sercanto/mio-ops
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Activity

treefmt: formatted all nix files

Browse source
This commit is contained in:
Serĉanto de Scio 2022-03-08 00:26:15 +10:00
parent 80f4fbcb61
commit c05057015e
Signed by: sercanto
GPG key ID: 7DBA9F5689EFB6AA
117 changed files with 1640 additions and 1568 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
globals-defaults.nix
View file

@ -1 +1 @@
{ }
{}

14
globals.nix
View file

@ -1,11 +1,11 @@
self: super: {
globals = import ./globals-defaults.nix // rec {
globals =
import ./globals-defaults.nix
// rec {
deploymentName = "mio-ops";
deploymentName = "mio-ops";
domain = "mcwhirter.io";
domain = "mcwhirter.io";
environment = "${deploymentName}";
};
environment = "${deploymentName}";
};
}

28
hardware/eeepc701.nix
View file

@ -1,8 +1,10 @@
# Hardware configuration file common to ASUS 701 EeePC4G-BK004
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../profiles/host_common.nix
@ -33,14 +35,18 @@
config = {
allowUnfree = true;
packageOverrides = pkgs: {
stdenv = pkgs.stdenv // {
platform = pkgs.stdenv.platform // {
kernelExtraConfig = ''
HIGHMEM64G? n # 32-bit proc with > 4G RAM
HIGHMEM4G y # 32-bit proc with =< 4G RAM
'';
stdenv =
pkgs.stdenv
// {
platform =
pkgs.stdenv.platform
// {
kernelExtraConfig = ''
HIGHMEM64G? n # 32-bit proc with > 4G RAM
HIGHMEM4G y # 32-bit proc with =< 4G RAM
'';
};
};
};
};
};
localSystem = {
@ -55,7 +61,7 @@
fsType = "ext4";
};
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
swapDevices = [{device = "/dev/disk/by-label/swap";}];
networking.wireless.enable = true; # Enable wireless via wpa_supplicant.
nix.maxJobs = lib.mkDefault 1;

23
hardware/lenovo_x201.nix
View file

@ -1,24 +1,25 @@
# Hardware configuration file common to all Lenovo x201 devices
{ config, lib, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
config,
lib,
pkgs,
...
}: {
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
swapDevices = [{device = "/dev/disk/by-label/swap";}];
hardware.opengl.extraPackages = with pkgs; [ vaapiIntel ];
hardware.opengl.extraPackages = with pkgs; [vaapiIntel];
nix.maxJobs = lib.mkDefault 4;
services.thinkfan = {

20
hardware/linode_vm-encrypted.nix
View file

@ -1,18 +1,20 @@
# Configuration common to all my encrypted Linode VMs
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
imports = [
# Import the NixOS Qemu guest settings
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
boot = {
extraModulePackages = [ ];
extraModulePackages = [];
initrd = {
availableKernelModules = [ "virtio_pci" "ahci" "sd_mod" ];
kernelModules = [ "dm-snapshot" ];
availableKernelModules = ["virtio_pci" "ahci" "sd_mod"];
kernelModules = ["dm-snapshot"];
luks = {
devices = {
root = {
@ -22,8 +24,8 @@
};
};
};
kernelModules = [ ];
kernelParams = [ "console=ttyS0,19200n8" ];
kernelModules = [];
kernelParams = ["console=ttyS0,19200n8"];
loader = {
grub = {
forceInstall = true;
@ -46,7 +48,7 @@
fsType = "ext4";
};
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
swapDevices = [{device = "/dev/disk/by-label/swap";}];
nix.maxJobs = lib.mkDefault 8;
}

20
hardware/linode_vm.nix
View file

@ -1,18 +1,20 @@
# Configuration common to all my Linode VMs
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
imports = [
# Import the NixOS Qemu guest settings
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
boot.initrd.availableKernelModules = [ "virtio_pci" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "console=ttyS0,19200n8" ];
boot.initrd.availableKernelModules = ["virtio_pci" "ahci" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.kernelParams = ["console=ttyS0,19200n8"];
boot.loader = {
grub = {
extraConfig = ''
@ -31,7 +33,7 @@
fsType = "ext4";
};
swapDevices = [{ device = "/dev/sdb"; }];
swapDevices = [{device = "/dev/sdb";}];
nix.maxJobs = lib.mkDefault 4;
}

18
hardware/odroid-hc4/default.nix
View file

@ -1,11 +1,13 @@
{ config, lib, modulesPath, pkgs, ... }:
with lib;
let
{
config,
lib,
modulesPath,
pkgs,
...
}:
with lib; let
sources = import ../../nix/sources.nix;
unstable = import sources.nixpkgsUnstable { };
unstable = import sources.nixpkgsUnstable {};
in {
imports = [
"${modulesPath}/profiles/base.nix"
@ -17,7 +19,7 @@ in {
# The linux kernel used is compiled from the Hardkernel fork of
# torvalds/linux
boot = {
initrd.availableKernelModules = mkForce [ ];
initrd.availableKernelModules = mkForce [];
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_hardkernel;
# Bootloader (use Hardkernel fork of Das U-Boot)
loader = {

12
hardware/odroid-hc4/modules/sd-image/default.nix
View file

@ -1,4 +1,10 @@
{ pkgs, lib, config, modulesPath, ... }: {
{
pkgs,
lib,
config,
modulesPath,
...
}: {
imports = [
"${modulesPath}/installer/sd-card/sd-image.nix"
# should we include this module or should we treat the SD
@ -11,14 +17,14 @@
nixpkgs.overlays = [
(final: prev: {
smartmontools = prev.smartmontools.override { enableMail = false; };
smartmontools = prev.smartmontools.override {enableMail = false;};
})
];
# Remove zfs from supported filesystems as it fails when cross-compiling due
# to not being able to build kernel module
boot.supportedFilesystems =
lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
lib.mkForce ["btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs"];
sdImage = {
compressImage = false;

23
hardware/odroid-hc4/overlays/kernel/kernel.nix
View file

@ -1,7 +1,16 @@
{ stdenv, buildPackages, fetchFromGitHub, perl, buildLinux, libelf, utillinux
, lib, ... }@args:
buildLinux (args // rec {
{
stdenv,
buildPackages,
fetchFromGitHub,
perl,
buildLinux,
libelf,
utillinux,
lib,
...
} @ args:
buildLinux (args
// rec {
version = "4.9.241-107";
# modDirVersion needs to be x.y.z.
@ -25,6 +34,6 @@ buildLinux (args // rec {
NR_CPUS = lib.mkForce (freeform "8");
};
extraMeta.platforms = [ "aarch64-linux" ];
} // (args.argsOverride or { }))
extraMeta.platforms = ["aarch64-linux"];
}
// (args.argsOverride or {}))

2
hardware/odroid-hc4/overlays/uboot/blx_fix.nix
View file

@ -1,4 +1,4 @@
{ writeShellScript }:
{writeShellScript}:
writeShellScript "blx_fix" ''
#bl2 file size 41K, bl21 file size 3K (file size not equal runtime size)
#total 44K

23
hardware/odroid-hc4/overlays/uboot/hardkernel.nix
View file

@ -1,16 +1,23 @@
{ gcc49Stdenv, git, bc, bison, flex, nettools, buildPackages, arm-gcc49 }:
{
gcc49Stdenv,
git,
bc,
bison,
flex,
nettools,
buildPackages,
arm-gcc49,
}:
gcc49Stdenv.mkDerivation {
name = "hardkernel-uboot";
src = builtins.fetchTarball {
url =
"https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz";
url = "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz";
sha256 = "0hj49jf9w2w55r7fjpx8asb92r85lws8mvq4mvl1v309z7k56zwv";
};
patches = [ ./pwd.diff ./fip_create.diff ];
nativeBuildInputs = [ git gcc49Stdenv.cc bc bison flex nettools ];
depsBuildBuild = [ arm-gcc49 buildPackages.gcc49Stdenv.cc ];
makeFlags = [ "CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}" ];
patches = [./pwd.diff ./fip_create.diff];
nativeBuildInputs = [git gcc49Stdenv.cc bc bison flex nettools];
depsBuildBuild = [arm-gcc49 buildPackages.gcc49Stdenv.cc];
makeFlags = ["CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}"];
configurePhase = ''
make odroidc4_defconfig
'';

13
hardware/odroid-hc4/overlays/uboot/meson64-tools.nix
View file

@ -1,10 +1,13 @@
{ stdenv, python2, python3 }:
{
stdenv,
python2,
python3,
}:
stdenv.mkDerivation {
name = "meson64-tools";
nativeBuildInputs = [ python2 python3 ];
nativeBuildInputs = [python2 python3];
src = builtins.fetchTarball {
url =
"https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz";
url = "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz";
sha256 = "1487cr7sv34yry8f0chaj6s2g3736dzq0aqw239ahdy30yg7hb2v";
};
@ -12,5 +15,5 @@ stdenv.mkDerivation {
patchShebangs .
patchShebangs ./mbedtls/scripts/generate_psa_constants.py
'';
makeFlags = [ "PREFIX=$(out)/bin" ];
makeFlags = ["PREFIX=$(out)/bin"];
}

27
hardware/odroid-hc4/overlays/uboot/overlay.nix
View file

@ -1,22 +1,25 @@
final: prev:
let
platform = final.lib.systems.examples.aarch64-multiplatform // {
gcc = { arch = "armv8-a+crypto"; };
};
final: prev: let
platform =
final.lib.systems.examples.aarch64-multiplatform
// {
gcc = {arch = "armv8-a+crypto";};
};
arm64 = final.pkgsCross.aarch64-embedded;
arm = final.pkgsCross.arm-embedded;
uboot-hardkernel =
arm64.callPackage ./hardkernel.nix { arm-gcc49 = arm.buildPackages.gcc49; };
with-crypto = import final.path { crossSystem = platform; };
meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix { };
blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix { };
arm64.callPackage ./hardkernel.nix {arm-gcc49 = arm.buildPackages.gcc49;};
with-crypto = import final.path {crossSystem = platform;};
meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix {};
blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix {};
uboot = arm64.callPackage ./u-boot.nix {
inherit uboot-hardkernel meson64-tools blx_fix;
};
in {
uboot-hardkernel = uboot;
ubootTools-hardkernel = final.buildPackages.ubootTools;
buildPackages = prev.buildPackages // {
ubootTools-hardkernel = final.buildPackages.buildPackages.ubootTools;
};
buildPackages =
prev.buildPackages
// {
ubootTools-hardkernel = final.buildPackages.buildPackages.ubootTools;
};
}

