Fix apollo-boot

2019-08-02 19:03:36 +02:00 · 2019-08-02 19:03:36 +02:00 · 2a2c5369bb
parent 60bfe70c96
commit 2a2c5369bb
5 changed files with 173 additions and 169 deletions
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -18,8 +18,8 @@ in rec {
  core-system-pkgs = {
    inherit neovim;
    inherit (pkgs)
-    gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
-    liboping psmisc unzip rename whois lsof;
+      gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
+      liboping psmisc unzip rename whois lsof;
  };

  extra-system-pkgs = {
@ -28,8 +28,8 @@ in rec {
    inherit (pkgs.rxvt_unicode) terminfo;
    inherit (pkgs.pythonPackages) qrcode;
    inherit (pkgs)
-    git-crypt htop tree pwgen borgbackup inotifyTools direnv socat nmap
-    tcpdump tmux tig exa fzf ag fd bat ripgrep ranger pass sshuttle;
+      git-crypt htop tree pwgen borgbackup inotifyTools direnv socat nmap
+      tcpdump tmux tig exa fzf ag fd bat ripgrep ranger pass sshuttle;
  };
  gw2wrapper = writeHaskellScript {
    name = "gw2wrapper";
@ -37,35 +37,37 @@ in rec {
    imports =
      [ "System.Directory (withCurrentDirectory)" "Control.Monad (when)" ];

-    } ''
-      waitForExit = do
-        sleep "5s"
-        processes <- readTrim $ ps "aux"
-        when
-          (BSC.isInfixOf (BSC.pack "GW2.exe") (LBSC.toStrict processes))
-          waitForExit
-      main = do
-        withCurrentDirectory "/home/maralorn/GW2" $ exe "./play.sh"
+  } ''
+    waitForExit = do
+      sleep "5s"
+      processes <- readTrim $ ps "aux"
+      when
+        (BSC.isInfixOf (BSC.pack "GW2.exe") (LBSC.toStrict processes))
        waitForExit
-    '';
+    main = do
+      withCurrentDirectory "/home/maralorn/GW2" $ exe "./play.sh"
+      waitForExit
+  '';

-    laptop-home-pkgs = {
-      maintenance = pkgs.writeShellScriptBin "maintenance" ''
-        git -C ~/git/nixos/config pull
-        update-home
-        sudo -A update-system
-        sudo -A nix_collect_garbage --delete-older-than ${toString gcRetentionDays}d
-        nix optimise-store
-      '';
-      rewlan = pkgs.writeShellScriptBin "rewlan" ''
-        nmcli r wifi off;
-        sleep 0.1s;
-        nmcli r wifi on;
-      '';
-      gw2 = pkgs.buildFHSUserEnv {
-        name = "gw2";
-        targetPkgs = pkgs: (with pkgs; [ sambaFull ]);
-        multiPkgs = pkgs:
+  laptop-home-pkgs = {
+    maintenance = pkgs.writeShellScriptBin "maintenance" ''
+      git -C ~/git/nixos/config pull
+      update-home
+      sudo -A update-system
+      sudo -A nix-collect-garbage --delete-older-than ${
+        toString gcRetentionDays
+      }d
+      sudo -A nix optimise-store
+    '';
+    rewlan = pkgs.writeShellScriptBin "rewlan" ''
+      nmcli r wifi off;
+      sleep 0.1s;
+      nmcli r wifi on;
+    '';
+    gw2 = pkgs.buildFHSUserEnv {
+      name = "gw2";
+      targetPkgs = pkgs: (with pkgs; [ sambaFull ]);
+      multiPkgs = pkgs:
        (with pkgs;
        with xorg; [
          file
@ -93,15 +95,15 @@ in rec {
          gnutls
          krb5Full
        ]);
-        runScript = "${gw2wrapper}/bin/gw2wrapper";
-      };
-      cachix = import sources.cachix { };
-      nixfmt = import sources.nixfmt { };
-      inherit (pkgs.gnome3) nautilus;
-      inherit (pkgs.xorg) xev xbacklight;
-      inherit (pkgs)
+      runScript = "${gw2wrapper}/bin/gw2wrapper";
+    };
+    cachix = import sources.cachix { };
+    nixfmt = import sources.nixfmt { };
+    inherit (pkgs.gnome3) nautilus;
+    inherit (pkgs.xorg) xev xbacklight;
+    inherit (pkgs)
    # web
-    chromium
+      chromium

      # communication
      signal-desktop tdesktop acpi dino mumble
@ -124,47 +126,47 @@ in rec {

      # games
      minetest;
-    };
+  };

-    my-home-pkgs = {
-      print215 = pkgs.writeShellScriptBin "print215" ''
-        scp "$@" ag-forward:
-        ssh ag-forward lpr -Zduplex -r "$@"
-      '';
-      print215single = pkgs.writeShellScriptBin "print215single" ''
-        scp "$@" ag-forward:
-        ssh ag-forward lpr -r "$@"
-      '';
-    };
-    urxvt = pkgs.rxvt_unicode-with-plugins;
-    terminal = pkgs.writeShellScriptBin "terminal" ''
-      ${urxvt}/bin/urxvtc "$@"
-      if [ $? -eq 2 ]; then
-     ${urxvt}/bin/urxvtd -q -o -f
-     ${urxvt}/bin/urxvtc "$@"
-      fi
+  my-home-pkgs = {
+    print215 = pkgs.writeShellScriptBin "print215" ''
+      scp "$@" ag-forward:
+      ssh ag-forward lpr -Zduplex -r "$@"
    '';
-    desktop-pkgs = {
-      inherit urxvt tasktree terminal;
-      inherit (pkgs) xautolock;
-      inherit (pkgs.gnome3) dconf;
-    };
-    home-pkgs = {
-      inherit (pkgs.pythonPackages) yapf jsbeautifier;
-      inherit (pkgs) ncmpcpp shfmt htmlTidy astyle;
-      inherit (my-lib) ghc;
-      inherit home-neovim;
-    };
-    accounting-pkgs = {
-      jali = pkgs.callPackage ./jali { };
-      inherit (pkgs.haskellPackages) hledger hledger-ui;
-      inherit (pkgs) ledger;
-    };
-    system-pkgs = core-system-pkgs // extra-system-pkgs // {
-      inherit (import ../lib/test.nix)
+    print215single = pkgs.writeShellScriptBin "print215single" ''
+      scp "$@" ag-forward:
+      ssh ag-forward lpr -r "$@"
+    '';
+  };
+  urxvt = pkgs.rxvt_unicode-with-plugins;
+  terminal = pkgs.writeShellScriptBin "terminal" ''
+     ${urxvt}/bin/urxvtc "$@"
+     if [ $? -eq 2 ]; then
+    ${urxvt}/bin/urxvtd -q -o -f
+    ${urxvt}/bin/urxvtc "$@"
+     fi
+  '';
+  desktop-pkgs = {
+    inherit urxvt tasktree terminal;
+    inherit (pkgs) xautolock;
+    inherit (pkgs.gnome3) dconf;
+  };
+  home-pkgs = {
+    inherit (pkgs.pythonPackages) yapf jsbeautifier;
+    inherit (pkgs) ncmpcpp shfmt htmlTidy astyle;
+    inherit (my-lib) ghc;
+    inherit home-neovim;
+  };
+  accounting-pkgs = {
+    jali = pkgs.callPackage ./jali { };
+    inherit (pkgs.haskellPackages) hledger hledger-ui;
+    inherit (pkgs) ledger;
+  };
+  system-pkgs = core-system-pkgs // extra-system-pkgs // {
+    inherit (import ../lib/test.nix)
      test-system-config test-home-config test-config;
-      inherit (my-lib) home-manager;
-    };
-    foreign-home-pkgs = extra-system-pkgs;
-    eventd = pkgs.callPackage ./eventd { };
-  }
+    inherit (my-lib) home-manager;
+  };
+  foreign-home-pkgs = extra-system-pkgs;
+  eventd = pkgs.callPackage ./eventd { };
+}
--- a/system/boot-key.nix
+++ b/system/boot-key.nix
@ -2,15 +2,13 @@
 let
  secretsFile = "/var/lib/luks-secret/key";
  secretsInitrd = "/boot/grub/secrets-initrd.gz";
-in lib.mkIf (builtins.pathExists secretsFile) {
-  boot.initrd.luks.devices."root" = {
+in {
+  boot.initrd.luks.devices."nixos" = {
    fallbackToPassword = true;
    keyFile = secretsFile;
  };
  # copy the secret into the additional initramfs. `null` means same path
  boot.initrd.secrets."${secretsFile}" = null;
-} // lib.mkIf
-(config.boot.loader.grub.enable && config.boot.initrd.secrets != { }) {
  boot.loader = {
    supportsInitrdSecrets = lib.mkForce true;
    grub.extraInitrd = secretsInitrd;
--- a/system/default.nix
+++ b/system/default.nix
@ -13,63 +13,63 @@ in {
    ./modules/loginctl-linger.nix
  ];

-  config = {
+  i18n = { defaultLocale = "en_US.UTF-8"; };

-    i18n = { defaultLocale = "en_US.UTF-8"; };
+  time.timeZone = "Europe/Berlin";

-    time.timeZone = "Europe/Berlin";
+  networking = {
+    firewall.allowPing = true;
+    useDHCP = false;
+    hosts = lib.zipAttrs
+      (lib.mapAttrsToList (host: ip: { "${ip}" = "${host} ${host}.m-0.eu"; })
+      config.m-0.hosts);
+  };

-    networking = {
-      firewall.allowPing = true;
-      useDHCP = false;
-      hosts = lib.zipAttrs
-        (lib.mapAttrsToList (host: ip: { "${ip}" = "${host} ${host}.m-0.eu"; })
-        config.m-0.hosts);
+  users = {
+    mutableUsers = false;
+    users.root = { openssh.authorizedKeys.keys = me.keys; };
+  };
+
+  environment = {
+    etc = {
+      "nix-path/nixpkgs".source = sources.nixpkgs;
+      "nix-path/nixos".source = sources.nixpkgs;
+      "nix-path/unstable".source = sources.unstable;
+      "nix-path/home-manager".source = sources.home-manager;
    };
+  };

-    users = {
-      mutableUsers = false;
-      users.root = { openssh.authorizedKeys.keys = me.keys; };
-    };
+  nix = {
+    binaryCaches = [
+      "https://cache.nixos.org/"
+      "https://nixcache.reflex-frp.org"
+      "ssh://nix-ssh@hera.m-0.eu"
+    ];
+    binaryCachePublicKeys =
+      [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
+    nixPath = [ "/etc/nix-path" ];
+    extraOptions = "fallback = true";
+    gc.options = "--delete-older-than 5d";
+  };

-    environment = {
-      etc = {
-        "nix-path/nixpkgs".source = sources.nixpkgs;
-        "nix-path/nixos".source = sources.nixpkgs;
-        "nix-path/unstable".source = sources.unstable;
-        "nix-path/home-manager".source = sources.home-manager;
-      };
-    };
-
-    nix = {
-      binaryCaches =
-        [ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
-      binaryCachePublicKeys =
-        [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
-      nixPath = [ "/etc/nix-path" ];
-      extraOptions = "fallback = true";
-      gc.options = "--delete-older-than 5d";
-    };
-
-    services = {
-      prometheus.exporters = {
-        node = {
-          enable = true;
-          openFirewall = true;
-          enabledCollectors = [ "systemd" "logind" ];
-          disabledCollectors = [ "timex" ];
-        };
-        nginx = {
-          enable = config.services.nginx.enable;
-          openFirewall = true;
-        };
+  services = {
+    prometheus.exporters = {
+      node = {
+        enable = true;
+        openFirewall = true;
+        enabledCollectors = [ "systemd" "logind" ];
+        disabledCollectors = [ "timex" ];
      };
      nginx = {
-        statusPage = true;
-        recommendedOptimisation = true;
-        recommendedGzipSettings = true;
-        recommendedTlsSettings = true;
+        enable = config.services.nginx.enable;
+        openFirewall = true;
      };
    };
+    nginx = {
+      statusPage = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedTlsSettings = true;
+    };
  };
 }
--- a/system/server/default.nix
+++ b/system/server/default.nix
@ -1,34 +1,33 @@
 { config, pkgs, lib, ... }:
 let user = "maralorn";
-in
-  {
+in {

-    imports = [ ./init_ssh.nix ];
+  imports = [ ./init_ssh.nix ];

-    systemd.services.test-and-update = {
-      startAt = "2:45";
-      environment.NIX_PATH =
-        "/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
-        path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
-        restartIfChanged = false;
-        unitConfig.X-StopOnRemoval = false;
-        serviceConfig = {
-          Type = "oneshot";
-          WorkingDirectory = "/var/cache/gc-links";
-        };
-        script = ''
-          ${(import ../../lib/test.nix).test-config}/bin/test-config
-          /run/wrappers/bin/sudo -u ${user} git -C /etc/nixos pull
-          ${
-            (import ../../lib/update-system.nix
-            config.system.build.nixos-rebuild).update-system
-          }/bin/update-system
-          /run/wrappers/bin/sudo -u ${user} update-home
-        '';
-      };
-      nix = {
-        gc.automatic = true;
-        optimise.automatic = true;
-      };
+  systemd.services.test-and-update = {
+    startAt = "2:45";
+    environment.NIX_PATH =
+      "/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
+    path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
+    restartIfChanged = false;
+    unitConfig.X-StopOnRemoval = false;
+    serviceConfig = {
+      Type = "oneshot";
+      WorkingDirectory = "/var/cache/gc-links";
+    };
+    script = ''
+      ${(import ../../lib/test.nix).test-config}/bin/test-config
+      /run/wrappers/bin/sudo -u ${user} git -C /etc/nixos pull
+      ${
+        (import ../../lib/update-system.nix
+        config.system.build.nixos-rebuild).update-system
+      }/bin/update-system
+      /run/wrappers/bin/sudo -u ${user} update-home
+    '';
+  };
+  nix = {
+    gc.automatic = true;
+    optimise.automatic = true;
+  };

-    }
+}
--- a/system/standalone/default.nix
+++ b/system/standalone/default.nix
@ -1,10 +1,15 @@
-{ pkgs, config, lib, ... }:
-{
+{ pkgs, config, lib, ... }: {

-  imports = [ ./admin.nix  ];
+  imports = [ ./admin.nix ];

  # So that boot does not fill up with old kernels
-  boot.loader.grub.configurationLimit = 5;
+  boot.loader = {
+    timeout = 0;
+    grub = {
+      backgroundColor = "#000000";
+      configurationLimit = 5;
+    };
+  };

  users = {
    defaultUserShell = pkgs.zsh;
@ -14,16 +19,16 @@
  security.sudo.extraConfig =
    "\n    Defaults timestamp_type=global, timestamp_timeout=15\n  ";

-    services = { sshd.enable = true; };
+  services = { sshd.enable = true; };

-    nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
+  nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];

-    environment = {
+  environment = {
    # Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager
    systemPackages = builtins.attrValues ({
      inherit (import ../../lib/update-system.nix
      config.system.build.nixos-rebuild)
-      update-system;
+        update-system;
    } // (import ../../pkgs).system-pkgs);
    sessionVariables = { TERMINFO = "/run/current-system/sw/share/terminfo"; };
  };