From 2f058109469764e73c8a84e67a166bc32d4bb9db Mon Sep 17 00:00:00 2001 From: nostoromo root Date: Thu, 14 Jan 2021 14:22:09 -0800 Subject: [PATCH] Add IPFS...and switch back from fish, because it can't handle bash's env --- config/fudo/ipfs.nix | 71 +++++++++++++++++++++++++++++++++++++++++ config/local.nix | 4 +-- defaults.nix | 76 ++++++++++++++++++++++++++------------------ hosts/nostromo.nix | 42 ++++++++---------------- users/niten.nix | 29 +++++++++-------- 5 files changed, 148 insertions(+), 74 deletions(-) create mode 100644 config/fudo/ipfs.nix diff --git a/config/fudo/ipfs.nix b/config/fudo/ipfs.nix new file mode 100644 index 0000000..23497dc --- /dev/null +++ b/config/fudo/ipfs.nix @@ -0,0 +1,71 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.fudo.ipfs; + + user-group-entry = group: user: + nameValuePair user { extraGroups = [ group ]; }; + + user-home-entry = ipfs-path: user: + nameValuePair user { home.sessionVariables = { IPFS_PATH = ipfs-path; }; }; + +in { + options.fudo.ipfs = with types; { + enable = mkEnableOption "Fudo IPFS"; + + users = mkOption { + type = listOf str; + description = "List of users with IPFS access."; + default = [ ]; + }; + + user = mkOption { + type = str; + description = "User as which to run IPFS user."; + default = "ipfs"; + }; + + group = mkOption { + type = str; + description = "Group as which to run IPFS user."; + default = "ipfs"; + }; + + api-address = mkOption { + type = str; + description = "Address on which to listen for requests."; + default = "/ip4/127.0.0.1/tcp/5001"; + }; + + automount = mkOption { + type = bool; + description = "Whether to automount /ipfs and /ipns on boot."; + default = true; + }; + + data-dir = mkOption { + type = str; + description = "Path to store data for IPFS."; + default = "/var/lib/ipfs"; + }; + }; + + config = mkIf cfg.enable { + + users.users = listToAttrs (map (user-group-entry cfg.group) cfg.users); + + services.ipfs = { + enable = true; + apiAddress = cfg.api-address; + autoMount = cfg.automount; + enableGC = true; + user = cfg.user; + group = cfg.group; + dataDir = cfg.data-dir; + }; + + home-manager.users = + listToAttrs (map (user-home-entry cfg.data-dir) cfg.users); + }; +} diff --git a/config/local.nix b/config/local.nix index 7c2b692..cd6fee6 100644 --- a/config/local.nix +++ b/config/local.nix @@ -1,7 +1,6 @@ { lib, config, pkgs, ... }: -with lib; -{ +with lib; { imports = [ ./fudo/acme-for-hostname.nix ./fudo/authentication.nix @@ -13,6 +12,7 @@ with lib; ./fudo/garbage-collector.nix ./fudo/git.nix ./fudo/grafana.nix + ./fudo/ipfs.nix ./fudo/kdc.nix ./fudo/ldap.nix ./fudo/local-network.nix diff --git a/defaults.nix b/defaults.nix index c2e1d9c..548b676 100644 --- a/defaults.nix +++ b/defaults.nix @@ -2,8 +2,7 @@ { config, pkgs, lib, ... }: -let - state-version = "20.03"; +let state-version = "20.03"; in { imports = [ @@ -109,13 +108,9 @@ in { xkbOptions = "ctrl:nocaps"; }; - console = { - useXkbConfig = true; - }; + console = { useXkbConfig = true; }; - i18n = { - defaultLocale = "en_US.UTF-8"; - }; + i18n = { defaultLocale = "en_US.UTF-8"; }; programs = { mosh.enable = true; @@ -137,9 +132,7 @@ in { enableSSHSupport = true; }; - fish = { - enable = true; - }; + fish = { enable = true; }; }; services = { @@ -148,9 +141,7 @@ in { enable = true; }; - cron = { - enable = true; - }; + cron = { enable = true; }; openssh = { enable = true; startWhenNeeded = true; @@ -158,16 +149,12 @@ in { extraConfig = '' GSSAPIAuthentication yes GSSAPICleanupCredentials yes - ''; + ''; }; - pcscd = { - enable = true; - }; + pcscd = { enable = true; }; - udev.packages = with pkgs; [ - yubikey-personalization - ]; + udev.packages = with pkgs; [ yubikey-personalization ]; }; environment.shellInit = '' @@ -194,11 +181,7 @@ in { }; }; - users.groups = { - fudosys = { - gid = 888; - }; - }; + users.groups = { fudosys = { gid = 888; }; }; users.extraUsers = { niten = { @@ -206,11 +189,26 @@ in { uid = 10000; createHome = true; description = "Niten"; - shell = pkgs.fish; - extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"]; + extraGroups = [ + "wheel" + "audio" + "video" + "disk" + "floppy" + "lp" + "cdrom" + "tape" + "dialout" + "adm" + "input" + "systemd-journal" + "fudosys" + "libvirtd" + ]; group = "users"; home = "/home/niten"; - hashedPassword = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; + hashedPassword = + "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDoWkjyeIfgwm0b78weToVYOQSD0RQ0qbNzpsN5NokbIFv2/980kLtnYrQEgIJ/JwMLlT3uJYacbCT5/a6Fb8oLxNpj0AF1EKaWZ3Rrlg72Sq+9SEwJwWWmZizX83sovMwUBMaUp6jWLhAhPpzBW5pfc5YWoc89wxGbELSwzgt5EgHbSJgvDnaHSp3fVaY01wfDXbL/oO160iNe7wv2HLMZu/FkWBkIjz6HmoGJJzYM89bUpHbyYG28lmCHB/8UPog5/BsjOn3/qupgf4zh6mMdMsXLvbR2jVwVjxcEMj9N5nCvc+Y3oi7Mij6VNrWbhkaAJMEzeMhWYrF3/pFQxUqG37aK3d0gw9kp5tMDLIlAPX4y1lfA87pIzoa0+Alql0CJQA1IJvp9SFG7lBmSthWQLmZvwwfoGg/ZjF6rOgsVoZ8TizpQnydWJDr6NboU9LL9Oa64OM5Rs0AU3cR2UbOF4QIcWFJ/7oDe3dOnfZ8QYqx9eXJyxoAUpDanaaTHYBiAKkeOBwQU+MVLKCcONKw9FZclf/1TpDB5b3/JeUFANjHQTv0UXA4YYU7iCx6H7XB4qwwtU9O19CGQYYfCfULX12/fRpYJw6VJaQWyyU4Bn5dk/dcB2nGI36jwbLMfhbUTIApujioAnd/GQIMakHEZ1+syPhMx9BxMkZb99B0A1Q== openpgp:0x4EC95B64" ]; @@ -220,10 +218,26 @@ in { uid = 10049; createHome = true; description = "Reaper"; - extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"]; + extraGroups = [ + "wheel" + "audio" + "video" + "disk" + "floppy" + "lp" + "cdrom" + "tape" + "dialout" + "adm" + "input" + "systemd-journal" + "fudosys" + "libvirtd" + ]; group = "users"; home = "/home/reaper"; - hashedPassword = "$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG."; + hashedPassword = + "$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG."; }; fudo = { isSystemUser = true; diff --git a/hosts/nostromo.nix b/hosts/nostromo.nix index 657730f..2ed9609 100644 --- a/hosts/nostromo.nix +++ b/hosts/nostromo.nix @@ -24,10 +24,7 @@ in { hardware.bluetooth.enable = false; - imports = [ - ../defaults.nix - ../hardware-configuration.nix - ]; + imports = [ ../defaults.nix ../hardware-configuration.nix ]; fudo.common = { profile = "server"; @@ -74,7 +71,7 @@ in { interface eno2 ia_na 1 ia_pd 2 eno2/0 - ''; + ''; # Create a bridge for VMs to use macvlans = { @@ -93,9 +90,7 @@ in { enp9s0f0.useDHCP = false; enp9s0f1.useDHCP = false; - eno2 = { - useDHCP = true; - }; + eno2 = { useDHCP = true; }; intif0 = { useDHCP = false; @@ -121,19 +116,11 @@ in { }; users = { - users = { - fudo-client = { - isSystemUser = true; - }; - }; + users = { fudo-client = { isSystemUser = true; }; }; groups = { - backplane-powerdns = { - members = [ "backplane-powerdns" ]; - }; - backplane-dns = { - members = [ "backplane-dns" ]; - }; + backplane-powerdns = { members = [ "backplane-powerdns" ]; }; + backplane-dns = { members = [ "backplane-dns" ]; }; }; }; @@ -180,11 +167,7 @@ in { docker-containers = { pihole = { image = "pihole/pihole:4.3.2-1"; - ports = [ - "5353:53/tcp" - "5353:53/udp" - "3080:80/tcp" - ]; + ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ]; environment = { ServerIP = host-internal-ip; VIRTUAL_HOST = "dns-hole.sea.fudo.org"; @@ -202,16 +185,19 @@ in { }; }; + fudo.ipfs = { + enable = true; + users = [ "niten" ]; + api-address = "/ip4/${host-internal-ip}/tcp/5001"; + }; + services = { nginx = { enable = true; virtualHosts = { "pihole.sea.fudo.org" = { - serverAliases = [ - "dns-hole.sea.fudo.org" - "hole.sea.fudo.org" - ]; + serverAliases = [ "dns-hole.sea.fudo.org" "hole.sea.fudo.org" ]; locations."/" = { proxyPass = "http://127.0.0.1:3080"; diff --git a/users/niten.nix b/users/niten.nix index 4c37375..aa9a955 100644 --- a/users/niten.nix +++ b/users/niten.nix @@ -11,6 +11,7 @@ in { userName = name; userEmail = email; }; + }; xresources.properties = { @@ -33,20 +34,22 @@ in { # tray = true; # }; - home.file = { - ".doom.d" = { - source = pkgs.doom-emacs-config; - recursive = true; - onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh"; - }; + home = { + file = { + ".doom.d" = { + source = pkgs.doom-emacs-config; + recursive = true; + onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh"; + }; - ".k5login" = { - source = pkgs.writeText "niten-k5login" '' - niten@FUDO.ORG - niten/root@FUDO.ORG - niten@INFORMIS.LAND - niten/root@INFORMIS.LAND - ''; + ".k5login" = { + source = pkgs.writeText "niten-k5login" '' + niten@FUDO.ORG + niten/root@FUDO.ORG + niten@INFORMIS.LAND + niten/root@INFORMIS.LAND + ''; + }; }; }; }