Compare commits

..

2 Commits

61 changed files with 895 additions and 2473 deletions

@ -1,14 +1,9 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let
trnsmssnIface = "wg-trnsmssn";
in
{ {
imports = imports =
[ [
/etc/nixos/hardware-configuration.nix
./common-headless.nix ./common-headless.nix
./tailscale.nix
]; ];
boot.supportedFilesystems = ["zfs"]; boot.supportedFilesystems = ["zfs"];
@ -31,31 +26,11 @@ in
hostId = "34a820f1"; hostId = "34a820f1";
}; };
users = { services.openssh.enable = true;
users = {
gebner.extraGroups = [
"transmission"
"nilotica"
];
nilotica = { users.extraUsers.gebner = {
group = "nilotica";
isNormalUser = true; isNormalUser = true;
}; extraGroups = ["wheel" "transmission"];
transmission = {
group = "transmission";
uid = config.ids.uids.transmission;
};
};
groups = {
nilotica = {};
transmission = {
gid = config.ids.gids.transmission;
};
};
}; };
boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages; boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages;
@ -67,19 +42,11 @@ in
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boota".options = [ "nofail" ];
fileSystems."/bootb".options = [ "nofail" ];
fileSystems."/bootc".options = [ "nofail" ];
fileSystems."/bootd".options = [ "nofail" ];
fileSystems."/boote".options = [ "nofail" ];
fileSystems."/bootf".options = [ "nofail" ];
services.samba = { services.samba = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
passdb backend = tdbsam passdb backend = tdbsam
unix password sync = no unix password sync = no
min protocol = NT1
''; '';
shares = { shares = {
export = { export = {
@ -90,116 +57,26 @@ in
}; };
}; };
containers.trnsmssn =
let
homeDir = "/mnt/aplysia/torrents";
in rec {
config = {
services.transmission = { services.transmission = {
enable = true; enable = true;
settings = { settings = {
download-dir = homeDir; download-dir = "/mnt/aplysia/torrents";
incomplete-dir = homeDir; incomplete-dir = "/mnt/aplysia/torrents";
speed-limit-down = 5000; peer-port = 51413;
speed-limit-down-enabled = true;
speed-limit-up = 800;
speed-limit-up-enabled = true;
peer-port = 7455;
rpc-bind-address = localAddress;
rpc-whitelist-enabled = false;
}; };
}; };
networking.firewall = {
enable = true;
interfaces.${trnsmssnIface}.allowedTCPPorts = [
config.services.transmission.settings.peer-port
];
interfaces.eth0.allowedTCPPorts = [
9091
];
};
networking.nameservers = [ "193.138.218.74" ];
networking.interfaces.${trnsmssnIface} = {
ipv4.addresses = [ { address = "10.64.157.93"; prefixLength = 32; } ];
ipv6.addresses = [ { address = "fc00:bbbb:bbbb:bb01::1:9d5c"; prefixLength = 128; } ];
ipv4.routes = [
{ address = "0.0.0.0"; prefixLength = 1; }
{ address = "128.0.0.0"; prefixLength = 1; }
];
ipv6.routes = [ { address = "::"; prefixLength = 0; } ];
};
environment.systemPackages = with pkgs; [ wireguard-tools ];
};
privateNetwork = true;
interfaces = [ trnsmssnIface ];
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
autoStart = true;
bindMounts.${homeDir} = {
hostPath = homeDir;
isReadOnly = false;
};
};
networking.wireguard = {
enable = true;
interfaces.${trnsmssnIface} = {
privateKeyFile = "/etc/wgkeys/mullvad";
peers = [
{
allowedIPs = ["0.0.0.0/0" "::/0"];
publicKey = "5y66WShsFXqM5K7/4CPEGCWfk7PQyNhVBT2ILjbGm2I=";
endpoint = "se15-wireguard.mullvad.net:51820";
}
];
allowedIPsAsRoutes = false;
};
};
systemd.services."container@trnsmssn" = {
requires = [ "wireguard-${trnsmssnIface}.service" ];
after = [ "wireguard-${trnsmssnIface}.service" ];
};
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
445 139 # samba 445 139 # samba
config.services.rsyncd.port config.services.transmission.settings.peer-port
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
137 138 # samba 137 138 # samba
]; ];
}; };
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts."transmission-proxy" = {
serverName = "localhost";
listen = [
{ addr = "localhost"; port = 9091; }
];
locations."/transmission/" = {
proxyPass = "http://192.168.100.11:9091";
proxyWebsockets = true;
};
};
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
transmission transmission
samba samba
@ -210,38 +87,4 @@ in
${pkgs.hdparm}/bin/hdparm -B127 -S100 /dev/sd{a,b,c,d,e,f} ${pkgs.hdparm}/bin/hdparm -B127 -S100 /dev/sd{a,b,c,d,e,f}
''; '';
services.rsyncd = {
enable = true;
settings = {
lr_mobile = {
path = "/mnt/aplysia/fotos/lr_mobile";
"read only" = "yes";
};
};
};
systemd.services.backup-fotos = rec {
wants = [ "network.target" "mnt-aplysia.mount" ];
after = wants;
serviceConfig = {
User = "gebner";
Group = "users";
Type = "oneshot";
};
script = ''
${pkgs.rclone}/bin/rclone sync -v --update --use-server-modtime \
/mnt/aplysia/fotos/lightroom/ \
glacier:gebner-fotos-raw-backup/
'';
};
systemd.timers.backup-fotos = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "Mon,Fri 03:00";
Persistent = true;
};
};
} }

@ -3,20 +3,10 @@
{ {
imports = imports =
[ [
/etc/nixos/hardware-configuration.nix ./common.nix
./common-headless.nix
# ./sway.nix
./i3.nix
./large-sw.nix ./large-sw.nix
./uefi.nix ./uefi.nix
./fstrim.nix ./fstrim.nix
# ./qemu-user.nix
./atmega.nix
./v4l2loopback.nix
./huion.nix
./rtl8761b.nix
./unstable-nix.nix
./nm-restart.nix
]; ];
environment.etc."lvm/lvm.conf".text = '' environment.etc."lvm/lvm.conf".text = ''
@ -24,61 +14,55 @@
issue_discards = 1 issue_discards = 1
} }
''; '';
boot.initrd.luks.devices = { boot.initrd.luks.devices = [
sda2_crypt = { {
name = "sda2_crypt";
device = "/dev/disk/by-uuid/2e2e2824-e357-4a75-bddc-8cf386cd0f53"; device = "/dev/disk/by-uuid/2e2e2824-e357-4a75-bddc-8cf386cd0f53";
preLVM = true; preLVM = true;
allowDiscards = true; allowDiscards = true;
}; }
}; ];
networking.hostName = "archachatina"; # Define your hostname. networking.hostName = "archachatina"; # Define your hostname.
networking.hostId = "cc7ea3ba"; networking.hostId = "cc7ea3ba";
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
networking.interfaces."enp3s0".wakeOnLan.enable = true; services.wakeonlan.interfaces = [
{
# services.xserver.displayManager.defaultSession = pkgs.lib.mkForce "sway"; interface = "enp3s0";
# method = "magicpacket";
# users.extraUsers.presentation = { }
# isNormalUser = true; ];
# extraGroups = [ "networkmanager" "audio" ];
# # shell = "${pkgs.zsh}/bin/zsh";
# shell = "/run/current-system/sw/bin/fish";
#
# password = if config.virtualisation != null then "" else null;
# };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
beets beets
mediainfo
flac
piper recoll
uvccapture
# libratbag
]; ];
services.thermald.enable = true; services.thermald.enable = true;
virtualisation.virtualbox.host = { virtualisation.docker.enable = true;
enable = true; users.extraUsers.gebner.extraGroups = [ "docker" "libvirtd" ];
# enableExtensionPack = true;
};
# nixpkgs.config.allowUnfree = true;
virtualisation.libvirtd = { # virtualisation.virtualbox.host.enable = true;
enable = true;
}; # virtualisation.libvirtd.enable = true;
networking.firewall.checkReversePath = false; networking.firewall.checkReversePath = false;
fileSystems."/var/lib/libvirt/images/vaccaria" = { # fileSystems."/var/lib/libvirt/images/vaccaria" = {
device = "//vaccaria.htdf.gebner.org/export/tmp/vms"; # device = "//vaccaria.mtlaa.gebner.org/export/tmp/vms";
fsType = "cifs"; # fsType = "cifs";
options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/vaccaria" # options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/vaccaria"
"forceuid" "forcegid" "uid=0" "gid=0" ]; # "forceuid" "forcegid" "uid=0" "gid=0" ];
}; # };
hardware.opengl.extraPackages = with pkgs; [ hardware.opengl.driSupport32Bit = true;
rocm-opencl-icd
# rocm-runtime-ext
];
services.nix-serve = { services.nix-serve = {
enable = true; enable = true;
@ -88,7 +72,8 @@
services.openssh.forwardX11 = true; services.openssh.forwardX11 = true;
# nixpkgs.config.packageOverrides = super: let self = super.pkgs; in { nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
# mesa_drivers = self.stable.mesa_drivers;
# mesa_drivers = self.mesaDarwinOr ( # mesa_drivers = self.mesaDarwinOr (
# let mo = self.mesa_noglu.override { # let mo = self.mesa_noglu.override {
# llvmPackages = pkgs.llvmPackages_39; # llvmPackages = pkgs.llvmPackages_39;
@ -97,11 +82,9 @@
# }; # };
# in mo.drivers # in mo.drivers
# ); # );
# }; };
#boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages_latest;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages; # boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages_5_8;
services.xserver = { services.xserver = {
videoDrivers = [ "amdgpu" ]; videoDrivers = [ "amdgpu" ];
@ -110,17 +93,6 @@
''; '';
}; };
services.postgresql = { services.transmission.enable = true;
enable = true;
extraPlugins = [ pkgs.postgis ];
};
services.ratbagd.enable = true;
# virtualisation.anbox = {
# enable = true;
# };
system.stateVersion = "18.03";
} }

@ -1,13 +0,0 @@
{ config, pkgs, ... }:
{
services.udev.extraRules =
let action = '' OWNER := "gebner" ''; in ''
# Atmel ATMega32U4
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff4", ${action}
# Atmel USBKEY AT90USB1287
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ffb", ${action}
# Atmel ATMega32U2
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff0", ${action}
'';
}

@ -6,8 +6,7 @@
# nox # nox
wget wget
neovim neovim
neovim-remote zsh
# zsh
gitFull gitAndTools.hub tig gitFull gitAndTools.hub tig
gnumake gnumake
m4 m4
@ -18,45 +17,33 @@
pwgen pwgen
gcc gcc
silver-searcher silver-searcher
ripgrep
fzf fzf
tree tree
python
python3 python3
python3Packages.ipython python3Packages.ipython
lua
perl
gdb gdb
bind nmap tcpdump (pkgs.inetutils or telnet) bind nmap tcpdump telnet
usbutils
dstat dstat
which which
zip zip
file file
unzip unzip
elinks elinks
links2
ctags ctags
nix-prefetch-scripts nix-prefetch-scripts
(pkgs.wireguard-tools or pkgs.wireguard or pkgs.hello) nix-repl
jq jq
#b2sum
strace
ncdu
hyperfine
]; ];
environment.variables.EDITOR = "${pkgs.neovim}/bin/nvim"; environment.variables.EDITOR = "${pkgs.neovim}/bin/nvim";
# programs.zsh = { programs.zsh = {
# enable = true; enable = true;
# promptInit = ""; promptInit = "";
# }; };
programs.bash = { programs.bash = {
enableCompletion = true; enableCompletion = true;
}; };
programs.fish = {
enable = true;
};
} }

@ -1,69 +0,0 @@
{ stdenv, fetchFromGitHub, pkgconfig, autoreconfHook
, alsaLib, bluez, glib, sbc, dbus
# optional, but useful utils
, readline, libbsd, ncurses
# optional codecs
, aacSupport ? true, fdk_aac
# TODO: aptxSupport
}:
with stdenv.lib;
stdenv.mkDerivation rec {
pname = "bluez-alsa";
version = "3.0.0";
src = fetchFromGitHub {
owner = "Arkq";
repo = "bluez-alsa";
rev = "v${version}";
sha256 = "1jlsgxyqfhncfhx1sy3ry0dp6p95kd4agh7g2b7g51h0c4cv74h8";
};
nativeBuildInputs = [ pkgconfig autoreconfHook ];
buildInputs = [
alsaLib bluez glib sbc dbus
readline libbsd ncurses
]
++ optional aacSupport fdk_aac;
configureFlags = [
"--with-alsaplugindir=${placeholder "out"}/lib/alsa-lib"
"--with-dbusconfdir=${placeholder "out"}/share/dbus-1/system.d"
"--enable-rfcomm"
"--enable-hcitop"
"--enable-msbc"
]
++ optional aacSupport "--enable-aac";
meta = {
description = "Bluez 5 Bluetooth Audio ALSA Backend";
longDescription = ''
Bluez-ALSA (BlueALSA) is an ALSA backend for Bluez 5 audio interface.
Bluez-ALSA registers all Bluetooth devices with audio profiles in Bluez
under a virtual ALSA PCM device called `bluealsa` that supports both
playback and capture.
Some backstory: Bluez 5 removed built-in support for ALSA in favor of a
generic interface for 3rd party appliations. Thereafter, PulseAudio
implemented a backend for that interface and became the only way to get
Bluetooth audio with Bluez 5. Users prefering ALSA stayed on Bluez 4.
However, Bluez 4 eventually became deprecated.
This package is a rebirth of a direct interface between ALSA and Bluez 5,
that, unlike PulseAudio, provides KISS near-metal-like experience. It is
not possible to run BluezALSA and PulseAudio Bluetooth at the same time
due to limitations in Bluez, but it is possible to run PulseAudio over
BluezALSA if you disable `bluetooth-discover` and `bluez5-discover`
modules in PA and configure it to play/capture sound over `bluealsa` PCM.
'';
homepage = src.meta.homepage;
license = licenses.mit;
platforms = platforms.linux;
maintainers = [ maintainers.oxij maintainers.lheckemann ];
};
}

@ -1,132 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./pipewire.nix
];
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [ fcitx5-mozc fcitx5-table-other fcitx5-m17n fcitx5-rime rime-data ];
};
fonts = {
enableDefaultFonts = false;
fontconfig = {
allowBitmaps = false;
};
fonts = with pkgs; [
# xorg.fontbhlucidatypewriter100dpi
# xorg.fontbhlucidatypewriter75dpi
# freefont_ttf
gyre-fonts # TrueType substitutes for standard PostScript fonts
# xorg.fontbh100dpi
# xorg.fontmiscmisc
# xorg.fontcursormisc
unifont
noto-fonts-emoji
noto-fonts-cjk
cantarell-fonts # from gnome3 module
merriweather
merriweather-sans
open-sans
# libertine # breaks 
dejavu_fonts
liberation_ttf
ubuntu_font_family
wqy_microhei
ipafont
ipaexfont
source-han-serif
source-han-sans
inconsolata
# iosevka
fira fira-mono fira-code
source-code-pro
stix-two
font-awesome_5
];
};
environment.systemPackages = with pkgs; [
(writeScriptBin "gsd-xsettings"
''
#!/bin/sh
exec ${gnome3.gnome-settings-daemon}/libexec/gsd-xsettings "$@"
'')
libinput
libnotify
gsettings-desktop-schemas
];
# prevent satanic torture
qt.platformTheme = "qt5ct";
hardware.uinput.enable = true;
users.extraUsers.gebner.extraGroups = [ "input" "tty" "audio" "video" "uinput" ];
services.dbus.packages = with pkgs; [ gcr ];
services.udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
# copied from gnome3 module
security.polkit.enable = true;
services.udisks2.enable = true;
services.accounts-daemon.enable = true;
services.geoclue2.enable = true;
services.gnome.at-spi2-core.enable = true;
services.gnome.gnome-keyring.enable = true;
services.gvfs.enable = true;
programs.seahorse.enable = true;
services.gnome.sushi.enable = true;
services.gnome.gnome-settings-daemon.enable = true;
services.telepathy.enable = true;
networking.networkmanager.enable = true;
services.upower.enable = config.powerManagement.enable;
programs.dconf.enable = true;
services.gnome.glib-networking.enable = true;
services.flatpak.enable = true;
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
# Needed for themes and backgrounds
environment.pathsToLink = [ "/share" ];
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
services.blueman.enable = true;
programs.gnupg = {
agent.enable = true;
agent.pinentryFlavor = "gnome3";
};
# https://github.com/NixOS/nixpkgs/pull/54083
environment.extraSetup = ''
if [ -d $out/share/gsettings-schemas/ ]; then
# Create the standard schemas directory
mkdir -p $out/share/glib-2.0/schemas
# symlink any schema files to the standard schema directory
for d in $out/share/gsettings-schemas/*; do
# Force symlink, in case there are duplicates
ln -fs $d/glib-2.0/schemas/*.xml $out/share/glib-2.0/schemas
done
# and compile them
if [ -w $out/share/glib-2.0/schemas ]; then
${pkgs.glib.dev}/bin/glib-compile-schemas $out/share/glib-2.0/schemas
fi
fi
'';
}

@ -3,17 +3,16 @@
{ {
imports = imports =
[ [
/etc/nixos/hardware-configuration.nix
./basic-tools.nix ./basic-tools.nix
./common-sw.nix ./common-sw.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
nix.settings = { nix.useSandbox = true;
sandbox = true; nix.binaryCaches = [ https://cache.nixos.org ];
substituters = [ "https://cache.nixos.org" ]; nix.trustedBinaryCaches = [ https://cache.nixos.org ];
trusted-substituters = [ "https://cache.nixos.org" ];
};
nix.extraOptions = '' nix.extraOptions = ''
auto-optimise-store = true auto-optimise-store = true
binary-caches-parallel-connections = 10 binary-caches-parallel-connections = 10
@ -22,13 +21,13 @@
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.firewall.enable = true; networking.firewall.enable = true;
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Vienna";
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "no"; permitRootLogin = "no";
settings.PasswordAuthentication = false; passwordAuthentication = false;
}; };
programs.ssh.startAgent = false; programs.ssh.startAgent = false;
@ -37,40 +36,16 @@
services.printing = { services.printing = {
enable = true; enable = true;
browsing = true; browsing = true;
drivers = [ pkgs.hplip ]; drivers = [ pkgs.stable.hplip ];
}; };
# services.colord.enable = true;
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
virtualisation.containers.containersConf.settings = {
engine = {
cgroup_manager = "cgroupfs";
};
};
virtualisation.containers = {
registries.search = [ "docker.io" ];
};
virtualisation.lxd.enable = true;
virtualisation.lxd.recommendedSysctlSettings = true;
virtualisation.lxd.package = pkgs.lxd;
virtualisation.lxc.lxcfs.enable = true;
systemd.enableUnifiedCgroupHierarchy = pkgs.lib.mkForce true;
boot.kernel.sysctl = { boot.kernel.sysctl = {
"kernel.perf_event_paranoid" = "0"; "kernel.perf_event_paranoid" = "0";
"kernel.kptr_restrict" = pkgs.lib.mkForce "0"; "kernel.kptr_restrict" = pkgs.lib.mkForce "0";
# IntelliJ # IntelliJ
"fs.inotify.max_user_watches" = pkgs.lib.mkDefault 524288; "fs.inotify.max_user_watches" = 524288;
# undo lxd "recommendedSysctlSettings"
"kernel.dmesg_restrict" = pkgs.lib.mkForce 0;
}; };
# gapt: `ulimit -n` was 256 # gapt: `ulimit -n` was 256
@ -79,13 +54,13 @@
]; ];
fileSystems."/mnt/vaccaria" = { fileSystems."/mnt/vaccaria" = {
device = "//vaccaria.htdf.gebner.org/export"; device = "//vaccaria.mtlaa.gebner.org/export";
fsType = "cifs"; fsType = "cifs";
options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/vaccaria" "vers=1.0" ]; options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/vaccaria" "vers=1.0" ];
}; };
fileSystems."/mnt/aplysia" = { fileSystems."/mnt/aplysia" = {
device = "//aplysia.htdf.gebner.org/export"; device = "//aplysia.mtlaa.gebner.org/export";
fsType = "cifs"; fsType = "cifs";
options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/aplysia" "vers=1.0" ]; options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/aplysia" "vers=1.0" ];
}; };
@ -98,41 +73,12 @@
users.extraUsers.gebner = { users.extraUsers.gebner = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [ "wheel" "networkmanager" "transmission" ];
"wheel"
"networkmanager"
"audio"
"transmission"
"lxd"
"libvirtd"
"vboxusers"
"wireshark"
];
# shell = "${pkgs.zsh}/bin/zsh"; # shell = "${pkgs.zsh}/bin/zsh";
shell = "/run/current-system/sw/bin/fish";
password = if config.virtualisation != null then "" else null; password = if config.virtualisation != null then "" else null;
}; };
users.groups = { system.fsPackages = [ pkgs.ntfs3g ];
transmission = {
gid = config.ids.gids.transmission;
};
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
# LC_TIME = "en_GB.UTF-8";
# LC_PAPER = "de_AT.UTF-8";
};
supportedLocales = [ "all" ]; # https://github.com/NixOS/nixpkgs/pull/177318
};
system.fsPackages = with pkgs; [
ntfs3g
exfatprogs
];
} }

@ -1,111 +1,134 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [
./fix-firefox.nix
];
environment.systemPackages = with pkgs.haskellPackages; with pkgs; [ environment.systemPackages = with pkgs.haskellPackages; with pkgs; [
gitg
gmpc gmpc
mpdevil
m4 m4
(pkgs.openjdk or pkgs.openjdk14 or pkgs.openjdk12 or pkgs.openjdk11 or pkgs.openjdk10 or openjdk8) subversion
openjdk8
sbt scala sbt scala
ungoogled-chromium stable.chromium
# chromium
firefox
qalculate-gtk qalculate-gtk
libqalculate speedcrunch
viewnior viewnior
gnupg gnupg
(pass.withExtensions (ext: [ ext.pass-otp ])) pass xclip pwgen
xclip pwgen
remmina remmina
ledger ledger
# hledger hledger
# hledger-diff hledger-diff
cmake ninja cmake ninja
bear
mpv mpv
stable.wireshark-gtk
neomutt notmuch neomutt notmuch
stable.goldendict
patchelf patchelf
loc bazaar
tokei tokei loc
ripgrep ripgrep
imagemagick imagemagick
mercurial mercurial
(pkgs.man-pages or manpages)
dfeet androidenv.platformTools # adb & fastboot
geoipWithDatabase
nix-index
alacritty
neovim-qt
clinfo
lm_sensors lm_sensors
hdparm hdparm
smartmontools
lsof lsof
pdfpc pdfpc
poppler_utils
# haskell dev
cabal2nix
cabal-install
# ghc-mod
# emacs # emacs
emacs emacs
emacsPackages.cask
ghostscript # for auctex ghostscript # for auctex
aspell aspell
(pkgs.nodejs_latest or pkgs.nodejs-12_x or pkgs.nodejs-11_x or pkgs.nodejs-10_x or nodejs-9_x) nodejs
mediainfo mediainfo
isync isync
mu
msmtp msmtp
vdirsyncer khard khal vdirsyncer khard khal
rclone
duplicity
restic
magic-wormhole
linuxPackages.perf linuxPackages.perf
qrencode zbar
veriT veriT
minisat minisat
picosat picosat
glucose glucose
prover9 prover9
eprover eprover
vampire
metis-prover metis-prover
spass spass
z3 z3
cvc4 stable.cvc4
graphviz graphviz
open-wbo
# toysolver # toysolver
] ++ (with aspellDicts; [ en de fr nl ]) oldstable.haskellPackages.tip-lib
++ (with gst_all_1; [ gstreamer gstreamer.dev
gst-plugins-bad gst-plugins-good gst-plugins-base gst-plugins-ugly ]); emacsPackages.proofgeneral
oldstablePkgs # protect nixpkgs checkout from GC
stablePkgs
] ++ (with aspellDicts; [ en de fr nl ]);
nixpkgs.config.packageOverrides = pkgs: with pkgs; let
fetchNixPkgs = { rev, sha256 }:
fetchFromGitHub {
inherit sha256 rev;
owner = "NixOS";
repo = "nixpkgs-channels";
};
oldstablePkgs = fetchNixPkgs {
rev = "5237768d62a40236d24fafbd9f4f97f3227399ce";
sha256 = "1j707pwm6ll2cvmqvwfxxq21gd9q7l6s3vi3vc01jklplj2v20is";
};
stablePkgs = fetchNixPkgs {
rev = "19879836d10f64a10658d1e2a84fc54b090e2087";
sha256 = "1x41ch2mgzs85ivvyp3zqkbh4i0winjg69g5x0p3q7avgrhkl7ph";
};
in {
# idea-community-eap = pkgs.idea.idea-community.overrideDerivation (oldAttrs: rec {
# name = "idea-community-${version}";
# version = "2017.2.eap";
# src = pkgs.fetchurl {
# url = "https://download.jetbrains.com/idea/ideaIC-172.3544.6-no-jdk.tar.gz";
# sha256 = "72874a0393a6388b04353a359eea1d1242f59d6e7b96a4cf43c793602ac7ccdb";
# };
# });
idea-community-eap = pkgs.idea.idea-community;
# clion-eap = pkgs.idea.clion.overrideDerivation (oldAttrs: rec {
# name = "clion-${version}";
# version = "2017.1.eap";
# src = pkgs.fetchurl {
# url = "http://download.jetbrains.com/cpp/CLion-2017.1-RC.tar.gz";
# sha256 = "1rv9rcjv4kv39l9r4g5kqbd4y175301a6kr3js3szkjmhqd50qq3";
# };
# });
clion-eap = pkgs.idea.clion;
# neovim = pkgs.neovim.override {
# extraPythonPackages = [ pkgs.pythonPackages.websocket_client ];
# };
oldstablePkgs = oldstablePkgs;
oldstable = import oldstablePkgs {};
stablePkgs = stablePkgs;
stable = import stablePkgs {};
qutebrowser = pkgs.qutebrowser.override { withWebEngineDefault = true; };
};
nixpkgs.config.allowTexliveBuilds = true; nixpkgs.config.allowTexliveBuilds = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfreePredicate = (pkg: true);
nixpkgs.config.android_sdk.accept_license = true;
programs.adb.enable = true;
users.extraUsers.gebner.extraGroups = [ "adbusers" ];
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
khal = pkgs.khal.overridePythonAttrs (_: { doCheck = false; });
};
} }

10
common.nix Normal file

@ -0,0 +1,10 @@
{ config, pkgs, ... }:
{
imports =
[
./common-headless.nix
./i3.nix
];
}

@ -3,53 +3,18 @@
{ {
imports = imports =
[ [
./common-headless.nix ./common.nix
# ./i3.nix
./sway.nix
./large-sw.nix ./large-sw.nix
./uefi.nix ./uefi.nix
./fstrim.nix
./atmega.nix
./v4l2loopback.nix
./huion.nix
./nvim05.nix
./nm-restart.nix
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.luks.devices = [
boot.initrd.kernelModules = [ "dm-snapshot" ]; {
boot.kernelModules = [ "kvm-intel" ]; name = "sda2_crypt";
boot.extraModulePackages = [ ]; device = "/dev/disk/by-uuid/6c687d35-1b43-4799-b71c-a5b5c21b3e2a";
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a16ae3f7-11df-47fc-a8df-f22c474ec1c1";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3C5C-049B";
fsType = "vfat";
};
#swapDevices = [
# { device = "/dev/disk/by-uuid/b7274abd-58a5-4acc-8481-30e105e94eec"; }
#];
nix.settings.max-jobs = pkgs.lib.mkDefault 6;
powerManagement.cpuFreqGovernor = pkgs.lib.mkDefault "powersave";
environment.etc."lvm/lvm.conf".text = ''
devices {
issue_discards = 1
}
'';
boot.initrd.luks.devices = {
sda_crypt = {
device = "/dev/disk/by-partuuid/00292928-0088-4887-9e5d-2f2eccb4816f";
preLVM = true; preLVM = true;
allowDiscards = true; }
}; ];
};
networking = { networking = {
hostName = "decoysnail"; hostName = "decoysnail";
@ -62,56 +27,14 @@
services.thermald.enable = true; services.thermald.enable = true;
hardware.opengl = { virtualisation.docker = {
extraPackages = with pkgs; [ beignet ];
driSupport32Bit = true;
};
#services.avahi.nssmdns = true;
#services.nscd.enable = pkgs.lib.mkOverride 10 true;
services.openssh.forwardX11 = true;
system.stateVersion = "19.09";
networking.wireguard.interfaces.wg0 = {
ips = ["10.59.0.4/16"];
privateKeyFile = "/etc/wgkeys/decoysnail";
allowedIPsAsRoutes = true;
postSetup = ''
${pkgs.systemd}/bin/resolvectl domain wg0 '~htdf.gebner.org' '~mtlaa.gebner.org' '~ams.gebner.org'
${pkgs.systemd}/bin/resolvectl dns wg0 10.57.0.1
'';
peers = [{
publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
# endpoint = "mtlaa-gw.gebner.org:35869";
# endpoint = "84.112.114.160:35869";
endpoint = "127.0.0.1:35869";
persistentKeepalive = 25;
}];
};
systemd.services.wstunnel = {
path = [ pkgs.wstunnel ];
wantedBy = [ "wireguard-wg0.service" ];
after = [ "network.target" ];
script = ''
wstunnel -L 35869:htdf-gw.gebner.org:35869 -u wss://gebner.org
'';
};
services.resolved = {
domains = [];
enable = true; enable = true;
storageDriver = "overlay2";
}; };
users.extraUsers.gebner.extraGroups = [ "docker" ];
# services.xserver = { hardware.opengl.driSupport32Bit = true;
# videoDrivers = [ "intel" ];
# };
fonts.fontconfig = { services.avahi.nssmdns = true;
subpixel.rgba = "none";
};
} }

@ -1,16 +1,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let mpdStreamingPort = 8080; in
{ {
imports = imports =
[ [
/etc/nixos/hardware-configuration.nix ./common.nix
./common-headless.nix
./sway.nix
./uefi.nix ./uefi.nix
./fstrim.nix ./fstrim.nix
# ./nebula.nix
./tailscale.nix
]; ];
environment.etc."lvm/lvm.conf".text = '' environment.etc."lvm/lvm.conf".text = ''
@ -18,44 +13,27 @@ let mpdStreamingPort = 8080; in
issue_discards = 1 issue_discards = 1
} }
''; '';
boot.initrd.luks.devices = { boot.initrd.luks.devices = [
euhadra_crypt = { {
name = "euhadra_crypt";
device = "/dev/disk/by-uuid/328a9ede-0958-490b-8e82-62b06b839e21"; device = "/dev/disk/by-uuid/328a9ede-0958-490b-8e82-62b06b839e21";
preLVM = true; preLVM = true;
allowDiscards = true; allowDiscards = true;
}; }
}; ];
networking.hostName = "euhadra"; networking.hostName = "euhadra";
networking.hostId = "ddb5f0fd"; networking.hostId = "ddb5f0fd";
hardware.cpu.intel.updateMicrocode = true;
services.mpd = { services.mpd = {
enable = true; enable = true;
# network.listenAddress = "127.0.0.1"; network.listenAddress = "any";
musicDirectory = "/mnt/aplysia/music"; musicDirectory = "/mnt/vaccaria/music";
extraConfig = '' extraConfig = ''
bind_to_address "10.59.0.6"
bind_to_address "100.97.134.100"
# audio_output {
# type "alsa"
# name "dac"
# device "sysdefault:CARD=QAMP"
# }
audio_output { audio_output {
type "pulse" type "alsa"
name "pulse" name "dac"
server "127.0.0.1" device "sysdefault:CARD=QAMP"
}
audio_output {
type "httpd"
name "http"
encoder "flac"
port "${toString mpdStreamingPort}"
} }
replaygain "auto" replaygain "auto"
@ -63,43 +41,9 @@ let mpdStreamingPort = 8080; in
''; '';
}; };
services.pipewire = {
config.pipewire-pulse = {
"pulse.properties"."server.address" = [
"unix:native"
"tcp:127.0.0.1:4713"
"tcp:100.97.134.100:4713"
];
};
};
networking.wireguard.interfaces.wg0 = {
ips = ["10.59.0.6/16"];
privateKeyFile = "/etc/wgkeys/euhadra";
allowedIPsAsRoutes = true;
postSetup = ''
${pkgs.systemd}/bin/resolvectl domain wg0 '~htdf.gebner.org' '~mtlaa.gebner.org' '~ams.gebner.org'
${pkgs.systemd}/bin/resolvectl dns wg0 10.58.0.1
'';
peers = [{
publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
endpoint = "htdf-gw.gebner.org:35869";
# endpoint = "80.109.29.104:35869";
# endpoint = "127.0.0.1:35869";
}];
};
# systemd.services.wireguard-wg0.wantedBy = pkgs.lib.mkOverride 10 [];
services.resolved = {
domains = [];
enable = true;
};
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
config.services.mpd.network.port config.services.mpd.network.port
4713 # pulseaudio 4713 # pulseaudio
mpdStreamingPort # mpd streaming
]; ];
environment.systemPackages = with pkgs; [ mpc_cli ]; environment.systemPackages = with pkgs; [ mpc_cli ];
@ -108,19 +52,15 @@ let mpdStreamingPort = 8080; in
nixpkgs.config.mpv.vaapiSupport = true; nixpkgs.config.mpv.vaapiSupport = true;
# hardware.pulseaudio = { hardware.pulseaudio = {
# systemWide = true; zeroconf.publish.enable = true;
# zeroconf.publish.enable = true; tcp = {
# tcp = { enable = true;
# enable = true; anonymousClients.allowedIpRanges = [
# anonymousClients.allowedIpRanges = [ "127.0.0.1"
# "127.0.0.1" "10.57.0.0/16"
# "10.57.0.0/16" ];
# ]; };
# }; };
# };
system.stateVersion = "22.05";
time.timeZone = pkgs.lib.mkOverride 10 "US/Pacific";
} }

@ -1,37 +0,0 @@
{ config, pkgs, ... }:
# unreserve ctrl+w shortcuts
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
firefox-unwrapped = stdenv.mkDerivation {
inherit (firefox-unwrapped) name version;
nativeBuildInputs = [ unzip zip ];
buildCommand = ''
mkdir -p $out
cp -ra ${firefox-unwrapped}/. $out/.
chmod +w -R $out
sed -i "s|${firefox-unwrapped}|$out|g" $out/bin/firefox
j=$out/lib/firefox/browser/omni.ja
f=localization/en-US/browser/browserSets.ftl
mkdir browser
cd browser
# corrupt zip files??
unzip $j || true
patch $f <${./fix-firefox.patch}
rm $j
zip -0DXqr $j *
'';
inherit (firefox-unwrapped) meta;
passthru = {
inherit (firefox-unwrapped.passthru) version isFirefox3Like gtk
nspr gssSupport browserName ffmpegSupport gtk3 binaryName;
};
};
};
}

@ -1,31 +0,0 @@
--- localization/en-US/browser/browserSets.ftl~ 2020-08-31 11:28:51.148881026 +0200
+++ localization/en-US/browser/browserSets.ftl 2020-08-31 19:07:11.687530527 +0200
@@ -9,16 +9,16 @@
.label = Zoom
window-new-shortcut =
- .key = N
+ .keycode = VK_F20
window-minimize-shortcut =
.key = M
close-shortcut =
- .key = W
+ .keycode = VK_F17
tab-new-shortcut =
- .key = T
+ .key = T
location-open-shortcut =
.key = L
@@ -185,7 +185,7 @@
## global menu.
quit-app-shortcut =
- .key = Q
+ .keycode = VK_F18
help-shortcut =
.key = ?

@ -1,62 +0,0 @@
{
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1693158576,
"narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a999c1cc0c9eb2095729d5aa03e0d8f7ed256780",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs",
"utils": "utils"
}
},
"utils": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1638172912,
"narHash": "sha256-jxhQGNEsZTdop/Br3JPS+xmBf6t9cIWRzVZFxbT76Rw=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "166d6ebd9f0de03afc98060ac92cba9c71cfe550",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"ref": "v1.3.1",
"repo": "flake-utils-plus",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

@ -1,35 +0,0 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1";
# neovim-overlay = {
# url = "github:nix-community/neovim-nightly-overlay";
# inputs.nixpkgs.follows = "nixpkgs";
# };
};
outputs = inputs@{ self, nixpkgs, utils, ... }: utils.lib.mkFlake {
inherit self inputs;
channels.nixpkgs.input = nixpkgs;
channels.nixpkgs.patches = [ ];
nix.generateRegistryFromInputs = true;
hostDefaults = {
modules = [
({ ... }: { nix.extraOptions = "warn-dirty = false"; })
];
};
hosts = {
petalius.modules = [ ./petalius.nix ];
flammea.modules = [ ./flammea.nix ];
decoysnail.modules = [ ./decoysnail.nix ];
};
};
}

@ -1,195 +0,0 @@
{ config, pkgs, ... }:
let mpdStreamingPort = 8080; in
{
imports =
[
./common-headless.nix
# ./sway.nix
# ./i3.nix
./gnome3.nix
./large-sw.nix
./uefi.nix
./fstrim.nix
# ./qemu-user.nix
./atmega.nix
./v4l2loopback.nix
./huion.nix
./spacenav.nix
./nvim05.nix
./nm-restart.nix
./tailscale.nix
];
hardware.enableRedistributableFirmware = true;
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [
"kvm-amd"
"zenpower"
];
boot.extraModulePackages = [ ];
boot.supportedFilesystems = [ "zfs" ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3b8c5c8a-fff2-49ba-98bd-ceb01d6d57c3";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1FA2-93AB";
fsType = "vfat";
};
swapDevices = [ ];
environment.etc."lvm/lvm.conf".text = ''
devices {
issue_discards = 1
}
'';
boot.initrd.luks.devices = {
nvme0n1p2_crypt = {
device = "/dev/disk/by-uuid/0fd33358-83dc-4acd-b6b8-0f079082367e";
preLVM = true;
allowDiscards = true;
};
};
networking.hostName = "flammea"; # Define your hostname.
networking.hostId = "390adc00";
hardware.cpu.amd.updateMicrocode = true;
networking.interfaces."enp42s0".wakeOnLan.enable = true;
# users.extraUsers.presentation = {
# isNormalUser = true;
# extraGroups = [ "networkmanager" "audio" ];
# # shell = "${pkgs.zsh}/bin/zsh";
# shell = "/run/current-system/sw/bin/fish";
#
# password = if config.virtualisation != null then "" else null;
# };
environment.systemPackages = with pkgs; [
beets
piper
ddcutil
ddcui
];
services.thermald.enable = true;
virtualisation.virtualbox.host = {
enable = true;
enableExtensionPack = true;
};
# nixpkgs.config.allowUnfree = true;
# virtualisation.libvirtd = {
# enable = true;
# };
# networking.firewall.checkReversePath = false;
# fileSystems."/var/lib/libvirt/images/vaccaria" = {
# device = "//vaccaria.htdf.gebner.org/export/tmp/vms";
# fsType = "cifs";
# options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/vaccaria"
# "forceuid" "forcegid" "uid=0" "gid=0" ];
# };
hardware.opengl.extraPackages = with pkgs; [
rocm-opencl-icd
rocm-runtime
];
# services.nix-serve = {
# enable = true;
# secretKeyFile = "/etc/nix-serve/secret.key";
# };
# networking.firewall.allowedTCPPorts = [ config.services.nix-serve.port ];
networking.firewall.trustedInterfaces = [ "tailscale0" ];
services.openssh.settings.X11Forwarding = true;
fileSystems."/mnt/aplysia".device = pkgs.lib.mkOverride 10 "//aplysia.auroch-boa.ts.net/export";
time.timeZone = pkgs.lib.mkOverride 10 "US/Pacific";
# nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
# mesa_drivers = self.mesaDarwinOr (
# let mo = self.mesa_noglu.override {
# llvmPackages = pkgs.llvmPackages_39;
# grsecEnabled = false;
# enableTextureFloats = true;
# };
# in mo.drivers
# );
# };
boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages_6_1;
# services.xserver = {
# videoDrivers = [ "amdgpu" ];
# deviceSection = ''
# Option "TearFree" "on"
# '';
# };
services.ratbagd.enable = true;
# virtualisation.anbox = {
# enable = true;
# };
services.udev.extraRules = ''
# allow admin use of i2c devices
ACTION=="add", KERNEL=="i2c-[0-9]*", GROUP="wheel", MODE="666"
'';
system.stateVersion = "22.11";
# services.mpd = {
# enable = true;
# # network.listenAddress = "127.0.0.1";
# # musicDirectory = "/mnt/aplysia/music";
# musicDirectory = "/home/gebner/Music";
# user = "gebner";
# extraConfig = ''
# bind_to_address "100.125.210.32"
#
# # audio_output {
# # type "alsa"
# # name "dac"
# # device "sysdefault:CARD=QAMP"
# # }
#
# audio_output {
# type "pulse"
# name "pulse"
# server "127.0.0.1"
# }
#
# audio_output {
# type "httpd"
# name "http"
# encoder "flac"
# port "${toString mpdStreamingPort}"
# }
#
# replaygain "auto"
# restore_paused "yes"
# '';
# };
#
# environment.etc."pipewire/pipewire-pulse.conf.d/listen.conf".text = ''
# pulse.properties = {
# server.address = [
# "unix:native"
# "tcp:127.0.0.1:4713"
# # "tcp:100.97.134.100:4713"
# ]
# }
# '';
}

@ -1,78 +0,0 @@
with import <nixpkgs> { }; let der =
{ stdenv, mkDerivation, fetchFromGitHub, fetchpatch, cmake, ninja, coin3d,
xercesc, ode, eigen, qtbase, qttools, qtwebengine, qtxmlpatterns, wrapQtAppsHook,
opencascade-occt, gts, hdf5, vtk, medfile, zlib, python3Packages, swig,
gfortran, libXmu, soqt, libf2c, libGLU, makeWrapper, pkgconfig, mpi ? null }:
let
pythonPackages = python3Packages;
in mkDerivation rec {
pname = "freecad-assembly3";
version = "08.18";
src = fetchFromGitHub {
owner = "realthunder";
repo = "FreeCAD";
rev = "04c80c99eee0f7d2f761bdc7d8b32c077adefdec";
sha256 = "1f40biy2gc16awb233lha77xabwf2p3jvzzjrp0lnsl2gk4l9w8h";
};
nativeBuildInputs = [
cmake
ninja
pkgconfig
pythonPackages.pyside2-tools
wrapQtAppsHook
];
buildInputs = [
cmake coin3d xercesc ode eigen opencascade-occt gts
zlib swig gfortran soqt libf2c makeWrapper mpi vtk hdf5 medfile
libGLU libXmu qtbase qttools qtwebengine qtxmlpatterns
] ++ (with pythonPackages; [
matplotlib pycollada shiboken2 pyside2 pyside2-tools pivy python boost
]);
cmakeFlags = [
"-DBUILD_QT5=ON"
"-DSHIBOKEN_INCLUDE_DIR=${pythonPackages.shiboken2}/include"
"-DSHIBOKEN_LIBRARY=Shiboken2::libshiboken"
("-DPYSIDE_INCLUDE_DIR=${pythonPackages.pyside2}/include"
+ ";${pythonPackages.pyside2}/include/PySide2/QtCore"
+ ";${pythonPackages.pyside2}/include/PySide2/QtWidgets"
+ ";${pythonPackages.pyside2}/include/PySide2/QtGui"
)
"-DPYSIDE_LIBRARY=PySide2::pyside2"
];
# This should work on both x86_64, and i686 linux
preBuild = ''
export NIX_LDFLAGS="-L${gfortran.cc}/lib64 -L${gfortran.cc}/lib $NIX_LDFLAGS";
'';
# Their main() removes PYTHONPATH=, and we rely on it.
preConfigure = ''
sed '/putenv("PYTHONPATH/d' -i src/Main/MainGui.cpp
qtWrapperArgs+=(--prefix PYTHONPATH : "$PYTHONPATH")
'';
qtWrapperArgs = [
"--set COIN_GL_NO_CURRENT_CONTEXT_CHECK 1"
];
postFixup = ''
mv $out/share/doc $out
'';
meta = with stdenv.lib; {
description = "General purpose Open Source 3D CAD/MCAD/CAx/CAE/PLM modeler";
homepage = "https://www.freecadweb.org/";
license = licenses.lgpl2Plus;
maintainers = with maintainers; [ viric gebner ];
platforms = platforms.linux;
};
}
; in libsForQt514.callPackage der { mpi = openmpi; }

@ -8,7 +8,7 @@
Type = "oneshot"; Type = "oneshot";
}; };
script = "${pkgs.utillinux.bin}/bin/fstrim -v /"; script = "fstrim -v /";
startAt = "04:00"; startAt = "04:00";
}; };

@ -1,106 +1,30 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ programs.ibus.enable = true;
./pipewire.nix programs.ibus.plugins = [ pkgs.ibus-anthy pkgs.mozc ];
];
i18n.inputMethod = {
enabled = "ibus";
ibus.engines = with pkgs.ibus-engines; [ mozc table-others m17n rime ];
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gnome.gnome-tweaks xlibs.xwininfo # for gnome maximus extension
pavucontrol unzip
paprefs gnome3.libgweather
playerctl
xorg.xlsclients
gthumb
]; ];
hardware.pulseaudio.enable = false;
fonts = { fonts = {
enableDefaultFonts = false;
fontconfig = {
allowBitmaps = false;
};
fonts = with pkgs; [ fonts = with pkgs; [
# xorg.fontbhlucidatypewriter100dpi
# xorg.fontbhlucidatypewriter75dpi
# freefont_ttf
gyre-fonts # TrueType substitutes for standard PostScript fonts
# xorg.fontbh100dpi
# xorg.fontmiscmisc
# xorg.fontcursormisc
unifont
noto-fonts-emoji
noto-fonts-cjk
cantarell-fonts # from gnome3 module
merriweather
merriweather-sans
open-sans
# libertine # breaks 
dejavu_fonts
liberation_ttf
ubuntu_font_family
wqy_microhei
ipafont
ipaexfont
source-han-serif
source-han-sans
inconsolata inconsolata
iosevka dejavu_fonts
fira fira-mono fira-code ipafont
source-code-pro unifont
stix-two ubuntu_font_family
font-awesome_5
]; ];
}; };
# prevent satanic torture services.xserver.enable = true;
qt.platformTheme = "qt5ct"; services.xserver.displayManager.gdm.enable = true;
services.xserver.displayManager.desktopManagerHandlesLidAndPower = false;
hardware.uinput.enable = true; services.xserver.desktopManager.gnome3.enable = true;
users.extraUsers.gebner.extraGroups = [ "input" "tty" "audio" "video" "uinput" ]; services.xserver.layout = "us";
services.xserver.xkbVariant = "altgr-intl";
hardware.bluetooth = { services.xserver.xkbOptions = "caps:ctrl_modifier";
enable = true;
package = pkgs.bluezFull;
};
services.blueman.enable = true;
programs.gnupg = {
agent.enable = true;
agent.pinentryFlavor = "gnome3";
};
services.xserver = {
enable = true;
# libinput.enable = true;
displayManager.gdm.enable = true;
# displayManager.defaultSession = "gnome";
desktopManager.gnome = {
enable = true;
};
};
# rust winit's wayland support is broken for input methods
environment.sessionVariables.WINIT_UNIX_BACKEND = "x11";
# services.xserver.enable = true;
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.displayManager.desktopManagerHandlesLidAndPower = false;
# services.xserver.layout = "us";
# services.xserver.xkbVariant = "altgr-intl";
# services.xserver.xkbOptions = "caps:ctrl_modifier";
} }

@ -1,10 +0,0 @@
{ config, pkgs, ... }:
{
services.xserver.digimend.enable = true;
services.udev.extraRules = ''
SUBSYSTEM=="input", ENV{ID_BUS}=="usb" ENV{ID_VENDOR_ID}=="256c", \
ATTRS{name}=="* Touch *", ENV{ID_INPUT.tags}="low_res_touch"
'';
}

121
i3.nix

@ -1,43 +1,71 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ # programs.ibus.enable = true;
./common-gui.nix # programs.ibus.plugins = [ pkgs.ibus-anthy pkgs.mozc ];
]; i18n.inputMethod = {
enabled = "fcitx";
fcitx.engines = with pkgs.fcitx-engines; [ mozc anthy table-other m17n ];
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; with gnome3; [
i3 i3
i3status i3status
rofi rofi
rofi-pass rofi-pass
pa_applet
feh feh
gnome3.gnome-keyring gnome_keyring
networkmanagerapplet networkmanagerapplet
gnome3.nautilus # in closure of gnome-terminal anyhow gnome_terminal
pcmanfm nautilus # in closure of gnome-terminal anyhow
# colord colord
evince evince
arandr arandr
xss-lock i3lock i3lock-color xss-lock i3lock
xdotool xdotool
scrot scrot
pavucontrol pavucontrol
pasystray dconf-editor
gnome3.dconf-editor
unclutter-xfixes
dunst
xorg.xev
# gnome3 core packages # gnome3 core packages
desktop-file-utils shared-mime-info desktop_file_utils shared_mime_info
glib gtk3 glib gtk3
glib-networking gvfs dconf glib_networking gvfs dconf
gnome3.gnome-settings-daemon gnome_settings_daemon
gnome-themes-extra gnome3.adwaita-icon-theme gnome_themes_standard defaultIconTheme
hicolor-icon-theme hicolor_icon_theme
]; ];
fonts = {
enableDefaultFonts = false;
fonts = with pkgs; [
xorg.fontbhlucidatypewriter100dpi
xorg.fontbhlucidatypewriter75dpi
dejavu_fonts
freefont_ttf
gyre-fonts # TrueType substitutes for standard PostScript fonts
liberation_ttf
xorg.fontbh100dpi
xorg.fontmiscmisc
xorg.fontcursormisc
# unifont
wqy_microhei
inconsolata
dejavu_fonts
ipafont
ipaexfont
# unifont
ubuntu_font_family
source-code-pro
fira
stable.noto-fonts-emoji
cantarell_fonts # from gnome3 module
];
};
services.xserver = { services.xserver = {
enable = true; enable = true;
@ -47,21 +75,21 @@
# # slim.autoLogin = true; # # slim.autoLogin = true;
lightdm.enable = true; lightdm.enable = true;
# startx.enable = true;
# sddm.enable = true;
defaultSession = "i3wm";
}; };
desktopManager = { desktopManager = {
default = "i3wm";
xterm.enable = false; xterm.enable = false;
session = [ { session = [ {
name = "i3wm"; name = "i3wm";
start = '' start = ''
export XDG_DATA_DIRS=/run/current-system/sw/share/''${XDG_DATA_DIRS:+:}$XDG_DATA_DIRS export XDG_DATA_DIRS=/run/current-system/sw/share/''${XDG_DATA_DIRS:+:}$XDG_DATA_DIRS
export $(${pkgs.gnome3.gnome-keyring}/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh) export $(${pkgs.gnome3.gnome_keyring}/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg)
export XDG_CURRENT_DESKTOP=X-Generic export XDG_CURRENT_DESKTOP=GNOME
for m in xsettings; do
${pkgs.gnome3.gnome_settings_daemon}/libexec/gsd-$m &
done
i3 & i3 &
waitPID=$! waitPID=$!
''; '';
@ -70,13 +98,48 @@
updateDbusEnvironment = true; updateDbusEnvironment = true;
windowManager = {
default = "i3";
i3.enable = true;
};
layout = "us"; layout = "us";
xkbVariant = "altgr-intl"; xkbVariant = "altgr-intl";
xkbOptions = "caps:ctrl_modifier"; xkbOptions = "caps:ctrl_modifier";
}; };
# services.dbus.socketActivated = true; services.dbus.packages = with pkgs; [ dunst gnome3.gcr ];
services.dbus.packages = with pkgs; [ dunst ]; services.udev.packages = [ pkgs.gnome3.gnome_settings_daemon ];
systemd.packages = [ pkgs.dunst ];
# copied from gnome3 module
security.polkit.enable = true;
services.udisks2.enable = true;
services.accounts-daemon.enable = true;
services.geoclue2.enable = true;
services.gnome3.at-spi2-core.enable = true;
# services.gnome3.evolution-data-server.enable = true;
# services.gnome3.gnome-documents.enable = true;
services.gnome3.gnome-keyring.enable = true;
#services.gnome3.gnome-online-accounts.enable = true;
# services.gnome3.gnome-user-share.enable = true;
services.gnome3.gvfs.enable = true;
services.gnome3.seahorse.enable = true;
services.gnome3.sushi.enable = true;
# services.gnome3.tracker.enable = true;
services.telepathy.enable = true;
networking.networkmanager.enable = true;
services.upower.enable = config.powerManagement.enable;
hardware.bluetooth.enable = true;
# Needed for themes and backgrounds
environment.pathsToLink = [ "/share" ];
environment.variables.GIO_EXTRA_MODULES = with pkgs.gnome3; [
"${pkgs.lib.getLib dconf}/lib/gio/modules"
"${glib_networking.out}/lib/gio/modules"
"${gvfs}/lib/gio/modules" ];
hardware.pulseaudio = {
enable = true;
zeroconf.discovery.enable = true;
};
} }

@ -2,65 +2,35 @@
{ {
environment.systemPackages = with pkgs.haskellPackages; with pkgs; [ environment.systemPackages = with pkgs.haskellPackages; with pkgs; [
jetbrains.idea-community idea-community-eap
# idea.clion clion-eap
texlive.combined.scheme-full biber texlive.combined.scheme-full biber
gimp stable.gimp
inkscape stable.inkscape
# jabref jabref
libreoffice-fresh stable.libreoffice-fresh
# calibre stable.calibre
# goldendict
xournal # qutebrowser
xournalpp
open-wbo # only in 17.09+
vscode vscode
clang
ccls stack
sumneko-lua-language-server
texlab
rnix-lsp
pyright
nodePackages.typescript-language-server
rust-analyzer
# stack stable.coq_8_6
elan # cargo rustc
# coq
# emacsPackages.proofgeneral
# virtmanager
(if lib.hasAttr "curaPlugins" pkgs then
cura.override {
plugins = with curaPlugins; [ octoprint rawmouse ];
}
else cura)
openscad
freecad
calculix
meshlab
audacious
flac
clementine
uvccapture
yarn
gnome3.baobab
rustup
] ++ (with aspellDicts; [ en de fr nl ]); ] ++ (with aspellDicts; [ en de fr nl ]);
programs.wireshark = { nixpkgs.config.packageOverrides = pkgs: with pkgs; {
enable = true; myemacs = emacs25.override {
package = pkgs.wireshark; withGTK2 = false;
withGTK3 = true;
withXwidgets = true;
};
}; };
hardware.opengl.driSupport32Bit = true;
} }

46
mastus/blog.nix Normal file

@ -0,0 +1,46 @@
{ config, pkgs, ... }:
{
services.nginx.httpConfig = ''
server {
listen [::]:443;
listen 443;
server_name gabrielebner.at www.gabrielebner.at 2b7e.org www.2b7e.org www.gebner.org;
ssl on;
ssl_certificate_key /var/lib/acme/gebner.org/key.pem;
ssl_certificate /var/lib/acme/gebner.org/fullchain.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
location / {
rewrite ^(.*) https://gebner.org$1 permanent;
}
}
server {
listen [::]:443;
listen 443;
server_name gebner.org;
ssl on;
ssl_certificate_key /var/lib/acme/gebner.org/key.pem;
ssl_certificate /var/lib/acme/gebner.org/fullchain.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
root /srv/www.gebner.org;
error_page 404 403 /pages/404.html;
}
'';
}

@ -6,18 +6,15 @@
/etc/nixos/hardware-configuration.nix /etc/nixos/hardware-configuration.nix
../basic-tools.nix ../basic-tools.nix
./backup.nix ./backup.nix
./duplicity.nix
./mail.nix ./mail.nix
./www.nix ./www.nix
./gitea.nix ./gogs.nix
./letsencrypt.nix ./letsencrypt.nix
./website.nix ./blog.nix
./wstunnel.nix
./radicale.nix ./radicale.nix
# ./ttrss.nix ./ttrss.nix
./dns.nix ./dns.nix
./nebula.nix
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;

@ -9,7 +9,7 @@ let
IN AAAA 2a02:2770:3:0:21a:4aff:feac:bc0e IN AAAA 2a02:2770:3:0:21a:4aff:feac:bc0e
''; '';
timestamp = "1664458744"; timestamp = "1497294847";
heNsServers = '' heNsServers = ''
@ IN NS ns1.he.net. @ IN NS ns1.he.net.
@ -48,9 +48,9 @@ in
misuji ${misuji} misuji ${misuji}
mastus ${mastus} mastus ${mastus}
home-gw IN A 80.109.29.104 home-gw IN A 80.109.2.154
htdf-gw IN A 80.109.29.104 htdf-gw IN A 80.109.2.154
ams-gw IN A 82.217.167.76 mtlaa-gw IN A 84.112.114.160
@ ${mastus} @ ${mastus}
www IN CNAME mastus www IN CNAME mastus

@ -1,7 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [ pkgs.duplicity ];
}

@ -1,35 +0,0 @@
{ stdenv, fetchFromGitHub, autoconf, automake, pkg-config, dovecot, libtool, xapian, icu64, sqlite }:
stdenv.mkDerivation rec {
pname = "fts-xapian";
version = "1.3.2";
src = fetchFromGitHub {
owner = "grosjo";
repo = "fts-xapian";
rev = version;
sha256 = "12rgchx1ikwxbhdgychcfrhfnmx1rzl1l5zhmzchjkh44cwmpdbh";
};
buildInputs = [ dovecot xapian icu64 sqlite ];
nativeBuildInputs = [ autoconf automake libtool pkg-config ];
preConfigure = ''
export PANDOC=false
autoreconf -vi
'';
configureFlags = [
"--with-dovecot=${dovecot}/lib/dovecot"
"--without-dovecot-install-dirs"
"--with-moduledir=$(out)/lib/dovecot"
];
meta = with stdenv.lib; {
homepage = "https://github.com/grosjo/fts-xapian";
description = "Dovecot FTS plugin based on Xapian";
license = licenses.lgpl21;
maintainers = with maintainers; [ julm ];
platforms = platforms.unix;
};
}

77
mastus/gitblit.nix Normal file

@ -0,0 +1,77 @@
{ config, pkgs, ... }:
let
gitblitWar = pkgs.fetchurl {
url = "http://dl.bintray.com/gitblit/releases/gitblit-1.6.2.war";
sha256 = "01gqarpwqbx1ix5zycfxw4172q5l8hhxvb7f92y3lz8l6x42l7i9";
};
gitHome = "/srv/git.gebner.org";
in
{
containers.gitblit = {
config = { config, pkgs, ... }: {
users.extraUsers.git = { home = gitHome; extraGroups = [ "git" ]; };
users.extraGroups.git = { };
systemd.services.createGitDir = {
wantedBy = [ "winstone-gitblit.service" ];
serviceConfig.Type = "oneshot";
script = ''
mkdir -p ${gitHome}
chown git:git -R ${gitHome}
'';
};
services.winstone.gitblit = {
user = "git";
group = "git";
warFile = "${gitblitWar}";
extraJavaOptions = [ "-DGITBLIT_HOME=${gitHome}" ];
};
};
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.101.10";
};
services.nginx.appendConfig = ''
http {
server {
listen [::]:80;
listen 80;
server_name git.gebner.org;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen [::]:443;
listen 443;
server_name git.gebner.org;
ssl on;
ssl_certificate_key /var/lib/acme/gebner.org/mastus.key;
ssl_certificate /var/lib/acme/gebner.org/git.cert;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://gitblit;
client_max_body_size 30M;
break;
}
}
upstream gitblit {
server 192.168.100.10:8080;
}
}
'';
}

@ -1,42 +0,0 @@
{ config, pkgs, ... }:
{
services.gitea = rec {
enable = true;
stateDir = "/srv/git.gebner.org";
appName = "Gabriel Ebner's git server";
domain = "git.gebner.org";
rootUrl = "https://git.gebner.org/";
httpPort = 8001;
cookieSecure = true;
log.level = "Info";
disableRegistration = true;
settings = {
picture = {
DISABLE_GRAVATAR = "false";
AVATAR_UPLOAD_PATH = "${stateDir}/data/avatars";
};
};
};
environment.systemPackages = [
(let cfg = config.services.gitea; in pkgs.writeScriptBin "gitea" ''
exec ${pkgs.sudo}/bin/sudo -u ${cfg.user} \
env GITEA_WORK_DIR=${cfg.stateDir} ${pkgs.gitea}/bin/gitea "$@"
'')
];
services.nginx = {
recommendedProxySettings = true;
virtualHosts."git.gebner.org" = {
forceSSL = true;
useACMEHost = "gebner.org";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.gitea.httpPort}";
extraConfig = ''
proxy_buffering off;
client_max_body_size 256M;
'';
};
};
};
}

@ -1,45 +1,125 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ let
users.extraUsers.git = { home = config.services.gogs.stateDir; extraGroups = [ "git" ]; }; gitHome = "/srv/git.gebner.org";
users.extraGroups.git = { };
gogs = pkgs.callPackage ../pkgs/gogs.nix { };
gogsPort = 8001;
gogsConfig = pkgs.writeText "gogs.ini" ''
APP_NAME = Gogs: Go Git Service
RUN_USER = git
RUN_MODE = prod
[database]
DB_TYPE = sqlite3
HOST = 127.0.0.1:3306
NAME = gogs
USER = root
PASSWD =
SSL_MODE = disable
PATH = ${gitHome}/data/gogs.db
[repository]
ROOT = ${gitHome}/gogs-repositories
[server]
DOMAIN = git.gebner.org
HTTP_PORT = ${toString gogsPort}
ROOT_URL = https://git.gebner.org/
DISABLE_SSH = false
SSH_PORT = 22
OFFLINE_MODE = true
[mailer]
ENABLED = false
[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
services.gogs = rec {
enable = true;
stateDir = "/srv/git.gebner.org";
user = "git";
group = "git";
appName = "Gabriel Ebner's git server";
domain = "git.gebner.org";
rootUrl = "https://git.gebner.org/";
httpPort = 8001;
cookieSecure = true;
extraConfig = ''
[picture] [picture]
DISABLE_GRAVATAR = false DISABLE_GRAVATAR = false
AVATAR_UPLOAD_PATH = ${stateDir}/data/avatars AVATAR_UPLOAD_PATH = ${gitHome}/data/avatars
[session]
PROVIDER = file
[log] [log]
ROOT_PATH = ${stateDir}/logs ROOT_PATH = ${gitHome}/logs
MODE = file MODE = file
LEVEL = Info LEVEL = Info
[service] [security]
DISABLE_REGISTRATION = true INSTALL_LOCK = true
''; '';
in
{
users.extraUsers.git = { home = gitHome; extraGroups = [ "git" ]; };
users.extraGroups.git = { };
systemd.services.gogs = {
path = with pkgs; [ git openssh bash ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
Restart = "always";
User = "git";
Group = "git";
ExecStart = "${gogs}/gogs web -c ${gogsConfig}";
WorkingDirectory = gitHome;
};
}; };
services.nginx = { services.nginx.httpConfig = ''
recommendedProxySettings = true; server {
virtualHosts."git.gebner.org" = { listen [::]:80;
forceSSL = true; listen 80;
useACMEHost = "gebner.org"; server_name git.gebner.org;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.gogs.httpPort}"; location /.well-known/acme-challenge {
extraConfig = '' default_type text/plain;
proxy_buffering off; alias /var/lib/acme/www/.well-known/acme-challenge;
client_max_body_size 30M; }
'';
}; location / {
}; rewrite ^(.*) https://$host$1 permanent;
}; }
}
server {
listen [::]:443;
listen 443;
server_name git.gebner.org;
ssl on;
ssl_certificate_key /var/lib/acme/gebner.org/key.pem;
ssl_certificate /var/lib/acme/gebner.org/fullchain.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://gogs;
client_max_body_size 30M;
break;
}
}
upstream gogs {
server 127.0.0.1:${toString gogsPort};
}
'';
} }

@ -3,18 +3,18 @@
{ {
security.acme.certs = { security.acme.certs = {
"gebner.org" = { "gebner.org" = {
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/www";
email = "gebner@gebner.org"; email = "gebner@gebner.org";
extraDomainNames = [ extraDomains = {
"git.gebner.org" "git.gebner.org" = null;
"mail.gebner.org" "mail.gebner.org" = null;
"gebner.org" "gebner.org" = null;
"www.gebner.org" "www.gebner.org" = null;
"gabrielebner.at" "gabrielebner.at" = null;
"www.gabrielebner.at" "www.gabrielebner.at" = null;
"2b7e.org" "2b7e.org" = null;
"www.2b7e.org" "www.2b7e.org" = null;
]; };
postRun = '' postRun = ''
systemctl reload nginx systemctl reload nginx
@ -26,6 +26,4 @@
}; };
}; };
security.acme.acceptTerms = true;
} }

@ -18,7 +18,6 @@
extraAliases = '' extraAliases = ''
ge: gebner ge: gebner
cutintro: gebner cutintro: gebner
gebne: gebner
''; '';
hostname = "mastus.gebner.org"; hostname = "mastus.gebner.org";
sslCert = "/var/lib/acme/gebner.org/fullchain.pem"; sslCert = "/var/lib/acme/gebner.org/fullchain.pem";
@ -68,6 +67,8 @@
sslServerCert = "/var/lib/acme/gebner.org/fullchain.pem"; sslServerCert = "/var/lib/acme/gebner.org/fullchain.pem";
sslServerKey = "/var/lib/acme/gebner.org-dovecot/key.pem"; sslServerKey = "/var/lib/acme/gebner.org-dovecot/key.pem";
extraConfig = '' extraConfig = ''
ssl_protocols = !SSLv2 !SSLv3
service auth { service auth {
unix_listener /var/lib/postfix/queue/private/auth { unix_listener /var/lib/postfix/queue/private/auth {
mode = 0660 mode = 0660
@ -75,30 +76,7 @@
group = postfix group = postfix
} }
} }
# # use mailPlugins.globally.enable after nixos 20.09
# mail_plugins = fts fts_xapian
#
# plugin {
# plugin = fts fts_xapian
#
# fts = xapian
# fts_xapian = partial=2 full=20 attachments=1 verbose=0
#
# fts_autoindex = yes
# fts_enforced = yes
#
# fts_autoindex_exclude = Trash
# fts_autoindex_exclude2 = spam
# }
#
# default_vsz_limit = 0
#
# service indexer-worker {
# vsz_limit = 0
# }
''; '';
# modules = [ (pkgs.callPackage ./fts_xapian.nix {}) ];
}; };
systemd.services.dovecotSslKey = rec { systemd.services.dovecotSslKey = rec {
wantedBy = [ "dovecot2.service" ]; wantedBy = [ "dovecot2.service" ];

@ -1,25 +0,0 @@
{ config, pkgs, ... }:
let mastus = "37.252.120.145";
in {
services.nebula.networks.gabriel = {
enable = true;
ca = "/etc/nebula/gabriel/ca.crt";
cert = "/etc/nebula/gabriel/mastus.crt";
key = "/etc/nebula/gabriel/mastus.key";
isLighthouse = true;
staticHostMap = {
"192.168.18.36" = [ "${mastus}:4242" ];
};
firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
settings = {
serve_dns = true;
lighthouse.dns = { host = "192.168.18.36"; port = 5353; };
};
};
networking.firewall.allowedUDPPorts = [ 4242 ];
}

@ -5,56 +5,77 @@ in
{ {
services.radicale = { services.radicale = {
enable = true; enable = true;
package = pkgs.radicale3.overrideDerivation (_: { config = ''
#patches = [ ./radicale1249.patch ]; [server]
doCheck = false; hosts = 127.0.0.1:${toString radicalePort}
pytestCheckPhase = "true"; ssl = false
}); dns_lookup = false
settings = {
server = {
hosts = "127.0.0.1:${toString radicalePort}";
ssl = false;
};
storage = { [storage]
filesystem_folder = "/var/lib/radicale/collections"; filesystem_folder = /var/lib/radicale/storage
};
auth = { [auth]
type = "htpasswd"; type = IMAP
htpasswd_filename = "/var/lib/radicale/htpasswd";
htpasswd_encryption = "bcrypt";
};
rights = { [rights]
type = "owner_only"; type = owner_only
};
};
};
security.acme.certs."gebner.org".extraDomainNames = [ "radicale.gebner.org" ];
services.nginx = {
recommendedProxySettings = true;
virtualHosts."radicale.gebner.org" = {
forceSSL = true;
useACMEHost = "gebner.org";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString radicalePort}";
};
# Fake nextcloud api:
# https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/issues/1#note_857357
extraConfig = ''
rewrite ^/remote.php/carddav / redirect;
rewrite ^/remote.php/caldav / redirect;
location /remote.php/webdav {
return 200;
}
''; '';
}; };
};
environment.systemPackages = with pkgs; [ apacheHttpd ]; security.acme.certs."gebner.org".extraDomains."radicale.gebner.org" = null;
services.nginx.httpConfig = ''
server {
listen [::]:80;
listen 80;
server_name radicale.gebner.org;
location /.well-known/acme-challenge {
default_type text/plain;
alias /var/lib/acme/www/.well-known/acme-challenge;
}
location / {
rewrite ^(.*) https://$host$1 permanent;
}
}
server {
listen [::]:443;
listen 443;
server_name radicale.gebner.org;
ssl on;
ssl_certificate_key /var/lib/acme/gebner.org/key.pem;
ssl_certificate /var/lib/acme/gebner.org/fullchain.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
send_timeout 900;
proxy_pass http://radicale;
client_max_body_size 30M;
break;
}
}
upstream radicale {
server 127.0.0.1:${toString radicalePort};
}
'';
} }

@ -1,37 +0,0 @@
diff --git a/radicale/app/propfind.py b/radicale/app/propfind.py
index 52d0b00..ee7cf28 100644
--- a/radicale/app/propfind.py
+++ b/radicale/app/propfind.py
@@ -350,8 +350,8 @@ class ApplicationPartPropfind(ApplicationBase):
permission = "r"
status = "read"
else:
- permission = ""
- status = "NO"
+ permission = "r"
+ status = "read"
logger.debug(
"%s has %s access to %s",
repr(user) if user else "anonymous user", status, target)
@@ -362,8 +362,8 @@ class ApplicationPartPropfind(ApplicationBase):
path: str, user: str) -> types.WSGIResponse:
"""Manage PROPFIND request."""
access = Access(self._rights, user, path)
- if not access.check("r"):
- return httputils.NOT_ALLOWED
+ #if not access.check("r"):
+ # return httputils.NOT_ALLOWED
try:
xml_content = self._read_xml_request_body(environ)
except RuntimeError as e:
@@ -380,8 +380,8 @@ class ApplicationPartPropfind(ApplicationBase):
item = next(items_iter, None)
if not item:
return httputils.NOT_FOUND
- if not access.check("r", item):
- return httputils.NOT_ALLOWED
+ #if not access.check("r", item):
+ # return httputils.NOT_ALLOWED
# put item back
items_iter = itertools.chain([item], items_iter)
allowed_items = self._collect_allowed_items(items_iter, user)

@ -2,13 +2,7 @@
{ {
containers.ttrss = { containers.ttrss = {
config = { config = {
users.users.ttrss = { users.extraUsers.ttrss = {};
group = "ttrss";
isSystemUser = true;
};
users.groups.ttrss = {};
users.users.tt_rss.isSystemUser = true;
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@ -25,7 +19,6 @@
user = "ttrss"; user = "ttrss";
pool = "ttrss"; pool = "ttrss";
virtualHost = null;
database = { database = {
type = "pgsql"; type = "pgsql";
@ -39,21 +32,23 @@
}; };
services.phpfpm = { services.phpfpm = {
pools = { extraConfig = ''
ttrss = { error_log = /var/log/phpfpm.log
user = "ttrss"; log_level = notice
group = "ttrss"; '';
settings = {
listen = "9000"; poolConfigs = {
pm = "dynamic"; ttrss = ''
"pm.max_children" = 75; listen = 9000
"pm.start_servers" = 10; user = ttrss
"pm.min_spare_servers" = 5; pm = dynamic
"pm.max_spare_servers" = 20; pm.max_children = 75
"pm.max_requests" = 500; pm.start_servers = 10
catch_workers_output = 1; pm.min_spare_servers = 5
}; pm.max_spare_servers = 20
}; pm.max_requests = 500
catch_workers_output = 1
'';
}; };
}; };
@ -68,28 +63,61 @@
networking.nat.enable = true; networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"]; networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "ens3"; networking.nat.externalInterface = "enp0s3";
security.acme.certs."gebner.org".extraDomainNames = [ "reader.gebner.org" ]; security.acme.certs."gebner.org".extraDomains."reader.gebner.org" = null;
services.nginx = { services.nginx.httpConfig = ''
virtualHosts."reader.gebner.org" = { server {
forceSSL = true; listen [::]:80;
useACMEHost = "gebner.org"; listen 80;
locations."/" = { server_name reader.gebner.org;
root = "/var/lib/containers/ttrss/var/lib/tt-rss";
index = "index.php"; location /.well-known/acme-challenge {
}; default_type text/plain;
locations."/cache".extraConfig = "deny all;"; alias /var/lib/acme/www/.well-known/acme-challenge;
locations."= /config.php".extraConfig = "deny all;"; }
locations."~ \\.php$".extraConfig = ''
location / {
rewrite ^(.*) https://$host$1 permanent;
}
}
server {
listen [::]:443;
listen 443;
server_name reader.gebner.org;
ssl on;
ssl_certificate_key /var/lib/acme/gebner.org/key.pem;
ssl_certificate /var/lib/acme/gebner.org/fullchain.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
location / {
root /var/lib/containers/ttrss/var/lib/tt-rss;
index index.php;
}
location /cache {
deny all;
}
location = /config.php {
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 192.168.100.11:9000; fastcgi_pass 192.168.100.11:9000;
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/lib/tt-rss/$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME /var/lib/tt-rss/$fastcgi_script_name;
include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi_params;
''; }
}; }
}; '';
} }

@ -9,7 +9,7 @@ let
boot.enableContainers = true; boot.enableContainers = true;
systemd.services.setupVM = rec { systemd.services.setupVM = rec {
wantedBy = [ "gitea.service" "dovecot2.service" "nginx.service" ]; wantedBy = [ "gogs.service" "dovecot2.service" "nginx.service" ];
before = wantedBy; before = wantedBy;
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -17,22 +17,14 @@ let
}; };
script = '' script = ''
mkdir -p /srv/git.gebner.org mkdir -p /srv/git.gebner.org
chown gitea:gitea -R /srv/git.gebner.org chown git:git -R /srv/git.gebner.org
''; '';
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ elinks carddav-util fcgi ];
elinks
carddav-util
fcgi
wstunnel
sqlite-interactive
];
security.acme.server = "http://localhost";
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 gebner.org www.gebner.org reader.gebner.org git.gebner.org mail.gebner.org radicale.gebner.org gabrielebner.at 127.0.0.1 gebner.org www.gebner.org reader.gebner.org git.gebner.org mail.gebner.org radicale.gebner.org
# disable letsencrypt # disable letsencrypt
127.0.0.111 acme-v01.api.letsencrypt.org 127.0.0.111 acme-v01.api.letsencrypt.org

@ -1,33 +0,0 @@
{ config, pkgs, ... }:
{
services.nginx = {
virtualHosts."gebner.org" = {
enableACME = true;
forceSSL = true;
root = "/srv/www.gebner.org";
extraConfig = ''
access_log /var/log/nginx/website_access.log;
error_page 404 403 /404.html;
location / {
try_files $uri $uri/ @not_found;
}
location @not_found {
try_files /404.cgi =404;
fastcgi_intercept_errors on;
fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
}
'';
};
};
services.fcgiwrap = {
enable = true;
user = "nobody";
group = "nogroup";
};
}

@ -1,24 +0,0 @@
{ config, pkgs, ... }:
let
port = 58613;
in
{
systemd.services.wstunnel = rec {
path = [ pkgs.wstunnel ];
wantedBy = [ "nginx.service" ];
after = [ "network.target" ];
script = ''
wstunnel --server --restrictTo=htdf-gw.gebner.org:35869 ws://localhost:${toString port}
'';
};
services.nginx.virtualHosts."gebner.org".locations = {
"/wstunnel/udp/htdf-gw.gebner.org/35869" = {
proxyWebsockets = true;
proxyPass = "http://localhost:${toString port}";
};
};
}

@ -16,18 +16,21 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
httpConfig = ''
server {
listen [::]:80;
listen 80;
server_name _;
recommendedTlsSettings = true; location /.well-known/acme-challenge {
recommendedOptimisation = true; default_type text/plain;
alias /var/lib/acme/www/.well-known/acme-challenge;
sslDhparam = "/etc/nginx/dhparam.pem"; }
virtualHosts."_" = { location / {
default = true; rewrite ^(.*) https://gebner.org$1 permanent;
addSSL = true; }
useACMEHost = "gebner.org"; }
globalRedirect = "gebner.org"; '';
}; };
};
} }

147
murex.nix

@ -1,147 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
/etc/nixos/hardware-configuration.nix
./basic-tools.nix
];
boot.loader.grub.enable = false;
boot.loader.raspberryPi = {
enable = true;
version = 3;
uboot.enable = true;
};
boot.kernelPackages = pkgs.linuxPackages_5_4;
boot.kernelParams = [
"cma=32M" # for virtual console, see https://nixos.wiki/wiki/NixOS_on_ARM
"console=tty0"
];
hardware.enableRedistributableFirmware = true;
# hardware.firmware = with pkgs; [
# (stdenv.mkDerivation {
# name = "broadcom-rpi3bplus-extra";
# src = fetchurl {
# url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/b518de4/brcm/brcmfmac43455-sdio.txt";
# sha256 = "0r4bvwkm3fx60bbpwd83zbjganjnffiq1jkaj0h20bwdj9ysawg9";
# };
# phases = [ "installPhase" ];
# installPhase = ''
# mkdir -p $out/lib/firmware/brcm
# cp $src $out/lib/firmware/brcm/brcmfmac43455-sdio.txt
# '';
# })
# ];
# networking.wireless.enable = true;
# networking.networkmanager.enable = true;
networking.wireless.iwd.enable = true;
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
networking.hostName = "murex";
#networking.hostId = "34a820f1";
time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [
raspberrypi-tools
];
users.extraUsers.gebner = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio" "dialout" ];
shell = pkgs.fish;
};
services.openssh = {
enable = true;
passwordAuthentication = false;
};
documentation.nixos.enable = false;
services.octoprint = {
enable = true;
plugins = ps: with ps; [
printtimegenius
touchui
# psucontrol
];
};
# systemd.services.setupGpioForRelais = rec {
# wantedBy = [ "octoprint.service" ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = "yes";
# };
# script = let gpio = toString (458 + 17); in ''
# if echo ${gpio} > /sys/class/gpio/export; then
# echo high > /sys/class/gpio/gpio${gpio}/direction
# fi
# chown octoprint:dialout /sys/class/gpio/gpio${gpio}/value
# '';
# };
users.users.${config.services.octoprint.user}.extraGroups = [
"dialout" # ttyUSB access
];
systemd.services.ethKernelPanicFix = rec {
wantedBy = [ "networking.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
# https://github.com/raspberrypi/linux/issues/2449
script = ''
${pkgs.ethtool}/bin/ethtool -K eth0 tx-tcp-segmentation off tx-tcp6-segmentation off
'';
};
services.mjpg-streamer = {
enable = true;
# inputPlugin = "input_uvc.so -r 1920x1080";
};
networking.firewall = {
enable = true;
allowedTCPPorts = [
# config.services.octoprint.port
# 5050 # mjpg-streamer
80
];
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts."murex.ams.gebner.org" = {
locations."/" = {
proxyPass = "http://localhost:${toString config.services.octoprint.port}";
proxyWebsockets = true;
# do not cache that octoprint is inaccessible on startup
extraConfig = ''
proxy_cache off;
proxy_set_header Accept-Encoding "*";
client_max_body_size 50M;
'';
};
locations."/webcam/".proxyPass = "http://localhost:5050/?action=stream";
locations."/webcampic/".proxyPass = "http://localhost:5050/?action=snapshot";
};
};
system.stateVersion = "20.09";
}

@ -1,26 +0,0 @@
{ config, pkgs, ... }:
let mastus = "37.252.120.145"; hostname = config.networking.hostName;
in {
services.nebula.networks.gabriel = {
enable = true;
ca = "/etc/nebula/gabriel/ca.crt";
cert = "/etc/nebula/gabriel/${hostname}.crt";
key = "/etc/nebula/gabriel/${hostname}.key";
listen.host = "[::]";
listen.port = 0; # dynamic ip
staticHostMap = {
"192.168.18.36" = [ "${mastus}:4242" ];
};
lighthouses = [
"192.168.18.36"
];
firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
};
networking.firewall.allowedUDPPorts = [ 4242 ];
}

@ -1,9 +0,0 @@
{ ... }:
{
systemd.services.NetworkManager.restartIfChanged = false;
systemd.services.NetworkManager-dispatcher.restartIfChanged = false;
systemd.services.NetworkManager-wait-online.restartIfChanged = false;
systemd.services.wpa_supplicant.restartIfChanged = false;
systemd.services.systemd-resolved.restartIfChanged = false;
}

@ -1,21 +0,0 @@
{ config, inputs, ... }:
{
# nixpkgs.overlays = [ inputs.neovim-overlay.overlay ];
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
# neovim-unwrapped = neovim-unwrapped.overrideDerivation (orig: {
# patches = orig.patches ++ [ ];
# });
# neovim-qt-unwrapped = neovim-qt-unwrapped.overrideDerivation (_: {
# version = "0.2.17.9999";
# src = fetchFromGitHub {
# owner = "equalsraf";
# repo = "neovim-qt";
# rev = "67cc4e414a8e64a475e55230818fab0f78415634";
# sha256 = "sha256-3jYYY7T7L4rMsxIxJwY32izmlJKrrqbmU4DZ2Aow5uE=";
# };
# });
};
}

@ -3,73 +3,42 @@
{ {
imports = imports =
[ [
./common-headless.nix ./common.nix
./sway.nix
# ./i3.nix
./large-sw.nix ./large-sw.nix
./uefi.nix ./uefi.nix
./fstrim.nix ./fstrim.nix
./atmega.nix
./v4l2loopback.nix
./huion.nix
./nvim05.nix
./nm-restart.nix
# ./nebula.nix
./tailscale.nix
]; ];
hardware.enableRedistributableFirmware = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [
"kvm-intel"
"rmi_smbus"
"i2c_hid"
"psmouse"
];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/c87491ed-0dd6-4eb4-bef2-fe4c707e91f2";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/E526-BAB7";
fsType = "vfat";
};
swapDevices = [ ];
nix.settings.max-jobs = 4;
environment.etc."lvm/lvm.conf".text = '' environment.etc."lvm/lvm.conf".text = ''
devices { devices {
issue_discards = 1 issue_discards = 1
} }
''; '';
boot.initrd.luks.devices = { boot.initrd.luks.devices = [
nvme0n1p2 = { {
name = "nvme0n1p2";
device = "/dev/disk/by-uuid/5ca3d7ec-3f9e-4a08-8bc2-b26bfc3459c5"; device = "/dev/disk/by-uuid/5ca3d7ec-3f9e-4a08-8bc2-b26bfc3459c5";
preLVM = true; preLVM = true;
allowDiscards = true; allowDiscards = true;
}; }
}; ];
# services.xserver = { services.xserver = {
# dpi = 120; dpi = 120;
#
# libinput.enable = true; libinput.enable = true;
# config = '' config = ''
# Section "InputClass" Section "InputClass"
# Identifier "touchpad" Identifier "touchpad"
# Driver "libinput" Driver "libinput"
# MatchDevicePath "/dev/input/event*" MatchDevicePath "/dev/input/event*"
# MatchIsPointer "true" MatchIsPointer "true"
# EndSection EndSection
# ''; '';
#
# videoDrivers = [ "modesetting" ]; videoDrivers = [ "modesetting" ];
# useGlamor = true; useGlamor = true;
# }; };
programs.light.enable = true; programs.light.enable = true;
services.tlp.enable = true; services.tlp.enable = true;
@ -77,34 +46,29 @@
networking.hostName = "petalius"; networking.hostName = "petalius";
networking.hostId = "cf58caa9"; networking.hostId = "cf58caa9";
hardware.cpu.intel.updateMicrocode = true; systemd.services.ModemManager = {
enable = true;
# systemd.services.ModemManager = { wantedBy = [ "multi-user.target" ];
# enable = true; };
# wantedBy = [ "multi-user.target" ];
# };
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ]; hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
nixpkgs.config.packageOverrides = pkgs: rec { nixpkgs.config.packageOverrides = pkgs: rec {
}; };
# environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# unison unison
# ]; ];
users.extraUsers.gebner.extraGroups = [ "libvirtd" ]; virtualisation.docker = {
virtualisation.libvirtd.enable = true; enable = true;
storageDriver = "overlay2";
virtualisation.waydroid.enable = true; };
users.extraUsers.gebner.extraGroups = [ "docker" ];
#virtualisation.virtualbox.host.enable = true; #virtualisation.virtualbox.host.enable = true;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages_5_4; # boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages_5_5;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages_4_19;
boot.kernelPatches = [ boot.kernelPatches = [
# { patch = ./len0073.patch; name = "len0073"; } # { patch = ./len0073.patch; name = "len0073"; }
]; ];
@ -112,70 +76,14 @@
# "psmouse.synaptics_intertouch=1" # "psmouse.synaptics_intertouch=1"
"psmouse.proto=imps" "psmouse.proto=imps"
]; ];
boot.kernelModules = [
"rmi_smbus"
"i2c_hid"
"psmouse"
];
# time.timeZone = pkgs.lib.mkOverride 10 "Asia/Tokyo";
# time.timeZone = pkgs.lib.mkOverride 10 "Europe/London"; # time.timeZone = pkgs.lib.mkOverride 10 "Europe/London";
# time.timeZone = pkgs.lib.mkOverride 10 "Europe/Lisbon";
# time.timeZone = pkgs.lib.mkOverride 10 "US/Eastern";
time.timeZone = pkgs.lib.mkOverride 10 "US/Pacific";
#services.avahi.nssmdns = true; #services.avahi.nssmdns = true;
system.stateVersion = "22.11";
networking.wireguard.interfaces.wg0 = {
ips = ["10.59.0.2/16"];
privateKeyFile = "/etc/wgkeys/petalius";
allowedIPsAsRoutes = true;
postSetup = ''
${pkgs.systemd}/bin/resolvectl domain wg0 '~htdf.gebner.org' '~mtlaa.gebner.org' '~ams.gebner.org'
${pkgs.systemd}/bin/resolvectl dns wg0 10.58.0.1
'';
peers = [{
publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
endpoint = "htdf-gw.gebner.org:35869";
# endpoint = "80.109.29.104:35869";
# endpoint = "127.0.0.1:35869";
}];
};
systemd.services.wireguard-wg0.wantedBy = pkgs.lib.mkOverride 10 [];
systemd.services.wstunnel = {
path = [ pkgs.wstunnel ];
wantedBy = [ "wireguard-wg0.service" ];
after = [ "network.target" ];
script = ''
wstunnel -L 35869:htdf-gw.gebner.org:35869 -u wss://gebner.org
'';
};
services.resolved = {
domains = [];
enable = true;
};
# environment.systemPackages = [
# (pkgs.callPackage ./bluez-alsa.nix {})
# ];
services.fwupd.enable = true;
users.extraUsers.gebner2 = {
isNormalUser = true;
extraGroups = [
"wheel"
# "networkmanager"
"audio"
# "transmission"
# "lxd"
# "libvirtd"
# "vboxusers"
# "wireshark"
"input" "tty" "audio" "video" "uinput"
];
# shell = "${pkgs.zsh}/bin/zsh";
shell = "/run/current-system/sw/bin/fish";
};
} }

@ -1,38 +0,0 @@
{ config, pkgs, ... }:
{
users.extraUsers.gebner.extraGroups = [ "bluetooth" ];
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# media-session.config.bluez-monitor.rules = [
# {
# # Matches all cards
# matches = [ { "device.name" = "~bluez_card.*"; } ];
# actions = {
# "update-props" = {
# "bluez5.reconnect-profiles" = [ "hfp_hf" "hsp_hs" "a2dp_sink" ];
# "bluez5.msbc-support" = true;
# };
# };
# }
# ];
};
environment.systemPackages = with pkgs; [
pulseaudio
alsaUtils
carla
qjackctl
pipewire.lib
helvum
];
}

@ -1,32 +0,0 @@
with import <nixpkgs> {};
stdenv.mkDerivation rec {
name = "eclipse-clp-${version}";
version = "5.10_147";
src = fetchurl {
url = "http://eclipseclp.org/Distribution/Old/${version}/src/eclipse_src.tgz";
sha256 = "1473b1byfjgygf80sqyjjl53pvybcyyr397w23f2gn64cv68f6qx";
};
# configureFlags = [ "--without-tcl" ];
preConfigure = ''
find -name Makefile.in | xargs sed -i "s,/bin/\(cp\|mv\|chmod\|pwd\),${coreutils}&,g"
sed -i "s,/bin/pwd,pwd,g;s,/usr/bin/ranlib,ranlib,g" RUNME
sed -i "s/-fforce-mem/-D_GNU_SOURCE/" configure
cp sepia/include/*.h icparc_solvers/
'';
postConfigure = ''
ln -s Makefile.*_* Makefile # rename Makefile.x86_64_linux
'';
postInstall = ''
# eclipse puts files in bin/x86_64_linux...
mv $out/bin/*/* $out/bin/
rmdir $out/bin/*/
'';
buildInputs = [ tcl-8_5 gmp ];
# tcltk, java, mysqlclient, latex
}

21
pkgs/gogs.nix Normal file

@ -0,0 +1,21 @@
{ nixpkgs ? import <nixpkgs> {} }: with nixpkgs;
stdenv.mkDerivation rec {
name = "gogs-${version}";
version = "0.9.48";
src = fetchzip {
url = "https://github.com/gogits/gogs/releases/download/v${version}/linux_amd64.zip";
sha256 = "1z00lqcz7nwbyavs1mwgsr9zjnqrjjmqvxy43p8gap768y45pvlb";
};
buildPhase = ''
patchelf \
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath ${pam}/lib \
gogs
'';
installPhase = ''
cp -ra ./ $out/
'';
}

@ -1,11 +1,11 @@
with import <nixpkgs> {}; with import <nixpkgs> {};
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "yjp-${version}"; name = "yjp-${version}";
version = "2017.02-b75"; version = "2017.02-b53";
src = fetchurl { src = fetchurl {
url = "https://www.yourkit.com/download/YourKit-JavaProfiler-${version}.zip"; url = "https://www.yourkit.com/download/${name}.zip";
sha256 = "0m0xjyp2plwpfgy2fps86k3cqv49268s4piasyszc00gf5n5cban"; sha256 = "0ms1pq5badk6wb468s6kxqb2c9ll1sbjz2p61sdbpjp59a1sv2gx";
}; };
nativeBuildInputs = [ unzip makeWrapper patchelf ]; nativeBuildInputs = [ unzip makeWrapper patchelf ];

@ -1,31 +0,0 @@
{ config, pkgs, ... }:
{
hardware.pulseaudio = {
enable = true;
zeroconf.discovery.enable = true;
daemon.config = {
flat-volumes = "no";
avoid-resampling = "yes";
resample-method = "speex-float-10";
default-sample-format = "s32le";
default-sample-rate = "96000";
};
# package = pkgs.pulseaudio-hsphfpd;
package = pkgs.pulseaudioFull;
extraModules = [ pkgs.pulseaudio-modules-bt ];
};
# hardware.bluetooth.hsphfpd.enable = true;
users.extraUsers.gebner.extraGroups = [ "bluetooth" ];
services.pipewire = {
enable = true;
};
# causes recompilation
# nixpkgs.config.pulseaudio = true;
}

@ -1,29 +0,0 @@
{ config, pkgs, lib, ... }:
let
arm = {
interpreter = "${pkgs.qemu}/bin/qemu-arm";
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
aarch64 = {
interpreter = "${pkgs.qemu}/bin/qemu-aarch64";
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
riscv64 = {
interpreter = "${pkgs.qemu}/bin/qemu-riscv64";
magicOrExtension = ''\x7fELF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
in {
boot.binfmt.registrations = {
inherit arm;
inherit aarch64;
inherit riscv64;
};
nix.extraOptions = ''
extra-platforms = armv6l-linux armv7l-linux aarch64-linux riscv64-linux i686-linux
'';
nix.sandboxPaths = [ "/run/binfmt" "${pkgs.qemu}" ];
}

@ -1,16 +0,0 @@
with import <nixpkgs> {};
(pkgs.nixos ({ config, pkgs, ... }: {
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
];
networking.hostName = "nixos-install";
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmLT+dRGdvDQS/1+34f86Dr62UUUCyoBoQDa3Keyy0oMQqdgWK+4qIVOzvKKn2/nZ7rbNDXEnZ1wJ2+BvQ8V1QAl7I6GvkLJifZpztZ9B0o8t6fnGRMoi3BXu2cdb+HBvKvTZH0A+WU/OEwc4HF/+o2DyrTytYNucBgWaIUGZDw4RzUfoAurQ827Eslrz34qRaEk/Q+BGE2G8bDzrEHmf2wR6apuA7mF0961CNq09DNtYUTuxnqWVuzg1yOFQ0e8K4NzjqvRoproK3472/6Wifg20V7CoKE/81IocfVCuCvLuUyyQ6HHlq7MmJowCZzGs6L7SmXOMeponUTSZ1ivZ9 gebner@archachatina"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9n0cCLVTBg8IhXvonlNU3kJ5ScOVzoHdnXaffVAq+UihNQYayDtLlFetYD4RvjAgoxb8xkLKM0PWjYJicVntuPz0GhHVKlZeWIqgDG+Ec8w+7PI2Fc2WF1fLatTRBH7lwDMd7eEhPLPY5FVfqTtvEAL6aIV9uzJ0coHeh1GPp6YQ9kgobuGTxpa0r8wtd/7Q7uKkkuxfqZW6Aig56xohNYHkcI2LAJgv5e4Cim1GR/2kXY4EHfxPfxAhzx0ZIxRdp0kAmkLHEbeEUASs1kd6n/5XtmJgjl9605QrCXrKXQXf+czTbjKu5isOimFdKlXwLZYVaZd1iPPvzSNcYhMat gebner@petalius"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMTO3cgQHCgHEBK8SeHJ+Nh/pNHCBASw04VCnuVBv9EW1gApGLx4K1F1nsS/TJR9N+ayxADbAfKOTyJ5Dj6AyG16im8UM1or+GMpkXeY+t9HbFt7aHt8Ogn3P4G7VZyEwTvTEifNjmCrIdaAFnDztBoGMo0oR8MT+ry58byiMH5tIlt8yKsYdE5M1UzAyrwbTmAf8N3WxgQQv1wTvIET9+OrcY4Pw1z55Tft44ZdvQDghCRTUHz9kGpHSlOXYxa0ht+pPRLiufbsAvs5Ue+TwQmVVuAHbGn+tNrBlvYPjuNHCfiXXcGiBqNVNaWb28DCCCuchzpu9hAUXr8MbQuOnH gebner@decoysnail"
];
})).isoImage

@ -1,27 +0,0 @@
{ config, pkgs, ... }:
{
hardware.firmware = with pkgs; [ (stdenv.mkDerivation rec {
name = "rtl8761b-fw";
fw = fetchurl {
url = "https://github.com/Realtek-OpenSource/android_hardware_realtek/raw/e58b611f34f2f5ff57bb0d8cdf1b2e4751e3ccbd/bt/rtkbt/Firmware/BT/rtl8761b_fw";
sha256 = "0b59a1f2422c006837c4b5e46b59d49bfdbca1defb958adbbc0d57ebdc19cc82";
};
config = fetchurl {
url = "https://github.com/Realtek-OpenSource/android_hardware_realtek/raw/e58b611f34f2f5ff57bb0d8cdf1b2e4751e3ccbd/bt/rtkbt/Firmware/BT/rtl8761b_config";
sha256 = "aa86a092ee58e96256331d5c28c199ceaadec434460e98e7dea20e411e1aa570";
};
unpackPhase = ":";
buildPhase = ''
dn=$out/lib/firmware
mkdir -p $dn/rtl_bt
ln -s ${fw} $dn/rtl_bt/rtl8761b_fw.bin
ln -s ${config} $dn/rtl_bt/rtl8761b_config.bin
'';
installPhase = ":";
}) ];
}

@ -1,22 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
spnavcfg
];
hardware.spacenavd.enable = true;
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
spacenavd = spacenavd.overrideDerivation (_: {
patches = spacenavd.patches ++ [
(fetchpatch {
url = "https://github.com/FreeSpacenav/spacenavd/commit/fbf9019470f2511d24a368e2c9113361b58483d5.patch";
sha256 = "1i98c3k4x8f35kpfp4b9xcwgq45mdjab2frp8c2jl6y62fs84d6j";
})
];
});
};
}

@ -1,84 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./common-gui.nix
];
environment.systemPackages = with pkgs; [
i3status
(waybar.override { pulseSupport = true; })
rofi-wayland
ydotool
wtype
wl-clipboard
feh
gnome3.gnome-keyring
networkmanagerapplet
pcmanfm
evince
grim
mako
pavucontrol
paprefs
gnome3.dconf-editor
xdg_utils # for xdg-open
# gnome3 core packages
desktop-file-utils shared-mime-info
glib gtk3
glib-networking gvfs dconf
gnome-themes-extra gnome3.adwaita-icon-theme
hicolor-icon-theme
# for QT_QPA_PLATFORM=wayland
qt5.qtwayland
wdisplays
playerctl
xorg.xlsclients
];
# services.dbus.socketActivated = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
extraSessionCommands = ''
export SDL_VIDEODRIVER=wayland
# https://github.com/swaywm/sway/issues/4506
export QT_QPA_PLATFORM=xcb
# export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION=1
# Fix for some Java AWT applications (e.g. Android Studio),
# use this if they aren't displayed properly:
export _JAVA_AWT_WM_NONREPARENTING=1
# rust winit's wayland support is broken for input methods
export WINIT_UNIX_BACKEND=x11
export XDG_DATA_DIRS=/run/current-system/sw/share/''${XDG_DATA_DIRS:+:}$XDG_DATA_DIRS
export $(${pkgs.gnome3.gnome-keyring}/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg)
export XDG_CURRENT_DESKTOP=sway
'';
};
# services.xserver = {
# enable = true;
# libinput.enable = true;
# # displayManager.lightdm.enable = true;
# displayManager.defaultSession = "sway";
# };
services.dbus.packages = with pkgs; [ mako ];
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-wlr ];
}

@ -1,9 +0,0 @@
{ config, pkgs, ... }: {
# make the tailscale command usable to users
environment.systemPackages = [ pkgs.tailscale ];
# enable the tailscale service
services.tailscale.enable = true;
networking.firewall.checkReversePath = "loose";
}

74
theba.nix Normal file

@ -0,0 +1,74 @@
{ config, pkgs, ... }:
{
imports =
[
./common.nix
./large-sw.nix
./uefi.nix
./fstrim.nix
];
environment.etc."lvm/lvm.conf".text = ''
devices {
issue_discards = 1
}
'';
boot.initrd.luks.devices = [
{
name = "sda2_crypt";
device = "/dev/disk/by-uuid/a7482f34-1d7b-4181-9f3c-f6bbbdb8679d";
preLVM = true;
allowDiscards = true;
}
];
services.xserver = {
libinput.enable = true;
config = ''
Section "InputClass"
Identifier "touchpad"
Driver "libinput"
MatchDevicePath "/dev/input/event*"
MatchIsPointer "true"
EndSection
'';
videoDrivers = [ "modesetting" ];
useGlamor = true;
};
programs.light.enable = true;
services.tlp.enable = true;
networking.hostName = "theba"; # Define your hostname.
networking.hostId = "b29b900f";
# services.colord.enable = true;
systemd.services.ModemManager.enable = true;
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
nixpkgs.config.packageOverrides = pkgs: rec {
};
environment.systemPackages = with pkgs; [
unison
];
virtualisation.docker = {
enable = true;
storageDriver = "overlay2";
};
users.extraUsers.gebner.extraGroups = [ "docker" ];
# virtualisation.virtualbox.host.enable = true;
# boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages;
# time.timeZone = pkgs.lib.mkOverride 10 "Europe/London";
services.avahi.nssmdns = true;
}

@ -4,4 +4,6 @@
# Use the gummiboot efi boot loader. # Use the gummiboot efi boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.kernelModules = [ "fbcon" ];
} }

@ -1,11 +0,0 @@
{ config, pkgs, ... }:
{
nix.package = pkgs.nixUnstable;
nix.extraOptions = ''
experimental-features = flakes nix-command
'';
}

@ -1,10 +0,0 @@
{ config, pkgs, ... }:
{
boot = {
kernelModules = [ "v4l2loopback" ];
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
};
}

@ -3,7 +3,6 @@
{ {
imports = imports =
[ [
/etc/nixos/hardware-configuration.nix
./common-headless.nix ./common-headless.nix
]; ];
@ -16,7 +15,12 @@
hostId = "3d551a7c"; hostId = "3d551a7c";
}; };
users.extraUsers.gebner.extraGroups = ["transmission"]; services.openssh.enable = true;
users.extraUsers.gebner = {
isNormalUser = true;
extraGroups = ["wheel" "transmission"];
};
boot.supportedFilesystems = ["zfs"]; boot.supportedFilesystems = ["zfs"];
boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages; boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages;
@ -28,21 +32,11 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/home/drebner" = pkgs.lib.mkOverride 10 {
device = "vaccaria/drebner";
fsType = "zfs";
};
users.extraUsers.drebner = {
isNormalUser = true;
};
services.samba = { services.samba = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
passdb backend = tdbsam passdb backend = tdbsam
unix password sync = no unix password sync = no
min protocol = NT1
''; '';
shares = { shares = {
export = { export = {
@ -50,11 +44,6 @@
"read only" = "no"; "read only" = "no";
path = "/mnt/vaccaria"; path = "/mnt/vaccaria";
}; };
drebner = {
"guest ok" = "no";
"read only" = "no";
path = "/home/drebner";
};
}; };
}; };
@ -72,7 +61,6 @@
allowedTCPPorts = [ allowedTCPPorts = [
445 139 # samba 445 139 # samba
config.services.transmission.settings.peer-port config.services.transmission.settings.peer-port
config.services.rsyncd.port
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
137 138 # samba 137 138 # samba
@ -82,47 +70,32 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
transmission transmission
samba samba
rdiff-backup
]; ];
# fancontrol # fancontrol
boot.kernelModules = ["it87"]; boot.kernelModules = ["it87"];
# systemd.services.fancontrol = systemd.services.fancontrol =
# let fancontrolConfig = pkgs.writeText "fancontrol" '' let fancontrolConfig = pkgs.writeText "fancontrol" ''
# # Configuration file generated by pwmconfig, changes will be lost # Configuration file generated by pwmconfig, changes will be lost
# INTERVAL=10 INTERVAL=10
# DEVPATH=hwmon1=devices/pci0000:00/0000:00:18.3 hwmon0=devices/platform/it87.552 DEVPATH=hwmon0=devices/pci0000:00/0000:00:18.3 hwmon2=devices/platform/it87.552
# DEVNAME=hwmon1=k10temp hwmon0=it8720 DEVNAME=hwmon0=k10temp hwmon2=it8720
# FCTEMPS=hwmon0/pwm3=hwmon1/temp1_input hwmon0/pwm1=hwmon1/temp1_input FCTEMPS=hwmon2/pwm3=hwmon0/temp1_input hwmon2/pwm1=hwmon0/temp1_input
# FCFANS=hwmon0/pwm3=hwmon0/fan1_input hwmon0/pwm1=hwmon0/fan1_input FCFANS=hwmon2/pwm3=hwmon2/fan1_input hwmon2/pwm1=hwmon2/fan1_input
# MINTEMP=hwmon0/pwm3=40 hwmon0/pwm1=40 MINTEMP=hwmon2/pwm3=40 hwmon2/pwm1=40
# MAXTEMP=hwmon0/pwm3=65 hwmon0/pwm1=65 MAXTEMP=hwmon2/pwm3=65 hwmon2/pwm1=65
# MINSTART=hwmon0/pwm3=150 hwmon0/pwm1=150 MINSTART=hwmon2/pwm3=150 hwmon2/pwm1=150
# MINSTOP=hwmon0/pwm3=0 hwmon0/pwm1=100 MINSTOP=hwmon2/pwm3=0 hwmon2/pwm1=100
# ''; in { ''; in {
# description = "fancontrol from lm_sensors"; description = "fancontrol from lm_sensors";
# wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
# serviceConfig.ExecStart = "${pkgs.lm_sensors}/bin/fancontrol ${fancontrolConfig}"; serviceConfig.ExecStart = "${pkgs.lm_sensors}/bin/fancontrol ${fancontrolConfig}";
# }; };
# hdd spindown # hdd spindown
powerManagement.powerUpCommands = '' powerManagement.powerUpCommands = ''
${pkgs.hdparm}/bin/hdparm -B200 -S0 /dev/sd{a,b,c,d,e,f} ${pkgs.hdparm}/bin/hdparm -B127 -S100 /dev/sd{a,b,c,d,e,f}
''; '';
services.rsyncd = {
enable = true;
modules = {
lr_mobile = {
path = "/mnt/vaccaria/fotos/lr_mobile";
"read only" = "yes";
};
};
};
users.extraUsers.gebner.openssh.authorizedKeys.keys = [
''command="rdiff-backup --server --restrict-read-only /",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiZhy9mm9sUeomfe9Vj5JhNE4l7YOkj7Yiii5Ni2RzUyj/dc9pxvNJSI+om/ruwb1n2gIYi0bOpwrZGiyvrUrpiqLcOwU6IOYLxnQ3E9nHLX3rsGMIyJtMcoBOcTY/rJMogqA4m6uMaaPEaeBlS5F/qb5UGIvQ7YlW1rF75RJ/QXrdL3Y7R3OJbG90QGR5EThs/1HOEBUKgkEcPQDodzNvZ8hFtznWrCw5bMSQYGMfY4WBc1b7UdLaYZ6vghQgsZ5IyvFDvCNTHTfhObYhv71YMXDkocAyI8XecNP1hoJ67oZ1xn06LEUEMiuXIQ4Ss7RYZLzNc2yrd5RYqCdd4x1n backups@aruanus''
];
} }