nix: nixfmt

This commit is contained in:
Serĉanto de Scio 2021-11-16 14:57:23 +10:00
parent 2f808daa78
commit e6dbc113ad
Signed by: sercanto
GPG key ID: 7DBA9F5689EFB6AA
114 changed files with 1621 additions and 1850 deletions

View file

@ -1,11 +1,9 @@
{ sources ? import ./nix/sources.nix { sources ? import ./nix/sources.nix, system ? builtins.currentSystem
, system ? builtins.currentSystem , crossSystem ? null, config ? { }
, crossSystem ? null , cardanoNodeProject ? import sources.cardano-node { } }@args:
, config ? {} with import ./nix args; {
, cardanoNodeProject ? import sources.cardano-node {}
}@args: with import ./nix args; {
shell = mkShell { shell = mkShell {
inherit (import sources.niv {}) niv; inherit (import sources.niv { }) niv;
buildInputs = [ buildInputs = [
cardanoNodeProject.cardano-cli # required for KES key rotation cardanoNodeProject.cardano-cli # required for KES key rotation
niv niv

View file

@ -6,10 +6,9 @@
enableRollback = true; enableRollback = true;
}; };
resources.sshKeyPairs.ssh-key = {}; resources.sshKeyPairs.ssh-key = { };
defaults = defaults = { config, pkgs, lib, ... }:
{ config, pkgs, lib, ... }:
{ {
system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps

View file

@ -1,2 +1 @@
{ { }
}

View file

@ -50,14 +50,12 @@
}; };
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
[ { device = "/dev/disk/by-label/swap"; }
];
networking.wireless.enable = true; # Enable wireless via wpa_supplicant. networking.wireless.enable = true; # Enable wireless via wpa_supplicant.
nix.maxJobs = lib.mkDefault 1; nix.maxJobs = lib.mkDefault 1;

View file

@ -3,23 +3,20 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules =
[ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
[ { device = "/dev/disk/by-label/swap"; }
];
hardware.opengl.extraPackages = with pkgs; [ vaapiIntel ]; hardware.opengl.extraPackages = with pkgs; [ vaapiIntel ];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;

View file

@ -27,7 +27,7 @@
loader = { loader = {
grub = { grub = {
forceInstall = true; forceInstall = true;
version =1; version = 1;
extraPerEntryConfig = "root (hd0)"; extraPerEntryConfig = "root (hd0)";
extraConfig = '' extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
@ -41,16 +41,12 @@
}; };
# File systems configuration for the Linode VMs # File systems configuration for the Linode VMs
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
{
device = "/dev/disk/by-label/swap";
}
];
nix.maxJobs = lib.mkDefault 8; nix.maxJobs = lib.mkDefault 8;
} }

View file

@ -26,16 +26,12 @@
}; };
# File systems configuration for the Linode VMs # File systems configuration for the Linode VMs
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/sda"; device = "/dev/sda";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ swapDevices = [{ device = "/dev/sdb"; }];
{
device = "/dev/sdb";
}
];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
} }

View file

@ -4,10 +4,9 @@ with lib;
let let
sources = import ../../nix/sources.nix; sources = import ../../nix/sources.nix;
unstable = import sources.nixpkgsUnstable {}; unstable = import sources.nixpkgsUnstable { };
in
{ in {
imports = [ imports = [
"${modulesPath}/profiles/base.nix" "${modulesPath}/profiles/base.nix"
./uboot/hardkernel-uboot.nix ./uboot/hardkernel-uboot.nix
@ -36,7 +35,6 @@ in
(import ./overlays/uboot/overlay.nix) (import ./overlays/uboot/overlay.nix)
]; ];
# DNS # DNS
services.resolved.enable = true; services.resolved.enable = true;
services.resolved.dnssec = "false"; services.resolved.dnssec = "false";

View file

@ -1,5 +1,4 @@
{ pkgs, lib, config, modulesPath, ... }: { pkgs, lib, config, modulesPath, ... }: {
{
imports = [ imports = [
"${modulesPath}/installer/sd-card/sd-image.nix" "${modulesPath}/installer/sd-card/sd-image.nix"
# should we include this module or should we treat the SD # should we include this module or should we treat the SD
@ -18,7 +17,8 @@
# Remove zfs from supported filesystems as it fails when cross-compiling due # Remove zfs from supported filesystems as it fails when cross-compiling due
# to not being able to build kernel module # to not being able to build kernel module
boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; boot.supportedFilesystems =
lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
sdImage = { sdImage = {
compressImage = false; compressImage = false;

View file

@ -1,13 +1,5 @@
{ stdenv { stdenv, buildPackages, fetchFromGitHub, perl, buildLinux, libelf, utillinux
, buildPackages , lib, ... }@args:
, fetchFromGitHub
, perl
, buildLinux
, libelf
, utillinux
, lib
, ...
}@args:
buildLinux (args // rec { buildLinux (args // rec {
version = "4.9.241-107"; version = "4.9.241-107";

View file

@ -7,7 +7,10 @@ final: prev: {
# 3. The IRBLASTER module not registering syscalls correctly # 3. The IRBLASTER module not registering syscalls correctly
# The following patch makes the above warnings non-errors, decreases NR_CPUS to 4 and disables the IRBLASTER module. # The following patch makes the above warnings non-errors, decreases NR_CPUS to 4 and disables the IRBLASTER module.
({ name = "hardkernel-patches"; patch = ./kernel.diff; }) ({
name = "hardkernel-patches";
patch = ./kernel.diff;
})
]; ];
}; };
} }

View file

@ -3,25 +3,14 @@
gcc49Stdenv.mkDerivation { gcc49Stdenv.mkDerivation {
name = "hardkernel-uboot"; name = "hardkernel-uboot";
src = builtins.fetchTarball { src = builtins.fetchTarball {
url = "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz"; url =
"https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz";
sha256 = "0hj49jf9w2w55r7fjpx8asb92r85lws8mvq4mvl1v309z7k56zwv"; sha256 = "0hj49jf9w2w55r7fjpx8asb92r85lws8mvq4mvl1v309z7k56zwv";
}; };
patches = [ ./pwd.diff ./fip_create.diff ]; patches = [ ./pwd.diff ./fip_create.diff ];
nativeBuildInputs = [ nativeBuildInputs = [ git gcc49Stdenv.cc bc bison flex nettools ];
git depsBuildBuild = [ arm-gcc49 buildPackages.gcc49Stdenv.cc ];
gcc49Stdenv.cc makeFlags = [ "CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}" ];
bc
bison
flex
nettools
];
depsBuildBuild = [
arm-gcc49
buildPackages.gcc49Stdenv.cc
];
makeFlags = [
"CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}"
];
configurePhase = '' configurePhase = ''
make odroidc4_defconfig make odroidc4_defconfig
''; '';

View file

@ -3,7 +3,8 @@ stdenv.mkDerivation {
name = "meson64-tools"; name = "meson64-tools";
nativeBuildInputs = [ python2 python3 ]; nativeBuildInputs = [ python2 python3 ];
src = builtins.fetchTarball { src = builtins.fetchTarball {
url = "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz"; url =
"https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz";
sha256 = "1487cr7sv34yry8f0chaj6s2g3736dzq0aqw239ahdy30yg7hb2v"; sha256 = "1487cr7sv34yry8f0chaj6s2g3736dzq0aqw239ahdy30yg7hb2v";
}; };

View file

@ -1,25 +1,19 @@
final: prev: final: prev:
let let
platform = final.lib.systems.examples.aarch64-multiplatform // { platform = final.lib.systems.examples.aarch64-multiplatform // {
gcc = { gcc = { arch = "armv8-a+crypto"; };
arch = "armv8-a+crypto";
};
}; };
arm64 = final.pkgsCross.aarch64-embedded; arm64 = final.pkgsCross.aarch64-embedded;
arm = final.pkgsCross.arm-embedded; arm = final.pkgsCross.arm-embedded;
uboot-hardkernel = arm64.callPackage ./hardkernel.nix { uboot-hardkernel =
arm-gcc49 = arm.buildPackages.gcc49; arm64.callPackage ./hardkernel.nix { arm-gcc49 = arm.buildPackages.gcc49; };
}; with-crypto = import final.path { crossSystem = platform; };
with-crypto = import final.path {
crossSystem = platform;
};
meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix { }; meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix { };
blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix { }; blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix { };
uboot = arm64.callPackage ./u-boot.nix { uboot = arm64.callPackage ./u-boot.nix {
inherit uboot-hardkernel meson64-tools blx_fix; inherit uboot-hardkernel meson64-tools blx_fix;
}; };
in in {
{
uboot-hardkernel = uboot; uboot-hardkernel = uboot;
ubootTools-hardkernel = final.buildPackages.ubootTools; ubootTools-hardkernel = final.buildPackages.ubootTools;
buildPackages = prev.buildPackages // { buildPackages = prev.buildPackages // {

View file

@ -1,21 +1,11 @@
{ stdenv { stdenv, git, bc, bison, flex, nettools, openssl, buildPackages
, git , uboot-hardkernel, meson64-tools, blx_fix }:
, bc
, bison
, flex
, nettools
, openssl
, buildPackages
, uboot-hardkernel
, meson64-tools
, blx_fix
}:
let let
in in stdenv.mkDerivation {
stdenv.mkDerivation {
name = "uboot"; name = "uboot";
src = builtins.fetchTarball { src = builtins.fetchTarball {
url = "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz"; url =
"https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz";
sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6"; sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6";
}; };
CROSS_COMPILE = stdenv.cc.targetPrefix; CROSS_COMPILE = stdenv.cc.targetPrefix;
@ -83,16 +73,7 @@ stdenv.mkDerivation {
--ddrfw9 fip/lpddr3_1d.fw \ --ddrfw9 fip/lpddr3_1d.fw \
--level v3 --level v3
''; '';
nativeBuildInputs = [ nativeBuildInputs = [ git bc bison flex nettools ];
git
bc
bison
flex
nettools
];
depsBuildBuild = [ depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.openssl.dev ];
buildPackages.stdenv.cc
buildPackages.openssl.dev
];
} }

View file

@ -11,9 +11,9 @@ let
# The builder used to write during system activation # The builder used to write during system activation
builder = import ./boot-ini-builder.nix { inherit pkgs; }; builder = import ./boot-ini-builder.nix { inherit pkgs; };
# The builder exposed in populateCmd, which runs on the build architecture # The builder exposed in populateCmd, which runs on the build architecture
populateBuilder = import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; }; populateBuilder =
in import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; };
{ in {
options = { options = {
boot.loader.hardkernel-uboot = { boot.loader.hardkernel-uboot = {
enable = mkOption { enable = mkOption {
@ -42,13 +42,13 @@ in
}; };
}; };
config = config = let
let builderArgs = "-t ${timeoutStr}"
builderArgs = "-t ${timeoutStr}" + lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}"; + lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}";
in in mkIf cfg.enable {
mkIf cfg.enable {
system.build.installBootLoader = "${builder} ${builderArgs} -c"; system.build.installBootLoader = "${builder} ${builderArgs} -c";
system.boot.loader.id = "hardkernel-uboot"; system.boot.loader.id = "hardkernel-uboot";
boot.loader.hardkernel-uboot.populateCmd = "${populateBuilder} ${builderArgs}"; boot.loader.hardkernel-uboot.populateCmd =
"${populateBuilder} ${builderArgs}";
}; };
} }

View file

@ -3,9 +3,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = [ imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot = { boot = {
initrd = { initrd = {
@ -20,25 +18,24 @@
"cryptd" # Software async crypto daemon "cryptd" # Software async crypto daemon
]; ];
kernelModules = [ "dm-snapshot" ]; kernelModules = [ "dm-snapshot" ];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4"; luks.devices."cryptroot".device =
"/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
}; };
kernelModules = [ "kvm-intel" ]; # Enable kvm for libvirtd kernelModules = [ "kvm-intel" ]; # Enable kvm for libvirtd
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c"; device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = {
fileSystems."/boot" = device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96";
{ device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; } [{ device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; }];
];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
} }

View file

@ -59,7 +59,10 @@
}; };
# !!! Adding a swap file is optional, but strongly recommended! # !!! Adding a swap file is optional, but strongly recommended!
swapDevices = [ { device = "/swapfile"; size = 1024; } ]; swapDevices = [{
device = "/swapfile";
size = 1024;
}];
hardware = { hardware = {
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
@ -71,7 +74,8 @@
sound.enable = false; # Disable sound. sound.enable = false; # Disable sound.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
[
libraspberrypi # Userland tools for the Raspberry Pi board libraspberrypi # Userland tools for the Raspberry Pi board
]; ];

View file

@ -62,7 +62,10 @@
}; };
# !!! Adding a swap file is optional, but strongly recommended! # !!! Adding a swap file is optional, but strongly recommended!
swapDevices = [ { device = "/swapfile"; size = 1024; } ]; swapDevices = [{
device = "/swapfile";
size = 1024;
}];
hardware = { hardware = {
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
@ -72,7 +75,8 @@
enableB43Firmware = false; # If true, enable Pi wireless firmware enableB43Firmware = false; # If true, enable Pi wireless firmware
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
[
libraspberrypi # Userland tools for the Raspberry Pi board libraspberrypi # Userland tools for the Raspberry Pi board
]; ];

View file

@ -4,8 +4,7 @@
{ {
imports = imports = [
[
../networks/linode.nix ../networks/linode.nix
../profiles/cardano-node.nix ../profiles/cardano-node.nix
../secrets/airgead.nix ../secrets/airgead.nix

View file

@ -3,9 +3,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [ ../hardware/odroid-hc4 ];
../hardware/odroid-hc4
];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.121"; deployment.targetHost = "10.42.0.121";
@ -23,7 +21,8 @@
}; };
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
[
gnupg # GPL OpenPGP implementation gnupg # GPL OpenPGP implementation
]; ];

View file

@ -4,8 +4,7 @@
{ {
imports = imports = [
[
../networks/linode.nix ../networks/linode.nix
../profiles/coturn.nix ../profiles/coturn.nix
../profiles/cryptpad.nix ../profiles/cryptpad.nix

View file

@ -35,10 +35,7 @@
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ permittedInsecurePackages = [ "openssl-1.0.2u" "minecraft" ];
"openssl-1.0.2u"
"minecraft"
];
}; };
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
@ -200,9 +197,7 @@
Enable = "Source,Sink,Media,Socket"; Enable = "Source,Sink,Media,Socket";
NoPlugin = "sap"; NoPlugin = "sap";
}; };
Policy = { Policy = { AutoEnable = "true"; };
AutoEnable = "true";
};
}; };
}; };
opengl.enable = true; opengl.enable = true;
@ -216,11 +211,7 @@
TCPKeepAlive no TCPKeepAlive no
''; '';
users.groups = { users.groups = { lp.members = [ "messagebus" ]; };
lp.members = [
"messagebus"
];
};
# This value determines the NixOS release with which your system is to be # This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database # compatible, in order to avoid breaking some software such as database

View file

@ -3,8 +3,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[
../hardware/lenovo_x201.nix ../hardware/lenovo_x201.nix
../profiles/desktop_common.nix ../profiles/desktop_common.nix
../profiles/wine.nix ../profiles/wine.nix

View file

@ -3,9 +3,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [ ../networks/pi2B_rack.nix ];
../networks/pi2B_rack.nix
];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
#deployment.targetHost = "10.69.0.201"; #deployment.targetHost = "10.69.0.201";

View file

@ -3,16 +3,13 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [ ../networks/pi3B_rack.nix ];
../networks/pi3B_rack.nix
];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.204"; deployment.targetHost = "10.42.0.204";
networking.hostName = "paidh-ceithir"; # Define your hostname. networking.hostName = "paidh-ceithir"; # Define your hostname.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ ];
];
system.stateVersion = "20.09"; # The version of NixOS originally installed system.stateVersion = "20.09"; # The version of NixOS originally installed
} }

View file

@ -3,16 +3,13 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [ ../networks/pi3B_rack.nix ];
../networks/pi3B_rack.nix
];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.205"; deployment.targetHost = "10.42.0.205";
networking.hostName = "paidh-coig"; # Define your hostname. networking.hostName = "paidh-coig"; # Define your hostname.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ ];
];
system.stateVersion = "20.09"; # The version of NixOS originally installed system.stateVersion = "20.09"; # The version of NixOS originally installed
} }

View file

@ -3,16 +3,14 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [ ../networks/pi3B_rack.nix ../profiles/cyclone-ibis.nix ];
../networks/pi3B_rack.nix
../profiles/cyclone-ibis.nix
];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.203"; deployment.targetHost = "10.42.0.203";
networking.hostName = "paidh-tri"; # Define your hostname. networking.hostName = "paidh-tri"; # Define your hostname.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
[
gnupg # GPL OpenPGP implementation gnupg # GPL OpenPGP implementation
]; ];

View file

@ -34,7 +34,8 @@
nixos.enable = false; # Save some space by disabling the manual nixos.enable = false; # Save some space by disabling the manual
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
[
gnupg # GPL OpenPGP implementation gnupg # GPL OpenPGP implementation
]; ];

View file

@ -3,8 +3,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[
../hardware/lenovo_x201.nix ../hardware/lenovo_x201.nix
../profiles/desktopFiona.nix ../profiles/desktopFiona.nix
../profiles/desktop_common.nix ../profiles/desktop_common.nix

View file

@ -3,8 +3,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[
../hardware/lenovo_x201.nix ../hardware/lenovo_x201.nix
../profiles/desktop_common.nix ../profiles/desktop_common.nix
../profiles/haskell-dev.nix ../profiles/haskell-dev.nix

View file

@ -6,12 +6,11 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
extlinux-conf-builder = extlinux-conf-builder = import
import <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> { <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
pkgs = pkgs.buildPackages; pkgs = pkgs.buildPackages;
}; };
in in {
{
imports = [ imports = [
<nixpkgs/nixos/modules/profiles/base.nix> <nixpkgs/nixos/modules/profiles/base.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/sd-image.nix> <nixpkgs/nixos/modules/installer/cd-dvd/sd-image.nix>

View file

@ -11,9 +11,6 @@
{ ... }: { { ... }: {
imports = [ imports = [ ./sd-image_paidh-armv7.nix ../hosts/paidh-aon.nix ];
./sd-image_paidh-armv7.nix
../hosts/paidh-aon.nix
];
} }

View file

@ -6,12 +6,11 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
extlinux-conf-builder = extlinux-conf-builder = import
import <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> { <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
pkgs = pkgs.buildPackages; pkgs = pkgs.buildPackages;
}; };
in in {
{
imports = [ imports = [
<nixpkgs/nixos/modules/profiles/base.nix> <nixpkgs/nixos/modules/profiles/base.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/sd-image.nix> <nixpkgs/nixos/modules/installer/cd-dvd/sd-image.nix>

View file

@ -11,9 +11,6 @@
{ ... }: { { ... }: {
imports = [ imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-ceithir.nix ];
./sd-image_paidh-aarch64.nix
../hosts/paidh-ceithir.nix
];
} }

View file

@ -11,9 +11,6 @@
{ ... }: { { ... }: {
imports = [ imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-coig.nix ];
./sd-image_paidh-aarch64.nix
../hosts/paidh-coig.nix
];
} }

View file

@ -2,9 +2,6 @@
{ ... }: { { ... }: {
imports = [ imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-dha.nix ];
./sd-image_paidh-aarch64.nix
../hosts/paidh-dha.nix
];
} }

View file

@ -11,9 +11,6 @@
{ ... }: { { ... }: {
imports = [ imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-tri.nix ];
./sd-image_paidh-aarch64.nix
../hosts/paidh-tri.nix
];
} }

View file

@ -2,12 +2,14 @@
# #
# Usage: nix-build -A iso images/usb-yubikey.nix # Usage: nix-build -A iso images/usb-yubikey.nix
{ nixpkgs? <nixpkgs>, system ? "x86_64-linux" }: { nixpkgs ? <nixpkgs>, system ? "x86_64-linux" }:
let let
config = { pkgs, ... }: config = { pkgs, ... }:
with pkgs; { with pkgs; {
imports = [<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>]; imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
];
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
boot.kernelParams = [ "console=ttyS0,115200n8" ]; boot.kernelParams = [ "console=ttyS0,115200n8" ];
programs = { programs = {
@ -29,10 +31,7 @@ let
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
#services.openssh.enable = false; #services.openssh.enable = false;
}; };
evalNixos = configuration: import <nixpkgs/nixos> { evalNixos = configuration:
inherit system configuration; import <nixpkgs/nixos> { inherit system configuration; };
};
in { in { iso = (evalNixos config).config.system.build.isoImage; }
iso = (evalNixos config).config.system.build.isoImage;
}

View file

@ -3,11 +3,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = imports = [ ../profiles/host_common.nix ../profiles/server_common.nix ];
[
../profiles/host_common.nix
../profiles/server_common.nix
];
# Ensure the right package architecture is used # Ensure the right package architecture is used
nixpkgs.localSystem = { nixpkgs.localSystem = {
@ -16,11 +12,7 @@
}; };
# Tools that Linode support like to have install if you need them. # Tools that Linode support like to have install if you need them.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ inetutils mtr sysstat ];
inetutils
mtr
sysstat
];
# Configure firewall defaults: # Configure firewall defaults:
networking = { networking = {

View file

@ -3,9 +3,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = imports = [ ../hardware/linode_vm-encrypted.nix ./linode-common.nix ];
[
../hardware/linode_vm-encrypted.nix
./linode-common.nix
];
} }

View file

@ -3,9 +3,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = imports = [ ../hardware/linode_vm.nix ./linode-common.nix ];
[
../hardware/linode_vm.nix
./linode-common.nix
];
} }

View file

@ -2,8 +2,7 @@
{ {
imports = imports = [
[
<nixpkgs/nixos/modules/installer/scan/not-detected.nix> <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../hardware/raspberry_pi_2_model_B.nix ../hardware/raspberry_pi_2_model_B.nix
../profiles/host_common.nix ../profiles/host_common.nix
@ -12,11 +11,10 @@
]; ];
# Ensure the right package architecture is used # Ensure the right package architecture is used
nixpkgs.crossSystem = { nixpkgs.crossSystem = { system = "armv7l-linux"; };
system = "armv7l-linux";
};
networking.wireless.enable = false; # Toggles wireless support via wpa_supplicant. networking.wireless.enable =
false; # Toggles wireless support via wpa_supplicant.
documentation = { documentation = {
nixos.enable = false; # Save some space by disabling the manual nixos.enable = false; # Save some space by disabling the manual

View file

@ -2,8 +2,7 @@
{ {
imports = imports = [
[
<nixpkgs/nixos/modules/installer/scan/not-detected.nix> <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../hardware/raspberry_pi_3_model_B.nix ../hardware/raspberry_pi_3_model_B.nix
../profiles/host_common.nix ../profiles/host_common.nix
@ -18,7 +17,8 @@
allowUnfree = true; allowUnfree = true;
}; };
networking.wireless.enable = false; # Toggles wireless support via wpa_supplicant. networking.wireless.enable =
false; # Toggles wireless support via wpa_supplicant.
documentation = { documentation = {
nixos.enable = false; # Save some space by disabling the manual nixos.enable = false; # Save some space by disabling the manual

View file

@ -1,31 +1,22 @@
{ sources ? import ./sources.nix { sources ? import ./sources.nix, system ? builtins.currentSystem
, system ? builtins.currentSystem , crossSystem ? null, config ? { } }:
, crossSystem ? null
, config ? {} }:
let let
# our own overlays: # our own overlays:
local-overlays = [ local-overlays = [ ];
];
globals = globals = if builtins.pathExists ../globals.nix then
if builtins.pathExists ../globals.nix [ (import ../globals.nix) ]
then [(import ../globals.nix)] else
else builtins.trace "globals.nix missing, please add symlink" []; builtins.trace "globals.nix missing, please add symlink" [ ];
# merge upstream sources with our own: # merge upstream sources with our own:
upstream-overlays = [ upstream-overlays = [
( _: super: { (_: super: {
sources = (super.sources or {}) // sources; sources = (super.sources or { }) // sources;
}) })
]; ];
overlays = overlays = local-overlays ++ globals ++ upstream-overlays;
local-overlays ++ in import sources.nixpkgs { inherit overlays system crossSystem config; }
globals ++
upstream-overlays;
in
import sources.nixpkgs {
inherit overlays system crossSystem config;
}

View file

@ -19,29 +19,28 @@ let
pkgs.fetchzip { inherit (spec) url sha256; }; pkgs.fetchzip { inherit (spec) url sha256; };
fetch_git = spec: fetch_git = spec:
builtins.fetchGit { url = spec.repo; inherit (spec) rev ref; }; builtins.fetchGit {
url = spec.repo;
inherit (spec) rev ref;
};
fetch_builtin-tarball = spec: fetch_builtin-tarball = spec:
builtins.trace builtins.trace ''
''
WARNING: WARNING:
The niv type "builtin-tarball" will soon be deprecated. You should The niv type "builtin-tarball" will soon be deprecated. You should
instead use `builtin = true`. instead use `builtin = true`.
$ niv modify <package> -a type=tarball -a builtin=true $ niv modify <package> -a type=tarball -a builtin=true
'' '' builtins_fetchTarball { inherit (spec) url sha256; };
builtins_fetchTarball { inherit (spec) url sha256; };
fetch_builtin-url = spec: fetch_builtin-url = spec:
builtins.trace builtins.trace ''
''
WARNING: WARNING:
The niv type "builtin-url" will soon be deprecated. You should The niv type "builtin-url" will soon be deprecated. You should
instead use `builtin = true`. instead use `builtin = true`.
$ niv modify <package> -a type=file -a builtin=true $ niv modify <package> -a type=file -a builtin=true
'' '' (builtins_fetchurl { inherit (spec) url sha256; });
(builtins_fetchurl { inherit (spec) url sha256; });
# #
# Various helpers # Various helpers
@ -51,17 +50,16 @@ let
mkPkgs = sources: mkPkgs = sources:
let let
sourcesNixpkgs = sourcesNixpkgs =
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {}; import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; })
{ };
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.; hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in in if builtins.hasAttr "nixpkgs" sources then
if builtins.hasAttr "nixpkgs" sources sourcesNixpkgs
then sourcesNixpkgs else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then import <nixpkgs> { }
import <nixpkgs> {}
else else
abort abort ''
''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json. add a package called "nixpkgs" to your sources.json.
''; '';
@ -69,66 +67,67 @@ let
# The actual fetching function. # The actual fetching function.
fetch = pkgs: name: spec: fetch = pkgs: name: spec:
if ! builtins.hasAttr "type" spec then if !builtins.hasAttr "type" spec then
abort "ERROR: niv spec ${name} does not have a 'type' attribute" abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file" then fetch_file pkgs spec else if spec.type == "file" then
else if spec.type == "tarball" then fetch_tarball pkgs spec fetch_file pkgs spec
else if spec.type == "git" then fetch_git spec else if spec.type == "tarball" then
else if spec.type == "builtin-tarball" then fetch_builtin-tarball spec fetch_tarball pkgs spec
else if spec.type == "builtin-url" then fetch_builtin-url spec else if spec.type == "git" then
fetch_git spec
else if spec.type == "builtin-tarball" then
fetch_builtin-tarball spec
else if spec.type == "builtin-url" then
fetch_builtin-url spec
else else
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; abort
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
# Ports of functions for older nix versions # Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist # a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs = builtins.mapAttrs or ( mapAttrs = builtins.mapAttrs or (f: set:
f: set: with builtins; with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) listToAttrs (map (attr: {
); name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# fetchTarball version that is compatible between all the versions of Nix # fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = { url, sha256 }@attrs: builtins_fetchTarball = { url, sha256 }@attrs:
let let inherit (builtins) lessThan nixVersion fetchTarball;
inherit (builtins) lessThan nixVersion fetchTarball; in if lessThan nixVersion "1.12" then
in
if lessThan nixVersion "1.12" then
fetchTarball { inherit url; } fetchTarball { inherit url; }
else else
fetchTarball attrs; fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix # fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = { url, sha256 }@attrs: builtins_fetchurl = { url, sha256 }@attrs:
let let inherit (builtins) lessThan nixVersion fetchurl;
inherit (builtins) lessThan nixVersion fetchurl; in if lessThan nixVersion "1.12" then
in
if lessThan nixVersion "1.12" then
fetchurl { inherit url; } fetchurl { inherit url; }
else else
fetchurl attrs; fetchurl attrs;
# Create the final "sources" from the config # Create the final "sources" from the config
mkSources = config: mkSources = config:
mapAttrs ( mapAttrs (name: spec:
name: spec: if builtins.hasAttr "outPath" spec then
if builtins.hasAttr "outPath" spec abort
then abort
"The values in sources.json should not have an 'outPath' attribute" "The values in sources.json should not have an 'outPath' attribute"
else else
spec // { outPath = fetch config.pkgs name spec; } spec // { outPath = fetch config.pkgs name spec; }) config.sources;
) config.sources;
# The "config" used by the fetchers # The "config" used by the fetchers
mkConfig = mkConfig = { sourcesFile ? ./sources.json
{ sourcesFile ? ./sources.json
, sources ? builtins.fromJSON (builtins.readFile sourcesFile) , sources ? builtins.fromJSON (builtins.readFile sourcesFile)
, pkgs ? mkPkgs sources , pkgs ? mkPkgs sources }: rec {
}: rec {
# The sources, i.e. the attribute set of spec name to spec # The sources, i.e. the attribute set of spec name to spec
inherit sources; inherit sources;
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
inherit pkgs; inherit pkgs;
}; };
in in mkSources (mkConfig { }) // {
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); } __functor = _: settings: mkSources (mkConfig settings);
}

View file

@ -1,4 +1,4 @@
let sources = import ../nix/sources.nix {}; in let sources = import ../nix/sources.nix { };
final: prev: { in final: prev: {
nixUnstable = (import sources.nixos-unstable {}).nixUnstable; nixUnstable = (import sources.nixos-unstable { }).nixUnstable;
} }

View file

@ -4,9 +4,10 @@
self: super: self: super:
{ {
qemu-user-arm = if self.stdenv.system == "x86_64-linux" qemu-user-arm = if self.stdenv.system == "x86_64-linux" then
then self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; } self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; }
else self.callPackage ./qemu { user_arch = "arm"; }; else
self.callPackage ./qemu { user_arch = "arm"; };
qemu-user-x86 = self.callPackage ./qemu { user_arch = "x86_64"; }; qemu-user-x86 = self.callPackage ./qemu { user_arch = "x86_64"; };
qemu-user-arm64 = self.callPackage ./qemu { user_arch = "aarch64"; }; qemu-user-arm64 = self.callPackage ./qemu { user_arch = "aarch64"; };
qemu-user-riscv32 = self.callPackage ./qemu { user_arch = "riscv32"; }; qemu-user-riscv32 = self.callPackage ./qemu { user_arch = "riscv32"; };

View file

@ -1,13 +1,13 @@
# Based up original waokr by cleverca22 # Based up original waokr by cleverca22
# https://raw.githubusercontent.com/cleverca22/nixos-configs/master/overlays/qemu/qemu/default.nix # https://raw.githubusercontent.com/cleverca22/nixos-configs/master/overlays/qemu/qemu/default.nix
{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison, { stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison
makeStaticLibraries, glibc, qemu, fetchFromGitHub }: , makeStaticLibraries, glibc, qemu, fetchFromGitHub }:
let let
env2 = makeStaticLibraries stdenv; env2 = makeStaticLibraries stdenv;
myglib = (glib.override { stdenv = env2; }).overrideAttrs (drv: { myglib = (glib.override { stdenv = env2; }).overrideAttrs (drv: {
mesonFlags = (drv.mesonFlags or []) ++ [ "-Ddefault_library=both" ]; mesonFlags = (drv.mesonFlags or [ ]) ++ [ "-Ddefault_library=both" ];
}); });
riscv_src = fetchFromGitHub { riscv_src = fetchFromGitHub {
owner = "riscv"; owner = "riscv";
@ -22,18 +22,23 @@ let
riscv64 = "x86_64"; riscv64 = "x86_64";
x86_64 = "x86_64"; x86_64 = "x86_64";
}; };
in in stdenv.mkDerivation rec {
stdenv.mkDerivation rec {
name = "qemu-user-${user_arch}-${version}"; name = "qemu-user-${user_arch}-${version}";
version = "3.1.0"; version = "3.1.0";
src = if is_riscv then riscv_src else qemu.src; src = if is_riscv then riscv_src else qemu.src;
buildInputs = [ python pkgconfig zlib.static myglib flex bison glibc.static ]; buildInputs = [ python pkgconfig zlib.static myglib flex bison glibc.static ];
patches = [ ./qemu-stack.patch ]; patches = [ ./qemu-stack.patch ];
configureFlags = [ configureFlags = [
"--enable-linux-user" "--target-list=${user_arch}-linux-user" "--enable-linux-user"
"--disable-bsd-user" "--disable-system" "--disable-vnc" "--target-list=${user_arch}-linux-user"
"--disable-curses" "--disable-sdl" "--disable-vde" "--disable-bsd-user"
"--disable-bluez" "--disable-kvm" "--disable-system"
"--disable-vnc"
"--disable-curses"
"--disable-sdl"
"--disable-vde"
"--disable-bluez"
"--disable-kvm"
"--static" "--static"
"--disable-tools" "--disable-tools"
"--cpu=${arch_map.${user_arch}}" "--cpu=${arch_map.${user_arch}}"
@ -41,6 +46,8 @@ stdenv.mkDerivation rec {
NIX_LDFLAGS = [ "-lglib-2.0" ]; NIX_LDFLAGS = [ "-lglib-2.0" ];
enableParallelBuilding = true; enableParallelBuilding = true;
postInstall = '' postInstall = ''
cc -static ${./qemu-wrap.c} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap cc -static ${
./qemu-wrap.c
} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap
''; '';
} }

View file

@ -17,8 +17,6 @@
kconfig-frontends # Linux kconfig infrastructure kconfig-frontends # Linux kconfig infrastructure
]; ];
users.groups.adbusers.members = [ users.groups.adbusers.members = [ "craige" ];
"craige"
];
} }

View file

@ -5,21 +5,17 @@
let let
sources = import ../nix/sources.nix; sources = import ../nix/sources.nix;
cardanoNodeProject = import (sources.cardano-node + "/nix") { gitrev = sources.cardano-node.rev; }; cardanoNodeProject = import (sources.cardano-node + "/nix") {
iohkNix = import (sources.iohk-nix) {}; gitrev = sources.cardano-node.rev;
};
iohkNix = import (sources.iohk-nix) { };
in in {
{ imports =
[ ../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos" ];
imports = [ environment.systemPackages = [ cardanoNodeProject.cardano-cli ];
../secrets/cardano/producers.nix
"${sources.cardano-node}/nix/nixos"
];
environment.systemPackages = [
cardanoNodeProject.cardano-cli
];
services = { services = {
cardano-node = { cardano-node = {
@ -33,12 +29,7 @@ in
scName = "cardano"; scName = "cardano";
scFormat = "ScText"; scFormat = "ScText";
}]; }];
defaultScribes = [ defaultScribes = [[ "JournalSK" "cardano" ]];
[
"JournalSK"
"cardano"
]
];
}; };
kesKey = "/run/keys/cardano-kes"; kesKey = "/run/keys/cardano-kes";
vrfKey = "/run/keys/cardano-vrf"; vrfKey = "/run/keys/cardano-vrf";
@ -54,6 +45,7 @@ in
}; };
}; };
users.groups.keys.members = [ "cardano-node" ]; # Required due to NixOps issue #1204 users.groups.keys.members =
[ "cardano-node" ]; # Required due to NixOps issue #1204
} }

View file

@ -4,9 +4,7 @@
{ {
imports = [ imports = [ ../secrets/coturn.nix ];
../secrets/coturn.nix
];
services = { services = {
@ -19,11 +17,8 @@
"172.105.171.16" "172.105.171.16"
]; ];
no-tcp-relay = true; # Disable TCP relay endpoints no-tcp-relay = true; # Disable TCP relay endpoints
extraConfig = " extraConfig =
cipher-list=\"HIGH\" "\n cipher-list=\"HIGH\"\n no-loopback-peers\n no-multicast-peers\n ";
no-loopback-peers
no-multicast-peers
";
secure-stun = true; # Require authentication of the STUN Binding request secure-stun = true; # Require authentication of the STUN Binding request
cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem"; cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem";
pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem"; pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem";
@ -57,8 +52,10 @@
5350 # STUN tls alt 5350 # STUN tls alt
443 # HTTPS 443 # HTTPS
]; ];
allowedUDPPortRanges = [ allowedUDPPortRanges = [{
{ from=49152; to=49999; } # TURN relay from = 49152;
to = 49999;
} # TURN relay
]; ];
}; };

View file

@ -1,6 +1,6 @@
# NixOps configuration for deploying the craige4rocky website # NixOps configuration for deploying the craige4rocky website
{ config, pkgs, ...}: { config, pkgs, ... }:
let let
craige4rocky = import (pkgs.fetchgit { craige4rocky = import (pkgs.fetchgit {
@ -32,7 +32,8 @@ in {
"www.${webdomain}" = { # Respect our elders :-) "www.${webdomain}" = { # Respect our elders :-)
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
}; };
}; };
}; };

View file

@ -55,7 +55,8 @@
''; '';
tryFiles = "$uri =404"; tryFiles = "$uri =404";
}; };
"~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" = { "~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" =
{
extraConfig = '' extraConfig = ''
rewrite ^(.*)$ $1/ redirect; rewrite ^(.*)$ $1/ redirect;
''; '';
@ -69,9 +70,7 @@
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
certs = { certs = { "pad.mcwhirter.io".email = "craige@mcwhirter.io"; };
"pad.mcwhirter.io".email = "craige@mcwhirter.io";
};
}; };
} }

View file

@ -1,6 +1,6 @@
# NixOps configuration for deploying the Cyclone Ibis website # NixOps configuration for deploying the Cyclone Ibis website
{ config, pkgs, ...}: { config, pkgs, ... }:
let let
cyclone-ibis = import (pkgs.fetchgit { cyclone-ibis = import (pkgs.fetchgit {
@ -34,7 +34,8 @@ in {
"www.${webdomain}" = { # Respect our elders :-) "www.${webdomain}" = { # Respect our elders :-)
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
}; };
}; };
}; };

View file

@ -5,13 +5,11 @@
let let
sources = import ../nix/sources.nix; sources = import ../nix/sources.nix;
daedalusProject = import sources.daedalus {}; daedalusProject = import sources.daedalus { };
daedalusMainnet = daedalusProject.daedalus; daedalusMainnet = daedalusProject.daedalus;
#daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight}; #daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight};
in in {
{
environment.systemPackages = [ environment.systemPackages = [
daedalusMainnet daedalusMainnet

View file

@ -4,9 +4,7 @@
{ {
# Craige's Desktop Packages # Craige's Desktop Packages
imports = [ imports = [ ../profiles/ebooks.nix ];
../profiles/ebooks.nix
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
byobu # text-based window manager and terminal multiplexer. byobu # text-based window manager and terminal multiplexer.

View file

@ -3,8 +3,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[
../profiles/games-kids.nix ../profiles/games-kids.nix
../profiles/host_common.nix ../profiles/host_common.nix
../profiles/daedalus.nix ../profiles/daedalus.nix
@ -36,11 +35,13 @@
xorg.libxcb # X C binding xorg.libxcb # X C binding
]; ];
networking.networkmanager.enable = true; # Enables network support via NetworkManager. networking.networkmanager.enable =
true; # Enables network support via NetworkManager.
# Enable common desktop services # Enable common desktop services
services = { services = {
acpid.enable = true; # A daemon for delivering ACPI events to userspace programs acpid.enable =
true; # A daemon for delivering ACPI events to userspace programs
blueman.enable = true; # GTK-based Bluetooth Manager blueman.enable = true; # GTK-based Bluetooth Manager
devmon.enable = true; # Enable external device automounting.` devmon.enable = true; # Enable external device automounting.`
udev.packages = [ udev.packages = [
@ -78,18 +79,14 @@
Enable = "Source,Sink,Media,Socket"; Enable = "Source,Sink,Media,Socket";
NoPlugin = "sap"; NoPlugin = "sap";
}; };
Policy = { Policy = { AutoEnable = "true"; };
AutoEnable = "true";
};
}; };
}; };
opengl.enable = true; opengl.enable = true;
}; };
# Configure Firefox and Chromium # Configure Firefox and Chromium
nixpkgs.config = { nixpkgs.config = { allowUnfree = true; };
allowUnfree = true;
};
programs = { programs = {
chromium = { chromium = {
@ -100,27 +97,9 @@
# Groups to add # Groups to add
users.groups = { users.groups = {
audio.members = [ audio.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
"craige" libvirtd.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
"fiona" networkmanager.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
"hamish"
"logan"
"xander"
];
libvirtd.members = [
"craige"
"fiona"
"hamish"
"logan"
"xander"
];
networkmanager.members = [
"craige"
"fiona"
"hamish"
"logan"
"xander"
];
}; };
} }

View file

@ -4,9 +4,7 @@
{ {
environment.variables = { environment.variables = { FOLIATE_TTS_LANG = "en-gb"; };
FOLIATE_TTS_LANG="en-gb";
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
#python39Packages.gtts # Speech synthesizer, required for text to speech. #python39Packages.gtts # Speech synthesizer, required for text to speech.

View file

@ -1,27 +1,27 @@
/* /* This is a nix expression to build Emacs and some Emacs packages I like
This is a nix expression to build Emacs and some Emacs packages I like from source on any distribution where Nix is installed. This will install
from source on any distribution where Nix is installed. This will install all the dependencies from the nixpkgs repository and build the binary files
all the dependencies from the nixpkgs repository and build the binary files without interfering with the host distribution.
without interfering with the host distribution.
To build the project, type the following from the current directory: To build the project, type the following from the current directory:
$ nix-build emacs.nix $ nix-build emacs.nix
To run the newly compiled executable: To run the newly compiled executable:
$ ./result/bin/emacs $ ./result/bin/emacs
*/ */
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> { } }:
let let
myEmacs = pkgs.emacs; myEmacs = pkgs.emacs;
emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages; emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages;
in in emacsWithPackages (epkgs:
emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ (with epkgs.melpaStablePackages; [
magit # ; Integrate git <C-x g> magit # ; Integrate git <C-x g>
zerodark-theme # ; Nicolas' theme zerodark-theme # ; Nicolas' theme
]) ++ (with epkgs.melpaPackages; [ ]) ++ (with epkgs.melpaPackages;
[
#undo-tree # ; <C-x u> to show the undo tree #undo-tree # ; <C-x u> to show the undo tree
#zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+> #zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
]) ++ (with epkgs.elpaPackages; [ ]) ++ (with epkgs.elpaPackages; [

View file

@ -2,19 +2,15 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
sources = import ../nix/sources.nix; sources = import ../nix/sources.nix;
unstable = import sources.nixpkgsUnstable {}; unstable = import sources.nixpkgsUnstable { };
in
{ in {
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ permittedInsecurePackages = [ "minecraft" ];
"minecraft"
];
}; };
# Retro Gaming Packages # Retro Gaming Packages

View file

@ -16,8 +16,8 @@
rootUrl = "https://source.mcwhirter.io/"; # Root web URL rootUrl = "https://source.mcwhirter.io/"; # Root web URL
httpPort = 3002; # Provided unique port httpPort = 3002; # Provided unique port
settings = let settings = let
docutils = docutils = pkgs.python37.withPackages (ps:
pkgs.python37.withPackages (ps: with ps; [ with ps; [
docutils # Provides rendering of ReStructured Text files docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting pygments # Provides syntax highlighting
]); ]);
@ -26,12 +26,8 @@
ENABLED = true; ENABLED = true;
FROM = "gitea@mcwhirter.io"; FROM = "gitea@mcwhirter.io";
}; };
repository = { repository = { DEFAULT_BRANCH = "consensus"; };
DEFAULT_BRANCH = "consensus"; service = { REGISTER_EMAIL_CONFIRM = true; };
};
service = {
REGISTER_EMAIL_CONFIRM = true;
};
"markup.restructuredtext" = { "markup.restructuredtext" = {
ENABLED = true; ENABLED = true;
FILE_EXTENSIONS = ".rst"; FILE_EXTENSIONS = ".rst";
@ -54,15 +50,13 @@
gitea-users gitea gitea gitea-users gitea gitea
''; '';
ensureDatabases = [ "gitea" ]; # Ensure the database persists ensureDatabases = [ "gitea" ]; # Ensure the database persists
ensureUsers = [ ensureUsers = [{
{
name = "gitea"; # Ensure the database user persists name = "gitea"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist ensurePermissions = { # Ensure the database permissions persist
"DATABASE gitea" = "ALL PRIVILEGES"; "DATABASE gitea" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
}; };
} }];
];
}; };
services.nginx = { services.nginx = {

View file

@ -15,8 +15,8 @@
rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL
httpPort = 3001; # Provided unique port httpPort = 3001; # Provided unique port
extraConfig = let extraConfig = let
docutils = docutils = pkgs.python37.withPackages (ps:
pkgs.python37.withPackages (ps: with ps; [ with ps; [
docutils # Provides rendering of ReStructured Text files docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting pygments # Provides syntax highlighting
]); ]);

View file

@ -4,9 +4,7 @@
{ {
imports = [ imports = [ ../secrets/cardano/grafana.nix ];
../secrets/cardano/grafana.nix
];
services = { services = {
grafana = { grafana = {
@ -15,7 +13,8 @@
domain = "monitoring.mcwhirter.io"; domain = "monitoring.mcwhirter.io";
rootUrl = "https://monitoring.mcwhirter.io/grafana"; rootUrl = "https://monitoring.mcwhirter.io/grafana";
security = { security = {
adminPasswordFile = "/run/keys/grafana-apass"; # Where to find the password adminPasswordFile =
"/run/keys/grafana-apass"; # Where to find the password
}; };
auth = { auth = {
anonymous = { anonymous = {
@ -31,17 +30,16 @@
# options.path = ../monitoring/NodeSystemDashboard.json; # options.path = ../monitoring/NodeSystemDashboard.json;
# } # }
#]; #];
datasources = [ datasources = [{
{
type = "prometheus"; type = "prometheus";
name = "prometheus"; name = "prometheus";
url = "http://localhost:9090/prometheus"; url = "http://localhost:9090/prometheus";
} }];
];
}; };
}; };
}; };
users.groups.keys.members = [ "grafana" ]; # Required due to NixOps issue #1204 users.groups.keys.members =
[ "grafana" ]; # Required due to NixOps issue #1204
} }

View file

@ -40,7 +40,8 @@
# Configure and install required fonts # Configure and install required fonts
fonts.enableDefaultFonts = true; fonts.enableDefaultFonts = true;
fonts.fontDir.enable = true; fonts.fontDir.enable = true;
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs;
[
powerline-fonts # Required for Powerline prompts powerline-fonts # Required for Powerline prompts
]; ];
fonts.fontconfig.includeUserConf = false; fonts.fontconfig.includeUserConf = false;
@ -51,8 +52,7 @@
# Ruin the config so we don't accidentally run # Ruin the config so we don't accidentally run
# nixos-rebuild switch on the host # nixos-rebuild switch on the host
(let (let
cfg = pkgs.writeText "configuration.nix" cfg = pkgs.writeText "configuration.nix" ''
''
assert builtins.trace "This system is managed by NixOps." false; assert builtins.trace "This system is managed by NixOps." false;
{} {}
''; '';
@ -71,7 +71,7 @@
show-trace = true # Enable --show-trace by default for nix show-trace = true # Enable --show-trace by default for nix
builders-use-substitutes = true # Set builders to use caches builders-use-substitutes = true # Set builders to use caches
''; '';
trustedUsers = ["craige"]; trustedUsers = [ "craige" ];
}; };
system.extraSystemBuilderCmds = '' system.extraSystemBuilderCmds = ''
@ -79,9 +79,7 @@
''; '';
environment.etc.host-nix-channel.source = pkgs.path; environment.etc.host-nix-channel.source = pkgs.path;
environment.variables = { environment.variables = { BAT_THEME = "Dracula"; };
BAT_THEME="Dracula";
};
# Set the system-wide environment # Set the system-wide environment
environment = { environment = {
@ -89,7 +87,10 @@
bat # cat clone with syntax highlighting & Git integration bat # cat clone with syntax highlighting & Git integration
dnsutils # Bind DNS utilities dnsutils # Bind DNS utilities
fd # A simple, fast and user-friendly alternative to find fd # A simple, fast and user-friendly alternative to find
(if config.services.xserver.enable then gitAndTools.gitFull else git) # Distributed version control system (if config.services.xserver.enable then
gitAndTools.gitFull
else
git) # Distributed version control system
htop # interactive process viewer htop # interactive process viewer
hwinfo # Hardware detection tool hwinfo # Hardware detection tool
killall # kill processes by name killall # kill processes by name

View file

@ -9,8 +9,7 @@ let
#sha256 = "1vs3lyfyafsl7wbpmycv7c3n9n2rkrswp65msb6q1iskgpvr96d5"; #sha256 = "1vs3lyfyafsl7wbpmycv7c3n9n2rkrswp65msb6q1iskgpvr96d5";
sha256 = "0i7szp04c873gfmj1h0dcl5rsbzzldc160pcls8z9v6iphils34i"; sha256 = "0i7szp04c873gfmj1h0dcl5rsbzzldc160pcls8z9v6iphils34i";
}; };
in in pkgs.callPackage ./hydra-fork.nix {
pkgs.callPackage ./hydra-fork.nix {
nixpkgsPath = pkgs.path; nixpkgsPath = pkgs.path;
#patches = [ #patches = [
# (pkgs.fetchpatch { # (pkgs.fetchpatch {
@ -19,4 +18,4 @@ in
# }) # })
#]; #];
src = hydraSrc; src = hydraSrc;
} }

View file

@ -11,5 +11,4 @@ let
}; };
}); });
in in hydraRelease.build.x86_64-linux.overrideAttrs (drv: { })
hydraRelease.build.x86_64-linux.overrideAttrs (drv: { })

View file

@ -17,8 +17,7 @@
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql; package = pkgs.postgresql;
identMap = identMap = ''
''
hydra-users hydra hydra hydra-users hydra hydra
hydra-users hydra-queue-runner hydra hydra-users hydra-queue-runner hydra
hydra-users hydra-www hydra hydra-users hydra-www hydra
@ -26,15 +25,13 @@
hydra-users postgres postgres hydra-users postgres postgres
''; '';
ensureDatabases = [ "hydra" ]; # Ensure the database persists ensureDatabases = [ "hydra" ]; # Ensure the database persists
ensureUsers = [ ensureUsers = [{
{
name = "hydra"; # Ensure the database user persists name = "hydra"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist ensurePermissions = { # Ensure the database permissions persist
"DATABASE hydra" = "ALL PRIVILEGES"; "DATABASE hydra" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
}; };
} }];
];
}; };
networking.firewall.allowedTCPPorts = [ config.services.hydra.port ]; networking.firewall.allowedTCPPorts = [ config.services.hydra.port ];
@ -62,9 +59,7 @@
}; };
}; };
security.acme.certs = { security.acme.certs = { "hydra.mcwhirter.io".email = "craige@mcwhirter.io"; };
"hydra.mcwhirter.io".email = "craige@mcwhirter.io";
};
systemd.services.hydra-manual-setup = { systemd.services.hydra-manual-setup = {
description = "Create Admin User for Hydra"; description = "Create Admin User for Hydra";
@ -73,7 +68,9 @@
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ]; requires = [ "hydra-init.service" ];
after = [ "hydra-init.service" ]; after = [ "hydra-init.service" ];
environment = builtins.removeAttrs (config.systemd.services.hydra-init.environment) ["PATH"]; environment =
builtins.removeAttrs (config.systemd.services.hydra-init.environment)
[ "PATH" ];
script = '' script = ''
if [ ! -e ~hydra/.setup-is-complete ]; then if [ ! -e ~hydra/.setup-is-complete ]; then
# create signing keys # create signing keys
@ -90,15 +87,13 @@
fi fi
''; '';
}; };
nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"]; nix.trustedUsers = [ "hydra" "hydra-evaluator" "hydra-queue-runner" ];
nix.buildMachines = [ nix.buildMachines = [{
{
hostName = "localhost"; hostName = "localhost";
systems = [ "x86_64-linux" "i686-linux" ]; systems = [ "x86_64-linux" "i686-linux" ];
maxJobs = 4; maxJobs = 4;
# for building VirtualBox VMs as build artifacts, you might need other # for building VirtualBox VMs as build artifacts, you might need other
# features depending on what you are doing # features depending on what you are doing
supportedFeatures = [ "big-parallel" "kvm" "nixos-test" ]; supportedFeatures = [ "big-parallel" "kvm" "nixos-test" ];
} }];
];
} }

View file

@ -4,10 +4,7 @@
{ {
imports = [ imports = [ ../profiles/terminal-recording.nix ../profiles/nix-direnv.nix ];
../profiles/terminal-recording.nix
../profiles/nix-direnv.nix
];
nix = { nix = {
package = pkgs.nixFlakes; package = pkgs.nixFlakes;
@ -68,8 +65,6 @@
# package = pkgs.postgresql_10; # Set the required version, if needed # package = pkgs.postgresql_10; # Set the required version, if needed
}; };
users.groups.docker.members = [ users.groups.docker.members = [ "craige" ];
"craige"
];
} }

View file

@ -5,12 +5,12 @@
disabledModules = [ "services/networking/jormungandr.nix" ]; disabledModules = [ "services/networking/jormungandr.nix" ];
imports = let imports = let
jormungandrNixSrc = builtins.fetchTarball https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz; jormungandrNixSrc = builtins.fetchTarball
in [ "https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz";
(import (jormungandrNixSrc + "/nixos")) in [ (import (jormungandrNixSrc + "/nixos")) ];
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
[
jq # CLI JSON processor jq # CLI JSON processor
]; ];

View file

@ -1,11 +1,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }: {
{
imports = [ /home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix ]; imports = [ /home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix ];
services = { services = {
jormungandr = { jormungandr = {
enable = true; enable = true;
enableExplorer = false; enableExplorer = false;
genesisBlockHash = "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2"; genesisBlockHash =
"11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2";
trustedPeersAddresses = [ trustedPeersAddresses = [
"/ip4/3.123.177.192/tcp/3000" "/ip4/3.123.177.192/tcp/3000"
"/ip4/52.57.157.167/tcp/3000" "/ip4/52.57.157.167/tcp/3000"

View file

@ -17,7 +17,8 @@
''; '';
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs;
[
wally-cli # Flash firmware to mechanical keyboard wally-cli # Flash firmware to mechanical keyboard
]; ];
}; };

View file

@ -4,7 +4,8 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
[
kate # Multi-document editor with syntax highlighting kate # Multi-document editor with syntax highlighting
]; ];

View file

@ -4,9 +4,7 @@
{ {
imports = [ imports = [ ../secrets/matrix.nix ];
../secrets/matrix.nix
];
i18n = { i18n = {
extraLocaleSettings = { extraLocaleSettings = {
@ -27,8 +25,14 @@
bind_address = ""; bind_address = "";
port = 8448; port = 8448;
resources = [ resources = [
{ compress = true; names = [ "client" ]; } {
{ compress = false; names = [ "federation" ]; } compress = true;
names = [ "client" ];
}
{
compress = false;
names = [ "federation" ];
}
]; ];
tls = true; tls = true;
type = "http"; type = "http";
@ -41,10 +45,12 @@
{ {
compress = true; compress = true;
names = [ "client" ]; names = [ "client" ];
} { }
{
compress = false; compress = false;
names = [ "federation" ]; names = [ "federation" ];
} ]; }
];
tls = true; tls = true;
type = "http"; type = "http";
x_forwarded = true; x_forwarded = true;
@ -53,7 +59,8 @@
max_upload_size = "200M"; # Also set client_max_body_size to at least this max_upload_size = "200M"; # Also set client_max_body_size to at least this
tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem"; tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem";
tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem"; tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem";
turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6"; turn_shared_secret =
"IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
turn_uris = [ turn_uris = [
"turn:turn.mcwhirter.io:5349?transport=udp" "turn:turn.mcwhirter.io:5349?transport=udp"
"turn:turn.mcwhirter.io:5350?transport=udp" "turn:turn.mcwhirter.io:5350?transport=udp"
@ -77,11 +84,8 @@
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = { locations = {
"/_matrix" = { "/_matrix" = { proxyPass = "https://[::1]:8008"; };
proxyPass = "https://[::1]:8008"; "/.well-known/matrix/server".extraConfig = let
};
"/.well-known/matrix/server".extraConfig =
let
# use 443 instead of the default 8448 port to unite # use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity # the client-server and server-server port for simplicity
server = { "m.server" = "synapse.mcwhirter.io:443"; }; server = { "m.server" = "synapse.mcwhirter.io:443"; };
@ -89,10 +93,11 @@
add_header Content-Type application/json; add_header Content-Type application/json;
return 200 '${builtins.toJSON server}'; return 200 '${builtins.toJSON server}';
''; '';
"= /.well-known/matrix/client".extraConfig = "= /.well-known/matrix/client".extraConfig = let
let
client = { client = {
"m.homeserver" = { "base_url" = "https://synapse.mcwhirter.io"; }; "m.homeserver" = {
"base_url" = "https://synapse.mcwhirter.io";
};
"m.identity_server" = { "base_url" = "https://vector.im"; }; "m.identity_server" = { "base_url" = "https://vector.im"; };
}; };
# ACAO required to allow element-web on any URL to request this json file # ACAO required to allow element-web on any URL to request this json file
@ -117,15 +122,13 @@
postgresql = { postgresql = {
enable = true; enable = true;
ensureDatabases = [ "matrix-synapse" ]; # Ensure the database persists ensureDatabases = [ "matrix-synapse" ]; # Ensure the database persists
ensureUsers = [ ensureUsers = [{
{
name = "matrix-synapse"; # Ensure the database user persists name = "matrix-synapse"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist ensurePermissions = { # Ensure the database permissions persist
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
}; };
} }];
];
# Initial database creation # Initial database creation
initialScript = pkgs.writeText "synapse-init.sql" '' initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
@ -146,7 +149,8 @@
}; };
"synapse.mcwhirter.io" = { "synapse.mcwhirter.io" = {
group = "matrix-synapse"; group = "matrix-synapse";
postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service"; postRun =
"systemctl reload nginx.service; systemctl restart matrix-synapse.service";
email = "acme@mcwhirter.io"; email = "acme@mcwhirter.io";
}; };
}; };
@ -160,6 +164,7 @@
]; ];
}; };
users.groups.matrix-synapse.members = [ "nginx" ]; # Added for keys permissions users.groups.matrix-synapse.members =
[ "nginx" ]; # Added for keys permissions
} }

View file

@ -1,10 +1,10 @@
# NixOps configuration for deploying the mcwhirter.io website # NixOps configuration for deploying the mcwhirter.io website
{ config, pkgs, ...}: { config, pkgs, ... }:
let let
sources = import ../nix/sources.nix; sources = import ../nix/sources.nix;
mcwhirter-io = import sources.mcwhirter-io {}; mcwhirter-io = import sources.mcwhirter-io { };
webdomain = "mcwhirter.io"; webdomain = "mcwhirter.io";
in { in {
@ -26,7 +26,8 @@ in {
root = "${mcwhirter-io}"; # Wesbite root root = "${mcwhirter-io}"; # Wesbite root
}; };
"www.${webdomain}" = { # Respect our elders :-) "www.${webdomain}" = { # Respect our elders :-)
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
}; };
}; };
}; };

View file

@ -6,11 +6,7 @@
imports = [ ../secrets/minecraftServer.nix ]; imports = [ ../secrets/minecraftServer.nix ];
nixpkgs = { nixpkgs = { config = { allowUnfree = true; }; };
config = {
allowUnfree = true;
};
};
services.minecraft-server = { services.minecraft-server = {
enable = true; # Enable the Minecraft server. enable = true; # Enable the Minecraft server.
@ -26,7 +22,8 @@
}; };
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
[
mcron # Minecraft console client mcron # Minecraft console client
]; ];
} }

View file

@ -4,10 +4,7 @@
{ {
imports = [ imports = [ ./grafana.nix ./prometheus.nix ];
./grafana.nix
./prometheus.nix
];
services = { services = {
nginx = { nginx = {
@ -36,9 +33,7 @@
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
certs = { certs = { "monitoring.mcwhirter.io".email = "craige@mcwhirter.io"; };
"monitoring.mcwhirter.io".email = "craige@mcwhirter.io";
};
}; };
} }

View file

@ -1,8 +1,8 @@
{ pkgs, ... }: { pkgs, ... }: {
{
environment.variables = { EDITOR = "vim"; }; environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
[
(neovim.override { (neovim.override {
vimAlias = true; vimAlias = true;
configure = { configure = {
@ -31,7 +31,7 @@
vim-numbertoggle # Toggle between relative / absolute line numbers automatically vim-numbertoggle # Toggle between relative / absolute line numbers automatically
vim-one vim-one
]; ];
opt = []; opt = [ ];
}; };
customRC = '' customRC = ''
" Preferred global default settings: " Preferred global default settings:
@ -303,6 +303,6 @@
autocmd BufNewFile,BufFilePre,BufRead *.sh :call BashSettings() autocmd BufNewFile,BufFilePre,BufRead *.sh :call BashSettings()
''; '';
}; };
} })
)]; ];
} }

View file

@ -4,10 +4,7 @@
{ {
imports = imports = [ ../secrets/nextcloud.nix ];
[
../secrets/nextcloud.nix
];
services.nextcloud = { services.nextcloud = {
enable = true; # Enable Nextcloud enable = true; # Enable Nextcloud
@ -18,11 +15,14 @@
dbname = "nextcloud"; # Set the database name dbname = "nextcloud"; # Set the database name
dbhost = "/run/postgresql"; # Set the database connection dbhost = "/run/postgresql"; # Set the database connection
dbuser = "nextcloud"; # Set the database user dbuser = "nextcloud"; # Set the database user
dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password dbpassFile =
adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password "/run/keys/nextcloud-dbpass"; # Where to find the database password
adminpassFile =
"/run/keys/nextcloud-admin"; # Where to find the admin password
adminuser = "root"; # Set the admin user name adminuser = "root"; # Set the admin user name
overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS
defaultPhoneRegion = "AU"; # Country code for automatic phone-number detection defaultPhoneRegion =
"AU"; # Country code for automatic phone-number detection
}; };
autoUpdateApps = { autoUpdateApps = {
enable = true; # Run regular auto update of all apps installed enable = true; # Run regular auto update of all apps installed
@ -34,15 +34,13 @@
services.postgresql = { services.postgresql = {
enable = true; # Ensure postgresql is enabled enable = true; # Ensure postgresql is enabled
ensureDatabases = [ "nextcloud" ]; # Ensure the database persists ensureDatabases = [ "nextcloud" ]; # Ensure the database persists
ensureUsers = [ ensureUsers = [{
{
name = "nextcloud"; # Ensure the database user persists name = "nextcloud"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist ensurePermissions = { # Ensure the database permissions persist
"DATABASE nextcloud" = "ALL PRIVILEGES"; "DATABASE nextcloud" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
}; };
} }];
];
}; };
services.nginx = { services.nginx = {
@ -61,22 +59,20 @@
}; };
systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first
requires = ["postgresql.service"]; requires = [ "postgresql.service" ];
after = ["postgresql.service"]; after = [ "postgresql.service" ];
}; };
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
certs = { certs = { "cloud.mcwhirter.io" = { email = "craige@mcwhirter.io"; }; };
"cloud.mcwhirter.io" = {
email = "craige@mcwhirter.io";
};
};
}; };
users.groups.keys.members = [ "nextcloud" ]; # Required due to NixOps issue #1204 users.groups.keys.members =
[ "nextcloud" ]; # Required due to NixOps issue #1204
users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions
networking.firewall.allowedTCPPorts = [ 80 443 ]; # Open the required firewall ports networking.firewall.allowedTCPPorts =
[ 80 443 ]; # Open the required firewall ports
} }

View file

@ -4,15 +4,13 @@
{ {
nix = { nix = {
distributedBuilds = true; distributedBuilds = true;
buildMachines = [ buildMachines = [{
{
hostName = "aarch64.nixos.community"; hostName = "aarch64.nixos.community";
maxJobs = 64; maxJobs = 64;
sshKey = "/root/.ssh/id_nixops_ed25519"; sshKey = "/root/.ssh/id_nixops_ed25519";
sshUser = "craige"; sshUser = "craige";
system = "aarch64-linux"; system = "aarch64-linux";
supportedFeatures = [ "big-parallel" ]; supportedFeatures = [ "big-parallel" ];
} }];
];
}; };
} }

View file

@ -17,13 +17,13 @@
direnv # A shell extension that manages your environment direnv # A shell extension that manages your environment
nix-direnv # A fast, persistent use_nix implementation for direnv nix-direnv # A fast, persistent use_nix implementation for direnv
]; ];
pathsToLink = [ pathsToLink = [ "/share/nix-direnv" ];
"/share/nix-direnv"
];
}; };
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: { nix-direnv = super.nix-direnv.override { enableFlakes = true; }; } ) (self: super: {
nix-direnv = super.nix-direnv.override { enableFlakes = true; };
})
]; ];
} }

View file

@ -3,15 +3,13 @@
{ {
nix = { nix = {
distributedBuilds = true; distributedBuilds = true;
buildMachines = [ buildMachines = [{
{
hostName = "cuallaidh.mcwhirter.io"; hostName = "cuallaidh.mcwhirter.io";
maxJobs = 64; maxJobs = 64;
sshKey = "/root/.ssh/id_nixops_ed25519"; sshKey = "/root/.ssh/id_nixops_ed25519";
sshUser = "craige"; sshUser = "craige";
system = "x86_64-linux"; system = "x86_64-linux";
supportedFeatures = [ "big-parallel" ]; supportedFeatures = [ "big-parallel" ];
} }];
];
}; };
} }

View file

@ -2,13 +2,14 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
#let
# sources = import ../nix/sources.nix;
# unstable = import sources.nixpkgsUnstable {};
#in
{ {
nixpkgs = { nixpkgs = { config = { allowUnfree = true; }; };
config = {
allowUnfree = true;
};
};
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
@ -23,6 +24,7 @@
nox # Tools to make Nix nicer nox # Tools to make Nix nicer
sqlite # To query the nixpkgs sqlite database sqlite # To query the nixpkgs sqlite database
tig # Text-mode interface for git tig # Text-mode interface for git
#unstable.statix # Lints and suggestions for the nix programming language
]; ];
}; };

View file

@ -10,12 +10,10 @@
challengeResponseAuthentication = false; challengeResponseAuthentication = false;
passwordAuthentication = false; passwordAuthentication = false;
openFirewall = true; openFirewall = true;
hostKeys = [ hostKeys = [{
{
path = "/etc/ssh/ssh_host_ed25519_key"; path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519"; type = "ed25519";
} }];
];
}; };
} }

View file

@ -5,7 +5,8 @@
{ {
environment = { # Set the system-wide environment environment = { # Set the system-wide environment
systemPackages = with pkgs; [ systemPackages = with pkgs;
[
usbutils # Tools for working with USB devices, such as lsusb usbutils # Tools for working with USB devices, such as lsusb
]; ];
}; };

View file

@ -8,9 +8,7 @@
prometheus = { prometheus = {
enable = true; enable = true;
webExternalUrl = "https://monitoring.mcwhirter.io/prometheus/"; webExternalUrl = "https://monitoring.mcwhirter.io/prometheus/";
extraFlags = [ extraFlags = [ "--storage.tsdb.retention.time 8760h" ];
"--storage.tsdb.retention.time 8760h"
];
exporters = { exporters = {
node = { node = {
enable = true; enable = true;
@ -52,171 +50,161 @@
# targets = [ "airgead.mcwhirter.io:9093" ]; # targets = [ "airgead.mcwhirter.io:9093" ];
# } ]; # } ];
#} ]; #} ];
rules = [ (builtins.toJSON { rules = [
groups = [ (builtins.toJSON {
{ groups = [{
name = "system"; name = "system";
rules = [ rules = [
{ {
alert = "node_down"; alert = "node_down";
expr = "up == 0"; expr = "up == 0";
for = "5m"; for = "5m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Node is down."; summary = "{{$labels.alias}}: Node is down.";
description = "{{$labels.alias}} has been down for more than 5 minutes."; description =
"{{$labels.alias}} has been down for more than 5 minutes.";
}; };
} }
{ {
alert = "node_systemd_service_failed"; alert = "node_systemd_service_failed";
expr = "node_systemd_unit_state{state=\"failed\"} == 1"; expr = ''node_systemd_unit_state{state="failed"} == 1'';
for = "4m"; for = "4m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start."; summary =
description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."; "{{$labels.alias}}: Service {{$labels.name}} failed to start.";
description =
"{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
}; };
} }
{ {
alert = "node_filesystem_full_90percent"; alert = "node_filesystem_full_90percent";
expr = "sort(node_filesystem_free_bytes{device!=\"ramfs\"} < node_filesystem_size_bytes{device!=\"ramfs\"} * 0.1) / 1024^3"; expr = ''
sort(node_filesystem_free_bytes{device!="ramfs"} < node_filesystem_size_bytes{device!="ramfs"} * 0.1) / 1024^3'';
for = "5m"; for = "5m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Filesystem is running out of space soon."; summary =
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."; "{{$labels.alias}}: Filesystem is running out of space soon.";
description =
"{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem.";
}; };
} }
{ {
alert = "node_filesystem_full_in_4h"; alert = "node_filesystem_full_in_4h";
expr = "predict_linear(node_filesystem_free_bytes{device!=\"ramfs\",device!=\"tmpfs\",fstype!=\"autofs\",fstype!=\"cd9660\"}[4h], 4*3600) <= 0"; expr = ''
predict_linear(node_filesystem_free_bytes{device!="ramfs",device!="tmpfs",fstype!="autofs",fstype!="cd9660"}[4h], 4*3600) <= 0'';
for = "5m"; for = "5m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours."; summary =
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"; "{{$labels.alias}}: Filesystem is running out of space in 4 hours.";
description =
"{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours";
}; };
} }
{ {
alert = "node_filedescriptors_full_in_3h"; alert = "node_filedescriptors_full_in_3h";
expr = "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum"; expr =
"predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum";
for = "20m"; for = "20m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours."; summary =
description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"; "{{$labels.alias}} is running out of available file descriptors in 3 hours.";
description =
"{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
}; };
} }
{ {
alert = "node_load1_90percent"; alert = "node_load1_90percent";
expr = "node_load1 / on(alias) count(node_cpu_seconds_total{mode=\"system\"}) by (alias) >= 0.9"; expr = ''
node_load1 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 0.9'';
for = "1h"; for = "1h";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Running on high load."; summary = "{{$labels.alias}}: Running on high load.";
description = "{{$labels.alias}} is running with > 90% total load for at least 1h."; description =
"{{$labels.alias}} is running with > 90% total load for at least 1h.";
}; };
} }
{ {
alert = "node_cpu_util_90percent"; alert = "node_cpu_util_90percent";
expr = "100 - (avg by (alias) (irate(node_cpu_seconds_total{mode=\"idle\"}[5m])) * 100) >= 90"; expr = ''
100 - (avg by (alias) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) >= 90'';
for = "1h"; for = "1h";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: High CPU utilization."; summary = "{{$labels.alias}}: High CPU utilization.";
description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."; description =
"{{$labels.alias}} has total CPU utilization over 90% for at least 1h.";
}; };
} }
{ {
alert = "node_ram_using_99percent"; alert = "node_ram_using_99percent";
expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01"; expr =
"node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01";
for = "30m"; for = "30m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Using lots of RAM."; summary = "{{$labels.alias}}: Using lots of RAM.";
description = "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now."; description =
"{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.";
}; };
} }
{ {
alert = "node_swap_using_80percent"; alert = "node_swap_using_80percent";
expr = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8"; expr =
"node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8";
for = "10m"; for = "10m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Running out of swap soon."; summary = "{{$labels.alias}}: Running out of swap soon.";
description = "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."; description =
"{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now.";
}; };
} }
{ {
alert = "node_time_unsync"; alert = "node_time_unsync";
expr = "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1"; expr =
"abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1";
for = "1m"; for = "1m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Clock out of sync with NTP"; summary = "{{$labels.alias}}: Clock out of sync with NTP";
description = "{{$labels.alias}} Local clock offset is too large or out of sync with NTP"; description =
"{{$labels.alias}} Local clock offset is too large or out of sync with NTP";
}; };
} }
]; ];
} }];
})
]; ];
})];
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "prometheus"; job_name = "prometheus";
scrape_interval = "5s"; scrape_interval = "5s";
static_configs = [ static_configs = [{
{ targets = [ "localhost:9090" ];
targets = [
"localhost:9090"
];
labels = { alias = "prometheus"; }; labels = { alias = "prometheus"; };
} }];
];
} }
{ {
job_name = "cardano-node"; job_name = "cardano-node";
scrape_interval = "10s"; scrape_interval = "10s";
static_configs = [ static_configs = [{
{
targets = [ "127.0.0.1:12798" ]; targets = [ "127.0.0.1:12798" ];
labels = { alias = "airgead"; }; labels = { alias = "airgead"; };
} }];
];
} }
{ {
job_name = "node"; job_name = "node";
scrape_interval = "10s"; scrape_interval = "10s";
static_configs = [ static_configs = [{
{ targets = [ "airgead.mcwhirter.io:9100" ];
targets = [ labels = { alias = "airgead.mcwhirter.io"; };
"airgead.mcwhirter.io:9100" }];
];
labels = {
alias = "airgead.mcwhirter.io";
};
}
];
} }
]; ];
}; };

View file

@ -1,7 +1,6 @@
# Based up original work by cleverca22 # Based up original work by cleverca22
# https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix # https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib; with lib;
@ -9,18 +8,24 @@ let
cfg = config.qemu-user; cfg = config.qemu-user;
arm = { arm = {
interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm"; interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm";
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00''; magicOrExtension =
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; "\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
}; };
aarch64 = { aarch64 = {
interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64"; interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64";
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00''; magicOrExtension =
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
}; };
riscv64 = { riscv64 = {
interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64"; interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64";
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00''; magicOrExtension =
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
}; };
in { in {
options = { options = {
@ -32,22 +37,22 @@ in {
nix.supportedPlatforms = mkOption { nix.supportedPlatforms = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
description = "extra platforms that nix will run binaries for"; description = "extra platforms that nix will run binaries for";
default = []; default = [ ];
}; };
}; };
config = mkIf (cfg.arm || cfg.aarch64) { config = mkIf (cfg.arm || cfg.aarch64) {
nixpkgs = { nixpkgs = { overlays = [ (import ../overlays/qemu) ]; };
overlays = [ (import ../overlays/qemu) ]; boot.binfmt.registrations = optionalAttrs cfg.arm { inherit arm; }
}; // optionalAttrs cfg.aarch64 { inherit aarch64; }
boot.binfmt.registrations = // optionalAttrs cfg.riscv64 { inherit riscv64; };
optionalAttrs cfg.arm { inherit arm; } // nix.supportedPlatforms =
optionalAttrs cfg.aarch64 { inherit aarch64; } // (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
optionalAttrs cfg.riscv64 { inherit riscv64; };
nix.supportedPlatforms = (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
++ (optional cfg.aarch64 "aarch64-linux"); ++ (optional cfg.aarch64 "aarch64-linux");
nix.extraOptions = '' nix.extraOptions = ''
extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux
''; '';
nix.sandboxPaths = [ "/run/binfmt" ] ++ (optional cfg.arm "${pkgs.qemu-user-arm}") ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}"); nix.sandboxPaths = [ "/run/binfmt" ]
++ (optional cfg.arm "${pkgs.qemu-user-arm}")
++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}");
}; };
} }

View file

@ -4,8 +4,7 @@
{ {
imports = imports = [
[
../profiles/openssh.nix ../profiles/openssh.nix
../secrets/user-craige.nix ../secrets/user-craige.nix
../secrets/user-root.nix ../secrets/user-root.nix

View file

@ -6,14 +6,10 @@
services.spotifyd = { services.spotifyd = {
enable = true; # Enable the Spotify daemon. enable = true; # Enable the Spotify daemon.
config = " config =
username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg "\n username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg\n password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg\n ";
password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg
";
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ spotify ];
spotify
];
} }

View file

@ -1,7 +1,8 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
[
starship # A minimal, blazing fast, and extremely customizable prompt for any shell starship # A minimal, blazing fast, and extremely customizable prompt for any shell
]; ];
} }

View file

@ -5,12 +5,6 @@
{ {
programs.sway = { programs.sway = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [ alacritty dmenu swayidle swaylock xwayland ];
alacritty
dmenu
swayidle
swaylock
xwayland
];
}; };
} }

View file

@ -10,30 +10,16 @@
listenHost = "task.mcwhirter.io"; # Sets listening IP & opens firewall listenHost = "task.mcwhirter.io"; # Sets listening IP & opens firewall
organisations = { organisations = {
teaghlach = { teaghlach = {
groups = [ groups = [ "teaghlach" ];
"teaghlach" users = [ "craige" "fiona" ];
];
users = [
"craige"
"fiona"
];
}; };
sgioba = { sgioba = {
groups = [ groups = [ "sgioba" ];
"sgioba" users = [ "craige" ];
];
users = [
"craige"
];
}; };
obair = { obair = {
groups = [ groups = [ "obair" ];
"obair" users = [ "craige" "disasm" ];
];
users = [
"craige"
"disasm"
];
}; };
}; };
pki.auto.expiration = { pki.auto.expiration = {

View file

@ -7,14 +7,10 @@
services = { services = {
tor = { tor = {
enable = true; enable = true;
client = { client = { enable = true; };
enable = true;
};
}; };
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ torbrowser ];
torbrowser
];
} }

View file

@ -28,15 +28,13 @@
tt_rss-users tt_rss tt_rss tt_rss-users tt_rss tt_rss
''; '';
ensureDatabases = [ "tt_rss" ]; # Ensure the database persists ensureDatabases = [ "tt_rss" ]; # Ensure the database persists
ensureUsers = [ ensureUsers = [{
{
name = "tt_rss"; # Ensure the database user persists name = "tt_rss"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist ensurePermissions = { # Ensure the database permissions persist
"DATABASE tt_rss" = "ALL PRIVILEGES"; "DATABASE tt_rss" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
}; };
} }];
];
}; };
services.nginx = { services.nginx = {
@ -51,9 +49,7 @@
}; };
}; };
security.acme.certs = { security.acme.certs = { "news.mcwhirter.io".email = "craige@mcwhirter.io"; };
"news.mcwhirter.io".email = "craige@mcwhirter.io";
};
users.groups.keys.members = [ "tt_rss" ]; # Required due to NixOps issue #1204 users.groups.keys.members = [ "tt_rss" ]; # Required due to NixOps issue #1204

View file

@ -10,11 +10,13 @@
aspellDicts.en-computers # Required for spell checking in weechat aspellDicts.en-computers # Required for spell checking in weechat
aspellDicts.en-science # Required for spell checking in weechat aspellDicts.en-science # Required for spell checking in weechat
(weechat.override { (weechat.override {
configure = { availablePlugins, ... }: with weechatScripts; { configure = { availablePlugins, ... }:
with weechatScripts; {
plugins = with availablePlugins; [ plugins = with availablePlugins; [
lua lua
perl perl
(python.withPackages (ps: with ps; [ (python.withPackages (ps:
with ps; [
dbus-python dbus-python
websocket_client # Required by wee-slack websocket_client # Required by wee-slack
weechat-matrix # https://github.com/NixOS/nixpkgs/pull/79669#issuecomment-584249420 weechat-matrix # https://github.com/NixOS/nixpkgs/pull/79669#issuecomment-584249420

View file

@ -4,17 +4,11 @@
{ {
imports = [ imports = [ ../profiles/picom.nix ];
../profiles/picom.nix
];
services = { services = {
devmon.enable = true; # Enable external device automounting. devmon.enable = true; # Enable external device automounting.
udev = { udev = { packages = with pkgs; [ gnome3.gnome-settings-daemon ]; };
packages = with pkgs; [
gnome3.gnome-settings-daemon
];
};
udisks2.enable = true; # Enable udisks2. udisks2.enable = true; # Enable udisks2.
xserver = { xserver = {
@ -24,15 +18,18 @@
gnome.enable = true; # Enable GNOME desktop environment gnome.enable = true; # Enable GNOME desktop environment
}; };
displayManager = { displayManager = {
defaultSession = "none+xmonad"; # Set xmonad as the default window manager. defaultSession =
"none+xmonad"; # Set xmonad as the default window manager.
gdm.enable = true; # Enable the GNOME display manager gdm.enable = true; # Enable the GNOME display manager
}; };
layout = "us"; # Set your preferred keyboard layout. layout = "us"; # Set your preferred keyboard layout.
libinput.enable = true; # Enable touchpad support. libinput.enable = true; # Enable touchpad support.
windowManager = { # Open configuration for the window manager. windowManager = { # Open configuration for the window manager.
xmonad.enable = true; # Enable xmonad. xmonad.enable = true; # Enable xmonad.
xmonad.enableContribAndExtras = true; # Enable xmonad contrib and extras. xmonad.enableContribAndExtras =
xmonad.extraPackages = hpkgs: [ # Open configuration for additional Haskell packages. true; # Enable xmonad contrib and extras.
xmonad.extraPackages =
hpkgs: [ # Open configuration for additional Haskell packages.
hpkgs.xmonad-contrib # Install xmonad-contrib. hpkgs.xmonad-contrib # Install xmonad-contrib.
hpkgs.xmonad-extras # Install xmonad-extras. hpkgs.xmonad-extras # Install xmonad-extras.
hpkgs.xmonad # Install xmonad itself. hpkgs.xmonad # Install xmonad itself.
@ -49,7 +46,8 @@
}; };
# Install any additional fonts that I require to be used with xmonad # Install any additional fonts that I require to be used with xmonad
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs;
[
opensans-ttf # Used in in my xmobar configuration opensans-ttf # Used in in my xmobar configuration
]; ];

View file

@ -22,10 +22,7 @@
''; '';
ohMyZsh = { ohMyZsh = {
enable = true; enable = true;
plugins = [ plugins = [ "fzf" "git" ];
"fzf"
"git"
];
}; };
promptInit = '' promptInit = ''
eval "$(starship init zsh)" eval "$(starship init zsh)"
@ -33,9 +30,7 @@
vteIntegration = true; vteIntegration = true;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ fzf ];
fzf
];
users.defaultUserShell = pkgs.zsh; # Set the default shell for all users users.defaultUserShell = pkgs.zsh; # Set the default shell for all users