update
parent
56f9cba5bc
commit
77a698c7c3
|
@ -5,6 +5,8 @@
|
||||||
../roles/workstation.nix
|
../roles/workstation.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
||||||
|
|
||||||
system.stateVersion = "19.09";
|
system.stateVersion = "19.09";
|
||||||
|
|
||||||
yorick.lumi-vpn = {
|
yorick.lumi-vpn = {
|
||||||
|
@ -12,6 +14,8 @@
|
||||||
mtu = 1408;
|
mtu = 1408;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
xdg.autostart.enable = false;
|
||||||
|
|
||||||
services.znapzend = {
|
services.znapzend = {
|
||||||
enable = true;
|
enable = true;
|
||||||
pure = true;
|
pure = true;
|
||||||
|
@ -30,4 +34,18 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="20b7", ATTRS{idProduct}=="9db1", MODE="0660", GROUP="dialout", TAG+="uaccess"
|
||||||
|
'';
|
||||||
|
|
||||||
|
nix.trustedUsers = [ "lars" ];
|
||||||
|
users.users.lars = {
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbieYUtRGQ4nf4glQvrZDn72doP6W2uw2z9VqFq5sZLROXYa4jW8nwx4h+BiArGs+VPwn6lfsP19PX6yNIk74C/SkO26S1Zvbe7ffNusi6PH2BQIOWeAYKk+eZH+ZOeD8z07uDB7QffwRLwzSaPFg+zfRzsMFoXH/GE9qOQ4lnfk8czTZL7zbZf/yS7mDFztClXFciYsVwgRXNiFpfc+9mOkU0oBWtGo/WGUhB0Hds3a4ylyjjVAcC/l1H2bvc/Q3d6bbn23pUFl2V78Yg1B4b1MT34qbBV6whXAQd7KM9tND2ZhpF2XQ7Spi1QlOac0jup+sE+3bbvcjNqTI05DwJO/dX5F2gSAFkvSY4ZPqSX5ilE/hj4DQuhRgLmQdbVl5IFV9aLYqUvJcCqX9jRFMly4YTFXsFz18rGkxOYGZabcE1usBM2zRVDTtEP6Si5ii76Ocvp8aNFBB2Kf1whg8tziTv3kQEQ9fd2sRtE2J3xveJiwXjUBU2uikSOKe8JP47Tb6PYlv7Ty/6OI51aUQn++R72VNajdBJ1r1osp7leqTJ+sXuLlWLo/a7lDpDmgEI7dbxqmpjLcMce0JzqLKlP1Q2U/nkYy86xkjSTH1rNUI2JAbJx3iTcGy7bq12yfjNfcGAqY4GVXvisK1cpbF0RCjaFExwtmzorljHh6ZHjQ== openpgp:0x60F7D1FD"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvdQ963wjgWyFMp6djRTqVwZr3/PQ/V+Qm5JTcxRTdY lumi@channelwood"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
virtualisation.docker.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,7 +17,7 @@ in
|
||||||
};
|
};
|
||||||
mtu = mkOption {
|
mtu = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 1371;
|
default = 1371; # 1408 at home
|
||||||
};
|
};
|
||||||
ip = mkOption {
|
ip = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
|
|
@ -1,4 +1,16 @@
|
||||||
{
|
{
|
||||||
|
"emacs-overlay": {
|
||||||
|
"branch": "master",
|
||||||
|
"description": "Bleeding edge emacs overlay [maintainer=@adisbladis] ",
|
||||||
|
"homepage": "",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "emacs-overlay",
|
||||||
|
"rev": "dfed6847f127bd3c2c0cdd71b28d4e63e0ec0e91",
|
||||||
|
"sha256": "1b0871cr491cf1a4clhv2kwg492gp25gl45w72bmkyjbb6n22c7f",
|
||||||
|
"type": "tarball",
|
||||||
|
"url": "https://github.com/nix-community/emacs-overlay/archive/dfed6847f127bd3c2c0cdd71b28d4e63e0ec0e91.tar.gz",
|
||||||
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
|
},
|
||||||
"niv": {
|
"niv": {
|
||||||
"branch": "master",
|
"branch": "master",
|
||||||
"description": "Easy dependency management for Nix projects",
|
"description": "Easy dependency management for Nix projects",
|
||||||
|
@ -31,15 +43,27 @@
|
||||||
"version": "ee3d38a1570a1a9aa5e2daa3284d65a35d5e8864"
|
"version": "ee3d38a1570a1a9aa5e2daa3284d65a35d5e8864"
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"branch": "nixos-unstable",
|
"branch": "master",
|
||||||
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
|
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
|
||||||
"homepage": "https://github.com/NixOS/nixpkgs",
|
"homepage": "https://github.com/NixOS/nixpkgs",
|
||||||
"owner": "NixOS",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "733e537a8ad76fd355b6f501127f7d0eb8861775",
|
"rev": "9e377a6ce42dccd9b624ae4ce8f978dc892ba0e2",
|
||||||
"sha256": "1rjvbycd8dkkflal8qysi9d571xmgqq46py3nx0wvbzwbkvzf7aw",
|
"sha256": "1r3ll77hyqn28d9i4cf3vqd9v48fmaa1j8ps8c4fm4f8gqf4kpl1",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/733e537a8ad76fd355b6f501127f7d0eb8861775.tar.gz",
|
"url": "https://github.com/nixos/nixpkgs/archive/9e377a6ce42dccd9b624ae4ce8f978dc892ba0e2.tar.gz",
|
||||||
