maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Reformat

Browse source
This commit is contained in:
Malte Brandy 2019-07-31 23:56:52 +02:00
parent c36c483ab3
commit a1bb4277b1
No known key found for this signature in database
GPG key ID: 226A2D41EF5378C9
79 changed files with 4803 additions and 4713 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
cachix/all-hies.nix
View file

@ -1,13 +1,8 @@
{
nix = {
binaryCaches = [
"https://all-hies.cachix.org"
];
binaryCachePublicKeys = [
"all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k="
];
binaryCaches = [ "https://all-hies.cachix.org" ];
binaryCachePublicKeys =
[ "all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k=" ];
trustedUsers = [ "root" "maralorn" ];
};
}

11
cachix/cachix.nix
View file

@ -1,13 +1,8 @@
{
nix = {
binaryCaches = [
"https://cachix.cachix.org"
];
binaryCachePublicKeys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
];
binaryCaches = [ "https://cachix.cachix.org" ];
binaryCachePublicKeys =
[ "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" ];
trustedUsers = [ "root" "maralorn" ];
};
}

11
cachix/nixfmt.nix
View file

@ -1,13 +1,8 @@
{
nix = {
binaryCaches = [
"https://nixfmt.cachix.org"
];
binaryCachePublicKeys = [
"nixfmt.cachix.org-1:uyEQg16IhCFeDpFV07aL+Dbmh18XHVUqpkk/35WAgJI="
];
binaryCaches = [ "https://nixfmt.cachix.org" ];
binaryCachePublicKeys =
[ "nixfmt.cachix.org-1:uyEQg16IhCFeDpFV07aL+Dbmh18XHVUqpkk/35WAgJI=" ];
trustedUsers = [ "root" "maralorn" ];
};
}

9
common/default.nix
View file

@ -13,7 +13,6 @@ config = {
}];
};
options = {
m-0.private = mkOption {
default = { };
@ -26,12 +25,8 @@ options = {
m-0.monitoring = mkOption {
type = types.listOf (types.submodule {
options = {
name = mkOption {
type = types.str;
};
host = mkOption {
type = types.str;
};
name = mkOption { type = types.str; };
host = mkOption { type = types.str; };
};
});
default = [ ];

16
common/lib.nix
View file

@ -6,13 +6,20 @@ rec {
broken = false;
doCheck = false;
});
shh-extras = unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh-extras (drv: {
shh-extras =
unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh-extras
(drv: {
broken = false;
doCheck = false;
});
haskellList = list: ''["${builtins.concatStringsSep ''", "'' list}"]'';
writeHaskellScript = { name ? "haskell-script", bins ? [pkgs.coreutils], libraries ? [], imports ? []}: code:
unstable.writers.writeHaskellBin name { libraries = libraries ++ [shh unstable.haskellPackages.string-interpolate ]; } ''
writeHaskellScript = { name ? "haskell-script", bins ? [ pkgs.coreutils ]
, libraries ? [ ], imports ? [ ] }:
code:
unstable.writers.writeHaskellBin name {
libraries = libraries
++ [ shh unstable.haskellPackages.string-interpolate ];
} ''
{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE QuasiQuotes #-}
@ -39,7 +46,8 @@ rec {
name = "get-niv-path";
bins = [ pkgs.nix ];
imports = [ "System.Console.CmdArgs.Implicit" ];
libraries = [ unstable.haskellPackages.cmdargs unstable.haskellPackages.text ];
libraries =
[ unstable.haskellPackages.cmdargs unstable.haskellPackages.text ];
} ''
trimQuotation = pureProc $ LTE.encodeUtf8 . LT.dropAround ('"' ==) . LTE.decodeUtf8 . trim

86
common/pkgs.nix
View file

@ -13,60 +13,34 @@ rec {
core-system-pkgs = {
inherit neovim;
inherit (pkgs)
gitFull
gnumake
python3
mkpasswd
file
wget
curl
wireguard
gnupg
mutt
bind
liboping
psmisc
unzip
rename
whois
lsof;
gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
liboping psmisc unzip rename whois lsof;
};
extra-system-pkgs = {
lorri = import sources.lorri { src = sources.lorri; pkgs = unstable; };
lorri = import sources.lorri {
src = sources.lorri;
pkgs = unstable;
};
inherit niv;
inherit (pkgs.gitAndTools) git-annex;
inherit (pkgs.rxvt_unicode) terminfo;
inherit (pkgs.pythonPackages) qrcode;
inherit (pkgs)
git-crypt
htop
tree
pwgen
borgbackup
inotifyTools
git-crypt htop tree pwgen borgbackup inotifyTools
direnv
socat
nmap
tcpdump
socat nmap tcpdump
tmux
tig
exa
fzf
ag
fd
bat
tmux tig exa fzf ag fd bat
ripgrep
ranger
pass
sshuttle;
pass sshuttle;
};
laptop-home-pkgs = {
@ -90,49 +64,26 @@ rec {
chromium
# communication
signal-desktop
tdesktop
acpi
dino
mumble
signal-desktop tdesktop acpi dino mumble
# config
arandr
#dev
meld
icedtea8_web
octave
filezilla
meld icedtea8_web octave filezilla
# tools & office
feh
gimp
imagemagick
ghostscript
libreoffice-fresh
pandoc
xournal
musescore
handbrake
evince
feh gimp imagemagick ghostscript libreoffice-fresh pandoc xournal
musescore handbrake evince
networkmanagerapplet
# teamviewer
# media
ncpamixer
pavucontrol
deluge
mpd
gmpc
calibre
mpv
youtubeDL
ncpamixer pavucontrol deluge mpd gmpc calibre mpv youtubeDL
minetest
;};
minetest;
};
my-home-pkgs = {
print215 = pkgs.writeShellScriptBin "print215" ''
@ -168,7 +119,8 @@ accounting-pkgs = {
inherit (pkgs) ledger;
};
system-pkgs = core-system-pkgs // extra-system-pkgs // {
inherit (import ./test-lib.nix) test-system-config test-home-config test-and-bump-config;
inherit (import ./test-lib.nix)
test-system-config test-home-config test-and-bump-config;
inherit (import ../common/lib.nix) home-manager;
};
foreign-home-pkgs = extra-system-pkgs;

BIN
common/secret/default.nix
View file

Binary file not shown.

36
common/test-lib.nix
View file

@ -1,8 +1,8 @@
let
pkgs = import <nixpkgs> { };
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path home-manager unstable niv haskellList;
haskellBody = commandline:
''
inherit (import ../common/lib.nix)
writeHaskellScript get-niv-path home-manager unstable niv haskellList;
haskellBody = commandline: ''
getNivPath dir = readTrim . get_niv_path ([i|#{dir :: String}/nix/sources.nix|] :: String)
getNivAssign dir name = fmap process . getNivPath dir $ name
@ -18,16 +18,14 @@ let
test-system-config = writeHaskellScript {
name = "test-system-config";
inherit bins;
} (haskellBody
''
} (haskellBody ''
nix $ ["build", "-f", "<nixpkgs/nixos>", "system"] ++ paths ++ ["-I", [i|nixos-config=#{configDir}/hosts/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ args
'');
test-home-config = writeHaskellScript {
name = "test-home-config";
inherit bins;
} (haskellBody
''
} (haskellBody ''
nix $ ["build", "-f", "<home-manager/home-manager/home-manager.nix>"] ++ paths ++ ["--argstr", "confPath", [i|#{configDir}/hosts/#{hostname}/home.nix|], "--argstr", "confAttr", "", "--out-link", [i|result-home-manager-#{hostname}|], "activationPackage"] ++ args
'');
@ -38,8 +36,19 @@ let
keys = [ "default" "apollo" "hera" ];
test-and-bump-config = writeHaskellScript {
name = "test-and-bump-config";
bins = [ test-system-config test-home-config pkgs.git pkgs.coreutils niv pkgs.git-crypt ];
imports = [ "Control.Exception (bracket)" "System.Directory (withCurrentDirectory)" "Control.Monad (when)"];
bins = [
test-system-config
test-home-config
pkgs.git
pkgs.coreutils
niv
pkgs.git-crypt
];
imports = [
"Control.Exception (bracket)"
"System.Directory (withCurrentDirectory)"
"Control.Monad (when)"
];
} ''
checkout :: IO FilePath
checkout = do
@ -51,7 +60,9 @@ let
path <- readTrim pwd
bracket checkout (rm "-rf") $ \dir -> do
withCurrentDirectory dir $ do
mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${haskellList keys}
mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${
haskellList keys
}
ignoreFailure $ niv "update"
mapM_ (test_system_config dir) ${haskellList systems}
mapM_ (test_home_config dir) ${haskellList homes}
@ -62,7 +73,4 @@ let
git "-C" dir "commit" "-am" "Update dependencies with niv"
git "-C" dir "push"
'';
in
{
inherit test-system-config test-home-config test-and-bump-config;
}
in { inherit test-system-config test-home-config test-and-bump-config; }

12
home-manager/battery.nix
View file

@ -24,15 +24,9 @@ in {
systemd.user = {
services.battery = {
Unit = {
Description = "Watch battery state and warn user";
};
Service = {
ExecStart=toString battery-watch;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Unit = { Description = "Watch battery state and warn user"; };
Service = { ExecStart = toString battery-watch; };
Install = { WantedBy = [ "graphical-session.target" ]; };
};
};

