sercanto/mio-ops
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Activity

nix: nixfmt

Browse source
This commit is contained in:
Serĉanto de Scio 2021-11-16 14:57:23 +10:00
parent 2f808daa78
commit e6dbc113ad
Signed by: sercanto
GPG key ID: 7DBA9F5689EFB6AA
114 changed files with 1621 additions and 1850 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
default.nix
View file

@ -1,15 +1,13 @@
{ sources ? import ./nix/sources.nix
, system ? builtins.currentSystem
, crossSystem ? null
, config ? {}
, cardanoNodeProject ? import sources.cardano-node {}
}@args: with import ./nix args; {
{ sources ? import ./nix/sources.nix, system ? builtins.currentSystem
, crossSystem ? null, config ? { }
, cardanoNodeProject ? import sources.cardano-node { } }@args:
with import ./nix args; {
shell = mkShell {
inherit (import sources.niv {}) niv;
inherit (import sources.niv { }) niv;
buildInputs = [
cardanoNodeProject.cardano-cli # required for KES key rotation
cardanoNodeProject.cardano-cli # required for KES key rotation
niv
nixopsUnstable # work around for issue #127423
nixopsUnstable # work around for issue #127423
];
NIX_PATH = "nixpkgs=${path}";
NIXOPS_DEPLOYMENT = "${globals.deploymentName}";

29
deployments/mio-ops.nix
View file

@ -6,26 +6,25 @@
enableRollback = true;
};
resources.sshKeyPairs.ssh-key = {};
resources.sshKeyPairs.ssh-key = { };
defaults =
{ config, pkgs, lib, ... }:
defaults = { config, pkgs, lib, ... }:
{
system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
};
airgead = import ../hosts/airgead.nix;
ceilidh = import ../hosts/ceilidh.nix;
cuallaidh = import ../hosts/cuallaidh.nix;
dhu = import ../hosts/dhu.nix;
dionach = import ../hosts/dionach.nix;
iolear-beag = import ../hosts/iolear-beag.nix;
airgead = import ../hosts/airgead.nix;
ceilidh = import ../hosts/ceilidh.nix;
cuallaidh = import ../hosts/cuallaidh.nix;
dhu = import ../hosts/dhu.nix;
dionach = import ../hosts/dionach.nix;
iolear-beag = import ../hosts/iolear-beag.nix;
paidh-ceithir = import ../hosts/paidh-ceithir.nix;
paidh-coig = import ../hosts/paidh-coig.nix;
paidh-dha = import ../hosts/paidh-dha.nix;
paidh-tri = import ../hosts/paidh-tri.nix;
paidh-coig = import ../hosts/paidh-coig.nix;
paidh-dha = import ../hosts/paidh-dha.nix;
paidh-tri = import ../hosts/paidh-tri.nix;
paidh-uachdar = import ../hosts/paidh-uachdar.nix;
sithlainnir = import ../hosts/sithlainnir.nix;
teintidh = import ../hosts/teintidh.nix;
sithlainnir = import ../hosts/sithlainnir.nix;
teintidh = import ../hosts/teintidh.nix;
}

3
globals-defaults.nix
View file

@ -1,2 +1 @@
{
}
{ }

18
hardware/eeepc701.nix
View file

@ -15,9 +15,9 @@
availableKernelModules = [
"ata_piix"
"ehci_pci"
"sd_mod" # SCSI disk support
"sd_mod" # SCSI disk support
"uhci_hcd"
"usb_storage" # USB Mass Storage support
"usb_storage" # USB Mass Storage support
];
};
loader = {
@ -50,15 +50,13 @@
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-label/swap"; }
];
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
networking.wireless.enable = true; # Enable wireless via wpa_supplicant.
networking.wireless.enable = true; # Enable wireless via wpa_supplicant.
nix.maxJobs = lib.mkDefault 1;
}

19
hardware/lenovo_x201.nix
View file

@ -3,23 +3,20 @@
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-label/swap"; }
];
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
hardware.opengl.extraPackages = with pkgs; [ vaapiIntel ];
nix.maxJobs = lib.mkDefault 4;

16
hardware/linode_vm-encrypted.nix
View file

@ -27,7 +27,7 @@
loader = {
grub = {
forceInstall = true;
version =1;
version = 1;
extraPerEntryConfig = "root (hd0)";
extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
@ -41,16 +41,12 @@
};
# File systems configuration for the Linode VMs
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
swapDevices = [
{
device = "/dev/disk/by-label/swap";
}
];
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
nix.maxJobs = lib.mkDefault 8;
}

14
hardware/linode_vm.nix
View file

@ -26,16 +26,12 @@
};
# File systems configuration for the Linode VMs
fileSystems."/" =
{ device = "/dev/sda";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/sda";
fsType = "ext4";
};
swapDevices = [
{
device = "/dev/sdb";
}
];
swapDevices = [{ device = "/dev/sdb"; }];
nix.maxJobs = lib.mkDefault 4;
}

6
hardware/odroid-hc4/default.nix
View file

@ -4,10 +4,9 @@ with lib;
let
sources = import ../../nix/sources.nix;
unstable = import sources.nixpkgsUnstable {};
in
unstable = import sources.nixpkgsUnstable { };
{
in {
imports = [
"${modulesPath}/profiles/base.nix"
./uboot/hardkernel-uboot.nix
@ -36,7 +35,6 @@ in
(import ./overlays/uboot/overlay.nix)
];
# DNS
services.resolved.enable = true;
services.resolved.dnssec = "false";

6
hardware/odroid-hc4/modules/sd-image/default.nix
View file

@ -1,5 +1,4 @@
{ pkgs, lib, config, modulesPath, ... }:
{
{ pkgs, lib, config, modulesPath, ... }: {
imports = [
"${modulesPath}/installer/sd-card/sd-image.nix"
# should we include this module or should we treat the SD
@ -18,7 +17,8 @@
# Remove zfs from supported filesystems as it fails when cross-compiling due
# to not being able to build kernel module
boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
boot.supportedFilesystems =
lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
sdImage = {
compressImage = false;

12
hardware/odroid-hc4/overlays/kernel/kernel.nix
View file

@ -1,13 +1,5 @@
{ stdenv
, buildPackages
, fetchFromGitHub
, perl
, buildLinux
, libelf
, utillinux
, lib
, ...
}@args:
{ stdenv, buildPackages, fetchFromGitHub, perl, buildLinux, libelf, utillinux
, lib, ... }@args:
buildLinux (args // rec {
version = "4.9.241-107";

5
hardware/odroid-hc4/overlays/kernel/overlay.nix
View file

@ -7,7 +7,10 @@ final: prev: {
# 3. The IRBLASTER module not registering syscalls correctly
# The following patch makes the above warnings non-errors, decreases NR_CPUS to 4 and disables the IRBLASTER module.
({ name = "hardkernel-patches"; patch = ./kernel.diff; })
({
name = "hardkernel-patches";
patch = ./kernel.diff;
})
];
};
}

21
hardware/odroid-hc4/overlays/uboot/hardkernel.nix
View file

@ -3,25 +3,14 @@
gcc49Stdenv.mkDerivation {
name = "hardkernel-uboot";
src = builtins.fetchTarball {
url = "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz";
url =
"https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz";
sha256 = "0hj49jf9w2w55r7fjpx8asb92r85lws8mvq4mvl1v309z7k56zwv";
};
patches = [ ./pwd.diff ./fip_create.diff ];
nativeBuildInputs = [
git
gcc49Stdenv.cc
bc
bison
flex
nettools
];
depsBuildBuild = [
arm-gcc49
buildPackages.gcc49Stdenv.cc
];
makeFlags = [
"CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}"
];
nativeBuildInputs = [ git gcc49Stdenv.cc bc bison flex nettools ];
depsBuildBuild = [ arm-gcc49 buildPackages.gcc49Stdenv.cc ];
makeFlags = [ "CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}" ];
configurePhase = ''
make odroidc4_defconfig
'';

3
hardware/odroid-hc4/overlays/uboot/meson64-tools.nix
View file

@ -3,7 +3,8 @@ stdenv.mkDerivation {
name = "meson64-tools";
nativeBuildInputs = [ python2 python3 ];
src = builtins.fetchTarball {
url = "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz";
url =
"https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz";
sha256 = "1487cr7sv34yry8f0chaj6s2g3736dzq0aqw239ahdy30yg7hb2v";
};

16
hardware/odroid-hc4/overlays/uboot/overlay.nix
View file

@ -1,25 +1,19 @@
final: prev:
let
platform = final.lib.systems.examples.aarch64-multiplatform // {
gcc = {
arch = "armv8-a+crypto";
};
gcc = { arch = "armv8-a+crypto"; };
};
arm64 = final.pkgsCross.aarch64-embedded;
arm = final.pkgsCross.arm-embedded;
uboot-hardkernel = arm64.callPackage ./hardkernel.nix {
arm-gcc49 = arm.buildPackages.gcc49;
};
with-crypto = import final.path {
crossSystem = platform;
};
uboot-hardkernel =
arm64.callPackage ./hardkernel.nix { arm-gcc49 = arm.buildPackages.gcc49; };
with-crypto = import final.path { crossSystem = platform; };
meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix { };
blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix { };
uboot = arm64.callPackage ./u-boot.nix {
inherit uboot-hardkernel meson64-tools blx_fix;
};
in
{
in {
uboot-hardkernel = uboot;
ubootTools-hardkernel = final.buildPackages.ubootTools;
buildPackages = prev.buildPackages // {

33
hardware/odroid-hc4/overlays/uboot/u-boot.nix
View file

@ -1,21 +1,11 @@
{ stdenv
, git
, bc
, bison
, flex
, nettools
, openssl
, buildPackages
, uboot-hardkernel
, meson64-tools
, blx_fix
}:
{ stdenv, git, bc, bison, flex, nettools, openssl, buildPackages
, uboot-hardkernel, meson64-tools, blx_fix }:
let
in
stdenv.mkDerivation {
in stdenv.mkDerivation {
name = "uboot";
src = builtins.fetchTarball {
url = "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz";
url =
"https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz";
sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6";
};
CROSS_COMPILE = stdenv.cc.targetPrefix;
@ -83,16 +73,7 @@ stdenv.mkDerivation {
--ddrfw9 fip/lpddr3_1d.fw \
--level v3
'';
nativeBuildInputs = [
git
bc
bison
flex
nettools
];
nativeBuildInputs = [ git bc bison flex nettools ];
depsBuildBuild = [
buildPackages.stdenv.cc
buildPackages.openssl.dev
];
depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.openssl.dev ];
}

24
hardware/odroid-hc4/uboot/hardkernel-uboot.nix
View file

@ -11,9 +11,9 @@ let
# The builder used to write during system activation
builder = import ./boot-ini-builder.nix { inherit pkgs; };
# The builder exposed in populateCmd, which runs on the build architecture
populateBuilder = import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; };
in
{
populateBuilder =
import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; };
in {
options = {
boot.loader.hardkernel-uboot = {
enable = mkOption {
@ -42,13 +42,13 @@ in
};
};
config =
let
builderArgs = "-t ${timeoutStr}" + lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}";
in
mkIf cfg.enable {
system.build.installBootLoader = "${builder} ${builderArgs} -c";
system.boot.loader.id = "hardkernel-uboot";
boot.loader.hardkernel-uboot.populateCmd = "${populateBuilder} ${builderArgs}";
};
config = let
builderArgs = "-t ${timeoutStr}"
+ lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}";
in mkIf cfg.enable {
system.build.installBootLoader = "${builder} ${builderArgs} -c";
system.boot.loader.id = "hardkernel-uboot";
boot.loader.hardkernel-uboot.populateCmd =
"${populateBuilder} ${builderArgs}";
};
}

43
hardware/purism_librem_15.nix
View file

@ -3,42 +3,39 @@
{ config, lib, pkgs, ... }:
{
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci" # xHCI host controller driver PCI Bus Glue
"ahci" # AHCI SATA support
"xhci_pci" # xHCI host controller driver PCI Bus Glue
"ahci" # AHCI SATA support
"nvme"
"usbhid" # USB HID transport layer
"usb_storage" # USB Mass Storage support
"sd_mod" # SCSI disk support
"aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128
"cryptd" # Software async crypto daemon
"usbhid" # USB HID transport layer
"usb_storage" # USB Mass Storage support
"sd_mod" # SCSI disk support
"aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128
"cryptd" # Software async crypto daemon
];
kernelModules = [ "dm-snapshot" ];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
luks.devices."cryptroot".device =
"/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
};
kernelModules = [ "kvm-intel" ]; # Enable kvm for libvirtd
kernelModules = [ "kvm-intel" ]; # Enable kvm for libvirtd
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; }
];
[{ device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; }];
nix.maxJobs = lib.mkDefault 4;
}

32
hardware/raspberry_pi_2_model_B.nix
View file

@ -8,25 +8,25 @@
consoleLogLevel = lib.mkDefault 7;
initrd = {
availableKernelModules = [
"bcm2835_dma" # Allows early (earlier) mode setting
"i2c_bcm2835" # Allows early (earlier) mode setting
"bcm2835_dma" # Allows early (earlier) mode setting
"i2c_bcm2835" # Allows early (earlier) mode setting
"usbhid"
"usb_storage"
"vc4" # Allows early (earlier) mode setting
"vc4" # Allows early (earlier) mode setting
];
};
kernelPackages = pkgs.linuxPackages_latest; # For a Raspberry Pi 2 or 3)
kernelPackages = pkgs.linuxPackages_latest; # For a Raspberry Pi 2 or 3)
kernelParams = [
"console=ttyS0,115200n8" # Enable the serial console
"console=ttyS0,115200n8" # Enable the serial console
"console=ttyAMA0,115200n8"
"console=tty0"
];
loader = {
generic-extlinux-compatible = {
enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
};
grub = {
enable = false; # NixOS wants to enable GRUB by default.
enable = false; # NixOS wants to enable GRUB by default.
};
raspberryPi = {
enable = true;
@ -59,20 +59,24 @@
};
# !!! Adding a swap file is optional, but strongly recommended!
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
swapDevices = [{
device = "/swapfile";
size = 1024;
}];
hardware = {
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
};
networking = {
enableB43Firmware = false; # If true, enable Pi wireless firmware
enableB43Firmware = false; # If true, enable Pi wireless firmware
};
sound.enable = false; # Disable sound.
sound.enable = false; # Disable sound.
environment.systemPackages = with pkgs; [
libraspberrypi # Userland tools for the Raspberry Pi board
];
environment.systemPackages = with pkgs;
[
libraspberrypi # Userland tools for the Raspberry Pi board
];
}

32
hardware/raspberry_pi_3_model_B.nix
View file

@ -7,27 +7,27 @@
boot = {
initrd = {
availableKernelModules = [
"bcm2835_dma" # Allows early (earlier) mode setting
"i2c_bcm2835" # Allows early (earlier) mode setting
"bcm2835_dma" # Allows early (earlier) mode setting
"i2c_bcm2835" # Allows early (earlier) mode setting
"usbhid"
"usb_storage"
"vc4" # Allows early (earlier) mode setting
"vc4" # Allows early (earlier) mode setting
];
};
# !!! Do select not latest (5.8 at the time) as it is currently broken
# !!! (see https://github.com/NixOS/nixpkgs/issues/97064)
kernelPackages = pkgs.linuxPackages_5_4; # For a Raspberry Pi 2 or 3)
kernelPackages = pkgs.linuxPackages_5_4; # For a Raspberry Pi 2 or 3)
kernelParams = [
"cma=32M" # Needed for the virtual console to work on the RPi 3
"console=ttyS0,115200n8" # Enable the serial console
"cma=32M" # Needed for the virtual console to work on the RPi 3
"console=ttyS0,115200n8" # Enable the serial console
"console=tty0"
];
loader = {
generic-extlinux-compatible = {
enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
};
grub = {
enable = false; # NixOS wants to enable GRUB by default.
enable = false; # NixOS wants to enable GRUB by default.
};
raspberryPi = {
enable = true;
@ -62,18 +62,22 @@
};
# !!! Adding a swap file is optional, but strongly recommended!
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
swapDevices = [{
device = "/swapfile";
size = 1024;
}];
hardware = {
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
};
networking = {
enableB43Firmware = false; # If true, enable Pi wireless firmware
enableB43Firmware = false; # If true, enable Pi wireless firmware
};
environment.systemPackages = with pkgs; [
libraspberrypi # Userland tools for the Raspberry Pi board
];
environment.systemPackages = with pkgs;
[
libraspberrypi # Userland tools for the Raspberry Pi board
];
}

