diff --git a/config/hosts/goliath.nix b/config/hosts/goliath.nix
deleted file mode 100644
index f704c24d..00000000
--- a/config/hosts/goliath.nix
+++ /dev/null
@@ -1,459 +0,0 @@
-{ meta, tf, config, pkgs, lib, ... }: with lib; {
- imports = with meta; [
- profiles.hardware.ms-7b86
- profiles.hardware.razer
- profiles.hardware.bamboo
- profiles.hardware.networkmanager
- profiles.gui
- profiles.x11
- profiles.vfio
- profiles.network
- profiles.cross.aarch64
- profiles.cross.armv6l
- profiles.cross.armv7l
- users.kat.guiX11Full
- users.kat.services.weechat
- services.nginx
- services.restic
- services.zfs
- ];
-
-
- config = {
- deploy.tf = {
- resources.goliath = {
- provider = "null";
- type = "resource";
- connection = {
- port = head config.services.openssh.ports;
- host = config.network.addresses.private.nixos.ipv4.address;
- };
- };
- };
-
- boot.supportedFilesystems = [ "zfs" "xfs" ];
-
- fileSystems = {
- "/" = {
- device = "rpool/ephemeral/root";
- fsType = "zfs";
- };
- "/nix" = {
- device = "rpool/local/nix";
- fsType = "zfs";
- };
- "/home" = {
- device = "rpool/ephemeral/home";
- fsType = "zfs";
- };
- "/persist/root" = {
- device = "rpool/persist/root";
- fsType = "zfs";
- neededForBoot = true;
- };
- "/persist/home" = {
- device = "rpool/persist/home";
- fsType = "zfs";
- neededForBoot = true;
- };
- "/boot" = {
- device = "/dev/disk/by-uuid/AED6-D0D1";
- fsType = "vfat";
- };
- "/mnt/xstore" = {
- device = "/dev/disk/by-uuid/64269102-a278-4919-9118-34e37f4afdb0";
- fsType = "xfs";
- };
- };
-
-
- boot.initrd.postDeviceCommands = mkIf (config.fileSystems."/".fsType == "zfs") (mkAfter ''
- zfs rollback -r ${config.fileSystems."/".device}@blank
- zfs rollback -r ${config.fileSystems."/home".device}@blank
- '');
-
- programs.fuse.userAllowOther = true;
-
- environment.persistence."/persist/root" = {
- directories = [
- "/var/log"
- "/var/lib/systemd/coredump"
- "/var/lib/acme"
- "/var/lib/yggdrasil"
- "/var/lib/kat/secrets"
- ];
- files = [
- "/etc/machine-id"
- "/etc/nix/id_rsa"
- "/etc/ssh/ssh_host_rsa_key"
- "/etc/ssh/ssh_host_rsa_key.pub"
- "/etc/ssh/ssh_host_ed25519_key"
- "/etc/ssh/ssh_host_ed25519_key.pub"
- ];
- };
-
- secrets.persistentRoot = mkForce "/persist/root/var/lib/kat/secrets";
-
- home-manager.users.kat = {
- secrets.persistentRoot = mkForce "/persist/home/.cache/kat/secrets";
-
- home.persistence."/persist/home" = {
- allowOther = true;
- directories = [
- ".cache/kat/secrets"
- ".cache/rbw"
- ".cache/nix"
- ".local/share/z"
- ".local/share/vim"
- ".local/share/nvim"
- ".local/share/task"
- ".local/share/dino"
- ".local/share/weechat"
- ".local/share/TelegramDesktop"
- ".local/share/Mumble"
- ".local/share/direnv"
- ".config/Mumble"
