sercanto/mio-ops
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Activity

nix: nixfmt

Browse source
This commit is contained in:
Serĉanto de Scio 2021-11-16 14:57:23 +10:00
parent 2f808daa78
commit e6dbc113ad
Signed by: sercanto
GPG key ID: 7DBA9F5689EFB6AA
114 changed files with 1621 additions and 1850 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
default.nix
View file

@ -1,11 +1,9 @@
{ sources ? import ./nix/sources.nix
, system ? builtins.currentSystem
, crossSystem ? null
, config ? {}
, cardanoNodeProject ? import sources.cardano-node {}
}@args: with import ./nix args; {
{ sources ? import ./nix/sources.nix, system ? builtins.currentSystem
, crossSystem ? null, config ? { }
, cardanoNodeProject ? import sources.cardano-node { } }@args:
with import ./nix args; {
shell = mkShell {
inherit (import sources.niv {}) niv;
inherit (import sources.niv { }) niv;
buildInputs = [
cardanoNodeProject.cardano-cli # required for KES key rotation
niv

5
deployments/mio-ops.nix
View file

@ -6,10 +6,9 @@
enableRollback = true;
};
resources.sshKeyPairs.ssh-key = {};
resources.sshKeyPairs.ssh-key = { };
defaults =
{ config, pkgs, lib, ... }:
defaults = { config, pkgs, lib, ... }:
{
system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps

3
globals-defaults.nix
View file

@ -1,2 +1 @@
{
}
{ }

8
hardware/eeepc701.nix
View file

@ -50,14 +50,12 @@
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-label/swap"; }
];
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
networking.wireless.enable = true; # Enable wireless via wpa_supplicant.
nix.maxJobs = lib.mkDefault 1;

15
hardware/lenovo_x201.nix
View file

@ -3,23 +3,20 @@
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-label/swap"; }
];
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
hardware.opengl.extraPackages = with pkgs; [ vaapiIntel ];
nix.maxJobs = lib.mkDefault 4;

12
hardware/linode_vm-encrypted.nix
View file

@ -27,7 +27,7 @@
loader = {
grub = {
forceInstall = true;
version =1;
version = 1;
extraPerEntryConfig = "root (hd0)";
extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
@ -41,16 +41,12 @@
};
# File systems configuration for the Linode VMs
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
swapDevices = [
{
device = "/dev/disk/by-label/swap";
}
];
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
nix.maxJobs = lib.mkDefault 8;
}

10
hardware/linode_vm.nix
View file

@ -26,16 +26,12 @@
};
# File systems configuration for the Linode VMs
fileSystems."/" =
{ device = "/dev/sda";
fileSystems."/" = {
device = "/dev/sda";
fsType = "ext4";
};
swapDevices = [
{
device = "/dev/sdb";
}
];
swapDevices = [{ device = "/dev/sdb"; }];
nix.maxJobs = lib.mkDefault 4;
}

6
hardware/odroid-hc4/default.nix
View file

@ -4,10 +4,9 @@ with lib;
let
sources = import ../../nix/sources.nix;
unstable = import sources.nixpkgsUnstable {};
in
unstable = import sources.nixpkgsUnstable { };
{
in {
imports = [
"${modulesPath}/profiles/base.nix"
./uboot/hardkernel-uboot.nix
@ -36,7 +35,6 @@ in
(import ./overlays/uboot/overlay.nix)
];
# DNS
services.resolved.enable = true;
services.resolved.dnssec = "false";

6
hardware/odroid-hc4/modules/sd-image/default.nix
View file

@ -1,5 +1,4 @@
{ pkgs, lib, config, modulesPath, ... }:
{
{ pkgs, lib, config, modulesPath, ... }: {
imports = [
"${modulesPath}/installer/sd-card/sd-image.nix"
# should we include this module or should we treat the SD
@ -18,7 +17,8 @@
# Remove zfs from supported filesystems as it fails when cross-compiling due
# to not being able to build kernel module
boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
boot.supportedFilesystems =
lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
sdImage = {
compressImage = false;

12
hardware/odroid-hc4/overlays/kernel/kernel.nix
View file

@ -1,13 +1,5 @@
{ stdenv
, buildPackages
, fetchFromGitHub
, perl
, buildLinux
, libelf
, utillinux
, lib
, ...
}@args:
{ stdenv, buildPackages, fetchFromGitHub, perl, buildLinux, libelf, utillinux
, lib, ... }@args:
buildLinux (args // rec {
version = "4.9.241-107";

5
hardware/odroid-hc4/overlays/kernel/overlay.nix
View file

@ -7,7 +7,10 @@ final: prev: {
# 3. The IRBLASTER module not registering syscalls correctly
# The following patch makes the above warnings non-errors, decreases NR_CPUS to 4 and disables the IRBLASTER module.
({ name = "hardkernel-patches"; patch = ./kernel.diff; })
({
name = "hardkernel-patches";
patch = ./kernel.diff;
})
];
};
}

21
hardware/odroid-hc4/overlays/uboot/hardkernel.nix
View file

@ -3,25 +3,14 @@
gcc49Stdenv.mkDerivation {
name = "hardkernel-uboot";
src = builtins.fetchTarball {
url = "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz";
url =
"https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz";
sha256 = "0hj49jf9w2w55r7fjpx8asb92r85lws8mvq4mvl1v309z7k56zwv";
};
patches = [ ./pwd.diff ./fip_create.diff ];
nativeBuildInputs = [
git
gcc49Stdenv.cc
bc
bison
flex
nettools
];
depsBuildBuild = [
arm-gcc49
buildPackages.gcc49Stdenv.cc
];
makeFlags = [
"CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}"
];
nativeBuildInputs = [ git gcc49Stdenv.cc bc bison flex nettools ];
depsBuildBuild = [ arm-gcc49 buildPackages.gcc49Stdenv.cc ];
makeFlags = [ "CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}" ];
configurePhase = ''
make odroidc4_defconfig
'';

3
hardware/odroid-hc4/overlays/uboot/meson64-tools.nix
View file

@ -3,7 +3,8 @@ stdenv.mkDerivation {
name = "meson64-tools";
nativeBuildInputs = [ python2 python3 ];
src = builtins.fetchTarball {
url = "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz";
url =
"https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz";
sha256 = "1487cr7sv34yry8f0chaj6s2g3736dzq0aqw239ahdy30yg7hb2v";
};

16
hardware/odroid-hc4/overlays/uboot/overlay.nix
View file

@ -1,25 +1,19 @@
final: prev:
let
platform = final.lib.systems.examples.aarch64-multiplatform // {
gcc = {
arch = "armv8-a+crypto";
};
gcc = { arch = "armv8-a+crypto"; };
};
arm64 = final.pkgsCross.aarch64-embedded;
arm = final.pkgsCross.arm-embedded;
uboot-hardkernel = arm64.callPackage ./hardkernel.nix {
arm-gcc49 = arm.buildPackages.gcc49;
};
with-crypto = import final.path {
crossSystem = platform;
};
uboot-hardkernel =
arm64.callPackage ./hardkernel.nix { arm-gcc49 = arm.buildPackages.gcc49; };
with-crypto = import final.path { crossSystem = platform; };
meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix { };
blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix { };
uboot = arm64.callPackage ./u-boot.nix {
inherit uboot-hardkernel meson64-tools blx_fix;
};
in
{
in {
uboot-hardkernel = uboot;
ubootTools-hardkernel = final.buildPackages.ubootTools;
buildPackages = prev.buildPackages // {

33
hardware/odroid-hc4/overlays/uboot/u-boot.nix
View file

@ -1,21 +1,11 @@
{ stdenv
, git
, bc
, bison
, flex
, nettools
, openssl
, buildPackages
, uboot-hardkernel
, meson64-tools
, blx_fix
}:
{ stdenv, git, bc, bison, flex, nettools, openssl, buildPackages
, uboot-hardkernel, meson64-tools, blx_fix }:
let
in
stdenv.mkDerivation {
in stdenv.mkDerivation {
name = "uboot";
src = builtins.fetchTarball {
url = "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz";
url =
"https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz";
sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6";
};
CROSS_COMPILE = stdenv.cc.targetPrefix;
@ -83,16 +73,7 @@ stdenv.mkDerivation {
--ddrfw9 fip/lpddr3_1d.fw \
--level v3
'';
nativeBuildInputs = [
git
bc
bison
flex
nettools
];
nativeBuildInputs = [ git bc bison flex nettools ];
depsBuildBuild = [
buildPackages.stdenv.cc
buildPackages.openssl.dev
];
depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.openssl.dev ];
}

18
hardware/odroid-hc4/uboot/hardkernel-uboot.nix
View file

@ -11,9 +11,9 @@ let
# The builder used to write during system activation
builder = import ./boot-ini-builder.nix { inherit pkgs; };
# The builder exposed in populateCmd, which runs on the build architecture
populateBuilder = import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; };
in
{
populateBuilder =
import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; };
in {
options = {
boot.loader.hardkernel-uboot = {
enable = mkOption {
@ -42,13 +42,13 @@ in
};
};
config =
let
builderArgs = "-t ${timeoutStr}" + lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}";
in
mkIf cfg.enable {
config = let
builderArgs = "-t ${timeoutStr}"
+ lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}";
in mkIf cfg.enable {
system.build.installBootLoader = "${builder} ${builderArgs} -c";
system.boot.loader.id = "hardkernel-uboot";
boot.loader.hardkernel-uboot.populateCmd = "${populateBuilder} ${builderArgs}";
boot.loader.hardkernel-uboot.populateCmd =
"${populateBuilder} ${builderArgs}";
};
}

19
hardware/purism_librem_15.nix
View file

@ -3,9 +3,7 @@
{ config, lib, pkgs, ... }:
{
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot = {
initrd = {
@ -20,25 +18,24 @@
"cryptd" # Software async crypto daemon
];
kernelModules = [ "dm-snapshot" ];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
luks.devices."cryptroot".device =
"/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
};
kernelModules = [ "kvm-intel" ]; # Enable kvm for libvirtd
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c";
fileSystems."/" = {
device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; }
];
[{ device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; }];
nix.maxJobs = lib.mkDefault 4;
}

8
hardware/raspberry_pi_2_model_B.nix
View file

@ -59,7 +59,10 @@
};
# !!! Adding a swap file is optional, but strongly recommended!
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
swapDevices = [{
device = "/swapfile";
size = 1024;
}];
hardware = {
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
@ -71,7 +74,8 @@
sound.enable = false; # Disable sound.
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs;
[
libraspberrypi # Userland tools for the Raspberry Pi board
];

8
hardware/raspberry_pi_3_model_B.nix
View file

@ -62,7 +62,10 @@
};
# !!! Adding a swap file is optional, but strongly recommended!
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
swapDevices = [{
device = "/swapfile";
size = 1024;
}];
hardware = {
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
@ -72,7 +75,8 @@
enableB43Firmware = false; # If true, enable Pi wireless firmware
};
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs;
[
libraspberrypi # Userland tools for the Raspberry Pi board
];

3
hosts/airgead.nix
View file

@ -4,8 +4,7 @@
{
imports =
[
imports = [
../networks/linode.nix
../profiles/cardano-node.nix
../secrets/airgead.nix

7
hosts/ceilidh.nix
View file

@ -3,9 +3,7 @@
{ config, pkgs, lib, ... }:
{
imports = [
../hardware/odroid-hc4
];
imports = [ ../hardware/odroid-hc4 ];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.121";
@ -23,7 +21,8 @@
};
};
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs;
[
gnupg # GPL OpenPGP implementation
];

3
hosts/cuallaidh.nix
View file

@ -4,8 +4,7 @@
{
imports =
[
imports = [
../networks/linode.nix
../profiles/coturn.nix
../profiles/cryptpad.nix

15
hosts/dionach.nix
View file

@ -35,10 +35,7 @@
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssl-1.0.2u"
"minecraft"
];
permittedInsecurePackages = [ "openssl-1.0.2u" "minecraft" ];
};
# Use the GRUB 2 boot loader.
@ -200,9 +197,7 @@
Enable = "Source,Sink,Media,Socket";
NoPlugin = "sap";
};
Policy = {
AutoEnable = "true";
};
Policy = { AutoEnable = "true"; };
};
};
opengl.enable = true;
@ -216,11 +211,7 @@
TCPKeepAlive no
'';
users.groups = {
lp.members = [
"messagebus"
];
};
users.groups = { lp.members = [ "messagebus" ]; };
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database

3
hosts/iolear-beag.nix
View file

@ -3,8 +3,7 @@
{ config, pkgs, ... }:
{
imports =
[
imports = [
../hardware/lenovo_x201.nix
../profiles/desktop_common.nix
../profiles/wine.nix

4
hosts/paidh-aon.nix
View file

@ -3,9 +3,7 @@
{ config, pkgs, lib, ... }:
{
imports = [
../networks/pi2B_rack.nix
];
imports = [ ../networks/pi2B_rack.nix ];
# Comment out deployment when building the SD Image.
#deployment.targetHost = "10.69.0.201";

7
hosts/paidh-ceithir.nix
View file

@ -3,16 +3,13 @@
{ config, pkgs, lib, ... }:
{
imports = [
../networks/pi3B_rack.nix
];
imports = [ ../networks/pi3B_rack.nix ];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.204";
networking.hostName = "paidh-ceithir"; # Define your hostname.
environment.systemPackages = with pkgs; [
];
environment.systemPackages = with pkgs; [ ];
system.stateVersion = "20.09"; # The version of NixOS originally installed
}

7
hosts/paidh-coig.nix
View file

@ -3,16 +3,13 @@
{ config, pkgs, lib, ... }:
{
imports = [
../networks/pi3B_rack.nix
];
imports = [ ../networks/pi3B_rack.nix ];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.205";
networking.hostName = "paidh-coig"; # Define your hostname.
environment.systemPackages = with pkgs; [
];
environment.systemPackages = with pkgs; [ ];
system.stateVersion = "20.09"; # The version of NixOS originally installed
}

8
hosts/paidh-tri.nix
View file

@ -3,16 +3,14 @@
{ config, pkgs, lib, ... }:
{
imports = [
../networks/pi3B_rack.nix
../profiles/cyclone-ibis.nix
];
imports = [ ../networks/pi3B_rack.nix ../profiles/cyclone-ibis.nix ];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.203";
networking.hostName = "paidh-tri"; # Define your hostname.
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs;
[
gnupg # GPL OpenPGP implementation
];

3
hosts/paidh-uachdar.nix
View file

@ -34,7 +34,8 @@
nixos.enable = false; # Save some space by disabling the manual
};
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs;
[
gnupg # GPL OpenPGP implementation
];

3
hosts/sithlainnir.nix
View file

@ -3,8 +3,7 @@
{ config, pkgs, ... }:
{
imports =
[
imports = [
../hardware/lenovo_x201.nix
../profiles/desktopFiona.nix
../profiles/desktop_common.nix

3
hosts/teintidh.nix
View file

@ -3,8 +3,7 @@
{ config, pkgs, ... }:
{
imports =
[
imports = [
../hardware/lenovo_x201.nix
../profiles/desktop_common.nix
../profiles/haskell-dev.nix

7
images/sd-image_paidh-aarch64.nix
View file

@ -6,12 +6,11 @@
{ config, lib, pkgs, ... }:
let
extlinux-conf-builder =
import <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
extlinux-conf-builder = import
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
pkgs = pkgs.buildPackages;
};
in
{
in {
imports = [
<nixpkgs/nixos/modules/profiles/base.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/sd-image.nix>

5
images/sd-image_paidh-aon.nix
View file

@ -11,9 +11,6 @@
{ ... }: {
imports = [
./sd-image_paidh-armv7.nix
../hosts/paidh-aon.nix
];
imports = [ ./sd-image_paidh-armv7.nix ../hosts/paidh-aon.nix ];
}

7
images/sd-image_paidh-armv7.nix
View file

@ -6,12 +6,11 @@
{ config, lib, pkgs, ... }:
let
extlinux-conf-builder =
import <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
extlinux-conf-builder = import
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
pkgs = pkgs.buildPackages;
};
in
{
in {
imports = [
<nixpkgs/nixos/modules/profiles/base.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/sd-image.nix>

5
images/sd-image_paidh-ceithir.nix
View file

@ -11,9 +11,6 @@
{ ... }: {
imports = [
./sd-image_paidh-aarch64.nix
../hosts/paidh-ceithir.nix
];
imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-ceithir.nix ];
}

5
images/sd-image_paidh-coig.nix
View file

@ -11,9 +11,6 @@
{ ... }: {
imports = [
./sd-image_paidh-aarch64.nix
../hosts/paidh-coig.nix
];
imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-coig.nix ];
}

5
images/sd-image_paidh-dha.nix
View file

@ -2,9 +2,6 @@
{ ... }: {
imports = [
./sd-image_paidh-aarch64.nix
../hosts/paidh-dha.nix
];
imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-dha.nix ];
}

5
images/sd-image_paidh-tri.nix
View file

@ -11,9 +11,6 @@
{ ... }: {
imports = [
./sd-image_paidh-aarch64.nix
../hosts/paidh-tri.nix
];
imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-tri.nix ];
}

15
images/usb-yubikey.nix
View file

@ -2,12 +2,14 @@
#
# Usage: nix-build -A iso images/usb-yubikey.nix
{ nixpkgs? <nixpkgs>, system ? "x86_64-linux" }:
{ nixpkgs ? <nixpkgs>, system ? "x86_64-linux" }:
let
config = { pkgs, ... }:
with pkgs; {
imports = [<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>];
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
];
boot.supportedFilesystems = [ "zfs" ];
boot.kernelParams = [ "console=ttyS0,115200n8" ];
programs = {
@ -29,10 +31,7 @@ let
nixpkgs.config.allowUnfree = true;
#services.openssh.enable = false;
};
evalNixos = configuration: import <nixpkgs/nixos> {
inherit system configuration;
};
evalNixos = configuration:
import <nixpkgs/nixos> { inherit system configuration; };
in {
iso = (evalNixos config).config.system.build.isoImage;
}
in { iso = (evalNixos config).config.system.build.isoImage; }

12
networks/linode-common.nix
View file

@ -3,11 +3,7 @@
{ config, pkgs, lib, ... }:
{
imports =
[
../profiles/host_common.nix
../profiles/server_common.nix
];
imports = [ ../profiles/host_common.nix ../profiles/server_common.nix ];
# Ensure the right package architecture is used
nixpkgs.localSystem = {
@ -16,11 +12,7 @@
};
# Tools that Linode support like to have install if you need them.
environment.systemPackages = with pkgs; [
inetutils
mtr
sysstat
];
environment.systemPackages = with pkgs; [ inetutils mtr sysstat ];
# Configure firewall defaults:
networking = {

6
networks/linode-encrypted.nix
View file

@ -3,9 +3,5 @@
{ config, pkgs, lib, ... }:
{
imports =
[
../hardware/linode_vm-encrypted.nix
./linode-common.nix
];
imports = [ ../hardware/linode_vm-encrypted.nix ./linode-common.nix ];
}

6
networks/linode.nix
View file

@ -3,9 +3,5 @@
{ config, pkgs, lib, ... }:
{
imports =
[
../hardware/linode_vm.nix
./linode-common.nix
];
imports = [ ../hardware/linode_vm.nix ./linode-common.nix ];
}

10
networks/pi2B_rack.nix
View file

@ -2,8 +2,7 @@
{
imports =
[
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../hardware/raspberry_pi_2_model_B.nix
../profiles/host_common.nix
@ -12,11 +11,10 @@
];
# Ensure the right package architecture is used
nixpkgs.crossSystem = {
system = "armv7l-linux";
};
nixpkgs.crossSystem = { system = "armv7l-linux"; };
networking.wireless.enable = false; # Toggles wireless support via wpa_supplicant.
networking.wireless.enable =
false; # Toggles wireless support via wpa_supplicant.
documentation = {
nixos.enable = false; # Save some space by disabling the manual

6
networks/pi3B_rack.nix
View file

@ -2,8 +2,7 @@
{
imports =
[
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../hardware/raspberry_pi_3_model_B.nix
../profiles/host_common.nix
@ -18,7 +17,8 @@
allowUnfree = true;
};
networking.wireless.enable = false; # Toggles wireless support via wpa_supplicant.
networking.wireless.enable =
false; # Toggles wireless support via wpa_supplicant.
documentation = {
nixos.enable = false; # Save some space by disabling the manual

31
nix/default.nix
View file

@ -1,31 +1,22 @@
{ sources ? import ./sources.nix
, system ? builtins.currentSystem
, crossSystem ? null
, config ? {} }:
{ sources ? import ./sources.nix, system ? builtins.currentSystem
, crossSystem ? null, config ? { } }:
let
# our own overlays:
local-overlays = [
];
local-overlays = [ ];
globals =
if builtins.pathExists ../globals.nix
then [(import ../globals.nix)]
else builtins.trace "globals.nix missing, please add symlink" [];
globals = if builtins.pathExists ../globals.nix then
[ (import ../globals.nix) ]
else
builtins.trace "globals.nix missing, please add symlink" [ ];
# merge upstream sources with our own:
upstream-overlays = [
( _: super: {
(_: super: {
sources = (super.sources or {}) // sources;
sources = (super.sources or { }) // sources;
})
];
overlays =
local-overlays ++
globals ++
upstream-overlays;
in
import sources.nixpkgs {
inherit overlays system crossSystem config;
}
overlays = local-overlays ++ globals ++ upstream-overlays;
in import sources.nixpkgs { inherit overlays system crossSystem config; }

95
nix/sources.nix
View file

@ -19,29 +19,28 @@ let
pkgs.fetchzip { inherit (spec) url sha256; };
fetch_git = spec:
builtins.fetchGit { url = spec.repo; inherit (spec) rev ref; };
builtins.fetchGit {
url = spec.repo;
inherit (spec) rev ref;
};
fetch_builtin-tarball = spec:
builtins.trace
''
builtins.trace ''
WARNING:
The niv type "builtin-tarball" will soon be deprecated. You should
instead use `builtin = true`.
$ niv modify <package> -a type=tarball -a builtin=true
''
builtins_fetchTarball { inherit (spec) url sha256; };
'' builtins_fetchTarball { inherit (spec) url sha256; };
fetch_builtin-url = spec:
builtins.trace
''
builtins.trace ''
WARNING:
The niv type "builtin-url" will soon be deprecated. You should
instead use `builtin = true`.
$ niv modify <package> -a type=file -a builtin=true
''
(builtins_fetchurl { inherit (spec) url sha256; });
'' (builtins_fetchurl { inherit (spec) url sha256; });
#
# Various helpers
@ -51,17 +50,16 @@ let
mkPkgs = sources:
let
sourcesNixpkgs =
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {};
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; })
{ };
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in
if builtins.hasAttr "nixpkgs" sources
then sourcesNixpkgs
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
import <nixpkgs> {}
in if builtins.hasAttr "nixpkgs" sources then
sourcesNixpkgs
else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
import <nixpkgs> { }
else
abort
''
abort ''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
@ -69,66 +67,67 @@ let
# The actual fetching function.
fetch = pkgs: name: spec:
if ! builtins.hasAttr "type" spec then
if !builtins.hasAttr "type" spec then
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file" then fetch_file pkgs spec
else if spec.type == "tarball" then fetch_tarball pkgs spec
else if spec.type == "git" then fetch_git spec
else if spec.type == "builtin-tarball" then fetch_builtin-tarball spec
else if spec.type == "builtin-url" then fetch_builtin-url spec
else if spec.type == "file" then
fetch_file pkgs spec
else if spec.type == "tarball" then
fetch_tarball pkgs spec
else if spec.type == "git" then
fetch_git spec
else if spec.type == "builtin-tarball" then
fetch_builtin-tarball spec
else if spec.type == "builtin-url" then
fetch_builtin-url spec
else
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
abort
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
# Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs = builtins.mapAttrs or (
f: set: with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
);
mapAttrs = builtins.mapAttrs or (f: set:
with builtins;
listToAttrs (map (attr: {
name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = { url, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12" then
let inherit (builtins) lessThan nixVersion fetchTarball;
in if lessThan nixVersion "1.12" then
fetchTarball { inherit url; }
else
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = { url, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12" then
let inherit (builtins) lessThan nixVersion fetchurl;
in if lessThan nixVersion "1.12" then
fetchurl { inherit url; }
else
fetchurl attrs;
# Create the final "sources" from the config
mkSources = config:
mapAttrs (
name: spec:
if builtins.hasAttr "outPath" spec
then abort
mapAttrs (name: spec:
if builtins.hasAttr "outPath" spec then
abort
"The values in sources.json should not have an 'outPath' attribute"
else
spec // { outPath = fetch config.pkgs name spec; }
) config.sources;
spec // { outPath = fetch config.pkgs name spec; }) config.sources;
# The "config" used by the fetchers
mkConfig =
{ sourcesFile ? ./sources.json
mkConfig = { sourcesFile ? ./sources.json
, sources ? builtins.fromJSON (builtins.readFile sourcesFile)
, pkgs ? mkPkgs sources
}: rec {
, pkgs ? mkPkgs sources }: rec {
# The sources, i.e. the attribute set of spec name to spec
inherit sources;
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
inherit pkgs;
};
in
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }
in mkSources (mkConfig { }) // {
__functor = _: settings: mkSources (mkConfig settings);
}

6
overlays/nixUnstable.nix
View file

@ -1,4 +1,4 @@
let sources = import ../nix/sources.nix {}; in
final: prev: {
nixUnstable = (import sources.nixos-unstable {}).nixUnstable;
let sources = import ../nix/sources.nix { };
in final: prev: {
nixUnstable = (import sources.nixos-unstable { }).nixUnstable;
}

7
overlays/qemu/default.nix
View file

@ -4,9 +4,10 @@
self: super:
{
qemu-user-arm = if self.stdenv.system == "x86_64-linux"
then self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; }
else self.callPackage ./qemu { user_arch = "arm"; };
qemu-user-arm = if self.stdenv.system == "x86_64-linux" then
self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; }
else
self.callPackage ./qemu { user_arch = "arm"; };
qemu-user-x86 = self.callPackage ./qemu { user_arch = "x86_64"; };
qemu-user-arm64 = self.callPackage ./qemu { user_arch = "aarch64"; };
qemu-user-riscv32 = self.callPackage ./qemu { user_arch = "riscv32"; };

27
overlays/qemu/qemu/default.nix
View file

@ -1,13 +1,13 @@
# Based up original waokr by cleverca22
# https://raw.githubusercontent.com/cleverca22/nixos-configs/master/overlays/qemu/qemu/default.nix
{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison,
makeStaticLibraries, glibc, qemu, fetchFromGitHub }:
{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison
, makeStaticLibraries, glibc, qemu, fetchFromGitHub }:
let
env2 = makeStaticLibraries stdenv;
myglib = (glib.override { stdenv = env2; }).overrideAttrs (drv: {
mesonFlags = (drv.mesonFlags or []) ++ [ "-Ddefault_library=both" ];
mesonFlags = (drv.mesonFlags or [ ]) ++ [ "-Ddefault_library=both" ];
});
riscv_src = fetchFromGitHub {
owner = "riscv";
@ -22,18 +22,23 @@ let
riscv64 = "x86_64";
x86_64 = "x86_64";
};
in
stdenv.mkDerivation rec {
in stdenv.mkDerivation rec {
name = "qemu-user-${user_arch}-${version}";
version = "3.1.0";
src = if is_riscv then riscv_src else qemu.src;
buildInputs = [ python pkgconfig zlib.static myglib flex bison glibc.static ];
patches = [ ./qemu-stack.patch ];
configureFlags = [
"--enable-linux-user" "--target-list=${user_arch}-linux-user"
"--disable-bsd-user" "--disable-system" "--disable-vnc"
"--disable-curses" "--disable-sdl" "--disable-vde"
"--disable-bluez" "--disable-kvm"
"--enable-linux-user"
"--target-list=${user_arch}-linux-user"
"--disable-bsd-user"
"--disable-system"
"--disable-vnc"
"--disable-curses"
"--disable-sdl"
"--disable-vde"
"--disable-bluez"
"--disable-kvm"
"--static"
"--disable-tools"
"--cpu=${arch_map.${user_arch}}"
@ -41,6 +46,8 @@ stdenv.mkDerivation rec {
NIX_LDFLAGS = [ "-lglib-2.0" ];
enableParallelBuilding = true;
postInstall = ''
cc -static ${./qemu-wrap.c} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap
cc -static ${
./qemu-wrap.c
} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap
'';
}

4
profiles/android.nix
View file

@ -17,8 +17,6 @@
kconfig-frontends # Linux kconfig infrastructure
];
users.groups.adbusers.members = [
"craige"
];
users.groups.adbusers.members = [ "craige" ];
}

30
profiles/cardano-node.nix
View file

@ -5,21 +5,17 @@
let
sources = import ../nix/sources.nix;
cardanoNodeProject = import (sources.cardano-node + "/nix") { gitrev = sources.cardano-node.rev; };
iohkNix = import (sources.iohk-nix) {};
cardanoNodeProject = import (sources.cardano-node + "/nix") {
gitrev = sources.cardano-node.rev;
};
iohkNix = import (sources.iohk-nix) { };
in
in {
{
imports =
[ ../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos" ];
imports = [
../secrets/cardano/producers.nix
"${sources.cardano-node}/nix/nixos"
];
environment.systemPackages = [
cardanoNodeProject.cardano-cli
];
environment.systemPackages = [ cardanoNodeProject.cardano-cli ];
services = {
cardano-node = {
@ -33,12 +29,7 @@ in
scName = "cardano";
scFormat = "ScText";
}];
defaultScribes = [
[
"JournalSK"
"cardano"
]
];
defaultScribes = [[ "JournalSK" "cardano" ]];
};
kesKey = "/run/keys/cardano-kes";
vrfKey = "/run/keys/cardano-vrf";
@ -54,6 +45,7 @@ in
};
};
users.groups.keys.members = [ "cardano-node" ]; # Required due to NixOps issue #1204
users.groups.keys.members =
[ "cardano-node" ]; # Required due to NixOps issue #1204
}

17
profiles/coturn.nix
View file

@ -4,9 +4,7 @@
{
imports = [
../secrets/coturn.nix
];
imports = [ ../secrets/coturn.nix ];
services = {
@ -19,11 +17,8 @@
"172.105.171.16"
];
no-tcp-relay = true; # Disable TCP relay endpoints
extraConfig = "
cipher-list=\"HIGH\"
no-loopback-peers
no-multicast-peers
";
extraConfig =
"\n cipher-list=\"HIGH\"\n no-loopback-peers\n no-multicast-peers\n ";
secure-stun = true; # Require authentication of the STUN Binding request
cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem";
pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem";
@ -57,8 +52,10 @@
5350 # STUN tls alt
443 # HTTPS
];
allowedUDPPortRanges = [
{ from=49152; to=49999; } # TURN relay
allowedUDPPortRanges = [{
from = 49152;
to = 49999;
} # TURN relay
];
};

5
profiles/craige4rocky.nix
View file

@ -1,6 +1,6 @@
# NixOps configuration for deploying the craige4rocky website
{ config, pkgs, ...}:
{ config, pkgs, ... }:
let
craige4rocky = import (pkgs.fetchgit {
@ -32,7 +32,8 @@ in {
"www.${webdomain}" = { # Respect our elders :-)
forceSSL = true;
enableACME = true;
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
};
};
};

7
profiles/cryptpad.nix
View file

@ -55,7 +55,8 @@
'';
tryFiles = "$uri =404";
};
"~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" = {
"~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" =
{
extraConfig = ''
rewrite ^(.*)$ $1/ redirect;
'';
@ -69,9 +70,7 @@
security.acme = {
acceptTerms = true;
certs = {
"pad.mcwhirter.io".email = "craige@mcwhirter.io";
};
certs = { "pad.mcwhirter.io".email = "craige@mcwhirter.io"; };
};
}

5
profiles/cyclone-ibis.nix
View file

@ -1,6 +1,6 @@
# NixOps configuration for deploying the Cyclone Ibis website
{ config, pkgs, ...}:
{ config, pkgs, ... }:
let
cyclone-ibis = import (pkgs.fetchgit {
@ -34,7 +34,8 @@ in {
"www.${webdomain}" = { # Respect our elders :-)
forceSSL = true;
enableACME = true;
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
};
};
};

6
profiles/daedalus.nix
View file

@ -5,13 +5,11 @@
let
sources = import ../nix/sources.nix;
daedalusProject = import sources.daedalus {};
daedalusProject = import sources.daedalus { };
daedalusMainnet = daedalusProject.daedalus;
#daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight};
in
{
in {
environment.systemPackages = [
daedalusMainnet

4
profiles/desktopCraige.nix
View file

@ -4,9 +4,7 @@
{
# Craige's Desktop Packages
imports = [
../profiles/ebooks.nix
];
imports = [ ../profiles/ebooks.nix ];
environment.systemPackages = with pkgs; [
byobu # text-based window manager and terminal multiplexer.

41
profiles/desktop_common.nix
View file

@ -3,8 +3,7 @@
{ config, pkgs, ... }:
{
imports =
[
imports = [
../profiles/games-kids.nix
../profiles/host_common.nix
../profiles/daedalus.nix
@ -36,11 +35,13 @@
xorg.libxcb # X C binding
];
networking.networkmanager.enable = true; # Enables network support via NetworkManager.
networking.networkmanager.enable =
true; # Enables network support via NetworkManager.
# Enable common desktop services
services = {
acpid.enable = true; # A daemon for delivering ACPI events to userspace programs
acpid.enable =
true; # A daemon for delivering ACPI events to userspace programs
blueman.enable = true; # GTK-based Bluetooth Manager
devmon.enable = true; # Enable external device automounting.`
udev.packages = [
@ -78,18 +79,14 @@
Enable = "Source,Sink,Media,Socket";
NoPlugin = "sap";
};
Policy = {
AutoEnable = "true";
};
Policy = { AutoEnable = "true"; };
};
};
opengl.enable = true;
};
# Configure Firefox and Chromium
nixpkgs.config = {
allowUnfree = true;
};
nixpkgs.config = { allowUnfree = true; };
programs = {
chromium = {
@ -100,27 +97,9 @@
# Groups to add
users.groups = {
audio.members = [
"craige"
"fiona"
"hamish"
"logan"
"xander"
];
libvirtd.members = [
"craige"
"fiona"
"hamish"
"logan"
"xander"
];
networkmanager.members = [
"craige"
"fiona"
"hamish"
"logan"
"xander"
];
audio.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
libvirtd.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
networkmanager.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
};
}

4
profiles/ebooks.nix
View file

@ -4,9 +4,7 @@
{
environment.variables = {
FOLIATE_TTS_LANG="en-gb";
};
environment.variables = { FOLIATE_TTS_LANG = "en-gb"; };
environment.systemPackages = with pkgs; [
#python39Packages.gtts # Speech synthesizer, required for text to speech.

26
profiles/emacs.nix
View file

@ -1,27 +1,27 @@
/*
This is a nix expression to build Emacs and some Emacs packages I like
from source on any distribution where Nix is installed. This will install
all the dependencies from the nixpkgs repository and build the binary files
without interfering with the host distribution.
/* This is a nix expression to build Emacs and some Emacs packages I like
from source on any distribution where Nix is installed. This will install
all the dependencies from the nixpkgs repository and build the binary files
without interfering with the host distribution.
To build the project, type the following from the current directory:
To build the project, type the following from the current directory:
$ nix-build emacs.nix
$ nix-build emacs.nix
To run the newly compiled executable:
To run the newly compiled executable:
$ ./result/bin/emacs
$ ./result/bin/emacs
*/
{ pkgs ? import <nixpkgs> {} }:
{ pkgs ? import <nixpkgs> { } }:
let
myEmacs = pkgs.emacs;
emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages;
in
emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
in emacsWithPackages (epkgs:
(with epkgs.melpaStablePackages; [
magit # ; Integrate git <C-x g>
zerodark-theme # ; Nicolas' theme
]) ++ (with epkgs.melpaPackages; [
]) ++ (with epkgs.melpaPackages;
[
#undo-tree # ; <C-x u> to show the undo tree
#zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+>
]) ++ (with epkgs.elpaPackages; [

10
profiles/games-kids.nix
View file

@ -2,19 +2,15 @@
{ config, pkgs, ... }:
let
sources = import ../nix/sources.nix;
unstable = import sources.nixpkgsUnstable {};
in
unstable = import sources.nixpkgsUnstable { };
{
in {
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [
"minecraft"
];
permittedInsecurePackages = [ "minecraft" ];
};
# Retro Gaming Packages

18
profiles/gitea.nix
View file

@ -16,8 +16,8 @@
rootUrl = "https://source.mcwhirter.io/"; # Root web URL
httpPort = 3002; # Provided unique port
settings = let
docutils =
pkgs.python37.withPackages (ps: with ps; [
docutils = pkgs.python37.withPackages (ps:
with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
@ -26,12 +26,8 @@
ENABLED = true;
FROM = "gitea@mcwhirter.io";
};
repository = {
DEFAULT_BRANCH = "consensus";
};
service = {
REGISTER_EMAIL_CONFIRM = true;
};
repository = { DEFAULT_BRANCH = "consensus"; };
service = { REGISTER_EMAIL_CONFIRM = true; };
"markup.restructuredtext" = {
ENABLED = true;
FILE_EXTENSIONS = ".rst";
@ -54,15 +50,13 @@
gitea-users gitea gitea
'';
ensureDatabases = [ "gitea" ]; # Ensure the database persists
ensureUsers = [
{
ensureUsers = [{
name = "gitea"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE gitea" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
}];
};
services.nginx = {

4
profiles/gitea_home.nix
View file

@ -15,8 +15,8 @@
rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL
httpPort = 3001; # Provided unique port
extraConfig = let
docutils =
pkgs.python37.withPackages (ps: with ps; [
docutils = pkgs.python37.withPackages (ps:
with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);

16
profiles/grafana.nix
View file

@ -4,9 +4,7 @@
{
imports = [
../secrets/cardano/grafana.nix
];
imports = [ ../secrets/cardano/grafana.nix ];
services = {
grafana = {
@ -15,7 +13,8 @@
domain = "monitoring.mcwhirter.io";
rootUrl = "https://monitoring.mcwhirter.io/grafana";
security = {
adminPasswordFile = "/run/keys/grafana-apass"; # Where to find the password
adminPasswordFile =
"/run/keys/grafana-apass"; # Where to find the password
};
auth = {
anonymous = {
@ -31,17 +30,16 @@
# options.path = ../monitoring/NodeSystemDashboard.json;
# }
#];
datasources = [
{
datasources = [{
type = "prometheus";
name = "prometheus";
url = "http://localhost:9090/prometheus";
}
];
}];
};
};
};
users.groups.keys.members = [ "grafana" ]; # Required due to NixOps issue #1204
users.groups.keys.members =
[ "grafana" ]; # Required due to NixOps issue #1204
}

17
profiles/host_common.nix
View file

@ -40,7 +40,8 @@
# Configure and install required fonts
fonts.enableDefaultFonts = true;
fonts.fontDir.enable = true;
fonts.fonts = with pkgs; [
fonts.fonts = with pkgs;
[
powerline-fonts # Required for Powerline prompts
];
fonts.fontconfig.includeUserConf = false;
@ -51,8 +52,7 @@
# Ruin the config so we don't accidentally run
# nixos-rebuild switch on the host
(let
cfg = pkgs.writeText "configuration.nix"
''
cfg = pkgs.writeText "configuration.nix" ''
assert builtins.trace "This system is managed by NixOps." false;
{}
'';
@ -71,7 +71,7 @@
show-trace = true # Enable --show-trace by default for nix
builders-use-substitutes = true # Set builders to use caches
'';
trustedUsers = ["craige"];
trustedUsers = [ "craige" ];
};
system.extraSystemBuilderCmds = ''
@ -79,9 +79,7 @@
'';
environment.etc.host-nix-channel.source = pkgs.path;
environment.variables = {
BAT_THEME="Dracula";
};
environment.variables = { BAT_THEME = "Dracula"; };
# Set the system-wide environment
environment = {
@ -89,7 +87,10 @@
bat # cat clone with syntax highlighting & Git integration
dnsutils # Bind DNS utilities
fd # A simple, fast and user-friendly alternative to find
(if config.services.xserver.enable then gitAndTools.gitFull else git) # Distributed version control system
(if config.services.xserver.enable then
gitAndTools.gitFull
else
git) # Distributed version control system
htop # interactive process viewer
hwinfo # Hardware detection tool
killall # kill processes by name

5
profiles/hydra-dev.nix
View file

@ -9,8 +9,7 @@ let
#sha256 = "1vs3lyfyafsl7wbpmycv7c3n9n2rkrswp65msb6q1iskgpvr96d5";
sha256 = "0i7szp04c873gfmj1h0dcl5rsbzzldc160pcls8z9v6iphils34i";
};
in
pkgs.callPackage ./hydra-fork.nix {
in pkgs.callPackage ./hydra-fork.nix {
nixpkgsPath = pkgs.path;
#patches = [
# (pkgs.fetchpatch {
@ -19,4 +18,4 @@ in
# })
#];
src = hydraSrc;
}
}

3
profiles/hydra-fork.nix
View file

@ -11,5 +11,4 @@ let
};
});
in
hydraRelease.build.x86_64-linux.overrideAttrs (drv: { })
in hydraRelease.build.x86_64-linux.overrideAttrs (drv: { })

25
profiles/hydra.nix
View file

@ -17,8 +17,7 @@
services.postgresql = {
enable = true;
package = pkgs.postgresql;
identMap =
''
identMap = ''
hydra-users hydra hydra
hydra-users hydra-queue-runner hydra
hydra-users hydra-www hydra
@ -26,15 +25,13 @@
hydra-users postgres postgres
'';
ensureDatabases = [ "hydra" ]; # Ensure the database persists
ensureUsers = [
{
ensureUsers = [{
name = "hydra"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE hydra" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
}];
};
networking.firewall.allowedTCPPorts = [ config.services.hydra.port ];
@ -62,9 +59,7 @@
};
};
security.acme.certs = {
"hydra.mcwhirter.io".email = "craige@mcwhirter.io";
};
security.acme.certs = { "hydra.mcwhirter.io".email = "craige@mcwhirter.io"; };
systemd.services.hydra-manual-setup = {
description = "Create Admin User for Hydra";
@ -73,7 +68,9 @@
wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ];
after = [ "hydra-init.service" ];
environment = builtins.removeAttrs (config.systemd.services.hydra-init.environment) ["PATH"];
environment =
builtins.removeAttrs (config.systemd.services.hydra-init.environment)
[ "PATH" ];
script = ''
if [ ! -e ~hydra/.setup-is-complete ]; then
# create signing keys
@ -90,15 +87,13 @@
fi
'';
};
nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"];
nix.buildMachines = [
{
nix.trustedUsers = [ "hydra" "hydra-evaluator" "hydra-queue-runner" ];
nix.buildMachines = [{
hostName = "localhost";
systems = [ "x86_64-linux" "i686-linux" ];
maxJobs = 4;
# for building VirtualBox VMs as build artifacts, you might need other
# features depending on what you are doing
supportedFeatures = [ "big-parallel" "kvm" "nixos-test" ];
}
];
}];
}

9
profiles/iohk.nix
View file

@ -4,10 +4,7 @@
{
imports = [
../profiles/terminal-recording.nix
../profiles/nix-direnv.nix
];
imports = [ ../profiles/terminal-recording.nix ../profiles/nix-direnv.nix ];
nix = {
package = pkgs.nixFlakes;
@ -68,8 +65,6 @@
# package = pkgs.postgresql_10; # Set the required version, if needed
};
users.groups.docker.members = [
"craige"
];
users.groups.docker.members = [ "craige" ];
}

10
profiles/jormungandr-stake.nix
View file

@ -5,12 +5,12 @@
disabledModules = [ "services/networking/jormungandr.nix" ];
imports = let
jormungandrNixSrc = builtins.fetchTarball https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz;
in [
(import (jormungandrNixSrc + "/nixos"))
];
jormungandrNixSrc = builtins.fetchTarball
"https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz";
in [ (import (jormungandrNixSrc + "/nixos")) ];
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs;
[
jq # CLI JSON processor
];

6
profiles/jormungandr.nix
View file

@ -1,11 +1,11 @@
{ config, pkgs, ... }:
{
{ config, pkgs, ... }: {
imports = [ /home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix ];
services = {
jormungandr = {
enable = true;
enableExplorer = false;
genesisBlockHash = "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2";
genesisBlockHash =
"11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2";
trustedPeersAddresses = [
"/ip4/3.123.177.192/tcp/3000"
"/ip4/52.57.157.167/tcp/3000"

3
profiles/keyboard.nix
View file

@ -17,7 +17,8 @@
'';
environment = {
systemPackages = with pkgs; [
systemPackages = with pkgs;
[
wally-cli # Flash firmware to mechanical keyboard
];
};

3
profiles/kids-dev.nix
View file

@ -4,7 +4,8 @@
{
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs;
[
kate # Multi-document editor with syntax highlighting
];

49
profiles/matrix.nix
View file

@ -4,9 +4,7 @@
{
imports = [
../secrets/matrix.nix
];
imports = [ ../secrets/matrix.nix ];
i18n = {
extraLocaleSettings = {
@ -27,8 +25,14 @@
bind_address = "";
port = 8448;
resources = [
{ compress = true; names = [ "client" ]; }
{ compress = false; names = [ "federation" ]; }
{
compress = true;
names = [ "client" ];
}
{
compress = false;
names = [ "federation" ];
}
];
tls = true;
type = "http";
@ -41,10 +45,12 @@
{
compress = true;
names = [ "client" ];
} {
}
{
compress = false;
names = [ "federation" ];
} ];
}
];
tls = true;
type = "http";
x_forwarded = true;
@ -53,7 +59,8 @@
max_upload_size = "200M"; # Also set client_max_body_size to at least this
tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem";
tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem";
turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
turn_shared_secret =
"IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
turn_uris = [
"turn:turn.mcwhirter.io:5349?transport=udp"
"turn:turn.mcwhirter.io:5350?transport=udp"
@ -77,11 +84,8 @@
forceSSL = true;
enableACME = true;
locations = {
"/_matrix" = {
proxyPass = "https://[::1]:8008";
};
"/.well-known/matrix/server".extraConfig =
let
"/_matrix" = { proxyPass = "https://[::1]:8008"; };
"/.well-known/matrix/server".extraConfig = let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "synapse.mcwhirter.io:443"; };
@ -89,10 +93,11 @@
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
"= /.well-known/matrix/client".extraConfig =
let
"= /.well-known/matrix/client".extraConfig = let
client = {
"m.homeserver" = { "base_url" = "https://synapse.mcwhirter.io"; };
"m.homeserver" = {
"base_url" = "https://synapse.mcwhirter.io";
};
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file
@ -117,15 +122,13 @@
postgresql = {
enable = true;
ensureDatabases = [ "matrix-synapse" ]; # Ensure the database persists
ensureUsers = [
{
ensureUsers = [{
name = "matrix-synapse"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
}];
# Initial database creation
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
@ -146,7 +149,8 @@
};
"synapse.mcwhirter.io" = {
group = "matrix-synapse";
postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
postRun =
"systemctl reload nginx.service; systemctl restart matrix-synapse.service";
email = "acme@mcwhirter.io";
};
};
@ -160,6 +164,7 @@
];
};
users.groups.matrix-synapse.members = [ "nginx" ]; # Added for keys permissions
users.groups.matrix-synapse.members =
[ "nginx" ]; # Added for keys permissions
}

7
profiles/mcwhirter.io.nix
View file

@ -1,10 +1,10 @@
# NixOps configuration for deploying the mcwhirter.io website
{ config, pkgs, ...}:
{ config, pkgs, ... }:
let
sources = import ../nix/sources.nix;
mcwhirter-io = import sources.mcwhirter-io {};
mcwhirter-io = import sources.mcwhirter-io { };
webdomain = "mcwhirter.io";
in {
@ -26,7 +26,8 @@ in {
root = "${mcwhirter-io}"; # Wesbite root
};
"www.${webdomain}" = { # Respect our elders :-)
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
locations."/".extraConfig =
"return 301 $scheme://${webdomain}$request_uri;";
};
};
};

9
profiles/minecraftServer.nix
View file

@ -6,11 +6,7 @@
imports = [ ../secrets/minecraftServer.nix ];
nixpkgs = {
config = {
allowUnfree = true;
};
};
nixpkgs = { config = { allowUnfree = true; }; };
services.minecraft-server = {
enable = true; # Enable the Minecraft server.
@ -26,7 +22,8 @@
};
};
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs;
[
mcron # Minecraft console client
];
}

9
profiles/monitoring.nix
View file

@ -4,10 +4,7 @@
{
imports = [
./grafana.nix
./prometheus.nix
];
imports = [ ./grafana.nix ./prometheus.nix ];
services = {
nginx = {
@ -36,9 +33,7 @@
security.acme = {
acceptTerms = true;
certs = {
"monitoring.mcwhirter.io".email = "craige@mcwhirter.io";
};
certs = { "monitoring.mcwhirter.io".email = "craige@mcwhirter.io"; };
};
}

12
profiles/neovim.nix
View file

@ -1,8 +1,8 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs;
[
(neovim.override {
vimAlias = true;
configure = {
@ -31,7 +31,7 @@
vim-numbertoggle # Toggle between relative / absolute line numbers automatically
vim-one
];
opt = [];
opt = [ ];
};
customRC = ''
" Preferred global default settings:
@ -303,6 +303,6 @@
autocmd BufNewFile,BufFilePre,BufRead *.sh :call BashSettings()
'';
};
}
)];
})
];
}

36
profiles/nextcloud.nix
View file

@ -4,10 +4,7 @@
{
imports =
[
../secrets/nextcloud.nix
];
imports = [ ../secrets/nextcloud.nix ];
services.nextcloud = {
enable = true; # Enable Nextcloud
@ -18,11 +15,14 @@
dbname = "nextcloud"; # Set the database name
dbhost = "/run/postgresql"; # Set the database connection
dbuser = "nextcloud"; # Set the database user
dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password
adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password
dbpassFile =
"/run/keys/nextcloud-dbpass"; # Where to find the database password
adminpassFile =
"/run/keys/nextcloud-admin"; # Where to find the admin password
adminuser = "root"; # Set the admin user name
overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS
defaultPhoneRegion = "AU"; # Country code for automatic phone-number detection
defaultPhoneRegion =
"AU"; # Country code for automatic phone-number detection
};
autoUpdateApps = {
enable = true; # Run regular auto update of all apps installed
@ -34,15 +34,13 @@
services.postgresql = {
enable = true; # Ensure postgresql is enabled
ensureDatabases = [ "nextcloud" ]; # Ensure the database persists
ensureUsers = [
{
ensureUsers = [{
name = "nextcloud"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE nextcloud" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
}];
};
services.nginx = {
@ -61,22 +59,20 @@
};
systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first
requires = ["postgresql.service"];
after = ["postgresql.service"];
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
security.acme = {
acceptTerms = true;
certs = {
"cloud.mcwhirter.io" = {
email = "craige@mcwhirter.io";
};
};
certs = { "cloud.mcwhirter.io" = { email = "craige@mcwhirter.io"; }; };
};
users.groups.keys.members = [ "nextcloud" ]; # Required due to NixOps issue #1204
users.groups.keys.members =
[ "nextcloud" ]; # Required due to NixOps issue #1204
users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions
networking.firewall.allowedTCPPorts = [ 80 443 ]; # Open the required firewall ports
networking.firewall.allowedTCPPorts =
[ 80 443 ]; # Open the required firewall ports
}

6
profiles/nix-community.nix
View file

@ -4,15 +4,13 @@
{
nix = {
distributedBuilds = true;
buildMachines = [
{
buildMachines = [{
hostName = "aarch64.nixos.community";
maxJobs = 64;
sshKey = "/root/.ssh/id_nixops_ed25519";
sshUser = "craige";
system = "aarch64-linux";
supportedFeatures = [ "big-parallel" ];
}
];
}];
};
}

8
profiles/nix-direnv.nix
View file

@ -17,13 +17,13 @@
direnv # A shell extension that manages your environment
nix-direnv # A fast, persistent use_nix implementation for direnv
];
pathsToLink = [
"/share/nix-direnv"
];
pathsToLink = [ "/share/nix-direnv" ];
};
nixpkgs.overlays = [
(self: super: { nix-direnv = super.nix-direnv.override { enableFlakes = true; }; } )
(self: super: {
nix-direnv = super.nix-direnv.override { enableFlakes = true; };
})
];
}

6
profiles/nix-mio-ops.nix
View file

@ -3,15 +3,13 @@
{
nix = {
distributedBuilds = true;
buildMachines = [
{
buildMachines = [{
hostName = "cuallaidh.mcwhirter.io";
maxJobs = 64;
sshKey = "/root/.ssh/id_nixops_ed25519";
sshUser = "craige";
system = "x86_64-linux";
supportedFeatures = [ "big-parallel" ];
}
];
}];
};
}

12
profiles/nixpkgs-dev.nix
View file

@ -2,13 +2,14 @@
{ config, pkgs, lib, ... }:
#let
# sources = import ../nix/sources.nix;
# unstable = import sources.nixpkgsUnstable {};
#in
{
nixpkgs = {
config = {
allowUnfree = true;
};
};
nixpkgs = { config = { allowUnfree = true; }; };
environment = {
systemPackages = with pkgs; [
@ -23,6 +24,7 @@
nox # Tools to make Nix nicer
sqlite # To query the nixpkgs sqlite database
tig # Text-mode interface for git
#unstable.statix # Lints and suggestions for the nix programming language
];
};

6
profiles/openssh.nix
View file

@ -10,12 +10,10 @@
challengeResponseAuthentication = false;
passwordAuthentication = false;
openFirewall = true;
hostKeys = [
{
hostKeys = [{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
}];
};
}

3
profiles/pi_common.nix
View file

@ -5,7 +5,8 @@
{
environment = { # Set the system-wide environment
systemPackages = with pkgs; [
systemPackages = with pkgs;
[
usbutils # Tools for working with USB devices, such as lsusb
];
};

152
profiles/prometheus.nix
View file

@ -8,9 +8,7 @@
prometheus = {
enable = true;
webExternalUrl = "https://monitoring.mcwhirter.io/prometheus/";
extraFlags = [
"--storage.tsdb.retention.time 8760h"
];
extraFlags = [ "--storage.tsdb.retention.time 8760h" ];
exporters = {
node = {
enable = true;
@ -52,171 +50,161 @@
# targets = [ "airgead.mcwhirter.io:9093" ];
# } ];
#} ];
rules = [ (builtins.toJSON {
groups = [
{
rules = [
(builtins.toJSON {
groups = [{
name = "system";
rules = [
{
alert = "node_down";
expr = "up == 0";
for = "5m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Node is down.";
description = "{{$labels.alias}} has been down for more than 5 minutes.";
description =
"{{$labels.alias}} has been down for more than 5 minutes.";
};
}
{
alert = "node_systemd_service_failed";
expr = "node_systemd_unit_state{state=\"failed\"} == 1";
expr = ''node_systemd_unit_state{state="failed"} == 1'';
for = "4m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.";
description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
summary =
"{{$labels.alias}}: Service {{$labels.name}} failed to start.";
description =
"{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
};
}
{
alert = "node_filesystem_full_90percent";
expr = "sort(node_filesystem_free_bytes{device!=\"ramfs\"} < node_filesystem_size_bytes{device!=\"ramfs\"} * 0.1) / 1024^3";
expr = ''
sort(node_filesystem_free_bytes{device!="ramfs"} < node_filesystem_size_bytes{device!="ramfs"} * 0.1) / 1024^3'';
for = "5m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Filesystem is running out of space soon.";
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem.";
summary =
"{{$labels.alias}}: Filesystem is running out of space soon.";
description =
"{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem.";
};
}
{
alert = "node_filesystem_full_in_4h";
expr = "predict_linear(node_filesystem_free_bytes{device!=\"ramfs\",device!=\"tmpfs\",fstype!=\"autofs\",fstype!=\"cd9660\"}[4h], 4*3600) <= 0";
expr = ''
predict_linear(node_filesystem_free_bytes{device!="ramfs",device!="tmpfs",fstype!="autofs",fstype!="cd9660"}[4h], 4*3600) <= 0'';
for = "5m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.";
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours";
summary =
"{{$labels.alias}}: Filesystem is running out of space in 4 hours.";
description =
"{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours";
};
}
{
alert = "node_filedescriptors_full_in_3h";
expr = "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum";
expr =
"predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum";
for = "20m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.";
description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
summary =
"{{$labels.alias}} is running out of available file descriptors in 3 hours.";
description =
"{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
};
}
{
alert = "node_load1_90percent";
expr = "node_load1 / on(alias) count(node_cpu_seconds_total{mode=\"system\"}) by (alias) >= 0.9";
expr = ''
node_load1 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 0.9'';
for = "1h";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Running on high load.";
description = "{{$labels.alias}} is running with > 90% total load for at least 1h.";
description =
"{{$labels.alias}} is running with > 90% total load for at least 1h.";
};
}
{
alert = "node_cpu_util_90percent";
expr = "100 - (avg by (alias) (irate(node_cpu_seconds_total{mode=\"idle\"}[5m])) * 100) >= 90";
expr = ''
100 - (avg by (alias) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) >= 90'';
for = "1h";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: High CPU utilization.";
description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h.";
description =
"{{$labels.alias}} has total CPU utilization over 90% for at least 1h.";
};
}
{
alert = "node_ram_using_99percent";
expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01";
expr =
"node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01";
for = "30m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Using lots of RAM.";
description = "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.";
description =
"{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.";
};
}
{
alert = "node_swap_using_80percent";
expr = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8";
expr =
"node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8";
for = "10m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Running out of swap soon.";
description = "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now.";
description =
"{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now.";
};
}
{
alert = "node_time_unsync";
expr = "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1";
expr =
"abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1";
for = "1m";
labels = {
severity = "page";
};
labels = { severity = "page"; };
annotations = {
summary = "{{$labels.alias}}: Clock out of sync with NTP";
description = "{{$labels.alias}} Local clock offset is too large or out of sync with NTP";
description =
"{{$labels.alias}} Local clock offset is too large or out of sync with NTP";
};
}
];
}
}];
})
];
})];
scrapeConfigs = [
{
job_name = "prometheus";
scrape_interval = "5s";
static_configs = [
{
targets = [
"localhost:9090"
];
static_configs = [{
targets = [ "localhost:9090" ];
labels = { alias = "prometheus"; };
}
];
}];
}
{
job_name = "cardano-node";
scrape_interval = "10s";
static_configs = [
{
static_configs = [{
targets = [ "127.0.0.1:12798" ];
labels = { alias = "airgead"; };
}
];
}];
}
{
job_name = "node";
scrape_interval = "10s";
static_configs = [
{
targets = [
"airgead.mcwhirter.io:9100"
];
labels = {
alias = "airgead.mcwhirter.io";
};
}
];
static_configs = [{
targets = [ "airgead.mcwhirter.io:9100" ];
labels = { alias = "airgead.mcwhirter.io"; };
}];
}
];
};

39
profiles/qemu.nix
View file

@ -1,7 +1,6 @@
# Based up original work by cleverca22
# https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
{ config, pkgs, lib, ... }:
with lib;
@ -9,18 +8,24 @@ let
cfg = config.qemu-user;
arm = {
interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm";
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
magicOrExtension =
"\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
};
aarch64 = {
interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64";
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
magicOrExtension =
"\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
};
riscv64 = {
interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64";
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
magicOrExtension =
"\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00";
mask =
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
};
in {
options = {
@ -32,22 +37,22 @@ in {
nix.supportedPlatforms = mkOption {
type = types.listOf types.str;
description = "extra platforms that nix will run binaries for";
default = [];
default = [ ];
};
};
config = mkIf (cfg.arm || cfg.aarch64) {
nixpkgs = {
overlays = [ (import ../overlays/qemu) ];
};
boot.binfmt.registrations =
optionalAttrs cfg.arm { inherit arm; } //
optionalAttrs cfg.aarch64 { inherit aarch64; } //
optionalAttrs cfg.riscv64 { inherit riscv64; };
nix.supportedPlatforms = (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
nixpkgs = { overlays = [ (import ../overlays/qemu) ]; };
boot.binfmt.registrations = optionalAttrs cfg.arm { inherit arm; }
// optionalAttrs cfg.aarch64 { inherit aarch64; }
// optionalAttrs cfg.riscv64 { inherit riscv64; };
nix.supportedPlatforms =
(optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
++ (optional cfg.aarch64 "aarch64-linux");
nix.extraOptions = ''
extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux
'';
nix.sandboxPaths = [ "/run/binfmt" ] ++ (optional cfg.arm "${pkgs.qemu-user-arm}") ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}");
nix.sandboxPaths = [ "/run/binfmt" ]
++ (optional cfg.arm "${pkgs.qemu-user-arm}")
++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}");
};
}

3
profiles/server_common.nix
View file

@ -4,8 +4,7 @@
{
imports =
[
imports = [
../profiles/openssh.nix
../secrets/user-craige.nix
../secrets/user-root.nix

10
profiles/spotify.nix
View file

@ -6,14 +6,10 @@
services.spotifyd = {
enable = true; # Enable the Spotify daemon.
config = "
username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg
password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg
";
config =
"\n username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg\n password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg\n ";
};
environment.systemPackages = with pkgs; [
spotify
];
environment.systemPackages = with pkgs; [ spotify ];
}

3
profiles/starship.nix
View file

@ -1,7 +1,8 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs;
[
starship # A minimal, blazing fast, and extremely customizable prompt for any shell
];
}

8
profiles/sway.nix
View file

@ -5,12 +5,6 @@
{
programs.sway = {
enable = true;
extraPackages = with pkgs; [
alacritty
dmenu
swayidle
swaylock
xwayland
];
extraPackages = with pkgs; [ alacritty dmenu swayidle swaylock xwayland ];
};
}

26
profiles/taskserver.nix
View file

@ -10,30 +10,16 @@
listenHost = "task.mcwhirter.io"; # Sets listening IP & opens firewall
organisations = {
teaghlach = {
groups = [
"teaghlach"
];
users = [
"craige"
"fiona"
];
groups = [ "teaghlach" ];
users = [ "craige" "fiona" ];
};
sgioba = {
groups = [
"sgioba"
];
users = [
"craige"
];
groups = [ "sgioba" ];
users = [ "craige" ];
};
obair = {
groups = [
"obair"
];
users = [
"craige"
"disasm"
];
groups = [ "obair" ];
users = [ "craige" "disasm" ];
};
};
pki.auto.expiration = {

8
profiles/tor-client.nix
View file

@ -7,14 +7,10 @@
services = {
tor = {
enable = true;
client = {
enable = true;
};
client = { enable = true; };
};
};
environment.systemPackages = with pkgs; [
torbrowser
];
environment.systemPackages = with pkgs; [ torbrowser ];
}

10
profiles/tt-rss.nix
View file

@ -28,15 +28,13 @@
tt_rss-users tt_rss tt_rss
'';
ensureDatabases = [ "tt_rss" ]; # Ensure the database persists
ensureUsers = [
{
ensureUsers = [{
name = "tt_rss"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE tt_rss" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
}];
};
services.nginx = {
@ -51,9 +49,7 @@
};
};
security.acme.certs = {
"news.mcwhirter.io".email = "craige@mcwhirter.io";
};
security.acme.certs = { "news.mcwhirter.io".email = "craige@mcwhirter.io"; };
users.groups.keys.members = [ "tt_rss" ]; # Required due to NixOps issue #1204

6
profiles/weechat.nix
View file

@ -10,11 +10,13 @@
aspellDicts.en-computers # Required for spell checking in weechat
aspellDicts.en-science # Required for spell checking in weechat
(weechat.override {
configure = { availablePlugins, ... }: with weechatScripts; {
configure = { availablePlugins, ... }:
with weechatScripts; {
plugins = with availablePlugins; [
lua
perl
(python.withPackages (ps: with ps; [
(python.withPackages (ps:
with ps; [
dbus-python
websocket_client # Required by wee-slack
weechat-matrix # https://github.com/NixOS/nixpkgs/pull/79669#issuecomment-584249420

22
profiles/xmonad.nix
View file

@ -4,17 +4,11 @@
{
imports = [
../profiles/picom.nix
];
imports = [ ../profiles/picom.nix ];
services = {
devmon.enable = true; # Enable external device automounting.
udev = {
packages = with pkgs; [
gnome3.gnome-settings-daemon
];
};
udev = { packages = with pkgs; [ gnome3.gnome-settings-daemon ]; };
udisks2.enable = true; # Enable udisks2.
xserver = {
@ -24,15 +18,18 @@
gnome.enable = true; # Enable GNOME desktop environment
};
displayManager = {
defaultSession = "none+xmonad"; # Set xmonad as the default window manager.
defaultSession =
"none+xmonad"; # Set xmonad as the default window manager.
gdm.enable = true; # Enable the GNOME display manager
};
layout = "us"; # Set your preferred keyboard layout.
libinput.enable = true; # Enable touchpad support.
windowManager = { # Open configuration for the window manager.
xmonad.enable = true; # Enable xmonad.
xmonad.enableContribAndExtras = true; # Enable xmonad contrib and extras.
xmonad.extraPackages = hpkgs: [ # Open configuration for additional Haskell packages.
xmonad.enableContribAndExtras =
true; # Enable xmonad contrib and extras.
xmonad.extraPackages =
hpkgs: [ # Open configuration for additional Haskell packages.
hpkgs.xmonad-contrib # Install xmonad-contrib.
hpkgs.xmonad-extras # Install xmonad-extras.
hpkgs.xmonad # Install xmonad itself.
@ -49,7 +46,8 @@
};
# Install any additional fonts that I require to be used with xmonad
fonts.fonts = with pkgs; [
fonts.fonts = with pkgs;
[
opensans-ttf # Used in in my xmobar configuration
];

9
profiles/zsh.nix
View file

@ -22,10 +22,7 @@
'';
ohMyZsh = {
enable = true;
plugins = [
"fzf"
"git"
];
plugins = [ "fzf" "git" ];
};
promptInit = ''
eval "$(starship init zsh)"
@ -33,9 +30,7 @@
vteIntegration = true;
};
environment.systemPackages = with pkgs; [
fzf
];
environment.systemPackages = with pkgs; [ fzf ];
users.defaultUserShell = pkgs.zsh; # Set the default shell for all users