Get hera running
This commit is contained in:
parent
a5e1361adc
commit
9586aae4f0
|
@ -15,6 +15,7 @@ in {
|
|||
./hardware-configuration.nix
|
||||
../../system
|
||||
../../system/fonts.nix
|
||||
../../system/boot-key.nix
|
||||
../../system/standalone
|
||||
];
|
||||
|
||||
|
@ -36,11 +37,11 @@ in {
|
|||
}];
|
||||
postSetup =
|
||||
[ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
m-0 = { laptop.enable = true; };
|
||||
m-0 = { laptop.enable = true; };
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot = {
|
||||
|
@ -65,30 +66,30 @@ in {
|
|||
services = {
|
||||
prometheus.exporters.node.firewallFilter =
|
||||
"-i m0wire -p tcp -m tcp --dport 9100";
|
||||
autorandr.enable = true;
|
||||
borgbackup.jobs.data = {
|
||||
doInit = false;
|
||||
startAt = [ ];
|
||||
exclude = [
|
||||
"/home/${me.user}/data/aktuell/media"
|
||||
"/home/${me.user}/data/.stversions"
|
||||
];
|
||||
encryption.mode = "none";
|
||||
paths = "/home/${me.user}/data";
|
||||
repo = "borg@borg:.";
|
||||
compression = "zstd,5";
|
||||
autorandr.enable = true;
|
||||
borgbackup.jobs.data = {
|
||||
doInit = false;
|
||||
startAt = [ ];
|
||||
exclude = [
|
||||
"/home/${me.user}/data/aktuell/media"
|
||||
"/home/${me.user}/data/.stversions"
|
||||
];
|
||||
encryption.mode = "none";
|
||||
paths = "/home/${me.user}/data";
|
||||
repo = "borg@borg:.";
|
||||
compression = "zstd,5";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
cdark_net = {
|
||||
enable = true;
|
||||
hostName = "${me.user}_${config.networking.hostName}";
|
||||
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}"
|
||||
cdark_net = {
|
||||
enable = true;
|
||||
hostName = "${me.user}_${config.networking.hostName}";
|
||||
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}"
|
||||
+ /secret/tinc/ed25519_key.priv;
|
||||
hostsDirectory =
|
||||
(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
|
||||
ip6address = "fd23:42:cda:4342::2";
|
||||
ip4address = "172.20.71.2";
|
||||
};
|
||||
hostsDirectory =
|
||||
(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
|
||||
ip6address = "fd23:42:cda:4342::2";
|
||||
ip4address = "172.20.71.2";
|
||||
};
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
let
|
||||
inherit (import ../pkgs) niv;
|
||||
inherit (import ../lib)
|
||||
pkgs writeHaskellScript get-niv-path home-manager unstable haskellList;
|
||||
pkgs writeHaskellScript get-niv-path home-manager unstable haskellList;
|
||||
in rec {
|
||||
haskellBody = commandline: ''
|
||||
getNivPath dir = readTrim . get_niv_path ([i|#{dir :: String}/nix/sources.nix|] :: String)
|
||||
|
@ -53,11 +53,11 @@ in rec {
|
|||
|
||||
main = do
|
||||
path <- readTrim pwd
|
||||
bump <- fmap ((== "bump") . listToMaybe) getArgs
|
||||
bump <- (maybe False (== "bump") . listToMaybe) <$> getArgs
|
||||
bracket checkout (rm "-rf") $ \dir -> do
|
||||
withCurrentDirectory dir $ do
|
||||
mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${
|
||||
haskellList keys
|
||||
haskellList keys
|
||||
}
|
||||
when bump $ ignoreFailure $ niv "update"
|
||||
mapM_ (test_system_config dir) ${haskellList systems}
|
||||
|
|
150
pkgs/default.nix
150
pkgs/default.nix
|
@ -1,6 +1,6 @@
|
|||
let
|
||||
my-lib = import ../lib;
|
||||
inherit (my-lib) pkgs unstable sources writeHaskellScript;
|
||||
inherit (my-lib) pkgs unstable sources writeHaskellScript gcRetentionDays;
|
||||
in rec {
|
||||
tasktree = pkgs.callPackage ./tasktree { };
|
||||
neovim = pkgs.neovim.override {
|
||||
|
@ -18,8 +18,8 @@ in rec {
|
|||
core-system-pkgs = {
|
||||
inherit neovim;
|
||||
inherit (pkgs)
|
||||
gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
|
||||
liboping psmisc unzip rename whois lsof;
|
||||
gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
|
||||
liboping psmisc unzip rename whois lsof;
|
||||
};
|
||||
|
||||
extra-system-pkgs = {
|
||||
|
@ -28,8 +28,8 @@ in rec {
|
|||
inherit (pkgs.rxvt_unicode) terminfo;
|
||||
inherit (pkgs.pythonPackages) qrcode;
|
||||
inherit (pkgs)
|
||||
git-crypt htop tree pwgen borgbackup inotifyTools direnv socat nmap
|
||||
tcpdump tmux tig exa fzf ag fd bat ripgrep ranger pass sshuttle;
|
||||
git-crypt htop tree pwgen borgbackup inotifyTools direnv socat nmap
|
||||
tcpdump tmux tig exa fzf ag fd bat ripgrep ranger pass sshuttle;
|
||||
};
|
||||
gw2wrapper = writeHaskellScript {
|
||||
name = "gw2wrapper";
|
||||
|
@ -37,35 +37,35 @@ in rec {
|
|||
imports =
|
||||
[ "System.Directory (withCurrentDirectory)" "Control.Monad (when)" ];
|
||||
|
||||
} ''
|
||||
waitForExit = do
|
||||
} ''
|
||||
waitForExit = do
|
||||
sleep "5s"
|
||||
processes <- readTrim $ ps "aux"
|
||||
when
|
||||
(BSC.isInfixOf (BSC.pack "GW2.exe") (LBSC.toStrict processes))
|
||||
waitForExit
|
||||
main = do
|
||||
main = do
|
||||
withCurrentDirectory "/home/maralorn/GW2" $ exe "./play.sh"
|
||||
waitForExit
|
||||
'';
|
||||
'';
|
||||
|
||||
laptop-home-pkgs = {
|
||||
maintenance = pkgs.writeShellScriptBin "maintenance" ''
|
||||
git -C ~/git/nixos/config pull
|
||||
update-home
|
||||
sudo -A update-system
|
||||
sudo -A nix_collect_garbage --delete-older-than ${toString gcRetentionDays}d
|
||||
nix optimise-store
|
||||
'';
|
||||
rewlan = pkgs.writeShellScriptBin "rewlan" ''
|
||||
nmcli r wifi off;
|
||||
sleep 0.1s;
|
||||
nmcli r wifi on;
|
||||
'';
|
||||
gw2 = pkgs.buildFHSUserEnv {
|
||||
name = "gw2";
|
||||
targetPkgs = pkgs: (with pkgs; [ sambaFull ]);
|
||||
multiPkgs = pkgs:
|
||||
laptop-home-pkgs = {
|
||||
maintenance = pkgs.writeShellScriptBin "maintenance" ''
|
||||
git -C ~/git/nixos/config pull
|
||||
update-home
|
||||
sudo -A update-system
|
||||
sudo -A nix_collect_garbage --delete-older-than ${toString gcRetentionDays}d
|
||||
nix optimise-store
|
||||
'';
|
||||
rewlan = pkgs.writeShellScriptBin "rewlan" ''
|
||||
nmcli r wifi off;
|
||||
sleep 0.1s;
|
||||
nmcli r wifi on;
|
||||
'';
|
||||
gw2 = pkgs.buildFHSUserEnv {
|
||||
name = "gw2";
|
||||
targetPkgs = pkgs: (with pkgs; [ sambaFull ]);
|
||||
multiPkgs = pkgs:
|
||||
(with pkgs;
|
||||
with xorg; [
|
||||
file
|
||||
|
@ -93,15 +93,15 @@ in rec {
|
|||
gnutls
|
||||
krb5Full
|
||||
]);
|
||||
runScript = "${gw2wrapper}/bin/gw2wrapper";
|
||||
};
|
||||
cachix = import sources.cachix { };
|
||||
nixfmt = import sources.nixfmt { };
|
||||
inherit (pkgs.gnome3) nautilus;
|
||||
inherit (pkgs.xorg) xev xbacklight;
|
||||
inherit (pkgs)
|
||||
runScript = "${gw2wrapper}/bin/gw2wrapper";
|
||||
};
|
||||
cachix = import sources.cachix { };
|
||||
nixfmt = import sources.nixfmt { };
|
||||
inherit (pkgs.gnome3) nautilus;
|
||||
inherit (pkgs.xorg) xev xbacklight;
|
||||
inherit (pkgs)
|
||||
# web
|
||||
chromium
|
||||
chromium
|
||||
|
||||
# communication
|
||||
signal-desktop tdesktop acpi dino mumble
|
||||
|
@ -124,47 +124,47 @@ in rec {
|
|||
|
||||
# games
|
||||
minetest;
|
||||
};
|
||||
};
|
||||
|
||||
my-home-pkgs = {
|
||||
print215 = pkgs.writeShellScriptBin "print215" ''
|
||||
scp "$@" ag-forward:
|
||||
ssh ag-forward lpr -Zduplex -r "$@"
|
||||
'';
|
||||
print215single = pkgs.writeShellScriptBin "print215single" ''
|
||||
scp "$@" ag-forward:
|
||||
ssh ag-forward lpr -r "$@"
|
||||
'';
|
||||
};
|
||||
urxvt = pkgs.rxvt_unicode-with-plugins;
|
||||
terminal = pkgs.writeShellScriptBin "terminal" ''
|
||||
${urxvt}/bin/urxvtc "$@"
|
||||
if [ $? -eq 2 ]; then
|
||||
my-home-pkgs = {
|
||||
print215 = pkgs.writeShellScriptBin "print215" ''
|
||||
scp "$@" ag-forward:
|
||||
ssh ag-forward lpr -Zduplex -r "$@"
|
||||
'';
|
||||
print215single = pkgs.writeShellScriptBin "print215single" ''
|
||||
scp "$@" ag-forward:
|
||||
ssh ag-forward lpr -r "$@"
|
||||
'';
|
||||
};
|
||||
urxvt = pkgs.rxvt_unicode-with-plugins;
|
||||
terminal = pkgs.writeShellScriptBin "terminal" ''
|
||||
${urxvt}/bin/urxvtc "$@"
|
||||
if [ $? -eq 2 ]; then
|
||||
${urxvt}/bin/urxvtd -q -o -f
|
||||
${urxvt}/bin/urxvtc "$@"
|
||||
fi
|
||||
'';
|
||||
desktop-pkgs = {
|
||||
inherit urxvt tasktree terminal;
|
||||
inherit (pkgs) xautolock;
|
||||
inherit (pkgs.gnome3) dconf;
|
||||
};
|
||||
home-pkgs = {
|
||||
inherit (pkgs.pythonPackages) yapf jsbeautifier;
|
||||
inherit (pkgs) ncmpcpp shfmt htmlTidy astyle;
|
||||
inherit (my-lib) ghc;
|
||||
inherit home-neovim;
|
||||
};
|
||||
accounting-pkgs = {
|
||||
jali = pkgs.callPackage ./jali { };
|
||||
inherit (pkgs.haskellPackages) hledger hledger-ui;
|
||||
inherit (pkgs) ledger;
|
||||
};
|
||||
system-pkgs = core-system-pkgs // extra-system-pkgs // {
|
||||
inherit (import ../lib/test.nix)
|
||||
test-system-config test-home-config test-and-bump-config;
|
||||
inherit (my-lib) home-manager;
|
||||
};
|
||||
foreign-home-pkgs = extra-system-pkgs;
|
||||
eventd = pkgs.callPackage ./eventd { };
|
||||
}
|
||||
fi
|
||||
'';
|
||||
desktop-pkgs = {
|
||||
inherit urxvt tasktree terminal;
|
||||
inherit (pkgs) xautolock;
|
||||
inherit (pkgs.gnome3) dconf;
|
||||
};
|
||||
home-pkgs = {
|
||||
inherit (pkgs.pythonPackages) yapf jsbeautifier;
|
||||
inherit (pkgs) ncmpcpp shfmt htmlTidy astyle;
|
||||
inherit (my-lib) ghc;
|
||||
inherit home-neovim;
|
||||
};
|
||||
accounting-pkgs = {
|
||||
jali = pkgs.callPackage ./jali { };
|
||||
inherit (pkgs.haskellPackages) hledger hledger-ui;
|
||||
inherit (pkgs) ledger;
|
||||
};
|
||||
system-pkgs = core-system-pkgs // extra-system-pkgs // {
|
||||
inherit (import ../lib/test.nix)
|
||||
test-system-config test-home-config test-config;
|
||||
inherit (my-lib) home-manager;
|
||||
};
|
||||
foreign-home-pkgs = extra-system-pkgs;
|
||||
eventd = pkgs.callPackage ./eventd { };
|
||||
}
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
imports = [ ./init_ssh.nix ];
|
||||
|
||||
|
@ -6,25 +8,26 @@
|
|||
startAt = "2:45";
|
||||
environment.NIX_PATH =
|
||||
"/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
|
||||
path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
|
||||
WorkingDirectory = "/var/cache/gc-links";
|
||||
restartIfChanged = false;
|
||||
unitConfig.X-StopOnRemoval = false;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
|
||||
restartIfChanged = false;
|
||||
unitConfig.X-StopOnRemoval = false;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
WorkingDirectory = "/var/cache/gc-links";
|
||||
};
|
||||
script = ''
|
||||
${(import ../lib/test.nix).test-config}/bin/test-config
|
||||
${(import ../../lib/test.nix).test-config}/bin/test-config
|
||||
sudo -u maralorn git -C /home/maralorn/git/nixos/config pull
|
||||
${
|
||||
(import ../lib/update-system.nix
|
||||
(import ../../lib/update-system.nix
|
||||
config.system.build.nixos-rebuild).update-system
|
||||
}/bin/update-system
|
||||
sudo -u maralorn update-home
|
||||
'';
|
||||
};
|
||||
};
|
||||
nix = {
|
||||
gc.automatic = true;
|
||||
optimise.automatic = true;
|
||||
};
|
||||
nix = {
|
||||
gc.automatic = true;
|
||||
optimise.automatic = true;
|
||||
};
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib; {
|
||||
{
|
||||
|
||||
imports = [ ./admin.nix ./boot-key.nix ];
|
||||
imports = [ ./admin.nix ];
|
||||
|
||||
# So that boot does not fill up with old kernels
|
||||
boot.loader.grub.configurationLimit = 5;
|
||||
|
@ -14,16 +14,16 @@ with lib; {
|
|||
security.sudo.extraConfig =
|
||||
"\n Defaults timestamp_type=global, timestamp_timeout=15\n ";
|
||||
|
||||
services = { sshd.enable = true; };
|
||||
services = { sshd.enable = true; };
|
||||
|
||||
nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
|
||||
nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
|
||||
|
||||
environment = {
|
||||
environment = {
|
||||
# Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager
|
||||
systemPackages = builtins.attrValues ({
|
||||
inherit (import ../../lib/update-system.nix
|
||||
config.system.build.nixos-rebuild)
|
||||
update-system system-maintenance;
|
||||
update-system;
|
||||
} // (import ../../pkgs).system-pkgs);
|
||||
sessionVariables = { TERMINFO = "/run/current-system/sw/share/terminfo"; };
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue