nixfmt
parent
65b73fabf7
commit
a688758401
|
@ -1,18 +1,21 @@
|
||||||
{ pkgs ? import <nixpkgs> {} }:
|
{ pkgs ? import <nixpkgs> { } }:
|
||||||
#{ writeScript ? pkgs.writeScript, lib ? pkgs.lib, stdenv ? pkgs.stdenv }:
|
#{ writeScript ? pkgs.writeScript, lib ? pkgs.lib, stdenv ? pkgs.stdenv }:
|
||||||
with pkgs;
|
with pkgs;
|
||||||
let
|
let
|
||||||
compileShell = src: buildInputs: name: stdenv.mkDerivation {
|
compileShell = src: buildInputs: name:
|
||||||
inherit name src;
|
stdenv.mkDerivation {
|
||||||
buildInputs = buildInputs ++ [makeWrapper];
|
inherit name src;
|
||||||
unpackPhase = "true";
|
buildInputs = buildInputs ++ [ makeWrapper ];
|
||||||
installPhase = ''mkdir -p $out/bin && cp $src $out/bin/${name}
|
unpackPhase = "true";
|
||||||
wrapProgram $out/bin/${name} --suffix PATH : ${lib.makeSearchPath "bin" buildInputs}
|
installPhase = ''
|
||||||
'';
|
mkdir -p $out/bin && cp $src $out/bin/${name}
|
||||||
};
|
wrapProgram $out/bin/${name} --suffix PATH : ${
|
||||||
|
lib.makeSearchPath "bin" buildInputs
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
in lib.mapAttrs (k: f: f k) {
|
in lib.mapAttrs (k: f: f k) {
|
||||||
backup = compileShell ./backup.sh
|
backup = compileShell ./backup.sh (with pkgs; [ utillinux duplicity ]);
|
||||||
(with pkgs; [utillinux duplicity]);
|
screenshot_public =
|
||||||
screenshot_public = compileShell ./screenshot_public.sh
|
compileShell ./screenshot_public.sh (with pkgs; [ scrot xclip rsync ]);
|
||||||
(with pkgs; [scrot xclip rsync]);
|
|
||||||
}
|
}
|
||||||
|
|
31
config.nix
31
config.nix
|
@ -1,17 +1,16 @@
|
||||||
let sources = import ./nix/sources.nix;
|
let sources = import ./nix/sources.nix;
|
||||||
in
|
in {
|
||||||
{
|
allowUnfree = true;
|
||||||
allowUnfree = true;
|
overlays = [
|
||||||
overlays = [
|
(import sources.nixpkgs-wayland)
|
||||||
(import sources.nixpkgs-wayland)
|
(import sources.nixpkgs-mozilla)
|
||||||
(import sources.nixpkgs-mozilla)
|
(import sources.emacs-overlay)
|
||||||
(import sources.emacs-overlay)
|
(import ./nixos/overlay.nix)
|
||||||
(import ./nixos/overlay.nix)
|
(import ./nix/.config/nixpkgs/overlays/01-backports.nix)
|
||||||
(import ./nix/.config/nixpkgs/overlays/01-backports.nix)
|
(import ./nix/.config/nixpkgs/overlays/02-extrapkgs.nix)
|
||||||
(import ./nix/.config/nixpkgs/overlays/02-extrapkgs.nix)
|
(import ./nix/.config/nixpkgs/overlays/03-customizations.nix)
|
||||||
(import ./nix/.config/nixpkgs/overlays/03-customizations.nix)
|
(import ./nix/.config/nixpkgs/overlays/04-combine.nix)
|
||||||
(import ./nix/.config/nixpkgs/overlays/04-combine.nix)
|
(import ./nix/.config/nixpkgs/overlays/05-envs.nix)
|
||||||
(import ./nix/.config/nixpkgs/overlays/05-envs.nix)
|
(import ./overlay.nix)
|
||||||
(import ./overlay.nix)
|
];
|
||||||
];
|
}
|
||||||
}
|
|
||||||
|
|
|
@ -1,3 +1,2 @@
|
||||||
let sources = import ./nix/sources.nix;
|
let sources = import ./nix/sources.nix;
|
||||||
in
|
in import sources.nixpkgs (import ./config.nix)
|
||||||
import sources.nixpkgs (import ./config.nix)
|
|
||||||
|
|
|
@ -1,3 +1 @@
|
||||||
let pkgs = import ../.;
|
let pkgs = import ../.; in pkgs.yorick.home
|
||||||
in
|
|
||||||
pkgs.yorick.home
|
|
||||||
|
|
|
@ -1,18 +1,17 @@
|
||||||
{ lib, config, options, pkgs, ... }:
|
{ lib, config, options, pkgs, ... }:
|
||||||
let
|
let
|
||||||
bin = pkgs.callPackage /home/yorick/dotfiles/bin {};
|
bin = pkgs.callPackage /home/yorick/dotfiles/bin { };
|
||||||
dpi = 109;
|
dpi = 109;
|
||||||
font = {
|
font = {
|
||||||
__toString = self: "${self.name} ${self.size}";
|
__toString = self: "${self.name} ${self.size}";
|
||||||
name = "DejaVu Sans Mono";
|
name = "DejaVu Sans Mono";
|
||||||
size = "11";
|
size = "11";
|
||||||
};
|
};
|
||||||
y-firefox = pkgs.wrapFirefox pkgs.latest.firefox-beta-bin.unwrapped {
|
y-firefox = pkgs.wrapFirefox pkgs.latest.firefox-beta-bin.unwrapped {
|
||||||
forceWayland = true;
|
forceWayland = true;
|
||||||
browserName = "firefox";
|
browserName = "firefox";
|
||||||
};
|
};
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
imports = [ ./arbtt.nix ./libinput-gestures.nix ];
|
imports = [ ./arbtt.nix ./libinput-gestures.nix ];
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
config.allowUnfree = true;
|
config.allowUnfree = true;
|
||||||
|
@ -36,41 +35,71 @@ in
|
||||||
emacs = {
|
emacs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.emacsPgtkGcc;
|
package = pkgs.emacsPgtkGcc;
|
||||||
extraPackages = _: let
|
extraPackages = _:
|
||||||
epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc;
|
let epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc;
|
||||||
in (with epkgs.melpaPackages; [ reason-mode evil counsel ivy ivy-hydra swiper magit forge avy ]) ++ (with epkgs.melpaPackages; [
|
in (with epkgs.melpaPackages; [
|
||||||
epkgs.undo-tree
|
reason-mode
|
||||||
epkgs.notmuch epkgs.rust-mode
|
evil
|
||||||
company
|
counsel
|
||||||
projectile counsel-projectile
|
ivy
|
||||||
ggtags use-package org-bullets solarized-theme
|
ivy-hydra
|
||||||
evil-leader evil-surround #evil-magit
|
swiper
|
||||||
epkgs.evil-goggles epkgs.ox-mediawiki
|
magit
|
||||||
nix-buffer which-key git-gutter-fringe
|
forge
|
||||||
all-the-icons epkgs.org-cliplink
|
avy
|
||||||
pandoc-mode markdown-mode interleave
|
]) ++ (with epkgs.melpaPackages; [
|
||||||
org-ref haskell-mode request #intero
|
epkgs.undo-tree
|
||||||
weechat s elixir-mode htmlize
|
epkgs.notmuch
|
||||||
linum-relative terraform-mode
|
epkgs.rust-mode
|
||||||
direnv vue-mode solarized-theme
|
company
|
||||||
#wlrctl
|
projectile
|
||||||
(epkgs.melpaBuild {
|
counsel-projectile
|
||||||
pname = "nix-mode";
|
ggtags
|
||||||
version = "1.4.0";
|
use-package
|
||||||
packageRequires = [ json-mode epkgs.mmm-mode company ];
|
org-bullets
|
||||||
recipe = pkgs.writeText "recipe" ''
|
solarized-theme
|
||||||
(nix-mode
|
evil-leader
|
||||||
:repo "nixos/nix-mode" :fetcher github
|
evil-surround # evil-magit
|
||||||
:files ("nix*.el"))
|
epkgs.evil-goggles
|
||||||
'';
|
epkgs.ox-mediawiki
|
||||||
src = pkgs.fetchFromGitHub {
|
nix-buffer
|
||||||
owner = "nixos";
|
which-key
|
||||||
repo = "nix-mode";
|
git-gutter-fringe
|
||||||
rev = "ddf091708b9069f1fe0979a7be4e719445eed918";
|
all-the-icons
|
||||||
sha256 = "0s8ljr4d7kys2xqrhkvj75l7babvk60kxgy4vmyqfwj6xmcxi3ad";
|
epkgs.org-cliplink
|
||||||
};
|
pandoc-mode
|
||||||
})
|
markdown-mode
|
||||||
]);
|
interleave
|
||||||
|
org-ref
|
||||||
|
haskell-mode
|
||||||
|
request # intero
|
||||||
|
weechat
|
||||||
|
s
|
||||||
|
elixir-mode
|
||||||
|
htmlize
|
||||||
|
linum-relative
|
||||||
|
terraform-mode
|
||||||
|
direnv
|
||||||
|
vue-mode
|
||||||
|
solarized-theme
|
||||||
|
#wlrctl
|
||||||
|
(epkgs.melpaBuild {
|
||||||
|
pname = "nix-mode";
|
||||||
|
version = "1.4.0";
|
||||||
|
packageRequires = [ json-mode epkgs.mmm-mode company ];
|
||||||
|
recipe = pkgs.writeText "recipe" ''
|
||||||
|
(nix-mode
|
||||||
|
:repo "nixos/nix-mode" :fetcher github
|
||||||
|
:files ("nix*.el"))
|
||||||
|
'';
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "nixos";
|
||||||
|
repo = "nix-mode";
|
||||||
|
rev = "ddf091708b9069f1fe0979a7be4e719445eed918";
|
||||||
|
sha256 = "0s8ljr4d7kys2xqrhkvj75l7babvk60kxgy4vmyqfwj6xmcxi3ad";
|
||||||
|
};
|
||||||
|
})
|
||||||
|
]);
|
||||||
};
|
};
|
||||||
git = {
|
git = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -81,9 +110,11 @@ in
|
||||||
extraConfig.help.autocorrect = 5;
|
extraConfig.help.autocorrect = 5;
|
||||||
extraConfig.push.default = "simple";
|
extraConfig.push.default = "simple";
|
||||||
extraConfig.pull.ff = "only";
|
extraConfig.pull.ff = "only";
|
||||||
extraConfig."includeIf \"gitdir:~/serokell/\"".path = "~/serokell/.gitconfig";
|
extraConfig."includeIf \"gitdir:~/serokell/\"".path =
|
||||||
|
"~/serokell/.gitconfig";
|
||||||
aliases = {
|
aliases = {
|
||||||
lg = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
|
lg =
|
||||||
|
"log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
|
||||||
st = "status";
|
st = "status";
|
||||||
remotes = "remote -v";
|
remotes = "remote -v";
|
||||||
branches = "branch -a";
|
branches = "branch -a";
|
||||||
|
@ -92,7 +123,8 @@ in
|
||||||
unstage = "reset -q HEAD --";
|
unstage = "reset -q HEAD --";
|
||||||
discard = "checkout --";
|
discard = "checkout --";
|
||||||
uncommit = "reset --mixed HEAD~";
|
uncommit = "reset --mixed HEAD~";
|
||||||
graph = "log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset• %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order ";
|
graph =
|
||||||
|
"log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset• %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order ";
|
||||||
dad = "!curl https://icanhazdadjoke.com/ && git add";
|
dad = "!curl https://icanhazdadjoke.com/ && git add";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -108,19 +140,50 @@ in
|
||||||
identityFile = "~/.ssh/id_rsa_pub";
|
identityFile = "~/.ssh/id_rsa_pub";
|
||||||
identitiesOnly = true;
|
identitiesOnly = true;
|
||||||
};
|
};
|
||||||
phassa = { hostname = "karpenoktem.nl"; port = 33933; };
|
phassa = {
|
||||||
|
hostname = "karpenoktem.nl";
|
||||||
|
port = 33933;
|
||||||
|
};
|
||||||
"jupiter.serokell.io" = jupiter;
|
"jupiter.serokell.io" = jupiter;
|
||||||
jupiter = { hostname = "jupiter.serokell.io"; port = 17788; };
|
jupiter = {
|
||||||
athena = { hostname = "athena.lumi.guide"; user = "yorick.van.pelt"; };
|
hostname = "jupiter.serokell.io";
|
||||||
rpibuild3 = { hostname = "10.110.0.3"; user = "yorick.van.pelt"; port = 4222; };
|
port = 17788;
|
||||||
styx = { hostname = "10.110.0.1"; user = "yorick.van.pelt"; port = 2233; };
|
};
|
||||||
"*.lumi.guide" = {
|
athena = {
|
||||||
|
hostname = "athena.lumi.guide";
|
||||||
user = "yorick.van.pelt";
|
user = "yorick.van.pelt";
|
||||||
};
|
};
|
||||||
nyx = { hostname = "nyx.lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
|
rpibuild3 = {
|
||||||
zeus = { hostname = "zeus.lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
|
hostname = "10.110.0.3";
|
||||||
ponos = { hostname = "ponos.lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
|
user = "yorick.van.pelt";
|
||||||
medusa = { hostname = "lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
|
port = 4222;
|
||||||
|
};
|
||||||
|
styx = {
|
||||||
|
hostname = "10.110.0.1";
|
||||||
|
user = "yorick.van.pelt";
|
||||||
|
port = 2233;
|
||||||
|
};
|
||||||
|
"*.lumi.guide" = { user = "yorick.van.pelt"; };
|
||||||
|
nyx = {
|
||||||
|
hostname = "nyx.lumi.guide";
|
||||||
|
user = "yorick.van.pelt";
|
||||||
|
port = 2233;
|
||||||
|
};
|
||||||
|
zeus = {
|
||||||
|
hostname = "zeus.lumi.guide";
|
||||||
|
user = "yorick.van.pelt";
|
||||||
|
port = 2233;
|
||||||
|
};
|
||||||
|
ponos = {
|
||||||
|
hostname = "ponos.lumi.guide";
|
||||||
|
user = "yorick.van.pelt";
|
||||||
|
port = 2233;
|
||||||
|
};
|
||||||
|
medusa = {
|
||||||
|
hostname = "lumi.guide";
|
||||||
|
user = "yorick.van.pelt";
|
||||||
|
port = 2233;
|
||||||
|
};
|
||||||
# signs
|
# signs
|
||||||
"10.108.0.*" = {
|
"10.108.0.*" = {
|
||||||
user = "yorick.van.pelt";
|
user = "yorick.van.pelt";
|
||||||
|
@ -164,21 +227,21 @@ in
|
||||||
shellAliases = {
|
shellAliases = {
|
||||||
l = "ls";
|
l = "ls";
|
||||||
ls = "exa";
|
ls = "exa";
|
||||||
nr = "nix repl \"<nixpkgs>\"";
|
nr = ''nix repl "<nixpkgs>"'';
|
||||||
nsp = "nix-shell -p";
|
nsp = "nix-shell -p";
|
||||||
};
|
};
|
||||||
interactiveShellInit = ''
|
interactiveShellInit = ''
|
||||||
function fuck -d "Correct your previous console command"
|
function fuck -d "Correct your previous console command"
|
||||||
set -l fucked_up_command $history[1]
|
set -l fucked_up_command $history[1]
|
||||||
env TF_SHELL=fish TF_ALIAS=fuck PYTHONIOENCODING=utf-8 thefuck $fucked_up_command THEFUCK_ARGUMENT_PLACEHOLDER $argv | read -l unfucked_command
|
env TF_SHELL=fish TF_ALIAS=fuck PYTHONIOENCODING=utf-8 thefuck $fucked_up_command THEFUCK_ARGUMENT_PLACEHOLDER $argv | read -l unfucked_command
|
||||||
if [ "$unfucked_command" != "" ]
|
if [ "$unfucked_command" != "" ]
|
||||||
eval $unfucked_command
|
eval $unfucked_command
|
||||||
builtin history delete --exact --case-sensitive -- $fucked_up_command
|
builtin history delete --exact --case-sensitive -- $fucked_up_command
|
||||||
builtin history merge ^ /dev/null
|
builtin history merge ^ /dev/null