162
hardware/odroid-hc4/overlays/uboot/u-boot.nix
View file

@ -1,79 +1,89 @@
{ stdenv, git, bc, bison, flex, nettools, openssl, buildPackages
, uboot-hardkernel, meson64-tools, blx_fix }:
let
in stdenv.mkDerivation {
name = "uboot";
src = builtins.fetchTarball {
url =
"https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz";
sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6";
};
CROSS_COMPILE = stdenv.cc.targetPrefix;
configurePhase = ''
make odroid-c4_defconfig
'';
buildPhase = ''
make
'';
installPhase = ''
mkdir fip
cp ${uboot-hardkernel}/fip/* fip/
cp u-boot.bin fip/bl33.bin
${blx_fix} \
fip/bl30.bin \
fip/zero_tmp \
fip/bl30_zero.bin \
fip/bl301.bin \
fip/bl301_zero.bin \
fip/bl30_new.bin \
bl30
{
stdenv,
git,
bc,
bison,
flex,
nettools,
openssl,
buildPackages,
uboot-hardkernel,
meson64-tools,
blx_fix,
}: let
in
stdenv.mkDerivation {
name = "uboot";
src = builtins.fetchTarball {
url = "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz";
sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6";
};
CROSS_COMPILE = stdenv.cc.targetPrefix;
configurePhase = ''
make odroid-c4_defconfig
'';
buildPhase = ''
make
'';
installPhase = ''
mkdir fip
cp ${uboot-hardkernel}/fip/* fip/
cp u-boot.bin fip/bl33.bin
${blx_fix} \
fip/bl30.bin \
fip/zero_tmp \
fip/bl30_zero.bin \
fip/bl301.bin \
fip/bl301_zero.bin \
fip/bl30_new.bin \
bl30
${blx_fix} \
fip/bl2.bin \
fip/zero_tmp \
fip/bl2_zero.bin \
fip/acs.bin \
fip/bl21_zero.bin \
fip/bl2_new.bin \
bl2
${blx_fix} \
fip/bl2.bin \
fip/zero_tmp \
fip/bl2_zero.bin \
fip/acs.bin \
fip/bl21_zero.bin \
fip/bl2_new.bin \
bl2
${meson64-tools}/bin/bl30sig \
--input fip/bl30_new.bin \
--output fip/bl30_new.bin.g12a.enc \
--level v3
${meson64-tools}/bin/bl3sig \
--input fip/bl30_new.bin.g12a.enc \
--output fip/bl30_new.bin.enc \
--level v3 --type bl30
${meson64-tools}/bin/bl3sig \
--input fip/bl31.img \
--output fip/bl31.img.enc \
--level v3 --type bl31
${meson64-tools}/bin/bl3sig \
--input fip/bl33.bin --compress lz4 \
--output fip/bl33.bin.enc \
--level v3 --type bl33 --compress lz4
${meson64-tools}/bin/bl2sig \
--input fip/bl2_new.bin \
--output fip/bl2.n.bin.sig
${meson64-tools}/bin/bootmk \
--output $out \
--bl2 fip/bl2.n.bin.sig \
--bl30 fip/bl30_new.bin.enc \
--bl31 fip/bl31.img.enc \
--bl33 fip/bl33.bin.enc \
--ddrfw1 fip/ddr4_1d.fw \
--ddrfw2 fip/ddr4_2d.fw \
--ddrfw3 fip/ddr3_1d.fw \
--ddrfw4 fip/piei.fw \
--ddrfw5 fip/lpddr4_1d.fw \
--ddrfw6 fip/lpddr4_2d.fw \
--ddrfw7 fip/diag_lpddr4.fw \
--ddrfw8 fip/aml_ddr.fw \
--ddrfw9 fip/lpddr3_1d.fw \
--level v3
'';
nativeBuildInputs = [ git bc bison flex nettools ];
${meson64-tools}/bin/bl30sig \
--input fip/bl30_new.bin \
--output fip/bl30_new.bin.g12a.enc \
--level v3
${meson64-tools}/bin/bl3sig \
--input fip/bl30_new.bin.g12a.enc \
--output fip/bl30_new.bin.enc \
--level v3 --type bl30
${meson64-tools}/bin/bl3sig \
--input fip/bl31.img \
--output fip/bl31.img.enc \
--level v3 --type bl31
${meson64-tools}/bin/bl3sig \
--input fip/bl33.bin --compress lz4 \
--output fip/bl33.bin.enc \
--level v3 --type bl33 --compress lz4
${meson64-tools}/bin/bl2sig \
--input fip/bl2_new.bin \
--output fip/bl2.n.bin.sig
${meson64-tools}/bin/bootmk \
--output $out \
--bl2 fip/bl2.n.bin.sig \
--bl30 fip/bl30_new.bin.enc \
--bl31 fip/bl31.img.enc \
--bl33 fip/bl33.bin.enc \
--ddrfw1 fip/ddr4_1d.fw \
--ddrfw2 fip/ddr4_2d.fw \
--ddrfw3 fip/ddr3_1d.fw \
--ddrfw4 fip/piei.fw \
--ddrfw5 fip/lpddr4_1d.fw \
--ddrfw6 fip/lpddr4_2d.fw \
--ddrfw7 fip/diag_lpddr4.fw \
--ddrfw8 fip/aml_ddr.fw \
--ddrfw9 fip/lpddr3_1d.fw \
--level v3
'';
nativeBuildInputs = [git bc bison flex nettools];
depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.openssl.dev ];
}
depsBuildBuild = [buildPackages.stdenv.cc buildPackages.openssl.dev];
}

3
hardware/odroid-hc4/uboot/boot-ini-builder.nix
View file

@ -1,5 +1,4 @@
{ pkgs }:
{pkgs}:
pkgs.substituteAll {
src = ./boot-ini-builder.sh;
isExecutable = true;

36
hardware/odroid-hc4/uboot/hardkernel-uboot.nix
View file

@ -1,18 +1,24 @@
{ config, lib, pkgs, ... }:
with lib;
let
{
config,
lib,
pkgs,
...
}:
with lib; let
blCfg = config.boot.loader;
dtCfg = config.hardware.deviceTree;
cfg = blCfg.hardkernel-uboot;
timeoutStr = if blCfg.timeout == null then "-1" else toString blCfg.timeout;
timeoutStr =
if blCfg.timeout == null
then "-1"
else toString blCfg.timeout;
# The builder used to write during system activation
builder = import ./boot-ini-builder.nix { inherit pkgs; };
builder = import ./boot-ini-builder.nix {inherit pkgs;};
# The builder exposed in populateCmd, which runs on the build architecture
populateBuilder =
import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; };
import ./boot-ini-builder.nix {pkgs = pkgs.buildPackages;};
in {
options = {
boot.loader.hardkernel-uboot = {
@ -38,17 +44,17 @@ in {
Useful to have for sdImage.populateRootCommands
'';
};
};
};
config = let
builderArgs = "-t ${timeoutStr}"
builderArgs =
"-t ${timeoutStr}"
+ lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}";
in mkIf cfg.enable {
system.build.installBootLoader = "${builder} ${builderArgs} -c";
system.boot.loader.id = "hardkernel-uboot";
boot.loader.hardkernel-uboot.populateCmd =
"${populateBuilder} ${builderArgs}";
};
in
mkIf cfg.enable {
system.build.installBootLoader = "${builder} ${builderArgs} -c";
system.boot.loader.id = "hardkernel-uboot";
boot.loader.hardkernel-uboot.populateCmd = "${populateBuilder} ${builderArgs}";
};
}

20
hardware/purism_librem_15.nix
View file

@ -1,9 +1,11 @@
# Hardware configuration file common to all Purism Librem 15 ver 3 TPM devices
{ config, lib, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
config,
lib,
pkgs,
...
}: {
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
boot = {
initrd = {
@ -17,11 +19,10 @@
"aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128
"cryptd" # Software async crypto daemon
];
kernelModules = [ "dm-snapshot" ];
luks.devices."cryptroot".device =
"/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
kernelModules = ["dm-snapshot"];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
};
kernelModules = [ "kvm-intel" ]; # Enable kvm for libvirtd
kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
};
fileSystems."/" = {
@ -34,8 +35,7 @@
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; }];
swapDevices = [{device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e";}];
nix.maxJobs = lib.mkDefault 4;
}

29
hardware/raspberry_pi_2_model_B.nix
View file

@ -1,9 +1,10 @@
# Configuration common to all Raspberry Pi 2 Model B devices
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
boot = {
consoleLogLevel = lib.mkDefault 7;
initrd = {
@ -50,7 +51,7 @@
# Alternatively, this could be removed from the configuration.
# The filesystem is not needed at runtime, it could be treated
# as an opaque blob instead of a discrete FAT32 filesystem.
options = [ "nofail" "noauto" ];
options = ["nofail" "noauto"];
};
"/var" = {
device = "/dev/disk/by-label/var";
@ -59,10 +60,12 @@
};
# !!! Adding a swap file is optional, but strongly recommended!
swapDevices = [{
device = "/swapfile";
size = 1024;
}];
swapDevices = [
{
device = "/swapfile";
size = 1024;
}
];
hardware = {
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
@ -74,9 +77,7 @@
sound.enable = false; # Disable sound.
environment.systemPackages = with pkgs;
[
libraspberrypi # Userland tools for the Raspberry Pi board
];
environment.systemPackages = with pkgs; [
libraspberrypi # Userland tools for the Raspberry Pi board
];
}

29
hardware/raspberry_pi_3_model_B.nix
View file

@ -1,9 +1,10 @@
# Configuration common to all Raspberry Pi 3 Model B devices
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
boot = {
initrd = {
availableKernelModules = [
@ -53,7 +54,7 @@
# Alternatively, this could be removed from the configuration.
# The filesystem is not needed at runtime, it could be treated
# as an opaque blob instead of a discrete FAT32 filesystem.
options = [ "nofail" "noauto" ];
options = ["nofail" "noauto"];
};
#"/var" = {
# device = "/dev/disk/by-label/var";
@ -62,10 +63,12 @@
};
# !!! Adding a swap file is optional, but strongly recommended!
swapDevices = [{
device = "/swapfile";
size = 1024;
}];
swapDevices = [
{
device = "/swapfile";
size = 1024;
}
];
hardware = {
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
@ -75,9 +78,7 @@
enableB43Firmware = false; # If true, enable Pi wireless firmware
};
environment.systemPackages = with pkgs;
[
libraspberrypi # Userland tools for the Raspberry Pi board
];
environment.systemPackages = with pkgs; [
libraspberrypi # Userland tools for the Raspberry Pi board
];
}

9
hosts/airgead.nix
View file

@ -1,9 +1,10 @@
# NixOps configuration for airgead
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
imports = [
../networks/linode.nix
../profiles/cardano-node.nix

21
hosts/ceilidh.nix
View file

@ -1,12 +1,14 @@
# NixOps configuration for pàidh-tri
{ config, pkgs, lib, ... }:
# NixOps configuration for ceilidh
{
imports = [ ../hardware/odroid-hc4 ];
config,
pkgs,
lib,
...
}: {
imports = [../hardware/odroid-hc4];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.121";
deployment.targetHost = "10.42.0.108";
networking.hostName = "ceilidh"; # Define your hostname.
# Ensure the right package architecture is used
@ -21,10 +23,9 @@
};
};
environment.systemPackages = with pkgs;
[
gnupg # GPL OpenPGP implementation
];
environment.systemPackages = with pkgs; [
gnupg # GPL OpenPGP implementation
];
system.stateVersion = "21.05"; # The version of NixOS originally installed
}

17
hosts/cuallaidh.nix
View file

@ -1,9 +1,10 @@
# NixOps configuration for cuallaidh
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
imports = [
../networks/linode.nix
../profiles/coturn.nix
@ -11,6 +12,8 @@
../profiles/gitea.nix
#../profiles/hydra.nix
../profiles/iohk.nix
../profiles/ipv6.nix
../profiles/mastodon.nix
../profiles/matrix.nix
../profiles/mcwhirter.io.nix
../profiles/minecraftServer.nix
@ -26,6 +29,12 @@
deployment.targetHost = "172.105.171.16";
networking.hostName = "cuallaidh"; # Define your hostname.
networking.interfaces.eth0.ipv6.addresses = [
{
address = "2400:8907::f03c:92ff:fe08:f1d4";
prefixLength = 64;
}
];
system.stateVersion = "19.03"; # The version of NixOS originally installed
}

8
hosts/dhu.nix
View file

@ -1,8 +1,9 @@
# Configuration for an ASUS ASUS 701 EeePC4G-BK004
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
../hardware/eeepc701.nix # Include common configuration options
../secrets/wireless.nix
@ -13,5 +14,4 @@
networking.hostName = "dhu"; # Define your hostname.
system.stateVersion = "20.09"; # The version of NixOS originally installed
}

22
hosts/dionach.nix
View file

@ -1,9 +1,9 @@
# NixOps configuration for dionach
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
../hardware/purism_librem_15.nix # Include results of the hardware scan.
../profiles/android.nix # Provide an Android dev environment
@ -14,6 +14,7 @@
../profiles/haskell-dev.nix # Haskell dev environment
../profiles/host_common.nix # Common host configuration options
../profiles/iohk.nix # IOHK environment
../profiles/kde.nix # kdeenvironment
../profiles/keyboard.nix
../profiles/neomutt.nix # Neomutt email
../profiles/nix-community.nix # Nix community aarch64 tooling
@ -35,7 +36,7 @@
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [ "openssl-1.0.2u" "minecraft" ];
permittedInsecurePackages = ["openssl-1.0.2u" "minecraft"];
};
# Use the GRUB 2 boot loader.
@ -153,7 +154,7 @@
];
environment.variables = {
GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
GIO_EXTRA_MODULES = ["${pkgs.gvfs}/lib/gio/modules"];
};
services.acpid.enable = true;
@ -165,7 +166,7 @@
networking.firewall = {
enable = true;
checkReversePath = false; # Needed for libvirtd
allowedTCPPorts = [ 15000 ];
allowedTCPPorts = [15000];
};
# Virtualisation configuration:
@ -193,13 +194,13 @@
pulseaudio = {
enable = true;
systemWide = false;
extraModules = [ pkgs.pulseaudio-modules-bt ];
extraModules = [pkgs.pulseaudio-modules-bt];
package = pkgs.pulseaudioFull;
};
bluetooth = {
enable = true;
hsphfpd.enable = true;
settings = { Policy = { AutoEnable = "true"; }; };
settings = {Policy = {AutoEnable = "true";};};
};
opengl.enable = true;
};
@ -212,12 +213,11 @@
TCPKeepAlive no
'';
users.groups = { lp.members = [ "messagebus" ]; };
users.groups = {lp.members = ["messagebus"];};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "20.03"; # Did you read the comment?
}

8
hosts/iolear-beag.nix
View file

@ -1,8 +1,9 @@
# NixOS Configuration for a Lenovo x201
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
../hardware/lenovo_x201.nix
../profiles/desktop_common.nix
@ -18,5 +19,4 @@
networking.hostName = "iolear-beag"; # Define your hostname.
system.stateVersion = "18.09"; # The version of NixOS originally installed
}

10
hosts/paidh-aon.nix
View file

@ -1,9 +1,11 @@
# NixOps configuration for pàidh-aon
{ config, pkgs, lib, ... }:
{
imports = [ ../networks/pi2B_rack.nix ];
config,
pkgs,
lib,
...
}: {
imports = [../networks/pi2B_rack.nix];
# Comment out deployment when building the SD Image.
#deployment.targetHost = "10.69.0.201";

12
hosts/paidh-ceithir.nix
View file

@ -1,15 +1,17 @@
# NixOps configuration for paidh-ceithir
{ config, pkgs, lib, ... }:
{
imports = [ ../networks/pi3B_rack.nix ];
config,
pkgs,
lib,
...
}: {
imports = [../networks/pi3B_rack.nix];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.204";
networking.hostName = "paidh-ceithir"; # Define your hostname.
environment.systemPackages = with pkgs; [ ];
environment.systemPackages = with pkgs; [];
system.stateVersion = "20.09"; # The version of NixOS originally installed
}

12
hosts/paidh-coig.nix
View file

@ -1,15 +1,17 @@
# NixOps configuration for paidh-coig
{ config, pkgs, lib, ... }:
{
imports = [ ../networks/pi3B_rack.nix ];
config,
pkgs,
lib,
...
}: {
imports = [../networks/pi3B_rack.nix];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.205";
networking.hostName = "paidh-coig"; # Define your hostname.
environment.systemPackages = with pkgs; [ ];
environment.systemPackages = with pkgs; [];
system.stateVersion = "20.09"; # The version of NixOS originally installed
}

8
hosts/paidh-dha.nix
View file

@ -1,8 +1,10 @@
# NixOps configuration for pàidh-dha
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
imports = [
../networks/pi3B_rack.nix
../profiles/transmission.nix

17
hosts/paidh-tri.nix
View file

@ -1,18 +1,19 @@
# NixOps configuration for pàidh-tri
{ config, pkgs, lib, ... }:
{
imports = [ ../networks/pi3B_rack.nix ../profiles/cyclone-ibis.nix ];
config,
pkgs,
lib,
...
}: {
imports = [../networks/pi3B_rack.nix ../profiles/cyclone-ibis.nix];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.203";
networking.hostName = "paidh-tri"; # Define your hostname.
environment.systemPackages = with pkgs;
[
gnupg # GPL OpenPGP implementation
];
environment.systemPackages = with pkgs; [
gnupg # GPL OpenPGP implementation
];
system.stateVersion = "20.09"; # The version of NixOS originally installed
}

15
hosts/paidh-uachdar.nix
View file

@ -1,8 +1,10 @@
# NixOps configuration for pàidh-uachdar
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
imports = [
../hardware/raspberry_pi_3_model_B.nix
../profiles/host_common.nix
@ -34,10 +36,9 @@
nixos.enable = false; # Save some space by disabling the manual
};
environment.systemPackages = with pkgs;
[
gnupg # GPL OpenPGP implementation
];
environment.systemPackages = with pkgs; [
gnupg # GPL OpenPGP implementation
];
system.stateVersion = "20.09"; # The version of NixOS originally installed
}

8
hosts/sithlainnir.nix
View file

@ -1,8 +1,9 @@
# Configuration for sithlainnir, a Lenovo x201
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
../hardware/lenovo_x201.nix
../profiles/desktopFiona.nix
@ -18,5 +19,4 @@
networking.hostName = "sithlainnir"; # Define your hostname.
system.stateVersion = "18.09"; # The version of NixOS originally installed
}

8
hosts/teintidh.nix
View file

@ -1,8 +1,9 @@
# Configuration for a Lenovo x201
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
../hardware/lenovo_x201.nix
../profiles/desktop_common.nix
@ -19,5 +20,4 @@
networking.hostName = "teintidh"; # Define your hostname.
system.stateVersion = "18.09"; # The version of NixOS originally installed
}

17
images/sd-image_paidh-aarch64.nix
View file

@ -2,14 +2,16 @@
#
# To build, use:
# imports = [ ./sd-image_paidh-base ]
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
extlinux-conf-builder = import
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
pkgs = pkgs.buildPackages;
};
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
pkgs = pkgs.buildPackages;
};
in {
imports = [
<nixpkgs/nixos/modules/profiles/base.nix>
@ -44,5 +46,4 @@ in {
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}

7
images/sd-image_paidh-aon.nix
View file

@ -8,9 +8,6 @@
# An example of how to write the image to SD card:
#
# bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb
{ ... }: {
imports = [ ./sd-image_paidh-armv7.nix ../hosts/paidh-aon.nix ];
{...}: {
imports = [./sd-image_paidh-armv7.nix ../hosts/paidh-aon.nix];
}

17
images/sd-image_paidh-armv7.nix
View file

@ -2,14 +2,16 @@
#
# To build, use:
# imports = [ ./sd-image_paidh-armv7.nix ]
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
extlinux-conf-builder = import
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
pkgs = pkgs.buildPackages;
};
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
pkgs = pkgs.buildPackages;
};
in {
imports = [
<nixpkgs/nixos/modules/profiles/base.nix>
@ -42,5 +44,4 @@ in {
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}

7
images/sd-image_paidh-ceithir.nix
View file

@ -8,9 +8,6 @@
# An example of how to write the image to SD card:
#
# bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb
{ ... }: {
imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-ceithir.nix ];
{...}: {
imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-ceithir.nix];
}

7
images/sd-image_paidh-coig.nix
View file

@ -8,9 +8,6 @@
# An example of how to write the image to SD card:
#
# bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb
{ ... }: {
imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-coig.nix ];
{...}: {
imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-coig.nix];
}

7
images/sd-image_paidh-dha.nix
View file

@ -1,7 +1,4 @@
# SD image for paidh-dha
{ ... }: {
imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-dha.nix ];
{...}: {
imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-dha.nix];
}

7
images/sd-image_paidh-tri.nix
View file

@ -8,9 +8,6 @@
# An example of how to write the image to SD card:
#
# bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb
{ ... }: {
imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-tri.nix ];
{...}: {
imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-tri.nix];
}

21
images/usb-yubikey.nix
View file

@ -1,17 +1,17 @@
# Configuration for USB image for air gapped Yubikey machine
#
# Usage: nix-build -A iso images/usb-yubikey.nix
{ nixpkgs ? <nixpkgs>, system ? "x86_64-linux" }:
let
config = { pkgs, ... }:
{
nixpkgs ? <nixpkgs>,
system ? "x86_64-linux",
}: let
config = {pkgs, ...}:
with pkgs; {
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
];
boot.supportedFilesystems = [ "zfs" ];
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.supportedFilesystems = ["zfs"];
boot.kernelParams = ["console=ttyS0,115200n8"];
programs = {
ssh.startAgent = false;
gnupg.agent = {
@ -20,7 +20,7 @@ let
};
};
services.pcscd.enable = true;
services.udev.packages = [ yubikey-personalization ];
services.udev.packages = [yubikey-personalization];
environment.systemPackages = [
curl # Tool for transferring files with URL syntax
gnupg # GNU Privacy Guard
@ -32,6 +32,5 @@ let
#services.openssh.enable = false;
};
evalNixos = configuration:
import <nixpkgs/nixos> { inherit system configuration; };
in { iso = (evalNixos config).config.system.build.isoImage; }
import <nixpkgs/nixos> {inherit system configuration;};
in {iso = (evalNixos config).config.system.build.isoImage;}

21
networks/linode-common.nix
View file

@ -1,9 +1,11 @@
# NixOps configuration common to Linode VMs
{ config, pkgs, lib, ... }:
{
imports = [ ../profiles/host_common.nix ../profiles/server_common.nix ];
config,
pkgs,
lib,
...
}: {
imports = [../profiles/host_common.nix ../profiles/server_common.nix];
# Ensure the right package architecture is used
nixpkgs.localSystem = {
@ -12,7 +14,7 @@
};
# Tools that Linode support like to have install if you need them.
environment.systemPackages = with pkgs; [ inetutils mtr sysstat ];
environment.systemPackages = with pkgs; [inetutils mtr sysstat];
# Configure firewall defaults:
networking = {
@ -21,9 +23,14 @@
interfaces.eth0.useDHCP = true;
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
trustedInterfaces = [ "lo" ];
allowedTCPPorts = [80 443];
trustedInterfaces = ["lo"];
};
};
systemd.network.networks.eth0.ipv6SendRAConfig = {
EmitDNS = true;
Managed = true;
OtherInformation = true;
};
}

10
networks/linode-encrypted.nix
View file

@ -1,7 +1,9 @@
# NixOps configuration for the Linode VMs
{ config, pkgs, lib, ... }:
{
imports = [ ../hardware/linode_vm-encrypted.nix ./linode-common.nix ];
config,
pkgs,
lib,
...
}: {
imports = [../hardware/linode_vm-encrypted.nix ./linode-common.nix];
}

10
networks/linode.nix
View file

@ -1,7 +1,9 @@
# NixOps configuration for the Linode VMs
{ config, pkgs, lib, ... }:
{
imports = [ ../hardware/linode_vm.nix ./linode-common.nix ];
config,
pkgs,
lib,
...
}: {
imports = [../hardware/linode_vm.nix ./linode-common.nix];
}

5
networks/pi2B_rack.nix
View file

@ -1,7 +1,5 @@
# NixOps configuration for the Raspberry Pi 2B Rack
{
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../hardware/raspberry_pi_2_model_B.nix
@ -11,7 +9,7 @@
];
# Ensure the right package architecture is used
nixpkgs.crossSystem = { system = "armv7l-linux"; };
nixpkgs.crossSystem = {system = "armv7l-linux";};
networking.wireless.enable =
false; # Toggles wireless support via wpa_supplicant.
@ -26,5 +24,4 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFq6/C6ZSM8nS091fqw/om9LRszHDmS82ZTL7+GaSBnz craige@paidh-tri"
];
};
}