15
hosts/airgead.nix
View file

@ -4,16 +4,15 @@
{
imports =
[
../networks/linode.nix
../profiles/cardano-node.nix
../secrets/airgead.nix
];
imports = [
../networks/linode.nix
../profiles/cardano-node.nix
../secrets/airgead.nix
];
deployment.targetHost = "172.105.187.96";
networking.hostName = "airgead"; # Define your hostname.
networking.hostName = "airgead"; # Define your hostname.
system.stateVersion = "20.03"; # The version of NixOS originally installed
system.stateVersion = "20.03"; # The version of NixOS originally installed
}

15
hosts/ceilidh.nix
View file

@ -3,13 +3,11 @@
{ config, pkgs, lib, ... }:
{
imports = [
../hardware/odroid-hc4
];
imports = [ ../hardware/odroid-hc4 ];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.121";
networking.hostName = "ceilidh"; # Define your hostname.
networking.hostName = "ceilidh"; # Define your hostname.
# Ensure the right package architecture is used
nixpkgs = {
@ -23,9 +21,10 @@
};
};
environment.systemPackages = with pkgs; [
gnupg # GPL OpenPGP implementation
];
environment.systemPackages = with pkgs;
[
gnupg # GPL OpenPGP implementation
];
system.stateVersion = "21.05"; # The version of NixOS originally installed
system.stateVersion = "21.05"; # The version of NixOS originally installed
}

41
hosts/cuallaidh.nix
View file

@ -4,29 +4,28 @@
{
imports =
[
../networks/linode.nix
../profiles/coturn.nix
../profiles/cryptpad.nix
../profiles/gitea.nix
#../profiles/hydra.nix
../profiles/iohk.nix
../profiles/matrix.nix
../profiles/mcwhirter.io.nix
../profiles/minecraftServer.nix
../profiles/nextcloud.nix
../profiles/nixpkgs-dev.nix
../profiles/taskserver.nix
#../profiles/tmate-ssh-server.nix
../profiles/tt-rss.nix
../secrets/gitea.nix
../secrets/tt-rss.nix
];
imports = [
../networks/linode.nix
../profiles/coturn.nix
../profiles/cryptpad.nix
../profiles/gitea.nix
#../profiles/hydra.nix
../profiles/iohk.nix
../profiles/matrix.nix
../profiles/mcwhirter.io.nix
../profiles/minecraftServer.nix
../profiles/nextcloud.nix
../profiles/nixpkgs-dev.nix
../profiles/taskserver.nix
#../profiles/tmate-ssh-server.nix
../profiles/tt-rss.nix
../secrets/gitea.nix
../secrets/tt-rss.nix
];
deployment.targetHost = "172.105.171.16";
networking.hostName = "cuallaidh"; # Define your hostname.
networking.hostName = "cuallaidh"; # Define your hostname.
system.stateVersion = "19.03"; # The version of NixOS originally installed
system.stateVersion = "19.03"; # The version of NixOS originally installed
}

6
hosts/dhu.nix
View file

@ -4,14 +4,14 @@
{
imports = [
../hardware/eeepc701.nix # Include common configuration options
../hardware/eeepc701.nix # Include common configuration options
../secrets/wireless.nix
../profiles/sway.nix
];
deployment.targetHost = "10.42.0.119";
networking.hostName = "dhu"; # Define your hostname.
networking.hostName = "dhu"; # Define your hostname.
system.stateVersion = "20.09"; # The version of NixOS originally installed
system.stateVersion = "20.09"; # The version of NixOS originally installed
}

143
hosts/dionach.nix
View file

@ -5,40 +5,37 @@
{
imports = [
../hardware/purism_librem_15.nix # Include results of the hardware scan.
../profiles/android.nix # Provide an Android dev environment
../profiles/cron-craige.nix # Provide Craige's cron jobs
../profiles/daedalus.nix # The open source cryptocurrency wallet for ADA
../profiles/desktop-feeds.nix # Tools for news feeds and podcasts
../profiles/desktopCraige.nix # Craige's desktop tools and apps
../profiles/haskell-dev.nix # Haskel dev environment
../profiles/host_common.nix # Common host configuration options
../profiles/iohk.nix # IOHK environment
../hardware/purism_librem_15.nix # Include results of the hardware scan.
../profiles/android.nix # Provide an Android dev environment
../profiles/cron-craige.nix # Provide Craige's cron jobs
../profiles/daedalus.nix # The open source cryptocurrency wallet for ADA
../profiles/desktop-feeds.nix # Tools for news feeds and podcasts
../profiles/desktopCraige.nix # Craige's desktop tools and apps
../profiles/haskell-dev.nix # Haskel dev environment
../profiles/host_common.nix # Common host configuration options
../profiles/iohk.nix # IOHK environment
../profiles/keyboard.nix
../profiles/neomutt.nix # Neomutt email
../profiles/nix-community.nix # Nix community aarch64 tooling
../profiles/nix-mio-ops.nix # mio-ops Nix tooling
../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
../profiles/openssh.nix # Enable and configure openssh
../profiles/powerManagement.nix # Power management for laptops
../profiles/qemu.nix # Qemu virtualisation
../profiles/typingTutor.nix # Typing tutorials
../profiles/weechat.nix # Weechat environment
../profiles/xmonad.nix # Xmonad desktop environment
../profiles/yubikey.nix # Yubikey tooling
../secrets/craige.nix # Ssshhhhh!
../secrets/root.nix # Ssshhhhh!
../secrets/wireless.nix # Hey look! A squirrel!
../profiles/neomutt.nix # Neomutt email
../profiles/nix-community.nix # Nix community aarch64 tooling
../profiles/nix-mio-ops.nix # mio-ops Nix tooling
../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
../profiles/openssh.nix # Enable and configure openssh
../profiles/powerManagement.nix # Power management for laptops
../profiles/qemu.nix # Qemu virtualisation
../profiles/typingTutor.nix # Typing tutorials
../profiles/weechat.nix # Weechat environment
../profiles/xmonad.nix # Xmonad desktop environment
../profiles/yubikey.nix # Yubikey tooling
../secrets/craige.nix # Ssshhhhh!
../secrets/root.nix # Ssshhhhh!
../secrets/wireless.nix # Hey look! A squirrel!
];
deployment.targetHost = "localhost";
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssl-1.0.2u"
"minecraft"
];
permittedInsecurePackages = [ "openssl-1.0.2u" "minecraft" ];
};
# Use the GRUB 2 boot loader.
@ -49,15 +46,15 @@
boot.extraModprobeConfig = "options kvm_intel nested=1";
networking = {
hostName = "dionach"; # Define your hostname.
hostName = "dionach"; # Define your hostname.
};
fonts.fonts = with pkgs; [
dejavu_fonts # A typeface family based on the Bitstream Vera fonts
fira-code # Monospace font with programming ligatures
dejavu_fonts # A typeface family based on the Bitstream Vera fonts
fira-code # Monospace font with programming ligatures
#monoid # Customisable coding font with alternates, ligatures and contextual positioning
nerdfonts # Iconic font aggregator, collection, & patcher
xkcd-font # Font based handwriting in xkcd comics
nerdfonts # Iconic font aggregator, collection, & patcher
xkcd-font # Font based handwriting in xkcd comics
];
# List packages installed in system profile. To search, run:
@ -65,17 +62,17 @@
bash
binutils
bluez-tools
brave # Privacy-oriented browser
bridge-utils # for brctl
brave # Privacy-oriented browser
bridge-utils # for brctl
chromium
clang
ddrescue
docutils # Python Documentation Utilities
electrum # Bitcoin wallet
element-desktop # A feature-rich client for Matrix.org
docutils # Python Documentation Utilities
electrum # Bitcoin wallet
element-desktop # A feature-rich client for Matrix.org
evince
exiftool # A tool to read, write and edit EXIF meta information
ffmpeg-full # record, convert and stream audio and video
exiftool # A tool to read, write and edit EXIF meta information
ffmpeg-full # record, convert and stream audio and video
file
firefox
gcc
@ -83,69 +80,69 @@
gnome2.gvfs
gnumake
gnused
google-authenticator # 2FA
google-chrome # A freeware web browser developed by Google
googleearth # A world sphere viewer
graphviz # Graph visualization tools
google-authenticator # 2FA
google-chrome # A freeware web browser developed by Google
googleearth # A world sphere viewer
graphviz # Graph visualization tools
gvfs
imagemagick
inetutils # Common network utilies
inetutils # Common network utilies
inotify-tools
iptables # iptables
iptables # iptables
libmtp
libgphoto2
libreoffice-fresh # Libreoffice - fresh version
libreoffice-fresh # Libreoffice - fresh version
lxmenu-data
minecraft
mkpasswd
mp3info # MP3 tag editor / query tool
mp3info # MP3 tag editor / query tool
mpd
mplayer
mtpfs
multimc
ncmpcpp
nextcloud-client
nvme-cli # NVM-Express user space tooling for Linux
obs-studio # Free and open source software for video recording and live streaming
nvme-cli # NVM-Express user space tooling for Linux
obs-studio # Free and open source software for video recording and live streaming
openjdk8
openssl # A cryptographic library that implements the SSL and TLS protocols
openssl # A cryptographic library that implements the SSL and TLS protocols
p7zip
pandoc
pavucontrol
pcmanfm
pstree # Show the set of running processes as a tree
pstree # Show the set of running processes as a tree
pwgen
python38Packages.pygments
pythonFull
python38Packages.restview # ReStructuredText viewer
python38Packages.sphinx # A tool that makes it easy to create intelligent and beautifulul documentation for Python projects
radiotray-ng # Internet radio player
rdiff-backup # External backups
python38Packages.restview # ReStructuredText viewer
python38Packages.sphinx # A tool that makes it easy to create intelligent and beautifulul documentation for Python projects
radiotray-ng # Internet radio player
rdiff-backup # External backups
shared_mime_info
shotwell
signal-desktop
smartmontools # Tools for monitoring the health of hard drives
smartmontools # Tools for monitoring the health of hard drives
sshfs
taskwarrior # Highly flexible command-line tool to manage TODO lists
tcpdump # tcpdump
taskwarrior # Highly flexible command-line tool to manage TODO lists
tcpdump # tcpdump
tectonic
tdesktop # Telegram Desktop messaging app
tdesktop # Telegram Desktop messaging app
termonad-with-packages
texlive.combined.scheme-full
tmate # Instant Terminal Sharing
tmate # Instant Terminal Sharing
tpm-tools
#tor-browser-bundle-bin
tree # Command to produce a depth indented directory listing
tree # Command to produce a depth indented directory listing
udevil
unrar
unzip
vcsh
vgo2nix # Required for packaging Golang applications
vgo2nix # Required for packaging Golang applications
wget
wesnoth # Turn-based strategy game
wesnoth # Turn-based strategy game
xorg.xev
youtube-dl
zip # zip all the zip's
zip # zip all the zip's
zlib
zlib.dev
];
@ -162,17 +159,17 @@
networking.firewall = {
enable = true;
checkReversePath = false; # Needed for libvirtd
checkReversePath = false; # Needed for libvirtd
allowedTCPPorts = [ 15000 ];
};
# Virtualisation configuration:
virtualisation = {
libvirtd = {
enable = true; # Enable libvirtd
enable = true; # Enable libvirtd
#qemuPackage = pkgs.qemu_kvm; # Enable guest only for the same arch
qemuPackage = pkgs.qemu; # Enable full emulation
onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown
qemuPackage = pkgs.qemu; # Enable full emulation
onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown
extraConfig = ''
disk_bus = "virtio"
'';
@ -200,9 +197,7 @@
Enable = "Source,Sink,Media,Socket";
NoPlugin = "sap";
};
Policy = {
AutoEnable = "true";
};
Policy = { AutoEnable = "true"; };
};
};
opengl.enable = true;
@ -216,11 +211,7 @@
TCPKeepAlive no
'';
users.groups = {
lp.members = [
"messagebus"
];
};
users.groups = { lp.members = [ "messagebus" ]; };
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database

15
hosts/iolear-beag.nix
View file

@ -3,12 +3,11 @@
{ config, pkgs, ... }:
{
imports =
[
../hardware/lenovo_x201.nix
../profiles/desktop_common.nix
../profiles/wine.nix
];
imports = [
../hardware/lenovo_x201.nix
../profiles/desktop_common.nix
../profiles/wine.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
@ -16,8 +15,8 @@
boot.loader.grub.device = "/dev/sda";
deployment.targetHost = "10.42.0.116";
networking.hostName = "iolear-beag"; # Define your hostname.
networking.hostName = "iolear-beag"; # Define your hostname.
system.stateVersion = "18.09"; # The version of NixOS originally installed
system.stateVersion = "18.09"; # The version of NixOS originally installed
}

8
hosts/paidh-aon.nix
View file

@ -3,13 +3,11 @@
{ config, pkgs, lib, ... }:
{
imports = [
../networks/pi2B_rack.nix
];
imports = [ ../networks/pi2B_rack.nix ];
# Comment out deployment when building the SD Image.
#deployment.targetHost = "10.69.0.201";
networking.hostName = "paidh-aon"; # Define your hostname.
networking.hostName = "paidh-aon"; # Define your hostname.
system.stateVersion = "20.03"; # The version of NixOS originally installed
system.stateVersion = "20.03"; # The version of NixOS originally installed
}

11
hosts/paidh-ceithir.nix
View file

@ -3,16 +3,13 @@
{ config, pkgs, lib, ... }:
{
imports = [
../networks/pi3B_rack.nix
];
imports = [ ../networks/pi3B_rack.nix ];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.204";
networking.hostName = "paidh-ceithir"; # Define your hostname.
networking.hostName = "paidh-ceithir"; # Define your hostname.
environment.systemPackages = with pkgs; [
];
environment.systemPackages = with pkgs; [ ];
system.stateVersion = "20.09"; # The version of NixOS originally installed
system.stateVersion = "20.09"; # The version of NixOS originally installed
}

11
hosts/paidh-coig.nix
View file

@ -3,16 +3,13 @@
{ config, pkgs, lib, ... }:
{
imports = [
../networks/pi3B_rack.nix
];
imports = [ ../networks/pi3B_rack.nix ];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.205";
networking.hostName = "paidh-coig"; # Define your hostname.
networking.hostName = "paidh-coig"; # Define your hostname.
environment.systemPackages = with pkgs; [
];
environment.systemPackages = with pkgs; [ ];
system.stateVersion = "20.09"; # The version of NixOS originally installed
system.stateVersion = "20.09"; # The version of NixOS originally installed
}

4
hosts/paidh-dha.nix
View file

@ -11,7 +11,7 @@
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.202";
networking.hostName = "paidh-dha"; # Define your hostname.
networking.hostName = "paidh-dha"; # Define your hostname.
system.stateVersion = "20:09"; # The version of NixOS originally installed
system.stateVersion = "20:09"; # The version of NixOS originally installed
}

16
hosts/paidh-tri.nix
View file

@ -3,18 +3,16 @@
{ config, pkgs, lib, ... }:
{
imports = [
../networks/pi3B_rack.nix
../profiles/cyclone-ibis.nix
];
imports = [ ../networks/pi3B_rack.nix ../profiles/cyclone-ibis.nix ];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.203";
networking.hostName = "paidh-tri"; # Define your hostname.
networking.hostName = "paidh-tri"; # Define your hostname.
environment.systemPackages = with pkgs; [
gnupg # GPL OpenPGP implementation
];
environment.systemPackages = with pkgs;
[
gnupg # GPL OpenPGP implementation
];
system.stateVersion = "20.09"; # The version of NixOS originally installed
system.stateVersion = "20.09"; # The version of NixOS originally installed
}

19
hosts/paidh-uachdar.nix
View file

@ -9,14 +9,14 @@
../profiles/openssh.nix
../profiles/pi_common.nix
#../profiles/xmonad.nix
../secrets/craige.nix # Ssshhhhh!
../secrets/root.nix # Ssshhhhh!
../secrets/wireless.nix # Hey look! A squirrel!
../secrets/craige.nix # Ssshhhhh!
../secrets/root.nix # Ssshhhhh!
../secrets/wireless.nix # Hey look! A squirrel!
];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.125";
networking.hostName = "paidh-uachdar"; # Define your hostname.
networking.hostName = "paidh-uachdar"; # Define your hostname.
# Ensure the right package architecture is used
nixpkgs = {
@ -31,12 +31,13 @@
};
documentation = {
nixos.enable = false; # Save some space by disabling the manual
nixos.enable = false; # Save some space by disabling the manual
};
environment.systemPackages = with pkgs; [
gnupg # GPL OpenPGP implementation
];
environment.systemPackages = with pkgs;
[
gnupg # GPL OpenPGP implementation
];
system.stateVersion = "20.09"; # The version of NixOS originally installed
system.stateVersion = "20.09"; # The version of NixOS originally installed
}

15
hosts/sithlainnir.nix
View file

@ -3,12 +3,11 @@
{ config, pkgs, ... }:
{
imports =
[
../hardware/lenovo_x201.nix
../profiles/desktopFiona.nix
../profiles/desktop_common.nix
];
imports = [
../hardware/lenovo_x201.nix
../profiles/desktopFiona.nix
../profiles/desktop_common.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
@ -16,8 +15,8 @@
boot.loader.grub.device = "/dev/sda";
deployment.targetHost = "10.42.0.125";
networking.hostName = "sithlainnir"; # Define your hostname.
networking.hostName = "sithlainnir"; # Define your hostname.
system.stateVersion = "18.09"; # The version of NixOS originally installed
system.stateVersion = "18.09"; # The version of NixOS originally installed
}

17
hosts/teintidh.nix
View file

@ -3,13 +3,12 @@
{ config, pkgs, ... }:
{
imports =
[
../hardware/lenovo_x201.nix
../profiles/desktop_common.nix
../profiles/haskell-dev.nix
../profiles/kids-dev.nix
];
imports = [
../hardware/lenovo_x201.nix
../profiles/desktop_common.nix
../profiles/haskell-dev.nix
../profiles/kids-dev.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
@ -17,8 +16,8 @@
boot.loader.grub.device = "/dev/sda";
deployment.targetHost = "10.42.0.127";
networking.hostName = "teintidh"; # Define your hostname.
networking.hostName = "teintidh"; # Define your hostname.
system.stateVersion = "18.09"; # The version of NixOS originally installed
system.stateVersion = "18.09"; # The version of NixOS originally installed
}

17
images/sd-image_paidh-aarch64.nix
View file

@ -6,12 +6,11 @@
{ config, lib, pkgs, ... }:
let
extlinux-conf-builder =
import <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
extlinux-conf-builder = import
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
pkgs = pkgs.buildPackages;
};
in
{
in {
imports = [
<nixpkgs/nixos/modules/profiles/base.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/sd-image.nix>
@ -35,11 +34,11 @@ in
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
'';
in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
cp ${configTxt} firmware/config.txt
'';
in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
cp ${configTxt} firmware/config.txt
'';
populateRootCommands = ''
mkdir -p ./files/boot
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot

5
images/sd-image_paidh-aon.nix
View file

@ -11,9 +11,6 @@
{ ... }: {
imports = [
./sd-image_paidh-armv7.nix
../hosts/paidh-aon.nix
];
imports = [ ./sd-image_paidh-armv7.nix ../hosts/paidh-aon.nix ];
}

17
images/sd-image_paidh-armv7.nix
View file

@ -6,12 +6,11 @@
{ config, lib, pkgs, ... }:
let
extlinux-conf-builder =
import <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
extlinux-conf-builder = import
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
pkgs = pkgs.buildPackages;
};
in
{
in {
imports = [
<nixpkgs/nixos/modules/profiles/base.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/sd-image.nix>
@ -33,11 +32,11 @@ in
# TODO: check when/if this can be removed.
enable_uart=1
'';
in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
cp ${pkgs.ubootRaspberryPi2}/u-boot.bin firmware/u-boot-rpi2.bin
cp ${configTxt} firmware/config.txt
'';
in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
cp ${pkgs.ubootRaspberryPi2}/u-boot.bin firmware/u-boot-rpi2.bin
cp ${configTxt} firmware/config.txt
'';
populateRootCommands = ''
mkdir -p ./files/boot
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot

5
images/sd-image_paidh-ceithir.nix
View file

@ -11,9 +11,6 @@
{ ... }: {
imports = [
./sd-image_paidh-aarch64.nix
../hosts/paidh-ceithir.nix
];
imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-ceithir.nix ];
}

5
images/sd-image_paidh-coig.nix
View file

@ -11,9 +11,6 @@
{ ... }: {
imports = [
./sd-image_paidh-aarch64.nix
../hosts/paidh-coig.nix
];
imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-coig.nix ];
}

5
images/sd-image_paidh-dha.nix
View file

@ -2,9 +2,6 @@
{ ... }: {
imports = [
./sd-image_paidh-aarch64.nix
../hosts/paidh-dha.nix
];
imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-dha.nix ];
}

5
images/sd-image_paidh-tri.nix
View file

@ -11,9 +11,6 @@
{ ... }: {
imports = [
./sd-image_paidh-aarch64.nix
../hosts/paidh-tri.nix
];
imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-tri.nix ];
}

55
images/usb-yubikey.nix
View file

@ -2,37 +2,36 @@
#
# Usage: nix-build -A iso images/usb-yubikey.nix
{ nixpkgs? <nixpkgs>, system ? "x86_64-linux" }:
{ nixpkgs ? <nixpkgs>, system ? "x86_64-linux" }:
let
config = { pkgs, ... }:
with pkgs; {
imports = [<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>];
boot.supportedFilesystems = [ "zfs" ];
boot.kernelParams = [ "console=ttyS0,115200n8" ];
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
with pkgs; {
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
];
boot.supportedFilesystems = [ "zfs" ];
boot.kernelParams = [ "console=ttyS0,115200n8" ];
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
services.pcscd.enable = true;
services.udev.packages = [ yubikey-personalization ];
environment.systemPackages = [
curl # Tool for transferring files with URL syntax
gnupg # GNU Privacy Guard
paperkey # Store OpenPGP or GnuPG on paper
pinentry # GnuPGs interface to passphrase input
wget # Retrieve files using HTTP, HTTPS, and FTP
];
nixpkgs.config.allowUnfree = true;
#services.openssh.enable = false;
};
services.pcscd.enable = true;
services.udev.packages = [ yubikey-personalization ];
environment.systemPackages = [
curl # Tool for transferring files with URL syntax
gnupg # GNU Privacy Guard
paperkey # Store OpenPGP or GnuPG on paper
pinentry # GnuPGs interface to passphrase input
wget # Retrieve files using HTTP, HTTPS, and FTP
];
nixpkgs.config.allowUnfree = true;
#services.openssh.enable = false;
};
evalNixos = configuration: import <nixpkgs/nixos> {
inherit system configuration;
};
evalNixos = configuration:
import <nixpkgs/nixos> { inherit system configuration; };
in {
iso = (evalNixos config).config.system.build.isoImage;
}
in { iso = (evalNixos config).config.system.build.isoImage; }

12
networks/linode-common.nix
View file

@ -3,11 +3,7 @@
{ config, pkgs, lib, ... }:
{
imports =
[
../profiles/host_common.nix
../profiles/server_common.nix
];
imports = [ ../profiles/host_common.nix ../profiles/server_common.nix ];
# Ensure the right package architecture is used
nixpkgs.localSystem = {
@ -16,11 +12,7 @@
};
# Tools that Linode support like to have install if you need them.
environment.systemPackages = with pkgs; [
inetutils
mtr
sysstat
];
environment.systemPackages = with pkgs; [ inetutils mtr sysstat ];
# Configure firewall defaults:
networking = {

6
networks/linode-encrypted.nix
View file

@ -3,9 +3,5 @@
{ config, pkgs, lib, ... }:
{
imports =
[
../hardware/linode_vm-encrypted.nix
./linode-common.nix
];
imports = [ ../hardware/linode_vm-encrypted.nix ./linode-common.nix ];
}

6
networks/linode.nix
View file

@ -3,9 +3,5 @@
{ config, pkgs, lib, ... }:
{
imports =
[
../hardware/linode_vm.nix
./linode-common.nix
];
imports = [ ../hardware/linode_vm.nix ./linode-common.nix ];
}

24
networks/pi2B_rack.nix
View file

@ -2,24 +2,22 @@
{
imports =
[
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../hardware/raspberry_pi_2_model_B.nix
../profiles/host_common.nix
../profiles/pi_common.nix
../profiles/server_common.nix
];
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../hardware/raspberry_pi_2_model_B.nix
../profiles/host_common.nix
../profiles/pi_common.nix
../profiles/server_common.nix
];
# Ensure the right package architecture is used
nixpkgs.crossSystem = {
system = "armv7l-linux";
};
nixpkgs.crossSystem = { system = "armv7l-linux"; };
networking.wireless.enable = false; # Toggles wireless support via wpa_supplicant.
networking.wireless.enable =
false; # Toggles wireless support via wpa_supplicant.
documentation = {
nixos.enable = false; # Save some space by disabling the manual
nixos.enable = false; # Save some space by disabling the manual
};
users.users.root = {

20
networks/pi3B_rack.nix
View file

@ -2,14 +2,13 @@
{
imports =
[
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../hardware/raspberry_pi_3_model_B.nix
../profiles/host_common.nix
../profiles/pi_common.nix
../profiles/server_common.nix
];
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../hardware/raspberry_pi_3_model_B.nix
../profiles/host_common.nix
../profiles/pi_common.nix
../profiles/server_common.nix
];
# Ensure the right package architecture is used
nixpkgs.localSystem = {
@ -18,10 +17,11 @@
allowUnfree = true;
};
networking.wireless.enable = false; # Toggles wireless support via wpa_supplicant.
networking.wireless.enable =
false; # Toggles wireless support via wpa_supplicant.
documentation = {
nixos.enable = false; # Save some space by disabling the manual
nixos.enable = false; # Save some space by disabling the manual
};
users.users.root = {

31
nix/default.nix
View file

@ -1,31 +1,22 @@
{ sources ? import ./sources.nix
, system ? builtins.currentSystem
, crossSystem ? null
, config ? {} }:
{ sources ? import ./sources.nix, system ? builtins.currentSystem
, crossSystem ? null, config ? { } }:
let
# our own overlays:
local-overlays = [
];
local-overlays = [ ];
globals =
if builtins.pathExists ../globals.nix
then [(import ../globals.nix)]
else builtins.trace "globals.nix missing, please add symlink" [];
globals = if builtins.pathExists ../globals.nix then
[ (import ../globals.nix) ]
else
builtins.trace "globals.nix missing, please add symlink" [ ];
# merge upstream sources with our own:
upstream-overlays = [
( _: super: {
(_: super: {
sources = (super.sources or {}) // sources;
sources = (super.sources or { }) // sources;
})
];
overlays =
local-overlays ++
globals ++
upstream-overlays;
in
import sources.nixpkgs {
inherit overlays system crossSystem config;
}
overlays = local-overlays ++ globals ++ upstream-overlays;
in import sources.nixpkgs { inherit overlays system crossSystem config; }

135
nix/sources.nix
View file

@ -19,29 +19,28 @@ let
pkgs.fetchzip { inherit (spec) url sha256; };
fetch_git = spec:
builtins.fetchGit { url = spec.repo; inherit (spec) rev ref; };
builtins.fetchGit {
url = spec.repo;
inherit (spec) rev ref;
};
fetch_builtin-tarball = spec:
builtins.trace
''
WARNING:
The niv type "builtin-tarball" will soon be deprecated. You should
instead use `builtin = true`.
builtins.trace ''
WARNING:
The niv type "builtin-tarball" will soon be deprecated. You should
instead use `builtin = true`.
$ niv modify <package> -a type=tarball -a builtin=true
''
builtins_fetchTarball { inherit (spec) url sha256; };
$ niv modify <package> -a type=tarball -a builtin=true
'' builtins_fetchTarball { inherit (spec) url sha256; };
fetch_builtin-url = spec:
builtins.trace
''
WARNING:
The niv type "builtin-url" will soon be deprecated. You should
instead use `builtin = true`.
builtins.trace ''
WARNING:
The niv type "builtin-url" will soon be deprecated. You should
instead use `builtin = true`.
$ niv modify <package> -a type=file -a builtin=true
''
(builtins_fetchurl { inherit (spec) url sha256; });
$ niv modify <package> -a type=file -a builtin=true
'' (builtins_fetchurl { inherit (spec) url sha256; });
#
# Various helpers
@ -51,84 +50,84 @@ let
mkPkgs = sources:
let
sourcesNixpkgs =
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {};
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; })
{ };
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in
if builtins.hasAttr "nixpkgs" sources
then sourcesNixpkgs
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
import <nixpkgs> {}
else
abort
''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
in if builtins.hasAttr "nixpkgs" sources then
sourcesNixpkgs
else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
import <nixpkgs> { }
else
abort ''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
# The actual fetching function.
fetch = pkgs: name: spec:
if ! builtins.hasAttr "type" spec then
if !builtins.hasAttr "type" spec then
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file" then fetch_file pkgs spec
else if spec.type == "tarball" then fetch_tarball pkgs spec
else if spec.type == "git" then fetch_git spec
else if spec.type == "builtin-tarball" then fetch_builtin-tarball spec
else if spec.type == "builtin-url" then fetch_builtin-url spec
else if spec.type == "file" then
fetch_file pkgs spec
else if spec.type == "tarball" then
fetch_tarball pkgs spec
else if spec.type == "git" then
fetch_git spec
else if spec.type == "builtin-tarball" then
fetch_builtin-tarball spec
else if spec.type == "builtin-url" then
fetch_builtin-url spec
else
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
abort
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
# Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs = builtins.mapAttrs or (
f: set: with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
);
mapAttrs = builtins.mapAttrs or (f: set:
with builtins;
listToAttrs (map (attr: {
name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = { url, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12" then
fetchTarball { inherit url; }
else
fetchTarball attrs;
let inherit (builtins) lessThan nixVersion fetchTarball;
in if lessThan nixVersion "1.12" then
fetchTarball { inherit url; }
else
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = { url, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12" then
fetchurl { inherit url; }
else
fetchurl attrs;
let inherit (builtins) lessThan nixVersion fetchurl;
in if lessThan nixVersion "1.12" then
fetchurl { inherit url; }
else
fetchurl attrs;
# Create the final "sources" from the config
mkSources = config:
mapAttrs (
name: spec:
if builtins.hasAttr "outPath" spec
then abort
"The values in sources.json should not have an 'outPath' attribute"
else
spec // { outPath = fetch config.pkgs name spec; }
) config.sources;
mapAttrs (name: spec:
if builtins.hasAttr "outPath" spec then
abort
"The values in sources.json should not have an 'outPath' attribute"
else
spec // { outPath = fetch config.pkgs name spec; }) config.sources;
# The "config" used by the fetchers
mkConfig =
{ sourcesFile ? ./sources.json
mkConfig = { sourcesFile ? ./sources.json
, sources ? builtins.fromJSON (builtins.readFile sourcesFile)
, pkgs ? mkPkgs sources
}: rec {
, pkgs ? mkPkgs sources }: rec {
# The sources, i.e. the attribute set of spec name to spec
inherit sources;
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
inherit pkgs;
};
in
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }
in mkSources (mkConfig { }) // {
__functor = _: settings: mkSources (mkConfig settings);
}

6
overlays/nixUnstable.nix
View file

@ -1,4 +1,4 @@
let sources = import ../nix/sources.nix {}; in
final: prev: {
nixUnstable = (import sources.nixos-unstable {}).nixUnstable;
let sources = import ../nix/sources.nix { };
in final: prev: {
nixUnstable = (import sources.nixos-unstable { }).nixUnstable;
}

7
overlays/qemu/default.nix
View file

@ -4,9 +4,10 @@
self: super:
{
qemu-user-arm = if self.stdenv.system == "x86_64-linux"
then self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; }
else self.callPackage ./qemu { user_arch = "arm"; };
qemu-user-arm = if self.stdenv.system == "x86_64-linux" then
self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; }
else
self.callPackage ./qemu { user_arch = "arm"; };
qemu-user-x86 = self.callPackage ./qemu { user_arch = "x86_64"; };
qemu-user-arm64 = self.callPackage ./qemu { user_arch = "aarch64"; };
qemu-user-riscv32 = self.callPackage ./qemu { user_arch = "riscv32"; };

27
overlays/qemu/qemu/default.nix
View file

@ -1,13 +1,13 @@
# Based up original waokr by cleverca22
# https://raw.githubusercontent.com/cleverca22/nixos-configs/master/overlays/qemu/qemu/default.nix
{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison,
makeStaticLibraries, glibc, qemu, fetchFromGitHub }:
{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison
, makeStaticLibraries, glibc, qemu, fetchFromGitHub }:
let
env2 = makeStaticLibraries stdenv;
myglib = (glib.override { stdenv = env2; }).overrideAttrs (drv: {
mesonFlags = (drv.mesonFlags or []) ++ [ "-Ddefault_library=both" ];
mesonFlags = (drv.mesonFlags or [ ]) ++ [ "-Ddefault_library=both" ];
});
riscv_src = fetchFromGitHub {
owner = "riscv";
@ -22,18 +22,23 @@ let
riscv64 = "x86_64";
x86_64 = "x86_64";
};
in
stdenv.mkDerivation rec {
in stdenv.mkDerivation rec {
name = "qemu-user-${user_arch}-${version}";
version = "3.1.0";
src = if is_riscv then riscv_src else qemu.src;
buildInputs = [ python pkgconfig zlib.static myglib flex bison glibc.static ];
patches = [ ./qemu-stack.patch ];
configureFlags = [
"--enable-linux-user" "--target-list=${user_arch}-linux-user"
"--disable-bsd-user" "--disable-system" "--disable-vnc"
"--disable-curses" "--disable-sdl" "--disable-vde"
"--disable-bluez" "--disable-kvm"
"--enable-linux-user"
"--target-list=${user_arch}-linux-user"
"--disable-bsd-user"
"--disable-system"
"--disable-vnc"
"--disable-curses"
"--disable-sdl"
"--disable-vde"
"--disable-bluez"
"--disable-kvm"
"--static"
"--disable-tools"
"--cpu=${arch_map.${user_arch}}"
@ -41,6 +46,8 @@ stdenv.mkDerivation rec {
NIX_LDFLAGS = [ "-lglib-2.0" ];
enableParallelBuilding = true;
postInstall = ''
cc -static ${./qemu-wrap.c} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap
cc -static ${
./qemu-wrap.c
} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap
'';
}

14
profiles/android.nix
View file

@ -5,20 +5,18 @@
{
nixpkgs.config = {
android_sdk.accept_license = true; # Accept the Android SDK licence
android_sdk.accept_license = true; # Accept the Android SDK licence
};
programs.adb.enable = true; # Enable Android Debug Bridge
programs.adb.enable = true; # Enable Android Debug Bridge
# Install other packages that I require to be used with Android.
environment.systemPackages = with pkgs; [
gitRepo # Android's repo management tool
heimdall # Needed to work with Samsung devices
kconfig-frontends # Linux kconfig infrastructure
gitRepo # Android's repo management tool
heimdall # Needed to work with Samsung devices
kconfig-frontends # Linux kconfig infrastructure
];
users.groups.adbusers.members = [
"craige"
];
users.groups.adbusers.members = [ "craige" ];
}

32
profiles/cardano-node.nix
View file

@ -5,21 +5,17 @@
let
sources = import ../nix/sources.nix;
cardanoNodeProject = import (sources.cardano-node + "/nix") { gitrev = sources.cardano-node.rev; };
iohkNix = import (sources.iohk-nix) {};
cardanoNodeProject = import (sources.cardano-node + "/nix") {
gitrev = sources.cardano-node.rev;
};
iohkNix = import (sources.iohk-nix) { };
in
in {
{
imports =
[ ../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos" ];
imports = [
../secrets/cardano/producers.nix
"${sources.cardano-node}/nix/nixos"
];
environment.systemPackages = [
cardanoNodeProject.cardano-cli
];
environment.systemPackages = [ cardanoNodeProject.cardano-cli ];
services = {
cardano-node = {
@ -33,12 +29,7 @@ in
scName = "cardano";
scFormat = "ScText";
}];
defaultScribes = [
[
"JournalSK"
"cardano"
]
];
defaultScribes = [[ "JournalSK" "cardano" ]];
};
kesKey = "/run/keys/cardano-kes";
vrfKey = "/run/keys/cardano-vrf";
@ -49,11 +40,12 @@ in
networking = {
firewall = {
allowedTCPPorts = [
3001 # cardano-node
3001 # cardano-node
];
};
};
users.groups.keys.members = [ "cardano-node" ]; # Required due to NixOps issue #1204
users.groups.keys.members =
[ "cardano-node" ]; # Required due to NixOps issue #1204
}

2
profiles/chrony.nix
View file

@ -5,7 +5,7 @@
{
services.chrony = {
enable = true; # Enable Chrony
enable = true; # Enable Chrony
};
}

45
profiles/coturn.nix
View file

@ -4,31 +4,26 @@
{
imports = [
../secrets/coturn.nix
];
imports = [ ../secrets/coturn.nix ];
services = {
coturn = {
enable = true; # Enable the coturn server
lt-cred-mech = true; # Enable long-term credentials
use-auth-secret = true; # Enable TURN REST API
realm = "turn.mcwhirter.io"; # Default realm for users
relay-ips = [ # Relay addresses
enable = true; # Enable the coturn server
lt-cred-mech = true; # Enable long-term credentials
use-auth-secret = true; # Enable TURN REST API
realm = "turn.mcwhirter.io"; # Default realm for users
relay-ips = [ # Relay addresses
"172.105.171.16"
];
no-tcp-relay = true; # Disable TCP relay endpoints
extraConfig = "
cipher-list=\"HIGH\"
no-loopback-peers
no-multicast-peers
";
secure-stun = true; # Require authentication of the STUN Binding request
no-tcp-relay = true; # Disable TCP relay endpoints
extraConfig =
"\n cipher-list=\"HIGH\"\n no-loopback-peers\n no-multicast-peers\n ";
secure-stun = true; # Require authentication of the STUN Binding request
cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem";
pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem";
min-port = 49152; # Lower bound of UDP relay endpoints
max-port = 49999; # Upper bound of UDP relay endpoints
min-port = 49152; # Lower bound of UDP relay endpoints
max-port = 49999; # Upper bound of UDP relay endpoints
};
nginx = {
@ -53,15 +48,17 @@
networking.firewall = {
enable = true;
allowedTCPPorts = [
5349 # STUN tls
5350 # STUN tls alt
443 # HTTPS
];
allowedUDPPortRanges = [
{ from=49152; to=49999; } # TURN relay
5349 # STUN tls
5350 # STUN tls alt
443 # HTTPS
];
allowedUDPPortRanges = [{
from = 49152;
to = 49999;
} # TURN relay
];
};
users.groups.turnserver.members = [ "nginx" ]; # Added for keys permissions
users.groups.turnserver.members = [ "nginx" ]; # Added for keys permissions
}

31
profiles/craige4rocky.nix
View file

@ -1,13 +1,13 @@
# NixOps configuration for deploying the craige4rocky website
{ config, pkgs, ...}:
{ config, pkgs, ... }:
let
craige4rocky = import (pkgs.fetchgit {
name = "craige4rocky-src";
url = "https://source.mcwhirter.io/craige/craige4rocky.git";
name = "craige4rocky-src";
url = "https://source.mcwhirter.io/craige/craige4rocky.git";
branchName = "master";
sha256 = "1cammdgszclrhvp56af3c7vnanyn0gplvkhqi6jkg1ygy01ard4w";
sha256 = "1cammdgszclrhvp56af3c7vnanyn0gplvkhqi6jkg1ygy01ard4w";
}) { nixpkgs = pkgs; };
webdomain = "craige4rocky.org";
@ -18,21 +18,22 @@ in {
};
services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"${webdomain}" = { # website hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
root = "${craige4rocky}"; # Wesbite root
"${webdomain}" = { # website hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
root = "${craige4rocky}"; # Wesbite root
};
"www.${webdomain}" = { # Respect our elders :-)
"www.${webdomain}" = { # Respect our elders :-)
forceSSL = true;
enableACME = true;
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
};
};
};
@ -40,7 +41,7 @@ in {
security.acme = {
acceptTerms = true;
certs = {
"${webdomain}".email = "admin@${webdomain}";
"${webdomain}".email = "admin@${webdomain}";
"www.${webdomain}".email = "admin@${webdomain}";
};
};

2
profiles/cron-craige.nix
View file

@ -5,7 +5,7 @@
{
services.cron = {
enable = true; # Enable cron service
enable = true; # Enable cron service
systemCronJobs = [
# Taskwarrior syncing
"*/5 * * * * craige /run/current-system/sw/bin/task sync >> /home/craige/.tasksync.log 2>&1"

27
profiles/cryptpad.nix
View file

@ -5,18 +5,18 @@
{
services.cryptpad = {
enable = true; # Enable Cryptpad server
enable = true; # Enable Cryptpad server
};
services.nginx = {
enable = true; # Enable Nginx
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."pad.mcwhirter.io" = { # Cryptpad hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
virtualHosts."pad.mcwhirter.io" = { # Cryptpad hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations = {
"/".proxyPass = "http://[::]:3000/";
"^~ /cryptpad_websocket" = {
@ -33,7 +33,7 @@
'';
};
"^~ /customize.dist/" = {
# This is needed in order to prevent infinite recursion between /customize/ and the root
# This is needed in order to prevent infinite recursion between /customize/ and the root
};
"^~ /customize/" = {
extraConfig = ''
@ -55,11 +55,12 @@
'';
tryFiles = "$uri =404";
};
"~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" = {
extraConfig = ''
rewrite ^(.*)$ $1/ redirect;
'';
};
"~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" =
{
extraConfig = ''
rewrite ^(.*)$ $1/ redirect;
'';
};
};
#extraConfig = ''
# try_files /www/$uri /www/$uri/index.html /customize/$uri;
@ -69,9 +70,7 @@
security.acme = {
acceptTerms = true;
certs = {
"pad.mcwhirter.io".email = "craige@mcwhirter.io";
};
certs = { "pad.mcwhirter.io".email = "craige@mcwhirter.io"; };
};
}

33
profiles/cyclone-ibis.nix
View file

@ -1,13 +1,13 @@
# NixOps configuration for deploying the Cyclone Ibis website
{ config, pkgs, ...}:
{ config, pkgs, ... }:
let
cyclone-ibis = import (pkgs.fetchgit {
name = "cyclone-ibis-src";
url = "https://source.mcwhirter.io/craige/cyclone-ibis.git";
name = "cyclone-ibis-src";
url = "https://source.mcwhirter.io/craige/cyclone-ibis.git";
branchName = "consensus";
sha256 = "sha256-EmPwVuyOHVFtE9Od8elgjXBAs/Pu76sYmChRsuZKo0I=";
sha256 = "sha256-EmPwVuyOHVFtE9Od8elgjXBAs/Pu76sYmChRsuZKo0I=";
}) { nixpkgs = pkgs; };
webdomain = "cycloneibis.com";
@ -17,24 +17,25 @@ in {
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
};
nixpkgs.config.allowBroken = true; # Hakyll is marked as broken in 20.09
nixpkgs.config.allowBroken = true; # Hakyll is marked as broken in 20.09
services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"${webdomain}" = { # website hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
root = "${cyclone-ibis}"; # Wesbite root
"${webdomain}" = { # website hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
root = "${cyclone-ibis}"; # Wesbite root
};
"www.${webdomain}" = { # Respect our elders :-)
"www.${webdomain}" = { # Respect our elders :-)
forceSSL = true;
enableACME = true;
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
};
};
};
@ -42,7 +43,7 @@ in {
security.acme = {
acceptTerms = true;
certs = {
"${webdomain}".email = "admin@${webdomain}";
"${webdomain}".email = "admin@${webdomain}";
"www.${webdomain}".email = "admin@${webdomain}";
};
};

6
profiles/daedalus.nix
View file

@ -5,13 +5,11 @@
let
sources = import ../nix/sources.nix;
daedalusProject = import sources.daedalus {};
daedalusProject = import sources.daedalus { };
daedalusMainnet = daedalusProject.daedalus;
#daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight};
in
{
in {
environment.systemPackages = [
daedalusMainnet

4
profiles/desktop-feeds.nix
View file

@ -9,8 +9,8 @@
systemPackages = with pkgs; [
#feedreader # desktop RSS reader, compatible with Tiny Tiny RSS
#vocal # The podcast client for the modern free desktop
gnome_mplayer # Gnome MPlayer, a simple GUI for MPlayer
gpodder # A podcatcher written in python
gnome_mplayer # Gnome MPlayer, a simple GUI for MPlayer
gpodder # A podcatcher written in python
];
};

8
profiles/desktopCraige.nix
View file

@ -4,12 +4,10 @@
{
# Craige's Desktop Packages
imports = [
../profiles/ebooks.nix
];
imports = [ ../profiles/ebooks.nix ];
environment.systemPackages = with pkgs; [
byobu # text-based window manager and terminal multiplexer.
gopass # password file manager
byobu # text-based window manager and terminal multiplexer.
gopass # password file manager
];
}

4
profiles/desktopFiona.nix
View file

@ -5,7 +5,7 @@
{
# Fiona's Desktop Packages
environment.systemPackages = with pkgs; [
slack-dark # Slack desktop client
zoom-us # zoom.us video conferencing application
slack-dark # Slack desktop client
zoom-us # zoom.us video conferencing application
];
}

109
profiles/desktop_common.nix
View file

@ -3,65 +3,66 @@
{ config, pkgs, ... }:
{
imports =
[
../profiles/games-kids.nix
../profiles/host_common.nix
../profiles/daedalus.nix
../profiles/openssh.nix
../profiles/powerManagement.nix
../secrets/user-craige.nix
../secrets/user-fiona.nix
../secrets/user-hamish.nix
../secrets/user-logan.nix
../secrets/user-root.nix
../secrets/user-xander.nix
];
imports = [
../profiles/games-kids.nix
../profiles/host_common.nix
../profiles/daedalus.nix
../profiles/openssh.nix
../profiles/powerManagement.nix
../secrets/user-craige.nix
../secrets/user-fiona.nix
../secrets/user-hamish.nix
../secrets/user-logan.nix
../secrets/user-root.nix
../secrets/user-xander.nix
];
# Common Desktop Packages
environment.systemPackages = with pkgs; [
brave # Privacy-oriented browser
brave # Privacy-oriented browser
chromium
element-desktop # A feature-rich client for Matrix.org
firefoxWrapper # install Firefox with support for plugins
gnome.gnome-tweaks # A tool to customize advanced GNOME 3 options
google-chrome # A freeware web browser developed by Google
element-desktop # A feature-rich client for Matrix.org
firefoxWrapper # install Firefox with support for plugins
gnome.gnome-tweaks # A tool to customize advanced GNOME 3 options
google-chrome # A freeware web browser developed by Google
libreoffice-fresh
mplayer # A movie player that supports many video formats
nextcloud-client # Nextcloud desktop client
pwgen # Password generator
shotwell # Photo organizer
signal-desktop # Private, simple, and secure messenger
usbutils # Tools for working with USB devices, such as lsusb
xorg.libxcb # X C binding
mplayer # A movie player that supports many video formats
nextcloud-client # Nextcloud desktop client
pwgen # Password generator
shotwell # Photo organizer
signal-desktop # Private, simple, and secure messenger
usbutils # Tools for working with USB devices, such as lsusb
xorg.libxcb # X C binding
];
networking.networkmanager.enable = true; # Enables network support via NetworkManager.
networking.networkmanager.enable =
true; # Enables network support via NetworkManager.
# Enable common desktop services
services = {
acpid.enable = true; # A daemon for delivering ACPI events to userspace programs
blueman.enable = true; # GTK-based Bluetooth Manager
devmon.enable = true; # Enable external device automounting.`
acpid.enable =
true; # A daemon for delivering ACPI events to userspace programs
blueman.enable = true; # GTK-based Bluetooth Manager
devmon.enable = true; # Enable external device automounting.`
udev.packages = [
pkgs.android-udev-rules # Android udev rules list
pkgs.android-udev-rules # Android udev rules list
];
udisks2.enable = true; # Enable udisks2
udisks2.enable = true; # Enable udisks2
xserver = {
enable = true;
desktopManager = {
gnome.enable = true; # Enable GNOME desktop environment
gnome.enable = true; # Enable GNOME desktop environment
};
displayManager = {
defaultSession = "gnome"; # Set GNOME as the default session
gdm.enable = true; # Enable the GNOME display manager
defaultSession = "gnome"; # Set GNOME as the default session
gdm.enable = true; # Enable the GNOME display manager
};
libinput.enable = true; # Enable touchpad support.
libinput.enable = true; # Enable touchpad support.
};
};
sound.enable = true; # Enable sound.
sound.enable = true; # Enable sound.
# Configure common hardware settings
hardware = {
@ -71,25 +72,21 @@
package = pkgs.pulseaudioFull;
};
bluetooth = {
enable = true; # Enable bluetooth
enable = true; # Enable bluetooth
hsphfpd.enable = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
NoPlugin = "sap";
};
Policy = {
AutoEnable = "true";
};
Policy = { AutoEnable = "true"; };
};
};
opengl.enable = true;
};
# Configure Firefox and Chromium
nixpkgs.config = {
allowUnfree = true;
};
nixpkgs.config = { allowUnfree = true; };
programs = {
chromium = {
@ -100,27 +97,9 @@
# Groups to add
users.groups = {
audio.members = [
"craige"
"fiona"
"hamish"
"logan"
"xander"
];
libvirtd.members = [
"craige"
"fiona"
"hamish"
"logan"
"xander"
];
networkmanager.members = [
"craige"
"fiona"
"hamish"
"logan"
"xander"
];
audio.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
libvirtd.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
networkmanager.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
};
}

6
profiles/ebooks.nix
View file

@ -4,13 +4,11 @@
{
environment.variables = {
FOLIATE_TTS_LANG="en-gb";
};
environment.variables = { FOLIATE_TTS_LANG = "en-gb"; };
environment.systemPackages = with pkgs; [
#python39Packages.gtts # Speech synthesizer, required for text to speech.
foliate # A simple and modern GTK eBook reader
foliate # A simple and modern GTK eBook reader
vlc
];

50
profiles/emacs.nix
View file

@ -1,33 +1,33 @@
/*
This is a nix expression to build Emacs and some Emacs packages I like
from source on any distribution where Nix is installed. This will install
all the dependencies from the nixpkgs repository and build the binary files
without interfering with the host distribution.
/* This is a nix expression to build Emacs and some Emacs packages I like
from source on any distribution where Nix is installed. This will install
all the dependencies from the nixpkgs repository and build the binary files
without interfering with the host distribution.
To build the project, type the following from the current directory:
To build the project, type the following from the current directory:
$ nix-build emacs.nix
$ nix-build emacs.nix
To run the newly compiled executable:
To run the newly compiled executable:
$ ./result/bin/emacs
$ ./result/bin/emacs
*/
{ pkgs ? import <nixpkgs> {} }:
{ pkgs ? import <nixpkgs> { } }:
let
myEmacs = pkgs.emacs;
emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages;
in
emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
magit # ; Integrate git <C-x g>
myEmacs = pkgs.emacs;
emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages;
in emacsWithPackages (epkgs:
(with epkgs.melpaStablePackages; [
magit # ; Integrate git <C-x g>
zerodark-theme # ; Nicolas' theme
]) ++ (with epkgs.melpaPackages; [
#undo-tree # ; <C-x u> to show the undo tree
#zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
]) ++ (with epkgs.elpaPackages; [
auctex # ; LaTeX mode
beacon # ; highlight my cursor when scrolling
nameless # ; hide current package name everywhere in elisp code
]) ++ [
pkgs.notmuch # From main packages set
])
]) ++ (with epkgs.melpaPackages;
[
#undo-tree # ; <C-x u> to show the undo tree
#zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
]) ++ (with epkgs.elpaPackages; [
auctex # ; LaTeX mode
beacon # ; highlight my cursor when scrolling
nameless # ; hide current package name everywhere in elisp code
]) ++ [
pkgs.notmuch # From main packages set
])

42
profiles/games-kids.nix
View file

@ -2,42 +2,38 @@
{ config, pkgs, ... }:
let
sources = import ../nix/sources.nix;
unstable = import sources.nixpkgsUnstable {};
in
unstable = import sources.nixpkgsUnstable { };
{
in {
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [
"minecraft"
];
permittedInsecurePackages = [ "minecraft" ];
};
# Retro Gaming Packages
environment.systemPackages = with pkgs; [
angband # A single-player roguelike dungeon exploration game
egoboo # 3D dungeon crawling adventure
angband # A single-player roguelike dungeon exploration game
egoboo # 3D dungeon crawling adventure
extremetuxracer # High speed arctic racing game based on Tux Racer
freeciv # Multiplayer (or single player), turn-based strategy game
freedroidrpg # Isometric 3D RPG similar to game Diablo
gcompris # Educational software suite, kids aged 2 to 10
unstable.grapejuice # Simple Wine+Roblox management tool
jre # Required by Minecraft (via multimc)
freeciv # Multiplayer (or single player), turn-based strategy game
freedroidrpg # Isometric 3D RPG similar to game Diablo
gcompris # Educational software suite, kids aged 2 to 10
unstable.grapejuice # Simple Wine+Roblox management tool
jre # Required by Minecraft (via multimc)
#lincity_ng # City building game
meritous # Action-adventure dungeon crawl game
minecraft # Official launcher for Minecraft
minetest # Infinite-world block sandbox game
nethack-x11 # Rogue-like game
meritous # Action-adventure dungeon crawl game
minecraft # Official launcher for Minecraft
minetest # Infinite-world block sandbox game
nethack-x11 # Rogue-like game
#opendungeons # real time strategy game sharing game elements with the Dungeon Keeper series and Evil Genius
pingus # A puzzle game with mechanics similar to Lemmings
shattered-pixel-dungeon # Roguelike game with pixel-art graphics
superTux # Classic 2D jump'n run sidescroller game
superTuxKart # A Free 3D kart racing game
wesnoth # Battle for Wesnoth server and client
pingus # A puzzle game with mechanics similar to Lemmings
shattered-pixel-dungeon # Roguelike game with pixel-art graphics
superTux # Classic 2D jump'n run sidescroller game
superTuxKart # A Free 3D kart racing game
wesnoth # Battle for Wesnoth server and client
];
}

92
profiles/gitea.nix
View file

@ -5,33 +5,29 @@
{
services.gitea = {
enable = true; # Enable Gitea
appName = "mcwhirter.io: Gitea Service"; # Give the site a name
enable = true; # Enable Gitea
appName = "mcwhirter.io: Gitea Service"; # Give the site a name
database = {
type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
};
disableRegistration = true;
domain = "source.mcwhirter.io"; # Domain name
rootUrl = "https://source.mcwhirter.io/"; # Root web URL
httpPort = 3002; # Provided unique port
domain = "source.mcwhirter.io"; # Domain name
rootUrl = "https://source.mcwhirter.io/"; # Root web URL
httpPort = 3002; # Provided unique port
settings = let
docutils =
pkgs.python37.withPackages (ps: with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
docutils = pkgs.python37.withPackages (ps:
with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
in {
mailer = {
ENABLED = true;
FROM = "gitea@mcwhirter.io";
};
repository = {
DEFAULT_BRANCH = "consensus";
};
service = {
REGISTER_EMAIL_CONFIRM = true;
};
repository = { DEFAULT_BRANCH = "consensus"; };
service = { REGISTER_EMAIL_CONFIRM = true; };
"markup.restructuredtext" = {
ENABLED = true;
FILE_EXTENSIONS = ".rst";
@ -39,66 +35,64 @@
IS_INPUT_FILE = false;
};
ui = {
DEFAULT_THEME = "gitea"; # Set the default theme
DEFAULT_THEME = "gitea"; # Set the default theme
};
};
};
services.postgresql = {
enable = true; # Ensure postgresql is enabled
enable = true; # Ensure postgresql is enabled
authentication = ''
local gitea all ident map=gitea-users
'';
identMap = # Map the gitea user to postgresql
identMap = # Map the gitea user to postgresql
''
gitea-users gitea gitea
'';
ensureDatabases = [ "gitea" ]; # Ensure the database persists
ensureUsers = [
{
name = "gitea"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE gitea" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [ "gitea" ]; # Ensure the database persists
ensureUsers = [{
name = "gitea"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE gitea" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}];
};
services.nginx = {
enable = true; # Enable Nginx
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."source.mcwhirter.io" = { # Gitea hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
virtualHosts."source.mcwhirter.io" = { # Gitea hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
};
virtualHosts."git.mcwhirter.io" = { # Hostname to be redirected
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
virtualHosts."git.mcwhirter.io" = { # Hostname to be redirected
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
};
virtualHosts."code.mcwhirter.io" = { # Hostname to be redirected
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
virtualHosts."code.mcwhirter.io" = { # Hostname to be redirected
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
};
};
security.acme = {
acceptTerms = true;
certs = {
"code.mcwhirter.io".email = "craige@mcwhirter.io";
"git.mcwhirter.io".email = "craige@mcwhirter.io";
"code.mcwhirter.io".email = "craige@mcwhirter.io";
"git.mcwhirter.io".email = "craige@mcwhirter.io";
"source.mcwhirter.io".email = "craige@mcwhirter.io";
};
};
users.groups.keys.members = [ "gitea" ]; # Required due to NixOps issue #1204
users.groups.keys.members = [ "gitea" ]; # Required due to NixOps issue #1204
}

34
profiles/gitea_home.nix
View file

@ -5,21 +5,21 @@
{
services.gitea = {
enable = true; # Enable Gitea
appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name
enable = true; # Enable Gitea
appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name
database = {
type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
};
domain = "source.taigh.mcwhirter.io"; # Domain name
rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL
httpPort = 3001; # Provided unique port
domain = "source.taigh.mcwhirter.io"; # Domain name
rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL
httpPort = 3001; # Provided unique port
extraConfig = let
docutils =
pkgs.python37.withPackages (ps: with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
docutils = pkgs.python37.withPackages (ps:
with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
in ''
[mailer]
ENABLED = true
@ -35,26 +35,26 @@
};
services.postgresql = {
enable = true; # Ensure postgresql is enabled
enable = true; # Ensure postgresql is enabled
authentication = ''
local gitea all ident map=gitea-users
'';
identMap = # Map the gitea user to postgresql
identMap = # Map the gitea user to postgresql
''
gitea-users gitea gitea
'';
};
services.nginx = {
enable = true; # Enable Nginx
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
#recommendedTlsSettings = true;
virtualHosts."source.taigh.mcwhirter.io" = { # Gitea hostname
virtualHosts."source.taigh.mcwhirter.io" = { # Gitea hostname
#enableACME = true; # Use ACME certs
#forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
};
};

24
profiles/grafana.nix
View file

@ -4,9 +4,7 @@
{
imports = [
../secrets/cardano/grafana.nix
];
imports = [ ../secrets/cardano/grafana.nix ];
services = {
grafana = {
@ -15,11 +13,12 @@
domain = "monitoring.mcwhirter.io";
rootUrl = "https://monitoring.mcwhirter.io/grafana";
security = {
adminPasswordFile = "/run/keys/grafana-apass"; # Where to find the password
adminPasswordFile =
"/run/keys/grafana-apass"; # Where to find the password
};
auth = {
anonymous = {
enable = true; # Allow anonymous access
enable = true; # Allow anonymous access
};
};
provision = {
@ -31,17 +30,16 @@
# options.path = ../monitoring/NodeSystemDashboard.json;
# }
#];
datasources = [
{
type = "prometheus";
name = "prometheus";
url = "http://localhost:9090/prometheus";
}
];
datasources = [{
type = "prometheus";
name = "prometheus";
url = "http://localhost:9090/prometheus";
}];
};
};
};
users.groups.keys.members = [ "grafana" ]; # Required due to NixOps issue #1204
users.groups.keys.members =
[ "grafana" ]; # Required due to NixOps issue #1204
}

6
profiles/haskell-dev.nix
View file

@ -5,9 +5,9 @@
{
environment.systemPackages = with pkgs.haskellPackages; [
cabal-install # Haskell software automation
ghc # Glasgow Haskell Compiler
hlint # Haskell source linter
cabal-install # Haskell software automation
ghc # Glasgow Haskell Compiler
hlint # Haskell source linter
];
}

65
profiles/host_common.nix
View file

@ -16,22 +16,22 @@
# Common boot settings
boot = {
cleanTmpDir = true; # Clean /tmp on reboot
cleanTmpDir = true; # Clean /tmp on reboot
};
# Select internationalisation properties.
i18n = {
defaultLocale = "en_AU.UTF-8"; # Set the default locale
defaultLocale = "en_AU.UTF-8"; # Set the default locale
};
# Set the defaul console properties
console = {
keyMap = "us"; # Set the default console key map
font = "ter-powerline-v16Rv"; # Set the default console font
keyMap = "us"; # Set the default console key map
font = "ter-powerline-v16Rv"; # Set the default console font
};
time.timeZone = "Australia/Brisbane"; # Set your preferred timezone:
documentation.nixos.enable = false; # Disable documentation, save space
documentation.nixos.enable = false; # Disable documentation, save space
# Set security options:
security.sudo.enable = true;
@ -40,9 +40,10 @@
# Configure and install required fonts
fonts.enableDefaultFonts = true;
fonts.fontDir.enable = true;
fonts.fonts = with pkgs; [
powerline-fonts # Required for Powerline prompts
];
fonts.fonts = with pkgs;
[
powerline-fonts # Required for Powerline prompts
];
fonts.fontconfig.includeUserConf = false;
# Adapted from gchristensen and clever
@ -51,18 +52,17 @@
# Ruin the config so we don't accidentally run
# nixos-rebuild switch on the host
(let
cfg = pkgs.writeText "configuration.nix"
''
assert builtins.trace "This system is managed by NixOps." false;
{}
'';
cfg = pkgs.writeText "configuration.nix" ''
assert builtins.trace "This system is managed by NixOps." false;
{}
'';
in "nixos-config=${cfg}")
# Copy the channel version from the deploy host to the target
"nixpkgs=/run/current-system/nixpkgs"
];
gc = {
automatic = true; # Enable Nix garbage collection:
automatic = true; # Enable Nix garbage collection:
dates = "weekly";
options = "--delete-older-than 90d";
};
@ -71,7 +71,7 @@
show-trace = true # Enable --show-trace by default for nix
builders-use-substitutes = true # Set builders to use caches
'';
trustedUsers = ["craige"];
trustedUsers = [ "craige" ];
};
system.extraSystemBuilderCmds = ''
@ -79,29 +79,30 @@
'';
environment.etc.host-nix-channel.source = pkgs.path;
environment.variables = {
BAT_THEME="Dracula";
};
environment.variables = { BAT_THEME = "Dracula"; };
# Set the system-wide environment
environment = {
systemPackages = with pkgs; [
bat # cat clone with syntax highlighting & Git integration
dnsutils # Bind DNS utilities
fd # A simple, fast and user-friendly alternative to find
(if config.services.xserver.enable then gitAndTools.gitFull else git) # Distributed version control system
htop # interactive process viewer
hwinfo # Hardware detection tool
killall # kill processes by name
lshw # Detailed information on the hardware configuration
lsof # list open files
mosh # Mobile shell (ssh replacement)
ncdu # Disk usage analyzer with an ncurses interface
nix-index # A files database for nixpkgs
ripgrep # Utility that provides usability of The Silver Searcher with the raw speed of grep
bat # cat clone with syntax highlighting & Git integration
dnsutils # Bind DNS utilities
fd # A simple, fast and user-friendly alternative to find
(if config.services.xserver.enable then
gitAndTools.gitFull
else
git) # Distributed version control system
htop # interactive process viewer
hwinfo # Hardware detection tool
killall # kill processes by name
lshw # Detailed information on the hardware configuration
lsof # list open files
mosh # Mobile shell (ssh replacement)
ncdu # Disk usage analyzer with an ncurses interface
nix-index # A files database for nixpkgs
ripgrep # Utility that provides usability of The Silver Searcher with the raw speed of grep
];
};
# Users common across MIO Ops:
users.mutableUsers = false; # Remove any users not defined in here
users.mutableUsers = false; # Remove any users not defined in here
}

21
profiles/hydra-dev.nix
View file

@ -9,14 +9,13 @@ let
#sha256 = "1vs3lyfyafsl7wbpmycv7c3n9n2rkrswp65msb6q1iskgpvr96d5";
sha256 = "0i7szp04c873gfmj1h0dcl5rsbzzldc160pcls8z9v6iphils34i";
};
in
pkgs.callPackage ./hydra-fork.nix {
nixpkgsPath = pkgs.path;
#patches = [
# (pkgs.fetchpatch {
# url = "https://github.com/NixOS/hydra/pull/648/commits/4171ab4c4fd576c516dc03ba64d1c7945f769af0.patch";
# sha256 = "1fxa2459kdws6qc419dv4084c1ssmys7kqg4ic7n643kybamsgrx";
# })
#];
src = hydraSrc;
}
in pkgs.callPackage ./hydra-fork.nix {
nixpkgsPath = pkgs.path;
#patches = [
# (pkgs.fetchpatch {
# url = "https://github.com/NixOS/hydra/pull/648/commits/4171ab4c4fd576c516dc03ba64d1c7945f769af0.patch";
# sha256 = "1fxa2459kdws6qc419dv4084c1ssmys7kqg4ic7n643kybamsgrx";
# })
#];
src = hydraSrc;
}

5
profiles/hydra-fork.nix
View file

@ -2,7 +2,7 @@
let
hydraRelease = (import (src + "/release.nix") {
#hydraRelease = (import src {
#hydraRelease = (import src {
nixpkgs = nixpkgsPath;
hydraSrc = {
outPath = src;
@ -11,5 +11,4 @@ let
};
});
in
hydraRelease.build.x86_64-linux.overrideAttrs (drv: { })
in hydraRelease.build.x86_64-linux.overrideAttrs (drv: { })

61
profiles/hydra.nix
View file

@ -17,24 +17,21 @@
services.postgresql = {
enable = true;
package = pkgs.postgresql;
identMap =
''
hydra-users hydra hydra
hydra-users hydra-queue-runner hydra
hydra-users hydra-www hydra
hydra-users root postgres
hydra-users postgres postgres
'';
ensureDatabases = [ "hydra" ]; # Ensure the database persists
ensureUsers = [
{
name = "hydra"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE hydra" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
identMap = ''
hydra-users hydra hydra
hydra-users hydra-queue-runner hydra
hydra-users hydra-www hydra
hydra-users root postgres
hydra-users postgres postgres
'';
ensureDatabases = [ "hydra" ]; # Ensure the database persists
ensureUsers = [{
name = "hydra"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE hydra" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}];
};
networking.firewall.allowedTCPPorts = [ config.services.hydra.port ];
@ -62,9 +59,7 @@
};
};
security.acme.certs = {
"hydra.mcwhirter.io".email = "craige@mcwhirter.io";
};
security.acme.certs = { "hydra.mcwhirter.io".email = "craige@mcwhirter.io"; };
systemd.services.hydra-manual-setup = {
description = "Create Admin User for Hydra";
@ -73,7 +68,9 @@
wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ];
after = [ "hydra-init.service" ];
environment = builtins.removeAttrs (config.systemd.services.hydra-init.environment) ["PATH"];
environment =
builtins.removeAttrs (config.systemd.services.hydra-init.environment)
[ "PATH" ];
script = ''
if [ ! -e ~hydra/.setup-is-complete ]; then
# create signing keys
@ -90,15 +87,13 @@
fi
'';
};
nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"];
nix.buildMachines = [
{
hostName = "localhost";
systems = [ "x86_64-linux" "i686-linux" ];
maxJobs = 4;
# for building VirtualBox VMs as build artifacts, you might need other
# features depending on what you are doing
supportedFeatures = [ "big-parallel" "kvm" "nixos-test" ];
}
];
nix.trustedUsers = [ "hydra" "hydra-evaluator" "hydra-queue-runner" ];
nix.buildMachines = [{
hostName = "localhost";
systems = [ "x86_64-linux" "i686-linux" ];
maxJobs = 4;
# for building VirtualBox VMs as build artifacts, you might need other
# features depending on what you are doing
supportedFeatures = [ "big-parallel" "kvm" "nixos-test" ];
}];
}

47
profiles/iohk.nix
View file

@ -4,10 +4,7 @@
{
imports = [
../profiles/terminal-recording.nix
../profiles/nix-direnv.nix
];
imports = [ ../profiles/terminal-recording.nix ../profiles/nix-direnv.nix ];
nix = {
package = pkgs.nixFlakes;
@ -35,27 +32,27 @@
# Set the system-wide environment
environment = {
systemPackages = with pkgs; [
awscli # Unified tool to manage your AWS services
bitwarden-cli # CLI client for Bitwarden
buildkite-agent # Buildkite for IOHK
cue # A data constraint language
docker # Pack, ship and run any application as a lightweight container
docker-compose # Multi-container orchestration for Docker
freerdp # A Remote Desktop Protocol Client, xfreerdp
gist # Upload code to https://gist.github.com (or github enterprise)
gnupg # GNU Privacy Guard, a GPL OpenPGP implementation
go-jira # Simple command line client for Atlassian's Jira service written in Go
jq # A lightweight and flexible command-line JSON processor
keybase-gui # The Keybase official client
magic-wormhole # Securely transfer data between computers
python38Packages.grip # Preview GitHub Markdown files like locally
s3fs # Mount an S3 bucket as filesystem through FUSE
shellcheck # Shell script analysis tool
slack-dark # Slack desktop client
xxd # make a hexdump or do the reverse
awscli # Unified tool to manage your AWS services
bitwarden-cli # CLI client for Bitwarden
buildkite-agent # Buildkite for IOHK
cue # A data constraint language
docker # Pack, ship and run any application as a lightweight container
docker-compose # Multi-container orchestration for Docker
freerdp # A Remote Desktop Protocol Client, xfreerdp
gist # Upload code to https://gist.github.com (or github enterprise)
gnupg # GNU Privacy Guard, a GPL OpenPGP implementation
go-jira # Simple command line client for Atlassian's Jira service written in Go
jq # A lightweight and flexible command-line JSON processor
keybase-gui # The Keybase official client
magic-wormhole # Securely transfer data between computers
python38Packages.grip # Preview GitHub Markdown files like locally
s3fs # Mount an S3 bucket as filesystem through FUSE
shellcheck # Shell script analysis tool
slack-dark # Slack desktop client
xxd # make a hexdump or do the reverse
];
variables = {
NIX_SKIP_KEYBASE_CHECKS = "1"; # As per IOHK Keybase reqs
NIX_SKIP_KEYBASE_CHECKS = "1"; # As per IOHK Keybase reqs
};
};
@ -68,8 +65,6 @@
# package = pkgs.postgresql_10; # Set the required version, if needed
};
users.groups.docker.members = [
"craige"
];
users.groups.docker.members = [ "craige" ];
}

14
profiles/jormungandr-stake.nix
View file

@ -5,13 +5,13 @@
disabledModules = [ "services/networking/jormungandr.nix" ];
imports = let
jormungandrNixSrc = builtins.fetchTarball https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz;
in [
(import (jormungandrNixSrc + "/nixos"))
];
jormungandrNixSrc = builtins.fetchTarball
"https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz";
in [ (import (jormungandrNixSrc + "/nixos")) ];
environment.systemPackages = with pkgs; [
jq # CLI JSON processor
];
environment.systemPackages = with pkgs;
[
jq # CLI JSON processor
];
}

6
profiles/jormungandr.nix
View file

@ -1,11 +1,11 @@
{ config, pkgs, ... }:
{
{ config, pkgs, ... }: {
imports = [ /home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix ];
services = {
jormungandr = {
enable = true;
enableExplorer = false;
genesisBlockHash = "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2";
genesisBlockHash =
"11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2";
trustedPeersAddresses = [
"/ip4/3.123.177.192/tcp/3000"
"/ip4/52.57.157.167/tcp/3000"

7
profiles/keyboard.nix
View file

@ -17,9 +17,10 @@
'';
environment = {
systemPackages = with pkgs; [
wally-cli # Flash firmware to mechanical keyboard
];
systemPackages = with pkgs;
[
wally-cli # Flash firmware to mechanical keyboard
];
};
}

7
profiles/kids-dev.nix
View file

@ -4,8 +4,9 @@
{
environment.systemPackages = with pkgs; [
kate # Multi-document editor with syntax highlighting
];
environment.systemPackages = with pkgs;
[
kate # Multi-document editor with syntax highlighting
];
}

2
profiles/logrotate.nix
View file

@ -5,7 +5,7 @@
{
services.logrotate = {
enable = true; # Enable the logrotate service
enable = true; # Enable the logrotate service
};
}

113
profiles/matrix.nix
View file

@ -4,56 +4,63 @@
{
imports = [
../secrets/matrix.nix
];
imports = [ ../secrets/matrix.nix ];
i18n = {
extraLocaleSettings = {
LC_COLLATE = "C"; # Ensure correct locale for postgres
LC_CTYPE = "C"; # Ensure correct locale for postgres
LC_COLLATE = "C"; # Ensure correct locale for postgres
LC_CTYPE = "C"; # Ensure correct locale for postgres
};
};
services = {
matrix-synapse = {
enable = true; # Enable the synapse server
server_name = "mcwhirter.io"; # Server's public domain name
public_baseurl = "https://synapse.mcwhirter.io:443/"; # Matrix target URL
enable_registration = true; # Toggle user registration
enable = true; # Enable the synapse server
server_name = "mcwhirter.io"; # Server's public domain name
public_baseurl = "https://synapse.mcwhirter.io:443/"; # Matrix target URL
enable_registration = true; # Toggle user registration
listeners = [
{ # federation
bind_address = "";
port = 8448;
resources = [
{ compress = true; names = [ "client" ]; }
{ compress = false; names = [ "federation" ]; }
{
compress = true;
names = [ "client" ];
}
{
compress = false;
names = [ "federation" ];
}
];
tls = true;
type = "http";
x_forwarded = false;
}
{ # client
bind_address = "::1"; # Listen on localhost only
port = 8008; # Port to listen on
bind_address = "::1"; # Listen on localhost only
port = 8008; # Port to listen on
resources = [
{
compress = true;
names = [ "client" ];
} {
}
{
compress = false;
names = [ "federation" ];
} ];
}
];
tls = true;
type = "http";
x_forwarded = true;
}
];
max_upload_size = "200M"; # Also set client_max_body_size to at least this
max_upload_size = "200M"; # Also set client_max_body_size to at least this
tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem";
tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem";
turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
turn_shared_secret =
"IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
turn_uris = [
"turn:turn.mcwhirter.io:5349?transport=udp"
"turn:turn.mcwhirter.io:5350?transport=udp"
@ -77,30 +84,28 @@
forceSSL = true;
enableACME = true;
locations = {
"/_matrix" = {
proxyPass = "https://[::1]:8008";
};
"/.well-known/matrix/server".extraConfig =
let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "synapse.mcwhirter.io:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
"= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://synapse.mcwhirter.io"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
"/_matrix" = { proxyPass = "https://[::1]:8008"; };
"/.well-known/matrix/server".extraConfig = let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "synapse.mcwhirter.io:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
"= /.well-known/matrix/client".extraConfig = let
client = {
"m.homeserver" = {
"base_url" = "https://synapse.mcwhirter.io";
};
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
extraConfig = ''
client_max_body_size 200M; # Needs to be no less than max_upload_size
@ -109,23 +114,21 @@
"chat.mcwhirter.io" = {
forceSSL = true;
enableACME = true;
root = pkgs.element-web; # Install RIOT web in the nginx root
root = pkgs.element-web; # Install RIOT web in the nginx root
};
};
};
postgresql = {
enable = true;
ensureDatabases = [ "matrix-synapse" ]; # Ensure the database persists
ensureUsers = [
{
name = "matrix-synapse"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [ "matrix-synapse" ]; # Ensure the database persists
ensureUsers = [{
name = "matrix-synapse"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}];
# Initial database creation
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
@ -146,7 +149,8 @@
};
"synapse.mcwhirter.io" = {
group = "matrix-synapse";
postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
postRun =
"systemctl reload nginx.service; systemctl restart matrix-synapse.service";
email = "acme@mcwhirter.io";
};
};
@ -155,11 +159,12 @@
networking.firewall = {
enable = true;
allowedTCPPorts = [
443 # HTTPS
8448 # Matrix federation
443 # HTTPS
8448 # Matrix federation
];
};
users.groups.matrix-synapse.members = [ "nginx" ]; # Added for keys permissions
users.groups.matrix-synapse.members =
[ "nginx" ]; # Added for keys permissions
}

25
profiles/mcwhirter.io.nix
View file

@ -1,10 +1,10 @@
# NixOps configuration for deploying the mcwhirter.io website
{ config, pkgs, ...}:
{ config, pkgs, ... }:
let
sources = import ../nix/sources.nix;
mcwhirter-io = import sources.mcwhirter-io {};
mcwhirter-io = import sources.mcwhirter-io { };
webdomain = "mcwhirter.io";
in {
@ -14,19 +14,20 @@ in {
};
services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"${webdomain}" = { # website hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
root = "${mcwhirter-io}"; # Wesbite root
"${webdomain}" = { # website hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
root = "${mcwhirter-io}"; # Wesbite root
};
"www.${webdomain}" = { # Respect our elders :-)
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
"www.${webdomain}" = { # Respect our elders :-)
locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
};
};
};

17
profiles/minecraftServer.nix
View file

@ -6,16 +6,12 @@
imports = [ ../secrets/minecraftServer.nix ];
nixpkgs = {
config = {
allowUnfree = true;
};
};
nixpkgs = { config = { allowUnfree = true; }; };
services.minecraft-server = {
enable = true; # Enable the Minecraft server.
enable = true; # Enable the Minecraft server.
declarative = true;
eula = true; # Answer Miecraft's EULA
eula = true; # Answer Miecraft's EULA
openFirewall = true;
serverProperties = {
motd = "mcwhirter.io";
@ -26,7 +22,8 @@
};
};
environment.systemPackages = with pkgs; [
mcron # Minecraft console client
];
environment.systemPackages = with pkgs;
[
mcron # Minecraft console client
];
}

19
profiles/monitoring.nix
View file

@ -4,23 +4,20 @@
{
imports = [
./grafana.nix
./prometheus.nix
];
imports = [ ./grafana.nix ./prometheus.nix ];
services = {
nginx = {
enable = true; # Enable Nginx
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."monitoring.mcwhirter.io" = { # Monitoring hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
virtualHosts."monitoring.mcwhirter.io" = { # Monitoring hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations = {
"/grafana/".proxyPass = "http://localhost:3000/"; # Proxy Grafana
"/grafana/".proxyPass = "http://localhost:3000/"; # Proxy Grafana
"/prometheus/".extraConfig = ''
proxy_pass http://localhost:9090/prometheus/;
proxy_set_header Host $host;
@ -36,9 +33,7 @@
security.acme = {
acceptTerms = true;
certs = {
"monitoring.mcwhirter.io".email = "craige@mcwhirter.io";
};
certs = { "monitoring.mcwhirter.io".email = "craige@mcwhirter.io"; };
};
}

18
profiles/neomutt.nix
View file

@ -6,18 +6,18 @@
# Install other packages that I require to be used with neomutt.
environment.systemPackages = with pkgs; [
isync # My mail fetcher
khard # Console carddav client
lynx # My HTML email viewer
msmtp # My mail sender
neomutt # My MUA
notmuch # Search and indexing for neomutt
urlscan # Scanning for links neomutt
vdirsyncer # Synchronize calendars and contacts
isync # My mail fetcher
khard # Console carddav client
lynx # My HTML email viewer
msmtp # My mail sender
neomutt # My MUA
notmuch # Search and indexing for neomutt
urlscan # Scanning for links neomutt
vdirsyncer # Synchronize calendars and contacts
];
services.cron = {
enable = true; # Enable cron service
enable = true; # Enable cron service
systemCronJobs = [
"*/10 * * * * craige /run/current-system/sw/bin/mbsync -q MCA >> /home/craige/.mailsync-MCA.log 2>&1"
"*/5 * * * * craige /run/current-system/sw/bin/mbsync -q IOHK >> /home/craige/.mailsync-IOHK.log 2>&1"

608
profiles/neovim.nix
View file

@ -1,308 +1,308 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [
(neovim.override {
vimAlias = true;
configure = {
packages.myPlugins = with pkgs.vimPlugins; {
start = [
airline # Lean & mean status/tabline for vim that's light as air
dracula-vim # Dracula theme for vim
fugitive # Vim Git wrapper
fzf-vim # Full path fuzzy file, buffer, mru, tag, finder for Vim
haskell-vim # Syntax Highlighting and Indentation for Haskell
indentLine # Display thin vertical lines at each indentation level
neocomplete-vim # Keyword completion system
neoformat # A (Neo)vim plugin for formatting code.
nerdcommenter # Comment functions so powerful—no comment necessary
nerdtree # File system explorer
nerdtree-git-plugin # Plugin for nerdtree showing git status
#statix # Lints and suggestions for the nix programming language
supertab # Allows you to use <Tab> for all your insert completion
syntastic # Syntax checking hacks
vim-addon-nix # Scripts assisting writing .nix files
vim-autoformat # Automatically format code
vim-cue # Cue filetype plugin for Vim
vim-lastplace
vim-markdown-toc # Generate table of contents for Markdown files
vim-nix # Support for writing Nix expressions in vim
vim-numbertoggle # Toggle between relative / absolute line numbers automatically
vim-one
];
opt = [];
environment.systemPackages = with pkgs;
[
(neovim.override {
vimAlias = true;
configure = {
packages.myPlugins = with pkgs.vimPlugins; {
start = [
airline # Lean & mean status/tabline for vim that's light as air
dracula-vim # Dracula theme for vim
fugitive # Vim Git wrapper
fzf-vim # Full path fuzzy file, buffer, mru, tag, finder for Vim
haskell-vim # Syntax Highlighting and Indentation for Haskell
indentLine # Display thin vertical lines at each indentation level
neocomplete-vim # Keyword completion system
neoformat # A (Neo)vim plugin for formatting code.
nerdcommenter # Comment functions so powerful—no comment necessary
nerdtree # File system explorer
nerdtree-git-plugin # Plugin for nerdtree showing git status
#statix # Lints and suggestions for the nix programming language
supertab # Allows you to use <Tab> for all your insert completion
syntastic # Syntax checking hacks
vim-addon-nix # Scripts assisting writing .nix files
vim-autoformat # Automatically format code
vim-cue # Cue filetype plugin for Vim
vim-lastplace
vim-markdown-toc # Generate table of contents for Markdown files
vim-nix # Support for writing Nix expressions in vim
vim-numbertoggle # Toggle between relative / absolute line numbers automatically
vim-one
];
opt = [ ];
};
customRC = ''
" Preferred global default settings:
set nocompatible
set backspace=indent,eol,start
set number relativenumber " Enable relative line numbers by default
set cursorline " Highlight the current line number
set smartindent " Automatically insert extra level of indentation
set tabstop=4 " Default tabstop
set shiftwidth=4 " Default indent spacing
set expandtab " Expand [TABS] to spaces
packadd! dracula-vim
syntax on " Enable syntax highlighting
set t_Co=256 " Use 265 colors in vim
set background=dark " Set the default background scheme
colorscheme dracula " Set the default colour scheme
"let g:one_allow_italics = 1 " I love italic for comments
set spell spelllang=en_au " Defaul spell checking language
set spellfile=~/.vim-spell.en.utf-8.add " Add the spellfile
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
match ErrorMsg '\s\+$' "
nnoremap <silent> <C-p> :Files<CR>
nnoremap <silent> <Leader>f :Rg<CR>
set grepprg=rg\ --vimgrep\ --smart-case\ --follow
let g:airline_powerline_fonts = 1 " Use powerline fonts
let g:airline_theme='dracula' " Set the airline theme
"call togglebg#map("<F10>") " Toggle background colour between dark|light
set laststatus=2 " Set up the status line so it's coloured and always on
" Removes trailing spaces:
function! TrimWhiteSpace()
%s/\s\+$//e
endfunction
" Trigger for numbertoggle to switch modes
nnoremap <silent> <C-n> :set relativenumber!<CR>
" Tab settings
let g:SuperTabDefaultCompletionType = 'context'
let g:SuperTabContextTextOmniPrecedence = ['&omnifunc','&completefunc']
let g:SuperTabRetainCompletionType=2
inoremap <expr><Enter> pumvisible() ? "\<C-Y>" : "\<Enter>"
inoremap <expr><TAB> pumvisible() ? "\<C-n>" : "\<TAB>"
nnoremap <silent> <Leader>RemoveTrailingWhiteSpace :call TrimWhiteSpace()<CR>
autocmd FileWritePre * :call TrimWhiteSpace()
autocmd FileAppendPre * :call TrimWhiteSpace()
autocmd FilterWritePre * :call TrimWhiteSpace()
autocmd BufWritePre * :call TrimWhiteSpace()
"autocmd BufWrite * :Autoformat
" FIXME: Currently always set to dark due to issues with Termonad Solarized theme
" Light during the day, dark during the night
let hour = strftime("%H")
if 7 <= hour && hour < 17
"set background=dark
"hi Normal ctermbg=none " Set a transparent background
"let g:airline_solarized_bg='dark' " Set the airline background
else
"set background=dark
"hi Normal ctermbg=none " Set a transparent background
"let g:airline_solarized_bg='dark' " Set the airline background
endif
" Transparent editing of gpg encrypted files.
" By Wouter Hanegraaff <wouter@blub.net>
augroup encrypted
au!
" First make sure nothing is written to ~/.viminfo while editing an encrypted file.
autocmd BufReadPre,FileReadPre *.gpg set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.gpg set noswapfile
" Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.gpg set bin
autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.gpg set nobin
autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.gpg u
augroup END
" Use Neoformat to automatically format files
augroup fmt
autocmd!
autocmd BufWritePre * undojoin | Neoformat
augroup END
" Manage ISO files
augroup iso
au!
" First make sure nothing is written to ~/.viminfo while editing an encrypted file.
autocmd BufReadPre,FileReadPre *.iso set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.iso set noswapfile
" Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.iso set bin
autocmd BufReadPre,FileReadPre *.iso let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.iso '[,']!gpg --decrypt 2> /dev/null
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.iso set nobin
autocmd BufReadPost,FileReadPost *.iso let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.iso execute ":doautocmd BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.iso '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.iso u
augroup END
" Use persistent history.
if !isdirectory("/tmp/.vim-undo-dir")
call mkdir("/tmp/.vim-undo-dir", "", 0700)
endif
set undodir=/tmp/.vim-undo-dir
set undofile
" My Markdown environment
function! MarkdownSettings()
set textwidth=79
set spell spelllang=en_au
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.mdwn :call MarkdownSettings()
autocmd BufNewFile,BufFilePre,BufRead *.md :call MarkdownSettings()
" My ReStructured Text environment
function! ReStructuredSettings()
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.rst :call ReStructuredSettings()
autocmd BufNewFile,BufFilePre,BufRead *.txt :call ReStructuredSettings()
" My LaTeX environment:
function! LaTeXSettings()
set textwidth=79
set spell spelllang=en_au
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.tex :call LaTeXSettings()
" Settings for my Haskell environment:
function! HaskellSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.hs :call HaskellSettings()
" Settings for my Nix environment:
function! NixSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set filetype=nix
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.nix :call NixSettings()
" Settings for my Cue environment:
function! CueSettings()
set noexpandtab
set tabstop=2
set shiftwidth=2
set textwidth=79
let g:cue_fmt_on_save = 1
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.cue :call CueSettings()
" Settings for my Rust environment:
function! RustSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
let g:rustfmt_autosave = 1
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.rs :call RustSettings()
" Settings for my Crystal environment:
function! CrystalSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set filetype=crystal
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.cr :call CrystalSettings()
" Settings for my Golang environment:
function! GoSettings()
set tabstop=7
set shiftwidth=7
set noexpandtab
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.go :call GoSettings()
" Settings for my Python environment:
function! PythonSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
set spell!
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.py :call PythonSettings()
" My Mutt environment
function! MuttSettings()
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead mutt-* :call MuttSettings()
autocmd BufNewFile,BufFilePre,BufRead neomutt-* :call MuttSettings()
" Settings for my C environment:
function! CSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.c :call CSettings()
" Settings for my YAML environment:
function! YAMLSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.yaml :call YAMLSettings()
autocmd BufNewFile,BufFilePre,BufRead *.yml :call YAMLSettings()
" Settings for my Bash environment:
function! BashSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
set spell!
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.sh :call BashSettings()
'';
};
customRC = ''
" Preferred global default settings:
set nocompatible
set backspace=indent,eol,start
set number relativenumber " Enable relative line numbers by default
set cursorline " Highlight the current line number
set smartindent " Automatically insert extra level of indentation
set tabstop=4 " Default tabstop
set shiftwidth=4 " Default indent spacing
set expandtab " Expand [TABS] to spaces
packadd! dracula-vim
syntax on " Enable syntax highlighting
set t_Co=256 " Use 265 colors in vim
set background=dark " Set the default background scheme
colorscheme dracula " Set the default colour scheme
"let g:one_allow_italics = 1 " I love italic for comments
set spell spelllang=en_au " Defaul spell checking language
set spellfile=~/.vim-spell.en.utf-8.add " Add the spellfile
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
match ErrorMsg '\s\+$' "
nnoremap <silent> <C-p> :Files<CR>
nnoremap <silent> <Leader>f :Rg<CR>
set grepprg=rg\ --vimgrep\ --smart-case\ --follow
let g:airline_powerline_fonts = 1 " Use powerline fonts
let g:airline_theme='dracula' " Set the airline theme
"call togglebg#map("<F10>") " Toggle background colour between dark|light
set laststatus=2 " Set up the status line so it's coloured and always on
" Removes trailing spaces:
function! TrimWhiteSpace()
%s/\s\+$//e
endfunction
" Trigger for numbertoggle to switch modes
nnoremap <silent> <C-n> :set relativenumber!<CR>
" Tab settings
let g:SuperTabDefaultCompletionType = 'context'
let g:SuperTabContextTextOmniPrecedence = ['&omnifunc','&completefunc']
let g:SuperTabRetainCompletionType=2
inoremap <expr><Enter> pumvisible() ? "\<C-Y>" : "\<Enter>"
inoremap <expr><TAB> pumvisible() ? "\<C-n>" : "\<TAB>"
nnoremap <silent> <Leader>RemoveTrailingWhiteSpace :call TrimWhiteSpace()<CR>
autocmd FileWritePre * :call TrimWhiteSpace()
autocmd FileAppendPre * :call TrimWhiteSpace()
autocmd FilterWritePre * :call TrimWhiteSpace()
autocmd BufWritePre * :call TrimWhiteSpace()
"autocmd BufWrite * :Autoformat
" FIXME: Currently always set to dark due to issues with Termonad Solarized theme
" Light during the day, dark during the night
let hour = strftime("%H")
if 7 <= hour && hour < 17
"set background=dark
"hi Normal ctermbg=none " Set a transparent background
"let g:airline_solarized_bg='dark' " Set the airline background
else
"set background=dark
"hi Normal ctermbg=none " Set a transparent background
"let g:airline_solarized_bg='dark' " Set the airline background
endif
" Transparent editing of gpg encrypted files.
" By Wouter Hanegraaff <wouter@blub.net>
augroup encrypted
au!
" First make sure nothing is written to ~/.viminfo while editing an encrypted file.
autocmd BufReadPre,FileReadPre *.gpg set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.gpg set noswapfile
" Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.gpg set bin
autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.gpg set nobin
autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.gpg u
augroup END
" Use Neoformat to automatically format files
augroup fmt
autocmd!
autocmd BufWritePre * undojoin | Neoformat
augroup END
" Manage ISO files
augroup iso
au!
" First make sure nothing is written to ~/.viminfo while editing an encrypted file.
autocmd BufReadPre,FileReadPre *.iso set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.iso set noswapfile
" Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.iso set bin
autocmd BufReadPre,FileReadPre *.iso let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.iso '[,']!gpg --decrypt 2> /dev/null
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.iso set nobin
autocmd BufReadPost,FileReadPost *.iso let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.iso execute ":doautocmd BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.iso '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.iso u
augroup END
" Use persistent history.
if !isdirectory("/tmp/.vim-undo-dir")
call mkdir("/tmp/.vim-undo-dir", "", 0700)
endif
set undodir=/tmp/.vim-undo-dir
set undofile
" My Markdown environment
function! MarkdownSettings()
set textwidth=79
set spell spelllang=en_au
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.mdwn :call MarkdownSettings()
autocmd BufNewFile,BufFilePre,BufRead *.md :call MarkdownSettings()
" My ReStructured Text environment
function! ReStructuredSettings()
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.rst :call ReStructuredSettings()
autocmd BufNewFile,BufFilePre,BufRead *.txt :call ReStructuredSettings()
" My LaTeX environment:
function! LaTeXSettings()
set textwidth=79
set spell spelllang=en_au
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.tex :call LaTeXSettings()
" Settings for my Haskell environment:
function! HaskellSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.hs :call HaskellSettings()
" Settings for my Nix environment:
function! NixSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set filetype=nix
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.nix :call NixSettings()
" Settings for my Cue environment:
function! CueSettings()
set noexpandtab
set tabstop=2
set shiftwidth=2
set textwidth=79
let g:cue_fmt_on_save = 1
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.cue :call CueSettings()
" Settings for my Rust environment:
function! RustSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
let g:rustfmt_autosave = 1
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.rs :call RustSettings()
" Settings for my Crystal environment:
function! CrystalSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set filetype=crystal
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.cr :call CrystalSettings()
" Settings for my Golang environment:
function! GoSettings()
set tabstop=7
set shiftwidth=7
set noexpandtab
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.go :call GoSettings()
" Settings for my Python environment:
function! PythonSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
set spell!
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.py :call PythonSettings()
" My Mutt environment
function! MuttSettings()
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead mutt-* :call MuttSettings()
autocmd BufNewFile,BufFilePre,BufRead neomutt-* :call MuttSettings()
" Settings for my C environment:
function! CSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.c :call CSettings()
" Settings for my YAML environment:
function! YAMLSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.yaml :call YAMLSettings()
autocmd BufNewFile,BufFilePre,BufRead *.yml :call YAMLSettings()
" Settings for my Bash environment:
function! BashSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
set spell!
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.sh :call BashSettings()
'';
};
}
)];
})
];
}

90
profiles/nextcloud.nix
View file

@ -4,79 +4,75 @@
{
imports =
[
../secrets/nextcloud.nix
];
imports = [ ../secrets/nextcloud.nix ];
services.nextcloud = {
enable = true; # Enable Nextcloud
hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance
https = true; # Use HTTPS for links
config = { # Configure Nextcloud
dbtype = "pgsql"; # Set the database type
dbname = "nextcloud"; # Set the database name
dbhost = "/run/postgresql"; # Set the database connection
dbuser = "nextcloud"; # Set the database user
dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password
adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password
adminuser = "root"; # Set the admin user name
overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS
defaultPhoneRegion = "AU"; # Country code for automatic phone-number detection
enable = true; # Enable Nextcloud
hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance
https = true; # Use HTTPS for links
config = { # Configure Nextcloud
dbtype = "pgsql"; # Set the database type
dbname = "nextcloud"; # Set the database name
dbhost = "/run/postgresql"; # Set the database connection
dbuser = "nextcloud"; # Set the database user
dbpassFile =
"/run/keys/nextcloud-dbpass"; # Where to find the database password
adminpassFile =
"/run/keys/nextcloud-admin"; # Where to find the admin password
adminuser = "root"; # Set the admin user name
overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS
defaultPhoneRegion =
"AU"; # Country code for automatic phone-number detection
};
autoUpdateApps = {
enable = true; # Run regular auto update of all apps installed
startAt = "01:00:00"; # When to run the update
enable = true; # Run regular auto update of all apps installed
startAt = "01:00:00"; # When to run the update
};
package = pkgs.nextcloud22;
};
services.postgresql = {
enable = true; # Ensure postgresql is enabled
ensureDatabases = [ "nextcloud" ]; # Ensure the database persists
ensureUsers = [
{
name = "nextcloud"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE nextcloud" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
enable = true; # Ensure postgresql is enabled
ensureDatabases = [ "nextcloud" ]; # Ensure the database persists
ensureUsers = [{
name = "nextcloud"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE nextcloud" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}];
};
services.nginx = {
enable = true; # Enable Nginx
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
};
virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected
globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host
virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected
globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host
};
};
systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first
requires = ["postgresql.service"];
after = ["postgresql.service"];
systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
security.acme = {
acceptTerms = true;
certs = {
"cloud.mcwhirter.io" = {
email = "craige@mcwhirter.io";
};
};
certs = { "cloud.mcwhirter.io" = { email = "craige@mcwhirter.io"; }; };
};
users.groups.keys.members = [ "nextcloud" ]; # Required due to NixOps issue #1204
users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions
users.groups.keys.members =
[ "nextcloud" ]; # Required due to NixOps issue #1204
users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions
networking.firewall.allowedTCPPorts = [ 80 443 ]; # Open the required firewall ports
networking.firewall.allowedTCPPorts =
[ 80 443 ]; # Open the required firewall ports
}

18
profiles/nix-community.nix
View file

@ -4,15 +4,13 @@
{
nix = {
distributedBuilds = true;
buildMachines = [
{
hostName = "aarch64.nixos.community";
maxJobs = 64;
sshKey = "/root/.ssh/id_nixops_ed25519";
sshUser = "craige";
system = "aarch64-linux";
supportedFeatures = [ "big-parallel" ];
}
];
buildMachines = [{
hostName = "aarch64.nixos.community";
maxJobs = 64;
sshKey = "/root/.ssh/id_nixops_ed25519";
sshUser = "craige";
system = "aarch64-linux";
supportedFeatures = [ "big-parallel" ];
}];
};
}

12
profiles/nix-direnv.nix
View file

@ -14,16 +14,16 @@
# Set the environment
environment = {
systemPackages = with pkgs; [
direnv # A shell extension that manages your environment
nix-direnv # A fast, persistent use_nix implementation for direnv
];
pathsToLink = [
"/share/nix-direnv"
direnv # A shell extension that manages your environment
nix-direnv # A fast, persistent use_nix implementation for direnv
];
pathsToLink = [ "/share/nix-direnv" ];
};
nixpkgs.overlays = [
(self: super: { nix-direnv = super.nix-direnv.override { enableFlakes = true; }; } )
(self: super: {
nix-direnv = super.nix-direnv.override { enableFlakes = true; };
})
];
}

18
profiles/nix-mio-ops.nix
View file

@ -3,15 +3,13 @@
{
nix = {
distributedBuilds = true;
buildMachines = [
{
hostName = "cuallaidh.mcwhirter.io";
maxJobs = 64;
sshKey = "/root/.ssh/id_nixops_ed25519";
sshUser = "craige";
system = "x86_64-linux";
supportedFeatures = [ "big-parallel" ];
}
];
buildMachines = [{
hostName = "cuallaidh.mcwhirter.io";
maxJobs = 64;
sshKey = "/root/.ssh/id_nixops_ed25519";
sshUser = "craige";
system = "x86_64-linux";
supportedFeatures = [ "big-parallel" ];
}];
};
}

34
profiles/nixpkgs-dev.nix
View file

@ -2,27 +2,29 @@
{ config, pkgs, lib, ... }:
#let
# sources = import ../nix/sources.nix;
# unstable = import sources.nixpkgsUnstable {};
#in
{
nixpkgs = {
config = {
allowUnfree = true;
};
};
nixpkgs = { config = { allowUnfree = true; }; };
environment = {
systemPackages = with pkgs; [
cabal2nix # Convert Cabal files into Nix build instructions
nixfmt # An opinionated formatter for Nix
nix-prefetch-github # Prefetch sources from github
nix-prefetch-git # Prefetch sources from git
nix-review # Review pull-requests on https://github.com/NixOS/nixpkgs
nix-top # Tracks what nix is building
nix-universal-prefetch # Uses nixpkgs fetchers to figure out hashes
nodePackages.node2nix # Generate Nix expressions to build NPM packages
nox # Tools to make Nix nicer
sqlite # To query the nixpkgs sqlite database
tig # Text-mode interface for git
cabal2nix # Convert Cabal files into Nix build instructions
nixfmt # An opinionated formatter for Nix
nix-prefetch-github # Prefetch sources from github
nix-prefetch-git # Prefetch sources from git
nix-review # Review pull-requests on https://github.com/NixOS/nixpkgs
nix-top # Tracks what nix is building
nix-universal-prefetch # Uses nixpkgs fetchers to figure out hashes
nodePackages.node2nix # Generate Nix expressions to build NPM packages
nox # Tools to make Nix nicer
sqlite # To query the nixpkgs sqlite database
tig # Text-mode interface for git
#unstable.statix # Lints and suggestions for the nix programming language
];
};

12
profiles/openssh.nix
View file

@ -5,17 +5,15 @@
{
services.openssh = {
enable = true; # Enable the OpenSSH daemon.
enable = true; # Enable the OpenSSH daemon.
permitRootLogin = "prohibit-password";
challengeResponseAuthentication = false;
passwordAuthentication = false;
openFirewall = true;
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
hostKeys = [{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}];
};
}

9
profiles/pi_common.nix
View file

@ -4,10 +4,11 @@
{
environment = { # Set the system-wide environment
systemPackages = with pkgs; [
usbutils # Tools for working with USB devices, such as lsusb
];
environment = { # Set the system-wide environment
systemPackages = with pkgs;
[
usbutils # Tools for working with USB devices, such as lsusb
];
};
}

4
profiles/powerManagement.nix
View file

@ -7,7 +7,7 @@
powerManagement = {
enable = true;
cpuFreqGovernor = lib.mkDefault "performance";
powertop.enable = true; # Enable powertop auto tuning on startup
powertop.enable = true; # Enable powertop auto tuning on startup
};
services = {
@ -17,7 +17,7 @@
};
tlp.enable = false;
upower = {
enable = true; # Enable application power managemetn support
enable = true; # Enable application power managemetn support
percentageCritical = 15;
percentageAction = 15;
};

160
profiles/prometheus.nix
View file

@ -8,9 +8,7 @@
prometheus = {
enable = true;
webExternalUrl = "https://monitoring.mcwhirter.io/prometheus/";
extraFlags = [
"--storage.tsdb.retention.time 8760h"
];
extraFlags = [ "--storage.tsdb.retention.time 8760h" ];
exporters = {
node = {
enable = true;
@ -52,171 +50,161 @@
# targets = [ "airgead.mcwhirter.io:9093" ];
# } ];
#} ];
rules = [ (builtins.toJSON {
groups = [
{
rules = [
(builtins.toJSON {
groups = [{
name = "system";
rules = [
{
alert = "node_down";
expr = "up == 0";
for = "5m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Node is down.";
description = "{{$labels.alias}} has been down for more than 5 minutes.";
description =
"{{$labels.alias}} has been down for more than 5 minutes.";
};
}
{
alert = "node_systemd_service_failed";
expr = "node_systemd_unit_state{state=\"failed\"} == 1";
expr = ''node_systemd_unit_state{state="failed"} == 1'';
for = "4m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.";
description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
summary =
"{{$labels.alias}}: Service {{$labels.name}} failed to start.";
description =
"{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
};
}
{
alert = "node_filesystem_full_90percent";
expr = "sort(node_filesystem_free_bytes{device!=\"ramfs\"} < node_filesystem_size_bytes{device!=\"ramfs\"} * 0.1) / 1024^3";
expr = ''
sort(node_filesystem_free_bytes{device!="ramfs"} < node_filesystem_size_bytes{device!="ramfs"} * 0.1) / 1024^3'';
for = "5m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Filesystem is running out of space soon.";
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem.";
summary =
"{{$labels.alias}}: Filesystem is running out of space soon.";
description =
"{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem.";
};
}
{
alert = "node_filesystem_full_in_4h";
expr = "predict_linear(node_filesystem_free_bytes{device!=\"ramfs\",device!=\"tmpfs\",fstype!=\"autofs\",fstype!=\"cd9660\"}[4h], 4*3600) <= 0";
expr = ''
predict_linear(node_filesystem_free_bytes{device!="ramfs",device!="tmpfs",fstype!="autofs",fstype!="cd9660"}[4h], 4*3600) <= 0'';
for = "5m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.";
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours";
summary =
"{{$labels.alias}}: Filesystem is running out of space in 4 hours.";
description =
"{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours";
};
}
{
alert = "node_filedescriptors_full_in_3h";
expr = "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum";
expr =
"predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum";
for = "20m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.";
description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
summary =
"{{$labels.alias}} is running out of available file descriptors in 3 hours.";
description =
"{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
};
}
{
alert = "node_load1_90percent";
expr = "node_load1 / on(alias) count(node_cpu_seconds_total{mode=\"system\"}) by (alias) >= 0.9";
expr = ''
node_load1 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 0.9'';
for = "1h";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Running on high load.";
description = "{{$labels.alias}} is running with > 90% total load for at least 1h.";
description =
"{{$labels.alias}} is running with > 90% total load for at least 1h.";
};
}
{
alert = "node_cpu_util_90percent";
expr = "100 - (avg by (alias) (irate(node_cpu_seconds_total{mode=\"idle\"}[5m])) * 100) >= 90";
expr = ''
100 - (avg by (alias) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) >= 90'';
for = "1h";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: High CPU utilization.";
description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h.";
description =
"{{$labels.alias}} has total CPU utilization over 90% for at least 1h.";
};
}
{
alert = "node_ram_using_99percent";
expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01";
expr =
"node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01";
for = "30m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Using lots of RAM.";
description = "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.";
description =
"{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.";
};
}
{
alert = "node_swap_using_80percent";
expr = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8";
expr =
"node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8";
for = "10m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Running out of swap soon.";
description = "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now.";
description =
"{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now.";
};
}
{
alert = "node_time_unsync";
expr = "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1";
expr =
"abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1";
for = "1m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Clock out of sync with NTP";
description = "{{$labels.alias}} Local clock offset is too large or out of sync with NTP";
description =
"{{$labels.alias}} Local clock offset is too large or out of sync with NTP";
};
}
];
}
];
})];
}];
})
];
scrapeConfigs = [
{
job_name = "prometheus";
scrape_interval = "5s";
static_configs = [
{
targets = [
"localhost:9090"
];
labels = { alias = "prometheus"; };
}
];
static_configs = [{
targets = [ "localhost:9090" ];
labels = { alias = "prometheus"; };
}];
}
{
job_name = "cardano-node";
scrape_interval = "10s";
static_configs = [
{
targets = [ "127.0.0.1:12798" ];
labels = { alias = "airgead"; };
}
];
static_configs = [{
targets = [ "127.0.0.1:12798" ];
labels = { alias = "airgead"; };
}];
}
{
job_name = "node";
scrape_interval = "10s";
static_configs = [
{
targets = [
"airgead.mcwhirter.io:9100"
];
labels = {
alias = "airgead.mcwhirter.io";
};
}
];
static_configs = [{
targets = [ "airgead.mcwhirter.io:9100" ];
labels = { alias = "airgead.mcwhirter.io"; };
}];
}
];
};

39
profiles/qemu.nix
View file

@ -1,7 +1,6 @@
# Based up original work by cleverca22
# https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
{ config, pkgs, lib, ... }:
with lib;
@ -9,18 +8,24 @@ let
cfg = config.qemu-user;
arm = {
interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm";
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
magicOrExtension =
"\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
};
aarch64 = {
interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64";
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
magicOrExtension =
"\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
};
riscv64 = {
interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64";
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
magicOrExtension =
"\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
};
in {
options = {
@ -32,22 +37,22 @@ in {
nix.supportedPlatforms = mkOption {
type = types.listOf types.str;
description = "extra platforms that nix will run binaries for";
default = [];
default = [ ];
};
};
config = mkIf (cfg.arm || cfg.aarch64) {
nixpkgs = {
overlays = [ (import ../overlays/qemu) ];
};
boot.binfmt.registrations =
optionalAttrs cfg.arm { inherit arm; } //
optionalAttrs cfg.aarch64 { inherit aarch64; } //
optionalAttrs cfg.riscv64 { inherit riscv64; };
nix.supportedPlatforms = (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
nixpkgs = { overlays = [ (import ../overlays/qemu) ]; };
boot.binfmt.registrations = optionalAttrs cfg.arm { inherit arm; }
// optionalAttrs cfg.aarch64 { inherit aarch64; }
// optionalAttrs cfg.riscv64 { inherit riscv64; };
nix.supportedPlatforms =
(optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
++ (optional cfg.aarch64 "aarch64-linux");
nix.extraOptions = ''
extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux
'';
nix.sandboxPaths = [ "/run/binfmt" ] ++ (optional cfg.arm "${pkgs.qemu-user-arm}") ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}");
nix.sandboxPaths = [ "/run/binfmt" ]
++ (optional cfg.arm "${pkgs.qemu-user-arm}")
++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}");
};
}

2
profiles/retro-gaming.nix
View file

@ -1,4 +1,4 @@
# Configuration for
# Configuration for
{ config, pkgs, ... }:

11
profiles/server_common.nix
View file

@ -4,12 +4,11 @@
{
imports =
[
../profiles/openssh.nix
../secrets/user-craige.nix
../secrets/user-root.nix
];
imports = [
../profiles/openssh.nix
../secrets/user-craige.nix
../secrets/user-root.nix
];
programs.mosh = {
enable = true;

12
profiles/spotify.nix
View file

@ -5,15 +5,11 @@
{
services.spotifyd = {
enable = true; # Enable the Spotify daemon.
config = "
username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg
password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg
";
enable = true; # Enable the Spotify daemon.
config =
"\n username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg\n password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg\n ";
};
environment.systemPackages = with pkgs; [
spotify
];
environment.systemPackages = with pkgs; [ spotify ];
}

Some files were not shown because too many files have changed in this diff Show more