yorick
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nixfmt

auto-flake-update
Yorick van Pelt 2021-05-29 18:05:31 +02:00
parent 65b73fabf7
commit a688758401
Signed by: yorick
GPG Key ID: D8D3CC6D951384DE
47 changed files with 957 additions and 758 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
bin/default.nix
View File

@ -2,17 +2,20 @@
#{ writeScript ? pkgs.writeScript, lib ? pkgs.lib, stdenv ? pkgs.stdenv }: #{ writeScript ? pkgs.writeScript, lib ? pkgs.lib, stdenv ? pkgs.stdenv }:
with pkgs; with pkgs;
let let
compileShell = src: buildInputs: name: stdenv.mkDerivation { compileShell = src: buildInputs: name:
stdenv.mkDerivation {
inherit name src; inherit name src;
buildInputs = buildInputs ++ [ makeWrapper ]; buildInputs = buildInputs ++ [ makeWrapper ];
unpackPhase = "true"; unpackPhase = "true";
installPhase = ''mkdir -p $out/bin && cp $src $out/bin/${name} installPhase = ''
wrapProgram $out/bin/${name} --suffix PATH : ${lib.makeSearchPath "bin" buildInputs} mkdir -p $out/bin && cp $src $out/bin/${name}
wrapProgram $out/bin/${name} --suffix PATH : ${
lib.makeSearchPath "bin" buildInputs
}
''; '';
}; };
in lib.mapAttrs (k: f: f k) { in lib.mapAttrs (k: f: f k) {
backup = compileShell ./backup.sh backup = compileShell ./backup.sh (with pkgs; [ utillinux duplicity ]);
(with pkgs; [utillinux duplicity]); screenshot_public =
screenshot_public = compileShell ./screenshot_public.sh compileShell ./screenshot_public.sh (with pkgs; [ scrot xclip rsync ]);
(with pkgs; [scrot xclip rsync]);
} }

3
config.nix
View File

@ -1,6 +1,5 @@
let sources = import ./nix/sources.nix; let sources = import ./nix/sources.nix;
in in {
{
allowUnfree = true; allowUnfree = true;
overlays = [ overlays = [
(import sources.nixpkgs-wayland) (import sources.nixpkgs-wayland)

3
default.nix
View File

@ -1,3 +1,2 @@
let sources = import ./nix/sources.nix; let sources = import ./nix/sources.nix;
in in import sources.nixpkgs (import ./config.nix)
import sources.nixpkgs (import ./config.nix)

4
home-manager/home-manager.nix
View File

@ -1,3 +1 @@
let pkgs = import ../.; let pkgs = import ../.; in pkgs.yorick.home
in
pkgs.yorick.home

