nixfmt
parent
65b73fabf7
commit
a688758401
|
@ -2,17 +2,20 @@
|
|||
#{ writeScript ? pkgs.writeScript, lib ? pkgs.lib, stdenv ? pkgs.stdenv }:
|
||||
with pkgs;
|
||||
let
|
||||
compileShell = src: buildInputs: name: stdenv.mkDerivation {
|
||||
compileShell = src: buildInputs: name:
|
||||
stdenv.mkDerivation {
|
||||
inherit name src;
|
||||
buildInputs = buildInputs ++ [ makeWrapper ];
|
||||
unpackPhase = "true";
|
||||
installPhase = ''mkdir -p $out/bin && cp $src $out/bin/${name}
|
||||
wrapProgram $out/bin/${name} --suffix PATH : ${lib.makeSearchPath "bin" buildInputs}
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin && cp $src $out/bin/${name}
|
||||
wrapProgram $out/bin/${name} --suffix PATH : ${
|
||||
lib.makeSearchPath "bin" buildInputs
|
||||
}
|
||||
'';
|
||||
};
|
||||
in lib.mapAttrs (k: f: f k) {
|
||||
backup = compileShell ./backup.sh
|
||||
(with pkgs; [utillinux duplicity]);
|
||||
screenshot_public = compileShell ./screenshot_public.sh
|
||||
(with pkgs; [scrot xclip rsync]);
|
||||
backup = compileShell ./backup.sh (with pkgs; [ utillinux duplicity ]);
|
||||
screenshot_public =
|
||||
compileShell ./screenshot_public.sh (with pkgs; [ scrot xclip rsync ]);
|
||||
}
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
let sources = import ./nix/sources.nix;
|
||||
in
|
||||
{
|
||||
in {
|
||||
allowUnfree = true;
|
||||
overlays = [
|
||||
(import sources.nixpkgs-wayland)
|
||||
|
|
|
@ -1,3 +1,2 @@
|
|||
let sources = import ./nix/sources.nix;
|
||||
in
|
||||
import sources.nixpkgs (import ./config.nix)
|
||||
in import sources.nixpkgs (import ./config.nix)
|
||||
|
|
|
@ -1,3 +1 @@
|
|||
let pkgs = import ../.;
|
||||
in
|
||||
pkgs.yorick.home
|
||||
let pkgs = import ../.; in pkgs.yorick.home
|
||||
|
|
|
@ -11,8 +11,7 @@ font = {
|
|||
forceWayland = true;
|
||||
browserName = "firefox";
|
||||
};
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [ ./arbtt.nix ./libinput-gestures.nix ];
|
||||
nixpkgs = {
|
||||
config.allowUnfree = true;
|
||||
|
@ -36,23 +35,53 @@ in
|
|||
emacs = {
|
||||
enable = true;
|
||||
package = pkgs.emacsPgtkGcc;
|
||||
extraPackages = _: let
|
||||
epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc;
|
||||
in (with epkgs.melpaPackages; [ reason-mode evil counsel ivy ivy-hydra swiper magit forge avy ]) ++ (with epkgs.melpaPackages; [
|
||||
extraPackages = _:
|
||||
let epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc;
|
||||
in (with epkgs.melpaPackages; [
|
||||
reason-mode
|
||||
evil
|
||||
counsel
|
||||
ivy
|
||||
ivy-hydra
|
||||
swiper
|
||||
magit
|
||||
forge
|
||||
avy
|
||||
]) ++ (with epkgs.melpaPackages; [
|
||||
epkgs.undo-tree
|
||||
epkgs.notmuch epkgs.rust-mode
|
||||
epkgs.notmuch
|
||||
epkgs.rust-mode
|
||||
company
|
||||
projectile counsel-projectile
|
||||
ggtags use-package org-bullets solarized-theme
|
||||
evil-leader evil-surround #evil-magit
|
||||
epkgs.evil-goggles epkgs.ox-mediawiki
|
||||
nix-buffer which-key git-gutter-fringe
|
||||
all-the-icons epkgs.org-cliplink
|
||||
pandoc-mode markdown-mode interleave
|
||||
org-ref haskell-mode request #intero
|
||||
weechat s elixir-mode htmlize
|
||||
linum-relative terraform-mode
|
||||
direnv vue-mode solarized-theme
|
||||
projectile
|
||||
counsel-projectile
|
||||
ggtags
|
||||
use-package
|
||||
org-bullets
|
||||
solarized-theme
|
||||
evil-leader
|
||||
evil-surround # evil-magit
|
||||
epkgs.evil-goggles
|
||||
epkgs.ox-mediawiki
|
||||
nix-buffer
|
||||
which-key
|
||||
git-gutter-fringe
|
||||
all-the-icons
|
||||
epkgs.org-cliplink
|
||||
pandoc-mode
|
||||
markdown-mode
|
||||
interleave
|
||||
org-ref
|
||||
haskell-mode
|
||||
request # intero
|
||||
weechat
|
||||
s
|
||||
elixir-mode
|
||||
htmlize
|
||||
linum-relative
|
||||
terraform-mode
|
||||
direnv
|
||||
vue-mode
|
||||
solarized-theme
|
||||
#wlrctl
|
||||
(epkgs.melpaBuild {
|
||||
pname = "nix-mode";
|
||||
|
@ -81,9 +110,11 @@ in
|
|||
extraConfig.help.autocorrect = 5;
|
||||
extraConfig.push.default = "simple";
|
||||
extraConfig.pull.ff = "only";
|
||||
extraConfig."includeIf \"gitdir:~/serokell/\"".path = "~/serokell/.gitconfig";
|
||||
extraConfig."includeIf \"gitdir:~/serokell/\"".path =
|
||||
"~/serokell/.gitconfig";
|
||||
aliases = {
|
||||
lg = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
|
||||
lg =
|
||||
"log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
|
||||
st = "status";
|
||||
remotes = "remote -v";
|
||||
branches = "branch -a";
|
||||
|
@ -92,7 +123,8 @@ in
|
|||
unstage = "reset -q HEAD --";
|
||||
discard = "checkout --";
|
||||
uncommit = "reset --mixed HEAD~";
|
||||
graph = "log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset• %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order ";
|
||||
graph =
|
||||
"log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset• %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order ";
|
||||
dad = "!curl https://icanhazdadjoke.com/ && git add";
|
||||
};
|
||||
};
|
||||
|
@ -108,19 +140,50 @@ in
|
|||
identityFile = "~/.ssh/id_rsa_pub";
|
||||
identitiesOnly = true;
|
||||
};
|
||||
phassa = { hostname = "karpenoktem.nl"; port = 33933; };
|
||||
phassa = {
|
||||
hostname = "karpenoktem.nl";
|
||||
port = 33933;
|
||||
};
|
||||
"jupiter.serokell.io" = jupiter;
|
||||
jupiter = { hostname = "jupiter.serokell.io"; port = 17788; };
|
||||
athena = { hostname = "athena.lumi.guide"; user = "yorick.van.pelt"; };
|
||||
rpibuild3 = { hostname = "10.110.0.3"; user = "yorick.van.pelt"; port = 4222; };
|
||||
styx = { hostname = "10.110.0.1"; user = "yorick.van.pelt"; port = 2233; };
|
||||
"*.lumi.guide" = {
|
||||
jupiter = {
|
||||
hostname = "jupiter.serokell.io";
|
||||
port = 17788;
|
||||
};
|
||||
athena = {
|
||||
hostname = "athena.lumi.guide";
|
||||
user = "yorick.van.pelt";
|
||||
};
|
||||
nyx = { hostname = "nyx.lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
|
||||
zeus = { hostname = "zeus.lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
|
||||
ponos = { hostname = "ponos.lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
|
||||
medusa = { hostname = "lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
|
||||
rpibuild3 = {
|
||||
hostname = "10.110.0.3";
|
||||
user = "yorick.van.pelt";
|
||||
port = 4222;
|
||||
};
|
||||
styx = {
|
||||
hostname = "10.110.0.1";
|
||||
user = "yorick.van.pelt";
|
||||
port = 2233;
|
||||
};
|
||||
"*.lumi.guide" = { user = "yorick.van.pelt"; };
|
||||
nyx = {
|
||||
hostname = "nyx.lumi.guide";
|
||||
user = "yorick.van.pelt";
|
||||
port = 2233;
|
||||
};
|
||||
zeus = {
|
||||
hostname = "zeus.lumi.guide";
|
||||
user = "yorick.van.pelt";
|
||||
port = 2233;
|
||||
};
|
||||
ponos = {
|
||||
hostname = "ponos.lumi.guide";
|
||||
user = "yorick.van.pelt";
|
||||
port = 2233;
|
||||
};
|
||||
medusa = {
|
||||
hostname = "lumi.guide";
|
||||
user = "yorick.van.pelt";
|
||||
port = 2233;
|
||||
};
|
||||
# signs
|
||||
"10.108.0.*" = {
|
||||
user = "yorick.van.pelt";
|
||||
|
@ -164,7 +227,7 @@ in
|
|||
shellAliases = {
|
||||
l = "ls";
|
||||
ls = "exa";
|
||||
nr = "nix repl \"<nixpkgs>\"";
|
||||
nr = ''nix repl "<nixpkgs>"'';
|
||||
nsp = "nix-shell -p";
|
||||
};
|
||||
interactiveShellInit = ''
|
||||
|
@ -186,7 +249,7 @@ in
|
|||
enable = true;
|
||||
historyControl = [ "erasedups" "ignoredups" "ignorespace" ];
|
||||
shellAliases = {
|
||||
nr = "nix repl \"<nixpkgs>\"";
|
||||
nr = ''nix repl "<nixpkgs>"'';
|
||||
nsp = "nix-shell -p";
|
||||
};
|
||||
initExtra = ''
|
||||
|
@ -249,12 +312,18 @@ eval "$(starship init bash)"
|
|||
# rev = "025ceddbddf55f2eb4ab40b05889148aab9699fc";
|
||||
# sha256 = "0lxv37gmh38y9d3l8nbnsm1mskcv10g3i83j0kac0a2qmypv1k9f";
|
||||
# } + "/Xresources.dark");
|
||||
home.file.".emacs.d/init.el" = { source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el); };
|
||||
home.file.".emacs.d/init.el" = {
|
||||
source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el);
|
||||
};
|
||||
xdg.configFile."streamlink/config".text = ''
|
||||
player = mpv --cache 2048
|
||||
default-stream = best
|
||||
'';
|
||||
xdg.configFile."waybar" = { source = ./waybar; recursive = true; onChange = "systemctl --user restart waybar"; };
|
||||
xdg.configFile."waybar" = {
|
||||
source = ./waybar;
|
||||
recursive = true;
|
||||
onChange = "systemctl --user restart waybar";
|
||||
};
|
||||
programs.mako.enable = true;
|
||||
services = {
|
||||
lorri.enable = true;
|
||||
|
@ -290,16 +359,22 @@ eval "$(starship init bash)"
|
|||
fonts = [ (toString font) ];
|
||||
window.border = 2;
|
||||
floating.modifier = "Mod4";
|
||||
keybindings = with pkgs; (builtins.head (builtins.head options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default //
|
||||
(let exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}"; mod = "Mod4"; in
|
||||
{
|
||||
keybindings = with pkgs;
|
||||
(builtins.head (builtins.head
|
||||
options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default
|
||||
// (let
|
||||
exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}";
|
||||
mod = "Mod4";
|
||||
in {
|
||||
"${mod}+Shift+c" = "kill";
|
||||
"${mod}+j" = "focus left";
|
||||
"${mod}+k" = "focus right";
|
||||
"${mod}+d" = "layout toggle split";
|
||||
"${mod}+i" = "exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh";
|
||||
"${mod}+i" =
|
||||
"exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh";
|
||||
#"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session";
|
||||
"${mod}+ctrl+l" = "exec --no-startup-id sleep 1s && pkill -USR1 swayidle";
|
||||
"${mod}+ctrl+l" =
|
||||
"exec --no-startup-id sleep 1s && pkill -USR1 swayidle";
|
||||
"${mod}+Return" = "exec alacritty";
|
||||
"${mod}+Escape" = "workspace back_and_forth";
|
||||
"${mod}+0" = "workspace 10";
|
||||
|
@ -322,13 +397,16 @@ eval "$(starship init bash)"
|
|||
"XF86AudioMute" = exec alsaUtils "amixer set Master toggle";
|
||||
"${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public";
|
||||
"Print" = exec bin.screenshot_public "screenshot_public";
|
||||
"${mod}+Shift+t" = "exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh";
|
||||
"${mod}+Shift+t" =
|
||||
"exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh";
|
||||
"--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh";
|
||||
"${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh";
|
||||
#"${mod}+p" = exec rofi-pass "rofi-pass";
|
||||
"${mod}+e" = exec pkgs.wldash "wldash start-or-kill";
|
||||
"--locked ${mod}+bracketleft" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0";
|
||||
"--locked ${mod}+bracketright" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1";
|
||||
"--locked ${mod}+bracketleft" =
|
||||
"exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0";
|
||||
"--locked ${mod}+bracketright" =
|
||||
"exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1";
|
||||
});
|
||||
};
|
||||
systemdIntegration = true;
|
||||
|
@ -377,24 +455,54 @@ eval "$(starship init bash)"
|
|||
XCURSOR_PATH = "${pkgs.gnome3.adwaita-icon-theme}/share/icons";
|
||||
XDG_CURRENT_DESKTOP = "sway";
|
||||
};
|
||||
home.packages = with pkgs.envs; [
|
||||
apps code de games pdf media misc scripts coins js
|
||||
] ++ (with pkgs; [
|
||||
github-cli libreoffice nix-tree virt-manager watchman
|
||||
home.packages = with pkgs.envs;
|
||||
[ apps code de games pdf media misc scripts coins js ] ++ (with pkgs; [
|
||||
github-cli
|
||||
libreoffice
|
||||
nix-tree
|
||||
virt-manager
|
||||
watchman
|
||||
gnome3.gcr.out # alacritty
|
||||
waybar slurp grim wl-clipboard
|
||||
wldash gebaar-libinput
|
||||
notmuch gmailieer afew
|
||||
swaybg swayidle
|
||||
swaylock broot starship
|
||||
fd htop kcachegrind lm_sensors niv
|
||||
nixfmt linuxPackages.perf pssh slack smartmontools vim waypipe xdg_utils
|
||||
nix-top nix-diff
|
||||
ltrace asciinema cargo minecraft
|
||||
waybar
|
||||
slurp
|
||||
grim
|
||||
wl-clipboard
|
||||
wldash
|
||||
gebaar-libinput
|
||||
notmuch
|
||||
gmailieer
|
||||
afew
|
||||
swaybg
|
||||
swayidle
|
||||
swaylock
|
||||
broot
|
||||
starship
|
||||
fd
|
||||
htop
|
||||
kcachegrind
|
||||
lm_sensors
|
||||
niv
|
||||
nixfmt
|
||||
linuxPackages.perf
|
||||
pssh
|
||||
slack
|
||||
smartmontools
|
||||
vim
|
||||
waypipe
|
||||
xdg_utils
|
||||
nix-top
|
||||
nix-diff
|
||||
ltrace
|
||||
asciinema
|
||||
cargo
|
||||
minecraft
|
||||
unzip
|
||||
exa obs-studio-dmabuf obs-wlrobs
|
||||
exa
|
||||
obs-studio-dmabuf
|
||||
obs-wlrobs
|
||||
zoom-us
|
||||
cachix eagle
|
||||
cachix
|
||||
eagle
|
||||
y-firefox
|
||||
]); # qtwayland
|
||||
# programs.firefox = {
|
||||
|
@ -410,9 +518,7 @@ eval "$(starship init bash)"
|
|||
PartOf = [ "graphical-session.target" ];
|
||||
};
|
||||
|
||||
Install = {
|
||||
WantedBy = [ "graphical-session.target" ];
|
||||
};
|
||||
Install = { WantedBy = [ "graphical-session.target" ]; };
|
||||
|
||||
Service = {
|
||||
ExecStart = ''
|
||||
|
@ -449,9 +555,7 @@ eval "$(starship init bash)"
|
|||
PartOf = [ "graphical-session.target" ];
|
||||
};
|
||||
|
||||
Install = {
|
||||
WantedBy = [ "graphical-session.target" ];
|
||||
};
|
||||
Install = { WantedBy = [ "graphical-session.target" ]; };
|
||||
|
||||
Service = {
|
||||
ExecStart = ''
|
||||
|
|
|
@ -1,4 +1,2 @@
|
|||
let
|
||||
sources = import /home/yorick/dotfiles/nix/sources.nix;
|
||||
in
|
||||
import sources.nixpkgs (import ./config.nix)
|
||||
let sources = import /home/yorick/dotfiles/nix/sources.nix;
|
||||
in import sources.nixpkgs (import ./config.nix)
|
||||
|
|
187
nix/sources.nix
187
nix/sources.nix
|
@ -7,41 +7,58 @@ let
|
|||
#
|
||||
|
||||
fetch_file = pkgs: name: spec:
|
||||
let
|
||||
name' = sanitizeName name + "-src";
|
||||
in
|
||||
if spec.builtin or true then
|
||||
builtins_fetchurl { inherit (spec) url sha256; name = name'; }
|
||||
let name' = sanitizeName name + "-src";
|
||||
in if spec.builtin or true then
|
||||
builtins_fetchurl {
|
||||
inherit (spec) url sha256;
|
||||
name = name';
|
||||
}
|
||||
else
|
||||
pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
|
||||
pkgs.fetchurl {
|
||||
inherit (spec) url sha256;
|
||||
name = name';
|
||||
};
|
||||
|
||||
fetch_tarball = pkgs: name: spec:
|
||||
let
|
||||
name' = sanitizeName name + "-src";
|
||||
in
|
||||
if spec.builtin or true then
|
||||
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
|
||||
let name' = sanitizeName name + "-src";
|
||||
in if spec.builtin or true then
|
||||
builtins_fetchTarball {
|
||||
name = name';
|
||||
inherit (spec) url sha256;
|
||||
}
|
||||
else
|
||||
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
|
||||
pkgs.fetchzip {
|
||||
name = name';
|
||||
inherit (spec) url sha256;
|
||||
};
|
||||
|
||||
fetch_git = name: spec:
|
||||
let
|
||||
ref =
|
||||
if spec ? ref then spec.ref else
|
||||
if spec ? branch then "refs/heads/${spec.branch}" else
|
||||
if spec ? tag then "refs/tags/${spec.tag}" else
|
||||
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
|
||||
in
|
||||
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
|
||||
ref = if spec ? ref then
|
||||
spec.ref
|
||||
else if spec ? branch then
|
||||
"refs/heads/${spec.branch}"
|
||||
else if spec ? tag then
|
||||
"refs/tags/${spec.tag}"
|
||||
else
|
||||
abort
|
||||
"In git source '${name}': Please specify `ref`, `tag` or `branch`!";
|
||||
in builtins.fetchGit {
|
||||
url = spec.repo;
|
||||
inherit (spec) rev;
|
||||
inherit ref;
|
||||
};
|
||||
|
||||
fetch_local = spec: spec.path;
|
||||
|
||||
fetch_builtin-tarball = name: throw
|
||||
''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
|
||||
fetch_builtin-tarball = name:
|
||||
throw ''
|
||||
[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
|
||||
$ niv modify ${name} -a type=tarball -a builtin=true'';
|
||||
|
||||
fetch_builtin-url = name: throw
|
||||
''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
|
||||
fetch_builtin-url = name:
|
||||
throw ''
|
||||
[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
|
||||
$ niv modify ${name} -a type=file -a builtin=true'';
|
||||
|
||||
#
|
||||
|
@ -50,29 +67,25 @@ let
|
|||
|
||||
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
|
||||
sanitizeName = name:
|
||||
(
|
||||
concatMapStrings (s: if builtins.isList s then "-" else s)
|
||||
(
|
||||
builtins.split "[^[:alnum:]+._?=-]+"
|
||||
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
|
||||
)
|
||||
);
|
||||
(concatMapStrings (s: if builtins.isList s then "-" else s)
|
||||
(builtins.split "[^[:alnum:]+._?=-]+"
|
||||
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)));
|
||||
|
||||
# The set of packages used when specs are fetched using non-builtins.
|
||||
mkPkgs = sources: system:
|
||||
let
|
||||
sourcesNixpkgs =
|
||||
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; };
|
||||
sourcesNixpkgs = import
|
||||
(builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {
|
||||
inherit system;
|
||||
};
|
||||
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
|
||||
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
|
||||
in
|
||||
if builtins.hasAttr "nixpkgs" sources
|
||||
then sourcesNixpkgs
|
||||
in if builtins.hasAttr "nixpkgs" sources then
|
||||
sourcesNixpkgs
|
||||
else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
|
||||
import <nixpkgs> { }
|
||||
else
|
||||
abort
|
||||
''
|
||||
abort ''
|
||||
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
||||
add a package called "nixpkgs" to your sources.json.
|
||||
'';
|
||||
|
@ -82,40 +95,59 @@ let
|
|||
|
||||
if !builtins.hasAttr "type" spec then
|
||||
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
|
||||
else if spec.type == "file" then fetch_file pkgs name spec
|
||||
else if spec.type == "tarball" then fetch_tarball pkgs name spec
|
||||
else if spec.type == "git" then fetch_git name spec
|
||||
else if spec.type == "local" then fetch_local spec
|
||||
else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
|
||||
else if spec.type == "builtin-url" then fetch_builtin-url name
|
||||
else if spec.type == "file" then
|
||||
fetch_file pkgs name spec
|
||||
else if spec.type == "tarball" then
|
||||
fetch_tarball pkgs name spec
|
||||
else if spec.type == "git" then
|
||||
fetch_git name spec
|
||||
else if spec.type == "local" then
|
||||
fetch_local spec
|
||||
else if spec.type == "builtin-tarball" then
|
||||
fetch_builtin-tarball name
|
||||
else if spec.type == "builtin-url" then
|
||||
fetch_builtin-url name
|
||||
else
|
||||
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
|
||||
abort
|
||||
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
|
||||
|
||||
# If the environment variable NIV_OVERRIDE_${name} is set, then use
|
||||
# the path directly as opposed to the fetched source.
|
||||
replace = name: drv:
|
||||
let
|
||||
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
|
||||
saneName = stringAsChars
|
||||
(c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
|
||||
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
||||
in
|
||||
if ersatz == "" then drv else
|
||||
in if ersatz == "" then
|
||||
drv
|
||||
else
|
||||
# this turns the string into an actual Nix path (for both absolute and
|
||||
# relative paths)
|
||||
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
|
||||
if builtins.substring 0 1 ersatz == "/" then
|
||||
/. + ersatz
|
||||
else
|
||||
/. + builtins.getEnv "PWD" + "/${ersatz}";
|
||||
|
||||
# Ports of functions for older nix versions
|
||||
|
||||
# a Nix version of mapAttrs if the built-in doesn't exist
|
||||
mapAttrs = builtins.mapAttrs or (
|
||||
f: set: with builtins;
|
||||
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
|
||||
);
|
||||
mapAttrs = builtins.mapAttrs or (f: set:
|
||||
with builtins;
|
||||
listToAttrs (map (attr: {
|
||||
name = attr;
|
||||
value = f attr set.${attr};
|
||||
}) (attrNames set)));
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
|
||||
range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1);
|
||||
range = first: last:
|
||||
if first > last then
|
||||
[ ]
|
||||
else
|
||||
builtins.genList (n: first + n) (last - first + 1);
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
|
||||
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
|
||||
stringToCharacters = s:
|
||||
map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
|
||||
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
|
||||
|
@ -127,42 +159,40 @@ let
|
|||
|
||||
# fetchTarball version that is compatible between all the versions of Nix
|
||||
builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
|
||||
let
|
||||
inherit (builtins) lessThan nixVersion fetchTarball;
|
||||
in
|
||||
if lessThan nixVersion "1.12" then
|
||||
fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
|
||||
let inherit (builtins) lessThan nixVersion fetchTarball;
|
||||
in if lessThan nixVersion "1.12" then
|
||||
fetchTarball
|
||||
({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
|
||||
else
|
||||
fetchTarball attrs;
|
||||
|
||||
# fetchurl version that is compatible between all the versions of Nix
|
||||
builtins_fetchurl = { url, name ? null, sha256 }@attrs:
|
||||
let
|
||||
inherit (builtins) lessThan nixVersion fetchurl;
|
||||
in
|
||||
if lessThan nixVersion "1.12" then
|
||||
fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
|
||||
let inherit (builtins) lessThan nixVersion fetchurl;
|
||||
in if lessThan nixVersion "1.12" then
|
||||
fetchurl
|
||||
({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
|
||||
else
|
||||
fetchurl attrs;
|
||||
|
||||
# Create the final "sources" from the config
|
||||
mkSources = config:
|
||||
mapAttrs (
|
||||
name: spec:
|
||||
if builtins.hasAttr "outPath" spec
|
||||
then abort
|
||||
mapAttrs (name: spec:
|
||||
if builtins.hasAttr "outPath" spec then
|
||||
abort
|
||||
"The values in sources.json should not have an 'outPath' attribute"
|
||||
else
|
||||
spec // { outPath = replace name (fetch config.pkgs name spec); }
|
||||
) config.sources;
|
||||
spec // { outPath = replace name (fetch config.pkgs name spec); })
|
||||
config.sources;
|
||||
|
||||
# The "config" used by the fetchers
|
||||
mkConfig =
|
||||
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
|
||||
, sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
|
||||
, system ? builtins.currentSystem
|
||||
, pkgs ? mkPkgs sources system
|
||||
}: rec {
|
||||
mkConfig = { sourcesFile ?
|
||||
if builtins.pathExists ./sources.json then ./sources.json else null
|
||||
, sources ? if isNull sourcesFile then
|
||||
{ }
|
||||
else
|
||||
builtins.fromJSON (builtins.readFile sourcesFile)
|
||||
, system ? builtins.currentSystem, pkgs ? mkPkgs sources system }: rec {
|
||||
# The sources, i.e. the attribute set of spec name to spec
|
||||
inherit sources;
|
||||
|
||||
|
@ -170,5 +200,6 @@ let
|
|||
inherit pkgs;
|
||||
};
|
||||
|
||||
in
|
||||
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }
|
||||
in mkSources (mkConfig { }) // {
|
||||
__functor = _: settings: mkSources (mkConfig settings);
|
||||
}
|
||||
|
|
|
@ -1,11 +1,15 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
with lib;
|
||||
let cfg = config.deployment.keyys; in
|
||||
{
|
||||
options.deployment.keyys = mkOption { type = types.listOf types.path; default = []; };
|
||||
let cfg = config.deployment.keyys;
|
||||
in {
|
||||
options.deployment.keyys = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [ ];
|
||||
};
|
||||
options.deployment.keys-copy = mkOption { type = types.package; };
|
||||
config = {
|
||||
deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys" (if cfg != [] then ''
|
||||
deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys"
|
||||
(if cfg != [ ] then ''
|
||||
set -e
|
||||
ssh root@$1 "mkdir -p /root/keys"
|
||||
scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys
|
||||
|
|
|
@ -1,9 +1,5 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
imports =
|
||||
[ ../physical/3950x.nix
|
||||
../roles/workstation.nix
|
||||
];
|
||||
{ config, pkgs, lib, ... }: {
|
||||
imports = [ ../physical/3950x.nix ../roles/workstation.nix ];
|
||||
|
||||
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
||||
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
{ config, pkgs, lib, ... }: {
|
||||
imports = [
|
||||
../physical/fractal.nix
|
||||
../roles/server.nix
|
||||
|
@ -20,7 +19,9 @@
|
|||
# };
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
services.yorick.torrent-vpn = {
|
||||
enable = true; name = "mullvad-nl4"; namespace = "torrent";
|
||||
enable = true;
|
||||
name = "mullvad-nl4";
|
||||
namespace = "torrent";
|
||||
};
|
||||
services.plex = {
|
||||
enable = true;
|
||||
|
@ -32,26 +33,28 @@
|
|||
};
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
extraFlags = [
|
||||
"--web.enable-admin-api"
|
||||
];
|
||||
extraFlags = [ "--web.enable-admin-api" ];
|
||||
# victoriametrics
|
||||
remoteWrite = [{ url = "http://127.0.0.1:8428/api/v1/write"; }];
|
||||
scrapeConfigs = [ {
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "smartmeter";
|
||||
# prometheus doesn't support mdns :thinking_face:
|
||||
static_configs = [{ targets = [ "192.168.178.30" ]; }];
|
||||
scrape_interval = "10s";
|
||||
} {
|
||||
}
|
||||
{
|
||||
job_name = "node";
|
||||
static_configs = [{ targets = [ "localhost:9100" ]; }];
|
||||
# } {
|
||||
# job_name = "unifi";
|
||||
# static_configs = [ { targets = [ "localhost:9130" ]; } ];
|
||||
} {
|
||||
}
|
||||
{
|
||||
job_name = "thermometer";
|
||||
static_configs = [{ targets = [ "192.168.178.21:8000" ]; }];
|
||||
}];
|
||||
}
|
||||
];
|
||||
exporters.node.enable = true;
|
||||
# exporters.unifi = {
|
||||
# enable = true;
|
||||
|
@ -81,7 +84,8 @@
|
|||
AUTH_GOOGLE_ALLOW_SIGN_UP = "false";
|
||||
};
|
||||
};
|
||||
systemd.services.grafana.serviceConfig.EnvironmentFile = "/root/keys/grafana.env";
|
||||
systemd.services.grafana.serviceConfig.EnvironmentFile =
|
||||
"/root/keys/grafana.env";
|
||||
services.zfs = {
|
||||
trim.enable = false; # no ssd's
|
||||
autoScrub = {
|
||||
|
|
|
@ -1,9 +1,5 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
imports =
|
||||
[ ../physical/xps9360.nix
|
||||
../roles/workstation.nix
|
||||
];
|
||||
{ config, pkgs, lib, ... }: {
|
||||
imports = [ ../physical/xps9360.nix ../roles/workstation.nix ];
|
||||
|
||||
system.stateVersion = "17.09";
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ let
|
|||
};
|
||||
};
|
||||
vpn = import ../vpn.nix;
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [
|
||||
../physical/hetznercloud.nix
|
||||
../roles/server.nix
|
||||
|
@ -27,17 +26,27 @@ in
|
|||
|
||||
services.nginx.enable = true;
|
||||
services.yorick = {
|
||||
public = { enable = true; vhost = "pub.yori.cc"; };
|
||||
website = { enable = true; vhost = "yorickvanpelt.nl"; };
|
||||
git = { enable = true; vhost = "git.yori.cc"; };
|
||||
muflax-church = { enable = true; vhost = "muflax.church"; };
|
||||
public = {
|
||||
enable = true;
|
||||
vhost = "pub.yori.cc";
|
||||
};
|
||||
website = {
|
||||
enable = true;
|
||||
vhost = "yorickvanpelt.nl";
|
||||
};
|
||||
git = {
|
||||
enable = true;
|
||||
vhost = "git.yori.cc";
|
||||
};
|
||||
muflax-church = {
|
||||
enable = true;
|
||||
vhost = "muflax.church";
|
||||
};
|
||||
};
|
||||
|
||||
services.muflax-blog = {
|
||||
enable = true;
|
||||
web-server = {
|
||||
port = 9001;
|
||||
};
|
||||
web-server = { port = 9001; };
|
||||
hidden-service = {
|
||||
hostname = "muflax65ngodyewp.onion";
|
||||
private_key = "/root/keys/http.muflax.key";
|
||||
|
@ -52,12 +61,16 @@ in
|
|||
forceSSL = true;
|
||||
globalRedirect = "yorickvanpelt.nl";
|
||||
};
|
||||
"yorickvanpelt.nl".locations."/p1".return = "301 https://git.yori.cc/yorick/meterkast";
|
||||
"yorickvanpelt.nl".locations."/p1".return =
|
||||
"301 https://git.yori.cc/yorick/meterkast";
|
||||
"grafana.yori.cc" = sslforward "http://${vpn.ips.frumar}:3000";
|
||||
"ubiquiti.yori.cc" = sslforward "https://${vpn.ips.woodhouse}:8443";
|
||||
"prometheus.yori.cc" = {
|
||||
# only over vpn
|
||||
listen = [ { addr = "10.209.0.1"; port = 80; } ];
|
||||
listen = [{
|
||||
addr = "10.209.0.1";
|
||||
port = 80;
|
||||
}];
|
||||
locations."/".proxyPass = "http://10.209.0.3:9090";
|
||||
};
|
||||
"pub.yori.cc".locations."/muflax/".extraConfig = ''
|
||||
|
@ -66,19 +79,20 @@ in
|
|||
};
|
||||
deployment.keyys = [ <yori-nix/keys/http.muflax.key> ];
|
||||
networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
|
||||
networking.wireguard.interfaces.wg-y.peers =
|
||||
lib.mkForce (lib.mapAttrsToList (machine: publicKey: {
|
||||
networking.wireguard.interfaces.wg-y.peers = lib.mkForce (lib.mapAttrsToList
|
||||
(machine: publicKey: {
|
||||
inherit publicKey;
|
||||
allowedIPs = [ "${vpn.ips.${machine}}/32" ];
|
||||
}) vpn.keys);
|
||||
services.prometheus.exporters.wireguard = {
|
||||
enable = true;
|
||||
};
|
||||
services.prometheus.exporters.wireguard = { enable = true; };
|
||||
networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9586 ];
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
environment.noXlibs = true;
|
||||
users.users.yorick.packages = with pkgs; [
|
||||
python2 sshfs-fuse weechat ripgrep
|
||||
python2
|
||||
sshfs-fuse
|
||||
weechat
|
||||
ripgrep
|
||||
];
|
||||
|
||||
}
|
||||
|
|
|
@ -6,13 +6,22 @@ mkFuseMount = device: opts: {
|
|||
|
||||
device = "${pkgs.sshfsFuse}/bin/sshfs#${device}";
|
||||
fsType = "fuse";
|
||||
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user"
|
||||
"defaults" "allow_other" "transform_symlinks" "default_permissions"
|
||||
options = [
|
||||
"noauto"
|
||||
"x-systemd.automount"
|
||||
"_netdev"
|
||||
"users"
|
||||
"idmap=user"
|
||||
"defaults"
|
||||
"allow_other"
|
||||
"transform_symlinks"
|
||||
"default_permissions"
|
||||
"uid=1000"
|
||||
"reconnect" "IdentityFile=/root/.ssh/id_sshfs"] ++ opts;
|
||||
"reconnect"
|
||||
"IdentityFile=/root/.ssh/id_sshfs"
|
||||
] ++ opts;
|
||||
};
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [
|
||||
../physical/nuc.nix
|
||||
../roles/graphical.nix
|
||||
|
@ -40,7 +49,8 @@ in
|
|||
isNormalUser = true;
|
||||
uid = 1043;
|
||||
extraGroups = [ "wheel" ];
|
||||
hashedPassword = "$6$hD4ESAGS8O1d$yctx6spOPZ0nt/6cgYpsWZ86UoXw3ISRpf2gbdhbl8JgDz6Psjx6JCqJ9NsMi5BHnXlgRRK/z2SVrTjHEsqQR.";
|
||||
hashedPassword =
|
||||
"$6$hD4ESAGS8O1d$yctx6spOPZ0nt/6cgYpsWZ86UoXw3ISRpf2gbdhbl8JgDz6Psjx6JCqJ9NsMi5BHnXlgRRK/z2SVrTjHEsqQR.";
|
||||
packages = with pkgs; [ plex-media-player ];
|
||||
};
|
||||
services.xserver.windowManager.i3.enable = true;
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
# Edit this configuration file to define what should be installed on your system. Help is available in the configuration.nix(5) man page and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
let sources = import ../../nix/sources.nix; in
|
||||
{ config, lib, pkgs, ... }:
|
||||
let sources = import ../../nix/sources.nix;
|
||||
in { config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
imports = [ # Include the results of the hardware scan.
|
||||
../physical/apu2c4.nix
|
||||
#<yori-nix/roles/homeserver.nix>
|
||||
../roles
|
||||
|
@ -50,10 +49,15 @@ let sources = import ../../nix/sources.nix; in
|
|||
interface = "dslite1";
|
||||
};
|
||||
systemd.services.dslite1-netdev = {
|
||||
wantedBy = [ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ];
|
||||
wantedBy =
|
||||
[ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ];
|
||||
bindsTo = [ ];
|
||||
partOf = [ "network-setup.service" ];
|
||||
after = [ "network-pre.target" "network-addresses-enp1s0.service" "network-link-enp1s0.service" ];
|
||||
after = [
|
||||
"network-pre.target"
|
||||
"network-addresses-enp1s0.service"
|
||||
"network-link-enp1s0.service"
|
||||
];
|
||||
before = [ "network-setup.service" ];
|
||||
path = [ pkgs.iproute ];
|
||||
serviceConfig = {
|
||||
|
@ -96,16 +100,56 @@ let sources = import ../../nix/sources.nix; in
|
|||
interfaces = [ "enp2s0" ];
|
||||
enable = true;
|
||||
machines = [
|
||||
{ hostName = "amateria"; ethernetAddress = "a8:a1:59:15:8b:63"; ipAddress = "192.168.178.42"; }
|
||||
{ hostName = "blackadder"; ethernetAddress = "a8:a1:59:03:8a:75"; ipAddress = "192.168.178.33"; }
|
||||
{ hostName = "frumar"; ethernetAddress = "bc:5f:f4:e8:42:9f"; ipAddress = "192.168.178.37"; }
|
||||
{ hostName = "jarvis"; ethernetAddress = "18:1d:ea:35:13:58"; ipAddress = "192.168.178.34"; }
|
||||
{ hostName = "jarvis-dock"; ethernetAddress = "64:4b:f0:10:05:f2"; ipAddress = "192.168.178.13"; }
|
||||
{ hostName = "printer"; ethernetAddress = "30:05:5c:44:20:a7"; ipAddress = "192.168.178.26"; }
|
||||
{ hostName = "raspberrypi"; ethernetAddress = "b8:27:eb:b9:ec:3a"; ipAddress = "192.168.178.21"; }
|
||||
{ hostName = "smartMeter"; ethernetAddress = "5c:cf:7f:26:ca:91"; ipAddress = "192.168.178.30"; }
|
||||
{ hostName = "gang-ap"; ethernetAddress = "b4:fb:e4:2d:fc:f3"; ipAddress = "192.168.178.32"; }
|
||||
{ hostName = "woodhouse"; ethernetAddress = "94:c6:91:15:1f:c5"; ipAddress = "192.168.178.39"; }
|
||||
{
|
||||
hostName = "amateria";
|
||||
ethernetAddress = "a8:a1:59:15:8b:63";
|
||||
ipAddress = "192.168.178.42";
|
||||
}
|
||||
{
|
||||
hostName = "blackadder";
|
||||
ethernetAddress = "a8:a1:59:03:8a:75";
|
||||
ipAddress = "192.168.178.33";
|
||||
}
|
||||
{
|
||||
hostName = "frumar";
|
||||
ethernetAddress = "bc:5f:f4:e8:42:9f";
|
||||
ipAddress = "192.168.178.37";
|
||||
}
|
||||
{
|
||||
hostName = "jarvis";
|
||||
ethernetAddress = "18:1d:ea:35:13:58";
|
||||
ipAddress = "192.168.178.34";
|
||||
}
|
||||
{
|
||||
hostName = "jarvis-dock";
|
||||
ethernetAddress = "64:4b:f0:10:05:f2";
|
||||
ipAddress = "192.168.178.13";
|
||||
}
|
||||
{
|
||||
hostName = "printer";
|
||||
ethernetAddress = "30:05:5c:44:20:a7";
|
||||
ipAddress = "192.168.178.26";
|
||||
}
|
||||
{
|
||||
hostName = "raspberrypi";
|
||||
ethernetAddress = "b8:27:eb:b9:ec:3a";
|
||||
ipAddress = "192.168.178.21";
|
||||
}
|
||||
{
|
||||
hostName = "smartMeter";
|
||||
ethernetAddress = "5c:cf:7f:26:ca:91";
|
||||
ipAddress = "192.168.178.30";
|
||||
}
|
||||
{
|
||||
hostName = "gang-ap";
|
||||
ethernetAddress = "b4:fb:e4:2d:fc:f3";
|
||||
ipAddress = "192.168.178.32";
|
||||
}
|
||||
{
|
||||
hostName = "woodhouse";
|
||||
ethernetAddress = "94:c6:91:15:1f:c5";
|
||||
ipAddress = "192.168.178.39";
|
||||
}
|
||||
];
|
||||
extraConfig = ''
|
||||
subnet 192.168.178.0 netmask 255.255.255.0 {
|
||||
|
@ -183,7 +227,8 @@ let sources = import ../../nix/sources.nix; in
|
|||
boot.supportedFilesystems = lib.mkForce [ "ext4" ];
|
||||
boot.initrd.supportedFilesystems = lib.mkForce [ "ext4" ];
|
||||
security.polkit.enable = false;
|
||||
nixpkgs.overlays = [ (self: super: {
|
||||
nixpkgs.overlays = [
|
||||
(self: super: {
|
||||
dhcpcd = super.dhcpcd.overrideAttrs (o: rec {
|
||||
pname = "dhcpcd";
|
||||
version = "8.1.9";
|
||||
|
@ -193,5 +238,6 @@ let sources = import ../../nix/sources.nix; in
|
|||
};
|
||||
patches = [ ];
|
||||
});
|
||||
}) ];
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.yorick.lumi-vpn;
|
||||
addresses = import "${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix"
|
||||
{ lib.ip4.ip = a: b: c: d: x: lib.concatStringsSep "." (map toString [ a b c d ]); };
|
||||
in
|
||||
{
|
||||
addresses = import
|
||||
"${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix" {
|
||||
lib.ip4.ip = a: b: c: d: x:
|
||||
lib.concatStringsSep "." (map toString [ a b c d ]);
|
||||
};
|
||||
in {
|
||||
options.yorick.lumi-vpn = with lib; {
|
||||
enable = mkEnableOption "lumi vpn";
|
||||
name = mkOption {
|
||||
|
@ -28,7 +30,8 @@ in
|
|||
config = lib.mkIf cfg.enable {
|
||||
networking.wireguard.interfaces = {
|
||||
wg-lumi = {
|
||||
privateKeyFile = "/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key";
|
||||
privateKeyFile =
|
||||
"/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key";
|
||||
ips = [ cfg.ip ];
|
||||
peers = [{
|
||||
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{ cur_pkgs, config, lib, ... }:
|
||||
|
||||
|
||||
let
|
||||
cfg = config.services.muflax-blog;
|
||||
muflax-source = builtins.fetchGit {
|
||||
|
@ -9,20 +8,23 @@ let
|
|||
url = "https://github.com/fmap/muflax65ngodyewp.onion.git";
|
||||
};
|
||||
nixpkgs = import (builtins.fetchTarball {
|
||||
url = "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
|
||||
url =
|
||||
"https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
|
||||
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
|
||||
}) { system = builtins.currentSystem; };
|
||||
blog = lib.overrideDerivation (nixpkgs.callPackage "${muflax-source}/maintenance" {}) (default: {
|
||||
blog = lib.overrideDerivation
|
||||
(nixpkgs.callPackage "${muflax-source}/maintenance" { }) (default: {
|
||||
buildPhase = default.buildPhase + "\n" + ''
|
||||
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1${cfg.hidden-service.hostname}/g'
|
||||
'';
|
||||
});
|
||||
in with lib; {
|
||||
options.services.muflax-blog = {
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
web-server = {
|
||||
port = mkOption { type = types.int; };
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
web-server = { port = mkOption { type = types.int; }; };
|
||||
hidden-service = {
|
||||
hostname = mkOption { type = types.str; };
|
||||
private_key = mkOption { type = types.str; };
|
||||
|
@ -51,7 +53,9 @@ in with lib; {
|
|||
};
|
||||
services.tor.enable = true;
|
||||
services.tor.hiddenServices.muflax-blog.map = [{
|
||||
port = 80; toPort = cfg.web-server.port; }];
|
||||
port = 80;
|
||||
toPort = cfg.web-server.port;
|
||||
}];
|
||||
services.tor.service-keys.muflax-blog = cfg.hidden-service.private_key;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -8,8 +8,7 @@ sslcfg = dir: ''
|
|||
add_header Strict-Transport-Security max-age=15768000;
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
in {
|
||||
config = lib.mkIf config.services.nginx.enable {
|
||||
services.nginx = {
|
||||
recommendedTlsSettings = true;
|
||||
|
|
|
@ -1,32 +1,20 @@
|
|||
let
|
||||
names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
|
||||
in
|
||||
pkgs: super: {
|
||||
let names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
|
||||
in pkgs: super: {
|
||||
yorick = (super.yorick or { }) // rec {
|
||||
nixos =
|
||||
configuration: extraArgs:
|
||||
nixos = configuration: extraArgs:
|
||||
let
|
||||
c = import (pkgs.path + "/nixos/lib/eval-config.nix") {
|
||||
inherit (pkgs.stdenv.hostPlatform) system;
|
||||
inherit extraArgs;
|
||||
modules =
|
||||
[(
|
||||
{ lib, ... }: {
|
||||
config.nixpkgs.pkgs = lib.mkDefault pkgs;
|
||||
}
|
||||
)] ++ (
|
||||
if builtins.isList configuration
|
||||
then configuration
|
||||
else [configuration]
|
||||
);
|
||||
[ ({ lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault pkgs; }) ]
|
||||
++ (if builtins.isList configuration then
|
||||
configuration
|
||||
else
|
||||
[ configuration ]);
|
||||
};
|
||||
in
|
||||
c.config.system.build // c;
|
||||
machine = pkgs.lib.genAttrs names (name: nixos [
|
||||
./roles
|
||||
(./logical + "/${name}.nix")
|
||||
] {
|
||||
inherit name;
|
||||
});
|
||||
in c.config.system.build // c;
|
||||
machine = pkgs.lib.genAttrs names
|
||||
(name: nixos [ ./roles (./logical + "/${name}.nix") ] { inherit name; });
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,3 +1 @@
|
|||
[ (self: super: {
|
||||
yori-cc = super.callPackage ./yori-cc.nix {};
|
||||
})]
|
||||
[ (self: super: { yori-cc = super.callPackage ./yori-cc.nix { }; }) ]
|
||||
|
|
|
@ -17,7 +17,7 @@ stdenv.mkDerivation {
|
|||
|
||||
meta = {
|
||||
description = "Yori-cc website";
|
||||
homepage = https://yorickvanpelt.nl;
|
||||
homepage = "https://yorickvanpelt.nl";
|
||||
maintainers = [ "Yorick" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -4,33 +4,31 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "rpool/root/nixos";
|
||||
fileSystems."/" = {
|
||||
device = "rpool/root/nixos";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "rpool/home-enc";
|
||||
fileSystems."/home" = {
|
||||
device = "rpool/home-enc";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/5D0A-7902";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/5D0A-7902";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/61a23e27-2cd4-4456-bcde-aec68be04239"; }
|
||||
];
|
||||
[{ device = "/dev/disk/by-uuid/61a23e27-2cd4-4456-bcde-aec68be04239"; }];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 32;
|
||||
# High-DPI console
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let sources = import ../../nix/sources.nix;
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[ ./.
|
||||
in {
|
||||
imports = [
|
||||
./.
|
||||
./3950x-hardware-config.nix
|
||||
"${sources.nixos-hardware}/common/cpu/amd"
|
||||
];
|
||||
|
@ -27,8 +26,13 @@ in
|
|||
# linkConfig.NamePolicy = "mac kernel database onboard slot path";
|
||||
# };
|
||||
boot.kernelParams = [
|
||||
"amdgpu.ppfeaturemask=0xffffffff" "amdgpu.noretry=0" "amdgpu.lockup_timeout=1000" "amdgpu.gpu_recovery=1" "amdgpu.audio=0"
|
||||
"amdgpu.ppfeaturemask=0xffffffff"
|
||||
"amdgpu.noretry=0"
|
||||
"amdgpu.lockup_timeout=1000"
|
||||
"amdgpu.gpu_recovery=1"
|
||||
"amdgpu.audio=0"
|
||||
# thunderbolt
|
||||
"pcie_ports=native" "pci=assign-busses,hpbussize=0x33,realloc"
|
||||
"pcie_ports=native"
|
||||
"pci=assign-busses,hpbussize=0x33,realloc"
|
||||
];
|
||||
}
|
||||
|
|
|
@ -4,19 +4,19 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; }
|
||||
];
|
||||
[{ device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; }];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
}
|
||||
|
|
|
@ -1,3 +1 @@
|
|||
{
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
}
|
||||
{ hardware.enableRedistributableFirmware = true; }
|
||||
|
|
|
@ -1,13 +1,10 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let sources = import ../../nix/sources.nix;
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[ ./.
|
||||
"${sources.nixos-hardware}/common/cpu/intel"
|
||||
];
|
||||
in {
|
||||
imports = [ ./. "${sources.nixos-hardware}/common/cpu/intel" ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
|
||||
|
||||
# Use the GRUB 2 boot loader.
|
||||
boot.loader.grub = {
|
||||
|
@ -17,23 +14,20 @@ in
|
|||
device = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S21PNXAG441016B";
|
||||
};
|
||||
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/ba95c638-f243-48ee-ae81-0c70884e7e74";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/ba95c638-f243-48ee-ae81-0c70884e7e74";
|
||||
fsType = "ext4";
|
||||
options = [ "defaults" "relatime" "discard" ];
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-label/nixos-swap"; }
|
||||
];
|
||||
fileSystems."/data" =
|
||||
{ device = "frumar-new";
|
||||
swapDevices = [{ device = "/dev/disk/by-label/nixos-swap"; }];
|
||||
fileSystems."/data" = {
|
||||
device = "frumar-new";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/data/plexmedia" =
|
||||
{ device = "frumar-new/plexmedia";
|
||||
fileSystems."/data/plexmedia" = {
|
||||
device = "frumar-new/plexmedia";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
let
|
||||
ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName};
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
let ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName};
|
||||
in {
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
boot.loader.grub = {
|
||||
|
@ -17,8 +14,8 @@ in
|
|||
device = "/dev/sda";
|
||||
};
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/sda1";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/sda1";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,29 +1,28 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
let sources = import ../../nix/sources.nix;
|
||||
in
|
||||
{
|
||||
in {
|
||||
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
./.
|
||||
"${sources.nixos-hardware}/common/cpu/intel"
|
||||
];
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/3e148654-0ed8-4354-8159-e3499c6fa299";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/3e148654-0ed8-4354-8159-e3499c6fa299";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/439E-26EA";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/439E-26EA";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
|
@ -35,7 +34,8 @@ in
|
|||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
||||
};
|
||||
hardware.opengl.extraPackages = with pkgs; [
|
||||
hardware.opengl.extraPackages = with pkgs;
|
||||
[
|
||||
intel-media-driver # only available starting nixos-19.03 or the current nixos-unstable
|
||||
];
|
||||
}
|
||||
|
|
|
@ -9,21 +9,21 @@
|
|||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."nix-crypt".device = "/dev/disk/by-uuid/320ef81d-283f-4916-ac26-ecfb0f31e549";
|
||||
boot.initrd.luks.devices."nix-crypt".device =
|
||||
"/dev/disk/by-uuid/320ef81d-283f-4916-ac26-ecfb0f31e549";
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/0E07-7805";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/0E07-7805";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/198ddaba-a849-41de-993d-862c2d37937a"; }
|
||||
];
|
||||
[{ device = "/dev/disk/by-uuid/198ddaba-a849-41de-993d-862c2d37937a"; }];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let sources = import ../../nix/sources.nix;
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [
|
||||
"${sources.nixos-hardware}/dell/xps/13-9360"
|
||||
./xps9360-hardware-config.nix
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
let secrets = import ../secrets.nix;
|
||||
in
|
||||
{ config, pkgs, lib, name, ...}:
|
||||
in { config, pkgs, lib, name, ... }:
|
||||
let
|
||||
machine = name;
|
||||
vpn = import ../vpn.nix;
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [
|
||||
../modules/tor-hidden-service.nix
|
||||
../modules/nginx.nix
|
||||
|
@ -18,7 +16,8 @@ in
|
|||
time.timeZone = "Europe/Amsterdam";
|
||||
users.mutableUsers = false;
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = config.users.users.yorick.openssh.authorizedKeys.keys;
|
||||
openssh.authorizedKeys.keys =
|
||||
config.users.users.yorick.openssh.authorizedKeys.keys;
|
||||
# root password is useful from console, ssh has password logins disabled
|
||||
hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own
|
||||
|
||||
|
@ -48,7 +47,6 @@ in
|
|||
challengeResponseAuthentication = false;
|
||||
};
|
||||
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# v important.
|
||||
cowsay # ponysay
|
||||
|
@ -59,16 +57,23 @@ in
|
|||
#vim
|
||||
|
||||
# system stuff
|
||||
ethtool inetutils
|
||||
pciutils usbutils
|
||||
/*iotop*/ powertop htop
|
||||
psmisc lsof
|
||||
smartmontools hdparm
|
||||
ethtool
|
||||
inetutils
|
||||
pciutils
|
||||
usbutils
|
||||
# iotop
|
||||
powertop
|
||||
htop
|
||||
psmisc
|
||||
lsof
|
||||
smartmontools
|
||||
hdparm
|
||||
lm_sensors
|
||||
ncdu
|
||||
|
||||
# utils
|
||||
file which
|
||||
file
|
||||
which
|
||||
reptyr
|
||||
tmux
|
||||
bc
|
||||
|
@ -81,9 +86,14 @@ in
|
|||
atool
|
||||
|
||||
# network
|
||||
nmap mtr bind
|
||||
socat netcat-openbsd
|
||||
lftp wget rsync
|
||||
nmap
|
||||
mtr
|
||||
bind
|
||||
socat
|
||||
netcat-openbsd
|
||||
lftp
|
||||
wget
|
||||
rsync
|
||||
|
||||
#gitMinimal
|
||||
#rxvt_unicode.terminfo
|
||||
|
|
|
@ -45,7 +45,9 @@ in { config, lib, pkgs, ... }: {
|
|||
programs.sway = {
|
||||
enable = true;
|
||||
extraSessionCommands = ''
|
||||
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])}
|
||||
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${
|
||||
lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -6,11 +6,15 @@
|
|||
programs.mosh.enable = true;
|
||||
|
||||
environment.noXlibs = true;
|
||||
networking.firewall.logRefusedConnections = false; # Silence logging of scanners and knockers
|
||||
networking.firewall.logRefusedConnections =
|
||||
false; # Silence logging of scanners and knockers
|
||||
# TODO: upstream with noXlibs
|
||||
# https://github.com/NixOS/nixpkgs/pull/107394
|
||||
nixpkgs.overlays = [ (self: super: {
|
||||
elixir_1_8 = (self.beam.packagesWith (self.beam.interpreters.erlang_nox)).elixir_1_8;
|
||||
nixpkgs.overlays = [
|
||||
(self: super: {
|
||||
elixir_1_8 =
|
||||
(self.beam.packagesWith (self.beam.interpreters.erlang_nox)).elixir_1_8;
|
||||
erlang = super.erlang_nox;
|
||||
}) ];
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
nixNetrcFile = pkgs.runCommand "nix-netrc-file"
|
||||
{ hostname = "cache.lumi.guide";
|
||||
nixNetrcFile = pkgs.runCommand "nix-netrc-file" {
|
||||
hostname = "cache.lumi.guide";
|
||||
username = "lumi";
|
||||
} ''
|
||||
cat > $out <<EOI
|
||||
machine $hostname
|
||||
login $username
|
||||
password ${builtins.readFile /home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password}
|
||||
password ${
|
||||
builtins.readFile
|
||||
/home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password
|
||||
}
|
||||
EOI
|
||||
'';
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./graphical.nix
|
||||
];
|
||||
in {
|
||||
imports = [ ./graphical.nix ];
|
||||
|
||||
users.extraUsers.yorick.extraGroups = [ "input" "wireshark" "dialout" ];
|
||||
services.printing = {
|
||||
|
@ -22,7 +22,9 @@ in
|
|||
drivers = [ pkgs.gutenprint pkgs.cups-dymo ];
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
pkgs.ghostscript pkgs.yubikey-manager pkgs.glib
|
||||
pkgs.ghostscript
|
||||
pkgs.yubikey-manager
|
||||
pkgs.glib
|
||||
];
|
||||
environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [
|
||||
"${gnome-themes-extra}/share"
|
||||
|
@ -92,7 +94,6 @@ in
|
|||
package = pkgs.postgresql_10;
|
||||
};
|
||||
|
||||
|
||||
# git
|
||||
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
|
||||
|
||||
|
@ -101,10 +102,7 @@ in
|
|||
services.pipewire.enable = true;
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
extraPortals = with pkgs; [
|
||||
xdg-desktop-portal-wlr
|
||||
xdg-desktop-portal-gtk
|
||||
];
|
||||
extraPortals = with pkgs; [ xdg-desktop-portal-wlr xdg-desktop-portal-gtk ];
|
||||
gtkUsePortal = true;
|
||||
};
|
||||
}
|
||||
|
|
Binary file not shown.
|
@ -1,12 +1,14 @@
|
|||
let
|
||||
sources = import ./nix/sources.nix;
|
||||
nixpkgs = import sources.nixpkgs { };
|
||||
nixos = name: configuration: import (nixpkgs.path + "/nixos/lib/eval-config.nix") {
|
||||
nixos = name: configuration:
|
||||
import (nixpkgs.path + "/nixos/lib/eval-config.nix") {
|
||||
extraArgs = { inherit name; };
|
||||
modules = [ ({lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault nixpkgs; }) ] ++ configuration;
|
||||
modules =
|
||||
[ ({ lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault nixpkgs; }) ]
|
||||
++ configuration;
|
||||
};
|
||||
names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ];
|
||||
in
|
||||
nixpkgs.lib.genAttrs names (name: (let os =
|
||||
nixos name [ ./roles (./logical + "/${name}.nix") ]; in
|
||||
os.config.system.build.toplevel // os))
|
||||
in nixpkgs.lib.genAttrs names (name:
|
||||
(let os = nixos name [ ./roles (./logical + "/${name}.nix") ];
|
||||
in os.config.system.build.toplevel // os))
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ name, ... }:
|
||||
{
|
||||
{ name, ... }: {
|
||||
deployment.keyys = [
|
||||
(../keys + "/${name}_borg_repo.key")
|
||||
(../keys + "/${name}_borg_ssh.key")
|
||||
|
|
|
@ -1,8 +1 @@
|
|||
{
|
||||
imports = [
|
||||
./git.nix
|
||||
./muflax-church.nix
|
||||
./pub.nix
|
||||
./website.nix
|
||||
];
|
||||
}
|
||||
{ imports = [ ./git.nix ./muflax-church.nix ./pub.nix ./website.nix ]; }
|
||||
|
|
|
@ -1,11 +1,7 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
sources = import ../../nix/sources.nix;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
("${sources.nixos-mailserver}")
|
||||
];
|
||||
let sources = import ../../nix/sources.nix;
|
||||
in {
|
||||
imports = [ ("${sources.nixos-mailserver}") ];
|
||||
|
||||
mailserver = rec {
|
||||
enable = true;
|
||||
|
|
|
@ -3,8 +3,7 @@
|
|||
let
|
||||
cfg = config.services.yorick.git;
|
||||
inherit (cfg) vhost;
|
||||
in
|
||||
{
|
||||
in {
|
||||
options.services.yorick.git = with lib; {
|
||||
enable = mkEnableOption "git";
|
||||
vhost = mkOption { type = types.str; };
|
||||
|
@ -12,7 +11,9 @@ in
|
|||
config = lib.mkIf cfg.enable {
|
||||
users.extraUsers.git = {
|
||||
createHome = true;
|
||||
home = config.services.gitea.stateDir; extraGroups = [ "git" ]; useDefaultShell = true;
|
||||
home = config.services.gitea.stateDir;
|
||||
extraGroups = [ "git" ];
|
||||
useDefaultShell = true;
|
||||
};
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
|
@ -42,7 +43,8 @@ in
|
|||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.gitea.httpPort}";
|
||||
proxyPass =
|
||||
"http://127.0.0.1:${toString config.services.gitea.httpPort}";
|
||||
extraConfig = ''
|
||||
proxy_buffering off;
|
||||
'';
|
||||
|
|
|
@ -7,10 +7,13 @@ let
|
|||
url = "https://github.com/fmap/muflax65ngodyewp.onion.git";
|
||||
};
|
||||
nixpkgs = import (builtins.fetchTarball {
|
||||
url = "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
|
||||
url =
|
||||
"https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz";
|
||||
sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8";
|
||||
}) { system = builtins.currentSystem; };
|
||||
muflax-church = (nixpkgs.callPackage "${muflax-source}/maintenance" {}).overrideDerivation (default: {
|
||||
muflax-church =
|
||||
(nixpkgs.callPackage "${muflax-source}/maintenance" { }).overrideDerivation
|
||||
(default: {
|
||||
buildPhase = default.buildPhase + "\n" + ''
|
||||
grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1muflax.church/g;s/http:\/\/\([^@]*\)muflax.church/https:\/\/\1muflax.church/g'
|
||||
'';
|
||||
|
@ -23,9 +26,12 @@ nixpkgs = import (builtins.fetchTarball {
|
|||
"gospel.${vhost}" = "${muflax-church}/gospel";
|
||||
"alt.${vhost}" = "/home/public/public/muflax";
|
||||
};
|
||||
m = x: root: { forceSSL = true; useACMEHost = vhost; inherit root; };
|
||||
in
|
||||
{
|
||||
m = x: root: {
|
||||
forceSSL = true;
|
||||
useACMEHost = vhost;
|
||||
inherit root;
|
||||
};
|
||||
in {
|
||||
options.services.yorick.muflax-church = with lib; {
|
||||
enable = mkEnableOption "muflax.church";
|
||||
vhost = mkOption { type = types.str; };
|
||||
|
@ -42,11 +48,7 @@ in
|
|||
"gospel.${vhost}" = m "${muflax-church}/gospel";
|
||||
"alt.${vhost}" = m "/home/public/public/muflax";
|
||||
} // (lib.mapAttrs m addrs);
|
||||
security.acme.certs.${vhost}.extraDomainNames = [
|
||||
"daily.${vhost}"
|
||||
"blog.${vhost}"
|
||||
"gospel.${vhost}"
|
||||
"alt.${vhost}"
|
||||
];
|
||||
security.acme.certs.${vhost}.extraDomainNames =
|
||||
[ "daily.${vhost}" "blog.${vhost}" "gospel.${vhost}" "alt.${vhost}" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let cfg = config.services.yorick.public; in
|
||||
{
|
||||
let cfg = config.services.yorick.public;
|
||||
in {
|
||||
options.services.yorick.public = {
|
||||
enable = lib.mkEnableOption "public hosting";
|
||||
vhost = lib.mkOption { type = lib.types.str; };
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
cfg = config.services.yorick.torrent-vpn;
|
||||
in
|
||||
{
|
||||
let cfg = config.services.yorick.torrent-vpn;
|
||||
in {
|
||||
options.services.yorick.torrent-vpn = with lib; {
|
||||
enable = mkEnableOption "torrent-vpn";
|
||||
name = mkOption { type = types.str; };
|
||||
|
|
|
@ -3,18 +3,23 @@
|
|||
let
|
||||
yoricc = pkgs.callPackage ../packages/yori-cc.nix { };
|
||||
cfg = config.services.yorick.website;
|
||||
in
|
||||
with lib;
|
||||
{
|
||||
in with lib; {
|
||||
options.services.yorick = {
|
||||
website = {
|
||||
enable = mkEnableOption "yoricc website";
|
||||
vhost = mkOption { type = types.str; };
|
||||
pkg = mkOption { type = types.package; default = yoricc; };
|
||||
pkg = mkOption {
|
||||
type = types.package;
|
||||
default = yoricc;
|
||||
};
|
||||
redirect = mkOption { type = types.loaOf types.str; default = []; };
|
||||
};
|
||||
config.services.nginx.virtualHosts = with cfg; mkIf enable {
|
||||
redirect = mkOption {
|
||||
type = types.loaOf types.str;
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
config.services.nginx.virtualHosts = with cfg;
|
||||
mkIf enable {
|
||||
${vhost} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
{
|
||||
public = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZv+hBDmjxF8h9Gxwvy0o7sMgOsqwp8pVj9AlpG90Y7agvkOm2IGtFueVfiDe0yWPXT0/EIiVWcPhWwcVkbY/BkypPJSMLnlcQ6ld+aO1g+BtdDaVuxcTSvQ77UCT2p+wftxoq1EiUdlhTsXpPucrBd+5NOde+jlPBE4qChIAf2zhOIByJAGT+M4Ie3eV4p5S9LB9CMI4s32gNUBbSA8UDmkjpBXkf9a1TZzdkOGWUmUFXt53/O8LZlGK9kkA5TsjM2xaxDjCLWf5wEcey4JsEggi1prE4aB68Q7+kdbvDiVSEFyZn0A/A9RXHBRAgW8yPdh+EGC56iDW/wkGxWBY5";
|
||||
yorick = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo1N5E6qkb3McJOvv0PqI7E8iYLAcjil5RWc+zeTtN/" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFQm2OJ8PlnDHfI7FV3hddXP0t2jgKAiCnnuWIc+LK4dnyGmlC/ihIe9KhSENZEnzVAXnYAMOoOvpkVa5p0Itf1n0anCK3k2vDq0Jz9nY3ZXmkSHE09QGCpSG8kU6j+zWJPo2jWYNtxYMRmmHAuzzOdlPY9Q199PEvHVaqzpSVhIdhqhEcmap8oqHW6KbJu+17nLGGQB5XiTB1SlTxbg62copA9KMcvQzNGIooKs5QyrU/B0g05EfbogH7xOLbwYAK676DTUBEcKpEUYFMMv+DBcU4cH2EI6UTLxI5ohrS1pxk20zu5nTRMlQRUETpWN4EbEPfOzF8FW1YOwdttfCas8D6Y6t9gA4o8GpylBG9AElVw7VyOFeBR+AtchormH+wH6nZEvzs6wg2d84I8xo5qYGUJIQS7OYxypjlY01IFCCa/7rjzXGDmdWAP/UEu85ys9FSryn9Ey5DXDQOqhMHguOwQDUyaArWyRCCBzKbx6cPZw2D9bLfDxbnaC2/5dVyxHJXoWmwneX2E/UT5QwtG1nyLShIZhYgO9lfDpO61Mz9Jjap3sj6mJPxHZc5SGye0j47xV6kX4vbSgfoSHHnasaI3fR2ZBS7tnfq1ebxXqFFSPHK6uHjLgDHtkMisvjOVZnybuXB296pjv6K1o2G3qlUnImOqfxZxvuy4Xl/mw== cardno:000607186578"];
|
||||
public =
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZv+hBDmjxF8h9Gxwvy0o7sMgOsqwp8pVj9AlpG90Y7agvkOm2IGtFueVfiDe0yWPXT0/EIiVWcPhWwcVkbY/BkypPJSMLnlcQ6ld+aO1g+BtdDaVuxcTSvQ77UCT2p+wftxoq1EiUdlhTsXpPucrBd+5NOde+jlPBE4qChIAf2zhOIByJAGT+M4Ie3eV4p5S9LB9CMI4s32gNUBbSA8UDmkjpBXkf9a1TZzdkOGWUmUFXt53/O8LZlGK9kkA5TsjM2xaxDjCLWf5wEcey4JsEggi1prE4aB68Q7+kdbvDiVSEFyZn0A/A9RXHBRAgW8yPdh+EGC56iDW/wkGxWBY5";
|
||||
yorick = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo1N5E6qkb3McJOvv0PqI7E8iYLAcjil5RWc+zeTtN/"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFQm2OJ8PlnDHfI7FV3hddXP0t2jgKAiCnnuWIc+LK4dnyGmlC/ihIe9KhSENZEnzVAXnYAMOoOvpkVa5p0Itf1n0anCK3k2vDq0Jz9nY3ZXmkSHE09QGCpSG8kU6j+zWJPo2jWYNtxYMRmmHAuzzOdlPY9Q199PEvHVaqzpSVhIdhqhEcmap8oqHW6KbJu+17nLGGQB5XiTB1SlTxbg62copA9KMcvQzNGIooKs5QyrU/B0g05EfbogH7xOLbwYAK676DTUBEcKpEUYFMMv+DBcU4cH2EI6UTLxI5ohrS1pxk20zu5nTRMlQRUETpWN4EbEPfOzF8FW1YOwdttfCas8D6Y6t9gA4o8GpylBG9AElVw7VyOFeBR+AtchormH+wH6nZEvzs6wg2d84I8xo5qYGUJIQS7OYxypjlY01IFCCa/7rjzXGDmdWAP/UEu85ys9FSryn9Ey5DXDQOqhMHguOwQDUyaArWyRCCBzKbx6cPZw2D9bLfDxbnaC2/5dVyxHJXoWmwneX2E/UT5QwtG1nyLShIZhYgO9lfDpO61Mz9Jjap3sj6mJPxHZc5SGye0j47xV6kX4vbSgfoSHHnasaI3fR2ZBS7tnfq1ebxXqFFSPHK6uHjLgDHtkMisvjOVZnybuXB296pjv6K1o2G3qlUnImOqfxZxvuy4Xl/mw== cardno:000607186578"
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
let sources = import ./nix/sources.nix; in
|
||||
pkgs: super: {
|
||||
let sources = import ./nix/sources.nix;
|
||||
in pkgs: super: {
|
||||
yorick = super.yorick // rec {
|
||||
home = { check ? true, newsReadIdsFile ? null }:
|
||||
import "${sources.home-manager}/home-manager/home-manager.nix" {
|
||||
|
|
Loading…
Reference in New Issue