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
|
},
|
||||||
|
"nixpkgs-mozilla": {
|
||||||
|
"branch": "master",
|
||||||
|
"description": "mozilla related nixpkgs (extends nixos/nixpkgs repo)",
|
||||||
|
"homepage": "",
|
||||||
|
"owner": "mozilla",
|
||||||
|
"repo": "nixpkgs-mozilla",
|
||||||
|
"rev": "8c007b60731c07dd7a052cce508de3bb1ae849b4",
|
||||||
|
"sha256": "1zybp62zz0h077zm2zmqs2wcg3whg6jqaah9hcl1gv4x8af4zhs6",
|
||||||
|
"type": "tarball",
|
||||||
|
"url": "https://github.com/mozilla/nixpkgs-mozilla/archive/8c007b60731c07dd7a052cce508de3bb1ae849b4.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"nixpkgs-wayland": {
|
"nixpkgs-wayland": {
|
||||||
|
|
|
@ -98,7 +98,10 @@ let
|
||||||
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
|
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
|
||||||
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
||||||
in
|
in
|
||||||
if ersatz == "" then drv else ersatz;
|
if ersatz == "" then drv else
|
||||||
|
# this turns the string into an actual Nix path (for both absolute and
|
||||||
|
# relative paths)
|
||||||
|
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
|
||||||
|
|
||||||
# Ports of functions for older nix versions
|
# Ports of functions for older nix versions
|
||||||
|
|
||||||
|
|
|
@ -12,13 +12,23 @@ in
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
boot.supportedFilesystems = [ "zfs" ];
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
boot.kernelModules = [ "nct6775" ];
|
boot.kernelModules = [ "nct6775" ];
|
||||||
boot.kernelPackages = pkgs.linuxPackages_5_9;
|
boot.kernelPackages = pkgs.linuxPackages_5_10;
|
||||||
networking.hostId = "c7736638";
|
networking.hostId = "c7736638";
|
||||||
services.zfs.autoScrub.enable = true;
|
services.zfs.autoScrub.enable = true;
|
||||||
services.zfs.trim.enable = true;
|
services.zfs.trim.enable = true;
|
||||||
hardware.bluetooth.enable = true;
|
hardware.bluetooth.enable = true;
|
||||||
|
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
networking.interfaces.enp9s0.useDHCP = true;
|
networking.usePredictableInterfaceNames = false;
|
||||||
boot.kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" "amdgpu.noretry=0" "amdgpu.lockup_timeout=1000" "amdgpu.gpu_recovery=1" "amdgpu.audio=0" ];
|
networking.bridges.br0.interfaces = [ "eth0" ];
|
||||||
|
networking.interfaces.br0.useDHCP = true;
|
||||||
|
# systemd.network.links."98-namepolicy" = {
|
||||||
|
# matchConfig.OriginalName = "*";
|
||||||
|
# linkConfig.NamePolicy = "mac kernel database onboard slot path";
|
||||||
|
# };
|
||||||
|
boot.kernelParams = [
|
||||||
|
"amdgpu.ppfeaturemask=0xffffffff" "amdgpu.noretry=0" "amdgpu.lockup_timeout=1000" "amdgpu.gpu_recovery=1" "amdgpu.audio=0"
|
||||||
|
# thunderbolt
|
||||||
|
"pcie_ports=native" "pci=assign-busses,hpbussize=0x33,realloc"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -99,4 +99,14 @@ in
|
||||||
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
|
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
|
||||||
|
|
||||||
yorick.lumi-vpn.enable = true;
|
yorick.lumi-vpn.enable = true;
|
||||||
|
|
||||||
|
services.pipewire.enable = true;
|
||||||
|
xdg.portal = {
|
||||||
|
enable = true;
|
||||||
|
extraPortals = with pkgs; [
|
||||||
|
xdg-desktop-portal-wlr
|
||||||
|
xdg-desktop-portal-gtk
|
||||||
|
];
|
||||||
|
gtkUsePortal = true;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,6 +7,10 @@ let cfg = config.services.yorick.public; in
|
||||||
};
|
};
|
||||||
#imports = [../modules/nginx.nix];
|
#imports = [../modules/nginx.nix];
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
systemd.services.nginx.serviceConfig = {
|
||||||
|
ProtectHome = "tmpfs";
|
||||||
|
BindReadOnlyPaths = [ "/home/public/public" ];
|
||||||
|
};
|
||||||
users.extraUsers.public = {
|
users.extraUsers.public = {
|
||||||
home = "/home/public";
|
home = "/home/public";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
|
|
Loading…
Reference in New Issue