commit 25be5d58d9369dbf8300adad875ad981101cf69d Author: kat witch Date: Sun Nov 1 20:04:42 2020 +0000 Initial commit. diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..8197208c --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +result +secrets.nix \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 00000000..ccc0708b --- /dev/null +++ b/README.md @@ -0,0 +1,7 @@ +# Proto readme + +* export NIX_SSHOPTS="-p 62954" +* export NIX_SSHOPTS="-p 22" +* nix build -f . deploy.all && ./result +* nix build -f . deploy.$group && ./result +* nix build -f . deploy.$hostname && ./result diff --git a/configuration/common/default.nix b/configuration/common/default.nix new file mode 100644 index 00000000..ca75fbb3 --- /dev/null +++ b/configuration/common/default.nix @@ -0,0 +1,77 @@ +{ config, lib, pkgs, ... }: + +let + home-manager = fetchGit { + url = "https://github.com/nix-community/home-manager"; + rev = "a98ec6ec158686387d66654ea96153ec06be33d7"; + }; +in { + imports = [ + ../../modules + "${home-manager}/nixos" + ./pbb.nix + ./users.nix + ]; + + nixpkgs.overlays = [ + (self: super: import ../../pkgs { nixpkgs = super.path; }) + ]; + + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + boot.kernelParams = [ "quiet" ]; + + nixpkgs.config = { + allowUnfree = true; + }; + + services.journald.extraConfig = "SystemMaxUse=512M"; + nix.gc.automatic = lib.mkDefault true; + nix.gc.options = lib.mkDefault "--delete-older-than 1w"; + nix.trustedUsers = [ "root" "@wheel" ]; + environment.variables.EDITOR = "neovim"; + + + services.openssh.enable = true; + services.openssh.ports = lib.mkDefault [ 62954 ]; + services.openssh.passwordAuthentication = false; + services.openssh.challengeResponseAuthentication = false; + services.openssh.permitRootLogin = lib.mkDefault "prohibit-password"; + services.openssh.extraConfig = "StreamLocalBindUnlink yes"; + security.sudo.wheelNeedsPassword = lib.mkForce false; + + + i18n.defaultLocale = "en_GB.UTF-8"; + time.timeZone = "Europe/London"; + console = { + font = "Lat2-Terminus16"; + keyMap = "uk"; + }; + + fonts.fontconfig.enable = true; + fonts.fonts = [ + pkgs.nerdfonts + pkgs.corefonts + ]; + + environment.systemPackages = with pkgs; [ + smartmontools + lm_sensors + htop + neovim + ripgrep + git + wget + rsync + pv + progress + bc + zstd + file + whois + fd + exa + socat + tmux + gnupg + ]; +} diff --git a/configuration/common/pbb.nix b/configuration/common/pbb.nix new file mode 100644 index 00000000..34b9892f --- /dev/null +++ b/configuration/common/pbb.nix @@ -0,0 +1,13 @@ +let + pbbNixfiles = fetchGit { + url = "https://git.petabyte.dev/petabyteboy/nixfiles"; + rev = "4b0275db7842fda45dcc007d87b6274c4e63382b"; + }; +in { + imports = [ + "${pbbNixfiles}/modules" + ]; + nixpkgs.overlays = [ + (self: super: import "${pbbNixfiles}/pkgs" { nixpkgs = super.path; }) + ]; +} diff --git a/configuration/common/users.nix b/configuration/common/users.nix new file mode 100644 index 00000000..02c34bcc --- /dev/null +++ b/configuration/common/users.nix @@ -0,0 +1,79 @@ +{ config, pkgs, ... }: + +{ + users.users.root = { + openssh.authorizedKeys.keys = with pkgs.lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users); + }; + + users.users.kat = { + uid = 1000; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDX2x9eT02eJn2lAc7zA3c84+FXkft1f3hbTXKZ6+q/F kat@yule" + ]; + shell = pkgs.fish; + extraGroups = [ "wheel" ]; + }; + + home-manager.useGlobalPkgs = true; + home-manager.users.kat = { + programs.firefox = { + enable = true; + }; + + programs.fish = { + enable = true; + plugins = [ + { + name = "bass"; + src = pkgs.fetchFromGitHub { + owner = "edc"; + repo = "bass"; + rev = "d63054b24c2f63aaa3a08fb9ec9d0da4c70ab922"; + sha256 = "0pwci5xxm8308nrb52s5nyxijk0svar8nqrdfvkk2y34z1cg319b"; + }; + } + ]; + }; + + programs.starship = { + enable = true; + enableFishIntegration = true; + }; + + programs.git = { + enable = true; + userName = "katrin fénix"; + userEmail = "me@dork.dev"; + }; + + programs.ssh = { + enable = true; + controlMaster = "auto"; + controlPersist = "10m"; + hashKnownHosts = true; + matchBlocks = let + kat = { + forwardAgent = true; + extraOptions = { + RemoteForward = "/run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra"; + }; + port = 62954; + }; + in { + "beltane" = { + hostname = "beltane.dork.dev"; + } // kat; + "samhain" = { + hostname = "192.168.1.135"; + } // kat; + "yule" = { + hostname = "192.168.1.92"; + } // kat; + }; + }; + + programs.bat.enable = true; + programs.tmux.enable = true; + }; +} \ No newline at end of file diff --git a/configuration/desktop/default.nix b/configuration/desktop/default.nix new file mode 100644 index 00000000..c1857bf3 --- /dev/null +++ b/configuration/desktop/default.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: + +{ + nixpkgs.config = { + mumble.speechdSupport = true; + }; + + home-manager.users.kat = { + home.packages = [ + pkgs._1password + pkgs.mpv + pkgs.mumble + pkgs.syncplay + pkgs.youtube-dl + pkgs.jdk11 + pkgs.lm_sensors + pkgs.discord + pkgs.tdesktop + pkgs.dino + pkgs.dconf2nix + pkgs.vscode + pkgs.neofetch + pkgs.htop + pkgs.jetbrains.clion + pkgs.jetbrains.idea-ultimate + pkgs.jetbrains.goland + pkgs.gnome3.gnome-tweak-tool + pkgs.gnomeExtensions.caffeine + pkgs.gnomeExtensions.emoji-selector + pkgs.gnomeExtensions.gsconnect + pkgs.gnomeExtensions.dash-to-panel + pkgs.gnomeExtensions.appindicator + pkgs.gnomeExtensions.dash-to-dock + pkgs.gnomeExtensions.arc-menu + ]; + gtk = { + enable = true; + iconTheme = { + name = "Arc"; + package = pkgs.numix-icon-theme-square; + }; + theme = { + name = "Arc"; + package = pkgs.arc-theme; + }; + }; + }; + + fonts.fontconfig.enable = true; + fonts.fonts = [ + pkgs.nerdfonts + pkgs.corefonts + ]; + + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome3.enable = true; + + sound.enable = true; + hardware.pulseaudio.enable = true; + hardware.opengl.enable = true; + services.xserver.libinput.enable = true; +} diff --git a/configuration/hosts/beltane/configuration.nix b/configuration/hosts/beltane/configuration.nix new file mode 100644 index 00000000..09734676 --- /dev/null +++ b/configuration/hosts/beltane/configuration.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: + +let unstable = import {}; in { + imports = + [ + ../../common + ./hardware-configuration.nix + #./services/postgres.nix + ./services/znc.nix + ./services/weechat.nix + #./services/gitea.nix + #./services/matrix.nix + #./services/nextcloud.nix + #./services/bitwarden.nix + ./services/nginx.nix + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + networking = { + hostName = "beltane"; + useDHCP = false; + interfaces.enp1s0.useDHCP = true; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + + system.stateVersion = "20.09"; +} + diff --git a/configuration/hosts/beltane/hardware-configuration.nix b/configuration/hosts/beltane/hardware-configuration.nix new file mode 100644 index 00000000..8bf097ba --- /dev/null +++ b/configuration/hosts/beltane/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/126049c0-34bd-4d96-a8db-276c5d172abe"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/1f19daed-1c51-4b14-bfe8-bd7ea075ed96"; } + ]; + + nix.maxJobs = lib.mkDefault 3; +} diff --git a/configuration/hosts/beltane/services/bitwarden.nix b/configuration/hosts/beltane/services/bitwarden.nix new file mode 100644 index 00000000..c0dab4d1 --- /dev/null +++ b/configuration/hosts/beltane/services/bitwarden.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: + +let secrets = ( import ../secrets.nix ); in { + bitwarden_rs = { + enable = true; + config = { + rocketPort = 4000; + websocketEnabled = true; + signupsAllowed = false; + adminToken = secrets.bitwarden.token; + domain = "https://pw.dork.dev"; + }; + }; +} \ No newline at end of file diff --git a/configuration/hosts/beltane/services/gitea.nix b/configuration/hosts/beltane/services/gitea.nix new file mode 100644 index 00000000..2db95880 --- /dev/null +++ b/configuration/hosts/beltane/services/gitea.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: + +{ + gitea = { + enable = true; + disableRegistration = true; # TODO change for initial setup + domain = "git.dork.dev"; + rootUrl = "https://git.dork.dev"; + }; +} \ No newline at end of file diff --git a/configuration/hosts/beltane/services/matrix.nix b/configuration/hosts/beltane/services/matrix.nix new file mode 100644 index 00000000..d38edd08 --- /dev/null +++ b/configuration/hosts/beltane/services/matrix.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: + +let secrets = ( import ../secrets.nix ); in { + matrix-synapse = { + enable = true; + registration_shared_secret = secrets.matrix.secret; + server_name = "dork.dev"; + listeners = [ + { + port = 8008; + bind_address = "::1"; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = false; + } + ]; + } + ]; + }; +} \ No newline at end of file diff --git a/configuration/hosts/beltane/services/nextcloud.nix b/configuration/hosts/beltane/services/nextcloud.nix new file mode 100644 index 00000000..3aeef19e --- /dev/null +++ b/configuration/hosts/beltane/services/nextcloud.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +{ + systemd.services."nextcloud-setup" = { + requires = ["postgresql.service"]; + after = ["postgresql.service"]; + }; + + services.nextcloud = { + enable = true; + hostName = "fs.dork.dev"; + https = true; + nginx.enable = true; + config = { + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; + dbname = "nextcloud"; + adminpassFile = "/var/lib/nextcloud/admin_pass"; # TODO replace this with proper secrets management + adminuser = "root"; + }; + }; +} \ No newline at end of file diff --git a/configuration/hosts/beltane/services/nginx.nix b/configuration/hosts/beltane/services/nginx.nix new file mode 100644 index 00000000..73a2374f --- /dev/null +++ b/configuration/hosts/beltane/services/nginx.nix @@ -0,0 +1,87 @@ +{ config, pkgs, ... }: + +let common = { + enableACME = true; + forceSSL = true; +}; in { + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + commonHttpConfig = '' + map $scheme $hsts_header { + https "max-age=31536000; includeSubdomains; preload"; + } + add_header Strict-Transport-Security $hsts_header; + #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; + add_header 'Referrer-Policy' 'origin-when-cross-origin'; + #add_header X-Frame-Options DENY; + #add_header X-Content-Type-Options nosniff; + #add_header X-XSS-Protection "1; mode=block"; + #proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; + ''; + + virtualHosts = { + "beltane.dork.dev" = { + root = "/var/www/beltane"; + } // common; + "dork.dev" = { + root = "/var/www/dork"; + /*locations = { + "/_matrix" = { + proxyPass = "http://[::1]:8008"; + }; + "= /.well-known/matrix/server".extraConfig = + let server = { "m.server" = "dork.dev:443"; }; in '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON server}'; + ''; + "= /.well-known/matrix/client".extraConfig = + let client = { + "m.homeserver" = { "base_url" = "https://dork.dev"; }; + "m.identity_server" = { "base_url" = "https://vector.im"; }; + }; in '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON client}'; + ''; + };*/ + } // common; + /*"pw.dork.dev" = { + locations = { + "/".proxyPass = "http://127.0.0.1:4000"; + "/notifications/hub".proxyPass = "http://127.0.0.1:3012"; + "/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80"; + }; + } // common; + "git.dork.dev" = { + locations = { + "/".proxyPass = "http://127.0.0.1:3000"; + }; + } // common;*/ + "znc.dork.dev" = { + locations = { + "/".proxyPass = "http://127.0.0.1:5000"; + }; + } // common; + "irc.dork.dev" = { + locations = { + "/" = { + root = pkgs.glowing-bear; + }; + "^~ /weechat" = { + proxyPass = "http://127.0.0.1:9000"; + proxyWebsockets = true; + }; + }; + } // common; + }; + }; + + security.acme = { + email = "dorkdev99+acme@gmail.com"; + acceptTerms = true; + }; +} \ No newline at end of file diff --git a/configuration/hosts/beltane/services/postgres.nix b/configuration/hosts/beltane/services/postgres.nix new file mode 100644 index 00000000..dbcc0571 --- /dev/null +++ b/configuration/hosts/beltane/services/postgres.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: + +{ + services.postgresql.enable = true; + services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + services.postgresql.ensureDatabases = [ "nextcloud" ]; + services.postgresql.ensureUsers = [ + { + name = "nextcloud"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + } + ]; +} \ No newline at end of file diff --git a/configuration/hosts/beltane/services/weechat.nix b/configuration/hosts/beltane/services/weechat.nix new file mode 100644 index 00000000..a4c1cbd5 --- /dev/null +++ b/configuration/hosts/beltane/services/weechat.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + services.weechat = { + binary = let new-weechat = pkgs.wrapWeechat pkgs.weechat-unwrapped { + configure = { availablePlugins, ... }: { + scripts = [ pkgs.weechatScripts.weechat-matrix ]; + plugins = [ availablePlugins.perl ( availablePlugins.python.withPackages (ps: [ ps.potr pkgs.weechatScripts.weechat-matrix ])) ]; }; + }; in "${new-weechat}/bin/weechat"; + enable = true; + }; + + programs.screen.screenrc = '' + multiuser on + acladd kat + ''; +} \ No newline at end of file diff --git a/configuration/hosts/beltane/services/znc.nix b/configuration/hosts/beltane/services/znc.nix new file mode 100644 index 00000000..de24e318 --- /dev/null +++ b/configuration/hosts/beltane/services/znc.nix @@ -0,0 +1,50 @@ +{ config, pkgs, ... }: + +let secrets = import ../secrets.nix; in { + services.znc = { + enable = true; + mutable = false; + useLegacyConfig = false; + openFirewall = false; + config = { + Listener.l = { + Port = 5000; + SSL = false; + AllowWeb = true; + }; + modules = [ "webadmin" "adminlog" ]; + User.kat = { + Admin = true; + Nick = "kat"; + AltNick = "katrin"; + Network.freenode = { + Server = "chat.freenode.net +6697 ${secrets.znc.freenode.password}"; + Chan = secrets.znc.freenode.channels; + Nick = secrets.znc.freenode.nick; + AltNick = secrets.znc.freenode.altNick; + JoinDelay = 2; + LoadModule = [ + "simple_away" + "nickserv" + ]; + }; + Network.espernet = { + Server = "anarchy.esper.net +6697 ${secrets.znc.espernet.password}"; + Chan = secrets.znc.espernet.channels; + Nick = secrets.znc.espernet.nick; + AltNick = secrets.znc.espernet.altNick; + JoinDelay = 2; + LoadModule = [ + "simple_away" + "nickserv" + ]; + }; + Pass.password = { + Method = secrets.znc.password.method; + Hash = secrets.znc.password.hash; + Salt = secrets.znc.password.salt; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/configuration/hosts/default.nix b/configuration/hosts/default.nix new file mode 100644 index 00000000..52c6404a --- /dev/null +++ b/configuration/hosts/default.nix @@ -0,0 +1,25 @@ +let + hosts = { + yule = { + ssh.host = "kat@yule"; + groups = [ "desktop" "personal" ]; + }; + beltane = { + ssh.host = "kat@beltane"; + groups = [ "server" "personal" ]; + }; + samhain = { + ssh.host = "kat@samhain"; + groups = [ "desktop" "personal" ]; + }; + }; + pkgs = import {}; + evalConfig = import ; + lib = pkgs.lib; +in lib.mapAttrs (name: host: host // { + config = if (host ? config) then host.config else (evalConfig { + modules = [ + (import "${toString ./.}/${name}/configuration.nix") + ]; + }).config; +}) hosts diff --git a/configuration/hosts/samhain/configuration.nix b/configuration/hosts/samhain/configuration.nix new file mode 100644 index 00000000..eed8f339 --- /dev/null +++ b/configuration/hosts/samhain/configuration.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ../../common + ../../desktop + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + home-manager.users.kat = { + imports = [ + ./dconf.nix + ]; + }; + + networking.hostName = "samhain"; + networking.hostId = "617050fc"; + + networking.useDHCP = false; + networking.interfaces.enp34s0.useDHCP = true; + + system.stateVersion = "20.09"; + +} + diff --git a/configuration/hosts/samhain/dconf.nix b/configuration/hosts/samhain/dconf.nix new file mode 100644 index 00000000..849d601f --- /dev/null +++ b/configuration/hosts/samhain/dconf.nix @@ -0,0 +1,143 @@ +# Generated via dconf2nix: https://github.com/gvolpe/dconf2nix +{ lib, ... }: + +let + mkTuple = lib.hm.gvariant.mkTuple; +in +{ + dconf.settings = { + "org/gnome/control-center" = { + "last-panel" = "network"; + }; + + "org/gnome/desktop/input-sources" = { + "current" = "uint32 0"; + "sources" = [ (mkTuple [ "xkb" "gb" ]) ]; + "xkb-options" = [ "terminate:ctrl_alt_bksp" ]; + }; + + "org/gnome/desktop/interface" = { + "clock-show-seconds" = true; + "clock-show-weekday" = true; + "enable-hot-corners" = false; + "gtk-im-module" = "gtk-im-context-simple"; + }; + + "org/gnome/desktop/notifications" = { + "application-children" = [ "im-dino-dino" "telegramdesktop" "discord" "mumble" "firefox" ]; + }; + + "org/gnome/desktop/notifications/application/discord" = { + "application-id" = "discord.desktop"; + }; + + "org/gnome/desktop/notifications/application/firefox" = { + "application-id" = "firefox.desktop"; + }; + + "org/gnome/desktop/notifications/application/im-dino-dino" = { + "application-id" = "im.dino.Dino.desktop"; + }; + + "org/gnome/desktop/notifications/application/mumble" = { + "application-id" = "mumble.desktop"; + }; + + "org/gnome/desktop/notifications/application/telegramdesktop" = { + "application-id" = "telegramdesktop.desktop"; + }; + + "org/gnome/desktop/privacy" = { + "report-technical-problems" = true; + }; + + "org/gnome/desktop/wm/keybindings" = { + "panel-main-menu" = [ "F1" ]; + }; + + "org/gnome/desktop/wm/preferences" = { + "button-layout" = "appmenu:minimize,maximize,close"; + }; + + "org/gnome/evolution-data-server" = { + "migrated" = true; + "network-monitor-gio-name" = ""; + }; + + "org/gnome/mutter" = { + "attach-modal-dialogs" = true; + "dynamic-workspaces" = true; + "edge-tiling" = true; + "focus-change-on-pointer-rest" = true; + "overlay-key" = "Super_L"; + "workspaces-only-on-primary" = true; + }; + + "org/gnome/nautilus/preferences" = { + "default-folder-viewer" = "icon-view"; + "search-filter-time-type" = "last_modified"; + }; + + "org/gnome/nautilus/window-state" = { + "initial-size" = mkTuple [ 890 550 ]; + "maximized" = false; + }; + + "org/gnome/settings-daemon/plugins/color" = { + #"night-light-last-coordinates" = mkTuple [ 51.579800719942405 -2.47e-2 ]; + }; + + "org/gnome/settings-daemon/plugins/xsettings" = { + "antialiasing" = "grayscale"; + "hinting" = "slight"; + }; + + "org/gnome/shell" = { + "disabled-extensions" = "@as []"; + "enabled-extensions" = [ "arc-menu@linxgem33.com" "caffeine@patapon.info" "dash-to-panel@jderose9.github.com" "emoji-selector@maestroschan.fr" "appindicatorsupport@rgcjonas.gmail.com" ]; + }; + + "org/gnome/shell/extensions/arc-menu" = { + "arc-menu-icon" = 3; + "dtp-dtd-state" = [ true false ]; + "menu-button-icon" = "Arc_Menu_Icon"; + "menu-hotkey" = "Super_L"; + "pinned-app-list" = [ "Firefox" "firefox" "firefox.desktop" "Terminal" "utilities-terminal" "org.gnome.Terminal.desktop" "Arc Menu Settings" "ArcMenu_ArcMenuIcon" "gnome-extensions prefs arc-menu@linxgem33.com" ]; + }; + + "org/gnome/shell/extensions/dash-to-panel" = { + "available-monitors" = [ 1 0 2 ]; + "group-apps" = false; + "hotkeys-overlay-combo" = "TEMPORARILY"; + "multi-monitors" = false; + #"panel-element-positions" = "'{"0":[{"element":"showAppsButton","visible":false,"position":"stackedTL"},{"element":"activitiesButton","visible":false,"position":"stackedTL"},{"element":"leftBox","visible":true,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"stackedTL"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":true,"position":"stackedBR"}],"1":[{"element":"showAppsButton","visible":false,"position":"stackedTL"},{"element":"activitiesButton","visible":false,"position":"stackedTL"},{"element":"leftBox","visible":true,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"stackedTL"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":true,"position":"stackedBR"}],"2":[{"element":"showAppsButton","visible":false,"position":"stackedTL"},{"element":"activitiesButton","visible":false,"position":"stackedTL"},{"element":"leftBox","visible":true,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"stackedTL"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":true,"position":"stackedBR"}]}'"; + #"panel-positions" = "'{"0":"TOP","1":"TOP","2":"TOP"}'"; + "panel-size" = 32; + "primary-monitor" = 1; + }; + + "org/gnome/shell/world-clocks" = { + "locations" = "@av []"; + }; + + "org/gnome/system/location" = { + "enabled" = true; + }; + + "org/gtk/settings/file-chooser" = { + "date-format" = "regular"; + "location-mode" = "path-bar"; + "show-hidden" = false; + "show-size-column" = true; + "show-type-column" = true; + "sidebar-width" = 164; + "sort-column" = "name"; + "sort-directories-first" = false; + "sort-order" = "ascending"; + "type-format" = "category"; + "window-position" = mkTuple [ 358 907 ]; + "window-size" = mkTuple [ 1203 902 ]; + }; + + }; +} diff --git a/configuration/hosts/samhain/hardware-configuration.nix b/configuration/hosts/samhain/hardware-configuration.nix new file mode 100644 index 00000000..5a2fd6e9 --- /dev/null +++ b/configuration/hosts/samhain/hardware-configuration.nix @@ -0,0 +1,35 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "zroot/safe/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "zroot/safe/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/BADB-92F5"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/88595373-9566-401b-8c9b-03bbc8314f1b"; } + ]; + +} diff --git a/configuration/hosts/yule/configuration.nix b/configuration/hosts/yule/configuration.nix new file mode 100644 index 00000000..9396fb99 --- /dev/null +++ b/configuration/hosts/yule/configuration.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ../../common + ../../desktop + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostId = "dddbb888"; + networking.hostName = "yule"; + + networking.useDHCP = false; + networking.interfaces.enp1s0.useDHCP = true; + networking.interfaces.wlp2s0.useDHCP = true; + + system.stateVersion = "20.09"; +} + diff --git a/configuration/hosts/yule/hardware-configuration.nix b/configuration/hosts/yule/hardware-configuration.nix new file mode 100644 index 00000000..88d644b2 --- /dev/null +++ b/configuration/hosts/yule/hardware-configuration.nix @@ -0,0 +1,36 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "zpool/safe/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "zpool/safe/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/4683-4139"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/7e6f47fd-bedb-4012-8072-5e3a556e2f45"; } + ]; + +} + \ No newline at end of file diff --git a/default.nix b/default.nix new file mode 100644 index 00000000..e85a0237 --- /dev/null +++ b/default.nix @@ -0,0 +1,4 @@ +{ + inherit (import ./lib/deploy.nix) deploy; + pkgs = import ./pkgs; +} diff --git a/lib/deploy.nix b/lib/deploy.nix new file mode 100644 index 00000000..ba947f17 --- /dev/null +++ b/lib/deploy.nix @@ -0,0 +1,76 @@ + let + pkgs = import {}; + lib = pkgs.lib; + + hosts = import ../configuration/hosts; + nixosHosts = lib.filterAttrs (name: host: host ? ssh) hosts; + + allGroups = lib.unique ( + lib.flatten ( + lib.mapAttrsToList ( + name: host: host.groups + ) hosts + ) + ); + + hostsInGroup = group: + lib.filterAttrs ( + k: v: builtins.elem group v.groups + ) hosts; + + hostsInAllGroups = lib.listToAttrs ( + map ( + group: lib.nameValuePair group ( + lib.attrNames (hostsInGroup group) + ) + ) allGroups ); + + mkDeploy = hostnames: pkgs.writeScript "deploy-${lib.concatStringsSep "-" hostnames}" '' + #!${pkgs.stdenv.shell} + set -e -o pipefail + export PATH=/run/wrappers/bin/:${with pkgs; lib.makeBinPath [ + coreutils + openssh + nix + gnutar + findutils + nettools + gzip + git + ]} + + MODE=$1 + shift || true + ARGS=$@ + + [ "$MODE" == "" ] && MODE="switch" + + ${lib.concatMapStrings (hostname: let + hostAttrs = nixosHosts.${hostname}; + nixosSystem = (import { + modules = [ + "${toString ../configuration}/hosts/${hostname}/configuration.nix" + ]; + system = if hostAttrs ? system then hostAttrs.system else "x86_64-linux"; + }).config.system.build.toplevel; + in '' + ( + echo "deploying ${hostname}..." + nix copy --no-check-sigs --to ssh://${hostAttrs.ssh.host} ${nixosSystem} + ssh $NIX_SSHOPTS ${hostAttrs.ssh.host} "sudo nix-env -p /nix/var/nix/profiles/system -i ${nixosSystem}" + ssh $NIX_SSHOPTS ${hostAttrs.ssh.host} "sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $MODE" + ) & + PID_LIST+=" $!" + '') hostnames} + + echo "deploys started, waiting for them to finish..." + + trap "kill $PID_LIST" SIGINT + wait $PID_LIST + ''; + + in { + deploy = (lib.mapAttrs (hostname: hostAttrs: mkDeploy [ hostname ]) nixosHosts) + // (lib.mapAttrs (group: hosts: mkDeploy hosts) hostsInAllGroups) + // { all = mkDeploy (lib.attrNames nixosHosts); }; + } diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 00000000..fca5958a --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,6 @@ +{ ... }: + +{ + imports = [ + ]; +} diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 00000000..43897628 --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,10 @@ +{ nixpkgs ? , ... }: + +let + pkgs = import nixpkgs {}; + callPackage = pkgs.lib.callPackageWith (pkgs // newpkgs); + + newpkgs = { + }; + +in newpkgs