80
home-manager/default.nix
View file

@ -1,6 +1,5 @@
{ pkgs, config, ... }:
let
inherit (config.m-0.private) me meWork;
let inherit (config.m-0.private) me meWork;
in {
imports = [
@ -20,7 +19,6 @@ imports = [
../common
];
programs = {
home-manager.enable = true;
direnv = {
@ -37,9 +35,7 @@ programs = {
'';
};
git = {
aliases = {
sync = "!git pull -r && git push";
};
aliases = { sync = "!git pull -r && git push"; };
enable = true;
ignores = [
".syncthing*.tmp"
@ -85,17 +81,57 @@ programs = {
matheGwProxy = "ssh -q gw nc -q0 %h %p";
agHost = "fb04217.mathematik.tu-darmstadt.de";
in [
{ host = "charon"; hostname = "charon.olymp.space"; }
{ host = "hera"; hostname = "hera.m-0.eu"; forwardAgent = true; }
{ host = "ag-forward"; hostname = agHost; proxyCommand = matheGwProxy; user = meWork.user; }
{ host = "ag"; hostname = agHost; user = meWork.user; }
{ host = "gw"; hostname = "gwres4.mathematik.tu-darmstadt.de"; user = meWork.user; }
{ host = "shells"; hostname = "shells.darmstadt.ccc.de"; }
{ host = "vorstand"; hostname = "vorstand.darmstadt.ccc.de"; }
{ host = "*.darmstadt.ccc.de"; user = me.user; }
{ host = "whisky"; hostname = "whisky.w17.io"; user = "chaos"; }
{ host = "kitchen"; hostname = "kitchen.w17.io"; user = "chaos"; }
{ host = "door.w17.io"; identityFile = "~/.ssh/door_rsa";}
{
host = "charon";
hostname = "charon.olymp.space";
}
{
host = "hera";
hostname = "hera.m-0.eu";
forwardAgent = true;
}
{
host = "ag-forward";
hostname = agHost;
proxyCommand = matheGwProxy;
user = meWork.user;
}
{
host = "ag";
hostname = agHost;
user = meWork.user;
}
{
host = "gw";
hostname = "gwres4.mathematik.tu-darmstadt.de";
user = meWork.user;
}
{
host = "shells";
hostname = "shells.darmstadt.ccc.de";
}
{
host = "vorstand";
hostname = "vorstand.darmstadt.ccc.de";
}
{
host = "*.darmstadt.ccc.de";
user = me.user;
}
{
host = "whisky";
hostname = "whisky.w17.io";
user = "chaos";
}
{
host = "kitchen";
hostname = "kitchen.w17.io";
user = "chaos";
}
{
host = "door.w17.io";
identityFile = "~/.ssh/door_rsa";
}
];
};
};
@ -103,15 +139,16 @@ programs = {
home = {
packages = builtins.attrValues (import ../common/pkgs.nix).home-pkgs;
sessionVariables = {
PATH = "$HOME/.cargo/bin:/etc/profiles/per-user/${config.home.username}/bin:$HOME/.nix-profile/bin:$PATH";
PATH =
"$HOME/.cargo/bin:/etc/profiles/per-user/${config.home.username}/bin:$HOME/.nix-profile/bin:$PATH";
BROWSER = "${pkgs.firefox}/bin/firefox";
EDITOR = "${pkgs.neovim}/bin/nvim";
TERMINAL = config.m-0.terminal;
EMAIL = me.mail;
SUDO_ASKPASS = let
print-pw = pkgs.writeShellScriptBin "print-pw" "pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}";
in
"${print-pw}/bin/print-pw";
print-pw = pkgs.writeShellScriptBin "print-pw"
"pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}";
in "${print-pw}/bin/print-pw";
};
};
fonts.fontconfig.enableProfileFonts = true;
@ -126,6 +163,5 @@ services = {
};
};
xdg.enable = true;
}

18
home-manager/desktop/default.nix
View file

@ -1,16 +1,9 @@
{ pkgs, lib, config, ... }:
let
inherit (import ../../common/pkgs.nix) desktop-pkgs;
in
{
let inherit (import ../../common/pkgs.nix) desktop-pkgs;
in {
imports = [
./i3.nix
./rofi.nix
./ssh-agent.nix
./eventd.nix
./sleep-nag.nix
];
imports =
[ ./i3.nix ./rofi.nix ./ssh-agent.nix ./eventd.nix ./sleep-nag.nix ];
m-0 = {
workspaces = [
"tasks"
@ -116,7 +109,8 @@ imports = [
};
screen-locker = {
enable = true;
lockCmd = "${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png";
lockCmd =
"${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png";
};
};
xsession.enable = true;

72
home-manager/desktop/eventd.nix
View file

@ -13,9 +13,7 @@ in {
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
};
Install = {
WantedBy = [ "default.target" ];
};
Install = { WantedBy = [ "default.target" ]; };
Service = {
Type = "notify";
Sockets = "eventd-control.socket eventd.socket";
@ -26,9 +24,7 @@ in {
};
sockets = {
eventd-control = {
Unit = {
Description = "eventd control socket";
};
Unit = { Description = "eventd control socket"; };
Socket = {
Service = "eventd.service";
SocketMode = "0600";
@ -36,9 +32,7 @@ in {
};
};
eventd = {
Unit = {
Description = "eventd sockets";
};
Unit = { Description = "eventd sockets"; };
Socket = {
SocketMode = "0660";
ListenStream = "%t/eventd/evp";
@ -72,9 +66,7 @@ in {
Spacing = 1;
Limit = 20;
};
Notification = {
Text = "\${message}";
};
Notification = { Text = "\${message}"; };
NotificationBubble = {
Padding = 10;
Radius = 0;
@ -89,26 +81,14 @@ in {
};
};
"eventd/notification.event".text = lib.generators.toINI { } {
"Event notification *" = {
Actions = "notification";
};
"Event notification kassandra" = {
Actions = "kassandra";
};
"Event command success" = {
Actions = "command-success";
};
"Event command failure" = {
Actions = "command-failure";
};
"Event critical *" = {
Actions = "critical";
};
"Event notification *" = { Actions = "notification"; };
"Event notification kassandra" = { Actions = "kassandra"; };
"Event command success" = { Actions = "command-success"; };
"Event command failure" = { Actions = "command-failure"; };
"Event critical *" = { Actions = "critical"; };
};
"eventd/command-success.action".text = lib.generators.toINI { } {
Action = {
Name = "command-success";
};
Action = { Name = "command-success"; };
Notification = {
Text = "<b>\${command}</b>\\nsucceeded after \${time} @ \${host}";
};
@ -118,9 +98,7 @@ in {
};
};
"eventd/command-failure.action".text = lib.generators.toINI { } {
Action = {
Name = "command-failure";
};
Action = { Name = "command-failure"; };
Notification = {
Text = "<b>\${command}</b>\\nfailed after \${time} @ \${host}";
};
@ -130,35 +108,21 @@ in {
};
};
"eventd/critical.action".text = lib.generators.toINI { } {
Action = {
Name = "critical";
};
Notification = {
Text = "<b>\${title}</b>\${message/^/\\n}";
};
Action = { Name = "critical"; };
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
NotificationBubble = {
Queue = "critical";
Colour = colors.red;
};
};
"eventd/kassandra.action".text = lib.generators.toINI { } {
Action = {
Name = "kassandra";
};
Notification = {
Text = "<b>\${title}</b>\${message/^/\\n}";
};
NotificationBubble = {
Queue = "critical";
};
Action = { Name = "kassandra"; };
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
NotificationBubble = { Queue = "critical"; };
};
"eventd/notification.action".text = lib.generators.toINI { } {
Action = {
Name = "notification";
};
Notification = {
Text = "<b>\${title}</b>\${message/^/\\n}";
};
Action = { Name = "notification"; };
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
};
};
};

52
home-manager/desktop/i3.nix
View file

@ -64,13 +64,12 @@ let
]]
'';
addMods = oldbindings: builtins.foldl' (newbindings: key:
addMods = oldbindings:
builtins.foldl' (newbindings: key:
newbindings // {
"Mod4+${key}" = oldbindings.${key};
"Mod3+Mod4+${key}" = oldbindings.${key};
})
{}
(builtins.attrNames oldbindings);
}) { } (builtins.attrNames oldbindings);
in {
xsession = {
@ -92,8 +91,14 @@ in {
});
config = {
startup = [
{ command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}"; notification = false; }
{ command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}"; notification = false; }
{
command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}";
notification = false;
}
{
command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}";
notification = false;
}
];
focus = {
followMouse = false;
@ -130,8 +135,7 @@ in {
text = colors.foreground;
};
};
bars = [
{
bars = [{
mode = "hide";
colors = {
separator = colors.white;
@ -161,19 +165,24 @@ in {
window = {
titlebar = false;
border = 1;
commands = [ { command = "floating disable"; criteria = { class = "Firefox";};} ];
commands = [{
command = "floating disable";
criteria = { class = "Firefox"; };
}];
};
keybindings = {
"XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle";
"XF86AudioLowerVolume" = "exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
"XF86AudioMicMute" = "exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
"XF86AudioLowerVolume" =
"exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
"XF86AudioRaiseVolume" =
"exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
"XF86AudioMicMute" =
"exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
"XF86MonBrightnessUp" = "exec xbacklight +5";
"XF86MonBrightnessDown" = "exec xbacklight -5";
"XF86Display" = "${exec} ${pkgs.arandr}/bin/arandr";
"Ctrl+Escape" = "${exec} loginctl lock-session;";
} //
addMods ({
} // addMods ({
"Left" = "focus left";
"Down" = "focus down";
"Up" = "focus up";
@ -195,16 +204,17 @@ in {
"m" = "move workspace to output up";
"n" = "move workspace to output right";
"shift+space" = "floating toggle";
"shift+q" = "${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'";
"shift+q" =
"${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'";
"space" = "${exec} hotkeys";
} // builtins.foldl' (bindings: name: let
number = toString ((builtins.length (builtins.attrNames bindings)) / 2);
in
bindings // {
} // builtins.foldl' (bindings: name:
let
number =
toString ((builtins.length (builtins.attrNames bindings)) / 2);
in bindings // {
"${number}" = "workspace ${number}:${name}";
"Shift+${number}" = "move container to workspace ${number}:${name}";
}) {} workspaces
);
}) { } workspaces);
};
};
};

9
home-manager/desktop/rofi.nix
View file

@ -1,14 +1,9 @@
{ pkgs, lib, config, ... }:
with lib;
let
inherit (config.m-0) colors workspaces terminal;
let inherit (config.m-0) colors workspaces terminal;
in {
home = {
packages = with pkgs; [
rofi-pass
];
};
home = { packages = with pkgs; [ rofi-pass ]; };
programs = {
rofi = {
enable = true;

12
home-manager/desktop/sleep-nag.nix
View file

@ -16,15 +16,9 @@ in {
systemd.user = {
services.sleep-nag = {
Unit = {
Description = "Sleep nag";
};
Service = {
ExecStart=toString sleep-nag;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Unit = { Description = "Sleep nag"; };
Service = { ExecStart = toString sleep-nag; };
Install = { WantedBy = [ "graphical-session.target" ]; };
};
};

6
home-manager/desktop/ssh-agent.nix
View file

@ -1,5 +1,4 @@
{ pkgs , config , lib, ... }:
{
{ pkgs, config, lib, ... }: {
xsession.initExtra = let
cat-pw = pkgs.writeShellScriptBin "cat-ssh-pw" ''
@ -12,7 +11,6 @@
systemctl --user set-environment SSH_AGENT_PID="$SSH_AGENT_PID"
SSH_ASKPASS=${cat-pw}/bin/cat-ssh-pw ${pkgs.openssh}/bin/ssh-add & < /dev/null
'';
in
". ${start-agent}/bin/start-ssh-agent";
in ". ${start-agent}/bin/start-ssh-agent";
}

18
home-manager/lib.nix
View file

@ -1,16 +1,12 @@
let
inherit (import ../common/lib.nix) home-manager writeHaskellScript get-niv-path;
in
{
update-home = configPath: writeHaskellScript
{
inherit (import ../common/lib.nix)
home-manager writeHaskellScript get-niv-path;
in {
update-home = configPath:
writeHaskellScript {
name = "update-home";
bins = [
get-niv-path
home-manager
];
}
''
bins = [ get-niv-path home-manager ];
} ''
getNivPath = get_niv_path "${configPath}/nix/sources.nix"

10
home-manager/modules/accounting/default.nix
View file

@ -1,15 +1,13 @@
{ lib, pkgs, config, ... }:
with lib;
{
with lib; {
options.m-0.accounting.enable = mkEnableOption "Accounting";
options.m-0.accounting.config = mkOption {
type = types.str;
};
options.m-0.accounting.config = mkOption { type = types.str; };
config = mkIf config.m-0.accounting.enable {
home.file.".config/jali/config.py".text = config.m-0.accounting.config;
home.packages = builtins.attrValues (import ../../../common/pkgs.nix).accounting-pkgs;
home.packages =
builtins.attrValues (import ../../../common/pkgs.nix).accounting-pkgs;
};
}

21
home-manager/modules/bugwarrior.nix
View file

@ -1,9 +1,9 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (config.m-0.private) me gitlab github otrs;
let inherit (config.m-0.private) me gitlab github otrs;
in {
options.m-0.bugwarrior.enable = mkEnableOption "Sync tasks from issuetrackers";
options.m-0.bugwarrior.enable =
mkEnableOption "Sync tasks from issuetrackers";
config = mkIf config.m-0.bugwarrior.enable {
home.file.".config/bugwarrior/bugwarriorrc".text = ''
[general]
@ -38,22 +38,17 @@ config = mkIf config.m-0.bugwarrior.enable {
'';
systemd.user = {
services.bugwarrior = {
Unit = {
Description = "Run bugwarrior";
};
Unit = { Description = "Run bugwarrior"; };
Service = {
Type = "oneshot";
Environment=''PATH=${pkgs.taskwarrior}/bin:${pkgs.eventd}/bin:${pkgs.gnugrep}/bin'';
Environment =
"PATH=${pkgs.taskwarrior}/bin:${pkgs.eventd}/bin:${pkgs.gnugrep}/bin";
ExecStart = "${pkgs.bugwarrior}/bin/bugwarrior-pull";
};
};
timers.bugwarrior = {
Timer = {
OnCalendar = "hourly";
};
Install = {
WantedBy = [ "timers.target" ];
};
Timer = { OnCalendar = "hourly"; };
Install = { WantedBy = [ "timers.target" ]; };
};
};
};

6
home-manager/modules/force-copies.nix
View file

@ -20,15 +20,15 @@ let
echo "Overwriting $HOME/${path}"
cp --remove-destination -T $canonical $HOME/${path};
'';
in with lib;
{
in with lib; {
options.home.forceCopies.paths = mkOption {
default = [ ];
type = types.listOf types.str;
};
config.home.activation = {
deleteForcedCopies = config.lib.dag.entryBefore [ "checkLinkTargets" ]
(builtins.concatStringsSep "\n" (builtins.map disableCollisionCheck paths));
(builtins.concatStringsSep "\n"
(builtins.map disableCollisionCheck paths));
forceCopies = config.lib.dag.entryAfter [ "linkGeneration" ]
(builtins.concatStringsSep "\n" (builtins.map copyPath paths));
};

7
home-manager/modules/home-options.nix
View file

@ -1,12 +1,9 @@
{ lib, config, pkgs, ... }:
with lib;
{
with lib; {
options = {
m-0 = {
hostName = mkOption {
type = types.str;
};
hostName = mkOption { type = types.str; };
terminal = mkOption {
default = "urxvt";
type = types.str;

15
home-manager/modules/latex.nix
View file

@ -1,6 +1,5 @@
{ lib, pkgs, config, ... }:
with lib;
{
with lib; {
options.m-0.latex.enable = mkEnableOption "Latex";
@ -8,14 +7,10 @@ config = mkIf config.m-0.latex.enable {
programs = {
texlive = {
enable = true;
extraPackages = tpkgs: {inherit (tpkgs)
scheme-small
pdfjam
latexmk
collection-latexextra
collection-bibtexextra
collection-luatex
collection-mathscience
extraPackages = tpkgs: {
inherit (tpkgs)
scheme-small pdfjam latexmk collection-latexextra
collection-bibtexextra collection-luatex collection-mathscience
collection-fontsextra;
};
};

36
home-manager/modules/mail.nix
View file

@ -7,9 +7,7 @@ let
in {
options.m-0.mail.enable = mkEnableOption "private-mail";
options.m-0.mail.accounts = mkOption {
type = types.attrs;
};
options.m-0.mail.accounts = mkOption { type = types.attrs; };
config = mkIf mail.enable {
@ -17,13 +15,15 @@ services.mbsync = {
enable = true;
frequency = "*:0/30";
verbose = false;
postExec = "${pkgs.notmuch}/bin/notmuch --config=${config.home.sessionVariables.NOTMUCH_CONFIG} new";
postExec =
"${pkgs.notmuch}/bin/notmuch --config=${config.home.sessionVariables.NOTMUCH_CONFIG} new";
};
accounts.email.accounts = config.m-0.mail.accounts;
systemd.user.services = let
mkService = name: account: let
mkService = name: account:
let
configjs = pkgs.writeText "config.js" ''
var child_process = require('child_process');
@ -42,27 +42,22 @@ systemd.user.services = let
exports.onNotifyPost = "${pkgs.notmuch}/bin/notmuch new"
exports.boxes = [ "Inbox" ];
'';
in
{
Unit = {
Description = "Run imapnotify for imap account ${name}";
};
in {
Unit = { Description = "Run imapnotify for imap account ${name}"; };
Service = {
ExecStart = "${pkgs.imapnotify}/bin/imapnotify -c ${configjs}";
Restart = "always";
RestartSec = "1min";
};
Install = {
WantedBy = [ "default.target" ];
};
Install = { WantedBy = [ "default.target" ]; };
};
mkServiceWithName = name: account: {
name = "imapnotify-${name}-inbox";
value = mkService name account;
};
hasImapHost = name: account: account.imap != null;
in
mapAttrs' mkServiceWithName (filterAttrs hasImapHost config.accounts.email.accounts);
in mapAttrs' mkServiceWithName
(filterAttrs hasImapHost config.accounts.email.accounts);
programs.msmtp.enable = true;
programs.mbsync.enable = true;
@ -81,11 +76,10 @@ programs.notmuch = {
maildir.synchronizeFlags = true;
};
home = {
packages = with pkgs; [
neomutt
];
packages = with pkgs; [ neomutt ];
file = let
mutt_alternates = "@maralorn.de " + (builtins.concatStringsSep " " me.alternates);
mutt_alternates = "@maralorn.de "
+ (builtins.concatStringsSep " " me.alternates);
show-sidebar = pkgs.writeText "show-sidebar" ''
set sidebar_visible=yes
bind index <up> sidebar-prev
@ -178,7 +172,9 @@ programs.notmuch = {
set sidebar_format = "%B%* %?N?%N/?%S"
alias f__0 ${me.name} <${me.mail}>
${builtins.concatStringsSep "\n" (lib.imap1 (n: x: "alias f__${toString n} ${me.name} <${x}>") me.alternates)}
${builtins.concatStringsSep "\n"
(lib.imap1 (n: x: "alias f__${toString n} ${me.name} <${x}>")
me.alternates)}
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${me.mail}<enter>"
'';
};

8
home-manager/modules/pythia.nix
View file

@ -1,6 +1,5 @@
{ lib, pkgs, config, ... }:
with lib;
{
with lib; {
options.m-0.pythia.enable = mkEnableOption "Pythia";
config = mkIf config.m-0.pythia.enable (let
@ -108,10 +107,7 @@ exit
'';
in {
home.packages = with pkgs; [
pythia
meditate
];
home.packages = with pkgs; [ pythia meditate ];
});
}

9
home-manager/modules/rustdev.nix
View file

@ -1,15 +1,10 @@
{ lib, pkgs, config, ... }:
with lib;
{
with lib; {
options.m-0.rustdev.enable = mkEnableOption "Rust Dev";
config = mkIf config.m-0.rustdev.enable {
home.packages = with pkgs; [
rustup
nix-prefetch-scripts
gcc
];
home.packages = with pkgs; [ rustup nix-prefetch-scripts gcc ];
};
}

46
home-manager/modules/taskwarrior.nix
View file

@ -6,7 +6,9 @@ let
cd ${config.home.homeDirectory}/.task
${pkgs.git}/bin/git add completed.data pending.data > /dev/null
${pkgs.git}/bin/git commit -m 'Updating task data' > /dev/null
${pkgs.git}/bin/git pull -X ${if config.m-0.taskwarrior.git_active then "ours" else "theirs"} | ${pkgs.gnugrep}/bin/grep -v "Already up to date."
${pkgs.git}/bin/git pull -X ${
if config.m-0.taskwarrior.git_active then "ours" else "theirs"
} | ${pkgs.gnugrep}/bin/grep -v "Already up to date."
${pkgs.taskwarrior}/bin/task diagnostics | ${pkgs.gnugrep}/bin/grep "Found duplicate" | ${pkgs.gnused}/bin/sed 's/.*Found duplicate //' | ${pkgs.findutils}/bin/xargs -i ${pkgs.gnused}/bin/sed -i '0,/uuid:"{}"/{/uuid:"{}"/d}' completed.data > /dev/null
${pkgs.git}/bin/git add completed.data > /dev/null
${pkgs.git}/bin/git commit -m 'Fixing duplicates' > /dev/null
@ -15,25 +17,20 @@ let
'';
in {
options.m-0.taskwarrior.enable = mkEnableOption "Taskwarrior";
options.m-0.taskwarrior.git_active = mkEnableOption "This machine will prefer its own state in case of a merge conflict, if enabled.";
options.m-0.taskwarrior.git_active = mkEnableOption
"This machine will prefer its own state in case of a merge conflict, if enabled.";
config = mkIf config.m-0.taskwarrior.enable {
systemd.user = {
services.tasksync = {
Unit = {
Description = "Update tasks";
};
Unit = { Description = "Update tasks"; };
Service = {
ExecStart = "${tasksync}/bin/tasksync";
Type = "oneshot";
};
};
timers.tasksync = {
Timer = {
OnCalendar = "*:0/1";
};
Install = {
WantedBy = [ "timers.target" ];
};
Timer = { OnCalendar = "*:0/1"; };
Install = { WantedBy = [ "timers.target" ]; };
};
};
home = {
@ -175,30 +172,21 @@ config = mkIf config.m-0.taskwarrior.enable {
xdg = let
taskAction = name: template: {
"eventd/task-${name}.action".text = generators.toINI { } {
Action = {
Name = "task-${name}";
};
Notification = {
Text = template;
};
NotificationBubble = {
Queue = "tasks";
};
Action = { Name = "task-${name}"; };
Notification = { Text = template; };
NotificationBubble = { Queue = "tasks"; };
};
};
in {
configFile = {
"eventd/task.event".text = generators.toINI { } {
"Event task add" = {
Actions = "task-new";
"Event task add" = { Actions = "task-new"; };
"Event task modify" = { Actions = "task-changed"; };
};
"Event task modify" = {
Actions = "task-changed";
};
};
} //
taskAction "changed" "Changes in task:\\n<b>\${description}</b>\${status:+\\nStatus: }\${status}\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}" //
taskAction "new" "New \${status} task\${tags:! in inbox}:\\n<b>\${description}</b>\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}";
} // taskAction "changed"
"Changes in task:\\n<b>\${description}</b>\${status:+\\nStatus: }\${status}\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}"
// taskAction "new"
"New \${status} task\${tags:! in inbox}:\\n<b>\${description}</b>\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}";
};
};

13
home-manager/modules/unlock.nix
View file

@ -3,10 +3,8 @@ with lib;
let
makeUnlocker = { name, hostName, pubKey, passPath }:
let
knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
in
pkgs.writeShellScriptBin "unlock-${name}" ''
let knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
in pkgs.writeShellScriptBin "unlock-${name}" ''
echo "Waiting for host to come up";
while true; do
echo -n .
@ -17,16 +15,13 @@ let
echo "Ping successful; Entering disk encryption password"
${pkgs.pass}/bin/pass ${passPath} | ssh -4 root@${hostName} -o UserKnownHostsFile=${knownHosts} cryptsetup-askpass && echo "Unlocking of ${name} successful" || echo "Unlocking of ${name} failed"
'';
in
{
in {
options.m-0.unlocker = mkOption {
default = [ ];
type = types.listOf types.attrs;
};
config = {
home.packages = map makeUnlocker config.m-0.unlocker;
};
config = { home.packages = map makeUnlocker config.m-0.unlocker; };
}

19
home-manager/modules/weechat/default.nix
View file

@ -9,12 +9,8 @@ options.m-0.weechat = {
type = types.str;
default = "";
};
user = mkOption {
type = types.str;
};
pw = mkOption {
type = types.str;
};
user = mkOption { type = types.str; };
pw = mkOption { type = types.str; };
};
config = mkIf config.m-0.weechat.enable {
@ -91,17 +87,14 @@ config = mkIf config.m-0.weechat.enable {
systemd.user.services = {
weechat = {
Unit = {
Description = "Weechat Tmux Session";
};
Unit = { Description = "Weechat Tmux Session"; };
Service = {
Type = "forking";
ExecStart = "${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${pkgs.weechat}/bin/weechat'";
ExecStart =
"${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${pkgs.weechat}/bin/weechat'";
Restart = "always";
};
Install = {
WantedBy = [ "default.target" ];
};
Install = { WantedBy = [ "default.target" ]; };
};
};
};

11
home-manager/nvim/default.nix
View file

@ -7,15 +7,8 @@ neovim.override {
packages.myVimPackage = {
start = builtins.attrValues {
inherit ((import <nixpkgs> { }).vimPlugins)
vim-nix
vimtex
airline
rust-vim
fugitive
vim-trailing-whitespace
vim-pandoc
vim-pandoc-syntax
haskell-vim;
vim-nix vimtex airline rust-vim fugitive vim-trailing-whitespace
vim-pandoc vim-pandoc-syntax haskell-vim;
};
};
};

10
home-manager/on-foreign-machine.nix
View file

@ -2,13 +2,11 @@
let
inherit (import ../common/lib.nix) writeHaskellScript;
sources = import ../nix/sources.nix;
in
{
in {
home = {
packages = builtins.attrValues (import ../common/pkgs.nix).foreign-home-pkgs;
sessionVariables = {
NIX_PATH = "$HOME/.nix-path";
};
packages =
builtins.attrValues (import ../common/pkgs.nix).foreign-home-pkgs;
sessionVariables = { NIX_PATH = "$HOME/.nix-path"; };
file = {
home-manager-source = {
target = ".nix-path/home-manager";

3
home-manager/on-my-machine.nix
View file

@ -1,5 +1,4 @@
{ pkgs, config, lib, ... }:
{
{ pkgs, config, lib, ... }: {
home = {
username = "maralorn";
homeDirectory = "/home/maralorn";

10
home-manager/unused/morgenreport.nix
View file

@ -16,19 +16,13 @@ in {
home.packages = [ morgenreport-script ];
systemd.user = {
services.morgenreport = {
Unit = {
Description = "Send morgenreport to kindle";
};
Unit = { Description = "Send morgenreport to kindle"; };
Service = {
Type = "oneshot";
ExecStart = "/bin/sh ${morgenreport-script}/bin/morgenreport";
};
};
timers.morgenreport = {
Timer = {
OnCalendar = "20:00";
};
};
timers.morgenreport = { Timer = { OnCalendar = "20:00"; }; };
};
}

16
home-manager/unused/sort-mail.nix
View file

@ -1,8 +1,6 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
systemd.user = {
services.sort-mail =
let
services.sort-mail = let
sort-mail-script = pkgs.writeShellScriptBin "sort-mail" ''
${pkgs.isync}/bin/mbsync -a
@ -18,19 +16,13 @@
${pkgs.isync}/bin/mbsync -a
'';
in {
Unit = {
Description = "Sort E-Mails";
};
Unit = { Description = "Sort E-Mails"; };
Service = {
Type = "oneshot";
ExecStart = "/bin/sh ${sort-mail-script}/bin/sort-mail";
};
};
timers.sort-mail = {
Timer = {
OnCalendar = "minutely";
};
};
timers.sort-mail = { Timer = { OnCalendar = "minutely"; }; };
};
}

6
home-manager/unused/update-hm.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }:
let
path = https://github.com/rycee/home-manager/archive/release-17.09.tar.gz;
path = "https://github.com/rycee/home-manager/archive/release-17.09.tar.gz";
home-manager = (import ../../home-manager {
inherit pkgs;
inherit path;
@ -8,9 +8,7 @@ let
in {
systemd.user = {
services.update-hm = {
Unit = {
Description = "Update home-manager";
};
Unit = { Description = "Update home-manager"; };
Service = {
Type = "oneshot";

9
home-manager/unused/urxvt.nix
View file

@ -1,12 +1,7 @@
{ pkgs, lib, config, ... }:
let
colors = config.common.colors;
let colors = config.common.colors;
in {
home = {
packages = with pkgs; [
rxvt_unicode-with-plugins
];
};
home = { packages = with pkgs; [ rxvt_unicode-with-plugins ]; };
xresources.properties = {
"*transparent" = true;
"*tintColor" = colors.background;

13
home-manager/update-script.nix
View file

@ -1,18 +1,21 @@
{ pkgs, config, lib, ... }:
let
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path gcRetentionDays;
inherit (import ../common/lib.nix)
writeHaskellScript get-niv-path gcRetentionDays;
inherit (import ./lib.nix) update-home;
configPath = "/home/${config.home.username}/git/nixos/config";
home-maintenance = writeHaskellScript
{ name = "home-maintenance"; imports = [ ]; bins = [ (update-home configPath) pkgs.nix pkgs.git];} ''
home-maintenance = writeHaskellScript {
name = "home-maintenance";
imports = [ ];
bins = [ (update-home configPath) pkgs.nix pkgs.git ];
} ''
main = do
git "-C" "${configPath}" "pull"
update_home
nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d"
nix "optimise-store"
'';
in
{
in {
home = {
packages = builtins.attrValues {
inherit home-maintenance get-niv-path;

18
home-manager/update_tasks.nix
View file

@ -1,13 +1,9 @@
{ config, lib, pkgs, ... }:
let
inherit (import ../common/pkgs.nix) eventd;
in
{
let inherit (import ../common/pkgs.nix) eventd;
in {
systemd.user = {
services.update_tasks = {
Unit = {
Description = "Update taskwarrior tasks";
};
Unit = { Description = "Update taskwarrior tasks"; };
Service = {
Type = "oneshot";
Environment = "PATH=${pkgs.taskwarrior}/bin:${eventd}/bin";
@ -15,12 +11,8 @@ in
};
};
timers.update_tasks = {
Timer = {
OnCalendar = "hourly";
};
Install = {
WantedBy = [ "timers.target" ];
};
Timer = { OnCalendar = "hourly"; };
Install = { WantedBy = [ "timers.target" ]; };
};
};

23
hosts/apollo/configuration.nix
View file

@ -27,23 +27,20 @@ networking = {
allowedIPsAsRoutes = false;
ips = [ "${hosts.apollo-wg}/112" ];
privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private";
peers = [
{
peers = [{
publicKey = wireguard.pub.hera;
allowedIPs = [ "::/0" ];
endpoint = "${hosts.hera-v4}:${builtins.toString wireguard.port}";
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
persistentKeepalive = 25;
}
];
postSetup = [ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
}];
postSetup =
[ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
};
};
};
m-0 = {
laptop.enable = true;
};
m-0 = { laptop.enable = true; };
#let
#secretsFile = "/var/lib/luks-secret/key";
@ -73,7 +70,6 @@ m-0 = {
#];
#}
# Use the systemd-boot EFI boot loader.
boot = {
loader = {
@ -95,7 +91,8 @@ boot = {
};
services = {
prometheus.exporters.node.firewallFilter = "-i m0wire -p tcp -m tcp --dport 9100";
prometheus.exporters.node.firewallFilter =
"-i m0wire -p tcp -m tcp --dport 9100";
autorandr.enable = true;
borgbackup.jobs.data = {
doInit = false;
@ -114,8 +111,10 @@ services = {
cdark_net = {
enable = true;
hostName = "${me.user}_${config.networking.hostName}";
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}" + /secret/tinc/ed25519_key.priv;
hostsDirectory = (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}"
+ /secret/tinc/ed25519_key.priv;
hostsDirectory =
(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
ip6address = "fd23:42:cda:4342::2";
ip4address = "172.20.71.2";
};

21
hosts/apollo/hardware-configuration.nix
View file

@ -4,29 +4,28 @@
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335";
fileSystems."/" = {
device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335";
fsType = "btrfs";
};
boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
boot.initrd.luks.devices."nixos".device =
"/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
fileSystems."/boot/EFI" =
{ device = "/dev/disk/by-uuid/C4A6-3DB5";
fileSystems."/boot/EFI" = {
device = "/dev/disk/by-uuid/C4A6-3DB5";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/b80468d0-d834-419f-8985-c6fa2274909e"; }
];
[{ device = "/dev/disk/by-uuid/b80468d0-d834-419f-8985-c6fa2274909e"; }];
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";

35
hosts/apollo/home.nix
View file

@ -1,5 +1,4 @@
{ pkgs, config, ... }:
{
{ pkgs, config, ... }: {
imports = [
../../home-manager
@ -9,7 +8,8 @@ imports = [
../../home-manager/desktop
];
home.packages = builtins.attrValues (import ../../common/pkgs.nix).laptop-home-pkgs;
home.packages =
builtins.attrValues (import ../../common/pkgs.nix).laptop-home-pkgs;
m-0 = {
hostName = "apollo";
@ -27,7 +27,8 @@ m-0 = {
unlocker = [{
name = "hera";
hostName = "hera-v4";
pubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
pubKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
passPath = "eu/m-0/hera/disk";
}];
mail = {
@ -46,9 +47,7 @@ m-0 = {
user_interface = alternative
'';
programs = {
firefox = {
enable = true;
};
firefox = { enable = true; };
git = {
signing = {
signByDefault = true;
@ -70,15 +69,19 @@ programs.autorandr = {
hooks = {
postswitch = {
"restart-i3" = "${pkgs.i3}/bin/i3-msg restart";
"update-background" = "${pkgs.systemd}/bin/systemctl --user restart random-background.service";
"update-background" =
"${pkgs.systemd}/bin/systemctl --user restart random-background.service";
};
};
profiles = {
"home" = {
fingerprint = {
"DP-2-2" = "00ffffffffffff00046997244a2e00001615010380351e782a6045a6564a9c25125054bf6f00714f814081809500b300d1c081c08100023a801871382d40582c4500132b2100001e000000ff0042364c4d54463031313835300a000000fd00324b1e5011000a202020202020000000fc00415355532056573234380a20200052";
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
"DP-2-1" = "00ffffffffffff0005b70000570500000a120103082a1a782ae5b5a355499927135054bfef809500950f8140718f01010101010101019a29a0d05184223050983600a4001100001c000000ff003030313336370a202020202020000000fd00374b1e500e000a202020202020000000fc0058313931305744530a2020202000bf";
"DP-2-2" =
"00ffffffffffff00046997244a2e00001615010380351e782a6045a6564a9c25125054bf6f00714f814081809500b300d1c081c08100023a801871382d40582c4500132b2100001e000000ff0042364c4d54463031313835300a000000fd00324b1e5011000a202020202020000000fc00415355532056573234380a20200052";
"eDP-1" =
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
"DP-2-1" =
"00ffffffffffff0005b70000570500000a120103082a1a782ae5b5a355499927135054bfef809500950f8140718f01010101010101019a29a0d05184223050983600a4001100001c000000ff003030313336370a202020202020000000fd00374b1e500e000a202020202020000000fc0058313931305744530a2020202000bf";
};
config = {
eDP-1 = {
@ -101,8 +104,10 @@ programs.autorandr = {
};
"work" = {
fingerprint = {
"DP-2" = "00ffffffffffff0009d1ce7845540000101a01030e351e782e6b35a455559f270c5054a56b80d1c081c081008180a9c0b30001010101023a801871382d40582c4500132b2100001e000000ff005334473034343238534c300a20000000fd00324c1e5315000a202020202020000000fc0042656e5120474c323436300a2000e2";
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
"DP-2" =
"00ffffffffffff0009d1ce7845540000101a01030e351e782e6b35a455559f270c5054a56b80d1c081c081008180a9c0b30001010101023a801871382d40582c4500132b2100001e000000ff005334473034343238534c300a20000000fd00324c1e5315000a202020202020000000fc0042656e5120474c323436300a2000e2";
"eDP-1" =
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
};
config = {
eDP-1 = {
@ -120,7 +125,8 @@ programs.autorandr = {
};
"default" = {
fingerprint = {
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
"eDP-1" =
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
};
config = {
eDP-1 = {
@ -134,5 +140,4 @@ programs.autorandr = {
};
};
}

BIN
hosts/apollo/secret/default.nix
View file

Binary file not shown.

3
hosts/apollo/syncthing.nix
View file

@ -1,7 +1,6 @@
{ config, lib, ... }:
with lib;
let
me = config.m-0.private.me;
let me = config.m-0.private.me;
in {
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };

14
hosts/hephaistos/home.nix
View file

@ -1,13 +1,8 @@
{ pkgs, config, ... }:
{
imports = [
../../home-manager
../../home-manager/on-foreign-machine.nix
];
{ pkgs, config, ... }: {
imports = [ ../../home-manager ../../home-manager/on-foreign-machine.nix ];
systemd.user.systemctlPath = "/usr/bin/systemctl";
m-0 = {
hostName = "fb04217";
#latex.enable = true;
@ -41,7 +36,8 @@ home = {
LC_MEASUREMENT = "C.UTF-8";
LC_IDENTIFICATION = "C.UTF-8";
};
forceCopies.paths = [ "bin/proot" "bin/with-nix" "bin/run-in-nix" ".bashrc" ".zshrc" ];
forceCopies.paths =
[ "bin/proot" "bin/with-nix" "bin/run-in-nix" ".bashrc" ".zshrc" ];
file = {
".bashrc".text = ''
[ -z "$PS1" ] && return
@ -74,7 +70,7 @@ home = {
nix-collect-garbage --delete-older-than 5d
nix-store --optimise
'')
] ++ ((import ../../common/pkgs.nix).);
];
};
}

10
hosts/hephaistos/nix-gc.nix
View file

@ -1,14 +1,12 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
systemd.user = {
services.nix-gc = {
Unit = {
Description = "Collect garbage";
};
Unit = { Description = "Collect garbage"; };
Service = {
Type = "oneshot";
ExecStart="${pkgs.nix}/bin/nix-collect-garbage --delete-older-than 5d";
ExecStart =
"${pkgs.nix}/bin/nix-collect-garbage --delete-older-than 5d";
};
};
timers.nix-gc = {

7
hosts/hephaistos/nix-update-channel.nix
View file

@ -1,10 +1,7 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
systemd.user = {
services.nix-update = {
Unit = {
Description = "Update nix-channel";
};
Unit = { Description = "Update nix-channel"; };
Service = {
Type = "oneshot";

6
hosts/hephaistos/syncthing.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
systemd.user = {
services.syncthing = {
Unit = {
@ -9,7 +8,8 @@
};
Service = {
ExecStart="${pkgs.syncthing}/bin/syncthing -no-browser -no-restart -logflags=0";
ExecStart =
"${pkgs.syncthing}/bin/syncthing -no-browser -no-restart -logflags=0";
Restart = "on-failure";
SuccessExitStatus = "3 4";
RestartForceExitStatus = "3 4";

9
hosts/hera/boot.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{ ... }: {
m-0.server.initSSHKey = ./secret/boot_rsa;
@ -19,14 +18,12 @@ boot = {
ip address flush dev eth0
ip link set eth0 down
'';
luks.devices = [
{
luks.devices = [{
name = "root";
device = "/dev/disk/by-uuid/536fe284-36f2-425c-b0c5-a737280f9470";
preLVM = true;
allowDiscards = true;
}
];
}];
};
};

13
hosts/hera/borg.nix
View file

@ -1,6 +1,5 @@
{ config, ... }:
let
me = config.m-0.private.me;
let me = config.m-0.private.me;
in {
containers.borg = {
autoStart = true;
@ -11,10 +10,16 @@ in {
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = config.m-0.hosts.borg; prefixLength = 112; }];
ipv6.addresses = [{
address = config.m-0.hosts.borg;
prefixLength = 112;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = config.m-0.hosts.hera-intern; interface = "eth0"; };
defaultGateway6 = {
address = config.m-0.hosts.hera-intern;
interface = "eth0";
};
};
services = {

55
hosts/hera/cloud.nix
View file

@ -9,19 +9,28 @@ let
hostBridge = "bridge";
config = { pkgs, ... }: {
disabledModules = [ "services/web-apps/nextcloud.nix" ];
imports = [
../../system
./nextcloud.nix
];
imports = [ ../../system ./nextcloud.nix ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = v6; prefixLength = 112; }];
ipv4.addresses = [{ address = v4; prefixLength = 24; }];
ipv6.addresses = [{
address = v6;
prefixLength = 112;
}];
ipv4.addresses = [{
address = v4;
prefixLength = 24;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
defaultGateway6 = {
address = hosts.hera-intern;
interface = "eth0";
};
defaultGateway = {
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 ];
};
@ -58,9 +67,7 @@ let
};
};
redis = {
enable = true;
};
redis = { enable = true; };
postgresql = {
enable = true;
@ -88,9 +95,9 @@ let
password = cloud.adminpass;
url = "https://${hostname}/";
mode = "singlerun";
};});
in
"${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
};
});
in "${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
};
};
};
@ -100,10 +107,22 @@ let
in {
m-0.monitoring = [
{ name = "mathechor-cloud"; host = "mathechor-cloud:9100"; }
{ name = "mathechor-cloud-nginx"; host = "mathechor-cloud:9113"; }
{ name = "cloud"; host = "cloud:9100"; }
{ name = "cloud-nginx"; host = "cloud:9113"; }
{
name = "mathechor-cloud";
host = "mathechor-cloud:9100";
}
{
name = "mathechor-cloud-nginx";
host = "mathechor-cloud:9113";
}
{
name = "cloud";
host = "cloud:9100";
}
{
name = "cloud-nginx";
host = "cloud:9113";
}
];
containers = {
chor-cloud = nextcloud-container {

3
hosts/hera/configuration.nix
View file

@ -3,8 +3,7 @@
# You need pw-files for every configured user in ./secret/pw-useralias for login to work.
# dropbearkey -t rsa -f /etc/nixos/hosts/<hostname>/secret/boot_rsa
let
inherit (config.m-0.private) me;
let inherit (config.m-0.private) me;
in {
imports = [

18
hosts/hera/hardware-configuration.nix
View file

@ -4,27 +4,25 @@
{ config, lib, pkgs, ... }:
{
imports = [
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173";
fileSystems."/" = {
device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3D8A-20F0";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3D8A-20F0";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; }
];
[{ device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; }];
nix.maxJobs = lib.mkDefault 4;
}

10
hosts/hera/home.nix
View file

@ -1,11 +1,7 @@
{ pkgs, config, ... }:
{
{ pkgs, config, ... }: {
imports = [
../../home-manager
../../home-manager/on-my-machine.nix
./secret
];
imports =
[ ../../home-manager ../../home-manager/on-my-machine.nix ./secret ];
m-0 = {
hostName = "hera";

30
hosts/hera/mail.nix
View file

@ -2,8 +2,7 @@
let
certPath = "/var/lib/acme/hera.m-0.eu";
inherit (config.services.prometheus.exporters.node) firewallFilter;
in
{
in {
networking.firewall = {
allowedTCPPorts = [ 25 143 587 993 ];
extraCommands = ''
@ -15,19 +14,26 @@ networking.firewall = {
};
m-0.monitoring = [
{ name = "mail-server"; host = "hera-intern:9101"; }
{ name = "postfix"; host = "hera-intern:9154"; }
{ name = "dovecot"; host = "hera-intern:9166"; }
{
name = "mail-server";
host = "hera-intern:9101";
}
{
name = "postfix";
host = "hera-intern:9154";
}
{
name = "dovecot";
host = "hera-intern:9166";
}
];
containers.mail = {
bindMounts = { "${certPath}" = { hostPath = certPath; }; };
autoStart = true;
config = { pkgs, lib, ... }: {
imports = [
../../system
"${(import ../../nix/sources.nix).nixos-mailserver}"
];
imports =
[ ../../system "${(import ../../nix/sources.nix).nixos-mailserver}" ];
services.prometheus.exporters = {
node.port = 9101;
postfix = {
@ -44,8 +50,7 @@ containers.mail = {
};
systemd.services = {
atomail = {
script =
let
script = let
atomail = pkgs.fetchFromGitHub {
owner = "remko";
repo = "atomail";
@ -68,7 +73,8 @@ containers.mail = {
wantedBy = [ "multi-user.target" ];
};
};
services.postfix.networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
services.postfix.networks =
[ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
mailserver = {
enable = true;
enableImapSsl = true;

