yorick
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nixfmt

auto-flake-update
Yorick van Pelt 2021-05-29 18:05:31 +02:00
parent 65b73fabf7
commit a688758401
Signed by: yorick
GPG Key ID: D8D3CC6D951384DE
47 changed files with 957 additions and 758 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
bin/default.nix
View File

@ -1,18 +1,21 @@
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> { } }:
#{ writeScript ? pkgs.writeScript, lib ? pkgs.lib, stdenv ? pkgs.stdenv }: #{ writeScript ? pkgs.writeScript, lib ? pkgs.lib, stdenv ? pkgs.stdenv }:
with pkgs; with pkgs;
let let
compileShell = src: buildInputs: name: stdenv.mkDerivation { compileShell = src: buildInputs: name:
inherit name src; stdenv.mkDerivation {
buildInputs = buildInputs ++ [makeWrapper]; inherit name src;
unpackPhase = "true"; buildInputs = buildInputs ++ [ makeWrapper ];
installPhase = ''mkdir -p $out/bin && cp $src $out/bin/${name} unpackPhase = "true";
wrapProgram $out/bin/${name} --suffix PATH : ${lib.makeSearchPath "bin" buildInputs} installPhase = ''
''; mkdir -p $out/bin && cp $src $out/bin/${name}
}; wrapProgram $out/bin/${name} --suffix PATH : ${
lib.makeSearchPath "bin" buildInputs
}
'';
};
in lib.mapAttrs (k: f: f k) { in lib.mapAttrs (k: f: f k) {
backup = compileShell ./backup.sh backup = compileShell ./backup.sh (with pkgs; [ utillinux duplicity ]);
(with pkgs; [utillinux duplicity]); screenshot_public =
screenshot_public = compileShell ./screenshot_public.sh compileShell ./screenshot_public.sh (with pkgs; [ scrot xclip rsync ]);
(with pkgs; [scrot xclip rsync]);
} }

31
config.nix
View File

@ -1,17 +1,16 @@
let sources = import ./nix/sources.nix; let sources = import ./nix/sources.nix;
in in {
{ allowUnfree = true;
allowUnfree = true; overlays = [
overlays = [ (import sources.nixpkgs-wayland)
(import sources.nixpkgs-wayland) (import sources.nixpkgs-mozilla)
(import sources.nixpkgs-mozilla) (import sources.emacs-overlay)
(import sources.emacs-overlay) (import ./nixos/overlay.nix)
(import ./nixos/overlay.nix) (import ./nix/.config/nixpkgs/overlays/01-backports.nix)
(import ./nix/.config/nixpkgs/overlays/01-backports.nix) (import ./nix/.config/nixpkgs/overlays/02-extrapkgs.nix)
(import ./nix/.config/nixpkgs/overlays/02-extrapkgs.nix) (import ./nix/.config/nixpkgs/overlays/03-customizations.nix)
(import ./nix/.config/nixpkgs/overlays/03-customizations.nix) (import ./nix/.config/nixpkgs/overlays/04-combine.nix)
(import ./nix/.config/nixpkgs/overlays/04-combine.nix) (import ./nix/.config/nixpkgs/overlays/05-envs.nix)
(import ./nix/.config/nixpkgs/overlays/05-envs.nix) (import ./overlay.nix)
(import ./overlay.nix) ];
]; }
}

3
default.nix
View File

@ -1,3 +1,2 @@
let sources = import ./nix/sources.nix; let sources = import ./nix/sources.nix;
in in import sources.nixpkgs (import ./config.nix)
import sources.nixpkgs (import ./config.nix)

4
home-manager/home-manager.nix
View File

@ -1,3 +1 @@
let pkgs = import ../.; let pkgs = import ../.; in pkgs.yorick.home
in
pkgs.yorick.home