9
networks/pi3B_rack.nix
View file

@ -1,7 +1,5 @@
# NixOps configuration for the Raspberry Pi 3B Rack
{
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../hardware/raspberry_pi_3_model_B.nix
@ -20,6 +18,12 @@
networking.wireless.enable =
false; # Toggles wireless support via wpa_supplicant.
systemd.network.networks.eth0.ipv6SendRAConfig = {
EmitDNS = true;
Managed = true;
OtherInformation = true;
};
documentation = {
nixos.enable = false; # Save some space by disabling the manual
};
@ -30,5 +34,4 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFq6/C6ZSM8nS091fqw/om9LRszHDmS82ZTL7+GaSBnz craige@pi-tri"
];
};
}

26
nix/default.nix
View file

@ -1,22 +1,24 @@
{ sources ? import ./sources.nix, system ? builtins.currentSystem
, crossSystem ? null, config ? { } }:
let
{
sources ? import ./sources.nix,
system ? builtins.currentSystem,
crossSystem ? null,
config ? {},
}: let
# our own overlays:
local-overlays = [ ];
local-overlays = [];
globals = if builtins.pathExists ../globals.nix then
[ (import ../globals.nix) ]
else
builtins.trace "globals.nix missing, please add symlink" [ ];
globals =
if builtins.pathExists ../globals.nix
then [(import ../globals.nix)]
else builtins.trace "globals.nix missing, please add symlink" [];
# merge upstream sources with our own:
upstream-overlays = [
(_: super: {
sources = (super.sources or { }) // sources;
sources = (super.sources or {}) // sources;
})
];
overlays = local-overlays ++ globals ++ upstream-overlays;
in import sources.nixpkgs { inherit overlays system crossSystem config; }
in
import sources.nixpkgs {inherit overlays system crossSystem config;}

146
nix/sources.nix
View file

@ -1,22 +1,17 @@
# This file has been generated by Niv.
let
#
# The fetchers. fetch_<type> fetches specs of type <type>.
#
fetch_file = pkgs: spec:
if spec.builtin or true then
builtins_fetchurl { inherit (spec) url sha256; }
else
pkgs.fetchurl { inherit (spec) url sha256; };
if spec.builtin or true
then builtins_fetchurl {inherit (spec) url sha256;}
else pkgs.fetchurl {inherit (spec) url sha256;};
fetch_tarball = pkgs: spec:
if spec.builtin or true then
builtins_fetchTarball { inherit (spec) url sha256; }
else
pkgs.fetchzip { inherit (spec) url sha256; };
if spec.builtin or true
then builtins_fetchTarball {inherit (spec) url sha256;}
else pkgs.fetchzip {inherit (spec) url sha256;};
fetch_git = spec:
builtins.fetchGit {
@ -31,7 +26,8 @@ let
instead use `builtin = true`.
$ niv modify <package> -a type=tarball -a builtin=true
'' builtins_fetchTarball { inherit (spec) url sha256; };
''
builtins_fetchTarball {inherit (spec) url sha256;};
fetch_builtin-url = spec:
builtins.trace ''
@ -40,24 +36,24 @@ let
instead use `builtin = true`.
$ niv modify <package> -a type=file -a builtin=true
'' (builtins_fetchurl { inherit (spec) url sha256; });
'' (builtins_fetchurl {inherit (spec) url sha256;});
#
# Various helpers
#
# The set of packages used when specs are fetched using non-builtins.
mkPkgs = sources:
let
sourcesNixpkgs =
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; })
{ };
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in if builtins.hasAttr "nixpkgs" sources then
sourcesNixpkgs
else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
import <nixpkgs> { }
mkPkgs = sources: let
sourcesNixpkgs =
import (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;})
{};
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in
if builtins.hasAttr "nixpkgs" sources
then sourcesNixpkgs
else if hasNixpkgsPath && !hasThisAsNixpkgsPath
then import <nixpkgs> {}
else
abort ''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
@ -66,19 +62,18 @@ let
# The actual fetching function.
fetch = pkgs: name: spec:
if !builtins.hasAttr "type" spec then
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file" then
fetch_file pkgs spec
else if spec.type == "tarball" then
fetch_tarball pkgs spec
else if spec.type == "git" then
fetch_git spec
else if spec.type == "builtin-tarball" then
fetch_builtin-tarball spec
else if spec.type == "builtin-url" then
fetch_builtin-url spec
if !builtins.hasAttr "type" spec
then abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file"
then fetch_file pkgs spec
else if spec.type == "tarball"
then fetch_tarball pkgs spec
else if spec.type == "git"
then fetch_git spec
else if spec.type == "builtin-tarball"
then fetch_builtin-tarball spec
else if spec.type == "builtin-url"
then fetch_builtin-url spec
else
abort
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
@ -86,48 +81,61 @@ let
# Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs = builtins.mapAttrs or (f: set:
with builtins;
listToAttrs (map (attr: {
name = attr;
value = f attr set.${attr};
}) (attrNames set)));
mapAttrs =
builtins.mapAttrs
or (f: set:
with builtins;
listToAttrs (map (attr: {
name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = { url, sha256 }@attrs:
let inherit (builtins) lessThan nixVersion fetchTarball;
in if lessThan nixVersion "1.12" then
fetchTarball { inherit url; }
else
fetchTarball attrs;
builtins_fetchTarball = {
url,
sha256,
} @ attrs: let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12"
then fetchTarball {inherit url;}
else fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = { url, sha256 }@attrs:
let inherit (builtins) lessThan nixVersion fetchurl;
in if lessThan nixVersion "1.12" then
fetchurl { inherit url; }
else
fetchurl attrs;
builtins_fetchurl = {
url,
sha256,
} @ attrs: let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12"
then fetchurl {inherit url;}
else fetchurl attrs;
# Create the final "sources" from the config
mkSources = config:
mapAttrs (name: spec:
if builtins.hasAttr "outPath" spec then
if builtins.hasAttr "outPath" spec
then
abort
"The values in sources.json should not have an 'outPath' attribute"
else
spec // { outPath = fetch config.pkgs name spec; }) config.sources;
else spec // {outPath = fetch config.pkgs name spec;})
config.sources;
# The "config" used by the fetchers
mkConfig = { sourcesFile ? ./sources.json
, sources ? builtins.fromJSON (builtins.readFile sourcesFile)
, pkgs ? mkPkgs sources }: rec {
# The sources, i.e. the attribute set of spec name to spec
inherit sources;
mkConfig = {
sourcesFile ? ./sources.json,
sources ? builtins.fromJSON (builtins.readFile sourcesFile),
pkgs ? mkPkgs sources,
}: rec {
# The sources, i.e. the attribute set of spec name to spec
inherit sources;
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
inherit pkgs;
};
in mkSources (mkConfig { }) // {
__functor = _: settings: mkSources (mkConfig settings);
}
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
inherit pkgs;
};
in
mkSources (mkConfig {})
// {
__functor = _: settings: mkSources (mkConfig settings);
}

16
nixops.nix
View file

@ -1,18 +1,20 @@
# NixOps configuration for the mio-ops nodes
{
network = {
description = "mio-ops nodes";
enableRollback = true;
};
network.storage.legacy = { databasefile = "~/.nixops/deployments.nixops"; };
network.storage.legacy = {databasefile = "~/.nixops/deployments.nixops";};
defaults = { config, pkgs, lib, ... }:
{
system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
};
defaults = {
config,
pkgs,
lib,
...
}: {
system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
};
airgead = import hosts/airgead.nix;
ceilidh = import hosts/ceilidh.nix;

10
overlays/nixUnstable.nix
View file

@ -1,4 +1,6 @@
let sources = import ../nix/sources.nix { };
in final: prev: {
nixUnstable = (import sources.nixos-unstable { }).nixUnstable;
}
let
sources = import ../nix/sources.nix {};
in
final: prev: {
nixUnstable = (import sources.nixos-unstable {}).nixUnstable;
}

21
overlays/qemu/default.nix
View file

@ -1,15 +1,12 @@
# Based up original waokr by cleverca22
# https://github.com/cleverca22/nixos-configs/blob/master/overlays/qemu/default.nix
self: super:
{
qemu-user-arm = if self.stdenv.system == "x86_64-linux" then
self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; }
else
self.callPackage ./qemu { user_arch = "arm"; };
qemu-user-x86 = self.callPackage ./qemu { user_arch = "x86_64"; };
qemu-user-arm64 = self.callPackage ./qemu { user_arch = "aarch64"; };
qemu-user-riscv32 = self.callPackage ./qemu { user_arch = "riscv32"; };
qemu-user-riscv64 = self.callPackage ./qemu { user_arch = "riscv64"; };
self: super: {
qemu-user-arm =
if self.stdenv.system == "x86_64-linux"
then self.pkgsi686Linux.callPackage ./qemu {user_arch = "arm";}
else self.callPackage ./qemu {user_arch = "arm";};
qemu-user-x86 = self.callPackage ./qemu {user_arch = "x86_64";};
qemu-user-arm64 = self.callPackage ./qemu {user_arch = "aarch64";};
qemu-user-riscv32 = self.callPackage ./qemu {user_arch = "riscv32";};
qemu-user-riscv64 = self.callPackage ./qemu {user_arch = "riscv64";};
}

86
overlays/qemu/qemu/default.nix
View file

@ -1,13 +1,23 @@
# Based up original waokr by cleverca22
# https://raw.githubusercontent.com/cleverca22/nixos-configs/master/overlays/qemu/qemu/default.nix
{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison
, makeStaticLibraries, glibc, qemu, fetchFromGitHub }:
let
{
stdenv,
fetchurl,
python,
pkgconfig,
zlib,
glib,
user_arch,
flex,
bison,
makeStaticLibraries,
glibc,
qemu,
fetchFromGitHub,
}: let
env2 = makeStaticLibraries stdenv;
myglib = (glib.override { stdenv = env2; }).overrideAttrs (drv: {
mesonFlags = (drv.mesonFlags or [ ]) ++ [ "-Ddefault_library=both" ];
myglib = (glib.override {stdenv = env2;}).overrideAttrs (drv: {
mesonFlags = (drv.mesonFlags or []) ++ ["-Ddefault_library=both"];
});
riscv_src = fetchFromGitHub {
owner = "riscv";
@ -22,32 +32,36 @@ let
riscv64 = "x86_64";
x86_64 = "x86_64";
};
in stdenv.mkDerivation rec {
name = "qemu-user-${user_arch}-${version}";
version = "3.1.0";
src = if is_riscv then riscv_src else qemu.src;
buildInputs = [ python pkgconfig zlib.static myglib flex bison glibc.static ];
patches = [ ./qemu-stack.patch ];
configureFlags = [
"--enable-linux-user"
"--target-list=${user_arch}-linux-user"
"--disable-bsd-user"
"--disable-system"
"--disable-vnc"
"--disable-curses"
"--disable-sdl"
"--disable-vde"
"--disable-bluez"
"--disable-kvm"
"--static"
"--disable-tools"
"--cpu=${arch_map.${user_arch}}"
];
NIX_LDFLAGS = [ "-lglib-2.0" ];
enableParallelBuilding = true;
postInstall = ''
cc -static ${
./qemu-wrap.c
} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap
'';
}
in
stdenv.mkDerivation rec {
name = "qemu-user-${user_arch}-${version}";
version = "3.1.0";
src =
if is_riscv
then riscv_src
else qemu.src;
buildInputs = [python pkgconfig zlib.static myglib flex bison glibc.static];
patches = [./qemu-stack.patch];
configureFlags = [
"--enable-linux-user"
"--target-list=${user_arch}-linux-user"
"--disable-bsd-user"
"--disable-system"
"--disable-vnc"
"--disable-curses"
"--disable-sdl"
"--disable-vde"
"--disable-bluez"
"--disable-kvm"
"--static"
"--disable-tools"
"--cpu=${arch_map.${user_arch}}"
];
NIX_LDFLAGS = ["-lglib-2.0"];
enableParallelBuilding = true;
postInstall = ''
cc -static ${
./qemu-wrap.c
} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap
'';
}

21
overlays/vim-cue.nix
View file

@ -1,17 +1,18 @@
# Cue filetype plugin for Vim
#
# Provide an overlay to obtain vim-cue from upstream rather than nixpkgs
final: prev: {
vimPlugins = prev.vimPlugins // {
vim-cue = prev.vimUtils.buildVimPlugin {
name = "vim-cue";
src = prev.fetchFromGitHub {
owner = "jjo";
repo = "vim-cue";
rev = "9e8bef1198817b6bae1143fecd965403d65d2466";
sha256 = "sha256-VEJh3u2s4Ccc/JQa383FDcurCgUiNFlEuqXXhO0nB2c=";
vimPlugins =
prev.vimPlugins
// {
vim-cue = prev.vimUtils.buildVimPlugin {
name = "vim-cue";
src = prev.fetchFromGitHub {
owner = "jjo";
repo = "vim-cue";
rev = "9e8bef1198817b6bae1143fecd965403d65d2466";
sha256 = "sha256-VEJh3u2s4Ccc/JQa383FDcurCgUiNFlEuqXXhO0nB2c=";
};
};
};
};
}

11
profiles/android.nix
View file

@ -1,9 +1,9 @@
# Configuration for my Android development requirements
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
nixpkgs.config = {
android_sdk.accept_license = true; # Accept the Android SDK licence
};
@ -17,6 +17,5 @@
kconfig-frontends # Linux kconfig infrastructure
];
users.groups.adbusers.members = [ "craige" ];
users.groups.adbusers.members = ["craige"];
}

7
profiles/bash.nix
View file

@ -1,9 +1,5 @@
# Configuration common to all my servers
{ config, ... }:
{
{config, ...}: {
# Program defaults for all hosts
programs.bash = {
interactiveShellInit = ''
@ -15,5 +11,4 @@
'';
vteIntegration = true;
};
}

46
profiles/cardano-node.nix
View file

@ -1,36 +1,38 @@
# NixOps configuration for the hosts running a Cardano node
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
sources = import ../nix/sources.nix;
cardanoNodeProject = import (sources.cardano-node + "/nix") {
gitrev = sources.cardano-node.rev;
};
iohkNix = import (sources.iohk-nix) { };
iohkNix = import (sources.iohk-nix) {};
in {
imports = [../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos"];
imports =
[ ../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos" ];
environment.systemPackages = [ cardanoNodeProject.cardano-cli ];
environment.systemPackages = [cardanoNodeProject.cardano-cli];
services = {
cardano-node = {
enable = true;
environment = "mainnet";
hostAddr = "0.0.0.0";
nodeConfig = iohkNix.cardanoLib.environments.mainnet.nodeConfig // {
hasPrometheus = [ "127.0.0.1" 12798 ];
setupScribes = [{
scKind = "JournalSK";
scName = "cardano";
scFormat = "ScText";
}];
defaultScribes = [[ "JournalSK" "cardano" ]];
};
nodeConfig =
iohkNix.cardanoLib.environments.mainnet.nodeConfig
// {
hasPrometheus = ["127.0.0.1" 12798];
setupScribes = [
{
scKind = "JournalSK";
scName = "cardano";
scFormat = "ScText";
}
];
defaultScribes = [["JournalSK" "cardano"]];
};
kesKey = "/run/keys/cardano-kes";
vrfKey = "/run/keys/cardano-vrf";
operationalCertificate = "/run/keys/cardano-opcert";
@ -45,7 +47,5 @@ in {
};
};
users.groups.keys.members =
[ "cardano-node" ]; # Required due to NixOps issue #1204
users.groups.keys.members = ["cardano-node"]; # Required due to NixOps issue #1204
}

9
profiles/chrony.nix
View file

@ -1,11 +1,6 @@
# NixOps configuration for the hosts running a Chrony service
{ config, ... }:
{
{config, ...}: {
services.chrony = {
enable = true; # Enable Chrony
#enable = true; # Enable Chrony
};
}

32
profiles/coturn.nix
View file

@ -1,24 +1,24 @@
# NixOps configuration for the hosts running a TURN server (coturn)
{ config, pkgs, lib, ... }:
{
imports = [ ../secrets/coturn.nix ];
config,
pkgs,
lib,
...
}: {
imports = [../secrets/coturn.nix];
services = {
coturn = {
enable = true; # Enable the coturn server
lt-cred-mech = true; # Enable long-term credentials
use-auth-secret = true; # Enable TURN REST API
realm = "turn.mcwhirter.io"; # Default realm for users
relay-ips = [ # Relay addresses
relay-ips = [
# Relay addresses
"172.105.171.16"
];
no-tcp-relay = true; # Disable TCP relay endpoints
extraConfig =
"\n cipher-list=\"HIGH\"\n no-loopback-peers\n no-multicast-peers\n ";
extraConfig = "\n cipher-list=\"HIGH\"\n no-loopback-peers\n no-multicast-peers\n ";
secure-stun = true; # Require authentication of the STUN Binding request
cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem";
pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem";
@ -52,13 +52,13 @@
5350 # STUN tls alt
443 # HTTPS
];
allowedUDPPortRanges = [{
from = 49152;
to = 49999;
} # TURN relay
];
allowedUDPPortRanges = [
{
from = 49152;
to = 49999;
} # TURN relay
];
};
users.groups.turnserver.members = [ "nginx" ]; # Added for keys permissions
users.groups.turnserver.members = ["nginx"]; # Added for keys permissions
}

25
profiles/craige4rocky.nix
View file

@ -1,18 +1,17 @@
# NixOps configuration for deploying the craige4rocky website
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
craige4rocky = import (pkgs.fetchgit {
name = "craige4rocky-src";
url = "https://source.mcwhirter.io/craige/craige4rocky.git";
branchName = "master";
sha256 = "1cammdgszclrhvp56af3c7vnanyn0gplvkhqi6jkg1ygy01ard4w";
}) { nixpkgs = pkgs; };
}) {nixpkgs = pkgs;};
webdomain = "craige4rocky.org";
in {
environment.sessionVariables = {
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
};
@ -24,16 +23,17 @@ in {
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"${webdomain}" = { # website hostname
"${webdomain}" = {
# website hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
root = "${craige4rocky}"; # Wesbite root
};
"www.${webdomain}" = { # Respect our elders :-)
"www.${webdomain}" = {
# Respect our elders :-)
forceSSL = true;
enableACME = true;
locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
};
};
};
@ -46,6 +46,5 @@ in {
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedTCPPorts = [80 443];
}

9
profiles/cron-craige.nix
View file

@ -1,9 +1,9 @@
# NixOps configuration for Craige's cron jobs
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.cron = {
enable = true; # Enable cron service
systemCronJobs = [
@ -12,5 +12,4 @@
"*/5 * * * * craige /run/current-system/sw/bin/task rc:~/.taskrc_obair sync >> /home/craige/.tasksync_obair.log 2>&1"
];
};
}

26
profiles/cryptpad.nix
View file

@ -1,9 +1,10 @@
# NixOps configuration for the hosts running a Cryptpad server
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
services.cryptpad = {
enable = true; # Enable Cryptpad server
};
@ -14,7 +15,8 @@
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."pad.mcwhirter.io" = { # Cryptpad hostname
virtualHosts."pad.mcwhirter.io" = {
# Cryptpad hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations = {
@ -55,12 +57,11 @@
'';
tryFiles = "$uri =404";
};
"~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" =
{
extraConfig = ''
rewrite ^(.*)$ $1/ redirect;
'';
};
"~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" = {
extraConfig = ''
rewrite ^(.*)$ $1/ redirect;
'';
};
};
#extraConfig = ''
# try_files /www/$uri /www/$uri/index.html /customize/$uri;
@ -70,7 +71,6 @@
security.acme = {
acceptTerms = true;
certs = { "pad.mcwhirter.io".email = "craige@mcwhirter.io"; };
certs = {"pad.mcwhirter.io".email = "craige@mcwhirter.io";};
};
}

25
profiles/cyclone-ibis.nix
View file

@ -1,18 +1,17 @@
# NixOps configuration for deploying the Cyclone Ibis website
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
cyclone-ibis = import (pkgs.fetchgit {
name = "cyclone-ibis-src";
url = "https://source.mcwhirter.io/craige/cyclone-ibis.git";
branchName = "consensus";
sha256 = "sha256-NIEs0EuiHL9Zll0Sa4aR5zyzerw5akXxSC1pkDQPG5s=";
}) { nixpkgs = pkgs; };
}) {nixpkgs = pkgs;};
webdomain = "cycloneibis.com";
in {
environment.sessionVariables = {
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
};
@ -26,16 +25,17 @@ in {
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"${webdomain}" = { # website hostname
"${webdomain}" = {
# website hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
root = "${cyclone-ibis}"; # Wesbite root
};
"www.${webdomain}" = { # Respect our elders :-)
"www.${webdomain}" = {
# Respect our elders :-)
forceSSL = true;
enableACME = true;
locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
};
};
};
@ -48,6 +48,5 @@ in {
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedTCPPorts = [80 443];
}

16
profiles/daedalus.nix
View file

@ -1,19 +1,17 @@
# NixOps configuration for the hosts running Daedalus
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
sources = import ../nix/sources.nix;
daedalusProject = import sources.daedalus { };
daedalusProject = import sources.daedalus {};
daedalusMainnet = daedalusProject.daedalus;
#daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight};
in {
environment.systemPackages = [
daedalusMainnet
#daedalusFlight
];
}

10
profiles/desktop-feeds.nix
View file

@ -1,9 +1,10 @@
# NixOps configuration for the hosts using feed applications
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
# Set the system-wide environment
environment = {
systemPackages = with pkgs; [
@ -13,5 +14,4 @@
gpodder # A podcatcher written in python
];
};
}

7
profiles/desktopCraige.nix
View file

@ -1,8 +1,9 @@
# Craige's desktop requirements
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
# Craige's Desktop Packages
imports = [
../profiles/ebooks.nix

7
profiles/desktopFiona.nix
View file

@ -1,8 +1,9 @@
# Fiona's desktop requirements
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
# Fiona's Desktop Packages
environment.systemPackages = with pkgs; [
slack-dark # Slack desktop client

20
profiles/desktop_common.nix
View file

@ -1,8 +1,9 @@
# Common configuration for MIO desktops
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
../profiles/games-kids.nix
../profiles/host_common.nix
@ -68,7 +69,7 @@
hardware = {
pulseaudio = {
enable = true;
extraModules = [ pkgs.pulseaudio-modules-bt ];
extraModules = [pkgs.pulseaudio-modules-bt];
package = pkgs.pulseaudioFull;
};
bluetooth = {
@ -79,14 +80,14 @@
Enable = "Source,Sink,Media,Socket";
NoPlugin = "sap";
};
Policy = { AutoEnable = "true"; };
Policy = {AutoEnable = "true";};
};
};
opengl.enable = true;
};
# Configure Firefox and Chromium
nixpkgs.config = { allowUnfree = true; };
nixpkgs.config = {allowUnfree = true;};
programs = {
chromium = {
@ -97,9 +98,8 @@
# Groups to add
users.groups = {
audio.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
libvirtd.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
networkmanager.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
audio.members = ["craige" "fiona" "hamish" "logan" "xander"];
libvirtd.members = ["craige" "fiona" "hamish" "logan" "xander"];
networkmanager.members = ["craige" "fiona" "hamish" "logan" "xander"];
};
}

11
profiles/ebooks.nix
View file

@ -1,15 +1,14 @@
# ebook reading requirements
{ config, pkgs, ... }:
{
environment.variables = { FOLIATE_TTS_LANG = "en-gb"; };
config,
pkgs,
...
}: {
environment.variables = {FOLIATE_TTS_LANG = "en-gb";};
environment.systemPackages = with pkgs; [
#python39Packages.gtts # Speech synthesizer, required for text to speech.
foliate # A simple and modern GTK eBook reader
vlc
];
}

42
profiles/emacs.nix
View file

@ -1,33 +1,35 @@
/* This is a nix expression to build Emacs and some Emacs packages I like
from source on any distribution where Nix is installed. This will install
all the dependencies from the nixpkgs repository and build the binary files
without interfering with the host distribution.
/*
This is a nix expression to build Emacs and some Emacs packages I like
from source on any distribution where Nix is installed. This will install
all the dependencies from the nixpkgs repository and build the binary files
without interfering with the host distribution.
To build the project, type the following from the current directory:
To build the project, type the following from the current directory:
$ nix-build emacs.nix
$ nix-build emacs.nix
To run the newly compiled executable:
To run the newly compiled executable:
$ ./result/bin/emacs
*/
{ pkgs ? import <nixpkgs> { } }:
let
$ ./result/bin/emacs
*/
{pkgs ? import <nixpkgs> {}}: let
myEmacs = pkgs.emacs;
emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages;
in emacsWithPackages (epkgs:
(with epkgs.melpaStablePackages; [
magit # ; Integrate git <C-x g>
zerodark-theme # ; Nicolas' theme
]) ++ (with epkgs.melpaPackages;
[
in
emacsWithPackages (epkgs:
(with epkgs.melpaStablePackages; [
magit # ; Integrate git <C-x g>
zerodark-theme # ; Nicolas' theme
])
++ (with epkgs.melpaPackages; [
#undo-tree # ; <C-x u> to show the undo tree
#zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
]) ++ (with epkgs.elpaPackages; [
])
++ (with epkgs.elpaPackages; [
auctex # ; LaTeX mode
beacon # ; highlight my cursor when scrolling
nameless # ; hide current package name everywhere in elisp code
]) ++ [
])
++ [
pkgs.notmuch # From main packages set
])

16
profiles/games-kids.nix
View file

@ -1,16 +1,15 @@
# Configuration for
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
sources = import ../nix/sources.nix;
unstable = import sources.nixpkgsUnstable { };
unstable = import sources.nixpkgsUnstable {};
in {
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [ "minecraft" ];
permittedInsecurePackages = ["minecraft"];
};
# Retro Gaming Packages
@ -36,5 +35,4 @@ in {
superTuxKart # A Free 3D kart racing game
wesnoth # Battle for Wesnoth server and client
];
}

20
profiles/gitea_home.nix
View file

@ -1,9 +1,10 @@
# NixOps configuration for the hosts running Gitea
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
services.gitea = {
enable = true; # Enable Gitea
appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name
@ -39,7 +40,8 @@
authentication = ''
local gitea all ident map=gitea-users
'';
identMap = # Map the gitea user to postgresql
identMap =
# Map the gitea user to postgresql
''
gitea-users gitea gitea
'';
@ -51,7 +53,8 @@
recommendedOptimisation = true;
recommendedProxySettings = true;
#recommendedTlsSettings = true;
virtualHosts."source.taigh.mcwhirter.io" = { # Gitea hostname
virtualHosts."source.taigh.mcwhirter.io" = {
# Gitea hostname
#enableACME = true; # Use ACME certs
#forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
@ -62,13 +65,12 @@
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
trustedInterfaces = [ "lo" ];
allowedTCPPorts = [80];
trustedInterfaces = ["lo"];
};
};
#security.acme.certs = {
# "source.mcwhirter.io".email = "craige@mcwhirter.io";
#};
}

30
profiles/grafana.nix
View file

@ -1,10 +1,11 @@
# NixOps configuration for the hosts running Prometheus on a Cardano node
{ config, pkgs, lib, ... }:
{
imports = [ ../secrets/cardano/grafana.nix ];
config,
pkgs,
lib,
...
}: {
imports = [../secrets/cardano/grafana.nix];
services = {
grafana = {
@ -13,8 +14,7 @@
domain = "monitoring.mcwhirter.io";
rootUrl = "https://monitoring.mcwhirter.io/grafana";
security = {
adminPasswordFile =
"/run/keys/grafana-apass"; # Where to find the password
adminPasswordFile = "/run/keys/grafana-apass"; # Where to find the password
};
auth = {
anonymous = {
@ -30,16 +30,16 @@
# options.path = ../monitoring/NodeSystemDashboard.json;
# }
#];
datasources = [{
type = "prometheus";
name = "prometheus";
url = "http://localhost:9090/prometheus";
}];
datasources = [
{
type = "prometheus";
name = "prometheus";
url = "http://localhost:9090/prometheus";
}
];
};
};
};
users.groups.keys.members =
[ "grafana" ]; # Required due to NixOps issue #1204
users.groups.keys.members = ["grafana"]; # Required due to NixOps issue #1204
}

9
profiles/haskell-dev.nix
View file

@ -1,13 +1,12 @@
# Configuration for Haskell development
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs.haskellPackages; [
cabal-install # Haskell software automation
ghc # Glasgow Haskell Compiler
hlint # Haskell source linter
];
}

29
profiles/host_common.nix
View file

@ -1,9 +1,10 @@
# Configuration common to all my servers
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
imports = [
../profiles/bash.nix
./chrony.nix
@ -40,10 +41,9 @@
# Configure and install required fonts
fonts.enableDefaultFonts = true;
fonts.fontDir.enable = true;
fonts.fonts = with pkgs;
[
powerline-fonts # Required for Powerline prompts
];
fonts.fonts = with pkgs; [
powerline-fonts # Required for Powerline prompts
];
fonts.fontconfig.includeUserConf = false;
# Adapted from gchristensen and clever
@ -71,15 +71,17 @@
show-trace = true # Enable --show-trace by default for nix
builders-use-substitutes = true # Set builders to use caches
'';
trustedUsers = [ "craige" ];
trustedUsers = ["craige"];
};
networking = {enableIPv6 = true;};
system.extraSystemBuilderCmds = ''
ln -sv ${pkgs.path} $out/nixpkgs
'';
environment.etc.host-nix-channel.source = pkgs.path;
environment.variables = { BAT_THEME = "Dracula"; };
environment.variables = {BAT_THEME = "Dracula";};
# Set the system-wide environment
environment = {
@ -87,10 +89,9 @@
bat # cat clone with syntax highlighting & Git integration
dnsutils # Bind DNS utilities
fd # A simple, fast and user-friendly alternative to find
(if config.services.xserver.enable then
gitAndTools.gitFull
else
git) # Distributed version control system
(if config.services.xserver.enable
then gitAndTools.gitFull
else git) # Distributed version control system
htop # interactive process viewer
hwinfo # Hardware detection tool
killall # kill processes by name

25
profiles/hydra-dev.nix
View file

@ -1,6 +1,4 @@
{ pkgs }:
let
{pkgs}: let
hydraSrc = pkgs.fetchFromGitHub {
owner = "nixos";
repo = "hydra";
@ -9,13 +7,14 @@ let
#sha256 = "1vs3lyfyafsl7wbpmycv7c3n9n2rkrswp65msb6q1iskgpvr96d5";
sha256 = "0i7szp04c873gfmj1h0dcl5rsbzzldc160pcls8z9v6iphils34i";
};
in pkgs.callPackage ./hydra-fork.nix {
nixpkgsPath = pkgs.path;
#patches = [
# (pkgs.fetchpatch {
# url = "https://github.com/NixOS/hydra/pull/648/commits/4171ab4c4fd576c516dc03ba64d1c7945f769af0.patch";
# sha256 = "1fxa2459kdws6qc419dv4084c1ssmys7kqg4ic7n643kybamsgrx";
# })
#];
src = hydraSrc;
}
in
pkgs.callPackage ./hydra-fork.nix {
nixpkgsPath = pkgs.path;
#patches = [
# (pkgs.fetchpatch {
# url = "https://github.com/NixOS/hydra/pull/648/commits/4171ab4c4fd576c516dc03ba64d1c7945f769af0.patch";
# sha256 = "1fxa2459kdws6qc419dv4084c1ssmys7kqg4ic7n643kybamsgrx";
# })
#];
src = hydraSrc;
}

12
profiles/hydra-fork.nix
View file

@ -1,6 +1,8 @@
{ fetchFromGitHub, nixpkgsPath, src }:
let
{
fetchFromGitHub,
nixpkgsPath,
src,
}: let
hydraRelease = (import (src + "/release.nix") {
#hydraRelease = (import src {
nixpkgs = nixpkgsPath;
@ -10,5 +12,5 @@ let
revCount = 1234;
};
});
in hydraRelease.build.x86_64-linux.overrideAttrs (drv: { })
in
hydraRelease.build.x86_64-linux.overrideAttrs (drv: {})

59
profiles/hydra.nix
View file

@ -1,8 +1,10 @@
# NixOps configuration for the VMs running Hydra
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
#disabledModules = [ "services/continuous-integration/hydra/default.nix" ];
#imports = [
@ -24,17 +26,20 @@
hydra-users root postgres
hydra-users postgres postgres
'';
ensureDatabases = [ "hydra" ]; # Ensure the database persists
ensureUsers = [{
name = "hydra"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE hydra" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}];
ensureDatabases = ["hydra"]; # Ensure the database persists
ensureUsers = [
{
name = "hydra"; # Ensure the database user persists
ensurePermissions = {
# Ensure the database permissions persist
"DATABASE hydra" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
};
networking.firewall.allowedTCPPorts = [ config.services.hydra.port ];
networking.firewall.allowedTCPPorts = [config.services.hydra.port];
#services.hydra-dev = {
services.hydra = {
@ -59,18 +64,18 @@
};
};
security.acme.certs = { "hydra.mcwhirter.io".email = "craige@mcwhirter.io"; };
security.acme.certs = {"hydra.mcwhirter.io".email = "craige@mcwhirter.io";};
systemd.services.hydra-manual-setup = {
description = "Create Admin User for Hydra";
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ];
after = [ "hydra-init.service" ];
wantedBy = ["multi-user.target"];
requires = ["hydra-init.service"];
after = ["hydra-init.service"];
environment =
builtins.removeAttrs (config.systemd.services.hydra-init.environment)
[ "PATH" ];
["PATH"];
script = ''
if [ ! -e ~hydra/.setup-is-complete ]; then
# create signing keys
@ -87,13 +92,15 @@
fi
'';
};
nix.trustedUsers = [ "hydra" "hydra-evaluator" "hydra-queue-runner" ];
nix.buildMachines = [{
hostName = "localhost";
systems = [ "x86_64-linux" "i686-linux" ];
maxJobs = 4;
# for building VirtualBox VMs as build artifacts, you might need other
# features depending on what you are doing
supportedFeatures = [ "big-parallel" "kvm" "nixos-test" ];
}];
nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"];
nix.buildMachines = [
{
hostName = "localhost";
systems = ["x86_64-linux" "i686-linux"];
maxJobs = 4;
# for building VirtualBox VMs as build artifacts, you might need other
# features depending on what you are doing
supportedFeatures = ["big-parallel" "kvm" "nixos-test"];
}
];
}

19
profiles/iohk.nix
View file

@ -1,14 +1,14 @@
# NixOps configuration for the hosts utilising IOHK resources
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
sources = import ../nix/sources.nix;
nixUnstable = (import sources.nixpkgsUnstable { }).nixVersions.unstable;
nixUnstable = (import sources.nixpkgsUnstable {}).nixVersions.unstable;
in {
imports = [ ../profiles/terminal-recording.nix ../profiles/nix-direnv.nix ];
imports = [../profiles/terminal-recording.nix ../profiles/nix-direnv.nix];
nix = {
package = nixUnstable;
@ -68,6 +68,5 @@ in {
# package = pkgs.postgresql_10; # Set the required version, if needed
};
users.groups.docker.members = [ "craige" ];
users.groups.docker.members = ["craige"];
}

22
profiles/jormungandr-stake.nix
View file

@ -1,17 +1,17 @@
{ lib, config, pkgs, ... }:
{
disabledModules = [ "services/networking/jormungandr.nix" ];
lib,
config,
pkgs,
...
}: {
disabledModules = ["services/networking/jormungandr.nix"];
imports = let
jormungandrNixSrc = builtins.fetchTarball
"https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz";
in [ (import (jormungandrNixSrc + "/nixos")) ];
environment.systemPackages = with pkgs;
[
jq # CLI JSON processor
];
"https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz";
in [(import (jormungandrNixSrc + "/nixos"))];
environment.systemPackages = with pkgs; [
jq # CLI JSON processor
];
}

11
profiles/jormungandr.nix
View file

@ -1,11 +1,14 @@
{ config, pkgs, ... }: {
imports = [ /home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix ];
{
config,
pkgs,
...
}: {
imports = [/home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix];
services = {
jormungandr = {
enable = true;
enableExplorer = false;
genesisBlockHash =
"11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2";
genesisBlockHash = "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2";
trustedPeersAddresses = [
"/ip4/3.123.177.192/tcp/3000"
"/ip4/52.57.157.167/tcp/3000"

16
profiles/keyboard.nix
View file

@ -1,9 +1,9 @@
# NixOps configuration for Moonlander mechanical keyboard
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.udev.extraRules = ''
# STM32 rules for the Moonlander and Planck EZ
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", \
@ -17,10 +17,8 @@
'';
environment = {
systemPackages = with pkgs;
[
wally-cli # Flash firmware to mechanical keyboard
];
systemPackages = with pkgs; [
wally-cli # Flash firmware to mechanical keyboard
];
};
}

16
profiles/kids-dev.nix
View file

@ -1,12 +1,10 @@
# Configuration for Haskell development
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs;
[
kate # Multi-document editor with syntax highlighting
];
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [
kate # Multi-document editor with syntax highlighting
];
}

7
profiles/logrotate.nix
View file

@ -1,11 +1,6 @@
# logrotate configuration for NixOS / NixOps
{ config, ... }:
{
{config, ...}: {
services.logrotate = {
enable = true; # Enable the logrotate service
};
}

62
profiles/matrix.nix
View file

@ -1,10 +1,11 @@
# NixOps configuration for the hosts running a Matrix server (synapse)
{ config, pkgs, lib, ... }:
{
imports = [ ../secrets/matrix.nix ];
config,
pkgs,
lib,
...
}: {
imports = [../secrets/matrix.nix];
i18n = {
extraLocaleSettings = {
@ -14,41 +15,42 @@
};
services = {
matrix-synapse = {
enable = true; # Enable the synapse server
server_name = "mcwhirter.io"; # Server's public domain name
public_baseurl = "https://synapse.mcwhirter.io:443/"; # Matrix target URL
enable_registration = true; # Toggle user registration
listeners = [
{ # federation
{
# federation
bind_address = "";
port = 8448;
resources = [
{
compress = true;
names = [ "client" ];
names = ["client"];
}
{
compress = false;
names = [ "federation" ];
names = ["federation"];
}
];
tls = true;
type = "http";
x_forwarded = false;
}
{ # client
{
# client
bind_address = "::1"; # Listen on localhost only
port = 8008; # Port to listen on
resources = [
{
compress = true;
names = [ "client" ];
names = ["client"];
}
{
compress = false;
names = [ "federation" ];
names = ["federation"];
}
];
tls = true;
@ -59,8 +61,7 @@
max_upload_size = "200M"; # Also set client_max_body_size to at least this
tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem";
tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem";
turn_shared_secret =
"IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
turn_uris = [
"turn:turn.mcwhirter.io:5349?transport=udp"
"turn:turn.mcwhirter.io:5350?transport=udp"
@ -84,11 +85,11 @@
forceSSL = true;
enableACME = true;
locations = {
"/_matrix" = { proxyPass = "https://[::1]:8008"; };
"/_matrix" = {proxyPass = "https://[::1]:8008";};
"/.well-known/matrix/server".extraConfig = let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "synapse.mcwhirter.io:443"; };
server = {"m.server" = "synapse.mcwhirter.io:443";};
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
@ -98,7 +99,7 @@
"m.homeserver" = {
"base_url" = "https://synapse.mcwhirter.io";
};
"m.identity_server" = { "base_url" = "https://vector.im"; };
"m.identity_server" = {"base_url" = "https://vector.im";};
};
# ACAO required to allow element-web on any URL to request this json file
in ''
@ -121,14 +122,18 @@
postgresql = {
enable = true;
ensureDatabases = [ "matrix-synapse" ]; # Ensure the database persists
ensureUsers = [{
name = "matrix-synapse"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}];
package = pkgs.postgresql_10;
ensureDatabases = ["matrix-synapse"]; # Ensure the database persists
ensureUsers = [
{
name = "matrix-synapse"; # Ensure the database user persists
ensurePermissions = {
# Ensure the database permissions persist
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
# Initial database creation
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
@ -149,8 +154,7 @@
};
"synapse.mcwhirter.io" = {
group = "matrix-synapse";
postRun =
"systemctl reload nginx.service; systemctl restart matrix-synapse.service";
postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
email = "acme@mcwhirter.io";
};
};
@ -164,7 +168,5 @@
];
};
users.groups.matrix-synapse.members =
[ "nginx" ]; # Added for keys permissions
users.groups.matrix-synapse.members = ["nginx"]; # Added for keys permissions
}

25
profiles/mcwhirter.io.nix
View file

@ -1,14 +1,13 @@
# NixOps configuration for deploying the mcwhirter.io website
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
sources = import ../nix/sources.nix;
mcwhirter-io = import sources.mcwhirter-io { };
mcwhirter-io = import sources.mcwhirter-io {};
webdomain = "mcwhirter.io";
in {
environment.sessionVariables = {
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
};
@ -20,14 +19,15 @@ in {
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"${webdomain}" = { # website hostname
"${webdomain}" = {
# website hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
root = "${mcwhirter-io}"; # Wesbite root
};
"www.${webdomain}" = { # Respect our elders :-)
locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
"www.${webdomain}" = {
# Respect our elders :-)
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
};
};
};
@ -42,6 +42,5 @@ in {
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedTCPPorts = [80 443];
}

19
profiles/minecraftServer.nix
View file

@ -1,12 +1,12 @@
# Minecraft server configuration for NixOS / NixOps
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [../secrets/minecraftServer.nix];
imports = [ ../secrets/minecraftServer.nix ];
nixpkgs = { config = { allowUnfree = true; }; };
nixpkgs = {config = {allowUnfree = true;};};
services.minecraft-server = {
enable = true; # Enable the Minecraft server.
@ -22,8 +22,7 @@
};
};
environment.systemPackages = with pkgs;
[
mcron # Minecraft console client
];
environment.systemPackages = with pkgs; [
mcron # Minecraft console client
];
}

18
profiles/monitoring.nix
View file

@ -1,10 +1,11 @@
# NixOps configuration for the monitoring host
{ config, pkgs, lib, ... }:
{
imports = [ ./grafana.nix ./prometheus.nix ];
config,
pkgs,
lib,
...
}: {
imports = [./grafana.nix ./prometheus.nix];
services = {
nginx = {
@ -13,7 +14,8 @@
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."monitoring.mcwhirter.io" = { # Monitoring hostname
virtualHosts."monitoring.mcwhirter.io" = {
# Monitoring hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations = {
@ -28,12 +30,10 @@
};
};
};
};
security.acme = {
acceptTerms = true;
certs = { "monitoring.mcwhirter.io".email = "craige@mcwhirter.io"; };
certs = {"monitoring.mcwhirter.io".email = "craige@mcwhirter.io";};
};
}

9
profiles/neomutt.nix
View file

@ -1,9 +1,9 @@
# Configuration for my neomutt email requirements
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
# Install other packages that I require to be used with neomutt.
environment.systemPackages = with pkgs; [
isync # My mail fetcher
@ -23,5 +23,4 @@
"*/5 * * * * craige /run/current-system/sw/bin/mbsync -q IOHK >> /home/craige/.mailsync-IOHK.log 2>&1"
];
};
}

66
profiles/nextcloud.nix
View file

@ -1,28 +1,27 @@
# NixOps configuration for the hosts running Nextcloud
{ config, pkgs, lib, ... }:
{
imports = [ ../secrets/nextcloud.nix ];
config,
pkgs,
lib,
...
}: {
imports = [../secrets/nextcloud.nix];
services.nextcloud = {
enable = true; # Enable Nextcloud
hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance
https = true; # Use HTTPS for links
config = { # Configure Nextcloud
config = {
# Configure Nextcloud
dbtype = "pgsql"; # Set the database type
dbname = "nextcloud"; # Set the database name
dbhost = "/run/postgresql"; # Set the database connection
dbuser = "nextcloud"; # Set the database user
dbpassFile =
"/run/keys/nextcloud-dbpass"; # Where to find the database password
adminpassFile =
"/run/keys/nextcloud-admin"; # Where to find the admin password
dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password
adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password
adminuser = "root"; # Set the admin user name
overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS
defaultPhoneRegion =
"AU"; # Country code for automatic phone-number detection
defaultPhoneRegion = "AU"; # Country code for automatic phone-number detection
};
autoUpdateApps = {
enable = true; # Run regular auto update of all apps installed
@ -33,14 +32,17 @@
services.postgresql = {
enable = true; # Ensure postgresql is enabled
ensureDatabases = [ "nextcloud" ]; # Ensure the database persists
ensureUsers = [{
name = "nextcloud"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE nextcloud" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}];
ensureDatabases = ["nextcloud"]; # Ensure the database persists
ensureUsers = [
{
name = "nextcloud"; # Ensure the database user persists
ensurePermissions = {
# Ensure the database permissions persist
"DATABASE nextcloud" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
};
services.nginx = {
@ -49,30 +51,30 @@
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname
virtualHosts."cloud.mcwhirter.io" = {
# Nextcloud hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
};
virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected
virtualHosts."owncloud.mcwhirter.io" = {
# Hostname to be redirected
globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host
};
};
systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
systemd.services."nextcloud-setup" = {
# Ensure PostgreSQL is running first
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
security.acme = {
acceptTerms = true;
certs = { "cloud.mcwhirter.io" = { email = "craige@mcwhirter.io"; }; };
certs = {"cloud.mcwhirter.io" = {email = "craige@mcwhirter.io";};};
};
users.groups.keys.members =
[ "nextcloud" ]; # Required due to NixOps issue #1204
users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions
networking.firewall.allowedTCPPorts =
[ 80 443 ]; # Open the required firewall ports
users.groups.keys.members = ["nextcloud"]; # Required due to NixOps issue #1204
users.groups.nextcloud.members = ["nextcloud"]; # Added for keys permissions
networking.firewall.allowedTCPPorts = [80 443]; # Open the required firewall ports
}

19
profiles/nix-community.nix
View file

@ -1,16 +1,17 @@
# Use the Nix community aarch64 server as a build server
# https://github.com/nix-community/aarch64-build-box
{
nix = {
distributedBuilds = true;
buildMachines = [{
hostName = "aarch64.nixos.community";
maxJobs = 64;
sshKey = "/root/.ssh/id_nixops_ed25519";
sshUser = "craige";
system = "aarch64-linux";
supportedFeatures = [ "big-parallel" ];
}];
buildMachines = [
{
hostName = "aarch64.nixos.community";
maxJobs = 64;
sshKey = "/root/.ssh/id_nixops_ed25519";
sshUser = "craige";
system = "aarch64-linux";
supportedFeatures = ["big-parallel"];
}
];
};
}

14
profiles/nix-direnv.nix
View file

@ -1,9 +1,10 @@
# NixOps configuration nix-direnv
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
nix = {
extraOptions = ''
keep-outputs = true
@ -17,13 +18,12 @@
direnv # A shell extension that manages your environment
nix-direnv # A fast, persistent use_nix implementation for direnv
];
pathsToLink = [ "/share/nix-direnv" ];
pathsToLink = ["/share/nix-direnv"];
};
nixpkgs.overlays = [
(self: super: {
nix-direnv = super.nix-direnv.override { enableFlakes = true; };
nix-direnv = super.nix-direnv.override {enableFlakes = true;};
})
];
}

19
profiles/nix-mio-ops.nix
View file

@ -1,15 +1,16 @@
# Use the mio-ops build servers
{
nix = {
distributedBuilds = true;
buildMachines = [{
hostName = "cuallaidh.mcwhirter.io";
maxJobs = 64;
sshKey = "/root/.ssh/id_nixops_ed25519";
sshUser = "craige";
system = "x86_64-linux";
supportedFeatures = [ "big-parallel" ];
}];
buildMachines = [
{
hostName = "cuallaidh.mcwhirter.io";
maxJobs = 64;
sshKey = "/root/.ssh/id_nixops_ed25519";
sshUser = "craige";
system = "x86_64-linux";
supportedFeatures = ["big-parallel"];
}
];
};
}

14
profiles/nixpkgs-dev.nix
View file

@ -1,15 +1,16 @@
# NixOps configuration for the hosts I'm doing nixpkgs dev work on
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
#let
# sources = import ../nix/sources.nix;
# unstable = import sources.nixpkgsUnstable {};
#in
{
nixpkgs = { config = { allowUnfree = true; }; };
nixpkgs = {config = {allowUnfree = true;};};
environment = {
systemPackages = with pkgs; [
@ -27,5 +28,4 @@
#unstable.statix # Lints and suggestions for the nix programming language
];
};
}

20
profiles/openssh.nix
View file

@ -1,19 +1,21 @@
# SSH service configuration common to all hosts
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
services.openssh = {
enable = true; # Enable the OpenSSH daemon.
permitRootLogin = "prohibit-password";
challengeResponseAuthentication = false;
passwordAuthentication = false;
openFirewall = true;
hostKeys = [{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}];
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
}

20
profiles/pi_common.nix
View file

@ -1,14 +1,14 @@
# Configuration common to all my servers
{ config, pkgs, lib, ... }:
{
environment = { # Set the system-wide environment
systemPackages = with pkgs;
[
usbutils # Tools for working with USB devices, such as lsusb
];
config,
pkgs,
lib,
...
}: {
environment = {
# Set the system-wide environment
systemPackages = with pkgs; [
usbutils # Tools for working with USB devices, such as lsusb
];
};
}

10
profiles/picom.nix
View file

@ -1,9 +1,5 @@
# Configuration for the Picom Compositor
{ config, ... }:
{
{config, ...}: {
services = {
picom = {
enable = true;
@ -11,8 +7,8 @@
fade = true;
inactiveOpacity = 0.8;
menuOpacity = 0.8;
opacityRules = [ "100:class_g = 'XScreenSaver'" ];
settings = { use-ewmh-active-win = true; };
opacityRules = ["100:class_g = 'XScreenSaver'"];
settings = {use-ewmh-active-win = true;};
vSync = true;
};
};

9
profiles/powerManagement.nix
View file

@ -1,9 +1,10 @@
# Power management configuration for the laptops
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
powerManagement = {
enable = true;
cpuFreqGovernor = lib.mkDefault "performance";

281
profiles/prometheus.nix
View file

@ -1,14 +1,15 @@
# NixOps configuration for the hosts running Prometheus on a Cardano node
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
services = {
prometheus = {
enable = true;
webExternalUrl = "https://monitoring.mcwhirter.io/prometheus/";
extraFlags = [ "--storage.tsdb.retention.time 8760h" ];
extraFlags = ["--storage.tsdb.retention.time 8760h"];
exporters = {
node = {
enable = true;
@ -52,163 +53,151 @@
#} ];
rules = [
(builtins.toJSON {
groups = [{
name = "system";
rules = [
{
alert = "node_down";
expr = "up == 0";
for = "5m";
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Node is down.";
description =
"{{$labels.alias}} has been down for more than 5 minutes.";
};
}
{
alert = "node_systemd_service_failed";
expr = ''node_systemd_unit_state{state="failed"} == 1'';
for = "4m";
labels = { severity = "page"; };
annotations = {
summary =
"{{$labels.alias}}: Service {{$labels.name}} failed to start.";
description =
"{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
};
}
{
alert = "node_filesystem_full_90percent";
expr = ''
sort(node_filesystem_free_bytes{device!="ramfs"} < node_filesystem_size_bytes{device!="ramfs"} * 0.1) / 1024^3'';
for = "5m";
labels = { severity = "page"; };
annotations = {
summary =
"{{$labels.alias}}: Filesystem is running out of space soon.";
description =
"{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem.";
};
}
{
alert = "node_filesystem_full_in_4h";
expr = ''
predict_linear(node_filesystem_free_bytes{device!="ramfs",device!="tmpfs",fstype!="autofs",fstype!="cd9660"}[4h], 4*3600) <= 0'';
for = "5m";
labels = { severity = "page"; };
annotations = {
summary =
"{{$labels.alias}}: Filesystem is running out of space in 4 hours.";
description =
"{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours";
};
}
{
alert = "node_filedescriptors_full_in_3h";
expr =
"predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum";
for = "20m";
labels = { severity = "page"; };
annotations = {
summary =
"{{$labels.alias}} is running out of available file descriptors in 3 hours.";
description =
"{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
};
}
{
alert = "node_load1_90percent";
expr = ''
node_load1 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 0.9'';
for = "1h";
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Running on high load.";
description =
"{{$labels.alias}} is running with > 90% total load for at least 1h.";
};
}
{
alert = "node_cpu_util_90percent";
expr = ''
100 - (avg by (alias) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) >= 90'';
for = "1h";
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: High CPU utilization.";
description =
"{{$labels.alias}} has total CPU utilization over 90% for at least 1h.";
};
}
{
alert = "node_ram_using_99percent";
expr =
"node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01";
for = "30m";
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Using lots of RAM.";
description =
"{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.";
};
}
{
alert = "node_swap_using_80percent";
expr =
"node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8";
for = "10m";
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Running out of swap soon.";
description =
"{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now.";
};
}
{
alert = "node_time_unsync";
expr =
"abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1";
for = "1m";
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Clock out of sync with NTP";
description =
"{{$labels.alias}} Local clock offset is too large or out of sync with NTP";
};
}
];
}];
groups = [
{
name = "system";
rules = [
{
alert = "node_down";
expr = "up == 0";
for = "5m";
labels = {severity = "page";};
annotations = {
summary = "{{$labels.alias}}: Node is down.";
description = "{{$labels.alias}} has been down for more than 5 minutes.";
};
}
{
alert = "node_systemd_service_failed";
expr = ''node_systemd_unit_state{state="failed"} == 1'';
for = "4m";
labels = {severity = "page";};
annotations = {
summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.";
description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
};
}
{
alert = "node_filesystem_full_90percent";
expr = ''
sort(node_filesystem_free_bytes{device!="ramfs"} < node_filesystem_size_bytes{device!="ramfs"} * 0.1) / 1024^3'';
for = "5m";
labels = {severity = "page";};
annotations = {
summary = "{{$labels.alias}}: Filesystem is running out of space soon.";
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem.";
};
}
{
alert = "node_filesystem_full_in_4h";
expr = ''
predict_linear(node_filesystem_free_bytes{device!="ramfs",device!="tmpfs",fstype!="autofs",fstype!="cd9660"}[4h], 4*3600) <= 0'';
for = "5m";
labels = {severity = "page";};
annotations = {
summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.";
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours";
};
}
{
alert = "node_filedescriptors_full_in_3h";
expr = "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum";
for = "20m";
labels = {severity = "page";};
annotations = {
summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.";
description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
};
}
{
alert = "node_load1_90percent";
expr = ''
node_load1 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 0.9'';
for = "1h";
labels = {severity = "page";};
annotations = {
summary = "{{$labels.alias}}: Running on high load.";
description = "{{$labels.alias}} is running with > 90% total load for at least 1h.";
};
}
{
alert = "node_cpu_util_90percent";
expr = ''
100 - (avg by (alias) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) >= 90'';
for = "1h";
labels = {severity = "page";};
annotations = {
summary = "{{$labels.alias}}: High CPU utilization.";
description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h.";
};
}
{
alert = "node_ram_using_99percent";
expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01";
for = "30m";
labels = {severity = "page";};
annotations = {
summary = "{{$labels.alias}}: Using lots of RAM.";
description = "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.";
};
}
{
alert = "node_swap_using_80percent";
expr = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8";
for = "10m";
labels = {severity = "page";};
annotations = {
summary = "{{$labels.alias}}: Running out of swap soon.";
description = "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now.";
};
}
{
alert = "node_time_unsync";
expr = "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1";
for = "1m";
labels = {severity = "page";};
annotations = {
summary = "{{$labels.alias}}: Clock out of sync with NTP";
description = "{{$labels.alias}} Local clock offset is too large or out of sync with NTP";
};
}
];
}
];
})
];
scrapeConfigs = [
{
job_name = "prometheus";
scrape_interval = "5s";
static_configs = [{
targets = [ "localhost:9090" ];
labels = { alias = "prometheus"; };
}];
static_configs = [
{
targets = ["localhost:9090"];
labels = {alias = "prometheus";};
}
];
}
{
job_name = "cardano-node";
scrape_interval = "10s";
static_configs = [{
targets = [ "127.0.0.1:12798" ];
labels = { alias = "airgead"; };
}];
static_configs = [
{
targets = ["127.0.0.1:12798"];
labels = {alias = "airgead";};
}
];
}
{
job_name = "node";
scrape_interval = "10s";
static_configs = [{
targets = [ "airgead.mcwhirter.io:9100" ];
labels = { alias = "airgead.mcwhirter.io"; };
}];
static_configs = [
{
targets = ["airgead.mcwhirter.io:9100"];
labels = {alias = "airgead.mcwhirter.io";};
}
];
}
];
};
};
}

46
profiles/qemu.nix
View file

@ -1,31 +1,27 @@
# Based up original work by cleverca22
# https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.qemu-user;
arm = {
interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm";
magicOrExtension =
"\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00";
mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
};
aarch64 = {
interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64";
magicOrExtension =
"\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00";
mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
};
riscv64 = {
interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64";
magicOrExtension =
"\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00";
mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
};
in {
options = {
@ -37,21 +33,23 @@ in {
nix.supportedPlatforms = mkOption {
type = types.listOf types.str;
description = "extra platforms that nix will run binaries for";
default = [ ];
default = [];
};
};
config = mkIf (cfg.arm || cfg.aarch64) {
nixpkgs = { overlays = [ (import ../overlays/qemu) ]; };
boot.binfmt.registrations = optionalAttrs cfg.arm { inherit arm; }
// optionalAttrs cfg.aarch64 { inherit aarch64; }
// optionalAttrs cfg.riscv64 { inherit riscv64; };
nixpkgs = {overlays = [(import ../overlays/qemu)];};
boot.binfmt.registrations =
optionalAttrs cfg.arm {inherit arm;}
// optionalAttrs cfg.aarch64 {inherit aarch64;}
// optionalAttrs cfg.riscv64 {inherit riscv64;};
nix.supportedPlatforms =
(optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
(optionals cfg.arm ["armv6l-linux" "armv7l-linux"])
++ (optional cfg.aarch64 "aarch64-linux");
nix.extraOptions = ''
extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux
'';
nix.sandboxPaths = [ "/run/binfmt" ]
nix.sandboxPaths =
["/run/binfmt"]
++ (optional cfg.arm "${pkgs.qemu-user-arm}")
++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}");
};

8
profiles/retro-gaming.nix
View file

@ -1,13 +1,13 @@
# Configuration for
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
# Retro Gaming Packages
environment.systemPackages = with pkgs; [
emulationstation
libretro.stella
retroarch
];
}

Some files were not shown because too many files have changed in this diff Show more