Various changes, and added a live-disk config.
This commit is contained in:
parent
df7761b11b
commit
7b889633d8
@ -1,8 +1,13 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
with lib;
|
||||
let
|
||||
|
||||
in {
|
||||
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
||||
|
||||
system.stateVersion = "21.05";
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
@ -19,34 +24,62 @@
|
||||
};
|
||||
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
kernelPackages = pkgs.linuxPackages.zfs;
|
||||
supportedFilesystems = [ "zfs" ];
|
||||
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
version = 2;
|
||||
device = "/dev/disk/by-label/nixos-root";
|
||||
device = "/dev/disk/by-label/lambda-root";
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/nixos-root";
|
||||
fsType = "btrfs";
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/lambda-boot";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/nixos-boot";
|
||||
fsType = "ext4";
|
||||
"/" = {
|
||||
device = "lambda/transient/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
"/nix" = {
|
||||
device = "lambda/transient/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
"/var/log" = {
|
||||
device = "lambda/transient/logs";
|
||||
fsType = "zfs";
|
||||
neededForBoot = true;
|
||||
};
|
||||
|
||||
"/home" = {
|
||||
device = "lambda/persistent/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
"/state" = {
|
||||
device = "lambda/persistent/state";
|
||||
fsType = "zfs";
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-label/nixos-swap"; }];
|
||||
boot.initrd.postDeviceCommands = lib.mkAfter ''
|
||||
${pkgs.zfs}/bin/zfs rollback -r lambda/transient/root@blank
|
||||
'';
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-label/lambda-swap"; }];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 12;
|
||||
|
||||
hardware.bluetooth.enable = false;
|
||||
|
||||
networking = {
|
||||
hostId = substring 0 8 (fileContents /etc/machine-id);
|
||||
|
||||
macvlans = {
|
||||
intif0 = {
|
||||
interface = "enp3s0f1";
|
||||
|
@ -1,7 +1,6 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
with lib; {
|
||||
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
||||
|
||||
boot = {
|
||||
@ -18,7 +17,7 @@ with lib;
|
||||
};
|
||||
|
||||
supportedFilesystems = [ "zfs" ];
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
kernelPackages = pkgs.linuxPackages.zfs;
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
|
@ -5,13 +5,6 @@ let
|
||||
shinobi-od-port = "7082";
|
||||
|
||||
in {
|
||||
# TODO: remove?
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"openssh-with-gssapi-8.4p1" # CVE-2021-28041
|
||||
];
|
||||
|
||||
fudo.slynk.enable = true;
|
||||
|
||||
networking = {
|
||||
interfaces = {
|
||||
enp3s0f0.useDHCP = false;
|
||||
@ -23,19 +16,34 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
fudo.secrets.host-secrets.lambda = {
|
||||
host-keytab = {
|
||||
source-file = /state/secrets/kerberos/lambda.keytab;
|
||||
target-file = "/etc/krb5.keytab";
|
||||
user = "root";
|
||||
fudo.secrets = {
|
||||
host-secrets.lambda = {
|
||||
host-keytab = {
|
||||
source-file = /state/secrets/kerberos/lambda.keytab;
|
||||
target-file = "/etc/krb5.keytab";
|
||||
user = "root";
|
||||
};
|
||||
};
|
||||
|
||||
secret-group = "fudo-secrets";
|
||||
secret-users = [ "niten" ];
|
||||
secret-paths = [ "/state/secrets" ];
|
||||
};
|
||||
|
||||
fudo.ipfs = {
|
||||
enable = true;
|
||||
users = [ "niten" ];
|
||||
api-address = "/ip4/0.0.0.0/tcp/5001";
|
||||
};
|
||||
systemd.tmpfiles.rules = [
|
||||
"L /root/.gnupg - - - - /state/root/gnupg"
|
||||
# "L /root/.emacs.d - - - - /state/root/emacs.d"
|
||||
"L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
|
||||
"L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
|
||||
"L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
|
||||
"L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key"
|
||||
"L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key"
|
||||
];
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
# Due to rollback, sudo will lecture after every reboot
|
||||
Defaults lecture = never
|
||||
'';
|
||||
|
||||
virtualisation = {
|
||||
docker = {
|
||||
@ -50,10 +58,10 @@ in {
|
||||
image = "shinobisystems/shinobi:latest";
|
||||
ports = [ "${shinobi-port}:8080" ];
|
||||
volumes = [
|
||||
"/srv/shinobi/plugins:/home/Shinobi/plugins"
|
||||
"/srv/shinobi/config:/home/Shinobi/config"
|
||||
"/srv/shinobi/videos:/home/Shinobi/videos"
|
||||
"/srv/shinobi/db-data:/var/lib/mysql"
|
||||
"/state/shinobi/plugins:/home/Shinobi/plugins"
|
||||
"/state/shinobi/config:/home/Shinobi/config"
|
||||
"/state/shinobi/videos:/home/Shinobi/videos"
|
||||
"/state/shinobi/db-data:/var/lib/mysql"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
};
|
||||
|
@ -37,6 +37,12 @@ in {
|
||||
# };
|
||||
# };
|
||||
|
||||
fudo.ipfs = {
|
||||
enable = true;
|
||||
users = [ "niten" ];
|
||||
api-address = "/ip4/0.0.0.0/tcp/5001";
|
||||
};
|
||||
|
||||
virtualisation = {
|
||||
libvirtd = {
|
||||
enable = true;
|
||||
|
@ -25,7 +25,7 @@ in {
|
||||
xserver = mkIf enable-gui {
|
||||
enable = true;
|
||||
|
||||
desktopManager.gnome3.enable = true;
|
||||
desktopManager.gnome.enable = true;
|
||||
|
||||
displayManager.gdm = {
|
||||
enable = true;
|
||||
@ -68,7 +68,7 @@ in {
|
||||
console.font =
|
||||
lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-g18n.psf.gz";
|
||||
|
||||
services.gnome3 = mkIf enable-gui {
|
||||
services.gnome = mkIf enable-gui {
|
||||
evolution-data-server.enable = mkForce false;
|
||||
gnome-user-share.enable = mkForce false;
|
||||
};
|
||||
@ -76,7 +76,7 @@ in {
|
||||
programs.steam.enable = enable-gui;
|
||||
|
||||
fonts = mkIf enable-gui {
|
||||
enableFontDir = true;
|
||||
fontDir.enable = true;
|
||||
fontconfig.enable = true;
|
||||
#fontconfig.antialias = true;
|
||||
#fontconfig.penultimate.enable = true;
|
||||
|
@ -28,6 +28,7 @@ in {
|
||||
# TODO: remove?
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"openssh-with-gssapi-8.4p1" # CVE-2021-28041
|
||||
"zfs-kernel"
|
||||
];
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
@ -135,6 +136,4 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.dbus.socketActivated = true;
|
||||
}
|
||||
|
@ -50,8 +50,6 @@ in {
|
||||
|
||||
system.autoUpgrade.enable = false;
|
||||
|
||||
security = { hideProcessInformation = true; };
|
||||
|
||||
networking.networkmanager.enable = mkForce false;
|
||||
|
||||
services = {
|
||||
|
@ -14,6 +14,7 @@ let
|
||||
exodus
|
||||
firefox
|
||||
jq
|
||||
nyxt
|
||||
openttd
|
||||
redshift
|
||||
signal-desktop
|
||||
@ -22,6 +23,7 @@ let
|
||||
];
|
||||
|
||||
common-packages = with pkgs; [
|
||||
ant
|
||||
asdf
|
||||
atop
|
||||
binutils
|
||||
@ -31,12 +33,14 @@ let
|
||||
cdrtools
|
||||
cargo
|
||||
clojure
|
||||
cmake
|
||||
curl
|
||||
doomEmacsInit
|
||||
enca
|
||||
file
|
||||
fortune
|
||||
git
|
||||
gnome.gnome-tweaks