472
nix/.config/nixpkgs/home.nix
View File

@ -1,18 +1,17 @@
{ lib, config, options, pkgs, ... }: { lib, config, options, pkgs, ... }:
let let
bin = pkgs.callPackage /home/yorick/dotfiles/bin {}; bin = pkgs.callPackage /home/yorick/dotfiles/bin { };
dpi = 109; dpi = 109;
font = { font = {
__toString = self: "${self.name} ${self.size}"; __toString = self: "${self.name} ${self.size}";
name = "DejaVu Sans Mono"; name = "DejaVu Sans Mono";
size = "11"; size = "11";
}; };
y-firefox = pkgs.wrapFirefox pkgs.latest.firefox-beta-bin.unwrapped { y-firefox = pkgs.wrapFirefox pkgs.latest.firefox-beta-bin.unwrapped {
forceWayland = true; forceWayland = true;
browserName = "firefox"; browserName = "firefox";
}; };
in in {
{
imports = [ ./arbtt.nix ./libinput-gestures.nix ]; imports = [ ./arbtt.nix ./libinput-gestures.nix ];
nixpkgs = { nixpkgs = {
config.allowUnfree = true; config.allowUnfree = true;
@ -36,41 +35,71 @@ in
emacs = { emacs = {
enable = true; enable = true;
package = pkgs.emacsPgtkGcc; package = pkgs.emacsPgtkGcc;
extraPackages = _: let extraPackages = _:
epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc; let epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc;
in (with epkgs.melpaPackages; [ reason-mode evil counsel ivy ivy-hydra swiper magit forge avy ]) ++ (with epkgs.melpaPackages; [ in (with epkgs.melpaPackages; [
epkgs.undo-tree reason-mode
epkgs.notmuch epkgs.rust-mode evil
company counsel
projectile counsel-projectile ivy
ggtags use-package org-bullets solarized-theme ivy-hydra
evil-leader evil-surround #evil-magit swiper
epkgs.evil-goggles epkgs.ox-mediawiki magit
nix-buffer which-key git-gutter-fringe forge
all-the-icons epkgs.org-cliplink avy
pandoc-mode markdown-mode interleave ]) ++ (with epkgs.melpaPackages; [
org-ref haskell-mode request #intero epkgs.undo-tree
weechat s elixir-mode htmlize epkgs.notmuch
linum-relative terraform-mode epkgs.rust-mode
direnv vue-mode solarized-theme company
#wlrctl projectile
(epkgs.melpaBuild { counsel-projectile
pname = "nix-mode"; ggtags
version = "1.4.0"; use-package
packageRequires = [ json-mode epkgs.mmm-mode company ]; org-bullets
recipe = pkgs.writeText "recipe" '' solarized-theme
(nix-mode evil-leader
:repo "nixos/nix-mode" :fetcher github evil-surround # evil-magit
:files ("nix*.el")) epkgs.evil-goggles
''; epkgs.ox-mediawiki
src = pkgs.fetchFromGitHub { nix-buffer
owner = "nixos"; which-key
repo = "nix-mode"; git-gutter-fringe
rev = "ddf091708b9069f1fe0979a7be4e719445eed918"; all-the-icons
sha256 = "0s8ljr4d7kys2xqrhkvj75l7babvk60kxgy4vmyqfwj6xmcxi3ad"; epkgs.org-cliplink
}; pandoc-mode
}) markdown-mode
]); interleave
org-ref
haskell-mode
request # intero
weechat
s
elixir-mode
htmlize
linum-relative
terraform-mode
direnv
vue-mode
solarized-theme
#wlrctl
(epkgs.melpaBuild {
pname = "nix-mode";
version = "1.4.0";
packageRequires = [ json-mode epkgs.mmm-mode company ];
recipe = pkgs.writeText "recipe" ''
(nix-mode
:repo "nixos/nix-mode" :fetcher github
:files ("nix*.el"))
'';
src = pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nix-mode";
rev = "ddf091708b9069f1fe0979a7be4e719445eed918";
sha256 = "0s8ljr4d7kys2xqrhkvj75l7babvk60kxgy4vmyqfwj6xmcxi3ad";
};
})
]);
}; };
git = { git = {
enable = true; enable = true;
@ -81,9 +110,11 @@ in
extraConfig.help.autocorrect = 5; extraConfig.help.autocorrect = 5;
extraConfig.push.default = "simple"; extraConfig.push.default = "simple";
extraConfig.pull.ff = "only"; extraConfig.pull.ff = "only";
extraConfig."includeIf \"gitdir:~/serokell/\"".path = "~/serokell/.gitconfig"; extraConfig."includeIf \"gitdir:~/serokell/\"".path =
"~/serokell/.gitconfig";
aliases = { aliases = {
lg = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative"; lg =
"log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
st = "status"; st = "status";
remotes = "remote -v"; remotes = "remote -v";
branches = "branch -a"; branches = "branch -a";
@ -92,7 +123,8 @@ in
unstage = "reset -q HEAD --"; unstage = "reset -q HEAD --";
discard = "checkout --"; discard = "checkout --";
uncommit = "reset --mixed HEAD~"; uncommit = "reset --mixed HEAD~";
graph = "log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order "; graph =
"log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order ";
dad = "!curl https://icanhazdadjoke.com/ && git add"; dad = "!curl https://icanhazdadjoke.com/ && git add";
}; };
}; };
@ -108,19 +140,50 @@ in
identityFile = "~/.ssh/id_rsa_pub"; identityFile = "~/.ssh/id_rsa_pub";
identitiesOnly = true; identitiesOnly = true;
}; };
phassa = { hostname = "karpenoktem.nl"; port = 33933; }; phassa = {
hostname = "karpenoktem.nl";
port = 33933;
};
"jupiter.serokell.io" = jupiter; "jupiter.serokell.io" = jupiter;
jupiter = { hostname = "jupiter.serokell.io"; port = 17788; }; jupiter = {
athena = { hostname = "athena.lumi.guide"; user = "yorick.van.pelt"; }; hostname = "jupiter.serokell.io";
rpibuild3 = { hostname = "10.110.0.3"; user = "yorick.van.pelt"; port = 4222; }; port = 17788;
styx = { hostname = "10.110.0.1"; user = "yorick.van.pelt"; port = 2233; }; };
"*.lumi.guide" = { athena = {
hostname = "athena.lumi.guide";
user = "yorick.van.pelt"; user = "yorick.van.pelt";
}; };
nyx = { hostname = "nyx.lumi.guide"; user = "yorick.van.pelt"; port = 2233; }; rpibuild3 = {
zeus = { hostname = "zeus.lumi.guide"; user = "yorick.van.pelt"; port = 2233; }; hostname = "10.110.0.3";
ponos = { hostname = "ponos.lumi.guide"; user = "yorick.van.pelt"; port = 2233; }; user = "yorick.van.pelt";
medusa = { hostname = "lumi.guide"; user = "yorick.van.pelt"; port = 2233; }; port = 4222;
};
styx = {
hostname = "10.110.0.1";
user = "yorick.van.pelt";
port = 2233;
};
"*.lumi.guide" = { user = "yorick.van.pelt"; };
nyx = {
hostname = "nyx.lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
zeus = {
hostname = "zeus.lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
ponos = {
hostname = "ponos.lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
medusa = {
hostname = "lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
# signs # signs
"10.108.0.*" = { "10.108.0.*" = {
user = "yorick.van.pelt"; user = "yorick.van.pelt";
@ -164,21 +227,21 @@ in
shellAliases = { shellAliases = {
l = "ls"; l = "ls";
ls = "exa"; ls = "exa";
nr = "nix repl \"<nixpkgs>\""; nr = ''nix repl "<nixpkgs>"'';
nsp = "nix-shell -p"; nsp = "nix-shell -p";
}; };
interactiveShellInit = '' interactiveShellInit = ''
function fuck -d "Correct your previous console command" function fuck -d "Correct your previous console command"
set -l fucked_up_command $history[1] set -l fucked_up_command $history[1]
env TF_SHELL=fish TF_ALIAS=fuck PYTHONIOENCODING=utf-8 thefuck $fucked_up_command THEFUCK_ARGUMENT_PLACEHOLDER $argv | read -l unfucked_command env TF_SHELL=fish TF_ALIAS=fuck PYTHONIOENCODING=utf-8 thefuck $fucked_up_command THEFUCK_ARGUMENT_PLACEHOLDER $argv | read -l unfucked_command
if [ "$unfucked_command" != "" ] if [ "$unfucked_command" != "" ]
eval $unfucked_command eval $unfucked_command
builtin history delete --exact --case-sensitive -- $fucked_up_command builtin history delete --exact --case-sensitive -- $fucked_up_command
builtin history merge ^ /dev/null builtin history merge ^ /dev/null
end end
end end
starship init fish | source starship init fish | source
source ~/dotfiles/nr.fish source ~/dotfiles/nr.fish
''; '';
promptInit = "set fish_greeting"; promptInit = "set fish_greeting";
}; };
@ -186,52 +249,52 @@ in
enable = true; enable = true;
historyControl = [ "erasedups" "ignoredups" "ignorespace" ]; historyControl = [ "erasedups" "ignoredups" "ignorespace" ];
shellAliases = { shellAliases = {
nr = "nix repl \"<nixpkgs>\""; nr = ''nix repl "<nixpkgs>"'';
nsp = "nix-shell -p"; nsp = "nix-shell -p";
}; };
initExtra = '' initExtra = ''
#eval $(thefuck --alias) #eval $(thefuck --alias)
function fuck () { function fuck () {
TF_PYTHONIOENCODING=$PYTHONIOENCODING; TF_PYTHONIOENCODING=$PYTHONIOENCODING;
export TF_SHELL=bash; export TF_SHELL=bash;
export TF_ALIAS=fuck; export TF_ALIAS=fuck;
export TF_SHELL_ALIASES=$(alias); export TF_SHELL_ALIASES=$(alias);
export TF_HISTORY=$(fc -ln -10); export TF_HISTORY=$(fc -ln -10);
export PYTHONIOENCODING=utf-8; export PYTHONIOENCODING=utf-8;
TF_CMD=$( TF_CMD=$(
thefuck THEFUCK_ARGUMENT_PLACEHOLDER $@ thefuck THEFUCK_ARGUMENT_PLACEHOLDER $@
) && eval $TF_CMD; ) && eval $TF_CMD;
unset TF_HISTORY; unset TF_HISTORY;
export PYTHONIOENCODING=$TF_PYTHONIOENCODING; export PYTHONIOENCODING=$TF_PYTHONIOENCODING;
history -s $TF_CMD; history -s $TF_CMD;
} }
# This script was automatically generated by the broot function # This script was automatically generated by the broot function
# More information can be found in https://github.com/Canop/broot # More information can be found in https://github.com/Canop/broot
# This function starts broot and executes the command # This function starts broot and executes the command
# it produces, if any. # it produces, if any.
# It's needed because some shell commands, like `cd`, # It's needed because some shell commands, like `cd`,
# have no useful effect if executed in a subshell. # have no useful effect if executed in a subshell.
function br { function br {
f=$(mktemp) f=$(mktemp)
( (
set +e set +e
broot --outcmd "$f" "$@" broot --outcmd "$f" "$@"
code=$? code=$?
if [ "$code" != 0 ]; then if [ "$code" != 0 ]; then
rm -f "$f" rm -f "$f"
exit "$code" exit "$code"
fi fi
) )
code=$? code=$?
if [ "$code" != 0 ]; then if [ "$code" != 0 ]; then
return "$code" return "$code"
fi fi
d=$(<"$f") d=$(<"$f")
rm -f "$f" rm -f "$f"
eval "$d" eval "$d"
} }
eval "$(starship init bash)" eval "$(starship init bash)"
''; '';
}; };
}; };
xresources.properties = { xresources.properties = {
@ -249,12 +312,18 @@ eval "$(starship init bash)"
# rev = "025ceddbddf55f2eb4ab40b05889148aab9699fc"; # rev = "025ceddbddf55f2eb4ab40b05889148aab9699fc";
# sha256 = "0lxv37gmh38y9d3l8nbnsm1mskcv10g3i83j0kac0a2qmypv1k9f"; # sha256 = "0lxv37gmh38y9d3l8nbnsm1mskcv10g3i83j0kac0a2qmypv1k9f";
# } + "/Xresources.dark"); # } + "/Xresources.dark");
home.file.".emacs.d/init.el" = { source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el); }; home.file.".emacs.d/init.el" = {
source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el);
};
xdg.configFile."streamlink/config".text = '' xdg.configFile."streamlink/config".text = ''
player = mpv --cache 2048 player = mpv --cache 2048
default-stream = best default-stream = best
''; '';
xdg.configFile."waybar" = { source = ./waybar; recursive = true; onChange = "systemctl --user restart waybar"; }; xdg.configFile."waybar" = {
source = ./waybar;
recursive = true;
onChange = "systemctl --user restart waybar";
};
programs.mako.enable = true; programs.mako.enable = true;
services = { services = {
lorri.enable = true; lorri.enable = true;
@ -290,46 +359,55 @@ eval "$(starship init bash)"
fonts = [ (toString font) ]; fonts = [ (toString font) ];
window.border = 2; window.border = 2;
floating.modifier = "Mod4"; floating.modifier = "Mod4";
keybindings = with pkgs; (builtins.head (builtins.head options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default // keybindings = with pkgs;
(let exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}"; mod = "Mod4"; in (builtins.head (builtins.head
{ options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default
"${mod}+Shift+c" = "kill"; // (let
"${mod}+j" = "focus left"; exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}";
"${mod}+k" = "focus right"; mod = "Mod4";
"${mod}+d" = "layout toggle split"; in {
"${mod}+i" = "exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh"; "${mod}+Shift+c" = "kill";
#"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session"; "${mod}+j" = "focus left";
"${mod}+ctrl+l" = "exec --no-startup-id sleep 1s && pkill -USR1 swayidle"; "${mod}+k" = "focus right";
"${mod}+Return" = "exec alacritty"; "${mod}+d" = "layout toggle split";
"${mod}+Escape" = "workspace back_and_forth"; "${mod}+i" =
"${mod}+0" = "workspace 10"; "exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh";
"${mod}+Shift+0" = "move container to workspace 10"; #"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session";
"${mod}+Shift+Left" = "move left"; "${mod}+ctrl+l" =
"${mod}+Shift+Right" = "move right"; "exec --no-startup-id sleep 1s && pkill -USR1 swayidle";
"${mod}+Shift+Up" = "move up"; "${mod}+Return" = "exec alacritty";
"${mod}+Shift+Down" = "move down"; "${mod}+Escape" = "workspace back_and_forth";
"${mod}+Ctrl+Right" = "move workspace to output right"; "${mod}+0" = "workspace 10";
"${mod}+Ctrl+Left" = "move workspace to output left"; "${mod}+Shift+0" = "move container to workspace 10";
"${mod}+Ctrl+Up" = "move workspace to output up"; "${mod}+Shift+Left" = "move left";
"${mod}+Ctrl+Down" = "move workspace to output down"; "${mod}+Shift+Right" = "move right";
"${mod}+Shift+Up" = "move up";
"XF86MonBrightnessUp" = exec light "light -A 5"; "${mod}+Shift+Down" = "move down";
"XF86MonBrightnessDown" = exec light "light -U 5"; "${mod}+Ctrl+Right" = "move workspace to output right";
"ctrl+XF86MonBrightnessUp" = exec light "light -A 1"; "${mod}+Ctrl+Left" = "move workspace to output left";
"ctrl+XF86MonBrightnessDown" = exec light "light -U 1"; "${mod}+Ctrl+Up" = "move workspace to output up";
"XF86AudioLowerVolume" = exec alsaUtils "amixer set Master 1%-"; "${mod}+Ctrl+Down" = "move workspace to output down";
"XF86AudioRaiseVolume" = exec alsaUtils "amixer set Master 1%+";
"XF86AudioMute" = exec alsaUtils "amixer set Master toggle"; "XF86MonBrightnessUp" = exec light "light -A 5";
"${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public"; "XF86MonBrightnessDown" = exec light "light -U 5";
"Print" = exec bin.screenshot_public "screenshot_public"; "ctrl+XF86MonBrightnessUp" = exec light "light -A 1";
"${mod}+Shift+t" = "exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh"; "ctrl+XF86MonBrightnessDown" = exec light "light -U 1";
"--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh"; "XF86AudioLowerVolume" = exec alsaUtils "amixer set Master 1%-";
"${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh"; "XF86AudioRaiseVolume" = exec alsaUtils "amixer set Master 1%+";
#"${mod}+p" = exec rofi-pass "rofi-pass"; "XF86AudioMute" = exec alsaUtils "amixer set Master toggle";
"${mod}+e" = exec pkgs.wldash "wldash start-or-kill"; "${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public";
"--locked ${mod}+bracketleft" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0"; "Print" = exec bin.screenshot_public "screenshot_public";
"--locked ${mod}+bracketright" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1"; "${mod}+Shift+t" =
}); "exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh";
"--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh";
"${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh";
#"${mod}+p" = exec rofi-pass "rofi-pass";
"${mod}+e" = exec pkgs.wldash "wldash start-or-kill";
"--locked ${mod}+bracketleft" =
"exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0";
"--locked ${mod}+bracketright" =
"exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1";
});
}; };
systemdIntegration = true; systemdIntegration = true;
extraConfig = '' extraConfig = ''
@ -370,33 +448,63 @@ eval "$(starship init bash)"
EDITOR = "emacsclient"; EDITOR = "emacsclient";
#GDK_BACKEND = "wayland"; #GDK_BACKEND = "wayland";
TERMINAL = "alacritty"; TERMINAL = "alacritty";
QT_WAYLAND_DISABLE_WINDOWDECORATION="1"; QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_QPA_PLATFORM = "wayland"; QT_QPA_PLATFORM = "wayland";
_JAVA_AWT_WM_NONREPARENTING = "1"; _JAVA_AWT_WM_NONREPARENTING = "1";
XCURSOR_THEME = "Adwaita"; XCURSOR_THEME = "Adwaita";
XCURSOR_PATH = "${pkgs.gnome3.adwaita-icon-theme}/share/icons"; XCURSOR_PATH = "${pkgs.gnome3.adwaita-icon-theme}/share/icons";
XDG_CURRENT_DESKTOP = "sway"; XDG_CURRENT_DESKTOP = "sway";
}; };
home.packages = with pkgs.envs; [ home.packages = with pkgs.envs;
apps code de games pdf media misc scripts coins js [ apps code de games pdf media misc scripts coins js ] ++ (with pkgs; [
] ++ (with pkgs; [ github-cli
github-cli libreoffice nix-tree virt-manager watchman libreoffice
gnome3.gcr.out #alacritty nix-tree
waybar slurp grim wl-clipboard virt-manager
wldash gebaar-libinput watchman
notmuch gmailieer afew gnome3.gcr.out # alacritty
swaybg swayidle waybar
swaylock broot starship slurp
fd htop kcachegrind lm_sensors niv grim
nixfmt linuxPackages.perf pssh slack smartmontools vim waypipe xdg_utils wl-clipboard
nix-top nix-diff wldash
ltrace asciinema cargo minecraft gebaar-libinput
unzip notmuch
exa obs-studio-dmabuf obs-wlrobs gmailieer
zoom-us afew
cachix eagle swaybg
y-firefox swayidle
]); # qtwayland swaylock
broot
starship
fd
htop
kcachegrind
lm_sensors
niv
nixfmt
linuxPackages.perf
pssh
slack
smartmontools
vim
waypipe
xdg_utils
nix-top
nix-diff
ltrace
asciinema
cargo
minecraft
unzip
exa
obs-studio-dmabuf
obs-wlrobs
zoom-us
cachix
eagle
y-firefox
]); # qtwayland
# programs.firefox = { # programs.firefox = {
# enable = true; # enable = true;
# package = pkgs.wrapFirefox pkgs.firefox-unwrapped { # package = pkgs.wrapFirefox pkgs.firefox-unwrapped {
@ -409,11 +517,9 @@ eval "$(starship init bash)"
After = [ "graphical-session-pre.target" ]; After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ]; PartOf = [ "graphical-session.target" ];
}; };
Install = { Install = { WantedBy = [ "graphical-session.target" ]; };
WantedBy = [ "graphical-session.target" ];
};
Service = { Service = {
ExecStart = '' ExecStart = ''
${pkgs.waybar}/bin/waybar ${pkgs.waybar}/bin/waybar
@ -448,11 +554,9 @@ eval "$(starship init bash)"
After = [ "graphical-session-pre.target" ]; After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ]; PartOf = [ "graphical-session.target" ];
}; };
Install = { Install = { WantedBy = [ "graphical-session.target" ]; };
WantedBy = [ "graphical-session.target" ];
};
Service = { Service = {
ExecStart = '' ExecStart = ''
${pkgs.gebaar-libinput}/bin/gebaard ${pkgs.gebaar-libinput}/bin/gebaard

6
nix/default.nix
View File

@ -1,4 +1,2 @@
let let sources = import /home/yorick/dotfiles/nix/sources.nix;
sources = import /home/yorick/dotfiles/nix/sources.nix; in import sources.nixpkgs (import ./config.nix)
in
import sources.nixpkgs (import ./config.nix)

227
nix/sources.nix
View File

@ -7,42 +7,59 @@ let
# #
fetch_file = pkgs: name: spec: fetch_file = pkgs: name: spec:
let let name' = sanitizeName name + "-src";
name' = sanitizeName name + "-src"; in if spec.builtin or true then
in builtins_fetchurl {
if spec.builtin or true then inherit (spec) url sha256;
builtins_fetchurl { inherit (spec) url sha256; name = name'; } name = name';
else }
pkgs.fetchurl { inherit (spec) url sha256; name = name'; }; else
pkgs.fetchurl {
inherit (spec) url sha256;
name = name';
};
fetch_tarball = pkgs: name: spec: fetch_tarball = pkgs: name: spec:
let let name' = sanitizeName name + "-src";
name' = sanitizeName name + "-src"; in if spec.builtin or true then
in builtins_fetchTarball {
if spec.builtin or true then name = name';
builtins_fetchTarball { name = name'; inherit (spec) url sha256; } inherit (spec) url sha256;
else }
pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; else
pkgs.fetchzip {
name = name';
inherit (spec) url sha256;
};
fetch_git = name: spec: fetch_git = name: spec:
let let
ref = ref = if spec ? ref then
if spec ? ref then spec.ref else spec.ref
if spec ? branch then "refs/heads/${spec.branch}" else else if spec ? branch then
if spec ? tag then "refs/tags/${spec.tag}" else "refs/heads/${spec.branch}"
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; else if spec ? tag then
in "refs/tags/${spec.tag}"
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; }; else
abort
"In git source '${name}': Please specify `ref`, `tag` or `branch`!";
in builtins.fetchGit {
url = spec.repo;
inherit (spec) rev;
inherit ref;
};
fetch_local = spec: spec.path; fetch_local = spec: spec.path;
fetch_builtin-tarball = name: throw fetch_builtin-tarball = name:
''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. throw ''
$ niv modify ${name} -a type=tarball -a builtin=true''; [${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=tarball -a builtin=true'';
fetch_builtin-url = name: throw fetch_builtin-url = name:
''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. throw ''
$ niv modify ${name} -a type=file -a builtin=true''; [${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=file -a builtin=true'';
# #
# Various helpers # Various helpers
@ -50,72 +67,87 @@ let
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
sanitizeName = name: sanitizeName = name:
( (concatMapStrings (s: if builtins.isList s then "-" else s)
concatMapStrings (s: if builtins.isList s then "-" else s) (builtins.split "[^[:alnum:]+._?=-]+"
( ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)));
builtins.split "[^[:alnum:]+._?=-]+"
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
)
);
# The set of packages used when specs are fetched using non-builtins. # The set of packages used when specs are fetched using non-builtins.
mkPkgs = sources: system: mkPkgs = sources: system:
let let
sourcesNixpkgs = sourcesNixpkgs = import
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; }; (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {
inherit system;
};
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.; hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in in if builtins.hasAttr "nixpkgs" sources then
if builtins.hasAttr "nixpkgs" sources sourcesNixpkgs
then sourcesNixpkgs else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then import <nixpkgs> { }
import <nixpkgs> {} else
else abort ''
abort Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
'' add a package called "nixpkgs" to your sources.json.
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or '';
add a package called "nixpkgs" to your sources.json.
'';
# The actual fetching function. # The actual fetching function.
fetch = pkgs: name: spec: fetch = pkgs: name: spec:
if ! builtins.hasAttr "type" spec then if !builtins.hasAttr "type" spec then
abort "ERROR: niv spec ${name} does not have a 'type' attribute" abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file" then fetch_file pkgs name spec else if spec.type == "file" then
else if spec.type == "tarball" then fetch_tarball pkgs name spec fetch_file pkgs name spec
else if spec.type == "git" then fetch_git name spec else if spec.type == "tarball" then
else if spec.type == "local" then fetch_local spec fetch_tarball pkgs name spec
else if spec.type == "builtin-tarball" then fetch_builtin-tarball name else if spec.type == "git" then
else if spec.type == "builtin-url" then fetch_builtin-url name fetch_git name spec
else if spec.type == "local" then
fetch_local spec
else if spec.type == "builtin-tarball" then
fetch_builtin-tarball name
else if spec.type == "builtin-url" then
fetch_builtin-url name
else else
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; abort
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
# If the environment variable NIV_OVERRIDE_${name} is set, then use # If the environment variable NIV_OVERRIDE_${name} is set, then use
# the path directly as opposed to the fetched source. # the path directly as opposed to the fetched source.
replace = name: drv: replace = name: drv:
let let
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name; saneName = stringAsChars
(c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
in in if ersatz == "" then
if ersatz == "" then drv else drv
# this turns the string into an actual Nix path (for both absolute and else
# relative paths) # this turns the string into an actual Nix path (for both absolute and
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}"; # relative paths)
if builtins.substring 0 1 ersatz == "/" then
/. + ersatz
else
/. + builtins.getEnv "PWD" + "/${ersatz}";
# Ports of functions for older nix versions # Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist # a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs = builtins.mapAttrs or ( mapAttrs = builtins.mapAttrs or (f: set:
f: set: with builtins; with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) listToAttrs (map (attr: {
); name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1); range = first: last:
if first > last then
[ ]
else
builtins.genList (n: first + n) (last - first + 1);
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); stringToCharacters = s:
map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
@ -123,46 +155,44 @@ let
concatStrings = builtins.concatStringsSep ""; concatStrings = builtins.concatStringsSep "";
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331 # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
optionalAttrs = cond: as: if cond then as else {}; optionalAttrs = cond: as: if cond then as else { };
# fetchTarball version that is compatible between all the versions of Nix # fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = { url, name ? null, sha256 }@attrs: builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
let let inherit (builtins) lessThan nixVersion fetchTarball;
inherit (builtins) lessThan nixVersion fetchTarball; in if lessThan nixVersion "1.12" then
in fetchTarball
if lessThan nixVersion "1.12" then ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) else
else fetchTarball attrs;
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix # fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = { url, name ? null, sha256 }@attrs: builtins_fetchurl = { url, name ? null, sha256 }@attrs:
let let inherit (builtins) lessThan nixVersion fetchurl;
inherit (builtins) lessThan nixVersion fetchurl; in if lessThan nixVersion "1.12" then
in fetchurl
if lessThan nixVersion "1.12" then ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) else
else fetchurl attrs;
fetchurl attrs;
# Create the final "sources" from the config # Create the final "sources" from the config
mkSources = config: mkSources = config:
mapAttrs ( mapAttrs (name: spec:
name: spec: if builtins.hasAttr "outPath" spec then
if builtins.hasAttr "outPath" spec abort
then abort "The values in sources.json should not have an 'outPath' attribute"
"The values in sources.json should not have an 'outPath' attribute" else
else spec // { outPath = replace name (fetch config.pkgs name spec); })
spec // { outPath = replace name (fetch config.pkgs name spec); } config.sources;
) config.sources;
# The "config" used by the fetchers # The "config" used by the fetchers
mkConfig = mkConfig = { sourcesFile ?
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null if builtins.pathExists ./sources.json then ./sources.json else null
, sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile) , sources ? if isNull sourcesFile then
, system ? builtins.currentSystem { }
, pkgs ? mkPkgs sources system else
}: rec { builtins.fromJSON (builtins.readFile sourcesFile)
, system ? builtins.currentSystem, pkgs ? mkPkgs sources system }: rec {
# The sources, i.e. the attribute set of spec name to spec # The sources, i.e. the attribute set of spec name to spec
inherit sources; inherit sources;
@ -170,5 +200,6 @@ let
inherit pkgs; inherit pkgs;
}; };
in in mkSources (mkConfig { }) // {
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); } __functor = _: settings: mkSources (mkConfig settings);
}

30
nixos/deploy/keys.nix
View File

@ -1,19 +1,23 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
with lib; with lib;
let cfg = config.deployment.keyys; in let cfg = config.deployment.keyys;
{ in {
options.deployment.keyys = mkOption { type = types.listOf types.path; default = []; }; options.deployment.keyys = mkOption {
type = types.listOf types.path;
default = [ ];
};
options.deployment.keys-copy = mkOption { type = types.package; }; options.deployment.keys-copy = mkOption { type = types.package; };
config = { config = {
deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys" (if cfg != [] then '' deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys"
set -e (if cfg != [ ] then ''
ssh root@$1 "mkdir -p /root/keys" set -e
scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys ssh root@$1 "mkdir -p /root/keys"
echo "uploaded keys" scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys
'' else '' echo "uploaded keys"
echo "no keys to upload" '' else ''
''); echo "no keys to upload"
'');
}; };
} }

8
nixos/logical/blackadder.nix
View File

@ -1,9 +1,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{ imports = [ ../physical/3950x.nix ../roles/workstation.nix ];
imports =
[ ../physical/3950x.nix
../roles/workstation.nix
];
nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; nix.nixPath = [ "nixpkgs=${pkgs.path}" ];

52
nixos/logical/frumar.nix
View File

@ -1,6 +1,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{ imports = [
imports = [
../physical/fractal.nix ../physical/fractal.nix
../roles/server.nix ../roles/server.nix
../roles/homeserver.nix ../roles/homeserver.nix
@ -20,7 +19,9 @@
# }; # };
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
services.yorick.torrent-vpn = { services.yorick.torrent-vpn = {
enable = true; name = "mullvad-nl4"; namespace = "torrent"; enable = true;
name = "mullvad-nl4";
namespace = "torrent";
}; };
services.plex = { services.plex = {
enable = true; enable = true;
@ -32,26 +33,28 @@
}; };
services.prometheus = { services.prometheus = {
enable = true; enable = true;
extraFlags = [ extraFlags = [ "--web.enable-admin-api" ];
"--web.enable-admin-api"
];
# victoriametrics # victoriametrics
remoteWrite = [ { url = "http://127.0.0.1:8428/api/v1/write"; } ]; remoteWrite = [{ url = "http://127.0.0.1:8428/api/v1/write"; }];
scrapeConfigs = [ { scrapeConfigs = [
job_name = "smartmeter"; {
# prometheus doesn't support mdns :thinking_face: job_name = "smartmeter";
static_configs = [ { targets = [ "192.168.178.30" ]; } ]; # prometheus doesn't support mdns :thinking_face:
scrape_interval = "10s"; static_configs = [{ targets = [ "192.168.178.30" ]; }];
} { scrape_interval = "10s";
job_name = "node"; }
static_configs = [ { targets = [ "localhost:9100" ]; } ]; {
# } { job_name = "node";
# job_name = "unifi"; static_configs = [{ targets = [ "localhost:9100" ]; }];
# static_configs = [ { targets = [ "localhost:9130" ]; } ]; # } {
} { # job_name = "unifi";
job_name = "thermometer"; # static_configs = [ { targets = [ "localhost:9130" ]; } ];
static_configs = [ { targets = [ "192.168.178.21:8000" ]; } ]; }
}]; {
job_name = "thermometer";
static_configs = [{ targets = [ "192.168.178.21:8000" ]; }];
}
];
exporters.node.enable = true; exporters.node.enable = true;
# exporters.unifi = { # exporters.unifi = {
# enable = true; # enable = true;
@ -81,7 +84,8 @@
AUTH_GOOGLE_ALLOW_SIGN_UP = "false"; AUTH_GOOGLE_ALLOW_SIGN_UP = "false";
}; };
}; };
systemd.services.grafana.serviceConfig.EnvironmentFile = "/root/keys/grafana.env"; systemd.services.grafana.serviceConfig.EnvironmentFile =
"/root/keys/grafana.env";
services.zfs = { services.zfs = {
trim.enable = false; # no ssd's trim.enable = false; # no ssd's
autoScrub = { autoScrub = {

8
nixos/logical/jarvis.nix
View File

@ -1,9 +1,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{ imports = [ ../physical/xps9360.nix ../roles/workstation.nix ];
imports =
[ ../physical/xps9360.nix
../roles/workstation.nix
];
system.stateVersion = "17.09"; system.stateVersion = "17.09";

50
nixos/logical/pennyworth.nix
View File

@ -13,8 +13,7 @@ let
}; };
}; };
vpn = import ../vpn.nix; vpn = import ../vpn.nix;
in in {
{
imports = [ imports = [
../physical/hetznercloud.nix ../physical/hetznercloud.nix
../roles/server.nix ../roles/server.nix
@ -24,20 +23,30 @@ in
]; ];
system.stateVersion = "19.03"; system.stateVersion = "19.03";
services.nginx.enable = true; services.nginx.enable = true;
services.yorick = { services.yorick = {
public = { enable = true; vhost = "pub.yori.cc"; }; public = {
website = { enable = true; vhost = "yorickvanpelt.nl"; }; enable = true;
git = { enable = true; vhost = "git.yori.cc"; }; vhost = "pub.yori.cc";
muflax-church = { enable = true; vhost = "muflax.church"; }; };
website = {
enable = true;
vhost = "yorickvanpelt.nl";
};
git = {
enable = true;
vhost = "git.yori.cc";
};
muflax-church = {
enable = true;
vhost = "muflax.church";
};
}; };
services.muflax-blog = { services.muflax-blog = {
enable = true; enable = true;
web-server = { web-server = { port = 9001; };
port = 9001;
};
hidden-service = { hidden-service = {
hostname = "muflax65ngodyewp.onion"; hostname = "muflax65ngodyewp.onion";
private_key = "/root/keys/http.muflax.key"; private_key = "/root/keys/http.muflax.key";
@ -52,12 +61,16 @@ in
forceSSL = true; forceSSL = true;
globalRedirect = "yorickvanpelt.nl"; globalRedirect = "yorickvanpelt.nl";
}; };
"yorickvanpelt.nl".locations."/p1".return = "301 https://git.yori.cc/yorick/meterkast"; "yorickvanpelt.nl".locations."/p1".return =
"301 https://git.yori.cc/yorick/meterkast";
"grafana.yori.cc" = sslforward "http://${vpn.ips.frumar}:3000"; "grafana.yori.cc" = sslforward "http://${vpn.ips.frumar}:3000";
"ubiquiti.yori.cc" = sslforward "https://${vpn.ips.woodhouse}:8443"; "ubiquiti.yori.cc" = sslforward "https://${vpn.ips.woodhouse}:8443";
"prometheus.yori.cc" = { "prometheus.yori.cc" = {
# only over vpn # only over vpn
listen = [ { addr = "10.209.0.1"; port = 80; } ]; listen = [{
addr = "10.209.0.1";
port = 80;
}];
locations."/".proxyPass = "http://10.209.0.3:9090"; locations."/".proxyPass = "http://10.209.0.3:9090";
}; };
"pub.yori.cc".locations."/muflax/".extraConfig = '' "pub.yori.cc".locations."/muflax/".extraConfig = ''
@ -66,19 +79,20 @@ in
}; };
deployment.keyys = [ <yori-nix/keys/http.muflax.key> ]; deployment.keyys = [ <yori-nix/keys/http.muflax.key> ];
networking.firewall.allowedUDPPorts = [ 31790 ]; # wg networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
networking.wireguard.interfaces.wg-y.peers = networking.wireguard.interfaces.wg-y.peers = lib.mkForce (lib.mapAttrsToList
lib.mkForce (lib.mapAttrsToList (machine: publicKey: { (machine: publicKey: {
inherit publicKey; inherit publicKey;
allowedIPs = [ "${vpn.ips.${machine}}/32" ]; allowedIPs = [ "${vpn.ips.${machine}}/32" ];
}) vpn.keys); }) vpn.keys);
services.prometheus.exporters.wireguard = { services.prometheus.exporters.wireguard = { enable = true; };
enable = true;
};
networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9586 ]; networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9586 ];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
environment.noXlibs = true; environment.noXlibs = true;
users.users.yorick.packages = with pkgs; [ users.users.yorick.packages = with pkgs; [
python2 sshfs-fuse weechat ripgrep python2
sshfs-fuse
weechat
ripgrep
]; ];
} }

32
nixos/logical/woodhouse.nix
View File

@ -1,18 +1,27 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
#secrets = import <secrets>; #secrets = import <secrets>;
mkFuseMount = device: opts: { mkFuseMount = device: opts: {
# todo: "ServerAliveCountMax=3" "ServerAliveInterval=30" # todo: "ServerAliveCountMax=3" "ServerAliveInterval=30"
device = "${pkgs.sshfsFuse}/bin/sshfs#${device}"; device = "${pkgs.sshfsFuse}/bin/sshfs#${device}";
fsType = "fuse"; fsType = "fuse";
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user" options = [
"defaults" "allow_other" "transform_symlinks" "default_permissions" "noauto"
"uid=1000" "x-systemd.automount"
"reconnect" "IdentityFile=/root/.ssh/id_sshfs"] ++ opts; "_netdev"
}; "users"
in "idmap=user"
{ "defaults"
"allow_other"
"transform_symlinks"
"default_permissions"
"uid=1000"
"reconnect"
"IdentityFile=/root/.ssh/id_sshfs"
] ++ opts;
};
in {
imports = [ imports = [
../physical/nuc.nix ../physical/nuc.nix
../roles/graphical.nix ../roles/graphical.nix
@ -35,12 +44,13 @@ in
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
# kodi ports # kodi ports
networking.firewall.allowedTCPPorts = [7 8080 8443 9090 9777]; networking.firewall.allowedTCPPorts = [ 7 8080 8443 9090 9777 ];
users.users.tv = { users.users.tv = {
isNormalUser = true; isNormalUser = true;
uid = 1043; uid = 1043;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
hashedPassword = "$6$hD4ESAGS8O1d$yctx6spOPZ0nt/6cgYpsWZ86UoXw3ISRpf2gbdhbl8JgDz6Psjx6JCqJ9NsMi5BHnXlgRRK/z2SVrTjHEsqQR."; hashedPassword =
"$6$hD4ESAGS8O1d$yctx6spOPZ0nt/6cgYpsWZ86UoXw3ISRpf2gbdhbl8JgDz6Psjx6JCqJ9NsMi5BHnXlgRRK/z2SVrTjHEsqQR.";
packages = with pkgs; [ plex-media-player ]; packages = with pkgs; [ plex-media-player ];
}; };
services.xserver.windowManager.i3.enable = true; services.xserver.windowManager.i3.enable = true;
@ -57,6 +67,6 @@ in
# }; # };
# todo: debug: # todo: debug:
services.resolved.extraConfig = "MulticastDNS=true"; services.resolved.extraConfig = "MulticastDNS=true";
systemd.network.networks."40-eno1".networkConfig.MulticastDNS="yes"; systemd.network.networks."40-eno1".networkConfig.MulticastDNS = "yes";
services.fstrim.enable = true; services.fstrim.enable = true;
} }

114
nixos/logical/zazu.nix
View File

@ -1,16 +1,15 @@
# Edit this configuration file to define what should be installed on your system. Help is available in the configuration.nix(5) man page and in the NixOS manual (accessible by running nixos-help). # Edit this configuration file to define what should be installed on your system. Help is available in the configuration.nix(5) man page and in the NixOS manual (accessible by running nixos-help).
let sources = import ../../nix/sources.nix; in let sources = import ../../nix/sources.nix;
{ config, lib, pkgs, ... }: in { config, lib, pkgs, ... }:
{ {
imports = imports = [ # Include the results of the hardware scan.
[ # Include the results of the hardware scan. ../physical/apu2c4.nix
../physical/apu2c4.nix #<yori-nix/roles/homeserver.nix>
#<yori-nix/roles/homeserver.nix> ../roles
../roles "${sources.nixos-hardware}/pcengines/apu"
"${sources.nixos-hardware}/pcengines/apu" <nixpkgs/nixos/modules/profiles/minimal.nix>
<nixpkgs/nixos/modules/profiles/minimal.nix> ];
];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.version = 2; boot.loader.grub.version = 2;
@ -50,10 +49,15 @@ let sources = import ../../nix/sources.nix; in
interface = "dslite1"; interface = "dslite1";
}; };
systemd.services.dslite1-netdev = { systemd.services.dslite1-netdev = {
wantedBy = [ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ]; wantedBy =
bindsTo = []; [ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ];
bindsTo = [ ];
partOf = [ "network-setup.service" ]; partOf = [ "network-setup.service" ];
after = [ "network-pre.target" "network-addresses-enp1s0.service" "network-link-enp1s0.service" ]; after = [
"network-pre.target"
"network-addresses-enp1s0.service"
"network-link-enp1s0.service"
];
before = [ "network-setup.service" ]; before = [ "network-setup.service" ];
path = [ pkgs.iproute ]; path = [ pkgs.iproute ];
serviceConfig = { serviceConfig = {
@ -96,16 +100,56 @@ let sources = import ../../nix/sources.nix; in
interfaces = [ "enp2s0" ]; interfaces = [ "enp2s0" ];
enable = true; enable = true;
machines = [ machines = [
{ hostName = "amateria"; ethernetAddress = "a8:a1:59:15:8b:63"; ipAddress = "192.168.178.42"; } {
{ hostName = "blackadder"; ethernetAddress = "a8:a1:59:03:8a:75"; ipAddress = "192.168.178.33"; } hostName = "amateria";
{ hostName = "frumar"; ethernetAddress = "bc:5f:f4:e8:42:9f"; ipAddress = "192.168.178.37"; } ethernetAddress = "a8:a1:59:15:8b:63";
{ hostName = "jarvis"; ethernetAddress = "18:1d:ea:35:13:58"; ipAddress = "192.168.178.34"; } ipAddress = "192.168.178.42";
{ hostName = "jarvis-dock"; ethernetAddress = "64:4b:f0:10:05:f2"; ipAddress = "192.168.178.13"; } }
{ hostName = "printer"; ethernetAddress = "30:05:5c:44:20:a7"; ipAddress = "192.168.178.26"; } {
{ hostName = "raspberrypi"; ethernetAddress = "b8:27:eb:b9:ec:3a"; ipAddress = "192.168.178.21"; } hostName = "blackadder";
{ hostName = "smartMeter"; ethernetAddress = "5c:cf:7f:26:ca:91"; ipAddress = "192.168.178.30"; } ethernetAddress = "a8:a1:59:03:8a:75";
{ hostName = "gang-ap"; ethernetAddress = "b4:fb:e4:2d:fc:f3"; ipAddress = "192.168.178.32"; } ipAddress = "192.168.178.33";
{ hostName = "woodhouse"; ethernetAddress = "94:c6:91:15:1f:c5"; ipAddress = "192.168.178.39"; } }
{
hostName = "frumar";
ethernetAddress = "bc:5f:f4:e8:42:9f";
ipAddress = "192.168.178.37";
}
{
hostName = "jarvis";
ethernetAddress = "18:1d:ea:35:13:58";
ipAddress = "192.168.178.34";
}
{
hostName = "jarvis-dock";
ethernetAddress = "64:4b:f0:10:05:f2";
ipAddress = "192.168.178.13";
}
{
hostName = "printer";
ethernetAddress = "30:05:5c:44:20:a7";
ipAddress = "192.168.178.26";
}
{
hostName = "raspberrypi";
ethernetAddress = "b8:27:eb:b9:ec:3a";
ipAddress = "192.168.178.21";
}
{
hostName = "smartMeter";
ethernetAddress = "5c:cf:7f:26:ca:91";
ipAddress = "192.168.178.30";
}
{
hostName = "gang-ap";
ethernetAddress = "b4:fb:e4:2d:fc:f3";
ipAddress = "192.168.178.32";
}
{
hostName = "woodhouse";
ethernetAddress = "94:c6:91:15:1f:c5";
ipAddress = "192.168.178.39";
}
]; ];
extraConfig = '' extraConfig = ''
subnet 192.168.178.0 netmask 255.255.255.0 { subnet 192.168.178.0 netmask 255.255.255.0 {
@ -183,15 +227,17 @@ let sources = import ../../nix/sources.nix; in
boot.supportedFilesystems = lib.mkForce [ "ext4" ]; boot.supportedFilesystems = lib.mkForce [ "ext4" ];
boot.initrd.supportedFilesystems = lib.mkForce [ "ext4" ]; boot.initrd.supportedFilesystems = lib.mkForce [ "ext4" ];
security.polkit.enable = false; security.polkit.enable = false;
nixpkgs.overlays = [ (self: super: { nixpkgs.overlays = [
dhcpcd = super.dhcpcd.overrideAttrs (o: rec { (self: super: {
pname = "dhcpcd"; dhcpcd = super.dhcpcd.overrideAttrs (o: rec {
version = "8.1.9"; pname = "dhcpcd";
src = self.fetchurl { version = "8.1.9";
url = "mirror://roy/${pname}/${pname}-${version}.tar.xz"; src = self.fetchurl {
sha256 = "1kzv61bgrd0zwiy6r218zkccx36j9p5mz1gxqvbhg05xn9g50alf"; url = "mirror://roy/${pname}/${pname}-${version}.tar.xz";
}; sha256 = "1kzv61bgrd0zwiy6r218zkccx36j9p5mz1gxqvbhg05xn9g50alf";
patches = []; };
}); patches = [ ];
}) ]; });
})
];
} }

15
nixos/modules/lumi-vpn.nix
View File

@ -1,10 +1,12 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.yorick.lumi-vpn; cfg = config.yorick.lumi-vpn;
addresses = import "${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix" addresses = import
{ lib.ip4.ip = a: b: c: d: x: lib.concatStringsSep "." (map toString [ a b c d ]); }; "${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix" {
in lib.ip4.ip = a: b: c: d: x:
{ lib.concatStringsSep "." (map toString [ a b c d ]);
};
in {
options.yorick.lumi-vpn = with lib; { options.yorick.lumi-vpn = with lib; {
enable = mkEnableOption "lumi vpn"; enable = mkEnableOption "lumi vpn";
name = mkOption { name = mkOption {
@ -28,9 +30,10 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
networking.wireguard.interfaces = { networking.wireguard.interfaces = {
wg-lumi = { wg-lumi = {
privateKeyFile = "/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key"; privateKeyFile =
"/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key";
ips = [ cfg.ip ]; ips = [ cfg.ip ];
peers = [ { peers = [{
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI="; publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
endpoint = "wg.lumi.guide:31727"; endpoint = "wg.lumi.guide:31727";
allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ]; allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];

38
nixos/modules/muflax-blog.nix
View File

@ -1,30 +1,32 @@
{ cur_pkgs, config, lib, ... }: { cur_pkgs, config, lib, ... }:
let let
cfg = config.services.muflax-blog; cfg = config.services.muflax-blog;
muflax-source = builtins.fetchGit { muflax-source = builtins.fetchGit {
rev = "e5ce7ae4296c6605a7e886c153d569fc38318096"; rev = "e5ce7ae4296c6605a7e886c153d569fc38318096";
ref = "HEAD"; ref = "HEAD";
url = "https://github.com/fmap/muflax65ngodyewp.onion.git"; url = "https://github.com/fmap/muflax65ngodyewp.onion.git";
}; };
nixpkgs = import (builtins.fetchTarball { nixpkgs = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz"; url =
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8"; "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
}) { system = builtins.currentSystem; }; sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
blog = lib.overrideDerivation (nixpkgs.callPackage "${muflax-source}/maintenance" {}) (default: { }) { system = builtins.currentSystem; };
buildPhase = default.buildPhase + "\n" + '' blog = lib.overrideDerivation
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1${cfg.hidden-service.hostname}/g' (nixpkgs.callPackage "${muflax-source}/maintenance" { }) (default: {
''; buildPhase = default.buildPhase + "\n" + ''
}); grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1${cfg.hidden-service.hostname}/g'
'';
});
in with lib; { in with lib; {
options.services.muflax-blog = { options.services.muflax-blog = {
enable = mkOption { type = types.bool; default = false; }; enable = mkOption {
web-server = { type = types.bool;
port = mkOption { type = types.int; }; default = false;
}; };
web-server = { port = mkOption { type = types.int; }; };
hidden-service = { hidden-service = {
hostname = mkOption { type = types.str; }; hostname = mkOption { type = types.str; };
private_key = mkOption { type = types.str; }; private_key = mkOption { type = types.str; };
}; };
}; };
@ -47,11 +49,13 @@ in with lib; {
server_name ${site}.${cfg.hidden-service.hostname}; server_name ${site}.${cfg.hidden-service.hostname};
root ${blog}/${site}; root ${blog}/${site};
} }
'') ["daily" "gospel" "blog"]); '') [ "daily" "gospel" "blog" ]);
}; };
services.tor.enable = true; services.tor.enable = true;
services.tor.hiddenServices.muflax-blog.map = [{ services.tor.hiddenServices.muflax-blog.map = [{
port = 80; toPort = cfg.web-server.port; }]; port = 80;
toPort = cfg.web-server.port;
}];
services.tor.service-keys.muflax-blog = cfg.hidden-service.private_key; services.tor.service-keys.muflax-blog = cfg.hidden-service.private_key;
}; };
} }

35
nixos/modules/nginx.nix
View File

@ -1,36 +1,35 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
sslcfg = dir: '' sslcfg = dir: ''
ssl on; ssl on;
ssl_certificate_key ${dir}/key.pem; ssl_certificate_key ${dir}/key.pem;
ssl_certificate ${dir}/fullchain.pem; ssl_certificate ${dir}/fullchain.pem;
ssl_trusted_certificate ${dir}/fullchain.pem; ssl_trusted_certificate ${dir}/fullchain.pem;
add_header Strict-Transport-Security max-age=15768000; add_header Strict-Transport-Security max-age=15768000;
''; '';
in in {
{
config = lib.mkIf config.services.nginx.enable { config = lib.mkIf config.services.nginx.enable {
services.nginx = { services.nginx = {
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
serverTokens = false; serverTokens = false;
sslDhparam = "/etc/nginx/dhparam.pem"; sslDhparam = "/etc/nginx/dhparam.pem";
virtualHosts."${config.networking.hostName}.yori.cc" = { virtualHosts."${config.networking.hostName}.yori.cc" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
default = true; default = true;
}; };
}; };
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [ 80 443 ];
system.activationScripts.nginxdhparams = '' system.activationScripts.nginxdhparams = ''
if ! [[ -e /etc/nginx/dhparam.pem ]]; then if ! [[ -e /etc/nginx/dhparam.pem ]]; then
mkdir -p /etc/nginx/ mkdir -p /etc/nginx/
${pkgs.openssl}/bin/openssl dhparam -out /etc/nginx/dhparam.pem 2048 ${pkgs.openssl}/bin/openssl dhparam -out /etc/nginx/dhparam.pem 2048
fi fi
''; '';
}; };
} }

6
nixos/modules/tor-hidden-service.nix
View File

@ -7,13 +7,13 @@ let
torDir = "/var/lib/tor"; torDir = "/var/lib/tor";
in { in {
options.services.tor.service-keys = mkOption { options.services.tor.service-keys = mkOption {
default = {}; default = { };
type = with types; attrsOf str; type = with types; attrsOf str;
}; };
config = mkIf (service-keys != {}) { config = mkIf (service-keys != { }) {
systemd.services."install-tor-hidden-service-keys" = { systemd.services."install-tor-hidden-service-keys" = {
wantedBy = ["tor.service"]; wantedBy = [ "tor.service" ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.User = "root"; serviceConfig.User = "root";
serviceConfig.Group = "keys"; serviceConfig.Group = "keys";

