Reconfigure default-builders
This commit is contained in:
parent
36bb535ccd
commit
97399ca9e6
|
@ -1,8 +1,7 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
{ pkgs
|
||||
, config
|
||||
, lib
|
||||
, ...
|
||||
}: {
|
||||
imports = [
|
||||
./zsh
|
||||
|
@ -13,7 +12,7 @@
|
|||
./neovim
|
||||
./nvd.nix
|
||||
];
|
||||
nixpkgs.overlays = import ../../overlays {inherit lib;};
|
||||
nixpkgs.overlays = import ../../overlays { inherit lib; };
|
||||
|
||||
news.display = "silent";
|
||||
|
||||
|
@ -64,7 +63,7 @@
|
|||
'';
|
||||
};
|
||||
password-store = {
|
||||
package = pkgs.pass-wayland.withExtensions (exts: [exts.pass-update pkgs.pass-clip exts.pass-otp]);
|
||||
package = pkgs.pass-wayland.withExtensions (exts: [ exts.pass-update pkgs.pass-clip exts.pass-otp ]);
|
||||
enable = true;
|
||||
settings.PASSWORD_STORE_DIR = "${config.home.homeDirectory}/git/password-store";
|
||||
};
|
||||
|
@ -124,48 +123,9 @@
|
|||
controlMaster = "auto";
|
||||
controlPersist = "120";
|
||||
enable = true;
|
||||
matchBlocks = let
|
||||
agHost = "fb04217.mathematik.tu-darmstadt.de";
|
||||
in {
|
||||
athene.hostname = "192.168.178.22";
|
||||
git-auto = {
|
||||
hostname = "hera.m-0.eu";
|
||||
user = "git";
|
||||
identityFile = "~/.ssh/id_auto_ed25519";
|
||||
};
|
||||
git = {
|
||||
hostname = "hera.m-0.eu";
|
||||
user = "git";
|
||||
};
|
||||
hera = {
|
||||
hostname = "hera.m-0.eu";
|
||||
user = "maralorn";
|
||||
};
|
||||
ag-forward = {
|
||||
hostname = agHost;
|
||||
proxyJump = "gw";
|
||||
user = "brandy";
|
||||
};
|
||||
ag = {
|
||||
hostname = agHost;
|
||||
user = "brandy";
|
||||
};
|
||||
gw = {
|
||||
hostname = "gwres4.mathematik.tu-darmstadt.de";
|
||||
user = "brandy";
|
||||
};
|
||||
shells = {
|
||||
hostname = "shells.darmstadt.ccc.de";
|
||||
user = "maralorn";
|
||||
};
|
||||
whisky = {
|
||||
hostname = "whisky.w17.io";
|
||||
user = "chaos";
|
||||
};
|
||||
kitchen = {
|
||||
hostname = "kitchen.w17.io";
|
||||
user = "chaos";
|
||||
};
|
||||
matchBlocks = {
|
||||
git-auto.