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
starship init fish | source
|
starship init fish | source
|
||||||
source ~/dotfiles/nr.fish
|
source ~/dotfiles/nr.fish
|
||||||
'';
|
'';
|
||||||
promptInit = "set fish_greeting";
|
promptInit = "set fish_greeting";
|
||||||
};
|
};
|
||||||
|
@ -186,52 +249,52 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
historyControl = [ "erasedups" "ignoredups" "ignorespace" ];
|
historyControl = [ "erasedups" "ignoredups" "ignorespace" ];
|
||||||
shellAliases = {
|
shellAliases = {
|
||||||
nr = "nix repl \"<nixpkgs>\"";
|
nr = ''nix repl "<nixpkgs>"'';
|
||||||
nsp = "nix-shell -p";
|
nsp = "nix-shell -p";
|
||||||
};
|
};
|
||||||
initExtra = ''
|
initExtra = ''
|
||||||
#eval $(thefuck --alias)
|
#eval $(thefuck --alias)
|
||||||
function fuck () {
|
function fuck () {
|
||||||
TF_PYTHONIOENCODING=$PYTHONIOENCODING;
|
TF_PYTHONIOENCODING=$PYTHONIOENCODING;
|
||||||
export TF_SHELL=bash;
|
export TF_SHELL=bash;
|
||||||
export TF_ALIAS=fuck;
|
export TF_ALIAS=fuck;
|
||||||
export TF_SHELL_ALIASES=$(alias);
|
export TF_SHELL_ALIASES=$(alias);
|
||||||
export TF_HISTORY=$(fc -ln -10);
|
export TF_HISTORY=$(fc -ln -10);
|
||||||
export PYTHONIOENCODING=utf-8;
|
export PYTHONIOENCODING=utf-8;
|
||||||
TF_CMD=$(
|
TF_CMD=$(
|
||||||
thefuck THEFUCK_ARGUMENT_PLACEHOLDER $@
|
thefuck THEFUCK_ARGUMENT_PLACEHOLDER $@
|
||||||
) && eval $TF_CMD;
|
) && eval $TF_CMD;
|
||||||
unset TF_HISTORY;
|
unset TF_HISTORY;
|
||||||
export PYTHONIOENCODING=$TF_PYTHONIOENCODING;
|
export PYTHONIOENCODING=$TF_PYTHONIOENCODING;
|
||||||
history -s $TF_CMD;
|
history -s $TF_CMD;
|
||||||
}
|
}
|
||||||
# This script was automatically generated by the broot function
|
# This script was automatically generated by the broot function
|
||||||
# More information can be found in https://github.com/Canop/broot
|
# More information can be found in https://github.com/Canop/broot
|
||||||
# This function starts broot and executes the command
|
# This function starts broot and executes the command
|
||||||
# it produces, if any.
|
# it produces, if any.
|
||||||
# It's needed because some shell commands, like `cd`,
|
# It's needed because some shell commands, like `cd`,
|
||||||
# have no useful effect if executed in a subshell.
|
# have no useful effect if executed in a subshell.
|
||||||
function br {
|
function br {
|
||||||
f=$(mktemp)
|
f=$(mktemp)
|
||||||
(
|
(
|
||||||
set +e
|
set +e
|
||||||
broot --outcmd "$f" "$@"
|
broot --outcmd "$f" "$@"
|
||||||
code=$?
|
code=$?
|
||||||
if [ "$code" != 0 ]; then
|
if [ "$code" != 0 ]; then
|
||||||
rm -f "$f"
|
rm -f "$f"
|
||||||
exit "$code"
|
exit "$code"
|
||||||
fi
|
fi
|
||||||
)
|
)
|
||||||
code=$?
|
code=$?
|
||||||
if [ "$code" != 0 ]; then
|
if [ "$code" != 0 ]; then
|
||||||
return "$code"
|
return "$code"
|
||||||
fi
|
fi
|
||||||
d=$(<"$f")
|
d=$(<"$f")
|
||||||
rm -f "$f"
|
rm -f "$f"
|
||||||
eval "$d"
|
eval "$d"
|
||||||
}
|
}
|
||||||
eval "$(starship init bash)"
|
eval "$(starship init bash)"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
xresources.properties = {
|
xresources.properties = {
|
||||||
|
@ -249,12 +312,18 @@ eval "$(starship init bash)"
|
||||||
# rev = "025ceddbddf55f2eb4ab40b05889148aab9699fc";
|
# rev = "025ceddbddf55f2eb4ab40b05889148aab9699fc";
|
||||||
# sha256 = "0lxv37gmh38y9d3l8nbnsm1mskcv10g3i83j0kac0a2qmypv1k9f";
|
# sha256 = "0lxv37gmh38y9d3l8nbnsm1mskcv10g3i83j0kac0a2qmypv1k9f";
|
||||||
# } + "/Xresources.dark");
|
# } + "/Xresources.dark");
|
||||||
home.file.".emacs.d/init.el" = { source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el); };
|
home.file.".emacs.d/init.el" = {
|
||||||
|
source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el);
|
||||||
|
};
|
||||||
xdg.configFile."streamlink/config".text = ''
|
xdg.configFile."streamlink/config".text = ''
|
||||||
player = mpv --cache 2048
|
player = mpv --cache 2048
|
||||||
default-stream = best
|
default-stream = best
|
||||||
'';
|
'';
|
||||||
xdg.configFile."waybar" = { source = ./waybar; recursive = true; onChange = "systemctl --user restart waybar"; };
|
xdg.configFile."waybar" = {
|
||||||
|
source = ./waybar;
|
||||||
|
recursive = true;
|
||||||
|
onChange = "systemctl --user restart waybar";
|
||||||
|
};
|
||||||
programs.mako.enable = true;
|
programs.mako.enable = true;
|
||||||
services = {
|
services = {
|
||||||
lorri.enable = true;
|
lorri.enable = true;
|
||||||
|
@ -290,46 +359,55 @@ eval "$(starship init bash)"
|
||||||
fonts = [ (toString font) ];
|
fonts = [ (toString font) ];
|
||||||
window.border = 2;
|
window.border = 2;
|
||||||
floating.modifier = "Mod4";
|
floating.modifier = "Mod4";
|
||||||
keybindings = with pkgs; (builtins.head (builtins.head options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default //
|
keybindings = with pkgs;
|
||||||
(let exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}"; mod = "Mod4"; in
|
(builtins.head (builtins.head
|
||||||
{
|
options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default
|
||||||
"${mod}+Shift+c" = "kill";
|
// (let
|
||||||
"${mod}+j" = "focus left";
|
exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}";
|
||||||
"${mod}+k" = "focus right";
|
mod = "Mod4";
|
||||||
"${mod}+d" = "layout toggle split";
|
in {
|
||||||
"${mod}+i" = "exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh";
|
"${mod}+Shift+c" = "kill";
|
||||||
#"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session";
|
"${mod}+j" = "focus left";
|
||||||
"${mod}+ctrl+l" = "exec --no-startup-id sleep 1s && pkill -USR1 swayidle";
|
"${mod}+k" = "focus right";
|
||||||
"${mod}+Return" = "exec alacritty";
|
"${mod}+d" = "layout toggle split";
|
||||||
"${mod}+Escape" = "workspace back_and_forth";
|
"${mod}+i" =
|
||||||
"${mod}+0" = "workspace 10";
|
"exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh";
|
||||||
"${mod}+Shift+0" = "move container to workspace 10";
|
#"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session";
|
||||||
"${mod}+Shift+Left" = "move left";
|
"${mod}+ctrl+l" =
|
||||||
"${mod}+Shift+Right" = "move right";
|
"exec --no-startup-id sleep 1s && pkill -USR1 swayidle";
|
||||||
"${mod}+Shift+Up" = "move up";
|
"${mod}+Return" = "exec alacritty";
|
||||||
"${mod}+Shift+Down" = "move down";
|
"${mod}+Escape" = "workspace back_and_forth";
|
||||||
"${mod}+Ctrl+Right" = "move workspace to output right";
|
"${mod}+0" = "workspace 10";
|
||||||
"${mod}+Ctrl+Left" = "move workspace to output left";
|
"${mod}+Shift+0" = "move container to workspace 10";
|
||||||
"${mod}+Ctrl+Up" = "move workspace to output up";
|
"${mod}+Shift+Left" = "move left";
|
||||||
"${mod}+Ctrl+Down" = "move workspace to output down";
|
"${mod}+Shift+Right" = "move right";
|
||||||
|
"${mod}+Shift+Up" = "move up";
|
||||||
"XF86MonBrightnessUp" = exec light "light -A 5";
|
"${mod}+Shift+Down" = "move down";
|
||||||
"XF86MonBrightnessDown" = exec light "light -U 5";
|
"${mod}+Ctrl+Right" = "move workspace to output right";
|
||||||
"ctrl+XF86MonBrightnessUp" = exec light "light -A 1";
|
"${mod}+Ctrl+Left" = "move workspace to output left";
|
||||||
"ctrl+XF86MonBrightnessDown" = exec light "light -U 1";
|
"${mod}+Ctrl+Up" = "move workspace to output up";
|
||||||
"XF86AudioLowerVolume" = exec alsaUtils "amixer set Master 1%-";
|
"${mod}+Ctrl+Down" = "move workspace to output down";
|
||||||
"XF86AudioRaiseVolume" = exec alsaUtils "amixer set Master 1%+";
|
|
||||||
"XF86AudioMute" = exec alsaUtils "amixer set Master toggle";
|
"XF86MonBrightnessUp" = exec light "light -A 5";
|
||||||
"${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public";
|
"XF86MonBrightnessDown" = exec light "light -U 5";
|
||||||
"Print" = exec bin.screenshot_public "screenshot_public";
|
"ctrl+XF86MonBrightnessUp" = exec light "light -A 1";
|
||||||
"${mod}+Shift+t" = "exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh";
|
"ctrl+XF86MonBrightnessDown" = exec light "light -U 1";
|
||||||
"--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh";
|
"XF86AudioLowerVolume" = exec alsaUtils "amixer set Master 1%-";
|
||||||
"${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh";
|
"XF86AudioRaiseVolume" = exec alsaUtils "amixer set Master 1%+";
|
||||||
#"${mod}+p" = exec rofi-pass "rofi-pass";
|
"XF86AudioMute" = exec alsaUtils "amixer set Master toggle";
|
||||||
"${mod}+e" = exec pkgs.wldash "wldash start-or-kill";
|
"${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public";
|
||||||
"--locked ${mod}+bracketleft" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0";
|
"Print" = exec bin.screenshot_public "screenshot_public";
|
||||||
"--locked ${mod}+bracketright" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1";
|
"${mod}+Shift+t" =
|
||||||
});
|
"exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh";
|
||||||
|
"--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh";
|
||||||
|
"${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh";
|
||||||
|
#"${mod}+p" = exec rofi-pass "rofi-pass";
|
||||||
|
"${mod}+e" = exec pkgs.wldash "wldash start-or-kill";
|
||||||
|
"--locked ${mod}+bracketleft" =
|
||||||
|
"exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0";
|
||||||
|
"--locked ${mod}+bracketright" =
|
||||||
|
"exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1";
|
||||||
|
});
|
||||||
};
|
};
|
||||||
systemdIntegration = true;
|
systemdIntegration = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
@ -370,33 +448,63 @@ eval "$(starship init bash)"
|
||||||
EDITOR = "emacsclient";
|
EDITOR = "emacsclient";
|
||||||
#GDK_BACKEND = "wayland";
|
#GDK_BACKEND = "wayland";
|
||||||
TERMINAL = "alacritty";
|
TERMINAL = "alacritty";
|
||||||
QT_WAYLAND_DISABLE_WINDOWDECORATION="1";
|
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
|
||||||
QT_QPA_PLATFORM = "wayland";
|
QT_QPA_PLATFORM = "wayland";
|
||||||
_JAVA_AWT_WM_NONREPARENTING = "1";
|
_JAVA_AWT_WM_NONREPARENTING = "1";
|
||||||
XCURSOR_THEME = "Adwaita";
|
XCURSOR_THEME = "Adwaita";
|
||||||
XCURSOR_PATH = "${pkgs.gnome3.adwaita-icon-theme}/share/icons";
|
XCURSOR_PATH = "${pkgs.gnome3.adwaita-icon-theme}/share/icons";
|
||||||
XDG_CURRENT_DESKTOP = "sway";
|
XDG_CURRENT_DESKTOP = "sway";
|
||||||
};
|
};
|
||||||
home.packages = with pkgs.envs; [
|
home.packages = with pkgs.envs;
|
||||||
apps code de games pdf media misc scripts coins js
|
[ apps code de games pdf media misc scripts coins js ] ++ (with pkgs; [
|
||||||
] ++ (with pkgs; [
|
github-cli
|
||||||
github-cli libreoffice nix-tree virt-manager watchman
|
libreoffice
|
||||||
gnome3.gcr.out #alacritty
|
nix-tree
|
||||||
waybar slurp grim wl-clipboard
|
virt-manager
|
||||||
wldash gebaar-libinput
|
watchman
|
||||||
notmuch gmailieer afew
|
gnome3.gcr.out # alacritty
|
||||||
swaybg swayidle
|
waybar
|
||||||
swaylock broot starship
|
slurp
|
||||||
fd htop kcachegrind lm_sensors niv
|
grim
|
||||||
nixfmt linuxPackages.perf pssh slack smartmontools vim waypipe xdg_utils
|
wl-clipboard
|
||||||
nix-top nix-diff
|
wldash
|
||||||
ltrace asciinema cargo minecraft
|
gebaar-libinput
|
||||||
unzip
|
notmuch
|
||||||
exa obs-studio-dmabuf obs-wlrobs
|
gmailieer
|
||||||
zoom-us
|
afew
|
||||||
cachix eagle
|
swaybg
|
||||||
y-firefox
|
swayidle
|
||||||
]); # qtwayland
|
swaylock
|
||||||
|
broot
|
||||||
|
starship
|
||||||
|
fd
|
||||||
|
htop
|
||||||
|
kcachegrind
|
||||||
|
lm_sensors
|
||||||
|
niv
|
||||||
|
nixfmt
|
||||||
|
linuxPackages.perf
|
||||||
|
pssh
|
||||||
|
slack
|
||||||
|
smartmontools
|
||||||
|
vim
|
||||||
|
waypipe
|
||||||
|
xdg_utils
|
||||||
|
nix-top
|
||||||
|
nix-diff
|
||||||
|
ltrace
|
||||||
|
asciinema
|
||||||
|
cargo
|
||||||
|
minecraft
|
||||||
|
unzip
|
||||||
|
exa
|
||||||
|
obs-studio-dmabuf
|
||||||
|
obs-wlrobs
|
||||||
|
zoom-us
|
||||||
|
cachix
|
||||||
|
eagle
|
||||||
|
y-firefox
|
||||||
|
]); # qtwayland
|
||||||
# programs.firefox = {
|
# programs.firefox = {
|
||||||
# enable = true;
|
# enable = true;
|
||||||
# package = pkgs.wrapFirefox pkgs.firefox-unwrapped {
|
# package = pkgs.wrapFirefox pkgs.firefox-unwrapped {
|
||||||
|
@ -409,11 +517,9 @@ eval "$(starship init bash)"
|
||||||
After = [ "graphical-session-pre.target" ];
|
After = [ "graphical-session-pre.target" ];
|
||||||
PartOf = [ "graphical-session.target" ];
|
PartOf = [ "graphical-session.target" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
Install = {
|