36
nixos/overlay.nix
View File

@ -1,32 +1,20 @@
let let names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ]; in pkgs: super: {
in yorick = (super.yorick or { }) // rec {
pkgs: super: { nixos = configuration: extraArgs:
yorick = (super.yorick or {}) // rec {
nixos =
configuration: extraArgs:
let let
c = import (pkgs.path + "/nixos/lib/eval-config.nix") { c = import (pkgs.path + "/nixos/lib/eval-config.nix") {
inherit (pkgs.stdenv.hostPlatform) system; inherit (pkgs.stdenv.hostPlatform) system;
inherit extraArgs; inherit extraArgs;
modules = modules =
[( [ ({ lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault pkgs; }) ]
{ lib, ... }: { ++ (if builtins.isList configuration then
config.nixpkgs.pkgs = lib.mkDefault pkgs; configuration
} else
)] ++ ( [ configuration ]);
if builtins.isList configuration
then configuration
else [configuration]
);
}; };
in in c.config.system.build // c;
c.config.system.build // c; machine = pkgs.lib.genAttrs names
machine = pkgs.lib.genAttrs names (name: nixos [ (name: nixos [ ./roles (./logical + "/${name}.nix") ] { inherit name; });
./roles
(./logical + "/${name}.nix")
] {
inherit name;
});
}; };
} }

4
nixos/packages/default.nix
View File

@ -1,3 +1 @@
[ (self: super: { [ (self: super: { yori-cc = super.callPackage ./yori-cc.nix { }; }) ]
yori-cc = super.callPackage ./yori-cc.nix {};
})]

6
nixos/packages/yori-cc.nix
View File

@ -2,12 +2,12 @@
stdenv.mkDerivation { stdenv.mkDerivation {
name = "yori-cc-1.5"; name = "yori-cc-1.5";
src = builtins.fetchGit { src = builtins.fetchGit {
url = "git@git.yori.cc:yorick/yori-cc.git"; url = "git@git.yori.cc:yorick/yori-cc.git";
rev = "68c75ab84cceaf98dd8fd0646b97d73f966b8962"; rev = "68c75ab84cceaf98dd8fd0646b97d73f966b8962";
}; };
buildInputs = [ ]; buildInputs = [ ];
installPhase = '' installPhase = ''
@ -17,7 +17,7 @@ stdenv.mkDerivation {
meta = { meta = {
description = "Yori-cc website"; description = "Yori-cc website";
homepage = https://yorickvanpelt.nl; homepage = "https://yorickvanpelt.nl";
maintainers = [ "Yorick" ]; maintainers = [ "Yorick" ];
}; };
} }

34
nixos/physical/3950x-hardware-config.nix
View File

@ -4,33 +4,31 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "rpool/root/nixos"; device = "rpool/root/nixos";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "rpool/home-enc"; device = "rpool/home-enc";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/5D0A-7902"; device = "/dev/disk/by-uuid/5D0A-7902";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/61a23e27-2cd4-4456-bcde-aec68be04239"; } [{ device = "/dev/disk/by-uuid/61a23e27-2cd4-4456-bcde-aec68be04239"; }];
];
nix.maxJobs = lib.mkDefault 32; nix.maxJobs = lib.mkDefault 32;
# High-DPI console # High-DPI console

24
nixos/physical/3950x.nix
View File

@ -1,12 +1,11 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let sources = import ../../nix/sources.nix; let sources = import ../../nix/sources.nix;
in in {
{ imports = [
imports = ./.
[ ./. ./3950x-hardware-config.nix
./3950x-hardware-config.nix "${sources.nixos-hardware}/common/cpu/amd"
"${sources.nixos-hardware}/common/cpu/amd" ];
];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
@ -27,8 +26,13 @@ in
# linkConfig.NamePolicy = "mac kernel database onboard slot path"; # linkConfig.NamePolicy = "mac kernel database onboard slot path";
# }; # };
boot.kernelParams = [ boot.kernelParams = [
"amdgpu.ppfeaturemask=0xffffffff" "amdgpu.noretry=0" "amdgpu.lockup_timeout=1000" "amdgpu.gpu_recovery=1" "amdgpu.audio=0" "amdgpu.ppfeaturemask=0xffffffff"
"amdgpu.noretry=0"
"amdgpu.lockup_timeout=1000"
"amdgpu.gpu_recovery=1"
"amdgpu.audio=0"
# thunderbolt # thunderbolt
"pcie_ports=native" "pci=assign-busses,hpbussize=0x33,realloc" "pcie_ports=native"
"pci=assign-busses,hpbussize=0x33,realloc"
]; ];
} }

14
nixos/physical/apu2c4.nix
View File

@ -4,19 +4,19 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2"; device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; } [{ device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; }];
];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
} }

4
nixos/physical/default.nix
View File

@ -1,3 +1 @@
{ { hardware.enableRedistributableFirmware = true; }
hardware.enableRedistributableFirmware = true;
}

42
nixos/physical/fractal.nix
View File

@ -1,13 +1,10 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let sources = import ../../nix/sources.nix; let sources = import ../../nix/sources.nix;
in in {
{ imports = [ ./. "${sources.nixos-hardware}/common/cpu/intel" ];
imports =
[ ./.
"${sources.nixos-hardware}/common/cpu/intel"
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules =
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub = { boot.loader.grub = {
@ -17,25 +14,22 @@ in
device = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S21PNXAG441016B"; device = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S21PNXAG441016B";
}; };
fileSystems."/" = {
device = "/dev/disk/by-uuid/ba95c638-f243-48ee-ae81-0c70884e7e74";
fsType = "ext4";
options = [ "defaults" "relatime" "discard" ];
};
fileSystems."/" = swapDevices = [{ device = "/dev/disk/by-label/nixos-swap"; }];
{ device = "/dev/disk/by-uuid/ba95c638-f243-48ee-ae81-0c70884e7e74"; fileSystems."/data" = {
fsType = "ext4"; device = "frumar-new";
options = ["defaults" "relatime" "discard"]; fsType = "zfs";
}; };
swapDevices = fileSystems."/data/plexmedia" = {
[ { device = "/dev/disk/by-label/nixos-swap"; } device = "frumar-new/plexmedia";
]; fsType = "zfs";
fileSystems."/data" = };
{ device = "frumar-new";
fsType = "zfs";
};
fileSystems."/data/plexmedia" =
{ device = "frumar-new/plexmedia";
fsType = "zfs";
};
nix.maxJobs = 4; nix.maxJobs = 4;
services.avahi.interfaces = [ "enp2s0" ]; services.avahi.interfaces = [ "enp2s0" ];

21
nixos/physical/hetznercloud.nix
View File

@ -1,14 +1,11 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
let let ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName};
ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName}; in {
in imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.loader.grub = { boot.loader.grub = {
@ -17,10 +14,10 @@ in
device = "/dev/sda"; device = "/dev/sda";
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/sda1"; device = "/dev/sda1";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ ]; swapDevices = [ ];

40
nixos/physical/nuc.nix
View File

@ -1,31 +1,30 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
let sources = import ../../nix/sources.nix; let sources = import ../../nix/sources.nix;
in in {
{
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
./. ./.
"${sources.nixos-hardware}/common/cpu/intel" "${sources.nixos-hardware}/common/cpu/intel"
]; ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.availableKernelModules =
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/3e148654-0ed8-4354-8159-e3499c6fa299"; device = "/dev/disk/by-uuid/3e148654-0ed8-4354-8159-e3499c6fa299";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/439E-26EA"; device = "/dev/disk/by-uuid/439E-26EA";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [ ];
@ -35,7 +34,8 @@ in
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
}; };
hardware.opengl.extraPackages = with pkgs; [ hardware.opengl.extraPackages = with pkgs;
intel-media-driver # only available starting nixos-19.03 or the current nixos-unstable [
]; intel-media-driver # only available starting nixos-19.03 or the current nixos-unstable
];
} }

22
nixos/physical/xps9360-hardware-config.nix
View File

@ -9,21 +9,21 @@
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62"; device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62";
fsType = "btrfs"; fsType = "btrfs";
}; };
boot.initrd.luks.devices."nix-crypt".device = "/dev/disk/by-uuid/320ef81d-283f-4916-ac26-ecfb0f31e549"; boot.initrd.luks.devices."nix-crypt".device =
"/dev/disk/by-uuid/320ef81d-283f-4916-ac26-ecfb0f31e549";
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/0E07-7805"; device = "/dev/disk/by-uuid/0E07-7805";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/198ddaba-a849-41de-993d-862c2d37937a"; } [{ device = "/dev/disk/by-uuid/198ddaba-a849-41de-993d-862c2d37937a"; }];
];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

5
nixos/physical/xps9360.nix
View File

@ -1,7 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let sources = import ../../nix/sources.nix; let sources = import ../../nix/sources.nix;
in in {
{
imports = [ imports = [
"${sources.nixos-hardware}/dell/xps/13-9360" "${sources.nixos-hardware}/dell/xps/13-9360"
./xps9360-hardware-config.nix ./xps9360-hardware-config.nix
@ -12,7 +11,7 @@ in
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options i8k ignore_dmi=1 options i8k ignore_dmi=1
''; '';
fileSystems."/".options = ["defaults" "relatime" "discard"]; fileSystems."/".options = [ "defaults" "relatime" "discard" ];
boot.initrd.luks.devices."nix-crypt".allowDiscards = true; boot.initrd.luks.devices."nix-crypt".allowDiscards = true;

80
nixos/roles/default.nix
View File

@ -1,12 +1,10 @@
let secrets = import ../secrets.nix; let secrets = import ../secrets.nix;
in in { config, pkgs, lib, name, ... }:
{ config, pkgs, lib, name, ...}:
let let
machine = name; machine = name;
vpn = import ../vpn.nix; vpn = import ../vpn.nix;
in in {
{ imports = [
imports = [
../modules/tor-hidden-service.nix ../modules/tor-hidden-service.nix
../modules/nginx.nix ../modules/nginx.nix
../modules/lumi-vpn.nix ../modules/lumi-vpn.nix
@ -15,23 +13,24 @@ in
]; ];
networking.domain = "yori.cc"; networking.domain = "yori.cc";
networking.hostName = machine; networking.hostName = machine;
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
users.mutableUsers = false; users.mutableUsers = false;
users.users.root = { users.users.root = {
openssh.authorizedKeys.keys = config.users.users.yorick.openssh.authorizedKeys.keys; openssh.authorizedKeys.keys =
config.users.users.yorick.openssh.authorizedKeys.keys;
# root password is useful from console, ssh has password logins disabled # root password is useful from console, ssh has password logins disabled
hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own
}; };
services.timesyncd.enable = true; services.timesyncd.enable = true;
users.users.yorick = { users.users.yorick = {
isNormalUser = true; isNormalUser = true;
uid = 1000; uid = 1000;
extraGroups = ["wheel"]; extraGroups = [ "wheel" ];
group = "users"; group = "users";
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); yorick; openssh.authorizedKeys.keys = with (import ../sshkeys.nix); yorick;
hashedPassword = secrets.yorick_hashedPassword; hashedPassword = secrets.yorick_hashedPassword;
}; };
# Nix # Nix
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -44,14 +43,13 @@ in
services.openssh = { services.openssh = {
enable = true; enable = true;
passwordAuthentication = false; passwordAuthentication = false;
challengeResponseAuthentication = false; challengeResponseAuthentication = false;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# v important. # v important.
cowsay #ponysay cowsay # ponysay
ed # ed, man! ed # ed, man!
sl sl
rlwrap rlwrap
@ -59,31 +57,43 @@ in
#vim #vim
# system stuff # system stuff
ethtool inetutils ethtool
pciutils usbutils inetutils
/*iotop*/ powertop htop pciutils
psmisc lsof usbutils
smartmontools hdparm # iotop
powertop
htop
psmisc
lsof
smartmontools
hdparm
lm_sensors lm_sensors
ncdu ncdu
# utils # utils
file which file
which
reptyr reptyr
tmux tmux
bc bc
mkpasswd mkpasswd
shadow shadow
# archiving # archiving
xdelta xdelta
libarchive libarchive
atool atool
# network # network
nmap mtr bind nmap
socat netcat-openbsd mtr
lftp wget rsync bind
socat
netcat-openbsd
lftp
wget
rsync
#gitMinimal #gitMinimal
#rxvt_unicode.terminfo #rxvt_unicode.terminfo
@ -94,12 +104,12 @@ in
ipv6 = true; ipv6 = true;
hostName = machine; hostName = machine;
}; };
deployment.keyys = [ (<yori-nix/keys>+"/wg.${machine}.key") ]; deployment.keyys = [ (<yori-nix/keys> + "/wg.${machine}.key") ];
networking.wireguard.interfaces.wg-y = { networking.wireguard.interfaces.wg-y = {
privateKeyFile = "/root/keys/wg.${machine}.key"; privateKeyFile = "/root/keys/wg.${machine}.key";
ips = [ vpn.ips.${machine} ]; ips = [ vpn.ips.${machine} ];
listenPort = 31790; listenPort = 31790;
peers = [ { peers = [{
publicKey = vpn.keys.pennyworth; publicKey = vpn.keys.pennyworth;
endpoint = "pennyworth.yori.cc:31790"; endpoint = "pennyworth.yori.cc:31790";
allowedIPs = [ "10.209.0.0/24" ]; allowedIPs = [ "10.209.0.0/24" ];
@ -112,7 +122,7 @@ in
nix.binaryCachePublicKeys = nix.binaryCachePublicKeys =
[ "yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0=" ]; [ "yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0=" ];
nix.trustedUsers = ["@wheel"]; nix.trustedUsers = [ "@wheel" ];
services.prometheus.exporters.node = { services.prometheus.exporters.node = {
enable = true; enable = true;
enabledCollectors = [ "systemd" ]; enabledCollectors = [ "systemd" ];

4
nixos/roles/graphical.nix
View File

@ -45,7 +45,9 @@ in { config, lib, pkgs, ... }: {
programs.sway = { programs.sway = {
enable = true; enable = true;
extraSessionCommands = '' extraSessionCommands = ''
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])} export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${
lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])
}
''; '';
}; };
}; };

2
nixos/roles/homeserver.nix
View File

@ -1,4 +1,4 @@
{lib, ...}: { { lib, ... }: {
users.users.lars = { users.users.lars = {
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [

16
nixos/roles/server.nix
View File

@ -1,16 +1,20 @@
{ {
imports = [ ./. ]; imports = [ ./. ];
documentation.nixos.enable = false; documentation.nixos.enable = false;
services.sshguard.enable = true; services.sshguard.enable = true;
programs.mosh.enable = true; programs.mosh.enable = true;
environment.noXlibs = true; environment.noXlibs = true;
networking.firewall.logRefusedConnections = false; # Silence logging of scanners and knockers networking.firewall.logRefusedConnections =
false; # Silence logging of scanners and knockers
# TODO: upstream with noXlibs # TODO: upstream with noXlibs
# https://github.com/NixOS/nixpkgs/pull/107394 # https://github.com/NixOS/nixpkgs/pull/107394
nixpkgs.overlays = [ (self: super: { nixpkgs.overlays = [
elixir_1_8 = (self.beam.packagesWith (self.beam.interpreters.erlang_nox)).elixir_1_8; (self: super: {
erlang = super.erlang_nox; elixir_1_8 =
}) ]; (self.beam.packagesWith (self.beam.interpreters.erlang_nox)).elixir_1_8;
erlang = super.erlang_nox;
})
];
} }

42
nixos/roles/workstation.nix
View File

@ -1,20 +1,20 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
nixNetrcFile = pkgs.runCommand "nix-netrc-file" nixNetrcFile = pkgs.runCommand "nix-netrc-file" {
{ hostname = "cache.lumi.guide"; hostname = "cache.lumi.guide";
username = "lumi"; username = "lumi";
} '' } ''
cat > $out <<EOI cat > $out <<EOI
machine $hostname machine $hostname
login $username login $username
password ${builtins.readFile /home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password} password ${
EOI builtins.readFile
''; /home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password
in }
{ EOI
imports = [ '';
./graphical.nix in {
]; imports = [ ./graphical.nix ];
users.extraUsers.yorick.extraGroups = [ "input" "wireshark" "dialout" ]; users.extraUsers.yorick.extraGroups = [ "input" "wireshark" "dialout" ];
services.printing = { services.printing = {
@ -22,7 +22,9 @@ in
drivers = [ pkgs.gutenprint pkgs.cups-dymo ]; drivers = [ pkgs.gutenprint pkgs.cups-dymo ];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
pkgs.ghostscript pkgs.yubikey-manager pkgs.glib pkgs.ghostscript
pkgs.yubikey-manager
pkgs.glib
]; ];
environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [ environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [
"${gnome-themes-extra}/share" "${gnome-themes-extra}/share"
@ -83,7 +85,7 @@ in
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ce9", MODE="664",GROUP="pico" SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ce9", MODE="664",GROUP="pico"
'') '')
]; ];
users.groups.pico = {}; users.groups.pico = { };
# development # development
services.postgresql = { services.postgresql = {
@ -92,7 +94,6 @@ in
package = pkgs.postgresql_10; package = pkgs.postgresql_10;
}; };
# git # git
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000; boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
@ -101,10 +102,7 @@ in
services.pipewire.enable = true; services.pipewire.enable = true;
xdg.portal = { xdg.portal = {
enable = true; enable = true;
extraPortals = with pkgs; [ extraPortals = with pkgs; [ xdg-desktop-portal-wlr xdg-desktop-portal-gtk ];
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
gtkUsePortal = true; gtkUsePortal = true;
}; };
} }

BIN
nixos/secrets.nix
View File

Binary file not shown.

20
nixos/servers.nix
View File

@ -1,12 +1,14 @@
let let
sources = import ./nix/sources.nix; sources = import ./nix/sources.nix;
nixpkgs = import sources.nixpkgs {}; nixpkgs = import sources.nixpkgs { };
nixos = name: configuration: import (nixpkgs.path + "/nixos/lib/eval-config.nix") { nixos = name: configuration:
extraArgs = { inherit name; }; import (nixpkgs.path + "/nixos/lib/eval-config.nix") {
modules = [ ({lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault nixpkgs; }) ] ++ configuration; extraArgs = { inherit name; };
}; modules =
[ ({ lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault nixpkgs; }) ]
++ configuration;
};
names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ]; names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
in in nixpkgs.lib.genAttrs names (name:
nixpkgs.lib.genAttrs names (name: (let os = (let os = nixos name [ ./roles (./logical + "/${name}.nix") ];
nixos name [ ./roles (./logical + "/${name}.nix") ]; in in os.config.system.build.toplevel // os))
os.config.system.build.toplevel // os))

5
nixos/services/backup.nix
View File

@ -1,5 +1,4 @@
{ name, ... }: { name, ... }: {
{
deployment.keyys = [ deployment.keyys = [
(../keys + "/${name}_borg_repo.key") (../keys + "/${name}_borg_repo.key")
(../keys + "/${name}_borg_ssh.key") (../keys + "/${name}_borg_ssh.key")
@ -25,7 +24,7 @@
repo = "14337@ch-s012.rsync.net:${name}"; repo = "14337@ch-s012.rsync.net:${name}";
paths = [ "/home" "/root" "/var/lib" ]; paths = [ "/home" "/root" "/var/lib" ];
prune.keep = { prune.keep = {
# hourly backups for the past week # hourly backups for the past week
within = "7d"; within = "7d";

9
nixos/services/default.nix
View File

@ -1,8 +1 @@
{ { imports = [ ./git.nix ./muflax-church.nix ./pub.nix ./website.nix ]; }
imports = [
./git.nix
./muflax-church.nix
./pub.nix
./website.nix
];
}

10
nixos/services/email.nix
View File

@ -1,11 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let sources = import ../../nix/sources.nix;
sources = import ../../nix/sources.nix; in {
in imports = [ ("${sources.nixos-mailserver}") ];
{
imports = [
("${sources.nixos-mailserver}")
];
mailserver = rec { mailserver = rec {
enable = true; enable = true;

10
nixos/services/git.nix
View File

@ -3,8 +3,7 @@
let let
cfg = config.services.yorick.git; cfg = config.services.yorick.git;
inherit (cfg) vhost; inherit (cfg) vhost;
in in {
{
options.services.yorick.git = with lib; { options.services.yorick.git = with lib; {
enable = mkEnableOption "git"; enable = mkEnableOption "git";
vhost = mkOption { type = types.str; }; vhost = mkOption { type = types.str; };
@ -12,7 +11,9 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.extraUsers.git = { users.extraUsers.git = {
createHome = true; createHome = true;
home = config.services.gitea.stateDir; extraGroups = [ "git" ]; useDefaultShell = true; home = config.services.gitea.stateDir;
extraGroups = [ "git" ];
useDefaultShell = true;
}; };
services.gitea = { services.gitea = {
enable = true; enable = true;
@ -42,7 +43,8 @@ in
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.gitea.httpPort}"; proxyPass =
"http://127.0.0.1:${toString config.services.gitea.httpPort}";
extraConfig = '' extraConfig = ''
proxy_buffering off; proxy_buffering off;
''; '';

40
nixos/services/muflax-church.nix
View File

@ -5,16 +5,19 @@ let
rev = "e5ce7ae4296c6605a7e886c153d569fc38318096"; rev = "e5ce7ae4296c6605a7e886c153d569fc38318096";
ref = "HEAD"; ref = "HEAD";
url = "https://github.com/fmap/muflax65ngodyewp.onion.git"; url = "https://github.com/fmap/muflax65ngodyewp.onion.git";
}; };
nixpkgs = import (builtins.fetchTarball { nixpkgs = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz"; url =
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8"; "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
}) { system = builtins.currentSystem; }; sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
muflax-church = (nixpkgs.callPackage "${muflax-source}/maintenance" {}).overrideDerivation (default: { }) { system = builtins.currentSystem; };
buildPhase = default.buildPhase + "\n" + '' muflax-church =
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1muflax.church/g;s/http:\/\/\([^@]*\)muflax.church/https:\/\/\1muflax.church/g' (nixpkgs.callPackage "${muflax-source}/maintenance" { }).overrideDerivation
''; (default: {
}); buildPhase = default.buildPhase + "\n" + ''
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1muflax.church/g;s/http:\/\/\([^@]*\)muflax.church/https:\/\/\1muflax.church/g'
'';
});
cfg = config.services.yorick.muflax-church; cfg = config.services.yorick.muflax-church;
inherit (cfg) vhost; inherit (cfg) vhost;
addrs = { addrs = {
@ -23,9 +26,12 @@ nixpkgs = import (builtins.fetchTarball {
"gospel.${vhost}" = "${muflax-church}/gospel"; "gospel.${vhost}" = "${muflax-church}/gospel";
"alt.${vhost}" = "/home/public/public/muflax"; "alt.${vhost}" = "/home/public/public/muflax";
}; };
m = x: root: { forceSSL = true; useACMEHost = vhost; inherit root; }; m = x: root: {
in forceSSL = true;
{ useACMEHost = vhost;
inherit root;
};
in {
options.services.yorick.muflax-church = with lib; { options.services.yorick.muflax-church = with lib; {
enable = mkEnableOption "muflax.church"; enable = mkEnableOption "muflax.church";
vhost = mkOption { type = types.str; }; vhost = mkOption { type = types.str; };
@ -42,11 +48,7 @@ in
"gospel.${vhost}" = m "${muflax-church}/gospel"; "gospel.${vhost}" = m "${muflax-church}/gospel";
"alt.${vhost}" = m "/home/public/public/muflax"; "alt.${vhost}" = m "/home/public/public/muflax";
} // (lib.mapAttrs m addrs); } // (lib.mapAttrs m addrs);
security.acme.certs.${vhost}.extraDomainNames = [ security.acme.certs.${vhost}.extraDomainNames =
"daily.${vhost}" [ "daily.${vhost}" "blog.${vhost}" "gospel.${vhost}" "alt.${vhost}" ];
"blog.${vhost}"
"gospel.${vhost}"
"alt.${vhost}"
];
}; };
} }

6
nixos/services/pub.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let cfg = config.services.yorick.public; in let cfg = config.services.yorick.public;
{ in {
options.services.yorick.public = { options.services.yorick.public = {
enable = lib.mkEnableOption "public hosting"; enable = lib.mkEnableOption "public hosting";
vhost = lib.mkOption { type = lib.types.str; }; vhost = lib.mkOption { type = lib.types.str; };
@ -14,7 +14,7 @@ let cfg = config.services.yorick.public; in
users.extraUsers.public = { users.extraUsers.public = {
home = "/home/public"; home = "/home/public";
useDefaultShell = true; useDefaultShell = true;
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [public]; openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [ public ];
createHome = true; createHome = true;
}; };
services.nginx.virtualHosts.${cfg.vhost} = { services.nginx.virtualHosts.${cfg.vhost} = {

12
nixos/services/torrent-wg.nix
View File

@ -1,22 +1,20 @@
{pkgs, lib, config, ...}: { pkgs, lib, config, ... }:
let let cfg = config.services.yorick.torrent-vpn;
cfg = config.services.yorick.torrent-vpn; in {
in
{
options.services.yorick.torrent-vpn = with lib; { options.services.yorick.torrent-vpn = with lib; {
enable = mkEnableOption "torrent-vpn"; enable = mkEnableOption "torrent-vpn";
name = mkOption { type = types.str; }; name = mkOption { type = types.str; };
namespace = mkOption { type = types.str; }; namespace = mkOption { type = types.str; };
}; };
config = { config = {
deployment.keyys = [ (<yori-nix/keys>+"/wg.${cfg.name}.key") ]; deployment.keyys = [ (<yori-nix/keys> + "/wg.${cfg.name}.key") ];
networking.wireguard.interfaces.${cfg.name} = { networking.wireguard.interfaces.${cfg.name} = {
# curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")' # curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")'
ips = [ "10.66.30.26/32" "fc00:bbbb:bbbb:bb01::3:1e19/128" ]; ips = [ "10.66.30.26/32" "fc00:bbbb:bbbb:bb01::3:1e19/128" ];
privateKeyFile = "/root/keys/wg.${cfg.name}.key"; privateKeyFile = "/root/keys/wg.${cfg.name}.key";
peers = [{ peers = [{
publicKey = "hnRyse6QxPPcZOoSwRsHUtK1W+APWXnIoaDTmH6JsHQ="; publicKey = "hnRyse6QxPPcZOoSwRsHUtK1W+APWXnIoaDTmH6JsHQ=";
allowedIPs = ["0.0.0.0/0" "::0/0"]; allowedIPs = [ "0.0.0.0/0" "::0/0" ];
endpoint = "[2a03:1b20:3:f011::a04f]:51820"; endpoint = "[2a03:1b20:3:f011::a04f]:51820";
}]; }];
interfaceNamespace = cfg.namespace; interfaceNamespace = cfg.namespace;

29
nixos/services/website.nix
View File

@ -1,25 +1,30 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
yoricc = pkgs.callPackage ../packages/yori-cc.nix {}; yoricc = pkgs.callPackage ../packages/yori-cc.nix { };
cfg = config.services.yorick.website; cfg = config.services.yorick.website;
in in with lib; {
with lib;
{
options.services.yorick = { options.services.yorick = {
website = { website = {
enable = mkEnableOption "yoricc website"; enable = mkEnableOption "yoricc website";
vhost = mkOption { type = types.str; }; vhost = mkOption { type = types.str; };
pkg = mkOption { type = types.package; default = yoricc; }; pkg = mkOption {
type = types.package;
default = yoricc;
};
}; };
redirect = mkOption { type = types.loaOf types.str; default = []; }; redirect = mkOption {
}; type = types.loaOf types.str;
config.services.nginx.virtualHosts = with cfg; mkIf enable { default = [ ];
${vhost} = {
enableACME = true;
forceSSL = true;
locations."/".root = "${pkg}/web";
}; };
}; };
config.services.nginx.virtualHosts = with cfg;
mkIf enable {
${vhost} = {
enableACME = true;
forceSSL = true;
locations."/".root = "${pkg}/web";
};
};
} }

8
nixos/sshkeys.nix
View File

@ -1,4 +1,8 @@
{ {
public = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZv+hBDmjxF8h9Gxwvy0o7sMgOsqwp8pVj9AlpG90Y7agvkOm2IGtFueVfiDe0yWPXT0/EIiVWcPhWwcVkbY/BkypPJSMLnlcQ6ld+aO1g+BtdDaVuxcTSvQ77UCT2p+wftxoq1EiUdlhTsXpPucrBd+5NOde+jlPBE4qChIAf2zhOIByJAGT+M4Ie3eV4p5S9LB9CMI4s32gNUBbSA8UDmkjpBXkf9a1TZzdkOGWUmUFXt53/O8LZlGK9kkA5TsjM2xaxDjCLWf5wEcey4JsEggi1prE4aB68Q7+kdbvDiVSEFyZn0A/A9RXHBRAgW8yPdh+EGC56iDW/wkGxWBY5"; public =
yorick = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo1N5E6qkb3McJOvv0PqI7E8iYLAcjil5RWc+zeTtN/" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFQm2OJ8PlnDHfI7FV3hddXP0t2jgKAiCnnuWIc+LK4dnyGmlC/ihIe9KhSENZEnzVAXnYAMOoOvpkVa5p0Itf1n0anCK3k2vDq0Jz9nY3ZXmkSHE09QGCpSG8kU6j+zWJPo2jWYNtxYMRmmHAuzzOdlPY9Q199PEvHVaqzpSVhIdhqhEcmap8oqHW6KbJu+17nLGGQB5XiTB1SlTxbg62copA9KMcvQzNGIooKs5QyrU/B0g05EfbogH7xOLbwYAK676DTUBEcKpEUYFMMv+DBcU4cH2EI6UTLxI5ohrS1pxk20zu5nTRMlQRUETpWN4EbEPfOzF8FW1YOwdttfCas8D6Y6t9gA4o8GpylBG9AElVw7VyOFeBR+AtchormH+wH6nZEvzs6wg2d84I8xo5qYGUJIQS7OYxypjlY01IFCCa/7rjzXGDmdWAP/UEu85ys9FSryn9Ey5DXDQOqhMHguOwQDUyaArWyRCCBzKbx6cPZw2D9bLfDxbnaC2/5dVyxHJXoWmwneX2E/UT5QwtG1nyLShIZhYgO9lfDpO61Mz9Jjap3sj6mJPxHZc5SGye0j47xV6kX4vbSgfoSHHnasaI3fR2ZBS7tnfq1ebxXqFFSPHK6uHjLgDHtkMisvjOVZnybuXB296pjv6K1o2G3qlUnImOqfxZxvuy4Xl/mw== cardno:000607186578"]; "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZv+hBDmjxF8h9Gxwvy0o7sMgOsqwp8pVj9AlpG90Y7agvkOm2IGtFueVfiDe0yWPXT0/EIiVWcPhWwcVkbY/BkypPJSMLnlcQ6ld+aO1g+BtdDaVuxcTSvQ77UCT2p+wftxoq1EiUdlhTsXpPucrBd+5NOde+jlPBE4qChIAf2zhOIByJAGT+M4Ie3eV4p5S9LB9CMI4s32gNUBbSA8UDmkjpBXkf9a1TZzdkOGWUmUFXt53/O8LZlGK9kkA5TsjM2xaxDjCLWf5wEcey4JsEggi1prE4aB68Q7+kdbvDiVSEFyZn0A/A9RXHBRAgW8yPdh+EGC56iDW/wkGxWBY5";
yorick = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo1N5E6qkb3McJOvv0PqI7E8iYLAcjil5RWc+zeTtN/"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFQm2OJ8PlnDHfI7FV3hddXP0t2jgKAiCnnuWIc+LK4dnyGmlC/ihIe9KhSENZEnzVAXnYAMOoOvpkVa5p0Itf1n0anCK3k2vDq0Jz9nY3ZXmkSHE09QGCpSG8kU6j+zWJPo2jWYNtxYMRmmHAuzzOdlPY9Q199PEvHVaqzpSVhIdhqhEcmap8oqHW6KbJu+17nLGGQB5XiTB1SlTxbg62copA9KMcvQzNGIooKs5QyrU/B0g05EfbogH7xOLbwYAK676DTUBEcKpEUYFMMv+DBcU4cH2EI6UTLxI5ohrS1pxk20zu5nTRMlQRUETpWN4EbEPfOzF8FW1YOwdttfCas8D6Y6t9gA4o8GpylBG9AElVw7VyOFeBR+AtchormH+wH6nZEvzs6wg2d84I8xo5qYGUJIQS7OYxypjlY01IFCCa/7rjzXGDmdWAP/UEu85ys9FSryn9Ey5DXDQOqhMHguOwQDUyaArWyRCCBzKbx6cPZw2D9bLfDxbnaC2/5dVyxHJXoWmwneX2E/UT5QwtG1nyLShIZhYgO9lfDpO61Mz9Jjap3sj6mJPxHZc5SGye0j47xV6kX4vbSgfoSHHnasaI3fR2ZBS7tnfq1ebxXqFFSPHK6uHjLgDHtkMisvjOVZnybuXB296pjv6K1o2G3qlUnImOqfxZxvuy4Xl/mw== cardno:000607186578"
];
} }

10
overlay.nix
View File

@ -1,10 +1,10 @@
let sources = import ./nix/sources.nix; in let sources = import ./nix/sources.nix;
pkgs: super: { in pkgs: super: {
yorick = super.yorick // rec { yorick = super.yorick // rec {
home = { check ? true, newsReadIdsFile ? null }: home = { check ? true, newsReadIdsFile ? null }:
import "${sources.home-manager}/home-manager/home-manager.nix" { import "${sources.home-manager}/home-manager/home-manager.nix" {
confPath = ./nix/.config/nixpkgs/home.nix; confPath = ./nix/.config/nixpkgs/home.nix;
inherit pkgs check newsReadIdsFile; inherit pkgs check newsReadIdsFile;
}; };
}; };
} }