gebner/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: gebner:master
Branches Tags
gebner:master
gebner:mesa172test
..
compare: gebner:aaa2572293e1c4d4ff1ea3e04c47df92bb7e0d94
Branches Tags
gebner:master
gebner:mesa172test

2 Commits
master ... aaa2572293

Author SHA1 Message Date
Gabriel Ebner
aaa2572293 Move many packages to stable so that I can test mesa more easily 2017-10-07 21:28:43 +02:00
Gabriel Ebner
6494a1737a archachatina: use stable mesa drivers to prevent driver crash 2017-10-07 14:45:39 +02:00
61 changed files with 895 additions and 2473 deletions
Show Stats Expand all files Collapse all files

179
aplysia.nix
View File

@ -1,14 +1,9 @@
{ config, pkgs, ... }:
let
trnsmssnIface = "wg-trnsmssn";
in
{
imports =
[
/etc/nixos/hardware-configuration.nix
./common-headless.nix
./tailscale.nix
];
boot.supportedFilesystems = ["zfs"];
@ -31,31 +26,11 @@ in
hostId = "34a820f1";
};
users = {
users = {
gebner.extraGroups = [
"transmission"
"nilotica"
];
services.openssh.enable = true;
nilotica = {
group = "nilotica";
isNormalUser = true;
};
transmission = {
group = "transmission";
uid = config.ids.uids.transmission;
};
};
groups = {
nilotica = {};
transmission = {
gid = config.ids.gids.transmission;
};
};
users.extraUsers.gebner = {
isNormalUser = true;
extraGroups = ["wheel" "transmission"];
};
boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages;
@ -67,19 +42,11 @@ in
fsType = "zfs";
};
fileSystems."/boota".options = [ "nofail" ];
fileSystems."/bootb".options = [ "nofail" ];
fileSystems."/bootc".options = [ "nofail" ];
fileSystems."/bootd".options = [ "nofail" ];
fileSystems."/boote".options = [ "nofail" ];
fileSystems."/bootf".options = [ "nofail" ];
services.samba = {
enable = true;
extraConfig = ''
passdb backend = tdbsam
unix password sync = no
min protocol = NT1
'';
shares = {
export = {
@ -90,116 +57,26 @@ in
};
};
containers.trnsmssn =
let
homeDir = "/mnt/aplysia/torrents";
in rec {
config = {
services.transmission = {
enable = true;
settings = {
download-dir = homeDir;
incomplete-dir = homeDir;
speed-limit-down = 5000;
speed-limit-down-enabled = true;
speed-limit-up = 800;
speed-limit-up-enabled = true;
peer-port = 7455;
rpc-bind-address = localAddress;
rpc-whitelist-enabled = false;
};
};
networking.firewall = {
enable = true;
interfaces.${trnsmssnIface}.allowedTCPPorts = [
config.services.transmission.settings.peer-port
];
interfaces.eth0.allowedTCPPorts = [
9091
];
};
networking.nameservers = [ "193.138.218.74" ];
networking.interfaces.${trnsmssnIface} = {
ipv4.addresses = [ { address = "10.64.157.93"; prefixLength = 32; } ];
ipv6.addresses = [ { address = "fc00:bbbb:bbbb:bb01::1:9d5c"; prefixLength = 128; } ];
ipv4.routes = [
{ address = "0.0.0.0"; prefixLength = 1; }
{ address = "128.0.0.0"; prefixLength = 1; }
];
ipv6.routes = [ { address = "::"; prefixLength = 0; } ];
};
environment.systemPackages = with pkgs; [ wireguard-tools ];
};
privateNetwork = true;
interfaces = [ trnsmssnIface ];
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
autoStart = true;
bindMounts.${homeDir} = {
hostPath = homeDir;
isReadOnly = false;
};
};
networking.wireguard = {
services.transmission = {
enable = true;
interfaces.${trnsmssnIface} = {
privateKeyFile = "/etc/wgkeys/mullvad";
peers = [
{
allowedIPs = ["0.0.0.0/0" "::/0"];
publicKey = "5y66WShsFXqM5K7/4CPEGCWfk7PQyNhVBT2ILjbGm2I=";
endpoint = "se15-wireguard.mullvad.net:51820";
}
];
allowedIPsAsRoutes = false;
settings = {
download-dir = "/mnt/aplysia/torrents";
incomplete-dir = "/mnt/aplysia/torrents";
peer-port = 51413;
};
};
systemd.services."container@trnsmssn" = {
requires = [ "wireguard-${trnsmssnIface}.service" ];
after = [ "wireguard-${trnsmssnIface}.service" ];
};
networking.firewall = {
allowedTCPPorts = [
445 139 # samba
config.services.rsyncd.port
config.services.transmission.settings.peer-port
];
allowedUDPPorts = [
137 138 # samba
];
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts."transmission-proxy" = {
serverName = "localhost";
listen = [
{ addr = "localhost"; port = 9091; }
];
locations."/transmission/" = {
proxyPass = "http://192.168.100.11:9091";
proxyWebsockets = true;
};
};
};
environment.systemPackages = with pkgs; [
transmission
samba
@ -210,38 +87,4 @@ in
${pkgs.hdparm}/bin/hdparm -B127 -S100 /dev/sd{a,b,c,d,e,f}
'';
services.rsyncd = {
enable = true;
settings = {
lr_mobile = {
path = "/mnt/aplysia/fotos/lr_mobile";
"read only" = "yes";
};
};
};
systemd.services.backup-fotos = rec {
wants = [ "network.target" "mnt-aplysia.mount" ];
after = wants;
serviceConfig = {
User = "gebner";
Group = "users";
Type = "oneshot";
};
script = ''
${pkgs.rclone}/bin/rclone sync -v --update --use-server-modtime \
/mnt/aplysia/fotos/lightroom/ \
glacier:gebner-fotos-raw-backup/
'';
};
systemd.timers.backup-fotos = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "Mon,Fri 03:00";
Persistent = true;
};
};
}

96
archachatina.nix
View File

@ -3,20 +3,10 @@
{
imports =
[
/etc/nixos/hardware-configuration.nix
./common-headless.nix
# ./sway.nix
./i3.nix
./common.nix
./large-sw.nix
./uefi.nix
./fstrim.nix
# ./qemu-user.nix
./atmega.nix
./v4l2loopback.nix
./huion.nix
./rtl8761b.nix
./unstable-nix.nix
./nm-restart.nix
];
environment.etc."lvm/lvm.conf".text = ''
@ -24,61 +14,55 @@
issue_discards = 1
}
'';
boot.initrd.luks.devices = {
sda2_crypt = {
boot.initrd.luks.devices = [
{
name = "sda2_crypt";
device = "/dev/disk/by-uuid/2e2e2824-e357-4a75-bddc-8cf386cd0f53";
preLVM = true;
allowDiscards = true;
};
};
}
];
networking.hostName = "archachatina"; # Define your hostname.
networking.hostId = "cc7ea3ba";
hardware.cpu.intel.updateMicrocode = true;
networking.interfaces."enp3s0".wakeOnLan.enable = true;
# services.xserver.displayManager.defaultSession = pkgs.lib.mkForce "sway";
#
# users.extraUsers.presentation = {
# isNormalUser = true;
# extraGroups = [ "networkmanager" "audio" ];
# # shell = "${pkgs.zsh}/bin/zsh";
# shell = "/run/current-system/sw/bin/fish";
#
# password = if config.virtualisation != null then "" else null;
# };
services.wakeonlan.interfaces = [
{
interface = "enp3s0";
method = "magicpacket";
}
];
environment.systemPackages = with pkgs; [
beets
mediainfo
flac
piper
recoll
uvccapture
# libratbag
];
services.thermald.enable = true;
virtualisation.virtualbox.host = {
enable = true;
# enableExtensionPack = true;
};
# nixpkgs.config.allowUnfree = true;
virtualisation.docker.enable = true;
users.extraUsers.gebner.extraGroups = [ "docker" "libvirtd" ];
virtualisation.libvirtd = {
enable = true;
};
# virtualisation.virtualbox.host.enable = true;
# virtualisation.libvirtd.enable = true;
networking.firewall.checkReversePath = false;
fileSystems."/var/lib/libvirt/images/vaccaria" = {
device = "//vaccaria.htdf.gebner.org/export/tmp/vms";
fsType = "cifs";
options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/vaccaria"
"forceuid" "forcegid" "uid=0" "gid=0" ];
};
# fileSystems."/var/lib/libvirt/images/vaccaria" = {
# device = "//vaccaria.mtlaa.gebner.org/export/tmp/vms";
# fsType = "cifs";
# options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/vaccaria"
# "forceuid" "forcegid" "uid=0" "gid=0" ];
# };
hardware.opengl.extraPackages = with pkgs; [
rocm-opencl-icd
# rocm-runtime-ext
];
hardware.opengl.driSupport32Bit = true;
services.nix-serve = {
enable = true;
@ -88,7 +72,8 @@
services.openssh.forwardX11 = true;
# nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
# mesa_drivers = self.stable.mesa_drivers;
# mesa_drivers = self.mesaDarwinOr (
# let mo = self.mesa_noglu.override {
# llvmPackages = pkgs.llvmPackages_39;
@ -97,11 +82,9 @@
# };
# in mo.drivers
# );
# };
};
#boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages_latest;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages_5_8;
services.xserver = {
videoDrivers = [ "amdgpu" ];
@ -110,17 +93,6 @@
'';
};
services.postgresql = {
enable = true;
extraPlugins = [ pkgs.postgis ];
};
services.ratbagd.enable = true;
# virtualisation.anbox = {
# enable = true;
# };
system.stateVersion = "18.03";
services.transmission.enable = true;
}

13
atmega.nix
View File

@ -1,13 +0,0 @@
{ config, pkgs, ... }:
{
services.udev.extraRules =
let action = '' OWNER := "gebner" ''; in ''
# Atmel ATMega32U4
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff4", ${action}
# Atmel USBKEY AT90USB1287
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ffb", ${action}
# Atmel ATMega32U2
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff0", ${action}
'';
}

29
basic-tools.nix
View File

@ -6,8 +6,7 @@
# nox
wget
neovim
neovim-remote
# zsh
zsh
gitFull gitAndTools.hub tig
gnumake
m4
@ -18,45 +17,33 @@
pwgen
gcc
silver-searcher
ripgrep
fzf
tree
python
python3
python3Packages.ipython
lua
perl
gdb
bind nmap tcpdump (pkgs.inetutils or telnet)
usbutils
bind nmap tcpdump telnet
dstat
which
zip
file
unzip
elinks
links2
ctags
nix-prefetch-scripts
(pkgs.wireguard-tools or pkgs.wireguard or pkgs.hello)
nix-repl
jq
#b2sum
strace
ncdu
hyperfine
];
environment.variables.EDITOR = "${pkgs.neovim}/bin/nvim";
# programs.zsh = {
# enable = true;
# promptInit = "";
# };
programs.zsh = {
enable = true;
promptInit = "";
};
programs.bash = {
enableCompletion = true;
};
programs.fish = {
enable = true;
};
}

69
bluez-alsa.nix
View File

@ -1,69 +0,0 @@
{ stdenv, fetchFromGitHub, pkgconfig, autoreconfHook
, alsaLib, bluez, glib, sbc, dbus
# optional, but useful utils
, readline, libbsd, ncurses
# optional codecs
, aacSupport ? true, fdk_aac
# TODO: aptxSupport
}:
with stdenv.lib;
stdenv.mkDerivation rec {
pname = "bluez-alsa";
version = "3.0.0";
src = fetchFromGitHub {
owner = "Arkq";
repo = "bluez-alsa";
rev = "v${version}";
sha256 = "1jlsgxyqfhncfhx1sy3ry0dp6p95kd4agh7g2b7g51h0c4cv74h8";
};
nativeBuildInputs = [ pkgconfig autoreconfHook ];
buildInputs = [
alsaLib bluez glib sbc dbus
readline libbsd ncurses
]
++ optional aacSupport fdk_aac;
configureFlags = [
"--with-alsaplugindir=${placeholder "out"}/lib/alsa-lib"
"--with-dbusconfdir=${placeholder "out"}/share/dbus-1/system.d"
"--enable-rfcomm"
"--enable-hcitop"
"--enable-msbc"
]
++ optional aacSupport "--enable-aac";
meta = {
description = "Bluez 5 Bluetooth Audio ALSA Backend";
longDescription = ''
Bluez-ALSA (BlueALSA) is an ALSA backend for Bluez 5 audio interface.
Bluez-ALSA registers all Bluetooth devices with audio profiles in Bluez
under a virtual ALSA PCM device called `bluealsa` that supports both
playback and capture.
Some backstory: Bluez 5 removed built-in support for ALSA in favor of a
generic interface for 3rd party appliations. Thereafter, PulseAudio
implemented a backend for that interface and became the only way to get
Bluetooth audio with Bluez 5. Users prefering ALSA stayed on Bluez 4.
However, Bluez 4 eventually became deprecated.
This package is a rebirth of a direct interface between ALSA and Bluez 5,
that, unlike PulseAudio, provides KISS near-metal-like experience. It is
not possible to run BluezALSA and PulseAudio Bluetooth at the same time
due to limitations in Bluez, but it is possible to run PulseAudio over
BluezALSA if you disable `bluetooth-discover` and `bluez5-discover`
modules in PA and configure it to play/capture sound over `bluealsa` PCM.
'';
homepage = src.meta.homepage;
license = licenses.mit;
platforms = platforms.linux;
maintainers = [ maintainers.oxij maintainers.lheckemann ];
};
}

