diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..5af31da --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "fudo-pkgs"] + path = fudo-pkgs + url = https://git.fudo.org/fudo-public/fudo-pkgs.git diff --git a/config/common.nix b/config/common.nix index b37a938..de65015 100644 --- a/config/common.nix +++ b/config/common.nix @@ -2,7 +2,14 @@ # Config common to all hosts, which don't belong anywhere else { - config = { - home-manager.users.root = import ../home-manager/root.nix { inherit config lib pkgs; }; + config = let + home-generator = pkgs.callPackage ../niten-home-generator.nix {}; + host-domain = config.fudo.hosts.${config.instance.hostname}.domain; + in { + home-manager.users.root = home-generator.generate-config { + username = "root"; + home-dir = "/root"; + user-email = "root@${config.instance.hostname}.${host-domain}"; + } { }; }; -} \ No newline at end of file +} diff --git a/config/hardware/plato.nix b/config/hardware/plato.nix index 8b0ae54..42391fe 100644 --- a/config/hardware/plato.nix +++ b/config/hardware/plato.nix @@ -17,7 +17,6 @@ with lib; { }; supportedFilesystems = [ "zfs" ]; - # kernelPackages = pkgs.linuxPackages.zfs; }; fileSystems = { diff --git a/config/hardware/system3.nix b/config/hardware/system3.nix index 7287bd7..8b907cf 100644 --- a/config/hardware/system3.nix +++ b/config/hardware/system3.nix @@ -22,7 +22,7 @@ in { kernelModules = [ "kvm-amd" ]; supportedFilesystems = [ "zfs" ]; - kernelPackages = pkgs.linuxPackages_latest; + # kernelPackages = pkgs.linuxPackages_latest; zfs.enableUnstable = true; diff --git a/config/host-config/limina.nix b/config/host-config/limina.nix index c9fe3dc..9be41e6 100644 --- a/config/host-config/limina.nix +++ b/config/host-config/limina.nix @@ -199,20 +199,19 @@ in { forceSSL = true; locations."/" = { - proxyPass = "http://cargo.sea.fudo.org:5000/webman/3rdparty/SurveillanceStation/"; + # proxyPass = "http://cargo.sea.fudo.org:5000/webman/3rdparty/SurveillanceStation/"; + proxyPass = "http://cargo.sea.fudo.org:5000/"; extraConfig = '' proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; - resolver 10.0.0.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-By $server_addr:$server_port; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-By $server_addr:$server_port; + # proxy_set_header X-Forwarded-For $remote_addr; + # proxy_set_header X-Forwarded-Proto $scheme; ''; }; }; diff --git a/home-manager/niten.nix b/home-manager/niten.nix deleted file mode 100644 index 117397c..0000000 --- a/home-manager/niten.nix +++ /dev/null @@ -1,220 +0,0 @@ -{ config, lib, pkgs, homedir, enable-gui ? true, ... }: - -with lib; -let - name = "Niten"; - email = "niten@fudo.org"; - - doom-emacs-config = pkgs.fetchgit { - url = "https://git.fudo.org/niten/doom-emacs.git"; - rev = "0ab1532c856ccdb6ce46c5948054279f439eb1f2"; - sha256 = "06mh74i5hmb15xid7w31wjc4v339cgddd667bpaphqnw666sm08h"; - }; - - doom-emacs = pkgs.callPackage (pkgs.fetchgit { - url = "https://github.com/vlaci/nix-doom-emacs.git"; - rev = "fee14d217b7a911aad507679dafbeaa8c1ebf5ff"; - sha256 = "1g0izscjh5nv4n0n1m58jc6z27i9pkbxs17mnb05a83ffdbmmva6"; - }) { - doomPrivateDir = "${pkgs.doom-emacs-config}"; - extraPackages = with pkgs.emacsPackages; [ elpher