73
hosts/hera/matrix.nix
View file

@ -3,13 +3,18 @@ let
hostName = "matrix.maralorn.de";
inherit (config.m-0) hosts;
inherit (../../common/lib.nix) unstable;
in
{
in {
networking.firewall.allowedTCPPorts = [ 3478 8448 ];
m-0.monitoring = [
{ name = "matrix"; host = "matrix:9100"; }
{ name = "matrix-nginx"; host = "matrix:9113"; }
{
name = "matrix";
host = "matrix:9100";
}
{
name = "matrix-nginx";
host = "matrix:9113";
}
];
services.coturn = {
@ -27,17 +32,27 @@ containers.matrix = {
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [
../../system
];
imports = [ ../../system ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = hosts.matrix; prefixLength = 112; }];
ipv4.addresses = [{ address = hosts.matrix-intern-v4; prefixLength = 24; }];
ipv6.addresses = [{
address = hosts.matrix;
prefixLength = 112;
}];
ipv4.addresses = [{
address = hosts.matrix-intern-v4;
prefixLength = 24;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
defaultGateway6 = {
address = hosts.hera-intern;
interface = "eth0";
};
defaultGateway = {
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 8448 ];
};
m-0.riot = {
@ -56,11 +71,10 @@ containers.matrix = {
feature_lazyloading = "enable";
feature_room_breadcrumbs = "enable";
};
roomDirectory = {
servers = [ "matrix.org" "maralorn.de" ];
};
roomDirectory = { servers = [ "matrix.org" "maralorn.de" ]; };
branding = {
welcomeBackgroundUrl = "https://cloud.maralorn.de/apps/theming/image/background";
welcomeBackgroundUrl =
"https://cloud.maralorn.de/apps/theming/image/background";
};
};
};
@ -83,9 +97,7 @@ containers.matrix = {
};
# Postgres
postgresql = {
enable = true;
};
postgresql = { enable = true; };
# Synapse
matrix-synapse = {
@ -147,13 +159,31 @@ containers.matrix = {
{
port = 8448;
bind_address = "::";
resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
resources = [
{
compress = true;
names = [ "client" ];
}
{
compress = false;
names = [ "federation" ];
}
];
x_forwarded = false;
}
{
port = 8008;
bind_address = "::1";
resources = [ { compress = false; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
resources = [
{
compress = false;
names = [ "client" ];
}
{
compress = false;
names = [ "federation" ];
}
];
x_forwarded = true;
tls = false;
}
@ -164,7 +194,8 @@ containers.matrix = {
"${hostName}" = {
group = "matrix-synapse";
allowKeysForGroup = true;
postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
postRun =
"systemctl reload nginx.service; systemctl restart matrix-synapse.service";
};
};
};

64
hosts/hera/monitoring.nix
View file

@ -1,14 +1,18 @@
{ config, ... }:
let
inherit (config.m-0) hosts;
in
{
let inherit (config.m-0) hosts;
in {
services.prometheus.exporters.node = {
firewallFilter = "! -i ens18 -p tcp -m tcp --dport 9100";
};
m-0.monitoring = [
{ name = "hera"; host = "hera-intern:9100"; }
{ name = "monitoring-container"; host = "localhost:9100"; }
{
name = "hera";
host = "hera-intern:9100";
}
{
name = "monitoring-container";
host = "localhost:9100";
}
];
containers.monitoring = {
@ -16,23 +20,32 @@ containers.monitoring = {
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [
../../system
];
imports = [ ../../system ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = hosts.monitoring; prefixLength = 112; }];
ipv4.addresses = [{ address = hosts.monitoring-intern-v4; prefixLength = 24; }];
ipv6.addresses = [{
address = hosts.monitoring;
prefixLength = 112;
}];
ipv4.addresses = [{
address = hosts.monitoring-intern-v4;
prefixLength = 24;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
defaultGateway6 = {
address = hosts.hera-intern;
interface = "eth0";
};
defaultGateway = {
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 9090 9093 ];
};
services.prometheus = {
enable = true;
rules = [
''
rules = [''
ALERT node_down
IF (up{name!="apollo"} == 0)
FOR 5m
@ -123,17 +136,14 @@ containers.monitoring = {
summary="{{$labels.alias}}: Running out of swap soon.",
description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
}
''
];
scrapeConfigs = [
{
''];
scrapeConfigs = [{
job_name = "nodes";
static_configs = map (entry: {
targets = [ entry.host ];
labels = { "name" = entry.name; };
}) config.m-0.monitoring;
}
];
}];
alertmanagerURL = [ "http://localhost:9093" ];
alertmanager = {
enable = true;
@ -152,17 +162,13 @@ containers.monitoring = {
"repeat_interval" = "4h";
"receiver" = "team-admins";
};
"receivers" = [
{
"receivers" = [{
"name" = "team-admins";
"email_configs" = [
{
"email_configs" = [{
"to" = "malte.brandy@maralorn.de";
"send_resolved" = true;
}
];
}
];
}];
}];
};
};
exporters.node.enable = true;

35
hosts/hera/network.nix
View file

@ -2,17 +2,25 @@
let
inherit (config.m-0) hosts;
inherit (config.m-0.private) wireguard;
in
{
in {
networking = {
hostName = "hera";
interfaces.ens18 = {
proxyARP = true;
ipv4.addresses = [{ address = "213.136.94.190"; prefixLength = 24; }];
ipv6.addresses = [{ address = hosts.hera; prefixLength = 128; }];
ipv4.addresses = [{
address = "213.136.94.190";
prefixLength = 24;
}];
ipv6.addresses = [{
address = hosts.hera;
prefixLength = 128;
}];
};
defaultGateway = "213.136.94.1";
defaultGateway6 = { address = "fe80::1"; interface = "ens18"; };
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
firewall = {
extraCommands = ''
@ -22,12 +30,17 @@ networking = {
'';
};
bridges.bridge.interfaces = [ ];
interfaces.bridge = {
proxyARP = true;
ipv6.addresses = [{ address = hosts.hera-intern; prefixLength = 112; }];
ipv4.addresses = [{ address = "10.0.0.1"; prefixLength = 24; }];
ipv6.addresses = [{
address = hosts.hera-intern;
prefixLength = 112;
}];
ipv4.addresses = [{
address = "10.0.0.1";
prefixLength = 24;
}];
};
nat = {
enable = true;
@ -41,13 +54,11 @@ networking = {
ips = [ "${hosts.hera-wg}/112" ];
privateKeyFile = "/etc/nixos/hosts/hera/secret/wireguard-private";
listenPort = wireguard.port;
peers = [
{
peers = [{
publicKey = wireguard.pub.apollo;
allowedIPs = [ "${hosts.apollo-wg}/128" ];
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
}
];
}];
};
};
};

99
hosts/hera/nextcloud.nix
View file

@ -13,9 +13,12 @@ let
};
phpOptionsExtensions = ''
${optionalString cfg.caching.apcu "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
${optionalString cfg.caching.redis "extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
${optionalString cfg.caching.memcached "extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
${optionalString cfg.caching.apcu
"extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
${optionalString cfg.caching.redis
"extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
${optionalString cfg.caching.memcached
"extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
zend_extension = opcache.so
opcache.enable = 1
@ -57,7 +60,8 @@ in {
https = mkOption {
type = types.bool;
default = false;
description = "Enable if there is a TLS terminating proxy in front of nextcloud.";
description =
"Enable if there is a TLS terminating proxy in front of nextcloud.";
};
maxUploadSize = mkOption {
@ -277,18 +281,24 @@ in {
};
config = mkIf cfg.enable (mkMerge [
{ assertions = let acfg = cfg.config; in [
{ assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
{
assertions = let acfg = cfg.config;
in [
{
assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
message = "Please specify no more than one of dbpass or dbpassFile";
}
{ assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
{
assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
&& !(acfg.adminpass != null && acfg.adminpassFile != null));
message = "Please specify exactly one of adminpass or adminpassFile";
message =
"Please specify exactly one of adminpass or adminpassFile";
}
];
}
{ systemd.timers."nextcloud-cron" = {
{
systemd.timers."nextcloud-cron" = {
wantedBy = [ "timers.target" ];
timerConfig.OnBootSec = "5m";
timerConfig.OnUnitActiveSec = "15m";
@ -306,36 +316,56 @@ in {
],
'datadirectory' => '${cfg.home}/data',
'skeletondirectory' => '${cfg.skeletonDirectory}',
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
${
optionalString cfg.caching.apcu
"'memcache.local' => '\\OC\\Memcache\\APCu',"
}
'log_type' => 'syslog',
'log_level' => '${builtins.toString cfg.logLevel}',
${optionalString (cfg.config.overwriteProtocol != null) "'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"}
${
optionalString (cfg.config.overwriteProtocol != null)
"'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"
}
];
'';
occInstallCmd = let
c = cfg.config;
adminpass = if c.adminpassFile != null
then ''"$(<"${toString c.adminpassFile}")"''
else ''"${toString c.adminpass}"'';
dbpass = if c.dbpassFile != null
then ''"$(<"${toString c.dbpassFile}")"''
else if c.dbpass != null
then ''"${toString c.dbpass}"''
else null;
adminpass = if c.adminpassFile != null then
''"$(<"${toString c.adminpassFile}")"''
else
''"${toString c.adminpass}"'';
dbpass = if c.dbpassFile != null then
''"$(<"${toString c.dbpassFile}")"''
else if c.dbpass != null then
''"${toString c.dbpass}"''
else
null;
installFlags = concatStringsSep " \\\n "
(mapAttrsToList (k: v: "${k} ${toString v}") {
"--database" = ''"${c.dbtype}"'';
# The following attributes are optional depending on the type of
# database. Those that evaluate to null on the left hand side
# will be omitted.
${if c.dbname != null then "--database-name" else null} = ''"${c.dbname}"'';
${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"'';
${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"'';
${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"'';
${if (any (x: x != null) [c.dbpass c.dbpassFile])
then "--database-pass" else null} = dbpass;
${if c.dbtableprefix != null
then "--database-table-prefix" else null} = ''"${toString c.dbtableprefix}"'';
${if c.dbname != null then "--database-name" else null} =
''"${c.dbname}"'';
${if c.dbhost != null then "--database-host" else null} =
''"${c.dbhost}"'';
${if c.dbport != null then "--database-port" else null} =
''"${toString c.dbport}"'';
${if c.dbuser != null then "--database-user" else null} =
''"${c.dbuser}"'';
${
if (any (x: x != null) [ c.dbpass c.dbpassFile ]) then
"--database-pass"
else
null
} = dbpass;
${
if c.dbtableprefix != null then
"--database-table-prefix"
else
null
} = ''"${toString c.dbtableprefix}"'';
"--admin-user" = ''"${c.adminuser}"'';
"--admin-pass" = adminpass;
"--data-dir" = ''"${cfg.home}/data"'';
@ -344,8 +374,7 @@ in {
${occ}/bin/nextcloud-occ maintenance:install \
${installFlags}
'';
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0
(i: v: ''
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 (i: v: ''
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
${toString i} --value="${toString v}"
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
@ -377,7 +406,8 @@ in {
environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
serviceConfig.Type = "oneshot";
serviceConfig.User = "nextcloud";
serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php";
serviceConfig.ExecStart =
"${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php";
};
"nextcloud-update-plugins" = mkIf cfg.autoUpdateApps.enable {
serviceConfig.Type = "oneshot";
@ -388,8 +418,7 @@ in {
services.phpfpm = {
pools.nextcloud = let
phpAdminValues = (toKeyValue
(foldr (a: b: a // b) {}
phpAdminValues = (toKeyValue (foldr (a: b: a // b) { }
(mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; })
phpOptions)));
in {
@ -457,7 +486,8 @@ in {
priority = 300;
extraConfig = "deny all;";
};
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = {
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" =
{
priority = 500;
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi.conf;
@ -472,7 +502,8 @@ in {
fastcgi_read_timeout 120s;
'';
};
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig =
''
try_files $uri/ =404;
index index.php;
'';

BIN
hosts/hera/secret/default.nix
View file

Binary file not shown.

30
hosts/hera/web.nix
View file

@ -2,12 +2,17 @@
let
inherit (config.m-0) hosts;
certPath = "/var/lib/acme/hera.m-0.eu";
in
{
in {
networking.firewall.allowedTCPPorts = [ 80 443 ];
m-0.monitoring = [
{ name = "web"; host = "web:9100"; }
{ name = "web-nginx"; host = "web:9113"; }
{
name = "web";
host = "web:9100";
}
{
name = "web-nginx";
host = "web:9113";
}
];
services.sniproxy = {
enable = true;
@ -45,7 +50,12 @@ services.sniproxy = {
'';
};
containers.web = {
bindMounts = { "${certPath}" = { hostPath = certPath; isReadOnly = false; }; };
bindMounts = {
"${certPath}" = {
hostPath = certPath;
isReadOnly = false;
};
};
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
@ -53,10 +63,16 @@ containers.web = {
imports = [ ../../system ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = config.m-0.hosts.web; prefixLength = 112; }];
ipv6.addresses = [{
address = config.m-0.hosts.web;
prefixLength = 112;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = config.m-0.hosts.hera-intern; interface = "eth0"; };
defaultGateway6 = {
address = config.m-0.hosts.hera-intern;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 ];
};
m-0 = {

81
nix/sources.nix
View file

@ -1,44 +1,37 @@
# This file has been generated by Niv.
# A record, from name to path, of the third-party packages
with rec
{
pkgs =
if hasNixpkgsPath
then
if hasThisAsNixpkgsPath
then import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {}
else import <nixpkgs> {}
with rec {
pkgs = if hasNixpkgsPath then
if hasThisAsNixpkgsPath then
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; })
{ }
else
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {};
import <nixpkgs> { }
else
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; })
{ };
sources_nixpkgs =
if builtins.hasAttr "nixpkgs" sources
then sources.nixpkgs
else abort
''
sources_nixpkgs = if builtins.hasAttr "nixpkgs" sources then
sources.nixpkgs
else
abort ''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
# fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball =
{ url, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12" then
builtins_fetchTarball = { url, sha256 }@attrs:
let inherit (builtins) lessThan nixVersion fetchTarball;
in if lessThan nixVersion "1.12" then
fetchTarball { inherit url; }
else
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl =
{ url, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12" then
builtins_fetchurl = { url, sha256 }@attrs:
let inherit (builtins) lessThan nixVersion fetchurl;
in if lessThan nixVersion "1.12" then
fetchurl { inherit url; }
else
fetchurl attrs;
@ -48,14 +41,17 @@ with rec
fetchzip = { url, sha256 }@attrs: pkgs.fetchzip attrs;
hasNixpkgsPath = (builtins.tryEval <nixpkgs>).success;
hasThisAsNixpkgsPath =
(builtins.tryEval <nixpkgs>).success && <nixpkgs> == ./.;
hasThisAsNixpkgsPath = (builtins.tryEval <nixpkgs>).success && <nixpkgs>
== ./.;
sources = builtins.fromJSON (builtins.readFile ./sources.json);
mapAttrs = builtins.mapAttrs or
(f: set: with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)));
mapAttrs = builtins.mapAttrs or (f: set:
with builtins;
listToAttrs (map (attr: {
name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# borrowed from nixpkgs
functionArgs = f: f.__functionArgs or (builtins.functionArgs f);
@ -64,10 +60,11 @@ with rec
in f (auto // args);
getFetcher = spec:
let fetcherName =
if builtins.hasAttr "type" spec
then builtins.getAttr "type" spec
else "builtin-tarball";
let
fetcherName = if builtins.hasAttr "type" spec then
builtins.getAttr "type" spec
else
"builtin-tarball";
in builtins.getAttr fetcherName {
"tarball" = fetchzip;
"builtin-tarball" = builtins_fetchTarball;
@ -77,13 +74,9 @@ with rec
};
# NOTE: spec must _not_ have an "outPath" attribute
mapAttrs (_: spec:
if builtins.hasAttr "outPath" spec
then abort
"The values in sources.json should not have an 'outPath' attribute"
if builtins.hasAttr "outPath" spec then
abort "The values in sources.json should not have an 'outPath' attribute"
else if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec then
spec // { outPath = callFunctionWith spec (getFetcher spec) { }; }
else
if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec
then
spec //
{ outPath = callFunctionWith spec (getFetcher spec) { }; }
else spec
) sources
spec) sources

5
packages/eventd/default.nix
View file

@ -1,4 +1,7 @@
{ fetchFromGitHub, stdenv, ninja, meson, pkgconfig, glib, cairo, gdk_pixbuf, glib_networking, pango, libudev, xorg, libxslt, docbook_xml_xslt, git, libuuid, dbus, libsoup, docbook_xml_dtd_45, docbook5_xsl, gettext, autoconf, libtool, utillinux, libxkbcommon }:
{ fetchFromGitHub, stdenv, ninja, meson, pkgconfig, glib, cairo, gdk_pixbuf
, glib_networking, pango, libudev, xorg, libxslt, docbook_xml_xslt, git, libuuid
, dbus, libsoup, docbook_xml_dtd_45, docbook5_xsl, gettext, autoconf, libtool
, utillinux, libxkbcommon }:
stdenv.mkDerivation rec {
name = "eventd";
version = "d7c7ba59aa6b225b3e2b8aebdd853137c05d8445";

3
packages/jali/default.nix
View file

@ -1,5 +1,6 @@
{ aqbanking, python36Packages, fetchgit }:
with python36Packages; buildPythonApplication rec {
with python36Packages;
buildPythonApplication rec {
name = "${pname}-${version}";
pname = "jali";
doCheck = false;

2571
packages/tasktree/Cargo.nix
View file

File diff suppressed because it is too large Load diff

7
packages/tasktree/default.nix
View file

@ -1,11 +1,14 @@
{ pkgs, fetchFromGitHub, defaultCrateOverrides, makeDesktopItem, atk , pango, gnome3, cairo, gdk_pixbuf, glib, ... }:
{ pkgs, fetchFromGitHub, defaultCrateOverrides, makeDesktopItem, atk, pango
, gnome3, cairo, gdk_pixbuf, glib, ... }:
((pkgs.callPackage ./Cargo.nix { }).tasktree_0_1_0 { }).override {
crateOverrides = defaultCrateOverrides // {
atk-sys = attr: { buildInputs = [ atk ]; };
pango-sys = attr: { buildInputs = [ pango glib ]; };
gio = attr: { buildInputs = [ glib ]; };
gdk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango ]; };
gtk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango atk gnome3.gtk ]; };
gtk-sys = attr: {
buildInputs = [ gdk_pixbuf glib cairo pango atk gnome3.gtk ];
};
gdk = attr: { buildInputs = [ cairo gnome3.gtk gdk_pixbuf pango ]; };
gtk = attr: { buildInputs = [ cairo atk gnome3.gtk gdk_pixbuf pango ]; };
tasktree = attrs:

7
system/admin.nix
View file

@ -1,7 +1,6 @@
{ config, lib, ... }:
with lib;
let
me = config.m-0.private.me;
let me = config.m-0.private.me;
in {
users.users = {
"${me.user}" = {
@ -13,8 +12,6 @@ in {
openssh.authorizedKeys.keys = me.keys;
passwordFile = me.pw-file;
};
root = {
passwordFile = me.pw-file;
};
root = { passwordFile = me.pw-file; };
};
}

19
system/default.nix
View file

@ -15,23 +15,21 @@ in {
config = {
i18n = {
defaultLocale = "en_US.UTF-8";
};
i18n = { defaultLocale = "en_US.UTF-8"; };
time.timeZone = "Europe/Berlin";
networking = {
firewall.allowPing = true;
useDHCP = false;
hosts = lib.zipAttrs (lib.mapAttrsToList (host: ip: {"${ip}" = "${host} ${host}.m-0.eu";} ) config.m-0.hosts);
hosts = lib.zipAttrs
(lib.mapAttrsToList (host: ip: { "${ip}" = "${host} ${host}.m-0.eu"; })
config.m-0.hosts);
};
users = {
mutableUsers = false;
users.root = {
openssh.authorizedKeys.keys = me.keys;
};
users.root = { openssh.authorizedKeys.keys = me.keys; };
};
environment = {
@ -43,10 +41,11 @@ in {
};
};
nix = {
binaryCaches = [ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
binaryCachePublicKeys = [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
binaryCaches =
[ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
binaryCachePublicKeys =
[ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
nixPath = [ "/etc/nix-path" ];
};

45
system/fonts.nix
View file

@ -7,7 +7,8 @@
antialias = true;
cache32Bit = true;
defaultFonts = {
monospace = [ "Source Code Pro For Powerline" "Roboto Mono" "DejaVu Sans Mono" ];
monospace =
[ "Source Code Pro For Powerline" "Roboto Mono" "DejaVu Sans Mono" ];
sansSerif = [ "Roboto Regular" "DejaVu Sans" ];
serif = [ "Roboto Slab Regular" "DejaVu Serif" ];
};
@ -20,44 +21,22 @@
enableFontDir = true;
fonts = builtins.attrValues {
inherit (pkgs)
anonymousPro
arkpandora_ttf
caladea
carlito
comfortaa
comic-relief
crimson
dejavu_fonts
google-fonts
inconsolata
iosevka
liberationsansnarrow
liberation_ttf
libertine
mononoki
montserrat
nerdfonts
norwester-font
opensans-ttf
powerline-fonts
roboto
sampradaya
source-code-pro
source-sans-pro
source-serif-pro
tai-ahom
tempora_lgc
terminus_font
theano
ubuntu_font_family;
anonymousPro arkpandora_ttf caladea carlito comfortaa comic-relief
crimson dejavu_fonts google-fonts inconsolata iosevka
liberationsansnarrow liberation_ttf libertine mononoki montserrat
nerdfonts norwester-font opensans-ttf powerline-fonts roboto sampradaya
source-code-pro source-sans-pro source-serif-pro tai-ahom tempora_lgc
terminus_font theano ubuntu_font_family;
};
};
# create a cache of the font sources, often slow internet connections make it painful to
# re-download them after a few months
environment.etc = let
# fonts with src attributes
font_sources = map (v: v.src) (lib.filter (v: v ? src) config.fonts.fonts);
in builtins.listToAttrs (lib.imap0 (n: v: lib.nameValuePair "src-cache/fonts/${toString n}" { source = builtins.toPath v; }) font_sources);
in builtins.listToAttrs (lib.imap0 (n: v:
lib.nameValuePair "src-cache/fonts/${toString n}" {
source = builtins.toPath v;
}) font_sources);
}

27
system/git.nix
View file

@ -2,8 +2,10 @@
let
inherit (import ../common/lib.nix) writeHaskellScript haskellList;
me = config.m-0.private.me;
test-command = ["${pkgs.systemd}/bin/systemctl" "start" "test-and-bump-config.service"];
upgrade-command = ["${pkgs.systemd}/bin/systemctl" "start" "system-maintenance.service"];
test-command =
[ "${pkgs.systemd}/bin/systemctl" "start" "test-and-bump-config.service" ];
upgrade-command =
[ "${pkgs.systemd}/bin/systemctl" "start" "system-maintenance.service" ];
post-update = writeHaskellScript {
name = "post-update";
bins = [ pkgs.git pkgs.nix ];
@ -26,13 +28,22 @@ let
exe "sudo" ${haskellList upgrade-command};
writeOutput "Done";
'';
in
in {
users.users.git.linger =
true; # Frequent restarting of the systemd-user-unit leads to errors
security.sudo.extraRules = [{
commands = [
{
users.users.git.linger = true; # Frequent restarting of the systemd-user-unit leads to errors
security.sudo.extraRules = [ { commands = [
{ command = builtins.concatStringsSep " " test-command; options = [ "NOPASSWD" ]; }
{ command = builtins.concatStringsSep " " upgrade-command; options = [ "NOPASSWD" ]; }
]; users = [ "git" ]; } ];
command = builtins.concatStringsSep " " test-command;
options = [ "NOPASSWD" ];
}
{
command = builtins.concatStringsSep " " upgrade-command;
options = [ "NOPASSWD" ];
}
];
users = [ "git" ];
}];
services.gitolite = {
enable = true;
user = "git";

9
system/init_ssh.nix
View file

@ -1,11 +1,6 @@
{ config, pkgs, lib, ... }:
with lib;
{
options = {
m-0.server.initSSHKey = mkOption {
type = types.path;
};
};
with lib; {
options = { m-0.server.initSSHKey = mkOption { type = types.path; }; };
config = {
boot.initrd = {

6
system/modules/blog.nix
View file

@ -6,7 +6,8 @@ let
page = pkgs.stdenv.mkDerivation {
name = "blog.maralorn.de";
src = builtins.fetchGit "git@hera:blog";
buildInputs = [ (pkgs.python3.withPackages (ps: [ps.pelican ps.markdown])) ];
buildInputs =
[ (pkgs.python3.withPackages (ps: [ ps.pelican ps.markdown ])) ];
LC_ALL = "en_US.UTF-8";
LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
buildPhase = ''
@ -18,8 +19,7 @@ page = pkgs.stdenv.mkDerivation {
'';
};
in
{
in {
options = {
m-0.blog = {

7
system/modules/laptop.nix
View file

@ -5,8 +5,7 @@ let
me = config.m-0.private.me;
in
{
in {
options = {
m-0.laptop.enable = mkOption {
type = types.bool;
@ -14,9 +13,7 @@ in
};
};
config = mkIf config.m-0.laptop.enable {
networking = {
networkmanager.enable = true;
};
networking = { networkmanager.enable = true; };
i18n.consoleKeyMap = "neo";
sound.enable = true;

19
system/modules/loginctl-linger.nix
View file

@ -12,11 +12,14 @@ let
dataDir = "/var/lib/systemd/linger";
lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs config.users.users (n: u: u.linger)));
lingeringUsers = map (u: u.name)
(attrValues (flip filterAttrs config.users.users (n: u: u.linger)));
lingeringUsersFile = builtins.toFile "lingering-users"
(concatStrings (map (s: "${s}\n")
(sort (a: b: a < b) lingeringUsers))); # this sorting is important for `comm` to work correctly
lingeringUsersFile = builtins.toFile "lingering-users" (concatStrings (map
(s: ''
${s}
'') (sort (a: b: a < b)
lingeringUsers))); # this sorting is important for `comm` to work correctly
updateLingering = pkgs.writeScript "update-lingering" ''
# Stop when the system is not running, e.g. during nixos-install
@ -26,14 +29,10 @@ let
echo "$lingering" | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger
'';
in
{
in {
options = {
users.users = mkOption {
options = [{
linger = mkEnableOption "lingering for the user";
}];
options = [{ linger = mkEnableOption "lingering for the user"; }];
};
};

13
system/modules/mathechor.de.nix
View file

@ -17,8 +17,7 @@ page = pkgs.stdenv.mkDerivation {
'';
};
in
{
in {
options = {
m-0.mathechor-de = {
@ -26,9 +25,7 @@ options = {
type = types.bool;
default = false;
};
password = mkOption {
type = types.str;
};
password = mkOption { type = types.str; };
};
};
@ -46,7 +43,8 @@ config = mkIf config.m-0.mathechor-de.enable {
"/" = {
root = "${page}/public";
index = "index.html";
extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}";
extraConfig =
"location ~* .(otf)$ {add_header Access-Control-Allow-Origin *;}";
};
};
};
@ -60,7 +58,8 @@ config = mkIf config.m-0.mathechor-de.enable {
index = "index.html";
};
"/mathechor.ics" = {
proxyPass = "https://cloud.mathechor.de/remote.php/dav/public-calendars/nebsfFTzQKGSSsDc?export";
proxyPass =
"https://cloud.mathechor.de/remote.php/dav/public-calendars/nebsfFTzQKGSSsDc?export";
extraConfig = ''
proxy_ssl_name cloud.mathechor.de;
proxy_ssl_server_name on;

14
system/modules/riot.nix
View file

@ -1,10 +1,8 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.m-0.riot;
in
{
let cfg = config.m-0.riot;
in {
options = {
m-0.riot = {
@ -12,12 +10,8 @@ options = {
type = types.bool;
default = false;
};
hostname = mkOption {
type = types.str;
};
config = mkOption {
type = types.attrs;
};
hostname = mkOption { type = types.str; };
config = mkOption { type = types.attrs; };
};
};

11
system/server.nix
View file

@ -1,18 +1,21 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
imports = [ ./init_ssh.nix ];
config = {
systemd.services."system-maintenance" = {
startAt = "2:45";
environment.NIX_PATH = "/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
environment.NIX_PATH =
"/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
path = [ pkgs.git ];
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig = {
Type = "oneshot";
ExecStart = "${(import ./update-lib.nix config.system.build.nixos-rebuild).system-maintenance}/bin/system-maintenance";
ExecStart = "${
(import ./update-lib.nix
config.system.build.nixos-rebuild).system-maintenance
}/bin/system-maintenance";
};
};
};

19
system/standalone.nix
View file

@ -1,6 +1,5 @@
{ pkgs, config, lib, ... }:
with lib;
{
with lib; {
imports = [ ./admin.nix ];
@ -12,24 +11,20 @@ with lib;
mutableUsers = false;
};
security.sudo.extraConfig = "
Defaults timestamp_type=global, timestamp_timeout=15
";
security.sudo.extraConfig =
"\n Defaults timestamp_type=global, timestamp_timeout=15\n ";
services = {
sshd.enable = true;
};
services = { sshd.enable = true; };
nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
environment = {
# Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager
systemPackages = builtins.attrValues ({
inherit (import ./update-lib.nix config.system.build.nixos-rebuild) update-system system-maintenance;
inherit (import ./update-lib.nix config.system.build.nixos-rebuild)
update-system system-maintenance;
} // (import ../common/pkgs.nix).system-pkgs);
sessionVariables = {
TERMINFO = "/run/current-system/sw/share/terminfo";
};
sessionVariables = { TERMINFO = "/run/current-system/sw/share/terminfo"; };
};
programs = {

7
system/test-timer.nix
View file

@ -1,12 +1,13 @@
{ pkgs, config, lib, ... }:
{
{ pkgs, config, lib, ... }: {
systemd.services."test-and-bump-config" = {
startAt = "20:30";
path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
serviceConfig = {
Type = "oneshot";
WorkingDirectory = "/var/cache/gc-links";
ExecStart = "${(import ../common/test-lib.nix).test-and-bump-config}/bin/test-and-bump-config";
ExecStart = "${
(import ../common/test-lib.nix).test-and-bump-config
}/bin/test-and-bump-config";
};
};
}

17
system/update-lib.nix
View file

@ -1,13 +1,13 @@
nixos-rebuild:
let
pkgs = import <nixpkgs> { };
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path home-manager gcRetentionDays;
inherit (import ../common/lib.nix)
writeHaskellScript get-niv-path home-manager gcRetentionDays;
configPath = "/etc/nixos";
update-system = writeHaskellScript {
name = "update-system";
bins = [ get-niv-path nixos-rebuild ];
}
''
} ''
getNivPath = readTrim . get_niv_path "${configPath}/nix/sources.nix"
getNivAssign name = tag <$> getNivPath name
@ -18,15 +18,14 @@ let
args <- getArgs
nixos_rebuild (paths ++ ["switch"] ++ args)
'';
system-maintenance = writeHaskellScript
{ name = "system-maintenance"; bins = [ pkgs.nix pkgs.git update-system ];} ''
system-maintenance = writeHaskellScript {
name = "system-maintenance";
bins = [ pkgs.nix pkgs.git update-system ];
} ''
main = do
git "-C" "${configPath}" "pull"
update_system
nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d"
nix "optimise-store"
'';
in
{
inherit update-system system-maintenance;
}
in { inherit update-system system-maintenance; }