132
common-gui.nix
View File

@ -1,132 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./pipewire.nix
];
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [ fcitx5-mozc fcitx5-table-other fcitx5-m17n fcitx5-rime rime-data ];
};
fonts = {
enableDefaultFonts = false;
fontconfig = {
allowBitmaps = false;
};
fonts = with pkgs; [
# xorg.fontbhlucidatypewriter100dpi
# xorg.fontbhlucidatypewriter75dpi
# freefont_ttf
gyre-fonts # TrueType substitutes for standard PostScript fonts
# xorg.fontbh100dpi
# xorg.fontmiscmisc
# xorg.fontcursormisc
unifont
noto-fonts-emoji
noto-fonts-cjk
cantarell-fonts # from gnome3 module
merriweather
merriweather-sans
open-sans
# libertine # breaks 
dejavu_fonts
liberation_ttf
ubuntu_font_family
wqy_microhei
ipafont
ipaexfont
source-han-serif
source-han-sans
inconsolata
# iosevka
fira fira-mono fira-code
source-code-pro
stix-two
font-awesome_5
];
};
environment.systemPackages = with pkgs; [
(writeScriptBin "gsd-xsettings"
''
#!/bin/sh
exec ${gnome3.gnome-settings-daemon}/libexec/gsd-xsettings "$@"
'')
libinput
libnotify
gsettings-desktop-schemas
];
# prevent satanic torture
qt.platformTheme = "qt5ct";
hardware.uinput.enable = true;
users.extraUsers.gebner.extraGroups = [ "input" "tty" "audio" "video" "uinput" ];
services.dbus.packages = with pkgs; [ gcr ];
services.udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
# copied from gnome3 module
security.polkit.enable = true;
services.udisks2.enable = true;
services.accounts-daemon.enable = true;
services.geoclue2.enable = true;
services.gnome.at-spi2-core.enable = true;
services.gnome.gnome-keyring.enable = true;
services.gvfs.enable = true;
programs.seahorse.enable = true;
services.gnome.sushi.enable = true;
services.gnome.gnome-settings-daemon.enable = true;
services.telepathy.enable = true;
networking.networkmanager.enable = true;
services.upower.enable = config.powerManagement.enable;
programs.dconf.enable = true;
services.gnome.glib-networking.enable = true;
services.flatpak.enable = true;
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
# Needed for themes and backgrounds
environment.pathsToLink = [ "/share" ];
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
services.blueman.enable = true;
programs.gnupg = {
agent.enable = true;
agent.pinentryFlavor = "gnome3";
};
# https://github.com/NixOS/nixpkgs/pull/54083
environment.extraSetup = ''
if [ -d $out/share/gsettings-schemas/ ]; then
# Create the standard schemas directory
mkdir -p $out/share/glib-2.0/schemas
# symlink any schema files to the standard schema directory
for d in $out/share/gsettings-schemas/*; do
# Force symlink, in case there are duplicates
ln -fs $d/glib-2.0/schemas/*.xml $out/share/glib-2.0/schemas
done
# and compile them
if [ -w $out/share/glib-2.0/schemas ]; then
${pkgs.glib.dev}/bin/glib-compile-schemas $out/share/glib-2.0/schemas
fi
fi
'';
}

88
common-headless.nix
View File

@ -3,17 +3,16 @@
{
imports =
[
/etc/nixos/hardware-configuration.nix
./basic-tools.nix
./common-sw.nix
];
boot.kernelPackages = pkgs.linuxPackages_latest;
nix.settings = {
sandbox = true;
substituters = [ "https://cache.nixos.org" ];
trusted-substituters = [ "https://cache.nixos.org" ];
};
nix.useSandbox = true;
nix.binaryCaches = [ https://cache.nixos.org ];
nix.trustedBinaryCaches = [ https://cache.nixos.org ];
nix.extraOptions = ''
auto-optimise-store = true
binary-caches-parallel-connections = 10
@ -22,13 +21,13 @@
networking.networkmanager.enable = true;
networking.firewall.enable = true;
time.timeZone = "Europe/Amsterdam";
time.timeZone = "Europe/Vienna";
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
settings.PasswordAuthentication = false;
permitRootLogin = "no";
passwordAuthentication = false;
};
programs.ssh.startAgent = false;
@ -37,40 +36,16 @@
services.printing = {
enable = true;
browsing = true;
drivers = [ pkgs.hplip ];
drivers = [ pkgs.stable.hplip ];
};
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
virtualisation.containers.containersConf.settings = {
engine = {
cgroup_manager = "cgroupfs";
};
};
virtualisation.containers = {
registries.search = [ "docker.io" ];
};
virtualisation.lxd.enable = true;
virtualisation.lxd.recommendedSysctlSettings = true;
virtualisation.lxd.package = pkgs.lxd;
virtualisation.lxc.lxcfs.enable = true;
systemd.enableUnifiedCgroupHierarchy = pkgs.lib.mkForce true;
# services.colord.enable = true;
boot.kernel.sysctl = {
"kernel.perf_event_paranoid" = "0";
"kernel.kptr_restrict" = pkgs.lib.mkForce "0";
# IntelliJ
"fs.inotify.max_user_watches" = pkgs.lib.mkDefault 524288;
# undo lxd "recommendedSysctlSettings"
"kernel.dmesg_restrict" = pkgs.lib.mkForce 0;
"fs.inotify.max_user_watches" = 524288;
};
# gapt: `ulimit -n` was 256
@ -79,60 +54,31 @@
];
fileSystems."/mnt/vaccaria" = {
device = "//vaccaria.htdf.gebner.org/export";
device = "//vaccaria.mtlaa.gebner.org/export";
fsType = "cifs";
options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/vaccaria" "vers=1.0" ];
options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/vaccaria" "vers=1.0" ];
};
fileSystems."/mnt/aplysia" = {
device = "//aplysia.htdf.gebner.org/export";
device = "//aplysia.mtlaa.gebner.org/export";
fsType = "cifs";
options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/aplysia" "vers=1.0" ];
options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/aplysia" "vers=1.0" ];
};
fileSystems."/mnt/aruanus" = {
device = "//aruanus.htdf.gebner.org/export";
fsType = "cifs";
options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/aruanus" "vers=1.0" ];
options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/aruanus" "vers=1.0" ];
};
users.extraUsers.gebner = {
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"audio"
"transmission"
"lxd"
"libvirtd"
"vboxusers"
"wireshark"
];
extraGroups = [ "wheel" "networkmanager" "transmission" ];
# shell = "${pkgs.zsh}/bin/zsh";
shell = "/run/current-system/sw/bin/fish";
password = if config.virtualisation != null then "" else null;
};
users.groups = {
transmission = {
gid = config.ids.gids.transmission;
};
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
# LC_TIME = "en_GB.UTF-8";
# LC_PAPER = "de_AT.UTF-8";
};
supportedLocales = [ "all" ]; # https://github.com/NixOS/nixpkgs/pull/177318
};
system.fsPackages = with pkgs; [
ntfs3g
exfatprogs
];
system.fsPackages = [ pkgs.ntfs3g ];
}

131
common-sw.nix
View File

@ -1,111 +1,134 @@
{ config, pkgs, ... }:
{
imports = [
./fix-firefox.nix
];
environment.systemPackages = with pkgs.haskellPackages; with pkgs; [
gitg
gmpc
mpdevil
m4
(pkgs.openjdk or pkgs.openjdk14 or pkgs.openjdk12 or pkgs.openjdk11 or pkgs.openjdk10 or openjdk8)
subversion
openjdk8
sbt scala
ungoogled-chromium
# chromium
firefox
stable.chromium
qalculate-gtk
libqalculate
speedcrunch
viewnior
gnupg
(pass.withExtensions (ext: [ ext.pass-otp ]))
xclip pwgen
pass xclip pwgen
remmina
ledger
# hledger
# hledger-diff
hledger
hledger-diff
cmake ninja
bear
mpv
stable.wireshark-gtk
neomutt notmuch
stable.goldendict
patchelf
loc
tokei
bazaar
tokei loc
ripgrep
imagemagick
mercurial
(pkgs.man-pages or manpages)
dfeet
geoipWithDatabase
nix-index
alacritty
neovim-qt
clinfo
androidenv.platformTools # adb & fastboot
lm_sensors
hdparm
smartmontools
lsof
pdfpc
poppler_utils
# haskell dev
cabal2nix
cabal-install
# ghc-mod
# emacs
emacs
emacsPackages.cask
ghostscript # for auctex
aspell
(pkgs.nodejs_latest or pkgs.nodejs-12_x or pkgs.nodejs-11_x or pkgs.nodejs-10_x or nodejs-9_x)
nodejs
mediainfo
isync
mu
msmtp
vdirsyncer khard khal
rclone
duplicity
restic
magic-wormhole
linuxPackages.perf
qrencode zbar
veriT
minisat
picosat
glucose
prover9
eprover
vampire
metis-prover
spass
z3
cvc4
stable.cvc4
graphviz
open-wbo
# toysolver
] ++ (with aspellDicts; [ en de fr nl ])
++ (with gst_all_1; [ gstreamer gstreamer.dev
gst-plugins-bad gst-plugins-good gst-plugins-base gst-plugins-ugly ]);
oldstable.haskellPackages.tip-lib
emacsPackages.proofgeneral
oldstablePkgs # protect nixpkgs checkout from GC
stablePkgs
] ++ (with aspellDicts; [ en de fr nl ]);
nixpkgs.config.packageOverrides = pkgs: with pkgs; let
fetchNixPkgs = { rev, sha256 }:
fetchFromGitHub {
inherit sha256 rev;
owner = "NixOS";
repo = "nixpkgs-channels";
};
oldstablePkgs = fetchNixPkgs {
rev = "5237768d62a40236d24fafbd9f4f97f3227399ce";
sha256 = "1j707pwm6ll2cvmqvwfxxq21gd9q7l6s3vi3vc01jklplj2v20is";
};
stablePkgs = fetchNixPkgs {
rev = "19879836d10f64a10658d1e2a84fc54b090e2087";
sha256 = "1x41ch2mgzs85ivvyp3zqkbh4i0winjg69g5x0p3q7avgrhkl7ph";
};
in {
# idea-community-eap = pkgs.idea.idea-community.overrideDerivation (oldAttrs: rec {
# name = "idea-community-${version}";
# version = "2017.2.eap";
# src = pkgs.fetchurl {
# url = "https://download.jetbrains.com/idea/ideaIC-172.3544.6-no-jdk.tar.gz";
# sha256 = "72874a0393a6388b04353a359eea1d1242f59d6e7b96a4cf43c793602ac7ccdb";
# };
# });
idea-community-eap = pkgs.idea.idea-community;
# clion-eap = pkgs.idea.clion.overrideDerivation (oldAttrs: rec {
# name = "clion-${version}";
# version = "2017.1.eap";
# src = pkgs.fetchurl {
# url = "http://download.jetbrains.com/cpp/CLion-2017.1-RC.tar.gz";
# sha256 = "1rv9rcjv4kv39l9r4g5kqbd4y175301a6kr3js3szkjmhqd50qq3";
# };
# });
clion-eap = pkgs.idea.clion;
# neovim = pkgs.neovim.override {
# extraPythonPackages = [ pkgs.pythonPackages.websocket_client ];
# };
oldstablePkgs = oldstablePkgs;
oldstable = import oldstablePkgs {};
stablePkgs = stablePkgs;
stable = import stablePkgs {};
qutebrowser = pkgs.qutebrowser.override { withWebEngineDefault = true; };
};
nixpkgs.config.allowTexliveBuilds = true;
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfreePredicate = (pkg: true);
nixpkgs.config.android_sdk.accept_license = true;
programs.adb.enable = true;
users.extraUsers.gebner.extraGroups = [ "adbusers" ];
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
khal = pkgs.khal.overridePythonAttrs (_: { doCheck = false; });
};
}

10
common.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, pkgs, ... }:
{
imports =
[
./common-headless.nix
./i3.nix
];
}

101
decoysnail.nix
View File

@ -3,53 +3,18 @@
{
imports =
[
./common-headless.nix
# ./i3.nix
./sway.nix
./common.nix
./large-sw.nix
./uefi.nix
./fstrim.nix
./atmega.nix
./v4l2loopback.nix
./huion.nix
./nvim05.nix
./nm-restart.nix
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a16ae3f7-11df-47fc-a8df-f22c474ec1c1";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3C5C-049B";
fsType = "vfat";
};
#swapDevices = [
# { device = "/dev/disk/by-uuid/b7274abd-58a5-4acc-8481-30e105e94eec"; }
#];
nix.settings.max-jobs = pkgs.lib.mkDefault 6;
powerManagement.cpuFreqGovernor = pkgs.lib.mkDefault "powersave";
environment.etc."lvm/lvm.conf".text = ''
devices {
issue_discards = 1
}
'';
boot.initrd.luks.devices = {
sda_crypt = {
device = "/dev/disk/by-partuuid/00292928-0088-4887-9e5d-2f2eccb4816f";
boot.initrd.luks.devices = [
{
name = "sda2_crypt";
device = "/dev/disk/by-uuid/6c687d35-1b43-4799-b71c-a5b5c21b3e2a";
preLVM = true;
allowDiscards = true;
};
};
}
];
networking = {
hostName = "decoysnail";
@ -62,56 +27,14 @@
services.thermald.enable = true;
hardware.opengl = {
extraPackages = with pkgs; [ beignet ];
driSupport32Bit = true;
};
#services.avahi.nssmdns = true;
#services.nscd.enable = pkgs.lib.mkOverride 10 true;
services.openssh.forwardX11 = true;
system.stateVersion = "19.09";
networking.wireguard.interfaces.wg0 = {
ips = ["10.59.0.4/16"];
privateKeyFile = "/etc/wgkeys/decoysnail";
allowedIPsAsRoutes = true;
postSetup = ''
${pkgs.systemd}/bin/resolvectl domain wg0 '~htdf.gebner.org' '~mtlaa.gebner.org' '~ams.gebner.org'
${pkgs.systemd}/bin/resolvectl dns wg0 10.57.0.1
'';
peers = [{
publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
# endpoint = "mtlaa-gw.gebner.org:35869";
# endpoint = "84.112.114.160:35869";
endpoint = "127.0.0.1:35869";
persistentKeepalive = 25;
}];
};
systemd.services.wstunnel = {
path = [ pkgs.wstunnel ];
wantedBy = [ "wireguard-wg0.service" ];
after = [ "network.target" ];
script = ''
wstunnel -L 35869:htdf-gw.gebner.org:35869 -u wss://gebner.org
'';
};
services.resolved = {
domains = [];
virtualisation.docker = {
enable = true;
storageDriver = "overlay2";
};
users.extraUsers.gebner.extraGroups = [ "docker" ];
# services.xserver = {
# videoDrivers = [ "intel" ];
# };
hardware.opengl.driSupport32Bit = true;
fonts.fontconfig = {
subpixel.rgba = "none";
};
services.avahi.nssmdns = true;
}

102
euhadra.nix
View File

@ -1,16 +1,11 @@
{ config, pkgs, ... }:
let mpdStreamingPort = 8080; in
{
imports =
[
/etc/nixos/hardware-configuration.nix
./common-headless.nix
./sway.nix
./common.nix
./uefi.nix
./fstrim.nix
# ./nebula.nix
./tailscale.nix
];
environment.etc."lvm/lvm.conf".text = ''
@ -18,44 +13,27 @@ let mpdStreamingPort = 8080; in
issue_discards = 1
}
'';
boot.initrd.luks.devices = {
euhadra_crypt = {
boot.initrd.luks.devices = [
{
name = "euhadra_crypt";
device = "/dev/disk/by-uuid/328a9ede-0958-490b-8e82-62b06b839e21";
preLVM = true;
allowDiscards = true;
};
};
}
];
networking.hostName = "euhadra";
networking.hostId = "ddb5f0fd";
hardware.cpu.intel.updateMicrocode = true;
services.mpd = {
enable = true;
# network.listenAddress = "127.0.0.1";
musicDirectory = "/mnt/aplysia/music";
network.listenAddress = "any";
musicDirectory = "/mnt/vaccaria/music";
extraConfig = ''
bind_to_address "10.59.0.6"
bind_to_address "100.97.134.100"
# audio_output {
# type "alsa"
# name "dac"
# device "sysdefault:CARD=QAMP"
# }
audio_output {
type "pulse"
name "pulse"
server "127.0.0.1"
}
audio_output {
type "httpd"
name "http"
encoder "flac"
port "${toString mpdStreamingPort}"
type "alsa"
name "dac"
device "sysdefault:CARD=QAMP"
}
replaygain "auto"
@ -63,43 +41,9 @@ let mpdStreamingPort = 8080; in
'';
};
services.pipewire = {
config.pipewire-pulse = {
"pulse.properties"."server.address" = [
"unix:native"
"tcp:127.0.0.1:4713"
"tcp:100.97.134.100:4713"
];
};
};
networking.wireguard.interfaces.wg0 = {
ips = ["10.59.0.6/16"];
privateKeyFile = "/etc/wgkeys/euhadra";
allowedIPsAsRoutes = true;
postSetup = ''
${pkgs.systemd}/bin/resolvectl domain wg0 '~htdf.gebner.org' '~mtlaa.gebner.org' '~ams.gebner.org'
${pkgs.systemd}/bin/resolvectl dns wg0 10.58.0.1
'';
peers = [{
publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
endpoint = "htdf-gw.gebner.org:35869";
# endpoint = "80.109.29.104:35869";
# endpoint = "127.0.0.1:35869";
}];
};
# systemd.services.wireguard-wg0.wantedBy = pkgs.lib.mkOverride 10 [];
services.resolved = {
domains = [];
enable = true;
};
networking.firewall.allowedTCPPorts = [
config.services.mpd.network.port
4713 # pulseaudio
mpdStreamingPort # mpd streaming
];
environment.systemPackages = with pkgs; [ mpc_cli ];
@ -108,19 +52,15 @@ let mpdStreamingPort = 8080; in
nixpkgs.config.mpv.vaapiSupport = true;
# hardware.pulseaudio = {
# systemWide = true;
# zeroconf.publish.enable = true;
# tcp = {
# enable = true;
# anonymousClients.allowedIpRanges = [
# "127.0.0.1"
# "10.57.0.0/16"
# ];
# };
# };
hardware.pulseaudio = {
zeroconf.publish.enable = true;
tcp = {
enable = true;
anonymousClients.allowedIpRanges = [
"127.0.0.1"
"10.57.0.0/16"
];
};
};
system.stateVersion = "22.05";
time.timeZone = pkgs.lib.mkOverride 10 "US/Pacific";
}

37
fix-firefox.nix
View File

@ -1,37 +0,0 @@
{ config, pkgs, ... }:
# unreserve ctrl+w shortcuts
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
firefox-unwrapped = stdenv.mkDerivation {
inherit (firefox-unwrapped) name version;
nativeBuildInputs = [ unzip zip ];
buildCommand = ''
mkdir -p $out
cp -ra ${firefox-unwrapped}/. $out/.
chmod +w -R $out
sed -i "s|${firefox-unwrapped}|$out|g" $out/bin/firefox
j=$out/lib/firefox/browser/omni.ja
f=localization/en-US/browser/browserSets.ftl
mkdir browser
cd browser
# corrupt zip files??
unzip $j || true
patch $f <${./fix-firefox.patch}
rm $j
zip -0DXqr $j *
'';
inherit (firefox-unwrapped) meta;
passthru = {
inherit (firefox-unwrapped.passthru) version isFirefox3Like gtk
nspr gssSupport browserName ffmpegSupport gtk3 binaryName;
};
};
};
}

31
fix-firefox.patch
View File

@ -1,31 +0,0 @@
--- localization/en-US/browser/browserSets.ftl~ 2020-08-31 11:28:51.148881026 +0200
+++ localization/en-US/browser/browserSets.ftl 2020-08-31 19:07:11.687530527 +0200
@@ -9,16 +9,16 @@
.label = Zoom
window-new-shortcut =
- .key = N
+ .keycode = VK_F20
window-minimize-shortcut =
.key = M
close-shortcut =
- .key = W
+ .keycode = VK_F17
tab-new-shortcut =
- .key = T
+ .key = T
location-open-shortcut =
.key = L
@@ -185,7 +185,7 @@
## global menu.
quit-app-shortcut =
- .key = Q
+ .keycode = VK_F18
help-shortcut =
.key = ?

62
flake.lock
View File

@ -1,62 +0,0 @@
{
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1693158576,
"narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a999c1cc0c9eb2095729d5aa03e0d8f7ed256780",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs",
"utils": "utils"
}
},
"utils": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1638172912,
"narHash": "sha256-jxhQGNEsZTdop/Br3JPS+xmBf6t9cIWRzVZFxbT76Rw=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "166d6ebd9f0de03afc98060ac92cba9c71cfe550",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"ref": "v1.3.1",
"repo": "flake-utils-plus",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

35
flake.nix
View File

@ -1,35 +0,0 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1";
# neovim-overlay = {
# url = "github:nix-community/neovim-nightly-overlay";
# inputs.nixpkgs.follows = "nixpkgs";
# };
};
outputs = inputs@{ self, nixpkgs, utils, ... }: utils.lib.mkFlake {
inherit self inputs;
channels.nixpkgs.input = nixpkgs;
channels.nixpkgs.patches = [ ];
nix.generateRegistryFromInputs = true;
hostDefaults = {
modules = [
({ ... }: { nix.extraOptions = "warn-dirty = false"; })
];
};
hosts = {
petalius.modules = [ ./petalius.nix ];
flammea.modules = [ ./flammea.nix ];
decoysnail.modules = [ ./decoysnail.nix ];
};
};
}

195
flammea.nix
View File

@ -1,195 +0,0 @@
{ config, pkgs, ... }:
let mpdStreamingPort = 8080; in
{
imports =
[
./common-headless.nix
# ./sway.nix
# ./i3.nix
./gnome3.nix
./large-sw.nix
./uefi.nix
./fstrim.nix
# ./qemu-user.nix
./atmega.nix
./v4l2loopback.nix
./huion.nix
./spacenav.nix
./nvim05.nix
./nm-restart.nix
./tailscale.nix
];
hardware.enableRedistributableFirmware = true;
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [
"kvm-amd"
"zenpower"
];
boot.extraModulePackages = [ ];
boot.supportedFilesystems = [ "zfs" ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3b8c5c8a-fff2-49ba-98bd-ceb01d6d57c3";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1FA2-93AB";
fsType = "vfat";
};
swapDevices = [ ];
environment.etc."lvm/lvm.conf".text = ''
devices {
issue_discards = 1
}
'';
boot.initrd.luks.devices = {
nvme0n1p2_crypt = {
device = "/dev/disk/by-uuid/0fd33358-83dc-4acd-b6b8-0f079082367e";
preLVM = true;
allowDiscards = true;
};
};
networking.hostName = "flammea"; # Define your hostname.
networking.hostId = "390adc00";
hardware.cpu.amd.updateMicrocode = true;
networking.interfaces."enp42s0".wakeOnLan.enable = true;
# users.extraUsers.presentation = {
# isNormalUser = true;
# extraGroups = [ "networkmanager" "audio" ];
# # shell = "${pkgs.zsh}/bin/zsh";
# shell = "/run/current-system/sw/bin/fish";
#
# password = if config.virtualisation != null then "" else null;
# };
environment.systemPackages = with pkgs; [
beets
piper
ddcutil
ddcui
];
services.thermald.enable = true;
virtualisation.virtualbox.host = {
enable = true;
enableExtensionPack = true;
};
# nixpkgs.config.allowUnfree = true;
# virtualisation.libvirtd = {
# enable = true;
# };
# networking.firewall.checkReversePath = false;
# fileSystems."/var/lib/libvirt/images/vaccaria" = {
# device = "//vaccaria.htdf.gebner.org/export/tmp/vms";
# fsType = "cifs";
# options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/vaccaria"
# "forceuid" "forcegid" "uid=0" "gid=0" ];
# };
hardware.opengl.extraPackages = with pkgs; [
rocm-opencl-icd
rocm-runtime
];
# services.nix-serve = {
# enable = true;
# secretKeyFile = "/etc/nix-serve/secret.key";
# };
# networking.firewall.allowedTCPPorts = [ config.services.nix-serve.port ];
networking.firewall.trustedInterfaces = [ "tailscale0" ];
services.openssh.settings.X11Forwarding = true;
fileSystems."/mnt/aplysia".device = pkgs.lib.mkOverride 10 "//aplysia.auroch-boa.ts.net/export";
time.timeZone = pkgs.lib.mkOverride 10 "US/Pacific";
# nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
# mesa_drivers = self.mesaDarwinOr (
# let mo = self.mesa_noglu.override {
# llvmPackages = pkgs.llvmPackages_39;
# grsecEnabled = false;
# enableTextureFloats = true;
# };
# in mo.drivers
# );
# };
boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages_6_1;
# services.xserver = {
# videoDrivers = [ "amdgpu" ];
# deviceSection = ''
# Option "TearFree" "on"
# '';
# };
services.ratbagd.enable = true;
# virtualisation.anbox = {
# enable = true;
# };
services.udev.extraRules = ''
# allow admin use of i2c devices
ACTION=="add", KERNEL=="i2c-[0-9]*", GROUP="wheel", MODE="666"
'';
system.stateVersion = "22.11";
# services.mpd = {
# enable = true;
# # network.listenAddress = "127.0.0.1";
# # musicDirectory = "/mnt/aplysia/music";
# musicDirectory = "/home/gebner/Music";
# user = "gebner";
# extraConfig = ''
# bind_to_address "100.125.210.32"
#
# # audio_output {
# # type "alsa"
# # name "dac"
# # device "sysdefault:CARD=QAMP"
# # }
#
# audio_output {
# type "pulse"
# name "pulse"
# server "127.0.0.1"
# }
#
# audio_output {
# type "httpd"
# name "http"
# encoder "flac"
# port "${toString mpdStreamingPort}"
# }
#
# replaygain "auto"
# restore_paused "yes"
# '';
# };
#
# environment.etc."pipewire/pipewire-pulse.conf.d/listen.conf".text = ''
# pulse.properties = {
# server.address = [
# "unix:native"
# "tcp:127.0.0.1:4713"
# # "tcp:100.97.134.100:4713"
# ]
# }
# '';
}

78
freecad-asm3.nix
View File

@ -1,78 +0,0 @@
with import <nixpkgs> { }; let der =
{ stdenv, mkDerivation, fetchFromGitHub, fetchpatch, cmake, ninja, coin3d,
xercesc, ode, eigen, qtbase, qttools, qtwebengine, qtxmlpatterns, wrapQtAppsHook,
opencascade-occt, gts, hdf5, vtk, medfile, zlib, python3Packages, swig,
gfortran, libXmu, soqt, libf2c, libGLU, makeWrapper, pkgconfig, mpi ? null }:
let
pythonPackages = python3Packages;
in mkDerivation rec {
pname = "freecad-assembly3";
version = "08.18";
src = fetchFromGitHub {
owner = "realthunder";
repo = "FreeCAD";
rev = "04c80c99eee0f7d2f761bdc7d8b32c077adefdec";
sha256 = "1f40biy2gc16awb233lha77xabwf2p3jvzzjrp0lnsl2gk4l9w8h";
};
nativeBuildInputs = [
cmake
ninja
pkgconfig
pythonPackages.pyside2-tools
wrapQtAppsHook
];
buildInputs = [
cmake coin3d xercesc ode eigen opencascade-occt gts
zlib swig gfortran soqt libf2c makeWrapper mpi vtk hdf5 medfile
libGLU libXmu qtbase qttools qtwebengine qtxmlpatterns
] ++ (with pythonPackages; [
matplotlib pycollada shiboken2 pyside2 pyside2-tools pivy python boost
]);
cmakeFlags = [
"-DBUILD_QT5=ON"
"-DSHIBOKEN_INCLUDE_DIR=${pythonPackages.shiboken2}/include"
"-DSHIBOKEN_LIBRARY=Shiboken2::libshiboken"
("-DPYSIDE_INCLUDE_DIR=${pythonPackages.pyside2}/include"
+ ";${pythonPackages.pyside2}/include/PySide2/QtCore"
+ ";${pythonPackages.pyside2}/include/PySide2/QtWidgets"
+ ";${pythonPackages.pyside2}/include/PySide2/QtGui"
)
"-DPYSIDE_LIBRARY=PySide2::pyside2"
];
# This should work on both x86_64, and i686 linux
preBuild = ''
export NIX_LDFLAGS="-L${gfortran.cc}/lib64 -L${gfortran.cc}/lib $NIX_LDFLAGS";
'';
# Their main() removes PYTHONPATH=, and we rely on it.
preConfigure = ''
sed '/putenv("PYTHONPATH/d' -i src/Main/MainGui.cpp
qtWrapperArgs+=(--prefix PYTHONPATH : "$PYTHONPATH")
'';
qtWrapperArgs = [
"--set COIN_GL_NO_CURRENT_CONTEXT_CHECK 1"
];
postFixup = ''
mv $out/share/doc $out
'';
meta = with stdenv.lib; {
description = "General purpose Open Source 3D CAD/MCAD/CAx/CAE/PLM modeler";
homepage = "https://www.freecadweb.org/";
license = licenses.lgpl2Plus;
maintainers = with maintainers; [ viric gebner ];
platforms = platforms.linux;
};
}
; in libsForQt514.callPackage der { mpi = openmpi; }

2
fstrim.nix
View File

@ -8,7 +8,7 @@
Type = "oneshot";
};
script = "${pkgs.utillinux.bin}/bin/fstrim -v /";
script = "fstrim -v /";
startAt = "04:00";
};

108
gnome3.nix
View File

@ -1,106 +1,30 @@
{ config, pkgs, ... }:
{
imports = [
./pipewire.nix
];
i18n.inputMethod = {
enabled = "ibus";
ibus.engines = with pkgs.ibus-engines; [ mozc table-others m17n rime ];
};
programs.ibus.enable = true;
programs.ibus.plugins = [ pkgs.ibus-anthy pkgs.mozc ];
environment.systemPackages = with pkgs; [
gnome.gnome-tweaks
pavucontrol
paprefs
playerctl
xorg.xlsclients
gthumb
xlibs.xwininfo # for gnome maximus extension
unzip
gnome3.libgweather
];
hardware.pulseaudio.enable = false;
fonts = {
enableDefaultFonts = false;
fontconfig = {
allowBitmaps = false;
};
fonts = with pkgs; [
# xorg.fontbhlucidatypewriter100dpi
# xorg.fontbhlucidatypewriter75dpi
# freefont_ttf
gyre-fonts # TrueType substitutes for standard PostScript fonts
# xorg.fontbh100dpi
# xorg.fontmiscmisc
# xorg.fontcursormisc
unifont
noto-fonts-emoji
noto-fonts-cjk
cantarell-fonts # from gnome3 module
merriweather
merriweather-sans
open-sans
# libertine # breaks 
dejavu_fonts
liberation_ttf
ubuntu_font_family
wqy_microhei
ipafont
ipaexfont
source-han-serif
source-han-sans
inconsolata
iosevka
fira fira-mono fira-code
source-code-pro
stix-two
font-awesome_5
dejavu_fonts
ipafont
unifont
ubuntu_font_family
];
};
# prevent satanic torture
qt.platformTheme = "qt5ct";
hardware.uinput.enable = true;
users.extraUsers.gebner.extraGroups = [ "input" "tty" "audio" "video" "uinput" ];
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
services.blueman.enable = true;
programs.gnupg = {
agent.enable = true;
agent.pinentryFlavor = "gnome3";
};
services.xserver = {
enable = true;
# libinput.enable = true;
displayManager.gdm.enable = true;
# displayManager.defaultSession = "gnome";
desktopManager.gnome = {
enable = true;
};
};
# rust winit's wayland support is broken for input methods
environment.sessionVariables.WINIT_UNIX_BACKEND = "x11";
# services.xserver.enable = true;
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.displayManager.desktopManagerHandlesLidAndPower = false;
# services.xserver.layout = "us";
# services.xserver.xkbVariant = "altgr-intl";
# services.xserver.xkbOptions = "caps:ctrl_modifier";
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.displayManager.desktopManagerHandlesLidAndPower = false;
services.xserver.desktopManager.gnome3.enable = true;
services.xserver.layout = "us";
services.xserver.xkbVariant = "altgr-intl";
services.xserver.xkbOptions = "caps:ctrl_modifier";
}

10
huion.nix
View File

@ -1,10 +0,0 @@
{ config, pkgs, ... }:
{
services.xserver.digimend.enable = true;
services.udev.extraRules = ''
SUBSYSTEM=="input", ENV{ID_BUS}=="usb" ENV{ID_VENDOR_ID}=="256c", \
ATTRS{name}=="* Touch *", ENV{ID_INPUT.tags}="low_res_touch"
'';
}

121
i3.nix
View File

@ -1,43 +1,71 @@
{ config, pkgs, ... }:
{
imports = [
./common-gui.nix
];
# programs.ibus.enable = true;
# programs.ibus.plugins = [ pkgs.ibus-anthy pkgs.mozc ];
i18n.inputMethod = {
enabled = "fcitx";
fcitx.engines = with pkgs.fcitx-engines; [ mozc anthy table-other m17n ];
};
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs; with gnome3; [
i3
i3status
rofi
rofi-pass
pa_applet
feh
gnome3.gnome-keyring
gnome_keyring
networkmanagerapplet
gnome3.nautilus # in closure of gnome-terminal anyhow
pcmanfm
# colord
gnome_terminal
nautilus # in closure of gnome-terminal anyhow
colord
evince
arandr
xss-lock i3lock i3lock-color
xss-lock i3lock
xdotool
scrot
pavucontrol
pasystray
gnome3.dconf-editor
unclutter-xfixes
dunst
xorg.xev
dconf-editor
# gnome3 core packages
desktop-file-utils shared-mime-info
desktop_file_utils shared_mime_info
glib gtk3
glib-networking gvfs dconf
gnome3.gnome-settings-daemon
gnome-themes-extra gnome3.adwaita-icon-theme
hicolor-icon-theme
glib_networking gvfs dconf
gnome_settings_daemon
gnome_themes_standard defaultIconTheme
hicolor_icon_theme
];
fonts = {
enableDefaultFonts = false;
fonts = with pkgs; [
xorg.fontbhlucidatypewriter100dpi
xorg.fontbhlucidatypewriter75dpi
dejavu_fonts
freefont_ttf
gyre-fonts # TrueType substitutes for standard PostScript fonts
liberation_ttf
xorg.fontbh100dpi
xorg.fontmiscmisc
xorg.fontcursormisc
# unifont
wqy_microhei
inconsolata
dejavu_fonts
ipafont
ipaexfont
# unifont
ubuntu_font_family
source-code-pro
fira
stable.noto-fonts-emoji
cantarell_fonts # from gnome3 module
];
};
services.xserver = {
enable = true;
@ -47,21 +75,21 @@
# # slim.autoLogin = true;
lightdm.enable = true;
# startx.enable = true;
# sddm.enable = true;
defaultSession = "i3wm";
};
desktopManager = {
default = "i3wm";
xterm.enable = false;
session = [ {
name = "i3wm";
start = ''
export XDG_DATA_DIRS=/run/current-system/sw/share/''${XDG_DATA_DIRS:+:}$XDG_DATA_DIRS
export $(${pkgs.gnome3.gnome-keyring}/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh)
export XDG_CURRENT_DESKTOP=X-Generic
export $(${pkgs.gnome3.gnome_keyring}/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg)
export XDG_CURRENT_DESKTOP=GNOME
for m in xsettings; do
${pkgs.gnome3.gnome_settings_daemon}/libexec/gsd-$m &
done
i3 &
waitPID=$!
'';
@ -70,13 +98,48 @@
updateDbusEnvironment = true;
windowManager = {
default = "i3";
i3.enable = true;
};
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "caps:ctrl_modifier";
};
# services.dbus.socketActivated = true;
services.dbus.packages = with pkgs; [ dunst ];
systemd.packages = [ pkgs.dunst ];
services.dbus.packages = with pkgs; [ dunst gnome3.gcr ];
services.udev.packages = [ pkgs.gnome3.gnome_settings_daemon ];
# copied from gnome3 module
security.polkit.enable = true;
services.udisks2.enable = true;
services.accounts-daemon.enable = true;
services.geoclue2.enable = true;
services.gnome3.at-spi2-core.enable = true;
# services.gnome3.evolution-data-server.enable = true;
# services.gnome3.gnome-documents.enable = true;
services.gnome3.gnome-keyring.enable = true;
#services.gnome3.gnome-online-accounts.enable = true;
# services.gnome3.gnome-user-share.enable = true;
services.gnome3.gvfs.enable = true;
services.gnome3.seahorse.enable = true;
services.gnome3.sushi.enable = true;
# services.gnome3.tracker.enable = true;
services.telepathy.enable = true;
networking.networkmanager.enable = true;
services.upower.enable = config.powerManagement.enable;
hardware.bluetooth.enable = true;
# Needed for themes and backgrounds
environment.pathsToLink = [ "/share" ];
environment.variables.GIO_EXTRA_MODULES = with pkgs.gnome3; [
"${pkgs.lib.getLib dconf}/lib/gio/modules"
"${glib_networking.out}/lib/gio/modules"
"${gvfs}/lib/gio/modules" ];
hardware.pulseaudio = {
enable = true;
zeroconf.discovery.enable = true;
};
}

70
large-sw.nix
View File

@ -2,65 +2,35 @@
{
environment.systemPackages = with pkgs.haskellPackages; with pkgs; [
jetbrains.idea-community
# idea.clion
idea-community-eap
clion-eap
texlive.combined.scheme-full biber
gimp
inkscape
# jabref
libreoffice-fresh
# calibre
# goldendict
stable.gimp
stable.inkscape
jabref
stable.libreoffice-fresh
stable.calibre
xournal
xournalpp
# qutebrowser
open-wbo # only in 17.09+
vscode
clang
ccls
sumneko-lua-language-server
texlab
rnix-lsp
pyright
nodePackages.typescript-language-server
rust-analyzer
stack
# stack
stable.coq_8_6
elan
# coq
# emacsPackages.proofgeneral
# virtmanager
(if lib.hasAttr "curaPlugins" pkgs then
cura.override {
plugins = with curaPlugins; [ octoprint rawmouse ];
}
else cura)
openscad
freecad
calculix
meshlab
audacious
flac
clementine
uvccapture
yarn
gnome3.baobab
rustup
# cargo rustc
] ++ (with aspellDicts; [ en de fr nl ]);
programs.wireshark = {
enable = true;
package = pkgs.wireshark;
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
myemacs = emacs25.override {
withGTK2 = false;
withGTK3 = true;
withXwidgets = true;
};
};
hardware.opengl.driSupport32Bit = true;
}