Install = { WantedBy = [ "graphical-session.target" ]; };
|
||||||
WantedBy = [ "graphical-session.target" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
Service = {
|
Service = {
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${pkgs.waybar}/bin/waybar
|
${pkgs.waybar}/bin/waybar
|
||||||
|
@ -448,11 +554,9 @@ eval "$(starship init bash)"
|
||||||
After = [ "graphical-session-pre.target" ];
|
After = [ "graphical-session-pre.target" ];
|
||||||
PartOf = [ "graphical-session.target" ];
|
PartOf = [ "graphical-session.target" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
Install = {
|
Install = { WantedBy = [ "graphical-session.target" ]; };
|
||||||
WantedBy = [ "graphical-session.target" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
Service = {
|
Service = {
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${pkgs.gebaar-libinput}/bin/gebaard
|
${pkgs.gebaar-libinput}/bin/gebaard
|
||||||
|
|
|
@ -1,4 +1,2 @@
|
||||||
let
|
let sources = import /home/yorick/dotfiles/nix/sources.nix;
|
||||||
sources = import /home/yorick/dotfiles/nix/sources.nix;
|
in import sources.nixpkgs (import ./config.nix)
|
||||||
in
|
|
||||||
import sources.nixpkgs (import ./config.nix)
|
|
||||||
|
|
227
nix/sources.nix
227
nix/sources.nix
|
@ -7,42 +7,59 @@ let
|
||||||
#
|
#
|
||||||
|
|
||||||
fetch_file = pkgs: name: spec:
|
fetch_file = pkgs: name: spec:
|
||||||
let
|
let name' = sanitizeName name + "-src";
|
||||||
name' = sanitizeName name + "-src";
|
in if spec.builtin or true then
|
||||||
in
|
builtins_fetchurl {
|
||||||
if spec.builtin or true then
|
inherit (spec) url sha256;
|
||||||
builtins_fetchurl { inherit (spec) url sha256; name = name'; }
|
name = name';
|
||||||
else
|
}
|
||||||
pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
|
else
|
||||||
|
pkgs.fetchurl {
|
||||||
|
inherit (spec) url sha256;
|
||||||
|
name = name';
|
||||||
|
};
|
||||||
|
|
||||||
fetch_tarball = pkgs: name: spec:
|
fetch_tarball = pkgs: name: spec:
|
||||||
let
|
let name' = sanitizeName name + "-src";
|
||||||
name' = sanitizeName name + "-src";
|
in if spec.builtin or true then
|
||||||
in
|
builtins_fetchTarball {
|
||||||
if spec.builtin or true then
|
name = name';
|
||||||
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
|
inherit (spec) url sha256;
|
||||||
else
|
}
|
||||||
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
|
else
|
||||||
|
pkgs.fetchzip {
|
||||||
|
name = name';
|
||||||
|
inherit (spec) url sha256;
|
||||||
|
};
|
||||||
|
|
||||||
fetch_git = name: spec:
|
fetch_git = name: spec:
|
||||||
let
|
let
|
||||||
ref =
|
ref = if spec ? ref then
|
||||||
if spec ? ref then spec.ref else
|
spec.ref
|
||||||
if spec ? branch then "refs/heads/${spec.branch}" else
|
else if spec ? branch then
|
||||||
if spec ? tag then "refs/tags/${spec.tag}" else
|
"refs/heads/${spec.branch}"
|
||||||
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
|
else if spec ? tag then
|
||||||
in
|
"refs/tags/${spec.tag}"
|
||||||
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
|
else
|
||||||
|
abort
|
||||||
|
"In git source '${name}': Please specify `ref`, `tag` or `branch`!";
|
||||||
|
in builtins.fetchGit {
|
||||||
|
url = spec.repo;
|
||||||
|
inherit (spec) rev;
|
||||||
|
inherit ref;
|
||||||
|
};
|
||||||
|
|
||||||
fetch_local = spec: spec.path;
|
fetch_local = spec: spec.path;
|
||||||
|
|
||||||
fetch_builtin-tarball = name: throw
|
fetch_builtin-tarball = name:
|
||||||
''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
|
throw ''
|
||||||
$ niv modify ${name} -a type=tarball -a builtin=true'';
|
[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
|
||||||
|
$ niv modify ${name} -a type=tarball -a builtin=true'';
|
||||||
|
|
||||||
fetch_builtin-url = name: throw
|
fetch_builtin-url = name:
|
||||||
''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
|
throw ''
|
||||||
$ niv modify ${name} -a type=file -a builtin=true'';
|
[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
|
||||||
|
$ niv modify ${name} -a type=file -a builtin=true'';
|
||||||
|
|
||||||
#
|
#
|
||||||
# Various helpers
|
# Various helpers
|
||||||
|
@ -50,72 +67,87 @@ let
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
|
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
|
||||||
sanitizeName = name:
|
sanitizeName = name:
|
||||||
(
|
(concatMapStrings (s: if builtins.isList s then "-" else s)
|
||||||
concatMapStrings (s: if builtins.isList s then "-" else s)
|
(builtins.split "[^[:alnum:]+._?=-]+"
|
||||||
(
|
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)));
|
||||||
builtins.split "[^[:alnum:]+._?=-]+"
|
|
||||||
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
# The set of packages used when specs are fetched using non-builtins.
|
# The set of packages used when specs are fetched using non-builtins.
|
||||||
mkPkgs = sources: system:
|
mkPkgs = sources: system:
|
||||||
let
|
let
|
||||||
sourcesNixpkgs =
|
sourcesNixpkgs = import
|
||||||
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; };
|
(builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {
|
||||||
|
inherit system;
|
||||||
|
};
|
||||||
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
|
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
|
||||||
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
|
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
|
||||||
in
|
in if builtins.hasAttr "nixpkgs" sources then
|
||||||
if builtins.hasAttr "nixpkgs" sources
|
sourcesNixpkgs
|
||||||
then sourcesNixpkgs
|
else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
|
||||||
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
|
import <nixpkgs> { }
|
||||||
import <nixpkgs> {}
|
else
|
||||||
else
|
abort ''
|
||||||
abort
|
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
||||||
''
|
add a package called "nixpkgs" to your sources.json.
|
||||||
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
'';
|
||||||
add a package called "nixpkgs" to your sources.json.
|
|
||||||
'';
|
|
||||||
|
|
||||||
# The actual fetching function.
|
# The actual fetching function.
|
||||||
fetch = pkgs: name: spec:
|
fetch = pkgs: name: spec:
|
||||||
|
|
||||||
if ! builtins.hasAttr "type" spec then
|
if !builtins.hasAttr "type" spec then
|
||||||
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
|
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
|
||||||
else if spec.type == "file" then fetch_file pkgs name spec
|
else if spec.type == "file" then
|
||||||
else if spec.type == "tarball" then fetch_tarball pkgs name spec
|
fetch_file pkgs name spec
|
||||||
else if spec.type == "git" then fetch_git name spec
|
else if spec.type == "tarball" then
|
||||||
else if spec.type == "local" then fetch_local spec
|
fetch_tarball pkgs name spec
|
||||||
else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
|
else if spec.type == "git" then
|
||||||
else if spec.type == "builtin-url" then fetch_builtin-url name
|
fetch_git name spec
|
||||||
|
else if spec.type == "local" then
|
||||||
|
fetch_local spec
|
||||||
|
else if spec.type == "builtin-tarball" then
|
||||||
|
fetch_builtin-tarball name
|
||||||
|
else if spec.type == "builtin-url" then
|
||||||
|
fetch_builtin-url name
|
||||||
else
|
else
|
||||||
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
|
abort
|
||||||
|
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
|
||||||
|
|
||||||
# If the environment variable NIV_OVERRIDE_${name} is set, then use
|
# If the environment variable NIV_OVERRIDE_${name} is set, then use
|
||||||
# the path directly as opposed to the fetched source.
|
# the path directly as opposed to the fetched source.
|
||||||
replace = name: drv:
|
replace = name: drv:
|
||||||
let
|
let
|
||||||
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
|
saneName = stringAsChars
|
||||||
|
(c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
|
||||||
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
||||||
in
|
in if ersatz == "" then
|
||||||
if ersatz == "" then drv else
|
drv
|
||||||
# this turns the string into an actual Nix path (for both absolute and
|
else
|
||||||
# relative paths)
|
# this turns the string into an actual Nix path (for both absolute and
|
||||||
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
|
# relative paths)
|
||||||
|
if builtins.substring 0 1 ersatz == "/" then
|
||||||
|
/. + ersatz
|
||||||
|
else
|
||||||
|
/. + builtins.getEnv "PWD" + "/${ersatz}";
|
||||||
|
|
||||||
# Ports of functions for older nix versions
|
# Ports of functions for older nix versions
|
||||||
|
|
||||||
# a Nix version of mapAttrs if the built-in doesn't exist
|
# a Nix version of mapAttrs if the built-in doesn't exist
|
||||||
mapAttrs = builtins.mapAttrs or (
|
mapAttrs = builtins.mapAttrs or (f: set:
|
||||||
f: set: with builtins;
|
with builtins;
|
||||||
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
|
listToAttrs (map (attr: {
|
||||||
);
|
name = attr;
|
||||||
|
value = f attr set.${attr};
|
||||||
|
}) (attrNames set)));
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
|
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
|
||||||
range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1);
|
range = first: last:
|
||||||
|
if first > last then
|
||||||
|
[ ]
|
||||||
|
else
|
||||||
|
builtins.genList (n: first + n) (last - first + 1);
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
|
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
|
||||||
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
|
stringToCharacters = s:
|
||||||
|
map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
|
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
|
||||||
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
|
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
|
||||||
|
@ -123,46 +155,44 @@ let
|
||||||
concatStrings = builtins.concatStringsSep "";
|
concatStrings = builtins.concatStringsSep "";
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
|
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
|
||||||
optionalAttrs = cond: as: if cond then as else {};
|
optionalAttrs = cond: as: if cond then as else { };
|
||||||
|
|
||||||
# fetchTarball version that is compatible between all the versions of Nix
|
# fetchTarball version that is compatible between all the versions of Nix
|
||||||
builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
|
builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
|
||||||
let
|
let inherit (builtins) lessThan nixVersion fetchTarball;
|
||||||
inherit (builtins) lessThan nixVersion fetchTarball;
|
in if lessThan nixVersion "1.12" then
|
||||||
in
|
fetchTarball
|
||||||
if lessThan nixVersion "1.12" then
|
({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
|
||||||
fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
|
else
|
||||||
else
|
fetchTarball attrs;
|
||||||
fetchTarball attrs;
|
|
||||||
|
|
||||||
# fetchurl version that is compatible between all the versions of Nix
|
# fetchurl version that is compatible between all the versions of Nix
|
||||||
builtins_fetchurl = { url, name ? null, sha256 }@attrs:
|
builtins_fetchurl = { url, name ? null, sha256 }@attrs:
|
||||||
let
|
let inherit (builtins) lessThan nixVersion fetchurl;
|
||||||
inherit (builtins) lessThan nixVersion fetchurl;
|
in if lessThan nixVersion "1.12" then
|
||||||
in
|
fetchurl
|
||||||
if lessThan nixVersion "1.12" then
|
({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
|
||||||
fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
|
else
|
||||||
else
|
fetchurl attrs;
|
||||||
fetchurl attrs;
|
|
||||||
|
|
||||||
# Create the final "sources" from the config
|
# Create the final "sources" from the config
|
||||||
mkSources = config:
|
mkSources = config:
|
||||||
mapAttrs (
|
mapAttrs (name: spec:
|
||||||
name: spec:
|
if builtins.hasAttr "outPath" spec then
|
||||||
if builtins.hasAttr "outPath" spec
|
abort
|
||||||
then abort
|
"The values in sources.json should not have an 'outPath' attribute"
|
||||||
"The values in sources.json should not have an 'outPath' attribute"
|
else
|
||||||
else
|
spec // { outPath = replace name (fetch config.pkgs name spec); })
|
||||||
spec // { outPath = replace name (fetch config.pkgs name spec); }
|
config.sources;
|
||||||
) config.sources;
|
|
||||||
|
|
||||||
# The "config" used by the fetchers
|
# The "config" used by the fetchers
|
||||||
mkConfig =
|
mkConfig = { sourcesFile ?