|
||||
gnutls
|
||||
gnupg
|
||||
google-chrome
|
||||
@ -50,6 +54,7 @@ let
|
||||
lispPackages.quicklisp
|
||||
lsof
|
||||
lshw
|
||||
minecraft
|
||||
mkpasswd
|
||||
mtr
|
||||
nixfmt
|
||||
@ -58,11 +63,14 @@ let
|
||||
nix-prefetch-git
|
||||
nyxt
|
||||
nmap
|
||||
opencv-java
|
||||
openldap
|
||||
openssl
|
||||
pciutils
|
||||
pipewire
|
||||
pv
|
||||
pwgen
|
||||
python
|
||||
ruby
|
||||
rustc
|
||||
sbcl
|
||||
|
70
live-disk.nix
Normal file
70
live-disk.nix
Normal file
@ -0,0 +1,70 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
nixos-version = "21.05";
|
||||
|
||||
home-manager-package = builtins.fetchGit {
|
||||
url = "https://github.com/nix-community/home-manager.git";
|
||||
ref = "release-${nixos-version}";
|
||||
};
|
||||
|
||||
in {
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
|
||||
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
|
||||
"${home-manager-package}/nixos"
|
||||
./packages
|
||||
];
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
btrfs-progs
|
||||
doomEmacsInit
|
||||
emacs
|
||||
git
|
||||
gparted
|
||||
nix-prefetch-scripts
|
||||
wget
|
||||
];
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
startWhenNeeded = true;
|
||||
permitRootLogin = mkDefault "prohibit-password";
|
||||
};
|
||||
|
||||
users = {
|
||||
users = {
|
||||
niten = {
|
||||
isNormalUser = true;
|
||||
createHome = true;
|
||||
hashedPassword =
|
||||
"$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
};
|
||||
|
||||
# groups = { wheel = { members = [ "niten" ]; }; };
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
useGlobalPkgs = true;
|
||||
|
||||
users = {
|
||||
niten = {
|
||||
home = {
|
||||
file = {
|
||||
".doom.d" = {
|
||||
source = pkgs.doom-emacs-config;
|
||||
recursive = true;
|
||||
onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -12,7 +12,7 @@ in {
|
||||
};
|
||||
|
||||
limina = define-host "10.0.0.1" "limina";
|
||||
lambda = define-host "10.0.0.11" "lambda";
|
||||
# lambda = define-host "10.0.0.11" "lambda";
|
||||
nostromo = define-host "10.0.0.10" "nostromo";
|
||||
plato = define-host "10.0.0.21" "plato";
|
||||
spark = define-host "10.0.0.108" "spark";
|
||||
|
@ -1,8 +1,9 @@
|
||||
{ pkgs, fetchurl, ... }:
|
||||
{ pkgs, lib, fetchurl, ... }:
|
||||
|
||||
let
|
||||
version = "2.2.5";
|
||||
url = "https://mirrors.sonic.net/apache/archiva/${version}/binaries/apache-archiva-${version}-bin.tar.gz";
|
||||
url =
|
||||
"https://mirrors.sonic.net/apache/archiva/${version}/binaries/apache-archiva-${version}-bin.tar.gz";
|
||||
sha256 = "01119af2d9950eacbcce0b7f8db5067b166ad26c1e1701bef829105441bb6e29";
|
||||
|
||||
in pkgs.stdenv.mkDerivation {
|
||||
@ -13,7 +14,7 @@ in pkgs.stdenv.mkDerivation {
|
||||
sha256 = sha256;
|
||||
};
|
||||
|
||||
phases = ["installPhase"];
|
||||
phases = [ "installPhase" ];
|
||||
|
||||
buildInputs = with pkgs; [ stdenv procps makeWrapper ];
|
||||
|
||||
@ -22,6 +23,8 @@ in pkgs.stdenv.mkDerivation {
|
||||
tar -xzf $src
|
||||
cd apache-archiva-${version}
|
||||
mv {LICENSE,NOTICE,apps,bin,conf,contexts,lib,logs,temp} $out
|
||||
makeWrapper $out/bin/archiva $out/bin/archivaWrapped --set PATH ${pkgs.stdenv.lib.makeBinPath [ pkgs.procps ]}
|
||||
makeWrapper $out/bin/archiva $out/bin/archivaWrapped --set PATH ${
|
||||
lib.makeBinPath [ pkgs.procps ]
|
||||
}
|
||||
'';
|
||||
}
|
||||
|
@ -66,10 +66,16 @@ in {
|
||||
buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ];
|
||||
});
|
||||
|
||||
opencv-java = pkgs.opencv.overrideAttrs (oldAttrs: rec {
|
||||
# buildInputs = oldAttrs.buildInputs ++ [ pkgs.ant ];
|
||||
nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ pkgs.jdk11 pkgs.ant ];
|
||||
# cmakeFlags = oldAttrs.cmakeFlags ++ [ "-DWITH_JAVA=ON" ];
|
||||
});
|
||||
|
||||
hll2380dw-cups = import ./hll2380dw-cups.nix {
|
||||
inherit (pkgs)
|
||||
stdenv fetchurl makeWrapper cups dpkg a2ps ghostscript gnugrep gnused
|
||||
coreutils file perl which;
|
||||
coreutils file perl which lib;
|
||||
};
|
||||
|
||||
hll2380dw-lpr = import ./hll2380dw-lp.nix {
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ stdenv, fetchurl, makeWrapper, cups, dpkg, a2ps, ghostscript, gnugrep, gnused, coreutils, file, perl, which }:
|
||||
{ stdenv, lib, fetchurl, makeWrapper, cups, dpkg, a2ps, ghostscript, gnugrep
|
||||
, gnused, coreutils, file, perl, which }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "hll2380dw-cups";
|
||||
@ -6,7 +7,8 @@ stdenv.mkDerivation rec {
|
||||
platform = "i386";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://download.brother.com/welcome/dlf101772/hll2380dwcupswrapper-${version}.i386.deb";
|
||||
url =
|
||||
"https://download.brother.com/welcome/dlf101772/hll2380dwcupswrapper-${version}.i386.deb";
|
||||
sha256 = "08g3kx5lgwzb3f9ypj8knmpkkj0h3kv1i4gd20rzjxrx6vx1wbpl";
|
||||
};
|
||||
|
||||
@ -18,9 +20,9 @@ stdenv.mkDerivation rec {
|
||||
installPhase = ''
|
||||
dpkg-deb -x $src $out
|
||||
wrapProgram $out/opt/brother/Printers/HLL2380DW/cupswrapper/paperconfigml1 \
|
||||
--prefix PATH : ${stdenv.lib.makeBinPath [
|
||||
coreutils ghostscript gnugrep gnused
|
||||
]}
|
||||
--prefix PATH : ${
|
||||
lib.makeBinPath [ coreutils ghostscript gnugrep gnused ]
|
||||
}
|
||||
mkdir -p $out/lib/cups/filter/
|
||||
ln -s $out/opt/brother/Printers/HLL2380DW/cupswrapper/brother_lpdwrapper_HLL2380DW \
|
||||
$out/lib/cups/filter/brother_lpdwrapper_HLL2380DW
|
||||
@ -31,11 +33,12 @@ stdenv.mkDerivation rec {
|
||||
touch $out/HI
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = http://www.brother.com/;
|
||||
meta = with lib; {
|
||||
homepage = "http://www.brother.com/";
|
||||
description = "Brother HL-L2380DW combined print driver";
|
||||
license = licenses.unfree;
|
||||
platforms = [ "x86_64-linux" ];
|
||||
downloadPage = http://support.brother.com/g/b/downloadlist.aspx?c=us_ot&lang=en&prod=hll2380dw_us&os=128;
|
||||
downloadPage =
|
||||
"http://support.brother.com/g/b/downloadlist.aspx?c=us_ot&lang=en&prod=hll2380dw_us&os=128";
|
||||
};
|
||||
}
|
||||
|
@ -27,7 +27,7 @@ in stdenv.mkDerivation rec {
|
||||
--replace "PRINTER =~" "PRINTER = \"${model}\"; #"
|
||||
wrapProgram $dir/lpd/filter_${model} \
|
||||
--prefix PATH : ${
|
||||
stdenv.lib.makeBinPath [ coreutils ghostscript gnugrep gnused which ]
|
||||
lib.makeBinPath [ coreutils ghostscript gnugrep gnused which ]
|
||||
}
|
||||
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
|
||||
$dir/lpd/${model}filter
|
||||
@ -36,7 +36,7 @@ in stdenv.mkDerivation rec {
|
||||
meta = {
|
||||
homepage = "http://www.brother.com/";
|
||||
description = "Brother ${lib.toUpper model} LPR print driver";
|
||||
license = stdenv.lib.licenses.unfree;
|
||||
license = lib.licenses.unfree;
|
||||
platforms = [ "i386" "x86_64-linux" ];
|
||||
downloadPage =
|
||||
"http://support.brother.com/g/b/downloadlist.aspx?c=us_ot&lang=en&prod=hll2380dw_us&os=128";
|
||||
|
Loading…
Reference in New Issue
Block a user