commit 0dd2534b18f9bd56a55f30d7ff8d232aeea80e7d parent 265ef957d52f482c44847bd67a1a7dd415c4fffc Author: Vincent Demeester <vincent@sbr.pm> Date: Thu, 30 Apr 2020 02:38:23 +0200 Remove tmp/nixos-configuration 👼 Signed-off-by: Vincent Demeester <vincent@sbr.pm> Diffstat:
70 files changed, 0 insertions(+), 3482 deletions(-)
diff --git a/tmp/nixos-configuration/.dir-locals.el b/tmp/nixos-configuration/.dir-locals.el @@ -1,7 +0,0 @@ -;;; Directory Local Variables -;;; For more information see (info "(emacs) Directory Variables") - -((nil (eval . (setq projectile-project-compilation-cmd "nixos-rebuild dry-build" - projectile-project-run-cmd "nixos-rebuild switch"))) - (nix-mode - (tab-width . 2))) diff --git a/tmp/nixos-configuration/.gitignore b/tmp/nixos-configuration/.gitignore @@ -1,11 +0,0 @@ -hardware-configuration.nix -result -result-bin -.tramp* -*~ -hostname -accounts.nix -assets/* -networking.nix -wireguard*.key -.envrc diff --git a/tmp/nixos-configuration/.gitmodules b/tmp/nixos-configuration/.gitmodules @@ -1,3 +0,0 @@ -[submodule "pkgs/nix-beautify"] - path = pkgs/nix-beautify - url = git@github.com:vdemeester/nix-beautify diff --git a/tmp/nixos-configuration/Makefile b/tmp/nixos-configuration/Makefile @@ -1,22 +0,0 @@ -all: dry-build - -.PHONY: assets -assets: - mkdir -p assets - cp -Rv /home/vincent/sync/nixos/* assets/ - -.PHONY: update -update: - nix-channel --update - -.PHONY: dry-build -dry-build: assets - nixos-rebuild dry-build - -.PHONY: switch -switch: assets - nixos-rebuild switch - -.PHONY: clean -clean: - nix-env --profile /nix/var/nix/profiles/system --delete-generations 15d diff --git a/tmp/nixos-configuration/README.md b/tmp/nixos-configuration/README.md @@ -1,20 +0,0 @@ -# Nixos configuration 🐸 - -This is my nixos configuration, commonly used on all my -nixos-enabled computers. - -## How to use 🐻 - -## NixOS - -When installing nixos: - -- clone this repository in `/etc/nixos` -- create a `hostname` with the hostname you want (`echo wakasu > /etc/nixos/hostname`) -- create a `machine/${hostname}.nix` file with the thing you want (look at other ones) -- run `nixos-generate-configuration` to have the - `hardware-configuration.nix` generated. - -## On other operating system/distributions - -Use [vdemeester/home](https://github.com/vdemeester/home) instead. diff --git a/tmp/nixos-configuration/assets/machines.nix.example b/tmp/nixos-configuration/assets/machines.nix.example @@ -1,37 +0,0 @@ -let - wireguard = { - ips = { - kerkouane = "10.100.0.1"; - shikoku = "10.100.0.2"; - # […] - }; - kerkouane = { - allowedIPs = [ "${wireguard.ips.kerkouane}/32" ]; - publicKey = "<kerkouane wireguard public key>"; - }; - shikoku = { - allowedIPs = [ "${wireguard.ips.shikoku}/32" ]; - publicKey = "<shikoku wireguard public key>"; - }; - # […] - }; - ssh = { - kerkouane = { - port = <custom ssh port>; - key = "<kerkouane ssh public key>"; - }; - shikoku = { - key = "<shikoku ssh public key>"; - }; - }; -in { - wireguard = wireguard; - wg = { - allowedIPs = "10.100.0.0/24"; - listenPort = <wireguard port to listen to>; - endpointIP = "<public remote address>"; - persistentKeepalive = 25; - peers = [ wireguard.shikoku ]; - }; - ssh = ssh; -} diff --git a/tmp/nixos-configuration/configuration.nix b/tmp/nixos-configuration/configuration.nix @@ -1,20 +0,0 @@ -# This configuration file simply determines the hostname and then import both -# the default configuration (common for all machine) and specific machine -# configuration. - -{ config, pkgs, ... }: -let - hostName = "${builtins.readFile ./hostname}"; -in -rec { - imports = [ - # Generated hardware configuration - ./hardware-configuration.nix - # Default profile with default configuration - ./modules/module-list.nix - # Machine specific configuration files - (./machine + "/${hostName}.nix") - ]; - - networking.hostName = "${hostName}"; -} diff --git a/tmp/nixos-configuration/hardware/dell-latitude-e6540.nix b/tmp/nixos-configuration/hardware/dell-latitude-e6540.nix @@ -1,25 +0,0 @@ -{ config, pkgs, ... }: - -{ - boot = { - loader.efi.canTouchEfiVariables = true; - kernelParams = [ - # Kernel GPU Savings Options (NOTE i915 chipset only) - "i915.enable_rc6=0" "i915.enable_fbc=1" - "i915.lvds_use_ssc=0" - "drm.debug=0" "drm.vblankoffdelay=1" - ]; - blacklistedKernelModules = [ - # Kernel GPU Savings Options (NOTE i915 chipset only) - "sierra_net" "cdc_mbim" "cdc_ncm" - ]; - }; - hardware = { - opengl = { - enable = true; - extraPackages = [ pkgs.vaapiIntel ]; - driSupport32Bit = true; - }; - }; - services.acpid.enable = true; -} diff --git a/tmp/nixos-configuration/hardware/lenovo-p50.nix b/tmp/nixos-configuration/hardware/lenovo-p50.nix @@ -1,49 +0,0 @@ -{ config, pkgs, ...}: - -{ - imports = [ ./thinkpad.nix ]; - hardware = { - bluetooth = { - enable = true; - powerOnBoot = true; - }; - nvidia.optimus_prime = { - enable = true; - nvidiaBusId = "PCI:1:0:0"; - intelBusId = "PCI:0:2:0"; - }; - }; - services = { - tlp = { - extraConfig = '' -# CPU optimizations -CPU_SCALING_GOVERNOR_ON_AC=performance -CPU_SCALING_GOVERNOR_ON_BAT=powersave -CPU_MIN_PERF_ON_AC=0 -CPU_MAX_PERF_ON_AC=100 -CPU_MIN_PERF_ON_BAT=0 -CPU_MAX_PERF_ON_BAT=50 -# DEVICES (wifi, ..) -DEVICES_TO_DISABLE_ON_STARTUP="" -DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" -DEVICES_TO_DISABLE_ON_BAT="" -# Network management -DEVICES_TO_DISABLE_ON_LAN_CONNECT="" -DEVICES_TO_DISABLE_ON_WIFI_CONNECT="" -DEVICES_TO_DISABLE_ON_WWAN_CONNECT="" -DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="" -DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" -DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" -# Docking -DEVICES_TO_DISABLE_ON_DOCK="wifi" -DEVICES_TO_ENABLE_ON_UNDOCK="wifi" -# Make sure it uses the right hard drive -DISK_DEVICES="nvme0n1p2" - ''; - }; - udev.extraRules = '' - # Rules for Lenovo Thinkpad WS Dock - SUBSYSTEM=="usb", ACTION=="add|remove", ENV{ID_VENDOR}=="17ef", ENV{ID_MODEL}=="305a", RUN+="${pkgs.vde-thinkpad}/bin/dock" - ''; - }; -} diff --git a/tmp/nixos-configuration/hardware/thinkpad-t460s.nix b/tmp/nixos-configuration/hardware/thinkpad-t460s.nix @@ -1,37 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ ./thinkpad.nix ]; - services = { - tlp = { - extraConfig = '' -# CPU optimizations -CPU_SCALING_GOVERNOR_ON_AC=performance -CPU_SCALING_GOVERNOR_ON_BAT=powersave -CPU_MIN_PERF_ON_AC=0 -CPU_MAX_PERF_ON_AC=100 -CPU_MIN_PERF_ON_BAT=0 -CPU_MAX_PERF_ON_BAT=50 -# DEVICES (wifi, ..) -DEVICES_TO_DISABLE_ON_STARTUP="" -DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" -DEVICES_TO_DISABLE_ON_BAT="" -# Network management -DEVICES_TO_DISABLE_ON_LAN_CONNECT="" -DEVICES_TO_DISABLE_ON_WIFI_CONNECT="" -DEVICES_TO_DISABLE_ON_WWAN_CONNECT="" -DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="" -DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" -DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" -# Docking -DEVICES_TO_DISABLE_ON_DOCK="wifi" -DEVICES_TO_ENABLE_ON_UNDOCK="wifi" -# Make sure it uses the right hard drive -DISK_DEVICES="nvme0n1p3" - ''; - }; - xserver = { - dpi = 128; - }; - }; -} diff --git a/tmp/nixos-configuration/hardware/thinkpad-x220.nix b/tmp/nixos-configuration/hardware/thinkpad-x220.nix @@ -1,55 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ ./thinkpad.nix ]; - boot = { - kernelParams = [ "i915.enable_psr=1" ]; - extraModprobeConfig = '' - options iwlwifi 11n_disable=1 - ''; - }; - security = { - pam.services = { - slimlock.fprintAuth = false; - slim.fprintAuth = false; - login.fprintAuth = false; - xscreensaver.fprintAuth = false; - }; - }; - services = { - fprintd.enable = true; - tlp = { - extraConfig = '' -# CPU optimizations -CPU_SCALING_GOVERNOR_ON_AC=performance -CPU_SCALING_GOVERNOR_ON_BAT=powersave -CPU_MIN_PERF_ON_AC=0 -CPU_MAX_PERF_ON_AC=100 -CPU_MIN_PERF_ON_BAT=0 -CPU_MAX_PERF_ON_BAT=50 -CPU_BOOST_ON_AC=1 -CPU_BOOST_ON_BAT=0 -# DEVICES (wifi, ..) -DEVICES_TO_DISABLE_ON_STARTUP="bluetooth" -DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" -DEVICES_TO_DISABLE_ON_BAT="bluetooth" -# Network management -DEVICES_TO_DISABLE_ON_LAN_CONNECT="" -DEVICES_TO_DISABLE_ON_WIFI_CONNECT="" -DEVICES_TO_DISABLE_ON_WWAN_CONNECT="" -DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="" -DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" -DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" -DISK_IDLE_SECS_ON_AC=0 -DISK_IDLE_SECS_ON_BAT=2 -MAX_LOST_WORK_SECS_ON_AC=15 -MAX_LOST_WORK_SECS_ON_BAT=60 -DISK_DEVICES="ata-Corsair_Force_LX_SSD_15256501000102160059" -SOUND_POWER_SAVE_ON_AC=0 -SOUND_POWER_SAVE_ON_BAT=1 -USB_AUTOSUSPEND=1 -USB_BLACKLIST_BTUSB=1 - ''; - }; - }; -} diff --git a/tmp/nixos-configuration/hardware/thinkpad.nix b/tmp/nixos-configuration/hardware/thinkpad.nix @@ -1,74 +0,0 @@ -{ config, pkgs, ... }: - -{ - boot = { - blacklistedKernelModules = [ - # Kernel GPU Savings Options (NOTE i915 chipset only) - "sierra_net" "cdc_mbim" "cdc_ncm" - ]; - extraModprobeConfig = '' - options snd_hda_intel power_save=1 - ''; - initrd = { - availableKernelModules = [ "aesni-intel" "aes_x86_64" "cryptd" ]; - }; - kernelModules = [ "kvm_intel" ]; - kernelParams = [ - # Kernel GPU Savings Options (NOTE i915 chipset only) - "i915.enable_rc6=1" "i915.enable_fbc=1" - "i915.lvds_use_ssc=0" - "drm.debug=0" "drm.vblankoffdelay=1" - "kvm_intel.nested=1" - "intel_iommu=on" - ]; - loader.efi.canTouchEfiVariables = true; - }; - environment.systemPackages = with pkgs; [ - linuxPackages.tp_smapi - ]; - hardware = { - trackpoint.enable = false; - cpu.intel.updateMicrocode = true; - opengl = { - #enable = true; - extraPackages = [ pkgs.vaapiIntel ]; - #driSupport32Bit = true; - }; - }; - services = { - acpid = { - enable = true; - lidEventCommands = '' -if grep -q closed /proc/acpi/button/lid/LID/state; then - date >> /tmp/i3lock.log - DISPLAY=":0.0" XAUTHORITY=/home/fadenb/.Xauthority ${pkgs.i3lock}/bin/i3lock &>> /tmp/i3lock.log -fi - ''; - }; - tlp = { - enable = true; - }; - xserver = { - synaptics.enable = false; - config = - '' - Section "InputClass" - Identifier "Enable libinput for TrackPoint" - MatchIsPointer "on" - Driver "libinput" - Option "ScrollMethod" "button" - Option "ScrollButton" "8" - EndSection - ''; - inputClassSections = [ - '' - Identifier "evdev touchpad off" - MatchIsTouchpad "on" - MatchDevicePath "/dev/input/event*" - Driver "evdev" - Option "Ignore" "true" - '' - ]; - }; - }; -} diff --git a/tmp/nixos-configuration/machine/carthage.nix b/tmp/nixos-configuration/machine/carthage.nix @@ -1,49 +0,0 @@ -{ config, pkgs, ... }: - -with import ../assets/machines.nix; { - imports = [ - ../networking.nix # generated at runtime by nixos-infect - ]; - time.timeZone = "Europe/Paris"; - boot = { - cleanTmpDir = true; - loader.grub.enable = true; - }; - profiles = { - git.enable = true; - nix-config.localCaches = []; - nix-config.buildCores = 1; - ssh.enable = true; - syncthing.enable = true; - }; - networking.firewall.allowPing = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - security = { - acme.certs = { - "sbr.pm".email = "vincent@sbr.pm"; - }; - }; - services = { - nginx = { - enable = true; - virtualHosts."carthage.sbr.pm" = { - enableACME = true; - forceSSL = true; - root = "/home/vincent/desktop/sites/carthage.sbr.pm"; - locations."