nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Various changes, and added a live-disk config.

Browse Source
This commit is contained in:
Niten 2021-07-16 12:57:36 -07:00
parent df7761b11b
commit 7b889633d8
14 changed files with 190 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
config/hardware/lambda.nix
View File

@ -1,8 +1,13 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ with lib;
let
in {
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ]; imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
system.stateVersion = "21.05";
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
@ -19,34 +24,62 @@
}; };
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages.zfs;
supportedFilesystems = [ "zfs" ];
loader.grub = { loader.grub = {
enable = true; enable = true;
version = 2; version = 2;
device = "/dev/disk/by-label/nixos-root"; device = "/dev/disk/by-label/lambda-root";
}; };
}; };
fileSystems = { fileSystems = {
"/" = { "/boot" = {
device = "/dev/disk/by-label/nixos-root"; device = "/dev/disk/by-label/lambda-boot";
fsType = "btrfs"; fsType = "ext4";
}; };
"/boot" = { "/" = {
device = "/dev/disk/by-label/nixos-boot"; device = "lambda/transient/root";
fsType = "ext4"; fsType = "zfs";
};
"/nix" = {
device = "lambda/transient/nix";
fsType = "zfs";
};
"/var/log" = {
device = "lambda/transient/logs";
fsType = "zfs";
neededForBoot = true;
};
"/home" = {
device = "lambda/persistent/home";
fsType = "zfs";
};
"/state" = {
device = "lambda/persistent/state";
fsType = "zfs";
}; };
}; };
swapDevices = [{ device = "/dev/disk/by-label/nixos-swap"; }]; boot.initrd.postDeviceCommands = lib.mkAfter ''
${pkgs.zfs}/bin/zfs rollback -r lambda/transient/root@blank
'';
swapDevices = [{ device = "/dev/disk/by-label/lambda-swap"; }];
nix.maxJobs = lib.mkDefault 12; nix.maxJobs = lib.mkDefault 12;
hardware.bluetooth.enable = false; hardware.bluetooth.enable = false;
networking = { networking = {
hostId = substring 0 8 (fileContents /etc/machine-id);
macvlans = { macvlans = {
intif0 = { intif0 = {
interface = "enp3s0f1"; interface = "enp3s0f1";

5
config/hardware/plato.nix
View File

@ -1,7 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib; {
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ]; imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot = { boot = {
@ -18,7 +17,7 @@ with lib;
}; };
supportedFilesystems = [ "zfs" ]; supportedFilesystems = [ "zfs" ];
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages.zfs;
}; };
fileSystems = { fileSystems = {

50
config/host-config/lambda.nix
View File

@ -5,13 +5,6 @@ let
shinobi-od-port = "7082"; shinobi-od-port = "7082";
in { in {
# TODO: remove?
nixpkgs.config.permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1" # CVE-2021-28041
];
fudo.slynk.enable = true;
networking = { networking = {
interfaces = { interfaces = {
enp3s0f0.useDHCP = false; enp3s0f0.useDHCP = false;
@ -23,19 +16,34 @@ in {
}; };
}; };
fudo.secrets.host-secrets.lambda = { fudo.secrets = {
host-keytab = { host-secrets.lambda = {
source-file = /state/secrets/kerberos/lambda.keytab; host-keytab = {
target-file = "/etc/krb5.keytab"; source-file = /state/secrets/kerberos/lambda.keytab;
user = "root"; target-file = "/etc/krb5.keytab";
user = "root";
};
}; };
secret-group = "fudo-secrets";
secret-users = [ "niten" ];
secret-paths = [ "/state/secrets" ];
}; };
fudo.ipfs = { systemd.tmpfiles.rules = [
enable = true; "L /root/.gnupg - - - - /state/root/gnupg"
users = [ "niten" ]; # "L /root/.emacs.d - - - - /state/root/emacs.d"
api-address = "/ip4/0.0.0.0/tcp/5001"; "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
}; "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
"L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
"L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key"
"L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key"
];
security.sudo.extraConfig = ''
# Due to rollback, sudo will lecture after every reboot
Defaults lecture = never
'';
virtualisation = { virtualisation = {
docker = { docker = {
@ -50,10 +58,10 @@ in {
image = "shinobisystems/shinobi:latest"; image = "shinobisystems/shinobi:latest";
ports = [ "${shinobi-port}:8080" ]; ports = [ "${shinobi-port}:8080" ];
volumes = [ volumes = [
"/srv/shinobi/plugins:/home/Shinobi/plugins" "/state/shinobi/plugins:/home/Shinobi/plugins"
"/srv/shinobi/config:/home/Shinobi/config" "/state/shinobi/config:/home/Shinobi/config"
"/srv/shinobi/videos:/home/Shinobi/videos" "/state/shinobi/videos:/home/Shinobi/videos"
"/srv/shinobi/db-data:/var/lib/mysql" "/state/shinobi/db-data:/var/lib/mysql"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
}; };

6
config/host-config/nostromo.nix
View File

@ -37,6 +37,12 @@ in {
# }; # };
# }; # };
fudo.ipfs = {
enable = true;
users = [ "niten" ];
api-address = "/ip4/0.0.0.0/tcp/5001";
};
virtualisation = { virtualisation = {
libvirtd = { libvirtd = {
enable = true; enable = true;

6
config/profile-config/common-ui.nix
View File

@ -25,7 +25,7 @@ in {
xserver = mkIf enable-gui { xserver = mkIf enable-gui {
enable = true; enable = true;
desktopManager.gnome3.enable = true; desktopManager.gnome.enable = true;
displayManager.gdm = { displayManager.gdm = {
enable = true; enable = true;
@ -68,7 +68,7 @@ in {
console.font = console.font =
lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-g18n.psf.gz"; lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-g18n.psf.gz";
services.gnome3 = mkIf enable-gui { services.gnome = mkIf enable-gui {
evolution-data-server.enable = mkForce false; evolution-data-server.enable = mkForce false;
gnome-user-share.enable = mkForce false; gnome-user-share.enable = mkForce false;
}; };
@ -76,7 +76,7 @@ in {
programs.steam.enable = enable-gui; programs.steam.enable = enable-gui;
fonts = mkIf enable-gui { fonts = mkIf enable-gui {
enableFontDir = true; fontDir.enable = true;
fontconfig.enable = true; fontconfig.enable = true;
#fontconfig.antialias = true; #fontconfig.antialias = true;
#fontconfig.penultimate.enable = true; #fontconfig.penultimate.enable = true;

3
config/profile-config/common.nix
View File

@ -28,6 +28,7 @@ in {
# TODO: remove? # TODO: remove?
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1" # CVE-2021-28041 "openssh-with-gssapi-8.4p1" # CVE-2021-28041
"zfs-kernel"
]; ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -135,6 +136,4 @@ in {
}; };
}; };
}; };
services.dbus.socketActivated = true;
} }

2
config/profile-config/server.nix
View File

@ -50,8 +50,6 @@ in {
system.autoUpgrade.enable = false; system.autoUpgrade.enable = false;
security = { hideProcessInformation = true; };
networking.networkmanager.enable = mkForce false; networking.networkmanager.enable = mkForce false;
services = { services = {

8
home-manager/niten.nix
View File

@ -14,6 +14,7 @@ let
exodus exodus
firefox firefox
jq jq
nyxt
openttd openttd
redshift redshift
signal-desktop signal-desktop
@ -22,6 +23,7 @@ let
]; ];
common-packages = with pkgs; [ common-packages = with pkgs; [
ant
asdf asdf
atop atop
binutils binutils
@ -31,12 +33,14 @@ let
cdrtools cdrtools
cargo cargo
clojure clojure
cmake
curl curl
doomEmacsInit doomEmacsInit
enca enca
file file
fortune fortune
git git
gnome.gnome-tweaks
gnutls gnutls
gnupg gnupg
google-chrome google-chrome
@ -50,6 +54,7 @@ let
lispPackages.quicklisp lispPackages.quicklisp
lsof lsof
lshw lshw
minecraft
mkpasswd mkpasswd
mtr mtr
nixfmt nixfmt
@ -58,11 +63,14 @@ let
nix-prefetch-git nix-prefetch-git
nyxt nyxt
nmap nmap
opencv-java
openldap openldap
openssl openssl
pciutils pciutils
pipewire
pv pv
pwgen pwgen
python
ruby ruby
rustc rustc
sbcl sbcl

70
live-disk.nix Normal file
View File

@ -0,0 +1,70 @@
{ config, lib, pkgs, ... }:
with lib;
let
nixos-version = "21.05";
home-manager-package = builtins.fetchGit {
url = "https://github.com/nix-community/home-manager.git";
ref = "release-${nixos-version}";
};
in {
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
"${home-manager-package}/nixos"
./packages
];
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
btrfs-progs
doomEmacsInit
emacs
git
gparted
nix-prefetch-scripts
wget
];
services.openssh = {
enable = true;
startWhenNeeded = true;
permitRootLogin = mkDefault "prohibit-password";
};
users = {
users = {
niten = {
isNormalUser = true;
createHome = true;
hashedPassword =
"$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
extraGroups = [ "wheel" ];
};
};
# groups = { wheel = { members = [ "niten" ]; }; };
};
home-manager = {
useGlobalPkgs = true;
users = {
niten = {
home = {
file = {
".doom.d" = {
source = pkgs.doom-emacs-config;
recursive = true;
onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh";
};
};
};
};
};
};
}

2
nixops/seattle.nix
View File

@ -12,7 +12,7 @@ in {
}; };
limina = define-host "10.0.0.1" "limina"; limina = define-host "10.0.0.1" "limina";
lambda = define-host "10.0.0.11" "lambda"; # lambda = define-host "10.0.0.11" "lambda";
nostromo = define-host "10.0.0.10" "nostromo"; nostromo = define-host "10.0.0.10" "nostromo";
plato = define-host "10.0.0.21" "plato"; plato = define-host "10.0.0.21" "plato";
spark = define-host "10.0.0.108" "spark"; spark = define-host "10.0.0.108" "spark";

11
packages/archiva.nix
View File

@ -1,8 +1,9 @@
{ pkgs, fetchurl, ... }: { pkgs, lib, fetchurl, ... }:
let let
version = "2.2.5"; version = "2.2.5";
url = "https://mirrors.sonic.net/apache/archiva/${version}/binaries/apache-archiva-${version}-bin.tar.gz"; url =
"https://mirrors.sonic.net/apache/archiva/${version}/binaries/apache-archiva-${version}-bin.tar.gz";
sha256 = "01119af2d9950eacbcce0b7f8db5067b166ad26c1e1701bef829105441bb6e29"; sha256 = "01119af2d9950eacbcce0b7f8db5067b166ad26c1e1701bef829105441bb6e29";
in pkgs.stdenv.mkDerivation { in pkgs.stdenv.mkDerivation {
@ -13,7 +14,7 @@ in pkgs.stdenv.mkDerivation {
sha256 = sha256; sha256 = sha256;
}; };
phases = ["installPhase"]; phases = [ "installPhase" ];
buildInputs = with pkgs; [ stdenv procps makeWrapper ]; buildInputs = with pkgs; [ stdenv procps makeWrapper ];
@ -22,6 +23,8 @@ in pkgs.stdenv.mkDerivation {
tar -xzf $src tar -xzf $src
cd apache-archiva-${version} cd apache-archiva-${version}
mv {LICENSE,NOTICE,apps,bin,conf,contexts,lib,logs,temp} $out mv {LICENSE,NOTICE,apps,bin,conf,contexts,lib,logs,temp} $out
makeWrapper $out/bin/archiva $out/bin/archivaWrapped --set PATH ${pkgs.stdenv.lib.makeBinPath [ pkgs.procps ]} makeWrapper $out/bin/archiva $out/bin/archivaWrapped --set PATH ${
lib.makeBinPath [ pkgs.procps ]
}
''; '';
} }

8
packages/default.nix
View File

@ -66,10 +66,16 @@ in {
buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ]; buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ];
}); });
opencv-java = pkgs.opencv.overrideAttrs (oldAttrs: rec {
# buildInputs = oldAttrs.buildInputs ++ [ pkgs.ant ];
nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ pkgs.jdk11 pkgs.ant ];
# cmakeFlags = oldAttrs.cmakeFlags ++ [ "-DWITH_JAVA=ON" ];
});
hll2380dw-cups = import ./hll2380dw-cups.nix { hll2380dw-cups = import ./hll2380dw-cups.nix {
inherit (pkgs) inherit (pkgs)
stdenv fetchurl makeWrapper cups dpkg a2ps ghostscript gnugrep gnused stdenv fetchurl makeWrapper cups dpkg a2ps ghostscript gnugrep gnused
coreutils file perl which; coreutils file perl which lib;
}; };
hll2380dw-lpr = import ./hll2380dw-lp.nix { hll2380dw-lpr = import ./hll2380dw-lp.nix {

19
packages/hll2380dw-cups.nix
View File

@ -1,4 +1,5 @@
{ stdenv, fetchurl, makeWrapper, cups, dpkg, a2ps, ghostscript, gnugrep, gnused, coreutils, file, perl, which }: { stdenv, lib, fetchurl, makeWrapper, cups, dpkg, a2ps, ghostscript, gnugrep
, gnused, coreutils, file, perl, which }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "hll2380dw-cups"; pname = "hll2380dw-cups";
@ -6,7 +7,8 @@ stdenv.mkDerivation rec {
platform = "i386"; platform = "i386";
src = fetchurl { src = fetchurl {
url = "https://download.brother.com/welcome/dlf101772/hll2380dwcupswrapper-${version}.i386.deb"; url =
"https://download.brother.com/welcome/dlf101772/hll2380dwcupswrapper-${version}.i386.deb";
sha256 = "08g3kx5lgwzb3f9ypj8knmpkkj0h3kv1i4gd20rzjxrx6vx1wbpl"; sha256 = "08g3kx5lgwzb3f9ypj8knmpkkj0h3kv1i4gd20rzjxrx6vx1wbpl";
}; };
@ -18,9 +20,9 @@ stdenv.mkDerivation rec {
installPhase = '' installPhase = ''
dpkg-deb -x $src $out dpkg-deb -x $src $out
wrapProgram $out/opt/brother/Printers/HLL2380DW/cupswrapper/paperconfigml1 \ wrapProgram $out/opt/brother/Printers/HLL2380DW/cupswrapper/paperconfigml1 \
--prefix PATH : ${stdenv.lib.makeBinPath [ --prefix PATH : ${
coreutils ghostscript gnugrep gnused lib.makeBinPath [ coreutils ghostscript gnugrep gnused ]
]} }
mkdir -p $out/lib/cups/filter/ mkdir -p $out/lib/cups/filter/
ln -s $out/opt/brother/Printers/HLL2380DW/cupswrapper/brother_lpdwrapper_HLL2380DW \ ln -s $out/opt/brother/Printers/HLL2380DW/cupswrapper/brother_lpdwrapper_HLL2380DW \
$out/lib/cups/filter/brother_lpdwrapper_HLL2380DW $out/lib/cups/filter/brother_lpdwrapper_HLL2380DW
@ -31,11 +33,12 @@ stdenv.mkDerivation rec {
touch $out/HI touch $out/HI
''; '';
meta = with stdenv.lib; { meta = with lib; {
homepage = http://www.brother.com/; homepage = "http://www.brother.com/";
description = "Brother HL-L2380DW combined print driver"; description = "Brother HL-L2380DW combined print driver";
license = licenses.unfree; license = licenses.unfree;
platforms = [ "x86_64-linux" ]; platforms = [ "x86_64-linux" ];
downloadPage = http://support.brother.com/g/b/downloadlist.aspx?c=us_ot&lang=en&prod=hll2380dw_us&os=128; downloadPage =
"http://support.brother.com/g/b/downloadlist.aspx?c=us_ot&lang=en&prod=hll2380dw_us&os=128";
}; };
} }

4
packages/hll2380dw-lp.nix
View File

@ -27,7 +27,7 @@ in stdenv.mkDerivation rec {
--replace "PRINTER =~" "PRINTER = \"${model}\"; #" --replace "PRINTER =~" "PRINTER = \"${model}\"; #"
wrapProgram $dir/lpd/filter_${model} \ wrapProgram $dir/lpd/filter_${model} \
--prefix PATH : ${ --prefix PATH : ${
stdenv.lib.makeBinPath [ coreutils ghostscript gnugrep gnused which ] lib.makeBinPath [ coreutils ghostscript gnugrep gnused which ]
} }
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
$dir/lpd/${model}filter $dir/lpd/${model}filter
@ -36,7 +36,7 @@ in stdenv.mkDerivation rec {
meta = { meta = {
homepage = "http://www.brother.com/"; homepage = "http://www.brother.com/";
description = "Brother ${lib.toUpper model} LPR print driver"; description = "Brother ${lib.toUpper model} LPR print driver";
license = stdenv.lib.licenses.unfree; license = lib.licenses.unfree;
platforms = [ "i386" "x86_64-linux" ]; platforms = [ "i386" "x86_64-linux" ];
downloadPage = downloadPage =
"http://support.brother.com/g/b/downloadlist.aspx?c=us_ot&lang=en&prod=hll2380dw_us&os=128"; "http://support.brother.com/g/b/downloadlist.aspx?c=us_ot&lang=en&prod=hll2380dw_us&os=128";