Compare commits
137 commits
6feb1c4a3d
...
523115b17b
Author | SHA1 | Date | |
---|---|---|---|
Serĉanto de Scio | 523115b17b | ||
Serĉanto de Scio | 5f294e8f8b | ||
Serĉanto de Scio | c3b8502bbb | ||
Serĉanto de Scio | 2276eca9bd | ||
Serĉanto de Scio | 1fa55a5f71 | ||
Serĉanto de Scio | 156ab8778a | ||
Serĉanto de Scio | c017348930 | ||
Serĉanto de Scio | 8773384ee2 | ||
Serĉanto de Scio | 2be97bf887 | ||
Serĉanto de Scio | 6a9aa77bd1 | ||
Serĉanto de Scio | 4fad82d0fc | ||
Serĉanto de Scio | bc930dfc3c | ||
Serĉanto de Scio | 2ab7663d0d | ||
Serĉanto de Scio | c723f05e64 | ||
Serĉanto de Scio | 59b98f4abf | ||
Serĉanto de Scio | e00dc3d21d | ||
Serĉanto de Scio | 9d682441f1 | ||
Serĉanto de Scio | fd68907710 | ||
Serĉanto de Scio | 52380181f0 | ||
Serĉanto de Scio | fd7ff1c9c0 | ||
Serĉanto de Scio | 38af1dadbe | ||
Serĉanto de Scio | ef7c1de49a | ||
Serĉanto de Scio | 61c4c60e7a | ||
Serĉanto de Scio | 2d52e3da66 | ||
Serĉanto de Scio | ff5a541071 | ||
Serĉanto de Scio | fc4de3962d | ||
Serĉanto de Scio | 564d3e92de | ||
Serĉanto de Scio | 47500ca525 | ||
Serĉanto de Scio | 7f63ac5362 | ||
Serĉanto de Scio | 6319dc3ed2 | ||
Serĉanto de Scio | 51911c42a3 | ||
Serĉanto de Scio | c21fbd779d | ||
Serĉanto de Scio | 97e0e0eeb5 | ||
Serĉanto de Scio | f7c7666a94 | ||
Serĉanto de Scio | 048f5c58b1 | ||
Serĉanto de Scio | 0f69e8fa60 | ||
Serĉanto de Scio | 9cbce61887 | ||
Serĉanto de Scio | 5eb8607fe0 | ||
Serĉanto de Scio | 3a9422d6f1 | ||
Serĉanto de Scio | 4b4afa07c2 | ||
Serĉanto de Scio | d161a4df25 | ||
Serĉanto de Scio | 483e475dda | ||
Serĉanto de Scio | eea22bd45f | ||
Serĉanto de Scio | 3ebc2508ce | ||
Serĉanto de Scio | 0dda2a3812 | ||
Serĉanto de Scio | dd3d630902 | ||
Serĉanto de Scio | a2553d2569 | ||
Serĉanto de Scio | 300d1faec4 | ||
Serĉanto de Scio | c22947904b | ||
Serĉanto de Scio | 4ec35cd3bb | ||
Serĉanto de Scio | 4e59145aed | ||
Serĉanto de Scio | b4113339bf | ||
Serĉanto de Scio | 46d257c88f | ||
Serĉanto de Scio | 251995a0d1 | ||
Serĉanto de Scio | a221cd55d8 | ||
Serĉanto de Scio | 92f4dc765e | ||
Serĉanto de Scio | 82768c9c00 | ||
Serĉanto de Scio | 0a4dd89312 | ||
Serĉanto de Scio | 6591292e47 | ||
Serĉanto de Scio | b339590cef | ||
Serĉanto de Scio | 6f16d8ec34 | ||
Serĉanto de Scio | 46f3d84c2f | ||
Serĉanto de Scio | a90f887db0 | ||
Serĉanto de Scio | b485b7e94b | ||
Serĉanto de Scio | 5281ca1836 | ||
Serĉanto de Scio | 4c36426f7c | ||
Serĉanto de Scio | 52c8f7e768 | ||
Serĉanto de Scio | ac645a0516 | ||
Serĉanto de Scio | 94747459e4 | ||
Serĉanto de Scio | b2c186d368 | ||
Serĉanto de Scio | 1342d8b9bd | ||
Serĉanto de Scio | 5a546582a5 | ||
Serĉanto de Scio | afc69b424a | ||
Serĉanto de Scio | 273243d0e5 | ||
Serĉanto de Scio | d93d573e1c | ||
Serĉanto de Scio | 1376335e8a | ||
Serĉanto de Scio | 709ef98f87 | ||
Serĉanto de Scio | 8e18fa7a76 | ||
Serĉanto de Scio | ed00ccf9ce | ||
Serĉanto de Scio | 3c8f721931 | ||
Serĉanto de Scio | 3974b9c5f1 | ||
Serĉanto de Scio | 5f986424bb | ||
Serĉanto de Scio | 5a9ac9256a | ||
Serĉanto de Scio | 741c36cf78 | ||
Serĉanto de Scio | 91ab1b85d1 | ||
Serĉanto de Scio | 45f68cc449 | ||
Serĉanto de Scio | 23500953d7 | ||
Serĉanto de Scio | e6e9e943a2 | ||
Serĉanto de Scio | 51ae6d2df5 | ||
Serĉanto de Scio | 06917aab82 | ||
Serĉanto de Scio | 56965f56ce | ||
Serĉanto de Scio | 3333128b68 | ||
Serĉanto de Scio | 8ca64cf932 | ||
Serĉanto de Scio | 768fbdbeec | ||
Serĉanto de Scio | e1db3dc034 | ||
Serĉanto de Scio | bebf967280 | ||
Serĉanto de Scio | d46c21f2e9 | ||
Serĉanto de Scio | fc2d111d07 | ||
Serĉanto de Scio | f1941ab101 | ||
Serĉanto de Scio | e33913529f | ||
Serĉanto de Scio | 684310ad81 | ||
Serĉanto de Scio | 77a462c294 | ||
Serĉanto de Scio | d7299837d1 | ||
Serĉanto de Scio | 454a73de4e | ||
Serĉanto de Scio | 5b15a5e49e | ||
Serĉanto de Scio | 1cb08dbd2f | ||
Serĉanto de Scio | 8cb5eb4260 | ||
Serĉanto de Scio | cabc27236f | ||
Serĉanto de Scio | 76c4ac7413 | ||
Serĉanto de Scio | f04adc82dd | ||
Serĉanto de Scio | e0a97fb398 | ||
Serĉanto de Scio | aa530841d0 | ||
Serĉanto de Scio | 2dd21720f7 | ||
Serĉanto de Scio | a7523bfaa4 | ||
Serĉanto de Scio | ba8b59e103 | ||
Serĉanto de Scio | 84646b3232 | ||
Serĉanto de Scio | 604acaf0c5 | ||
Serĉanto de Scio | aeef94e4c2 | ||
Serĉanto de Scio | 513551e598 | ||
Serĉanto de Scio | c3ff66a6b7 | ||
Serĉanto de Scio | a0473c292b | ||
Serĉanto de Scio | 8c0617483e | ||
Serĉanto de Scio | cbb4de6da2 | ||
Serĉanto de Scio | 4e0477656b | ||
Serĉanto de Scio | 695fb6d1e8 | ||
Serĉanto de Scio | ecc733c5cb | ||
Serĉanto de Scio | 0f1ae06673 | ||
Serĉanto de Scio | 4fcc6b1308 | ||
Serĉanto de Scio | 91637675ce | ||
Serĉanto de Scio | ebf87dbdde | ||
Serĉanto de Scio | ed4e533f64 | ||
Serĉanto de Scio | 1e0a5a1f4f | ||
Serĉanto de Scio | c3284e21b1 | ||
Serĉanto de Scio | c1242fd8fa | ||
Serĉanto de Scio | c35eb06e2b | ||
Serĉanto de Scio | 9de9ffba9e | ||
Serĉanto de Scio | ef52c3092e |
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,6 +1,5 @@
|
||||||
*.swp
|
*.swp
|
||||||
.direnv
|
.direnv
|
||||||
.envrc
|
|
||||||
Deployments/syncserver.nix
|
Deployments/syncserver.nix
|
||||||
examples
|
examples
|
||||||
result
|
result
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
MIO Ops
|
MIO Ops
|
||||||
=======
|
=======
|
||||||
|
|
||||||
NixOps_ deployment configuration for MIO_.
|
NixOS_ deployment configuration for MIO_.
|
||||||
|
|
||||||
The canonical home for this repo is
|
The canonical home for this repo is
|
||||||
https://source.mcwhirter.io/craige/mio-ops
|
https://reciproka.dev/craige/mio-ops
|
||||||
|
|
||||||
Support buy donating ADA: addr1q8dpxmt0xk9xr27jff25ksxxf9wpqwsdpl46d02mtqd233t3s7uvrk5la8rqv9gh4d36pm8v9f2gcjt9tt7wj32vm4aqkvunma
|
Support buy donating ADA: addr1q8dpxmt0xk9xr27jff25ksxxf9wpqwsdpl46d02mtqd233t3s7uvrk5la8rqv9gh4d36pm8v9f2gcjt9tt7wj32vm4aqkvunma
|
||||||
|
|
||||||
.. _NixOps: https://nixos.org/nixops
|
.. _NixOS: https://nixos.org/
|
||||||
.. _MIO: https://mcwhirter.io/
|
.. _MIO: https://mcwhirter.io/
|
||||||
|
|
|
@ -13,7 +13,7 @@ with import ./nix args; {
|
||||||
alejandraUnstable # The Uncompromising Nix Code Formatter
|
alejandraUnstable # The Uncompromising Nix Code Formatter
|
||||||
cardanoNodeProject.cardano-cli # required for KES key rotation
|
cardanoNodeProject.cardano-cli # required for KES key rotation
|
||||||
niv
|
niv
|
||||||
nixopsUnstable # work around for issue #127423
|
nixops_unstable_minimal # work around for issue #127423
|
||||||
tea # Gitea official CLI client
|
tea # Gitea official CLI client
|
||||||
treefmt # one CLI to format the code tree
|
treefmt # one CLI to format the code tree
|
||||||
];
|
];
|
||||||
|
|
6622
flake.lock
Normal file
6622
flake.lock
Normal file
File diff suppressed because it is too large
Load diff
15
flake.nix
Normal file
15
flake.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{
|
||||||
|
description = "mio-ops deployment";
|
||||||
|
|
||||||
|
inputs = {
|
||||||
|
cardano-node.url = "github:input-output-hk/cardano-node/?ref=1.35.7";
|
||||||
|
daedalus.url = "github:input-output-hk/daedalus/?ref=5.2.0";
|
||||||
|
iohkNix.url = "github:input-output-hk/iohk-nix/?ref=df1da282f996ec46b33379407df99613a1fbafdd";
|
||||||
|
nix.url = "github:NixOS/nix/?ref=2.13.3";
|
||||||
|
nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-24.05;
|
||||||
|
nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable;
|
||||||
|
utils.url = "github:numtide/flake-utils";
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = {...} @ args: import ./outputs.nix args;
|
||||||
|
}
|
|
@ -2,10 +2,11 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
lib,
|
lib,
|
||||||
|
modulesPath,
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
|
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd = {
|
initrd = {
|
||||||
|
@ -16,26 +17,28 @@
|
||||||
"usbhid" # USB HID transport layer
|
"usbhid" # USB HID transport layer
|
||||||
"usb_storage" # USB Mass Storage support
|
"usb_storage" # USB Mass Storage support
|
||||||
"sd_mod" # SCSI disk support
|
"sd_mod" # SCSI disk support
|
||||||
"aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128
|
|
||||||
"cryptd" # Software async crypto daemon
|
|
||||||
];
|
];
|
||||||
kernelModules = ["dm-snapshot"];
|
|
||||||
luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
|
|
||||||
};
|
};
|
||||||
kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
|
kernelModules = ["hid_multitouch" "kvm-intel" "psmouse"]; # Enable kvm for libvirtd
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/" = {
|
fileSystems = {
|
||||||
device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c";
|
"/" = {
|
||||||
|
device = "/dev/disk/by-uuid/0bdc11fc-c497-47ff-bcc2-3044f81f40be";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
"/home" = {
|
||||||
fileSystems."/boot" = {
|
device = "/dev/disk/by-uuid/9c8a9dd1-b234-4a6d-ad62-3962e85d4063";
|
||||||
device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96";
|
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
swapDevices = [{device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e";}];
|
swapDevices = [{device = "/dev/disk/by-uuid/05aed0b0-3a79-44f2-aa4d-e5e5724643f2";}];
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
nix.settings.max-jobs = lib.mkDefault 4;
|
nix.settings.max-jobs = lib.mkDefault 4;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
};
|
};
|
||||||
kernelPackages = pkgs.linuxPackages_5_15; # For a Raspberry Pi 2 or 3)
|
kernelPackages = pkgs.linuxPackages_5_15; # For a Raspberry Pi 2 or 3)
|
||||||
kernelParams = [
|
kernelParams = [
|
||||||
"cma=32M" # Needed for the virtual console to work on the RPi 3
|
"cma=320M" # Needed for the virtual console to work on the RPi 3
|
||||||
"console=ttyS0,115200n8" # Enable the serial console
|
"console=ttyS0,115200n8" # Enable the serial console
|
||||||
"console=tty0"
|
"console=tty0"
|
||||||
];
|
];
|
||||||
|
@ -31,9 +31,10 @@
|
||||||
raspberryPi = {
|
raspberryPi = {
|
||||||
enable = false;