/" = { - index = "index.html"; - }; - }; - }; - openssh.ports = [ ssh.carthage.port ]; - openssh.permitRootLogin = "without-password"; - syncthing.guiAddress = "127.0.0.1:8384"; - wireguard = { - enable = true; - ips = [ "${wireguard.ips.carthage}/24" ]; - endpoint = wg.endpointIP; - endpointPort = wg.listenPort; - endpointPublicKey = wireguard.kerkouane.publicKey; - }; - }; -} diff --git a/tmp/nixos-configuration/machine/hokkaido.nix b/tmp/nixos-configuration/machine/hokkaido.nix @@ -1,86 +0,0 @@ -{ config, pkgs, ... }: - -with import ../assets/machines.nix; { - imports = [ ../hardware/thinkpad-x220.nix ./home.nix ]; - boot = { - kernel.sysctl = { - "net.bridge.bridge-nf-call-arptables" = 0; - "net.bridge.bridge-nf-call-iptables" = 0; - "net.bridge.bridge-nf-call-ip6tables" = 0; - }; - }; - profiles = { - avahi.enable = true; - dev.enable = true; - ssh.enable = true; - syncthing.enable = true; - nix-config.buildCores = 2; - virtualization = { - enable = true; - nested = true; - listenTCP = true; - }; - }; - services = { - logind = { - lidSwitch = "ignore"; - }; - syncthing.guiAddress = "0.0.0.0:8384"; - wireguard = { - enable = true; - ips = [ "${wireguard.ips.hokkaido}/24" ]; - endpoint = wg.endpointIP; - endpointPort = wg.listenPort; - endpointPublicKey = wireguard.kerkouane.publicKey; - }; - }; - # ----------------------------------- - environment.etc."vrsync".text = '' -/home/vincent/desktop/pictures/screenshots/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/screenshots/ -/home/vincent/desktop/pictures/wallpapers/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/wallpapers/ -/home/vincent/desktop/documents/ vincent@synodine.home:/volume1/documents/ -/mnt/Toshito/photos/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/photos/ -/mnt/Toshito/music/ vincent@synodine.home:/volumeUSB2/usbshare/music/ - ''; - systemd.services.vrsync = { - description = "vrsync - sync folders to NAS"; - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - - unitConfig.X-StopOnRemoval = false; - restartIfChanged = false; - - path = with pkgs; [ rsync coreutils bash openssh ]; - script = '' - ${pkgs.vrsync}/bin/vrsync - ''; - - startAt = "hourly"; - serviceConfig = { - Type = "oneshot"; - OnFailure = "status-email-root@%n.service"; - }; - }; - # ape – sync git mirrors - systemd.services.ape = { - description = "Ape - sync git mirrors"; - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - - restartIfChanged = false; - unitConfig.X-StopOnRemoval = false; - - serviceConfig = { - Type = "oneshot"; - User = "vincent"; - OnFailure = "status-email-root@%n.service"; - }; - - path = with pkgs; [ git ]; - script = '' - ${pkgs.nur.repos.vdemeester.ape}/bin/ape up /home/vincent/var/mirrors - ''; - - startAt = "hourly"; - }; -} diff --git a/tmp/nixos-configuration/machine/home.nix b/tmp/nixos-configuration/machine/home.nix @@ -1,30 +0,0 @@ -{ config, pkgs, ... }: - -with import ../assets/machines.nix; { - boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ]; - networking.domain = "synodine.home"; - time.timeZone = "Europe/Paris"; - # To mimic autofs on fedora - fileSystems."/net/synodine.home/" = { - device = "${home.ips.synodine}:/"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" ]; - }; - # FIXME(vdemeester): I think it acts like this because there is only one export - fileSystems."/net/sakhalin.home/export/" = { - device = "${home.ips.sakhalin}:/"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" ]; - }; - # Deprecated - fileSystems."/mnt/synodine" = { - device = "${home.ips.synodine}:/"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" ]; - }; - fileSystems."/mnt/sakhalin" = { - device = "${home.ips.sakhalin}:/"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" ]; - }; -} diff --git a/tmp/nixos-configuration/machine/honshu.nix b/tmp/nixos-configuration/machine/honshu.nix @@ -1,36 +0,0 @@ -{ config, pkgs, ... }: - -with import ../assets/machines.nix; { - imports = [ ../hardware/dell-latitude-e6540.nix ./home.nix ]; - networking = { - firewall.enable = false; # we are in safe territory :D - bridges.br1.interfaces = [ "eno1" ]; - useDHCP = false; - interfaces.br1 = { - useDHCP = true; - }; - }; - profiles = { - avahi.enable = true; - dev.enable = true; - nix-config.buildCores = 4; - ssh.enable = true; - syncthing.enable = true; - virtualization = { - enable = true; - nested = true; - listenTCP = true; - }; - }; - services = { - logind.lidSwitch = "ignore"; - syncthing.guiAddress = "0.0.0.0:8384"; - wireguard = { - enable = true; - ips = [ "${wireguard.ips.honshu}/24" ]; - endpoint = wg.endpointIP; - endpointPort = wg.listenPort; - endpointPublicKey = wireguard.kerkouane.publicKey; - }; - }; -} diff --git a/tmp/nixos-configuration/machine/kerkouane.nix b/tmp/nixos-configuration/machine/kerkouane.nix @@ -1,86 +0,0 @@ -{ config, pkgs, ... }: - -with import ../assets/machines.nix; { - imports = [ ../networking.nix ]; - time.timeZone = "Europe/Paris"; - boot = { - cleanTmpDir = true; - loader.grub.enable = true; - }; - profiles = { - git.enable = true; - nix-config.localCaches = []; - nix-config.buildCores = 1; - ssh.enable = true; - syncthing.enable = true; - wireguard.server.enable = true; - }; - networking.firewall.allowPing = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - security = { - acme.certs = { - "sbr.pm".email = "vincent@sbr.pm"; - }; - }; - services = { - govanityurl = { - enable = true; - user = "nginx"; - host = "go.sbr.pm"; - config = '' - paths: - /ape: - repo: https://gitlab.com/vdemeester/ape - /nr: - repo: https://gitlab.com/vdemeester/nr - /ram: - repo: https://gitlab.com/vdemeester/ram - /sec: - repo: https://gitlab.com/vdemeester/sec - ''; - }; - nginx = { - enable = true; - virtualHosts."dl.sbr.pm" = { - enableACME = true; - forceSSL = true; - root = "/home/vincent/desktop/sites/dl.sbr.pm"; - locations."/" = { - index = "index.html"; - }; - }; - virtualHosts."paste.sbr.pm" = { - enableACME = true; - forceSSL = true; - root = "/home/vincent/desktop/sites/paste.sbr.pm"; - locations."/" = { - index = "index.html"; - }; - }; - virtualHosts."go.sbr.pm" = { - enableACME = true; - forceSSL = true; - locations."/" = { proxyPass = "http://127.0.0.1:8080"; }; - }; - virtualHosts."sbr.pm" = { - enableACME = true; - forceSSL = true; - root = "/home/vincent/desktop/sites/sbr.pm"; - locations."/" = { - index = "index.html"; - }; - }; - virtualHosts."vincent.demeester.fr" = { - enableACME = true; - forceSSL = true; - root = "/home/vincent/desktop/sites/vincent.demeester.fr"; - locations."/" = { - index = "index.html"; - }; - }; - }; - openssh.ports = [ ssh.kerkouane.port ]; - openssh.permitRootLogin = "without-password"; - syncthing.guiAddress = "127.0.0.1:8384"; - }; -} diff --git a/tmp/nixos-configuration/machine/okinawa.nix b/tmp/nixos-configuration/machine/okinawa.nix @@ -1,95 +0,0 @@ -{ config, pkgs, ... }: - -with import ../assets/machines.nix; { - imports = [ ./home.nix ]; - boot = { - cleanTmpDir = true; - }; - networking = { - firewall.enable = false; # we are in safe territory :D - bridges.br1.interfaces = [ "enp0s31f6" ]; - useDHCP = false; - interfaces.br1 = { - useDHCP = true; - }; - }; - profiles = { - avahi.enable = true; - git.enable = true; - nix-config.buildCores = 4; - ssh.enable = true; - syncthing.enable = true; - virtualization = { - enable = true; - nested = true; - listenTCP = true; - }; - }; - services = { - bind = { - enable = true; - forwarders = [ "8.8.8.8" "8.8.4.4" ]; - cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ]; - zones = [ - { - # home - name = "home"; - slaves = []; - file = ../assets/db.home; - } - { - # home.reverse - name = "192.168.1.in-addr.arpa"; - slaves = []; - file = ../assets/db.192.168.1; - } - { - # vpn - name = "vpn"; - slaves = []; - file = ../assets/db.vpn; - } - { - # vpn.reverse - name = "10.100.0.in-addr.arpa"; - slaves = []; - file = ../assets/db.10.100.0; - } - ]; - }; - nix-binary-cache = { - enable = true; - domain = "nix.cache.home"; - aliases = [ "cache.massimo.home" "nix.okinawa.home" ]; - }; - syncthing.guiAddress = "0.0.0.0:8384"; - tarsnap = { - enable = true; - archives = { - documents = { - directories = [ "/home/vincent/desktop/documents" ]; - period = "daily"; - keyfile = "/etc/nixos/assets/tarsnap.documents.key"; - }; - org = { - directories = [ "/home/vincent/desktop/org" ]; - period = "daily"; - keyfile = "/etc/nixos/assets/tarsnap.org.key"; - }; - sites = { - directories = [ "/home/vincent/desktop/sites" ]; - period = "daily"; - keyfile = "/etc/nixos/assets/tarsnap.sites.key"; - }; - }; - }; - wireguard = { - enable = true; - ips = [ "${wireguard.ips.okinawa}/24" ]; - endpoint = wg.endpointIP; - endpointPort = wg.listenPort; - endpointPublicKey = wireguard.kerkouane.publicKey; - }; - }; - security.apparmor.enable = true; -} diff --git a/tmp/nixos-configuration/machine/sakhalin.nix b/tmp/nixos-configuration/machine/sakhalin.nix @@ -1,154 +0,0 @@ -{ config, pkgs, ... }: - -with import ../assets/machines.nix; { - imports = [ ./home.nix ]; - boot = { - cleanTmpDir = true; - }; - networking = { - firewall.enable = false; # we are in safe territory :D - bridges.br1.interfaces = [ "enp0s31f6" ]; - useDHCP = false; - interfaces.br1 = { - useDHCP = true; - }; - }; - profiles = { - avahi.enable = true; - git.enable = true; - nix-config.buildCores = 4; - ssh.enable = true; - syncthing.enable = true; - virtualization = { - enable = true; - nested = true; - listenTCP = true; - }; - }; - fileSystems."/export/gaia" = { device = "/mnt/gaia"; options = [ "bind" ]; }; - fileSystems."