Fix apollo-boot
This commit is contained in:
parent
60bfe70c96
commit
2a2c5369bb
162
pkgs/default.nix
162
pkgs/default.nix
|
@ -18,8 +18,8 @@ in rec {
|
|||
core-system-pkgs = {
|
||||
inherit neovim;
|
||||
inherit (pkgs)
|
||||
gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
|
||||
liboping psmisc unzip rename whois lsof;
|
||||
gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
|
||||
liboping psmisc unzip rename whois lsof;
|
||||
};
|
||||
|
||||
extra-system-pkgs = {
|
||||
|
@ -28,8 +28,8 @@ in rec {
|
|||
inherit (pkgs.rxvt_unicode) terminfo;
|
||||
inherit (pkgs.pythonPackages) qrcode;
|
||||
inherit (pkgs)
|
||||
git-crypt htop tree pwgen borgbackup inotifyTools direnv socat nmap
|
||||
tcpdump tmux tig exa fzf ag fd bat ripgrep ranger pass sshuttle;
|
||||
git-crypt htop tree pwgen borgbackup inotifyTools direnv socat nmap
|
||||
tcpdump tmux tig exa fzf ag fd bat ripgrep ranger pass sshuttle;
|
||||
};
|
||||
gw2wrapper = writeHaskellScript {
|
||||
name = "gw2wrapper";
|
||||
|
@ -37,35 +37,37 @@ in rec {
|
|||
imports =
|
||||
[ "System.Directory (withCurrentDirectory)" "Control.Monad (when)" ];
|
||||
|
||||
} ''
|
||||
waitForExit = do
|
||||
sleep "5s"
|
||||
processes <- readTrim $ ps "aux"
|
||||
when
|
||||
(BSC.isInfixOf (BSC.pack "GW2.exe") (LBSC.toStrict processes))
|
||||
waitForExit
|
||||
main = do
|
||||
withCurrentDirectory "/home/maralorn/GW2" $ exe "./play.sh"
|
||||
} ''
|
||||
waitForExit = do
|
||||
sleep "5s"
|
||||
processes <- readTrim $ ps "aux"
|
||||
when
|
||||
(BSC.isInfixOf (BSC.pack "GW2.exe") (LBSC.toStrict processes))
|
||||
waitForExit
|
||||
'';
|
||||
main = do
|
||||
withCurrentDirectory "/home/maralorn/GW2" $ exe "./play.sh"
|
||||
waitForExit
|
||||
'';
|
||||
|
||||
laptop-home-pkgs = {
|
||||
maintenance = pkgs.writeShellScriptBin "maintenance" ''
|
||||
git -C ~/git/nixos/config pull
|
||||
update-home
|
||||
sudo -A update-system
|
||||
sudo -A nix_collect_garbage --delete-older-than ${toString gcRetentionDays}d
|
||||
nix optimise-store
|
||||
'';
|
||||
rewlan = pkgs.writeShellScriptBin "rewlan" ''
|
||||
nmcli r wifi off;
|
||||
sleep 0.1s;
|
||||
nmcli r wifi on;
|
||||
'';
|
||||
gw2 = pkgs.buildFHSUserEnv {
|
||||
name = "gw2";
|
||||
targetPkgs = pkgs: (with pkgs; [ sambaFull ]);
|
||||
multiPkgs = pkgs:
|
||||
laptop-home-pkgs = {
|
||||
maintenance = pkgs.writeShellScriptBin "maintenance" ''
|
||||
git -C ~/git/nixos/config pull
|
||||
update-home
|
||||
sudo -A update-system
|
||||
sudo -A nix-collect-garbage --delete-older-than ${
|
||||
toString gcRetentionDays
|
||||
}d
|
||||
sudo -A nix optimise-store
|
||||
'';
|
||||
rewlan = pkgs.writeShellScriptBin "rewlan" ''
|
||||
nmcli r wifi off;
|
||||
sleep 0.1s;
|
||||
nmcli r wifi on;
|
||||
'';
|
||||
gw2 = pkgs.buildFHSUserEnv {
|
||||
name = "gw2";
|
||||
targetPkgs = pkgs: (with pkgs; [ sambaFull ]);
|
||||
multiPkgs = pkgs:
|
||||
(with pkgs;
|
||||
with xorg; [
|
||||
file
|
||||
|
@ -93,15 +95,15 @@ in rec {
|
|||
gnutls
|
||||
krb5Full
|
||||
]);
|
||||
runScript = "${gw2wrapper}/bin/gw2wrapper";
|
||||
};
|
||||
cachix = import sources.cachix { };
|
||||
nixfmt = import sources.nixfmt { };
|
||||
inherit (pkgs.gnome3) nautilus;
|
||||
inherit (pkgs.xorg) xev xbacklight;
|
||||
inherit (pkgs)
|
||||
runScript = "${gw2wrapper}/bin/gw2wrapper";
|
||||
};
|
||||
cachix = import sources.cachix { };
|
||||
nixfmt = import sources.nixfmt { };
|
||||
inherit (pkgs.gnome3) nautilus;
|
||||
inherit (pkgs.xorg) xev xbacklight;
|
||||
inherit (pkgs)
|
||||
# web
|
||||
chromium
|
||||
chromium
|
||||
|
||||
# communication
|
||||
signal-desktop tdesktop acpi dino mumble
|
||||
|
@ -124,47 +126,47 @@ in rec {
|
|||
|
||||
# games
|
||||
minetest;
|
||||
};
|
||||
};
|
||||
|
||||
my-home-pkgs = {
|
||||
print215 = pkgs.writeShellScriptBin "print215" ''
|
||||
scp "$@" ag-forward:
|
||||
ssh ag-forward lpr -Zduplex -r "$@"
|
||||
'';
|
||||
print215single = pkgs.writeShellScriptBin "print215single" ''
|
||||
scp "$@" ag-forward:
|
||||
ssh ag-forward lpr -r "$@"
|
||||
'';
|
||||
};
|
||||
urxvt = pkgs.rxvt_unicode-with-plugins;
|
||||
terminal = pkgs.writeShellScriptBin "terminal" ''
|
||||
${urxvt}/bin/urxvtc "$@"
|
||||
if [ $? -eq 2 ]; then
|
||||
${urxvt}/bin/urxvtd -q -o -f
|
||||
${urxvt}/bin/urxvtc "$@"
|
||||
fi
|
||||
my-home-pkgs = {
|
||||
print215 = pkgs.writeShellScriptBin "print215" ''
|
||||
scp "$@" ag-forward:
|
||||
ssh ag-forward lpr -Zduplex -r "$@"
|
||||
'';
|
||||
desktop-pkgs = {
|
||||
inherit urxvt tasktree terminal;
|
||||
inherit (pkgs) xautolock;
|
||||
inherit (pkgs.gnome3) dconf;
|
||||
};
|
||||
home-pkgs = {
|
||||
inherit (pkgs.pythonPackages) yapf jsbeautifier;
|
||||
inherit (pkgs) ncmpcpp shfmt htmlTidy astyle;
|
||||
inherit (my-lib) ghc;
|
||||
inherit home-neovim;
|
||||
};
|
||||
accounting-pkgs = {
|
||||
jali = pkgs.callPackage ./jali { };
|
||||
inherit (pkgs.haskellPackages) hledger hledger-ui;
|
||||
inherit (pkgs) ledger;
|
||||
};
|
||||
system-pkgs = core-system-pkgs // extra-system-pkgs // {
|
||||
inherit (import ../lib/test.nix)
|
||||
print215single = pkgs.writeShellScriptBin "print215single" ''
|
||||
scp "$@" ag-forward:
|
||||
ssh ag-forward lpr -r "$@"
|
||||
'';
|
||||
};
|
||||
urxvt = pkgs.rxvt_unicode-with-plugins;
|
||||
terminal = pkgs.writeShellScriptBin "terminal" ''
|
||||
${urxvt}/bin/urxvtc "$@"
|
||||
if [ $? -eq 2 ]; then
|
||||
${urxvt}/bin/urxvtd -q -o -f
|
||||
${urxvt}/bin/urxvtc "$@"
|
||||
fi
|
||||
'';
|
||||
desktop-pkgs = {
|
||||
inherit urxvt tasktree terminal;
|
||||
inherit (pkgs) xautolock;
|
||||
inherit (pkgs.gnome3) dconf;
|
||||
};
|
||||
home-pkgs = {
|
||||
inherit (pkgs.pythonPackages) yapf jsbeautifier;
|
||||
inherit (pkgs) ncmpcpp shfmt htmlTidy astyle;
|
||||
inherit (my-lib) ghc;
|
||||
inherit home-neovim;
|
||||
};
|
||||
accounting-pkgs = {
|
||||
jali = pkgs.callPackage ./jali { };
|
||||
inherit (pkgs.haskellPackages) hledger hledger-ui;
|
||||
inherit (pkgs) ledger;
|
||||
};
|
||||
system-pkgs = core-system-pkgs // extra-system-pkgs // {
|
||||
inherit (import ../lib/test.nix)
|
||||
test-system-config test-home-config test-config;
|
||||
inherit (my-lib) home-manager;
|
||||
};
|
||||
foreign-home-pkgs = extra-system-pkgs;
|
||||
eventd = pkgs.callPackage ./eventd { };
|
||||
}
|
||||
inherit (my-lib) home-manager;
|
||||
};
|
||||
foreign-home-pkgs = extra-system-pkgs;
|
||||
eventd = pkgs.callPackage ./eventd { };
|
||||
}
|
||||
|
|
|
@ -2,15 +2,13 @@
|
|||
let
|
||||
secretsFile = "/var/lib/luks-secret/key";
|
||||
secretsInitrd = "/boot/grub/secrets-initrd.gz";
|
||||
in lib.mkIf (builtins.pathExists secretsFile) {
|
||||
boot.initrd.luks.devices."root" = {
|
||||
in {
|
||||
boot.initrd.luks.devices."nixos" = {
|
||||
fallbackToPassword = true;
|
||||
keyFile = secretsFile;
|
||||
};
|
||||
# copy the secret into the additional initramfs. `null` means same path
|
||||
boot.initrd.secrets."${secretsFile}" = null;
|
||||
} // lib.mkIf
|
||||
(config.boot.loader.grub.enable && config.boot.initrd.secrets != { }) {
|
||||
boot.loader = {
|
||||
supportsInitrdSecrets = lib.mkForce true;
|
||||
grub.extraInitrd = secretsInitrd;
|
||||
|
|
|
@ -13,63 +13,63 @@ in {
|
|||
./modules/loginctl-linger.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
i18n = { defaultLocale = "en_US.UTF-8"; };
|
||||
|
||||
i18n = { defaultLocale = "en_US.UTF-8"; };
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
networking = {
|
||||
firewall.allowPing = true;
|
||||
useDHCP = false;
|
||||
hosts = lib.zipAttrs
|
||||
(lib.mapAttrsToList (host: ip: { "${ip}" = "${host} ${host}.m-0.eu"; })
|
||||
config.m-0.hosts);
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall.allowPing = true;
|
||||
useDHCP = false;
|
||||
hosts = lib.zipAttrs
|
||||
(lib.mapAttrsToList (host: ip: { "${ip}" = "${host} ${host}.m-0.eu"; })
|
||||
config.m-0.hosts);
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
users.root = { openssh.authorizedKeys.keys = me.keys; };
|
||||
};
|
||||
|
||||
environment = {
|
||||
etc = {
|
||||
"nix-path/nixpkgs".source = sources.nixpkgs;
|
||||
"nix-path/nixos".source = sources.nixpkgs;
|
||||
"nix-path/unstable".source = sources.unstable;
|
||||
"nix-path/home-manager".source = sources.home-manager;
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
users.root = { openssh.authorizedKeys.keys = me.keys; };
|
||||
};
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
"https://cache.nixos.org/"
|
||||
"https://nixcache.reflex-frp.org"
|
||||
"ssh://nix-ssh@hera.m-0.eu"
|
||||
];
|
||||
binaryCachePublicKeys =
|
||||
[ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
|
||||
nixPath = [ "/etc/nix-path" ];
|
||||
extraOptions = "fallback = true";
|
||||
gc.options = "--delete-older-than 5d";
|
||||
};
|
||||
|
||||
environment = {
|
||||
etc = {
|
||||
"nix-path/nixpkgs".source = sources.nixpkgs;
|
||||
"nix-path/nixos".source = sources.nixpkgs;
|
||||
"nix-path/unstable".source = sources.unstable;
|
||||
"nix-path/home-manager".source = sources.home-manager;
|
||||
};
|
||||
};
|
||||
|
||||
nix = {
|
||||
binaryCaches =
|
||||
[ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
|
||||
binaryCachePublicKeys =
|
||||
[ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
|
||||
nixPath = [ "/etc/nix-path" ];
|
||||
extraOptions = "fallback = true";
|
||||
gc.options = "--delete-older-than 5d";
|
||||
};
|
||||
|
||||
services = {
|
||||
prometheus.exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
enabledCollectors = [ "systemd" "logind" ];
|
||||
disabledCollectors = [ "timex" ];
|
||||
};
|
||||
nginx = {
|
||||
enable = config.services.nginx.enable;
|
||||
openFirewall = true;
|
||||
};
|
||||
services = {
|
||||
prometheus.exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
enabledCollectors = [ "systemd" "logind" ];
|
||||
disabledCollectors = [ "timex" ];
|
||||
};
|
||||
nginx = {
|
||||
statusPage = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
enable = config.services.nginx.enable;
|
||||
openFirewall = true;
|
||||
};
|
||||
};
|
||||
nginx = {
|
||||
statusPage = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,34 +1,33 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let user = "maralorn";
|
||||
in
|
||||
{
|
||||
in {
|
||||
|
||||
imports = [ ./init_ssh.nix ];
|
||||
imports = [ ./init_ssh.nix ];
|
||||
|
||||
systemd.services.test-and-update = {
|
||||
startAt = "2:45";
|
||||
environment.NIX_PATH =
|
||||
"/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
|
||||
path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
|
||||
restartIfChanged = false;
|
||||
unitConfig.X-StopOnRemoval = false;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
WorkingDirectory = "/var/cache/gc-links";
|
||||
};
|
||||
script = ''
|
||||
${(import ../../lib/test.nix).test-config}/bin/test-config
|
||||
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos pull
|
||||
${
|
||||
(import ../../lib/update-system.nix
|
||||
config.system.build.nixos-rebuild).update-system
|
||||
}/bin/update-system
|
||||
/run/wrappers/bin/sudo -u ${user} update-home
|
||||
'';
|
||||
};
|
||||
nix = {
|
||||
gc.automatic = true;
|
||||
optimise.automatic = true;
|
||||
};
|
||||
systemd.services.test-and-update = {
|
||||
startAt = "2:45";
|
||||
environment.NIX_PATH =
|
||||
"/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
|
||||
path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
|
||||
restartIfChanged = false;
|
||||
unitConfig.X-StopOnRemoval = false;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
WorkingDirectory = "/var/cache/gc-links";
|
||||
};
|
||||
script = ''
|
||||
${(import ../../lib/test.nix).test-config}/bin/test-config
|
||||
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos pull
|
||||
${
|
||||
(import ../../lib/update-system.nix
|
||||
config.system.build.nixos-rebuild).update-system
|
||||
}/bin/update-system
|
||||
/run/wrappers/bin/sudo -u ${user} update-home
|
||||
'';
|
||||
};
|
||||
nix = {
|
||||
gc.automatic = true;
|
||||
optimise.automatic = true;
|
||||
};
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,10 +1,15 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
{ pkgs, config, lib, ... }: {
|
||||
|
||||
imports = [ ./admin.nix ];
|
||||
imports = [ ./admin.nix ];
|
||||
|
||||
# So that boot does not fill up with old kernels
|
||||
boot.loader.grub.configurationLimit = 5;
|
||||
boot.loader = {
|
||||
timeout = 0;
|
||||
grub = {
|
||||
backgroundColor = "#000000";
|
||||
configurationLimit = 5;
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
defaultUserShell = pkgs.zsh;
|
||||
|
@ -14,16 +19,16 @@
|
|||
security.sudo.extraConfig =
|
||||
"\n Defaults timestamp_type=global, timestamp_timeout=15\n ";
|
||||
|
||||
services = { sshd.enable = true; };
|
||||
services = { sshd.enable = true; };
|
||||
|
||||
nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
|
||||
nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
|
||||
|
||||
environment = {
|
||||
environment = {
|
||||
# Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager
|
||||
systemPackages = builtins.attrValues ({
|
||||
inherit (import ../../lib/update-system.nix
|
||||
config.system.build.nixos-rebuild)
|
||||
update-system;
|
||||
update-system;
|
||||
} // (import ../../pkgs).system-pkgs);
|
||||
sessionVariables = { TERMINFO = "/run/current-system/sw/share/terminfo"; };
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue