auto-flake-update
Yorick van Pelt 2021-05-29 18:05:31 +02:00
parent 65b73fabf7
commit a688758401
Signed by: yorick
GPG Key ID: D8D3CC6D951384DE
47 changed files with 957 additions and 758 deletions

View File

@ -1,18 +1,21 @@
{ pkgs ? import <nixpkgs> {} }:
{ pkgs ? import <nixpkgs> { } }:
#{ writeScript ? pkgs.writeScript, lib ? pkgs.lib, stdenv ? pkgs.stdenv }:
with pkgs;
let
compileShell = src: buildInputs: name: stdenv.mkDerivation {
inherit name src;
buildInputs = buildInputs ++ [makeWrapper];
unpackPhase = "true";
installPhase = ''mkdir -p $out/bin && cp $src $out/bin/${name}
wrapProgram $out/bin/${name} --suffix PATH : ${lib.makeSearchPath "bin" buildInputs}
'';
};
compileShell = src: buildInputs: name:
stdenv.mkDerivation {
inherit name src;
buildInputs = buildInputs ++ [ makeWrapper ];
unpackPhase = "true";
installPhase = ''
mkdir -p $out/bin && cp $src $out/bin/${name}
wrapProgram $out/bin/${name} --suffix PATH : ${
lib.makeSearchPath "bin" buildInputs
}
'';
};
in lib.mapAttrs (k: f: f k) {
backup = compileShell ./backup.sh
(with pkgs; [utillinux duplicity]);
screenshot_public = compileShell ./screenshot_public.sh
(with pkgs; [scrot xclip rsync]);
backup = compileShell ./backup.sh (with pkgs; [ utillinux duplicity ]);
screenshot_public =
compileShell ./screenshot_public.sh (with pkgs; [ scrot xclip rsync ]);
}

View File

@ -1,17 +1,16 @@
let sources = import ./nix/sources.nix;
in
{
allowUnfree = true;
overlays = [
(import sources.nixpkgs-wayland)
(import sources.nixpkgs-mozilla)
(import sources.emacs-overlay)
(import ./nixos/overlay.nix)
(import ./nix/.config/nixpkgs/overlays/01-backports.nix)
(import ./nix/.config/nixpkgs/overlays/02-extrapkgs.nix)
(import ./nix/.config/nixpkgs/overlays/03-customizations.nix)
(import ./nix/.config/nixpkgs/overlays/04-combine.nix)
(import ./nix/.config/nixpkgs/overlays/05-envs.nix)
(import ./overlay.nix)
];
}
in {
allowUnfree = true;
overlays = [
(import sources.nixpkgs-wayland)
(import sources.nixpkgs-mozilla)
(import sources.emacs-overlay)
(import ./nixos/overlay.nix)
(import ./nix/.config/nixpkgs/overlays/01-backports.nix)
(import ./nix/.config/nixpkgs/overlays/02-extrapkgs.nix)
(import ./nix/.config/nixpkgs/overlays/03-customizations.nix)
(import ./nix/.config/nixpkgs/overlays/04-combine.nix)
(import ./nix/.config/nixpkgs/overlays/05-envs.nix)
(import ./overlay.nix)
];
}

View File

@ -1,3 +1,2 @@
let sources = import ./nix/sources.nix;
in
import sources.nixpkgs (import ./config.nix)
in import sources.nixpkgs (import ./config.nix)

View File

@ -1,3 +1 @@
let pkgs = import ../.;
in
pkgs.yorick.home
let pkgs = import ../.; in pkgs.yorick.home

View File

@ -1,18 +1,17 @@
{ lib, config, options, pkgs, ... }:
let
bin = pkgs.callPackage /home/yorick/dotfiles/bin {};
dpi = 109;
font = {
__toString = self: "${self.name} ${self.size}";
name = "DejaVu Sans Mono";
bin = pkgs.callPackage /home/yorick/dotfiles/bin { };
dpi = 109;
font = {
__toString = self: "${self.name} ${self.size}";
name = "DejaVu Sans Mono";
size = "11";
};
y-firefox = pkgs.wrapFirefox pkgs.latest.firefox-beta-bin.unwrapped {
forceWayland = true;
browserName = "firefox";
};
in
{
in {
imports = [ ./arbtt.nix ./libinput-gestures.nix ];
nixpkgs = {
config.allowUnfree = true;
@ -36,41 +35,71 @@ in
emacs = {
enable = true;
package = pkgs.emacsPgtkGcc;
extraPackages = _: let
epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc;
in (with epkgs.melpaPackages; [ reason-mode evil counsel ivy ivy-hydra swiper magit forge avy ]) ++ (with epkgs.melpaPackages; [
epkgs.undo-tree
epkgs.notmuch epkgs.rust-mode
company
projectile counsel-projectile
ggtags use-package org-bullets solarized-theme
evil-leader evil-surround #evil-magit
epkgs.evil-goggles epkgs.ox-mediawiki
nix-buffer which-key git-gutter-fringe
all-the-icons epkgs.org-cliplink
pandoc-mode markdown-mode interleave
org-ref haskell-mode request #intero
weechat s elixir-mode htmlize
linum-relative terraform-mode
direnv vue-mode solarized-theme
#wlrctl
(epkgs.melpaBuild {
pname = "nix-mode";
version = "1.4.0";
packageRequires = [ json-mode epkgs.mmm-mode company ];
recipe = pkgs.writeText "recipe" ''
(nix-mode
:repo "nixos/nix-mode" :fetcher github
:files ("nix*.el"))
'';
src = pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nix-mode";
rev = "ddf091708b9069f1fe0979a7be4e719445eed918";
sha256 = "0s8ljr4d7kys2xqrhkvj75l7babvk60kxgy4vmyqfwj6xmcxi3ad";
};
})
]);
extraPackages = _:
let epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc;
in (with epkgs.melpaPackages; [
reason-mode
evil
counsel
ivy
ivy-hydra
swiper
magit
forge
avy
]) ++ (with epkgs.melpaPackages; [
epkgs.undo-tree
epkgs.notmuch
epkgs.rust-mode
company
projectile
counsel-projectile
ggtags
use-package
org-bullets
solarized-theme
evil-leader
evil-surround # evil-magit
epkgs.evil-goggles
epkgs.ox-mediawiki
nix-buffer
which-key
git-gutter-fringe
all-the-icons
epkgs.org-cliplink
pandoc-mode
markdown-mode
interleave
org-ref
haskell-mode
request # intero
weechat
s
elixir-mode
htmlize
linum-relative
terraform-mode
direnv
vue-mode
solarized-theme
#wlrctl
(epkgs.melpaBuild {
pname = "nix-mode";
version = "1.4.0";
packageRequires = [ json-mode epkgs.mmm-mode company ];
recipe = pkgs.writeText "recipe" ''
(nix-mode
:repo "nixos/nix-mode" :fetcher github
:files ("nix*.el"))
'';
src = pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nix-mode";
rev = "ddf091708b9069f1fe0979a7be4e719445eed918";
sha256 = "0s8ljr4d7kys2xqrhkvj75l7babvk60kxgy4vmyqfwj6xmcxi3ad";
};
})
]);
};
git = {
enable = true;
@ -81,9 +110,11 @@ in
extraConfig.help.autocorrect = 5;
extraConfig.push.default = "simple";
extraConfig.pull.ff = "only";
extraConfig."includeIf \"gitdir:~/serokell/\"".path = "~/serokell/.gitconfig";
extraConfig."includeIf \"gitdir:~/serokell/\"".path =
"~/serokell/.gitconfig";
aliases = {
lg = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
lg =
"log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
st = "status";
remotes = "remote -v";
branches = "branch -a";
@ -92,7 +123,8 @@ in
unstage = "reset -q HEAD --";
discard = "checkout --";
uncommit = "reset --mixed HEAD~";
graph = "log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order ";
graph =
"log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order ";
dad = "!curl https://icanhazdadjoke.com/ && git add";
};
};
@ -108,19 +140,50 @@ in
identityFile = "~/.ssh/id_rsa_pub";
identitiesOnly = true;
};
phassa = { hostname = "karpenoktem.nl"; port = 33933; };
phassa = {
hostname = "karpenoktem.nl";
port = 33933;
};
"jupiter.serokell.io" = jupiter;
jupiter = { hostname = "jupiter.serokell.io"; port = 17788; };
athena = { hostname = "athena.lumi.guide"; user = "yorick.van.pelt"; };
rpibuild3 = { hostname = "10.110.0.3"; user = "yorick.van.pelt"; port = 4222; };
styx = { hostname = "10.110.0.1"; user = "yorick.van.pelt"; port = 2233; };
"*.lumi.guide" = {
jupiter = {
hostname = "jupiter.serokell.io";
port = 17788;
};
athena = {
hostname = "athena.lumi.guide";
user = "yorick.van.pelt";
};
nyx = { hostname = "nyx.lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
zeus = { hostname = "zeus.lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
ponos = { hostname = "ponos.lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
medusa = { hostname = "lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
rpibuild3 = {
hostname = "10.110.0.3";
user = "yorick.van.pelt";
port = 4222;
};
styx = {
hostname = "10.110.0.1";
user = "yorick.van.pelt";
port = 2233;
};
"*.lumi.guide" = { user = "yorick.van.pelt"; };
nyx = {
hostname = "nyx.lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
zeus = {
hostname = "zeus.lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
ponos = {
hostname = "ponos.lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
medusa = {
hostname = "lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
# signs
"10.108.0.*" = {
user = "yorick.van.pelt";
@ -164,21 +227,21 @@ in
shellAliases = {
l = "ls";
ls = "exa";
nr = "nix repl \"<nixpkgs>\"";
nr = ''nix repl "<nixpkgs>"'';
nsp = "nix-shell -p";
};
interactiveShellInit = ''
function fuck -d "Correct your previous console command"
set -l fucked_up_command $history[1]
env TF_SHELL=fish TF_ALIAS=fuck PYTHONIOENCODING=utf-8 thefuck $fucked_up_command THEFUCK_ARGUMENT_PLACEHOLDER $argv | read -l unfucked_command
if [ "$unfucked_command" != "" ]
eval $unfucked_command
builtin history delete --exact --case-sensitive -- $fucked_up_command
builtin history merge ^ /dev/null
end
end
starship init fish | source
source ~/dotfiles/nr.fish
function fuck -d "Correct your previous console command"
set -l fucked_up_command $history[1]
env TF_SHELL=fish TF_ALIAS=fuck PYTHONIOENCODING=utf-8 thefuck $fucked_up_command THEFUCK_ARGUMENT_PLACEHOLDER $argv | read -l unfucked_command
if [ "$unfucked_command" != "" ]
eval $unfucked_command
builtin history delete --exact --case-sensitive -- $fucked_up_command
builtin history merge ^ /dev/null
end
end
starship init fish | source
source ~/dotfiles/nr.fish
'';
promptInit = "set fish_greeting";
};
@ -186,52 +249,52 @@ in
enable = true;
historyControl = [ "erasedups" "ignoredups" "ignorespace" ];
shellAliases = {
nr = "nix repl \"<nixpkgs>\"";
nr = ''nix repl "<nixpkgs>"'';
nsp = "nix-shell -p";
};
initExtra = ''
#eval $(thefuck --alias)
function fuck () {
TF_PYTHONIOENCODING=$PYTHONIOENCODING;
export TF_SHELL=bash;
export TF_ALIAS=fuck;
export TF_SHELL_ALIASES=$(alias);
export TF_HISTORY=$(fc -ln -10);
export PYTHONIOENCODING=utf-8;
TF_CMD=$(
thefuck THEFUCK_ARGUMENT_PLACEHOLDER $@
) && eval $TF_CMD;
unset TF_HISTORY;
export PYTHONIOENCODING=$TF_PYTHONIOENCODING;
history -s $TF_CMD;
}
# This script was automatically generated by the broot function
# More information can be found in https://github.com/Canop/broot
# This function starts broot and executes the command
# it produces, if any.
# It's needed because some shell commands, like `cd`,
# have no useful effect if executed in a subshell.
function br {
f=$(mktemp)
(
set +e
broot --outcmd "$f" "$@"
code=$?
if [ "$code" != 0 ]; then
rm -f "$f"
exit "$code"
fi
)
code=$?
if [ "$code" != 0 ]; then
return "$code"
fi
d=$(<"$f")
rm -f "$f"
eval "$d"
}
eval "$(starship init bash)"
'';
#eval $(thefuck --alias)
function fuck () {
TF_PYTHONIOENCODING=$PYTHONIOENCODING;
export TF_SHELL=bash;
export TF_ALIAS=fuck;
export TF_SHELL_ALIASES=$(alias);
export TF_HISTORY=$(fc -ln -10);
export PYTHONIOENCODING=utf-8;
TF_CMD=$(
thefuck THEFUCK_ARGUMENT_PLACEHOLDER $@
) && eval $TF_CMD;
unset TF_HISTORY;
export PYTHONIOENCODING=$TF_PYTHONIOENCODING;
history -s $TF_CMD;
}
# This script was automatically generated by the broot function
# More information can be found in https://github.com/Canop/broot
# This function starts broot and executes the command
# it produces, if any.
# It's needed because some shell commands, like `cd`,
# have no useful effect if executed in a subshell.
function br {
f=$(mktemp)
(
set +e
broot --outcmd "$f" "$@"
code=$?
if [ "$code" != 0 ]; then
rm -f "$f"
exit "$code"
fi
)
code=$?
if [ "$code" != 0 ]; then
return "$code"
fi
d=$(<"$f")
rm -f "$f"
eval "$d"
}
eval "$(starship init bash)"
'';
};
};
xresources.properties = {
@ -249,12 +312,18 @@ eval "$(starship init bash)"
# rev = "025ceddbddf55f2eb4ab40b05889148aab9699fc";
# sha256 = "0lxv37gmh38y9d3l8nbnsm1mskcv10g3i83j0kac0a2qmypv1k9f";
# } + "/Xresources.dark");
home.file.".emacs.d/init.el" = { source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el); };
home.file.".emacs.d/init.el" = {
source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el);
};
xdg.configFile."streamlink/config".text = ''
player = mpv --cache 2048
default-stream = best
'';
xdg.configFile."waybar" = { source = ./waybar; recursive = true; onChange = "systemctl --user restart waybar"; };
xdg.configFile."waybar" = {
source = ./waybar;
recursive = true;
onChange = "systemctl --user restart waybar";
};
programs.mako.enable = true;
services = {
lorri.enable = true;
@ -290,46 +359,55 @@ eval "$(starship init bash)"
fonts = [ (toString font) ];
window.border = 2;
floating.modifier = "Mod4";
keybindings = with pkgs; (builtins.head (builtins.head options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default //
(let exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}"; mod = "Mod4"; in
{
"${mod}+Shift+c" = "kill";
"${mod}+j" = "focus left";
"${mod}+k" = "focus right";
"${mod}+d" = "layout toggle split";
"${mod}+i" = "exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh";
#"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session";
"${mod}+ctrl+l" = "exec --no-startup-id sleep 1s && pkill -USR1 swayidle";
"${mod}+Return" = "exec alacritty";
"${mod}+Escape" = "workspace back_and_forth";
"${mod}+0" = "workspace 10";
"${mod}+Shift+0" = "move container to workspace 10";
"${mod}+Shift+Left" = "move left";
"${mod}+Shift+Right" = "move right";
"${mod}+Shift+Up" = "move up";
"${mod}+Shift+Down" = "move down";
"${mod}+Ctrl+Right" = "move workspace to output right";
"${mod}+Ctrl+Left" = "move workspace to output left";
"${mod}+Ctrl+Up" = "move workspace to output up";
"${mod}+Ctrl+Down" = "move workspace to output down";
"XF86MonBrightnessUp" = exec light "light -A 5";
"XF86MonBrightnessDown" = exec light "light -U 5";
"ctrl+XF86MonBrightnessUp" = exec light "light -A 1";
"ctrl+XF86MonBrightnessDown" = exec light "light -U 1";
"XF86AudioLowerVolume" = exec alsaUtils "amixer set Master 1%-";
"XF86AudioRaiseVolume" = exec alsaUtils "amixer set Master 1%+";
"XF86AudioMute" = exec alsaUtils "amixer set Master toggle";
"${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public";
"Print" = exec bin.screenshot_public "screenshot_public";
"${mod}+Shift+t" = "exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh";
"--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh";
"${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh";
#"${mod}+p" = exec rofi-pass "rofi-pass";
"${mod}+e" = exec pkgs.wldash "wldash start-or-kill";
"--locked ${mod}+bracketleft" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0";
"--locked ${mod}+bracketright" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1";
});
keybindings = with pkgs;
(builtins.head (builtins.head
options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default
// (let
exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}";
mod = "Mod4";
in {
"${mod}+Shift+c" = "kill";
"${mod}+j" = "focus left";
"${mod}+k" = "focus right";
"${mod}+d" = "layout toggle split";
"${mod}+i" =
"exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh";
#"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session";
"${mod}+ctrl+l" =
"exec --no-startup-id sleep 1s && pkill -USR1 swayidle";
"${mod}+Return" = "exec alacritty";
"${mod}+Escape" = "workspace back_and_forth";
"${mod}+0" = "workspace 10";
"${mod}+Shift+0" = "move container to workspace 10";
"${mod}+Shift+Left" = "move left";
"${mod}+Shift+Right" = "move right";
"${mod}+Shift+Up" = "move up";
"${mod}+Shift+Down" = "move down";
"${mod}+Ctrl+Right" = "move workspace to output right";
"${mod}+Ctrl+Left" = "move workspace to output left";
"${mod}+Ctrl+Up" = "move workspace to output up";
"${mod}+Ctrl+Down" = "move workspace to output down";
"XF86MonBrightnessUp" = exec light "light -A 5";
"XF86MonBrightnessDown" = exec light "light -U 5";
"ctrl+XF86MonBrightnessUp" = exec light "light -A 1";
"ctrl+XF86MonBrightnessDown" = exec light "light -U 1";
"XF86AudioLowerVolume" = exec alsaUtils "amixer set Master 1%-";
"XF86AudioRaiseVolume" = exec alsaUtils "amixer set Master 1%+";
"XF86AudioMute" = exec alsaUtils "amixer set Master toggle";
"${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public";
"Print" = exec bin.screenshot_public "screenshot_public";
"${mod}+Shift+t" =
"exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh";
"--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh";
"${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh";
#"${mod}+p" = exec rofi-pass "rofi-pass";
"${mod}+e" = exec pkgs.wldash "wldash start-or-kill";
"--locked ${mod}+bracketleft" =
"exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0";
"--locked ${mod}+bracketright" =
"exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1";
});
};
systemdIntegration = true;
extraConfig = ''
@ -370,33 +448,63 @@ eval "$(starship init bash)"
EDITOR = "emacsclient";
#GDK_BACKEND = "wayland";
TERMINAL = "alacritty";
QT_WAYLAND_DISABLE_WINDOWDECORATION="1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_QPA_PLATFORM = "wayland";
_JAVA_AWT_WM_NONREPARENTING = "1";
XCURSOR_THEME = "Adwaita";
XCURSOR_PATH = "${pkgs.gnome3.adwaita-icon-theme}/share/icons";
XDG_CURRENT_DESKTOP = "sway";
XDG_CURRENT_DESKTOP = "sway";
};
home.packages = with pkgs.envs; [
apps code de games pdf media misc scripts coins js
] ++ (with pkgs; [
github-cli libreoffice nix-tree virt-manager watchman
gnome3.gcr.out #alacritty
waybar slurp grim wl-clipboard
wldash gebaar-libinput
notmuch gmailieer afew
swaybg swayidle
swaylock broot starship
fd htop kcachegrind lm_sensors niv
nixfmt linuxPackages.perf pssh slack smartmontools vim waypipe xdg_utils
nix-top nix-diff
ltrace asciinema cargo minecraft
unzip
exa obs-studio-dmabuf obs-wlrobs
zoom-us
cachix eagle
y-firefox
]); # qtwayland
home.packages = with pkgs.envs;
[ apps code de games pdf media misc scripts coins js ] ++ (with pkgs; [
github-cli
libreoffice
nix-tree
virt-manager
watchman
gnome3.gcr.out # alacritty
waybar
slurp
grim
wl-clipboard
wldash
gebaar-libinput
notmuch
gmailieer
afew
swaybg
swayidle
swaylock
broot
starship
fd
htop
kcachegrind
lm_sensors
niv
nixfmt
linuxPackages.perf
pssh
slack
smartmontools
vim
waypipe
xdg_utils
nix-top
nix-diff
ltrace
asciinema
cargo
minecraft
unzip
exa
obs-studio-dmabuf
obs-wlrobs
zoom-us
cachix
eagle
y-firefox
]); # qtwayland
# programs.firefox = {
# enable = true;
# package = pkgs.wrapFirefox pkgs.firefox-unwrapped {
@ -409,11 +517,9 @@ eval "$(starship init bash)"
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Install = { WantedBy = [ "graphical-session.target" ]; };
Service = {
ExecStart = ''
${pkgs.waybar}/bin/waybar
@ -448,11 +554,9 @@ eval "$(starship init bash)"
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Install = { WantedBy = [ "graphical-session.target" ]; };
Service = {
ExecStart = ''
${pkgs.gebaar-libinput}/bin/gebaard

View File

@ -1,4 +1,2 @@
let
sources = import /home/yorick/dotfiles/nix/sources.nix;
in
import sources.nixpkgs (import ./config.nix)
let sources = import /home/yorick/dotfiles/nix/sources.nix;
in import sources.nixpkgs (import ./config.nix)

View File

@ -7,42 +7,59 @@ let
#
fetch_file = pkgs: name: spec:
let
name' = sanitizeName name + "-src";
in
if spec.builtin or true then
builtins_fetchurl { inherit (spec) url sha256; name = name'; }
else
pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
let name' = sanitizeName name + "-src";
in if spec.builtin or true then
builtins_fetchurl {
inherit (spec) url sha256;
name = name';
}
else
pkgs.fetchurl {
inherit (spec) url sha256;
name = name';
};
fetch_tarball = pkgs: name: spec:
let
name' = sanitizeName name + "-src";
in
if spec.builtin or true then
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
else
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
let name' = sanitizeName name + "-src";
in if spec.builtin or true then
builtins_fetchTarball {
name = name';
inherit (spec) url sha256;
}
else
pkgs.fetchzip {
name = name';
inherit (spec) url sha256;
};
fetch_git = name: spec:
let
ref =
if spec ? ref then spec.ref else
if spec ? branch then "refs/heads/${spec.branch}" else
if spec ? tag then "refs/tags/${spec.tag}" else
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
in
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
ref = if spec ? ref then
spec.ref
else if spec ? branch then
"refs/heads/${spec.branch}"
else if spec ? tag then
"refs/tags/${spec.tag}"
else
abort
"In git source '${name}': Please specify `ref`, `tag` or `branch`!";
in builtins.fetchGit {
url = spec.repo;
inherit (spec) rev;
inherit ref;
};
fetch_local = spec: spec.path;
fetch_builtin-tarball = name: throw
''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=tarball -a builtin=true'';
fetch_builtin-tarball = name:
throw ''
[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=tarball -a builtin=true'';
fetch_builtin-url = name: throw
''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=file -a builtin=true'';
fetch_builtin-url = name:
throw ''
[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=file -a builtin=true'';
#
# Various helpers
@ -50,72 +67,87 @@ let
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
sanitizeName = name:
(
concatMapStrings (s: if builtins.isList s then "-" else s)
(
builtins.split "[^[:alnum:]+._?=-]+"
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
)
);
(concatMapStrings (s: if builtins.isList s then "-" else s)
(builtins.split "[^[:alnum:]+._?=-]+"
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)));
# The set of packages used when specs are fetched using non-builtins.
mkPkgs = sources: system:
let
sourcesNixpkgs =
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; };
sourcesNixpkgs = import
(builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {
inherit system;
};
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in
if builtins.hasAttr "nixpkgs" sources
then sourcesNixpkgs
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
import <nixpkgs> {}
else
abort
''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
in if builtins.hasAttr "nixpkgs" sources then
sourcesNixpkgs
else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
import <nixpkgs> { }
else
abort ''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
# The actual fetching function.
fetch = pkgs: name: spec:
if ! builtins.hasAttr "type" spec then
if !builtins.hasAttr "type" spec then
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file" then fetch_file pkgs name spec
else if spec.type == "tarball" then fetch_tarball pkgs name spec
else if spec.type == "git" then fetch_git name spec
else if spec.type == "local" then fetch_local spec
else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
else if spec.type == "builtin-url" then fetch_builtin-url name
else if spec.type == "file" then
fetch_file pkgs name spec
else if spec.type == "tarball" then
fetch_tarball pkgs name spec
else if spec.type == "git" then
fetch_git name spec
else if spec.type == "local" then
fetch_local spec
else if spec.type == "builtin-tarball" then
fetch_builtin-tarball name
else if spec.type == "builtin-url" then
fetch_builtin-url name
else
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
abort
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
# If the environment variable NIV_OVERRIDE_${name} is set, then use
# the path directly as opposed to the fetched source.
replace = name: drv:
let
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
saneName = stringAsChars
(c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
in
if ersatz == "" then drv else
# this turns the string into an actual Nix path (for both absolute and
# relative paths)
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
in if ersatz == "" then
drv
else
# this turns the string into an actual Nix path (for both absolute and
# relative paths)
if builtins.substring 0 1 ersatz == "/" then
/. + ersatz
else
/. + builtins.getEnv "PWD" + "/${ersatz}";
# Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs = builtins.mapAttrs or (
f: set: with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
);
mapAttrs = builtins.mapAttrs or (f: set:
with builtins;
listToAttrs (map (attr: {
name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1);
range = first: last:
if first > last then
[ ]
else
builtins.genList (n: first + n) (last - first + 1);
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
stringToCharacters = s:
map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
@ -123,46 +155,44 @@ let
concatStrings = builtins.concatStringsSep "";
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
optionalAttrs = cond: as: if cond then as else {};
optionalAttrs = cond: as: if cond then as else { };
# fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12" then
fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchTarball attrs;
let inherit (builtins) lessThan nixVersion fetchTarball;
in if lessThan nixVersion "1.12" then
fetchTarball
({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = { url, name ? null, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12" then
fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchurl attrs;
let inherit (builtins) lessThan nixVersion fetchurl;
in if lessThan nixVersion "1.12" then
fetchurl
({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchurl attrs;
# Create the final "sources" from the config
mkSources = config:
mapAttrs (
name: spec:
if builtins.hasAttr "outPath" spec
then abort
"The values in sources.json should not have an 'outPath' attribute"
else
spec // { outPath = replace name (fetch config.pkgs name spec); }
) config.sources;
mapAttrs (name: spec:
if builtins.hasAttr "outPath" spec then
abort
"The values in sources.json should not have an 'outPath' attribute"
else
spec // { outPath = replace name (fetch config.pkgs name spec); })
config.sources;
# The "config" used by the fetchers
mkConfig =
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
, sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
, system ? builtins.currentSystem
, pkgs ? mkPkgs sources system
}: rec {
mkConfig = { sourcesFile ?
if builtins.pathExists ./sources.json then ./sources.json else null
, sources ? if isNull sourcesFile then
{ }
else
builtins.fromJSON (builtins.readFile sourcesFile)
, system ? builtins.currentSystem, pkgs ? mkPkgs sources system }: rec {
# The sources, i.e. the attribute set of spec name to spec
inherit sources;
@ -170,5 +200,6 @@ let
inherit pkgs;
};
in
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }
in mkSources (mkConfig { }) // {
__functor = _: settings: mkSources (mkConfig settings);
}

View File

@ -1,19 +1,23 @@
{ pkgs, lib, config, ... }:
with lib;
let cfg = config.deployment.keyys; in
{
options.deployment.keyys = mkOption { type = types.listOf types.path; default = []; };
let cfg = config.deployment.keyys;
in {
options.deployment.keyys = mkOption {
type = types.listOf types.path;
default = [ ];
};
options.deployment.keys-copy = mkOption { type = types.package; };
config = {
deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys" (if cfg != [] then ''
set -e
ssh root@$1 "mkdir -p /root/keys"
scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys
echo "uploaded keys"
'' else ''
echo "no keys to upload"
'');
deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys"
(if cfg != [ ] then ''
set -e
ssh root@$1 "mkdir -p /root/keys"
scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys
echo "uploaded keys"
'' else ''
echo "no keys to upload"
'');
};
}

View File

@ -1,9 +1,5 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../physical/3950x.nix
../roles/workstation.nix
];
{ config, pkgs, lib, ... }: {
imports = [ ../physical/3950x.nix ../roles/workstation.nix ];
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];

View File

@ -1,6 +1,5 @@
{ config, pkgs, lib, ... }:
{
imports = [
{ config, pkgs, lib, ... }: {
imports = [
../physical/fractal.nix
../roles/server.nix
../roles/homeserver.nix
@ -20,7 +19,9 @@
# };
boot.supportedFilesystems = [ "zfs" ];
services.yorick.torrent-vpn = {
enable = true; name = "mullvad-nl4"; namespace = "torrent";
enable = true;
name = "mullvad-nl4";
namespace = "torrent";
};
services.plex = {
enable = true;
@ -32,26 +33,28 @@
};
services.prometheus = {
enable = true;
extraFlags = [
"--web.enable-admin-api"
];
extraFlags = [ "--web.enable-admin-api" ];
# victoriametrics
remoteWrite = [ { url = "http://127.0.0.1:8428/api/v1/write"; } ];
scrapeConfigs = [ {
job_name = "smartmeter";
# prometheus doesn't support mdns :thinking_face:
static_configs = [ { targets = [ "192.168.178.30" ]; } ];
scrape_interval = "10s";
} {
job_name = "node";
static_configs = [ { targets = [ "localhost:9100" ]; } ];
# } {
# job_name = "unifi";
# static_configs = [ { targets = [ "localhost:9130" ]; } ];
} {
job_name = "thermometer";
static_configs = [ { targets = [ "192.168.178.21:8000" ]; } ];
}];
remoteWrite = [{ url = "http://127.0.0.1:8428/api/v1/write"; }];
scrapeConfigs = [
{
job_name = "smartmeter";
# prometheus doesn't support mdns :thinking_face:
static_configs = [{ targets = [ "192.168.178.30" ]; }];
scrape_interval = "10s";
}
{
job_name = "node";
static_configs = [{ targets = [ "localhost:9100" ]; }];
# } {
# job_name = "unifi";
# static_configs = [ { targets = [ "localhost:9130" ]; } ];
}
{
job_name = "thermometer";
static_configs = [{ targets = [ "192.168.178.21:8000" ]; }];
}
];
exporters.node.enable = true;
# exporters.unifi = {
# enable = true;
@ -81,7 +84,8 @@
AUTH_GOOGLE_ALLOW_SIGN_UP = "false";
};
};
systemd.services.grafana.serviceConfig.EnvironmentFile = "/root/keys/grafana.env";
systemd.services.grafana.serviceConfig.EnvironmentFile =
"/root/keys/grafana.env";
services.zfs = {
trim.enable = false; # no ssd's
autoScrub = {

View File

@ -1,9 +1,5 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../physical/xps9360.nix
../roles/workstation.nix
];
{ config, pkgs, lib, ... }: {
imports = [ ../physical/xps9360.nix ../roles/workstation.nix ];
system.stateVersion = "17.09";

View File

@ -13,8 +13,7 @@ let
};
};
vpn = import ../vpn.nix;
in
{
in {
imports = [
../physical/hetznercloud.nix
../roles/server.nix
@ -24,20 +23,30 @@ in
];
system.stateVersion = "19.03";
services.nginx.enable = true;
services.yorick = {
public = { enable = true; vhost = "pub.yori.cc"; };
website = { enable = true; vhost = "yorickvanpelt.nl"; };
git = { enable = true; vhost = "git.yori.cc"; };
muflax-church = { enable = true; vhost = "muflax.church"; };
public = {
enable = true;
vhost = "pub.yori.cc";
};
website = {
enable = true;
vhost = "yorickvanpelt.nl";
};
git = {
enable = true;
vhost = "git.yori.cc";
};
muflax-church = {
enable = true;
vhost = "muflax.church";
};
};
services.muflax-blog = {
enable = true;
web-server = {
port = 9001;
};
web-server = { port = 9001; };
hidden-service = {
hostname = "muflax65ngodyewp.onion";
private_key = "/root/keys/http.muflax.key";
@ -52,12 +61,16 @@ in
forceSSL = true;
globalRedirect = "yorickvanpelt.nl";
};
"yorickvanpelt.nl".locations."/p1".return = "301 https://git.yori.cc/yorick/meterkast";
"yorickvanpelt.nl".locations."/p1".return =
"301 https://git.yori.cc/yorick/meterkast";
"grafana.yori.cc" = sslforward "http://${vpn.ips.frumar}:3000";
"ubiquiti.yori.cc" = sslforward "https://${vpn.ips.woodhouse}:8443";
"prometheus.yori.cc" = {
# only over vpn
listen = [ { addr = "10.209.0.1"; port = 80; } ];
listen = [{
addr = "10.209.0.1";
port = 80;
}];
locations."/".proxyPass = "http://10.209.0.3:9090";
};
"pub.yori.cc".locations."/muflax/".extraConfig = ''
@ -66,19 +79,20 @@ in
};
deployment.keyys = [ <yori-nix/keys/http.muflax.key> ];
networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
networking.wireguard.interfaces.wg-y.peers =
lib.mkForce (lib.mapAttrsToList (machine: publicKey: {
networking.wireguard.interfaces.wg-y.peers = lib.mkForce (lib.mapAttrsToList
(machine: publicKey: {
inherit publicKey;
allowedIPs = [ "${vpn.ips.${machine}}/32" ];
}) vpn.keys);
services.prometheus.exporters.wireguard = {
enable = true;
};
services.prometheus.exporters.wireguard = { enable = true; };
networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9586 ];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
environment.noXlibs = true;
users.users.yorick.packages = with pkgs; [
python2 sshfs-fuse weechat ripgrep
python2
sshfs-fuse
weechat
ripgrep
];
}

View File

@ -1,18 +1,27 @@
{ config, pkgs, lib, ... }:
let
#secrets = import <secrets>;
mkFuseMount = device: opts: {
mkFuseMount = device: opts: {
# todo: "ServerAliveCountMax=3" "ServerAliveInterval=30"
device = "${pkgs.sshfsFuse}/bin/sshfs#${device}";
fsType = "fuse";
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user"
"defaults" "allow_other" "transform_symlinks" "default_permissions"
"uid=1000"
"reconnect" "IdentityFile=/root/.ssh/id_sshfs"] ++ opts;
};
in
{
options = [
"noauto"
"x-systemd.automount"
"_netdev"
"users"
"idmap=user"
"defaults"
"allow_other"
"transform_symlinks"
"default_permissions"
"uid=1000"
"reconnect"
"IdentityFile=/root/.ssh/id_sshfs"
] ++ opts;
};
in {
imports = [
../physical/nuc.nix
../roles/graphical.nix
@ -35,12 +44,13 @@ in
hardware.bluetooth.enable = true;
# kodi ports
networking.firewall.allowedTCPPorts = [7 8080 8443 9090 9777];
networking.firewall.allowedTCPPorts = [ 7 8080 8443 9090 9777 ];
users.users.tv = {
isNormalUser = true;
uid = 1043;
extraGroups = [ "wheel" ];
hashedPassword = "$6$hD4ESAGS8O1d$yctx6spOPZ0nt/6cgYpsWZ86UoXw3ISRpf2gbdhbl8JgDz6Psjx6JCqJ9NsMi5BHnXlgRRK/z2SVrTjHEsqQR.";
hashedPassword =
"$6$hD4ESAGS8O1d$yctx6spOPZ0nt/6cgYpsWZ86UoXw3ISRpf2gbdhbl8JgDz6Psjx6JCqJ9NsMi5BHnXlgRRK/z2SVrTjHEsqQR.";
packages = with pkgs; [ plex-media-player ];
};
services.xserver.windowManager.i3.enable = true;
@ -57,6 +67,6 @@ in
# };
# todo: debug:
services.resolved.extraConfig = "MulticastDNS=true";
systemd.network.networks."40-eno1".networkConfig.MulticastDNS="yes";
systemd.network.networks."40-eno1".networkConfig.MulticastDNS = "yes";
services.fstrim.enable = true;
}

View File

@ -1,16 +1,15 @@
# Edit this configuration file to define what should be installed on your system. Help is available in the configuration.nix(5) man page and in the NixOS manual (accessible by running nixos-help).
let sources = import ../../nix/sources.nix; in
{ config, lib, pkgs, ... }:
let sources = import ../../nix/sources.nix;
in { config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
../physical/apu2c4.nix
#<yori-nix/roles/homeserver.nix>
../roles
"${sources.nixos-hardware}/pcengines/apu"
<nixpkgs/nixos/modules/profiles/minimal.nix>
];
imports = [ # Include the results of the hardware scan.
../physical/apu2c4.nix
#<yori-nix/roles/homeserver.nix>
../roles
"${sources.nixos-hardware}/pcengines/apu"
<nixpkgs/nixos/modules/profiles/minimal.nix>
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
@ -50,10 +49,15 @@ let sources = import ../../nix/sources.nix; in
interface = "dslite1";
};
systemd.services.dslite1-netdev = {
wantedBy = [ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ];
bindsTo = [];
wantedBy =
[ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ];
bindsTo = [ ];
partOf = [ "network-setup.service" ];
after = [ "network-pre.target" "network-addresses-enp1s0.service" "network-link-enp1s0.service" ];
after = [
"network-pre.target"
"network-addresses-enp1s0.service"
"network-link-enp1s0.service"
];
before = [ "network-setup.service" ];
path = [ pkgs.iproute ];
serviceConfig = {
@ -96,16 +100,56 @@ let sources = import ../../nix/sources.nix; in
interfaces = [ "enp2s0" ];
enable = true;
machines = [
{ hostName = "amateria"; ethernetAddress = "a8:a1:59:15:8b:63"; ipAddress = "192.168.178.42"; }
{ hostName = "blackadder"; ethernetAddress = "a8:a1:59:03:8a:75"; ipAddress = "192.168.178.33"; }
{ hostName = "frumar"; ethernetAddress = "bc:5f:f4:e8:42:9f"; ipAddress = "192.168.178.37"; }
{ hostName = "jarvis"; ethernetAddress = "18:1d:ea:35:13:58"; ipAddress = "192.168.178.34"; }
{ hostName = "jarvis-dock"; ethernetAddress = "64:4b:f0:10:05:f2"; ipAddress = "192.168.178.13"; }
{ hostName = "printer"; ethernetAddress = "30:05:5c:44:20:a7"; ipAddress = "192.168.178.26"; }
{ hostName = "raspberrypi"; ethernetAddress = "b8:27:eb:b9:ec:3a"; ipAddress = "192.168.178.21"; }
{ hostName = "smartMeter"; ethernetAddress = "5c:cf:7f:26:ca:91"; ipAddress = "192.168.178.30"; }
{ hostName = "gang-ap"; ethernetAddress = "b4:fb:e4:2d:fc:f3"; ipAddress = "192.168.178.32"; }
{ hostName = "woodhouse"; ethernetAddress = "94:c6:91:15:1f:c5"; ipAddress = "192.168.178.39"; }
{
hostName = "amateria";
ethernetAddress = "a8:a1:59:15:8b:63";
ipAddress = "192.168.178.42";
}
{
hostName = "blackadder";
ethernetAddress = "a8:a1:59:03:8a:75";
ipAddress = "192.168.178.33";
}
{
hostName = "frumar";
ethernetAddress = "bc:5f:f4:e8:42:9f";
ipAddress = "192.168.178.37";
}
{
hostName = "jarvis";
ethernetAddress = "18:1d:ea:35:13:58";
ipAddress = "192.168.178.34";
}
{
hostName = "jarvis-dock";
ethernetAddress = "64:4b:f0:10:05:f2";
ipAddress = "192.168.178.13";
}
{
hostName = "printer";
ethernetAddress = "30:05:5c:44:20:a7";
ipAddress = "192.168.178.26";
}
{
hostName = "raspberrypi";
ethernetAddress = "b8:27:eb:b9:ec:3a";
ipAddress = "192.168.178.21";
}
{
hostName = "smartMeter";
ethernetAddress = "5c:cf:7f:26:ca:91";
ipAddress = "192.168.178.30";
}
{
hostName = "gang-ap";
ethernetAddress = "b4:fb:e4:2d:fc:f3";
ipAddress = "192.168.178.32";
}
{
hostName = "woodhouse";
ethernetAddress = "94:c6:91:15:1f:c5";
ipAddress = "192.168.178.39";
}
];
extraConfig = ''
subnet 192.168.178.0 netmask 255.255.255.0 {
@ -183,15 +227,17 @@ let sources = import ../../nix/sources.nix; in
boot.supportedFilesystems = lib.mkForce [ "ext4" ];
boot.initrd.supportedFilesystems = lib.mkForce [ "ext4" ];
security.polkit.enable = false;
nixpkgs.overlays = [ (self: super: {
dhcpcd = super.dhcpcd.overrideAttrs (o: rec {
pname = "dhcpcd";
version = "8.1.9";
src = self.fetchurl {
url = "mirror://roy/${pname}/${pname}-${version}.tar.xz";
sha256 = "1kzv61bgrd0zwiy6r218zkccx36j9p5mz1gxqvbhg05xn9g50alf";
};
patches = [];
});
}) ];
nixpkgs.overlays = [
(self: super: {
dhcpcd = super.dhcpcd.overrideAttrs (o: rec {
pname = "dhcpcd";
version = "8.1.9";
src = self.fetchurl {
url = "mirror://roy/${pname}/${pname}-${version}.tar.xz";
sha256 = "1kzv61bgrd0zwiy6r218zkccx36j9p5mz1gxqvbhg05xn9g50alf";
};
patches = [ ];
});
})
];
}

View File

@ -1,10 +1,12 @@
{ config, lib, ... }:
let
cfg = config.yorick.lumi-vpn;
addresses = import "${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix"
{ lib.ip4.ip = a: b: c: d: x: lib.concatStringsSep "." (map toString [ a b c d ]); };
in
{
addresses = import
"${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix" {
lib.ip4.ip = a: b: c: d: x:
lib.concatStringsSep "." (map toString [ a b c d ]);
};
in {
options.yorick.lumi-vpn = with lib; {
enable = mkEnableOption "lumi vpn";
name = mkOption {
@ -28,9 +30,10 @@ in
config = lib.mkIf cfg.enable {
networking.wireguard.interfaces = {
wg-lumi = {
privateKeyFile = "/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key";
privateKeyFile =
"/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key";
ips = [ cfg.ip ];
peers = [ {
peers = [{
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
endpoint = "wg.lumi.guide:31727";
allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];

View File

@ -1,30 +1,32 @@
{ cur_pkgs, config, lib, ... }:
let
cfg = config.services.muflax-blog;
muflax-source = builtins.fetchGit {
rev = "e5ce7ae4296c6605a7e886c153d569fc38318096";
ref = "HEAD";
url = "https://github.com/fmap/muflax65ngodyewp.onion.git";
};
nixpkgs = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
}) { system = builtins.currentSystem; };
blog = lib.overrideDerivation (nixpkgs.callPackage "${muflax-source}/maintenance" {}) (default: {
buildPhase = default.buildPhase + "\n" + ''
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1${cfg.hidden-service.hostname}/g'
'';
});
};
nixpkgs = import (builtins.fetchTarball {
url =
"https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
}) { system = builtins.currentSystem; };
blog = lib.overrideDerivation
(nixpkgs.callPackage "${muflax-source}/maintenance" { }) (default: {
buildPhase = default.buildPhase + "\n" + ''
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1${cfg.hidden-service.hostname}/g'
'';
});
in with lib; {
options.services.muflax-blog = {
enable = mkOption { type = types.bool; default = false; };
web-server = {
port = mkOption { type = types.int; };
enable = mkOption {
type = types.bool;
default = false;
};
web-server = { port = mkOption { type = types.int; }; };
hidden-service = {
hostname = mkOption { type = types.str; };
hostname = mkOption { type = types.str; };
private_key = mkOption { type = types.str; };
};
};
@ -47,11 +49,13 @@ in with lib; {
server_name ${site}.${cfg.hidden-service.hostname};
root ${blog}/${site};
}
'') ["daily" "gospel" "blog"]);
'') [ "daily" "gospel" "blog" ]);
};
services.tor.enable = true;
services.tor.hiddenServices.muflax-blog.map = [{
port = 80; toPort = cfg.web-server.port; }];
port = 80;
toPort = cfg.web-server.port;
}];
services.tor.service-keys.muflax-blog = cfg.hidden-service.private_key;
};
}

View File

@ -1,36 +1,35 @@
{ config, lib, pkgs, ... }:
let
sslcfg = dir: ''
sslcfg = dir: ''
ssl on;
ssl_certificate_key ${dir}/key.pem;
ssl_certificate ${dir}/fullchain.pem;
ssl_trusted_certificate ${dir}/fullchain.pem;
add_header Strict-Transport-Security max-age=15768000;
'';
'';
in
{
in {
config = lib.mkIf config.services.nginx.enable {
services.nginx = {
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
serverTokens = false;
sslDhparam = "/etc/nginx/dhparam.pem";
services.nginx = {
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
serverTokens = false;
sslDhparam = "/etc/nginx/dhparam.pem";
virtualHosts."${config.networking.hostName}.yori.cc" = {
enableACME = true;
forceSSL = true;
default = true;
};
};
networking.firewall.allowedTCPPorts = [80 443];
system.activationScripts.nginxdhparams = ''
if ! [[ -e /etc/nginx/dhparam.pem ]]; then
mkdir -p /etc/nginx/
${pkgs.openssl}/bin/openssl dhparam -out /etc/nginx/dhparam.pem 2048
fi
networking.firewall.allowedTCPPorts = [ 80 443 ];
system.activationScripts.nginxdhparams = ''
if ! [[ -e /etc/nginx/dhparam.pem ]]; then
mkdir -p /etc/nginx/
${pkgs.openssl}/bin/openssl dhparam -out /etc/nginx/dhparam.pem 2048
fi
'';
};
};
}

View File

@ -7,13 +7,13 @@ let
torDir = "/var/lib/tor";
in {
options.services.tor.service-keys = mkOption {
default = {};
default = { };
type = with types; attrsOf str;
};
config = mkIf (service-keys != {}) {
config = mkIf (service-keys != { }) {
systemd.services."install-tor-hidden-service-keys" = {
wantedBy = ["tor.service"];
wantedBy = [ "tor.service" ];
serviceConfig.Type = "oneshot";
serviceConfig.User = "root";
serviceConfig.Group = "keys";

View File

@ -1,32 +1,20 @@
let
names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
in
pkgs: super: {
yorick = (super.yorick or {}) // rec {
nixos =
configuration: extraArgs:
let names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
in pkgs: super: {
yorick = (super.yorick or { }) // rec {
nixos = configuration: extraArgs:
let
c = import (pkgs.path + "/nixos/lib/eval-config.nix") {
inherit (pkgs.stdenv.hostPlatform) system;
inherit extraArgs;
modules =
[(
{ lib, ... }: {
config.nixpkgs.pkgs = lib.mkDefault pkgs;
}
)] ++ (
if builtins.isList configuration
then configuration
else [configuration]
);
[ ({ lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault pkgs; }) ]
++ (if builtins.isList configuration then
configuration
else
[ configuration ]);
};
in
c.config.system.build // c;
machine = pkgs.lib.genAttrs names (name: nixos [
./roles
(./logical + "/${name}.nix")
] {
inherit name;
});
in c.config.system.build // c;
machine = pkgs.lib.genAttrs names
(name: nixos [ ./roles (./logical + "/${name}.nix") ] { inherit name; });
};
}

View File

@ -1,3 +1 @@
[ (self: super: {
yori-cc = super.callPackage ./yori-cc.nix {};
})]
[ (self: super: { yori-cc = super.callPackage ./yori-cc.nix { }; }) ]

View File

@ -2,12 +2,12 @@
stdenv.mkDerivation {
name = "yori-cc-1.5";
src = builtins.fetchGit {
url = "git@git.yori.cc:yorick/yori-cc.git";
rev = "68c75ab84cceaf98dd8fd0646b97d73f966b8962";
};
buildInputs = [ ];
installPhase = ''
@ -17,7 +17,7 @@ stdenv.mkDerivation {
meta = {
description = "Yori-cc website";
homepage = https://yorickvanpelt.nl;
homepage = "https://yorickvanpelt.nl";
maintainers = [ "Yorick" ];
};
}

View File

@ -4,33 +4,31 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "rpool/root/nixos";
fsType = "zfs";
};
fileSystems."/" = {
device = "rpool/root/nixos";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "rpool/home-enc";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/home-enc";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/5D0A-7902";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/5D0A-7902";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/61a23e27-2cd4-4456-bcde-aec68be04239"; }
];
[{ device = "/dev/disk/by-uuid/61a23e27-2cd4-4456-bcde-aec68be04239"; }];
nix.maxJobs = lib.mkDefault 32;
# High-DPI console

View File

@ -1,12 +1,11 @@
{ config, pkgs, lib, ... }:
let sources = import ../../nix/sources.nix;
in
{
imports =
[ ./.
./3950x-hardware-config.nix
"${sources.nixos-hardware}/common/cpu/amd"
];
let sources = import ../../nix/sources.nix;
in {
imports = [
./.
./3950x-hardware-config.nix
"${sources.nixos-hardware}/common/cpu/amd"
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@ -27,8 +26,13 @@ in
# linkConfig.NamePolicy = "mac kernel database onboard slot path";
# };
boot.kernelParams = [
"amdgpu.ppfeaturemask=0xffffffff" "amdgpu.noretry=0" "amdgpu.lockup_timeout=1000" "amdgpu.gpu_recovery=1" "amdgpu.audio=0"
"amdgpu.ppfeaturemask=0xffffffff"
"amdgpu.noretry=0"
"amdgpu.lockup_timeout=1000"
"amdgpu.gpu_recovery=1"
"amdgpu.audio=0"
# thunderbolt
"pcie_ports=native" "pci=assign-busses,hpbussize=0x33,realloc"
"pcie_ports=native"
"pci=assign-busses,hpbussize=0x33,realloc"
];
}

View File

@ -4,19 +4,19 @@
{ config, lib, pkgs, ... }:
{
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; }
];
[{ device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; }];
nix.maxJobs = lib.mkDefault 4;
}

View File

@ -1,3 +1 @@
{
hardware.enableRedistributableFirmware = true;
}
{ hardware.enableRedistributableFirmware = true; }

View File

@ -1,13 +1,10 @@
{ config, lib, pkgs, ... }:
let sources = import ../../nix/sources.nix;
in
{
imports =
[ ./.
"${sources.nixos-hardware}/common/cpu/intel"
];
in {
imports = [ ./. "${sources.nixos-hardware}/common/cpu/intel" ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
# Use the GRUB 2 boot loader.
boot.loader.grub = {
@ -17,25 +14,22 @@ in
device = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S21PNXAG441016B";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/ba95c638-f243-48ee-ae81-0c70884e7e74";
fsType = "ext4";
options = [ "defaults" "relatime" "discard" ];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/ba95c638-f243-48ee-ae81-0c70884e7e74";
fsType = "ext4";
options = ["defaults" "relatime" "discard"];
};
swapDevices = [{ device = "/dev/disk/by-label/nixos-swap"; }];
fileSystems."/data" = {
device = "frumar-new";
fsType = "zfs";
};
swapDevices =
[ { device = "/dev/disk/by-label/nixos-swap"; }
];
fileSystems."/data" =
{ device = "frumar-new";
fsType = "zfs";
};
fileSystems."/data/plexmedia" =
{ device = "frumar-new/plexmedia";
fsType = "zfs";
};
fileSystems."/data/plexmedia" = {
device = "frumar-new/plexmedia";
fsType = "zfs";
};
nix.maxJobs = 4;
services.avahi.interfaces = [ "enp2s0" ];

View File

@ -1,14 +1,11 @@
{ config, lib, pkgs, modulesPath, ... }:
let
ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName};
in
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
let ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName};
in {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.loader.grub = {
@ -17,10 +14,10 @@ in
device = "/dev/sda";
};
fileSystems."/" =
{ device = "/dev/sda1";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
swapDevices = [ ];

View File

@ -1,31 +1,30 @@
{ config, lib, pkgs, modulesPath, ... }:
let sources = import ../../nix/sources.nix;
in
{
let sources = import ../../nix/sources.nix;
in {
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
./.
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./.
"${sources.nixos-hardware}/common/cpu/intel"
];
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3e148654-0ed8-4354-8159-e3499c6fa299";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/3e148654-0ed8-4354-8159-e3499c6fa299";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/439E-26EA";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/439E-26EA";
fsType = "vfat";
};
swapDevices = [ ];
@ -35,7 +34,8 @@ in
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.opengl.extraPackages = with pkgs; [
intel-media-driver # only available starting nixos-19.03 or the current nixos-unstable
];
hardware.opengl.extraPackages = with pkgs;
[
intel-media-driver # only available starting nixos-19.03 or the current nixos-unstable
];
}

View File

@ -9,21 +9,21 @@
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62";
fsType = "btrfs";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62";
fsType = "btrfs";
};
boot.initrd.luks.devices."nix-crypt".device = "/dev/disk/by-uuid/320ef81d-283f-4916-ac26-ecfb0f31e549";
boot.initrd.luks.devices."nix-crypt".device =
"/dev/disk/by-uuid/320ef81d-283f-4916-ac26-ecfb0f31e549";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0E07-7805";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/0E07-7805";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/198ddaba-a849-41de-993d-862c2d37937a"; }
];
[{ device = "/dev/disk/by-uuid/198ddaba-a849-41de-993d-862c2d37937a"; }];
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

View File

@ -1,7 +1,6 @@
{ config, lib, pkgs, ... }:
let sources = import ../../nix/sources.nix;
in
{
in {
imports = [
"${sources.nixos-hardware}/dell/xps/13-9360"
./xps9360-hardware-config.nix
@ -12,7 +11,7 @@ in
boot.extraModprobeConfig = ''
options i8k ignore_dmi=1
'';
fileSystems."/".options = ["defaults" "relatime" "discard"];
fileSystems."/".options = [ "defaults" "relatime" "discard" ];
boot.initrd.luks.devices."nix-crypt".allowDiscards = true;

View File

@ -1,12 +1,10 @@
let secrets = import ../secrets.nix;
in
{ config, pkgs, lib, name, ...}:
in { config, pkgs, lib, name, ... }:
let
machine = name;
vpn = import ../vpn.nix;
in
{
imports = [
in {
imports = [
../modules/tor-hidden-service.nix
../modules/nginx.nix
../modules/lumi-vpn.nix
@ -15,23 +13,24 @@ in
];
networking.domain = "yori.cc";
networking.hostName = machine;
time.timeZone = "Europe/Amsterdam";
users.mutableUsers = false;
users.users.root = {
openssh.authorizedKeys.keys = config.users.users.yorick.openssh.authorizedKeys.keys;
time.timeZone = "Europe/Amsterdam";
users.mutableUsers = false;
users.users.root = {
openssh.authorizedKeys.keys =
config.users.users.yorick.openssh.authorizedKeys.keys;
# root password is useful from console, ssh has password logins disabled
hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own
};
};
services.timesyncd.enable = true;
users.users.yorick = {
isNormalUser = true;
uid = 1000;
extraGroups = ["wheel"];
group = "users";
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); yorick;
users.users.yorick = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" ];
group = "users";
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); yorick;
hashedPassword = secrets.yorick_hashedPassword;
};
};
# Nix
nixpkgs.config.allowUnfree = true;
@ -44,14 +43,13 @@ in
services.openssh = {
enable = true;
passwordAuthentication = false;
challengeResponseAuthentication = false;
passwordAuthentication = false;
challengeResponseAuthentication = false;
};
environment.systemPackages = with pkgs; [
# v important.
cowsay #ponysay
cowsay # ponysay
ed # ed, man!
sl
rlwrap
@ -59,31 +57,43 @@ in
#vim
# system stuff
ethtool inetutils
pciutils usbutils
/*iotop*/ powertop htop
psmisc lsof
smartmontools hdparm
ethtool
inetutils
pciutils
usbutils
# iotop
powertop
htop
psmisc
lsof
smartmontools
hdparm
lm_sensors
ncdu
# utils
file which
file
which
reptyr
tmux
bc
mkpasswd
shadow
# archiving
xdelta
libarchive
atool
# network
nmap mtr bind
socat netcat-openbsd
lftp wget rsync
nmap
mtr
bind
socat
netcat-openbsd
lftp
wget
rsync
#gitMinimal
#rxvt_unicode.terminfo
@ -94,12 +104,12 @@ in
ipv6 = true;
hostName = machine;
};
deployment.keyys = [ (<yori-nix/keys>+"/wg.${machine}.key") ];
deployment.keyys = [ (<yori-nix/keys> + "/wg.${machine}.key") ];
networking.wireguard.interfaces.wg-y = {
privateKeyFile = "/root/keys/wg.${machine}.key";
ips = [ vpn.ips.${machine} ];
listenPort = 31790;
peers = [ {
peers = [{
publicKey = vpn.keys.pennyworth;
endpoint = "pennyworth.yori.cc:31790";
allowedIPs = [ "10.209.0.0/24" ];
@ -112,7 +122,7 @@ in
nix.binaryCachePublicKeys =
[ "yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0=" ];
nix.trustedUsers = ["@wheel"];
nix.trustedUsers = [ "@wheel" ];
services.prometheus.exporters.node = {
enable = true;
enabledCollectors = [ "systemd" ];

View File

@ -45,7 +45,9 @@ in { config, lib, pkgs, ... }: {
programs.sway = {
enable = true;
extraSessionCommands = ''
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])}
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${
lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])
}
'';
};
};

View File

@ -1,4 +1,4 @@
{lib, ...}: {
{ lib, ... }: {
users.users.lars = {
isNormalUser = true;
openssh.authorizedKeys.keys = [

View File

@ -1,16 +1,20 @@
{
imports = [ ./. ];
documentation.nixos.enable = false;
services.sshguard.enable = true;
programs.mosh.enable = true;
environment.noXlibs = true;
networking.firewall.logRefusedConnections = false; # Silence logging of scanners and knockers
networking.firewall.logRefusedConnections =
false; # Silence logging of scanners and knockers
# TODO: upstream with noXlibs
# https://github.com/NixOS/nixpkgs/pull/107394
nixpkgs.overlays = [ (self: super: {
elixir_1_8 = (self.beam.packagesWith (self.beam.interpreters.erlang_nox)).elixir_1_8;
erlang = super.erlang_nox;
}) ];
nixpkgs.overlays = [
(self: super: {
elixir_1_8 =
(self.beam.packagesWith (self.beam.interpreters.erlang_nox)).elixir_1_8;
erlang = super.erlang_nox;
})
];
}

View File

@ -1,20 +1,20 @@
{ config, lib, pkgs, ... }:
let
nixNetrcFile = pkgs.runCommand "nix-netrc-file"
{ hostname = "cache.lumi.guide";
username = "lumi";
} ''
cat > $out <<EOI
machine $hostname
login $username
password ${builtins.readFile /home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password}
EOI
'';
in
{
imports = [
./graphical.nix
];
nixNetrcFile = pkgs.runCommand "nix-netrc-file" {
hostname = "cache.lumi.guide";
username = "lumi";
} ''
cat > $out <<EOI
machine $hostname
login $username
password ${
builtins.readFile
/home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password
}
EOI
'';
in {
imports = [ ./graphical.nix ];
users.extraUsers.yorick.extraGroups = [ "input" "wireshark" "dialout" ];
services.printing = {
@ -22,7 +22,9 @@ in
drivers = [ pkgs.gutenprint pkgs.cups-dymo ];
};
environment.systemPackages = with pkgs; [
pkgs.ghostscript pkgs.yubikey-manager pkgs.glib
pkgs.ghostscript
pkgs.yubikey-manager
pkgs.glib
];
environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [
"${gnome-themes-extra}/share"
@ -83,7 +85,7 @@ in
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ce9", MODE="664",GROUP="pico"
'')
];
users.groups.pico = {};
users.groups.pico = { };
# development
services.postgresql = {
@ -92,7 +94,6 @@ in
package = pkgs.postgresql_10;
};
# git
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
@ -101,10 +102,7 @@ in
services.pipewire.enable = true;
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
extraPortals = with pkgs; [ xdg-desktop-portal-wlr xdg-desktop-portal-gtk ];
gtkUsePortal = true;
};
}

Binary file not shown.

View File

@ -1,12 +1,14 @@
let
sources = import ./nix/sources.nix;
nixpkgs = import sources.nixpkgs {};
nixos = name: configuration: import (nixpkgs.path + "/nixos/lib/eval-config.nix") {
extraArgs = { inherit name; };
modules = [ ({lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault nixpkgs; }) ] ++ configuration;
};
nixpkgs = import sources.nixpkgs { };
nixos = name: configuration:
import (nixpkgs.path + "/nixos/lib/eval-config.nix") {
extraArgs = { inherit name; };
modules =
[ ({ lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault nixpkgs; }) ]
++ configuration;
};
names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
in
nixpkgs.lib.genAttrs names (name: (let os =
nixos name [ ./roles (./logical + "/${name}.nix") ]; in
os.config.system.build.toplevel // os))
in nixpkgs.lib.genAttrs names (name:
(let os = nixos name [ ./roles (./logical + "/${name}.nix") ];
in os.config.system.build.toplevel // os))

View File

@ -1,5 +1,4 @@
{ name, ... }:
{
{ name, ... }: {
deployment.keyys = [
(../keys + "/${name}_borg_repo.key")
(../keys + "/${name}_borg_ssh.key")
@ -25,7 +24,7 @@
repo = "14337@ch-s012.rsync.net:${name}";
paths = [ "/home" "/root" "/var/lib" ];
prune.keep = {
# hourly backups for the past week
within = "7d";

View File

@ -1,8 +1 @@
{
imports = [
./git.nix
./muflax-church.nix
./pub.nix
./website.nix
];
}
{ imports = [ ./git.nix ./muflax-church.nix ./pub.nix ./website.nix ]; }

View File

@ -1,11 +1,7 @@
{ config, pkgs, lib, ... }:
let
sources = import ../../nix/sources.nix;
in
{
imports = [
("${sources.nixos-mailserver}")
];
let sources = import ../../nix/sources.nix;
in {
imports = [ ("${sources.nixos-mailserver}") ];
mailserver = rec {
enable = true;

View File

@ -3,8 +3,7 @@
let
cfg = config.services.yorick.git;
inherit (cfg) vhost;
in
{
in {
options.services.yorick.git = with lib; {
enable = mkEnableOption "git";
vhost = mkOption { type = types.str; };
@ -12,7 +11,9 @@ in
config = lib.mkIf cfg.enable {
users.extraUsers.git = {
createHome = true;
home = config.services.gitea.stateDir; extraGroups = [ "git" ]; useDefaultShell = true;
home = config.services.gitea.stateDir;
extraGroups = [ "git" ];
useDefaultShell = true;
};
services.gitea = {
enable = true;
@ -42,7 +43,8 @@ in
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.gitea.httpPort}";
proxyPass =
"http://127.0.0.1:${toString config.services.gitea.httpPort}";
extraConfig = ''
proxy_buffering off;
'';

View File

@ -5,16 +5,19 @@ let
rev = "e5ce7ae4296c6605a7e886c153d569fc38318096";
ref = "HEAD";
url = "https://github.com/fmap/muflax65ngodyewp.onion.git";
};
nixpkgs = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
}) { system = builtins.currentSystem; };
muflax-church = (nixpkgs.callPackage "${muflax-source}/maintenance" {}).overrideDerivation (default: {
buildPhase = default.buildPhase + "\n" + ''
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1muflax.church/g;s/http:\/\/\([^@]*\)muflax.church/https:\/\/\1muflax.church/g'
'';
});
};
nixpkgs = import (builtins.fetchTarball {
url =
"https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
}) { system = builtins.currentSystem; };
muflax-church =
(nixpkgs.callPackage "${muflax-source}/maintenance" { }).overrideDerivation
(default: {
buildPhase = default.buildPhase + "\n" + ''
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1muflax.church/g;s/http:\/\/\([^@]*\)muflax.church/https:\/\/\1muflax.church/g'
'';
});
cfg = config.services.yorick.muflax-church;
inherit (cfg) vhost;
addrs = {
@ -23,9 +26,12 @@ nixpkgs = import (builtins.fetchTarball {
"gospel.${vhost}" = "${muflax-church}/gospel";
"alt.${vhost}" = "/home/public/public/muflax";
};
m = x: root: { forceSSL = true; useACMEHost = vhost; inherit root; };
in
{
m = x: root: {
forceSSL = true;
useACMEHost = vhost;
inherit root;
};
in {
options.services.yorick.muflax-church = with lib; {
enable = mkEnableOption "muflax.church";
vhost = mkOption { type = types.str; };
@ -42,11 +48,7 @@ in
"gospel.${vhost}" = m "${muflax-church}/gospel";
"alt.${vhost}" = m "/home/public/public/muflax";
} // (lib.mapAttrs m addrs);
security.acme.certs.${vhost}.extraDomainNames = [
"daily.${vhost}"
"blog.${vhost}"
"gospel.${vhost}"
"alt.${vhost}"
];
security.acme.certs.${vhost}.extraDomainNames =
[ "daily.${vhost}" "blog.${vhost}" "gospel.${vhost}" "alt.${vhost}" ];
};
}

View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }:
let cfg = config.services.yorick.public; in
{
let cfg = config.services.yorick.public;
in {
options.services.yorick.public = {
enable = lib.mkEnableOption "public hosting";
vhost = lib.mkOption { type = lib.types.str; };
@ -14,7 +14,7 @@ let cfg = config.services.yorick.public; in
users.extraUsers.public = {
home = "/home/public";
useDefaultShell = true;
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [public];
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [ public ];
createHome = true;
};
services.nginx.virtualHosts.${cfg.vhost} = {

View File

@ -1,22 +1,20 @@
{pkgs, lib, config, ...}:
let
cfg = config.services.yorick.torrent-vpn;
in
{
{ pkgs, lib, config, ... }:
let cfg = config.services.yorick.torrent-vpn;
in {
options.services.yorick.torrent-vpn = with lib; {
enable = mkEnableOption "torrent-vpn";
name = mkOption { type = types.str; };
namespace = mkOption { type = types.str; };
};
config = {
deployment.keyys = [ (<yori-nix/keys>+"/wg.${cfg.name}.key") ];
deployment.keyys = [ (<yori-nix/keys> + "/wg.${cfg.name}.key") ];
networking.wireguard.interfaces.${cfg.name} = {
# curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")'
ips = [ "10.66.30.26/32" "fc00:bbbb:bbbb:bb01::3:1e19/128" ];
privateKeyFile = "/root/keys/wg.${cfg.name}.key";
peers = [{
publicKey = "hnRyse6QxPPcZOoSwRsHUtK1W+APWXnIoaDTmH6JsHQ=";
allowedIPs = ["0.0.0.0/0" "::0/0"];
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
endpoint = "[2a03:1b20:3:f011::a04f]:51820";
}];
interfaceNamespace = cfg.namespace;

View File

@ -1,25 +1,30 @@
{ config, lib, pkgs, ... }:
let
yoricc = pkgs.callPackage ../packages/yori-cc.nix {};
yoricc = pkgs.callPackage ../packages/yori-cc.nix { };
cfg = config.services.yorick.website;
in
with lib;
{
in with lib; {
options.services.yorick = {
website = {
enable = mkEnableOption "yoricc website";
vhost = mkOption { type = types.str; };
pkg = mkOption { type = types.package; default = yoricc; };
pkg = mkOption {
type = types.package;
default = yoricc;
};
};
redirect = mkOption { type = types.loaOf types.str; default = []; };
};
config.services.nginx.virtualHosts = with cfg; mkIf enable {
${vhost} = {
enableACME = true;
forceSSL = true;
locations."/".root = "${pkg}/web";
redirect = mkOption {
type = types.loaOf types.str;
default = [ ];
};
};
config.services.nginx.virtualHosts = with cfg;
mkIf enable {
${vhost} = {
enableACME = true;
forceSSL = true;
locations."/".root = "${pkg}/web";
};
};
}

View File

@ -1,4 +1,8 @@
{
public = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZv+hBDmjxF8h9Gxwvy0o7sMgOsqwp8pVj9AlpG90Y7agvkOm2IGtFueVfiDe0yWPXT0/EIiVWcPhWwcVkbY/BkypPJSMLnlcQ6ld+aO1g+BtdDaVuxcTSvQ77UCT2p+wftxoq1EiUdlhTsXpPucrBd+5NOde+jlPBE4qChIAf2zhOIByJAGT+M4Ie3eV4p5S9LB9CMI4s32gNUBbSA8UDmkjpBXkf9a1TZzdkOGWUmUFXt53/O8LZlGK9kkA5TsjM2xaxDjCLWf5wEcey4JsEggi1prE4aB68Q7+kdbvDiVSEFyZn0A/A9RXHBRAgW8yPdh+EGC56iDW/wkGxWBY5";
yorick = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo1N5E6qkb3McJOvv0PqI7E8iYLAcjil5RWc+zeTtN/" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFQm2OJ8PlnDHfI7FV3hddXP0t2jgKAiCnnuWIc+LK4dnyGmlC/ihIe9KhSENZEnzVAXnYAMOoOvpkVa5p0Itf1n0anCK3k2vDq0Jz9nY3ZXmkSHE09QGCpSG8kU6j+zWJPo2jWYNtxYMRmmHAuzzOdlPY9Q199PEvHVaqzpSVhIdhqhEcmap8oqHW6KbJu+17nLGGQB5XiTB1SlTxbg62copA9KMcvQzNGIooKs5QyrU/B0g05EfbogH7xOLbwYAK676DTUBEcKpEUYFMMv+DBcU4cH2EI6UTLxI5ohrS1pxk20zu5nTRMlQRUETpWN4EbEPfOzF8FW1YOwdttfCas8D6Y6t9gA4o8GpylBG9AElVw7VyOFeBR+AtchormH+wH6nZEvzs6wg2d84I8xo5qYGUJIQS7OYxypjlY01IFCCa/7rjzXGDmdWAP/UEu85ys9FSryn9Ey5DXDQOqhMHguOwQDUyaArWyRCCBzKbx6cPZw2D9bLfDxbnaC2/5dVyxHJXoWmwneX2E/UT5QwtG1nyLShIZhYgO9lfDpO61Mz9Jjap3sj6mJPxHZc5SGye0j47xV6kX4vbSgfoSHHnasaI3fR2ZBS7tnfq1ebxXqFFSPHK6uHjLgDHtkMisvjOVZnybuXB296pjv6K1o2G3qlUnImOqfxZxvuy4Xl/mw== cardno:000607186578"];
public =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZv+hBDmjxF8h9Gxwvy0o7sMgOsqwp8pVj9AlpG90Y7agvkOm2IGtFueVfiDe0yWPXT0/EIiVWcPhWwcVkbY/BkypPJSMLnlcQ6ld+aO1g+BtdDaVuxcTSvQ77UCT2p+wftxoq1EiUdlhTsXpPucrBd+5NOde+jlPBE4qChIAf2zhOIByJAGT+M4Ie3eV4p5S9LB9CMI4s32gNUBbSA8UDmkjpBXkf9a1TZzdkOGWUmUFXt53/O8LZlGK9kkA5TsjM2xaxDjCLWf5wEcey4JsEggi1prE4aB68Q7+kdbvDiVSEFyZn0A/A9RXHBRAgW8yPdh+EGC56iDW/wkGxWBY5";
yorick = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo1N5E6qkb3McJOvv0PqI7E8iYLAcjil5RWc+zeTtN/"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFQm2OJ8PlnDHfI7FV3hddXP0t2jgKAiCnnuWIc+LK4dnyGmlC/ihIe9KhSENZEnzVAXnYAMOoOvpkVa5p0Itf1n0anCK3k2vDq0Jz9nY3ZXmkSHE09QGCpSG8kU6j+zWJPo2jWYNtxYMRmmHAuzzOdlPY9Q199PEvHVaqzpSVhIdhqhEcmap8oqHW6KbJu+17nLGGQB5XiTB1SlTxbg62copA9KMcvQzNGIooKs5QyrU/B0g05EfbogH7xOLbwYAK676DTUBEcKpEUYFMMv+DBcU4cH2EI6UTLxI5ohrS1pxk20zu5nTRMlQRUETpWN4EbEPfOzF8FW1YOwdttfCas8D6Y6t9gA4o8GpylBG9AElVw7VyOFeBR+AtchormH+wH6nZEvzs6wg2d84I8xo5qYGUJIQS7OYxypjlY01IFCCa/7rjzXGDmdWAP/UEu85ys9FSryn9Ey5DXDQOqhMHguOwQDUyaArWyRCCBzKbx6cPZw2D9bLfDxbnaC2/5dVyxHJXoWmwneX2E/UT5QwtG1nyLShIZhYgO9lfDpO61Mz9Jjap3sj6mJPxHZc5SGye0j47xV6kX4vbSgfoSHHnasaI3fR2ZBS7tnfq1ebxXqFFSPHK6uHjLgDHtkMisvjOVZnybuXB296pjv6K1o2G3qlUnImOqfxZxvuy4Xl/mw== cardno:000607186578"
];
}

View File

@ -1,10 +1,10 @@
let sources = import ./nix/sources.nix; in
pkgs: super: {
let sources = import ./nix/sources.nix;
in pkgs: super: {
yorick = super.yorick // rec {
home = { check ? true, newsReadIdsFile ? null }:
import "${sources.home-manager}/home-manager/home-manager.nix" {
confPath = ./nix/.config/nixpkgs/home.nix;
inherit pkgs check newsReadIdsFile;
};
confPath = ./nix/.config/nixpkgs/home.nix;
inherit pkgs check newsReadIdsFile;
};
};
}