|
||||
identityFile = "~/.ssh/id_auto_ed25519";
|
||||
"door.w17.io".identityFile = "~/.ssh/door_rsa";
|
||||
};
|
||||
};
|
||||
|
@ -182,11 +142,11 @@
|
|||
)
|
||||
(
|
||||
pkgs.writeShellScriptBin "print-radicle-pw"
|
||||
"pass show etc/radicle/${config.m-0.hostName}"
|
||||
"pass show etc/radicle/${config.m-0.hostName}"
|
||||
)
|
||||
(
|
||||
pkgs.writeShellScriptBin "print-ssh-pw"
|
||||
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/ssh-key"
|
||||
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/ssh-key"
|
||||
)
|
||||
(
|
||||
pkgs.writeShellScriptBin "dingdingding" (builtins.readFile ./signal.sh)
|
||||
|
@ -198,7 +158,7 @@
|
|||
EMAIL = "malte.brandy@maralorn.de";
|
||||
SUDO_ASKPASS = toString (
|
||||
pkgs.writeShellScript "print-sudo-pw"
|
||||
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}"
|
||||
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}"
|
||||
);
|
||||
};
|
||||
};
|
||||
|
@ -223,17 +183,17 @@
|
|||
mimeApps = {
|
||||
enable = true;
|
||||
defaultApplications = {
|
||||
"application/pdf" = ["org.gnome.Evince.desktop"];
|
||||
"x-scheme-handler/http" = ["firefox.desktop"];
|
||||
"x-scheme-handler/https" = ["firefox.desktop"];
|
||||
"x-scheme-handler/chrome" = ["firefox.desktop"];
|
||||
"text/html" = ["firefox.desktop"];
|
||||
"application/x-extension-htm" = ["firefox.desktop"];
|
||||
"application/x-extension-html" = ["firefox.desktop"];
|
||||
"application/x-extension-shtml" = ["firefox.desktop"];
|
||||
"application/xhtml+xml" = ["firefox.desktop"];
|
||||
"application/x-extension-xhtml" = ["firefox.desktop"];
|
||||
"application/x-extension-xht" = ["firefox.desktop"];
|
||||
"application/pdf" = [ "org.gnome.Evince.desktop" ];
|
||||
"x-scheme-handler/http" = [ "firefox.desktop" ];
|
||||
"x-scheme-handler/https" = [ "firefox.desktop" ];
|
||||
"x-scheme-handler/chrome" = [ "firefox.desktop" ];
|
||||
"text/html" = [ "firefox.desktop" ];
|
||||
"application/x-extension-htm" = [ "firefox.desktop" ];
|
||||
"application/x-extension-html" = [ "firefox.desktop" ];
|
||||
"application/x-extension-shtml" = [ "firefox.desktop" ];
|
||||
"application/xhtml+xml" = [ "firefox.desktop" ];
|
||||
"application/x-extension-xhtml" = [ "firefox.desktop" ];
|
||||
"application/x-extension-xht" = [ "firefox.desktop" ];
|
||||
};
|
||||
};
|
||||
userDirs = {
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
wireguard = import ../../../common/wireguard.nix;
|
||||
inherit (config.m-0) hosts prefix;
|
||||
inherit ((import ../../../nix/sources.nix)) nixos-hardware;
|
||||
inherit (import ../../../common/common.nix {inherit pkgs;}) syncthing;
|
||||
vpn = (import ../../../private.nix).privateValue (_: _: {}) "vpn";
|
||||
in {
|
||||
inherit (import ../../../common/common.nix { inherit pkgs; }) syncthing;
|
||||
vpn = (import ../../../private.nix).privateValue (_: _: { }) "vpn";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
"${nixos-hardware}/lenovo/thinkpad/t480s"
|
||||
./hardware-configuration.nix
|
||||
|
@ -20,7 +21,7 @@ in {
|
|||
../../roles/standalone
|
||||
(vpn "apollo")
|
||||
];
|
||||
systemd.services.lenovo_fix.path = [pkgs.kmod];
|
||||
systemd.services.lenovo_fix.path = [ pkgs.kmod ];
|
||||
|
||||
networking = {
|
||||
hostName = "apollo";
|
||||
|
@ -37,12 +38,12 @@ in {
|
|||
wireguard.interfaces = {
|
||||
m0wire = {
|
||||
allowedIPsAsRoutes = false;
|
||||
ips = ["${hosts.apollo-wg}/112" "${hosts.vpn.apollo}/64"];
|
||||
ips = [ "${hosts.apollo-wg}/112" "${hosts.vpn.apollo}/64" ];
|
||||
privateKeyFile = pkgs.privatePath "wireguard/apollo-private";
|
||||
peers = [
|
||||
{
|
||||
publicKey = wireguard.pub.hera;
|
||||
allowedIPs = ["::/0"];
|
||||
allowedIPs = [ "::/0" ];
|
||||
# endpoint =
|
||||
# "[${hosts.hera-wg-host}]:${builtins.toString wireguard.port}";
|
||||
endpoint = "[${hosts.hera-v4}]:${builtins.toString wireguard.port}";
|
||||
|
@ -50,7 +51,7 @@ in {
|
|||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
postSetup = ["${pkgs.iproute}/bin/ip route add ${prefix}::/96 dev m0wire"];
|
||||
postSetup = [ "${pkgs.iproute}/bin/ip route add ${prefix}::/96 dev m0wire" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -58,13 +59,6 @@ in {
|
|||
programs = {
|
||||
adb.enable = true;
|
||||
sway.enable = true;
|
||||
ssh = {
|
||||
extraConfig = ''
|
||||
Host fb04*.mathematik.tu-darmstadt.de
|
||||
ProxyJump brandy@gwres1.mathematik.tu-darmstadt.de
|
||||
'';
|
||||
startAgent = true;
|
||||
};
|
||||
seahorse.enable = lib.mkForce false;
|
||||
dconf.enable = true;
|
||||
};
|
||||
|
@ -85,7 +79,7 @@ in {
|
|||
upower.enable = true;
|
||||
printing = {
|
||||
enable = true;
|
||||
drivers = [pkgs.gutenprint pkgs.hplip];
|
||||
drivers = [ pkgs.gutenprint pkgs.hplip ];
|
||||
};
|
||||
udev.extraRules = ''
|
||||
ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
|
||||
|
@ -121,7 +115,7 @@ in {
|
|||
cert = pkgs.privatePath "syncthing/apollo/cert.pem";
|
||||
key = pkgs.privatePath "syncthing/apollo/key.pem";
|
||||
}
|
||||
// syncthing.declarativeWith ["hera" "zeus"] "/home/maralorn/media";
|
||||
// syncthing.declarativeWith [ "hera" "zeus" ] "/home/maralorn/media";
|
||||
xserver = {
|
||||
enable = true;
|
||||
displayManager = {
|
||||
|
|
|
@ -1,17 +1,16 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
{ pkgs
|
||||
, config
|
||||
, lib
|
||||
, ...
|
||||
}: {
|
||||
imports = [../../common ./admin.nix ../../cachix.nix];
|
||||
imports = [ ../../common ./admin.nix ../../cachix.nix ];
|
||||
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
# For nixos-rebuild
|
||||
nixpkgs.overlays =
|
||||
[(_: _: (import ../../channels.nix)."${config.networking.hostName}")]
|
||||
++ import ../../overlays {inherit lib;};
|
||||
[ (_: _: (import ../../channels.nix)."${config.networking.hostName}") ]
|
||||
++ import ../../overlays { inherit lib; };
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
|
@ -19,13 +18,14 @@
|
|||
firewall.allowPing = true;
|
||||
useDHCP = false;
|
||||
hosts = lib.zipAttrs
|
||||
(
|
||||
lib.mapAttrsToList (host: ip:
|
||||
if builtins.typeOf ip == "set"
|
||||
then {}
|
||||
else {"${ip}" = "${host} ${host}.m-0.eu";})
|
||||
config.m-0.hosts
|
||||
);
|
||||
(
|
||||
lib.mapAttrsToList
|
||||
(host: ip:
|
||||
if builtins.typeOf ip == "set"
|
||||
then { }
|
||||
else { "${ip}" = "${host} ${host}.m-0.eu"; })
|
||||
config.m-0.hosts
|
||||
);
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
|
@ -41,8 +41,8 @@
|
|||
environment = {
|
||||
etc =
|
||||
lib.mapAttrs'
|
||||
(name: value: lib.nameValuePair "nix-path/${name}" {source = value;})
|
||||
(lib.filterAttrs (name: value: name != "__functor") pkgs.sources)
|
||||
(name: value: lib.nameValuePair "nix-path/${name}" { source = value; })
|
||||
(lib.filterAttrs (name: value: name != "__functor") pkgs.sources)
|
||||
// {
|
||||
"nix-path/nixos".source = pkgs.sources."${pkgs.nixpkgs-channel}";
|
||||
"nix-path/nixpkgs".source = pkgs.sources."${pkgs.nixpkgs-channel}";
|
||||
|
@ -50,16 +50,16 @@
|
|||
pkgs.sources."${pkgs.home-manager-channel}";
|
||||
};
|
||||
variables =
|
||||
lib.genAttrs ["CURL_CA_BUNDLE" "GIT_SSL_CAINFO" "SSL_CERT_FILE"]
|
||||
(_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt");
|
||||
lib.genAttrs [ "CURL_CA_BUNDLE" "GIT_SSL_CAINFO" "SSL_CERT_FILE" ]
|
||||
(_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt");
|
||||
};
|
||||
|
||||
system.activationScripts =
|
||||
lib.mkIf (!pkgs.withSecrets) {text = "echo No secrets loaded!; exit 1;";};
|
||||
lib.mkIf (!pkgs.withSecrets) { text = "echo No secrets loaded!; exit 1;"; };
|
||||
|
||||
nix = {
|
||||
binaryCaches = lib.mkAfter (
|
||||
pkgs.privateValue [] "binary-caches"
|
||||
pkgs.privateValue [ ] "binary-caches"
|
||||
# ++ (
|
||||
# if config.networking.hostName != "hera" then [ "ssh-ng://nix-ssh@hera.m-0.eu?trusted=true&priority=100" ] else [ ]
|
||||
# )
|
||||
|
@ -69,9 +69,9 @@
|
|||
"hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
|
||||
"nixbuild.net/maralorn-1:cpqv21sJgRL+ROaKY1Gr0k7AKolAKaP3S3iemGxK/30="
|
||||
];
|
||||
nixPath = ["/etc/nix-path"];
|
||||
trustedUsers = ["maralorn" "laminar"];
|
||||
buildMachines = pkgs.privateValue [] "remote-builders";
|
||||
nixPath = [ "/etc/nix-path" ];
|
||||
trustedUsers = [ "maralorn" "laminar" ];
|
||||
buildMachines = pkgs.privateValue [ ] "remote-builders";
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
fallback = true
|
||||
|
@ -79,28 +79,29 @@
|
|||
builders-use-substitutes = true
|
||||
'';
|
||||
optimise = {
|
||||
dates = [];
|
||||
dates = [ ];
|
||||
automatic = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = let
|
||||
hosts = builtins.attrNames config.services.nginx.virtualHosts;
|
||||
makeConfig = host: {
|
||||
name = "acme-${host}";
|
||||
value = {
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
RestartSec = 600;
|
||||
};
|
||||
unitConfig = {
|
||||
StartLimitIntervalSec = 2400;
|
||||
StartLimitBurst = 3;
|
||||
systemd.services =
|
||||
let
|
||||
hosts = builtins.attrNames config.services.nginx.virtualHosts;
|
||||
makeConfig = host: {
|
||||
name = "acme-${host}";
|
||||
value = {
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
RestartSec = 600;
|
||||
};
|
||||
unitConfig = {
|
||||
StartLimitIntervalSec = 2400;
|
||||
StartLimitBurst = 3;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{nix-optimise.serviceConfig.Type = "oneshot";} // builtins.listToAttrs (map makeConfig hosts);
|
||||
in
|
||||
{ nix-optimise.serviceConfig.Type = "oneshot"; } // builtins.listToAttrs (map makeConfig hosts);
|
||||
|
||||
services = {
|
||||
logind.killUserProcesses = false;
|
||||
|
@ -108,8 +109,8 @@
|
|||
prometheus.exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
enabledCollectors = ["systemd" "logind"];
|
||||
disabledCollectors = ["timex"];
|
||||
enabledCollectors = [ "systemd" "logind" ];
|
||||
disabledCollectors = [ "timex" ];
|
||||
};
|
||||
nginx = {
|
||||
inherit (config.services.nginx) enable;
|
||||
|
@ -130,6 +131,10 @@
|
|||
url = "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz";
|
||||
}
|
||||
}/programs.sqlite";
|
||||
ssh = {
|
||||
extraConfig = pkgs.privateValue "" "ssh-config";
|
||||
startAgent = true;
|
||||
};
|
||||
zsh = {
|
||||
enable = true;
|
||||
autosuggestions.enable = true;
|
||||
|
|
2
private
2
private
|
@ -1 +1 @@
|
|||
Subproject commit 265d659498a76b5ad7f285c6bd9632c0b896df2c
|
||||
Subproject commit 2d999fbc8d86d6f671c3ef110affd12cf2278ae0
|
Loading…
Reference in a new issue