dconf - qemu - vagrant - unstablepkgs.rkt - python27Packages.docker_compose - - remmina - freerdp - x2goclient - samba - - vlc - audacity - gitpkgs.spotify - - pdftk - calibre - imagemagick -# gnome3.eog - unstablepkgs.mendeley - - iptables - nftables - iperf - bind - - unstablepkgs.vscode - unstablepkgs.atom - gimp - inkscape - plantuml - umlet - graphviz - -# bundler -# bundix - - - - travis - jq - -# pandoc - unstablepkgs.texlive.combined.scheme-medium -# perlPackages.YAMLTiny - -# gnome3.pomodoro - - ntfs3g - ddrescue - ncdu - - xorg.xhost -# gitpkgs.wtftw - autorandr - arandr - -# numix-icon-theme -# numix-gtk-theme - gnome3.gnome_themes_standard - gnome3.adwaita-icon-theme - lxappearance - xorg.xcursorthemes - - openssl - mkpasswd - - hdparm - testdisk - wireshark - - - # games - zeroad - - - # Compilers & Toolchains - gcc - pkgconfig - binutils - valgrind - gdb - cgdb - man-pages - gnumake - - nodejs - emscripten - - ## Rust Development - rustup - capnproto - kcov - ]; + paths = []; }; }; } diff --git a/pkg-configuration/vim-derivates/neovim.nix b/pkg-configuration/vim-derivates/neovim.nix index c514d07..49f199f 100644 --- a/pkg-configuration/vim-derivates/neovim.nix +++ b/pkg-configuration/vim-derivates/neovim.nix @@ -9,8 +9,8 @@ pkgs.neovim.override { # add custom .vimrc lines like this: customRC = (import ./commonrc.nix {}) + '' " deoplete { - let g:deoplete#enable_at_startup = 1 - let g:deoplete#enable_smart_case = 1 + " let g:deoplete#enable_at_startup = 1 + " let g:deoplete#enable_smart_case = 1 " } '' + additionalRC; @@ -25,7 +25,7 @@ pkgs.neovim.override { "vim-colorschemes" "vim-colorstepper" "vim-signify" - "deoplete-nvim" + # "deoplete-nvim" ] ++ additionalPlugins; }; extraPythonPackages = [];