|
||||||
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
|
if builtins.pathExists ./sources.json then ./sources.json else null
|
||||||
, sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
|
, sources ? if isNull sourcesFile then
|
||||||
, system ? builtins.currentSystem
|
{ }
|
||||||
, pkgs ? mkPkgs sources system
|
else
|
||||||
}: rec {
|
builtins.fromJSON (builtins.readFile sourcesFile)
|
||||||
|
, system ? builtins.currentSystem, pkgs ? mkPkgs sources system }: rec {
|
||||||
# The sources, i.e. the attribute set of spec name to spec
|
# The sources, i.e. the attribute set of spec name to spec
|
||||||
inherit sources;
|
inherit sources;
|
||||||
|
|
||||||
|
@ -170,5 +200,6 @@ let
|
||||||
inherit pkgs;
|
inherit pkgs;
|
||||||
};
|
};
|
||||||
|
|
||||||
in
|
in mkSources (mkConfig { }) // {
|
||||||
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }
|
__functor = _: settings: mkSources (mkConfig settings);
|
||||||
|
}
|
||||||
|
|
|
@ -1,19 +1,23 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{ pkgs, lib, config, ... }:
|
||||||
with lib;
|
with lib;
|
||||||
let cfg = config.deployment.keyys; in
|
let cfg = config.deployment.keyys;
|
||||||
{
|
in {
|
||||||
options.deployment.keyys = mkOption { type = types.listOf types.path; default = []; };
|
options.deployment.keyys = mkOption {
|
||||||
|
type = types.listOf types.path;
|
||||||
|
default = [ ];
|
||||||
|
};
|
||||||
options.deployment.keys-copy = mkOption { type = types.package; };
|
options.deployment.keys-copy = mkOption { type = types.package; };
|
||||||
config = {
|
config = {
|
||||||
deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys" (if cfg != [] then ''
|
deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys"
|
||||||
set -e
|
(if cfg != [ ] then ''
|
||||||
ssh root@$1 "mkdir -p /root/keys"
|
set -e
|
||||||
scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys
|
ssh root@$1 "mkdir -p /root/keys"
|
||||||
echo "uploaded keys"
|
scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys
|
||||||
'' else ''
|
echo "uploaded keys"
|
||||||
echo "no keys to upload"
|
'' else ''
|
||||||
'');
|
echo "no keys to upload"
|
||||||
|
'');
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,5 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }: {
|
||||||
{
|
imports = [ ../physical/3950x.nix ../roles/workstation.nix ];
|
||||||
imports =
|
|
||||||
[ ../physical/3950x.nix
|
|
||||||
../roles/workstation.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }: {
|
||||||
{
|
imports = [
|
||||||
imports = [
|
|
||||||
../physical/fractal.nix
|
../physical/fractal.nix
|
||||||
../roles/server.nix
|
../roles/server.nix
|
||||||
../roles/homeserver.nix
|
../roles/homeserver.nix
|
||||||
|
@ -20,7 +19,9 @@
|
||||||
# };
|
# };
|
||||||
boot.supportedFilesystems = [ "zfs" ];
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
services.yorick.torrent-vpn = {
|
services.yorick.torrent-vpn = {
|
||||||
enable = true; name = "mullvad-nl4"; namespace = "torrent";
|
enable = true;
|
||||||
|
name = "mullvad-nl4";
|
||||||
|
namespace = "torrent";
|
||||||
};
|
};
|
||||||
services.plex = {
|
services.plex = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -32,26 +33,28 @@
|
||||||
};
|
};
|
||||||
services.prometheus = {
|
services.prometheus = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraFlags = [
|
extraFlags = [ "--web.enable-admin-api" ];
|
||||||
"--web.enable-admin-api"
|
|
||||||
];
|
|
||||||
# victoriametrics
|
# victoriametrics
|
||||||
remoteWrite = [ { url = "http://127.0.0.1:8428/api/v1/write"; } ];
|
remoteWrite = [{ url = "http://127.0.0.1:8428/api/v1/write"; }];
|
||||||
scrapeConfigs = [ {
|
scrapeConfigs = [
|
||||||
job_name = "smartmeter";
|
{
|
||||||
# prometheus doesn't support mdns :thinking_face:
|
job_name = "smartmeter";
|
||||||
static_configs = [ { targets = [ "192.168.178.30" ]; } ];
|
# prometheus doesn't support mdns :thinking_face:
|
||||||
scrape_interval = "10s";
|
static_configs = [{ targets = [ "192.168.178.30" ]; }];
|
||||||
} {
|
scrape_interval = "10s";
|
||||||
job_name = "node";
|
}
|
||||||
static_configs = [ { targets = [ "localhost:9100" ]; } ];
|
{
|
||||||
# } {
|
job_name = "node";
|
||||||
# job_name = "unifi";
|
static_configs = [{ targets = [ "localhost:9100" ]; }];
|
||||||
# static_configs = [ { targets = [ "localhost:9130" ]; } ];
|
# } {
|
||||||
} {
|
# job_name = "unifi";
|
||||||
job_name = "thermometer";
|
# static_configs = [ { targets = [ "localhost:9130" ]; } ];
|
||||||
static_configs = [ { targets = [ "192.168.178.21:8000" ]; } ];
|
}
|
||||||
}];
|
{
|
||||||
|
job_name = "thermometer";
|
||||||
|
static_configs = [{ targets = [ "192.168.178.21:8000" ]; }];
|
||||||
|
}
|
||||||
|
];
|
||||||
exporters.node.enable = true;
|
exporters.node.enable = true;
|
||||||
# exporters.unifi = {
|
# exporters.unifi = {
|
||||||
# enable = true;
|
# enable = true;
|
||||||
|
@ -81,7 +84,8 @@
|
||||||
AUTH_GOOGLE_ALLOW_SIGN_UP = "false";
|
AUTH_GOOGLE_ALLOW_SIGN_UP = "false";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
systemd.services.grafana.serviceConfig.EnvironmentFile = "/root/keys/grafana.env";
|
systemd.services.grafana.serviceConfig.EnvironmentFile =
|
||||||
|
"/root/keys/grafana.env";
|
||||||
services.zfs = {
|
services.zfs = {
|
||||||
trim.enable = false; # no ssd's
|
trim.enable = false; # no ssd's
|
||||||
autoScrub = {
|
autoScrub = {
|
||||||
|
|
|
@ -1,9 +1,5 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }: {
|
||||||
{
|
imports = [ ../physical/xps9360.nix ../roles/workstation.nix ];
|
||||||
imports =
|
|
||||||
[ ../physical/xps9360.nix
|
|
||||||
../roles/workstation.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
system.stateVersion = "17.09";
|
system.stateVersion = "17.09";
|
||||||
|
|
||||||
|
|
|
@ -13,8 +13,7 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
vpn = import ../vpn.nix;
|
vpn = import ../vpn.nix;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
imports = [
|
imports = [
|
||||||
../physical/hetznercloud.nix
|
../physical/hetznercloud.nix
|
||||||
../roles/server.nix
|
../roles/server.nix
|
||||||
|
@ -24,20 +23,30 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
system.stateVersion = "19.03";
|
system.stateVersion = "19.03";
|
||||||
|
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
services.yorick = {
|
services.yorick = {
|
||||||
public = { enable = true; vhost = "pub.yori.cc"; };
|
public = {
|
||||||
website = { enable = true; vhost = "yorickvanpelt.nl"; };
|
enable = true;
|
||||||
git = { enable = true; vhost = "git.yori.cc"; };
|
vhost = "pub.yori.cc";
|
||||||
muflax-church = { enable = true; vhost = "muflax.church"; };
|
};
|
||||||
|
website = {
|
||||||
|
enable = true;
|
||||||
|
vhost = "yorickvanpelt.nl";
|
||||||
|
};
|
||||||
|
git = {
|
||||||
|
enable = true;
|
||||||
|
vhost = "git.yori.cc";
|
||||||
|
};
|
||||||
|
muflax-church = {
|
||||||
|
enable = true;
|
||||||
|
vhost = "muflax.church";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.muflax-blog = {
|
services.muflax-blog = {
|
||||||
enable = true;
|
enable = true;
|
||||||
web-server = {
|
web-server = { port = 9001; };
|
||||||
port = 9001;
|
|
||||||
};
|
|
||||||
hidden-service = {
|
hidden-service = {
|
||||||
hostname = "muflax65ngodyewp.onion";
|
hostname = "muflax65ngodyewp.onion";
|
||||||
private_key = "/root/keys/http.muflax.key";
|
private_key = "/root/keys/http.muflax.key";
|
||||||
|
@ -52,12 +61,16 @@ in
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
globalRedirect = "yorickvanpelt.nl";
|
globalRedirect = "yorickvanpelt.nl";
|
||||||
};
|
};
|
||||||
"yorickvanpelt.nl".locations."/p1".return = "301 https://git.yori.cc/yorick/meterkast";
|
"yorickvanpelt.nl".locations."/p1".return =
|
||||||
|
"301 https://git.yori.cc/yorick/meterkast";
|
||||||
"grafana.yori.cc" = sslforward "http://${vpn.ips.frumar}:3000";
|
"grafana.yori.cc" = sslforward "http://${vpn.ips.frumar}:3000";
|
||||||
"ubiquiti.yori.cc" = sslforward "https://${vpn.ips.woodhouse}:8443";
|
"ubiquiti.yori.cc" = sslforward "https://${vpn.ips.woodhouse}:8443";
|
||||||
"prometheus.yori.cc" = {
|
"prometheus.yori.cc" = {
|
||||||
# only over vpn
|
# only over vpn
|
||||||
listen = [ { addr = "10.209.0.1"; port = 80; } ];
|
listen = [{
|
||||||
|
addr = "10.209.0.1";
|
||||||
|
port = 80;
|
||||||
|
}];
|
||||||
locations."/".proxyPass = "http://10.209.0.3:9090";
|
locations."/".proxyPass = "http://10.209.0.3:9090";
|
||||||
};
|
};
|
||||||
"pub.yori.cc".locations."/muflax/".extraConfig = ''
|
"pub.yori.cc".locations."/muflax/".extraConfig = ''
|
||||||
|
@ -66,19 +79,20 @@ in
|
||||||
};
|
};
|
||||||
deployment.keyys = [ <yori-nix/keys/http.muflax.key> ];
|
deployment.keyys = [ <yori-nix/keys/http.muflax.key> ];
|
||||||
networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
|
networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
|
||||||
networking.wireguard.interfaces.wg-y.peers =
|
networking.wireguard.interfaces.wg-y.peers = lib.mkForce (lib.mapAttrsToList
|
||||||
lib.mkForce (lib.mapAttrsToList (machine: publicKey: {
|
(machine: publicKey: {
|
||||||
inherit publicKey;
|
inherit publicKey;
|
||||||
allowedIPs = [ "${vpn.ips.${machine}}/32" ];
|
allowedIPs = [ "${vpn.ips.${machine}}/32" ];
|
||||||
}) vpn.keys);
|
}) vpn.keys);
|
||||||
services.prometheus.exporters.wireguard = {
|
services.prometheus.exporters.wireguard = { enable = true; };
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9586 ];
|
networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9586 ];
|
||||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||||
environment.noXlibs = true;
|
environment.noXlibs = true;
|
||||||
users.users.yorick.packages = with pkgs; [
|
users.users.yorick.packages = with pkgs; [
|
||||||
python2 sshfs-fuse weechat ripgrep
|
python2
|
||||||
|
sshfs-fuse
|
||||||
|
weechat
|
||||||
|
ripgrep
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,18 +1,27 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let
|
let
|
||||||
#secrets = import <secrets>;
|
#secrets = import <secrets>;
|
||||||
mkFuseMount = device: opts: {
|
mkFuseMount = device: opts: {
|
||||||
# todo: "ServerAliveCountMax=3" "ServerAliveInterval=30"
|
# todo: "ServerAliveCountMax=3" "ServerAliveInterval=30"
|
||||||
|
|
||||||
device = "${pkgs.sshfsFuse}/bin/sshfs#${device}";
|
device = "${pkgs.sshfsFuse}/bin/sshfs#${device}";
|
||||||
fsType = "fuse";
|
fsType = "fuse";
|
||||||
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user"
|
options = [
|
||||||
"defaults" "allow_other" "transform_symlinks" "default_permissions"
|
"noauto"
|
||||||
"uid=1000"
|
"x-systemd.automount"
|
||||||
"reconnect" "IdentityFile=/root/.ssh/id_sshfs"] ++ opts;
|
"_netdev"
|
||||||
};
|
"users"
|
||||||
in
|
"idmap=user"
|
||||||
{
|
"defaults"
|
||||||
|
"allow_other"
|
||||||
|
"transform_symlinks"
|
||||||
|
"default_permissions"
|
||||||
|
"uid=1000"
|
||||||
|
"reconnect"
|
||||||
|
"IdentityFile=/root/.ssh/id_sshfs"
|
||||||
|
] ++ opts;
|
||||||
|
};
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../physical/nuc.nix
|
../physical/nuc.nix
|
||||||
../roles/graphical.nix
|
../roles/graphical.nix
|
||||||
|
@ -35,12 +44,13 @@ in
|
||||||
hardware.bluetooth.enable = true;
|
hardware.bluetooth.enable = true;
|
||||||
|
|
||||||
# kodi ports
|
# kodi ports
|
||||||
networking.firewall.allowedTCPPorts = [7 8080 8443 9090 9777];
|
networking.firewall.allowedTCPPorts = [ 7 8080 8443 9090 9777 ];
|
||||||
users.users.tv = {
|
users.users.tv = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
uid = 1043;
|
uid = 1043;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "wheel" ];
|
||||||
hashedPassword = "$6$hD4ESAGS8O1d$yctx6spOPZ0nt/6cgYpsWZ86UoXw3ISRpf2gbdhbl8JgDz6Psjx6JCqJ9NsMi5BHnXlgRRK/z2SVrTjHEsqQR.";
|
hashedPassword =
|
||||||
|
"$6$hD4ESAGS8O1d$yctx6spOPZ0nt/6cgYpsWZ86UoXw3ISRpf2gbdhbl8JgDz6Psjx6JCqJ9NsMi5BHnXlgRRK/z2SVrTjHEsqQR.";
|
||||||
packages = with pkgs; [ plex-media-player ];
|
packages = with pkgs; [ plex-media-player ];
|
||||||
};
|
};
|
||||||
services.xserver.windowManager.i3.enable = true;
|
services.xserver.windowManager.i3.enable = true;
|
||||||
|
@ -57,6 +67,6 @@ in
|
||||||
# };
|
# };
|
||||||
# todo: debug:
|
# todo: debug:
|
||||||
services.resolved.extraConfig = "MulticastDNS=true";
|
services.resolved.extraConfig = "MulticastDNS=true";
|
||||||
systemd.network.networks."40-eno1".networkConfig.MulticastDNS="yes";
|
systemd.network.networks."40-eno1".networkConfig.MulticastDNS = "yes";
|
||||||
services.fstrim.enable = true;
|
services.fstrim.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,16 +1,15 @@
|
||||||
# Edit this configuration file to define what should be installed on your system. Help is available in the configuration.nix(5) man page and in the NixOS manual (accessible by running ‘nixos-help’).