230
nix/.config/nixpkgs/home.nix
View File

@ -11,8 +11,7 @@ font = {
forceWayland = true; forceWayland = true;
browserName = "firefox"; browserName = "firefox";
}; };
in in {
{
imports = [ ./arbtt.nix ./libinput-gestures.nix ]; imports = [ ./arbtt.nix ./libinput-gestures.nix ];
nixpkgs = { nixpkgs = {
config.allowUnfree = true; config.allowUnfree = true;
@ -36,23 +35,53 @@ in
emacs = { emacs = {
enable = true; enable = true;
package = pkgs.emacsPgtkGcc; package = pkgs.emacsPgtkGcc;
extraPackages = _: let extraPackages = _:
epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc; let epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc;
in (with epkgs.melpaPackages; [ reason-mode evil counsel ivy ivy-hydra swiper magit forge avy ]) ++ (with epkgs.melpaPackages; [ in (with epkgs.melpaPackages; [
reason-mode
evil
counsel
ivy
ivy-hydra
swiper
magit
forge
avy
]) ++ (with epkgs.melpaPackages; [
epkgs.undo-tree epkgs.undo-tree
epkgs.notmuch epkgs.rust-mode epkgs.notmuch
epkgs.rust-mode
company company
projectile counsel-projectile projectile
ggtags use-package org-bullets solarized-theme counsel-projectile
evil-leader evil-surround #evil-magit ggtags
epkgs.evil-goggles epkgs.ox-mediawiki use-package
nix-buffer which-key git-gutter-fringe org-bullets
all-the-icons epkgs.org-cliplink solarized-theme
pandoc-mode markdown-mode interleave evil-leader
org-ref haskell-mode request #intero evil-surround # evil-magit
weechat s elixir-mode htmlize epkgs.evil-goggles
linum-relative terraform-mode epkgs.ox-mediawiki
direnv vue-mode solarized-theme nix-buffer
which-key
git-gutter-fringe
all-the-icons
epkgs.org-cliplink
pandoc-mode
markdown-mode
interleave
org-ref
haskell-mode
request # intero
weechat
s
elixir-mode
htmlize
linum-relative
terraform-mode
direnv
vue-mode
solarized-theme
#wlrctl #wlrctl
(epkgs.melpaBuild { (epkgs.melpaBuild {
pname = "nix-mode"; pname = "nix-mode";
@ -81,9 +110,11 @@ in
extraConfig.help.autocorrect = 5; extraConfig.help.autocorrect = 5;
extraConfig.push.default = "simple"; extraConfig.push.default = "simple";
extraConfig.pull.ff = "only"; extraConfig.pull.ff = "only";
extraConfig."includeIf \"gitdir:~/serokell/\"".path = "~/serokell/.gitconfig"; extraConfig."includeIf \"gitdir:~/serokell/\"".path =
"~/serokell/.gitconfig";
aliases = { aliases = {
lg = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative"; lg =
"log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
st = "status"; st = "status";
remotes = "remote -v"; remotes = "remote -v";
branches = "branch -a"; branches = "branch -a";
@ -92,7 +123,8 @@ in
unstage = "reset -q HEAD --"; unstage = "reset -q HEAD --";
discard = "checkout --"; discard = "checkout --";
uncommit = "reset --mixed HEAD~"; uncommit = "reset --mixed HEAD~";
graph = "log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order "; graph =
"log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order ";
dad = "!curl https://icanhazdadjoke.com/ && git add"; dad = "!curl https://icanhazdadjoke.com/ && git add";
}; };
}; };
@ -108,19 +140,50 @@ in
identityFile = "~/.ssh/id_rsa_pub"; identityFile = "~/.ssh/id_rsa_pub";
identitiesOnly = true; identitiesOnly = true;
}; };
phassa = { hostname = "karpenoktem.nl"; port = 33933; }; phassa = {
hostname = "karpenoktem.nl";
port = 33933;
};
"jupiter.serokell.io" = jupiter; "jupiter.serokell.io" = jupiter;
jupiter = { hostname = "jupiter.serokell.io"; port = 17788; }; jupiter = {
athena = { hostname = "athena.lumi.guide"; user = "yorick.van.pelt"; }; hostname = "jupiter.serokell.io";
rpibuild3 = { hostname = "10.110.0.3"; user = "yorick.van.pelt"; port = 4222; }; port = 17788;
styx = { hostname = "10.110.0.1"; user = "yorick.van.pelt"; port = 2233; }; };
"*.lumi.guide" = { athena = {
hostname = "athena.lumi.guide";
user = "yorick.van.pelt"; user = "yorick.van.pelt";
}; };
nyx = { hostname = "nyx.lumi.guide"; user = "yorick.van.pelt"; port = 2233; }; rpibuild3 = {
zeus = { hostname = "zeus.lumi.guide"; user = "yorick.van.pelt"; port = 2233; }; hostname = "10.110.0.3";
ponos = { hostname = "ponos.lumi.guide"; user = "yorick.van.pelt"; port = 2233; }; user = "yorick.van.pelt";
medusa = { hostname = "lumi.guide"; user = "yorick.van.pelt"; port = 2233; }; port = 4222;
};
styx = {
hostname = "10.110.0.1";
user = "yorick.van.pelt";
port = 2233;
};
"*.lumi.guide" = { user = "yorick.van.pelt"; };
nyx = {
hostname = "nyx.lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
zeus = {
hostname = "zeus.lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
ponos = {
hostname = "ponos.lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
medusa = {
hostname = "lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
# signs # signs
"10.108.0.*" = { "10.108.0.*" = {
user = "yorick.van.pelt"; user = "yorick.van.pelt";
@ -164,7 +227,7 @@ in
shellAliases = { shellAliases = {
l = "ls"; l = "ls";
ls = "exa"; ls = "exa";
nr = "nix repl \"<nixpkgs>\""; nr = ''nix repl "<nixpkgs>"'';
nsp = "nix-shell -p"; nsp = "nix-shell -p";
}; };
interactiveShellInit = '' interactiveShellInit = ''
@ -186,7 +249,7 @@ in
enable = true; enable = true;
historyControl = [ "erasedups" "ignoredups" "ignorespace" ]; historyControl = [ "erasedups" "ignoredups" "ignorespace" ];
shellAliases = { shellAliases = {
nr = "nix repl \"<nixpkgs>\""; nr = ''nix repl "<nixpkgs>"'';
nsp = "nix-shell -p"; nsp = "nix-shell -p";
}; };
initExtra = '' initExtra = ''
@ -249,12 +312,18 @@ eval "$(starship init bash)"
# rev = "025ceddbddf55f2eb4ab40b05889148aab9699fc"; # rev = "025ceddbddf55f2eb4ab40b05889148aab9699fc";
# sha256 = "0lxv37gmh38y9d3l8nbnsm1mskcv10g3i83j0kac0a2qmypv1k9f"; # sha256 = "0lxv37gmh38y9d3l8nbnsm1mskcv10g3i83j0kac0a2qmypv1k9f";
# } + "/Xresources.dark"); # } + "/Xresources.dark");
home.file.".emacs.d/init.el" = { source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el); }; home.file.".emacs.d/init.el" = {
source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el);
};
xdg.configFile."streamlink/config".text = '' xdg.configFile."streamlink/config".text = ''
player = mpv --cache 2048 player = mpv --cache 2048
default-stream = best default-stream = best
''; '';
xdg.configFile."waybar" = { source = ./waybar; recursive = true; onChange = "systemctl --user restart waybar"; }; xdg.configFile."waybar" = {
source = ./waybar;
recursive = true;
onChange = "systemctl --user restart waybar";
};
programs.mako.enable = true; programs.mako.enable = true;
services = { services = {
lorri.enable = true; lorri.enable = true;
@ -290,16 +359,22 @@ eval "$(starship init bash)"
fonts = [ (toString font) ]; fonts = [ (toString font) ];
window.border = 2; window.border = 2;
floating.modifier = "Mod4"; floating.modifier = "Mod4";
keybindings = with pkgs; (builtins.head (builtins.head options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default // keybindings = with pkgs;
(let exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}"; mod = "Mod4"; in (builtins.head (builtins.head
{ options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default
// (let
exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}";
mod = "Mod4";
in {
"${mod}+Shift+c" = "kill"; "${mod}+Shift+c" = "kill";
"${mod}+j" = "focus left"; "${mod}+j" = "focus left";
"${mod}+k" = "focus right"; "${mod}+k" = "focus right";
"${mod}+d" = "layout toggle split"; "${mod}+d" = "layout toggle split";
"${mod}+i" = "exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh"; "${mod}+i" =
"exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh";
#"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session"; #"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session";
"${mod}+ctrl+l" = "exec --no-startup-id sleep 1s && pkill -USR1 swayidle"; "${mod}+ctrl+l" =
"exec --no-startup-id sleep 1s && pkill -USR1 swayidle";
"${mod}+Return" = "exec alacritty"; "${mod}+Return" = "exec alacritty";
"${mod}+Escape" = "workspace back_and_forth"; "${mod}+Escape" = "workspace back_and_forth";
"${mod}+0" = "workspace 10"; "${mod}+0" = "workspace 10";
@ -322,13 +397,16 @@ eval "$(starship init bash)"
"XF86AudioMute" = exec alsaUtils "amixer set Master toggle"; "XF86AudioMute" = exec alsaUtils "amixer set Master toggle";
"${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public"; "${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public";
"Print" = exec bin.screenshot_public "screenshot_public"; "Print" = exec bin.screenshot_public "screenshot_public";
"${mod}+Shift+t" = "exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh"; "${mod}+Shift+t" =
"exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh";
"--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh"; "--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh";
"${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh"; "${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh";
#"${mod}+p" = exec rofi-pass "rofi-pass"; #"${mod}+p" = exec rofi-pass "rofi-pass";
"${mod}+e" = exec pkgs.wldash "wldash start-or-kill"; "${mod}+e" = exec pkgs.wldash "wldash start-or-kill";
"--locked ${mod}+bracketleft" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0"; "--locked ${mod}+bracketleft" =
"--locked ${mod}+bracketright" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1"; "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0";
"--locked ${mod}+bracketright" =
"exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1";
}); });
}; };
systemdIntegration = true; systemdIntegration = true;
@ -377,24 +455,54 @@ eval "$(starship init bash)"
XCURSOR_PATH = "${pkgs.gnome3.adwaita-icon-theme}/share/icons"; XCURSOR_PATH = "${pkgs.gnome3.adwaita-icon-theme}/share/icons";
XDG_CURRENT_DESKTOP = "sway"; XDG_CURRENT_DESKTOP = "sway";
}; };
home.packages = with pkgs.envs; [ home.packages = with pkgs.envs;
apps code de games pdf media misc scripts coins js [ apps code de games pdf media misc scripts coins js ] ++ (with pkgs; [
] ++ (with pkgs; [ github-cli
github-cli libreoffice nix-tree virt-manager watchman libreoffice
nix-tree
virt-manager
watchman
gnome3.gcr.out # alacritty gnome3.gcr.out # alacritty
waybar slurp grim wl-clipboard waybar
wldash gebaar-libinput slurp
notmuch gmailieer afew grim
swaybg swayidle wl-clipboard
swaylock broot starship wldash
fd htop kcachegrind lm_sensors niv gebaar-libinput
nixfmt linuxPackages.perf pssh slack smartmontools vim waypipe xdg_utils notmuch
nix-top nix-diff gmailieer
ltrace asciinema cargo minecraft afew
swaybg
swayidle
swaylock
broot
starship
fd
htop
kcachegrind
lm_sensors
niv
nixfmt
linuxPackages.perf
pssh
slack
smartmontools
vim
waypipe
xdg_utils
nix-top
nix-diff
ltrace
asciinema
cargo
minecraft
unzip unzip
exa obs-studio-dmabuf obs-wlrobs exa
obs-studio-dmabuf
obs-wlrobs
zoom-us zoom-us
cachix eagle cachix
eagle
y-firefox y-firefox
]); # qtwayland ]); # qtwayland
# programs.firefox = { # programs.firefox = {
@ -410,9 +518,7 @@ eval "$(starship init bash)"
PartOf = [ "graphical-session.target" ]; PartOf = [ "graphical-session.target" ];
}; };
Install = { Install = { WantedBy = [ "graphical-session.target" ]; };
WantedBy = [ "graphical-session.target" ];
};
Service = { Service = {
ExecStart = '' ExecStart = ''
@ -449,9 +555,7 @@ eval "$(starship init bash)"
PartOf = [ "graphical-session.target" ]; PartOf = [ "graphical-session.target" ];
}; };
Install = { Install = { WantedBy = [ "graphical-session.target" ]; };
WantedBy = [ "graphical-session.target" ];
};
Service = { Service = {
ExecStart = '' ExecStart = ''

6
nix/default.nix
View File

@ -1,4 +1,2 @@
let let sources = import /home/yorick/dotfiles/nix/sources.nix;
sources = import /home/yorick/dotfiles/nix/sources.nix; in import sources.nixpkgs (import ./config.nix)
in
import sources.nixpkgs (import ./config.nix)

187
nix/sources.nix
View File

@ -7,41 +7,58 @@ let
# #
fetch_file = pkgs: name: spec: fetch_file = pkgs: name: spec:
let let name' = sanitizeName name + "-src";
name' = sanitizeName name + "-src"; in if spec.builtin or true then
in builtins_fetchurl {
if spec.builtin or true then inherit (spec) url sha256;
builtins_fetchurl { inherit (spec) url sha256; name = name'; } name = name';
}
else else
pkgs.fetchurl { inherit (spec) url sha256; name = name'; }; pkgs.fetchurl {
inherit (spec) url sha256;
name = name';
};
fetch_tarball = pkgs: name: spec: fetch_tarball = pkgs: name: spec:
let let name' = sanitizeName name + "-src";
name' = sanitizeName name + "-src"; in if spec.builtin or true then
in builtins_fetchTarball {
if spec.builtin or true then name = name';
builtins_fetchTarball { name = name'; inherit (spec) url sha256; } inherit (spec) url sha256;
}
else else
pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; pkgs.fetchzip {
name = name';
inherit (spec) url sha256;
};
fetch_git = name: spec: fetch_git = name: spec:
let let
ref = ref = if spec ? ref then
if spec ? ref then spec.ref else spec.ref
if spec ? branch then "refs/heads/${spec.branch}" else else if spec ? branch then
if spec ? tag then "refs/tags/${spec.tag}" else "refs/heads/${spec.branch}"
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; else if spec ? tag then
in "refs/tags/${spec.tag}"
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; }; else
abort
"In git source '${name}': Please specify `ref`, `tag` or `branch`!";
in builtins.fetchGit {
url = spec.repo;
inherit (spec) rev;
inherit ref;
};
fetch_local = spec: spec.path; fetch_local = spec: spec.path;
fetch_builtin-tarball = name: throw fetch_builtin-tarball = name:
''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. throw ''
[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=tarball -a builtin=true''; $ niv modify ${name} -a type=tarball -a builtin=true'';
fetch_builtin-url = name: throw fetch_builtin-url = name:
''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. throw ''
[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=file -a builtin=true''; $ niv modify ${name} -a type=file -a builtin=true'';
# #
@ -50,29 +67,25 @@ let
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
sanitizeName = name: sanitizeName = name:
( (concatMapStrings (s: if builtins.isList s then "-" else s)
concatMapStrings (s: if builtins.isList s then "-" else s) (builtins.split "[^[:alnum:]+._?=-]+"
( ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)));
builtins.split "[^[:alnum:]+._?=-]+"
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
)
);
# The set of packages used when specs are fetched using non-builtins. # The set of packages used when specs are fetched using non-builtins.
mkPkgs = sources: system: mkPkgs = sources: system:
let let
sourcesNixpkgs = sourcesNixpkgs = import
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; }; (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {
inherit system;
};
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.; hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in in if builtins.hasAttr "nixpkgs" sources then
if builtins.hasAttr "nixpkgs" sources sourcesNixpkgs
then sourcesNixpkgs
else if hasNixpkgsPath && !hasThisAsNixpkgsPath then else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
import <nixpkgs> { } import <nixpkgs> { }
else else
abort abort ''
''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json. add a package called "nixpkgs" to your sources.json.
''; '';
@ -82,40 +95,59 @@ let
if !builtins.hasAttr "type" spec then if !builtins.hasAttr "type" spec then
abort "ERROR: niv spec ${name} does not have a 'type' attribute" abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file" then fetch_file pkgs name spec else if spec.type == "file" then
else if spec.type == "tarball" then fetch_tarball pkgs name spec fetch_file pkgs name spec
else if spec.type == "git" then fetch_git name spec else if spec.type == "tarball" then
else if spec.type == "local" then fetch_local spec fetch_tarball pkgs name spec
else if spec.type == "builtin-tarball" then fetch_builtin-tarball name else if spec.type == "git" then
else if spec.type == "builtin-url" then fetch_builtin-url name fetch_git name spec
else if spec.type == "local" then
fetch_local spec
else if spec.type == "builtin-tarball" then
fetch_builtin-tarball name
else if spec.type == "builtin-url" then
fetch_builtin-url name
else else
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; abort
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
# If the environment variable NIV_OVERRIDE_${name} is set, then use # If the environment variable NIV_OVERRIDE_${name} is set, then use
# the path directly as opposed to the fetched source. # the path directly as opposed to the fetched source.
replace = name: drv: replace = name: drv:
let let
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name; saneName = stringAsChars
(c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
in in if ersatz == "" then
if ersatz == "" then drv else drv
else
# this turns the string into an actual Nix path (for both absolute and # this turns the string into an actual Nix path (for both absolute and
# relative paths) # relative paths)
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}"; if builtins.substring 0 1 ersatz == "/" then
/. + ersatz
else
/. + builtins.getEnv "PWD" + "/${ersatz}";
# Ports of functions for older nix versions # Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist # a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs = builtins.mapAttrs or ( mapAttrs = builtins.mapAttrs or (f: set:
f: set: with builtins; with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) listToAttrs (map (attr: {
); name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1); range = first: last:
if first > last then
[ ]
else
builtins.genList (n: first + n) (last - first + 1);
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); stringToCharacters = s:
map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
@ -127,42 +159,40 @@ let
# fetchTarball version that is compatible between all the versions of Nix # fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = { url, name ? null, sha256 }@attrs: builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
let let inherit (builtins) lessThan nixVersion fetchTarball;
inherit (builtins) lessThan nixVersion fetchTarball; in if lessThan nixVersion "1.12" then
in fetchTarball
if lessThan nixVersion "1.12" then ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else else
fetchTarball attrs; fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix # fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = { url, name ? null, sha256 }@attrs: builtins_fetchurl = { url, name ? null, sha256 }@attrs:
let let inherit (builtins) lessThan nixVersion fetchurl;
inherit (builtins) lessThan nixVersion fetchurl; in if lessThan nixVersion "1.12" then
in fetchurl
if lessThan nixVersion "1.12" then ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else else
fetchurl attrs; fetchurl attrs;
# Create the final "sources" from the config # Create the final "sources" from the config
mkSources = config: mkSources = config:
mapAttrs ( mapAttrs (name: spec:
name: spec: if builtins.hasAttr "outPath" spec then
if builtins.hasAttr "outPath" spec abort
then abort
"The values in sources.json should not have an 'outPath' attribute" "The values in sources.json should not have an 'outPath' attribute"
else else
spec // { outPath = replace name (fetch config.pkgs name spec); } spec // { outPath = replace name (fetch config.pkgs name spec); })
) config.sources; config.sources;
# The "config" used by the fetchers # The "config" used by the fetchers
mkConfig = mkConfig = { sourcesFile ?
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null if builtins.pathExists ./sources.json then ./sources.json else null
, sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile) , sources ? if isNull sourcesFile then
, system ? builtins.currentSystem { }
, pkgs ? mkPkgs sources system else
}: rec { builtins.fromJSON (builtins.readFile sourcesFile)
, system ? builtins.currentSystem, pkgs ? mkPkgs sources system }: rec {
# The sources, i.e. the attribute set of spec name to spec # The sources, i.e. the attribute set of spec name to spec
inherit sources; inherit sources;
@ -170,5 +200,6 @@ let
inherit pkgs; inherit pkgs;
}; };
in in mkSources (mkConfig { }) // {
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); } __functor = _: settings: mkSources (mkConfig settings);
}

12
nixos/deploy/keys.nix
View File

@ -1,11 +1,15 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
with lib; with lib;
let cfg = config.deployment.keyys; in let cfg = config.deployment.keyys;
{ in {
options.deployment.keyys = mkOption { type = types.listOf types.path; default = []; }; options.deployment.keyys = mkOption {
type = types.listOf types.path;
default = [ ];
};
options.deployment.keys-copy = mkOption { type = types.package; }; options.deployment.keys-copy = mkOption { type = types.package; };
config = { config = {
deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys" (if cfg != [] then '' deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys"
(if cfg != [ ] then ''
set -e set -e
ssh root@$1 "mkdir -p /root/keys" ssh root@$1 "mkdir -p /root/keys"
scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys

8
nixos/logical/blackadder.nix
View File

@ -1,9 +1,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{ imports = [ ../physical/3950x.nix ../roles/workstation.nix ];
imports =
[ ../physical/3950x.nix
../roles/workstation.nix
];
nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; nix.nixPath = [ "nixpkgs=${pkgs.path}" ];

26
nixos/logical/frumar.nix
View File

@ -1,5 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{
imports = [ imports = [
../physical/fractal.nix ../physical/fractal.nix
../roles/server.nix ../roles/server.nix
@ -20,7 +19,9 @@
# }; # };
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
services.yorick.torrent-vpn = { services.yorick.torrent-vpn = {
enable = true; name = "mullvad-nl4"; namespace = "torrent"; enable = true;
name = "mullvad-nl4";
namespace = "torrent";
}; };
services.plex = { services.plex = {
enable = true; enable = true;
@ -32,26 +33,28 @@
}; };
services.prometheus = { services.prometheus = {
enable = true; enable = true;
extraFlags = [ extraFlags = [ "--web.enable-admin-api" ];
"--web.enable-admin-api"
];
# victoriametrics # victoriametrics
remoteWrite = [{ url = "http://127.0.0.1:8428/api/v1/write"; }]; remoteWrite = [{ url = "http://127.0.0.1:8428/api/v1/write"; }];
scrapeConfigs = [ { scrapeConfigs = [
{
job_name = "smartmeter"; job_name = "smartmeter";
# prometheus doesn't support mdns :thinking_face: # prometheus doesn't support mdns :thinking_face:
static_configs = [{ targets = [ "192.168.178.30" ]; }]; static_configs = [{ targets = [ "192.168.178.30" ]; }];
scrape_interval = "10s"; scrape_interval = "10s";
} { }
{
job_name = "node"; job_name = "node";
static_configs = [{ targets = [ "localhost:9100" ]; }]; static_configs = [{ targets = [ "localhost:9100" ]; }];
# } { # } {
# job_name = "unifi"; # job_name = "unifi";
# static_configs = [ { targets = [ "localhost:9130" ]; } ]; # static_configs = [ { targets = [ "localhost:9130" ]; } ];
} { }
{
job_name = "thermometer"; job_name = "thermometer";
static_configs = [{ targets = [ "192.168.178.21:8000" ]; }]; static_configs = [{ targets = [ "192.168.178.21:8000" ]; }];
}]; }
];
exporters.node.enable = true; exporters.node.enable = true;
# exporters.unifi = { # exporters.unifi = {
# enable = true; # enable = true;
@ -81,7 +84,8 @@
AUTH_GOOGLE_ALLOW_SIGN_UP = "false"; AUTH_GOOGLE_ALLOW_SIGN_UP = "false";
}; };
}; };
systemd.services.grafana.serviceConfig.EnvironmentFile = "/root/keys/grafana.env"; systemd.services.grafana.serviceConfig.EnvironmentFile =
"/root/keys/grafana.env";
services.zfs = { services.zfs = {
trim.enable = false; # no ssd's trim.enable = false; # no ssd's
autoScrub = { autoScrub = {

8
nixos/logical/jarvis.nix
View File

@ -1,9 +1,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{ imports = [ ../physical/xps9360.nix ../roles/workstation.nix ];
imports =
[ ../physical/xps9360.nix
../roles/workstation.nix
];
system.stateVersion = "17.09"; system.stateVersion = "17.09";

48
nixos/logical/pennyworth.nix
View File

@ -13,8 +13,7 @@ let
}; };
}; };
vpn = import ../vpn.nix; vpn = import ../vpn.nix;
in in {
{
imports = [ imports = [
../physical/hetznercloud.nix ../physical/hetznercloud.nix
../roles/server.nix ../roles/server.nix
@ -27,17 +26,27 @@ in
services.nginx.enable = true; services.nginx.enable = true;
services.yorick = { services.yorick = {
public = { enable = true; vhost = "pub.yori.cc"; }; public = {
website = { enable = true; vhost = "yorickvanpelt.nl"; }; enable = true;
git = { enable = true; vhost = "git.yori.cc"; }; vhost = "pub.yori.cc";
muflax-church = { enable = true; vhost = "muflax.church"; }; };
website = {
enable = true;
vhost = "yorickvanpelt.nl";
};
git = {
enable = true;
vhost = "git.yori.cc";
};
muflax-church = {
enable = true;
vhost = "muflax.church";
};
}; };
services.muflax-blog = { services.muflax-blog = {
enable = true; enable = true;
web-server = { web-server = { port = 9001; };
port = 9001;
};
hidden-service = { hidden-service = {
hostname = "muflax65ngodyewp.onion"; hostname = "muflax65ngodyewp.onion";
private_key = "/root/keys/http.muflax.key"; private_key = "/root/keys/http.muflax.key";
@ -52,12 +61,16 @@ in
forceSSL = true; forceSSL = true;
globalRedirect = "yorickvanpelt.nl"; globalRedirect = "yorickvanpelt.nl";
}; };
"yorickvanpelt.nl".locations."/p1".return = "301 https://git.yori.cc/yorick/meterkast"; "yorickvanpelt.nl".locations."/p1".return =
"301 https://git.yori.cc/yorick/meterkast";
"grafana.yori.cc" = sslforward "http://${vpn.ips.frumar}:3000"; "grafana.yori.cc" = sslforward "http://${vpn.ips.frumar}:3000";
"ubiquiti.yori.cc" = sslforward "https://${vpn.ips.woodhouse}:8443"; "ubiquiti.yori.cc" = sslforward "https://${vpn.ips.woodhouse}:8443";
"prometheus.yori.cc" = { "prometheus.yori.cc" = {
# only over vpn # only over vpn
listen = [ { addr = "10.209.0.1"; port = 80; } ]; listen = [{
addr = "10.209.0.1";
port = 80;
}];
locations."/".proxyPass = "http://10.209.0.3:9090"; locations."/".proxyPass = "http://10.209.0.3:9090";
}; };
"pub.yori.cc".locations."/muflax/".extraConfig = '' "pub.yori.cc".locations."/muflax/".extraConfig = ''
@ -66,19 +79,20 @@ in
}; };
deployment.keyys = [ <yori-nix/keys/http.muflax.key> ]; deployment.keyys = [ <yori-nix/keys/http.muflax.key> ];
networking.firewall.allowedUDPPorts = [ 31790 ]; # wg networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
networking.wireguard.interfaces.wg-y.peers = networking.wireguard.interfaces.wg-y.peers = lib.mkForce (lib.mapAttrsToList
lib.mkForce (lib.mapAttrsToList (machine: publicKey: { (machine: publicKey: {
inherit publicKey; inherit publicKey;
allowedIPs = [ "${vpn.ips.${machine}}/32" ]; allowedIPs = [ "${vpn.ips.${machine}}/32" ];
}) vpn.keys); }) vpn.keys);
services.prometheus.exporters.wireguard = { services.prometheus.exporters.wireguard = { enable = true; };
enable = true;
};
networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9586 ]; networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9586 ];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
environment.noXlibs = true; environment.noXlibs = true;
users.users.yorick.packages = with pkgs; [ users.users.yorick.packages = with pkgs; [
python2 sshfs-fuse weechat ripgrep python2
sshfs-fuse
weechat
ripgrep
]; ];
} }

22
nixos/logical/woodhouse.nix
View File

@ -6,13 +6,22 @@ mkFuseMount = device: opts: {
device = "${pkgs.sshfsFuse}/bin/sshfs#${device}"; device = "${pkgs.sshfsFuse}/bin/sshfs#${device}";
fsType = "fuse"; fsType = "fuse";
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user" options = [
"defaults" "allow_other" "transform_symlinks" "default_permissions" "noauto"
"x-systemd.automount"
"_netdev"
"users"
"idmap=user"
"defaults"
"allow_other"
"transform_symlinks"
"default_permissions"
"uid=1000" "uid=1000"
"reconnect" "IdentityFile=/root/.ssh/id_sshfs"] ++ opts; "reconnect"
"IdentityFile=/root/.ssh/id_sshfs"
] ++ opts;
}; };
in in {
{
imports = [ imports = [
../physical/nuc.nix ../physical/nuc.nix
../roles/graphical.nix ../roles/graphical.nix
@ -40,7 +49,8 @@ in
isNormalUser = true; isNormalUser = true;
uid = 1043; uid = 1043;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
hashedPassword = "$6$hD4ESAGS8O1d$yctx6spOPZ0nt/6cgYpsWZ86UoXw3ISRpf2gbdhbl8JgDz6Psjx6JCqJ9NsMi5BHnXlgRRK/z2SVrTjHEsqQR."; hashedPassword =
"$6$hD4ESAGS8O1d$yctx6spOPZ0nt/6cgYpsWZ86UoXw3ISRpf2gbdhbl8JgDz6Psjx6JCqJ9NsMi5BHnXlgRRK/z2SVrTjHEsqQR.";
packages = with pkgs; [ plex-media-player ]; packages = with pkgs; [ plex-media-player ];
}; };
services.xserver.windowManager.i3.enable = true; services.xserver.windowManager.i3.enable = true;

82
nixos/logical/zazu.nix
View File

@ -1,10 +1,9 @@
# Edit this configuration file to define what should be installed on your system. Help is available in the configuration.nix(5) man page and in the NixOS manual (accessible by running nixos-help). # Edit this configuration file to define what should be installed on your system. Help is available in the configuration.nix(5) man page and in the NixOS manual (accessible by running nixos-help).
let sources = import ../../nix/sources.nix; in let sources = import ../../nix/sources.nix;
{ config, lib, pkgs, ... }: in { config, lib, pkgs, ... }:
{ {
imports = imports = [ # Include the results of the hardware scan.
[ # Include the results of the hardware scan.
../physical/apu2c4.nix ../physical/apu2c4.nix
#<yori-nix/roles/homeserver.nix> #<yori-nix/roles/homeserver.nix>
../roles ../roles
@ -50,10 +49,15 @@ let sources = import ../../nix/sources.nix; in
interface = "dslite1"; interface = "dslite1";
}; };
systemd.services.dslite1-netdev = { systemd.services.dslite1-netdev = {
wantedBy = [ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ]; wantedBy =
[ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ];
bindsTo = [ ]; bindsTo = [ ];
partOf = [ "network-setup.service" ]; partOf = [ "network-setup.service" ];
after = [ "network-pre.target" "network-addresses-enp1s0.service" "network-link-enp1s0.service" ]; after = [
"network-pre.target"
"network-addresses-enp1s0.service"
"network-link-enp1s0.service"
];
before = [ "network-setup.service" ]; before = [ "network-setup.service" ];
path = [ pkgs.iproute ]; path = [ pkgs.iproute ];
serviceConfig = { serviceConfig = {
@ -96,16 +100,56 @@ let sources = import ../../nix/sources.nix; in
interfaces = [ "enp2s0" ]; interfaces = [ "enp2s0" ];
enable = true; enable = true;
machines = [ machines = [
{ hostName = "amateria"; ethernetAddress = "a8:a1:59:15:8b:63"; ipAddress = "192.168.178.42"; } {
{ hostName = "blackadder"; ethernetAddress = "a8:a1:59:03:8a:75"; ipAddress = "192.168.178.33"; } hostName = "amateria";
{ hostName = "frumar"; ethernetAddress = "bc:5f:f4:e8:42:9f"; ipAddress = "192.168.178.37"; } ethernetAddress = "a8:a1:59:15:8b:63";
{ hostName = "jarvis"; ethernetAddress = "18:1d:ea:35:13:58"; ipAddress = "192.168.178.34"; } ipAddress = "192.168.178.42";
{ hostName = "jarvis-dock"; ethernetAddress = "64:4b:f0:10:05:f2"; ipAddress = "192.168.178.13"; } }
{ hostName = "printer"; ethernetAddress = "30:05:5c:44:20:a7"; ipAddress = "192.168.178.26"; } {
{ hostName = "raspberrypi"; ethernetAddress = "b8:27:eb:b9:ec:3a"; ipAddress = "192.168.178.21"; } hostName = "blackadder";
{ hostName = "smartMeter"; ethernetAddress = "5c:cf:7f:26:ca:91"; ipAddress = "192.168.178.30"; } ethernetAddress = "a8:a1:59:03:8a:75";
{ hostName = "gang-ap"; ethernetAddress = "b4:fb:e4:2d:fc:f3"; ipAddress = "192.168.178.32"; } ipAddress = "192.168.178.33";
{ hostName = "woodhouse"; ethernetAddress = "94:c6:91:15:1f:c5"; ipAddress = "192.168.178.39"; } }
{
hostName = "frumar";
ethernetAddress = "bc:5f:f4:e8:42:9f";
ipAddress = "192.168.178.37";
}
{
hostName = "jarvis";
ethernetAddress = "18:1d:ea:35:13:58";
ipAddress = "192.168.178.34";
}
{
hostName = "jarvis-dock";
ethernetAddress = "64:4b:f0:10:05:f2";
ipAddress = "192.168.178.13";
}
{
hostName = "printer";
ethernetAddress = "30:05:5c:44:20:a7";
ipAddress = "192.168.178.26";
}
{
hostName = "raspberrypi";
ethernetAddress = "b8:27:eb:b9:ec:3a";
ipAddress = "192.168.178.21";
}
{
hostName = "smartMeter";
ethernetAddress = "5c:cf:7f:26:ca:91";
ipAddress = "192.168.178.30";
}
{
hostName = "gang-ap";
ethernetAddress = "b4:fb:e4:2d:fc:f3";
ipAddress = "192.168.178.32";
}
{
hostName = "woodhouse";
ethernetAddress = "94:c6:91:15:1f:c5";
ipAddress = "192.168.178.39";
}
]; ];
extraConfig = '' extraConfig = ''
subnet 192.168.178.0 netmask 255.255.255.0 { subnet 192.168.178.0 netmask 255.255.255.0 {
@ -183,7 +227,8 @@ let sources = import ../../nix/sources.nix; in
boot.supportedFilesystems = lib.mkForce [ "ext4" ]; boot.supportedFilesystems = lib.mkForce [ "ext4" ];
boot.initrd.supportedFilesystems = lib.mkForce [ "ext4" ]; boot.initrd.supportedFilesystems = lib.mkForce [ "ext4" ];
security.polkit.enable = false; security.polkit.enable = false;
nixpkgs.overlays = [ (self: super: { nixpkgs.overlays = [
(self: super: {
dhcpcd = super.dhcpcd.overrideAttrs (o: rec { dhcpcd = super.dhcpcd.overrideAttrs (o: rec {
pname = "dhcpcd"; pname = "dhcpcd";
version = "8.1.9"; version = "8.1.9";
@ -193,5 +238,6 @@ let sources = import ../../nix/sources.nix; in
}; };
patches = [ ]; patches = [ ];
}); });
}) ]; })
];
} }

13
nixos/modules/lumi-vpn.nix
View File

@ -1,10 +1,12 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.yorick.lumi-vpn; cfg = config.yorick.lumi-vpn;
addresses = import "${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix" addresses = import
{ lib.ip4.ip = a: b: c: d: x: lib.concatStringsSep "." (map toString [ a b c d ]); }; "${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix" {
in lib.ip4.ip = a: b: c: d: x:
{ lib.concatStringsSep "." (map toString [ a b c d ]);
};
in {
options.yorick.lumi-vpn = with lib; { options.yorick.lumi-vpn = with lib; {
enable = mkEnableOption "lumi vpn"; enable = mkEnableOption "lumi vpn";
name = mkOption { name = mkOption {
@ -28,7 +30,8 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
networking.wireguard.interfaces = { networking.wireguard.interfaces = {
wg-lumi = { wg-lumi = {
privateKeyFile = "/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key"; privateKeyFile =
"/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key";
ips = [ cfg.ip ]; ips = [ cfg.ip ];
peers = [{ peers = [{
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI="; publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";

18
nixos/modules/muflax-blog.nix
View File

@ -1,6 +1,5 @@
{ cur_pkgs, config, lib, ... }: { cur_pkgs, config, lib, ... }:
let let
cfg = config.services.muflax-blog; cfg = config.services.muflax-blog;
muflax-source = builtins.fetchGit { muflax-source = builtins.fetchGit {
@ -9,20 +8,23 @@ let
url = "https://github.com/fmap/muflax65ngodyewp.onion.git"; url = "https://github.com/fmap/muflax65ngodyewp.onion.git";
}; };
nixpkgs = import (builtins.fetchTarball { nixpkgs = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz"; url =
"https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8"; sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
}) { system = builtins.currentSystem; }; }) { system = builtins.currentSystem; };
blog = lib.overrideDerivation (nixpkgs.callPackage "${muflax-source}/maintenance" {}) (default: { blog = lib.overrideDerivation
(nixpkgs.callPackage "${muflax-source}/maintenance" { }) (default: {
buildPhase = default.buildPhase + "\n" + '' buildPhase = default.buildPhase + "\n" + ''
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1${cfg.hidden-service.hostname}/g' grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1${cfg.hidden-service.hostname}/g'
''; '';
}); });
in with lib; { in with lib; {
options.services.muflax-blog = { options.services.muflax-blog = {
enable = mkOption { type = types.bool; default = false; }; enable = mkOption {
web-server = { type = types.bool;
port = mkOption { type = types.int; }; default = false;
}; };
web-server = { port = mkOption { type = types.int; }; };
hidden-service = { hidden-service = {
hostname = mkOption { type = types.str; }; hostname = mkOption { type = types.str; };
private_key = mkOption { type = types.str; }; private_key = mkOption { type = types.str; };
@ -51,7 +53,9 @@ in with lib; {
}; };
services.tor.enable = true; services.tor.enable = true;
services.tor.hiddenServices.muflax-blog.map = [{ services.tor.hiddenServices.muflax-blog.map = [{
port = 80; toPort = cfg.web-server.port; }]; port = 80;
toPort = cfg.web-server.port;
}];
services.tor.service-keys.muflax-blog = cfg.hidden-service.private_key; services.tor.service-keys.muflax-blog = cfg.hidden-service.private_key;
}; };
} }

3
nixos/modules/nginx.nix
View File

@ -8,8 +8,7 @@ sslcfg = dir: ''
add_header Strict-Transport-Security max-age=15768000; add_header Strict-Transport-Security max-age=15768000;
''; '';
in in {
{
config = lib.mkIf config.services.nginx.enable { config = lib.mkIf config.services.nginx.enable {
services.nginx = { services.nginx = {
recommendedTlsSettings = true; recommendedTlsSettings = true;

34
nixos/overlay.nix
View File

@ -1,32 +1,20 @@
let let names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ]; in pkgs: super: {
in
pkgs: super: {
yorick = (super.yorick or { }) // rec { yorick = (super.yorick or { }) // rec {
nixos = nixos = configuration: extraArgs:
configuration: extraArgs:
let let
c = import (pkgs.path + "/nixos/lib/eval-config.nix") { c = import (pkgs.path + "/nixos/lib/eval-config.nix") {
inherit (pkgs.stdenv.hostPlatform) system; inherit (pkgs.stdenv.hostPlatform) system;
inherit extraArgs; inherit extraArgs;
modules = modules =
[( [ ({ lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault pkgs; }) ]
{ lib, ... }: { ++ (if builtins.isList configuration then
config.nixpkgs.pkgs = lib.mkDefault pkgs; configuration
} else
)] ++ ( [ configuration ]);
if builtins.isList configuration
then configuration
else [configuration]
);
}; };
in in c.config.system.build // c;
c.config.system.build // c; machine = pkgs.lib.genAttrs names
machine = pkgs.lib.genAttrs names (name: nixos [ (name: nixos [ ./roles (./logical + "/${name}.nix") ] { inherit name; });
./roles
(./logical + "/${name}.nix")
] {
inherit name;
});
}; };
} }

4
nixos/packages/default.nix
View File

@ -1,3 +1 @@
[ (self: super: { [ (self: super: { yori-cc = super.callPackage ./yori-cc.nix { }; }) ]
yori-cc = super.callPackage ./yori-cc.nix {};
})]

2
nixos/packages/yori-cc.nix
View File

@ -17,7 +17,7 @@ stdenv.mkDerivation {
meta = { meta = {
description = "Yori-cc website"; description = "Yori-cc website";
homepage = https://yorickvanpelt.nl; homepage = "https://yorickvanpelt.nl";
maintainers = [ "Yorick" ]; maintainers = [ "Yorick" ];
}; };
} }

22
nixos/physical/3950x-hardware-config.nix
View File

@ -4,33 +4,31 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "rpool/root/nixos"; device = "rpool/root/nixos";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "rpool/home-enc"; device = "rpool/home-enc";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/5D0A-7902"; device = "/dev/disk/by-uuid/5D0A-7902";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/61a23e27-2cd4-4456-bcde-aec68be04239"; } [{ device = "/dev/disk/by-uuid/61a23e27-2cd4-4456-bcde-aec68be04239"; }];
];
nix.maxJobs = lib.mkDefault 32; nix.maxJobs = lib.mkDefault 32;
# High-DPI console # High-DPI console

16
nixos/physical/3950x.nix
View File

@ -1,9 +1,8 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let sources = import ../../nix/sources.nix; let sources = import ../../nix/sources.nix;
in in {
{ imports = [
imports = ./.
[ ./.
./3950x-hardware-config.nix ./3950x-hardware-config.nix
"${sources.nixos-hardware}/common/cpu/amd" "${sources.nixos-hardware}/common/cpu/amd"
]; ];
@ -27,8 +26,13 @@ in
# linkConfig.NamePolicy = "mac kernel database onboard slot path"; # linkConfig.NamePolicy = "mac kernel database onboard slot path";
# }; # };
boot.kernelParams = [ boot.kernelParams = [
"amdgpu.ppfeaturemask=0xffffffff" "amdgpu.noretry=0" "amdgpu.lockup_timeout=1000" "amdgpu.gpu_recovery=1" "amdgpu.audio=0" "amdgpu.ppfeaturemask=0xffffffff"
"amdgpu.noretry=0"
"amdgpu.lockup_timeout=1000"
"amdgpu.gpu_recovery=1"
"amdgpu.audio=0"
# thunderbolt # thunderbolt
"pcie_ports=native" "pci=assign-busses,hpbussize=0x33,realloc" "pcie_ports=native"
"pci=assign-busses,hpbussize=0x33,realloc"
]; ];
} }

10
nixos/physical/apu2c4.nix
View File

@ -4,19 +4,19 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2"; device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; } [{ device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; }];
];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
} }

4
nixos/physical/default.nix
View File

@ -1,3 +1 @@
{ { hardware.enableRedistributableFirmware = true; }
hardware.enableRedistributableFirmware = true;
}

28
nixos/physical/fractal.nix
View File

@ -1,13 +1,10 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let sources = import ../../nix/sources.nix; let sources = import ../../nix/sources.nix;
in in {
{ imports = [ ./. "${sources.nixos-hardware}/common/cpu/intel" ];
imports =
[ ./.
"${sources.nixos-hardware}/common/cpu/intel"
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules =
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub = { boot.loader.grub = {
@ -17,23 +14,20 @@ in
device = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S21PNXAG441016B"; device = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S21PNXAG441016B";
}; };
fileSystems."/" = {
fileSystems."/" = device = "/dev/disk/by-uuid/ba95c638-f243-48ee-ae81-0c70884e7e74";
{ device = "/dev/disk/by-uuid/ba95c638-f243-48ee-ae81-0c70884e7e74";
fsType = "ext4"; fsType = "ext4";
options = [ "defaults" "relatime" "discard" ]; options = [ "defaults" "relatime" "discard" ];
}; };
swapDevices = swapDevices = [{ device = "/dev/disk/by-label/nixos-swap"; }];
[ { device = "/dev/disk/by-label/nixos-swap"; } fileSystems."/data" = {
]; device = "frumar-new";
fileSystems."/data" =
{ device = "frumar-new";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/data/plexmedia" = fileSystems."/data/plexmedia" = {
{ device = "frumar-new/plexmedia"; device = "frumar-new/plexmedia";
fsType = "zfs"; fsType = "zfs";
}; };

17
nixos/physical/hetznercloud.nix
View File

@ -1,14 +1,11 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
let let ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName};
ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName}; in {
in imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.loader.grub = { boot.loader.grub = {
@ -17,8 +14,8 @@ in
device = "/dev/sda"; device = "/dev/sda";
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/sda1"; device = "/dev/sda1";
fsType = "ext4"; fsType = "ext4";
}; };

22
nixos/physical/nuc.nix
View File

@ -1,29 +1,28 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
let sources = import ../../nix/sources.nix; let sources = import ../../nix/sources.nix;
in in {
{
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
./. ./.
"${sources.nixos-hardware}/common/cpu/intel" "${sources.nixos-hardware}/common/cpu/intel"
]; ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.availableKernelModules =
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/3e148654-0ed8-4354-8159-e3499c6fa299"; device = "/dev/disk/by-uuid/3e148654-0ed8-4354-8159-e3499c6fa299";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/439E-26EA"; device = "/dev/disk/by-uuid/439E-26EA";
fsType = "vfat"; fsType = "vfat";
}; };
@ -35,7 +34,8 @@ in
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
}; };
hardware.opengl.extraPackages = with pkgs; [ hardware.opengl.extraPackages = with pkgs;
[
intel-media-driver # only available starting nixos-19.03 or the current nixos-unstable intel-media-driver # only available starting nixos-19.03 or the current nixos-unstable
]; ];
} }

14
nixos/physical/xps9360-hardware-config.nix
View File

@ -9,21 +9,21 @@
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62"; device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62";
fsType = "btrfs"; fsType = "btrfs";
}; };
boot.initrd.luks.devices."nix-crypt".device = "/dev/disk/by-uuid/320ef81d-283f-4916-ac26-ecfb0f31e549"; boot.initrd.luks.devices."nix-crypt".device =
"/dev/disk/by-uuid/320ef81d-283f-4916-ac26-ecfb0f31e549";
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/0E07-7805"; device = "/dev/disk/by-uuid/0E07-7805";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/198ddaba-a849-41de-993d-862c2d37937a"; } [{ device = "/dev/disk/by-uuid/198ddaba-a849-41de-993d-862c2d37937a"; }];
];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

3
nixos/physical/xps9360.nix
View File

@ -1,7 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let sources = import ../../nix/sources.nix; let sources = import ../../nix/sources.nix;
in in {
{
imports = [ imports = [
"${sources.nixos-hardware}/dell/xps/13-9360" "${sources.nixos-hardware}/dell/xps/13-9360"
./xps9360-hardware-config.nix ./xps9360-hardware-config.nix

40
nixos/roles/default.nix
View File

@ -1,11 +1,9 @@
let secrets = import ../secrets.nix; let secrets = import ../secrets.nix;
in in { config, pkgs, lib, name, ... }:
{ config, pkgs, lib, name, ...}:
let let
machine = name; machine = name;
vpn = import ../vpn.nix; vpn = import ../vpn.nix;
in in {
{
imports = [ imports = [
../modules/tor-hidden-service.nix ../modules/tor-hidden-service.nix
../modules/nginx.nix ../modules/nginx.nix
@ -18,7 +16,8 @@ in
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
users.mutableUsers = false; users.mutableUsers = false;
users.users.root = { users.users.root = {
openssh.authorizedKeys.keys = config.users.users.yorick.openssh.authorizedKeys.keys; openssh.authorizedKeys.keys =
config.users.users.yorick.openssh.authorizedKeys.keys;
# root password is useful from console, ssh has password logins disabled # root password is useful from console, ssh has password logins disabled
hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own
@ -48,7 +47,6 @@ in
challengeResponseAuthentication = false; challengeResponseAuthentication = false;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# v important. # v important.
cowsay # ponysay cowsay # ponysay
@ -59,16 +57,23 @@ in
#vim #vim
# system stuff # system stuff
ethtool inetutils ethtool
pciutils usbutils inetutils
/*iotop*/ powertop htop pciutils
psmisc lsof usbutils
smartmontools hdparm # iotop
powertop
htop
psmisc
lsof
smartmontools
hdparm
lm_sensors lm_sensors
ncdu ncdu
# utils # utils
file which file
which
reptyr reptyr
tmux tmux
bc bc
@ -81,9 +86,14 @@ in
atool atool
# network # network
nmap mtr bind nmap
socat netcat-openbsd mtr
lftp wget rsync bind
socat
netcat-openbsd
lftp
wget
rsync
#gitMinimal #gitMinimal
#rxvt_unicode.terminfo #rxvt_unicode.terminfo

4
nixos/roles/graphical.nix
View File

@ -45,7 +45,9 @@ in { config, lib, pkgs, ... }: {
programs.sway = { programs.sway = {
enable = true; enable = true;
extraSessionCommands = '' extraSessionCommands = ''
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])} export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${
lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])
}
''; '';
}; };
}; };

12
nixos/roles/server.nix
View File

@ -6,11 +6,15 @@
programs.mosh.enable = true; programs.mosh.enable = true;
environment.noXlibs = true; environment.noXlibs = true;
networking.firewall.logRefusedConnections = false; # Silence logging of scanners and knockers networking.firewall.logRefusedConnections =
false; # Silence logging of scanners and knockers
# TODO: upstream with noXlibs # TODO: upstream with noXlibs
# https://github.com/NixOS/nixpkgs/pull/107394 # https://github.com/NixOS/nixpkgs/pull/107394
nixpkgs.overlays = [ (self: super: { nixpkgs.overlays = [
elixir_1_8 = (self.beam.packagesWith (self.beam.interpreters.erlang_nox)).elixir_1_8; (self: super: {
elixir_1_8 =
(self.beam.packagesWith (self.beam.interpreters.erlang_nox)).elixir_1_8;
erlang = super.erlang_nox; erlang = super.erlang_nox;
}) ]; })
];
} }

26
nixos/roles/workstation.nix
View File

@ -1,20 +1,20 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
nixNetrcFile = pkgs.runCommand "nix-netrc-file" nixNetrcFile = pkgs.runCommand "nix-netrc-file" {
{ hostname = "cache.lumi.guide"; hostname = "cache.lumi.guide";
username = "lumi"; username = "lumi";
} '' } ''
cat > $out <<EOI cat > $out <<EOI
machine $hostname machine $hostname
login $username login $username
password ${builtins.readFile /home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password} password ${
builtins.readFile
/home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password
}
EOI EOI
''; '';
in in {
{ imports = [ ./graphical.nix ];
imports = [
./graphical.nix
];
users.extraUsers.yorick.extraGroups = [ "input" "wireshark" "dialout" ]; users.extraUsers.yorick.extraGroups = [ "input" "wireshark" "dialout" ];
services.printing = { services.printing = {
@ -22,7 +22,9 @@ in
drivers = [ pkgs.gutenprint pkgs.cups-dymo ]; drivers = [ pkgs.gutenprint pkgs.cups-dymo ];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
pkgs.ghostscript pkgs.yubikey-manager pkgs.glib pkgs.ghostscript
pkgs.yubikey-manager
pkgs.glib
]; ];
environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [ environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [
"${gnome-themes-extra}/share" "${gnome-themes-extra}/share"
@ -92,7 +94,6 @@ in
package = pkgs.postgresql_10; package = pkgs.postgresql_10;
}; };
# git # git
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000; boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
@ -101,10 +102,7 @@ in
services.pipewire.enable = true; services.pipewire.enable = true;
xdg.portal = { xdg.portal = {
enable = true; enable = true;
extraPortals = with pkgs; [ extraPortals = with pkgs; [ xdg-desktop-portal-wlr xdg-desktop-portal-gtk ];
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
gtkUsePortal = true; gtkUsePortal = true;
}; };
} }

BIN
nixos/secrets.nix
View File

Binary file not shown.

14
nixos/servers.nix
View File

@ -1,12 +1,14 @@
let let
sources = import ./nix/sources.nix; sources = import ./nix/sources.nix;
nixpkgs = import sources.nixpkgs { }; nixpkgs = import sources.nixpkgs { };
nixos = name: configuration: import (nixpkgs.path + "/nixos/lib/eval-config.nix") { nixos = name: configuration:
import (nixpkgs.path + "/nixos/lib/eval-config.nix") {
extraArgs = { inherit name; }; extraArgs = { inherit name; };
modules = [ ({lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault nixpkgs; }) ] ++ configuration; modules =
[ ({ lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault nixpkgs; }) ]
++ configuration;
}; };
names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ]; names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
in in nixpkgs.lib.genAttrs names (name:
nixpkgs.lib.genAttrs names (name: (let os = (let os = nixos name [ ./roles (./logical + "/${name}.nix") ];
nixos name [ ./roles (./logical + "/${name}.nix") ]; in in os.config.system.build.toplevel // os))
os.config.system.build.toplevel // os))

3
nixos/services/backup.nix
View File

@ -1,5 +1,4 @@
{ name, ... }: { name, ... }: {
{
deployment.keyys = [ deployment.keyys = [
(../keys + "/${name}_borg_repo.key") (../keys + "/${name}_borg_repo.key")
(../keys + "/${name}_borg_ssh.key") (../keys + "/${name}_borg_ssh.key")

9
nixos/services/default.nix
View File

@ -1,8 +1 @@
{ { imports = [ ./git.nix ./muflax-church.nix ./pub.nix ./website.nix ]; }
imports = [
./git.nix
./muflax-church.nix
./pub.nix
./website.nix
];
}

10
nixos/services/email.nix
View File

@ -1,11 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let sources = import ../../nix/sources.nix;
sources = import ../../nix/sources.nix; in {
in imports = [ ("${sources.nixos-mailserver}") ];
{
imports = [
("${sources.nixos-mailserver}")
];
mailserver = rec { mailserver = rec {
enable = true; enable = true;

10
nixos/services/git.nix
View File

@ -3,8 +3,7 @@
let let
cfg = config.services.yorick.git; cfg = config.services.yorick.git;
inherit (cfg) vhost; inherit (cfg) vhost;
in in {
{
options.services.yorick.git = with lib; { options.services.yorick.git = with lib; {
enable = mkEnableOption "git"; enable = mkEnableOption "git";
vhost = mkOption { type = types.str; }; vhost = mkOption { type = types.str; };
@ -12,7 +11,9 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.extraUsers.git = { users.extraUsers.git = {
createHome = true; createHome = true;
home = config.services.gitea.stateDir; extraGroups = [ "git" ]; useDefaultShell = true; home = config.services.gitea.stateDir;
extraGroups = [ "git" ];
useDefaultShell = true;
}; };
services.gitea = { services.gitea = {
enable = true; enable = true;
@ -42,7 +43,8 @@ in
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.gitea.httpPort}"; proxyPass =
"http://127.0.0.1:${toString config.services.gitea.httpPort}";
extraConfig = '' extraConfig = ''
proxy_buffering off; proxy_buffering off;
''; '';

24
nixos/services/muflax-church.nix
View File

@ -7,10 +7,13 @@ let
url = "https://github.com/fmap/muflax65ngodyewp.onion.git"; url = "https://github.com/fmap/muflax65ngodyewp.onion.git";
}; };
nixpkgs = import (builtins.fetchTarball { nixpkgs = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz"; url =
"https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8"; sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
}) { system = builtins.currentSystem; }; }) { system = builtins.currentSystem; };
muflax-church = (nixpkgs.callPackage "${muflax-source}/maintenance" {}).overrideDerivation (default: { muflax-church =
(nixpkgs.callPackage "${muflax-source}/maintenance" { }).overrideDerivation
(default: {
buildPhase = default.buildPhase + "\n" + '' buildPhase = default.buildPhase + "\n" + ''
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1muflax.church/g;s/http:\/\/\([^@]*\)muflax.church/https:\/\/\1muflax.church/g' grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1muflax.church/g;s/http:\/\/\([^@]*\)muflax.church/https:\/\/\1muflax.church/g'
''; '';
@ -23,9 +26,12 @@ nixpkgs = import (builtins.fetchTarball {
"gospel.${vhost}" = "${muflax-church}/gospel"; "gospel.${vhost}" = "${muflax-church}/gospel";
"alt.${vhost}" = "/home/public/public/muflax"; "alt.${vhost}" = "/home/public/public/muflax";
}; };
m = x: root: { forceSSL = true; useACMEHost = vhost; inherit root; }; m = x: root: {
in forceSSL = true;
{ useACMEHost = vhost;
inherit root;
};
in {
options.services.yorick.muflax-church = with lib; { options.services.yorick.muflax-church = with lib; {
enable = mkEnableOption "muflax.church"; enable = mkEnableOption "muflax.church";
vhost = mkOption { type = types.str; }; vhost = mkOption { type = types.str; };
@ -42,11 +48,7 @@ in
"gospel.${vhost}" = m "${muflax-church}/gospel"; "gospel.${vhost}" = m "${muflax-church}/gospel";
"alt.${vhost}" = m "/home/public/public/muflax"; "alt.${vhost}" = m "/home/public/public/muflax";
} // (lib.mapAttrs m addrs); } // (lib.mapAttrs m addrs);
security.acme.certs.${vhost}.extraDomainNames = [ security.acme.certs.${vhost}.extraDomainNames =
"daily.${vhost}" [ "daily.${vhost}" "blog.${vhost}" "gospel.${vhost}" "alt.${vhost}" ];
"blog.${vhost}"
"gospel.${vhost}"
"alt.${vhost}"
];
}; };
} }

4
nixos/services/pub.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let cfg = config.services.yorick.public; in let cfg = config.services.yorick.public;
{ in {
options.services.yorick.public = { options.services.yorick.public = {
enable = lib.mkEnableOption "public hosting"; enable = lib.mkEnableOption "public hosting";
vhost = lib.mkOption { type = lib.types.str; }; vhost = lib.mkOption { type = lib.types.str; };

6
nixos/services/torrent-wg.nix
View File

@ -1,8 +1,6 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
let let cfg = config.services.yorick.torrent-vpn;
cfg = config.services.yorick.torrent-vpn; in {
in
{
options.services.yorick.torrent-vpn = with lib; { options.services.yorick.torrent-vpn = with lib; {
enable = mkEnableOption "torrent-vpn"; enable = mkEnableOption "torrent-vpn";
name = mkOption { type = types.str; }; name = mkOption { type = types.str; };

17
nixos/services/website.nix
View File

@ -3,18 +3,23 @@
let let
yoricc = pkgs.callPackage ../packages/yori-cc.nix { }; yoricc = pkgs.callPackage ../packages/yori-cc.nix { };
cfg = config.services.yorick.website; cfg = config.services.yorick.website;
in in with lib; {
with lib;
{
options.services.yorick = { options.services.yorick = {
website = { website = {
enable = mkEnableOption "yoricc website"; enable = mkEnableOption "yoricc website";
vhost = mkOption { type = types.str; }; vhost = mkOption { type = types.str; };
pkg = mkOption { type = types.package; default = yoricc; }; pkg = mkOption {
type = types.package;
default = yoricc;
}; };
redirect = mkOption { type = types.loaOf types.str; default = []; };
}; };
config.services.nginx.virtualHosts = with cfg; mkIf enable { redirect = mkOption {
type = types.loaOf types.str;
default = [ ];
};
};
config.services.nginx.virtualHosts = with cfg;
mkIf enable {
${vhost} = { ${vhost} = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;

8
nixos/sshkeys.nix
View File

@ -1,4 +1,8 @@
{ {
public = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZv+hBDmjxF8h9Gxwvy0o7sMgOsqwp8pVj9AlpG90Y7agvkOm2IGtFueVfiDe0yWPXT0/EIiVWcPhWwcVkbY/BkypPJSMLnlcQ6ld+aO1g+BtdDaVuxcTSvQ77UCT2p+wftxoq1EiUdlhTsXpPucrBd+5NOde+jlPBE4qChIAf2zhOIByJAGT+M4Ie3eV4p5S9LB9CMI4s32gNUBbSA8UDmkjpBXkf9a1TZzdkOGWUmUFXt53/O8LZlGK9kkA5TsjM2xaxDjCLWf5wEcey4JsEggi1prE4aB68Q7+kdbvDiVSEFyZn0A/A9RXHBRAgW8yPdh+EGC56iDW/wkGxWBY5"; public =
yorick = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo1N5E6qkb3McJOvv0PqI7E8iYLAcjil5RWc+zeTtN/" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFQm2OJ8PlnDHfI7FV3hddXP0t2jgKAiCnnuWIc+LK4dnyGmlC/ihIe9KhSENZEnzVAXnYAMOoOvpkVa5p0Itf1n0anCK3k2vDq0Jz9nY3ZXmkSHE09QGCpSG8kU6j+zWJPo2jWYNtxYMRmmHAuzzOdlPY9Q199PEvHVaqzpSVhIdhqhEcmap8oqHW6KbJu+17nLGGQB5XiTB1SlTxbg62copA9KMcvQzNGIooKs5QyrU/B0g05EfbogH7xOLbwYAK676DTUBEcKpEUYFMMv+DBcU4cH2EI6UTLxI5ohrS1pxk20zu5nTRMlQRUETpWN4EbEPfOzF8FW1YOwdttfCas8D6Y6t9gA4o8GpylBG9AElVw7VyOFeBR+AtchormH+wH6nZEvzs6wg2d84I8xo5qYGUJIQS7OYxypjlY01IFCCa/7rjzXGDmdWAP/UEu85ys9FSryn9Ey5DXDQOqhMHguOwQDUyaArWyRCCBzKbx6cPZw2D9bLfDxbnaC2/5dVyxHJXoWmwneX2E/UT5QwtG1nyLShIZhYgO9lfDpO61Mz9Jjap3sj6mJPxHZc5SGye0j47xV6kX4vbSgfoSHHnasaI3fR2ZBS7tnfq1ebxXqFFSPHK6uHjLgDHtkMisvjOVZnybuXB296pjv6K1o2G3qlUnImOqfxZxvuy4Xl/mw== cardno:000607186578"]; "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZv+hBDmjxF8h9Gxwvy0o7sMgOsqwp8pVj9AlpG90Y7agvkOm2IGtFueVfiDe0yWPXT0/EIiVWcPhWwcVkbY/BkypPJSMLnlcQ6ld+aO1g+BtdDaVuxcTSvQ77UCT2p+wftxoq1EiUdlhTsXpPucrBd+5NOde+jlPBE4qChIAf2zhOIByJAGT+M4Ie3eV4p5S9LB9CMI4s32gNUBbSA8UDmkjpBXkf9a1TZzdkOGWUmUFXt53/O8LZlGK9kkA5TsjM2xaxDjCLWf5wEcey4JsEggi1prE4aB68Q7+kdbvDiVSEFyZn0A/A9RXHBRAgW8yPdh+EGC56iDW/wkGxWBY5";
yorick = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo1N5E6qkb3McJOvv0PqI7E8iYLAcjil5RWc+zeTtN/"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFQm2OJ8PlnDHfI7FV3hddXP0t2jgKAiCnnuWIc+LK4dnyGmlC/ihIe9KhSENZEnzVAXnYAMOoOvpkVa5p0Itf1n0anCK3k2vDq0Jz9nY3ZXmkSHE09QGCpSG8kU6j+zWJPo2jWYNtxYMRmmHAuzzOdlPY9Q199PEvHVaqzpSVhIdhqhEcmap8oqHW6KbJu+17nLGGQB5XiTB1SlTxbg62copA9KMcvQzNGIooKs5QyrU/B0g05EfbogH7xOLbwYAK676DTUBEcKpEUYFMMv+DBcU4cH2EI6UTLxI5ohrS1pxk20zu5nTRMlQRUETpWN4EbEPfOzF8FW1YOwdttfCas8D6Y6t9gA4o8GpylBG9AElVw7VyOFeBR+AtchormH+wH6nZEvzs6wg2d84I8xo5qYGUJIQS7OYxypjlY01IFCCa/7rjzXGDmdWAP/UEu85ys9FSryn9Ey5DXDQOqhMHguOwQDUyaArWyRCCBzKbx6cPZw2D9bLfDxbnaC2/5dVyxHJXoWmwneX2E/UT5QwtG1nyLShIZhYgO9lfDpO61Mz9Jjap3sj6mJPxHZc5SGye0j47xV6kX4vbSgfoSHHnasaI3fR2ZBS7tnfq1ebxXqFFSPHK6uHjLgDHtkMisvjOVZnybuXB296pjv6K1o2G3qlUnImOqfxZxvuy4Xl/mw== cardno:000607186578"
];
} }

4
overlay.nix
View File

@ -1,5 +1,5 @@
let sources = import ./nix/sources.nix; in let sources = import ./nix/sources.nix;
pkgs: super: { in pkgs: super: {
yorick = super.yorick // rec { yorick = super.yorick // rec {
home = { check ? true, newsReadIdsFile ? null }: home = { check ? true, newsReadIdsFile ? null }:
import "${sources.home-manager}/home-manager/home-manager.nix" { import "${sources.home-manager}/home-manager/home-manager.nix" {