|
enable = false;
|
||||||
version = 3;
|
version = 3;
|
||||||
uboot.enable = true;
|
|
||||||
firmwareConfig = ''
|
firmwareConfig = ''
|
||||||
arm_64bit=1 # Force kernel loading system to assume a 64-bit kernel
|
arm_64bit=1 # Force kernel loading system to assume a 64-bit kernel
|
||||||
|
display_auto_detect=1 # Enable auto detection of screen resolution
|
||||||
|
gpu_mem=128
|
||||||
hdmi_force_hotplug=1 # Enable headless booting
|
hdmi_force_hotplug=1 # Enable headless booting
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
74
hardware/system76_lemurPro.nix
Normal file
74
hardware/system76_lemurPro.nix
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
# Hardware configuration file for the System76 Lemur Pro v12 (lemp12)
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
initrd = {
|
||||||
|
availableKernelModules = [
|
||||||
|
"thunderbolt" # USB4 and Thunderbolt 3 support
|
||||||
|
"sdhci_pci" # Secure Digital Host Controller Interface (SD cards)
|
||||||
|
"nvme" # NVMe drives (really fast SSDs)
|
||||||
|
"sd_mod" # SCSI disk support
|
||||||
|
"usb_storage" # USB Mass Storage support
|
||||||
|
"xhci_pci" # USB 3.0 (eXtensible Host Controller Interface)
|
||||||
|
];
|
||||||
|
kernelModules = ["dm-snapshot"];
|
||||||
|
luks = {
|
||||||
|
devices = {
|
||||||
|
"cryptroot" = {
|
||||||
|
device = "/dev/disk/by-label/cryptroot";
|
||||||
|
allowDiscards = true;
|
||||||
|
preLVM = true;
|
||||||
|
};
|
||||||
|
"cryptmirror" = {
|
||||||
|
device = "/dev/disk/by-label/cryptmirror";
|
||||||
|
allowDiscards = true;
|
||||||
|
preLVM = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/disk/by-label/nixos";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/disk/by-label/EFI";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
"/var/lib/backup" = {
|
||||||
|
device = "/dev/disk/by-label/backup";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-label/swap";
|
||||||
|
discardPolicy = "both";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nix.settings.max-jobs = lib.mkDefault 4;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware = {
|
||||||
|
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
system76 = {
|
||||||
|
enableAll = true; # all recommended configuration for system76 systems
|
||||||
|
power-daemon.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
74
hardware/system76_thelioMira.nix
Normal file
74
hardware/system76_thelioMira.nix
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
# Hardware configuration file for the System76 Thelio Mira
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
initrd = {
|
||||||
|
availableKernelModules = [
|
||||||
|
"ahci"
|
||||||
|
"nvme" # NVMe drives (really fast SSDs)
|
||||||
|
"sd_mod" # SCSI disk support
|
||||||
|
"usb_storage" # USB Mass Storage support
|
||||||
|
"usbhid"
|
||||||
|
"xhci_pci" # USB 3.0 (eXtensible Host Controller Interface)
|
||||||
|
];
|
||||||
|
kernelModules = ["dm-snapshot"];
|
||||||
|
luks = {
|
||||||
|
devices = {
|
||||||
|
"cryptroot" = {
|
||||||
|
device = "/dev/disk/by-label/cryptroot";
|
||||||
|
allowDiscards = true;
|
||||||
|
preLVM = true;
|
||||||
|
};
|
||||||
|
"cryptstore" = {
|
||||||
|
device = "/dev/disk/by-label/cryptstore";
|
||||||
|
allowDiscards = true;
|
||||||
|
preLVM = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/disk/by-label/nixos";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
"/nix" = {
|
||||||
|
device = "/dev/disk/by-label/nixStore";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/677E-FD28";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-label/swap";
|
||||||
|
discardPolicy = "both";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nix.settings.max-jobs = lib.mkDefault 12;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware = {
|
||||||
|
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
system76 = {
|
||||||
|
enableAll = true; # all recommended configuration for system76 systems
|
||||||
|
power-daemon.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,19 +0,0 @@
|
||||||
# NixOps configuration for buaidheach
|
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
imports = [
|
|
||||||
../networks/pi3B_rack.nix
|
|
||||||
../profiles/transmission.nix
|
|
||||||
../secrets/transmission.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
# Comment out deployment when building the SD Image.
|
|
||||||
deployment.targetHost = "10.42.0.212";
|
|
||||||
networking.hostName = "buaidheach"; # Define your hostname.
|
|
||||||
|
|
||||||
system.stateVersion = "22.05"; # The version of NixOS originally installed
|
|
||||||
}
|
|
|
@ -11,7 +11,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
# Comment out deployment when building the SD Image.
|
# Comment out deployment when building the SD Image.
|
||||||
deployment.targetHost = "10.42.0.213";
|
deployment.targetHost = "10.42.0.203";
|
||||||
networking.hostName = "ceitidh"; # Define your hostname.
|
networking.hostName = "ceitidh"; # Define your hostname.
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
|
@ -10,7 +10,6 @@
|
||||||
../networks/linode.nix
|
../networks/linode.nix
|
||||||
../profiles/coturn.nix
|
../profiles/coturn.nix
|
||||||
#../profiles/cryptpad.nix
|
#../profiles/cryptpad.nix
|
||||||
../profiles/forgejo.nix
|
|
||||||
#../profiles/hydra.nix
|
#../profiles/hydra.nix
|
||||||
../profiles/iog.nix
|
../profiles/iog.nix
|
||||||
../profiles/ipv6.nix
|
../profiles/ipv6.nix
|
||||||
|
@ -22,7 +21,6 @@
|
||||||
../profiles/nixpkgs-dev.nix
|
../profiles/nixpkgs-dev.nix
|
||||||
../profiles/taskserver.nix
|
../profiles/taskserver.nix
|
||||||
../profiles/tt-rss.nix
|
../profiles/tt-rss.nix
|
||||||
../secrets/forgejo.nix
|
|
||||||
../secrets/tt-rss.nix
|
../secrets/tt-rss.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -36,11 +34,31 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
services.tmate = {
|
services = {
|
||||||
|
tmate = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
sshHostname = "tmate.mcwhirter.io";
|
sshHostname = "tmate.mcwhirter.io";
|
||||||
};
|
};
|
||||||
|
nginx = {
|
||||||
|
virtualHosts."git.mcwhirter.io" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
globalRedirect = "reciproka.dev"; # Redirect permanently to the host
|
||||||
|
};
|
||||||
|
virtualHosts."source.mcwhirter.io" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
globalRedirect = "reciproka.dev"; # Redirect permanently to the host
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
certs = {"git.mcwhirter.io" = {email = "craige@mcwhirter.io";};};
|
||||||
|
certs = {"source.mcwhirter.io" = {email = "craige@mcwhirter.io";};};
|
||||||
|
};
|
||||||
|
|
||||||
system.stateVersion = "19.03"; # The version of NixOS originally installed
|
system.stateVersion = "19.03"; # The version of NixOS originally installed
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,54 +6,30 @@
|
||||||
}: {
|
}: {
|
||||||
imports = [
|
imports = [
|
||||||
../hardware/purism_librem_15.nix # Include results of the hardware scan.
|
../hardware/purism_librem_15.nix # Include results of the hardware scan.
|
||||||
../profiles/android.nix # Provide an Android dev environment
|
../profiles/desktop_common.nix
|
||||||
../profiles/cron-craige.nix # Provide Craige's cron jobs
|
../profiles/steam.nix
|
||||||
../profiles/daedalus.nix # The open source cryptocurrency wallet for ADA
|
|
||||||
../profiles/desktop-feeds.nix # Tools for news feeds and podcasts
|
|
||||||
../profiles/desktopCraige.nix # Craige's desktop tools and apps
|
|
||||||
../profiles/haskell-dev.nix # Haskell dev environment
|
|
||||||
../profiles/host_common.nix # Common host configuration options
|
|
||||||
../profiles/iog.nix # IOHK environment
|
|
||||||
../profiles/keyboard.nix
|
|
||||||
../profiles/neomutt.nix # Neomutt email
|
|
||||||
../profiles/nix-community.nix # Nix community aarch64 tooling
|
|
||||||
../profiles/nix-mio-ops.nix # mio-ops Nix tooling
|
|
||||||
../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
|
|
||||||
../profiles/openssh.nix # Enable and configure openssh
|
|
||||||
../profiles/pantheon.nix # Enable and configure the pantheon desktop
|
|
||||||
../profiles/pipewire.nix # Enable and pipewire audio system
|
|
||||||
../profiles/powerManagement.nix # Power management for laptops
|
|
||||||
../profiles/qemu.nix # Qemu virtualisation
|
|
||||||
../profiles/typingTutor.nix # Typing tutorials
|
|
||||||
../profiles/weechat.nix # Weechat environment
|
|
||||||
#../profiles/xmonad.nix # Xmonad desktop environment
|
|
||||||
../profiles/yubikey.nix # Yubikey tooling
|
|
||||||
../secrets/craige.nix # Ssshhhhh!
|
|
||||||
../secrets/root.nix # Ssshhhhh!
|
|
||||||
#../secrets/wireless.nix # Hey look! A squirrel!
|
|
||||||
];
|
];
|
||||||
|
|
||||||
deployment.targetHost = "localhost";
|
deployment.targetHost = "10.42.0.190";
|
||||||
|
|
||||||
nixpkgs = {
|
|
||||||
config = {
|
|
||||||
allowUnfree = true;
|
|
||||||
permittedInsecurePackages = [
|
|
||||||
"openssl-1.0.2u"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
overlays = [(import ../overlays/ncmpcpp.nix)];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Use the GRUB 2 boot loader.
|
# Use the GRUB 2 boot loader.
|
||||||
boot.loader.grub.enable = true;
|
boot = {
|
||||||
boot.loader.grub.device = "/dev/nvme0n1"; # or "nodev" for efi only
|
loader.grub = {
|
||||||
boot.kernel.sysctl."net.ipv4.ip_forward" = "1";
|
enable = true;
|
||||||
boot.extraModprobeConfig = "options kvm_intel nested=1";
|
device = "/dev/nvme0n1"; # or "nodev" for efi only
|
||||||
|
useOSProber = true;
|
||||||
|
};
|
||||||
|
kernel.sysctl."net.ipv4.ip_forward" = "1";
|
||||||
|
extraModprobeConfig = "options kvm_intel nested=1";
|
||||||
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "dionach"; # Define your hostname.
|
hostName = "dionach"; # Define your hostname.
|
||||||
networkmanager.enable = true; # Enables network support via NetworkManager.
|
firewall = {
|
||||||
|
enable = true;
|
||||||
|
checkReversePath = false; # Needed for libvirtd
|
||||||
|
allowedTCPPorts = [15000];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.network.networks.enp0s20f0u4u4i5.ipv6SendRAConfig = {
|
systemd.network.networks.enp0s20f0u4u4i5.ipv6SendRAConfig = {
|
||||||
|
@ -62,160 +38,11 @@
|
||||||
OtherInformation = true;
|
OtherInformation = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
fonts.fonts = with pkgs; [
|
|
||||||
anonymousPro
|
|
||||||
dejavu_fonts # A typeface family based on the Bitstream Vera fonts
|
|
||||||
fira-code # Monospace font with programming ligaturess
|
|
||||||
font-awesome
|
|
||||||
hack-font # A typeface designed for source code
|
|
||||||
jetbrains-mono
|
|
||||||
#monoid # Customisable coding font with alternates, ligatures and contextual positioning
|
|
||||||
nerdfonts # Iconic font aggregator, collection, & patcher
|
|
||||||
open-sans # Used in in my polybar configuration
|
|
||||||
xkcd-font # Font based handwriting in xkcd comics
|
|
||||||
];
|
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
bash
|
|
||||||
binutils
|
|
||||||
bluez-tools
|
|
||||||
brave # Privacy-oriented browser
|
|
||||||
bridge-utils # for brctl
|
|
||||||
chromium
|
|
||||||
clang
|
|
||||||
ddrescue
|
|
||||||
docutils # Python Documentation Utilities
|
|
||||||
electrum # Bitcoin wallet
|
|
||||||
element-desktop # A feature-rich client for Matrix.org
|
|
||||||
evince
|
|
||||||
exiftool # A tool to read, write and edit EXIF meta information
|
|
||||||
ffmpeg-full # record, convert and stream audio and video
|
|
||||||
file
|
|
||||||
librewolf # Firefox fork, focused on privacy, security and freedom
|
|
||||||
gcc
|
|
||||||
gimp
|
|
||||||
gnumake
|
|
||||||
gnused
|
|
||||||
google-authenticator # 2FA
|
|
||||||
google-chrome # A freeware web browser developed by Google
|
|
||||||
graphviz # Graph visualization tools
|
|
||||||
imagemagick
|
|
||||||
inetutils # Common network utilies
|
|
||||||
inotify-tools
|
|
||||||
iptables # iptables
|
|
||||||
libmtp
|
|
||||||
libgphoto2
|
|
||||||
libreoffice-fresh # Libreoffice - fresh version
|
|
||||||
lxmenu-data # required by pcmanfm
|
|
||||||
mkpasswd
|
|
||||||
mp3info # MP3 tag editor / query tool
|
|
||||||
mpd
|
|
||||||
mtpfs
|
|
||||||
ncmpcpp
|
|
||||||
nextcloud-client
|
|
||||||
nvme-cli # NVM-Express user space tooling for Linux
|
|
||||||
obs-studio # Free and open source software for video recording and live streaming
|
|
||||||
openjdk8
|
|
||||||
openssl # A cryptographic library that implements the SSL and TLS protocols
|
|
||||||
p7zip
|
|
||||||
pandoc
|
|
||||||
pavucontrol
|
|
||||||
pcmanfm
|
|
||||||
pstree # Show the set of running processes as a tree
|
|
||||||
pwgen
|
|
||||||
python3Full
|
|
||||||
#python311Packages.restview # ReStructuredText viewer
|
|
||||||
python311Packages.sphinx # A tool that makes it easy to create intelligent and beautifulul documentation for Python projects
|
|
||||||
radiotray-ng # Internet radio player
|
|
||||||
rdiff-backup # External backups
|
|
||||||
shared-mime-info # required by pcmanfm
|
|
||||||
shotwell
|
|
||||||
signal-desktop
|
|
||||||
smartmontools # Tools for monitoring the health of hard drives
|
|
||||||
sshfs
|
|
||||||
taskwarrior # Highly flexible command-line tool to manage TODO lists
|
|
||||||
tcpdump # tcpdump
|
|
||||||
tectonic
|
|
||||||
tdesktop # Telegram Desktop messaging app
|
|
||||||
texlive.combined.scheme-full
|
|
||||||
tmate # Instant Terminal Sharing
|
|
||||||
tpm-tools
|
|
||||||
#tor-browser-bundle-bin
|
|
||||||
tree # Command to produce a depth indented directory listing
|
|
||||||
udevil
|
|
||||||
unrar
|
|
||||||
unzip
|
|
||||||
vcsh
|
|
||||||
wget
|
|
||||||
wesnoth # Turn-based strategy game
|
|
||||||
xorg.xev
|
|
||||||
zip # zip all the zip's
|
|
||||||
zlib
|
|
||||||
zlib.dev
|
|
||||||
];
|
|
||||||
|
|
||||||
services.acpid.enable = true;
|
|
||||||
services.blueman.enable = true;
|
|
||||||
services.gvfs.enable = true; # required by pcmanfm
|
|
||||||
services.kbfs.enable = true;
|
services.kbfs.enable = true;
|
||||||
|
|
||||||
services.xserver.desktopManager.enlightenment.enable = true;
|
|
||||||
|
|
||||||
networking.firewall = {
|
|
||||||
enable = true;
|
|
||||||
checkReversePath = false; # Needed for libvirtd
|
|
||||||
allowedTCPPorts = [15000];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Virtualisation configuration:
|
|
||||||
virtualisation = {
|
|
||||||
libvirtd = {
|
|
||||||
enable = true; # Enable libvirtd
|
|
||||||
qemu = {
|
|
||||||
#package = pkgs.qemu_kvm; # Enable guest only for the same arch
|
|
||||||
package = pkgs.qemu; # Enable full emulation
|
|
||||||
verbatimConfig = ''
|
|
||||||
user = "craige"
|
|
||||||
group = "libvirtd"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown
|
|
||||||
extraConfig = ''
|
|
||||||
disk_bus = "virtio"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Enable sound.
|
|
||||||
sound.enable = true;
|
|
||||||
hardware = {
|
|
||||||
#pulseaudio = {
|
|
||||||
# enable = true;
|
|
||||||
# systemWide = false;
|
|
||||||
# package = pkgs.pulseaudioFull;
|
|
||||||
#};
|
|
||||||
bluetooth = {
|
|
||||||
enable = true;
|
|
||||||
#hsphfpd.enable = true;
|
|
||||||
settings = {Policy = {AutoEnable = "true";};};
|
|
||||||
};
|
|
||||||
opengl.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# The below pair are set to overcome flakey connections / busy servers that
|
|
||||||
# fail to respond to ssh keep alive requests, sometimes triggering:
|
|
||||||
# client_loop: send disconnect: Broken pipe
|
|
||||||
programs.ssh.extraConfig = ''
|
|
||||||
ServerAliveInterval 20
|
|
||||||
TCPKeepAlive no
|
|
||||||
'';
|
|
||||||
|
|
||||||
users.groups = {lp.members = ["messagebus"];};
|
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
# This value determines the NixOS release with which your system is to be
|
||||||
# compatible, in order to avoid breaking some software such as database
|
# compatible, in order to avoid breaking some software such as database
|
||||||
# servers. You should change this only after NixOS release notes say you
|
# servers. You should change this only after NixOS release notes say you
|
||||||
# should.
|
# should.
|
||||||
system.stateVersion = "20.03"; # Did you read the comment?
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
imports = [../networks/pi3B_rack.nix];
|
imports = [../networks/pi3B_rack.nix];
|
||||||
|
|
||||||
# Comment out deployment when building the SD Image.
|
# Comment out deployment when building the SD Image.
|
||||||
deployment.targetHost = "10.42.0.214";
|
deployment.targetHost = "10.42.0.204";
|
||||||
networking.hostName = "doilidh"; # Define your hostname.
|
networking.hostName = "doilidh"; # Define your hostname.
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [];
|
environment.systemPackages = with pkgs; [];
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
imports = [../networks/pi3B_rack.nix];
|
imports = [../networks/pi3B_rack.nix];
|
||||||
|
|
||||||
# Comment out deployment when building the SD Image.
|
# Comment out deployment when building the SD Image.
|
||||||
deployment.targetHost = "10.42.0.215";
|
deployment.targetHost = "10.42.0.205";
|
||||||
networking.hostName = "eamhair"; # Define your hostname.
|
networking.hostName = "eamhair"; # Define your hostname.
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [];
|
environment.systemPackages = with pkgs; [];
|
||||||
|
|
126
hosts/sanganto.nix
Normal file
126
hosts/sanganto.nix
Normal file
|
@ -0,0 +1,126 @@
|
||||||
|
# NixOS configuration for ŝanĝanto
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
../hardware/system76_thelioMira.nix # Include results of the hardware scan.
|
||||||
|
../profiles/cron-craige.nix # Provide Craige's cron jobs
|
||||||
|
../profiles/desktopCraige.nix # Craige's desktop tools and apps
|
||||||
|
../profiles/haskell-dev.nix # Haskell dev environment
|
||||||
|
../profiles/host_common.nix # Common host configuration options
|
||||||
|
../profiles/iog.nix # IOHK environment
|
||||||
|
../profiles/keyboard.nix
|
||||||
|
../profiles/neomutt.nix # Neomutt email
|
||||||
|
../profiles/nix-community.nix # Nix community aarch64 tooling
|
||||||
|
../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
|
||||||
|
../profiles/openssh.nix # Enable and configure openssh
|
||||||
|
../profiles/pantheon.nix # Enable and configure the pantheon desktop
|
||||||
|
../profiles/pipewire.nix # Enable and pipewire audio system
|
||||||
|
../profiles/xmonad.nix # Xmonad desktop environment
|
||||||
|
../profiles/yubikey.nix # Yubikey tooling
|
||||||
|
../secrets/craige.nix # Ssshhhhh!
|
||||||
|
../secrets/root.nix # Ssshhhhh!
|
||||||
|
];
|
||||||
|
|
||||||
|
deployment.targetHost = "10.42.0.11";
|
||||||
|
|
||||||
|
nixpkgs = {
|
||||||
|
config = {
|
||||||
|
allowUnfree = true;
|
||||||
|
permittedInsecurePackages = [
|
||||||
|
"openssl-1.0.2u"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
overlays = [(import ../overlays/ncmpcpp.nix)];
|
||||||
|
};
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader = {
|
||||||
|
systemd-boot.enable = true;
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
};
|
||||||
|
kernel.sysctl."net.ipv4.ip_forward" = "1";
|
||||||
|
extraModprobeConfig = "options kvm_intel nested=1";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "sanganto"; # Define your hostname.
|
||||||
|
networkmanager.enable = true; # Enables network support via NetworkManager.
|
||||||
|
};
|
||||||
|
|
||||||
|
fonts.packages = with pkgs; [
|
||||||
|
anonymousPro
|
||||||
|
dejavu_fonts # A typeface family based on the Bitstream Vera fonts
|
||||||
|
fira-code # Monospace font with programming ligaturess
|
||||||
|
font-awesome
|
||||||
|
hack-font # A typeface designed for source code
|
||||||
|
jetbrains-mono
|
||||||
|
nerdfonts # Iconic font aggregator, collection, & patcher
|
||||||
|
open-sans # Used in in my polybar configuration
|
||||||
|
xkcd-font # Font based handwriting in xkcd comics
|
||||||
|
];
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
];
|
||||||
|
|
||||||
|
services = {
|
||||||
|
acpid.enable = true;
|
||||||
|
blueman.enable = true;
|
||||||
|
gvfs.enable = true; # required by pcmanfm
|
||||||
|
kbfs.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
enable = true;
|
||||||
|
checkReversePath = false; # Needed for libvirtd
|
||||||
|
allowedTCPPorts = [15000];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Virtualisation configuration:
|
||||||
|
virtualisation = {
|
||||||
|
libvirtd = {
|
||||||
|
enable = true; # Enable libvirtd
|
||||||
|
qemu = {
|
||||||
|
#package = pkgs.qemu_kvm; # Enable guest only for the same arch
|
||||||
|
package = pkgs.qemu; # Enable full emulation
|
||||||
|
verbatimConfig = ''
|
||||||
|
user = "craige"
|
||||||
|
group = "libvirtd"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown
|
||||||
|
extraConfig = ''
|
||||||
|
disk_bus = "virtio"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable sound.
|
||||||
|
sound.enable = true;
|
||||||
|
hardware = {
|
||||||
|
bluetooth = {
|
||||||
|
enable = true;
|
||||||
|
settings = {Policy = {AutoEnable = "true";};};
|
||||||
|
};
|
||||||
|
opengl.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# The below pair are set to overcome flakey connections / busy servers that
|
||||||
|
# fail to respond to ssh keep alive requests, sometimes triggering:
|
||||||
|
# client_loop: send disconnect: Broken pipe
|
||||||
|
programs.ssh.extraConfig = ''
|
||||||
|
ServerAliveInterval 20
|
||||||
|
TCPKeepAlive no
|
||||||
|
'';
|
||||||
|
|
||||||
|
users.groups = {lp.members = ["messagebus"];};
|
||||||
|
|
||||||
|
# This value determines the NixOS release with which your system is to be
|
||||||
|
# compatible, in order to avoid breaking some software such as database
|
||||||
|
# servers. You should change this only after NixOS release notes say you
|
||||||
|
# should.
|
||||||
|
system.stateVersion = "23.05"; # Did you read the comment?
|
||||||
|
}
|
132
hosts/sercanto.nix
Normal file
132
hosts/sercanto.nix
Normal file
|
@ -0,0 +1,132 @@
|
||||||
|
# NixOS configuration for serĉanto
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
../hardware/system76_lemurPro.nix # Include results of the hardware scan.
|
||||||
|
../profiles/cron-craige.nix # Provide Craige's cron jobs
|
||||||
|
../profiles/desktopCraige.nix # Craige's desktop tools and apps
|
||||||
|
../profiles/haskell-dev.nix # Haskell dev environment
|
||||||
|
../profiles/host_common.nix # Common host configuration options
|
||||||
|
../profiles/iog.nix # IOHK environment
|
||||||
|
../profiles/keyboard.nix
|
||||||
|
../profiles/neomutt.nix # Neomutt email
|
||||||
|
../profiles/nix-community.nix # Nix community aarch64 tooling
|
||||||
|
../profiles/nix-mio-ops.nix # mio-ops Nix tooling
|
||||||
|
../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
|
||||||
|
../profiles/openssh.nix # Enable and configure openssh
|
||||||
|
../profiles/pantheon.nix # Enable and configure the pantheon desktop
|
||||||
|
../profiles/pipewire.nix # Enable and pipewire audio system
|
||||||
|
../profiles/powerManagement.nix # Power management for laptops
|
||||||
|
../profiles/xmonad.nix # Xmonad desktop environment
|
||||||
|
../profiles/yubikey.nix # Yubikey tooling
|
||||||
|
../secrets/craige.nix # Ssshhhhh!
|
||||||
|
../secrets/root.nix # Ssshhhhh!
|
||||||
|
#../secrets/wireless.nix # Hey look! A squirrel!
|
||||||
|
];
|
||||||
|
|
||||||
|
deployment.targetHost = "10.42.0.180";
|
||||||
|
|
||||||
|
nixpkgs = {
|
||||||
|
config = {
|
||||||
|
allowUnfree = true;
|
||||||
|
permittedInsecurePackages = [
|
||||||
|
"openssl-1.0.2u"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
overlays = [(import ../overlays/ncmpcpp.nix)];
|
||||||
|
};
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader = {
|
||||||
|
systemd-boot = {
|
||||||
|
enable = true;
|
||||||
|
configurationLimit = 5;
|
||||||
|
};
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
};
|
||||||
|
kernel.sysctl."net.ipv4.ip_forward" = "1";
|
||||||
|
extraModprobeConfig = "options kvm_intel nested=1";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "sercanto"; # Define your hostname.
|
||||||
|
networkmanager.enable = true; # Enables network support via NetworkManager.
|
||||||
|
};
|
||||||
|
|
||||||
|
fonts.packages = with pkgs; [
|
||||||
|
anonymousPro
|
||||||
|
dejavu_fonts # A typeface family based on the Bitstream Vera fonts
|
||||||
|
fira-code # Monospace font with programming ligaturess
|
||||||
|
font-awesome
|
||||||
|
hack-font # A typeface designed for source code
|
||||||
|
jetbrains-mono
|
||||||
|
nerdfonts # Iconic font aggregator, collection, & patcher
|
||||||
|
open-sans # Used in in my polybar configuration
|
||||||
|
xkcd-font # Font based handwriting in xkcd comics
|
||||||
|
];
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
];
|
||||||
|
|
||||||
|
services = {
|
||||||
|
acpid.enable = true;
|
||||||
|
blueman.enable = true;
|
||||||
|
gvfs.enable = true; # required by pcmanfm
|
||||||
|
kbfs.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
enable = true;
|
||||||
|
checkReversePath = false; # Needed for libvirtd
|
||||||
|
allowedTCPPorts = [15000];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Virtualisation configuration:
|
||||||
|
virtualisation = {
|
||||||
|
libvirtd = {
|
||||||
|
enable = true; # Enable libvirtd
|
||||||
|
qemu = {
|
||||||
|
#package = pkgs.qemu_kvm; # Enable guest only for the same arch
|
||||||
|
package = pkgs.qemu; # Enable full emulation
|
||||||
|
verbatimConfig = ''
|
||||||
|
user = "craige"
|
||||||
|
group = "libvirtd"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown
|
||||||
|
extraConfig = ''
|
||||||
|
disk_bus = "virtio"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable sound.
|
||||||
|
sound.enable = true;
|
||||||
|
hardware = {
|
||||||
|
bluetooth = {
|
||||||
|
enable = true;
|
||||||
|
settings = {Policy = {AutoEnable = "true";};};
|
||||||
|
};
|
||||||
|
opengl.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# The below pair are set to overcome flakey connections / busy servers that
|
||||||
|
# fail to respond to ssh keep alive requests, sometimes triggering:
|
||||||
|
# client_loop: send disconnect: Broken pipe
|
||||||
|
programs.ssh.extraConfig = ''
|
||||||
|
ServerAliveInterval 20
|
||||||
|
TCPKeepAlive no
|
||||||
|
'';
|
||||||
|
|
||||||
|
users.groups = {lp.members = ["messagebus"];};
|
||||||
|
|
||||||
|
# This value determines the NixOS release with which your system is to be
|
||||||
|
# compatible, in order to avoid breaking some software such as database
|
||||||
|
# servers. You should change this only after NixOS release notes say you
|
||||||
|
# should.
|
||||||
|
system.stateVersion = "23.05"; # Did you read the comment?
|
||||||
|
}
|
|
@ -1,4 +0,0 @@
|
||||||
# SD image for buaidheach
|
|
||||||
{...}: {
|
|
||||||
imports = [./sd-image_paidh-aarch64.nix ../hosts/buaidheach.nix];
|
|
||||||
}
|
|
|
@ -6,7 +6,6 @@
|
||||||
../profiles/host_common.nix
|
../profiles/host_common.nix
|
||||||
../profiles/pi_common.nix
|
../profiles/pi_common.nix
|
||||||
../profiles/server_common.nix
|
../profiles/server_common.nix
|
||||||
../secrets/wireless-pi3B.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Ensure the right package architecture is used
|
# Ensure the right package architecture is used
|
||||||
|
@ -17,7 +16,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.wireless.enable =
|
networking.wireless.enable =
|
||||||
true; # Toggles wireless support via wpa_supplicant.
|
false; # Toggles wireless support via wpa_supplicant.
|
||||||
|
|
||||||
systemd.network.networks.eth0.ipv6SendRAConfig = {
|
systemd.network.networks.eth0.ipv6SendRAConfig = {
|
||||||
EmitDNS = true;
|
EmitDNS = true;
|
||||||
|
|
|
@ -1,95 +0,0 @@
|
||||||
{
|
|
||||||
"cardano-node": {
|
|
||||||
"branch": "refs/tags/1.35.7",
|
|
||||||
"description": "The core component that is used to participate in a Cardano decentralised blockchain.",
|
|
||||||
"homepage": "https://cardano.org",
|
|
||||||
"owner": "input-output-hk",
|
|
||||||
"repo": "cardano-node",
|
|
||||||
"rev": "f0b4ac897dcbefba9fa0d247b204a24543cf55f6",
|
|
||||||
"sha256": "0s2jkj4mwl03hxg4ff9kyw41s32xbf31rnhag2m1qrglgsh8wzw9",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/input-output-hk/cardano-node/archive/f0b4ac897dcbefba9fa0d247b204a24543cf55f6.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"daedalus": {
|
|
||||||
"branch": "release/5.2.0",
|
|
||||||
"description": "The open source cryptocurrency wallet for ada, built to grow with the community",
|
|
||||||
"homepage": "https://daedaluswallet.io/",
|
|
||||||
"owner": "input-output-hk",
|
|
||||||
"repo": "daedalus",
|
|
||||||
"rev": "2990f5a44189097b3de2e7e7a19caa8062a8ae7b",
|
|
||||||
"sha256": "1w2w7qfashbqimcywzvhh0z5jrlfaja04sgi6p5hp08adwad6r92",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/input-output-hk/daedalus/archive/2990f5a44189097b3de2e7e7a19caa8062a8ae7b.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"iohk-nix": {
|
|
||||||
"branch": "master",
|
|
||||||
"description": "nix scripts shared across projects",
|
|
||||||
"homepage": null,
|
|
||||||
"owner": "input-output-hk",
|
|
||||||
"repo": "iohk-nix",
|
|
||||||
"rev": "df1da282f996ec46b33379407df99613a1fbafdd",
|
|
||||||
"sha256": "0vpcyrswxkynn2q37qsrhvf62whk2ijpcwqnamxcchcq6lwfpn0l",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/input-output-hk/iohk-nix/archive/df1da282f996ec46b33379407df99613a1fbafdd.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"mcwhirter-io": {
|
|
||||||
"branch": "consensus",
|
|
||||||
"rev": "a53a2f8a8a23eb0579ba6d0ec1c6e749bfcf8467",
|
|
||||||
"sha256": "1b72841hbj6wqsb37ma4y148lx287qjmcbr9p1dbzras6k4xvdlz",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://source.mcwhirter.io/craige/mcwhirter.io/archive/a53a2f8a8a23eb0579ba6d0ec1c6e749bfcf8467.tar.gz",
|
|
||||||
"url_template": "https://source.mcwhirter.io/craige/mcwhirter.io/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"niv": {
|
|
||||||
"branch": "master",
|
|
||||||
"description": "Easy dependency management for Nix projects",
|
|
||||||
"homepage": "https://github.com/nmattia/niv",
|
|
||||||
"owner": "nmattia",
|
|
||||||
"repo": "niv",
|
|
||||||
"rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41",
|
|
||||||
"sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"nixos2111": {
|
|
||||||
"branch": "nixos-21.11",
|
|
||||||
"description": "Nix Packages collection",
|
|
||||||
"homepage": "",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "63198c9ccefdbd337cef0d85db0ea2689f4ce418",
|
|
||||||
"sha256": "05gc6xyv8a2dppngm1q44j85j769lr90lg20s6jv62gfg344i50r",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/nixos/nixpkgs/archive/63198c9ccefdbd337cef0d85db0ea2689f4ce418.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"nixpkgs": {
|
|
||||||
"branch": "nixos-23.05",
|
|
||||||
"builtin": false,
|
|
||||||
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
|
|
||||||
"homepage": "https://github.com/NixOS/nixpkgs",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "6da4bc6cb07cba1b8e53d139cbf1d2fb8061d967",
|
|
||||||
"sha256": "0jgcqcbj41g04w4b48c6z4x2mrjx41i36lp6rzh9h4r1cdm74prm",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/6da4bc6cb07cba1b8e53d139cbf1d2fb8061d967.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"nixpkgsUnstable": {
|
|
||||||
"branch": "nixos-unstable",
|
|
||||||
"description": "Nix Packages collection",
|
|
||||||
"homepage": "",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "da45bf6ec7bbcc5d1e14d3795c025199f28e0de0",
|
|
||||||
"sha256": "0f4f9xh4rkgk9in2hzwm371vahppdixbdb73ki1v5dq1r2iv015h",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/nixos/nixpkgs/archive/da45bf6ec7bbcc5d1e14d3795c025199f28e0de0.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
}
|
|
||||||
}
|
|
141
nix/sources.nix
141
nix/sources.nix
|
@ -1,141 +0,0 @@
|
||||||
# This file has been generated by Niv.
|
|
||||||
let
|
|
||||||
#
|
|
||||||
# The fetchers. fetch_<type> fetches specs of type <type>.
|
|
||||||
#
|
|
||||||
fetch_file = pkgs: spec:
|
|
||||||
if spec.builtin or true
|
|
||||||
then builtins_fetchurl {inherit (spec) url sha256;}
|
|
||||||
else pkgs.fetchurl {inherit (spec) url sha256;};
|
|
||||||
|
|
||||||
fetch_tarball = pkgs: spec:
|
|
||||||
if spec.builtin or true
|
|
||||||
then builtins_fetchTarball {inherit (spec) url sha256;}
|
|
||||||
else pkgs.fetchzip {inherit (spec) url sha256;};
|
|
||||||
|
|
||||||
fetch_git = spec:
|
|
||||||
builtins.fetchGit {
|
|
||||||
url = spec.repo;
|
|
||||||
inherit (spec) rev ref;
|
|
||||||
};
|
|
||||||
|
|
||||||
fetch_builtin-tarball = spec:
|
|
||||||
builtins.trace ''
|
|
||||||
WARNING:
|
|
||||||
The niv type "builtin-tarball" will soon be deprecated. You should
|
|
||||||
instead use `builtin = true`.
|
|
||||||
|
|
||||||
$ niv modify <package> -a type=tarball -a builtin=true
|
|
||||||
''
|
|
||||||
builtins_fetchTarball {inherit (spec) url sha256;};
|
|
||||||
|
|
||||||
fetch_builtin-url = spec:
|
|
||||||
builtins.trace ''
|
|
||||||
WARNING:
|
|
||||||
The niv type "builtin-url" will soon be deprecated. You should
|
|
||||||
instead use `builtin = true`.
|
|
||||||
|
|
||||||
$ niv modify <package> -a type=file -a builtin=true
|
|
||||||
'' (builtins_fetchurl {inherit (spec) url sha256;});
|
|
||||||
|
|
||||||
#
|
|
||||||
# Various helpers
|
|
||||||
#
|
|
||||||
|
|
||||||
# The set of packages used when specs are fetched using non-builtins.
|
|
||||||
mkPkgs = sources: let
|
|
||||||
sourcesNixpkgs =
|
|
||||||
import (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;})
|
|
||||||
{};
|
|
||||||
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
|
|
||||||
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
|
|
||||||
in
|
|
||||||
if builtins.hasAttr "nixpkgs" sources
|
|
||||||
then sourcesNixpkgs
|
|
||||||
else if hasNixpkgsPath && !hasThisAsNixpkgsPath
|
|
||||||
then import <nixpkgs> {}
|
|
||||||
else
|
|
||||||
abort ''
|
|
||||||
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
|
||||||
add a package called "nixpkgs" to your sources.json.
|
|
||||||
'';
|
|
||||||
|
|
||||||
# The actual fetching function.
|
|
||||||
fetch = pkgs: name: spec:
|
|
||||||
if !builtins.hasAttr "type" spec
|
|
||||||
then abort "ERROR: niv spec ${name} does not have a 'type' attribute"
|
|
||||||
else if spec.type == "file"
|
|
||||||
then fetch_file pkgs spec
|
|
||||||
else if spec.type == "tarball"
|
|
||||||
then fetch_tarball pkgs spec
|
|
||||||
else if spec.type == "git"
|
|
||||||
then fetch_git spec
|
|
||||||
else if spec.type == "builtin-tarball"
|
|
||||||
then fetch_builtin-tarball spec
|
|
||||||
else if spec.type == "builtin-url"
|
|
||||||
then fetch_builtin-url spec
|
|
||||||
else
|
|
||||||
abort
|
|
||||||
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
|
|
||||||
|
|
||||||
# Ports of functions for older nix versions
|
|
||||||
|
|
||||||
# a Nix version of mapAttrs if the built-in doesn't exist
|
|
||||||
mapAttrs =
|
|
||||||
builtins.mapAttrs
|
|
||||||
or (f: set:
|
|
||||||
with builtins;
|
|
||||||
listToAttrs (map (attr: {
|
|
||||||
name = attr;
|
|
||||||
value = f attr set.${attr};
|
|
||||||
}) (attrNames set)));
|
|
||||||
|
|
||||||
# fetchTarball version that is compatible between all the versions of Nix
|
|
||||||
builtins_fetchTarball = {
|
|
||||||
url,
|
|
||||||
sha256,
|
|
||||||
} @ attrs: let
|
|
||||||
inherit (builtins) lessThan nixVersion fetchTarball;
|
|
||||||
in
|
|
||||||
if lessThan nixVersion "1.12"
|
|
||||||
then fetchTarball {inherit url;}
|
|
||||||
else fetchTarball attrs;
|
|
||||||
|
|
||||||
# fetchurl version that is compatible between all the versions of Nix
|
|
||||||
builtins_fetchurl = {
|
|
||||||
url,
|
|
||||||
sha256,
|
|
||||||
} @ attrs: let
|
|
||||||
inherit (builtins) lessThan nixVersion fetchurl;
|
|
||||||
in
|
|
||||||
if lessThan nixVersion "1.12"
|
|
||||||
then fetchurl {inherit url;}
|
|
||||||
else fetchurl attrs;
|
|
||||||
|
|
||||||
# Create the final "sources" from the config
|
|
||||||
mkSources = config:
|
|
||||||
mapAttrs (name: spec:
|
|
||||||
if builtins.hasAttr "outPath" spec
|
|
||||||
then
|
|
||||||
abort
|
|
||||||
"The values in sources.json should not have an 'outPath' attribute"
|
|
||||||
else spec // {outPath = fetch config.pkgs name spec;})
|
|
||||||
config.sources;
|
|
||||||
|
|
||||||
# The "config" used by the fetchers
|
|
||||||
mkConfig = {
|
|
||||||
sourcesFile ? ./sources.json,
|
|
||||||
sources ? builtins.fromJSON (builtins.readFile sourcesFile),
|
|
||||||
pkgs ? mkPkgs sources,
|
|
||||||
}: rec {
|
|
||||||
# The sources, i.e. the attribute set of spec name to spec
|
|
||||||
inherit sources;
|
|
||||||
|
|
||||||
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
|
|
||||||
inherit pkgs;
|
|
||||||
};
|
|
||||||
in
|
|
||||||
mkSources (mkConfig {})
|
|
||||||
// {
|
|
||||||
__functor = _: settings: mkSources (mkConfig settings);
|
|
||||||
}
|
|
|
@ -25,9 +25,10 @@
|
||||||
iolear-beag = import hosts/iolear-beag.nix;
|
iolear-beag = import hosts/iolear-beag.nix;
|
||||||
doilidh = import hosts/doilidh.nix;
|
doilidh = import hosts/doilidh.nix;
|
||||||
eamhair = import hosts/eamhair.nix;
|
eamhair = import hosts/eamhair.nix;
|
||||||
buaidheach = import hosts/buaidheach.nix;
|
|
||||||
ceitidh = import hosts/ceitidh.nix;
|
ceitidh = import hosts/ceitidh.nix;
|
||||||
paidh-uachdar = import hosts/paidh-uachdar.nix;
|
paidh-uachdar = import hosts/paidh-uachdar.nix;
|
||||||
|
sanganto = import hosts/sanganto.nix;
|
||||||
|
sercanto = import hosts/sercanto.nix;
|
||||||
sithlainnir = import hosts/sithlainnir.nix;
|
sithlainnir = import hosts/sithlainnir.nix;
|
||||||
teintidh = import hosts/teintidh.nix;
|
teintidh = import hosts/teintidh.nix;
|
||||||
}
|
}
|
||||||
|
|
21
outputs.nix
Normal file
21
outputs.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{
|
||||||
|
self,
|
||||||
|
daedalus,
|
||||||
|
nix,
|
||||||
|
nixpkgs,
|
||||||
|
nixpkgsUnstable,
|
||||||
|
utils,
|
||||||
|
...
|
||||||
|
} @ inputs:
|
||||||
|
(utils.lib.eachDefaultSystem (system: let
|
||||||
|
pkgs = nixpkgs.legacyPackages."${system}";
|
||||||
|
in {
|
||||||
|
devShell =
|
||||||
|
pkgs.callPackage
|
||||||
|
./shell.nix {
|
||||||
|
inherit (nix.packages."${pkgs.system}") nix;
|
||||||
|
inherit (nixpkgsUnstable.legacyPackages."${pkgs.system}") alejandra;
|
||||||
|
};
|
||||||
|
}))
|
||||||
|
// {
|
||||||
|
}
|
6
overlays/ncmpcpp.nix
Normal file
6
overlays/ncmpcpp.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
# Enable the visualiser in ncmpcpp
|
||||||
|
self: super: {
|
||||||
|
ncmpcpp = super.ncmpcpp.override {
|
||||||
|
visualizerSupport = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -3,15 +3,15 @@
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
|
cardano-node,
|
||||||
|
iohkNix,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
sources = import ../nix/sources.nix;
|
cardanoNodeProject = import (cardano-node + "/nix") {
|
||||||
cardanoNodeProject = import (sources.cardano-node + "/nix") {
|
gitrev = cardano-node.rev;
|
||||||
gitrev = sources.cardano-node.rev;
|
|
||||||
};
|
};
|
||||||
iohkNix = import (sources.iohk-nix) {};
|
|
||||||
in {
|
in {
|
||||||
imports = [../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos"];
|
imports = [../secrets/cardano/producers.nix "${cardano-node.cardano-node}/nix/nixos"];
|
||||||
|
|
||||||
environment.systemPackages = [cardanoNodeProject.cardano-cli];
|
environment.systemPackages = [cardanoNodeProject.cardano-cli];
|
||||||
|
|
||||||
|
|
|
@ -2,11 +2,11 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
|
daedalus,
|
||||||
lib,
|
lib,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
sources = import ../nix/sources.nix;
|
daedalusProject = import daedalus.daedalus {};
|
||||||
daedalusProject = import sources.daedalus {};
|
|
||||||
daedalusMainnet = daedalusProject.daedalus;
|
daedalusMainnet = daedalusProject.daedalus;
|
||||||
#daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight};
|
#daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight};
|
||||||
in {
|
in {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Craige's desktop requirements
|
# Craige's NixOS desktop requirements
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
|
@ -14,11 +14,34 @@
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
byobu # text-based window manager and terminal multiplexer.
|
byobu # text-based window manager and terminal multiplexer.
|
||||||
caprine-bin # an elegant Facebook Messenger desktop app
|
caprine-bin # an elegant Facebook Messenger desktop app
|
||||||
|
element-desktop # A feature-rich client for Matrix.org
|
||||||
|
enlightenment.terminology # Powerful terminal emulator based on EFL
|
||||||
|
firefox # A web browser built from Firefox source tree
|
||||||
|
ffmpeg-full # record, convert and stream audio and video
|
||||||
|
gimp # The GNU Image Manipulation Program
|
||||||
gopass # password file manager
|
gopass # password file manager
|
||||||
|
libreoffice # Comprehensive, professional-quality productivity suite
|
||||||
|
mpd # A flexible, powerful daemon for playing music
|
||||||
|
ncmpcpp # A featureful ncurses based MPD client inspired by ncmpc
|
||||||
|
nextcloud-client # Nextcloud themed desktop client
|
||||||
|
nvme-cli # NVM-Express user space tooling for Linux
|
||||||
|
pandoc # Conversion between documentation formats
|
||||||
|
pavucontrol # PulseAudio Volume Control
|
||||||
|
pwgen # Password generator
|
||||||
|
siji # An iconic bitmap font based on Stlarch with additional glyphs
|
||||||
shared-mime-info # A database of common MIME types
|
shared-mime-info # A database of common MIME types
|
||||||
|
shotwell # Photo organizer
|
||||||
|
signal-desktop # Private, simple, and secure messenger
|
||||||
|
sshfs # allows remote filesystems to be mounted over SSH
|
||||||
sweethome3d.application # design and visualise homes
|
sweethome3d.application # design and visualise homes
|
||||||
|
taskwarrior # Highly flexible command-line tool to manage TODO lists
|
||||||
termonad # Terminal emulator configurable in Haskell
|
termonad # Terminal emulator configurable in Haskell
|
||||||
whalebird # Mastodon client
|
texliveFull # TeX Live environment
|
||||||
|
tmate # Instant Terminal Sharing
|
||||||
|
tor-browser-bundle-bin # Tor Browser Bundle built by torproject.org
|
||||||
|
tuba # Fediverse client
|
||||||
|
unzip # An extraction utility for archives compressed in .zip format
|
||||||
|
vcsh # Version Control System for $HOME
|
||||||
yt-dlp # Command-line tool to download videos
|
yt-dlp # Command-line tool to download videos
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,11 +26,12 @@
|
||||||
element-desktop # A feature-rich client for Matrix.org
|
element-desktop # A feature-rich client for Matrix.org
|
||||||
librewolf # Firefox fork, focused on privacy, security and freedom
|
librewolf # Firefox fork, focused on privacy, security and freedom
|
||||||
gnome.gnome-tweaks # A tool to customize advanced GNOME 3 options
|
gnome.gnome-tweaks # A tool to customize advanced GNOME 3 options
|
||||||
google-chrome # A freeware web browser developed by Google
|
krita # A free and open source painting application
|
||||||
libreoffice-fresh
|
libreoffice-fresh
|
||||||
mplayer # A movie player that supports many video formats
|
mplayer # A movie player that supports many video formats
|
||||||
nextcloud-client # Nextcloud desktop client
|
nextcloud-client # Nextcloud desktop client
|
||||||
pwgen # Password generator
|
pwgen # Password generator
|
||||||
|
rsync
|
||||||
shotwell # Photo organizer
|
shotwell # Photo organizer
|
||||||
signal-desktop # Private, simple, and secure messenger
|
signal-desktop # Private, simple, and secure messenger
|
||||||
usbutils # Tools for working with USB devices, such as lsusb
|
usbutils # Tools for working with USB devices, such as lsusb
|
||||||
|
@ -46,35 +47,58 @@
|
||||||
true; # A daemon for delivering ACPI events to userspace programs
|
true; # A daemon for delivering ACPI events to userspace programs
|
||||||
blueman.enable = true; # GTK-based Bluetooth Manager
|
blueman.enable = true; # GTK-based Bluetooth Manager
|
||||||
devmon.enable = true; # Enable external device automounting.`
|
devmon.enable = true; # Enable external device automounting.`
|
||||||
|
displayManager = {
|
||||||
|
defaultSession = "pantheon"; # Set GNOME as the default session
|
||||||
|
};
|
||||||
|
libinput = {
|
||||||
|
enable = true; # Enable touchpad support.
|
||||||
|
touchpad = {
|
||||||
|
tapping = true;
|
||||||
|
tappingButtonMap = "lrm"; # Set the touchpad button mappeing
|
||||||
|
};
|
||||||
|
};
|
||||||
udev.packages = [
|
udev.packages = [
|
||||||
pkgs.android-udev-rules # Android udev rules list
|
pkgs.android-udev-rules # Android udev rules list
|
||||||
];
|
];
|
||||||
udisks2.enable = true; # Enable udisks2
|
udisks2.enable = true; # Enable udisks2
|
||||||
|
|
||||||
|
pantheon = {
|
||||||
|
apps.enable = true;
|
||||||
|
contractor.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
xserver = {
|
xserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
desktopManager = {
|
desktopManager = {
|
||||||
gnome.enable = true; # Enable GNOME desktop environment
|
gnome.enable = false; # Enable GNOME desktop environment
|
||||||
|
pantheon.enable = true; # Enable Pantheon desktop environment
|
||||||
};
|
};
|
||||||
displayManager = {
|
displayManager = {
|
||||||
defaultSession = "gnome"; # Set GNOME as the default session
|
gdm.enable = false; # Enable the GNOME display manager
|
||||||
gdm.enable = true; # Enable the GNOME display manager
|
lightdm.greeters.pantheon.enable = true;
|
||||||
};
|
};
|
||||||
libinput.enable = true; # Enable touchpad support.
|
};
|
||||||
|
|
||||||
|
pipewire = {
|
||||||
|
enable = true;
|
||||||
|
alsa = {
|
||||||
|
enable = true;
|
||||||
|
support32Bit = true;
|
||||||
|
};
|
||||||
|
pulse.enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sound.enable = true; # Enable sound.
|
sound.enable = true; # Enable sound.
|
||||||
|
security.rtkit.enable = true; # realtime scheduling for sound
|
||||||
|
|
||||||
# Configure common hardware settings
|
# Configure common hardware settings
|
||||||
hardware = {
|
hardware = {
|
||||||
pulseaudio = {
|
pulseaudio = {
|
||||||
enable = true;
|
enable = false;
|
||||||
package = pkgs.pulseaudioFull;
|
|
||||||
};
|
};
|
||||||
bluetooth = {
|
bluetooth = {
|
||||||
enable = true; # Enable bluetooth
|
enable = true; # Enable bluetooth
|
||||||
hsphfpd.enable = true;
|
|
||||||
settings = {
|
settings = {
|
||||||
General = {
|
General = {
|
||||||
Enable = "Source,Sink,Media,Socket";
|
Enable = "Source,Sink,Media,Socket";
|
||||||
|
@ -86,7 +110,7 @@
|
||||||
opengl.enable = true;
|
opengl.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Configure Firefox and Chromium
|
# Configure libreWolf and Chromium
|
||||||
nixpkgs.config = {allowUnfree = true;};
|
nixpkgs.config = {allowUnfree = true;};
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
|
|
|
@ -1,121 +0,0 @@
|
||||||
# NixOps configuration for the hosts running Forgejo
|
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
sources,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
sources = import ../nix/sources.nix;
|
|
||||||
unstable = import sources.nixpkgsUnstable {};
|
|
||||||
in {
|
|
||||||
services.gitea = {
|
|
||||||
enable = true; # Enable Forgejo
|
|
||||||
appName = "mcwhirter.io: Forgejo Service"; # Give the site a name
|
|
||||||
database = {
|
|
||||||
type = "postgres"; # Database type
|
|
||||||
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
|
|
||||||
};
|
|
||||||
disableRegistration = true;
|
|
||||||
domain = "source.mcwhirter.io"; # Domain name
|
|
||||||
rootUrl = "https://source.mcwhirter.io/"; # Root web URL
|
|
||||||
httpPort = 3002; # Provided unique port
|
|
||||||
package = unstable.forgejo; # a soft fork of gitea
|
|
||||||
settings = let
|
|
||||||
docutils = pkgs.python39.withPackages (ps:
|
|
||||||
with ps; [
|
|
||||||
docutils # Provides rendering of ReStructured Text files
|
|
||||||
pygments # Provides syntax highlighting
|
|
||||||
]);
|
|
||||||
in {
|
|
||||||
mailer = {
|
|
||||||
ENABLED = true;
|
|
||||||
FROM = "gitea@mcwhirter.io";
|
|
||||||
};
|
|
||||||
repository = {DEFAULT_BRANCH = "consensus";};
|
|
||||||
service = {REGISTER_EMAIL_CONFIRM = true;};
|
|
||||||
"markup.restructuredtext" = {
|
|
||||||
ENABLED = true;
|
|
||||||
FILE_EXTENSIONS = ".rst";
|
|
||||||
RENDER_COMMAND = "${docutils}/bin/rst2html.py";
|
|
||||||
IS_INPUT_FILE = false;
|
|
||||||
};
|
|
||||||
ui = {
|
|
||||||
DEFAULT_THEME = "forgejo-auto"; # Set the default theme
|
|
||||||
THEMES = "forgejo-auto,forgejo-light,forgejo-dark,auto,arc-green,gitea";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd = {
|
|
||||||
services = {
|
|
||||||
gitea = {
|
|
||||||
# Ensure gitea starts after nixops keys are loaded
|
|
||||||
after = ["gitea-dbpass-key.service"];
|
|
||||||
wants = ["gitea-dbpass-key.service"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.postgresql = {
|
|
||||||
enable = true; # Ensure postgresql is enabled
|
|
||||||
authentication = ''
|
|
||||||
local gitea all ident map=gitea-users
|
|
||||||
'';
|
|
||||||
identMap =
|
|
||||||
# Map the gitea user to postgresql
|
|
||||||
''
|
|
||||||
gitea-users gitea gitea
|
|
||||||
'';
|
|
||||||
ensureDatabases = ["gitea"]; # Ensure the database persists
|
|
||||||
ensureUsers = [
|
|
||||||
{
|
|
||||||
name = "gitea"; # Ensure the database user persists
|
|
||||||
ensurePermissions = {
|
|
||||||
# Ensure the database permissions persist
|
|
||||||
"DATABASE gitea" = "ALL PRIVILEGES";
|
|
||||||
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.postgresqlBackup.databases = ["gitea"];
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
enable = true; # Enable Nginx
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
virtualHosts."source.mcwhirter.io" = {
|
|
||||||
# Forgejo hostname
|
|
||||||
enableACME = true; # Use ACME certs
|
|
||||||
forceSSL = true; # Force SSL
|
|
||||||
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Forgejo
|
|
||||||
};
|
|
||||||
virtualHosts."git.mcwhirter.io" = {
|
|
||||||
# Hostname to be redirected
|
|
||||||
enableACME = true; # Use ACME certs
|
|
||||||
forceSSL = true; # Force SSL
|
|
||||||
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
|
|
||||||
};
|
|
||||||
virtualHosts."code.mcwhirter.io" = {
|
|
||||||
# Hostname to be redirected
|
|
||||||
enableACME = true; # Use ACME certs
|
|
||||||
forceSSL = true; # Force SSL
|
|
||||||
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
security.acme = {
|
|
||||||
acceptTerms = true;
|
|
||||||
certs = {
|
|
||||||
"code.mcwhirter.io".email = "craige@mcwhirter.io";
|
|
||||||
"git.mcwhirter.io".email = "craige@mcwhirter.io";
|
|
||||||
"source.mcwhirter.io".email = "craige@mcwhirter.io";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
users.groups.keys.members = ["gitea"]; # Required due to NixOps issue #1204
|
|
||||||
}
|
|
|
@ -2,11 +2,9 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
|
nixpkgsUnstable,
|
||||||
...
|
...
|
||||||
}: let
|
}: {
|
||||||
sources = import ../nix/sources.nix;
|
|
||||||
unstable = import sources.nixpkgsUnstable {};
|
|
||||||
in {
|
|
||||||
imports = [
|
imports = [
|
||||||
../profiles/minecraftClient.nix # Play Minecraft :-)
|
../profiles/minecraftClient.nix # Play Minecraft :-)
|
||||||
];
|
];
|
||||||
|
@ -20,7 +18,7 @@ in {
|
||||||
freeciv # Multiplayer (or single player), turn-based strategy game
|
freeciv # Multiplayer (or single player), turn-based strategy game
|
||||||
freedroidrpg # Isometric 3D RPG similar to game Diablo
|
freedroidrpg # Isometric 3D RPG similar to game Diablo
|
||||||
gcompris # Educational software suite, kids aged 2 to 10
|
gcompris # Educational software suite, kids aged 2 to 10
|
||||||
unstable.grapejuice # Simple Wine+Roblox management tool
|
nixpkgsUnstable.grapejuice # Simple Wine+Roblox management tool
|
||||||
#lincity_ng # City building game
|
#lincity_ng # City building game
|
||||||
meritous # Action-adventure dungeon crawl game
|
meritous # Action-adventure dungeon crawl game
|
||||||
minetest # Infinite-world block sandbox game
|
minetest # Infinite-world block sandbox game
|
||||||
|
|
|
@ -1,76 +0,0 @@
|
||||||
# NixOps configuration for the hosts running Gitea
|
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
services.gitea = {
|
|
||||||
enable = true; # Enable Gitea
|
|
||||||
appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name
|
|
||||||
database = {
|
|
||||||
type = "postgres"; # Database type
|
|
||||||
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
|
|
||||||
};
|
|
||||||
domain = "source.taigh.mcwhirter.io"; # Domain name
|
|
||||||
rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL
|
|
||||||
httpPort = 3001; # Provided unique port
|
|
||||||
extraConfig = let
|
|
||||||
docutils = pkgs.python37.withPackages (ps:
|
|
||||||
with ps; [
|
|
||||||
docutils # Provides rendering of ReStructured Text files
|
|
||||||
pygments # Provides syntax highlighting
|
|
||||||
]);
|
|
||||||
in ''
|
|
||||||
[mailer]
|
|
||||||
ENABLED = true
|
|
||||||
FROM = "gitea@mcwhirter.io"
|
|
||||||
[service]
|
|
||||||
REGISTER_EMAIL_CONFIRM = true
|
|
||||||
[markup.restructuredtext]
|
|
||||||
ENABLED = true
|
|
||||||
FILE_EXTENSIONS = .rst
|
|
||||||
RENDER_COMMAND = ${docutils}/bin/rst2html.py
|
|
||||||
IS_INPUT_FILE = false
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
services.postgresql = {
|
|
||||||
enable = true; # Ensure postgresql is enabled
|
|
||||||
authentication = ''
|
|
||||||
local gitea all ident map=gitea-users
|
|
||||||
'';
|
|
||||||
identMap =
|
|
||||||
# Map the gitea user to postgresql
|
|
||||||
''
|
|
||||||
gitea-users gitea gitea
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
enable = true; # Enable Nginx
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
#recommendedTlsSettings = true;
|
|
||||||
virtualHosts."source.taigh.mcwhirter.io" = {
|
|
||||||
# Gitea hostname
|
|
||||||
#enableACME = true; # Use ACME certs
|
|
||||||
#forceSSL = true; # Force SSL
|
|
||||||
locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Configure firewall defaults:
|
|
||||||
networking = {
|
|
||||||
firewall = {
|
|
||||||
enable = true;
|
|
||||||
allowedTCPPorts = [80];
|
|
||||||
trustedInterfaces = ["lo"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
#security.acme.certs = {
|
|
||||||
# "source.mcwhirter.io".email = "craige@mcwhirter.io";
|
|
||||||
#};
|
|
||||||
}
|
|
|
@ -26,7 +26,7 @@
|
||||||
# Set the defaul console properties
|
# Set the defaul console properties
|
||||||
console = {
|
console = {
|
||||||
keyMap = "us"; # Set the default console key map
|
keyMap = "us"; # Set the default console key map
|
||||||
font = "ter-powerline-v16Rv"; # Set the default console font
|
font = "ter-powerline-v32n"; # Set the default console font
|
||||||
};
|
};
|
||||||
|
|
||||||
time.timeZone = "Australia/Brisbane"; # Set your preferred timezone:
|
time.timeZone = "Australia/Brisbane"; # Set your preferred timezone:
|
||||||
|
@ -37,12 +37,15 @@
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
# Configure and install required fonts
|
# Configure and install required fonts
|
||||||
fonts.enableDefaultFonts = true;
|
fonts = {
|
||||||
fonts.fontDir.enable = true;
|
enableDefaultPackages = true;
|
||||||
fonts.fonts = with pkgs; [
|
fontDir.enable = true;
|
||||||
|
packages = with pkgs; [
|
||||||
powerline-fonts # Required for Powerline prompts
|
powerline-fonts # Required for Powerline prompts
|
||||||
|
powerline-symbols # Powerline symbols
|
||||||
];
|
];
|
||||||
fonts.fontconfig.includeUserConf = false;
|
fontconfig.includeUserConf = false;
|
||||||
|
};
|
||||||
|
|
||||||
# Adapted from gchristensen and clever
|
# Adapted from gchristensen and clever
|
||||||
nix = {
|
nix = {
|
||||||
|
|
|
@ -3,15 +3,13 @@
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
|
nix,
|
||||||
...
|
...
|
||||||
}: let
|
}: {
|
||||||
sources = import ../nix/sources.nix;
|
|
||||||
nixVersion = (import sources.nixpkgs {}).nixVersions.nix_2_13;
|
|
||||||
in {
|
|
||||||
imports = [../profiles/terminal-recording.nix ../profiles/nix-direnv.nix];
|
imports = [../profiles/terminal-recording.nix ../profiles/nix-direnv.nix];
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
package = nixVersion;
|
package = nix;
|
||||||
settings = {
|
settings = {
|
||||||
substituters = [
|
substituters = [
|
||||||
"https://cache.nixos.org"
|
"https://cache.nixos.org"
|
||||||
|
@ -38,9 +36,9 @@ in {
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [
|
||||||
awscli # Unified tool to manage your AWS services
|
awscli # Unified tool to manage your AWS services
|
||||||
bitwarden-cli # CLI client for Bitwarden
|
bitwarden-cli # CLI client for Bitwarden
|
||||||
|
brave # Privacy-oriented browser
|
||||||
buildkite-agent # Buildkite for IOHK
|
buildkite-agent # Buildkite for IOHK
|
||||||
cue # A data constraint language
|
cue # A data constraint language
|
||||||
discord # cross-platform voice and text chat
|
|
||||||
docker # Pack, ship and run any application as a lightweight container
|
docker # Pack, ship and run any application as a lightweight container
|
||||||
docker-compose # Multi-container orchestration for Docker
|
docker-compose # Multi-container orchestration for Docker
|
||||||
freerdp # A Remote Desktop Protocol Client, xfreerdp
|
freerdp # A Remote Desktop Protocol Client, xfreerdp
|
||||||
|
@ -50,7 +48,6 @@ in {
|
||||||
jq # A lightweight and flexible command-line JSON processor
|
jq # A lightweight and flexible command-line JSON processor
|
||||||
keybase-gui # The Keybase official client
|
keybase-gui # The Keybase official client
|
||||||
magic-wormhole # Securely transfer data between computers
|
magic-wormhole # Securely transfer data between computers
|
||||||
python38Packages.grip # Preview GitHub Markdown files like locally
|
|
||||||
s3fs # Mount an S3 bucket as filesystem through FUSE
|
s3fs # Mount an S3 bucket as filesystem through FUSE
|
||||||
shellcheck # Shell script analysis tool
|
shellcheck # Shell script analysis tool
|
||||||
slack-dark # Slack desktop client
|
slack-dark # Slack desktop client
|
||||||
|
@ -65,9 +62,6 @@ in {
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
keybase.enable = true;
|
keybase.enable = true;
|
||||||
#postgresql = {
|
|
||||||
# enable = true; # Ensure postgresql is enabled
|
|
||||||
# package = pkgs.postgresql_10; # Set the required version, if needed
|
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups.docker.members = ["craige"];
|
users.groups.docker.members = ["craige"];
|
||||||
|
|
12
profiles/ipv6.nix
Normal file
12
profiles/ipv6.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
# NixOps configuration for the hosts running a TURN server (coturn)
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
networking = {
|
||||||
|
enableIPv6 = true;
|
||||||
|
tempAddresses = "disabled";
|
||||||
|
};
|
||||||
|
}
|
|
@ -17,6 +17,7 @@
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
WEB_DOMAIN = "social.mcwhirter.io";
|
WEB_DOMAIN = "social.mcwhirter.io";
|
||||||
};
|
};
|
||||||
|
streamingProcesses = 5;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -30,6 +31,8 @@
|
||||||
# Required to redirect requests to the mastodon service
|
# Required to redirect requests to the mastodon service
|
||||||
"mcwhirter.io" = {
|
"mcwhirter.io" = {
|
||||||
locations."/.well-known/host-meta".extraConfig = "return 301 $scheme://social.mcwhirter.io$request_uri;";
|
locations."/.well-known/host-meta".extraConfig = "return 301 $scheme://social.mcwhirter.io$request_uri;";
|
||||||
|
enableACME = true; # Use ACME certs
|
||||||
|
forceSSL = true; # Force SSL
|
||||||
};
|
};
|
||||||
"social.mcwhirter.io" = {
|
"social.mcwhirter.io" = {
|
||||||
enableACME = true; # Use ACME certs
|
enableACME = true; # Use ACME certs
|
||||||
|
|
|
@ -129,11 +129,7 @@
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "matrix-synapse"; # Ensure the database user persists
|
name = "matrix-synapse"; # Ensure the database user persists
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
# Ensure the database permissions persist
|
|
||||||
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
|
|
||||||
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
# Initial database creation
|
# Initial database creation
|
||||||
|
|
|
@ -11,6 +11,8 @@
|
||||||
configure = {
|
configure = {
|
||||||
packages.myPlugins = with pkgs.vimPlugins; {
|
packages.myPlugins = with pkgs.vimPlugins; {
|
||||||
start = [
|
start = [
|
||||||
|
ale # Asynchronous Lint Engine
|
||||||
|
deoplete-nvim # an extensible and asynchronous completion framework
|
||||||
formatter-nvim # A format runner for neovim
|
formatter-nvim # A format runner for neovim
|
||||||
fugitive # Vim Git wrapper
|
fugitive # Vim Git wrapper
|
||||||
fzf-vim # Full path fuzzy file, buffer, mru, tag, finder for Vim
|
fzf-vim # Full path fuzzy file, buffer, mru, tag, finder for Vim
|
||||||
|
@ -18,15 +20,15 @@
|
||||||
indentLine # Display thin vertical lines at each indentation level
|
indentLine # Display thin vertical lines at each indentation level
|
||||||
lualine-nvim
|
lualine-nvim
|
||||||
YouCompleteMe # A code-completion engine for Vim
|
YouCompleteMe # A code-completion engine for Vim
|
||||||
|
neomake # asynchronously run programs like vim-terraform
|
||||||
nerdcommenter # Comment functions so powerful—no comment necessary
|
nerdcommenter # Comment functions so powerful—no comment necessary
|
||||||
nerdtree # File system explorer
|
nerdtree # File system explorer
|
||||||
nerdtree-git-plugin # Plugin for nerdtree showing git status
|
nerdtree-git-plugin # Plugin for nerdtree showing git status
|
||||||
nvim-treesitter # configurations and abstraction layer for Neovim.
|
nvim-treesitter # configurations and abstraction layer for Neovim.
|
||||||
onedarkpro-nvim # Dark and light themes for Neovim
|
onedarkpro-nvim # Dark and light themes for Neovim
|
||||||
#statix # Lints and suggestions for the nix programming language
|
|
||||||
supertab # Allows you to use <Tab> for all your insert completion
|
supertab # Allows you to use <Tab> for all your insert completion
|
||||||
syntastic # Syntax checking hacks
|
vim-terraform # tab completion, syntax highlighting, indentation
|
||||||
vim-addon-nix # Scripts assisting writing .nix files
|
vim-terraform-completion
|
||||||
vim-cue # Cue filetype plugin for Vim
|
vim-cue # Cue filetype plugin for Vim
|
||||||
vim-lastplace
|
vim-lastplace
|
||||||
vim-markdown-toc # Generate table of contents for Markdown files
|
vim-markdown-toc # Generate table of contents for Markdown files
|
||||||
|
@ -327,6 +329,7 @@
|
||||||
javascript = treefmt,
|
javascript = treefmt,
|
||||||
lua = treefmt,
|
lua = treefmt,
|
||||||
mint = treefmt,
|
mint = treefmt,
|
||||||
|
markdown = treefmt,
|
||||||
nix = treefmt,
|
nix = treefmt,
|
||||||
rego = treefmt,
|
rego = treefmt,
|
||||||
ruby = treefmt,
|
ruby = treefmt,
|
||||||
|
|
|
@ -20,15 +20,20 @@
|
||||||
dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password
|
dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password
|
||||||
adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password
|
adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password
|
||||||
adminuser = "root"; # Set the admin user name
|
adminuser = "root"; # Set the admin user name
|
||||||
overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS
|
|
||||||
defaultPhoneRegion = "AU"; # Country code for automatic phone-number detection
|
|
||||||
};
|
};
|
||||||
autoUpdateApps = {
|
autoUpdateApps = {
|
||||||
enable = true; # Run regular auto update of all apps installed
|
enable = true; # Run regular auto update of all apps installed
|
||||||
startAt = "01:00:00"; # When to run the update
|
startAt = "01:00:00"; # When to run the update
|
||||||
};
|
};
|
||||||
enableBrokenCiphersForSSE = false; # force upgrade to SSL v3
|
package = pkgs.nextcloud29;
|
||||||
package = pkgs.nextcloud26;
|
extraApps = with config.services.nextcloud.package.packages.apps; {
|
||||||
|
inherit calendar contacts deck gpoddersync notes tasks twofactor_webauthn;
|
||||||
|
};
|
||||||
|
extraAppsEnable = true;
|
||||||
|
settings = {
|
||||||
|
default_phone_region = "AU"; # Country code for automatic phone-number detection
|
||||||
|
overwriteprotocol = "https"; # Force Nextcloud to always use HTTPS
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd = {
|
systemd = {
|
||||||
|
@ -43,15 +48,19 @@
|
||||||
|
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true; # Ensure postgresql is enabled
|
enable = true; # Ensure postgresql is enabled
|
||||||
|
authentication = ''
|
||||||
|
local nextcloud all ident map=nextcloud-users
|
||||||
|
'';
|
||||||
|
identMap =
|
||||||
|
# Map the nextcloud user to postgresql
|
||||||
|
''
|
||||||
|
nextcloud-users nextcloud nextcloud
|
||||||
|
'';
|
||||||
ensureDatabases = ["nextcloud"]; # Ensure the database persists
|
ensureDatabases = ["nextcloud"]; # Ensure the database persists
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "nextcloud"; # Ensure the database user persists
|
name = "nextcloud"; # Ensure the database user persists
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
# Ensure the database permissions persist
|
|
||||||
"DATABASE nextcloud" = "ALL PRIVILEGES";
|
|
||||||
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -70,7 +79,8 @@
|
||||||
forceSSL = true; # Force SSL
|
forceSSL = true; # Force SSL
|
||||||
};
|
};
|
||||||
virtualHosts."owncloud.mcwhirter.io" = {
|
virtualHosts."owncloud.mcwhirter.io" = {
|
||||||
# Hostname to be redirected
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host
|
globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -83,7 +93,10 @@
|
||||||
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
certs = {"cloud.mcwhirter.io" = {email = "craige@mcwhirter.io";};};
|
certs = {
|
||||||
|
"cloud.mcwhirter.io" = {email = "craige@mcwhirter.io";};
|
||||||
|
"owncloud.mcwhirter.io" = {email = "craige@mcwhirter.io";};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups.keys.members = ["nextcloud"]; # Required due to NixOps issue #1204
|
users.groups.keys.members = ["nextcloud"]; # Required due to NixOps issue #1204
|
||||||
|
|
|
@ -1,6 +1,10 @@
|
||||||
# Use the Nix community aarch64 server as a build server
|
# Use the Nix community aarch64 server as a build server
|
||||||
# https://github.com/nix-community/aarch64-build-box
|
# https://github.com/nix-community/aarch64-build-box
|
||||||
{
|
{
|
||||||
|
programs.ssh.knownHosts."aarch64.nixos.community" = {
|
||||||
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUTz5i9u5H2FHNAmZJyoJfIGyUm/HfGhfwnc142L3ds";
|
||||||
|
};
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
distributedBuilds = true;
|
distributedBuilds = true;
|
||||||
buildMachines = [
|
buildMachines = [
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
|
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
(self: super: {
|
(self: super: {
|
||||||
nix-direnv = super.nix-direnv.override {enableFlakes = true;};
|
#nix-direnv = super.nix-direnv.override {enableFlakes = true;};
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,10 +15,10 @@
|
||||||
environment = {
|
environment = {
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [
|
||||||
cabal2nix # Convert Cabal files into Nix build instructions
|
cabal2nix # Convert Cabal files into Nix build instructions
|
||||||
nixfmt # An opinionated formatter for Nix
|
nixfmt-rfc-style # An opinionated formatter for Nix
|
||||||
nix-prefetch-github # Prefetch sources from github
|
nix-prefetch-github # Prefetch sources from github
|
||||||
nix-prefetch-git # Prefetch sources from git
|
nix-prefetch-git # Prefetch sources from git
|
||||||
nix-review # Review pull-requests on https://github.com/NixOS/nixpkgs
|
nixpkgs-review # Review pull-requests on https://github.com/NixOS/nixpkgs
|
||||||
nix-top # Tracks what nix is building
|
nix-top # Tracks what nix is building
|
||||||
nix-universal-prefetch # Uses nixpkgs fetchers to figure out hashes
|
nix-universal-prefetch # Uses nixpkgs fetchers to figure out hashes
|
||||||
nodePackages.node2nix # Generate Nix expressions to build NPM packages
|
nodePackages.node2nix # Generate Nix expressions to build NPM packages
|
||||||
|
|
24
profiles/pantheon.nix
Normal file
24
profiles/pantheon.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# Configuration for my pantheon desktop requirements
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
services = {
|
||||||
|
libinput.enable = true; # Enable touchpad support.
|
||||||
|
pantheon = {
|
||||||
|
apps.enable = true;
|
||||||
|
contractor.enable = true;
|
||||||
|
};
|
||||||
|
xserver = {
|
||||||
|
enable = true; # Enable the X11 windowing system.
|
||||||
|
desktopManager = {
|
||||||
|
pantheon.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
programs = {
|
||||||
|
dconf.enable = true;
|
||||||
|
pantheon-tweaks.enable = true; # additional system settings
|
||||||
|
};
|
||||||
|
}
|
31
profiles/pipewire.nix
Normal file
31
profiles/pipewire.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# Common configuration for pipewire on MIO desktops
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
security.rtkit.enable = true;
|
||||||
|
|
||||||
|
services = {
|
||||||
|
pipewire = {
|
||||||
|
enable = true;
|
||||||
|
alsa.enable = true;
|
||||||
|
alsa.support32Bit = true;
|
||||||
|
pulse.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.etc = {
|
||||||
|
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
|
||||||
|
bluez_monitor.properties = {
|
||||||
|
["bluez5.enable-sbc-xq"] = true,
|
||||||
|
["bluez5.enable-msbc"] = true,
|
||||||
|
["bluez5.enable-hw-volume"] = true,
|
||||||
|
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware.pulseaudio.enable = false;
|
||||||
|
sound.enable = true; # Enable sound.
|
||||||
|
}
|
|
@ -13,10 +13,29 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
logind = {
|
logind = {
|
||||||
lidSwitch = "hibernate";
|
lidSwitch = "suspend-then-hibernate";
|
||||||
lidSwitchDocked = "ignore";
|
lidSwitchDocked = "ignore";
|
||||||
|
# powerKey = "suspend-then-hibernate"; # Enable in 23.11
|
||||||
|
extraConfig = ''
|
||||||
|
HandlePowerKey=suspend-then-hibernate
|
||||||
|
IdleAction=suspend-then-hibernate
|
||||||
|
IdleActionSec=10m
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
thermald.enable = true;
|
||||||
|
auto-cpufreq = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
battery = {
|
||||||
|
governor = "powersave";
|
||||||
|
turbo = "never";
|
||||||
|
};
|
||||||
|
charger = {
|
||||||
|
governor = "performance";
|
||||||
|
turbo = "auto";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
tlp.enable = false;
|
|
||||||
upower = {
|
upower = {
|
||||||
enable = true; # Enable application power managemetn support
|
enable = true; # Enable application power managemetn support
|
||||||
percentageCritical = 15;
|
percentageCritical = 15;
|
||||||
|
@ -24,4 +43,14 @@
|
||||||
criticalPowerAction = "Hibernate";
|
criticalPowerAction = "Hibernate";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
programs.xss-lock = {
|
||||||
|
enable = true;
|
||||||
|
lockerCommand = "${pkgs.xscreensaver}/bin/screensaver-command -lock";
|
||||||
|
extraOptions = [
|
||||||
|
"-n ${pkgs.libnotify}/bin/notify-send \"Locking screen now\""
|
||||||
|
"IdleAction=lock"
|
||||||
|
"IdleActionSec=5m"
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,10 +4,7 @@
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
...
|
...
|
||||||
}: let
|
}: {
|
||||||
sources = import ../nix/sources.nix;
|
|
||||||
nixpkgs2111 = (import sources.nixos2111 {}).pkgs;
|
|
||||||
in {
|
|
||||||
imports = [
|
imports = [
|
||||||
../profiles/openssh.nix
|
../profiles/openssh.nix
|
||||||
../secrets/user-craige.nix
|
../secrets/user-craige.nix
|
||||||
|
@ -20,7 +17,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
package = pkgs.postgresql_11;
|
package = pkgs.postgresql_16;
|
||||||
};
|
};
|
||||||
|
|
||||||
security.polkit.enable = false; # avoid CVE-2021-4034 (PwnKit)
|
security.polkit.enable = false; # avoid CVE-2021-4034 (PwnKit)
|
||||||
|
|
19
profiles/steam.nix
Normal file
19
profiles/steam.nix
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
# Steam configuration for NixOS
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
programs.steam = {
|
||||||
|
enable = true;
|
||||||
|
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||||
|
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
||||||
|
};
|
||||||
|
nixpkgs.config.allowUnfreePredicate = pkg:
|
||||||
|
builtins.elem (lib.getName pkg) [
|
||||||
|
"steam"
|
||||||
|
"steam-original"
|
||||||
|
"steam-run"
|
||||||
|
];
|
||||||
|
}
|
|
@ -9,6 +9,7 @@
|
||||||
enable = true; # Enable Taskwarrior server
|
enable = true; # Enable Taskwarrior server
|
||||||
fqdn = "task.mcwhirter.io"; # Server's public domain name
|
fqdn = "task.mcwhirter.io"; # Server's public domain name
|
||||||
listenHost = "task.mcwhirter.io"; # Sets listening IP & opens firewall
|
listenHost = "task.mcwhirter.io"; # Sets listening IP & opens firewall
|
||||||
|
openFirewall = true;
|
||||||
organisations = {
|
organisations = {
|
||||||
teaghlach = {
|
teaghlach = {
|
||||||
groups = ["teaghlach"];
|
groups = ["teaghlach"];
|
||||||
|
|
|
@ -34,11 +34,7 @@
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "tt_rss"; # Ensure the database user persists
|
name = "tt_rss"; # Ensure the database user persists
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
# Ensure the database permissions persist
|
|
||||||
"DATABASE tt_rss" = "ALL PRIVILEGES";
|
|
||||||
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -8,6 +8,17 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
devmon.enable = true; # Enable external device automounting.
|
devmon.enable = true; # Enable external device automounting.
|
||||||
|
displayManager = {
|
||||||
|
defaultSession = "none+xmonad"; # Set to use xmonad as default
|
||||||
|
sddm.enable = false; # Enable the Plasma display manager
|
||||||
|
};
|
||||||
|
libinput = {
|
||||||
|
enable = true; # Enable touchpad support.
|
||||||
|
touchpad = {
|
||||||
|
tapping = true;
|
||||||
|
tappingButtonMap = "lrm"; # Set the touchpad button mappeing
|
||||||
|
};
|
||||||
|
};
|
||||||
udisks2.enable = true; # Enable udisks2.
|
udisks2.enable = true; # Enable udisks2.
|
||||||
|
|
||||||
xserver = {
|
xserver = {
|
||||||
|
@ -18,12 +29,9 @@
|
||||||
plasma5.enable = true; # Enable Plasma desktop environment
|
plasma5.enable = true; # Enable Plasma desktop environment
|
||||||
};
|
};
|
||||||
displayManager = {
|
displayManager = {
|
||||||
defaultSession = "none+xmonad"; # Set KDE configured to use xmonad as default
|
|
||||||
gdm.enable = false; # Enable the GNOME display manager
|
gdm.enable = false; # Enable the GNOME display manager
|
||||||
sddm.enable = true; # Enable the Plasma display manager
|
lightdm.greeters.pantheon.enable = true;
|
||||||
};
|
};
|
||||||
layout = "us"; # Set your preferred keyboard layout.
|
|
||||||
libinput.enable = true; # Enable touchpad support.
|
|
||||||
windowManager = {
|
windowManager = {
|
||||||
# Open configuration for the window manager.
|
# Open configuration for the window manager.
|
||||||
xmonad.enable = true; # Enable xmonad.
|
xmonad.enable = true; # Enable xmonad.
|
||||||
|
@ -37,6 +45,7 @@
|
||||||
haskellPackages.xmonad
|
haskellPackages.xmonad
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
xkb.layout = "us"; # Set your preferred keyboard layout.
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -48,22 +57,31 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
# Install any additional fonts that I require to be used with xmonad
|
# Install any additional fonts that I require to be used with xmonad
|
||||||
fonts.fonts = with pkgs; [
|
fonts.packages = with pkgs; [
|
||||||
open-sans # Used in in my xmobar configuration
|
open-sans # Used in in my polybar configuration
|
||||||
|
siji # An iconic bitmap font based on Stlarch with additional glyphs
|
||||||
];
|
];
|
||||||
|
|
||||||
# Install other packages that I require to be used with xmonad.
|
# Install other packages that I require to be used with xmonad.
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
dunst # Lightweight and customizable notification daemon
|
||||||
feh # A light-weight image viewer to set backgrounds
|
feh # A light-weight image viewer to set backgrounds
|
||||||
haskellPackages.libmpd # Shows MPD status in xmobar
|
haskellPackages.libmpd # Shows MPD status in polybar
|
||||||
mpc_cli # CLI for MPD, called from xmonad
|
mpc_cli # CLI for MPD, called from xmonad
|
||||||
libnotify # Notification client for my Xmonad setup
|
libnotify # Notification client for my Xmonad setup
|
||||||
scrot # CLI screen capture utility
|
polybarFull # A fast and easy-to-use tool for creating status bars
|
||||||
|
rofi # run dialog and dmenu replacement
|
||||||
|
flameshot # Powerful yet simple to use screenshot software
|
||||||
xbrightness # X11 brigthness and gamma software control
|
xbrightness # X11 brigthness and gamma software control
|
||||||
xflux # Adjusts your screen to emit warmer light at night
|
xflux # Adjusts your screen to emit warmer light at night
|
||||||
xorg.xrandr # CLI to X11 RandR extension
|
xorg.xrandr # CLI to X11 RandR extension
|
||||||
xscreensaver # My preferred screensaver
|
xscreensaver # My preferred screensaver
|
||||||
|
(haskellPackages.ghcWithPackages (hpkgs: [
|
||||||
|
hpkgs.xmonad
|
||||||
|
hpkgs.xmonad-contrib
|
||||||
|
]))
|
||||||
];
|
];
|
||||||
|
|
||||||
programs.dconf.enable = true;
|
programs.dconf.enable = true;
|
||||||
|
programs.light.enable = true; # install backlight control and udev rules
|
||||||
}
|
}
|
||||||
|
|
|
@ -40,8 +40,8 @@
|
||||||
environment = {
|
environment = {
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [
|
||||||
paperkey # Store OpenPGP or GnuPG on paper
|
paperkey # Store OpenPGP or GnuPG on paper
|
||||||
pinentry_curses # GnuPG’s interface to passphrase input
|
pinentry-curses # GnuPG’s interface to passphrase input
|
||||||
pinentry_qt # GnuPG’s interface to passphrase input
|
pinentry-qt # GnuPG’s interface to passphrase input
|
||||||
yubikey-manager # CLI tool for configuring any YubiKey over USB
|
yubikey-manager # CLI tool for configuring any YubiKey over USB
|
||||||
yubikey-manager-qt # Configure any YubiKey over USB interfaces
|
yubikey-manager-qt # Configure any YubiKey over USB interfaces
|
||||||
yubikey-personalization # Lib & CLI tool to personalize YubiKeys
|
yubikey-personalization # Lib & CLI tool to personalize YubiKeys
|
||||||
|
@ -57,10 +57,10 @@
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
ssh.startAgent = false; # Disable the SSH Agent
|
ssh.startAgent = false; # Disable the SSH Agent
|
||||||
gnupg.agent = {
|
gnupg.agent = with pkgs; {
|
||||||
enable = true; # Enable GPG Agent
|
enable = true; # Enable GPG Agent
|
||||||
enableSSHSupport = true; # Enable SSH agent support in GnuPG agent
|
enableSSHSupport = true; # Enable SSH agent support in GnuPG agent
|
||||||
pinentryFlavor = "qt";
|
pinentryPackage = pinentry-qt;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
15
shell.nix
Normal file
15
shell.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{
|
||||||
|
pkgs ? import <nixpkgs> {},
|
||||||
|
mkShell,
|
||||||
|
alejandra,
|
||||||
|
nix,
|
||||||
|
}:
|
||||||
|
with pkgs;
|
||||||
|
mkShell {
|
||||||
|
buildInputs = [
|
||||||
|
alejandra # The Uncompromising Nix Code Formatter
|
||||||
|
nix # Powerful package manager, makes packaging reliable & reproducible
|
||||||
|
tea # Gitea official CLI client
|
||||||
|
treefmt # one CLI to format the code tree
|
||||||
|
];
|
||||||
|
}
|
Loading…
Reference in a new issue