|
# Edit this configuration file to define what should be installed on your system. Help is available in the configuration.nix(5) man page and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
let sources = import ../../nix/sources.nix; in
|
let sources = import ../../nix/sources.nix;
|
||||||
{ config, lib, pkgs, ... }:
|
in { config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ # Include the results of the hardware scan.
|
||||||
[ # Include the results of the hardware scan.
|
../physical/apu2c4.nix
|
||||||
../physical/apu2c4.nix
|
#<yori-nix/roles/homeserver.nix>
|
||||||
#<yori-nix/roles/homeserver.nix>
|
../roles
|
||||||
../roles
|
"${sources.nixos-hardware}/pcengines/apu"
|
||||||
"${sources.nixos-hardware}/pcengines/apu"
|
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
];
|
||||||
];
|
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
boot.loader.grub.version = 2;
|
||||||
|
@ -50,10 +49,15 @@ let sources = import ../../nix/sources.nix; in
|
||||||
interface = "dslite1";
|
interface = "dslite1";
|
||||||
};
|
};
|
||||||
systemd.services.dslite1-netdev = {
|
systemd.services.dslite1-netdev = {
|
||||||
wantedBy = [ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ];
|
wantedBy =
|
||||||
bindsTo = [];
|
[ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ];
|
||||||
|
bindsTo = [ ];
|
||||||
partOf = [ "network-setup.service" ];
|
partOf = [ "network-setup.service" ];
|
||||||
after = [ "network-pre.target" "network-addresses-enp1s0.service" "network-link-enp1s0.service" ];
|
after = [
|
||||||
|
"network-pre.target"
|
||||||
|
"network-addresses-enp1s0.service"
|
||||||
|
"network-link-enp1s0.service"
|
||||||
|
];
|
||||||
before = [ "network-setup.service" ];
|
before = [ "network-setup.service" ];
|
||||||
path = [ pkgs.iproute ];
|
path = [ pkgs.iproute ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -96,16 +100,56 @@ let sources = import ../../nix/sources.nix; in
|
||||||
interfaces = [ "enp2s0" ];
|
interfaces = [ "enp2s0" ];
|
||||||
enable = true;
|
enable = true;
|
||||||
machines = [
|
machines = [
|
||||||
{ hostName = "amateria"; ethernetAddress = "a8:a1:59:15:8b:63"; ipAddress = "192.168.178.42"; }
|
{
|
||||||
{ hostName = "blackadder"; ethernetAddress = "a8:a1:59:03:8a:75"; ipAddress = "192.168.178.33"; }
|
hostName = "amateria";
|
||||||
{ hostName = "frumar"; ethernetAddress = "bc:5f:f4:e8:42:9f"; ipAddress = "192.168.178.37"; }
|
ethernetAddress = "a8:a1:59:15:8b:63";
|
||||||
{ hostName = "jarvis"; ethernetAddress = "18:1d:ea:35:13:58"; ipAddress = "192.168.178.34"; }
|
ipAddress = "192.168.178.42";
|
||||||
{ hostName = "jarvis-dock"; ethernetAddress = "64:4b:f0:10:05:f2"; ipAddress = "192.168.178.13"; }
|
}
|
||||||
{ hostName = "printer"; ethernetAddress = "30:05:5c:44:20:a7"; ipAddress = "192.168.178.26"; }
|
{
|
||||||
{ hostName = "raspberrypi"; ethernetAddress = "b8:27:eb:b9:ec:3a"; ipAddress = "192.168.178.21"; }
|
hostName = "blackadder";
|
||||||
{ hostName = "smartMeter"; ethernetAddress = "5c:cf:7f:26:ca:91"; ipAddress = "192.168.178.30"; }
|
ethernetAddress = "a8:a1:59:03:8a:75";
|
||||||
{ hostName = "gang-ap"; ethernetAddress = "b4:fb:e4:2d:fc:f3"; ipAddress = "192.168.178.32"; }
|
ipAddress = "192.168.178.33";
|
||||||
{ hostName = "woodhouse"; ethernetAddress = "94:c6:91:15:1f:c5"; ipAddress = "192.168.178.39"; }
|
}
|
||||||
|
{
|
||||||
|
hostName = "frumar";
|
||||||
|
ethernetAddress = "bc:5f:f4:e8:42:9f";
|
||||||
|
ipAddress = "192.168.178.37";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostName = "jarvis";
|
||||||
|
ethernetAddress = "18:1d:ea:35:13:58";
|
||||||
|
ipAddress = "192.168.178.34";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostName = "jarvis-dock";
|
||||||
|
ethernetAddress = "64:4b:f0:10:05:f2";
|
||||||
|
ipAddress = "192.168.178.13";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostName = "printer";
|
||||||
|
ethernetAddress = "30:05:5c:44:20:a7";
|
||||||
|
ipAddress = "192.168.178.26";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostName = "raspberrypi";
|
||||||
|
ethernetAddress = "b8:27:eb:b9:ec:3a";
|
||||||
|
ipAddress = "192.168.178.21";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostName = "smartMeter";
|
||||||
|
ethernetAddress = "5c:cf:7f:26:ca:91";
|
||||||
|
ipAddress = "192.168.178.30";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostName = "gang-ap";
|
||||||
|
ethernetAddress = "b4:fb:e4:2d:fc:f3";
|
||||||
|
ipAddress = "192.168.178.32";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostName = "woodhouse";
|
||||||
|
ethernetAddress = "94:c6:91:15:1f:c5";
|
||||||
|
ipAddress = "192.168.178.39";
|
||||||
|
}
|
||||||
];
|
];
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
subnet 192.168.178.0 netmask 255.255.255.0 {
|
subnet 192.168.178.0 netmask 255.255.255.0 {
|
||||||
|
@ -183,15 +227,17 @@ let sources = import ../../nix/sources.nix; in
|
||||||
boot.supportedFilesystems = lib.mkForce [ "ext4" ];
|
boot.supportedFilesystems = lib.mkForce [ "ext4" ];
|
||||||
boot.initrd.supportedFilesystems = lib.mkForce [ "ext4" ];
|
boot.initrd.supportedFilesystems = lib.mkForce [ "ext4" ];
|
||||||
security.polkit.enable = false;
|
security.polkit.enable = false;
|
||||||
nixpkgs.overlays = [ (self: super: {
|
nixpkgs.overlays = [
|
||||||
dhcpcd = super.dhcpcd.overrideAttrs (o: rec {
|
(self: super: {
|
||||||
pname = "dhcpcd";
|
dhcpcd = super.dhcpcd.overrideAttrs (o: rec {
|
||||||
version = "8.1.9";
|
pname = "dhcpcd";
|
||||||
src = self.fetchurl {
|
version = "8.1.9";
|
||||||
url = "mirror://roy/${pname}/${pname}-${version}.tar.xz";
|
src = self.fetchurl {
|
||||||
sha256 = "1kzv61bgrd0zwiy6r218zkccx36j9p5mz1gxqvbhg05xn9g50alf";
|
url = "mirror://roy/${pname}/${pname}-${version}.tar.xz";
|
||||||
};
|
sha256 = "1kzv61bgrd0zwiy6r218zkccx36j9p5mz1gxqvbhg05xn9g50alf";
|
||||||
patches = [];
|
};
|
||||||
});
|
patches = [ ];
|
||||||
}) ];
|
});
|
||||||
|
})
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,12 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.yorick.lumi-vpn;
|
cfg = config.yorick.lumi-vpn;
|
||||||
addresses = import "${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix"
|
addresses = import
|
||||||
{ lib.ip4.ip = a: b: c: d: x: lib.concatStringsSep "." (map toString [ a b c d ]); };
|
"${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix" {
|
||||||
in
|
lib.ip4.ip = a: b: c: d: x:
|
||||||
{
|
lib.concatStringsSep "." (map toString [ a b c d ]);
|
||||||
|
};
|
||||||
|
in {
|
||||||
options.yorick.lumi-vpn = with lib; {
|
options.yorick.lumi-vpn = with lib; {
|
||||||
enable = mkEnableOption "lumi vpn";
|
enable = mkEnableOption "lumi vpn";
|
||||||
name = mkOption {
|
name = mkOption {
|
||||||
|
@ -28,9 +30,10 @@ in
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
networking.wireguard.interfaces = {
|
networking.wireguard.interfaces = {
|
||||||
wg-lumi = {
|
wg-lumi = {
|
||||||
privateKeyFile = "/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key";
|
privateKeyFile =
|
||||||
|
"/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key";
|
||||||
ips = [ cfg.ip ];
|
ips = [ cfg.ip ];
|
||||||
peers = [ {
|
peers = [{
|
||||||
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
|
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
|
||||||
endpoint = "wg.lumi.guide:31727";
|
endpoint = "wg.lumi.guide:31727";
|
||||||
allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];
|
allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];
|
||||||
|
|
|
@ -1,30 +1,32 @@
|
||||||
{ cur_pkgs, config, lib, ... }:
|
{ cur_pkgs, config, lib, ... }:
|
||||||
|
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.muflax-blog;
|
cfg = config.services.muflax-blog;
|
||||||
muflax-source = builtins.fetchGit {
|
muflax-source = builtins.fetchGit {
|
||||||
rev = "e5ce7ae4296c6605a7e886c153d569fc38318096";
|
rev = "e5ce7ae4296c6605a7e886c153d569fc38318096";
|
||||||
ref = "HEAD";
|
ref = "HEAD";
|
||||||
url = "https://github.com/fmap/muflax65ngodyewp.onion.git";
|
url = "https://github.com/fmap/muflax65ngodyewp.onion.git";
|
||||||
};
|
};
|
||||||
nixpkgs = import (builtins.fetchTarball {
|
nixpkgs = import (builtins.fetchTarball {
|
||||||
url = "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
|
url =
|
||||||
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
|
"https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
|
||||||
}) { system = builtins.currentSystem; };
|
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
|
||||||
blog = lib.overrideDerivation (nixpkgs.callPackage "${muflax-source}/maintenance" {}) (default: {
|
}) { system = builtins.currentSystem; };
|
||||||
buildPhase = default.buildPhase + "\n" + ''
|
blog = lib.overrideDerivation
|
||||||
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1${cfg.hidden-service.hostname}/g'
|
(nixpkgs.callPackage "${muflax-source}/maintenance" { }) (default: {
|
||||||
'';
|
buildPhase = default.buildPhase + "\n" + ''
|
||||||
});
|
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1${cfg.hidden-service.hostname}/g'
|
||||||
|
'';
|
||||||
|
});
|
||||||
in with lib; {
|
in with lib; {
|
||||||
options.services.muflax-blog = {
|
options.services.muflax-blog = {
|
||||||
enable = mkOption { type = types.bool; default = false; };
|
enable = mkOption {
|
||||||
web-server = {
|
type = types.bool;
|
||||||
port = mkOption { type = types.int; };
|
default = false;
|
||||||
};
|
};
|
||||||
|
web-server = { port = mkOption { type = types.int; }; };
|
||||||
hidden-service = {
|
hidden-service = {
|
||||||
hostname = mkOption { type = types.str; };
|
hostname = mkOption { type = types.str; };
|
||||||
private_key = mkOption { type = types.str; };
|
private_key = mkOption { type = types.str; };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -47,11 +49,13 @@ in with lib; {
|
||||||
server_name ${site}.${cfg.hidden-service.hostname};
|
server_name ${site}.${cfg.hidden-service.hostname};
|
||||||
root ${blog}/${site};
|
root ${blog}/${site};
|
||||||
}
|
}
|
||||||
'') ["daily" "gospel" "blog"]);
|
'') [ "daily" "gospel" "blog" ]);
|
||||||
};
|
};
|
||||||
services.tor.enable = true;
|
services.tor.enable = true;
|
||||||
services.tor.hiddenServices.muflax-blog.map = [{
|
services.tor.hiddenServices.muflax-blog.map = [{
|
||||||
port = 80; toPort = cfg.web-server.port; }];
|
port = 80;
|
||||||
|
toPort = cfg.web-server.port;
|
||||||
|
}];
|
||||||
services.tor.service-keys.muflax-blog = cfg.hidden-service.private_key;
|
services.tor.service-keys.muflax-blog = cfg.hidden-service.private_key;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,36 +1,35 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
sslcfg = dir: ''
|
sslcfg = dir: ''
|
||||||
ssl on;
|
ssl on;
|
||||||
ssl_certificate_key ${dir}/key.pem;
|
ssl_certificate_key ${dir}/key.pem;
|
||||||
ssl_certificate ${dir}/fullchain.pem;
|
ssl_certificate ${dir}/fullchain.pem;
|
||||||
ssl_trusted_certificate ${dir}/fullchain.pem;
|
ssl_trusted_certificate ${dir}/fullchain.pem;
|
||||||
add_header Strict-Transport-Security max-age=15768000;
|
add_header Strict-Transport-Security max-age=15768000;
|
||||||
'';
|
'';
|
||||||
|
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
config = lib.mkIf config.services.nginx.enable {
|
config = lib.mkIf config.services.nginx.enable {
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
serverTokens = false;
|
serverTokens = false;
|
||||||
sslDhparam = "/etc/nginx/dhparam.pem";
|
sslDhparam = "/etc/nginx/dhparam.pem";
|
||||||
virtualHosts."${config.networking.hostName}.yori.cc" = {
|
virtualHosts."${config.networking.hostName}.yori.cc" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
networking.firewall.allowedTCPPorts = [80 443];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
system.activationScripts.nginxdhparams = ''
|
system.activationScripts.nginxdhparams = ''
|
||||||
if ! [[ -e /etc/nginx/dhparam.pem ]]; then
|
if ! [[ -e /etc/nginx/dhparam.pem ]]; then
|
||||||
mkdir -p /etc/nginx/
|
mkdir -p /etc/nginx/
|
||||||
${pkgs.openssl}/bin/openssl dhparam -out /etc/nginx/dhparam.pem 2048
|
${pkgs.openssl}/bin/openssl dhparam -out /etc/nginx/dhparam.pem 2048
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,13 +7,13 @@ let
|
||||||
torDir = "/var/lib/tor";
|
torDir = "/var/lib/tor";
|
||||||
in {
|
in {
|
||||||
options.services.tor.service-keys = mkOption {
|
options.services.tor.service-keys = mkOption {
|
||||||
default = {};
|
default = { };
|
||||||
type = with types; attrsOf str;
|
type = with types; attrsOf str;
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf (service-keys != {}) {
|
config = mkIf (service-keys != { }) {
|
||||||
systemd.services."install-tor-hidden-service-keys" = {
|
systemd.services."install-tor-hidden-service-keys" = {
|
||||||
wantedBy = ["tor.service"];
|
wantedBy = [ "tor.service" ];
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
serviceConfig.User = "root";
|
serviceConfig.User = "root";
|
||||||
serviceConfig.Group = "keys";
|
serviceConfig.Group = "keys";
|
||||||
|
|
|
@ -1,32 +1,20 @@
|
||||||
let
|
let names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
|
||||||
names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
|
in pkgs: super: {
|
||||||
in
|
yorick = (super.yorick or { }) // rec {
|
||||||
pkgs: super: {
|
nixos = configuration: extraArgs:
|
||||||
yorick = (super.yorick or {}) // rec {
|
|
||||||
nixos =
|
|
||||||
configuration: extraArgs:
|
|
||||||
let
|
let
|
||||||
c = import (pkgs.path + "/nixos/lib/eval-config.nix") {
|
c = import (pkgs.path + "/nixos/lib/eval-config.nix") {
|
||||||
inherit (pkgs.stdenv.hostPlatform) system;
|
inherit (pkgs.stdenv.hostPlatform) system;
|
||||||
inherit extraArgs;
|
inherit extraArgs;
|
||||||
modules =
|
modules =
|
||||||
[(
|
[ ({ lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault pkgs; }) ]
|
||||||
{ lib, ... }: {
|
++ (if builtins.isList configuration then
|
||||||
config.nixpkgs.pkgs = lib.mkDefault pkgs;
|
configuration
|
||||||
}
|
else
|
||||||
)] ++ (
|
[ configuration ]);
|
||||||
if builtins.isList configuration
|
|
||||||
then configuration
|
|
||||||
else [configuration]
|
|
||||||
);
|
|
||||||
};
|
};
|
||||||
in
|
in c.config.system.build // c;
|
||||||
c.config.system.build // c;
|
machine = pkgs.lib.genAttrs names
|
||||||
machine = pkgs.lib.genAttrs names (name: nixos [
|
(name: nixos [ ./roles (./logical + "/${name}.nix") ] { inherit name; });
|
||||||
./roles
|
|
||||||
(./logical + "/${name}.nix")
|
|
||||||
] {
|
|
||||||
inherit name;
|
|
||||||
});
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1 @@
|
||||||
[ (self: super: {
|
[ (self: super: { yori-cc = super.callPackage ./yori-cc.nix { }; }) ]
|
||||||
yori-cc = super.callPackage ./yori-cc.nix {};
|
|
||||||
})]
|
|
||||||
|
|
|
@ -2,12 +2,12 @@
|
||||||
|
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
name = "yori-cc-1.5";
|
name = "yori-cc-1.5";
|
||||||
|
|
||||||
src = builtins.fetchGit {
|
src = builtins.fetchGit {
|
||||||
url = "git@git.yori.cc:yorick/yori-cc.git";
|
url = "git@git.yori.cc:yorick/yori-cc.git";
|
||||||
rev = "68c75ab84cceaf98dd8fd0646b97d73f966b8962";
|
rev = "68c75ab84cceaf98dd8fd0646b97d73f966b8962";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = [ ];
|
buildInputs = [ ];
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
|
@ -17,7 +17,7 @@ stdenv.mkDerivation {
|
||||||
|
|
||||||
meta = {
|
meta = {
|
||||||
description = "Yori-cc website";
|
description = "Yori-cc website";
|
||||||
homepage = https://yorickvanpelt.nl;
|
homepage = "https://yorickvanpelt.nl";
|
||||||
maintainers = [ "Yorick" ];
|
maintainers = [ "Yorick" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,33 +4,31 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
boot.initrd.availableKernelModules =
|
||||||
|
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{ device = "rpool/root/nixos";
|
device = "rpool/root/nixos";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/home" =
|
fileSystems."/home" = {
|
||||||
{ device = "rpool/home-enc";
|
device = "rpool/home-enc";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" = {
|
||||||
{ device = "/dev/disk/by-uuid/5D0A-7902";
|
device = "/dev/disk/by-uuid/5D0A-7902";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices =
|
swapDevices =
|
||||||
[ { device = "/dev/disk/by-uuid/61a23e27-2cd4-4456-bcde-aec68be04239"; }
|
[{ device = "/dev/disk/by-uuid/61a23e27-2cd4-4456-bcde-aec68be04239"; }];
|
||||||
];
|
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 32;
|
nix.maxJobs = lib.mkDefault 32;
|
||||||
# High-DPI console
|
# High-DPI console
|
||||||
|
|
|
@ -1,12 +1,11 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let sources = import ../../nix/sources.nix;
|
let sources = import ../../nix/sources.nix;
|
||||||
in
|
in {
|
||||||
{
|
imports = [
|
||||||
imports =
|
./.
|
||||||
[ ./.
|
./3950x-hardware-config.nix
|
||||||
./3950x-hardware-config.nix
|
"${sources.nixos-hardware}/common/cpu/amd"
|
||||||
"${sources.nixos-hardware}/common/cpu/amd"
|
];
|
||||||
];
|
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
@ -27,8 +26,13 @@ in
|
||||||
# linkConfig.NamePolicy = "mac kernel database onboard slot path";
|
# linkConfig.NamePolicy = "mac kernel database onboard slot path";
|
||||||
# };
|
# };
|
||||||
boot.kernelParams = [
|
boot.kernelParams = [
|
||||||
"amdgpu.ppfeaturemask=0xffffffff" "amdgpu.noretry=0" "amdgpu.lockup_timeout=1000" "amdgpu.gpu_recovery=1" "amdgpu.audio=0"
|
"amdgpu.ppfeaturemask=0xffffffff"
|
||||||
|
"amdgpu.noretry=0"
|
||||||
|
"amdgpu.lockup_timeout=1000"
|
||||||
|
"amdgpu.gpu_recovery=1"
|
||||||
|
"amdgpu.audio=0"
|
||||||
# thunderbolt
|
# thunderbolt
|
||||||
"pcie_ports=native" "pci=assign-busses,hpbussize=0x33,realloc"
|
"pcie_ports=native"
|
||||||
|
"pci=assign-busses,hpbussize=0x33,realloc"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,19 +4,19 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
|
boot.initrd.availableKernelModules =
|
||||||
|
[ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{ device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2";
|
device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices =
|
swapDevices =
|
||||||
[ { device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; }
|
[{ device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; }];
|
||||||
];
|
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 4;
|
nix.maxJobs = lib.mkDefault 4;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1 @@
|
||||||
{
|
{ hardware.enableRedistributableFirmware = true; }
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,13 +1,10 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let sources = import ../../nix/sources.nix;
|
let sources = import ../../nix/sources.nix;
|
||||||
in
|
in {
|
||||||
{
|
imports = [ ./. "${sources.nixos-hardware}/common/cpu/intel" ];
|
||||||
imports =
|
|
||||||
[ ./.
|
|
||||||
"${sources.nixos-hardware}/common/cpu/intel"
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
|
boot.initrd.availableKernelModules =
|
||||||
|
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
|
||||||
|
|
||||||
# Use the GRUB 2 boot loader.
|
# Use the GRUB 2 boot loader.
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
|
@ -17,25 +14,22 @@ in
|
||||||
device = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S21PNXAG441016B";
|
device = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S21PNXAG441016B";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/ba95c638-f243-48ee-ae81-0c70884e7e74";
|
||||||
|
fsType = "ext4";
|
||||||
|
options = [ "defaults" "relatime" "discard" ];
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/" =
|
swapDevices = [{ device = "/dev/disk/by-label/nixos-swap"; }];
|
||||||
{ device = "/dev/disk/by-uuid/ba95c638-f243-48ee-ae81-0c70884e7e74";
|
fileSystems."/data" = {
|
||||||
fsType = "ext4";
|
device = "frumar-new";
|
||||||
options = ["defaults" "relatime" "discard"];
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices =
|
fileSystems."/data/plexmedia" = {
|
||||||
[ { device = "/dev/disk/by-label/nixos-swap"; }
|
device = "frumar-new/plexmedia";
|
||||||
];
|
fsType = "zfs";
|
||||||
fileSystems."/data" =
|
};
|
||||||
{ device = "frumar-new";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/data/plexmedia" =
|
|
||||||
{ device = "frumar-new/plexmedia";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.maxJobs = 4;
|
nix.maxJobs = 4;
|
||||||
services.avahi.interfaces = [ "enp2s0" ];
|
services.avahi.interfaces = [ "enp2s0" ];
|
||||||
|
|
|
@ -1,14 +1,11 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
let
|
let ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName};
|
||||||
ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName};
|
in {
|
||||||
in
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
|
boot.initrd.availableKernelModules =
|
||||||
|
[ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
|
||||||
boot.kernelModules = [ ];
|
boot.kernelModules = [ ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
|
@ -17,10 +14,10 @@ in
|
||||||
device = "/dev/sda";
|
device = "/dev/sda";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{ device = "/dev/sda1";
|
device = "/dev/sda1";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
|
|
@ -1,31 +1,30 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
let sources = import ../../nix/sources.nix;
|
let sources = import ../../nix/sources.nix;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
|
|
||||||
imports =
|
imports = [
|
||||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
./.
|
./.
|
||||||
"${sources.nixos-hardware}/common/cpu/intel"
|
"${sources.nixos-hardware}/common/cpu/intel"
|
||||||
];
|
];
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules =
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
[ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{ device = "/dev/disk/by-uuid/3e148654-0ed8-4354-8159-e3499c6fa299";
|
device = "/dev/disk/by-uuid/3e148654-0ed8-4354-8159-e3499c6fa299";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" = {
|
||||||
{ device = "/dev/disk/by-uuid/439E-26EA";
|
device = "/dev/disk/by-uuid/439E-26EA";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
@ -35,7 +34,8 @@ in
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
||||||
};
|
};
|
||||||
hardware.opengl.extraPackages = with pkgs; [
|
hardware.opengl.extraPackages = with pkgs;
|
||||||
intel-media-driver # only available starting nixos-19.03 or the current nixos-unstable
|
[
|
||||||
];
|
intel-media-driver # only available starting nixos-19.03 or the current nixos-unstable
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,21 +9,21 @@
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{ device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62";
|
device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.luks.devices."nix-crypt".device = "/dev/disk/by-uuid/320ef81d-283f-4916-ac26-ecfb0f31e549";
|
boot.initrd.luks.devices."nix-crypt".device =
|
||||||
|
"/dev/disk/by-uuid/320ef81d-283f-4916-ac26-ecfb0f31e549";
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" = {
|
||||||
{ device = "/dev/disk/by-uuid/0E07-7805";
|
device = "/dev/disk/by-uuid/0E07-7805";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices =
|
swapDevices =
|
||||||
[ { device = "/dev/disk/by-uuid/198ddaba-a849-41de-993d-862c2d37937a"; }
|
[{ device = "/dev/disk/by-uuid/198ddaba-a849-41de-993d-862c2d37937a"; }];
|
||||||
];
|
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 4;
|
nix.maxJobs = lib.mkDefault 4;
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let sources = import ../../nix/sources.nix;
|
let sources = import ../../nix/sources.nix;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
imports = [
|
imports = [
|
||||||
"${sources.nixos-hardware}/dell/xps/13-9360"
|
"${sources.nixos-hardware}/dell/xps/13-9360"
|
||||||
./xps9360-hardware-config.nix
|
./xps9360-hardware-config.nix
|
||||||
|
@ -12,7 +11,7 @@ in
|
||||||
boot.extraModprobeConfig = ''
|
boot.extraModprobeConfig = ''
|
||||||
options i8k ignore_dmi=1
|
options i8k ignore_dmi=1
|
||||||
'';
|
'';
|
||||||
fileSystems."/".options = ["defaults" "relatime" "discard"];
|
fileSystems."/".options = [ "defaults" "relatime" "discard" ];
|
||||||
|
|
||||||
boot.initrd.luks.devices."nix-crypt".allowDiscards = true;
|
boot.initrd.luks.devices."nix-crypt".allowDiscards = true;
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,10 @@
|
||||||
let secrets = import ../secrets.nix;
|
let secrets = import ../secrets.nix;
|
||||||
in
|
in { config, pkgs, lib, name, ... }:
|
||||||
{ config, pkgs, lib, name, ...}:
|
|
||||||
let
|
let
|
||||||
machine = name;
|
machine = name;
|
||||||
vpn = import ../vpn.nix;
|
vpn = import ../vpn.nix;
|
||||||
in
|
in {
|
||||||
{
|
imports = [
|
||||||
imports = [
|
|
||||||
../modules/tor-hidden-service.nix
|
../modules/tor-hidden-service.nix
|
||||||
../modules/nginx.nix
|
../modules/nginx.nix
|
||||||
../modules/lumi-vpn.nix
|
../modules/lumi-vpn.nix
|
||||||
|
@ -15,23 +13,24 @@ in
|
||||||
];
|
];
|
||||||
networking.domain = "yori.cc";
|
networking.domain = "yori.cc";
|
||||||
networking.hostName = machine;
|
networking.hostName = machine;
|
||||||
time.timeZone = "Europe/Amsterdam";
|
time.timeZone = "Europe/Amsterdam";
|
||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
users.users.root = {
|
users.users.root = {
|
||||||
openssh.authorizedKeys.keys = config.users.users.yorick.openssh.authorizedKeys.keys;
|
openssh.authorizedKeys.keys =
|
||||||
|
config.users.users.yorick.openssh.authorizedKeys.keys;
|
||||||
# root password is useful from console, ssh has password logins disabled
|
# root password is useful from console, ssh has password logins disabled
|
||||||
hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own
|
hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own
|
||||||
|
|
||||||
};
|
};
|
||||||
services.timesyncd.enable = true;
|
services.timesyncd.enable = true;
|
||||||
users.users.yorick = {
|
users.users.yorick = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
uid = 1000;
|
uid = 1000;
|
||||||
extraGroups = ["wheel"];
|
extraGroups = [ "wheel" ];
|
||||||
group = "users";
|
group = "users";
|
||||||
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); yorick;
|
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); yorick;
|
||||||
hashedPassword = secrets.yorick_hashedPassword;
|
hashedPassword = secrets.yorick_hashedPassword;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Nix
|
# Nix
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
@ -44,14 +43,13 @@ in
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
passwordAuthentication = false;
|
passwordAuthentication = false;
|
||||||
challengeResponseAuthentication = false;
|
challengeResponseAuthentication = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
# v important.
|
# v important.
|
||||||
cowsay #ponysay
|
cowsay # ponysay
|
||||||
ed # ed, man!
|
ed # ed, man!
|
||||||
sl
|
sl
|
||||||
rlwrap
|
rlwrap
|
||||||
|
@ -59,31 +57,43 @@ in
|
||||||
#vim
|
#vim
|
||||||
|
|
||||||
# system stuff
|
# system stuff
|
||||||
ethtool inetutils
|
ethtool
|
||||||
pciutils usbutils
|
inetutils
|
||||||
/*iotop*/ powertop htop
|
pciutils
|
||||||
psmisc lsof
|
usbutils
|
||||||
smartmontools hdparm
|
# iotop
|
||||||
|
powertop
|
||||||
|
htop
|
||||||
|
psmisc
|
||||||
|
lsof
|
||||||
|
smartmontools
|
||||||
|
hdparm
|
||||||
lm_sensors
|
lm_sensors
|
||||||
ncdu
|
ncdu
|
||||||
|
|
||||||
# utils
|
# utils
|
||||||
file which
|
file
|
||||||
|
which
|
||||||
reptyr
|
reptyr
|
||||||
tmux
|
tmux
|
||||||
bc
|
bc
|
||||||
mkpasswd
|
mkpasswd
|
||||||
shadow
|
shadow
|
||||||
|
|
||||||
# archiving
|
# archiving
|
||||||
xdelta
|
xdelta
|
||||||
libarchive
|
libarchive
|
||||||
atool
|
atool
|
||||||
|
|
||||||
# network
|
# network
|
||||||
nmap mtr bind
|
nmap
|
||||||
socat netcat-openbsd
|
mtr
|
||||||
lftp wget rsync
|
bind
|
||||||
|
socat
|
||||||
|
netcat-openbsd
|
||||||
|
lftp
|
||||||
|
wget
|
||||||
|
rsync
|
||||||
|
|
||||||
#gitMinimal
|
#gitMinimal
|
||||||
#rxvt_unicode.terminfo
|
#rxvt_unicode.terminfo
|
||||||
|
@ -94,12 +104,12 @@ in
|
||||||
ipv6 = true;
|
ipv6 = true;
|
||||||
hostName = machine;
|
hostName = machine;
|
||||||
};
|
};
|
||||||
deployment.keyys = [ (<yori-nix/keys>+"/wg.${machine}.key") ];
|
deployment.keyys = [ (<yori-nix/keys> + "/wg.${machine}.key") ];
|
||||||
networking.wireguard.interfaces.wg-y = {
|
networking.wireguard.interfaces.wg-y = {
|
||||||
privateKeyFile = "/root/keys/wg.${machine}.key";
|
privateKeyFile = "/root/keys/wg.${machine}.key";
|
||||||
ips = [ vpn.ips.${machine} ];
|
ips = [ vpn.ips.${machine} ];
|
||||||
listenPort = 31790;
|
listenPort = 31790;
|
||||||
peers = [ {
|
peers = [{
|
||||||
publicKey = vpn.keys.pennyworth;
|
publicKey = vpn.keys.pennyworth;
|
||||||
endpoint = "pennyworth.yori.cc:31790";
|
endpoint = "pennyworth.yori.cc:31790";
|
||||||
allowedIPs = [ "10.209.0.0/24" ];
|
allowedIPs = [ "10.209.0.0/24" ];
|
||||||
|
@ -112,7 +122,7 @@ in
|
||||||
nix.binaryCachePublicKeys =
|
nix.binaryCachePublicKeys =
|
||||||
[ "yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0=" ];
|
[ "yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0=" ];
|
||||||
|
|
||||||
nix.trustedUsers = ["@wheel"];
|
nix.trustedUsers = [ "@wheel" ];
|
||||||
services.prometheus.exporters.node = {
|
services.prometheus.exporters.node = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enabledCollectors = [ "systemd" ];
|
enabledCollectors = [ "systemd" ];
|
||||||
|
|
|
@ -45,7 +45,9 @@ in { config, lib, pkgs, ... }: {
|
||||||
programs.sway = {
|
programs.sway = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraSessionCommands = ''
|
extraSessionCommands = ''
|
||||||
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])}
|
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${
|
||||||
|
lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])
|
||||||
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{lib, ...}: {
|
{ lib, ... }: {
|
||||||
users.users.lars = {
|
users.users.lars = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
|
|
|
@ -1,16 +1,20 @@
|
||||||
{
|
{
|
||||||
imports = [ ./. ];
|
imports = [ ./. ];
|
||||||
|
|
||||||
documentation.nixos.enable = false;
|
documentation.nixos.enable = false;
|
||||||
services.sshguard.enable = true;
|
services.sshguard.enable = true;
|
||||||
programs.mosh.enable = true;
|
programs.mosh.enable = true;
|
||||||
|
|
||||||
environment.noXlibs = true;
|
environment.noXlibs = true;
|
||||||
networking.firewall.logRefusedConnections = false; # Silence logging of scanners and knockers
|
networking.firewall.logRefusedConnections =
|
||||||
|
false; # Silence logging of scanners and knockers
|
||||||
# TODO: upstream with noXlibs
|
# TODO: upstream with noXlibs
|
||||||
# https://github.com/NixOS/nixpkgs/pull/107394
|
# https://github.com/NixOS/nixpkgs/pull/107394
|
||||||
nixpkgs.overlays = [ (self: super: {
|
nixpkgs.overlays = [
|
||||||
elixir_1_8 = (self.beam.packagesWith (self.beam.interpreters.erlang_nox)).elixir_1_8;
|
(self: super: {
|
||||||
erlang = super.erlang_nox;
|
elixir_1_8 =
|
||||||
}) ];
|
(self.beam.packagesWith (self.beam.interpreters.erlang_nox)).elixir_1_8;
|
||||||
|
erlang = super.erlang_nox;
|
||||||
|
})
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,20 +1,20 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
nixNetrcFile = pkgs.runCommand "nix-netrc-file"
|
nixNetrcFile = pkgs.runCommand "nix-netrc-file" {
|
||||||
{ hostname = "cache.lumi.guide";
|
hostname = "cache.lumi.guide";
|
||||||
username = "lumi";
|
username = "lumi";
|
||||||
} ''
|
} ''
|
||||||
cat > $out <<EOI
|
cat > $out <<EOI
|
||||||
machine $hostname
|
machine $hostname
|
||||||
login $username
|
login $username
|
||||||
password ${builtins.readFile /home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password}
|
password ${
|
||||||
EOI
|
builtins.readFile
|
||||||
'';
|
/home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password
|
||||||
in
|
}
|
||||||
{
|
EOI
|
||||||
imports = [
|
'';
|
||||||
./graphical.nix
|
in {
|
||||||
];
|
imports = [ ./graphical.nix ];
|
||||||
|
|
||||||
users.extraUsers.yorick.extraGroups = [ "input" "wireshark" "dialout" ];
|
users.extraUsers.yorick.extraGroups = [ "input" "wireshark" "dialout" ];
|
||||||
services.printing = {
|
services.printing = {
|
||||||
|
@ -22,7 +22,9 @@ in
|
||||||
drivers = [ pkgs.gutenprint pkgs.cups-dymo ];
|
drivers = [ pkgs.gutenprint pkgs.cups-dymo ];
|
||||||
};
|
};
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
pkgs.ghostscript pkgs.yubikey-manager pkgs.glib
|
pkgs.ghostscript
|
||||||
|
pkgs.yubikey-manager
|
||||||
|
pkgs.glib
|
||||||
];
|
];
|
||||||
environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [
|
environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [
|
||||||
"${gnome-themes-extra}/share"
|
"${gnome-themes-extra}/share"
|
||||||
|
@ -83,7 +85,7 @@ in
|
||||||
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ce9", MODE="664",GROUP="pico"
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ce9", MODE="664",GROUP="pico"
|
||||||
'')
|
'')
|
||||||
];
|
];
|
||||||
users.groups.pico = {};
|
users.groups.pico = { };
|
||||||
|
|
||||||
# development
|
# development
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
|
@ -92,7 +94,6 @@ in
|
||||||
package = pkgs.postgresql_10;
|
package = pkgs.postgresql_10;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
# git
|
# git
|
||||||
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
|
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
|
||||||
|
|
||||||
|
@ -101,10 +102,7 @@ in
|
||||||
services.pipewire.enable = true;
|
services.pipewire.enable = true;
|
||||||
xdg.portal = {
|
xdg.portal = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraPortals = with pkgs; [
|
extraPortals = with pkgs; [ xdg-desktop-portal-wlr xdg-desktop-portal-gtk ];
|
||||||
xdg-desktop-portal-wlr
|
|
||||||
xdg-desktop-portal-gtk
|
|
||||||
];
|
|
||||||
gtkUsePortal = true;
|
gtkUsePortal = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Binary file not shown.