/export/toshito" = { device = "/mnt/toshito"; options = [ "bind" ]; }; - services = { - nfs.server = { - enable = true; - exports = '' - /export 192.168.1.0/24(rw,fsid=0,no_subtree_check) 10.100.0.0/24(rw,fsid=0,no_subtree_check) - /export/gaia 192.168.1.0/24(rw,fsid=1,no_subtree_check) 10.100.0.0/24(rw,fsid=1,no_subtree_check) - /export/toshito 192.168.1.0/24(rw,fsid=2,no_subtree_check) 10.100.0.0/24(rw,fsid=2,no_subtree_check) - ''; - }; - bind = { - enable = true; - forwarders = [ "8.8.8.8" "8.8.4.4" ]; - cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ]; - zones = [ - { - # home - name = "home"; - slaves = []; - file = ../assets/db.home; - } - { - # home.reverse - name = "192.168.1.in-addr.arpa"; - slaves = []; - file = ../assets/db.192.168.1; - } - { - # vpn - name = "vpn"; - slaves = []; - file = ../assets/db.vpn; - } - { - # vpn.reverse - name = "10.100.0.in-addr.arpa"; - slaves = []; - file = ../assets/db.10.100.0; - } - ]; - }; - syncthing.guiAddress = "0.0.0.0:8384"; - wireguard = { - enable = true; - ips = [ "${wireguard.ips.sakhalin}/24" ]; - endpoint = wg.endpointIP; - endpointPort = wg.listenPort; - endpointPublicKey = wireguard.kerkouane.publicKey; - }; - }; - security.apparmor.enable = true; - # ----------------------------------- - environment.etc."vrsync".text = '' - /home/vincent/desktop/pictures/screenshots/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/screenshots/ - /home/vincent/desktop/pictures/wallpapers/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/wallpapers/ - /home/vincent/desktop/documents/ vincent@synodine.home:/volume1/documents/ - /mnt/gaia/photos/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/photos/ - /mnt/gaia/music/ vincent@synodine.home:/volumeUSB2/usbshare/music/ - ''; - systemd.services.vrsync = { - description = "vrsync - sync folders to NAS"; - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - - unitConfig.X-StopOnRemoval = false; - restartIfChanged = false; - - path = with pkgs; [ rsync coreutils bash openssh ]; - script = '' - ${pkgs.vrsync}/bin/vrsync - ''; - - startAt = "hourly"; - serviceConfig = { - Type = "oneshot"; - OnFailure = "status-email-root@%n.service"; - }; - }; - # ape – sync git mirrors - systemd.services.ape = { - description = "Ape - sync git mirrors"; - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - - restartIfChanged = false; - unitConfig.X-StopOnRemoval = false; - - serviceConfig = { - Type = "oneshot"; - User = "vincent"; - OnFailure = "status-email-root@%n.service"; - }; - - path = with pkgs; [ git ]; - script = '' - ${pkgs.nur.repos.vdemeester.ape}/bin/ape up /home/vincent/var/mirrors - ''; - - startAt = "hourly"; - }; - # mr -i u daily - systemd.services.mr = { - description = "Update configs daily"; - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - - restartIfChanged = false; - unitConfig.X-StopOnRemoval = false; - - serviceConfig = { - Type = "oneshot"; - User = "vincent"; - OnFailure = "status-email-root@%n.service"; - }; - - path = with pkgs; [ git mr ]; - script = '' - set -e - cd /mnt/gaia/src/configs/ - mr -t run git reset --hard - mr -t u - ''; - - startAt = "daily"; - }; -} diff --git a/tmp/nixos-configuration/machine/wakasu.nix b/tmp/nixos-configuration/machine/wakasu.nix @@ -1,91 +0,0 @@ -{ config, pkgs, ... }: - -with import ../assets/machines.nix; { - imports = [ ../hardware/lenovo-p50.nix ./home.nix ]; - boot = { - kernelModules = [ "kvm_intel" ]; - kernelParams = [ "kvm_intel.nested=1" ]; - kernel.sysctl = { - "net.bridge.bridge-nf-call-arptables" = 0; - "net.bridge.bridge-nf-call-iptables" = 0; - "net.bridge.bridge-nf-call-ip6tables" = 0; - }; - }; - networking = { - firewall.enable = false; # we are in safe territory :D - hosts = { - "${home.ips.honshu}" = [ "honshu.home" ]; - "${wireguard.ips.honshu}" = [ "honshu.vpn" ]; - "${home.ips.shikoku}" = [ "shikoku.home" ]; - "${wireguard.ips.shikoku}" = [ "shikoku.vpn" ]; - "${home.ips.wakasu}" = [ "wakasu.home" ]; - "${wireguard.ips.wakasu}" = [ "wakasu.vpn" ]; - "${home.ips.hokkaido}" = [ "hokkaido.home" ]; - "${wireguard.ips.hokkaido}" = [ "hokkaido.vpn" ]; - "${home.ips.sakhalin}" = [ "sakhalin.home" ]; - "${wireguard.ips.sakhalin}" = [ "sakhalin.vpn" ]; - "${wireguard.ips.massimo}" = [ "massimo.vpn" ]; - "${home.ips.synodine}" = [ "synodine.home" ]; - "${home.ips.okinawa}" = [ "okinawa.home" "cache.home" "svc.home" "nix.cache.home" "go.cache.home" ]; - "${wireguard.ips.okinawa}" = [ "okinawa.vpn" ]; - "${wireguard.ips.carthage}" = [ "carthage.vpn" ]; - "${wireguard.ips.kerkouane}" = [ "kerkouane.vpn" ]; - }; - }; - profiles = { - dev.enable = true; - laptop.enable = true; - desktop.autoLogin = true; - docker.enable = true; - nix-config.buildCores = 4; - #qemu-user = { arm = true; aarch64 = true; }; - ssh = { - enable = true; - forwardX11 = true; - }; - virtualization = { - enable = true; - nested = true; - listenTCP = true; - }; - yubikey.enable = true; - }; - programs = { - podman.enable = true; - }; - security.sudo = { - extraConfig = '' - %users ALL = (root) NOPASSWD: /home/vincent/.nix-profile/bin/kubernix - ''; - }; - services = { - logind.extraConfig = '' - HandleLidSwitch=ignore - HandleLidSwitchExternalPower=ignore - HandleLidSwitchDocked=ignore - ''; - #syncthing.guiAddress = "${wireguard.ips.wakasu}:8384"; - syncthing.guiAddress = "0.0.0.0:8384"; - smartd = { - enable = true; - devices = [ { device = "/dev/nvme0n1"; } ]; - }; - wireguard = { - enable = true; - ips = [ "${wireguard.ips.wakasu}/24" ]; - endpoint = wg.endpointIP; - endpointPort = wg.listenPort; - endpointPublicKey = wireguard.kerkouane.publicKey; - }; - xserver = { - videoDrivers = [ "nvidia" ]; - dpi = 96; - serverFlagsSection = '' - Option "BlankTime" "0" - Option "StandbyTime" "0" - Option "SuspendTime" "0" - Option "OffTime" "0" - ''; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/hardware/sane-extra-config.nix b/tmp/nixos-configuration/modules/hardware/sane-extra-config.nix @@ -1,43 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.hardware.sane; - - pkg = if cfg.snapshot - then pkgs.sane-backends-git - else pkgs.sane-backends; - - backends = [ pkg ] ++ cfg.extraBackends; - - saneConfig = pkgs.mkSaneConfig { paths = backends; }; - - saneExtraConfig = pkgs.runCommand "sane-extra-config" {} '' - cp -Lr '${pkgs.mkSaneConfig { paths = [ pkgs.sane-backends ]; }}'/etc/sane.d $out - chmod +w $out - ${concatMapStrings (c: '' - f="$out/${c.name}.conf" - [ ! -e "$f" ] || chmod +w "$f" - cat ${builtins.toFile "" (c.value + "\n")} >>"$f" - chmod -w "$f" - '') (mapAttrsToList nameValuePair cfg.extraConfig)} - chmod -w $out - ''; - -in - -{ - options = { - hardware.sane.extraConfig = mkOption { - type = types.attrsOf types.lines; - default = {}; - example = { "some-backend" = "# some lines to add to its .conf"; }; - }; - }; - - config = mkIf (cfg.enable && cfg.extraConfig != {}) { - hardware.sane.configDir = saneExtraConfig.outPath; - }; -} diff --git a/tmp/nixos-configuration/modules/module-list.nix b/tmp/nixos-configuration/modules/module-list.nix @@ -1,41 +0,0 @@ -{ pkgs, lib, ... }: - -{ - imports = [ - ./hardware/sane-extra-config.nix - ./profiles/avahi.nix - ./profiles/base.nix - ./profiles/buildkit.nix - ./profiles/fish.nix - ./profiles/containerd.nix - ./profiles/desktop.nix - ./profiles/dev.nix - ./profiles/docker.nix - ./profiles/gaming.nix - ./profiles/git.nix - ./profiles/i18n.nix - ./profiles/ipfs.nix - ./profiles/laptop.nix - ./profiles/mail.nix - ./profiles/nix-config.nix - ./profiles/nix-auto-update.nix - ./profiles/printing.nix - ./profiles/pulseaudio.nix - ./profiles/qemu.nix - ./profiles/scanning.nix - ./profiles/ssh.nix - ./profiles/syncthing.nix - ./profiles/users.nix - ./profiles/virtualization.nix - ./profiles/wireguard.server.nix - ./profiles/yubikey.nix - ./profiles/zsh.nix - ./programs/podman.nix - ./services/athens.nix - ./services/govanityurl.nix - ./services/nix-binary-cache.nix - ./services/wireguard.client.nix - ./virtualisation/buildkit.nix - ./virtualisation/containerd.nix - ]; -} diff --git a/tmp/nixos-configuration/modules/profiles/assets/fish/fish_prompt.fish b/tmp/nixos-configuration/modules/profiles/assets/fish/fish_prompt.fish @@ -1,258 +0,0 @@ -# name: lambda -function __fish_basename -d 'basically basename, but faster' - string replace -r '^.*/' '' -- $argv -end - -function __fish_dirname -d 'basically dirname, but faster' - string replace -r '/[^/]+/?$' '' -- $argv -end - - -function __fish_prompt_status -S -a last_status -d 'Display flags for non-zero-exit status, root user, and background jobs' - set -l nonzero - set -l superuser - set -l bg_jobs - - # Last exit was nonzero - [ $last_status -ne 0 ] - and set nonzero 1 - - # If superuser (uid == 0) - # - # Note that iff the current user is root and '/' is not writeable by root this - # will be wrong. But I can't think of a single reason that would happen, and - # it is literally 99.5% faster to check it this way, so that's a tradeoff I'm - # willing to make. - [ -w / ] - and [ (id -u) -eq 0 ] - and set superuser 1 - - # Jobs display - jobs -p >/dev/null - and set bg_jobs 1 - - if [ "$nonzero" ] - set_color red - echo -n '! ' - set_color normal - end - - if [ "$superuser" ] - set_color red - echo -n '$ ' - set_color normal - end - - if [ "$bg_jobs" ] - set_color gray - echo -n '% ' - set_color normal - end -end - -function __fish_prompt_user -S -d 'Display current user and hostname' - [ -n "$SSH_CLIENT" ] - and set -l display_user_hostname - - if set -q display_user_hostname - set -l IFS . - hostname | read -l hostname __ - echo -ns (whoami) '@' $hostname - end -end - -function __fish_git_project_dir - set -l git_dir (command git rev-parse --git-dir ^/dev/null) - or return - - pushd $git_dir - set git_dir $PWD - popd - - switch $PWD/ - case $git_dir/\* - # Nothing works quite right if we're inside the git dir - # TODO: fix the underlying issues then re-enable the stuff below - - # # if we're inside the git dir, sweet. just return that. - # set -l toplevel (command git rev-parse --show-toplevel ^/dev/null) - # if [ "$toplevel" ] - # switch $git_dir/ - # case $toplevel/\* - # echo $git_dir - # end - # end - return - end - - set -l project_dir (__fish_dirname $git_dir) - - switch $PWD/ - case $project_dir/\* - echo $project_dir - return - end - - set project_dir (command git rev-parse --show-toplevel ^/dev/null) - switch $PWD/ - case $project_dir/\* - echo $project_dir - end -end - -function __fish_git_ahead -S -d 'Print the ahead/behind state for the current branch' - set -l ahead 0 - set -l behind 0 - for line in (command git rev-list --left-right '@{upstream}...HEAD' ^/dev/null) - switch "$line" - case '>*' - if [ $behind -eq 1 ] - echo '±' - return - end - set ahead 1 - case '<*' - if [ $ahead -eq 1 ] - echo "±" - return - end - set behind 1 - end - end - - if [ $ahead -eq 1 ] - echo "+" - else if [ $behind -eq 1 ] - echo "-" - end -end - -function __fish_git_branch -S -d 'Get the current git branch (or commitish)' - set -l ref (command git symbolic-ref HEAD ^/dev/null) - and begin - string replace 'refs/heads/' "" $ref - and return - end - - set -l tag (command git describe --tags --exact-match ^/dev/null) - and echo "tag:$tag" - and return - - set -l branch (command git show-ref --head -s --abbrev | head -n1 ^/dev/null) - echo "detached:$branch" -end - -function __fish_prompt_git -S -a current_dir -d 'Display the actula git state' - set -l dirty '' - set -l show_dirty (command git config --bool bash.showDirtyState ^/dev/null) - if [ "$show_dirty" != 'false' ] - set dirty (command git diff --no-ext-diff --quiet --exit-code ^/dev/null; or echo -n "*") - end - - set -l staged (command git diff --cached --no-ext-diff --quiet --exit-code ^/dev/null; or echo -n "~") - set -l stashed (command git rev-parse --verify --quiet refs/stash >/dev/null; and echo -n '$') - set -l ahead (__fish_git_ahead) - - set -l new '' - set -l show_untracked (command git