use-package ]; - emacsPackagesOverlay = self: super: { - irony = super.irony.overrideAttrs (esuper: { - buildInputs = esuper.buildInputs - ++ [ pkgs.cmake pkgs.libclang pkgs.clang ]; - }); - spinner = let version = "1.7.4"; - in pkgs.emacsPackages.trivialBuild { - inherit version; - pname = "spinner"; - src = builtins.fetchTarball { - url = "https://elpa.gnu.org/packages/spinner-${version}.tar"; - sha256 = "1jj40d68lmz91ynzwqg0jqdjpa9cn5md1hmvjfhy0cr3l16qpfw5"; - }; - buildPhase = ":"; - }; - }; - }; - - gui-packages = with pkgs; - let - steam-with-pipewire = - (steam.override { extraLibraries = pkgs: [ pkgs.pipewire ]; }); - in [ - adapta-backgrounds - exodus - firefox - gnome.gnome-backgrounds - jq - mate.mate-backgrounds - nyxt - openttd - redshift - signal-desktop - spotify - # steam-with-pipewire - # steam-with-pipewire.run - # steamPackages.steamcmd - # steamPackages.steam-fonts - # steamPackages.steam-runtime - xclip - ]; - - common-packages = with pkgs; [ - ant - asdf - atop - binutils - btrfs-progs - bundix - byobu - cdrtools - cargo - clojure - clj2nix - cmake - curl - doom-emacs - # doom-emacs-config - # doomEmacsInit - enca - file - fortune - git - gnome.gnome-tweaks - gnutls - gnupg - google-chrome - guile - imagemagick - ipfs - iptables - jdk - leiningen - libisofs - lispPackages.quicklisp - lsof - lshw - minecraft - mkpasswd - mplayer - mtr - nixfmt - nix-index - nixops - nix-prefetch-scripts - nyxt - nmap - opencv-java - openldap - openssl - pciutils - pipewire - pv - pwgen - python - ruby - rustc - sbcl - stdenv - telnet - texlive.combined.scheme-basic - tmux - unzip - youtube-dl - yubikey-manager - yubikey-personalization - - # Check and pick a favorite - molly-brown - ncgopher - amfora - asuka - kristall - castor - ]; - - ensure-directories = [ ".emacs.d/.local/etc/eshell" ]; - -in { - programs = { - bash = { enable = true; }; - - git = { - enable = true; - userName = name; - userEmail = email; - ignores = [ "*~" ]; - extraConfig = { pull = { rebase = false; }; }; - }; - }; - - xresources.properties = mkIf enable-gui { - "Xft.antialias" = 1; - "Xft.autohint" = 0; - "Xft.dpi" = 192; - "Xft.hinting" = 1; - "Xft.hintstyle" = "hintfull"; - "Xft.lcdfilter" = "lcddefault"; - }; - - services = { - emacs = { - enable = true; - package = doom-emacs; - client = { - enable = true; - arguments = [ "-t" ]; - }; - }; - gpg-agent.enable = true; - }; - - home = { - packages = - if enable-gui then common-packages ++ gui-packages else common-packages; - - file = { - ".local/share/openttd/baseset" = - mkIf enable-gui { source = "${pkgs.openttd-data}/data"; }; - - # For nixified emacs - ".emacs.d/init.el".text = '' - (load "default.el") - - (setq package-archives nil) - ;; (add-to-list 'package-directory-list "~/.nix-profile/share/emacs/site-lisp/elpa") - (package-initialize) - ''; - - ".xsessions" = { - executable = true; - text = '' - # -*-bash-*- - gdmauth=$XAUTHORITY - unset XAUTHORITY - export XAUTHORITY - xauth merge "$gdmauth" - - if [ -f $HOME/.xinitrc ]; then - bash --login -i $HOME/.xinitrc - fi - ''; - }; - - # ".fonts.conf" = { source = ../static/fonts.conf; }; - }; - - sessionVariables = { - # EDITOR = "${doom-emacs}/bin/emacsclient -t"; - ALTERNATE_EDITOR = ""; - - DOOM_EMACS_SITE_PATH = "${doom-emacs-config}/site.d"; - - HISTCONTROL = "ignoredups:ignorespace"; - }; - }; - - systemd.user.tmpfiles.rules = - map (dir: "d ${homedir}/${dir} 700 niten - - -") ensure-directories; -} diff --git a/home-manager/root.nix b/home-manager/root.nix deleted file mode 100644 index 15ef958..0000000 --- a/home-manager/root.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - name = "Root"; - email = "root@fudo.org"; - -in { - programs = { - git = { - enable = true; - userName = name; - userEmail = email; - ignores = [ "*~" ]; - extraConfig = { pull = { rebase = false; }; }; - }; - }; - - home = { - file = { - ".doom.d" = { - source = pkgs.doom-emacs-config; - recursive = true; - }; - - ".k5login" = { - source = pkgs.writeText "niten-k5login" '' - niten/root@FUDO.ORG - niten/root@INFORMIS.LAND - reaper/root@FUDO.ORG - ''; - }; - }; - - sessionVariables = { - EDITOR = "emacsclient -t"; - ALTERNATE_EDITOR = ""; - - HISTCONTROL = "ignoredups:ignorespace"; - }; - }; -} diff --git a/initialize.nix b/initialize.nix index 02f17c4..cfec1ff 100644 --- a/initialize.nix +++ b/initialize.nix @@ -1,18 +1,16 @@ -{ hostname, home-manager-package, pkgs, fudo-pkgs, include-secrets ? true, ... }: +{ hostname, home-manager-module, pkgs, include-secrets ? true, ... }: let + # Get info on this host so we know what to load host-config = import (./. + "/config/hosts/${hostname}.nix"); -in { +in { imports = [ ./lib ./config - - # Without turning this into a path, there's a "lastModified missing" error - "${fudo-pkgs}/" - "${home-manager-package}/nixos" - ] ++ [ + home-manager-module + (./. + "/config/hardware/${hostname}.nix") (./. + "/config/host-config/${hostname}.nix") (./. + "/config/profile-config/${host-config.profile}.nix") @@ -23,6 +21,8 @@ in { config = { instance = { hostname = hostname; }; + nixpkgs.pkgs = pkgs; + fudo.secrets.enable = include-secrets; }; } diff --git a/lib/fudo/hosts.nix b/lib/fudo/hosts.nix index 59b074f..99df101 100644 --- a/lib/fudo/hosts.nix +++ b/lib/fudo/hosts.nix @@ -185,11 +185,11 @@ in { # Necessary to ensure that Kerberos and Avahi both work. Kerberos needs # the fqdn of the host, whereas Avahi wants just the simple hostname.` - hosts = { - "127.0.0.2" = [ "${hostname}.${domain-name}" "${hostname}" ]; - "127.0.0.1" = [ "${hostname}.${domain-name}" "${hostname}" ]; - "::1" = [ "${hostname}.${domain-name}" "${hostname}" ]; - }; + # hosts = { + # "127.0.0.2" = mkForce [ "${hostname}.${domain-name}" "${hostname}" ]; + # "127.0.0.1" = mkForce [ "${hostname}.${domain-name}" "${hostname}" ]; + # "::1" = mkForce [ "${hostname}.${domain-name}" "${hostname}" ]; + # }; firewall = { enable = (length host-cfg.external-interfaces) > 0; @@ -197,11 +197,17 @@ in { }; }; - environment.etc.hosts = mkForce { + # NixOS generates a stupid hosts file, just force it + environment.etc.hosts = let + host-entries = mapAttrsToList + (ip: hostnames: "${ip} ${concatStringsSep " " hostnames}") + config.fudo.system.hostfile-entries; + in mkForce { text = '' 127.0.0.1 ${hostname}.${domain-name} ${hostname} localhost 127.0.0.2 ${hostname} localhost ::1 ${hostname}.${domain-name} ${hostname} localhost + ${concatStringsSep "\n" host-entries} ''; user = "root"; group = "root"; diff --git a/lib/fudo/local-network.nix b/lib/fudo/local-network.nix index 7f117e4..0de269c 100644 --- a/lib/fudo/local-network.nix +++ b/lib/fudo/local-network.nix @@ -1,7 +1,6 @@ { lib, config, pkgs, ... }: with lib; - let cfg = config.fudo.local-network; @@ -88,12 +87,12 @@ in { config = mkIf cfg.enable { - networking.hosts = let + fudo.system.hostfile-entries = let other-hosts = filterAttrs (hostname: hostOpts: hostname != config.instance.hostname) cfg.network-definition.hosts; - in mapAttrs' - (hostname: hostOpts: nameValuePair hostOpts.ipv4-address ["${hostname}.${cfg.domain}" hostname]) + in mapAttrs' (hostname: hostOpts: + nameValuePair hostOpts.ipv4-address ["${hostname}.${cfg.domain}" hostname]) other-hosts; services.dhcpd4 = let network = cfg.network-definition; diff --git a/lib/fudo/system-networking.nix b/lib/fudo/system-networking.nix index bb612e9..07c13c5 100644 --- a/lib/fudo/system-networking.nix +++ b/lib/fudo/system-networking.nix @@ -38,6 +38,16 @@ in { }; }; }; + + # DO THIS MANUALLY since NixOS sux at making a reasonable /etc/hosts + hostfile-entries = mkOption { + type = attrsOf (listOf str); + description = "Map of extra IP addresses to hostnames for /etc/hosts"; + default = {}; + example = { + "10.0.0.3" = [ "my-host" "my-host.my.domain" ]; + }; + }; }; config = mkIf (cfg.internal-port-map != { }) { diff --git a/lib/system.nix b/lib/system.nix index c9d7f1e..f9703f0 100644 --- a/lib/system.nix +++ b/lib/system.nix @@ -25,6 +25,9 @@ let config.fudo.groups; in { + local-host = local-host; + local-domain = local-domain; + local-site = local-site; local-users = local-users; local-admins = local-admins; local-groups = local-groups; diff --git a/nixops/lib/hosts.nix b/nixops/lib/hosts.nix index e58ba32..f470266 100644 --- a/nixops/lib/hosts.nix +++ b/nixops/lib/hosts.nix @@ -1,30 +1,13 @@ -{ nixos-version, ... }: +{ pkgs, home-manager-module, ... }: let - pkgs = import (builtins.prefetchGit { - url = "https://github.com/NixOS/nixpkgs.git"; - ref = "release-${nixos-version}"; - }) {}; - - home-manager-package = builtins.fetchGit { - url = "https://github.com/nix-community/home-manager.git"; - ref = "release-${nixos-version}"; - }; - - fudo-pkgs = builtins.fetchGit { - url = "https://git.fudo.org/fudo-public/fudo-pkgs.git"; - }; - initialize = import ../../initialize.nix; host-config = ip: hostname: { ... }: { imports = [ (initialize { - hostname = hostname; - home-manager-package = home-manager-package; - pkgs = pkgs; - fudo-pkgs = fudo-pkgs; + inherit hostname home-manager-module pkgs; }) ]; diff --git a/nixops/seattle.nix b/nixops/seattle.nix index 77db32c..6472b95 100644 --- a/nixops/seattle.nix +++ b/nixops/seattle.nix @@ -1,7 +1,25 @@ let - nixos-version = "21.05"; + # fudo-pkgs = builtins.fetchGit { + # url = "https://git.fudo.org/fudo-public/fudo-pkgs.git"; + # }; + + pkgs = import { + config = { + allowUnfree = true; + permittedInsecurePackages = [ + "openssh-with-gssapi-8.4p1" + ]; + }; + overlays = [ + (import ../fudo-pkgs/overlay.nix) + ]; + }; - hostlib = import ./lib/hosts.nix { inherit nixos-version; }; + home-manager-module = import ; + + hostlib = import ./lib/hosts.nix { + inherit pkgs home-manager-module; + }; define-host = hostlib.host-config;