Reformat
This commit is contained in:
parent
c36c483ab3
commit
a1bb4277b1
|
@ -1,13 +1,8 @@
|
|||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
"https://all-hies.cachix.org"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
"all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k="
|
||||
];
|
||||
binaryCaches = [ "https://all-hies.cachix.org" ];
|
||||
binaryCachePublicKeys =
|
||||
[ "all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k=" ];
|
||||
trustedUsers = [ "root" "maralorn" ];
|
||||
};
|
||||
}
|
||||
|
|
@ -1,13 +1,8 @@
|
|||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
"https://cachix.cachix.org"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
|
||||
];
|
||||
binaryCaches = [ "https://cachix.cachix.org" ];
|
||||
binaryCachePublicKeys =
|
||||
[ "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" ];
|
||||
trustedUsers = [ "root" "maralorn" ];
|
||||
};
|
||||
}
|
||||
|
|
@ -1,13 +1,8 @@
|
|||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
"https://nixfmt.cachix.org"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
"nixfmt.cachix.org-1:uyEQg16IhCFeDpFV07aL+Dbmh18XHVUqpkk/35WAgJI="
|
||||
];
|
||||
binaryCaches = [ "https://nixfmt.cachix.org" ];
|
||||
binaryCachePublicKeys =
|
||||
[ "nixfmt.cachix.org-1:uyEQg16IhCFeDpFV07aL+Dbmh18XHVUqpkk/35WAgJI=" ];
|
||||
trustedUsers = [ "root" "maralorn" ];
|
||||
};
|
||||
}
|
||||
|
|
@ -13,7 +13,6 @@ config = {
|
|||
}];
|
||||
};
|
||||
|
||||
|
||||
options = {
|
||||
m-0.private = mkOption {
|
||||
default = { };
|
||||
|
@ -26,12 +25,8 @@ options = {
|
|||
m-0.monitoring = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
name = mkOption { type = types.str; };
|
||||
host = mkOption { type = types.str; };
|
||||
};
|
||||
});
|
||||
default = [ ];
|
||||
|
|
|
@ -6,13 +6,20 @@ rec {
|
|||
broken = false;
|
||||
doCheck = false;
|
||||
});
|
||||
shh-extras = unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh-extras (drv: {
|
||||
shh-extras =
|
||||
unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh-extras
|
||||
(drv: {
|
||||
broken = false;
|
||||
doCheck = false;
|
||||
});
|
||||
haskellList = list: ''["${builtins.concatStringsSep ''", "'' list}"]'';
|
||||
writeHaskellScript = { name ? "haskell-script", bins ? [pkgs.coreutils], libraries ? [], imports ? []}: code:
|
||||
unstable.writers.writeHaskellBin name { libraries = libraries ++ [shh unstable.haskellPackages.string-interpolate ]; } ''
|
||||
writeHaskellScript = { name ? "haskell-script", bins ? [ pkgs.coreutils ]
|
||||
, libraries ? [ ], imports ? [ ] }:
|
||||
code:
|
||||
unstable.writers.writeHaskellBin name {
|
||||
libraries = libraries
|
||||
++ [ shh unstable.haskellPackages.string-interpolate ];
|
||||
} ''
|
||||
{-# LANGUAGE DeriveDataTypeable #-}
|
||||
{-# LANGUAGE TemplateHaskell #-}
|
||||
{-# LANGUAGE QuasiQuotes #-}
|
||||
|
@ -39,7 +46,8 @@ rec {
|
|||
name = "get-niv-path";
|
||||
bins = [ pkgs.nix ];
|
||||
imports = [ "System.Console.CmdArgs.Implicit" ];
|
||||
libraries = [ unstable.haskellPackages.cmdargs unstable.haskellPackages.text ];
|
||||
libraries =
|
||||
[ unstable.haskellPackages.cmdargs unstable.haskellPackages.text ];
|
||||
} ''
|
||||
|
||||
trimQuotation = pureProc $ LTE.encodeUtf8 . LT.dropAround ('"' ==) . LTE.decodeUtf8 . trim
|
||||
|
|
|
@ -13,60 +13,34 @@ rec {
|
|||
core-system-pkgs = {
|
||||
inherit neovim;
|
||||
inherit (pkgs)
|
||||
gitFull
|
||||
gnumake
|
||||
python3
|
||||
mkpasswd
|
||||
file
|
||||
wget
|
||||
curl
|
||||
wireguard
|
||||
gnupg
|
||||
mutt
|
||||
bind
|
||||
liboping
|
||||
psmisc
|
||||
unzip
|
||||
rename
|
||||
whois
|
||||
lsof;
|
||||
gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
|
||||
liboping psmisc unzip rename whois lsof;
|
||||
};
|
||||
|
||||
extra-system-pkgs = {
|
||||
lorri = import sources.lorri { src = sources.lorri; pkgs = unstable; };
|
||||
lorri = import sources.lorri {
|
||||
src = sources.lorri;
|
||||
pkgs = unstable;
|
||||
};
|
||||
inherit niv;
|
||||
inherit (pkgs.gitAndTools) git-annex;
|
||||
inherit (pkgs.rxvt_unicode) terminfo;
|
||||
inherit (pkgs.pythonPackages) qrcode;
|
||||
inherit (pkgs)
|
||||
|
||||
git-crypt
|
||||
htop
|
||||
tree
|
||||
pwgen
|
||||
borgbackup
|
||||
inotifyTools
|
||||
git-crypt htop tree pwgen borgbackup inotifyTools
|
||||
|
||||
direnv
|
||||
|
||||
socat
|
||||
nmap
|
||||
tcpdump
|
||||
socat nmap tcpdump
|
||||
|
||||
tmux
|
||||
tig
|
||||
exa
|
||||
fzf
|
||||
ag
|
||||
fd
|
||||
bat
|
||||
tmux tig exa fzf ag fd bat
|
||||
|
||||
ripgrep
|
||||
|
||||
ranger
|
||||
|
||||
pass
|
||||
sshuttle;
|
||||
pass sshuttle;
|
||||
};
|
||||
|
||||
laptop-home-pkgs = {
|
||||
|
@ -90,49 +64,26 @@ rec {
|
|||
chromium
|
||||
|
||||
# communication
|
||||
signal-desktop
|
||||
tdesktop
|
||||
acpi
|
||||
dino
|
||||
mumble
|
||||
signal-desktop tdesktop acpi dino mumble
|
||||
|
||||
# config
|
||||
arandr
|
||||
|
||||
#dev
|
||||
meld
|
||||
icedtea8_web
|
||||
octave
|
||||
filezilla
|
||||
meld icedtea8_web octave filezilla
|
||||
|
||||
# tools & office
|
||||
feh
|
||||
gimp
|
||||
imagemagick
|
||||
ghostscript
|
||||
libreoffice-fresh
|
||||
pandoc
|
||||
xournal
|
||||
musescore
|
||||
handbrake
|
||||
evince
|
||||
|
||||
feh gimp imagemagick ghostscript libreoffice-fresh pandoc xournal
|
||||
musescore handbrake evince
|
||||
|
||||
networkmanagerapplet
|
||||
# teamviewer
|
||||
|
||||
# media
|
||||
ncpamixer
|
||||
pavucontrol
|
||||
deluge
|
||||
mpd
|
||||
gmpc
|
||||
calibre
|
||||
mpv
|
||||
youtubeDL
|
||||
ncpamixer pavucontrol deluge mpd gmpc calibre mpv youtubeDL
|
||||
|
||||
minetest
|
||||
;};
|
||||
minetest;
|
||||
};
|
||||
|
||||
my-home-pkgs = {
|
||||
print215 = pkgs.writeShellScriptBin "print215" ''
|
||||
|
@ -168,7 +119,8 @@ accounting-pkgs = {
|
|||
inherit (pkgs) ledger;
|
||||
};
|
||||
system-pkgs = core-system-pkgs // extra-system-pkgs // {
|
||||
inherit (import ./test-lib.nix) test-system-config test-home-config test-and-bump-config;
|
||||
inherit (import ./test-lib.nix)
|
||||
test-system-config test-home-config test-and-bump-config;
|
||||
inherit (import ../common/lib.nix) home-manager;
|
||||
};
|
||||
foreign-home-pkgs = extra-system-pkgs;
|
||||
|
|
Binary file not shown.
|
@ -1,8 +1,8 @@
|
|||
let
|
||||
pkgs = import <nixpkgs> { };
|
||||
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path home-manager unstable niv haskellList;
|
||||
haskellBody = commandline:
|
||||
''
|
||||
inherit (import ../common/lib.nix)
|
||||
writeHaskellScript get-niv-path home-manager unstable niv haskellList;
|
||||
haskellBody = commandline: ''
|
||||
getNivPath dir = readTrim . get_niv_path ([i|#{dir :: String}/nix/sources.nix|] :: String)
|
||||
|
||||
getNivAssign dir name = fmap process . getNivPath dir $ name
|
||||
|
@ -18,16 +18,14 @@ let
|
|||
test-system-config = writeHaskellScript {
|
||||
name = "test-system-config";
|
||||
inherit bins;
|
||||
} (haskellBody
|
||||
''
|
||||
} (haskellBody ''
|
||||
nix $ ["build", "-f", "<nixpkgs/nixos>", "system"] ++ paths ++ ["-I", [i|nixos-config=#{configDir}/hosts/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ args
|
||||
'');
|
||||
|
||||
test-home-config = writeHaskellScript {
|
||||
name = "test-home-config";
|
||||
inherit bins;
|
||||
} (haskellBody
|
||||
''
|
||||
} (haskellBody ''
|
||||
nix $ ["build", "-f", "<home-manager/home-manager/home-manager.nix>"] ++ paths ++ ["--argstr", "confPath", [i|#{configDir}/hosts/#{hostname}/home.nix|], "--argstr", "confAttr", "", "--out-link", [i|result-home-manager-#{hostname}|], "activationPackage"] ++ args
|
||||
'');
|
||||
|
||||
|
@ -38,8 +36,19 @@ let
|
|||
keys = [ "default" "apollo" "hera" ];
|
||||
test-and-bump-config = writeHaskellScript {
|
||||
name = "test-and-bump-config";
|
||||
bins = [ test-system-config test-home-config pkgs.git pkgs.coreutils niv pkgs.git-crypt ];
|
||||
imports = [ "Control.Exception (bracket)" "System.Directory (withCurrentDirectory)" "Control.Monad (when)"];
|
||||
bins = [
|
||||
test-system-config
|
||||
test-home-config
|
||||
pkgs.git
|
||||
pkgs.coreutils
|
||||
niv
|
||||
pkgs.git-crypt
|
||||
];
|
||||
imports = [
|
||||
"Control.Exception (bracket)"
|
||||
"System.Directory (withCurrentDirectory)"
|
||||
"Control.Monad (when)"
|
||||
];
|
||||
} ''
|
||||
checkout :: IO FilePath
|
||||
checkout = do
|
||||
|
@ -51,7 +60,9 @@ let
|
|||
path <- readTrim pwd
|
||||
bracket checkout (rm "-rf") $ \dir -> do
|
||||
withCurrentDirectory dir $ do
|
||||
mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${haskellList keys}
|
||||
mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${
|
||||
haskellList keys
|
||||
}
|
||||
ignoreFailure $ niv "update"
|
||||
mapM_ (test_system_config dir) ${haskellList systems}
|
||||
mapM_ (test_home_config dir) ${haskellList homes}
|
||||
|
@ -62,7 +73,4 @@ let
|
|||
git "-C" dir "commit" "-am" "Update dependencies with niv"
|
||||
git "-C" dir "push"
|
||||
'';
|
||||
in
|
||||
{
|
||||
inherit test-system-config test-home-config test-and-bump-config;
|
||||
}
|
||||
in { inherit test-system-config test-home-config test-and-bump-config; }
|
||||
|
|
|
@ -24,15 +24,9 @@ in {
|
|||
|
||||
systemd.user = {
|
||||
services.battery = {
|
||||
Unit = {
|
||||
Description = "Watch battery state and warn user";
|
||||
};
|
||||
Service = {
|
||||
ExecStart=toString battery-watch;
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "graphical-session.target" ];
|
||||
};
|
||||
Unit = { Description = "Watch battery state and warn user"; };
|
||||
Service = { ExecStart = toString battery-watch; };
|
||||
Install = { WantedBy = [ "graphical-session.target" ]; };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{ pkgs, config, ... }:
|
||||
let
|
||||
inherit (config.m-0.private) me meWork;
|
||||
let inherit (config.m-0.private) me meWork;
|
||||
in {
|
||||
|
||||
imports = [
|
||||
|
@ -20,7 +19,6 @@ imports = [
|
|||
../common
|
||||
];
|
||||
|
||||
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
direnv = {
|
||||
|
@ -37,9 +35,7 @@ programs = {
|
|||
'';
|
||||
};
|
||||
git = {
|
||||
aliases = {
|
||||
sync = "!git pull -r && git push";
|
||||
};
|
||||
aliases = { sync = "!git pull -r && git push"; };
|
||||
enable = true;
|
||||
ignores = [
|
||||
".syncthing*.tmp"
|
||||
|
@ -85,17 +81,57 @@ programs = {
|
|||
matheGwProxy = "ssh -q gw nc -q0 %h %p";
|
||||
agHost = "fb04217.mathematik.tu-darmstadt.de";
|
||||
in [
|
||||
{ host = "charon"; hostname = "charon.olymp.space"; }
|
||||
{ host = "hera"; hostname = "hera.m-0.eu"; forwardAgent = true; }
|
||||
{ host = "ag-forward"; hostname = agHost; proxyCommand = matheGwProxy; user = meWork.user; }
|
||||
{ host = "ag"; hostname = agHost; user = meWork.user; }
|
||||
{ host = "gw"; hostname = "gwres4.mathematik.tu-darmstadt.de"; user = meWork.user; }
|
||||
{ host = "shells"; hostname = "shells.darmstadt.ccc.de"; }
|
||||
{ host = "vorstand"; hostname = "vorstand.darmstadt.ccc.de"; }
|
||||
{ host = "*.darmstadt.ccc.de"; user = me.user; }
|
||||
{ host = "whisky"; hostname = "whisky.w17.io"; user = "chaos"; }
|
||||
{ host = "kitchen"; hostname = "kitchen.w17.io"; user = "chaos"; }
|
||||
{ host = "door.w17.io"; identityFile = "~/.ssh/door_rsa";}
|
||||
{
|
||||
host = "charon";
|
||||
hostname = "charon.olymp.space";
|
||||
}
|
||||
{
|
||||
host = "hera";
|
||||
hostname = "hera.m-0.eu";
|
||||
forwardAgent = true;
|
||||
}
|
||||
{
|
||||
host = "ag-forward";
|
||||
hostname = agHost;
|
||||
proxyCommand = matheGwProxy;
|
||||
user = meWork.user;
|
||||
}
|
||||
{
|
||||
host = "ag";
|
||||
hostname = agHost;
|
||||
user = meWork.user;
|
||||
}
|
||||
{
|
||||
host = "gw";
|
||||
hostname = "gwres4.mathematik.tu-darmstadt.de";
|
||||
user = meWork.user;
|
||||
}
|
||||
{
|
||||
host = "shells";
|
||||
hostname = "shells.darmstadt.ccc.de";
|
||||
}
|
||||
{
|
||||
host = "vorstand";
|
||||
hostname = "vorstand.darmstadt.ccc.de";
|
||||
}
|
||||
{
|
||||
host = "*.darmstadt.ccc.de";
|
||||
user = me.user;
|
||||
}
|
||||
{
|
||||
host = "whisky";
|
||||
hostname = "whisky.w17.io";
|
||||
user = "chaos";
|
||||
}
|
||||
{
|
||||
host = "kitchen";
|
||||
hostname = "kitchen.w17.io";
|
||||
user = "chaos";
|
||||
}
|
||||
{
|
||||
host = "door.w17.io";
|
||||
identityFile = "~/.ssh/door_rsa";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
@ -103,15 +139,16 @@ programs = {
|
|||
home = {
|
||||
packages = builtins.attrValues (import ../common/pkgs.nix).home-pkgs;
|
||||
sessionVariables = {
|
||||
PATH = "$HOME/.cargo/bin:/etc/profiles/per-user/${config.home.username}/bin:$HOME/.nix-profile/bin:$PATH";
|
||||
PATH =
|
||||
"$HOME/.cargo/bin:/etc/profiles/per-user/${config.home.username}/bin:$HOME/.nix-profile/bin:$PATH";
|
||||
BROWSER = "${pkgs.firefox}/bin/firefox";
|
||||
EDITOR = "${pkgs.neovim}/bin/nvim";
|
||||
TERMINAL = config.m-0.terminal;
|
||||
EMAIL = me.mail;
|
||||
SUDO_ASKPASS = let
|
||||
print-pw = pkgs.writeShellScriptBin "print-pw" "pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}";
|
||||
in
|
||||
"${print-pw}/bin/print-pw";
|
||||
print-pw = pkgs.writeShellScriptBin "print-pw"
|
||||
"pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}";
|
||||
in "${print-pw}/bin/print-pw";
|
||||
};
|
||||
};
|
||||
fonts.fontconfig.enableProfileFonts = true;
|
||||
|
@ -126,6 +163,5 @@ services = {
|
|||
};
|
||||
};
|
||||
|
||||
|
||||
xdg.enable = true;
|
||||
}
|
||||
|
|
|
@ -1,16 +1,9 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
inherit (import ../../common/pkgs.nix) desktop-pkgs;
|
||||
in
|
||||
{
|
||||
let inherit (import ../../common/pkgs.nix) desktop-pkgs;
|
||||
in {
|
||||
|
||||
imports = [
|
||||
./i3.nix
|
||||
./rofi.nix
|
||||
./ssh-agent.nix
|
||||
./eventd.nix
|
||||
./sleep-nag.nix
|
||||
];
|
||||
imports =
|
||||
[ ./i3.nix ./rofi.nix ./ssh-agent.nix ./eventd.nix ./sleep-nag.nix ];
|
||||
m-0 = {
|
||||
workspaces = [
|
||||
"tasks"
|
||||
|
@ -116,7 +109,8 @@ imports = [
|
|||
};
|
||||
screen-locker = {
|
||||
enable = true;
|
||||
lockCmd = "${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png";
|
||||
lockCmd =
|
||||
"${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png";
|
||||
};
|
||||
};
|
||||
xsession.enable = true;
|
||||
|
|
|
@ -13,9 +13,7 @@ in {
|
|||
After = [ "graphical-session-pre.target" ];
|
||||
PartOf = [ "graphical-session.target" ];
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "default.target" ];
|
||||
};
|
||||
Install = { WantedBy = [ "default.target" ]; };
|
||||
Service = {
|
||||
Type = "notify";
|
||||
Sockets = "eventd-control.socket eventd.socket";
|
||||
|
@ -26,9 +24,7 @@ in {
|
|||
};
|
||||
sockets = {
|
||||
eventd-control = {
|
||||
Unit = {
|
||||
Description = "eventd control socket";
|
||||
};
|
||||
Unit = { Description = "eventd control socket"; };
|
||||
Socket = {
|
||||
Service = "eventd.service";
|
||||
SocketMode = "0600";
|
||||
|
@ -36,9 +32,7 @@ in {
|
|||
};
|
||||
};
|
||||
eventd = {
|
||||
Unit = {
|
||||
Description = "eventd sockets";
|
||||
};
|
||||
Unit = { Description = "eventd sockets"; };
|
||||
Socket = {
|
||||
SocketMode = "0660";
|
||||
ListenStream = "%t/eventd/evp";
|
||||
|
@ -72,9 +66,7 @@ in {
|
|||
Spacing = 1;
|
||||
Limit = 20;
|
||||
};
|
||||
Notification = {
|
||||
Text = "\${message}";
|
||||
};
|
||||
Notification = { Text = "\${message}"; };
|
||||
NotificationBubble = {
|
||||
Padding = 10;
|
||||
Radius = 0;
|
||||
|
@ -89,26 +81,14 @@ in {
|
|||
};
|
||||
};
|
||||
"eventd/notification.event".text = lib.generators.toINI { } {
|
||||
"Event notification *" = {
|
||||
Actions = "notification";
|
||||
};
|
||||
"Event notification kassandra" = {
|
||||
Actions = "kassandra";
|
||||
};
|
||||
"Event command success" = {
|
||||
Actions = "command-success";
|
||||
};
|
||||
"Event command failure" = {
|
||||
Actions = "command-failure";
|
||||
};
|
||||
"Event critical *" = {
|
||||
Actions = "critical";
|
||||
};
|
||||
"Event notification *" = { Actions = "notification"; };
|
||||
"Event notification kassandra" = { Actions = "kassandra"; };
|
||||
"Event command success" = { Actions = "command-success"; };
|
||||
"Event command failure" = { Actions = "command-failure"; };
|
||||
"Event critical *" = { Actions = "critical"; };
|
||||
};
|
||||
"eventd/command-success.action".text = lib.generators.toINI { } {
|
||||
Action = {
|
||||
Name = "command-success";
|
||||
};
|
||||
Action = { Name = "command-success"; };
|
||||
Notification = {
|
||||
Text = "<b>\${command}</b>\\nsucceeded after \${time} @ \${host}";
|
||||
};
|
||||
|
@ -118,9 +98,7 @@ in {
|
|||
};
|
||||
};
|
||||
"eventd/command-failure.action".text = lib.generators.toINI { } {
|
||||
Action = {
|
||||
Name = "command-failure";
|
||||
};
|
||||
Action = { Name = "command-failure"; };
|
||||
Notification = {
|
||||
Text = "<b>\${command}</b>\\nfailed after \${time} @ \${host}";
|
||||
};
|
||||
|
@ -130,35 +108,21 @@ in {
|
|||
};
|
||||
};
|
||||
"eventd/critical.action".text = lib.generators.toINI { } {
|
||||
Action = {
|
||||
Name = "critical";
|
||||
};
|
||||
Notification = {
|
||||
Text = "<b>\${title}</b>\${message/^/\\n}";
|
||||
};
|
||||
Action = { Name = "critical"; };
|
||||
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
|
||||
NotificationBubble = {
|
||||
Queue = "critical";
|
||||
Colour = colors.red;
|
||||
};
|
||||
};
|
||||
"eventd/kassandra.action".text = lib.generators.toINI { } {
|
||||
Action = {
|
||||
Name = "kassandra";
|
||||
};
|
||||
Notification = {
|
||||
Text = "<b>\${title}</b>\${message/^/\\n}";
|
||||
};
|
||||
NotificationBubble = {
|
||||
Queue = "critical";
|
||||
};
|
||||
Action = { Name = "kassandra"; };
|
||||
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
|
||||
NotificationBubble = { Queue = "critical"; };
|
||||
};
|
||||
"eventd/notification.action".text = lib.generators.toINI { } {
|
||||
Action = {
|
||||
Name = "notification";
|
||||
};
|
||||
Notification = {
|
||||
Text = "<b>\${title}</b>\${message/^/\\n}";
|
||||
};
|
||||
Action = { Name = "notification"; };
|
||||
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -64,13 +64,12 @@ let
|
|||
]]
|
||||
|
||||
'';
|
||||
addMods = oldbindings: builtins.foldl' (newbindings: key:
|
||||
addMods = oldbindings:
|
||||
builtins.foldl' (newbindings: key:
|
||||
newbindings // {
|
||||
"Mod4+${key}" = oldbindings.${key};
|
||||
"Mod3+Mod4+${key}" = oldbindings.${key};
|
||||
})
|
||||
{}
|
||||
(builtins.attrNames oldbindings);
|
||||
}) { } (builtins.attrNames oldbindings);
|
||||
in {
|
||||
|
||||
xsession = {
|
||||
|
@ -92,8 +91,14 @@ in {
|
|||
});
|
||||
config = {
|
||||
startup = [
|
||||
{ command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}"; notification = false; }
|
||||
{ command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}"; notification = false; }
|
||||
{
|
||||
command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}";
|
||||
notification = false;
|
||||
}
|
||||
{
|
||||
command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}";
|
||||
notification = false;
|
||||
}
|
||||
];
|
||||
focus = {
|
||||
followMouse = false;
|
||||
|
@ -130,8 +135,7 @@ in {
|
|||
text = colors.foreground;
|
||||
};
|
||||
};
|
||||
bars = [
|
||||
{
|
||||
bars = [{
|
||||
mode = "hide";
|
||||
colors = {
|
||||
separator = colors.white;
|
||||
|
@ -161,19 +165,24 @@ in {
|
|||
window = {
|
||||
titlebar = false;
|
||||
border = 1;
|
||||
commands = [ { command = "floating disable"; criteria = { class = "Firefox";};} ];
|
||||
commands = [{
|
||||
command = "floating disable";
|
||||
criteria = { class = "Firefox"; };
|
||||
}];
|
||||
};
|
||||
keybindings = {
|
||||
"XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle";
|
||||
"XF86AudioLowerVolume" = "exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
|
||||
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
|
||||
"XF86AudioMicMute" = "exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
|
||||
"XF86AudioLowerVolume" =
|
||||
"exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
|
||||
"XF86AudioRaiseVolume" =
|
||||
"exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
|
||||
"XF86AudioMicMute" =
|
||||
"exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
|
||||
"XF86MonBrightnessUp" = "exec xbacklight +5";
|
||||
"XF86MonBrightnessDown" = "exec xbacklight -5";
|
||||
"XF86Display" = "${exec} ${pkgs.arandr}/bin/arandr";
|
||||
"Ctrl+Escape" = "${exec} loginctl lock-session;";
|
||||
} //
|
||||
addMods ({
|
||||
} // addMods ({
|
||||
"Left" = "focus left";
|
||||
"Down" = "focus down";
|
||||
"Up" = "focus up";
|
||||
|
@ -195,16 +204,17 @@ in {
|
|||
"m" = "move workspace to output up";
|
||||
"n" = "move workspace to output right";
|
||||
"shift+space" = "floating toggle";
|
||||
"shift+q" = "${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'";
|
||||
"shift+q" =
|
||||
"${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'";
|
||||
"space" = "${exec} hotkeys";
|
||||
} // builtins.foldl' (bindings: name: let
|
||||
number = toString ((builtins.length (builtins.attrNames bindings)) / 2);
|
||||
in
|
||||
bindings // {
|
||||
} // builtins.foldl' (bindings: name:
|
||||
let
|
||||
number =
|
||||
toString ((builtins.length (builtins.attrNames bindings)) / 2);
|
||||
in bindings // {
|
||||
"${number}" = "workspace ${number}:${name}";
|
||||
"Shift+${number}" = "move container to workspace ${number}:${name}";
|
||||
}) {} workspaces
|
||||
);
|
||||
}) { } workspaces);
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,14 +1,9 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
with lib;
|
||||
let
|
||||
inherit (config.m-0) colors workspaces terminal;
|
||||
let inherit (config.m-0) colors workspaces terminal;
|
||||
in {
|
||||
|
||||
home = {
|
||||
packages = with pkgs; [
|
||||
rofi-pass
|
||||
];
|
||||
};
|
||||
home = { packages = with pkgs; [ rofi-pass ]; };
|
||||
programs = {
|
||||
rofi = {
|
||||
enable = true;
|
||||
|
|
|
@ -16,15 +16,9 @@ in {
|
|||
|
||||
systemd.user = {
|
||||
services.sleep-nag = {
|
||||
Unit = {
|
||||
Description = "Sleep nag";
|
||||
};
|
||||
Service = {
|
||||
ExecStart=toString sleep-nag;
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "graphical-session.target" ];
|
||||
};
|
||||
Unit = { Description = "Sleep nag"; };
|
||||
Service = { ExecStart = toString sleep-nag; };
|
||||
Install = { WantedBy = [ "graphical-session.target" ]; };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ pkgs , config , lib, ... }:
|
||||
{
|
||||
{ pkgs, config, lib, ... }: {
|
||||
|
||||
xsession.initExtra = let
|
||||
cat-pw = pkgs.writeShellScriptBin "cat-ssh-pw" ''
|
||||
|
@ -12,7 +11,6 @@
|
|||
systemctl --user set-environment SSH_AGENT_PID="$SSH_AGENT_PID"
|
||||
SSH_ASKPASS=${cat-pw}/bin/cat-ssh-pw ${pkgs.openssh}/bin/ssh-add & < /dev/null
|
||||
'';
|
||||
in
|
||||
". ${start-agent}/bin/start-ssh-agent";
|
||||
in ". ${start-agent}/bin/start-ssh-agent";
|
||||
|
||||
}
|
||||
|
|
|
@ -1,16 +1,12 @@
|
|||
let
|
||||
inherit (import ../common/lib.nix) home-manager writeHaskellScript get-niv-path;
|
||||
in
|
||||
{
|
||||
update-home = configPath: writeHaskellScript
|
||||
{
|
||||
inherit (import ../common/lib.nix)
|
||||
home-manager writeHaskellScript get-niv-path;
|
||||
in {
|
||||
update-home = configPath:
|
||||
writeHaskellScript {
|
||||
name = "update-home";
|
||||
bins = [
|
||||
get-niv-path
|
||||
home-manager
|
||||
];
|
||||
}
|
||||
''
|
||||
bins = [ get-niv-path home-manager ];
|
||||
} ''
|
||||
|
||||
getNivPath = get_niv_path "${configPath}/nix/sources.nix"
|
||||
|
||||
|
|
|
@ -1,15 +1,13 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
{
|
||||
with lib; {
|
||||
|
||||
options.m-0.accounting.enable = mkEnableOption "Accounting";
|
||||
options.m-0.accounting.config = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
options.m-0.accounting.config = mkOption { type = types.str; };
|
||||
|
||||
config = mkIf config.m-0.accounting.enable {
|
||||
home.file.".config/jali/config.py".text = config.m-0.accounting.config;
|
||||
home.packages = builtins.attrValues (import ../../../common/pkgs.nix).accounting-pkgs;
|
||||
home.packages =
|
||||
builtins.attrValues (import ../../../common/pkgs.nix).accounting-pkgs;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
let
|
||||
inherit (config.m-0.private) me gitlab github otrs;
|
||||
let inherit (config.m-0.private) me gitlab github otrs;
|
||||
in {
|
||||
options.m-0.bugwarrior.enable = mkEnableOption "Sync tasks from issuetrackers";
|
||||
options.m-0.bugwarrior.enable =
|
||||
mkEnableOption "Sync tasks from issuetrackers";
|
||||
config = mkIf config.m-0.bugwarrior.enable {
|
||||
home.file.".config/bugwarrior/bugwarriorrc".text = ''
|
||||
[general]
|
||||
|
@ -38,22 +38,17 @@ config = mkIf config.m-0.bugwarrior.enable {
|
|||
'';
|
||||
systemd.user = {
|
||||
services.bugwarrior = {
|
||||
Unit = {
|
||||
Description = "Run bugwarrior";
|
||||
};
|
||||
Unit = { Description = "Run bugwarrior"; };
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
Environment=''PATH=${pkgs.taskwarrior}/bin:${pkgs.eventd}/bin:${pkgs.gnugrep}/bin'';
|
||||
Environment =
|
||||
"PATH=${pkgs.taskwarrior}/bin:${pkgs.eventd}/bin:${pkgs.gnugrep}/bin";
|
||||
ExecStart = "${pkgs.bugwarrior}/bin/bugwarrior-pull";
|
||||
};
|
||||
};
|
||||
timers.bugwarrior = {
|
||||
Timer = {
|
||||
OnCalendar = "hourly";
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "timers.target" ];
|
||||
};
|
||||
Timer = { OnCalendar = "hourly"; };
|
||||
Install = { WantedBy = [ "timers.target" ]; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -20,15 +20,15 @@ let
|
|||
echo "Overwriting $HOME/${path}"
|
||||
cp --remove-destination -T $canonical $HOME/${path};
|
||||
'';
|
||||
in with lib;
|
||||
{
|
||||
in with lib; {
|
||||
options.home.forceCopies.paths = mkOption {
|
||||
default = [ ];
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
config.home.activation = {
|
||||
deleteForcedCopies = config.lib.dag.entryBefore [ "checkLinkTargets" ]
|
||||
(builtins.concatStringsSep "\n" (builtins.map disableCollisionCheck paths));
|
||||
(builtins.concatStringsSep "\n"
|
||||
(builtins.map disableCollisionCheck paths));
|
||||
forceCopies = config.lib.dag.entryAfter [ "linkGeneration" ]
|
||||
(builtins.concatStringsSep "\n" (builtins.map copyPath paths));
|
||||
};
|
||||
|
|
|
@ -1,12 +1,9 @@
|
|||
{ lib, config, pkgs, ... }:
|
||||
with lib;
|
||||
{
|
||||
with lib; {
|
||||
|
||||
options = {
|
||||
m-0 = {
|
||||
hostName = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
hostName = mkOption { type = types.str; };
|
||||
terminal = mkOption {
|
||||
default = "urxvt";
|
||||
type = types.str;
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
{
|
||||
with lib; {
|
||||
|
||||
options.m-0.latex.enable = mkEnableOption "Latex";
|
||||
|
||||
|
@ -8,14 +7,10 @@ config = mkIf config.m-0.latex.enable {
|
|||
programs = {
|
||||
texlive = {
|
||||
enable = true;
|
||||
extraPackages = tpkgs: {inherit (tpkgs)
|
||||
scheme-small
|
||||
pdfjam
|
||||
latexmk
|
||||
collection-latexextra
|
||||
collection-bibtexextra
|
||||
collection-luatex
|
||||
collection-mathscience
|
||||
extraPackages = tpkgs: {
|
||||
inherit (tpkgs)
|
||||
scheme-small pdfjam latexmk collection-latexextra
|
||||
collection-bibtexextra collection-luatex collection-mathscience
|
||||
collection-fontsextra;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -7,9 +7,7 @@ let
|
|||
in {
|
||||
|
||||
options.m-0.mail.enable = mkEnableOption "private-mail";
|
||||
options.m-0.mail.accounts = mkOption {
|
||||
type = types.attrs;
|
||||
};
|
||||
options.m-0.mail.accounts = mkOption { type = types.attrs; };
|
||||
|
||||
config = mkIf mail.enable {
|
||||
|
||||
|
@ -17,13 +15,15 @@ services.mbsync = {
|
|||
enable = true;
|
||||
frequency = "*:0/30";
|
||||
verbose = false;
|
||||
postExec = "${pkgs.notmuch}/bin/notmuch --config=${config.home.sessionVariables.NOTMUCH_CONFIG} new";
|
||||
postExec =
|
||||
"${pkgs.notmuch}/bin/notmuch --config=${config.home.sessionVariables.NOTMUCH_CONFIG} new";
|
||||
};
|
||||
|
||||
accounts.email.accounts = config.m-0.mail.accounts;
|
||||
|
||||
systemd.user.services = let
|
||||
mkService = name: account: let
|
||||
mkService = name: account:
|
||||
let
|
||||
configjs = pkgs.writeText "config.js" ''
|
||||
var child_process = require('child_process');
|
||||
|
||||
|
@ -42,27 +42,22 @@ systemd.user.services = let
|
|||
exports.onNotifyPost = "${pkgs.notmuch}/bin/notmuch new"
|
||||
exports.boxes = [ "Inbox" ];
|
||||
'';
|
||||
in
|
||||
{
|
||||
Unit = {
|
||||
Description = "Run imapnotify for imap account ${name}";
|
||||
};
|
||||
in {
|
||||
Unit = { Description = "Run imapnotify for imap account ${name}"; };
|
||||
Service = {
|
||||
ExecStart = "${pkgs.imapnotify}/bin/imapnotify -c ${configjs}";
|
||||
Restart = "always";
|
||||
RestartSec = "1min";
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "default.target" ];
|
||||
};
|
||||
Install = { WantedBy = [ "default.target" ]; };
|
||||
};
|
||||
mkServiceWithName = name: account: {
|
||||
name = "imapnotify-${name}-inbox";
|
||||
value = mkService name account;
|
||||
};
|
||||
hasImapHost = name: account: account.imap != null;
|
||||
in
|
||||
mapAttrs' mkServiceWithName (filterAttrs hasImapHost config.accounts.email.accounts);
|
||||
in mapAttrs' mkServiceWithName
|
||||
(filterAttrs hasImapHost config.accounts.email.accounts);
|
||||
|
||||
programs.msmtp.enable = true;
|
||||
programs.mbsync.enable = true;
|
||||
|
@ -81,11 +76,10 @@ programs.notmuch = {
|
|||
maildir.synchronizeFlags = true;
|
||||
};
|
||||
home = {
|
||||
packages = with pkgs; [
|
||||
neomutt
|
||||
];
|
||||
packages = with pkgs; [ neomutt ];
|
||||
file = let
|
||||
mutt_alternates = "@maralorn.de " + (builtins.concatStringsSep " " me.alternates);
|
||||
mutt_alternates = "@maralorn.de "
|
||||
+ (builtins.concatStringsSep " " me.alternates);
|
||||
show-sidebar = pkgs.writeText "show-sidebar" ''
|
||||
set sidebar_visible=yes
|
||||
bind index <up> sidebar-prev
|
||||
|
@ -178,7 +172,9 @@ programs.notmuch = {
|
|||
set sidebar_format = "%B%* %?N?%N/?%S"
|
||||
|
||||
alias f__0 ${me.name} <${me.mail}>
|
||||
${builtins.concatStringsSep "\n" (lib.imap1 (n: x: "alias f__${toString n} ${me.name} <${x}>") me.alternates)}
|
||||
${builtins.concatStringsSep "\n"
|
||||
(lib.imap1 (n: x: "alias f__${toString n} ${me.name} <${x}>")
|
||||
me.alternates)}
|
||||
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${me.mail}<enter>"
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
{
|
||||
with lib; {
|
||||
|
||||
options.m-0.pythia.enable = mkEnableOption "Pythia";
|
||||
config = mkIf config.m-0.pythia.enable (let
|
||||
|
@ -108,10 +107,7 @@ exit
|
|||
'';
|
||||
in {
|
||||
|
||||
home.packages = with pkgs; [
|
||||
pythia
|
||||
meditate
|
||||
];
|
||||
home.packages = with pkgs; [ pythia meditate ];
|
||||
});
|
||||
|
||||
}
|
||||
|
|
|
@ -1,15 +1,10 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
{
|
||||
with lib; {
|
||||
|
||||
options.m-0.rustdev.enable = mkEnableOption "Rust Dev";
|
||||
|
||||
config = mkIf config.m-0.rustdev.enable {
|
||||
home.packages = with pkgs; [
|
||||
rustup
|
||||
nix-prefetch-scripts
|
||||
gcc
|
||||
];
|
||||
home.packages = with pkgs; [ rustup nix-prefetch-scripts gcc ];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -6,7 +6,9 @@ let
|
|||
cd ${config.home.homeDirectory}/.task
|
||||
${pkgs.git}/bin/git add completed.data pending.data > /dev/null
|
||||
${pkgs.git}/bin/git commit -m 'Updating task data' > /dev/null
|
||||
${pkgs.git}/bin/git pull -X ${if config.m-0.taskwarrior.git_active then "ours" else "theirs"} | ${pkgs.gnugrep}/bin/grep -v "Already up to date."
|
||||
${pkgs.git}/bin/git pull -X ${
|
||||
if config.m-0.taskwarrior.git_active then "ours" else "theirs"
|
||||
} | ${pkgs.gnugrep}/bin/grep -v "Already up to date."
|
||||
${pkgs.taskwarrior}/bin/task diagnostics | ${pkgs.gnugrep}/bin/grep "Found duplicate" | ${pkgs.gnused}/bin/sed 's/.*Found duplicate //' | ${pkgs.findutils}/bin/xargs -i ${pkgs.gnused}/bin/sed -i '0,/uuid:"{}"/{/uuid:"{}"/d}' completed.data > /dev/null
|
||||
${pkgs.git}/bin/git add completed.data > /dev/null
|
||||
${pkgs.git}/bin/git commit -m 'Fixing duplicates' > /dev/null
|
||||
|
@ -15,25 +17,20 @@ let
|
|||
'';
|
||||
in {
|
||||
options.m-0.taskwarrior.enable = mkEnableOption "Taskwarrior";
|
||||
options.m-0.taskwarrior.git_active = mkEnableOption "This machine will prefer its own state in case of a merge conflict, if enabled.";
|
||||
options.m-0.taskwarrior.git_active = mkEnableOption
|
||||
"This machine will prefer its own state in case of a merge conflict, if enabled.";
|
||||
config = mkIf config.m-0.taskwarrior.enable {
|
||||
systemd.user = {
|
||||
services.tasksync = {
|
||||
Unit = {
|
||||
Description = "Update tasks";
|
||||
};
|
||||
Unit = { Description = "Update tasks"; };
|
||||
Service = {
|
||||
ExecStart = "${tasksync}/bin/tasksync";
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
timers.tasksync = {
|
||||
Timer = {
|
||||
OnCalendar = "*:0/1";
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "timers.target" ];
|
||||
};
|
||||
Timer = { OnCalendar = "*:0/1"; };
|
||||
Install = { WantedBy = [ "timers.target" ]; };
|
||||
};
|
||||
};
|
||||
home = {
|
||||
|
@ -175,30 +172,21 @@ config = mkIf config.m-0.taskwarrior.enable {
|
|||
xdg = let
|
||||
taskAction = name: template: {
|
||||
"eventd/task-${name}.action".text = generators.toINI { } {
|
||||
Action = {
|
||||
Name = "task-${name}";
|
||||
};
|
||||
Notification = {
|
||||
Text = template;
|
||||
};
|
||||
NotificationBubble = {
|
||||
Queue = "tasks";
|
||||
};
|
||||
Action = { Name = "task-${name}"; };
|
||||
Notification = { Text = template; };
|
||||
NotificationBubble = { Queue = "tasks"; };
|
||||
};
|
||||
};
|
||||
in {
|
||||
configFile = {
|
||||
"eventd/task.event".text = generators.toINI { } {
|
||||
"Event task add" = {
|
||||
Actions = "task-new";
|
||||
"Event task add" = { Actions = "task-new"; };
|
||||
"Event task modify" = { Actions = "task-changed"; };
|
||||
};
|
||||
"Event task modify" = {
|
||||
Actions = "task-changed";
|
||||
};
|
||||
};
|
||||
} //
|
||||
taskAction "changed" "Changes in task:\\n<b>\${description}</b>\${status:+\\nStatus: }\${status}\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}" //
|
||||
taskAction "new" "New \${status} task\${tags:! in inbox}:\\n<b>\${description}</b>\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}";
|
||||
} // taskAction "changed"
|
||||
"Changes in task:\\n<b>\${description}</b>\${status:+\\nStatus: }\${status}\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}"
|
||||
// taskAction "new"
|
||||
"New \${status} task\${tags:! in inbox}:\\n<b>\${description}</b>\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -3,10 +3,8 @@ with lib;
|
|||
|
||||
let
|
||||
makeUnlocker = { name, hostName, pubKey, passPath }:
|
||||
let
|
||||
knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
|
||||
in
|
||||
pkgs.writeShellScriptBin "unlock-${name}" ''
|
||||
let knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
|
||||
in pkgs.writeShellScriptBin "unlock-${name}" ''
|
||||
echo "Waiting for host to come up";
|
||||
while true; do
|
||||
echo -n .
|
||||
|
@ -17,16 +15,13 @@ let
|
|||
echo "Ping successful; Entering disk encryption password"
|
||||
${pkgs.pass}/bin/pass ${passPath} | ssh -4 root@${hostName} -o UserKnownHostsFile=${knownHosts} cryptsetup-askpass && echo "Unlocking of ${name} successful" || echo "Unlocking of ${name} failed"
|
||||
'';
|
||||
in
|
||||
{
|
||||
in {
|
||||
|
||||
options.m-0.unlocker = mkOption {
|
||||
default = [ ];
|
||||
type = types.listOf types.attrs;
|
||||
};
|
||||
|
||||
config = {
|
||||
home.packages = map makeUnlocker config.m-0.unlocker;
|
||||
};
|
||||
config = { home.packages = map makeUnlocker config.m-0.unlocker; };
|
||||
|
||||
}
|
||||
|
|
|
@ -9,12 +9,8 @@ options.m-0.weechat = {
|
|||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
pw = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
user = mkOption { type = types.str; };
|
||||
pw = mkOption { type = types.str; };
|
||||
};
|
||||
|
||||
config = mkIf config.m-0.weechat.enable {
|
||||
|
@ -91,17 +87,14 @@ config = mkIf config.m-0.weechat.enable {
|
|||
|
||||
systemd.user.services = {
|
||||
weechat = {
|
||||
Unit = {
|
||||
Description = "Weechat Tmux Session";
|
||||
};
|
||||
Unit = { Description = "Weechat Tmux Session"; };
|
||||
Service = {
|
||||
Type = "forking";
|
||||
ExecStart = "${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${pkgs.weechat}/bin/weechat'";
|
||||
ExecStart =
|
||||
"${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${pkgs.weechat}/bin/weechat'";
|
||||
Restart = "always";
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "default.target" ];
|
||||
};
|
||||
Install = { WantedBy = [ "default.target" ]; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -7,15 +7,8 @@ neovim.override {
|
|||
packages.myVimPackage = {
|
||||
start = builtins.attrValues {
|
||||
inherit ((import <nixpkgs> { }).vimPlugins)
|
||||
vim-nix
|
||||
vimtex
|
||||
airline
|
||||
rust-vim
|
||||
fugitive
|
||||
vim-trailing-whitespace
|
||||
vim-pandoc
|
||||
vim-pandoc-syntax
|
||||
haskell-vim;
|
||||
vim-nix vimtex airline rust-vim fugitive vim-trailing-whitespace
|
||||
vim-pandoc vim-pandoc-syntax haskell-vim;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -2,13 +2,11 @@
|
|||
let
|
||||
inherit (import ../common/lib.nix) writeHaskellScript;
|
||||
sources = import ../nix/sources.nix;
|
||||
in
|
||||
{
|
||||
in {
|
||||
home = {
|
||||
packages = builtins.attrValues (import ../common/pkgs.nix).foreign-home-pkgs;
|
||||
sessionVariables = {
|
||||
NIX_PATH = "$HOME/.nix-path";
|
||||
};
|
||||
packages =
|
||||
builtins.attrValues (import ../common/pkgs.nix).foreign-home-pkgs;
|
||||
sessionVariables = { NIX_PATH = "$HOME/.nix-path"; };
|
||||
file = {
|
||||
home-manager-source = {
|
||||
target = ".nix-path/home-manager";
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
{ pkgs, config, lib, ... }: {
|
||||
home = {
|
||||
username = "maralorn";
|
||||
homeDirectory = "/home/maralorn";
|
||||
|
|
|
@ -16,19 +16,13 @@ in {
|
|||
home.packages = [ morgenreport-script ];
|
||||
systemd.user = {
|
||||
services.morgenreport = {
|
||||
Unit = {
|
||||
Description = "Send morgenreport to kindle";
|
||||
};
|
||||
Unit = { Description = "Send morgenreport to kindle"; };
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "/bin/sh ${morgenreport-script}/bin/morgenreport";
|
||||
};
|
||||
};
|
||||
timers.morgenreport = {
|
||||
Timer = {
|
||||
OnCalendar = "20:00";
|
||||
};
|
||||
};
|
||||
timers.morgenreport = { Timer = { OnCalendar = "20:00"; }; };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
{ pkgs, ... }: {
|
||||
systemd.user = {
|
||||
services.sort-mail =
|
||||
let
|
||||
services.sort-mail = let
|
||||
sort-mail-script = pkgs.writeShellScriptBin "sort-mail" ''
|
||||
${pkgs.isync}/bin/mbsync -a
|
||||
|
||||
|
@ -18,19 +16,13 @@
|
|||
${pkgs.isync}/bin/mbsync -a
|
||||
'';
|
||||
in {
|
||||
Unit = {
|
||||
Description = "Sort E-Mails";
|
||||
};
|
||||
Unit = { Description = "Sort E-Mails"; };
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "/bin/sh ${sort-mail-script}/bin/sort-mail";
|
||||
};
|
||||
};
|
||||
timers.sort-mail = {
|
||||
Timer = {
|
||||
OnCalendar = "minutely";
|
||||
};
|
||||
};
|
||||
timers.sort-mail = { Timer = { OnCalendar = "minutely"; }; };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
path = https://github.com/rycee/home-manager/archive/release-17.09.tar.gz;
|
||||
path = "https://github.com/rycee/home-manager/archive/release-17.09.tar.gz";
|
||||
home-manager = (import ../../home-manager {
|
||||
inherit pkgs;
|
||||
inherit path;
|
||||
|
@ -8,9 +8,7 @@ let
|
|||
in {
|
||||
systemd.user = {
|
||||
services.update-hm = {
|
||||
Unit = {
|
||||
Description = "Update home-manager";
|
||||
};
|
||||
Unit = { Description = "Update home-manager"; };
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
|
|
|
@ -1,12 +1,7 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
colors = config.common.colors;
|
||||
let colors = config.common.colors;
|
||||
in {
|
||||
home = {
|
||||
packages = with pkgs; [
|
||||
rxvt_unicode-with-plugins
|
||||
];
|
||||
};
|
||||
home = { packages = with pkgs; [ rxvt_unicode-with-plugins ]; };
|
||||
xresources.properties = {
|
||||
"*transparent" = true;
|
||||
"*tintColor" = colors.background;
|
||||
|
|
|
@ -1,18 +1,21 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
let
|
||||
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path gcRetentionDays;
|
||||
inherit (import ../common/lib.nix)
|
||||
writeHaskellScript get-niv-path gcRetentionDays;
|
||||
inherit (import ./lib.nix) update-home;
|
||||
configPath = "/home/${config.home.username}/git/nixos/config";
|
||||
home-maintenance = writeHaskellScript
|
||||
{ name = "home-maintenance"; imports = [ ]; bins = [ (update-home configPath) pkgs.nix pkgs.git];} ''
|
||||
home-maintenance = writeHaskellScript {
|
||||
name = "home-maintenance";
|
||||
imports = [ ];
|
||||
bins = [ (update-home configPath) pkgs.nix pkgs.git ];
|
||||
} ''
|
||||
main = do
|
||||
git "-C" "${configPath}" "pull"
|
||||
update_home
|
||||
nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d"
|
||||
nix "optimise-store"
|
||||
'';
|
||||
in
|
||||
{
|
||||
in {
|
||||
home = {
|
||||
packages = builtins.attrValues {
|
||||
inherit home-maintenance get-niv-path;
|
||||
|
|
|
@ -1,13 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (import ../common/pkgs.nix) eventd;
|
||||
in
|
||||
{
|
||||
let inherit (import ../common/pkgs.nix) eventd;
|
||||
in {
|
||||
systemd.user = {
|
||||
services.update_tasks = {
|
||||
Unit = {
|
||||
Description = "Update taskwarrior tasks";
|
||||
};
|
||||
Unit = { Description = "Update taskwarrior tasks"; };
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
Environment = "PATH=${pkgs.taskwarrior}/bin:${eventd}/bin";
|
||||
|
@ -15,12 +11,8 @@ in
|
|||
};
|
||||
};
|
||||
timers.update_tasks = {
|
||||
Timer = {
|
||||
OnCalendar = "hourly";
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "timers.target" ];
|
||||
};
|
||||
Timer = { OnCalendar = "hourly"; };
|
||||
Install = { WantedBy = [ "timers.target" ]; };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -27,23 +27,20 @@ networking = {
|
|||
allowedIPsAsRoutes = false;
|
||||
ips = [ "${hosts.apollo-wg}/112" ];
|
||||
privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private";
|
||||
peers = [
|
||||
{
|
||||
peers = [{
|
||||
publicKey = wireguard.pub.hera;
|
||||
allowedIPs = [ "::/0" ];
|
||||
endpoint = "${hosts.hera-v4}:${builtins.toString wireguard.port}";
|
||||
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
postSetup = [ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
|
||||
}];
|
||||
postSetup =
|
||||
[ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
m-0 = {
|
||||
laptop.enable = true;
|
||||
};
|
||||
m-0 = { laptop.enable = true; };
|
||||
|
||||
#let
|
||||
#secretsFile = "/var/lib/luks-secret/key";
|
||||
|
@ -73,7 +70,6 @@ m-0 = {
|
|||
#];
|
||||
#}
|
||||
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot = {
|
||||
loader = {
|
||||
|
@ -95,7 +91,8 @@ boot = {
|
|||
};
|
||||
|
||||
services = {
|
||||
prometheus.exporters.node.firewallFilter = "-i m0wire -p tcp -m tcp --dport 9100";
|
||||
prometheus.exporters.node.firewallFilter =
|
||||
"-i m0wire -p tcp -m tcp --dport 9100";
|
||||
autorandr.enable = true;
|
||||
borgbackup.jobs.data = {
|
||||
doInit = false;
|
||||
|
@ -114,8 +111,10 @@ services = {
|
|||
cdark_net = {
|
||||
enable = true;
|
||||
hostName = "${me.user}_${config.networking.hostName}";
|
||||
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}" + /secret/tinc/ed25519_key.priv;
|
||||
hostsDirectory = (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
|
||||
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}"
|
||||
+ /secret/tinc/ed25519_key.priv;
|
||||
hostsDirectory =
|
||||
(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
|
||||
ip6address = "fd23:42:cda:4342::2";
|
||||
ip4address = "172.20.71.2";
|
||||
};
|
||||
|
|
|
@ -4,29 +4,28 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
|
||||
boot.initrd.luks.devices."nixos".device =
|
||||
"/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
|
||||
|
||||
fileSystems."/boot/EFI" =
|
||||
{ device = "/dev/disk/by-uuid/C4A6-3DB5";
|
||||
fileSystems."/boot/EFI" = {
|
||||
device = "/dev/disk/by-uuid/C4A6-3DB5";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/b80468d0-d834-419f-8985-c6fa2274909e"; }
|
||||
];
|
||||
[{ device = "/dev/disk/by-uuid/b80468d0-d834-419f-8985-c6fa2274909e"; }];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 8;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
{ pkgs, config, ... }: {
|
||||
|
||||
imports = [
|
||||
../../home-manager
|
||||
|
@ -9,7 +8,8 @@ imports = [
|
|||
../../home-manager/desktop
|
||||
];
|
||||
|
||||
home.packages = builtins.attrValues (import ../../common/pkgs.nix).laptop-home-pkgs;
|
||||
home.packages =
|
||||
builtins.attrValues (import ../../common/pkgs.nix).laptop-home-pkgs;
|
||||
|
||||
m-0 = {
|
||||
hostName = "apollo";
|
||||
|
@ -27,7 +27,8 @@ m-0 = {
|
|||
unlocker = [{
|
||||
name = "hera";
|
||||
hostName = "hera-v4";
|
||||
pubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
|
||||
pubKey =
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
|
||||
passPath = "eu/m-0/hera/disk";
|
||||
}];
|
||||
mail = {
|
||||
|
@ -46,9 +47,7 @@ m-0 = {
|
|||
user_interface = alternative
|
||||
'';
|
||||
programs = {
|
||||
firefox = {
|
||||
enable = true;
|
||||
};
|
||||
firefox = { enable = true; };
|
||||
git = {
|
||||
signing = {
|
||||
signByDefault = true;
|
||||
|
@ -70,15 +69,19 @@ programs.autorandr = {
|
|||
hooks = {
|
||||
postswitch = {
|
||||
"restart-i3" = "${pkgs.i3}/bin/i3-msg restart";
|
||||
"update-background" = "${pkgs.systemd}/bin/systemctl --user restart random-background.service";
|
||||
"update-background" =
|
||||
"${pkgs.systemd}/bin/systemctl --user restart random-background.service";
|
||||
};
|
||||
};
|
||||
profiles = {
|
||||
"home" = {
|
||||
fingerprint = {
|
||||
"DP-2-2" = "00ffffffffffff00046997244a2e00001615010380351e782a6045a6564a9c25125054bf6f00714f814081809500b300d1c081c08100023a801871382d40582c4500132b2100001e000000ff0042364c4d54463031313835300a000000fd00324b1e5011000a202020202020000000fc00415355532056573234380a20200052";
|
||||
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
|
||||
"DP-2-1" = "00ffffffffffff0005b70000570500000a120103082a1a782ae5b5a355499927135054bfef809500950f8140718f01010101010101019a29a0d05184223050983600a4001100001c000000ff003030313336370a202020202020000000fd00374b1e500e000a202020202020000000fc0058313931305744530a2020202000bf";
|
||||
"DP-2-2" =
|
||||
"00ffffffffffff00046997244a2e00001615010380351e782a6045a6564a9c25125054bf6f00714f814081809500b300d1c081c08100023a801871382d40582c4500132b2100001e000000ff0042364c4d54463031313835300a000000fd00324b1e5011000a202020202020000000fc00415355532056573234380a20200052";
|
||||
"eDP-1" =
|
||||
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
|
||||
"DP-2-1" =
|
||||
"00ffffffffffff0005b70000570500000a120103082a1a782ae5b5a355499927135054bfef809500950f8140718f01010101010101019a29a0d05184223050983600a4001100001c000000ff003030313336370a202020202020000000fd00374b1e500e000a202020202020000000fc0058313931305744530a2020202000bf";
|
||||
};
|
||||
config = {
|
||||
eDP-1 = {
|
||||
|
@ -101,8 +104,10 @@ programs.autorandr = {
|
|||
};
|
||||
"work" = {
|
||||
fingerprint = {
|
||||
"DP-2" = "00ffffffffffff0009d1ce7845540000101a01030e351e782e6b35a455559f270c5054a56b80d1c081c081008180a9c0b30001010101023a801871382d40582c4500132b2100001e000000ff005334473034343238534c300a20000000fd00324c1e5315000a202020202020000000fc0042656e5120474c323436300a2000e2";
|
||||
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
|
||||
"DP-2" =
|
||||
"00ffffffffffff0009d1ce7845540000101a01030e351e782e6b35a455559f270c5054a56b80d1c081c081008180a9c0b30001010101023a801871382d40582c4500132b2100001e000000ff005334473034343238534c300a20000000fd00324c1e5315000a202020202020000000fc0042656e5120474c323436300a2000e2";
|
||||
"eDP-1" =
|
||||
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
|
||||
};
|
||||
config = {
|
||||
eDP-1 = {
|
||||
|
@ -120,7 +125,8 @@ programs.autorandr = {
|
|||
};
|
||||
"default" = {
|
||||
fingerprint = {
|
||||
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
|
||||
"eDP-1" =
|
||||
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
|
||||
};
|
||||
config = {
|
||||
eDP-1 = {
|
||||
|
@ -134,5 +140,4 @@ programs.autorandr = {
|
|||
};
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
|
|
Binary file not shown.
|
@ -1,7 +1,6 @@
|
|||
{ config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
me = config.m-0.private.me;
|
||||
let me = config.m-0.private.me;
|
||||
in {
|
||||
|
||||
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
|
||||
|
|
|
@ -1,13 +1,8 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
imports = [
|
||||
../../home-manager
|
||||
../../home-manager/on-foreign-machine.nix
|
||||
];
|
||||
{ pkgs, config, ... }: {
|
||||
imports = [ ../../home-manager ../../home-manager/on-foreign-machine.nix ];
|
||||
|
||||
systemd.user.systemctlPath = "/usr/bin/systemctl";
|
||||
|
||||
|
||||
m-0 = {
|
||||
hostName = "fb04217";
|
||||
#latex.enable = true;
|
||||
|
@ -41,7 +36,8 @@ home = {
|
|||
LC_MEASUREMENT = "C.UTF-8";
|
||||
LC_IDENTIFICATION = "C.UTF-8";
|
||||
};
|
||||
forceCopies.paths = [ "bin/proot" "bin/with-nix" "bin/run-in-nix" ".bashrc" ".zshrc" ];
|
||||
forceCopies.paths =
|
||||
[ "bin/proot" "bin/with-nix" "bin/run-in-nix" ".bashrc" ".zshrc" ];
|
||||
file = {
|
||||
".bashrc".text = ''
|
||||
[ -z "$PS1" ] && return
|
||||
|
@ -74,7 +70,7 @@ home = {
|
|||
nix-collect-garbage --delete-older-than 5d
|
||||
nix-store --optimise
|
||||
'')
|
||||
] ++ ((import ../../common/pkgs.nix).);
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,14 +1,12 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
{ pkgs, ... }: {
|
||||
systemd.user = {
|
||||
services.nix-gc = {
|
||||
Unit = {
|
||||
Description = "Collect garbage";
|
||||
};
|
||||
Unit = { Description = "Collect garbage"; };
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart="${pkgs.nix}/bin/nix-collect-garbage --delete-older-than 5d";
|
||||
ExecStart =
|
||||
"${pkgs.nix}/bin/nix-collect-garbage --delete-older-than 5d";
|
||||
};
|
||||
};
|
||||
timers.nix-gc = {
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
{ pkgs, ... }: {
|
||||
systemd.user = {
|
||||
services.nix-update = {
|
||||
Unit = {
|
||||
Description = "Update nix-channel";
|
||||
};
|
||||
Unit = { Description = "Update nix-channel"; };
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
{ pkgs, ... }: {
|
||||
systemd.user = {
|
||||
services.syncthing = {
|
||||
Unit = {
|
||||
|
@ -9,7 +8,8 @@
|
|||
};
|
||||
|
||||
Service = {
|
||||
ExecStart="${pkgs.syncthing}/bin/syncthing -no-browser -no-restart -logflags=0";
|
||||
ExecStart =
|
||||
"${pkgs.syncthing}/bin/syncthing -no-browser -no-restart -logflags=0";
|
||||
Restart = "on-failure";
|
||||
SuccessExitStatus = "3 4";
|
||||
RestartForceExitStatus = "3 4";
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ ... }:
|
||||
{
|
||||
{ ... }: {
|
||||
|
||||
m-0.server.initSSHKey = ./secret/boot_rsa;
|
||||
|
||||
|
@ -19,14 +18,12 @@ boot = {
|
|||
ip address flush dev eth0
|
||||
ip link set eth0 down
|
||||
'';
|
||||
luks.devices = [
|
||||
{
|
||||
luks.devices = [{
|
||||
name = "root";
|
||||
device = "/dev/disk/by-uuid/536fe284-36f2-425c-b0c5-a737280f9470";
|
||||
preLVM = true;
|
||||
allowDiscards = true;
|
||||
}
|
||||
];
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
me = config.m-0.private.me;
|
||||
let me = config.m-0.private.me;
|
||||
in {
|
||||
containers.borg = {
|
||||
autoStart = true;
|
||||
|
@ -11,10 +10,16 @@ in {
|
|||
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{ address = config.m-0.hosts.borg; prefixLength = 112; }];
|
||||
ipv6.addresses = [{
|
||||
address = config.m-0.hosts.borg;
|
||||
prefixLength = 112;
|
||||
}];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = { address = config.m-0.hosts.hera-intern; interface = "eth0"; };
|
||||
defaultGateway6 = {
|
||||
address = config.m-0.hosts.hera-intern;
|
||||
interface = "eth0";
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
|
|
|
@ -9,19 +9,28 @@ let
|
|||
hostBridge = "bridge";
|
||||
config = { pkgs, ... }: {
|
||||
disabledModules = [ "services/web-apps/nextcloud.nix" ];
|
||||
imports = [
|
||||
../../system
|
||||
./nextcloud.nix
|
||||
];
|
||||
imports = [ ../../system ./nextcloud.nix ];
|
||||
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{ address = v6; prefixLength = 112; }];
|
||||
ipv4.addresses = [{ address = v4; prefixLength = 24; }];
|
||||
ipv6.addresses = [{
|
||||
address = v6;
|
||||
prefixLength = 112;
|
||||
}];
|
||||
ipv4.addresses = [{
|
||||
address = v4;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
|
||||
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
|
||||
defaultGateway6 = {
|
||||
address = hosts.hera-intern;
|
||||
interface = "eth0";
|
||||
};
|
||||
defaultGateway = {
|
||||
address = hosts.hera-intern-v4;
|
||||
interface = "eth0";
|
||||
};
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
|
||||
|
@ -58,9 +67,7 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
redis = {
|
||||
enable = true;
|
||||
};
|
||||
redis = { enable = true; };
|
||||
|
||||
postgresql = {
|
||||
enable = true;
|
||||
|
@ -88,9 +95,9 @@ let
|
|||
password = cloud.adminpass;
|
||||
url = "https://${hostname}/";
|
||||
mode = "singlerun";
|
||||
};});
|
||||
in
|
||||
"${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
|
||||
};
|
||||
});
|
||||
in "${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -100,10 +107,22 @@ let
|
|||
|
||||
in {
|
||||
m-0.monitoring = [
|
||||
{ name = "mathechor-cloud"; host = "mathechor-cloud:9100"; }
|
||||
{ name = "mathechor-cloud-nginx"; host = "mathechor-cloud:9113"; }
|
||||
{ name = "cloud"; host = "cloud:9100"; }
|
||||
{ name = "cloud-nginx"; host = "cloud:9113"; }
|
||||
{
|
||||
name = "mathechor-cloud";
|
||||
host = "mathechor-cloud:9100";
|
||||
}
|
||||
{
|
||||
name = "mathechor-cloud-nginx";
|
||||
host = "mathechor-cloud:9113";
|
||||
}
|
||||
{
|
||||
name = "cloud";
|
||||
host = "cloud:9100";
|
||||
}
|
||||
{
|
||||
name = "cloud-nginx";
|
||||
host = "cloud:9113";
|
||||
}
|
||||
];
|
||||
containers = {
|
||||
chor-cloud = nextcloud-container {
|
||||
|
|
|
@ -3,8 +3,7 @@
|
|||
# You need pw-files for every configured user in ./secret/pw-useralias for login to work.
|
||||
# dropbearkey -t rsa -f /etc/nixos/hosts/<hostname>/secret/boot_rsa
|
||||
|
||||
let
|
||||
inherit (config.m-0.private) me;
|
||||
let inherit (config.m-0.private) me;
|
||||
in {
|
||||
|
||||
imports = [
|
||||
|
|
|
@ -4,27 +4,25 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
];
|
||||
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/3D8A-20F0";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/3D8A-20F0";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; }
|
||||
];
|
||||
[{ device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; }];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
}
|
||||
|
|
|
@ -1,11 +1,7 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
{ pkgs, config, ... }: {
|
||||
|
||||
imports = [
|
||||
../../home-manager
|
||||
../../home-manager/on-my-machine.nix
|
||||
./secret
|
||||
];
|
||||
imports =
|
||||
[ ../../home-manager ../../home-manager/on-my-machine.nix ./secret ];
|
||||
|
||||
m-0 = {
|
||||
hostName = "hera";
|
||||
|
|
|
@ -2,8 +2,7 @@
|
|||
let
|
||||
certPath = "/var/lib/acme/hera.m-0.eu";
|
||||
inherit (config.services.prometheus.exporters.node) firewallFilter;
|
||||
in
|
||||
{
|
||||
in {
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 25 143 587 993 ];
|
||||
extraCommands = ''
|
||||
|
@ -15,19 +14,26 @@ networking.firewall = {
|
|||
};
|
||||
|
||||
m-0.monitoring = [
|
||||
{ name = "mail-server"; host = "hera-intern:9101"; }
|
||||
{ name = "postfix"; host = "hera-intern:9154"; }
|
||||
{ name = "dovecot"; host = "hera-intern:9166"; }
|
||||
{
|
||||
name = "mail-server";
|
||||
host = "hera-intern:9101";
|
||||
}
|
||||
{
|
||||
name = "postfix";
|
||||
host = "hera-intern:9154";
|
||||
}
|
||||
{
|
||||
name = "dovecot";
|
||||
host = "hera-intern:9166";
|
||||
}
|
||||
];
|
||||
|
||||
containers.mail = {
|
||||
bindMounts = { "${certPath}" = { hostPath = certPath; }; };
|
||||
autoStart = true;
|
||||
config = { pkgs, lib, ... }: {
|
||||
imports = [
|
||||
../../system
|
||||
"${(import ../../nix/sources.nix).nixos-mailserver}"
|
||||
];
|
||||
imports =
|
||||
[ ../../system "${(import ../../nix/sources.nix).nixos-mailserver}" ];
|
||||
services.prometheus.exporters = {
|
||||
node.port = 9101;
|
||||
postfix = {
|
||||
|
@ -44,8 +50,7 @@ containers.mail = {
|
|||
};
|
||||
systemd.services = {
|
||||
atomail = {
|
||||
script =
|
||||
let
|
||||
script = let
|
||||
atomail = pkgs.fetchFromGitHub {
|
||||
owner = "remko";
|
||||
repo = "atomail";
|
||||
|
@ -68,7 +73,8 @@ containers.mail = {
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
services.postfix.networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
|
||||
services.postfix.networks =
|
||||
[ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
|
||||
mailserver = {
|
||||
enable = true;
|
||||
enableImapSsl = true;
|
||||
|
|
|
@ -3,13 +3,18 @@ let
|
|||
hostName = "matrix.maralorn.de";
|
||||
inherit (config.m-0) hosts;
|
||||
inherit (../../common/lib.nix) unstable;
|
||||
in
|
||||
{
|
||||
in {
|
||||
networking.firewall.allowedTCPPorts = [ 3478 8448 ];
|
||||
|
||||
m-0.monitoring = [
|
||||
{ name = "matrix"; host = "matrix:9100"; }
|
||||
{ name = "matrix-nginx"; host = "matrix:9113"; }
|
||||
{
|
||||
name = "matrix";
|
||||
host = "matrix:9100";
|
||||
}
|
||||
{
|
||||
name = "matrix-nginx";
|
||||
host = "matrix:9113";
|
||||
}
|
||||
];
|
||||
|
||||
services.coturn = {
|
||||
|
@ -27,17 +32,27 @@ containers.matrix = {
|
|||
privateNetwork = true;
|
||||
hostBridge = "bridge";
|
||||
config = { pkgs, lib, ... }: {
|
||||
imports = [
|
||||
../../system
|
||||
];
|
||||
imports = [ ../../system ];
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{ address = hosts.matrix; prefixLength = 112; }];
|
||||
ipv4.addresses = [{ address = hosts.matrix-intern-v4; prefixLength = 24; }];
|
||||
ipv6.addresses = [{
|
||||
address = hosts.matrix;
|
||||
prefixLength = 112;
|
||||
}];
|
||||
ipv4.addresses = [{
|
||||
address = hosts.matrix-intern-v4;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
|
||||
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
|
||||
defaultGateway6 = {
|
||||
address = hosts.hera-intern;
|
||||
interface = "eth0";
|
||||
};
|
||||
defaultGateway = {
|
||||
address = hosts.hera-intern-v4;
|
||||
interface = "eth0";
|
||||
};
|
||||
firewall.allowedTCPPorts = [ 80 443 8448 ];
|
||||
};
|
||||
m-0.riot = {
|
||||
|
@ -56,11 +71,10 @@ containers.matrix = {
|
|||
feature_lazyloading = "enable";
|
||||
feature_room_breadcrumbs = "enable";
|
||||
};
|
||||
roomDirectory = {
|
||||
servers = [ "matrix.org" "maralorn.de" ];
|
||||
};
|
||||
roomDirectory = { servers = [ "matrix.org" "maralorn.de" ]; };
|
||||
branding = {
|
||||
welcomeBackgroundUrl = "https://cloud.maralorn.de/apps/theming/image/background";
|
||||
welcomeBackgroundUrl =
|
||||
"https://cloud.maralorn.de/apps/theming/image/background";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -83,9 +97,7 @@ containers.matrix = {
|
|||
};
|
||||
|
||||
# Postgres
|
||||
postgresql = {
|
||||
enable = true;
|
||||
};
|
||||
postgresql = { enable = true; };
|
||||
|
||||
# Synapse
|
||||
matrix-synapse = {
|
||||
|
@ -147,13 +159,31 @@ containers.matrix = {
|
|||
{
|
||||
port = 8448;
|
||||
bind_address = "::";
|
||||
resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
|
||||
resources = [
|
||||
{
|
||||
compress = true;
|
||||
names = [ "client" ];
|
||||
}
|
||||
{
|
||||
compress = false;
|
||||
names = [ "federation" ];
|
||||
}
|
||||
];
|
||||
x_forwarded = false;
|
||||
}
|
||||
{
|
||||
port = 8008;
|
||||
bind_address = "::1";
|
||||
resources = [ { compress = false; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
|
||||
resources = [
|
||||
{
|
||||
compress = false;
|
||||
names = [ "client" ];
|
||||
}
|
||||
{
|
||||
compress = false;
|
||||
names = [ "federation" ];
|
||||
}
|
||||
];
|
||||
x_forwarded = true;
|
||||
tls = false;
|
||||
}
|
||||
|
@ -164,7 +194,8 @@ containers.matrix = {
|
|||
"${hostName}" = {
|
||||
group = "matrix-synapse";
|
||||
allowKeysForGroup = true;
|
||||
postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
|
||||
postRun =
|
||||
"systemctl reload nginx.service; systemctl restart matrix-synapse.service";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
inherit (config.m-0) hosts;
|
||||
in
|
||||
{
|
||||
let inherit (config.m-0) hosts;
|
||||
in {
|
||||
services.prometheus.exporters.node = {
|
||||
firewallFilter = "! -i ens18 -p tcp -m tcp --dport 9100";
|
||||
};
|
||||
m-0.monitoring = [
|
||||
{ name = "hera"; host = "hera-intern:9100"; }
|
||||
{ name = "monitoring-container"; host = "localhost:9100"; }
|
||||
{
|
||||
name = "hera";
|
||||
host = "hera-intern:9100";
|
||||
}
|
||||
{
|
||||
name = "monitoring-container";
|
||||
host = "localhost:9100";
|
||||
}
|
||||
];
|
||||
|
||||
containers.monitoring = {
|
||||
|
@ -16,23 +20,32 @@ containers.monitoring = {
|
|||
privateNetwork = true;
|
||||
hostBridge = "bridge";
|
||||
config = { pkgs, lib, ... }: {
|
||||
imports = [
|
||||
../../system
|
||||
];
|
||||
imports = [ ../../system ];
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{ address = hosts.monitoring; prefixLength = 112; }];
|
||||
ipv4.addresses = [{ address = hosts.monitoring-intern-v4; prefixLength = 24; }];
|
||||
ipv6.addresses = [{
|
||||
address = hosts.monitoring;
|
||||
prefixLength = 112;
|
||||
}];
|
||||
ipv4.addresses = [{
|
||||
address = hosts.monitoring-intern-v4;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
|
||||
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
|
||||
defaultGateway6 = {
|
||||
address = hosts.hera-intern;
|
||||
interface = "eth0";
|
||||
};
|
||||
defaultGateway = {
|
||||
address = hosts.hera-intern-v4;
|
||||
interface = "eth0";
|
||||
};
|
||||
firewall.allowedTCPPorts = [ 9090 9093 ];
|
||||
};
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
rules = [
|
||||
''
|
||||
rules = [''
|
||||
ALERT node_down
|
||||
IF (up{name!="apollo"} == 0)
|
||||
FOR 5m
|
||||
|
@ -123,17 +136,14 @@ containers.monitoring = {
|
|||
summary="{{$labels.alias}}: Running out of swap soon.",
|
||||
description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
|
||||
}
|
||||
''
|
||||
];
|
||||
scrapeConfigs = [
|
||||
{
|
||||
''];
|
||||
scrapeConfigs = [{
|
||||
job_name = "nodes";
|
||||
static_configs = map (entry: {
|
||||
targets = [ entry.host ];
|
||||
labels = { "name" = entry.name; };
|
||||
}) config.m-0.monitoring;
|
||||
}
|
||||
];
|
||||
}];
|
||||
alertmanagerURL = [ "http://localhost:9093" ];
|
||||
alertmanager = {
|
||||
enable = true;
|
||||
|
@ -152,17 +162,13 @@ containers.monitoring = {
|
|||
"repeat_interval" = "4h";
|
||||
"receiver" = "team-admins";
|
||||
};
|
||||
"receivers" = [
|
||||
{
|
||||
"receivers" = [{
|
||||
"name" = "team-admins";
|
||||
"email_configs" = [
|
||||
{
|
||||
"email_configs" = [{
|
||||
"to" = "malte.brandy@maralorn.de";
|
||||
"send_resolved" = true;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
}];
|
||||
}];
|
||||
};
|
||||
};
|
||||
exporters.node.enable = true;
|
||||
|
|
|
@ -2,17 +2,25 @@
|
|||
let
|
||||
inherit (config.m-0) hosts;
|
||||
inherit (config.m-0.private) wireguard;
|
||||
in
|
||||
{
|
||||
in {
|
||||
networking = {
|
||||
hostName = "hera";
|
||||
interfaces.ens18 = {
|
||||
proxyARP = true;
|
||||
ipv4.addresses = [{ address = "213.136.94.190"; prefixLength = 24; }];
|
||||
ipv6.addresses = [{ address = hosts.hera; prefixLength = 128; }];
|
||||
ipv4.addresses = [{
|
||||
address = "213.136.94.190";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
ipv6.addresses = [{
|
||||
address = hosts.hera;
|
||||
prefixLength = 128;
|
||||
}];
|
||||
};
|
||||
defaultGateway = "213.136.94.1";
|
||||
defaultGateway6 = { address = "fe80::1"; interface = "ens18"; };
|
||||
defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "ens18";
|
||||
};
|
||||
|
||||
firewall = {
|
||||
extraCommands = ''
|
||||
|
@ -22,12 +30,17 @@ networking = {
|
|||
'';
|
||||
};
|
||||
|
||||
|
||||
bridges.bridge.interfaces = [ ];
|
||||
interfaces.bridge = {
|
||||
proxyARP = true;
|
||||
ipv6.addresses = [{ address = hosts.hera-intern; prefixLength = 112; }];
|
||||
ipv4.addresses = [{ address = "10.0.0.1"; prefixLength = 24; }];
|
||||
ipv6.addresses = [{
|
||||
address = hosts.hera-intern;
|
||||
prefixLength = 112;
|
||||
}];
|
||||
ipv4.addresses = [{
|
||||
address = "10.0.0.1";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
nat = {
|
||||
enable = true;
|
||||
|
@ -41,13 +54,11 @@ networking = {
|
|||
ips = [ "${hosts.hera-wg}/112" ];
|
||||
privateKeyFile = "/etc/nixos/hosts/hera/secret/wireguard-private";
|
||||
listenPort = wireguard.port;
|
||||
peers = [
|
||||
{
|
||||
peers = [{
|
||||
publicKey = wireguard.pub.apollo;
|
||||
allowedIPs = [ "${hosts.apollo-wg}/128" ];
|
||||
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
|
||||
}
|
||||
];
|
||||
}];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -13,9 +13,12 @@ let
|
|||
};
|
||||
|
||||
phpOptionsExtensions = ''
|
||||
${optionalString cfg.caching.apcu "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
|
||||
${optionalString cfg.caching.redis "extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
|
||||
${optionalString cfg.caching.memcached "extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
|
||||
${optionalString cfg.caching.apcu
|
||||
"extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
|
||||
${optionalString cfg.caching.redis
|
||||
"extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
|
||||
${optionalString cfg.caching.memcached
|
||||
"extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
|
||||
extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
|
||||
zend_extension = opcache.so
|
||||
opcache.enable = 1
|
||||
|
@ -57,7 +60,8 @@ in {
|
|||
https = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enable if there is a TLS terminating proxy in front of nextcloud.";
|
||||
description =
|
||||
"Enable if there is a TLS terminating proxy in front of nextcloud.";
|
||||
};
|
||||
|
||||
maxUploadSize = mkOption {
|
||||
|
@ -277,18 +281,24 @@ in {
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable (mkMerge [
|
||||
{ assertions = let acfg = cfg.config; in [
|
||||
{ assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
|
||||
{
|
||||
assertions = let acfg = cfg.config;
|
||||
in [
|
||||
{
|
||||
assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
|
||||
message = "Please specify no more than one of dbpass or dbpassFile";
|
||||
}
|
||||
{ assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
|
||||
{
|
||||
assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
|
||||
&& !(acfg.adminpass != null && acfg.adminpassFile != null));
|
||||
message = "Please specify exactly one of adminpass or adminpassFile";
|
||||
message =
|
||||
"Please specify exactly one of adminpass or adminpassFile";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
{ systemd.timers."nextcloud-cron" = {
|
||||
{
|
||||
systemd.timers."nextcloud-cron" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnBootSec = "5m";
|
||||
timerConfig.OnUnitActiveSec = "15m";
|
||||
|
@ -306,36 +316,56 @@ in {
|
|||
],
|
||||
'datadirectory' => '${cfg.home}/data',
|
||||
'skeletondirectory' => '${cfg.skeletonDirectory}',
|
||||
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
|
||||
${
|
||||
optionalString cfg.caching.apcu
|
||||
"'memcache.local' => '\\OC\\Memcache\\APCu',"
|
||||
}
|
||||
'log_type' => 'syslog',
|
||||
'log_level' => '${builtins.toString cfg.logLevel}',
|
||||
${optionalString (cfg.config.overwriteProtocol != null) "'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"}
|
||||
${
|
||||
optionalString (cfg.config.overwriteProtocol != null)
|
||||
"'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"
|
||||
}
|
||||
];
|
||||
'';
|
||||
occInstallCmd = let
|
||||
c = cfg.config;
|
||||
adminpass = if c.adminpassFile != null
|
||||
then ''"$(<"${toString c.adminpassFile}")"''
|
||||
else ''"${toString c.adminpass}"'';
|
||||
dbpass = if c.dbpassFile != null
|
||||
then ''"$(<"${toString c.dbpassFile}")"''
|
||||
else if c.dbpass != null
|
||||
then ''"${toString c.dbpass}"''
|
||||
else null;
|
||||
adminpass = if c.adminpassFile != null then
|
||||
''"$(<"${toString c.adminpassFile}")"''
|
||||
else
|
||||
''"${toString c.adminpass}"'';
|
||||
dbpass = if c.dbpassFile != null then
|
||||
''"$(<"${toString c.dbpassFile}")"''
|
||||
else if c.dbpass != null then
|
||||
''"${toString c.dbpass}"''
|
||||
else
|
||||
null;
|
||||
installFlags = concatStringsSep " \\\n "
|
||||
(mapAttrsToList (k: v: "${k} ${toString v}") {
|
||||
"--database" = ''"${c.dbtype}"'';
|
||||
# The following attributes are optional depending on the type of
|
||||
# database. Those that evaluate to null on the left hand side
|
||||
# will be omitted.
|
||||
${if c.dbname != null then "--database-name" else null} = ''"${c.dbname}"'';
|
||||
${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"'';
|
||||
${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"'';
|
||||
${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"'';
|
||||
${if (any (x: x != null) [c.dbpass c.dbpassFile])
|
||||
then "--database-pass" else null} = dbpass;
|
||||
${if c.dbtableprefix != null
|
||||
then "--database-table-prefix" else null} = ''"${toString c.dbtableprefix}"'';
|
||||
${if c.dbname != null then "--database-name" else null} =
|
||||
''"${c.dbname}"'';
|
||||
${if c.dbhost != null then "--database-host" else null} =
|
||||
''"${c.dbhost}"'';
|
||||
${if c.dbport != null then "--database-port" else null} =
|
||||
''"${toString c.dbport}"'';
|
||||
${if c.dbuser != null then "--database-user" else null} =
|
||||
''"${c.dbuser}"'';
|
||||
${
|
||||
if (any (x: x != null) [ c.dbpass c.dbpassFile ]) then
|
||||
"--database-pass"
|
||||
else
|
||||
null
|
||||
} = dbpass;
|
||||
${
|
||||
if c.dbtableprefix != null then
|
||||
"--database-table-prefix"
|
||||
else
|
||||
null
|
||||
} = ''"${toString c.dbtableprefix}"'';
|
||||
"--admin-user" = ''"${c.adminuser}"'';
|
||||
"--admin-pass" = adminpass;
|
||||
"--data-dir" = ''"${cfg.home}/data"'';
|
||||
|
@ -344,8 +374,7 @@ in {
|
|||
${occ}/bin/nextcloud-occ maintenance:install \
|
||||
${installFlags}
|
||||
'';
|
||||
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0
|
||||
(i: v: ''
|
||||
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 (i: v: ''
|
||||
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
|
||||
${toString i} --value="${toString v}"
|
||||
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
|
||||
|
@ -377,7 +406,8 @@ in {
|
|||
environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.User = "nextcloud";
|
||||
serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php";
|
||||
serviceConfig.ExecStart =
|
||||
"${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php";
|
||||
};
|
||||
"nextcloud-update-plugins" = mkIf cfg.autoUpdateApps.enable {
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
@ -388,8 +418,7 @@ in {
|
|||
|
||||
services.phpfpm = {
|
||||
pools.nextcloud = let
|
||||
phpAdminValues = (toKeyValue
|
||||
(foldr (a: b: a // b) {}
|
||||
phpAdminValues = (toKeyValue (foldr (a: b: a // b) { }
|
||||
(mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; })
|
||||
phpOptions)));
|
||||
in {
|
||||
|
@ -457,7 +486,8 @@ in {
|
|||
priority = 300;
|
||||
extraConfig = "deny all;";
|
||||
};
|
||||
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = {
|
||||
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" =
|
||||
{
|
||||
priority = 500;
|
||||
extraConfig = ''
|
||||
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
||||
|
@ -472,7 +502,8 @@ in {
|
|||
fastcgi_read_timeout 120s;
|
||||
'';
|
||||
};
|
||||
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
|
||||
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig =
|
||||
''
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
'';
|
||||
|
|
Binary file not shown.
|
@ -2,12 +2,17 @@
|
|||
let
|
||||
inherit (config.m-0) hosts;
|
||||
certPath = "/var/lib/acme/hera.m-0.eu";
|
||||
in
|
||||
{
|
||||
in {
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
m-0.monitoring = [
|
||||
{ name = "web"; host = "web:9100"; }
|
||||
{ name = "web-nginx"; host = "web:9113"; }
|
||||
{
|
||||
name = "web";
|
||||
host = "web:9100";
|
||||
}
|
||||
{
|
||||
name = "web-nginx";
|
||||
host = "web:9113";
|
||||
}
|
||||
];
|
||||
services.sniproxy = {
|
||||
enable = true;
|
||||
|
@ -45,7 +50,12 @@ services.sniproxy = {
|
|||
'';
|
||||
};
|
||||
containers.web = {
|
||||
bindMounts = { "${certPath}" = { hostPath = certPath; isReadOnly = false; }; };
|
||||
bindMounts = {
|
||||
"${certPath}" = {
|
||||
hostPath = certPath;
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostBridge = "bridge";
|
||||
|
@ -53,10 +63,16 @@ containers.web = {
|
|||
imports = [ ../../system ];
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{ address = config.m-0.hosts.web; prefixLength = 112; }];
|
||||
ipv6.addresses = [{
|
||||
address = config.m-0.hosts.web;
|
||||
prefixLength = 112;
|
||||
}];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = { address = config.m-0.hosts.hera-intern; interface = "eth0"; };
|
||||
defaultGateway6 = {
|
||||
address = config.m-0.hosts.hera-intern;
|
||||
interface = "eth0";
|
||||
};
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
m-0 = {
|
||||
|
|
|
@ -1,44 +1,37 @@
|
|||
# This file has been generated by Niv.
|
||||
|
||||
# A record, from name to path, of the third-party packages
|
||||
with rec
|
||||
{
|
||||
pkgs =
|
||||
if hasNixpkgsPath
|
||||
then
|
||||
if hasThisAsNixpkgsPath
|
||||
then import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {}
|
||||
else import <nixpkgs> {}
|
||||
with rec {
|
||||
pkgs = if hasNixpkgsPath then
|
||||
if hasThisAsNixpkgsPath then
|
||||
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; })
|
||||
{ }
|
||||
else
|
||||
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {};
|
||||
import <nixpkgs> { }
|
||||
else
|
||||
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; })
|
||||
{ };
|
||||
|
||||
sources_nixpkgs =
|
||||
if builtins.hasAttr "nixpkgs" sources
|
||||
then sources.nixpkgs
|
||||
else abort
|
||||
''
|
||||
sources_nixpkgs = if builtins.hasAttr "nixpkgs" sources then
|
||||
sources.nixpkgs
|
||||
else
|
||||
abort ''
|
||||
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
||||
add a package called "nixpkgs" to your sources.json.
|
||||
'';
|
||||
|
||||
# fetchTarball version that is compatible between all the versions of Nix
|
||||
builtins_fetchTarball =
|
||||
{ url, sha256 }@attrs:
|
||||
let
|
||||
inherit (builtins) lessThan nixVersion fetchTarball;
|
||||
in
|
||||
if lessThan nixVersion "1.12" then
|
||||
builtins_fetchTarball = { url, sha256 }@attrs:
|
||||
let inherit (builtins) lessThan nixVersion fetchTarball;
|
||||
in if lessThan nixVersion "1.12" then
|
||||
fetchTarball { inherit url; }
|
||||
else
|
||||
fetchTarball attrs;
|
||||
|
||||
# fetchurl version that is compatible between all the versions of Nix
|
||||
builtins_fetchurl =
|
||||
{ url, sha256 }@attrs:
|
||||
let
|
||||
inherit (builtins) lessThan nixVersion fetchurl;
|
||||
in
|
||||
if lessThan nixVersion "1.12" then
|
||||
builtins_fetchurl = { url, sha256 }@attrs:
|
||||
let inherit (builtins) lessThan nixVersion fetchurl;
|
||||
in if lessThan nixVersion "1.12" then
|
||||
fetchurl { inherit url; }
|
||||
else
|
||||
fetchurl attrs;
|
||||
|
@ -48,14 +41,17 @@ with rec
|
|||
fetchzip = { url, sha256 }@attrs: pkgs.fetchzip attrs;
|
||||
|
||||
hasNixpkgsPath = (builtins.tryEval <nixpkgs>).success;
|
||||
hasThisAsNixpkgsPath =
|
||||
(builtins.tryEval <nixpkgs>).success && <nixpkgs> == ./.;
|
||||
hasThisAsNixpkgsPath = (builtins.tryEval <nixpkgs>).success && <nixpkgs>
|
||||
== ./.;
|
||||
|
||||
sources = builtins.fromJSON (builtins.readFile ./sources.json);
|
||||
|
||||
mapAttrs = builtins.mapAttrs or
|
||||
(f: set: with builtins;
|
||||
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)));
|
||||
mapAttrs = builtins.mapAttrs or (f: set:
|
||||
with builtins;
|
||||
listToAttrs (map (attr: {
|
||||
name = attr;
|
||||
value = f attr set.${attr};
|
||||
}) (attrNames set)));
|
||||
|
||||
# borrowed from nixpkgs
|
||||
functionArgs = f: f.__functionArgs or (builtins.functionArgs f);
|
||||
|
@ -64,10 +60,11 @@ with rec
|
|||
in f (auto // args);
|
||||
|
||||
getFetcher = spec:
|
||||
let fetcherName =
|
||||
if builtins.hasAttr "type" spec
|
||||
then builtins.getAttr "type" spec
|
||||
else "builtin-tarball";
|
||||
let
|
||||
fetcherName = if builtins.hasAttr "type" spec then
|
||||
builtins.getAttr "type" spec
|
||||
else
|
||||
"builtin-tarball";
|
||||
in builtins.getAttr fetcherName {
|
||||
"tarball" = fetchzip;
|
||||
"builtin-tarball" = builtins_fetchTarball;
|
||||
|
@ -77,13 +74,9 @@ with rec
|
|||
};
|
||||
# NOTE: spec must _not_ have an "outPath" attribute
|
||||
mapAttrs (_: spec:
|
||||
if builtins.hasAttr "outPath" spec
|
||||
then abort
|
||||
"The values in sources.json should not have an 'outPath' attribute"
|
||||
if builtins.hasAttr "outPath" spec then
|
||||
abort "The values in sources.json should not have an 'outPath' attribute"
|
||||
else if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec then
|
||||
spec // { outPath = callFunctionWith spec (getFetcher spec) { }; }
|
||||
else
|
||||
if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec
|
||||
then
|
||||
spec //
|
||||
{ outPath = callFunctionWith spec (getFetcher spec) { }; }
|
||||
else spec
|
||||
) sources
|
||||
spec) sources
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
{ fetchFromGitHub, stdenv, ninja, meson, pkgconfig, glib, cairo, gdk_pixbuf, glib_networking, pango, libudev, xorg, libxslt, docbook_xml_xslt, git, libuuid, dbus, libsoup, docbook_xml_dtd_45, docbook5_xsl, gettext, autoconf, libtool, utillinux, libxkbcommon }:
|
||||
{ fetchFromGitHub, stdenv, ninja, meson, pkgconfig, glib, cairo, gdk_pixbuf
|
||||
, glib_networking, pango, libudev, xorg, libxslt, docbook_xml_xslt, git, libuuid
|
||||
, dbus, libsoup, docbook_xml_dtd_45, docbook5_xsl, gettext, autoconf, libtool
|
||||
, utillinux, libxkbcommon }:
|
||||
stdenv.mkDerivation rec {
|
||||
name = "eventd";
|
||||
version = "d7c7ba59aa6b225b3e2b8aebdd853137c05d8445";
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ aqbanking, python36Packages, fetchgit }:
|
||||
with python36Packages; buildPythonApplication rec {
|
||||
with python36Packages;
|
||||
buildPythonApplication rec {
|
||||
name = "${pname}-${version}";
|
||||
pname = "jali";
|
||||
doCheck = false;
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,11 +1,14 @@
|
|||
{ pkgs, fetchFromGitHub, defaultCrateOverrides, makeDesktopItem, atk , pango, gnome3, cairo, gdk_pixbuf, glib, ... }:
|
||||
{ pkgs, fetchFromGitHub, defaultCrateOverrides, makeDesktopItem, atk, pango
|
||||
, gnome3, cairo, gdk_pixbuf, glib, ... }:
|
||||
((pkgs.callPackage ./Cargo.nix { }).tasktree_0_1_0 { }).override {
|
||||
crateOverrides = defaultCrateOverrides // {
|
||||
atk-sys = attr: { buildInputs = [ atk ]; };
|
||||
pango-sys = attr: { buildInputs = [ pango glib ]; };
|
||||
gio = attr: { buildInputs = [ glib ]; };
|
||||
gdk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango ]; };
|
||||
gtk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango atk gnome3.gtk ]; };
|
||||
gtk-sys = attr: {
|
||||
buildInputs = [ gdk_pixbuf glib cairo pango atk gnome3.gtk ];
|
||||
};
|
||||
gdk = attr: { buildInputs = [ cairo gnome3.gtk gdk_pixbuf pango ]; };
|
||||
gtk = attr: { buildInputs = [ cairo atk gnome3.gtk gdk_pixbuf pango ]; };
|
||||
tasktree = attrs:
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{ config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
me = config.m-0.private.me;
|
||||
let me = config.m-0.private.me;
|
||||
in {
|
||||
users.users = {
|
||||
"${me.user}" = {
|
||||
|
@ -13,8 +12,6 @@ in {
|
|||
openssh.authorizedKeys.keys = me.keys;
|
||||
passwordFile = me.pw-file;
|
||||
};
|
||||
root = {
|
||||
passwordFile = me.pw-file;
|
||||
};
|
||||
root = { passwordFile = me.pw-file; };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -15,23 +15,21 @@ in {
|
|||
|
||||
config = {
|
||||
|
||||
i18n = {
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
};
|
||||
i18n = { defaultLocale = "en_US.UTF-8"; };
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
networking = {
|
||||
firewall.allowPing = true;
|
||||
useDHCP = false;
|
||||
hosts = lib.zipAttrs (lib.mapAttrsToList (host: ip: {"${ip}" = "${host} ${host}.m-0.eu";} ) config.m-0.hosts);
|
||||
hosts = lib.zipAttrs
|
||||
(lib.mapAttrsToList (host: ip: { "${ip}" = "${host} ${host}.m-0.eu"; })
|
||||
config.m-0.hosts);
|
||||
};
|
||||
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
users.root = {
|
||||
openssh.authorizedKeys.keys = me.keys;
|
||||
};
|
||||
users.root = { openssh.authorizedKeys.keys = me.keys; };
|
||||
};
|
||||
|
||||
environment = {
|
||||
|
@ -43,10 +41,11 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
|
||||
nix = {
|
||||
binaryCaches = [ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
|
||||
binaryCachePublicKeys = [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
|
||||
binaryCaches =
|
||||
[ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
|
||||
binaryCachePublicKeys =
|
||||
[ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
|
||||
nixPath = [ "/etc/nix-path" ];
|
||||
};
|
||||
|
||||
|
|
|
@ -7,7 +7,8 @@
|
|||
antialias = true;
|
||||
cache32Bit = true;
|
||||
defaultFonts = {
|
||||
monospace = [ "Source Code Pro For Powerline" "Roboto Mono" "DejaVu Sans Mono" ];
|
||||
monospace =
|
||||
[ "Source Code Pro For Powerline" "Roboto Mono" "DejaVu Sans Mono" ];
|
||||
sansSerif = [ "Roboto Regular" "DejaVu Sans" ];
|
||||
serif = [ "Roboto Slab Regular" "DejaVu Serif" ];
|
||||
};
|
||||
|
@ -20,44 +21,22 @@
|
|||
enableFontDir = true;
|
||||
fonts = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
anonymousPro
|
||||
arkpandora_ttf
|
||||
caladea
|
||||
carlito
|
||||
comfortaa
|
||||
comic-relief
|
||||
crimson
|
||||
dejavu_fonts
|
||||
google-fonts
|
||||
inconsolata
|
||||
iosevka
|
||||
liberationsansnarrow
|
||||
liberation_ttf
|
||||
libertine
|
||||
mononoki
|
||||
montserrat
|
||||
nerdfonts
|
||||
norwester-font
|
||||
opensans-ttf
|
||||
powerline-fonts
|
||||
roboto
|
||||
sampradaya
|
||||
source-code-pro
|
||||
source-sans-pro
|
||||
source-serif-pro
|
||||
tai-ahom
|
||||
tempora_lgc
|
||||
terminus_font
|
||||
theano
|
||||
ubuntu_font_family;
|
||||
anonymousPro arkpandora_ttf caladea carlito comfortaa comic-relief
|
||||
crimson dejavu_fonts google-fonts inconsolata iosevka
|
||||
liberationsansnarrow liberation_ttf libertine mononoki montserrat
|
||||
nerdfonts norwester-font opensans-ttf powerline-fonts roboto sampradaya
|
||||
source-code-pro source-sans-pro source-serif-pro tai-ahom tempora_lgc
|
||||
terminus_font theano ubuntu_font_family;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
# create a cache of the font sources, often slow internet connections make it painful to
|
||||
# re-download them after a few months
|
||||
environment.etc = let
|
||||
# fonts with src attributes
|
||||
font_sources = map (v: v.src) (lib.filter (v: v ? src) config.fonts.fonts);
|
||||
in builtins.listToAttrs (lib.imap0 (n: v: lib.nameValuePair "src-cache/fonts/${toString n}" { source = builtins.toPath v; }) font_sources);
|
||||
in builtins.listToAttrs (lib.imap0 (n: v:
|
||||
lib.nameValuePair "src-cache/fonts/${toString n}" {
|
||||
source = builtins.toPath v;
|
||||
}) font_sources);
|
||||
}
|
||||
|
|
|
@ -2,8 +2,10 @@
|
|||
let
|
||||
inherit (import ../common/lib.nix) writeHaskellScript haskellList;
|
||||
me = config.m-0.private.me;
|
||||
test-command = ["${pkgs.systemd}/bin/systemctl" "start" "test-and-bump-config.service"];
|
||||
upgrade-command = ["${pkgs.systemd}/bin/systemctl" "start" "system-maintenance.service"];
|
||||
test-command =
|
||||
[ "${pkgs.systemd}/bin/systemctl" "start" "test-and-bump-config.service" ];
|
||||
upgrade-command =
|
||||
[ "${pkgs.systemd}/bin/systemctl" "start" "system-maintenance.service" ];
|
||||
post-update = writeHaskellScript {
|
||||
name = "post-update";
|
||||
bins = [ pkgs.git pkgs.nix ];
|
||||
|
@ -26,13 +28,22 @@ let
|
|||
exe "sudo" ${haskellList upgrade-command};
|
||||
writeOutput "Done";
|
||||
'';
|
||||
in
|
||||
in {
|
||||
users.users.git.linger =
|
||||
true; # Frequent restarting of the systemd-user-unit leads to errors
|
||||
security.sudo.extraRules = [{
|
||||
commands = [
|
||||
{
|
||||
users.users.git.linger = true; # Frequent restarting of the systemd-user-unit leads to errors
|
||||
security.sudo.extraRules = [ { commands = [
|
||||
{ command = builtins.concatStringsSep " " test-command; options = [ "NOPASSWD" ]; }
|
||||
{ command = builtins.concatStringsSep " " upgrade-command; options = [ "NOPASSWD" ]; }
|
||||
]; users = [ "git" ]; } ];
|
||||
command = builtins.concatStringsSep " " test-command;
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
{
|
||||
command = builtins.concatStringsSep " " upgrade-command;
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
];
|
||||
users = [ "git" ];
|
||||
}];
|
||||
services.gitolite = {
|
||||
enable = true;
|
||||
user = "git";
|
||||
|
|
|
@ -1,11 +1,6 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
m-0.server.initSSHKey = mkOption {
|
||||
type = types.path;
|
||||
};
|
||||
};
|
||||
with lib; {
|
||||
options = { m-0.server.initSSHKey = mkOption { type = types.path; }; };
|
||||
|
||||
config = {
|
||||
boot.initrd = {
|
||||
|
|
|
@ -6,7 +6,8 @@ let
|
|||
page = pkgs.stdenv.mkDerivation {
|
||||
name = "blog.maralorn.de";
|
||||
src = builtins.fetchGit "git@hera:blog";
|
||||
buildInputs = [ (pkgs.python3.withPackages (ps: [ps.pelican ps.markdown])) ];
|
||||
buildInputs =
|
||||
[ (pkgs.python3.withPackages (ps: [ ps.pelican ps.markdown ])) ];
|
||||
LC_ALL = "en_US.UTF-8";
|
||||
LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
|
||||
buildPhase = ''
|
||||
|
@ -18,8 +19,7 @@ page = pkgs.stdenv.mkDerivation {
|
|||
'';
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
in {
|
||||
|
||||
options = {
|
||||
m-0.blog = {
|
||||
|
|
|
@ -5,8 +5,7 @@ let
|
|||
|
||||
me = config.m-0.private.me;
|
||||
|
||||
in
|
||||
{
|
||||
in {
|
||||
options = {
|
||||
m-0.laptop.enable = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -14,9 +13,7 @@ in
|
|||
};
|
||||
};
|
||||
config = mkIf config.m-0.laptop.enable {
|
||||
networking = {
|
||||
networkmanager.enable = true;
|
||||
};
|
||||
networking = { networkmanager.enable = true; };
|
||||
i18n.consoleKeyMap = "neo";
|
||||
|
||||
sound.enable = true;
|
||||
|
|
|
@ -12,11 +12,14 @@ let
|
|||
|
||||
dataDir = "/var/lib/systemd/linger";
|
||||
|
||||
lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs config.users.users (n: u: u.linger)));
|
||||
lingeringUsers = map (u: u.name)
|
||||
(attrValues (flip filterAttrs config.users.users (n: u: u.linger)));
|
||||
|
||||
lingeringUsersFile = builtins.toFile "lingering-users"
|
||||
(concatStrings (map (s: "${s}\n")
|
||||
(sort (a: b: a < b) lingeringUsers))); # this sorting is important for `comm` to work correctly
|
||||
lingeringUsersFile = builtins.toFile "lingering-users" (concatStrings (map
|
||||
(s: ''
|
||||
${s}
|
||||
'') (sort (a: b: a < b)
|
||||
lingeringUsers))); # this sorting is important for `comm` to work correctly
|
||||
|
||||
updateLingering = pkgs.writeScript "update-lingering" ''
|
||||
# Stop when the system is not running, e.g. during nixos-install
|
||||
|
@ -26,14 +29,10 @@ let
|
|||
echo "$lingering" | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
in {
|
||||
options = {
|
||||
users.users = mkOption {
|
||||
options = [{
|
||||
linger = mkEnableOption "lingering for the user";
|
||||
}];
|
||||
options = [{ linger = mkEnableOption "lingering for the user"; }];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -17,8 +17,7 @@ page = pkgs.stdenv.mkDerivation {
|
|||
'';
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
in {
|
||||
|
||||
options = {
|
||||
m-0.mathechor-de = {
|
||||
|
@ -26,9 +25,7 @@ options = {
|
|||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
password = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
password = mkOption { type = types.str; };
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -46,7 +43,8 @@ config = mkIf config.m-0.mathechor-de.enable {
|
|||
"/" = {
|
||||
root = "${page}/public";
|
||||
index = "index.html";
|
||||
extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}";
|
||||
extraConfig =
|
||||
"location ~* .(otf)$ {add_header Access-Control-Allow-Origin *;}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -60,7 +58,8 @@ config = mkIf config.m-0.mathechor-de.enable {
|
|||
index = "index.html";
|
||||
};
|
||||
"/mathechor.ics" = {
|
||||
proxyPass = "https://cloud.mathechor.de/remote.php/dav/public-calendars/nebsfFTzQKGSSsDc?export";
|
||||
proxyPass =
|
||||
"https://cloud.mathechor.de/remote.php/dav/public-calendars/nebsfFTzQKGSSsDc?export";
|
||||
extraConfig = ''
|
||||
proxy_ssl_name cloud.mathechor.de;
|
||||
proxy_ssl_server_name on;
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.m-0.riot;
|
||||
in
|
||||
{
|
||||
let cfg = config.m-0.riot;
|
||||
in {
|
||||
|
||||
options = {
|
||||
m-0.riot = {
|
||||
|
@ -12,12 +10,8 @@ options = {
|
|||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
hostname = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
config = mkOption {
|
||||
type = types.attrs;
|
||||
};
|
||||
hostname = mkOption { type = types.str; };
|
||||
config = mkOption { type = types.attrs; };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,18 +1,21 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
imports = [ ./init_ssh.nix ];
|
||||
|
||||
config = {
|
||||
systemd.services."system-maintenance" = {
|
||||
startAt = "2:45";
|
||||
environment.NIX_PATH = "/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
|
||||
environment.NIX_PATH =
|
||||
"/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
|
||||
path = [ pkgs.git ];
|
||||
restartIfChanged = false;
|
||||
unitConfig.X-StopOnRemoval = false;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${(import ./update-lib.nix config.system.build.nixos-rebuild).system-maintenance}/bin/system-maintenance";
|
||||
ExecStart = "${
|
||||
(import ./update-lib.nix
|
||||
config.system.build.nixos-rebuild).system-maintenance
|
||||
}/bin/system-maintenance";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
with lib; {
|
||||
|
||||
imports = [ ./admin.nix ];
|
||||
|
||||
|
@ -12,24 +11,20 @@ with lib;
|
|||
mutableUsers = false;
|
||||
};
|
||||
|
||||
security.sudo.extraConfig = "
|
||||
Defaults timestamp_type=global, timestamp_timeout=15
|
||||
";
|
||||
security.sudo.extraConfig =
|
||||
"\n Defaults timestamp_type=global, timestamp_timeout=15\n ";
|
||||
|
||||
services = {
|
||||
sshd.enable = true;
|
||||
};
|
||||
services = { sshd.enable = true; };
|
||||
|
||||
nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
|
||||
|
||||
environment = {
|
||||
# Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager
|
||||
systemPackages = builtins.attrValues ({
|
||||
inherit (import ./update-lib.nix config.system.build.nixos-rebuild) update-system system-maintenance;
|
||||
inherit (import ./update-lib.nix config.system.build.nixos-rebuild)
|
||||
update-system system-maintenance;
|
||||
} // (import ../common/pkgs.nix).system-pkgs);
|
||||
sessionVariables = {
|
||||
TERMINFO = "/run/current-system/sw/share/terminfo";
|
||||
};
|
||||
sessionVariables = { TERMINFO = "/run/current-system/sw/share/terminfo"; };
|
||||
};
|
||||
|
||||
programs = {
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
{ pkgs, config, lib, ... }: {
|
||||
systemd.services."test-and-bump-config" = {
|
||||
startAt = "20:30";
|
||||
path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
WorkingDirectory = "/var/cache/gc-links";
|
||||
ExecStart = "${(import ../common/test-lib.nix).test-and-bump-config}/bin/test-and-bump-config";
|
||||
ExecStart = "${
|
||||
(import ../common/test-lib.nix).test-and-bump-config
|
||||
}/bin/test-and-bump-config";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
nixos-rebuild:
|
||||
let
|
||||
pkgs = import <nixpkgs> { };
|
||||
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path home-manager gcRetentionDays;
|
||||
inherit (import ../common/lib.nix)
|
||||
writeHaskellScript get-niv-path home-manager gcRetentionDays;
|
||||
configPath = "/etc/nixos";
|
||||
update-system = writeHaskellScript {
|
||||
name = "update-system";
|
||||
bins = [ get-niv-path nixos-rebuild ];
|
||||
}
|
||||
''
|
||||
} ''
|
||||
getNivPath = readTrim . get_niv_path "${configPath}/nix/sources.nix"
|
||||
|
||||
getNivAssign name = tag <$> getNivPath name
|
||||
|
@ -18,15 +18,14 @@ let
|
|||
args <- getArgs
|
||||
nixos_rebuild (paths ++ ["switch"] ++ args)
|
||||
'';
|
||||
system-maintenance = writeHaskellScript
|
||||
{ name = "system-maintenance"; bins = [ pkgs.nix pkgs.git update-system ];} ''
|
||||
system-maintenance = writeHaskellScript {
|
||||
name = "system-maintenance";
|
||||
bins = [ pkgs.nix pkgs.git update-system ];
|
||||
} ''
|
||||
main = do
|
||||
git "-C" "${configPath}" "pull"
|
||||
update_system
|
||||
nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d"
|
||||
nix "optimise-store"
|
||||
'';
|
||||
in
|
||||
{
|
||||
inherit update-system system-maintenance;
|
||||
}
|
||||
in { inherit update-system system-maintenance; }
|
||||
|
|
Loading…
Reference in a new issue