config --bool bash.showUntrackedFiles ^/dev/null) - if [ "$show_untracked" != 'false' ] - set new (command git ls-files --other --exclude-standard --directory --no-empty-directory ^/dev/null) - if [ "$new" ] - set new "…" - end - end - - set -l flags "$dirty$staged$stashed$ahead$new" - [ "$flags" ] - and set flags ":$flags" - - __fish_path_segment $current_dir - - set_color green - echo -n '{' - echo -ns (__fish_git_branch) $flags '' - echo -n '}' - set_color normal - - set -l project_pwd (command git rev-parse --show-prefix ^/dev/null | string trim --right --chars=/) - - if [ "$project_pwd" ] - set_color brblack - echo -n "/$project_pwd" - set_color normal - end -end - -function __fish_prompt_dir -S -d 'Display a shortened form of the current directory' - __fish_path_segment "$PWD" -end - -function __fish_path_segment -S -a current_dir -d 'Display a shortened form of a directory' - set -l directory - set -l parent - - switch "$current_dir" - case / - set directory '/' - case "$HOME" - set directory '~' - case '*' - set parent (__fish_pretty_parent "$current_dir") - set directory (__fish_basename "$current_dir") - end - - set_color white - echo -n $parent - set_color --bold - echo -ns $directory '' - set_color normal -end - -function __fish_pretty_parent -S -a current_dir -d 'Print a parent directory, shortened to fit the prompt' - set -q fish_prompt_pwd_dir_length - or set -l fish_prompt_pwd_dir_length 1 - - # Replace $HOME with ~ - set -l real_home ~ - set -l parent_dir (string replace -r '^'"$real_home"'($|/)' '~$1' (__fish_dirname $current_dir)) - - # Must check whether `$parent_dir = /` if using native dirname - if [ -z "$parent_dir" ] - echo -n / - return - end - - if [ $fish_prompt_pwd_dir_length -eq 0 ] - echo -n "$parent_dir/" - return - end - - string replace -ar '(\.?[^/]{'"$fish_prompt_pwd_dir_length"'})[^/]*/' '$1/' "$parent_dir/" -end - -# TODO: handle envs (nix-shell, virtualenv, ...) - -function fish_prompt -d 'vde-lambda, a fish theme optimized for me :D' - if test $TERM = "dumb" - echo "\$ " - return 0 - end - # Save the last status for later - set -l last_status $status - - __fish_prompt_status $last_status - __fish_prompt_user - - # vcs - set -l git_root (__fish_git_project_dir) - - if [ "$git_root" ] - __fish_prompt_git $git_root - else - __fish_prompt_dir - end - - set_color --bold brblack - echo -n " λ " - set_color normal -end diff --git a/tmp/nixos-configuration/modules/profiles/assets/fish/fish_right_prompt.fish b/tmp/nixos-configuration/modules/profiles/assets/fish/fish_right_prompt.fish @@ -1,30 +0,0 @@ -function __fish_prompt_nix_shell - [ -z "$IN_NIX_SHELL" ] - and return - set_color yellow - echo -n -s '🄪 ' - set_color normal -end - -# ⏍ ⧆ ⌗ ⧉ -function __fish_prompt_direnv - [ -z "$DIRENV_DIR" ] - and return - set_color yellow - echo -n -s '⧉ ' - set_color normal -end - -function __fish_prompt_virtualenv - [ -z "$VIRTUAL_ENV" ] - and return - set_color green - echo -ns 'venv:' (basename "$VIRTUAL_ENV") ' ' - set_color normal -end - -function fish_right_prompt - __fish_prompt_direnv - __fish_prompt_nix_shell - __fish_prompt_virtualenv -end diff --git a/tmp/nixos-configuration/modules/profiles/avahi.nix b/tmp/nixos-configuration/modules/profiles/avahi.nix @@ -1,31 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.avahi; -in -{ - options = { - profiles.avahi = { - enable = mkOption { - default = false; - description = "Enable avahi profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - services = { - avahi = { - enable = true; - ipv4 = true; - ipv6 = true; - nssmdns = true; - publish = { - enable = true; - userServices = true; - }; - }; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/base.nix b/tmp/nixos-configuration/modules/profiles/base.nix @@ -1,54 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.base; -in -{ - options = { - profiles.base = { - enable = mkOption { - default = true; - description = "Enable base profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - boot.loader.systemd-boot.enable = true; - environment = { - variables = { - EDITOR = pkgs.lib.mkOverride 0 "vim"; - }; - systemPackages = with pkgs; [ - cachix - direnv - exa - file - htop - iotop - lsof - netcat - psmisc - pv - tmux - tree - vim - vrsync - wget - gnumake - ]; - }; - systemd.services."status-email-root@" = { - description = "status email for %i to vincent"; - serviceConfig = { - Type = "oneshot"; - ExecStart = '' - ${pkgs.nur.repos.vdemeester.systemd-email}/bin/systemd-email vincent@demeester.fr %i - ''; - User = "root"; - Environment = "PATH=/run/current-system/sw/bin"; - }; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/buildkit.nix b/tmp/nixos-configuration/modules/profiles/buildkit.nix @@ -1,44 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.buildkit; -in -{ - options = { - profiles.buildkit = { - enable = mkOption { - default = false; - description = "Enable buildkit profile"; - type = types.bool; - }; - package = mkOption { - default = pkgs.nur.repos.vdemeester.buildkit; - description = "buildkit package to be used"; - type = types.package; - }; - runcPackage = mkOption { - default = pkgs.nur.repos.vdemeester.runc; - description = "runc package to be used"; - type = types.package; - }; - }; - }; - config = mkIf cfg.enable { - profiles.containerd = { - enable = true; - runcPackage = cfg.runcPackage; - }; - environment.systemPackages = with pkgs; [ - cfg.package - ]; - virtualisation = { - buildkitd= { - enable = true; - package = cfg.package; - packages = [ cfg.runcPackage pkgs.git ]; - extraOptions = "--oci-worker=false --containerd-worker=true"; - }; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/containerd.nix b/tmp/nixos-configuration/modules/profiles/containerd.nix @@ -1,52 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.containerd; -in -{ - options = { - profiles.containerd = { - enable = mkOption { - default = false; - description = "Enable containerd profile"; - type = types.bool; - }; - package = mkOption { - default = pkgs.nur.repos.vdemeester.containerd; - description = "containerd package to be used"; - type = types.package; - }; - runcPackage = mkOption { - default = pkgs.runc; - description = "runc package to be used"; - type = types.package; - }; - cniPackage = mkOption { - default = pkgs.cni; - description = "cni package to be used"; - type = types.package; - }; - cniPluginsPackage = mkOption { - default = pkgs.cni-plugins; - description = "cni-plugins package to be used"; - type = types.package; - }; - }; - }; - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - cfg.cniPackage - cfg.cniPluginsPackage - cfg.package - cfg.runcPackage - ]; - virtualisation = { - containerd = { - enable = true; - package = cfg.package; - packages = [ cfg.runcPackage ]; - }; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/desktop.nix b/tmp/nixos-configuration/modules/profiles/desktop.nix @@ -1,209 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.desktop; -in -{ - options = { - profiles.desktop = { - enable = mkOption { - default = false; - description = "Enable desktop profile"; - type = types.bool; - }; - avahi = mkOption { - default = true; - description = "Enable avahi with the desktop profile"; - type = types.bool; - }; - pulseaudio = mkOption { - default = true; - description = "Enable pulseaudio with the desktop profile"; - type = types.bool; - }; - flatpak = mkOption { - default = true; - description = "Enable flatpak with the desktop profile"; - type = types.bool; - }; - syncthing = mkOption { - default = true; - description = "Enable syncthing with the desktop profile"; - type = types.bool; - }; - scanning = mkOption { - default = true; - description = "Enable scanning with the desktop profile"; - type = types.bool; - }; - printing = mkOption { - default = true; - description = "Enable printing with the desktop profile"; - type = types.bool; - }; - networkmanager = mkOption { - default = true; - description = "Enable networkmanager with the desktop profile"; - type = types.bool; - }; - autoLogin = mkOption { - default = false; - description = "Enable auto login"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - profiles.avahi.enable = cfg.avahi; - profiles.printing.enable = cfg.printing; - profiles.pulseaudio.enable = cfg.pulseaudio; - profiles.scanning.enable = cfg.scanning; - profiles.syncthing.enable = cfg.syncthing; - - boot = { - tmpOnTmpfs = true; - plymouth.enable = true; - }; - - hardware.bluetooth.enable = true; - - networking.networkmanager = { - enable = cfg.networkmanager; - unmanaged = [ - "interface-name:ve-*" - "interface-name:veth*" - "interface-name:wg0" - "interface-name:docker0" - "interface-name:virbr*" - ]; - packages = with pkgs; [ networkmanager-openvpn ]; - }; - - programs.dconf.enable = true; - xdg.portal.enable = cfg.flatpak; - - services = { - flatpak.enable = cfg.flatpak; - dbus.packages = [ pkgs.gnome3.dconf ]; - xserver = { - enable = true; - enableTCP = false; - windowManager.twm.enable = true; - libinput.enable = true; - synaptics.enable = false; - layout = "fr(bepo),fr"; - xkbVariant = "oss"; - xkbOptions = "grp:menu_toggle,grp_led:caps,compose:caps"; - inputClassSections = [ - '' - Identifier "TypeMatrix" - MatchIsKeyboard "on" - MatchVendor "TypeMatrix.com" - MatchProduct "USB Keyboard" - Driver "evdev" - Option "XbkModel" "tm2030USB" - Option "XkbLayout" "fr" - Option "XkbVariant" "bepo" - '' - '' - Identifier "ErgoDox" - #MatchVendor "ErgoDox_EZ" - #MatchProduct "ErgoDox_EZ" - MatchIsKeyboard "on" - MatchUSBID "feed:1307" - Driver "evdev" - Option "XkbLayout" "fr" - Option "XkbVariant" "bepo" - '' - ]; - displayManager = { - # defaultSession = "none+i3"; - lightdm = { - enable = true; - autoLogin = { - enable = true; - user = "vincent"; - }; - }; - }; - }; - }; - fonts = { - enableFontDir = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - corefonts - dejavu_fonts - emojione - feh - fira - fira-code - fira-code-symbols - fira-mono - hasklig - inconsolata - iosevka - noto-fonts - noto-fonts-cjk - noto-fonts-emoji - noto-fonts-extra - overpass - symbola - source-code-pro - twemoji-color-font - ubuntu_font_family - unifont - ]; - }; - - # Polkit. - security.polkit.extraConfig = '' - polkit.addRule(function(action, subject) { - if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" || - action.id == "org.freedesktop.udisks2.encrypted-unlock-system" - ) && - subject.local && subject.active && subject.isInGroup("users")) { - return polkit.Result.YES; - } - var YES = polkit.Result.YES; - var permission = { - // required for udisks1: - "org.freedesktop.udisks.filesystem-mount": YES, - "org.freedesktop.udisks.luks-unlock": YES, - "org.freedesktop.udisks.drive-eject": YES, - "org.freedesktop.udisks.drive-detach": YES, - // required for udisks2: - "org.freedesktop.udisks2.filesystem-mount": YES, - "org.freedesktop.udisks2.encrypted-unlock": YES, - "org.freedesktop.udisks2.eject-media": YES, - "org.freedesktop.udisks2.power-off-drive": YES, - // required for udisks2 if using udiskie from another seat (e.g. systemd): - "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, - "org.freedesktop.udisks2.filesystem-unmount-others": YES, - "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, - "org.freedesktop.udisks2.eject-media-other-seat": YES, - "org.freedesktop.udisks2.power-off-drive-other-seat": YES - }; - if (subject.isInGroup("wheel")) { - return permission[action.id]; - } - }); - ''; - - environment.systemPackages = with pkgs; [ - cryptsetup - xlibs.xmodmap - xorg.xbacklight - xorg.xdpyinfo - xorg.xhost - xorg.xinit - xss-lock - xorg.xmessage - unzip - gnupg - pinentry - inxi - ]; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/dev.nix b/tmp/nixos-configuration/modules/profiles/dev.nix @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.dev; -in -{ - options = { - profiles.dev = { - enable = mkOption { - default = false; - description = "Enable dev profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - profiles.git.enable = true; - environment.systemPackages = with pkgs; [ - git - tig - grc - ripgrep - gnumake - ]; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/docker.nix b/tmp/nixos-configuration/modules/profiles/docker.nix @@ -1,43 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.docker; -in -{ - options = { - profiles.docker = { - enable = mkOption { - default = false; - description = "Enable docker profile"; - type = types.bool; - }; - package = mkOption { - default = pkgs.docker-edge; - description = "docker package to be used"; - type = types.package; - }; - runcPackage = mkOption { - default = pkgs.runc; - description = "runc package to be used"; - type = types.package; - }; - }; - }; - config = mkIf cfg.enable { - profiles.containerd.enable = true; - virtualisation = { - docker = { - enable = true; - package = cfg.package; - liveRestore = false; - storageDriver = "overlay2"; - extraOptions = "--experimental --add-runtime docker-runc=${cfg.runcPackage}/bin/runc --default-runtime=docker-runc --containerd=/run/containerd/containerd.sock"; - }; - }; - environment.etc."docker/daemon.json".text = '' - {"features":{"buildkit": true}, "insecure-registries": ["172.30.0.0/16", "192.168.12.0/16", "massimo.home:5000", "r.svc.home:5000", "r.svc.home" ]} - ''; - networking.firewall.trustedInterfaces = [ "docker0" ]; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/fish.nix b/tmp/nixos-configuration/modules/profiles/fish.nix @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.fish; -in -{ - options = { - profiles.fish = { - enable = mkOption { - default = false; - description = "Enable fish profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - programs.fish = { - enable = true; - promptInit = '' - source /etc/fish/functions/fish_prompt.fish - source /etc/fish/functions/fish_right_prompt.fish - ''; - }; - environment.etc."fish/functions/fish_prompt.fish".source = ./assets/fish/fish_prompt.fish; - environment.etc."fish/functions/fish_right_prompt.fish".source = ./assets/fish/fish_right_prompt.fish; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/gaming.nix b/tmp/nixos-configuration/modules/profiles/gaming.nix @@ -1,30 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.gaming; -in -{ - options = { - profiles.gaming = { - enable = mkOption { - default = false; - description = "Enable gaming profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - hardware = { - opengl = { - driSupport32Bit = true; - }; - }; - services.udev.extraRules = '' - # Steam controller - SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666" - KERNEL=="uinput", MODE="0660", GROUP="users", OPTIONS+="static_node=uinput" - ''; - environment.systemPackages = with pkgs; [ steam ]; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/git.nix b/tmp/nixos-configuration/modules/profiles/git.nix @@ -1,73 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.git; -in -{ - options = { - profiles.git = { - enable = mkOption { - default = false; - description = "Enable git profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - gitAndTools.gitFull - gitAndTools.git-annex - gitAndTools.git-extras - ]; - environment.etc."gitconfig" = rec { text = '' - [alias] - co = checkout - st = status - ci = commit --signoff - ca = commit --amend - b = branc --color -v - br = branch - unstage = reset HEAD - lg = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr)%Creset' --abbrev-commit --date=relative - lga = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr)%Creset' --abbrev-commit --date=relative --branches --remotes - lol = log --pretty=oneline --abbrev-commit --graph --decorate - conflicts = !git ls-files --unmerged | cut -c51- | sort -u | xargs $EDITOR - resolve = !git ls-files --unmerged | cut -c51- | sort -u | xargs git add - [color] - branch = auto - diff = auto - status = auto - [color "branch"] - current = cyan reverse - local = cyan - remote = green - [color "diff"] - meta = white reverse - frag = magenta reverse - old = red - new = green - [color "status"] - added = green - changed = yellow - untracked = red - [core] - #excludesfile = ~/.gitignore.global - [push] - default = matching - [merge] - tool = vimdiff - - [user] - name = Vincent Demeester - email = vincent@sbr.pm - - [http] - cookiefile = /home/vincent/.gitcookies - - [url "git@github.com:"] - pushInsteadOf = git://github.com/ - ''; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/i18n.nix b/tmp/nixos-configuration/modules/profiles/i18n.nix @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.i18n; -in -{ - options = { - profiles.i18n = { - enable = mkOption { - default = true; - description = "Enable i18n profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - console.keyMap = "fr-bepo"; - console.font = "Lat2-Terminus16"; - i18n = { - defaultLocale = "en_US.UTF-8"; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/ipfs.nix b/tmp/nixos-configuration/modules/profiles/ipfs.nix @@ -1,43 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.ipfs; -in -{ - options = { - profiles.ipfs = { - enable = mkOption { - default = false; - description = "Enable ipfs profile"; - type = types.bool; - }; - autoMount = mkOption { - default = true; - description = "Automount /ipfs and /ipns"; - type = types.bool; - }; - localDiscovery = mkOption { - default = true; - description = "Enable local discovery, switch profile to server if disable"; - type = types.bool; - }; - extraConfig = mkOption { - default = { - Datastore.StorageMax = "40GB"; - }; - description = "Extra ipfs daemon configuration"; - type = types.attrs; - }; - }; - }; - config = mkIf cfg.enable { - services.ipfs = { - enable = true; - enableGC = true; - localDiscovery = cfg.localDiscovery; - autoMount = cfg.autoMount; - extraConfig = cfg.extraConfig; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/laptop.nix b/tmp/nixos-configuration/modules/profiles/laptop.nix @@ -1,32 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.laptop; -in -{ - options = { - profiles.laptop = { - enable = mkOption { - default = false; - description = "Enable laptop profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - boot.kernel.sysctl = { - "vm.swappiness" = 10; - "vm.dirty_ratio" = 25; - "vm.dirty_background_ratio" = 10; - "vm.dirty_writeback_centisecs" = 5000; - "vm.dirty_expire_centisecs" = 5000; - }; - profiles.desktop.enable = true; - environment.systemPackages = with pkgs; [ - lm_sensors - powertop - acpi - ]; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/mail.nix b/tmp/nixos-configuration/modules/profiles/mail.nix @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ...}: - -with lib; -let - cfg = config.profiles.mail; -in -{ - options = { - profiles.mail = { - enable = mkOption { - default = true; - description = "Enable mail profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - environment.etc."msmtprc".source = ../../assets/msmtprc; - environment.systemPackages = with pkgs; [ msmtp ]; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/nix-auto-update.nix b/tmp/nixos-configuration/modules/profiles/nix-auto-update.nix @@ -1,65 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.nix-auto-update; -in -{ - options = { - profiles.nix-auto-update = { - enable = mkOption { - default = true; - description = "Enable nix-auto-update profile"; - type = types.bool; - }; - autoUpgrade = mkOption { - default = true; - description = "Automatically try to upgrade the system"; - type = types.bool; - }; - dates = mkOption { - default = "weekly"; - description = "Specification (in the format described by systemd.time(7)) of the time at which the auto-update will run. "; - type = types.str; - }; - version = mkOption { - default = "20.03"; - description = "System version (NixOS)"; - type = types.str; - }; - }; - }; - config = mkIf cfg.enable ( - mkMerge [ - { - system = { - stateVersion = cfg.version; - }; - } - ( - mkIf cfg.autoUpgrade { - systemd.services.nixos-update = { - description = "NixOS Upgrade"; - unitConfig.X-StopOnRemoval = false; - restartIfChanged = false; - serviceConfig.Type = "oneshot"; - environment = config.nix.envVars - // { - inherit (config.environment.sessionVariables) NIX_PATH; - HOME = "/root"; - }; - path = [ pkgs.gnutar pkgs.xz pkgs.git pkgs.gnumake config.nix.package.out pkgs.commonsCompress ]; - script = '' - export PATH=/run/current-system/sw/bin - cd /etc/nixos/ - git pull --autostash --rebase - /run/current-system/sw/bin/make update switch - ''; - startAt = cfg.dates; - onFailure = [ "status-email-root@%n.service" ]; - }; - } - ) - ] - ); -} diff --git a/tmp/nixos-configuration/modules/profiles/nix-config.nix b/tmp/nixos-configuration/modules/profiles/nix-config.nix @@ -1,83 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.nix-config; -in -{ - options = { - profiles.nix-config = { - enable = mkOption { - default = true; - description = "Enable nix-config profile"; - type = types.bool; - }; - gcDates = mkOption { - default = "weekly"; - description = "Specification (in the format described by systemd.time(7)) of the time at which the garbage collector will run. "; - type = types.str; - }; - olderThan = mkOption { - default = "15d"; - description = "Number of day to keep when garbage collect"; - type = types.str; - }; - buildCores = mkOption { - type = types.int; - default = 2; - example = 4; - description = '' - Maximum number of concurrent tasks during one build. - ''; - }; - localCaches = mkOption { - default = [ "http://nix.cache.home" ]; - description = "List of local nix caches"; - type = types.listOf types.str; - }; - }; - }; - config = mkIf cfg.enable { - nix = { - buildCores = cfg.buildCores; - useSandbox = true; - gc = { - automatic = true; - dates = cfg.gcDates; - options = "--delete-older-than ${cfg.olderThan}"; - }; - # if hydra is down, don't wait forever - extraOptions = '' - connect-timeout = 20 - build-cores = 0 - ''; - binaryCaches = cfg.localCaches ++ [ - "https://cache.nixos.org/" - "https://r-ryantm.cachix.org" - "https://vdemeester.cachix.org" - "https://shortbrain.cachix.org" - ]; - binaryCachePublicKeys = [ - "r-ryantm.cachix.org-1:gkUbLkouDAyvBdpBX0JOdIiD2/DP1ldF3Z3Y6Gqcc4c=" - "vdemeester.cachix.org-1:uCECG6so7v1rs77c5NFz2dCePwd+PGNeZ6E5DrkT7F0=" - "shortbrain.cachix.org-1:dqXcXzM0yXs3eo9ChmMfmob93eemwNyhTx7wCR4IjeQ=" - "mic92.cachix.org-1:gi8IhgiT3CYZnJsaW7fxznzTkMUOn1RY4GmXdT/nXYQ=" - ]; - trustedUsers = [ "root" "vincent" ]; - }; - nixpkgs = { - overlays = [ - (import ../../overlays/sbr.overlay.nix) - (import ../../overlays/unstable.overlay.nix) - ]; - config = { - allowUnfree = true; - packageOverrides = pkgs: { - nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") { - inherit pkgs; - }; - }; - }; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/printing.nix b/tmp/nixos-configuration/modules/profiles/printing.nix @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.printing; -in -{ - options = { - profiles.printing = { - enable = mkOption { - default = false; - description = "Enable printing profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - services = { - printing = { - enable = true; - drivers = [ pkgs.gutenprint ]; - }; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/pulseaudio.nix b/tmp/nixos-configuration/modules/profiles/pulseaudio.nix @@ -1,63 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.pulseaudio; -in -{ - options = { - profiles.pulseaudio = { - enable = mkOption { - default = false; - description = "Enable pulseaudio profile"; - type = types.bool; - }; - tcp = mkOption { - default = false; - description = "Enable pulseaudio tcp"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - hardware = { - pulseaudio = { - enable = true; - support32Bit = true; - zeroconf = { - discovery.enable = cfg.tcp; - publish.enable = cfg.tcp; - }; - tcp = { - enable = cfg.tcp; - anonymousClients = { - allowAll = true; - allowedIpRanges = [ "127.0.0.1" "192.168.12.0/24" "10.0.0.0/24" ]; - }; - }; - package = pkgs.pulseaudioFull; - }; - }; - sound.mediaKeys.enable = true; - - security.pam.loginLimits = [ - { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } - { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } - { domain = "@audio"; item = "nofile"; type = "-"; value = "99999"; } - ]; - - # spotify & pulseaudio - networking.firewall = { - allowedTCPPorts = [ 57621 57622 4713 ]; - allowedUDPPorts = [ 57621 57622 ]; - }; - environment.systemPackages = with pkgs; [ - apulse # allow alsa application to use pulse - pavucontrol # pulseaudio volume control - pasystray # systray application - playerctl - ]; - # We assume xserver runs when pulseaudio does - services.xserver.displayManager.sessionCommands = "${pkgs.pasystray}/bin/pasystray &"; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/qemu.nix b/tmp/nixos-configuration/modules/profiles/qemu.nix @@ -1,49 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - cfg = config.profiles.qemu-user; - arm = { - interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm"; - magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00''; - mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; - }; - aarch64 = { - interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64"; - magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00''; - mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; - }; - riscv64 = { - interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64"; - magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00''; - mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; - }; -in { - options = { - profiles.qemu-user = { - arm = mkEnableOption "enable 32bit arm emulation"; - aarch64 = mkEnableOption "enable 64bit arm emulation"; - riscv64 = mkEnableOption "enable 64bit riscv emulation"; - }; - nix.supportedPlatforms = mkOption { - type = types.listOf types.str; - description = "extra platforms that nix will run binaries for"; - default = []; - }; - }; - config = mkIf (cfg.arm || cfg.aarch64) { - nixpkgs = { - overlays = [ (import ../../overlays/qemu/default.nix) ]; - }; - boot.binfmt.registrations = - optionalAttrs cfg.arm { inherit arm; } // - optionalAttrs cfg.aarch64 { inherit aarch64; } // - optionalAttrs cfg.riscv64 { inherit riscv64; }; - nix.supportedPlatforms = (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ]) - ++ (optional cfg.aarch64 "aarch64-linux"); - nix.extraOptions = '' - extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux - ''; - nix.sandboxPaths = [ "/run/binfmt" ] ++ (optional cfg.arm "${pkgs.qemu-user-arm}") ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}"); - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/scanning.nix b/tmp/nixos-configuration/modules/profiles/scanning.nix @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.scanning; -in -{ - options = { - profiles.scanning = { - enable = mkOption { - default = false; - description = "Enable scanning profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - saneFrontends - saneBackends - simple-scan - ]; - hardware.sane = { - enable = true; - extraConfig = { "pixma" = "bjnp://192.168.12.70"; }; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/ssh.nix b/tmp/nixos-configuration/modules/profiles/ssh.nix @@ -1,34 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.ssh; -in -{ - options = { - profiles.ssh = { - enable = mkOption { - default = false; - description = "Enable ssh profile"; - type = types.bool; - }; - forwardX11 = mkOption { - type = types.bool; - default = false; - description = '' - Whether to allow X11 connections to be forwarded. - ''; - }; - }; - }; - config = mkIf cfg.enable { - services = { - openssh = { - enable = true; - startWhenNeeded = false; - forwardX11 = cfg.forwardX11; - }; - }; - programs.mosh.enable = true; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/syncthing.nix b/tmp/nixos-configuration/modules/profiles/syncthing.nix @@ -1,26 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.syncthing; -in -{ - options = { - profiles.syncthing = { - enable = mkOption { - default = false; - description = "Enable syncthing profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - services.syncthing = { - enable = true; - user = "vincent"; - dataDir = "/home/vincent/.syncthing"; - configDir = "/home/vincent/.syncthing"; - openDefaultPorts = true; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/users.nix b/tmp/nixos-configuration/modules/profiles/users.nix @@ -1,66 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.users; -in -{ - options = { - profiles.users = { - enable = mkOption { - default = true; - description = "Enable users profile"; - type = types.bool; - }; - user = mkOption { - default = "vincent"; - description = "Username to use when creating user"; - type = types.str; - }; - # add more options (like openssh keys and config) - }; - }; - config = mkIf cfg.enable { - users = { - extraUsers = { - ${cfg.user} = { - isNormalUser = true; - uid = 1000; - createHome = true; - extraGroups = [ "wheel" "input" ] ++ optionals config.profiles.desktop.enable ["audio" "video" "lp" "scanner" "networkmanager"] - ++ optionals config.profiles.docker.enable [ "docker" ] - ++ optionals config.profiles.buildkit.enable [ "buildkit" ] - ++ optionals config.profiles.virtualization.enable [ "libvirtd" "vboxusers" ]; - shell = if config.programs.fish.enable then pkgs.fish else pkgs.zsh; - initialPassword = "changeMe"; - openssh.authorizedKeys.keys = - with import ../../assets/machines.nix; [ ssh.yubikey.key ssh.yubikey5.key ssh.wakasu.key ssh.vincent.key ssh.houbeb.key ssh.hokkaido.key ssh.okinawa.key ]; - subUidRanges = [{ startUid = 100000; count = 65536; }]; - subGidRanges = [{ startGid = 100000; count = 65536; }]; - }; - }; - }; - programs.ssh.extraConfig = with import ../../assets/machines.nix; '' - Host kerkouane kerkouane.sbr.pm - Hostname kerkouane.sbr.pm - Port ${toString ssh.kerkouane.port} - Host kerkouane.vpn ${wireguard.ips.kerkouane} - Hostname ${wireguard.ips.kerkouane} - Port ${toString ssh.kerkouane.port} - Host carthage carthage.sbr.pm - Hostname carthage.sbr.pm - Port ${toString ssh.carthage.port} - Host carthage.vpn ${wireguard.ips.carthage} - Hostname ${wireguard.ips.carthage} - Port ${toString ssh.carthage.port} - Host hokkaido.vpn ${wireguard.ips.hokkaido} - Hostname ${wireguard.ips.hokkaido} - Host honshu.vpn ${wireguard.ips.honshu} - Hostname ${wireguard.ips.honshu} - Host okinawa.vpn ${wireguard.ips.okinawa} - Hostname ${wireguard.ips.okinawa} - Host wakasu.vpn ${wireguard.ips.wakasu} - Hostname ${wireguard.ips.wakasu} - ''; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/virtualization.nix b/tmp/nixos-configuration/modules/profiles/virtualization.nix @@ -1,69 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.virtualization; -in -{ - options = { - profiles.virtualization = { - enable = mkOption { - default = false; - description = "Enable virtualization profile"; - type = types.bool; - }; - nested = mkOption { - default = false; - description = "Enable nested virtualization"; - type = types.bool; - }; - listenTCP = mkOption { - default = false; - description = "Make libvirt listen to TCP"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable ( - mkMerge [ - { - virtualisation.libvirtd = { - enable = true; - }; - environment.systemPackages = with pkgs; [ - qemu - vde2 - libosinfo - ]; - } - ( - mkIf cfg.nested { - environment.etc."modprobe.d/kvm.conf".text = '' - options kvm_intel nested=1 - ''; - } - ) - ( - mkIf config.profiles.desktop.enable { - environment.systemPackages = with pkgs; [ virtmanager ]; - } - ) - ( - mkIf cfg.listenTCP { - boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; }; - virtualisation.libvirtd = { - allowedBridges = [ "br1" ]; - extraConfig = '' - listen_tls = 0 - listen_tcp = 1 - auth_tcp="none" - tcp_port = "16509" - ''; - # extraOptions = [ "--listen" ]; - }; - networking.firewall.allowedTCPPorts = [ 16509 ]; - } - ) - ] - ); -} diff --git a/tmp/nixos-configuration/modules/profiles/wireguard.server.nix b/tmp/nixos-configuration/modules/profiles/wireguard.server.nix @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.wireguard.server; -in -{ - options = { - profiles.wireguard.server = { - enable = mkOption { - default = false; - description = "Enable wireguard.server profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ]; - environment.systemPackages = [ pkgs.wireguard ]; - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - networking.firewall.extraCommands = '' - iptables -t nat -A POSTROUTING -s10.100.0.0/24 -j MASQUERADE - ''; - networking.firewall.allowedUDPPorts = [ 51820 ]; - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.wireguard.interfaces = with import ../../assets/machines.nix; { - "wg0" = { - ips = wireguard.kerkouane.allowedIPs; - listenPort = wg.listenPort; - privateKeyFile = "/etc/nixos/wireguard.private.key"; - peers = wg.peers; - }; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/yubikey.nix b/tmp/nixos-configuration/modules/profiles/yubikey.nix @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.yubikey; -in -{ - options = { - profiles.yubikey = { - enable = mkOption { - default = false; - description = "Enable yubikey profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - environment = { - systemPackages = with pkgs; [ - yubico-piv-tool - yubikey-personalization - yubioath-desktop - yubikey-manager - ]; - }; - services = { - pcscd.enable = true; - udev = { - packages = with pkgs; [ yubikey-personalization ]; - extraRules = '' -# Yubico YubiKey -KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", MODE="0660", GROUP="wheel" -# ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" - ''; - }; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/profiles/zsh.nix b/tmp/nixos-configuration/modules/profiles/zsh.nix @@ -1,22 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.zsh; -in -{ - options = { - profiles.zsh = { - enable = mkOption { - default = true; - description = "Enable zsh profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - programs.zsh = { - enable = true; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/programs/podman.nix b/tmp/nixos-configuration/modules/programs/podman.nix @@ -1,111 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.programs.podman; - -in - -{ - options = { - programs.podman = { - enable = mkOption { - default = false; - description = '' - Whether to configure podman - ''; - type = types.bool; - }; - package = mkOption { - default = pkgs.podman; - description = "podman package to be used"; - type = types.package; - }; - runcPackage = mkOption { - default = pkgs.runc; - description = "runc package to be used"; - type = types.package; - }; - conmonPackage = mkOption { - default = pkgs.conmon; - description = "conmon package to be used"; - type = types.package; - }; - cniPackage = mkOption { - default = pkgs.cni; - description = "cni package to be used"; - type = types.package; - }; - cniPluginsPackage = mkOption { - default = pkgs.cni-plugins; - description = "cni-plugins package to be used"; - type = types.package; - }; - }; - }; - - config = mkIf cfg.enable { - - environment.etc."containers/libpod.conf".text = '' - image_default_transport = "docker://" - runtime_path = ["${cfg.runcPackage}/bin/runc"] - conmon_path = ["${cfg.conmonPackage}/bin/conmon"] - cni_plugin_dir = ["${cfg.cniPluginsPackage}/bin/"] - cgroup_manager = "systemd" - cni_config_dir = "/etc/cni/net.d/" - cni_default_network = "podman" - # pause - pause_image = "k8s.gcr.io/pause:3.1" - pause_command = "/pause" - ''; - - environment.etc."containers/registries.conf".text = '' - [registries.search] - registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] - - [registries.insecure] - registries = ['massimo.local:5000', '192.168.12.0/16'] - ''; - - environment.etc."containers/policy.json".text = '' - { - "default": [ - { "type": "insecureAcceptAnything" } - ] - } - ''; - - environment.etc."cni/net.d/87-podman-bridge.conflist".text = '' -{ - "cniVersion": "0.3.0", - "name": "podman", - "plugins": [ - { - "type": "bridge", - "bridge": "cni0", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "subnet": "10.88.0.0/16", - "routes": [ - { "dst": "0.0.0.0/0" } - ] - } - }, - { - "type": "portmap", - "capabilities": { - "portMappings": true - } - } - ] -} - ''; - - environment.systemPackages = with pkgs; [ cfg.package cfg.conmonPackage cfg.runcPackage iptables ]; - - }; -} diff --git a/tmp/nixos-configuration/modules/services/athens.nix b/tmp/nixos-configuration/modules/services/athens.nix @@ -1,72 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.services.athens; -in -{ - options = { - services.athens = { - enable = mkEnableOption '' - Athens is a go module proxy - ''; - package = mkOption { - type = types.package; - default = pkgs.nur.repos.vdemeester.athens; - description = '' - Athens package to use. - ''; - }; - - user = mkOption { - type = types.str; - }; - - group = mkOption { - type = types.str; - default = "nogroup"; - }; - }; - }; - config = mkIf cfg.enable { - networking.firewall = { - allowedTCPPorts = [ 3000 ]; - }; - systemd.packages = [ cfg.package ]; - environment.etc."athens/config.toml".text = '' - GoBinary = "${pkgs.go}/bin/go" - # what is that ? - GoEnv = "development" - GoGetWorkers = 30 - ProtocolWorkers = 30 - LogLevel = "debug" - BuffaloLogLevel = "debug" - Port = ":3000" - ForceSSL = false - CloudRuntime = "none" - Timeout = 300 - StorageType = "disk" - - [Storage] - [Storage.Disk] - RootPath = "/var/lib/athens" - ''; - systemd.services.athens = { - description = "Athens service"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - preStart = '' - mkdir -p /var/lib/athens - ''; - environment = { HOME="/var/lib/athens"; }; - serviceConfig = { - User = cfg.user; - Restart = "on-failure"; - ExecStart = '' - ${cfg.package}/bin/proxy -config_file=/etc/athens/config.toml - ''; - }; - path = [ cfg.package ] ++ [ pkgs.go pkgs.git ]; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/services/govanityurl.nix b/tmp/nixos-configuration/modules/services/govanityurl.nix @@ -1,54 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.services.govanityurl; -in -{ - options = { - services.govanityurl = { - enable = mkEnableOption '' - govanityurl is a go canonical path server - ''; - package = mkOption { - type = types.package; - default = pkgs.nur.repos.vdemeester.govanityurl; - description = '' - govanityurl package to use. - ''; - }; - - user = mkOption { - type = types.str; - }; - - host = mkOption { - type = types.str; - }; - - config = mkOption { - type = types.lines; - }; - }; - }; - config = mkIf cfg.enable { - systemd.packages = [ cfg.package ]; - environment.etc."govanityurl/config.yaml".text = '' - host: ${cfg.host} - ${cfg.config} - ''; - systemd.services.govanityurl = { - description = "Govanity service"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = cfg.user; - Restart = "on-failure"; - ExecStart = '' - ${cfg.package}/bin/vanityurl /etc/govanityurl/config.yaml - ''; - }; - path = [ cfg.package ]; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/services/nix-binary-cache.nix b/tmp/nixos-configuration/modules/services/nix-binary-cache.nix @@ -1,94 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.services.nix-binary-cache; -in -{ - options = { - services.nix-binary-cache = { - enable = mkOption { - default = false; - description = "Enable nix-binary-cache"; - type = types.bool; - }; - domain = mkOption { - description = "domain to serve"; - type = types.str; - }; - aliases = mkOption { - default = []; - description = "server aliases to serve"; - type = types.listOf types.str; - }; - }; - }; - config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ 80 443]; - services.nginx = { - enable = true; - appendHttpConfig = '' - proxy_cache_path /var/public-nix-cache/ levels=1:2 keys_zone=cachecache:1200m max_size=20g inactive=365d use_temp_path=off; - # Cache only success status codes; in particular we don't want to cache 404s. - # See https://serverfault.com/a/690258/128321 - map $status $cache_header { - 200 "public"; - 302 "public"; - default "no-cache"; - } - access_log logs/access.log; - ''; - virtualHosts."${cfg.domain}" = { - serverAliases = cfg.aliases; - # enableACME = true; - - locations."/" = { - root = "/var/public-nix-cache/"; - extraConfig = '' - expires max; - add_header Cache-Control $cache_header always; - # Ask the upstream server if a file isn't available locally - error_page 404 = @fallback; - ''; - }; - extraConfig = '' - # Using a variable for the upstream endpoint to ensure that it is - # resolved at runtime as opposed to once when the config file is loaded - # and then cached forever (we don't want that): - # see https://tenzer.dk/nginx-with-dynamic-upstreams/ - # This fixes errors like - # nginx: [emerg] host not found in upstream "upstream.example.com" - # when the upstream host is not reachable for a short time when - # nginx is started. - resolver 8.8.8.8; - set $upstream_endpoint https://cache.nixos.org; - ''; - locations."@fallback" = { - proxyPass = "$upstream_endpoint"; - extraConfig = '' - proxy_cache cachecache; - proxy_cache_valid 200 302 60m; - expires max; - add_header Cache-Control $cache_header always; - ''; - }; - # We always want to copy cache.nixos.org's nix-cache-info file, - # and ignore our own, because `nix-push` by default generates one - # without `Priority` field, and thus that file by default has priority - # 50 (compared to cache.nixos.org's `Priority: 40`), which will make - # download clients prefer `cache.nixos.org` over our binary cache. - locations."= /nix-cache-info" = { - # Note: This is duplicated with the `@fallback` above, - # would be nicer if we could redirect to the @fallback instead. - proxyPass = "$upstream_endpoint"; - extraConfig = '' - proxy_cache cachecache; - proxy_cache_valid 200 302 60m; - expires max; - add_header Cache-Control $cache_header always; - ''; - }; - }; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/services/wireguard.client.nix b/tmp/nixos-configuration/modules/services/wireguard.client.nix @@ -1,71 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.services.wireguard; -in -{ - options = { - services.wireguard = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable a reverse SSH proxy. - ''; - }; - ips = mkOption { - type = with types; listOf str; - description = '' - The client IPs - ''; - }; - allowedIPs = mkOption { - default = [ "10.100.0.0/24" ]; - type = with types; listOf str; - description = '' - The peer (server) allowedIPs - ''; - }; - endpoint = mkOption { - type = with types; str; - description = '' - The endpoint IP to target - ''; - }; - endpointPort = mkOption { - default = 51820; - type = with types; int; - description = '' - The endpoint Port to target - ''; - }; - endpointPublicKey = mkOption { - type = with types; str; - description = '' - The peer (server) public key - ''; - }; - }; - }; - config = mkIf cfg.enable { - boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ]; - environment.systemPackages = [ pkgs.wireguard ]; - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.wireguard.enable = true; - networking.wireguard.interfaces = { - wg0 = { - ips = cfg.ips; - privateKeyFile = "/etc/nixos/wireguard.private.key"; - peers = [ - { - publicKey = cfg.endpointPublicKey; - allowedIPs = cfg.allowedIPs; - endpoint = "${cfg.endpoint}:${toString cfg.endpointPort}"; - persistentKeepalive = 25; - } - ]; - }; - }; - }; -} diff --git a/tmp/nixos-configuration/modules/virtualisation/buildkit.nix b/tmp/nixos-configuration/modules/virtualisation/buildkit.nix @@ -1,105 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.virtualisation.buildkitd; - -in -{ - ###### interface - - options.virtualisation.buildkitd = { - enable = - mkOption { - type = types.bool; - default = false; - description = - '' - This option enables buildkitd - ''; - }; - - listenOptions = - mkOption { - type = types.listOf types.str; - default = ["/run/buildkitd/buildkitd.sock"]; - description = - '' - A list of unix and tcp buildkitd should listen to. The format follows - ListenStream as described in systemd.socket(5). - ''; - }; - - - - package = mkOption { - default = pkgs.buildkitd; - type = types.package; - example = pkgs.buildkitd; - description = '' - Buildkitd package to be used in the module - ''; - }; - - packages = mkOption { - type = types.listOf types.package; - default = [ pkgs.runc pkgs.git ]; - description = "List of packages to be added to buildkitd service path"; - }; - - extraOptions = - mkOption { - type = types.separatedString " "; - default = ""; - description = - '' - The extra command-line options to pass to - <command>buildkitd</command> daemon. - ''; - }; - }; - - ###### implementation - - config = mkIf cfg.enable { - users.groups = [ - { name = "buildkit"; - gid = 350; - } - ]; - environment.systemPackages = [ cfg.package]; - systemd.packages = [ cfg.package ]; - - systemd.services.buildkitd = { - wants = [ "containerd.service" ]; - after = [ "containerd.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = [ - "" - '' - ${cfg.package}/bin/buildkitd \ - ${cfg.extraOptions} - '']; - }; - path = [cfg.package] ++ cfg.packages; - }; - - - systemd.sockets.buildkitd = { - description = "Buildkitd Socket for the API"; - wantedBy = [ "sockets.target" ]; - socketConfig = { - ListenStream = cfg.listenOptions; - SocketMode = "0660"; - SocketUser = "root"; - SocketGroup = "buildkit"; - }; - }; - - }; - - -} diff --git a/tmp/nixos-configuration/modules/virtualisation/containerd.nix b/tmp/nixos-configuration/modules/virtualisation/containerd.nix @@ -1,100 +0,0 @@ -# Systemd services for containerd. - -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.virtualisation.containerd; - -in - -{ - ###### interface - - options.virtualisation.containerd = { - enable = - mkOption { - type = types.bool; - default = false; - description = - '' - This option enables containerd, a daemon that manages - linux containers. - ''; - }; - - listenOptions = - mkOption { - type = types.listOf types.str; - default = ["/run/containerd/containerd.sock"]; - description = - '' - A list of unix and tcp containerd should listen to. The format follows - ListenStream as described in systemd.socket(5). - ''; - }; - - package = mkOption { - default = pkgs.containerd; - type = types.package; - example = pkgs.containerd; - description = '' - Containerd package to be used in the module - ''; - }; - - packages = mkOption { - type = types.listOf types.package; - default = [ pkgs.runc ]; - description = "List of packages to be added to containerd service path"; - }; - - extraOptions = - mkOption { - type = types.separatedString " "; - default = ""; - description = - '' - The extra command-line options to pass to - <command>containerd</command> daemon. - ''; - }; - }; - - ###### implementation - - config = mkIf cfg.enable { - environment.systemPackages = [ cfg.package]; - systemd.packages = [ cfg.package]; - - systemd.services.containerd = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = [ - "" - '' - ${cfg.package}/bin/containerd \ - ${cfg.extraOptions} - '']; - }; - path = [cfg.package] ++ cfg.packages; - }; - - - systemd.sockets.containerd = { - description = "Containerd Socket for the API"; - wantedBy = [ "sockets.target" ]; - socketConfig = { - ListenStream = cfg.listenOptions; - SocketMode = "0660"; - SocketUser = "root"; - SocketGroup = "root"; - }; - }; - - }; - - -} diff --git a/tmp/nixos-configuration/overlays/qemu/default.nix b/tmp/nixos-configuration/overlays/qemu/default.nix @@ -1,11 +0,0 @@ -self: super: - -{ - qemu-user-arm = if self.stdenv.system == "x86_64-linux" - then self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; } - else self.callPackage ./qemu { user_arch = "arm"; }; - qemu-user-x86 = self.callPackage ./qemu { user_arch = "x86_64"; }; - qemu-user-arm64 = self.callPackage ./qemu { user_arch = "aarch64"; }; - qemu-user-riscv32 = self.callPackage ./qemu { user_arch = "riscv32"; }; - qemu-user-riscv64 = self.callPackage ./qemu { user_arch = "riscv64"; }; -} diff --git a/tmp/nixos-configuration/overlays/qemu/qemu/default.nix b/tmp/nixos-configuration/overlays/qemu/qemu/default.nix @@ -1,43 +0,0 @@ -{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison, -makeStaticLibraries, glibc, qemu, fetchFromGitHub }: - -let - env2 = makeStaticLibraries stdenv; - myglib = (glib.override { stdenv = env2; }).overrideAttrs (drv: { - mesonFlags = (drv.mesonFlags or []) ++ [ "--default-library both" ]; - }); - riscv_src = fetchFromGitHub { - owner = "riscv"; - repo = "riscv-qemu"; - rev = "7d2d2add16aff0304ab0c279152548dbd04a2138"; # riscv-all - sha256 = "16an7ifi2ifzqnlz0218rmbxq9vid434j98g14141qvlcl7gzsy2"; - }; - is_riscv = (user_arch == "riscv32") || (user_arch == "riscv64"); - arch_map = { - arm = "i386"; - aarch64 = "x86_64"; - riscv64 = "x86_64"; - x86_64 = "x86_64"; - }; -in -stdenv.mkDerivation rec { - name = "qemu-user-${user_arch}-${version}"; - version = "3.1.0"; - src = if is_riscv then riscv_src else qemu.src; - buildInputs = [ python pkgconfig zlib.static myglib flex bison glibc.static ]; - patches = [ ./qemu-stack.patch ]; - configureFlags = [ - "--enable-linux-user" "--target-list=${user_arch}-linux-user" - "--disable-bsd-user" "--disable-system" "--disable-vnc" - "--disable-curses" "--disable-sdl" "--disable-vde" - "--disable-bluez" "--disable-kvm" - "--static" - "--disable-tools" - "--cpu=${arch_map.${user_arch}}" - ]; - NIX_LDFLAGS = [ "-lglib-2.0" ]; - enableParallelBuilding = true; - postInstall = '' - cc -static ${./qemu-wrap.c} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap - ''; -} diff --git a/tmp/nixos-configuration/overlays/qemu/qemu/qemu-stack.patch b/tmp/nixos-configuration/overlays/qemu/qemu/qemu-stack.patch @@ -1,11 +0,0 @@ ---- a/linux-user/elfload.c 2016-09-02 12:34:22.000000000 -0300 -+++ b/linux-user/elfload.c 2017-07-09 18:44:22.420244038 -0300 -@@ -1419,7 +1419,7 @@ - * dependent on stack size, but guarantee at least 32 pages for - * backwards compatibility. - */ --#define STACK_LOWER_LIMIT (32 * TARGET_PAGE_SIZE) -+#define STACK_LOWER_LIMIT (128 * TARGET_PAGE_SIZE) - - static abi_ulong setup_arg_pages(struct linux_binprm *bprm, - struct image_info *info) diff --git a/tmp/nixos-configuration/overlays/qemu/qemu/qemu-wrap.c b/tmp/nixos-configuration/overlays/qemu/qemu/qemu-wrap.c @@ -1,58 +0,0 @@ -#include <alloca.h> -#include <malloc.h> -#include <errno.h> -#include <stdio.h> -#include <string.h> -#include <unistd.h> -#include <libgen.h> - -#if !defined(QEMU_ARM_BIN) - #define QEMU_ARM_BIN "qemu-arm" -#endif - -const char * qemu_arm_bin = QEMU_ARM_BIN; - -// This program takes arguments according to the behavior of binfmt_misc with -// the preserve-argv[0] flag set. -// -// The first value in argv is the name of this executable, uninteresting. -// The second value is the full path of the executable to run with the -// alternate interpreter. -// The third value is the name that executable was called with. -// -// This program passes the third value in to qemu-arm after the -0 flag. -int main(int argc, char const* argv[]) { - // Abort if we don't have sufficient arguments - if(argc < 3){ - fprintf( stderr, "qemu-arm wrapper called with too few arguments.\nEnsure that the 'P' flag is set in binfmt_misc.\n"); - return -1; - } - - char *qemu; - asprintf(&qemu, "%s/%s", dirname(argv[0]), qemu_arm_bin); - - // Allocate the new argc array to pass to qemu-arm - const int new_argc = argc + 1; - char** const new_argv = alloca((new_argc + 1) * sizeof(void *)); - - // Fill this new array - new_argv[0] = qemu; - new_argv[1] = strdup("-0"); - new_argv[2] = strdup(argv[2]); - new_argv[3] = strdup(argv[1]); - for(int i = 4; i < new_argc; ++i){ - new_argv[i] = strdup(argv[i-1]); - } - new_argv[new_argc] = NULL; - - // Run qemu with the new arguments - execvp(new_argv[0], new_argv); - const int ret = errno; - - // Clean up, haha C - for(int i = 0; i < new_argc; ++i){ - free(new_argv[i]); - } - - return ret; -}; diff --git a/tmp/nixos-configuration/overlays/sbr.overlay.nix b/tmp/nixos-configuration/overlays/sbr.overlay.nix @@ -1,8 +0,0 @@ -self: super: { - vrsync = import ../pkgs/vrsync { - inherit (self) stdenv lib; - }; - vde-thinkpad = import ../pkgs/vde-thinkpad { - inherit (self) stdenv lib; - }; -} diff --git a/tmp/nixos-configuration/overlays/unstable.overlay.nix b/tmp/nixos-configuration/overlays/unstable.overlay.nix @@ -1,9 +0,0 @@ -_: _: let - unstableTarball = fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz; - unstable = import unstableTarball { overlays = []; }; -in { - inherit (unstable) - # cachix - #git - ; -} diff --git a/tmp/nixos-configuration/pkgs/default.nix b/tmp/nixos-configuration/pkgs/default.nix @@ -1,13 +0,0 @@ -{ system ? builtins.currentSystem }: - -let - pkgs = import <nixpkgs> { inherit system; }; -in -rec { - vrsync = import ./vrsync { - inherit (pkgs) stdenv lib; - }; - vde-thinkpad = import ./vde-thinkpad { - inherit (pkgs) stdenv lib; - }; -} diff --git a/tmp/nixos-configuration/pkgs/vde-thinkpad/default.nix b/tmp/nixos-configuration/pkgs/vde-thinkpad/default.nix @@ -1,14 +0,0 @@ -{ stdenv, lib }: - -stdenv.mkDerivation rec { - name = "vde-thinkpad"; - src = ./.; - - phases = [ "install" ]; - - install = '' - mkdir -p $out/bin - cp $src/dock $out/bin - chmod +x $out/bin/dock - ''; -} diff --git a/tmp/nixos-configuration/pkgs/vde-thinkpad/dock b/tmp/nixos-configuration/pkgs/vde-thinkpad/dock @@ -1,4 +0,0 @@ -#!/usr/bin/env bash -export DISPLAY=":0.0" -export XAUTHORITY=/home/vincent/.Xauthority -xmessage dock diff --git a/tmp/nixos-configuration/pkgs/vrsync/default.nix b/tmp/nixos-configuration/pkgs/vrsync/default.nix @@ -1,14 +0,0 @@ -{ stdenv, lib }: - -stdenv.mkDerivation rec { - name = "vrsync"; - src = ./.; - - phases = [ "install" ]; - - install = '' - mkdir -p $out/bin - cp $src/vrsync $out/bin - chmod +x $out/bin/vrsync - ''; -} diff --git a/tmp/nixos-configuration/pkgs/vrsync/foo b/tmp/nixos-configuration/pkgs/vrsync/foo @@ -1 +0,0 @@ -/home/vincent/desktop/documents/ vincent@synodine.local:/volume1/documents/- \ No newline at end of file diff --git a/tmp/nixos-configuration/pkgs/vrsync/vrsync b/tmp/nixos-configuration/pkgs/vrsync/vrsync @@ -1,15 +0,0 @@ -#!/usr/bin/env bash -# Look for /etc/vrsync.conf -# For each line run rsync with on source:target -# and some specials cases -CONF=${CONF:-/etc/vrsync} - -cmd="rsync -ave ssh --progress --size-only --delete --exclude='*~' --exclude=.stfolder" -test -e $CONF || { - echo "$CONF does not exists, bailing…" - exit 1 -} - -while IFS='' read -r line || [[ -n "$line" ]]; do - $cmd $line $@ -done < "$CONF"