46
mastus/blog.nix Normal file
View File

@ -0,0 +1,46 @@
{ config, pkgs, ... }:
{
services.nginx.httpConfig = ''
server {
listen [::]:443;
listen 443;
server_name gabrielebner.at www.gabrielebner.at 2b7e.org www.2b7e.org www.gebner.org;
ssl on;
ssl_certificate_key /var/lib/acme/gebner.org/key.pem;
ssl_certificate /var/lib/acme/gebner.org/fullchain.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
location / {
rewrite ^(.*) https://gebner.org$1 permanent;
}
}
server {
listen [::]:443;
listen 443;
server_name gebner.org;
ssl on;
ssl_certificate_key /var/lib/acme/gebner.org/key.pem;
ssl_certificate /var/lib/acme/gebner.org/fullchain.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
root /srv/www.gebner.org;
error_page 404 403 /pages/404.html;
}
'';
}

9
mastus/configuration.nix
View File

@ -6,18 +6,15 @@
/etc/nixos/hardware-configuration.nix
../basic-tools.nix
./backup.nix
./duplicity.nix
./mail.nix
./www.nix
./gitea.nix
./gogs.nix
./letsencrypt.nix
./website.nix
./wstunnel.nix
./blog.nix
./radicale.nix
# ./ttrss.nix
./ttrss.nix
./dns.nix
./nebula.nix
];
boot.loader.grub.enable = true;

8
mastus/dns.nix
View File

@ -9,7 +9,7 @@ let
IN AAAA 2a02:2770:3:0:21a:4aff:feac:bc0e
'';
timestamp = "1664458744";
timestamp = "1497294847";
heNsServers = ''
@ IN NS ns1.he.net.
@ -48,9 +48,9 @@ in
misuji ${misuji}
mastus ${mastus}
home-gw IN A 80.109.29.104
htdf-gw IN A 80.109.29.104
ams-gw IN A 82.217.167.76
home-gw IN A 80.109.2.154
htdf-gw IN A 80.109.2.154
mtlaa-gw IN A 84.112.114.160
@ ${mastus}
www IN CNAME mastus

7
mastus/duplicity.nix
View File

@ -1,7 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [ pkgs.duplicity ];
}

35
mastus/fts_xapian.nix
View File

@ -1,35 +0,0 @@
{ stdenv, fetchFromGitHub, autoconf, automake, pkg-config, dovecot, libtool, xapian, icu64, sqlite }:
stdenv.mkDerivation rec {
pname = "fts-xapian";
version = "1.3.2";
src = fetchFromGitHub {
owner = "grosjo";
repo = "fts-xapian";
rev = version;
sha256 = "12rgchx1ikwxbhdgychcfrhfnmx1rzl1l5zhmzchjkh44cwmpdbh";
};
buildInputs = [ dovecot xapian icu64 sqlite ];
nativeBuildInputs = [ autoconf automake libtool pkg-config ];
preConfigure = ''
export PANDOC=false
autoreconf -vi
'';
configureFlags = [
"--with-dovecot=${dovecot}/lib/dovecot"
"--without-dovecot-install-dirs"
"--with-moduledir=$(out)/lib/dovecot"
];
meta = with stdenv.lib; {
homepage = "https://github.com/grosjo/fts-xapian";
description = "Dovecot FTS plugin based on Xapian";
license = licenses.lgpl21;
maintainers = with maintainers; [ julm ];
platforms = platforms.unix;
};
}

77
mastus/gitblit.nix Normal file
View File

@ -0,0 +1,77 @@
{ config, pkgs, ... }:
let
gitblitWar = pkgs.fetchurl {
url = "http://dl.bintray.com/gitblit/releases/gitblit-1.6.2.war";
sha256 = "01gqarpwqbx1ix5zycfxw4172q5l8hhxvb7f92y3lz8l6x42l7i9";
};
gitHome = "/srv/git.gebner.org";
in
{
containers.gitblit = {
config = { config, pkgs, ... }: {
users.extraUsers.git = { home = gitHome; extraGroups = [ "git" ]; };
users.extraGroups.git = { };
systemd.services.createGitDir = {
wantedBy = [ "winstone-gitblit.service" ];
serviceConfig.Type = "oneshot";
script = ''
mkdir -p ${gitHome}
chown git:git -R ${gitHome}
'';
};
services.winstone.gitblit = {
user = "git";
group = "git";
warFile = "${gitblitWar}";
extraJavaOptions = [ "-DGITBLIT_HOME=${gitHome}" ];
};
};
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.101.10";
};
services.nginx.appendConfig = ''
http {
server {
listen [::]:80;
listen 80;
server_name git.gebner.org;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen [::]:443;
listen 443;
server_name git.gebner.org;
ssl on;
ssl_certificate_key /var/lib/acme/gebner.org/mastus.key;
ssl_certificate /var/lib/acme/gebner.org/git.cert;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://gitblit;
client_max_body_size 30M;
break;
}
}
upstream gitblit {
server 192.168.100.10:8080;
}
}
'';
}

42
mastus/gitea.nix
View File

@ -1,42 +0,0 @@
{ config, pkgs, ... }:
{
services.gitea = rec {
enable = true;
stateDir = "/srv/git.gebner.org";
appName = "Gabriel Ebner's git server";
domain = "git.gebner.org";
rootUrl = "https://git.gebner.org/";
httpPort = 8001;
cookieSecure = true;
log.level = "Info";
disableRegistration = true;
settings = {
picture = {
DISABLE_GRAVATAR = "false";
AVATAR_UPLOAD_PATH = "${stateDir}/data/avatars";
};
};
};
environment.systemPackages = [
(let cfg = config.services.gitea; in pkgs.writeScriptBin "gitea" ''
exec ${pkgs.sudo}/bin/sudo -u ${cfg.user} \
env GITEA_WORK_DIR=${cfg.stateDir} ${pkgs.gitea}/bin/gitea "$@"
'')
];
services.nginx = {
recommendedProxySettings = true;
virtualHosts."git.gebner.org" = {
forceSSL = true;
useACMEHost = "gebner.org";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.gitea.httpPort}";
extraConfig = ''
proxy_buffering off;
client_max_body_size 256M;
'';
};
};
};
}

156
mastus/gogs.nix
View File

@ -1,45 +1,125 @@
{ config, pkgs, ... }:
let
gitHome = "/srv/git.gebner.org";
gogs = pkgs.callPackage ../pkgs/gogs.nix { };
gogsPort = 8001;
gogsConfig = pkgs.writeText "gogs.ini" ''
APP_NAME = Gogs: Go Git Service
RUN_USER = git
RUN_MODE = prod
[database]
DB_TYPE = sqlite3
HOST = 127.0.0.1:3306
NAME = gogs
USER = root
PASSWD =
SSL_MODE = disable
PATH = ${gitHome}/data/gogs.db
[repository]
ROOT = ${gitHome}/gogs-repositories
[server]
DOMAIN = git.gebner.org
HTTP_PORT = ${toString gogsPort}
ROOT_URL = https://git.gebner.org/
DISABLE_SSH = false
SSH_PORT = 22
OFFLINE_MODE = true
[mailer]
ENABLED = false
[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
[picture]
DISABLE_GRAVATAR = false
AVATAR_UPLOAD_PATH = ${gitHome}/data/avatars
[session]
PROVIDER = file
[log]
ROOT_PATH = ${gitHome}/logs
MODE = file
LEVEL = Info
[security]
INSTALL_LOCK = true
'';
in
{
users.extraUsers.git = { home = config.services.gogs.stateDir; extraGroups = [ "git" ]; };
users.extraUsers.git = { home = gitHome; extraGroups = [ "git" ]; };
users.extraGroups.git = { };
services.gogs = rec {
enable = true;
stateDir = "/srv/git.gebner.org";
user = "git";
group = "git";
appName = "Gabriel Ebner's git server";
domain = "git.gebner.org";
rootUrl = "https://git.gebner.org/";
httpPort = 8001;
cookieSecure = true;
extraConfig = ''
[picture]
DISABLE_GRAVATAR = false
AVATAR_UPLOAD_PATH = ${stateDir}/data/avatars
[log]
ROOT_PATH = ${stateDir}/logs
MODE = file
LEVEL = Info
[service]
DISABLE_REGISTRATION = true
'';
};
services.nginx = {
recommendedProxySettings = true;
virtualHosts."git.gebner.org" = {
forceSSL = true;
useACMEHost = "gebner.org";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.gogs.httpPort}";
extraConfig = ''
proxy_buffering off;
client_max_body_size 30M;
'';
};
systemd.services.gogs = {
path = with pkgs; [ git openssh bash ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
Restart = "always";
User = "git";
Group = "git";
ExecStart = "${gogs}/gogs web -c ${gogsConfig}";
WorkingDirectory = gitHome;
};
};
services.nginx.httpConfig = ''
server {
listen [::]:80;
listen 80;
server_name git.gebner.org;
location /.well-known/acme-challenge {
default_type text/plain;
alias /var/lib/acme/www/.well-known/acme-challenge;
}
location / {
rewrite ^(.*) https://$host$1 permanent;
}
}
server {
listen [::]:443;
listen 443;
server_name git.gebner.org;
ssl on;
ssl_certificate_key /var/lib/acme/gebner.org/key.pem;
ssl_certificate /var/lib/acme/gebner.org/fullchain.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://gogs;
client_max_body_size 30M;
break;
}
}
upstream gogs {
server 127.0.0.1:${toString gogsPort};
}
'';
}

24
mastus/letsencrypt.nix
View File

@ -3,18 +3,18 @@
{
security.acme.certs = {
"gebner.org" = {
webroot = "/var/lib/acme/acme-challenge";
webroot = "/var/lib/acme/www";
email = "gebner@gebner.org";
extraDomainNames = [
"git.gebner.org"
"mail.gebner.org"
"gebner.org"
"www.gebner.org"
"gabrielebner.at"
"www.gabrielebner.at"
"2b7e.org"
"www.2b7e.org"
];
extraDomains = {
"git.gebner.org" = null;
"mail.gebner.org" = null;
"gebner.org" = null;
"www.gebner.org" = null;
"gabrielebner.at" = null;
"www.gabrielebner.at" = null;
"2b7e.org" = null;
"www.2b7e.org" = null;
};
postRun = ''
systemctl reload nginx
@ -26,6 +26,4 @@
};
};
security.acme.acceptTerms = true;
}

26
mastus/mail.nix
View File

@ -18,7 +18,6 @@
extraAliases = ''
ge: gebner
cutintro: gebner
gebne: gebner
'';
hostname = "mastus.gebner.org";
sslCert = "/var/lib/acme/gebner.org/fullchain.pem";
@ -68,6 +67,8 @@
sslServerCert = "/var/lib/acme/gebner.org/fullchain.pem";
sslServerKey = "/var/lib/acme/gebner.org-dovecot/key.pem";
extraConfig = ''
ssl_protocols = !SSLv2 !SSLv3
service auth {
unix_listener /var/lib/postfix/queue/private/auth {
mode = 0660
@ -75,30 +76,7 @@
group = postfix
}
}
# # use mailPlugins.globally.enable after nixos 20.09
# mail_plugins = fts fts_xapian
#
# plugin {
# plugin = fts fts_xapian
#
# fts = xapian
# fts_xapian = partial=2 full=20 attachments=1 verbose=0
#
# fts_autoindex = yes
# fts_enforced = yes
#
# fts_autoindex_exclude = Trash
# fts_autoindex_exclude2 = spam
# }
#
# default_vsz_limit = 0
#
# service indexer-worker {
# vsz_limit = 0
# }
'';
# modules = [ (pkgs.callPackage ./fts_xapian.nix {}) ];
};
systemd.services.dovecotSslKey = rec {
wantedBy = [ "dovecot2.service" ];

25
mastus/nebula.nix
View File

@ -1,25 +0,0 @@
{ config, pkgs, ... }:
let mastus = "37.252.120.145";
in {
services.nebula.networks.gabriel = {
enable = true;
ca = "/etc/nebula/gabriel/ca.crt";
cert = "/etc/nebula/gabriel/mastus.crt";
key = "/etc/nebula/gabriel/mastus.key";
isLighthouse = true;
staticHostMap = {
"192.168.18.36" = [ "${mastus}:4242" ];
};
firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
settings = {
serve_dns = true;
lighthouse.dns = { host = "192.168.18.36"; port = 5353; };
};
};
networking.firewall.allowedUDPPorts = [ 4242 ];
}

107
mastus/radicale.nix
View File

@ -5,56 +5,77 @@ in
{
services.radicale = {
enable = true;
package = pkgs.radicale3.overrideDerivation (_: {
#patches = [ ./radicale1249.patch ];
doCheck = false;
pytestCheckPhase = "true";
});
settings = {
server = {
hosts = "127.0.0.1:${toString radicalePort}";
ssl = false;
};
config = ''
[server]
hosts = 127.0.0.1:${toString radicalePort}
ssl = false
dns_lookup = false
storage = {
filesystem_folder = "/var/lib/radicale/collections";
};
[storage]
filesystem_folder = /var/lib/radicale/storage
auth = {
type = "htpasswd";
htpasswd_filename = "/var/lib/radicale/htpasswd";
htpasswd_encryption = "bcrypt";
};
[auth]
type = IMAP
rights = {
type = "owner_only";
};
};
[rights]
type = owner_only
'';
};
security.acme.certs."gebner.org".extraDomainNames = [ "radicale.gebner.org" ];
security.acme.certs."gebner.org".extraDomains."radicale.gebner.org" = null;
services.nginx = {
recommendedProxySettings = true;
virtualHosts."radicale.gebner.org" = {
forceSSL = true;
useACMEHost = "gebner.org";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString radicalePort}";
};
# Fake nextcloud api:
# https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/issues/1#note_857357
extraConfig = ''
rewrite ^/remote.php/carddav / redirect;
rewrite ^/remote.php/caldav / redirect;
services.nginx.httpConfig = ''
server {
listen [::]:80;
listen 80;
server_name radicale.gebner.org;
location /remote.php/webdav {
return 200;
}
'';
};
};
location /.well-known/acme-challenge {
default_type text/plain;
alias /var/lib/acme/www/.well-known/acme-challenge;
}
environment.systemPackages = with pkgs; [ apacheHttpd ];
location / {
rewrite ^(.*) https://$host$1 permanent;
}
}
server {
listen [::]:443;
listen 443;
server_name radicale.gebner.org;
ssl on;
ssl_certificate_key /var/lib/acme/gebner.org/key.pem;
ssl_certificate /var/lib/acme/gebner.org/fullchain.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
send_timeout 900;
proxy_pass http://radicale;
client_max_body_size 30M;
break;
}
}
upstream radicale {
server 127.0.0.1:${toString radicalePort};
}
'';
}

37
mastus/radicale1249.patch
View File

@ -1,37 +0,0 @@
diff --git a/radicale/app/propfind.py b/radicale/app/propfind.py
index 52d0b00..ee7cf28 100644
--- a/radicale/app/propfind.py
+++ b/radicale/app/propfind.py
@@ -350,8 +350,8 @@ class ApplicationPartPropfind(ApplicationBase):
permission = "r"
status = "read"
else:
- permission = ""
- status = "NO"
+ permission = "r"
+ status = "read"
logger.debug(
"%s has %s access to %s",
repr(user) if user else "anonymous user", status, target)
@@ -362,8 +362,8 @@ class ApplicationPartPropfind(ApplicationBase):
path: str, user: str) -> types.WSGIResponse:
"""Manage PROPFIND request."""
access = Access(self._rights, user, path)
- if not access.check("r"):
- return httputils.NOT_ALLOWED
+ #if not access.check("r"):
+ # return httputils.NOT_ALLOWED
try:
xml_content = self._read_xml_request_body(environ)
except RuntimeError as e:
@@ -380,8 +380,8 @@ class ApplicationPartPropfind(ApplicationBase):
item = next(items_iter, None)
if not item:
return httputils.NOT_FOUND
- if not access.check("r", item):
- return httputils.NOT_ALLOWED
+ #if not access.check("r", item):
+ # return httputils.NOT_ALLOWED
# put item back
items_iter = itertools.chain([item], items_iter)
allowed_items = self._collect_allowed_items(items_iter, user)

108
mastus/ttrss.nix
View File

@ -2,13 +2,7 @@
{
containers.ttrss = {
config = {
users.users.ttrss = {
group = "ttrss";
isSystemUser = true;
};
users.groups.ttrss = {};
users.users.tt_rss.isSystemUser = true;
users.extraUsers.ttrss = {};
services.postgresql = {
enable = true;
@ -25,7 +19,6 @@
user = "ttrss";
pool = "ttrss";
virtualHost = null;
database = {
type = "pgsql";
@ -39,21 +32,23 @@
};
services.phpfpm = {
pools = {
ttrss = {
user = "ttrss";
group = "ttrss";
settings = {
listen = "9000";
pm = "dynamic";
"pm.max_children" = 75;
"pm.start_servers" = 10;
"pm.min_spare_servers" = 5;
"pm.max_spare_servers" = 20;
"pm.max_requests" = 500;
catch_workers_output = 1;
};
};
extraConfig = ''
error_log = /var/log/phpfpm.log
log_level = notice
'';
poolConfigs = {
ttrss = ''
listen = 9000
user = ttrss
pm = dynamic
pm.max_children = 75
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 500
catch_workers_output = 1
'';
};
};
@ -68,28 +63,61 @@
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "ens3";
networking.nat.externalInterface = "enp0s3";
security.acme.certs."gebner.org".extraDomainNames = [ "reader.gebner.org" ];
security.acme.certs."gebner.org".extraDomains."reader.gebner.org" = null;
services.nginx = {
virtualHosts."reader.gebner.org" = {
forceSSL = true;
useACMEHost = "gebner.org";
locations."/" = {
root = "/var/lib/containers/ttrss/var/lib/tt-rss";
index = "index.php";
};
locations."/cache".extraConfig = "deny all;";
locations."= /config.php".extraConfig = "deny all;";
locations."~ \\.php$".extraConfig = ''
services.nginx.httpConfig = ''
server {
listen [::]:80;
listen 80;
server_name reader.gebner.org;
location /.well-known/acme-challenge {
default_type text/plain;
alias /var/lib/acme/www/.well-known/acme-challenge;
}
location / {
rewrite ^(.*) https://$host$1 permanent;
}
}
server {
listen [::]:443;
listen 443;
server_name reader.gebner.org;
ssl on;
ssl_certificate_key /var/lib/acme/gebner.org/key.pem;
ssl_certificate /var/lib/acme/gebner.org/fullchain.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
location / {
root /var/lib/containers/ttrss/var/lib/tt-rss;
index index.php;
}
location /cache {
deny all;
}
location = /config.php {
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 192.168.100.11:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/lib/tt-rss/$fastcgi_script_name;
include ${pkgs.nginx}/conf/fastcgi_params;
'';
};
};
}
}
'';
}

16
mastus/vmtest.nix
View File

@ -9,7 +9,7 @@ let
boot.enableContainers = true;
systemd.services.setupVM = rec {
wantedBy = [ "gitea.service" "dovecot2.service" "nginx.service" ];
wantedBy = [ "gogs.service" "dovecot2.service" "nginx.service" ];
before = wantedBy;
serviceConfig = {
Type = "oneshot";
@ -17,22 +17,14 @@ let
};
script = ''
mkdir -p /srv/git.gebner.org
chown gitea:gitea -R /srv/git.gebner.org
chown git:git -R /srv/git.gebner.org
'';
};
environment.systemPackages = with pkgs; [
elinks
carddav-util
fcgi
wstunnel
sqlite-interactive
];
security.acme.server = "http://localhost";
environment.systemPackages = with pkgs; [ elinks carddav-util fcgi ];
networking.extraHosts = ''
127.0.0.1 gebner.org www.gebner.org reader.gebner.org git.gebner.org mail.gebner.org radicale.gebner.org gabrielebner.at
127.0.0.1 gebner.org www.gebner.org reader.gebner.org git.gebner.org mail.gebner.org radicale.gebner.org
# disable letsencrypt
127.0.0.111 acme-v01.api.letsencrypt.org

33
mastus/website.nix
View File

@ -1,33 +0,0 @@
{ config, pkgs, ... }:
{
services.nginx = {
virtualHosts."gebner.org" = {
enableACME = true;
forceSSL = true;
root = "/srv/www.gebner.org";
extraConfig = ''
access_log /var/log/nginx/website_access.log;
error_page 404 403 /404.html;
location / {
try_files $uri $uri/ @not_found;
}
location @not_found {
try_files /404.cgi =404;
fastcgi_intercept_errors on;
fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
}
'';
};
};
services.fcgiwrap = {
enable = true;
user = "nobody";
group = "nogroup";
};
}

24
mastus/wstunnel.nix
View File

@ -1,24 +0,0 @@
{ config, pkgs, ... }:
let
port = 58613;
in
{
systemd.services.wstunnel = rec {
path = [ pkgs.wstunnel ];
wantedBy = [ "nginx.service" ];
after = [ "network.target" ];
script = ''
wstunnel --server --restrictTo=htdf-gw.gebner.org:35869 ws://localhost:${toString port}
'';
};
services.nginx.virtualHosts."gebner.org".locations = {
"/wstunnel/udp/htdf-gw.gebner.org/35869" = {
proxyWebsockets = true;
proxyPass = "http://localhost:${toString port}";
};
};
}

25
mastus/www.nix
View File

@ -16,18 +16,21 @@
services.nginx = {
enable = true;
httpConfig = ''
server {
listen [::]:80;
listen 80;
server_name _;
recommendedTlsSettings = true;
recommendedOptimisation = true;
location /.well-known/acme-challenge {
default_type text/plain;
alias /var/lib/acme/www/.well-known/acme-challenge;
}
sslDhparam = "/etc/nginx/dhparam.pem";
virtualHosts."_" = {
default = true;
addSSL = true;
useACMEHost = "gebner.org";
globalRedirect = "gebner.org";
};
location / {
rewrite ^(.*) https://gebner.org$1 permanent;
}
}
'';
};
}

147
murex.nix
View File

@ -1,147 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
/etc/nixos/hardware-configuration.nix
./basic-tools.nix
];
boot.loader.grub.enable = false;
boot.loader.raspberryPi = {
enable = true;
version = 3;
uboot.enable = true;
};
boot.kernelPackages = pkgs.linuxPackages_5_4;
boot.kernelParams = [
"cma=32M" # for virtual console, see https://nixos.wiki/wiki/NixOS_on_ARM
"console=tty0"
];
hardware.enableRedistributableFirmware = true;
# hardware.firmware = with pkgs; [
# (stdenv.mkDerivation {
# name = "broadcom-rpi3bplus-extra";
# src = fetchurl {
# url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/b518de4/brcm/brcmfmac43455-sdio.txt";
# sha256 = "0r4bvwkm3fx60bbpwd83zbjganjnffiq1jkaj0h20bwdj9ysawg9";
# };
# phases = [ "installPhase" ];
# installPhase = ''
# mkdir -p $out/lib/firmware/brcm
# cp $src $out/lib/firmware/brcm/brcmfmac43455-sdio.txt
# '';
# })
# ];
# networking.wireless.enable = true;
# networking.networkmanager.enable = true;
networking.wireless.iwd.enable = true;
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
networking.hostName = "murex";
#networking.hostId = "34a820f1";
time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [
raspberrypi-tools
];
users.extraUsers.gebner = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio" "dialout" ];
shell = pkgs.fish;
};
services.openssh = {
enable = true;
passwordAuthentication = false;
};
documentation.nixos.enable = false;
services.octoprint = {
enable = true;
plugins = ps: with ps; [
printtimegenius
touchui
# psucontrol
];
};
# systemd.services.setupGpioForRelais = rec {
# wantedBy = [ "octoprint.service" ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = "yes";
# };
# script = let gpio = toString (458 + 17); in ''
# if echo ${gpio} > /sys/class/gpio/export; then
# echo high > /sys/class/gpio/gpio${gpio}/direction
# fi
# chown octoprint:dialout /sys/class/gpio/gpio${gpio}/value
# '';
# };
users.users.${config.services.octoprint.user}.extraGroups = [
"dialout" # ttyUSB access
];
systemd.services.ethKernelPanicFix = rec {
wantedBy = [ "networking.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
# https://github.com/raspberrypi/linux/issues/2449
script = ''
${pkgs.ethtool}/bin/ethtool -K eth0 tx-tcp-segmentation off tx-tcp6-segmentation off
'';
};
services.mjpg-streamer = {
enable = true;
# inputPlugin = "input_uvc.so -r 1920x1080";
};
networking.firewall = {
enable = true;
allowedTCPPorts = [
# config.services.octoprint.port
# 5050 # mjpg-streamer
80
];
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts."murex.ams.gebner.org" = {
locations."/" = {
proxyPass = "http://localhost:${toString config.services.octoprint.port}";
proxyWebsockets = true;
# do not cache that octoprint is inaccessible on startup
extraConfig = ''
proxy_cache off;
proxy_set_header Accept-Encoding "*";
client_max_body_size 50M;
'';
};
locations."/webcam/".proxyPass = "http://localhost:5050/?action=stream";
locations."/webcampic/".proxyPass = "http://localhost:5050/?action=snapshot";
};
};
system.stateVersion = "20.09";
}

26
nebula.nix
View File

@ -1,26 +0,0 @@
{ config, pkgs, ... }:
let mastus = "37.252.120.145"; hostname = config.networking.hostName;
in {
services.nebula.networks.gabriel = {
enable = true;
ca = "/etc/nebula/gabriel/ca.crt";
cert = "/etc/nebula/gabriel/${hostname}.crt";
key = "/etc/nebula/gabriel/${hostname}.key";
listen.host = "[::]";
listen.port = 0; # dynamic ip
staticHostMap = {
"192.168.18.36" = [ "${mastus}:4242" ];
};
lighthouses = [
"192.168.18.36"
];
firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
};
networking.firewall.allowedUDPPorts = [ 4242 ];
}

9
nm-restart.nix
View File

@ -1,9 +0,0 @@
{ ... }:
{
systemd.services.NetworkManager.restartIfChanged = false;
systemd.services.NetworkManager-dispatcher.restartIfChanged = false;
systemd.services.NetworkManager-wait-online.restartIfChanged = false;
systemd.services.wpa_supplicant.restartIfChanged = false;
systemd.services.systemd-resolved.restartIfChanged = false;
}

21
nvim05.nix
View File

@ -1,21 +0,0 @@
{ config, inputs, ... }:
{
# nixpkgs.overlays = [ inputs.neovim-overlay.overlay ];
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
# neovim-unwrapped = neovim-unwrapped.overrideDerivation (orig: {
# patches = orig.patches ++ [ ];
# });
# neovim-qt-unwrapped = neovim-qt-unwrapped.overrideDerivation (_: {
# version = "0.2.17.9999";
# src = fetchFromGitHub {
# owner = "equalsraf";
# repo = "neovim-qt";
# rev = "67cc4e414a8e64a475e55230818fab0f78415634";
# sha256 = "sha256-3jYYY7T7L4rMsxIxJwY32izmlJKrrqbmU4DZ2Aow5uE=";
# };
# });
};
}

174
petalius.nix
View File

@ -3,73 +3,42 @@
{
imports =
[
./common-headless.nix
./sway.nix
# ./i3.nix
./common.nix
./large-sw.nix
./uefi.nix
./fstrim.nix
./atmega.nix
./v4l2loopback.nix
./huion.nix
./nvim05.nix
./nm-restart.nix
# ./nebula.nix
./tailscale.nix
];
hardware.enableRedistributableFirmware = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [
"kvm-intel"
"rmi_smbus"
"i2c_hid"
"psmouse"
];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/c87491ed-0dd6-4eb4-bef2-fe4c707e91f2";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/E526-BAB7";
fsType = "vfat";
};
swapDevices = [ ];
nix.settings.max-jobs = 4;
environment.etc."lvm/lvm.conf".text = ''
devices {
issue_discards = 1
}
'';
boot.initrd.luks.devices = {
nvme0n1p2 = {
boot.initrd.luks.devices = [
{
name = "nvme0n1p2";
device = "/dev/disk/by-uuid/5ca3d7ec-3f9e-4a08-8bc2-b26bfc3459c5";
preLVM = true;
allowDiscards = true;
};
};
}
];
# services.xserver = {
# dpi = 120;
#
# libinput.enable = true;
# config = ''
# Section "InputClass"
# Identifier "touchpad"
# Driver "libinput"
# MatchDevicePath "/dev/input/event*"
# MatchIsPointer "true"
# EndSection
# '';
#
# videoDrivers = [ "modesetting" ];
# useGlamor = true;
# };
services.xserver = {
dpi = 120;
libinput.enable = true;
config = ''
Section "InputClass"
Identifier "touchpad"
Driver "libinput"
MatchDevicePath "/dev/input/event*"
MatchIsPointer "true"
EndSection
'';
videoDrivers = [ "modesetting" ];
useGlamor = true;
};
programs.light.enable = true;
services.tlp.enable = true;
@ -77,34 +46,29 @@
networking.hostName = "petalius";
networking.hostId = "cf58caa9";
hardware.cpu.intel.updateMicrocode = true;
# systemd.services.ModemManager = {
# enable = true;
# wantedBy = [ "multi-user.target" ];
# };
systemd.services.ModemManager = {
enable = true;
wantedBy = [ "multi-user.target" ];
};
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
nixpkgs.config.packageOverrides = pkgs: rec {
};
# environment.systemPackages = with pkgs; [
# unison
# ];
environment.systemPackages = with pkgs; [
unison
];
users.extraUsers.gebner.extraGroups = [ "libvirtd" ];
virtualisation.libvirtd.enable = true;
virtualisation.docker = {
enable = true;
storageDriver = "overlay2";
};
users.extraUsers.gebner.extraGroups = [ "docker" ];
virtualisation.waydroid.enable = true;
#virtualisation.virtualbox.host.enable = true;
# virtualisation.virtualbox.host.enable = true;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages_5_4;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages_5_5;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages_4_19;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages;
boot.kernelPatches = [
# { patch = ./len0073.patch; name = "len0073"; }
];
@ -112,70 +76,14 @@
# "psmouse.synaptics_intertouch=1"
"psmouse.proto=imps"
];
boot.kernelModules = [
"rmi_smbus"
"i2c_hid"
"psmouse"
];
# time.timeZone = pkgs.lib.mkOverride 10 "Asia/Tokyo";
# time.timeZone = pkgs.lib.mkOverride 10 "Europe/London";
# time.timeZone = pkgs.lib.mkOverride 10 "Europe/Lisbon";
# time.timeZone = pkgs.lib.mkOverride 10 "US/Eastern";
time.timeZone = pkgs.lib.mkOverride 10 "US/Pacific";
#services.avahi.nssmdns = true;
system.stateVersion = "22.11";
networking.wireguard.interfaces.wg0 = {
ips = ["10.59.0.2/16"];
privateKeyFile = "/etc/wgkeys/petalius";
allowedIPsAsRoutes = true;
postSetup = ''
${pkgs.systemd}/bin/resolvectl domain wg0 '~htdf.gebner.org' '~mtlaa.gebner.org' '~ams.gebner.org'
${pkgs.systemd}/bin/resolvectl dns wg0 10.58.0.1
'';
peers = [{
publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
endpoint = "htdf-gw.gebner.org:35869";
# endpoint = "80.109.29.104:35869";
# endpoint = "127.0.0.1:35869";
}];
};
systemd.services.wireguard-wg0.wantedBy = pkgs.lib.mkOverride 10 [];
systemd.services.wstunnel = {
path = [ pkgs.wstunnel ];
wantedBy = [ "wireguard-wg0.service" ];
after = [ "network.target" ];
script = ''
wstunnel -L 35869:htdf-gw.gebner.org:35869 -u wss://gebner.org
'';
};
services.resolved = {
domains = [];
enable = true;
};
# environment.systemPackages = [
# (pkgs.callPackage ./bluez-alsa.nix {})
# ];
services.fwupd.enable = true;
users.extraUsers.gebner2 = {
isNormalUser = true;
extraGroups = [
"wheel"
# "networkmanager"
"audio"
# "transmission"
# "lxd"
# "libvirtd"
# "vboxusers"
# "wireshark"
"input" "tty" "audio" "video" "uinput"
];
# shell = "${pkgs.zsh}/bin/zsh";
shell = "/run/current-system/sw/bin/fish";
};
}

38
pipewire.nix
View File

@ -1,38 +0,0 @@
{ config, pkgs, ... }:
{
users.extraUsers.gebner.extraGroups = [ "bluetooth" ];
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# media-session.config.bluez-monitor.rules = [
# {
# # Matches all cards
# matches = [ { "device.name" = "~bluez_card.*"; } ];
# actions = {
# "update-props" = {
# "bluez5.reconnect-profiles" = [ "hfp_hf" "hsp_hs" "a2dp_sink" ];
# "bluez5.msbc-support" = true;
# };
# };
# }
# ];
};
environment.systemPackages = with pkgs; [
pulseaudio
alsaUtils
carla
qjackctl
pipewire.lib
helvum
];
}

32
pkgs/eclipse-5.nix
View File

@ -1,32 +0,0 @@
with import <nixpkgs> {};
stdenv.mkDerivation rec {
name = "eclipse-clp-${version}";
version = "5.10_147";
src = fetchurl {
url = "http://eclipseclp.org/Distribution/Old/${version}/src/eclipse_src.tgz";
sha256 = "1473b1byfjgygf80sqyjjl53pvybcyyr397w23f2gn64cv68f6qx";
};
# configureFlags = [ "--without-tcl" ];
preConfigure = ''
find -name Makefile.in | xargs sed -i "s,/bin/\(cp\|mv\|chmod\|pwd\),${coreutils}&,g"
sed -i "s,/bin/pwd,pwd,g;s,/usr/bin/ranlib,ranlib,g" RUNME
sed -i "s/-fforce-mem/-D_GNU_SOURCE/" configure
cp sepia/include/*.h icparc_solvers/
'';
postConfigure = ''
ln -s Makefile.*_* Makefile # rename Makefile.x86_64_linux
'';
postInstall = ''
# eclipse puts files in bin/x86_64_linux...
mv $out/bin/*/* $out/bin/
rmdir $out/bin/*/
'';
buildInputs = [ tcl-8_5 gmp ];
# tcltk, java, mysqlclient, latex
}

21
pkgs/gogs.nix Normal file
View File

@ -0,0 +1,21 @@
{ nixpkgs ? import <nixpkgs> {} }: with nixpkgs;
stdenv.mkDerivation rec {
name = "gogs-${version}";
version = "0.9.48";
src = fetchzip {
url = "https://github.com/gogits/gogs/releases/download/v${version}/linux_amd64.zip";
sha256 = "1z00lqcz7nwbyavs1mwgsr9zjnqrjjmqvxy43p8gap768y45pvlb";
};
buildPhase = ''
patchelf \
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath ${pam}/lib \
gogs
'';
installPhase = ''
cp -ra ./ $out/
'';
}

6
pkgs/yourkit.nix
View File

@ -1,11 +1,11 @@
with import <nixpkgs> {};
stdenv.mkDerivation rec {
name = "yjp-${version}";
version = "2017.02-b75";
version = "2017.02-b53";
src = fetchurl {
url = "https://www.yourkit.com/download/YourKit-JavaProfiler-${version}.zip";
sha256 = "0m0xjyp2plwpfgy2fps86k3cqv49268s4piasyszc00gf5n5cban";
url = "https://www.yourkit.com/download/${name}.zip";
sha256 = "0ms1pq5badk6wb468s6kxqb2c9ll1sbjz2p61sdbpjp59a1sv2gx";
};
nativeBuildInputs = [ unzip makeWrapper patchelf ];

31
pulseaudio.nix
View File

@ -1,31 +0,0 @@
{ config, pkgs, ... }:
{
hardware.pulseaudio = {
enable = true;
zeroconf.discovery.enable = true;
daemon.config = {
flat-volumes = "no";
avoid-resampling = "yes";
resample-method = "speex-float-10";
default-sample-format = "s32le";
default-sample-rate = "96000";
};
# package = pkgs.pulseaudio-hsphfpd;
package = pkgs.pulseaudioFull;
extraModules = [ pkgs.pulseaudio-modules-bt ];
};
# hardware.bluetooth.hsphfpd.enable = true;
users.extraUsers.gebner.extraGroups = [ "bluetooth" ];
services.pipewire = {
enable = true;
};
# causes recompilation
# nixpkgs.config.pulseaudio = true;
}

29
qemu-user.nix
View File

@ -1,29 +0,0 @@
{ config, pkgs, lib, ... }:
let
arm = {
interpreter = "${pkgs.qemu}/bin/qemu-arm";
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
aarch64 = {
interpreter = "${pkgs.qemu}/bin/qemu-aarch64";
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
riscv64 = {
interpreter = "${pkgs.qemu}/bin/qemu-riscv64";
magicOrExtension = ''\x7fELF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
in {
boot.binfmt.registrations = {
inherit arm;
inherit aarch64;
inherit riscv64;
};
nix.extraOptions = ''
extra-platforms = armv6l-linux armv7l-linux aarch64-linux riscv64-linux i686-linux
'';
nix.sandboxPaths = [ "/run/binfmt" "${pkgs.qemu}" ];
}

16
remote-ssh-install-cd.nix
View File

@ -1,16 +0,0 @@
with import <nixpkgs> {};
(pkgs.nixos ({ config, pkgs, ... }: {
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
];
networking.hostName = "nixos-install";
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmLT+dRGdvDQS/1+34f86Dr62UUUCyoBoQDa3Keyy0oMQqdgWK+4qIVOzvKKn2/nZ7rbNDXEnZ1wJ2+BvQ8V1QAl7I6GvkLJifZpztZ9B0o8t6fnGRMoi3BXu2cdb+HBvKvTZH0A+WU/OEwc4HF/+o2DyrTytYNucBgWaIUGZDw4RzUfoAurQ827Eslrz34qRaEk/Q+BGE2G8bDzrEHmf2wR6apuA7mF0961CNq09DNtYUTuxnqWVuzg1yOFQ0e8K4NzjqvRoproK3472/6Wifg20V7CoKE/81IocfVCuCvLuUyyQ6HHlq7MmJowCZzGs6L7SmXOMeponUTSZ1ivZ9 gebner@archachatina"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9n0cCLVTBg8IhXvonlNU3kJ5ScOVzoHdnXaffVAq+UihNQYayDtLlFetYD4RvjAgoxb8xkLKM0PWjYJicVntuPz0GhHVKlZeWIqgDG+Ec8w+7PI2Fc2WF1fLatTRBH7lwDMd7eEhPLPY5FVfqTtvEAL6aIV9uzJ0coHeh1GPp6YQ9kgobuGTxpa0r8wtd/7Q7uKkkuxfqZW6Aig56xohNYHkcI2LAJgv5e4Cim1GR/2kXY4EHfxPfxAhzx0ZIxRdp0kAmkLHEbeEUASs1kd6n/5XtmJgjl9605QrCXrKXQXf+czTbjKu5isOimFdKlXwLZYVaZd1iPPvzSNcYhMat gebner@petalius"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMTO3cgQHCgHEBK8SeHJ+Nh/pNHCBASw04VCnuVBv9EW1gApGLx4K1F1nsS/TJR9N+ayxADbAfKOTyJ5Dj6AyG16im8UM1or+GMpkXeY+t9HbFt7aHt8Ogn3P4G7VZyEwTvTEifNjmCrIdaAFnDztBoGMo0oR8MT+ry58byiMH5tIlt8yKsYdE5M1UzAyrwbTmAf8N3WxgQQv1wTvIET9+OrcY4Pw1z55Tft44ZdvQDghCRTUHz9kGpHSlOXYxa0ht+pPRLiufbsAvs5Ue+TwQmVVuAHbGn+tNrBlvYPjuNHCfiXXcGiBqNVNaWb28DCCCuchzpu9hAUXr8MbQuOnH gebner@decoysnail"
];
})).isoImage

27
rtl8761b.nix
View File

@ -1,27 +0,0 @@
{ config, pkgs, ... }:
{
hardware.firmware = with pkgs; [ (stdenv.mkDerivation rec {
name = "rtl8761b-fw";
fw = fetchurl {
url = "https://github.com/Realtek-OpenSource/android_hardware_realtek/raw/e58b611f34f2f5ff57bb0d8cdf1b2e4751e3ccbd/bt/rtkbt/Firmware/BT/rtl8761b_fw";
sha256 = "0b59a1f2422c006837c4b5e46b59d49bfdbca1defb958adbbc0d57ebdc19cc82";
};
config = fetchurl {
url = "https://github.com/Realtek-OpenSource/android_hardware_realtek/raw/e58b611f34f2f5ff57bb0d8cdf1b2e4751e3ccbd/bt/rtkbt/Firmware/BT/rtl8761b_config";
sha256 = "aa86a092ee58e96256331d5c28c199ceaadec434460e98e7dea20e411e1aa570";
};
unpackPhase = ":";
buildPhase = ''
dn=$out/lib/firmware
mkdir -p $dn/rtl_bt
ln -s ${fw} $dn/rtl_bt/rtl8761b_fw.bin
ln -s ${config} $dn/rtl_bt/rtl8761b_config.bin
'';
installPhase = ":";
}) ];
}

22
spacenav.nix
View File

@ -1,22 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
spnavcfg
];
hardware.spacenavd.enable = true;
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
spacenavd = spacenavd.overrideDerivation (_: {
patches = spacenavd.patches ++ [
(fetchpatch {
url = "https://github.com/FreeSpacenav/spacenavd/commit/fbf9019470f2511d24a368e2c9113361b58483d5.patch";
sha256 = "1i98c3k4x8f35kpfp4b9xcwgq45mdjab2frp8c2jl6y62fs84d6j";
})
];
});
};
}

84
sway.nix
View File

@ -1,84 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./common-gui.nix
];
environment.systemPackages = with pkgs; [
i3status
(waybar.override { pulseSupport = true; })
rofi-wayland
ydotool
wtype
wl-clipboard
feh
gnome3.gnome-keyring
networkmanagerapplet
pcmanfm
evince
grim
mako
pavucontrol
paprefs
gnome3.dconf-editor
xdg_utils # for xdg-open
# gnome3 core packages
desktop-file-utils shared-mime-info
glib gtk3
glib-networking gvfs dconf
gnome-themes-extra gnome3.adwaita-icon-theme
hicolor-icon-theme
# for QT_QPA_PLATFORM=wayland
qt5.qtwayland
wdisplays
playerctl
xorg.xlsclients
];
# services.dbus.socketActivated = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
extraSessionCommands = ''
export SDL_VIDEODRIVER=wayland
# https://github.com/swaywm/sway/issues/4506
export QT_QPA_PLATFORM=xcb
# export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION=1
# Fix for some Java AWT applications (e.g. Android Studio),
# use this if they aren't displayed properly:
export _JAVA_AWT_WM_NONREPARENTING=1
# rust winit's wayland support is broken for input methods
export WINIT_UNIX_BACKEND=x11
export XDG_DATA_DIRS=/run/current-system/sw/share/''${XDG_DATA_DIRS:+:}$XDG_DATA_DIRS
export $(${pkgs.gnome3.gnome-keyring}/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg)
export XDG_CURRENT_DESKTOP=sway
'';
};
# services.xserver = {
# enable = true;
# libinput.enable = true;
# # displayManager.lightdm.enable = true;
# displayManager.defaultSession = "sway";
# };
services.dbus.packages = with pkgs; [ mako ];
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-wlr ];
}

9
tailscale.nix
View File

@ -1,9 +0,0 @@
{ config, pkgs, ... }: {
# make the tailscale command usable to users
environment.systemPackages = [ pkgs.tailscale ];
# enable the tailscale service
services.tailscale.enable = true;
networking.firewall.checkReversePath = "loose";
}

74
theba.nix Normal file
View File

@ -0,0 +1,74 @@
{ config, pkgs, ... }:
{
imports =
[
./common.nix
./large-sw.nix
./uefi.nix
./fstrim.nix
];
environment.etc."lvm/lvm.conf".text = ''
devices {
issue_discards = 1
}
'';
boot.initrd.luks.devices = [
{
name = "sda2_crypt";
device = "/dev/disk/by-uuid/a7482f34-1d7b-4181-9f3c-f6bbbdb8679d";
preLVM = true;
allowDiscards = true;
}
];
services.xserver = {
libinput.enable = true;
config = ''
Section "InputClass"
Identifier "touchpad"
Driver "libinput"
MatchDevicePath "/dev/input/event*"
MatchIsPointer "true"
EndSection
'';
videoDrivers = [ "modesetting" ];
useGlamor = true;
};
programs.light.enable = true;
services.tlp.enable = true;
networking.hostName = "theba"; # Define your hostname.
networking.hostId = "b29b900f";
# services.colord.enable = true;
systemd.services.ModemManager.enable = true;
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
nixpkgs.config.packageOverrides = pkgs: rec {
};
environment.systemPackages = with pkgs; [
unison
];
virtualisation.docker = {
enable = true;
storageDriver = "overlay2";
};
users.extraUsers.gebner.extraGroups = [ "docker" ];
# virtualisation.virtualbox.host.enable = true;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages;
# time.timeZone = pkgs.lib.mkOverride 10 "Europe/London";
services.avahi.nssmdns = true;
}

2
uefi.nix
View File

@ -4,4 +4,6 @@
# Use the gummiboot efi boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.kernelModules = [ "fbcon" ];
}

11
unstable-nix.nix
View File

@ -1,11 +0,0 @@
{ config, pkgs, ... }:
{
nix.package = pkgs.nixUnstable;
nix.extraOptions = ''
experimental-features = flakes nix-command
'';
}

10
v4l2loopback.nix
View File

@ -1,10 +0,0 @@
{ config, pkgs, ... }:
{
boot = {
kernelModules = [ "v4l2loopback" ];
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
};
}

75
vaccaria.nix
View File

@ -3,7 +3,6 @@
{
imports =
[
/etc/nixos/hardware-configuration.nix
./common-headless.nix
];
@ -16,7 +15,12 @@
hostId = "3d551a7c";
};
users.extraUsers.gebner.extraGroups = ["transmission"];
services.openssh.enable = true;
users.extraUsers.gebner = {
isNormalUser = true;
extraGroups = ["wheel" "transmission"];
};
boot.supportedFilesystems = ["zfs"];
boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages;
@ -28,21 +32,11 @@
fsType = "zfs";
};
fileSystems."/home/drebner" = pkgs.lib.mkOverride 10 {
device = "vaccaria/drebner";
fsType = "zfs";
};
users.extraUsers.drebner = {
isNormalUser = true;
};
services.samba = {
enable = true;
extraConfig = ''
passdb backend = tdbsam
unix password sync = no
min protocol = NT1
'';
shares = {
export = {
@ -50,11 +44,6 @@
"read only" = "no";
path = "/mnt/vaccaria";
};
drebner = {
"guest ok" = "no";
"read only" = "no";
path = "/home/drebner";
};
};
};
@ -72,7 +61,6 @@
allowedTCPPorts = [
445 139 # samba
config.services.transmission.settings.peer-port
config.services.rsyncd.port
];
allowedUDPPorts = [
137 138 # samba
@ -82,47 +70,32 @@
environment.systemPackages = with pkgs; [
transmission
samba
rdiff-backup
];
# fancontrol
boot.kernelModules = ["it87"];
# systemd.services.fancontrol =
# let fancontrolConfig = pkgs.writeText "fancontrol" ''
# # Configuration file generated by pwmconfig, changes will be lost
# INTERVAL=10
# DEVPATH=hwmon1=devices/pci0000:00/0000:00:18.3 hwmon0=devices/platform/it87.552
# DEVNAME=hwmon1=k10temp hwmon0=it8720
# FCTEMPS=hwmon0/pwm3=hwmon1/temp1_input hwmon0/pwm1=hwmon1/temp1_input
# FCFANS=hwmon0/pwm3=hwmon0/fan1_input hwmon0/pwm1=hwmon0/fan1_input
# MINTEMP=hwmon0/pwm3=40 hwmon0/pwm1=40
# MAXTEMP=hwmon0/pwm3=65 hwmon0/pwm1=65
# MINSTART=hwmon0/pwm3=150 hwmon0/pwm1=150
# MINSTOP=hwmon0/pwm3=0 hwmon0/pwm1=100
# ''; in {
# description = "fancontrol from lm_sensors";
# wantedBy = ["multi-user.target"];
# serviceConfig.ExecStart = "${pkgs.lm_sensors}/bin/fancontrol ${fancontrolConfig}";
# };
systemd.services.fancontrol =
let fancontrolConfig = pkgs.writeText "fancontrol" ''
# Configuration file generated by pwmconfig, changes will be lost
INTERVAL=10
DEVPATH=hwmon0=devices/pci0000:00/0000:00:18.3 hwmon2=devices/platform/it87.552
DEVNAME=hwmon0=k10temp hwmon2=it8720
FCTEMPS=hwmon2/pwm3=hwmon0/temp1_input hwmon2/pwm1=hwmon0/temp1_input
FCFANS=hwmon2/pwm3=hwmon2/fan1_input hwmon2/pwm1=hwmon2/fan1_input
MINTEMP=hwmon2/pwm3=40 hwmon2/pwm1=40
MAXTEMP=hwmon2/pwm3=65 hwmon2/pwm1=65
MINSTART=hwmon2/pwm3=150 hwmon2/pwm1=150
MINSTOP=hwmon2/pwm3=0 hwmon2/pwm1=100
''; in {
description = "fancontrol from lm_sensors";
wantedBy = ["multi-user.target"];
serviceConfig.ExecStart = "${pkgs.lm_sensors}/bin/fancontrol ${fancontrolConfig}";
};
# hdd spindown
powerManagement.powerUpCommands = ''
${pkgs.hdparm}/bin/hdparm -B200 -S0 /dev/sd{a,b,c,d,e,f}
${pkgs.hdparm}/bin/hdparm -B127 -S100 /dev/sd{a,b,c,d,e,f}
'';
services.rsyncd = {
enable = true;
modules = {
lr_mobile = {
path = "/mnt/vaccaria/fotos/lr_mobile";
"read only" = "yes";
};
};
};
users.extraUsers.gebner.openssh.authorizedKeys.keys = [
''command="rdiff-backup --server --restrict-read-only /",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiZhy9mm9sUeomfe9Vj5JhNE4l7YOkj7Yiii5Ni2RzUyj/dc9pxvNJSI+om/ruwb1n2gIYi0bOpwrZGiyvrUrpiqLcOwU6IOYLxnQ3E9nHLX3rsGMIyJtMcoBOcTY/rJMogqA4m6uMaaPEaeBlS5F/qb5UGIvQ7YlW1rF75RJ/QXrdL3Y7R3OJbG90QGR5EThs/1HOEBUKgkEcPQDodzNvZ8hFtznWrCw5bMSQYGMfY4WBc1b7UdLaYZ6vghQgsZ5IyvFDvCNTHTfhObYhv71YMXDkocAyI8XecNP1hoJ67oZ1xn06LEUEMiuXIQ4Ss7RYZLzNc2yrd5RYqCdd4x1n backups@aruanus''
];
}