|
@ -1,12 +1,14 @@
|
||||||
let
|
let
|
||||||
sources = import ./nix/sources.nix;
|
sources = import ./nix/sources.nix;
|
||||||
nixpkgs = import sources.nixpkgs {};
|
nixpkgs = import sources.nixpkgs { };
|
||||||
nixos = name: configuration: import (nixpkgs.path + "/nixos/lib/eval-config.nix") {
|
nixos = name: configuration:
|
||||||
extraArgs = { inherit name; };
|
import (nixpkgs.path + "/nixos/lib/eval-config.nix") {
|
||||||
modules = [ ({lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault nixpkgs; }) ] ++ configuration;
|
extraArgs = { inherit name; };
|
||||||
};
|
modules =
|
||||||
|
[ ({ lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault nixpkgs; }) ]
|
||||||
|
++ configuration;
|
||||||
|
};
|
||||||
names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
|
names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
|
||||||
in
|
in nixpkgs.lib.genAttrs names (name:
|
||||||
nixpkgs.lib.genAttrs names (name: (let os =
|
(let os = nixos name [ ./roles (./logical + "/${name}.nix") ];
|
||||||
nixos name [ ./roles (./logical + "/${name}.nix") ]; in
|
in os.config.system.build.toplevel // os))
|
||||||
os.config.system.build.toplevel // os))
|
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{ name, ... }:
|
{ name, ... }: {
|
||||||
{
|
|
||||||
deployment.keyys = [
|
deployment.keyys = [
|
||||||
(../keys + "/${name}_borg_repo.key")
|
(../keys + "/${name}_borg_repo.key")
|
||||||
(../keys + "/${name}_borg_ssh.key")
|
(../keys + "/${name}_borg_ssh.key")
|
||||||
|
@ -25,7 +24,7 @@
|
||||||
|
|
||||||
repo = "14337@ch-s012.rsync.net:${name}";
|
repo = "14337@ch-s012.rsync.net:${name}";
|
||||||
paths = [ "/home" "/root" "/var/lib" ];
|
paths = [ "/home" "/root" "/var/lib" ];
|
||||||
|
|
||||||
prune.keep = {
|
prune.keep = {
|
||||||
# hourly backups for the past week
|
# hourly backups for the past week
|
||||||
within = "7d";
|
within = "7d";
|
||||||
|
|
|
@ -1,8 +1 @@
|
||||||
{
|
{ imports = [ ./git.nix ./muflax-church.nix ./pub.nix ./website.nix ]; }
|
||||||
imports = [
|
|
||||||
./git.nix
|
|
||||||
./muflax-church.nix
|
|
||||||
./pub.nix
|
|
||||||
./website.nix
|
|
||||||
];
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,11 +1,7 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let
|
let sources = import ../../nix/sources.nix;
|
||||||
sources = import ../../nix/sources.nix;
|
in {
|
||||||
in
|
imports = [ ("${sources.nixos-mailserver}") ];
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
("${sources.nixos-mailserver}")
|
|
||||||
];
|
|
||||||
|
|
||||||
mailserver = rec {
|
mailserver = rec {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -3,8 +3,7 @@
|
||||||
let
|
let
|
||||||
cfg = config.services.yorick.git;
|
cfg = config.services.yorick.git;
|
||||||
inherit (cfg) vhost;
|
inherit (cfg) vhost;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
options.services.yorick.git = with lib; {
|
options.services.yorick.git = with lib; {
|
||||||
enable = mkEnableOption "git";
|
enable = mkEnableOption "git";
|
||||||
vhost = mkOption { type = types.str; };
|
vhost = mkOption { type = types.str; };
|
||||||
|
@ -12,7 +11,9 @@ in
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
users.extraUsers.git = {
|
users.extraUsers.git = {
|
||||||
createHome = true;
|
createHome = true;
|
||||||
home = config.services.gitea.stateDir; extraGroups = [ "git" ]; useDefaultShell = true;
|
home = config.services.gitea.stateDir;
|
||||||
|
extraGroups = [ "git" ];
|
||||||
|
useDefaultShell = true;
|
||||||
};
|
};
|
||||||
services.gitea = {
|
services.gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -42,7 +43,8 @@ in
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString config.services.gitea.httpPort}";
|
proxyPass =
|
||||||
|
"http://127.0.0.1:${toString config.services.gitea.httpPort}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -5,16 +5,19 @@ let
|
||||||
rev = "e5ce7ae4296c6605a7e886c153d569fc38318096";
|
rev = "e5ce7ae4296c6605a7e886c153d569fc38318096";
|
||||||
ref = "HEAD";
|
ref = "HEAD";
|
||||||
url = "https://github.com/fmap/muflax65ngodyewp.onion.git";
|
url = "https://github.com/fmap/muflax65ngodyewp.onion.git";
|
||||||
};
|
};
|
||||||
nixpkgs = import (builtins.fetchTarball {
|
nixpkgs = import (builtins.fetchTarball {
|
||||||
url = "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
|
url =
|
||||||
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
|
"https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
|
||||||
}) { system = builtins.currentSystem; };
|
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
|
||||||
muflax-church = (nixpkgs.callPackage "${muflax-source}/maintenance" {}).overrideDerivation (default: {
|
}) { system = builtins.currentSystem; };
|
||||||
buildPhase = default.buildPhase + "\n" + ''
|
muflax-church =
|
||||||
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1muflax.church/g;s/http:\/\/\([^@]*\)muflax.church/https:\/\/\1muflax.church/g'
|
(nixpkgs.callPackage "${muflax-source}/maintenance" { }).overrideDerivation
|
||||||
'';
|
(default: {
|
||||||
});
|
buildPhase = default.buildPhase + "\n" + ''
|
||||||
|
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1muflax.church/g;s/http:\/\/\([^@]*\)muflax.church/https:\/\/\1muflax.church/g'
|
||||||
|
'';
|
||||||
|
});
|
||||||
cfg = config.services.yorick.muflax-church;
|
cfg = config.services.yorick.muflax-church;
|
||||||
inherit (cfg) vhost;
|
inherit (cfg) vhost;
|
||||||
addrs = {
|
addrs = {
|
||||||
|
@ -23,9 +26,12 @@ nixpkgs = import (builtins.fetchTarball {
|
||||||
"gospel.${vhost}" = "${muflax-church}/gospel";
|
"gospel.${vhost}" = "${muflax-church}/gospel";
|
||||||
"alt.${vhost}" = "/home/public/public/muflax";
|
"alt.${vhost}" = "/home/public/public/muflax";
|
||||||
};
|
};
|
||||||
m = x: root: { forceSSL = true; useACMEHost = vhost; inherit root; };
|
m = x: root: {
|
||||||
in
|
forceSSL = true;
|
||||||
{
|
useACMEHost = vhost;
|
||||||
|
inherit root;
|
||||||
|
};
|
||||||
|
in {
|
||||||
options.services.yorick.muflax-church = with lib; {
|
options.services.yorick.muflax-church = with lib; {
|
||||||
enable = mkEnableOption "muflax.church";
|
enable = mkEnableOption "muflax.church";
|
||||||
vhost = mkOption { type = types.str; };
|
vhost = mkOption { type = types.str; };
|
||||||
|
@ -42,11 +48,7 @@ in
|
||||||
"gospel.${vhost}" = m "${muflax-church}/gospel";
|
"gospel.${vhost}" = m "${muflax-church}/gospel";
|
||||||
"alt.${vhost}" = m "/home/public/public/muflax";
|
"alt.${vhost}" = m "/home/public/public/muflax";
|
||||||
} // (lib.mapAttrs m addrs);
|
} // (lib.mapAttrs m addrs);
|
||||||
security.acme.certs.${vhost}.extraDomainNames = [
|
security.acme.certs.${vhost}.extraDomainNames =
|
||||||
"daily.${vhost}"
|
[ "daily.${vhost}" "blog.${vhost}" "gospel.${vhost}" "alt.${vhost}" ];
|
||||||
"blog.${vhost}"
|
|
||||||
"gospel.${vhost}"
|
|
||||||
"alt.${vhost}"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let cfg = config.services.yorick.public; in
|
let cfg = config.services.yorick.public;
|
||||||
{
|
in {
|
||||||
options.services.yorick.public = {
|
options.services.yorick.public = {
|
||||||
enable = lib.mkEnableOption "public hosting";
|
enable = lib.mkEnableOption "public hosting";
|
||||||
vhost = lib.mkOption { type = lib.types.str; };
|
vhost = lib.mkOption { type = lib.types.str; };
|
||||||
|
@ -14,7 +14,7 @@ let cfg = config.services.yorick.public; in
|
||||||
users.extraUsers.public = {
|
users.extraUsers.public = {
|
||||||
home = "/home/public";
|
home = "/home/public";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [public];
|
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [ public ];
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts.${cfg.vhost} = {
|
services.nginx.virtualHosts.${cfg.vhost} = {
|
||||||
|
|
|
@ -1,22 +1,20 @@
|
||||||
{pkgs, lib, config, ...}:
|
{ pkgs, lib, config, ... }:
|
||||||
let
|
let cfg = config.services.yorick.torrent-vpn;
|
||||||
cfg = config.services.yorick.torrent-vpn;
|
in {
|
||||||
in
|
|
||||||
{
|
|
||||||
options.services.yorick.torrent-vpn = with lib; {
|
options.services.yorick.torrent-vpn = with lib; {
|
||||||
enable = mkEnableOption "torrent-vpn";
|
enable = mkEnableOption "torrent-vpn";
|
||||||
name = mkOption { type = types.str; };
|
name = mkOption { type = types.str; };
|
||||||
namespace = mkOption { type = types.str; };
|
namespace = mkOption { type = types.str; };
|
||||||
};
|
};
|
||||||
config = {
|
config = {
|
||||||
deployment.keyys = [ (<yori-nix/keys>+"/wg.${cfg.name}.key") ];
|
deployment.keyys = [ (<yori-nix/keys> + "/wg.${cfg.name}.key") ];
|
||||||
networking.wireguard.interfaces.${cfg.name} = {
|
networking.wireguard.interfaces.${cfg.name} = {
|
||||||
# curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")'
|
# curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")'
|
||||||
ips = [ "10.66.30.26/32" "fc00:bbbb:bbbb:bb01::3:1e19/128" ];
|
ips = [ "10.66.30.26/32" "fc00:bbbb:bbbb:bb01::3:1e19/128" ];
|
||||||
privateKeyFile = "/root/keys/wg.${cfg.name}.key";
|
privateKeyFile = "/root/keys/wg.${cfg.name}.key";
|
||||||
peers = [{
|
peers = [{
|
||||||
publicKey = "hnRyse6QxPPcZOoSwRsHUtK1W+APWXnIoaDTmH6JsHQ=";
|
publicKey = "hnRyse6QxPPcZOoSwRsHUtK1W+APWXnIoaDTmH6JsHQ=";
|
||||||
allowedIPs = ["0.0.0.0/0" "::0/0"];
|
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
||||||
endpoint = "[2a03:1b20:3:f011::a04f]:51820";
|
endpoint = "[2a03:1b20:3:f011::a04f]:51820";
|
||||||
}];
|
}];
|
||||||
interfaceNamespace = cfg.namespace;
|
interfaceNamespace = cfg.namespace;
|
||||||
|
|
|
@ -1,25 +1,30 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
yoricc = pkgs.callPackage ../packages/yori-cc.nix {};
|
yoricc = pkgs.callPackage ../packages/yori-cc.nix { };
|
||||||
cfg = config.services.yorick.website;
|
cfg = config.services.yorick.website;
|
||||||
in
|
in with lib; {
|
||||||
with lib;
|
|
||||||
{
|
|
||||||
options.services.yorick = {
|
options.services.yorick = {
|
||||||
website = {
|
website = {
|
||||||
enable = mkEnableOption "yoricc website";
|
enable = mkEnableOption "yoricc website";
|
||||||
vhost = mkOption { type = types.str; };
|
vhost = mkOption { type = types.str; };
|
||||||
pkg = mkOption { type = types.package; default = yoricc; };
|
pkg = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = yoricc;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
redirect = mkOption { type = types.loaOf types.str; default = []; };
|
redirect = mkOption {
|
||||||
};
|
type = types.loaOf types.str;
|
||||||
config.services.nginx.virtualHosts = with cfg; mkIf enable {
|
default = [ ];
|
||||||
${vhost} = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/".root = "${pkg}/web";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
config.services.nginx.virtualHosts = with cfg;
|
||||||
|
mkIf enable {
|
||||||
|
${vhost} = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/".root = "${pkg}/web";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,8 @@
|
||||||
{
|
{
|
||||||
public = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZv+hBDmjxF8h9Gxwvy0o7sMgOsqwp8pVj9AlpG90Y7agvkOm2IGtFueVfiDe0yWPXT0/EIiVWcPhWwcVkbY/BkypPJSMLnlcQ6ld+aO1g+BtdDaVuxcTSvQ77UCT2p+wftxoq1EiUdlhTsXpPucrBd+5NOde+jlPBE4qChIAf2zhOIByJAGT+M4Ie3eV4p5S9LB9CMI4s32gNUBbSA8UDmkjpBXkf9a1TZzdkOGWUmUFXt53/O8LZlGK9kkA5TsjM2xaxDjCLWf5wEcey4JsEggi1prE4aB68Q7+kdbvDiVSEFyZn0A/A9RXHBRAgW8yPdh+EGC56iDW/wkGxWBY5";
|
public =
|
||||||
yorick = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo1N5E6qkb3McJOvv0PqI7E8iYLAcjil5RWc+zeTtN/" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFQm2OJ8PlnDHfI7FV3hddXP0t2jgKAiCnnuWIc+LK4dnyGmlC/ihIe9KhSENZEnzVAXnYAMOoOvpkVa5p0Itf1n0anCK3k2vDq0Jz9nY3ZXmkSHE09QGCpSG8kU6j+zWJPo2jWYNtxYMRmmHAuzzOdlPY9Q199PEvHVaqzpSVhIdhqhEcmap8oqHW6KbJu+17nLGGQB5XiTB1SlTxbg62copA9KMcvQzNGIooKs5QyrU/B0g05EfbogH7xOLbwYAK676DTUBEcKpEUYFMMv+DBcU4cH2EI6UTLxI5ohrS1pxk20zu5nTRMlQRUETpWN4EbEPfOzF8FW1YOwdttfCas8D6Y6t9gA4o8GpylBG9AElVw7VyOFeBR+AtchormH+wH6nZEvzs6wg2d84I8xo5qYGUJIQS7OYxypjlY01IFCCa/7rjzXGDmdWAP/UEu85ys9FSryn9Ey5DXDQOqhMHguOwQDUyaArWyRCCBzKbx6cPZw2D9bLfDxbnaC2/5dVyxHJXoWmwneX2E/UT5QwtG1nyLShIZhYgO9lfDpO61Mz9Jjap3sj6mJPxHZc5SGye0j47xV6kX4vbSgfoSHHnasaI3fR2ZBS7tnfq1ebxXqFFSPHK6uHjLgDHtkMisvjOVZnybuXB296pjv6K1o2G3qlUnImOqfxZxvuy4Xl/mw== cardno:000607186578"];
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZv+hBDmjxF8h9Gxwvy0o7sMgOsqwp8pVj9AlpG90Y7agvkOm2IGtFueVfiDe0yWPXT0/EIiVWcPhWwcVkbY/BkypPJSMLnlcQ6ld+aO1g+BtdDaVuxcTSvQ77UCT2p+wftxoq1EiUdlhTsXpPucrBd+5NOde+jlPBE4qChIAf2zhOIByJAGT+M4Ie3eV4p5S9LB9CMI4s32gNUBbSA8UDmkjpBXkf9a1TZzdkOGWUmUFXt53/O8LZlGK9kkA5TsjM2xaxDjCLWf5wEcey4JsEggi1prE4aB68Q7+kdbvDiVSEFyZn0A/A9RXHBRAgW8yPdh+EGC56iDW/wkGxWBY5";
|
||||||
|
yorick = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo1N5E6qkb3McJOvv0PqI7E8iYLAcjil5RWc+zeTtN/"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFQm2OJ8PlnDHfI7FV3hddXP0t2jgKAiCnnuWIc+LK4dnyGmlC/ihIe9KhSENZEnzVAXnYAMOoOvpkVa5p0Itf1n0anCK3k2vDq0Jz9nY3ZXmkSHE09QGCpSG8kU6j+zWJPo2jWYNtxYMRmmHAuzzOdlPY9Q199PEvHVaqzpSVhIdhqhEcmap8oqHW6KbJu+17nLGGQB5XiTB1SlTxbg62copA9KMcvQzNGIooKs5QyrU/B0g05EfbogH7xOLbwYAK676DTUBEcKpEUYFMMv+DBcU4cH2EI6UTLxI5ohrS1pxk20zu5nTRMlQRUETpWN4EbEPfOzF8FW1YOwdttfCas8D6Y6t9gA4o8GpylBG9AElVw7VyOFeBR+AtchormH+wH6nZEvzs6wg2d84I8xo5qYGUJIQS7OYxypjlY01IFCCa/7rjzXGDmdWAP/UEu85ys9FSryn9Ey5DXDQOqhMHguOwQDUyaArWyRCCBzKbx6cPZw2D9bLfDxbnaC2/5dVyxHJXoWmwneX2E/UT5QwtG1nyLShIZhYgO9lfDpO61Mz9Jjap3sj6mJPxHZc5SGye0j47xV6kX4vbSgfoSHHnasaI3fR2ZBS7tnfq1ebxXqFFSPHK6uHjLgDHtkMisvjOVZnybuXB296pjv6K1o2G3qlUnImOqfxZxvuy4Xl/mw== cardno:000607186578"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
10
overlay.nix
10
overlay.nix
|
@ -1,10 +1,10 @@
|
||||||
let sources = import ./nix/sources.nix; in
|
let sources = import ./nix/sources.nix;
|
||||||
pkgs: super: {
|
in pkgs: super: {
|
||||||
yorick = super.yorick // rec {
|
yorick = super.yorick // rec {
|
||||||
home = { check ? true, newsReadIdsFile ? null }:
|
home = { check ? true, newsReadIdsFile ? null }:
|
||||||
import "${sources.home-manager}/home-manager/home-manager.nix" {
|
import "${sources.home-manager}/home-manager/home-manager.nix" {
|
||||||
confPath = ./nix/.config/nixpkgs/home.nix;
|
confPath = ./nix/.config/nixpkgs/home.nix;
|
||||||
inherit pkgs check newsReadIdsFile;
|
inherit pkgs check newsReadIdsFile;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue