From 9586aae4f0df2d32e90fe3102f79cbfe16c6b3f8 Mon Sep 17 00:00:00 2001 From: Malte Brandy Date: Fri, 2 Aug 2019 05:55:27 +0200 Subject: [PATCH] Get hera running --- hosts/apollo/configuration.nix | 51 ++++----- lib/test.nix | 6 +- pkgs/default.nix | 150 +++++++++++++-------------- system/{standalone => }/boot-key.nix | 0 system/server/default.nix | 33 +++--- system/standalone/default.nix | 12 +-- 6 files changed, 128 insertions(+), 124 deletions(-) rename system/{standalone => }/boot-key.nix (100%) diff --git a/hosts/apollo/configuration.nix b/hosts/apollo/configuration.nix index 016aa8b0..b8459a49 100644 --- a/hosts/apollo/configuration.nix +++ b/hosts/apollo/configuration.nix @@ -15,6 +15,7 @@ in { ./hardware-configuration.nix ../../system ../../system/fonts.nix + ../../system/boot-key.nix ../../system/standalone ]; @@ -36,11 +37,11 @@ in { }]; postSetup = [ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ]; + }; }; }; - }; - m-0 = { laptop.enable = true; }; + m-0 = { laptop.enable = true; }; # Use the systemd-boot EFI boot loader. boot = { @@ -65,30 +66,30 @@ in { services = { prometheus.exporters.node.firewallFilter = "-i m0wire -p tcp -m tcp --dport 9100"; - autorandr.enable = true; - borgbackup.jobs.data = { - doInit = false; - startAt = [ ]; - exclude = [ - "/home/${me.user}/data/aktuell/media" - "/home/${me.user}/data/.stversions" - ]; - encryption.mode = "none"; - paths = "/home/${me.user}/data"; - repo = "borg@borg:."; - compression = "zstd,5"; + autorandr.enable = true; + borgbackup.jobs.data = { + doInit = false; + startAt = [ ]; + exclude = [ + "/home/${me.user}/data/aktuell/media" + "/home/${me.user}/data/.stversions" + ]; + encryption.mode = "none"; + paths = "/home/${me.user}/data"; + repo = "borg@borg:."; + compression = "zstd,5"; + }; }; - }; - cdark_net = { - enable = true; - hostName = "${me.user}_${config.networking.hostName}"; - ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}" + cdark_net = { + enable = true; + hostName = "${me.user}_${config.networking.hostName}"; + ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}" + /secret/tinc/ed25519_key.priv; - hostsDirectory = - (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts"); - ip6address = "fd23:42:cda:4342::2"; - ip4address = "172.20.71.2"; - }; + hostsDirectory = + (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts"); + ip6address = "fd23:42:cda:4342::2"; + ip4address = "172.20.71.2"; + }; -} + } diff --git a/lib/test.nix b/lib/test.nix index 56091fa4..1c5466e4 100644 --- a/lib/test.nix +++ b/lib/test.nix @@ -1,7 +1,7 @@ let inherit (import ../pkgs) niv; inherit (import ../lib) - pkgs writeHaskellScript get-niv-path home-manager unstable haskellList; + pkgs writeHaskellScript get-niv-path home-manager unstable haskellList; in rec { haskellBody = commandline: '' getNivPath dir = readTrim . get_niv_path ([i|#{dir :: String}/nix/sources.nix|] :: String) @@ -53,11 +53,11 @@ in rec { main = do path <- readTrim pwd - bump <- fmap ((== "bump") . listToMaybe) getArgs + bump <- (maybe False (== "bump") . listToMaybe) <$> getArgs bracket checkout (rm "-rf") $ \dir -> do withCurrentDirectory dir $ do mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${ - haskellList keys + haskellList keys } when bump $ ignoreFailure $ niv "update" mapM_ (test_system_config dir) ${haskellList systems} diff --git a/pkgs/default.nix b/pkgs/default.nix index a37f5eb5..f720cd5b 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,6 +1,6 @@ let my-lib = import ../lib; - inherit (my-lib) pkgs unstable sources writeHaskellScript; + inherit (my-lib) pkgs unstable sources writeHaskellScript gcRetentionDays; in rec { tasktree = pkgs.callPackage ./tasktree { }; neovim = pkgs.neovim.override { @@ -18,8 +18,8 @@ in rec { core-system-pkgs = { inherit neovim; inherit (pkgs) - gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind - liboping psmisc unzip rename whois lsof; + gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind + liboping psmisc unzip rename whois lsof; }; extra-system-pkgs = { @@ -28,8 +28,8 @@ in rec { inherit (pkgs.rxvt_unicode) terminfo; inherit (pkgs.pythonPackages) qrcode; inherit (pkgs) - git-crypt htop tree pwgen borgbackup inotifyTools direnv socat nmap - tcpdump tmux tig exa fzf ag fd bat ripgrep ranger pass sshuttle; + git-crypt htop tree pwgen borgbackup inotifyTools direnv socat nmap + tcpdump tmux tig exa fzf ag fd bat ripgrep ranger pass sshuttle; }; gw2wrapper = writeHaskellScript { name = "gw2wrapper"; @@ -37,35 +37,35 @@ in rec { imports = [ "System.Directory (withCurrentDirectory)" "Control.Monad (when)" ]; - } '' - waitForExit = do + } '' + waitForExit = do sleep "5s" processes <- readTrim $ ps "aux" when (BSC.isInfixOf (BSC.pack "GW2.exe") (LBSC.toStrict processes)) waitForExit - main = do + main = do withCurrentDirectory "/home/maralorn/GW2" $ exe "./play.sh" waitForExit - ''; + ''; - laptop-home-pkgs = { - maintenance = pkgs.writeShellScriptBin "maintenance" '' - git -C ~/git/nixos/config pull - update-home - sudo -A update-system - sudo -A nix_collect_garbage --delete-older-than ${toString gcRetentionDays}d - nix optimise-store - ''; - rewlan = pkgs.writeShellScriptBin "rewlan" '' - nmcli r wifi off; - sleep 0.1s; - nmcli r wifi on; - ''; - gw2 = pkgs.buildFHSUserEnv { - name = "gw2"; - targetPkgs = pkgs: (with pkgs; [ sambaFull ]); - multiPkgs = pkgs: + laptop-home-pkgs = { + maintenance = pkgs.writeShellScriptBin "maintenance" '' + git -C ~/git/nixos/config pull + update-home + sudo -A update-system + sudo -A nix_collect_garbage --delete-older-than ${toString gcRetentionDays}d + nix optimise-store + ''; + rewlan = pkgs.writeShellScriptBin "rewlan" '' + nmcli r wifi off; + sleep 0.1s; + nmcli r wifi on; + ''; + gw2 = pkgs.buildFHSUserEnv { + name = "gw2"; + targetPkgs = pkgs: (with pkgs; [ sambaFull ]); + multiPkgs = pkgs: (with pkgs; with xorg; [ file @@ -93,15 +93,15 @@ in rec { gnutls krb5Full ]); - runScript = "${gw2wrapper}/bin/gw2wrapper"; - }; - cachix = import sources.cachix { }; - nixfmt = import sources.nixfmt { }; - inherit (pkgs.gnome3) nautilus; - inherit (pkgs.xorg) xev xbacklight; - inherit (pkgs) + runScript = "${gw2wrapper}/bin/gw2wrapper"; + }; + cachix = import sources.cachix { }; + nixfmt = import sources.nixfmt { }; + inherit (pkgs.gnome3) nautilus; + inherit (pkgs.xorg) xev xbacklight; + inherit (pkgs) # web - chromium + chromium # communication signal-desktop tdesktop acpi dino mumble @@ -124,47 +124,47 @@ in rec { # games minetest; - }; + }; - my-home-pkgs = { - print215 = pkgs.writeShellScriptBin "print215" '' - scp "$@" ag-forward: - ssh ag-forward lpr -Zduplex -r "$@" - ''; - print215single = pkgs.writeShellScriptBin "print215single" '' - scp "$@" ag-forward: - ssh ag-forward lpr -r "$@" - ''; - }; - urxvt = pkgs.rxvt_unicode-with-plugins; - terminal = pkgs.writeShellScriptBin "terminal" '' - ${urxvt}/bin/urxvtc "$@" - if [ $? -eq 2 ]; then + my-home-pkgs = { + print215 = pkgs.writeShellScriptBin "print215" '' + scp "$@" ag-forward: + ssh ag-forward lpr -Zduplex -r "$@" + ''; + print215single = pkgs.writeShellScriptBin "print215single" '' + scp "$@" ag-forward: + ssh ag-forward lpr -r "$@" + ''; + }; + urxvt = pkgs.rxvt_unicode-with-plugins; + terminal = pkgs.writeShellScriptBin "terminal" '' + ${urxvt}/bin/urxvtc "$@" + if [ $? -eq 2 ]; then ${urxvt}/bin/urxvtd -q -o -f ${urxvt}/bin/urxvtc "$@" - fi - ''; - desktop-pkgs = { - inherit urxvt tasktree terminal; - inherit (pkgs) xautolock; - inherit (pkgs.gnome3) dconf; - }; - home-pkgs = { - inherit (pkgs.pythonPackages) yapf jsbeautifier; - inherit (pkgs) ncmpcpp shfmt htmlTidy astyle; - inherit (my-lib) ghc; - inherit home-neovim; - }; - accounting-pkgs = { - jali = pkgs.callPackage ./jali { }; - inherit (pkgs.haskellPackages) hledger hledger-ui; - inherit (pkgs) ledger; - }; - system-pkgs = core-system-pkgs // extra-system-pkgs // { - inherit (import ../lib/test.nix) - test-system-config test-home-config test-and-bump-config; - inherit (my-lib) home-manager; - }; - foreign-home-pkgs = extra-system-pkgs; - eventd = pkgs.callPackage ./eventd { }; -} + fi + ''; + desktop-pkgs = { + inherit urxvt tasktree terminal; + inherit (pkgs) xautolock; + inherit (pkgs.gnome3) dconf; + }; + home-pkgs = { + inherit (pkgs.pythonPackages) yapf jsbeautifier; + inherit (pkgs) ncmpcpp shfmt htmlTidy astyle; + inherit (my-lib) ghc; + inherit home-neovim; + }; + accounting-pkgs = { + jali = pkgs.callPackage ./jali { }; + inherit (pkgs.haskellPackages) hledger hledger-ui; + inherit (pkgs) ledger; + }; + system-pkgs = core-system-pkgs // extra-system-pkgs // { + inherit (import ../lib/test.nix) + test-system-config test-home-config test-config; + inherit (my-lib) home-manager; + }; + foreign-home-pkgs = extra-system-pkgs; + eventd = pkgs.callPackage ./eventd { }; + } diff --git a/system/standalone/boot-key.nix b/system/boot-key.nix similarity index 100% rename from system/standalone/boot-key.nix rename to system/boot-key.nix diff --git a/system/server/default.nix b/system/server/default.nix index 9c1d1e9e..64a0cbe0 100644 --- a/system/server/default.nix +++ b/system/server/default.nix @@ -1,4 +1,6 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, lib, ... }: + +{ imports = [ ./init_ssh.nix ]; @@ -6,25 +8,26 @@ startAt = "2:45"; environment.NIX_PATH = "/etc/nix-path:nixos-config=/etc/nixos/configuration.nix"; - path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ]; - WorkingDirectory = "/var/cache/gc-links"; - restartIfChanged = false; - unitConfig.X-StopOnRemoval = false; - serviceConfig = { - Type = "oneshot"; + path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ]; + restartIfChanged = false; + unitConfig.X-StopOnRemoval = false; + serviceConfig = { + Type = "oneshot"; + WorkingDirectory = "/var/cache/gc-links"; + }; script = '' - ${(import ../lib/test.nix).test-config}/bin/test-config + ${(import ../../lib/test.nix).test-config}/bin/test-config sudo -u maralorn git -C /home/maralorn/git/nixos/config pull ${ - (import ../lib/update-system.nix + (import ../../lib/update-system.nix config.system.build.nixos-rebuild).update-system }/bin/update-system + sudo -u maralorn update-home ''; }; - }; - nix = { - gc.automatic = true; - optimise.automatic = true; - }; + nix = { + gc.automatic = true; + optimise.automatic = true; + }; -} + } diff --git a/system/standalone/default.nix b/system/standalone/default.nix index 94945af4..9ff531e5 100644 --- a/system/standalone/default.nix +++ b/system/standalone/default.nix @@ -1,7 +1,7 @@ { pkgs, config, lib, ... }: -with lib; { +{ - imports = [ ./admin.nix ./boot-key.nix ]; + imports = [ ./admin.nix ]; # So that boot does not fill up with old kernels boot.loader.grub.configurationLimit = 5; @@ -14,16 +14,16 @@ with lib; { security.sudo.extraConfig = "\n Defaults timestamp_type=global, timestamp_timeout=15\n "; - services = { sshd.enable = true; }; + services = { sshd.enable = true; }; - nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ]; + nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ]; - environment = { + environment = { # Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager systemPackages = builtins.attrValues ({ inherit (import ../../lib/update-system.nix config.system.build.nixos-rebuild) - update-system system-maintenance; + update-system; } // (import ../../pkgs).system-pkgs); sessionVariables = { TERMINFO = "/run/current-system/sw/share/terminfo"; }; };