Various changes, and added a live-disk config.

This commit is contained in:
Niten 2021-07-16 12:57:36 -07:00
parent df7761b11b
commit 7b889633d8
14 changed files with 190 additions and 57 deletions

View File

@ -1,8 +1,13 @@
{ config, lib, pkgs, ... }:
{
with lib;
let
in {
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
system.stateVersion = "21.05";
boot = {
initrd = {
availableKernelModules = [
@ -19,34 +24,62 @@
};
kernelModules = [ "kvm-amd" ];
kernelPackages = pkgs.linuxPackages_latest;
kernelPackages = pkgs.linuxPackages.zfs;
supportedFilesystems = [ "zfs" ];
loader.grub = {
enable = true;
version = 2;
device = "/dev/disk/by-label/nixos-root";
device = "/dev/disk/by-label/lambda-root";
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos-root";
fsType = "btrfs";
"/boot" = {
device = "/dev/disk/by-label/lambda-boot";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-label/nixos-boot";
fsType = "ext4";
"/" = {
device = "lambda/transient/root";
fsType = "zfs";
};
"/nix" = {
device = "lambda/transient/nix";
fsType = "zfs";
};
"/var/log" = {
device = "lambda/transient/logs";
fsType = "zfs";
neededForBoot = true;
};
"/home" = {
device = "lambda/persistent/home";
fsType = "zfs";
};
"/state" = {
device = "lambda/persistent/state";
fsType = "zfs";
};
};
swapDevices = [{ device = "/dev/disk/by-label/nixos-swap"; }];
boot.initrd.postDeviceCommands = lib.mkAfter ''
${pkgs.zfs}/bin/zfs rollback -r lambda/transient/root@blank
'';
swapDevices = [{ device = "/dev/disk/by-label/lambda-swap"; }];
nix.maxJobs = lib.mkDefault 12;
hardware.bluetooth.enable = false;
networking = {
hostId = substring 0 8 (fileContents /etc/machine-id);
macvlans = {
intif0 = {
interface = "enp3s0f1";

View File

@ -1,7 +1,6 @@
{ config, lib, pkgs, ... }:
with lib;
{
with lib; {
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot = {
@ -18,7 +17,7 @@ with lib;
};
supportedFilesystems = [ "zfs" ];
kernelPackages = pkgs.linuxPackages_latest;
kernelPackages = pkgs.linuxPackages.zfs;
};
fileSystems = {

View File

@ -5,13 +5,6 @@ let
shinobi-od-port = "7082";
in {
# TODO: remove?
nixpkgs.config.permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1" # CVE-2021-28041
];
fudo.slynk.enable = true;
networking = {
interfaces = {
enp3s0f0.useDHCP = false;
@ -23,19 +16,34 @@ in {
};
};
fudo.secrets.host-secrets.lambda = {
host-keytab = {
source-file = /state/secrets/kerberos/lambda.keytab;
target-file = "/etc/krb5.keytab";
user = "root";
fudo.secrets = {
host-secrets.lambda = {
host-keytab = {
source-file = /state/secrets/kerberos/lambda.keytab;
target-file = "/etc/krb5.keytab";
user = "root";
};
};
secret-group = "fudo-secrets";
secret-users = [ "niten" ];
secret-paths = [ "/state/secrets" ];
};
fudo.ipfs = {
enable = true;
users = [ "niten" ];
api-address = "/ip4/0.0.0.0/tcp/5001";
};
systemd.tmpfiles.rules = [
"L /root/.gnupg - - - - /state/root/gnupg"
# "L /root/.emacs.d - - - - /state/root/emacs.d"
"L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
"L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
"L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
"L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key"
"L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key"
];
security.sudo.extraConfig = ''
# Due to rollback, sudo will lecture after every reboot
Defaults lecture = never
'';
virtualisation = {
docker = {
@ -50,10 +58,10 @@ in {
image = "shinobisystems/shinobi:latest";
ports = [ "${shinobi-port}:8080" ];
volumes = [
"/srv/shinobi/plugins:/home/Shinobi/plugins"
"/srv/shinobi/config:/home/Shinobi/config"
"/srv/shinobi/videos:/home/Shinobi/videos"
"/srv/shinobi/db-data:/var/lib/mysql"
"/state/shinobi/plugins:/home/Shinobi/plugins"
"/state/shinobi/config:/home/Shinobi/config"
"/state/shinobi/videos:/home/Shinobi/videos"
"/state/shinobi/db-data:/var/lib/mysql"
"/etc/localtime:/etc/localtime:ro"
];
};

View File

@ -37,6 +37,12 @@ in {
# };
# };
fudo.ipfs = {
enable = true;
users = [ "niten" ];
api-address = "/ip4/0.0.0.0/tcp/5001";
};
virtualisation = {
libvirtd = {
enable = true;

View File

@ -25,7 +25,7 @@ in {
xserver = mkIf enable-gui {
enable = true;
desktopManager.gnome3.enable = true;
desktopManager.gnome.enable = true;
displayManager.gdm = {
enable = true;
@ -68,7 +68,7 @@ in {
console.font =
lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-g18n.psf.gz";
services.gnome3 = mkIf enable-gui {
services.gnome = mkIf enable-gui {
evolution-data-server.enable = mkForce false;
gnome-user-share.enable = mkForce false;
};
@ -76,7 +76,7 @@ in {
programs.steam.enable = enable-gui;
fonts = mkIf enable-gui {
enableFontDir = true;
fontDir.enable = true;
fontconfig.enable = true;
#fontconfig.antialias = true;
#fontconfig.penultimate.enable = true;

View File

@ -28,6 +28,7 @@ in {
# TODO: remove?
nixpkgs.config.permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1" # CVE-2021-28041
"zfs-kernel"
];
nixpkgs.config.allowUnfree = true;
@ -135,6 +136,4 @@ in {
};
};
};
services.dbus.socketActivated = true;
}

View File

@ -50,8 +50,6 @@ in {
system.autoUpgrade.enable = false;
security = { hideProcessInformation = true; };
networking.networkmanager.enable = mkForce false;
services = {

View File

@ -14,6 +14,7 @@ let
exodus
firefox
jq
nyxt
openttd
redshift
signal-desktop
@ -22,6 +23,7 @@ let
];
common-packages = with pkgs; [
ant
asdf
atop
binutils
@ -31,12 +33,14 @@ let
cdrtools
cargo
clojure
cmake
curl
doomEmacsInit
enca
file
fortune
git
gnome.gnome-tweaks
gnutls
gnupg
google-chrome
@ -50,6 +54,7 @@ let
lispPackages.quicklisp
lsof
lshw
minecraft
mkpasswd
mtr
nixfmt
@ -58,11 +63,14 @@ let
nix-prefetch-git
nyxt
nmap
opencv-java
openldap
openssl
pciutils
pipewire
pv
pwgen
python
ruby
rustc
sbcl

70
live-disk.nix Normal file
View File

@ -0,0 +1,70 @@
{ config, lib, pkgs, ... }:
with lib;
let
nixos-version = "21.05";
home-manager-package = builtins.fetchGit {
url = "https://github.com/nix-community/home-manager.git";
ref = "release-${nixos-version}";
};
in {
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
"${home-manager-package}/nixos"
./packages
];
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
btrfs-progs
doomEmacsInit
emacs
git
gparted
nix-prefetch-scripts
wget
];
services.openssh = {
enable = true;
startWhenNeeded = true;
permitRootLogin = mkDefault "prohibit-password";
};
users = {
users = {
niten = {
isNormalUser = true;
createHome = true;
hashedPassword =
"$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
extraGroups = [ "wheel" ];
};
};
# groups = { wheel = { members = [ "niten" ]; }; };
};
home-manager = {
useGlobalPkgs = true;
users = {
niten = {
home = {
file = {
".doom.d" = {
source = pkgs.doom-emacs-config;
recursive = true;
onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh";
};
};
};
};
};
};
}

View File

@ -12,7 +12,7 @@ in {
};
limina = define-host "10.0.0.1" "limina";
lambda = define-host "10.0.0.11" "lambda";
# lambda = define-host "10.0.0.11" "lambda";
nostromo = define-host "10.0.0.10" "nostromo";
plato = define-host "10.0.0.21" "plato";
spark = define-host "10.0.0.108" "spark";

View File

@ -1,8 +1,9 @@
{ pkgs, fetchurl, ... }:
{ pkgs, lib, fetchurl, ... }:
let
version = "2.2.5";
url = "https://mirrors.sonic.net/apache/archiva/${version}/binaries/apache-archiva-${version}-bin.tar.gz";
url =
"https://mirrors.sonic.net/apache/archiva/${version}/binaries/apache-archiva-${version}-bin.tar.gz";
sha256 = "01119af2d9950eacbcce0b7f8db5067b166ad26c1e1701bef829105441bb6e29";
in pkgs.stdenv.mkDerivation {
@ -13,7 +14,7 @@ in pkgs.stdenv.mkDerivation {
sha256 = sha256;
};
phases = ["installPhase"];
phases = [ "installPhase" ];
buildInputs = with pkgs; [ stdenv procps makeWrapper ];
@ -22,6 +23,8 @@ in pkgs.stdenv.mkDerivation {
tar -xzf $src
cd apache-archiva-${version}
mv {LICENSE,NOTICE,apps,bin,conf,contexts,lib,logs,temp} $out
makeWrapper $out/bin/archiva $out/bin/archivaWrapped --set PATH ${pkgs.stdenv.lib.makeBinPath [ pkgs.procps ]}
makeWrapper $out/bin/archiva $out/bin/archivaWrapped --set PATH ${
lib.makeBinPath [ pkgs.procps ]
}
'';
}

View File

@ -66,10 +66,16 @@ in {
buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ];
});
opencv-java = pkgs.opencv.overrideAttrs (oldAttrs: rec {
# buildInputs = oldAttrs.buildInputs ++ [ pkgs.ant ];
nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ pkgs.jdk11 pkgs.ant ];
# cmakeFlags = oldAttrs.cmakeFlags ++ [ "-DWITH_JAVA=ON" ];
});
hll2380dw-cups = import ./hll2380dw-cups.nix {
inherit (pkgs)
stdenv fetchurl makeWrapper cups dpkg a2ps ghostscript gnugrep gnused
coreutils file perl which;
coreutils file perl which lib;
};
hll2380dw-lpr = import ./hll2380dw-lp.nix {

View File

@ -1,4 +1,5 @@
{ stdenv, fetchurl, makeWrapper, cups, dpkg, a2ps, ghostscript, gnugrep, gnused, coreutils, file, perl, which }:
{ stdenv, lib, fetchurl, makeWrapper, cups, dpkg, a2ps, ghostscript, gnugrep
, gnused, coreutils, file, perl, which }:
stdenv.mkDerivation rec {
pname = "hll2380dw-cups";
@ -6,7 +7,8 @@ stdenv.mkDerivation rec {
platform = "i386";
src = fetchurl {
url = "https://download.brother.com/welcome/dlf101772/hll2380dwcupswrapper-${version}.i386.deb";
url =
"https://download.brother.com/welcome/dlf101772/hll2380dwcupswrapper-${version}.i386.deb";
sha256 = "08g3kx5lgwzb3f9ypj8knmpkkj0h3kv1i4gd20rzjxrx6vx1wbpl";
};
@ -18,9 +20,9 @@ stdenv.mkDerivation rec {
installPhase = ''
dpkg-deb -x $src $out
wrapProgram $out/opt/brother/Printers/HLL2380DW/cupswrapper/paperconfigml1 \
--prefix PATH : ${stdenv.lib.makeBinPath [
coreutils ghostscript gnugrep gnused
]}
--prefix PATH : ${
lib.makeBinPath [ coreutils ghostscript gnugrep gnused ]
}
mkdir -p $out/lib/cups/filter/
ln -s $out/opt/brother/Printers/HLL2380DW/cupswrapper/brother_lpdwrapper_HLL2380DW \
$out/lib/cups/filter/brother_lpdwrapper_HLL2380DW
@ -31,11 +33,12 @@ stdenv.mkDerivation rec {
touch $out/HI
'';
meta = with stdenv.lib; {
homepage = http://www.brother.com/;
meta = with lib; {
homepage = "http://www.brother.com/";
description = "Brother HL-L2380DW combined print driver";
license = licenses.unfree;
platforms = [ "x86_64-linux" ];
downloadPage = http://support.brother.com/g/b/downloadlist.aspx?c=us_ot&lang=en&prod=hll2380dw_us&os=128;
downloadPage =
"http://support.brother.com/g/b/downloadlist.aspx?c=us_ot&lang=en&prod=hll2380dw_us&os=128";
};
}

View File

@ -27,7 +27,7 @@ in stdenv.mkDerivation rec {
--replace "PRINTER =~" "PRINTER = \"${model}\"; #"
wrapProgram $dir/lpd/filter_${model} \
--prefix PATH : ${
stdenv.lib.makeBinPath [ coreutils ghostscript gnugrep gnused which ]
lib.makeBinPath [ coreutils ghostscript gnugrep gnused which ]
}
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
$dir/lpd/${model}filter
@ -36,7 +36,7 @@ in stdenv.mkDerivation rec {
meta = {
homepage = "http://www.brother.com/";
description = "Brother ${lib.toUpper model} LPR print driver";
license = stdenv.lib.licenses.unfree;
license = lib.licenses.unfree;
platforms = [ "i386" "x86_64-linux" ];
downloadPage =
"http://support.brother.com/g/b/downloadlist.aspx?c=us_ot&lang=en&prod=hll2380dw_us&os=128";