sercanto/mio-ops
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Activity

nix: nixfmt

Browse source
This commit is contained in:
Serĉanto de Scio 2021-11-16 14:57:23 +10:00
parent 2f808daa78
commit e6dbc113ad
Signed by: sercanto
GPG key ID: 7DBA9F5689EFB6AA
114 changed files with 1621 additions and 1850 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
default.nix
View file

@ -1,15 +1,13 @@
{ sources ? import ./nix/sources.nix { sources ? import ./nix/sources.nix, system ? builtins.currentSystem
, system ? builtins.currentSystem , crossSystem ? null, config ? { }
, crossSystem ? null , cardanoNodeProject ? import sources.cardano-node { } }@args:
, config ? {} with import ./nix args; {
, cardanoNodeProject ? import sources.cardano-node {}
}@args: with import ./nix args; {
shell = mkShell { shell = mkShell {
inherit (import sources.niv {}) niv; inherit (import sources.niv { }) niv;
buildInputs = [ buildInputs = [
cardanoNodeProject.cardano-cli # required for KES key rotation cardanoNodeProject.cardano-cli # required for KES key rotation
niv niv
nixopsUnstable # work around for issue #127423 nixopsUnstable # work around for issue #127423
]; ];
NIX_PATH = "nixpkgs=${path}"; NIX_PATH = "nixpkgs=${path}";
NIXOPS_DEPLOYMENT = "${globals.deploymentName}"; NIXOPS_DEPLOYMENT = "${globals.deploymentName}";

29
deployments/mio-ops.nix
View file

@ -6,26 +6,25 @@
enableRollback = true; enableRollback = true;
}; };
resources.sshKeyPairs.ssh-key = {}; resources.sshKeyPairs.ssh-key = { };
defaults = defaults = { config, pkgs, lib, ... }:
{ config, pkgs, lib, ... }:
{ {
system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
}; };
airgead = import ../hosts/airgead.nix; airgead = import ../hosts/airgead.nix;
ceilidh = import ../hosts/ceilidh.nix; ceilidh = import ../hosts/ceilidh.nix;
cuallaidh = import ../hosts/cuallaidh.nix; cuallaidh = import ../hosts/cuallaidh.nix;
dhu = import ../hosts/dhu.nix; dhu = import ../hosts/dhu.nix;
dionach = import ../hosts/dionach.nix; dionach = import ../hosts/dionach.nix;
iolear-beag = import ../hosts/iolear-beag.nix; iolear-beag = import ../hosts/iolear-beag.nix;
paidh-ceithir = import ../hosts/paidh-ceithir.nix; paidh-ceithir = import ../hosts/paidh-ceithir.nix;
paidh-coig = import ../hosts/paidh-coig.nix; paidh-coig = import ../hosts/paidh-coig.nix;
paidh-dha = import ../hosts/paidh-dha.nix; paidh-dha = import ../hosts/paidh-dha.nix;
paidh-tri = import ../hosts/paidh-tri.nix; paidh-tri = import ../hosts/paidh-tri.nix;
paidh-uachdar = import ../hosts/paidh-uachdar.nix; paidh-uachdar = import ../hosts/paidh-uachdar.nix;
sithlainnir = import ../hosts/sithlainnir.nix; sithlainnir = import ../hosts/sithlainnir.nix;
teintidh = import ../hosts/teintidh.nix; teintidh = import ../hosts/teintidh.nix;
} }

3
globals-defaults.nix
View file

@ -1,2 +1 @@
{ { }
}

18
hardware/eeepc701.nix
View file

@ -15,9 +15,9 @@
availableKernelModules = [ availableKernelModules = [
"ata_piix" "ata_piix"
"ehci_pci" "ehci_pci"
"sd_mod" # SCSI disk support "sd_mod" # SCSI disk support
"uhci_hcd" "uhci_hcd"
"usb_storage" # USB Mass Storage support "usb_storage" # USB Mass Storage support
]; ];
}; };
loader = { loader = {
@ -50,15 +50,13 @@
}; };
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
[ { device = "/dev/disk/by-label/swap"; }
];
networking.wireless.enable = true; # Enable wireless via wpa_supplicant. networking.wireless.enable = true; # Enable wireless via wpa_supplicant.
nix.maxJobs = lib.mkDefault 1; nix.maxJobs = lib.mkDefault 1;
} }

19
hardware/lenovo_x201.nix
View file

@ -3,23 +3,20 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules =
[ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
[ { device = "/dev/disk/by-label/swap"; }
];
hardware.opengl.extraPackages = with pkgs; [ vaapiIntel ]; hardware.opengl.extraPackages = with pkgs; [ vaapiIntel ];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;

16
hardware/linode_vm-encrypted.nix
View file

@ -27,7 +27,7 @@
loader = { loader = {
grub = { grub = {
forceInstall = true; forceInstall = true;
version =1; version = 1;
extraPerEntryConfig = "root (hd0)"; extraPerEntryConfig = "root (hd0)";
extraConfig = '' extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
@ -41,16 +41,12 @@
}; };
# File systems configuration for the Linode VMs # File systems configuration for the Linode VMs
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
{
device = "/dev/disk/by-label/swap";
}
];
nix.maxJobs = lib.mkDefault 8; nix.maxJobs = lib.mkDefault 8;
} }

14
hardware/linode_vm.nix
View file

@ -26,16 +26,12 @@
}; };
# File systems configuration for the Linode VMs # File systems configuration for the Linode VMs
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/sda"; device = "/dev/sda";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ swapDevices = [{ device = "/dev/sdb"; }];
{
device = "/dev/sdb";
}
];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
} }

6
hardware/odroid-hc4/default.nix
View file

@ -4,10 +4,9 @@ with lib;
let let
sources = import ../../nix/sources.nix; sources = import ../../nix/sources.nix;
unstable = import sources.nixpkgsUnstable {}; unstable = import sources.nixpkgsUnstable { };
in
{ in {
imports = [ imports = [
"${modulesPath}/profiles/base.nix" "${modulesPath}/profiles/base.nix"
./uboot/hardkernel-uboot.nix ./uboot/hardkernel-uboot.nix
@ -36,7 +35,6 @@ in
(import ./overlays/uboot/overlay.nix) (import ./overlays/uboot/overlay.nix)
]; ];
# DNS # DNS
services.resolved.enable = true; services.resolved.enable = true;
services.resolved.dnssec = "false"; services.resolved.dnssec = "false";

6
hardware/odroid-hc4/modules/sd-image/default.nix
View file

@ -1,5 +1,4 @@
{ pkgs, lib, config, modulesPath, ... }: { pkgs, lib, config, modulesPath, ... }: {
{
imports = [ imports = [
"${modulesPath}/installer/sd-card/sd-image.nix" "${modulesPath}/installer/sd-card/sd-image.nix"
# should we include this module or should we treat the SD # should we include this module or should we treat the SD
@ -18,7 +17,8 @@
# Remove zfs from supported filesystems as it fails when cross-compiling due # Remove zfs from supported filesystems as it fails when cross-compiling due
# to not being able to build kernel module # to not being able to build kernel module
boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; boot.supportedFilesystems =
lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
sdImage = { sdImage = {
compressImage = false; compressImage = false;

12
hardware/odroid-hc4/overlays/kernel/kernel.nix
View file

@ -1,13 +1,5 @@
{ stdenv { stdenv, buildPackages, fetchFromGitHub, perl, buildLinux, libelf, utillinux
, buildPackages , lib, ... }@args:
, fetchFromGitHub
, perl
, buildLinux
, libelf
, utillinux
, lib
, ...
}@args:
buildLinux (args // rec { buildLinux (args // rec {
version = "4.9.241-107"; version = "4.9.241-107";

5
hardware/odroid-hc4/overlays/kernel/overlay.nix
View file

@ -7,7 +7,10 @@ final: prev: {
# 3. The IRBLASTER module not registering syscalls correctly # 3. The IRBLASTER module not registering syscalls correctly
# The following patch makes the above warnings non-errors, decreases NR_CPUS to 4 and disables the IRBLASTER module. # The following patch makes the above warnings non-errors, decreases NR_CPUS to 4 and disables the IRBLASTER module.
({ name = "hardkernel-patches"; patch = ./kernel.diff; }) ({
name = "hardkernel-patches";
patch = ./kernel.diff;
})
]; ];
}; };
} }

21
hardware/odroid-hc4/overlays/uboot/hardkernel.nix
View file

@ -3,25 +3,14 @@
gcc49Stdenv.mkDerivation { gcc49Stdenv.mkDerivation {
name = "hardkernel-uboot"; name = "hardkernel-uboot";
src = builtins.fetchTarball { src = builtins.fetchTarball {
url = "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz"; url =
"https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz";
sha256 = "0hj49jf9w2w55r7fjpx8asb92r85lws8mvq4mvl1v309z7k56zwv"; sha256 = "0hj49jf9w2w55r7fjpx8asb92r85lws8mvq4mvl1v309z7k56zwv";
}; };
patches = [ ./pwd.diff ./fip_create.diff ]; patches = [ ./pwd.diff ./fip_create.diff ];
nativeBuildInputs = [ nativeBuildInputs = [ git gcc49Stdenv.cc bc bison flex nettools ];
git depsBuildBuild = [ arm-gcc49 buildPackages.gcc49Stdenv.cc ];
gcc49Stdenv.cc makeFlags = [ "CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}" ];
bc
bison
flex
nettools
];
depsBuildBuild = [
arm-gcc49
buildPackages.gcc49Stdenv.cc
];
makeFlags = [
"CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}"
];
configurePhase = '' configurePhase = ''
make odroidc4_defconfig make odroidc4_defconfig
''; '';

3
hardware/odroid-hc4/overlays/uboot/meson64-tools.nix
View file

@ -3,7 +3,8 @@ stdenv.mkDerivation {
name = "meson64-tools"; name = "meson64-tools";
nativeBuildInputs = [ python2 python3 ]; nativeBuildInputs = [ python2 python3 ];
src = builtins.fetchTarball { src = builtins.fetchTarball {
url = "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz"; url =
"https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz";
sha256 = "1487cr7sv34yry8f0chaj6s2g3736dzq0aqw239ahdy30yg7hb2v"; sha256 = "1487cr7sv34yry8f0chaj6s2g3736dzq0aqw239ahdy30yg7hb2v";
}; };

16
hardware/odroid-hc4/overlays/uboot/overlay.nix
View file

@ -1,25 +1,19 @@
final: prev: final: prev:
let let
platform = final.lib.systems.examples.aarch64-multiplatform // { platform = final.lib.systems.examples.aarch64-multiplatform // {
gcc = { gcc = { arch = "armv8-a+crypto"; };
arch = "armv8-a+crypto";
};
}; };
arm64 = final.pkgsCross.aarch64-embedded; arm64 = final.pkgsCross.aarch64-embedded;
arm = final.pkgsCross.arm-embedded; arm = final.pkgsCross.arm-embedded;
uboot-hardkernel = arm64.callPackage ./hardkernel.nix { uboot-hardkernel =
arm-gcc49 = arm.buildPackages.gcc49; arm64.callPackage ./hardkernel.nix { arm-gcc49 = arm.buildPackages.gcc49; };
}; with-crypto = import final.path { crossSystem = platform; };
with-crypto = import final.path {
crossSystem = platform;
};
meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix { }; meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix { };
blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix { }; blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix { };
uboot = arm64.callPackage ./u-boot.nix { uboot = arm64.callPackage ./u-boot.nix {
inherit uboot-hardkernel meson64-tools blx_fix; inherit uboot-hardkernel meson64-tools blx_fix;
}; };
in in {
{
uboot-hardkernel = uboot; uboot-hardkernel = uboot;
ubootTools-hardkernel = final.buildPackages.ubootTools; ubootTools-hardkernel = final.buildPackages.ubootTools;
buildPackages = prev.buildPackages // { buildPackages = prev.buildPackages // {

33
hardware/odroid-hc4/overlays/uboot/u-boot.nix
View file

@ -1,21 +1,11 @@
{ stdenv { stdenv, git, bc, bison, flex, nettools, openssl, buildPackages
, git , uboot-hardkernel, meson64-tools, blx_fix }:
, bc
, bison
, flex
, nettools
, openssl
, buildPackages
, uboot-hardkernel
, meson64-tools
, blx_fix
}:
let let
in in stdenv.mkDerivation {
stdenv.mkDerivation {
name = "uboot"; name = "uboot";
src = builtins.fetchTarball { src = builtins.fetchTarball {
url = "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz"; url =
"https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz";
sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6"; sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6";
}; };
CROSS_COMPILE = stdenv.cc.targetPrefix; CROSS_COMPILE = stdenv.cc.targetPrefix;
@ -83,16 +73,7 @@ stdenv.mkDerivation {
--ddrfw9 fip/lpddr3_1d.fw \ --ddrfw9 fip/lpddr3_1d.fw \
--level v3 --level v3
''; '';
nativeBuildInputs = [ nativeBuildInputs = [ git bc bison flex nettools ];
git
bc
bison
flex
nettools
];
depsBuildBuild = [ depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.openssl.dev ];
buildPackages.stdenv.cc
buildPackages.openssl.dev
];
} }

24
hardware/odroid-hc4/uboot/hardkernel-uboot.nix
View file

@ -11,9 +11,9 @@ let
# The builder used to write during system activation # The builder used to write during system activation
builder = import ./boot-ini-builder.nix { inherit pkgs; }; builder = import ./boot-ini-builder.nix { inherit pkgs; };
# The builder exposed in populateCmd, which runs on the build architecture # The builder exposed in populateCmd, which runs on the build architecture
populateBuilder = import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; }; populateBuilder =
in import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; };
{ in {
options = { options = {
boot.loader.hardkernel-uboot = { boot.loader.hardkernel-uboot = {
enable = mkOption { enable = mkOption {
@ -42,13 +42,13 @@ in
}; };
}; };
config = config = let
let builderArgs = "-t ${timeoutStr}"
builderArgs = "-t ${timeoutStr}" + lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}"; + lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}";
in in mkIf cfg.enable {
mkIf cfg.enable { system.build.installBootLoader = "${builder} ${builderArgs} -c";
system.build.installBootLoader = "${builder} ${builderArgs} -c"; system.boot.loader.id = "hardkernel-uboot";
system.boot.loader.id = "hardkernel-uboot"; boot.loader.hardkernel-uboot.populateCmd =
boot.loader.hardkernel-uboot.populateCmd = "${populateBuilder} ${builderArgs}"; "${populateBuilder} ${builderArgs}";
}; };
} }

43
hardware/purism_librem_15.nix
View file

@ -3,42 +3,39 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = [ imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
"xhci_pci" # xHCI host controller driver PCI Bus Glue "xhci_pci" # xHCI host controller driver PCI Bus Glue
"ahci" # AHCI SATA support "ahci" # AHCI SATA support
"nvme" "nvme"
"usbhid" # USB HID transport layer "usbhid" # USB HID transport layer
"usb_storage" # USB Mass Storage support "usb_storage" # USB Mass Storage support
"sd_mod" # SCSI disk support "sd_mod" # SCSI disk support
"aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128 "aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128
"cryptd" # Software async crypto daemon "cryptd" # Software async crypto daemon
]; ];
kernelModules = [ "dm-snapshot" ]; kernelModules = [ "dm-snapshot" ];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4"; luks.devices."cryptroot".device =
"/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
}; };
kernelModules = [ "kvm-intel" ]; # Enable kvm for libvirtd kernelModules = [ "kvm-intel" ]; # Enable kvm for libvirtd
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c"; device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = {
fileSystems."/boot" = device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96";
{ device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96"; fsType = "ext4";
fsType = "ext4"; };
};
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; } [{ device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; }];
];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
} }

32
hardware/raspberry_pi_2_model_B.nix
View file

@ -8,25 +8,25 @@
consoleLogLevel = lib.mkDefault 7; consoleLogLevel = lib.mkDefault 7;
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
"bcm2835_dma" # Allows early (earlier) mode setting "bcm2835_dma" # Allows early (earlier) mode setting
"i2c_bcm2835" # Allows early (earlier) mode setting "i2c_bcm2835" # Allows early (earlier) mode setting
"usbhid" "usbhid"
"usb_storage" "usb_storage"
"vc4" # Allows early (earlier) mode setting "vc4" # Allows early (earlier) mode setting
]; ];
}; };
kernelPackages = pkgs.linuxPackages_latest; # For a Raspberry Pi 2 or 3) kernelPackages = pkgs.linuxPackages_latest; # For a Raspberry Pi 2 or 3)
kernelParams = [ kernelParams = [
"console=ttyS0,115200n8" # Enable the serial console "console=ttyS0,115200n8" # Enable the serial console
"console=ttyAMA0,115200n8" "console=ttyAMA0,115200n8"
"console=tty0" "console=tty0"
]; ];
loader = { loader = {
generic-extlinux-compatible = { generic-extlinux-compatible = {
enable = true; # Enables the generation of /boot/extlinux/extlinux.conf enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
}; };
grub = { grub = {
enable = false; # NixOS wants to enable GRUB by default. enable = false; # NixOS wants to enable GRUB by default.
}; };
raspberryPi = { raspberryPi = {
enable = true; enable = true;
@ -59,20 +59,24 @@
}; };
# !!! Adding a swap file is optional, but strongly recommended! # !!! Adding a swap file is optional, but strongly recommended!
swapDevices = [ { device = "/swapfile"; size = 1024; } ]; swapDevices = [{
device = "/swapfile";
size = 1024;
}];
hardware = { hardware = {
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
}; };
networking = { networking = {
enableB43Firmware = false; # If true, enable Pi wireless firmware enableB43Firmware = false; # If true, enable Pi wireless firmware
}; };
sound.enable = false; # Disable sound. sound.enable = false; # Disable sound.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
libraspberrypi # Userland tools for the Raspberry Pi board [
]; libraspberrypi # Userland tools for the Raspberry Pi board
];
} }

32
hardware/raspberry_pi_3_model_B.nix
View file

@ -7,27 +7,27 @@
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
"bcm2835_dma" # Allows early (earlier) mode setting "bcm2835_dma" # Allows early (earlier) mode setting
"i2c_bcm2835" # Allows early (earlier) mode setting "i2c_bcm2835" # Allows early (earlier) mode setting
"usbhid" "usbhid"
"usb_storage" "usb_storage"
"vc4" # Allows early (earlier) mode setting "vc4" # Allows early (earlier) mode setting
]; ];
}; };
# !!! Do select not latest (5.8 at the time) as it is currently broken # !!! Do select not latest (5.8 at the time) as it is currently broken
# !!! (see https://github.com/NixOS/nixpkgs/issues/97064) # !!! (see https://github.com/NixOS/nixpkgs/issues/97064)
kernelPackages = pkgs.linuxPackages_5_4; # For a Raspberry Pi 2 or 3) kernelPackages = pkgs.linuxPackages_5_4; # For a Raspberry Pi 2 or 3)
kernelParams = [ kernelParams = [
"cma=32M" # Needed for the virtual console to work on the RPi 3 "cma=32M" # Needed for the virtual console to work on the RPi 3
"console=ttyS0,115200n8" # Enable the serial console "console=ttyS0,115200n8" # Enable the serial console
"console=tty0" "console=tty0"
]; ];
loader = { loader = {
generic-extlinux-compatible = { generic-extlinux-compatible = {
enable = true; # Enables the generation of /boot/extlinux/extlinux.conf enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
}; };
grub = { grub = {
enable = false; # NixOS wants to enable GRUB by default. enable = false; # NixOS wants to enable GRUB by default.
}; };
raspberryPi = { raspberryPi = {
enable = true; enable = true;
@ -62,18 +62,22 @@
}; };
# !!! Adding a swap file is optional, but strongly recommended! # !!! Adding a swap file is optional, but strongly recommended!
swapDevices = [ { device = "/swapfile"; size = 1024; } ]; swapDevices = [{
device = "/swapfile";
size = 1024;
}];
hardware = { hardware = {
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
}; };
networking = { networking = {
enableB43Firmware = false; # If true, enable Pi wireless firmware enableB43Firmware = false; # If true, enable Pi wireless firmware
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
libraspberrypi # Userland tools for the Raspberry Pi board [
]; libraspberrypi # Userland tools for the Raspberry Pi board
];
} }

15
hosts/airgead.nix
View file

@ -4,16 +4,15 @@
{ {
imports = imports = [
[ ../networks/linode.nix
../networks/linode.nix ../profiles/cardano-node.nix
../profiles/cardano-node.nix ../secrets/airgead.nix
../secrets/airgead.nix ];
];
deployment.targetHost = "172.105.187.96"; deployment.targetHost = "172.105.187.96";
networking.hostName = "airgead"; # Define your hostname. networking.hostName = "airgead"; # Define your hostname.
system.stateVersion = "20.03"; # The version of NixOS originally installed system.stateVersion = "20.03"; # The version of NixOS originally installed
} }

15
hosts/ceilidh.nix
View file

@ -3,13 +3,11 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [ ../hardware/odroid-hc4 ];
../hardware/odroid-hc4
];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.121"; deployment.targetHost = "10.42.0.121";
networking.hostName = "ceilidh"; # Define your hostname. networking.hostName = "ceilidh"; # Define your hostname.
# Ensure the right package architecture is used # Ensure the right package architecture is used
nixpkgs = { nixpkgs = {
@ -23,9 +21,10 @@
}; };
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
gnupg # GPL OpenPGP implementation [
]; gnupg # GPL OpenPGP implementation
];
system.stateVersion = "21.05"; # The version of NixOS originally installed system.stateVersion = "21.05"; # The version of NixOS originally installed
} }

41
hosts/cuallaidh.nix
View file

@ -4,29 +4,28 @@
{ {
imports = imports = [
[ ../networks/linode.nix
../networks/linode.nix ../profiles/coturn.nix
../profiles/coturn.nix ../profiles/cryptpad.nix
../profiles/cryptpad.nix ../profiles/gitea.nix
../profiles/gitea.nix #../profiles/hydra.nix
#../profiles/hydra.nix ../profiles/iohk.nix
../profiles/iohk.nix ../profiles/matrix.nix
../profiles/matrix.nix ../profiles/mcwhirter.io.nix
../profiles/mcwhirter.io.nix ../profiles/minecraftServer.nix
../profiles/minecraftServer.nix ../profiles/nextcloud.nix
../profiles/nextcloud.nix ../profiles/nixpkgs-dev.nix
../profiles/nixpkgs-dev.nix ../profiles/taskserver.nix
../profiles/taskserver.nix #../profiles/tmate-ssh-server.nix
#../profiles/tmate-ssh-server.nix ../profiles/tt-rss.nix
../profiles/tt-rss.nix ../secrets/gitea.nix
../secrets/gitea.nix ../secrets/tt-rss.nix
../secrets/tt-rss.nix ];
];
deployment.targetHost = "172.105.171.16"; deployment.targetHost = "172.105.171.16";
networking.hostName = "cuallaidh"; # Define your hostname. networking.hostName = "cuallaidh"; # Define your hostname.
system.stateVersion = "19.03"; # The version of NixOS originally installed system.stateVersion = "19.03"; # The version of NixOS originally installed
} }

6
hosts/dhu.nix
View file

@ -4,14 +4,14 @@
{ {
imports = [ imports = [
../hardware/eeepc701.nix # Include common configuration options ../hardware/eeepc701.nix # Include common configuration options
../secrets/wireless.nix ../secrets/wireless.nix
../profiles/sway.nix ../profiles/sway.nix
]; ];
deployment.targetHost = "10.42.0.119"; deployment.targetHost = "10.42.0.119";
networking.hostName = "dhu"; # Define your hostname. networking.hostName = "dhu"; # Define your hostname.
system.stateVersion = "20.09"; # The version of NixOS originally installed system.stateVersion = "20.09"; # The version of NixOS originally installed
} }

143
hosts/dionach.nix
View file

@ -5,40 +5,37 @@
{ {
imports = [ imports = [
../hardware/purism_librem_15.nix # Include results of the hardware scan. ../hardware/purism_librem_15.nix # Include results of the hardware scan.
../profiles/android.nix # Provide an Android dev environment ../profiles/android.nix # Provide an Android dev environment
../profiles/cron-craige.nix # Provide Craige's cron jobs ../profiles/cron-craige.nix # Provide Craige's cron jobs
../profiles/daedalus.nix # The open source cryptocurrency wallet for ADA ../profiles/daedalus.nix # The open source cryptocurrency wallet for ADA
../profiles/desktop-feeds.nix # Tools for news feeds and podcasts ../profiles/desktop-feeds.nix # Tools for news feeds and podcasts
../profiles/desktopCraige.nix # Craige's desktop tools and apps ../profiles/desktopCraige.nix # Craige's desktop tools and apps
../profiles/haskell-dev.nix # Haskel dev environment ../profiles/haskell-dev.nix # Haskel dev environment
../profiles/host_common.nix # Common host configuration options ../profiles/host_common.nix # Common host configuration options
../profiles/iohk.nix # IOHK environment ../profiles/iohk.nix # IOHK environment
../profiles/keyboard.nix ../profiles/keyboard.nix
../profiles/neomutt.nix # Neomutt email ../profiles/neomutt.nix # Neomutt email
../profiles/nix-community.nix # Nix community aarch64 tooling ../profiles/nix-community.nix # Nix community aarch64 tooling
../profiles/nix-mio-ops.nix # mio-ops Nix tooling ../profiles/nix-mio-ops.nix # mio-ops Nix tooling
../profiles/nixpkgs-dev.nix # Nix pkgs dev tools ../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
../profiles/openssh.nix # Enable and configure openssh ../profiles/openssh.nix # Enable and configure openssh
../profiles/powerManagement.nix # Power management for laptops ../profiles/powerManagement.nix # Power management for laptops
../profiles/qemu.nix # Qemu virtualisation ../profiles/qemu.nix # Qemu virtualisation
../profiles/typingTutor.nix # Typing tutorials ../profiles/typingTutor.nix # Typing tutorials
../profiles/weechat.nix # Weechat environment ../profiles/weechat.nix # Weechat environment
../profiles/xmonad.nix # Xmonad desktop environment ../profiles/xmonad.nix # Xmonad desktop environment
../profiles/yubikey.nix # Yubikey tooling ../profiles/yubikey.nix # Yubikey tooling
../secrets/craige.nix # Ssshhhhh! ../secrets/craige.nix # Ssshhhhh!
../secrets/root.nix # Ssshhhhh! ../secrets/root.nix # Ssshhhhh!
../secrets/wireless.nix # Hey look! A squirrel! ../secrets/wireless.nix # Hey look! A squirrel!
]; ];
deployment.targetHost = "localhost"; deployment.targetHost = "localhost";
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ permittedInsecurePackages = [ "openssl-1.0.2u" "minecraft" ];
"openssl-1.0.2u"
"minecraft"
];
}; };
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
@ -49,15 +46,15 @@
boot.extraModprobeConfig = "options kvm_intel nested=1"; boot.extraModprobeConfig = "options kvm_intel nested=1";
networking = { networking = {
hostName = "dionach"; # Define your hostname. hostName = "dionach"; # Define your hostname.
}; };
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs; [
dejavu_fonts # A typeface family based on the Bitstream Vera fonts dejavu_fonts # A typeface family based on the Bitstream Vera fonts
fira-code # Monospace font with programming ligatures fira-code # Monospace font with programming ligatures
#monoid # Customisable coding font with alternates, ligatures and contextual positioning #monoid # Customisable coding font with alternates, ligatures and contextual positioning
nerdfonts # Iconic font aggregator, collection, & patcher nerdfonts # Iconic font aggregator, collection, & patcher
xkcd-font # Font based handwriting in xkcd comics xkcd-font # Font based handwriting in xkcd comics
]; ];
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
@ -65,17 +62,17 @@
bash bash
binutils binutils
bluez-tools bluez-tools
brave # Privacy-oriented browser brave # Privacy-oriented browser
bridge-utils # for brctl bridge-utils # for brctl
chromium chromium
clang clang
ddrescue ddrescue
docutils # Python Documentation Utilities docutils # Python Documentation Utilities
electrum # Bitcoin wallet electrum # Bitcoin wallet
element-desktop # A feature-rich client for Matrix.org element-desktop # A feature-rich client for Matrix.org
evince evince
exiftool # A tool to read, write and edit EXIF meta information exiftool # A tool to read, write and edit EXIF meta information
ffmpeg-full # record, convert and stream audio and video ffmpeg-full # record, convert and stream audio and video
file file
firefox firefox
gcc gcc
@ -83,69 +80,69 @@
gnome2.gvfs gnome2.gvfs
gnumake gnumake
gnused gnused
google-authenticator # 2FA google-authenticator # 2FA
google-chrome # A freeware web browser developed by Google google-chrome # A freeware web browser developed by Google
googleearth # A world sphere viewer googleearth # A world sphere viewer
graphviz # Graph visualization tools graphviz # Graph visualization tools
gvfs gvfs
imagemagick imagemagick
inetutils # Common network utilies inetutils # Common network utilies
inotify-tools inotify-tools
iptables # iptables iptables # iptables
libmtp libmtp
libgphoto2 libgphoto2
libreoffice-fresh # Libreoffice - fresh version libreoffice-fresh # Libreoffice - fresh version
lxmenu-data lxmenu-data
minecraft minecraft
mkpasswd mkpasswd
mp3info # MP3 tag editor / query tool mp3info # MP3 tag editor / query tool
mpd mpd
mplayer mplayer
mtpfs mtpfs
multimc multimc
ncmpcpp ncmpcpp
nextcloud-client nextcloud-client
nvme-cli # NVM-Express user space tooling for Linux nvme-cli # NVM-Express user space tooling for Linux
obs-studio # Free and open source software for video recording and live streaming obs-studio # Free and open source software for video recording and live streaming
openjdk8 openjdk8
openssl # A cryptographic library that implements the SSL and TLS protocols openssl # A cryptographic library that implements the SSL and TLS protocols
p7zip p7zip
pandoc pandoc
pavucontrol pavucontrol
pcmanfm pcmanfm
pstree # Show the set of running processes as a tree pstree # Show the set of running processes as a tree
pwgen pwgen
python38Packages.pygments python38Packages.pygments
pythonFull pythonFull
python38Packages.restview # ReStructuredText viewer python38Packages.restview # ReStructuredText viewer
python38Packages.sphinx # A tool that makes it easy to create intelligent and beautifulul documentation for Python projects python38Packages.sphinx # A tool that makes it easy to create intelligent and beautifulul documentation for Python projects
radiotray-ng # Internet radio player radiotray-ng # Internet radio player
rdiff-backup # External backups rdiff-backup # External backups
shared_mime_info shared_mime_info
shotwell shotwell
signal-desktop signal-desktop
smartmontools # Tools for monitoring the health of hard drives smartmontools # Tools for monitoring the health of hard drives
sshfs sshfs
taskwarrior # Highly flexible command-line tool to manage TODO lists taskwarrior # Highly flexible command-line tool to manage TODO lists
tcpdump # tcpdump tcpdump # tcpdump
tectonic tectonic
tdesktop # Telegram Desktop messaging app tdesktop # Telegram Desktop messaging app
termonad-with-packages termonad-with-packages
texlive.combined.scheme-full texlive.combined.scheme-full
tmate # Instant Terminal Sharing tmate # Instant Terminal Sharing
tpm-tools tpm-tools
#tor-browser-bundle-bin #tor-browser-bundle-bin
tree # Command to produce a depth indented directory listing tree # Command to produce a depth indented directory listing
udevil udevil
unrar unrar
unzip unzip
vcsh vcsh
vgo2nix # Required for packaging Golang applications vgo2nix # Required for packaging Golang applications
wget wget
wesnoth # Turn-based strategy game wesnoth # Turn-based strategy game
xorg.xev xorg.xev
youtube-dl youtube-dl
zip # zip all the zip's zip # zip all the zip's
zlib zlib
zlib.dev zlib.dev
]; ];
@ -162,17 +159,17 @@
networking.firewall = { networking.firewall = {
enable = true; enable = true;
checkReversePath = false; # Needed for libvirtd checkReversePath = false; # Needed for libvirtd
allowedTCPPorts = [ 15000 ]; allowedTCPPorts = [ 15000 ];
}; };
# Virtualisation configuration: # Virtualisation configuration:
virtualisation = { virtualisation = {
libvirtd = { libvirtd = {
enable = true; # Enable libvirtd enable = true; # Enable libvirtd
#qemuPackage = pkgs.qemu_kvm; # Enable guest only for the same arch #qemuPackage = pkgs.qemu_kvm; # Enable guest only for the same arch
qemuPackage = pkgs.qemu; # Enable full emulation qemuPackage = pkgs.qemu; # Enable full emulation
onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown
extraConfig = '' extraConfig = ''
disk_bus = "virtio" disk_bus = "virtio"
''; '';
@ -200,9 +197,7 @@
Enable = "Source,Sink,Media,Socket"; Enable = "Source,Sink,Media,Socket";
NoPlugin = "sap"; NoPlugin = "sap";
}; };
Policy = { Policy = { AutoEnable = "true"; };
AutoEnable = "true";
};
}; };
}; };
opengl.enable = true; opengl.enable = true;
@ -216,11 +211,7 @@
TCPKeepAlive no TCPKeepAlive no
''; '';
users.groups = { users.groups = { lp.members = [ "messagebus" ]; };
lp.members = [
"messagebus"
];
};
# This value determines the NixOS release with which your system is to be # This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database # compatible, in order to avoid breaking some software such as database

15
hosts/iolear-beag.nix
View file

@ -3,12 +3,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[ ../hardware/lenovo_x201.nix
../hardware/lenovo_x201.nix ../profiles/desktop_common.nix
../profiles/desktop_common.nix ../profiles/wine.nix
../profiles/wine.nix ];
];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
@ -16,8 +15,8 @@
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
deployment.targetHost = "10.42.0.116"; deployment.targetHost = "10.42.0.116";
networking.hostName = "iolear-beag"; # Define your hostname. networking.hostName = "iolear-beag"; # Define your hostname.
system.stateVersion = "18.09"; # The version of NixOS originally installed system.stateVersion = "18.09"; # The version of NixOS originally installed
} }

8
hosts/paidh-aon.nix
View file

@ -3,13 +3,11 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [ ../networks/pi2B_rack.nix ];
../networks/pi2B_rack.nix
];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
#deployment.targetHost = "10.69.0.201"; #deployment.targetHost = "10.69.0.201";
networking.hostName = "paidh-aon"; # Define your hostname. networking.hostName = "paidh-aon"; # Define your hostname.
system.stateVersion = "20.03"; # The version of NixOS originally installed system.stateVersion = "20.03"; # The version of NixOS originally installed
} }

11
hosts/paidh-ceithir.nix
View file

@ -3,16 +3,13 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [ ../networks/pi3B_rack.nix ];
../networks/pi3B_rack.nix
];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.204"; deployment.targetHost = "10.42.0.204";
networking.hostName = "paidh-ceithir"; # Define your hostname. networking.hostName = "paidh-ceithir"; # Define your hostname.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ ];
];
system.stateVersion = "20.09"; # The version of NixOS originally installed system.stateVersion = "20.09"; # The version of NixOS originally installed
} }

11
hosts/paidh-coig.nix
View file

@ -3,16 +3,13 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [ ../networks/pi3B_rack.nix ];
../networks/pi3B_rack.nix
];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.205"; deployment.targetHost = "10.42.0.205";
networking.hostName = "paidh-coig"; # Define your hostname. networking.hostName = "paidh-coig"; # Define your hostname.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ ];
];
system.stateVersion = "20.09"; # The version of NixOS originally installed system.stateVersion = "20.09"; # The version of NixOS originally installed
} }

4
hosts/paidh-dha.nix
View file

@ -11,7 +11,7 @@
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.202"; deployment.targetHost = "10.42.0.202";
networking.hostName = "paidh-dha"; # Define your hostname. networking.hostName = "paidh-dha"; # Define your hostname.
system.stateVersion = "20:09"; # The version of NixOS originally installed system.stateVersion = "20:09"; # The version of NixOS originally installed
} }

16
hosts/paidh-tri.nix
View file

@ -3,18 +3,16 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [ ../networks/pi3B_rack.nix ../profiles/cyclone-ibis.nix ];
../networks/pi3B_rack.nix
../profiles/cyclone-ibis.nix
];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.203"; deployment.targetHost = "10.42.0.203";
networking.hostName = "paidh-tri"; # Define your hostname. networking.hostName = "paidh-tri"; # Define your hostname.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
gnupg # GPL OpenPGP implementation [
]; gnupg # GPL OpenPGP implementation
];
system.stateVersion = "20.09"; # The version of NixOS originally installed system.stateVersion = "20.09"; # The version of NixOS originally installed
} }

19
hosts/paidh-uachdar.nix
View file

@ -9,14 +9,14 @@
../profiles/openssh.nix ../profiles/openssh.nix
../profiles/pi_common.nix ../profiles/pi_common.nix
#../profiles/xmonad.nix #../profiles/xmonad.nix
../secrets/craige.nix # Ssshhhhh! ../secrets/craige.nix # Ssshhhhh!
../secrets/root.nix # Ssshhhhh! ../secrets/root.nix # Ssshhhhh!
../secrets/wireless.nix # Hey look! A squirrel! ../secrets/wireless.nix # Hey look! A squirrel!
]; ];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.125"; deployment.targetHost = "10.42.0.125";
networking.hostName = "paidh-uachdar"; # Define your hostname. networking.hostName = "paidh-uachdar"; # Define your hostname.
# Ensure the right package architecture is used # Ensure the right package architecture is used
nixpkgs = { nixpkgs = {
@ -31,12 +31,13 @@
}; };
documentation = { documentation = {
nixos.enable = false; # Save some space by disabling the manual nixos.enable = false; # Save some space by disabling the manual
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
gnupg # GPL OpenPGP implementation [
]; gnupg # GPL OpenPGP implementation
];
system.stateVersion = "20.09"; # The version of NixOS originally installed system.stateVersion = "20.09"; # The version of NixOS originally installed
} }

15
hosts/sithlainnir.nix
View file

@ -3,12 +3,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[ ../hardware/lenovo_x201.nix
../hardware/lenovo_x201.nix ../profiles/desktopFiona.nix
../profiles/desktopFiona.nix ../profiles/desktop_common.nix
../profiles/desktop_common.nix ];
];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
@ -16,8 +15,8 @@
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
deployment.targetHost = "10.42.0.125"; deployment.targetHost = "10.42.0.125";
networking.hostName = "sithlainnir"; # Define your hostname. networking.hostName = "sithlainnir"; # Define your hostname.
system.stateVersion = "18.09"; # The version of NixOS originally installed system.stateVersion = "18.09"; # The version of NixOS originally installed
} }

17
hosts/teintidh.nix
View file

@ -3,13 +3,12 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[ ../hardware/lenovo_x201.nix
../hardware/lenovo_x201.nix ../profiles/desktop_common.nix
../profiles/desktop_common.nix ../profiles/haskell-dev.nix
../profiles/haskell-dev.nix ../profiles/kids-dev.nix
../profiles/kids-dev.nix ];
];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
@ -17,8 +16,8 @@
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
deployment.targetHost = "10.42.0.127"; deployment.targetHost = "10.42.0.127";
networking.hostName = "teintidh"; # Define your hostname. networking.hostName = "teintidh"; # Define your hostname.
system.stateVersion = "18.09"; # The version of NixOS originally installed system.stateVersion = "18.09"; # The version of NixOS originally installed
} }

17
images/sd-image_paidh-aarch64.nix
View file

@ -6,12 +6,11 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
extlinux-conf-builder = extlinux-conf-builder = import
import <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> { <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
pkgs = pkgs.buildPackages; pkgs = pkgs.buildPackages;
}; };
in in {
{
imports = [ imports = [
<nixpkgs/nixos/modules/profiles/base.nix> <nixpkgs/nixos/modules/profiles/base.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/sd-image.nix> <nixpkgs/nixos/modules/installer/cd-dvd/sd-image.nix>
@ -35,11 +34,11 @@ in
# when attempting to show low-voltage or overtemperature warnings. # when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1 avoid_warnings=1
''; '';
in '' in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/) (cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
cp ${configTxt} firmware/config.txt cp ${configTxt} firmware/config.txt
''; '';
populateRootCommands = '' populateRootCommands = ''
mkdir -p ./files/boot mkdir -p ./files/boot
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot

5
images/sd-image_paidh-aon.nix
View file

@ -11,9 +11,6 @@
{ ... }: { { ... }: {
imports = [ imports = [ ./sd-image_paidh-armv7.nix ../hosts/paidh-aon.nix ];
./sd-image_paidh-armv7.nix
../hosts/paidh-aon.nix
];
} }

17
images/sd-image_paidh-armv7.nix
View file

@ -6,12 +6,11 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
extlinux-conf-builder = extlinux-conf-builder = import
import <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> { <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
pkgs = pkgs.buildPackages; pkgs = pkgs.buildPackages;
}; };
in in {
{
imports = [ imports = [
<nixpkgs/nixos/modules/profiles/base.nix> <nixpkgs/nixos/modules/profiles/base.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/sd-image.nix> <nixpkgs/nixos/modules/installer/cd-dvd/sd-image.nix>
@ -33,11 +32,11 @@ in
# TODO: check when/if this can be removed. # TODO: check when/if this can be removed.
enable_uart=1 enable_uart=1
''; '';
in '' in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/) (cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
cp ${pkgs.ubootRaspberryPi2}/u-boot.bin firmware/u-boot-rpi2.bin cp ${pkgs.ubootRaspberryPi2}/u-boot.bin firmware/u-boot-rpi2.bin
cp ${configTxt} firmware/config.txt cp ${configTxt} firmware/config.txt
''; '';
populateRootCommands = '' populateRootCommands = ''
mkdir -p ./files/boot mkdir -p ./files/boot
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot

5
images/sd-image_paidh-ceithir.nix
View file

@ -11,9 +11,6 @@
{ ... }: { { ... }: {
imports = [ imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-ceithir.nix ];
./sd-image_paidh-aarch64.nix
../hosts/paidh-ceithir.nix
];
} }

5
images/sd-image_paidh-coig.nix
View file

@ -11,9 +11,6 @@
{ ... }: { { ... }: {
imports = [ imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-coig.nix ];
./sd-image_paidh-aarch64.nix
../hosts/paidh-coig.nix
];
} }

5
images/sd-image_paidh-dha.nix
View file

@ -2,9 +2,6 @@
{ ... }: { { ... }: {
imports = [ imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-dha.nix ];
./sd-image_paidh-aarch64.nix
../hosts/paidh-dha.nix
];
} }

5
images/sd-image_paidh-tri.nix
View file

@ -11,9 +11,6 @@
{ ... }: { { ... }: {
imports = [ imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-tri.nix ];
./sd-image_paidh-aarch64.nix
../hosts/paidh-tri.nix
];
} }

55
images/usb-yubikey.nix
View file

@ -2,37 +2,36 @@
# #
# Usage: nix-build -A iso images/usb-yubikey.nix # Usage: nix-build -A iso images/usb-yubikey.nix
{ nixpkgs? <nixpkgs>, system ? "x86_64-linux" }: { nixpkgs ? <nixpkgs>, system ? "x86_64-linux" }:
let let
config = { pkgs, ... }: config = { pkgs, ... }:
with pkgs; { with pkgs; {
imports = [<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>]; imports = [
boot.supportedFilesystems = [ "zfs" ]; <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
boot.kernelParams = [ "console=ttyS0,115200n8" ]; ];
programs = { boot.supportedFilesystems = [ "zfs" ];
ssh.startAgent = false; boot.kernelParams = [ "console=ttyS0,115200n8" ];
gnupg.agent = { programs = {
enable = true; ssh.startAgent = false;
enableSSHSupport = true; gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
}; };
services.pcscd.enable = true;
services.udev.packages = [ yubikey-personalization ];
environment.systemPackages = [
curl # Tool for transferring files with URL syntax
gnupg # GNU Privacy Guard
paperkey # Store OpenPGP or GnuPG on paper
pinentry # GnuPGs interface to passphrase input
wget # Retrieve files using HTTP, HTTPS, and FTP
];
nixpkgs.config.allowUnfree = true;
#services.openssh.enable = false;
}; };
services.pcscd.enable = true; evalNixos = configuration:
services.udev.packages = [ yubikey-personalization ]; import <nixpkgs/nixos> { inherit system configuration; };
environment.systemPackages = [
curl # Tool for transferring files with URL syntax
gnupg # GNU Privacy Guard
paperkey # Store OpenPGP or GnuPG on paper
pinentry # GnuPGs interface to passphrase input
wget # Retrieve files using HTTP, HTTPS, and FTP
];
nixpkgs.config.allowUnfree = true;
#services.openssh.enable = false;
};
evalNixos = configuration: import <nixpkgs/nixos> {
inherit system configuration;
};
in { in { iso = (evalNixos config).config.system.build.isoImage; }
iso = (evalNixos config).config.system.build.isoImage;
}

12
networks/linode-common.nix
View file

@ -3,11 +3,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = imports = [ ../profiles/host_common.nix ../profiles/server_common.nix ];
[
../profiles/host_common.nix
../profiles/server_common.nix
];
# Ensure the right package architecture is used # Ensure the right package architecture is used
nixpkgs.localSystem = { nixpkgs.localSystem = {
@ -16,11 +12,7 @@
}; };
# Tools that Linode support like to have install if you need them. # Tools that Linode support like to have install if you need them.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ inetutils mtr sysstat ];
inetutils
mtr
sysstat
];
# Configure firewall defaults: # Configure firewall defaults:
networking = { networking = {

6
networks/linode-encrypted.nix
View file

@ -3,9 +3,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = imports = [ ../hardware/linode_vm-encrypted.nix ./linode-common.nix ];
[
../hardware/linode_vm-encrypted.nix
./linode-common.nix
];
} }

6
networks/linode.nix
View file

@ -3,9 +3,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = imports = [ ../hardware/linode_vm.nix ./linode-common.nix ];
[
../hardware/linode_vm.nix
./linode-common.nix
];
} }

24
networks/pi2B_rack.nix
View file

@ -2,24 +2,22 @@
{ {
imports = imports = [
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix> ../hardware/raspberry_pi_2_model_B.nix
../hardware/raspberry_pi_2_model_B.nix ../profiles/host_common.nix
../profiles/host_common.nix ../profiles/pi_common.nix
../profiles/pi_common.nix ../profiles/server_common.nix
../profiles/server_common.nix ];
];
# Ensure the right package architecture is used # Ensure the right package architecture is used
nixpkgs.crossSystem = { nixpkgs.crossSystem = { system = "armv7l-linux"; };
system = "armv7l-linux";
};
networking.wireless.enable = false; # Toggles wireless support via wpa_supplicant. networking.wireless.enable =
false; # Toggles wireless support via wpa_supplicant.
documentation = { documentation = {
nixos.enable = false; # Save some space by disabling the manual nixos.enable = false; # Save some space by disabling the manual
}; };
users.users.root = { users.users.root = {

20
networks/pi3B_rack.nix
View file

@ -2,14 +2,13 @@
{ {
imports = imports = [
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix> ../hardware/raspberry_pi_3_model_B.nix
../hardware/raspberry_pi_3_model_B.nix ../profiles/host_common.nix
../profiles/host_common.nix ../profiles/pi_common.nix
../profiles/pi_common.nix ../profiles/server_common.nix
../profiles/server_common.nix ];
];
# Ensure the right package architecture is used # Ensure the right package architecture is used
nixpkgs.localSystem = { nixpkgs.localSystem = {
@ -18,10 +17,11 @@
allowUnfree = true; allowUnfree = true;
}; };
networking.wireless.enable = false; # Toggles wireless support via wpa_supplicant. networking.wireless.enable =
false; # Toggles wireless support via wpa_supplicant.
documentation = { documentation = {
nixos.enable = false; # Save some space by disabling the manual nixos.enable = false; # Save some space by disabling the manual
}; };
users.users.root = { users.users.root = {

31
nix/default.nix
View file

@ -1,31 +1,22 @@
{ sources ? import ./sources.nix { sources ? import ./sources.nix, system ? builtins.currentSystem
, system ? builtins.currentSystem , crossSystem ? null, config ? { } }:
, crossSystem ? null
, config ? {} }:
let let
# our own overlays: # our own overlays:
local-overlays = [ local-overlays = [ ];
];
globals = globals = if builtins.pathExists ../globals.nix then
if builtins.pathExists ../globals.nix [ (import ../globals.nix) ]
then [(import ../globals.nix)] else
else builtins.trace "globals.nix missing, please add symlink" []; builtins.trace "globals.nix missing, please add symlink" [ ];
# merge upstream sources with our own: # merge upstream sources with our own:
upstream-overlays = [ upstream-overlays = [
( _: super: { (_: super: {
sources = (super.sources or {}) // sources; sources = (super.sources or { }) // sources;
}) })
]; ];
overlays = overlays = local-overlays ++ globals ++ upstream-overlays;
local-overlays ++ in import sources.nixpkgs { inherit overlays system crossSystem config; }
globals ++
upstream-overlays;
in
import sources.nixpkgs {
inherit overlays system crossSystem config;
}

135
nix/sources.nix
View file

@ -19,29 +19,28 @@ let
pkgs.fetchzip { inherit (spec) url sha256; }; pkgs.fetchzip { inherit (spec) url sha256; };
fetch_git = spec: fetch_git = spec:
builtins.fetchGit { url = spec.repo; inherit (spec) rev ref; }; builtins.fetchGit {
url = spec.repo;
inherit (spec) rev ref;
};
fetch_builtin-tarball = spec: fetch_builtin-tarball = spec:
builtins.trace builtins.trace ''
'' WARNING:
WARNING: The niv type "builtin-tarball" will soon be deprecated. You should
The niv type "builtin-tarball" will soon be deprecated. You should instead use `builtin = true`.
instead use `builtin = true`.
$ niv modify <package> -a type=tarball -a builtin=true $ niv modify <package> -a type=tarball -a builtin=true
'' '' builtins_fetchTarball { inherit (spec) url sha256; };
builtins_fetchTarball { inherit (spec) url sha256; };
fetch_builtin-url = spec: fetch_builtin-url = spec:
builtins.trace builtins.trace ''
'' WARNING:
WARNING: The niv type "builtin-url" will soon be deprecated. You should
The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
instead use `builtin = true`.
$ niv modify <package> -a type=file -a builtin=true $ niv modify <package> -a type=file -a builtin=true
'' '' (builtins_fetchurl { inherit (spec) url sha256; });
(builtins_fetchurl { inherit (spec) url sha256; });
# #
# Various helpers # Various helpers
@ -51,84 +50,84 @@ let
mkPkgs = sources: mkPkgs = sources:
let let
sourcesNixpkgs = sourcesNixpkgs =
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {}; import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; })
{ };
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.; hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in in if builtins.hasAttr "nixpkgs" sources then
if builtins.hasAttr "nixpkgs" sources sourcesNixpkgs
then sourcesNixpkgs else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then import <nixpkgs> { }
import <nixpkgs> {} else
else abort ''
abort Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
'' add a package called "nixpkgs" to your sources.json.
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or '';
add a package called "nixpkgs" to your sources.json.
'';
# The actual fetching function. # The actual fetching function.
fetch = pkgs: name: spec: fetch = pkgs: name: spec:
if ! builtins.hasAttr "type" spec then if !builtins.hasAttr "type" spec then
abort "ERROR: niv spec ${name} does not have a 'type' attribute" abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file" then fetch_file pkgs spec else if spec.type == "file" then
else if spec.type == "tarball" then fetch_tarball pkgs spec fetch_file pkgs spec
else if spec.type == "git" then fetch_git spec else if spec.type == "tarball" then
else if spec.type == "builtin-tarball" then fetch_builtin-tarball spec fetch_tarball pkgs spec
else if spec.type == "builtin-url" then fetch_builtin-url spec else if spec.type == "git" then
fetch_git spec
else if spec.type == "builtin-tarball" then
fetch_builtin-tarball spec
else if spec.type == "builtin-url" then
fetch_builtin-url spec
else else
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; abort
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
# Ports of functions for older nix versions # Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist # a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs = builtins.mapAttrs or ( mapAttrs = builtins.mapAttrs or (f: set:
f: set: with builtins; with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) listToAttrs (map (attr: {
); name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# fetchTarball version that is compatible between all the versions of Nix # fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = { url, sha256 }@attrs: builtins_fetchTarball = { url, sha256 }@attrs:
let let inherit (builtins) lessThan nixVersion fetchTarball;
inherit (builtins) lessThan nixVersion fetchTarball; in if lessThan nixVersion "1.12" then
in fetchTarball { inherit url; }
if lessThan nixVersion "1.12" then else
fetchTarball { inherit url; } fetchTarball attrs;
else
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix # fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = { url, sha256 }@attrs: builtins_fetchurl = { url, sha256 }@attrs:
let let inherit (builtins) lessThan nixVersion fetchurl;
inherit (builtins) lessThan nixVersion fetchurl; in if lessThan nixVersion "1.12" then
in fetchurl { inherit url; }
if lessThan nixVersion "1.12" then else
fetchurl { inherit url; } fetchurl attrs;
else
fetchurl attrs;
# Create the final "sources" from the config # Create the final "sources" from the config
mkSources = config: mkSources = config:
mapAttrs ( mapAttrs (name: spec:
name: spec: if builtins.hasAttr "outPath" spec then
if builtins.hasAttr "outPath" spec abort
then abort "The values in sources.json should not have an 'outPath' attribute"
"The values in sources.json should not have an 'outPath' attribute" else
else spec // { outPath = fetch config.pkgs name spec; }) config.sources;
spec // { outPath = fetch config.pkgs name spec; }
) config.sources;
# The "config" used by the fetchers # The "config" used by the fetchers
mkConfig = mkConfig = { sourcesFile ? ./sources.json
{ sourcesFile ? ./sources.json
, sources ? builtins.fromJSON (builtins.readFile sourcesFile) , sources ? builtins.fromJSON (builtins.readFile sourcesFile)
, pkgs ? mkPkgs sources , pkgs ? mkPkgs sources }: rec {
}: rec {
# The sources, i.e. the attribute set of spec name to spec # The sources, i.e. the attribute set of spec name to spec
inherit sources; inherit sources;
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
inherit pkgs; inherit pkgs;
}; };
in in mkSources (mkConfig { }) // {
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); } __functor = _: settings: mkSources (mkConfig settings);
}

6
overlays/nixUnstable.nix
View file

@ -1,4 +1,4 @@
let sources = import ../nix/sources.nix {}; in let sources = import ../nix/sources.nix { };
final: prev: { in final: prev: {
nixUnstable = (import sources.nixos-unstable {}).nixUnstable; nixUnstable = (import sources.nixos-unstable { }).nixUnstable;
} }

7
overlays/qemu/default.nix
View file

@ -4,9 +4,10 @@
self: super: self: super:
{ {
qemu-user-arm = if self.stdenv.system == "x86_64-linux" qemu-user-arm = if self.stdenv.system == "x86_64-linux" then
then self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; } self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; }
else self.callPackage ./qemu { user_arch = "arm"; }; else
self.callPackage ./qemu { user_arch = "arm"; };
qemu-user-x86 = self.callPackage ./qemu { user_arch = "x86_64"; }; qemu-user-x86 = self.callPackage ./qemu { user_arch = "x86_64"; };
qemu-user-arm64 = self.callPackage ./qemu { user_arch = "aarch64"; }; qemu-user-arm64 = self.callPackage ./qemu { user_arch = "aarch64"; };
qemu-user-riscv32 = self.callPackage ./qemu { user_arch = "riscv32"; }; qemu-user-riscv32 = self.callPackage ./qemu { user_arch = "riscv32"; };

27
overlays/qemu/qemu/default.nix
View file

@ -1,13 +1,13 @@
# Based up original waokr by cleverca22 # Based up original waokr by cleverca22
# https://raw.githubusercontent.com/cleverca22/nixos-configs/master/overlays/qemu/qemu/default.nix # https://raw.githubusercontent.com/cleverca22/nixos-configs/master/overlays/qemu/qemu/default.nix
{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison, { stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison
makeStaticLibraries, glibc, qemu, fetchFromGitHub }: , makeStaticLibraries, glibc, qemu, fetchFromGitHub }:
let let
env2 = makeStaticLibraries stdenv; env2 = makeStaticLibraries stdenv;
myglib = (glib.override { stdenv = env2; }).overrideAttrs (drv: { myglib = (glib.override { stdenv = env2; }).overrideAttrs (drv: {
mesonFlags = (drv.mesonFlags or []) ++ [ "-Ddefault_library=both" ]; mesonFlags = (drv.mesonFlags or [ ]) ++ [ "-Ddefault_library=both" ];
}); });
riscv_src = fetchFromGitHub { riscv_src = fetchFromGitHub {
owner = "riscv"; owner = "riscv";
@ -22,18 +22,23 @@ let
riscv64 = "x86_64"; riscv64 = "x86_64";
x86_64 = "x86_64"; x86_64 = "x86_64";
}; };
in in stdenv.mkDerivation rec {
stdenv.mkDerivation rec {
name = "qemu-user-${user_arch}-${version}"; name = "qemu-user-${user_arch}-${version}";
version = "3.1.0"; version = "3.1.0";
src = if is_riscv then riscv_src else qemu.src; src = if is_riscv then riscv_src else qemu.src;
buildInputs = [ python pkgconfig zlib.static myglib flex bison glibc.static ]; buildInputs = [ python pkgconfig zlib.static myglib flex bison glibc.static ];
patches = [ ./qemu-stack.patch ]; patches = [ ./qemu-stack.patch ];
configureFlags = [ configureFlags = [
"--enable-linux-user" "--target-list=${user_arch}-linux-user" "--enable-linux-user"
"--disable-bsd-user" "--disable-system" "--disable-vnc" "--target-list=${user_arch}-linux-user"
"--disable-curses" "--disable-sdl" "--disable-vde" "--disable-bsd-user"
"--disable-bluez" "--disable-kvm" "--disable-system"
"--disable-vnc"
"--disable-curses"
"--disable-sdl"
"--disable-vde"
"--disable-bluez"
"--disable-kvm"
"--static" "--static"
"--disable-tools" "--disable-tools"
"--cpu=${arch_map.${user_arch}}" "--cpu=${arch_map.${user_arch}}"
@ -41,6 +46,8 @@ stdenv.mkDerivation rec {
NIX_LDFLAGS = [ "-lglib-2.0" ]; NIX_LDFLAGS = [ "-lglib-2.0" ];
enableParallelBuilding = true; enableParallelBuilding = true;
postInstall = '' postInstall = ''
cc -static ${./qemu-wrap.c} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap cc -static ${
./qemu-wrap.c
} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap
''; '';
} }

14
profiles/android.nix
View file

@ -5,20 +5,18 @@
{ {
nixpkgs.config = { nixpkgs.config = {
android_sdk.accept_license = true; # Accept the Android SDK licence android_sdk.accept_license = true; # Accept the Android SDK licence
}; };
programs.adb.enable = true; # Enable Android Debug Bridge programs.adb.enable = true; # Enable Android Debug Bridge
# Install other packages that I require to be used with Android. # Install other packages that I require to be used with Android.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gitRepo # Android's repo management tool gitRepo # Android's repo management tool
heimdall # Needed to work with Samsung devices heimdall # Needed to work with Samsung devices
kconfig-frontends # Linux kconfig infrastructure kconfig-frontends # Linux kconfig infrastructure
]; ];
users.groups.adbusers.members = [ users.groups.adbusers.members = [ "craige" ];
"craige"
];
} }

32
profiles/cardano-node.nix
View file

@ -5,21 +5,17 @@
let let
sources = import ../nix/sources.nix; sources = import ../nix/sources.nix;
cardanoNodeProject = import (sources.cardano-node + "/nix") { gitrev = sources.cardano-node.rev; }; cardanoNodeProject = import (sources.cardano-node + "/nix") {
iohkNix = import (sources.iohk-nix) {}; gitrev = sources.cardano-node.rev;
};
iohkNix = import (sources.iohk-nix) { };
in in {
{ imports =
[ ../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos" ];
imports = [ environment.systemPackages = [ cardanoNodeProject.cardano-cli ];
../secrets/cardano/producers.nix
"${sources.cardano-node}/nix/nixos"
];
environment.systemPackages = [
cardanoNodeProject.cardano-cli
];
services = { services = {
cardano-node = { cardano-node = {
@ -33,12 +29,7 @@ in
scName = "cardano"; scName = "cardano";
scFormat = "ScText"; scFormat = "ScText";
}]; }];
defaultScribes = [ defaultScribes = [[ "JournalSK" "cardano" ]];
[
"JournalSK"
"cardano"
]
];
}; };
kesKey = "/run/keys/cardano-kes"; kesKey = "/run/keys/cardano-kes";
vrfKey = "/run/keys/cardano-vrf"; vrfKey = "/run/keys/cardano-vrf";
@ -49,11 +40,12 @@ in
networking = { networking = {
firewall = { firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
3001 # cardano-node 3001 # cardano-node
]; ];
}; };
}; };
users.groups.keys.members = [ "cardano-node" ]; # Required due to NixOps issue #1204 users.groups.keys.members =
[ "cardano-node" ]; # Required due to NixOps issue #1204
} }

2
profiles/chrony.nix
View file

@ -5,7 +5,7 @@
{ {
services.chrony = { services.chrony = {
enable = true; # Enable Chrony enable = true; # Enable Chrony
}; };
} }

45
profiles/coturn.nix
View file

@ -4,31 +4,26 @@
{ {
imports = [ imports = [ ../secrets/coturn.nix ];
../secrets/coturn.nix
];
services = { services = {
coturn = { coturn = {
enable = true; # Enable the coturn server enable = true; # Enable the coturn server
lt-cred-mech = true; # Enable long-term credentials lt-cred-mech = true; # Enable long-term credentials
use-auth-secret = true; # Enable TURN REST API use-auth-secret = true; # Enable TURN REST API
realm = "turn.mcwhirter.io"; # Default realm for users realm = "turn.mcwhirter.io"; # Default realm for users
relay-ips = [ # Relay addresses relay-ips = [ # Relay addresses
"172.105.171.16" "172.105.171.16"
]; ];
no-tcp-relay = true; # Disable TCP relay endpoints no-tcp-relay = true; # Disable TCP relay endpoints
extraConfig = " extraConfig =
cipher-list=\"HIGH\" "\n cipher-list=\"HIGH\"\n no-loopback-peers\n no-multicast-peers\n ";
no-loopback-peers secure-stun = true; # Require authentication of the STUN Binding request
no-multicast-peers
";
secure-stun = true; # Require authentication of the STUN Binding request
cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem"; cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem";
pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem"; pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem";
min-port = 49152; # Lower bound of UDP relay endpoints min-port = 49152; # Lower bound of UDP relay endpoints
max-port = 49999; # Upper bound of UDP relay endpoints max-port = 49999; # Upper bound of UDP relay endpoints
}; };
nginx = { nginx = {
@ -53,15 +48,17 @@
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [
5349 # STUN tls 5349 # STUN tls
5350 # STUN tls alt 5350 # STUN tls alt
443 # HTTPS 443 # HTTPS
];
allowedUDPPortRanges = [
{ from=49152; to=49999; } # TURN relay
]; ];
allowedUDPPortRanges = [{
from = 49152;
to = 49999;
} # TURN relay
];
}; };
users.groups.turnserver.members = [ "nginx" ]; # Added for keys permissions users.groups.turnserver.members = [ "nginx" ]; # Added for keys permissions
} }

31
profiles/craige4rocky.nix
View file

@ -1,13 +1,13 @@
# NixOps configuration for deploying the craige4rocky website # NixOps configuration for deploying the craige4rocky website
{ config, pkgs, ...}: { config, pkgs, ... }:
let let
craige4rocky = import (pkgs.fetchgit { craige4rocky = import (pkgs.fetchgit {
name = "craige4rocky-src"; name = "craige4rocky-src";
url = "https://source.mcwhirter.io/craige/craige4rocky.git"; url = "https://source.mcwhirter.io/craige/craige4rocky.git";
branchName = "master"; branchName = "master";
sha256 = "1cammdgszclrhvp56af3c7vnanyn0gplvkhqi6jkg1ygy01ard4w"; sha256 = "1cammdgszclrhvp56af3c7vnanyn0gplvkhqi6jkg1ygy01ard4w";
}) { nixpkgs = pkgs; }; }) { nixpkgs = pkgs; };
webdomain = "craige4rocky.org"; webdomain = "craige4rocky.org";
@ -18,21 +18,22 @@ in {
}; };
services.nginx = { services.nginx = {
enable = true; # Enable Nginx enable = true; # Enable Nginx
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"${webdomain}" = { # website hostname "${webdomain}" = { # website hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
root = "${craige4rocky}"; # Wesbite root root = "${craige4rocky}"; # Wesbite root
}; };
"www.${webdomain}" = { # Respect our elders :-) "www.${webdomain}" = { # Respect our elders :-)
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
}; };
}; };
}; };
@ -40,7 +41,7 @@ in {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
certs = { certs = {
"${webdomain}".email = "admin@${webdomain}"; "${webdomain}".email = "admin@${webdomain}";
"www.${webdomain}".email = "admin@${webdomain}"; "www.${webdomain}".email = "admin@${webdomain}";
}; };
}; };

2
profiles/cron-craige.nix
View file

@ -5,7 +5,7 @@
{ {
services.cron = { services.cron = {
enable = true; # Enable cron service enable = true; # Enable cron service
systemCronJobs = [ systemCronJobs = [
# Taskwarrior syncing # Taskwarrior syncing
"*/5 * * * * craige /run/current-system/sw/bin/task sync >> /home/craige/.tasksync.log 2>&1" "*/5 * * * * craige /run/current-system/sw/bin/task sync >> /home/craige/.tasksync.log 2>&1"

27
profiles/cryptpad.nix
View file

@ -5,18 +5,18 @@
{ {
services.cryptpad = { services.cryptpad = {
enable = true; # Enable Cryptpad server enable = true; # Enable Cryptpad server
}; };
services.nginx = { services.nginx = {
enable = true; # Enable Nginx enable = true; # Enable Nginx
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts."pad.mcwhirter.io" = { # Cryptpad hostname virtualHosts."pad.mcwhirter.io" = { # Cryptpad hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
locations = { locations = {
"/".proxyPass = "http://[::]:3000/"; "/".proxyPass = "http://[::]:3000/";
"^~ /cryptpad_websocket" = { "^~ /cryptpad_websocket" = {
@ -33,7 +33,7 @@
''; '';
}; };
"^~ /customize.dist/" = { "^~ /customize.dist/" = {
# This is needed in order to prevent infinite recursion between /customize/ and the root # This is needed in order to prevent infinite recursion between /customize/ and the root
}; };
"^~ /customize/" = { "^~ /customize/" = {
extraConfig = '' extraConfig = ''
@ -55,11 +55,12 @@
''; '';
tryFiles = "$uri =404"; tryFiles = "$uri =404";
}; };
"~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" = { "~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" =
extraConfig = '' {
rewrite ^(.*)$ $1/ redirect; extraConfig = ''
''; rewrite ^(.*)$ $1/ redirect;
}; '';
};
}; };
#extraConfig = '' #extraConfig = ''
# try_files /www/$uri /www/$uri/index.html /customize/$uri; # try_files /www/$uri /www/$uri/index.html /customize/$uri;
@ -69,9 +70,7 @@
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
certs = { certs = { "pad.mcwhirter.io".email = "craige@mcwhirter.io"; };
"pad.mcwhirter.io".email = "craige@mcwhirter.io";
};
}; };
} }

33
profiles/cyclone-ibis.nix
View file

@ -1,13 +1,13 @@
# NixOps configuration for deploying the Cyclone Ibis website # NixOps configuration for deploying the Cyclone Ibis website
{ config, pkgs, ...}: { config, pkgs, ... }:
let let
cyclone-ibis = import (pkgs.fetchgit { cyclone-ibis = import (pkgs.fetchgit {
name = "cyclone-ibis-src"; name = "cyclone-ibis-src";
url = "https://source.mcwhirter.io/craige/cyclone-ibis.git"; url = "https://source.mcwhirter.io/craige/cyclone-ibis.git";
branchName = "consensus"; branchName = "consensus";
sha256 = "sha256-EmPwVuyOHVFtE9Od8elgjXBAs/Pu76sYmChRsuZKo0I="; sha256 = "sha256-EmPwVuyOHVFtE9Od8elgjXBAs/Pu76sYmChRsuZKo0I=";
}) { nixpkgs = pkgs; }; }) { nixpkgs = pkgs; };
webdomain = "cycloneibis.com"; webdomain = "cycloneibis.com";
@ -17,24 +17,25 @@ in {
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
}; };
nixpkgs.config.allowBroken = true; # Hakyll is marked as broken in 20.09 nixpkgs.config.allowBroken = true; # Hakyll is marked as broken in 20.09
services.nginx = { services.nginx = {
enable = true; # Enable Nginx enable = true; # Enable Nginx
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"${webdomain}" = { # website hostname "${webdomain}" = { # website hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
root = "${cyclone-ibis}"; # Wesbite root root = "${cyclone-ibis}"; # Wesbite root
}; };
"www.${webdomain}" = { # Respect our elders :-) "www.${webdomain}" = { # Respect our elders :-)
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
}; };
}; };
}; };
@ -42,7 +43,7 @@ in {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
certs = { certs = {
"${webdomain}".email = "admin@${webdomain}"; "${webdomain}".email = "admin@${webdomain}";
"www.${webdomain}".email = "admin@${webdomain}"; "www.${webdomain}".email = "admin@${webdomain}";
}; };
}; };

6
profiles/daedalus.nix
View file

@ -5,13 +5,11 @@
let let
sources = import ../nix/sources.nix; sources = import ../nix/sources.nix;
daedalusProject = import sources.daedalus {}; daedalusProject = import sources.daedalus { };
daedalusMainnet = daedalusProject.daedalus; daedalusMainnet = daedalusProject.daedalus;
#daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight}; #daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight};
in in {
{
environment.systemPackages = [ environment.systemPackages = [
daedalusMainnet daedalusMainnet

4
profiles/desktop-feeds.nix
View file

@ -9,8 +9,8 @@
systemPackages = with pkgs; [ systemPackages = with pkgs; [
#feedreader # desktop RSS reader, compatible with Tiny Tiny RSS #feedreader # desktop RSS reader, compatible with Tiny Tiny RSS
#vocal # The podcast client for the modern free desktop #vocal # The podcast client for the modern free desktop
gnome_mplayer # Gnome MPlayer, a simple GUI for MPlayer gnome_mplayer # Gnome MPlayer, a simple GUI for MPlayer
gpodder # A podcatcher written in python gpodder # A podcatcher written in python
]; ];
}; };

8
profiles/desktopCraige.nix
View file

@ -4,12 +4,10 @@
{ {
# Craige's Desktop Packages # Craige's Desktop Packages
imports = [ imports = [ ../profiles/ebooks.nix ];
../profiles/ebooks.nix
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
byobu # text-based window manager and terminal multiplexer. byobu # text-based window manager and terminal multiplexer.
gopass # password file manager gopass # password file manager
]; ];
} }

4
profiles/desktopFiona.nix
View file

@ -5,7 +5,7 @@
{ {
# Fiona's Desktop Packages # Fiona's Desktop Packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
slack-dark # Slack desktop client slack-dark # Slack desktop client
zoom-us # zoom.us video conferencing application zoom-us # zoom.us video conferencing application
]; ];
} }

109
profiles/desktop_common.nix
View file

@ -3,65 +3,66 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[ ../profiles/games-kids.nix
../profiles/games-kids.nix ../profiles/host_common.nix
../profiles/host_common.nix ../profiles/daedalus.nix
../profiles/daedalus.nix ../profiles/openssh.nix
../profiles/openssh.nix ../profiles/powerManagement.nix
../profiles/powerManagement.nix ../secrets/user-craige.nix
../secrets/user-craige.nix ../secrets/user-fiona.nix
../secrets/user-fiona.nix ../secrets/user-hamish.nix
../secrets/user-hamish.nix ../secrets/user-logan.nix
../secrets/user-logan.nix ../secrets/user-root.nix
../secrets/user-root.nix ../secrets/user-xander.nix
../secrets/user-xander.nix ];
];
# Common Desktop Packages # Common Desktop Packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
brave # Privacy-oriented browser brave # Privacy-oriented browser
chromium chromium
element-desktop # A feature-rich client for Matrix.org element-desktop # A feature-rich client for Matrix.org
firefoxWrapper # install Firefox with support for plugins firefoxWrapper # install Firefox with support for plugins
gnome.gnome-tweaks # A tool to customize advanced GNOME 3 options gnome.gnome-tweaks # A tool to customize advanced GNOME 3 options
google-chrome # A freeware web browser developed by Google google-chrome # A freeware web browser developed by Google
libreoffice-fresh libreoffice-fresh
mplayer # A movie player that supports many video formats mplayer # A movie player that supports many video formats
nextcloud-client # Nextcloud desktop client nextcloud-client # Nextcloud desktop client
pwgen # Password generator pwgen # Password generator
shotwell # Photo organizer shotwell # Photo organizer
signal-desktop # Private, simple, and secure messenger signal-desktop # Private, simple, and secure messenger
usbutils # Tools for working with USB devices, such as lsusb usbutils # Tools for working with USB devices, such as lsusb
xorg.libxcb # X C binding xorg.libxcb # X C binding
]; ];
networking.networkmanager.enable = true; # Enables network support via NetworkManager. networking.networkmanager.enable =
true; # Enables network support via NetworkManager.
# Enable common desktop services # Enable common desktop services
services = { services = {
acpid.enable = true; # A daemon for delivering ACPI events to userspace programs acpid.enable =
blueman.enable = true; # GTK-based Bluetooth Manager true; # A daemon for delivering ACPI events to userspace programs
devmon.enable = true; # Enable external device automounting.` blueman.enable = true; # GTK-based Bluetooth Manager
devmon.enable = true; # Enable external device automounting.`
udev.packages = [ udev.packages = [
pkgs.android-udev-rules # Android udev rules list pkgs.android-udev-rules # Android udev rules list
]; ];
udisks2.enable = true; # Enable udisks2 udisks2.enable = true; # Enable udisks2
xserver = { xserver = {
enable = true; enable = true;
desktopManager = { desktopManager = {
gnome.enable = true; # Enable GNOME desktop environment gnome.enable = true; # Enable GNOME desktop environment
}; };
displayManager = { displayManager = {
defaultSession = "gnome"; # Set GNOME as the default session defaultSession = "gnome"; # Set GNOME as the default session
gdm.enable = true; # Enable the GNOME display manager gdm.enable = true; # Enable the GNOME display manager
}; };
libinput.enable = true; # Enable touchpad support. libinput.enable = true; # Enable touchpad support.
}; };
}; };
sound.enable = true; # Enable sound. sound.enable = true; # Enable sound.
# Configure common hardware settings # Configure common hardware settings
hardware = { hardware = {
@ -71,25 +72,21 @@
package = pkgs.pulseaudioFull; package = pkgs.pulseaudioFull;
}; };
bluetooth = { bluetooth = {
enable = true; # Enable bluetooth enable = true; # Enable bluetooth
hsphfpd.enable = true; hsphfpd.enable = true;
settings = { settings = {
General = { General = {
Enable = "Source,Sink,Media,Socket"; Enable = "Source,Sink,Media,Socket";
NoPlugin = "sap"; NoPlugin = "sap";
}; };
Policy = { Policy = { AutoEnable = "true"; };
AutoEnable = "true";
};
}; };
}; };
opengl.enable = true; opengl.enable = true;
}; };
# Configure Firefox and Chromium # Configure Firefox and Chromium
nixpkgs.config = { nixpkgs.config = { allowUnfree = true; };
allowUnfree = true;
};
programs = { programs = {
chromium = { chromium = {
@ -100,27 +97,9 @@
# Groups to add # Groups to add
users.groups = { users.groups = {
audio.members = [ audio.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
"craige" libvirtd.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
"fiona" networkmanager.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
"hamish"
"logan"
"xander"
];
libvirtd.members = [
"craige"
"fiona"
"hamish"
"logan"
"xander"
];
networkmanager.members = [
"craige"
"fiona"
"hamish"
"logan"
"xander"
];
}; };
} }

6
profiles/ebooks.nix
View file

@ -4,13 +4,11 @@
{ {
environment.variables = { environment.variables = { FOLIATE_TTS_LANG = "en-gb"; };
FOLIATE_TTS_LANG="en-gb";
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
#python39Packages.gtts # Speech synthesizer, required for text to speech. #python39Packages.gtts # Speech synthesizer, required for text to speech.
foliate # A simple and modern GTK eBook reader foliate # A simple and modern GTK eBook reader
vlc vlc
]; ];

46
profiles/emacs.nix
View file

@ -1,33 +1,33 @@
/* /* This is a nix expression to build Emacs and some Emacs packages I like
This is a nix expression to build Emacs and some Emacs packages I like from source on any distribution where Nix is installed. This will install
from source on any distribution where Nix is installed. This will install all the dependencies from the nixpkgs repository and build the binary files
all the dependencies from the nixpkgs repository and build the binary files without interfering with the host distribution.
without interfering with the host distribution.
To build the project, type the following from the current directory: To build the project, type the following from the current directory:
$ nix-build emacs.nix $ nix-build emacs.nix
To run the newly compiled executable: To run the newly compiled executable:
$ ./result/bin/emacs $ ./result/bin/emacs
*/ */
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> { } }:
let let
myEmacs = pkgs.emacs; myEmacs = pkgs.emacs;
emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages; emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages;
in in emacsWithPackages (epkgs:
emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ (with epkgs.melpaStablePackages; [
magit # ; Integrate git <C-x g> magit # ; Integrate git <C-x g>
zerodark-theme # ; Nicolas' theme zerodark-theme # ; Nicolas' theme
]) ++ (with epkgs.melpaPackages; [ ]) ++ (with epkgs.melpaPackages;
#undo-tree # ; <C-x u> to show the undo tree [
#zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+> #undo-tree # ; <C-x u> to show the undo tree
]) ++ (with epkgs.elpaPackages; [ #zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
auctex # ; LaTeX mode ]) ++ (with epkgs.elpaPackages; [
beacon # ; highlight my cursor when scrolling auctex # ; LaTeX mode
nameless # ; hide current package name everywhere in elisp code beacon # ; highlight my cursor when scrolling
]) ++ [ nameless # ; hide current package name everywhere in elisp code
pkgs.notmuch # From main packages set ]) ++ [
]) pkgs.notmuch # From main packages set
])

42
profiles/games-kids.nix
View file

@ -2,42 +2,38 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
sources = import ../nix/sources.nix; sources = import ../nix/sources.nix;
unstable = import sources.nixpkgsUnstable {}; unstable = import sources.nixpkgsUnstable { };
in
{ in {
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ permittedInsecurePackages = [ "minecraft" ];
"minecraft"
];
}; };
# Retro Gaming Packages # Retro Gaming Packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
angband # A single-player roguelike dungeon exploration game angband # A single-player roguelike dungeon exploration game
egoboo # 3D dungeon crawling adventure egoboo # 3D dungeon crawling adventure
extremetuxracer # High speed arctic racing game based on Tux Racer extremetuxracer # High speed arctic racing game based on Tux Racer
freeciv # Multiplayer (or single player), turn-based strategy game freeciv # Multiplayer (or single player), turn-based strategy game
freedroidrpg # Isometric 3D RPG similar to game Diablo freedroidrpg # Isometric 3D RPG similar to game Diablo
gcompris # Educational software suite, kids aged 2 to 10 gcompris # Educational software suite, kids aged 2 to 10
unstable.grapejuice # Simple Wine+Roblox management tool unstable.grapejuice # Simple Wine+Roblox management tool
jre # Required by Minecraft (via multimc) jre # Required by Minecraft (via multimc)
#lincity_ng # City building game #lincity_ng # City building game
meritous # Action-adventure dungeon crawl game meritous # Action-adventure dungeon crawl game
minecraft # Official launcher for Minecraft minecraft # Official launcher for Minecraft
minetest # Infinite-world block sandbox game minetest # Infinite-world block sandbox game
nethack-x11 # Rogue-like game nethack-x11 # Rogue-like game
#opendungeons # real time strategy game sharing game elements with the Dungeon Keeper series and Evil Genius #opendungeons # real time strategy game sharing game elements with the Dungeon Keeper series and Evil Genius
pingus # A puzzle game with mechanics similar to Lemmings pingus # A puzzle game with mechanics similar to Lemmings
shattered-pixel-dungeon # Roguelike game with pixel-art graphics shattered-pixel-dungeon # Roguelike game with pixel-art graphics
superTux # Classic 2D jump'n run sidescroller game superTux # Classic 2D jump'n run sidescroller game
superTuxKart # A Free 3D kart racing game superTuxKart # A Free 3D kart racing game
wesnoth # Battle for Wesnoth server and client wesnoth # Battle for Wesnoth server and client
]; ];
} }

92
profiles/gitea.nix
View file

@ -5,33 +5,29 @@
{ {
services.gitea = { services.gitea = {
enable = true; # Enable Gitea enable = true; # Enable Gitea
appName = "mcwhirter.io: Gitea Service"; # Give the site a name appName = "mcwhirter.io: Gitea Service"; # Give the site a name
database = { database = {
type = "postgres"; # Database type type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
}; };
disableRegistration = true; disableRegistration = true;
domain = "source.mcwhirter.io"; # Domain name domain = "source.mcwhirter.io"; # Domain name
rootUrl = "https://source.mcwhirter.io/"; # Root web URL rootUrl = "https://source.mcwhirter.io/"; # Root web URL
httpPort = 3002; # Provided unique port httpPort = 3002; # Provided unique port
settings = let settings = let
docutils = docutils = pkgs.python37.withPackages (ps:
pkgs.python37.withPackages (ps: with ps; [ with ps; [
docutils # Provides rendering of ReStructured Text files docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting pygments # Provides syntax highlighting
]); ]);
in { in {
mailer = { mailer = {
ENABLED = true; ENABLED = true;
FROM = "gitea@mcwhirter.io"; FROM = "gitea@mcwhirter.io";
}; };
repository = { repository = { DEFAULT_BRANCH = "consensus"; };
DEFAULT_BRANCH = "consensus"; service = { REGISTER_EMAIL_CONFIRM = true; };
};
service = {
REGISTER_EMAIL_CONFIRM = true;
};
"markup.restructuredtext" = { "markup.restructuredtext" = {
ENABLED = true; ENABLED = true;
FILE_EXTENSIONS = ".rst"; FILE_EXTENSIONS = ".rst";
@ -39,66 +35,64 @@
IS_INPUT_FILE = false; IS_INPUT_FILE = false;
}; };
ui = { ui = {
DEFAULT_THEME = "gitea"; # Set the default theme DEFAULT_THEME = "gitea"; # Set the default theme
}; };
}; };
}; };
services.postgresql = { services.postgresql = {
enable = true; # Ensure postgresql is enabled enable = true; # Ensure postgresql is enabled
authentication = '' authentication = ''
local gitea all ident map=gitea-users local gitea all ident map=gitea-users
''; '';
identMap = # Map the gitea user to postgresql identMap = # Map the gitea user to postgresql
'' ''
gitea-users gitea gitea gitea-users gitea gitea
''; '';
ensureDatabases = [ "gitea" ]; # Ensure the database persists ensureDatabases = [ "gitea" ]; # Ensure the database persists
ensureUsers = [ ensureUsers = [{
{ name = "gitea"; # Ensure the database user persists
name = "gitea"; # Ensure the database user persists ensurePermissions = { # Ensure the database permissions persist
ensurePermissions = { # Ensure the database permissions persist "DATABASE gitea" = "ALL PRIVILEGES";
"DATABASE gitea" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; };
}; }];
}
];
}; };
services.nginx = { services.nginx = {
enable = true; # Enable Nginx enable = true; # Enable Nginx
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts."source.mcwhirter.io" = { # Gitea hostname virtualHosts."source.mcwhirter.io" = { # Gitea hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
}; };
virtualHosts."git.mcwhirter.io" = { # Hostname to be redirected virtualHosts."git.mcwhirter.io" = { # Hostname to be redirected
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
}; };
virtualHosts."code.mcwhirter.io" = { # Hostname to be redirected virtualHosts."code.mcwhirter.io" = { # Hostname to be redirected
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
}; };
}; };
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
certs = { certs = {
"code.mcwhirter.io".email = "craige@mcwhirter.io"; "code.mcwhirter.io".email = "craige@mcwhirter.io";
"git.mcwhirter.io".email = "craige@mcwhirter.io"; "git.mcwhirter.io".email = "craige@mcwhirter.io";
"source.mcwhirter.io".email = "craige@mcwhirter.io"; "source.mcwhirter.io".email = "craige@mcwhirter.io";
}; };
}; };
users.groups.keys.members = [ "gitea" ]; # Required due to NixOps issue #1204 users.groups.keys.members = [ "gitea" ]; # Required due to NixOps issue #1204
} }

34
profiles/gitea_home.nix
View file

@ -5,21 +5,21 @@
{ {
services.gitea = { services.gitea = {
enable = true; # Enable Gitea enable = true; # Enable Gitea
appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name
database = { database = {
type = "postgres"; # Database type type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
}; };
domain = "source.taigh.mcwhirter.io"; # Domain name domain = "source.taigh.mcwhirter.io"; # Domain name
rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL
httpPort = 3001; # Provided unique port httpPort = 3001; # Provided unique port
extraConfig = let extraConfig = let
docutils = docutils = pkgs.python37.withPackages (ps:
pkgs.python37.withPackages (ps: with ps; [ with ps; [
docutils # Provides rendering of ReStructured Text files docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting pygments # Provides syntax highlighting
]); ]);
in '' in ''
[mailer] [mailer]
ENABLED = true ENABLED = true
@ -35,26 +35,26 @@
}; };
services.postgresql = { services.postgresql = {
enable = true; # Ensure postgresql is enabled enable = true; # Ensure postgresql is enabled
authentication = '' authentication = ''
local gitea all ident map=gitea-users local gitea all ident map=gitea-users
''; '';
identMap = # Map the gitea user to postgresql identMap = # Map the gitea user to postgresql
'' ''
gitea-users gitea gitea gitea-users gitea gitea
''; '';
}; };
services.nginx = { services.nginx = {
enable = true; # Enable Nginx enable = true; # Enable Nginx
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
#recommendedTlsSettings = true; #recommendedTlsSettings = true;
virtualHosts."source.taigh.mcwhirter.io" = { # Gitea hostname virtualHosts."source.taigh.mcwhirter.io" = { # Gitea hostname
#enableACME = true; # Use ACME certs #enableACME = true; # Use ACME certs
#forceSSL = true; # Force SSL #forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
}; };
}; };

24
profiles/grafana.nix
View file

@ -4,9 +4,7 @@
{ {
imports = [ imports = [ ../secrets/cardano/grafana.nix ];
../secrets/cardano/grafana.nix
];
services = { services = {
grafana = { grafana = {
@ -15,11 +13,12 @@
domain = "monitoring.mcwhirter.io"; domain = "monitoring.mcwhirter.io";
rootUrl = "https://monitoring.mcwhirter.io/grafana"; rootUrl = "https://monitoring.mcwhirter.io/grafana";
security = { security = {
adminPasswordFile = "/run/keys/grafana-apass"; # Where to find the password adminPasswordFile =
"/run/keys/grafana-apass"; # Where to find the password
}; };
auth = { auth = {
anonymous = { anonymous = {
enable = true; # Allow anonymous access enable = true; # Allow anonymous access
}; };
}; };
provision = { provision = {
@ -31,17 +30,16 @@
# options.path = ../monitoring/NodeSystemDashboard.json; # options.path = ../monitoring/NodeSystemDashboard.json;
# } # }
#]; #];
datasources = [ datasources = [{
{ type = "prometheus";
type = "prometheus"; name = "prometheus";
name = "prometheus"; url = "http://localhost:9090/prometheus";
url = "http://localhost:9090/prometheus"; }];
}
];
}; };
}; };
}; };
users.groups.keys.members = [ "grafana" ]; # Required due to NixOps issue #1204 users.groups.keys.members =
[ "grafana" ]; # Required due to NixOps issue #1204
} }

6
profiles/haskell-dev.nix
View file

@ -5,9 +5,9 @@
{ {
environment.systemPackages = with pkgs.haskellPackages; [ environment.systemPackages = with pkgs.haskellPackages; [
cabal-install # Haskell software automation cabal-install # Haskell software automation
ghc # Glasgow Haskell Compiler ghc # Glasgow Haskell Compiler
hlint # Haskell source linter hlint # Haskell source linter
]; ];
} }

65
profiles/host_common.nix
View file

@ -16,22 +16,22 @@
# Common boot settings # Common boot settings
boot = { boot = {
cleanTmpDir = true; # Clean /tmp on reboot cleanTmpDir = true; # Clean /tmp on reboot
}; };
# Select internationalisation properties. # Select internationalisation properties.
i18n = { i18n = {
defaultLocale = "en_AU.UTF-8"; # Set the default locale defaultLocale = "en_AU.UTF-8"; # Set the default locale
}; };
# Set the defaul console properties # Set the defaul console properties
console = { console = {
keyMap = "us"; # Set the default console key map keyMap = "us"; # Set the default console key map
font = "ter-powerline-v16Rv"; # Set the default console font font = "ter-powerline-v16Rv"; # Set the default console font
}; };
time.timeZone = "Australia/Brisbane"; # Set your preferred timezone: time.timeZone = "Australia/Brisbane"; # Set your preferred timezone:
documentation.nixos.enable = false; # Disable documentation, save space documentation.nixos.enable = false; # Disable documentation, save space
# Set security options: # Set security options:
security.sudo.enable = true; security.sudo.enable = true;
@ -40,9 +40,10 @@
# Configure and install required fonts # Configure and install required fonts
fonts.enableDefaultFonts = true; fonts.enableDefaultFonts = true;
fonts.fontDir.enable = true; fonts.fontDir.enable = true;
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs;
powerline-fonts # Required for Powerline prompts [
]; powerline-fonts # Required for Powerline prompts
];
fonts.fontconfig.includeUserConf = false; fonts.fontconfig.includeUserConf = false;
# Adapted from gchristensen and clever # Adapted from gchristensen and clever
@ -51,18 +52,17 @@
# Ruin the config so we don't accidentally run # Ruin the config so we don't accidentally run
# nixos-rebuild switch on the host # nixos-rebuild switch on the host
(let (let
cfg = pkgs.writeText "configuration.nix" cfg = pkgs.writeText "configuration.nix" ''
'' assert builtins.trace "This system is managed by NixOps." false;
assert builtins.trace "This system is managed by NixOps." false; {}
{} '';
'';
in "nixos-config=${cfg}") in "nixos-config=${cfg}")
# Copy the channel version from the deploy host to the target # Copy the channel version from the deploy host to the target
"nixpkgs=/run/current-system/nixpkgs" "nixpkgs=/run/current-system/nixpkgs"
]; ];
gc = { gc = {
automatic = true; # Enable Nix garbage collection: automatic = true; # Enable Nix garbage collection:
dates = "weekly"; dates = "weekly";
options = "--delete-older-than 90d"; options = "--delete-older-than 90d";
}; };
@ -71,7 +71,7 @@
show-trace = true # Enable --show-trace by default for nix show-trace = true # Enable --show-trace by default for nix
builders-use-substitutes = true # Set builders to use caches builders-use-substitutes = true # Set builders to use caches
''; '';
trustedUsers = ["craige"]; trustedUsers = [ "craige" ];
}; };
system.extraSystemBuilderCmds = '' system.extraSystemBuilderCmds = ''
@ -79,29 +79,30 @@
''; '';
environment.etc.host-nix-channel.source = pkgs.path; environment.etc.host-nix-channel.source = pkgs.path;
environment.variables = { environment.variables = { BAT_THEME = "Dracula"; };
BAT_THEME="Dracula";
};
# Set the system-wide environment # Set the system-wide environment
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
bat # cat clone with syntax highlighting & Git integration bat # cat clone with syntax highlighting & Git integration
dnsutils # Bind DNS utilities dnsutils # Bind DNS utilities
fd # A simple, fast and user-friendly alternative to find fd # A simple, fast and user-friendly alternative to find
(if config.services.xserver.enable then gitAndTools.gitFull else git) # Distributed version control system (if config.services.xserver.enable then
htop # interactive process viewer gitAndTools.gitFull
hwinfo # Hardware detection tool else
killall # kill processes by name git) # Distributed version control system
lshw # Detailed information on the hardware configuration htop # interactive process viewer
lsof # list open files hwinfo # Hardware detection tool
mosh # Mobile shell (ssh replacement) killall # kill processes by name
ncdu # Disk usage analyzer with an ncurses interface lshw # Detailed information on the hardware configuration
nix-index # A files database for nixpkgs lsof # list open files
ripgrep # Utility that provides usability of The Silver Searcher with the raw speed of grep mosh # Mobile shell (ssh replacement)
ncdu # Disk usage analyzer with an ncurses interface
nix-index # A files database for nixpkgs
ripgrep # Utility that provides usability of The Silver Searcher with the raw speed of grep
]; ];
}; };
# Users common across MIO Ops: # Users common across MIO Ops:
users.mutableUsers = false; # Remove any users not defined in here users.mutableUsers = false; # Remove any users not defined in here
} }

21
profiles/hydra-dev.nix
View file

@ -9,14 +9,13 @@ let
#sha256 = "1vs3lyfyafsl7wbpmycv7c3n9n2rkrswp65msb6q1iskgpvr96d5"; #sha256 = "1vs3lyfyafsl7wbpmycv7c3n9n2rkrswp65msb6q1iskgpvr96d5";
sha256 = "0i7szp04c873gfmj1h0dcl5rsbzzldc160pcls8z9v6iphils34i"; sha256 = "0i7szp04c873gfmj1h0dcl5rsbzzldc160pcls8z9v6iphils34i";
}; };
in in pkgs.callPackage ./hydra-fork.nix {
pkgs.callPackage ./hydra-fork.nix { nixpkgsPath = pkgs.path;
nixpkgsPath = pkgs.path; #patches = [
#patches = [ # (pkgs.fetchpatch {
# (pkgs.fetchpatch { # url = "https://github.com/NixOS/hydra/pull/648/commits/4171ab4c4fd576c516dc03ba64d1c7945f769af0.patch";
# url = "https://github.com/NixOS/hydra/pull/648/commits/4171ab4c4fd576c516dc03ba64d1c7945f769af0.patch"; # sha256 = "1fxa2459kdws6qc419dv4084c1ssmys7kqg4ic7n643kybamsgrx";
# sha256 = "1fxa2459kdws6qc419dv4084c1ssmys7kqg4ic7n643kybamsgrx"; # })
# }) #];
#]; src = hydraSrc;
src = hydraSrc; }
}

5
profiles/hydra-fork.nix
View file

@ -2,7 +2,7 @@
let let
hydraRelease = (import (src + "/release.nix") { hydraRelease = (import (src + "/release.nix") {
#hydraRelease = (import src { #hydraRelease = (import src {
nixpkgs = nixpkgsPath; nixpkgs = nixpkgsPath;
hydraSrc = { hydraSrc = {
outPath = src; outPath = src;
@ -11,5 +11,4 @@ let
}; };
}); });
in in hydraRelease.build.x86_64-linux.overrideAttrs (drv: { })
hydraRelease.build.x86_64-linux.overrideAttrs (drv: { })

61
profiles/hydra.nix
View file

@ -17,24 +17,21 @@
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql; package = pkgs.postgresql;
identMap = identMap = ''
'' hydra-users hydra hydra
hydra-users hydra hydra hydra-users hydra-queue-runner hydra
hydra-users hydra-queue-runner hydra hydra-users hydra-www hydra
hydra-users hydra-www hydra hydra-users root postgres
hydra-users root postgres hydra-users postgres postgres
hydra-users postgres postgres '';
''; ensureDatabases = [ "hydra" ]; # Ensure the database persists
ensureDatabases = [ "hydra" ]; # Ensure the database persists ensureUsers = [{
ensureUsers = [ name = "hydra"; # Ensure the database user persists
{ ensurePermissions = { # Ensure the database permissions persist
name = "hydra"; # Ensure the database user persists "DATABASE hydra" = "ALL PRIVILEGES";
ensurePermissions = { # Ensure the database permissions persist "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
"DATABASE hydra" = "ALL PRIVILEGES"; };
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; }];
};
}
];
}; };
networking.firewall.allowedTCPPorts = [ config.services.hydra.port ]; networking.firewall.allowedTCPPorts = [ config.services.hydra.port ];
@ -62,9 +59,7 @@
}; };
}; };
security.acme.certs = { security.acme.certs = { "hydra.mcwhirter.io".email = "craige@mcwhirter.io"; };
"hydra.mcwhirter.io".email = "craige@mcwhirter.io";
};
systemd.services.hydra-manual-setup = { systemd.services.hydra-manual-setup = {
description = "Create Admin User for Hydra"; description = "Create Admin User for Hydra";
@ -73,7 +68,9 @@
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ]; requires = [ "hydra-init.service" ];
after = [ "hydra-init.service" ]; after = [ "hydra-init.service" ];
environment = builtins.removeAttrs (config.systemd.services.hydra-init.environment) ["PATH"]; environment =
builtins.removeAttrs (config.systemd.services.hydra-init.environment)
[ "PATH" ];
script = '' script = ''
if [ ! -e ~hydra/.setup-is-complete ]; then if [ ! -e ~hydra/.setup-is-complete ]; then
# create signing keys # create signing keys
@ -90,15 +87,13 @@
fi fi
''; '';
}; };
nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"]; nix.trustedUsers = [ "hydra" "hydra-evaluator" "hydra-queue-runner" ];
nix.buildMachines = [ nix.buildMachines = [{
{ hostName = "localhost";
hostName = "localhost"; systems = [ "x86_64-linux" "i686-linux" ];
systems = [ "x86_64-linux" "i686-linux" ]; maxJobs = 4;
maxJobs = 4; # for building VirtualBox VMs as build artifacts, you might need other
# for building VirtualBox VMs as build artifacts, you might need other # features depending on what you are doing
# features depending on what you are doing supportedFeatures = [ "big-parallel" "kvm" "nixos-test" ];
supportedFeatures = [ "big-parallel" "kvm" "nixos-test" ]; }];
}
];
} }

47
profiles/iohk.nix
View file

@ -4,10 +4,7 @@
{ {
imports = [ imports = [ ../profiles/terminal-recording.nix ../profiles/nix-direnv.nix ];
../profiles/terminal-recording.nix
../profiles/nix-direnv.nix
];
nix = { nix = {
package = pkgs.nixFlakes; package = pkgs.nixFlakes;
@ -35,27 +32,27 @@
# Set the system-wide environment # Set the system-wide environment
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
awscli # Unified tool to manage your AWS services awscli # Unified tool to manage your AWS services
bitwarden-cli # CLI client for Bitwarden bitwarden-cli # CLI client for Bitwarden
buildkite-agent # Buildkite for IOHK buildkite-agent # Buildkite for IOHK
cue # A data constraint language cue # A data constraint language
docker # Pack, ship and run any application as a lightweight container docker # Pack, ship and run any application as a lightweight container
docker-compose # Multi-container orchestration for Docker docker-compose # Multi-container orchestration for Docker
freerdp # A Remote Desktop Protocol Client, xfreerdp freerdp # A Remote Desktop Protocol Client, xfreerdp
gist # Upload code to https://gist.github.com (or github enterprise) gist # Upload code to https://gist.github.com (or github enterprise)
gnupg # GNU Privacy Guard, a GPL OpenPGP implementation gnupg # GNU Privacy Guard, a GPL OpenPGP implementation
go-jira # Simple command line client for Atlassian's Jira service written in Go go-jira # Simple command line client for Atlassian's Jira service written in Go
jq # A lightweight and flexible command-line JSON processor jq # A lightweight and flexible command-line JSON processor
keybase-gui # The Keybase official client keybase-gui # The Keybase official client
magic-wormhole # Securely transfer data between computers magic-wormhole # Securely transfer data between computers
python38Packages.grip # Preview GitHub Markdown files like locally python38Packages.grip # Preview GitHub Markdown files like locally
s3fs # Mount an S3 bucket as filesystem through FUSE s3fs # Mount an S3 bucket as filesystem through FUSE
shellcheck # Shell script analysis tool shellcheck # Shell script analysis tool
slack-dark # Slack desktop client slack-dark # Slack desktop client
xxd # make a hexdump or do the reverse xxd # make a hexdump or do the reverse
]; ];
variables = { variables = {
NIX_SKIP_KEYBASE_CHECKS = "1"; # As per IOHK Keybase reqs NIX_SKIP_KEYBASE_CHECKS = "1"; # As per IOHK Keybase reqs
}; };
}; };
@ -68,8 +65,6 @@
# package = pkgs.postgresql_10; # Set the required version, if needed # package = pkgs.postgresql_10; # Set the required version, if needed
}; };
users.groups.docker.members = [ users.groups.docker.members = [ "craige" ];
"craige"
];
} }

14
profiles/jormungandr-stake.nix
View file

@ -5,13 +5,13 @@
disabledModules = [ "services/networking/jormungandr.nix" ]; disabledModules = [ "services/networking/jormungandr.nix" ];
imports = let imports = let
jormungandrNixSrc = builtins.fetchTarball https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz; jormungandrNixSrc = builtins.fetchTarball
in [ "https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz";
(import (jormungandrNixSrc + "/nixos")) in [ (import (jormungandrNixSrc + "/nixos")) ];
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
jq # CLI JSON processor [
]; jq # CLI JSON processor
];
} }

6
profiles/jormungandr.nix
View file

@ -1,11 +1,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }: {
{
imports = [ /home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix ]; imports = [ /home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix ];
services = { services = {
jormungandr = { jormungandr = {
enable = true; enable = true;
enableExplorer = false; enableExplorer = false;
genesisBlockHash = "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2"; genesisBlockHash =
"11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2";
trustedPeersAddresses = [ trustedPeersAddresses = [
"/ip4/3.123.177.192/tcp/3000" "/ip4/3.123.177.192/tcp/3000"
"/ip4/52.57.157.167/tcp/3000" "/ip4/52.57.157.167/tcp/3000"

7
profiles/keyboard.nix
View file

@ -17,9 +17,10 @@
''; '';
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs;
wally-cli # Flash firmware to mechanical keyboard [
]; wally-cli # Flash firmware to mechanical keyboard
];
}; };
} }

7
profiles/kids-dev.nix
View file

@ -4,8 +4,9 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
kate # Multi-document editor with syntax highlighting [
]; kate # Multi-document editor with syntax highlighting
];
} }

2
profiles/logrotate.nix
View file

@ -5,7 +5,7 @@
{ {
services.logrotate = { services.logrotate = {
enable = true; # Enable the logrotate service enable = true; # Enable the logrotate service
}; };
} }

113
profiles/matrix.nix
View file

@ -4,56 +4,63 @@
{ {
imports = [ imports = [ ../secrets/matrix.nix ];
../secrets/matrix.nix
];
i18n = { i18n = {
extraLocaleSettings = { extraLocaleSettings = {
LC_COLLATE = "C"; # Ensure correct locale for postgres LC_COLLATE = "C"; # Ensure correct locale for postgres
LC_CTYPE = "C"; # Ensure correct locale for postgres LC_CTYPE = "C"; # Ensure correct locale for postgres
}; };
}; };
services = { services = {
matrix-synapse = { matrix-synapse = {
enable = true; # Enable the synapse server enable = true; # Enable the synapse server
server_name = "mcwhirter.io"; # Server's public domain name server_name = "mcwhirter.io"; # Server's public domain name
public_baseurl = "https://synapse.mcwhirter.io:443/"; # Matrix target URL public_baseurl = "https://synapse.mcwhirter.io:443/"; # Matrix target URL
enable_registration = true; # Toggle user registration enable_registration = true; # Toggle user registration
listeners = [ listeners = [
{ # federation { # federation
bind_address = ""; bind_address = "";
port = 8448; port = 8448;
resources = [ resources = [
{ compress = true; names = [ "client" ]; } {
{ compress = false; names = [ "federation" ]; } compress = true;
names = [ "client" ];
}
{
compress = false;
names = [ "federation" ];
}
]; ];
tls = true; tls = true;
type = "http"; type = "http";
x_forwarded = false; x_forwarded = false;
} }
{ # client { # client
bind_address = "::1"; # Listen on localhost only bind_address = "::1"; # Listen on localhost only
port = 8008; # Port to listen on port = 8008; # Port to listen on
resources = [ resources = [
{ {
compress = true; compress = true;
names = [ "client" ]; names = [ "client" ];
} { }
{
compress = false; compress = false;
names = [ "federation" ]; names = [ "federation" ];
} ]; }
];
tls = true; tls = true;
type = "http"; type = "http";
x_forwarded = true; x_forwarded = true;
} }
]; ];
max_upload_size = "200M"; # Also set client_max_body_size to at least this max_upload_size = "200M"; # Also set client_max_body_size to at least this
tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem"; tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem";
tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem"; tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem";
turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6"; turn_shared_secret =
"IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
turn_uris = [ turn_uris = [
"turn:turn.mcwhirter.io:5349?transport=udp" "turn:turn.mcwhirter.io:5349?transport=udp"
"turn:turn.mcwhirter.io:5350?transport=udp" "turn:turn.mcwhirter.io:5350?transport=udp"
@ -77,30 +84,28 @@
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = { locations = {
"/_matrix" = { "/_matrix" = { proxyPass = "https://[::1]:8008"; };
proxyPass = "https://[::1]:8008"; "/.well-known/matrix/server".extraConfig = let
}; # use 443 instead of the default 8448 port to unite
"/.well-known/matrix/server".extraConfig = # the client-server and server-server port for simplicity
let server = { "m.server" = "synapse.mcwhirter.io:443"; };
# use 443 instead of the default 8448 port to unite in ''
# the client-server and server-server port for simplicity add_header Content-Type application/json;
server = { "m.server" = "synapse.mcwhirter.io:443"; }; return 200 '${builtins.toJSON server}';
in '' '';
add_header Content-Type application/json; "= /.well-known/matrix/client".extraConfig = let
return 200 '${builtins.toJSON server}'; client = {
''; "m.homeserver" = {
"= /.well-known/matrix/client".extraConfig = "base_url" = "https://synapse.mcwhirter.io";
let
client = {
"m.homeserver" = { "base_url" = "https://synapse.mcwhirter.io"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
}; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file # ACAO required to allow element-web on any URL to request this json file
in '' in ''
add_header Content-Type application/json; add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}'; return 200 '${builtins.toJSON client}';
''; '';
}; };
extraConfig = '' extraConfig = ''
client_max_body_size 200M; # Needs to be no less than max_upload_size client_max_body_size 200M; # Needs to be no less than max_upload_size
@ -109,23 +114,21 @@
"chat.mcwhirter.io" = { "chat.mcwhirter.io" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = pkgs.element-web; # Install RIOT web in the nginx root root = pkgs.element-web; # Install RIOT web in the nginx root
}; };
}; };
}; };
postgresql = { postgresql = {
enable = true; enable = true;
ensureDatabases = [ "matrix-synapse" ]; # Ensure the database persists ensureDatabases = [ "matrix-synapse" ]; # Ensure the database persists
ensureUsers = [ ensureUsers = [{
{ name = "matrix-synapse"; # Ensure the database user persists
name = "matrix-synapse"; # Ensure the database user persists ensurePermissions = { # Ensure the database permissions persist
ensurePermissions = { # Ensure the database permissions persist "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; };
}; }];
}
];
# Initial database creation # Initial database creation
initialScript = pkgs.writeText "synapse-init.sql" '' initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
@ -146,7 +149,8 @@
}; };
"synapse.mcwhirter.io" = { "synapse.mcwhirter.io" = {
group = "matrix-synapse"; group = "matrix-synapse";
postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service"; postRun =
"systemctl reload nginx.service; systemctl restart matrix-synapse.service";
email = "acme@mcwhirter.io"; email = "acme@mcwhirter.io";
}; };
}; };
@ -155,11 +159,12 @@
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [
443 # HTTPS 443 # HTTPS
8448 # Matrix federation 8448 # Matrix federation
]; ];
}; };
users.groups.matrix-synapse.members = [ "nginx" ]; # Added for keys permissions users.groups.matrix-synapse.members =
[ "nginx" ]; # Added for keys permissions
} }

25
profiles/mcwhirter.io.nix
View file

@ -1,10 +1,10 @@
# NixOps configuration for deploying the mcwhirter.io website # NixOps configuration for deploying the mcwhirter.io website
{ config, pkgs, ...}: { config, pkgs, ... }:
let let
sources = import ../nix/sources.nix; sources = import ../nix/sources.nix;
mcwhirter-io = import sources.mcwhirter-io {}; mcwhirter-io = import sources.mcwhirter-io { };
webdomain = "mcwhirter.io"; webdomain = "mcwhirter.io";
in { in {
@ -14,19 +14,20 @@ in {
}; };
services.nginx = { services.nginx = {
enable = true; # Enable Nginx enable = true; # Enable Nginx
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"${webdomain}" = { # website hostname "${webdomain}" = { # website hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
root = "${mcwhirter-io}"; # Wesbite root root = "${mcwhirter-io}"; # Wesbite root
}; };
"www.${webdomain}" = { # Respect our elders :-) "www.${webdomain}" = { # Respect our elders :-)
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
}; };
}; };
}; };

17
profiles/minecraftServer.nix
View file

@ -6,16 +6,12 @@
imports = [ ../secrets/minecraftServer.nix ]; imports = [ ../secrets/minecraftServer.nix ];
nixpkgs = { nixpkgs = { config = { allowUnfree = true; }; };
config = {
allowUnfree = true;
};
};
services.minecraft-server = { services.minecraft-server = {
enable = true; # Enable the Minecraft server. enable = true; # Enable the Minecraft server.
declarative = true; declarative = true;
eula = true; # Answer Miecraft's EULA eula = true; # Answer Miecraft's EULA
openFirewall = true; openFirewall = true;
serverProperties = { serverProperties = {
motd = "mcwhirter.io"; motd = "mcwhirter.io";
@ -26,7 +22,8 @@
}; };
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
mcron # Minecraft console client [
]; mcron # Minecraft console client
];
} }

19
profiles/monitoring.nix
View file

@ -4,23 +4,20 @@
{ {
imports = [ imports = [ ./grafana.nix ./prometheus.nix ];
./grafana.nix
./prometheus.nix
];
services = { services = {
nginx = { nginx = {
enable = true; # Enable Nginx enable = true; # Enable Nginx
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts."monitoring.mcwhirter.io" = { # Monitoring hostname virtualHosts."monitoring.mcwhirter.io" = { # Monitoring hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
locations = { locations = {
"/grafana/".proxyPass = "http://localhost:3000/"; # Proxy Grafana "/grafana/".proxyPass = "http://localhost:3000/"; # Proxy Grafana
"/prometheus/".extraConfig = '' "/prometheus/".extraConfig = ''
proxy_pass http://localhost:9090/prometheus/; proxy_pass http://localhost:9090/prometheus/;
proxy_set_header Host $host; proxy_set_header Host $host;
@ -36,9 +33,7 @@
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
certs = { certs = { "monitoring.mcwhirter.io".email = "craige@mcwhirter.io"; };
"monitoring.mcwhirter.io".email = "craige@mcwhirter.io";
};
}; };
} }

18
profiles/neomutt.nix
View file

@ -6,18 +6,18 @@
# Install other packages that I require to be used with neomutt. # Install other packages that I require to be used with neomutt.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
isync # My mail fetcher isync # My mail fetcher
khard # Console carddav client khard # Console carddav client
lynx # My HTML email viewer lynx # My HTML email viewer
msmtp # My mail sender msmtp # My mail sender
neomutt # My MUA neomutt # My MUA
notmuch # Search and indexing for neomutt notmuch # Search and indexing for neomutt
urlscan # Scanning for links neomutt urlscan # Scanning for links neomutt
vdirsyncer # Synchronize calendars and contacts vdirsyncer # Synchronize calendars and contacts
]; ];
services.cron = { services.cron = {
enable = true; # Enable cron service enable = true; # Enable cron service
systemCronJobs = [ systemCronJobs = [
"*/10 * * * * craige /run/current-system/sw/bin/mbsync -q MCA >> /home/craige/.mailsync-MCA.log 2>&1" "*/10 * * * * craige /run/current-system/sw/bin/mbsync -q MCA >> /home/craige/.mailsync-MCA.log 2>&1"
"*/5 * * * * craige /run/current-system/sw/bin/mbsync -q IOHK >> /home/craige/.mailsync-IOHK.log 2>&1" "*/5 * * * * craige /run/current-system/sw/bin/mbsync -q IOHK >> /home/craige/.mailsync-IOHK.log 2>&1"

608
profiles/neovim.nix
View file

@ -1,308 +1,308 @@
{ pkgs, ... }: { pkgs, ... }: {
{
environment.variables = { EDITOR = "vim"; }; environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
(neovim.override { [
vimAlias = true; (neovim.override {
configure = { vimAlias = true;
packages.myPlugins = with pkgs.vimPlugins; { configure = {
start = [ packages.myPlugins = with pkgs.vimPlugins; {
airline # Lean & mean status/tabline for vim that's light as air start = [
dracula-vim # Dracula theme for vim airline # Lean & mean status/tabline for vim that's light as air
fugitive # Vim Git wrapper dracula-vim # Dracula theme for vim
fzf-vim # Full path fuzzy file, buffer, mru, tag, finder for Vim fugitive # Vim Git wrapper
haskell-vim # Syntax Highlighting and Indentation for Haskell fzf-vim # Full path fuzzy file, buffer, mru, tag, finder for Vim
indentLine # Display thin vertical lines at each indentation level haskell-vim # Syntax Highlighting and Indentation for Haskell
neocomplete-vim # Keyword completion system indentLine # Display thin vertical lines at each indentation level
neoformat # A (Neo)vim plugin for formatting code. neocomplete-vim # Keyword completion system
nerdcommenter # Comment functions so powerful—no comment necessary neoformat # A (Neo)vim plugin for formatting code.
nerdtree # File system explorer nerdcommenter # Comment functions so powerful—no comment necessary
nerdtree-git-plugin # Plugin for nerdtree showing git status nerdtree # File system explorer
#statix # Lints and suggestions for the nix programming language nerdtree-git-plugin # Plugin for nerdtree showing git status
supertab # Allows you to use <Tab> for all your insert completion #statix # Lints and suggestions for the nix programming language
syntastic # Syntax checking hacks supertab # Allows you to use <Tab> for all your insert completion
vim-addon-nix # Scripts assisting writing .nix files syntastic # Syntax checking hacks
vim-autoformat # Automatically format code vim-addon-nix # Scripts assisting writing .nix files
vim-cue # Cue filetype plugin for Vim vim-autoformat # Automatically format code
vim-lastplace vim-cue # Cue filetype plugin for Vim
vim-markdown-toc # Generate table of contents for Markdown files vim-lastplace
vim-nix # Support for writing Nix expressions in vim vim-markdown-toc # Generate table of contents for Markdown files
vim-numbertoggle # Toggle between relative / absolute line numbers automatically vim-nix # Support for writing Nix expressions in vim
vim-one vim-numbertoggle # Toggle between relative / absolute line numbers automatically
]; vim-one
opt = []; ];
opt = [ ];
};
customRC = ''
" Preferred global default settings:
set nocompatible
set backspace=indent,eol,start
set number relativenumber " Enable relative line numbers by default
set cursorline " Highlight the current line number
set smartindent " Automatically insert extra level of indentation
set tabstop=4 " Default tabstop
set shiftwidth=4 " Default indent spacing
set expandtab " Expand [TABS] to spaces
packadd! dracula-vim
syntax on " Enable syntax highlighting
set t_Co=256 " Use 265 colors in vim
set background=dark " Set the default background scheme
colorscheme dracula " Set the default colour scheme
"let g:one_allow_italics = 1 " I love italic for comments
set spell spelllang=en_au " Defaul spell checking language
set spellfile=~/.vim-spell.en.utf-8.add " Add the spellfile
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
match ErrorMsg '\s\+$' "
nnoremap <silent> <C-p> :Files<CR>
nnoremap <silent> <Leader>f :Rg<CR>
set grepprg=rg\ --vimgrep\ --smart-case\ --follow
let g:airline_powerline_fonts = 1 " Use powerline fonts
let g:airline_theme='dracula' " Set the airline theme
"call togglebg#map("<F10>") " Toggle background colour between dark|light
set laststatus=2 " Set up the status line so it's coloured and always on
" Removes trailing spaces:
function! TrimWhiteSpace()
%s/\s\+$//e
endfunction
" Trigger for numbertoggle to switch modes
nnoremap <silent> <C-n> :set relativenumber!<CR>
" Tab settings
let g:SuperTabDefaultCompletionType = 'context'
let g:SuperTabContextTextOmniPrecedence = ['&omnifunc','&completefunc']
let g:SuperTabRetainCompletionType=2
inoremap <expr><Enter> pumvisible() ? "\<C-Y>" : "\<Enter>"
inoremap <expr><TAB> pumvisible() ? "\<C-n>" : "\<TAB>"
nnoremap <silent> <Leader>RemoveTrailingWhiteSpace :call TrimWhiteSpace()<CR>
autocmd FileWritePre * :call TrimWhiteSpace()
autocmd FileAppendPre * :call TrimWhiteSpace()
autocmd FilterWritePre * :call TrimWhiteSpace()
autocmd BufWritePre * :call TrimWhiteSpace()
"autocmd BufWrite * :Autoformat
" FIXME: Currently always set to dark due to issues with Termonad Solarized theme
" Light during the day, dark during the night
let hour = strftime("%H")
if 7 <= hour && hour < 17
"set background=dark
"hi Normal ctermbg=none " Set a transparent background
"let g:airline_solarized_bg='dark' " Set the airline background
else
"set background=dark
"hi Normal ctermbg=none " Set a transparent background
"let g:airline_solarized_bg='dark' " Set the airline background
endif
" Transparent editing of gpg encrypted files.
" By Wouter Hanegraaff <wouter@blub.net>
augroup encrypted
au!
" First make sure nothing is written to ~/.viminfo while editing an encrypted file.
autocmd BufReadPre,FileReadPre *.gpg set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.gpg set noswapfile
" Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.gpg set bin
autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.gpg set nobin
autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.gpg u
augroup END
" Use Neoformat to automatically format files
augroup fmt
autocmd!
autocmd BufWritePre * undojoin | Neoformat
augroup END
" Manage ISO files
augroup iso
au!
" First make sure nothing is written to ~/.viminfo while editing an encrypted file.
autocmd BufReadPre,FileReadPre *.iso set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.iso set noswapfile
" Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.iso set bin
autocmd BufReadPre,FileReadPre *.iso let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.iso '[,']!gpg --decrypt 2> /dev/null
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.iso set nobin
autocmd BufReadPost,FileReadPost *.iso let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.iso execute ":doautocmd BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.iso '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.iso u
augroup END
" Use persistent history.
if !isdirectory("/tmp/.vim-undo-dir")
call mkdir("/tmp/.vim-undo-dir", "", 0700)
endif
set undodir=/tmp/.vim-undo-dir
set undofile
" My Markdown environment
function! MarkdownSettings()
set textwidth=79
set spell spelllang=en_au
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.mdwn :call MarkdownSettings()
autocmd BufNewFile,BufFilePre,BufRead *.md :call MarkdownSettings()
" My ReStructured Text environment
function! ReStructuredSettings()
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.rst :call ReStructuredSettings()
autocmd BufNewFile,BufFilePre,BufRead *.txt :call ReStructuredSettings()
" My LaTeX environment:
function! LaTeXSettings()
set textwidth=79
set spell spelllang=en_au
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.tex :call LaTeXSettings()
" Settings for my Haskell environment:
function! HaskellSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.hs :call HaskellSettings()
" Settings for my Nix environment:
function! NixSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set filetype=nix
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.nix :call NixSettings()
" Settings for my Cue environment:
function! CueSettings()
set noexpandtab
set tabstop=2
set shiftwidth=2
set textwidth=79
let g:cue_fmt_on_save = 1
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.cue :call CueSettings()
" Settings for my Rust environment:
function! RustSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
let g:rustfmt_autosave = 1
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.rs :call RustSettings()
" Settings for my Crystal environment:
function! CrystalSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set filetype=crystal
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.cr :call CrystalSettings()
" Settings for my Golang environment:
function! GoSettings()
set tabstop=7
set shiftwidth=7
set noexpandtab
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.go :call GoSettings()
" Settings for my Python environment:
function! PythonSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
set spell!
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.py :call PythonSettings()
" My Mutt environment
function! MuttSettings()
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead mutt-* :call MuttSettings()
autocmd BufNewFile,BufFilePre,BufRead neomutt-* :call MuttSettings()
" Settings for my C environment:
function! CSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.c :call CSettings()
" Settings for my YAML environment:
function! YAMLSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.yaml :call YAMLSettings()
autocmd BufNewFile,BufFilePre,BufRead *.yml :call YAMLSettings()
" Settings for my Bash environment:
function! BashSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
set spell!
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.sh :call BashSettings()
'';
}; };
customRC = '' })
" Preferred global default settings: ];
set nocompatible
set backspace=indent,eol,start
set number relativenumber " Enable relative line numbers by default
set cursorline " Highlight the current line number
set smartindent " Automatically insert extra level of indentation
set tabstop=4 " Default tabstop
set shiftwidth=4 " Default indent spacing
set expandtab " Expand [TABS] to spaces
packadd! dracula-vim
syntax on " Enable syntax highlighting
set t_Co=256 " Use 265 colors in vim
set background=dark " Set the default background scheme
colorscheme dracula " Set the default colour scheme
"let g:one_allow_italics = 1 " I love italic for comments
set spell spelllang=en_au " Defaul spell checking language
set spellfile=~/.vim-spell.en.utf-8.add " Add the spellfile
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
match ErrorMsg '\s\+$' "
nnoremap <silent> <C-p> :Files<CR>
nnoremap <silent> <Leader>f :Rg<CR>
set grepprg=rg\ --vimgrep\ --smart-case\ --follow
let g:airline_powerline_fonts = 1 " Use powerline fonts
let g:airline_theme='dracula' " Set the airline theme
"call togglebg#map("<F10>") " Toggle background colour between dark|light
set laststatus=2 " Set up the status line so it's coloured and always on
" Removes trailing spaces:
function! TrimWhiteSpace()
%s/\s\+$//e
endfunction
" Trigger for numbertoggle to switch modes
nnoremap <silent> <C-n> :set relativenumber!<CR>
" Tab settings
let g:SuperTabDefaultCompletionType = 'context'
let g:SuperTabContextTextOmniPrecedence = ['&omnifunc','&completefunc']
let g:SuperTabRetainCompletionType=2
inoremap <expr><Enter> pumvisible() ? "\<C-Y>" : "\<Enter>"
inoremap <expr><TAB> pumvisible() ? "\<C-n>" : "\<TAB>"
nnoremap <silent> <Leader>RemoveTrailingWhiteSpace :call TrimWhiteSpace()<CR>
autocmd FileWritePre * :call TrimWhiteSpace()
autocmd FileAppendPre * :call TrimWhiteSpace()
autocmd FilterWritePre * :call TrimWhiteSpace()
autocmd BufWritePre * :call TrimWhiteSpace()
"autocmd BufWrite * :Autoformat
" FIXME: Currently always set to dark due to issues with Termonad Solarized theme
" Light during the day, dark during the night
let hour = strftime("%H")
if 7 <= hour && hour < 17
"set background=dark
"hi Normal ctermbg=none " Set a transparent background
"let g:airline_solarized_bg='dark' " Set the airline background
else
"set background=dark
"hi Normal ctermbg=none " Set a transparent background
"let g:airline_solarized_bg='dark' " Set the airline background
endif
" Transparent editing of gpg encrypted files.
" By Wouter Hanegraaff <wouter@blub.net>
augroup encrypted
au!
" First make sure nothing is written to ~/.viminfo while editing an encrypted file.
autocmd BufReadPre,FileReadPre *.gpg set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.gpg set noswapfile
" Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.gpg set bin
autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.gpg set nobin
autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.gpg u
augroup END
" Use Neoformat to automatically format files
augroup fmt
autocmd!
autocmd BufWritePre * undojoin | Neoformat
augroup END
" Manage ISO files
augroup iso
au!
" First make sure nothing is written to ~/.viminfo while editing an encrypted file.
autocmd BufReadPre,FileReadPre *.iso set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.iso set noswapfile
" Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.iso set bin
autocmd BufReadPre,FileReadPre *.iso let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.iso '[,']!gpg --decrypt 2> /dev/null
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.iso set nobin
autocmd BufReadPost,FileReadPost *.iso let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.iso execute ":doautocmd BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.iso '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.iso u
augroup END
" Use persistent history.
if !isdirectory("/tmp/.vim-undo-dir")
call mkdir("/tmp/.vim-undo-dir", "", 0700)
endif
set undodir=/tmp/.vim-undo-dir
set undofile
" My Markdown environment
function! MarkdownSettings()
set textwidth=79
set spell spelllang=en_au
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.mdwn :call MarkdownSettings()
autocmd BufNewFile,BufFilePre,BufRead *.md :call MarkdownSettings()
" My ReStructured Text environment
function! ReStructuredSettings()
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.rst :call ReStructuredSettings()
autocmd BufNewFile,BufFilePre,BufRead *.txt :call ReStructuredSettings()
" My LaTeX environment:
function! LaTeXSettings()
set textwidth=79
set spell spelllang=en_au
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.tex :call LaTeXSettings()
" Settings for my Haskell environment:
function! HaskellSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.hs :call HaskellSettings()
" Settings for my Nix environment:
function! NixSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set filetype=nix
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.nix :call NixSettings()
" Settings for my Cue environment:
function! CueSettings()
set noexpandtab
set tabstop=2
set shiftwidth=2
set textwidth=79
let g:cue_fmt_on_save = 1
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.cue :call CueSettings()
" Settings for my Rust environment:
function! RustSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
let g:rustfmt_autosave = 1
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.rs :call RustSettings()
" Settings for my Crystal environment:
function! CrystalSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set filetype=crystal
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.cr :call CrystalSettings()
" Settings for my Golang environment:
function! GoSettings()
set tabstop=7
set shiftwidth=7
set noexpandtab
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.go :call GoSettings()
" Settings for my Python environment:
function! PythonSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
set spell!
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.py :call PythonSettings()
" My Mutt environment
function! MuttSettings()
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead mutt-* :call MuttSettings()
autocmd BufNewFile,BufFilePre,BufRead neomutt-* :call MuttSettings()
" Settings for my C environment:
function! CSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.c :call CSettings()
" Settings for my YAML environment:
function! YAMLSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.yaml :call YAMLSettings()
autocmd BufNewFile,BufFilePre,BufRead *.yml :call YAMLSettings()
" Settings for my Bash environment:
function! BashSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
set spell!
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.sh :call BashSettings()
'';
};
}
)];
} }

90
profiles/nextcloud.nix
View file

@ -4,79 +4,75 @@
{ {
imports = imports = [ ../secrets/nextcloud.nix ];
[
../secrets/nextcloud.nix
];
services.nextcloud = { services.nextcloud = {
enable = true; # Enable Nextcloud enable = true; # Enable Nextcloud
hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance
https = true; # Use HTTPS for links https = true; # Use HTTPS for links
config = { # Configure Nextcloud config = { # Configure Nextcloud
dbtype = "pgsql"; # Set the database type dbtype = "pgsql"; # Set the database type
dbname = "nextcloud"; # Set the database name dbname = "nextcloud"; # Set the database name
dbhost = "/run/postgresql"; # Set the database connection dbhost = "/run/postgresql"; # Set the database connection
dbuser = "nextcloud"; # Set the database user dbuser = "nextcloud"; # Set the database user
dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password dbpassFile =
adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password "/run/keys/nextcloud-dbpass"; # Where to find the database password
adminuser = "root"; # Set the admin user name adminpassFile =
overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS "/run/keys/nextcloud-admin"; # Where to find the admin password
defaultPhoneRegion = "AU"; # Country code for automatic phone-number detection adminuser = "root"; # Set the admin user name
overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS
defaultPhoneRegion =
"AU"; # Country code for automatic phone-number detection
}; };
autoUpdateApps = { autoUpdateApps = {
enable = true; # Run regular auto update of all apps installed enable = true; # Run regular auto update of all apps installed
startAt = "01:00:00"; # When to run the update startAt = "01:00:00"; # When to run the update
}; };
package = pkgs.nextcloud22; package = pkgs.nextcloud22;
}; };
services.postgresql = { services.postgresql = {
enable = true; # Ensure postgresql is enabled enable = true; # Ensure postgresql is enabled
ensureDatabases = [ "nextcloud" ]; # Ensure the database persists ensureDatabases = [ "nextcloud" ]; # Ensure the database persists
ensureUsers = [ ensureUsers = [{
{ name = "nextcloud"; # Ensure the database user persists
name = "nextcloud"; # Ensure the database user persists ensurePermissions = { # Ensure the database permissions persist
ensurePermissions = { # Ensure the database permissions persist "DATABASE nextcloud" = "ALL PRIVILEGES";
"DATABASE nextcloud" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; };
}; }];
}
];
}; };
services.nginx = { services.nginx = {
enable = true; # Enable Nginx enable = true; # Enable Nginx
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
}; };
virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected
globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host
}; };
}; };
systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first
requires = ["postgresql.service"]; requires = [ "postgresql.service" ];
after = ["postgresql.service"]; after = [ "postgresql.service" ];
}; };
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
certs = { certs = { "cloud.mcwhirter.io" = { email = "craige@mcwhirter.io"; }; };
"cloud.mcwhirter.io" = {
email = "craige@mcwhirter.io";
};
};
}; };
users.groups.keys.members = [ "nextcloud" ]; # Required due to NixOps issue #1204 users.groups.keys.members =
users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions [ "nextcloud" ]; # Required due to NixOps issue #1204
users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions
networking.firewall.allowedTCPPorts = [ 80 443 ]; # Open the required firewall ports networking.firewall.allowedTCPPorts =
[ 80 443 ]; # Open the required firewall ports
} }

18
profiles/nix-community.nix
View file

@ -4,15 +4,13 @@
{ {
nix = { nix = {
distributedBuilds = true; distributedBuilds = true;
buildMachines = [ buildMachines = [{
{ hostName = "aarch64.nixos.community";
hostName = "aarch64.nixos.community"; maxJobs = 64;
maxJobs = 64; sshKey = "/root/.ssh/id_nixops_ed25519";
sshKey = "/root/.ssh/id_nixops_ed25519"; sshUser = "craige";
sshUser = "craige"; system = "aarch64-linux";
system = "aarch64-linux"; supportedFeatures = [ "big-parallel" ];
supportedFeatures = [ "big-parallel" ]; }];
}
];
}; };
} }

12
profiles/nix-direnv.nix
View file

@ -14,16 +14,16 @@
# Set the environment # Set the environment
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
direnv # A shell extension that manages your environment direnv # A shell extension that manages your environment
nix-direnv # A fast, persistent use_nix implementation for direnv nix-direnv # A fast, persistent use_nix implementation for direnv
];
pathsToLink = [
"/share/nix-direnv"
]; ];
pathsToLink = [ "/share/nix-direnv" ];
}; };
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: { nix-direnv = super.nix-direnv.override { enableFlakes = true; }; } ) (self: super: {
nix-direnv = super.nix-direnv.override { enableFlakes = true; };
})
]; ];
} }

18
profiles/nix-mio-ops.nix
View file

@ -3,15 +3,13 @@
{ {
nix = { nix = {
distributedBuilds = true; distributedBuilds = true;
buildMachines = [ buildMachines = [{
{ hostName = "cuallaidh.mcwhirter.io";
hostName = "cuallaidh.mcwhirter.io"; maxJobs = 64;
maxJobs = 64; sshKey = "/root/.ssh/id_nixops_ed25519";
sshKey = "/root/.ssh/id_nixops_ed25519"; sshUser = "craige";
sshUser = "craige"; system = "x86_64-linux";
system = "x86_64-linux"; supportedFeatures = [ "big-parallel" ];
supportedFeatures = [ "big-parallel" ]; }];
}
];
}; };
} }

34
profiles/nixpkgs-dev.nix
View file

@ -2,27 +2,29 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
#let
# sources = import ../nix/sources.nix;
# unstable = import sources.nixpkgsUnstable {};
#in
{ {
nixpkgs = { nixpkgs = { config = { allowUnfree = true; }; };
config = {
allowUnfree = true;
};
};
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
cabal2nix # Convert Cabal files into Nix build instructions cabal2nix # Convert Cabal files into Nix build instructions
nixfmt # An opinionated formatter for Nix nixfmt # An opinionated formatter for Nix
nix-prefetch-github # Prefetch sources from github nix-prefetch-github # Prefetch sources from github
nix-prefetch-git # Prefetch sources from git nix-prefetch-git # Prefetch sources from git
nix-review # Review pull-requests on https://github.com/NixOS/nixpkgs nix-review # Review pull-requests on https://github.com/NixOS/nixpkgs
nix-top # Tracks what nix is building nix-top # Tracks what nix is building
nix-universal-prefetch # Uses nixpkgs fetchers to figure out hashes nix-universal-prefetch # Uses nixpkgs fetchers to figure out hashes
nodePackages.node2nix # Generate Nix expressions to build NPM packages nodePackages.node2nix # Generate Nix expressions to build NPM packages
nox # Tools to make Nix nicer nox # Tools to make Nix nicer
sqlite # To query the nixpkgs sqlite database sqlite # To query the nixpkgs sqlite database
tig # Text-mode interface for git tig # Text-mode interface for git
#unstable.statix # Lints and suggestions for the nix programming language
]; ];
}; };

12
profiles/openssh.nix
View file

@ -5,17 +5,15 @@
{ {
services.openssh = { services.openssh = {
enable = true; # Enable the OpenSSH daemon. enable = true; # Enable the OpenSSH daemon.
permitRootLogin = "prohibit-password"; permitRootLogin = "prohibit-password";
challengeResponseAuthentication = false; challengeResponseAuthentication = false;
passwordAuthentication = false; passwordAuthentication = false;
openFirewall = true; openFirewall = true;
hostKeys = [ hostKeys = [{
{ path = "/etc/ssh/ssh_host_ed25519_key";
path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519";
type = "ed25519"; }];
}
];
}; };
} }

9
profiles/pi_common.nix
View file

@ -4,10 +4,11 @@
{ {
environment = { # Set the system-wide environment environment = { # Set the system-wide environment
systemPackages = with pkgs; [ systemPackages = with pkgs;
usbutils # Tools for working with USB devices, such as lsusb [
]; usbutils # Tools for working with USB devices, such as lsusb
];
}; };
} }

4
profiles/powerManagement.nix
View file

@ -7,7 +7,7 @@
powerManagement = { powerManagement = {
enable = true; enable = true;
cpuFreqGovernor = lib.mkDefault "performance"; cpuFreqGovernor = lib.mkDefault "performance";
powertop.enable = true; # Enable powertop auto tuning on startup powertop.enable = true; # Enable powertop auto tuning on startup
}; };
services = { services = {
@ -17,7 +17,7 @@
}; };
tlp.enable = false; tlp.enable = false;
upower = { upower = {
enable = true; # Enable application power managemetn support enable = true; # Enable application power managemetn support
percentageCritical = 15; percentageCritical = 15;
percentageAction = 15; percentageAction = 15;
}; };

160
profiles/prometheus.nix
View file

@ -8,9 +8,7 @@
prometheus = { prometheus = {
enable = true; enable = true;
webExternalUrl = "https://monitoring.mcwhirter.io/prometheus/"; webExternalUrl = "https://monitoring.mcwhirter.io/prometheus/";
extraFlags = [ extraFlags = [ "--storage.tsdb.retention.time 8760h" ];
"--storage.tsdb.retention.time 8760h"
];
exporters = { exporters = {
node = { node = {
enable = true; enable = true;
@ -52,171 +50,161 @@
# targets = [ "airgead.mcwhirter.io:9093" ]; # targets = [ "airgead.mcwhirter.io:9093" ];
# } ]; # } ];
#} ]; #} ];
rules = [ (builtins.toJSON { rules = [
groups = [ (builtins.toJSON {
{ groups = [{
name = "system"; name = "system";
rules = [ rules = [
{ {
alert = "node_down"; alert = "node_down";
expr = "up == 0"; expr = "up == 0";
for = "5m"; for = "5m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Node is down."; summary = "{{$labels.alias}}: Node is down.";
description = "{{$labels.alias}} has been down for more than 5 minutes."; description =
"{{$labels.alias}} has been down for more than 5 minutes.";
}; };
} }
{ {
alert = "node_systemd_service_failed"; alert = "node_systemd_service_failed";
expr = "node_systemd_unit_state{state=\"failed\"} == 1"; expr = ''node_systemd_unit_state{state="failed"} == 1'';
for = "4m"; for = "4m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start."; summary =
description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."; "{{$labels.alias}}: Service {{$labels.name}} failed to start.";
description =
"{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
}; };
} }
{ {
alert = "node_filesystem_full_90percent"; alert = "node_filesystem_full_90percent";
expr = "sort(node_filesystem_free_bytes{device!=\"ramfs\"} < node_filesystem_size_bytes{device!=\"ramfs\"} * 0.1) / 1024^3"; expr = ''
sort(node_filesystem_free_bytes{device!="ramfs"} < node_filesystem_size_bytes{device!="ramfs"} * 0.1) / 1024^3'';
for = "5m"; for = "5m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Filesystem is running out of space soon."; summary =
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."; "{{$labels.alias}}: Filesystem is running out of space soon.";
description =
"{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem.";
}; };
} }
{ {
alert = "node_filesystem_full_in_4h"; alert = "node_filesystem_full_in_4h";
expr = "predict_linear(node_filesystem_free_bytes{device!=\"ramfs\",device!=\"tmpfs\",fstype!=\"autofs\",fstype!=\"cd9660\"}[4h], 4*3600) <= 0"; expr = ''
predict_linear(node_filesystem_free_bytes{device!="ramfs",device!="tmpfs",fstype!="autofs",fstype!="cd9660"}[4h], 4*3600) <= 0'';
for = "5m"; for = "5m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours."; summary =
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"; "{{$labels.alias}}: Filesystem is running out of space in 4 hours.";
description =
"{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours";
}; };
} }
{ {
alert = "node_filedescriptors_full_in_3h"; alert = "node_filedescriptors_full_in_3h";
expr = "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum"; expr =
"predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum";
for = "20m"; for = "20m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours."; summary =
description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"; "{{$labels.alias}} is running out of available file descriptors in 3 hours.";
description =
"{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
}; };
} }
{ {
alert = "node_load1_90percent"; alert = "node_load1_90percent";
expr = "node_load1 / on(alias) count(node_cpu_seconds_total{mode=\"system\"}) by (alias) >= 0.9"; expr = ''
node_load1 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 0.9'';
for = "1h"; for = "1h";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Running on high load."; summary = "{{$labels.alias}}: Running on high load.";
description = "{{$labels.alias}} is running with > 90% total load for at least 1h."; description =
"{{$labels.alias}} is running with > 90% total load for at least 1h.";
}; };
} }
{ {
alert = "node_cpu_util_90percent"; alert = "node_cpu_util_90percent";
expr = "100 - (avg by (alias) (irate(node_cpu_seconds_total{mode=\"idle\"}[5m])) * 100) >= 90"; expr = ''
100 - (avg by (alias) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) >= 90'';
for = "1h"; for = "1h";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: High CPU utilization."; summary = "{{$labels.alias}}: High CPU utilization.";
description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."; description =
"{{$labels.alias}} has total CPU utilization over 90% for at least 1h.";
}; };
} }
{ {
alert = "node_ram_using_99percent"; alert = "node_ram_using_99percent";
expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01"; expr =
"node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01";
for = "30m"; for = "30m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Using lots of RAM."; summary = "{{$labels.alias}}: Using lots of RAM.";
description = "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now."; description =
"{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.";
}; };
} }
{ {
alert = "node_swap_using_80percent"; alert = "node_swap_using_80percent";
expr = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8"; expr =
"node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8";
for = "10m"; for = "10m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Running out of swap soon."; summary = "{{$labels.alias}}: Running out of swap soon.";
description = "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."; description =
"{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now.";
}; };
} }
{ {
alert = "node_time_unsync"; alert = "node_time_unsync";
expr = "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1"; expr =
"abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1";
for = "1m"; for = "1m";
labels = { labels = { severity = "page"; };
severity = "page";
};
annotations = { annotations = {
summary = "{{$labels.alias}}: Clock out of sync with NTP"; summary = "{{$labels.alias}}: Clock out of sync with NTP";
description = "{{$labels.alias}} Local clock offset is too large or out of sync with NTP"; description =
"{{$labels.alias}} Local clock offset is too large or out of sync with NTP";
}; };
} }
]; ];
} }];
]; })
})]; ];
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "prometheus"; job_name = "prometheus";
scrape_interval = "5s"; scrape_interval = "5s";
static_configs = [ static_configs = [{
{ targets = [ "localhost:9090" ];
targets = [ labels = { alias = "prometheus"; };
"localhost:9090" }];
];
labels = { alias = "prometheus"; };
}
];
} }
{ {
job_name = "cardano-node"; job_name = "cardano-node";
scrape_interval = "10s"; scrape_interval = "10s";
static_configs = [ static_configs = [{
{ targets = [ "127.0.0.1:12798" ];
targets = [ "127.0.0.1:12798" ]; labels = { alias = "airgead"; };
labels = { alias = "airgead"; }; }];
}
];
} }
{ {
job_name = "node"; job_name = "node";
scrape_interval = "10s"; scrape_interval = "10s";
static_configs = [ static_configs = [{
{ targets = [ "airgead.mcwhirter.io:9100" ];
targets = [ labels = { alias = "airgead.mcwhirter.io"; };
"airgead.mcwhirter.io:9100" }];
];
labels = {
alias = "airgead.mcwhirter.io";
};
}
];
} }
]; ];
}; };

39
profiles/qemu.nix
View file

@ -1,7 +1,6 @@
# Based up original work by cleverca22 # Based up original work by cleverca22
# https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix # https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib; with lib;
@ -9,18 +8,24 @@ let
cfg = config.qemu-user; cfg = config.qemu-user;
arm = { arm = {
interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm"; interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm";
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00''; magicOrExtension =
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; "\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
}; };
aarch64 = { aarch64 = {
interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64"; interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64";
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00''; magicOrExtension =
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
}; };
riscv64 = { riscv64 = {
interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64"; interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64";
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00''; magicOrExtension =
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
}; };
in { in {
options = { options = {
@ -32,22 +37,22 @@ in {
nix.supportedPlatforms = mkOption { nix.supportedPlatforms = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
description = "extra platforms that nix will run binaries for"; description = "extra platforms that nix will run binaries for";
default = []; default = [ ];
}; };
}; };
config = mkIf (cfg.arm || cfg.aarch64) { config = mkIf (cfg.arm || cfg.aarch64) {
nixpkgs = { nixpkgs = { overlays = [ (import ../overlays/qemu) ]; };
overlays = [ (import ../overlays/qemu) ]; boot.binfmt.registrations = optionalAttrs cfg.arm { inherit arm; }
}; // optionalAttrs cfg.aarch64 { inherit aarch64; }
boot.binfmt.registrations = // optionalAttrs cfg.riscv64 { inherit riscv64; };
optionalAttrs cfg.arm { inherit arm; } // nix.supportedPlatforms =
optionalAttrs cfg.aarch64 { inherit aarch64; } // (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
optionalAttrs cfg.riscv64 { inherit riscv64; };
nix.supportedPlatforms = (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
++ (optional cfg.aarch64 "aarch64-linux"); ++ (optional cfg.aarch64 "aarch64-linux");
nix.extraOptions = '' nix.extraOptions = ''
extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux
''; '';
nix.sandboxPaths = [ "/run/binfmt" ] ++ (optional cfg.arm "${pkgs.qemu-user-arm}") ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}"); nix.sandboxPaths = [ "/run/binfmt" ]
++ (optional cfg.arm "${pkgs.qemu-user-arm}")
++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}");
}; };
} }

11
profiles/server_common.nix
View file

@ -4,12 +4,11 @@
{ {
imports = imports = [
[ ../profiles/openssh.nix
../profiles/openssh.nix ../secrets/user-craige.nix
../secrets/user-craige.nix ../secrets/user-root.nix
../secrets/user-root.nix ];
];
programs.mosh = { programs.mosh = {
enable = true; enable = true;

12
profiles/spotify.nix
View file

@ -5,15 +5,11 @@
{ {
services.spotifyd = { services.spotifyd = {
enable = true; # Enable the Spotify daemon. enable = true; # Enable the Spotify daemon.
config = " config =
username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg "\n username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg\n password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg\n ";
password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg
";
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ spotify ];
spotify
];
} }

7
profiles/starship.nix
View file

@ -1,7 +1,8 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
starship # A minimal, blazing fast, and extremely customizable prompt for any shell [
]; starship # A minimal, blazing fast, and extremely customizable prompt for any shell
];
} }

Some files were not shown because too many files have changed in this diff Show more