- ".config/Element"
- ".config/discord"
- ".config/obsidian"
- ".config/hedgedoc"
- ".config/obs-studio"
- ".ApacheDirectoryStudio"
- ".gnupg"
- ".mozilla"
- "neorg"
- "docs"
- "media"
- "mail"
- "projects"
- "shared"
- ];
- files = [
- ".ssh/known_hosts"
- ".zsh_history"
- ];
- };
- };
-
- swapDevices = [
- { device = "/dev/disk/by-uuid/89831a0f-93e6-4d30-85e4-09061259f140"; }
- { device = "/dev/disk/by-uuid/8f944315-fe1c-4095-90ce-50af03dd5e3f"; }
- ];
-
- boot.loader = {
- systemd-boot.enable = true;
- efi.canTouchEfiVariables = true;
- };
-
- deploy.profile.hardware.acs-override = builtins.getEnv "CI_PLATFORM" == "impure";
-
- users.users.kat.extraGroups = singleton "openrazer";
-
-
- hardware = {
- displays = {
- "HDMI-A-1" = {
- res = "1920x1080";
- pos = "1920 0";
- };
- "DVI-D-1" = {
- res = "1920x1200";
- pos = "3840 0";
- };
- "DP-1" = {
- res = "1920x1080";
- pos = "0 0";
- };
- };
- bamboo.display = "HDMI-A-1";
- openrazer.enable = true;
- };
-
- environment.systemPackages = [
- pkgs.razergenie
- ];
-
- boot.modprobe.modules = {
- vfio-pci =
- let
- vfio-pci-ids = [
- "1002:67df"
- "1002:aaf0" # RX 580
- "1912:0014" # Renesas USB 3
- "1022:149c" # CPU USB 3
- ];
- in
- mkIf (vfio-pci-ids != [ ]) {
- options.ids = concatStringsSep "," vfio-pci-ids;
- };
- kvm_amd.options = {
- avic = true;
- npt = true;
- };
- };
-
- deploy.profile.i3 = true;
-
- services.udev.extraRules = ''
- SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="1532", ATTRS{idProduct}=="0067", GROUP="vfio"
- SUBSYSTEM=="block", ACTION=="add", ATTRS{model}=="HFS256G32TNF-N3A", ATTRS{wwid}=="t10.ATA HFS256G32TNF-N3A0A MJ8BN15091150BM1Z ", OWNER="kat"
- '';
-
- services.xserver= {
- extraConfig = ''
- Section "Monitor"
- Identifier "DisplayPort-0"
- Option "PreferredMode" "1920x1080"
- Option "Position" "0 0"
- EndSection
- Section "Monitor"
- Identifier "HDMI-A-0"
- Option "Primary" "true"
- Option "PreferredMode" "1920x1080"
- Option "Position" "1920 0"
- EndSection
- Section "Monitor"
- Identifier "DVI-D-0"
- Option "PreferredMode" "1920x1200"
- Option "Position" "3840 0"
- EndSection
- '';
- deviceSection = ''
- Option "monitor-HDMI-A-0" "HDMI-A-0"
- Option "monitor-DisplayPort-0" "DisplayPort-0"
- Option "monitor-DVI-D-0" "DVI-D-0"
- BusID "PCI:37:0:0"
- '';
- };
-
-
- environment.etc = {
- "sensors3.conf".text = ''
- chip "nct6797-isa-0a20"
- label in0 "Vcore"
- label in1 "+5V"
- compute in1 5*@, @/5
- label in2 "AVCC"
- set in2_min 3.3 * 0.90
- set in2_max 3.3 * 1.10
- label in3 "+3.3V"
- set in3_min 3.3 * 0.90
- set in3_max 3.3 * 1.10
- label in4 "+12V"
- compute in4 12*@, @/12
- label in5 "DIMM"
- compute in5 (8+18/19)*@, @/(8+18/19)
- # label in6 "wtf?" # can't find this in hwinfo64?
- label in7 "3VSB"
- set in7_min 3.3 * 0.90
- set in7_max 3.3 * 1.10
- label in8 "Vbat"
- set in8_min 3.3 * 0.90
- set in8_max 3.3 * 1.10
- label in9 "VTT"
- ignore in10 # always zero
- # label in11 "VIN4" # on hwinfo64
- label in12 "SoC" # "CPU NB" on hwinfo64
- # label in13 "VIN6" # on hwinfo64
- # label in13 "VIN7" # on hwinfo64
- label fan1 "Rear Fan" # "Pump Fan"
- label fan2 "CPU Fan"
- label fan3 "Top Exhaust" # "Case Fan 1"
- label fan4 "Front Fan" # "Case Fan 2"
- label fan5 "Top Intake" # "Case Fan 3"
- label fan6 "Front Fan" # "Case Fan 4"
- label temp7 "Core"
- label temp1 "Motherboard"
- label temp2 "CPU"
- label temp3 "System" # Auxillary
- ignore temp4
- ignore temp6
- ignore temp8
- ignore temp9
- ignore temp10
- ignore intrusion0
- ignore intrusion1
- ignore beep_enable
- '';
- };
-
-
- networking = {
- hostId = "617050fc";
- useDHCP = false;
- /*useNetworkd = true;*/
- /*interfaces = {
- enp34s0 = {
- /*ipv4.addresses = singleton {
- inherit (config.network.addresses.private.nixos.ipv4) address;
- prefixLength = 24;
- };
- };
- defaultGateway = config.network.privateGateway;*/
- firewall.allowPing = true;
- };
-
- /* boot.kernel.sysctl = let
- nct = ".//.//.sys.devices.platform.nct6775/2592.hwmon.hwmon1";
- in {
- # rear exhaust
- #"${nct}.pwm1_mode" = 0;
- "${nct}.pwm1_temp_sel" = 2;
- "${nct}.pwm1_enable" = 5;
- "${nct}.pwm1_auto_point1_temp" = 35000;
- "${nct}.pwm1_auto_point1_pwm" = 88;
- "${nct}.pwm1_auto_point2_temp" = 38000;
- "${nct}.pwm1_auto_point2_pwm" = 104;
- "${nct}.pwm1_auto_point3_temp" = 47000;
- "${nct}.pwm1_auto_point3_pwm" = 144;
- "${nct}.pwm1_auto_point4_temp" = 49000;
- "${nct}.pwm1_auto_point4_pwm" = 224;
- "${nct}.pwm1_auto_point5_temp" = 52000;
- "${nct}.pwm1_auto_point5_pwm" = 255;
- "${nct}.pwm1_step_up_time" = 150;
- "${nct}.pwm1_step_down_time" = 150;
-
- # cpu fan
- #${nct}.pwm2_mode=0
- "${nct}.pwm2_temp_sel" = 2;
- "${nct}.pwm2_enable" = 5;
- "${nct}.pwm2_auto_point1_temp" = 34000;
- "${nct}.pwm2_auto_point1_pwm" = 0;
- "${nct}.pwm2_auto_point2_temp" = 34500;
- "${nct}.pwm2_auto_point2_pwm" = 128;
- "${nct}.pwm2_auto_point3_temp" = 47000;
- "${nct}.pwm2_auto_point3_pwm" = 160;
- "${nct}.pwm2_auto_point4_temp" = 49000;
- "${nct}.pwm2_auto_point4_pwm" = 224;
- "${nct}.pwm2_auto_point5_temp" = 52000;
- "${nct}.pwm2_auto_point5_pwm" = 255;
- "${nct}.pwm2_step_up_time" = 50;
- "${nct}.pwm2_step_down_time" = 50;
-
- # top exhaust
- #"${nct}.pwm3_mode" = 0;
- "${nct}.pwm3_temp_sel" = 2;
- "${nct}.pwm3_enable" = 5;
- "${nct}.pwm3_auto_point1_temp" = 36000;
- "${nct}.pwm3_auto_point1_pwm" = 0;
- "${nct}.pwm3_auto_point2_temp" = 39000;
- "${nct}.pwm3_auto_point2_pwm" = 136;
- "${nct}.pwm3_auto_point3_temp" = 48000;
- "${nct}.pwm3_auto_point3_pwm" = 144;
- "${nct}.pwm3_auto_point4_temp" = 50000;
- "${nct}.pwm3_auto_point4_pwm" = 176;
- "${nct}.pwm3_auto_point5_temp" = 53000;
- "${nct}.pwm3_auto_point5_pwm" = 255;
- "${nct}.pwm3_step_up_time" = 100;
- "${nct}.pwm3_step_down_time" = 100;
-
- # front 1
- #"${nct}.pwm4_mode" = 0;
- "${nct}.pwm4_temp_sel" = 2;
- "${nct}.pwm4_enable" = 5;
- "${nct}.pwm4_auto_point1_temp" = 35000;
- "${nct}.pwm4_auto_point1_pwm" = 104;
- "${nct}.pwm4_auto_point2_temp" = 38000;
- "${nct}.pwm4_auto_point2_pwm" = 176;
- "${nct}.pwm4_auto_point3_temp" = 47000;
- "${nct}.pwm4_auto_point3_pwm" = 192;
- "${nct}.pwm4_auto_point4_temp" = 49000;
- "${nct}.pwm4_auto_point4_pwm" = 224;
- "${nct}.pwm4_auto_point5_temp" = 52000;
- "${nct}.pwm4_auto_point5_pwm" = 255;
- "${nct}.pwm4_step_up_time" = 100;
- "${nct}.pwm4_step_down_time" = 100;
-
- # top intake
- #"${nct}.pwm5_mode" = 0;
- "${nct}.pwm5_temp_sel" = 2;
- "${nct}.pwm5_enable" = 5;
- "${nct}.pwm5_auto_point1_temp" = 36000;
- "${nct}.pwm5_auto_point1_pwm" = 104;
- "${nct}.pwm5_auto_point2_temp" = 39000;
- "${nct}.pwm5_auto_point2_pwm" = 144;
- "${nct}.pwm5_auto_point3_temp" = 48000;
- "${nct}.pwm5_auto_point3_pwm" = 176;
- "${nct}.pwm5_auto_point4_temp" = 50000;
- "${nct}.pwm5_auto_point4_pwm" = 208;
- "${nct}.pwm5_auto_point5_temp" = 53000;
- "${nct}.pwm5_auto_point5_pwm" = 255;
- "${nct}.pwm5_step_up_time" = 100;
- "${nct}.pwm5_step_down_time" = 100;
-
- # front 2
- #"${nct}.pwm6_mode" = 0;
- "${nct}.pwm6_temp_sel" = 2;
- "${nct}.pwm6_enable" = 5;
- "${nct}.pwm6_auto_point1_temp" = 35000;
- "${nct}.pwm6_auto_point1_pwm" = 104;
- "${nct}.pwm6_auto_point2_temp" = 38000;
- "${nct}.pwm6_auto_point2_pwm" = 176;
- "${nct}.pwm6_auto_point3_temp" = 47000;
- "${nct}.pwm6_auto_point3_pwm" = 192;
- "${nct}.pwm6_auto_point4_temp" = 49000;
- "${nct}.pwm6_auto_point4_pwm" = 224;
- "${nct}.pwm6_auto_point5_temp" = 52000;
- "${nct}.pwm6_auto_point5_pwm" = 255;
- "${nct}.pwm6_step_up_time" = 100;
- "${nct}.pwm6_step_down_time" = 100;
- }; */
- /*systemd.network = {
- networks.enp34s0 = {
- matchConfig.Name = "enp34s0";
- bridge = singleton "br";
- };
- networks.br = {
- matchConfig.Name = "br";
- address = singleton "${config.network.addresses.private.nixos.ipv4.address}/24";
- gateway = singleton config.network.privateGateway;
- };
- netdevs.br = {
- netdevConfig = {
- Name = "br";
- Kind = "bridge";
- MACAddress = "00:d8:61:c7:f4:9d";
- };
- };
- };*/
-
- services.avahi.enable = true;
-
- network = {
- addresses = {
- private = {
- enable = true;
- nixos = {
- ipv4.address = "192.168.1.1";
- };
- };
- };
- yggdrasil = {
- enable = true;
- pubkey = "9604cc51760376fa111e931aad1a71ab91f240517a7d60932c6646104b99db47";
- address = "200:d3f6:675d:13f9:120b:ddc2:d9ca:a5cb";
- listen.enable = false;
- listen.endpoints = [ "tcp://0.0.0.0:0" ];
- };
- firewall = {
- public = {
- interfaces = [ "br" "enp34s0" ];
- };
- private = {
- interfaces = singleton "yggdrasil";
- tcp = {
- ports = [
- 8096
- ];
- ranges = [{
- from = 32768;
- to = 60999;
- }];
- };
- };
- };
- };
-
- system.stateVersion = "21.11";
- };
-}
diff --git a/config/hosts/issun-boushi.nix b/config/hosts/issun-boushi.nix
new file mode 100644
index 00000000..c6499361
--- /dev/null
+++ b/config/hosts/issun-boushi.nix
@@ -0,0 +1,51 @@
+{ config, meta, pkgs, lib, modulesPath, ... }: with lib; {
+ imports = with meta; [
+ profiles.hardware.raspi
+ (modulesPath + "/installer/sd-card/sd-image-raspberrypi.nix")
+ ];
+
+ home-manager.users.kat.programs.neovim.enable = mkForce false;
+ programs.mosh.enable = mkForce false;
+
+ boot.supportedFilesystems = mkForce (singleton "ext4");
+
+ deploy.tf = {
+ resources.shinmyoumaru = {
+ provider = "null";
+ type = "resource";
+ connection = {
+ port = head config.services.openssh.ports;
+ host = config.network.addresses.private.nixos.ipv4.address;
+ };
+ };
+ };
+
+ networking = {
+ useDHCP = true;
+ interfaces.eth0.useDHCP = true;
+ };
+
+ network = {
+ addresses = {
+ private = {
+ enable = true;
+ nixos = {
+ ipv4.address = "192.168.1.34";
+ };
+ };
+ };
+ yggdrasil = {
+ enable = false;
+ pubkey = "70c18030247e98fdffe4fd81f5fa8c7c4ed43fd6a4fb2b5ef7af0a010d08f63c";
+ address = "200:691b:b4fb:6987:711f:bde:9b5c:8af3";
+ listen.enable = false;
+ listen.endpoints = [ "tcp://0.0.0.0:0" ];
+ };
+ firewall = {
+ private.interfaces = singleton "yggdrasil";
+ public.interfaces = singleton "eth0";
+ };
+ };
+
+ system.stateVersion = "21.11";
+}
diff --git a/config/hosts/koishi.nix b/config/hosts/koishi.nix
index e326d28d..37fd02e2 100644
--- a/config/hosts/koishi.nix
+++ b/config/hosts/koishi.nix
@@ -7,7 +7,6 @@
profiles.network
(users.kat.guiFlavour "gnome")
services.nginx
- services.dnscrypt-proxy
];
config = {
@@ -45,26 +44,51 @@ Host daiyousei-build
'';
fileSystems = {
"/" = {
- device = "/dev/disk/by-uuid/31bfd91b-bdba-47a9-81bf-c96e0adc88e3";
+ device = "/dev/disk/by-uuid/a664de0f-9883-420e-acc5-b9602a23e816";
fsType = "xfs";
};
"/boot" = {
- device = "/dev/disk/by-uuid/89A2-ED28";
+ device = "/dev/disk/by-uuid/DEBC-8F03";
fsType = "vfat";
};
};
swapDevices =
- [ { device = "/dev/disk/by-uuid/96952382-7f56-46b5-8c84-1f0130f68b63"; }
+ [ { device = "/dev/disk/by-uuid/0d846453-95b4-46e1-8eaf-b910b4321ef0"; }
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
boot = {
supportedFilesystems = [ "xfs" "zfs" ];
- initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/8dd300d3-c432-47b6-8466-55682cd1c1a1";
+ initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/f0ea08b4-6af7-4d90-a2ad-edd5672a2105";
loader = {
- systemd-boot.enable = true;
- efi.canTouchEfiVariables = true;
+ efi = {
+ canTouchEfiVariables = true;
+ # assuming /boot is the mount point of the EFI partition in NixOS (as the installation section recommends).
+ efiSysMountPoint = "/boot";
+ };
+ grub = {
+ # despite what the configuration.nix manpage seems to indicate,
+ # as of release 17.09, setting device to "nodev" will still call
+ # `grub-install` if efiSupport is true
+ # (the devices list is not used by the EFI grub install,
+ # but must be set to some value in order to pass an assert in grub.nix)
+ devices = [ "nodev" ];
+ efiSupport = true;
+ enable = true;
+ # set $FS_UUID to the UUID of the EFI partition
+ extraEntries = ''
+ menuentry "Windows" {
+ insmod part_gpt
+ insmod fat
+ insmod search_fs_uuid
+ insmod chain
+ search --fs-uuid --set=root DEBC-8F03
+ chainloader /EFI/Microsoft/Boot/bootmgfw.efi
+ }
+ '';
+ version = 2;
+ };
};
};
diff --git a/config/hosts/marisa.nix b/config/hosts/marisa.nix
index e4a091b3..1c9532f6 100644
--- a/config/hosts/marisa.nix
+++ b/config/hosts/marisa.nix
@@ -1,7 +1,6 @@
{ config, lib, pkgs, modulesPath, tf, meta, ... }: with lib; {
imports = with meta; [
(modulesPath + "/profiles/qemu-guest.nix")
- services.dnscrypt-proxy
profiles.network
services.nginx
services.access
@@ -81,31 +80,6 @@
};
};
- # Youko WG
- networking.wireguard.interfaces.wg-youko = {
- ips = [
- "10.42.68.1/24"
- ];
- listenPort = 51819;
- peers = [
- {
- allowedIPs = [
- "10.42.68.0/24"
- ];
- publicKey = "nc7mpg2tbawWR9xjFsk/loxAMtRhEZ49PCJXNYk/Qm8=";
- }
- ];
- privateKeyFile = config.secrets.files.wg-youko-privkey.path;
- };
- networking.firewall.allowedUDPPorts = [ 51819 ];
-
- kw.secrets.variables.wg-youko-privkey = {
- path = "secrets/wireguard";
- field = "youko-privkey";
- };
- secrets.files.wg-youko-privkey = {
- text = "${tf.variables.wg-youko-privkey.ref}";
- };
fileSystems."/" ={
device = "/dev/disk/by-uuid/6ed3e886-d390-433f-90ac-2b37aed9f15f";
diff --git a/config/hosts/medicine.nix b/config/hosts/medicine.nix
deleted file mode 100644
index 3b5a7faf..00000000
--- a/config/hosts/medicine.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ meta, config, pkgs, modulesPath, lib, ... }: with lib; {
- options.home-manager.users = let
- userNMExtend = { config, nixos, ... }: {
- services.network-manager-applet.enable = true;
- };
- userBase16Extend = { config, nixos, ... }: {
- base16.alias.default = "atelier.atelier-cave-light";
- };
- in mkOption {
- type = types.attrsOf (types.submoduleWith {
- modules = [ userNMExtend userBase16Extend ];
- });
- };
-
- imports = with meta; [
- profiles.gui
- users.kat.guiFull
- (modulesPath + "/installer/cd-dvd/installation-cd-base.nix")
- ];
-
-
- config = {
- installer.cloneConfig = false;
-
- networking = {
- networkmanager.enable = true;
- wireless.enable = mkForce false;
- };
-
- hardware.displays = {};
-
- system.stateVersion = "21.11";
- };
-}
diff --git a/config/hosts/rinnosuke.nix b/config/hosts/rinnosuke.nix
index e0c66402..1c09dec2 100644
--- a/config/hosts/rinnosuke.nix
+++ b/config/hosts/rinnosuke.nix
@@ -3,7 +3,7 @@
profiles.hardware.oracle.ubuntu
profiles.network
services.nginx
- ] ++ optional (builtins.getEnv "CI_PLATFORM" == "TRUSTED" && builtins.pathExists ../trusted/knot) ../trusted/knot;
+ ] ++ optional (builtins.getEnv "CI_PLATFORM" == "impure" && builtins.pathExists ../trusted/knot) ../trusted/knot;
kw.oci = {
specs = {
diff --git a/config/hosts/shinmyoumaru.nix b/config/hosts/shinmyoumaru.nix
index e9737820..6715e8bf 100644
--- a/config/hosts/shinmyoumaru.nix
+++ b/config/hosts/shinmyoumaru.nix
@@ -1,7 +1,6 @@
{ config, meta, pkgs, lib, modulesPath, ... }: with lib; {
imports = with meta; [
profiles.hardware.raspi
- profiles.network
services.dnscrypt-proxy
services.dht22-exporter
(modulesPath + "/installer/sd-card/sd-image-raspberrypi.nix")
@@ -25,11 +24,7 @@
networking = {
useDHCP = true;
- interfaces.eth0.ipv4.addresses = singleton {
- inherit (config.network.addresses.private.nixos.ipv4) address;
- prefixLength = 24;
- };
- defaultGateway = config.network.privateGateway;
+ interfaces.eth0.useDHCP = true;
};
network = {
@@ -38,12 +33,11 @@
enable = true;
nixos = {
ipv4.address = "192.168.1.33";
- # TODO ipv6.address
};
};
};
yggdrasil = {
- enable = true;
+ enable = false;
pubkey = "70c18030247e98fdffe4fd81f5fa8c7c4ed43fd6a4fb2b5ef7af0a010d08f63c";
address = "200:691b:b4fb:6987:711f:bde:9b5c:8af3";
listen.enable = false;
diff --git a/config/hosts/yukari.nix b/config/hosts/yukari.nix
index d40f7a86..2744d3c7 100644
--- a/config/hosts/yukari.nix
+++ b/config/hosts/yukari.nix
@@ -91,11 +91,7 @@
interfaces.eno1 = {
useDHCP = true;
tempAddress = "disabled";
- }; /*.ipv4.addresses = singleton {
- inherit (config.network.addresses.private.nixos.ipv4) address;
- prefixLength = 24;
};
- defaultGateway = config.network.privateGateway; */
};
network = {
@@ -104,7 +100,6 @@
enable = true;
nixos = {
ipv4.address = "192.168.1.154";
- # TODO ipv6.address
};
};
};
diff --git a/config/modules/home/network.nix b/config/modules/home/network.nix
index ca99f61c..59288112 100644
--- a/config/modules/home/network.nix
+++ b/config/modules/home/network.nix
@@ -44,9 +44,6 @@ with lib;
};
}));
};
- privateGateway = mkOption {
- type = types.str;
- };
tf = {
enable = mkEnableOption "Was the system provisioned by terraform?";
ipv4_attr = mkOption {
@@ -74,7 +71,6 @@ with lib;
config = {
network.addresses = nixos.network.addresses or {};
- network.privateGateway = nixos.network.privateGateway or "";
network.tf = nixos.network.tf or {};
network.dns = nixos.network.dns or {};
};
diff --git a/config/modules/meta/deploy.nix b/config/modules/meta/deploy.nix
index ce86bb79..284f654d 100644
--- a/config/modules/meta/deploy.nix
+++ b/config/modules/meta/deploy.nix
@@ -80,6 +80,7 @@ in
name = mkDefault "kw-${config.name}";
user = mkIf (builtins.getEnv "HOME_USER" != "") (mkDefault (builtins.getEnv "HOME_USER"));
};
+ providers.local = { };
deps = {
select.allProviders = true;
enable = true;
diff --git a/config/modules/nixos/network.nix b/config/modules/nixos/network.nix
index 2d87f788..122a4abf 100644
--- a/config/modules/nixos/network.nix
+++ b/config/modules/nixos/network.nix
@@ -89,10 +89,6 @@ in
type = types.attrsOf types.str;
default = { };
};
- privateGateway = mkOption {
- type = types.str;
- default = "192.168.1.1";
- };
tf = {
enable = mkEnableOption "Was the system provisioned by terraform?";
ipv4_attr = mkOption {
@@ -132,13 +128,13 @@ in
domain = builtins.substring 0 ((builtins.stringLength cfg.dns.zone) - 1) cfg.dns.zone;
};
addresses = lib.mkMerge [
- (mkIf (!cfg.tf.enable) (genAttrs [ "private" "public" "yggdrasil" "wireguard" ] (network: {
+ (mkIf (!cfg.tf.enable) (genAttrs [ "private" "public" "yggdrasil" ] (network: {
tf = {
ipv4.address = mkIf (cfg.addresses.${network}.nixos.ipv4.enable) cfg.addresses.${network}.nixos.ipv4.address;
ipv6.address = mkIf (cfg.addresses.${network}.nixos.ipv6.enable) cfg.addresses.${network}.nixos.ipv6.address;
};
})))
- (mkIf cfg.tf.enable (genAttrs ["yggdrasil" "wireguard" ] (network: {
+ (mkIf cfg.tf.enable (genAttrs ["yggdrasil" ] (network: {
tf = {
ipv4.address = mkIf (cfg.addresses.${network}.nixos.ipv4.enable) cfg.addresses.${network}.nixos.ipv4.address;
ipv6.address = mkIf (cfg.addresses.${network}.nixos.ipv6.enable) cfg.addresses.${network}.nixos.ipv6.address;
@@ -179,13 +175,8 @@ in
};
- networking = mkMerge [{
- domain = mkDefault (if cfg.addresses.public.enable then cfg.dns.domain
+ networking.domain = mkDefault (if cfg.addresses.public.enable then cfg.dns.domain
else if cfg.addresses.private.enable then "${cfg.addresses.private.prefix}.${cfg.dns.domain}" else "");
- }
- (mkIf cfg.addresses.private.enable {
- })
- ];
deploy.tf.dns.records =
let
diff --git a/config/modules/nixos/wireguard-kat.nix b/config/modules/nixos/wireguard-kat.nix
deleted file mode 100644
index 8b0611d1..00000000
--- a/config/modules/nixos/wireguard-kat.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, lib, ... }: with lib; let
- cfg = config.network;
- wgcfg = config.network.wireguard;
- magic = toString wgcfg.magicNumber;
-in {
- network.addresses.wireguard = {
- enable = config.network.wireguard.enable;
- nixos = {
- ipv4.address = "${wgcfg.prefixV4}.${magic}";
- ipv6.address = "${wgcfg.prefixV6}:${magic}";
- };
- prefix = "wg";
- subdomain = "${config.networking.hostName}.${cfg.addresses.wireguard.prefix}";
- };
-
- network.wireguard = {
- publicAddress4 = mkDefault (if config.network.addresses.public.nixos.ipv4.enable then
- config.network.addresses.public.nixos.ipv4.address
- else if config.network.addresses.private.nixos.ipv4.enable then
- config.network.addresses.private.nixos.ipv4.address else null);
- publicAddress6 = mkDefault (if config.network.addresses.public.nixos.ipv6.enable then
- config.network.addresses.public.nixos.ipv6.address
- else if config.network.addresses.private.nixos.ipv6.enable then
- config.network.addresses.private.nixos.ipv6.address else null);
- };
-}
diff --git a/config/modules/nixos/wireguard-tf.nix b/config/modules/nixos/wireguard-tf.nix
deleted file mode 100644
index 245ccfa4..00000000
--- a/config/modules/nixos/wireguard-tf.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{ config, pkgs, lib, tf, ... }: with lib; let
- inherit (tf.lib.tf) terraformSelf;
- cfg = config.network.wireguard;
- dataDir = toString tf.terraform.dataDir;
-in {
- options.network.wireguard.tf = {
- enable = mkEnableOption "using terraform for wireguard module";
- };
- config = mkIf config.network.wireguard.tf.enable {
- deploy.tf = {
- resources = {
- "${config.networking.hostName}-wgmesh-gen" = {
- provider = "null";
- type = "resource";
- provisioners = singleton {
- local-exec.command = let
- wg = "${pkgs.buildPackages.wireguard-tools}/bin/wg";
- in "${wg} genkey | tee ${dataDir + "/wg-private-${terraformSelf "id"}"} | ${wg} pubkey > ${dataDir + "/wg-public-${terraformSelf "id"}"}";
- };
- };
- "${config.networking.hostName}-wgmesh-public-key" = {
- provider = "local";
- type = "file";
- dataSource = true;
- inputs.filename = dataDir + "/wg-public-${tf.resources."${config.networking.hostName}-wgmesh-gen".refAttr "id"}";
- };
- };
- deploy.systems.${config.networking.hostName}.triggers.switch = {
- wg = tf.resources."${config.networking.hostName}-wgmesh-public-key".refAttr "content";
- };
- };
-
- secrets.files."${config.networking.hostName}-wgmesh-private-key" = rec {
- source = dataDir + "/wg-private-${tf.resources."${config.networking.hostName}-wgmesh-gen".refAttr "id"}";
- text = source;
- };
-
- network.wireguard = {
- magicNumber = mkDefault (hexToInt (substring 0 2 (builtins.hashString "sha256" config.networking.hostName)));
- keyPath = config.secrets.files."${config.networking.hostName}-wgmesh-private-key".path;
- pubkey = let
- pubKeyRes = tf.resources."${config.networking.hostName}-wgmesh-public-key";
- in mkIf (tf.state.resources ? ${pubKeyRes.out.reference}) (removeSuffix "\n" (pubKeyRes.importAttr "content"));
- };
- };
-}
diff --git a/config/modules/nixos/wireguard.nix b/config/modules/nixos/wireguard.nix
deleted file mode 100644
index 3d1058c6..00000000
--- a/config/modules/nixos/wireguard.nix
+++ /dev/null
@@ -1,85 +0,0 @@
-{ config, lib, pkgs, nodes, name, ... }:
-
-with lib;
-
-let
- cfg = config.network.wireguard;
- hcfg = _: h: h.network.wireguard;
- netHostsSelf = mapAttrs hcfg (filterAttrs (_: x: x.network.wireguard.enable or false) nodes);
- netHosts = filterAttrs (n: x: n != name) netHostsSelf;
-in
-{
- options.network.wireguard = {
- enable = mkEnableOption "semi-automatic wireguard mesh";
- magicNumber = mkOption { type = types.ints.u8; };
- prefixV4 = mkOption {
- type = types.str;
- default = "10.42.69";
- };
- prefixV6 = mkOption {
- type = types.str;
- default = "fe80:";
- };
- keyPath = mkOption {
- type = types.str;
- default = "/etc/wireguard/mesh";
- };
- pubkey = mkOption {
- type = with types; nullOr str;
- default = null;
- };
- publicAddress4 = mkOption {
- type = with types; nullOr str;
- default = null;
- };
- publicAddress6 = mkOption {
- type = with types; nullOr str;
- default = null;
- };
- fwmark = mkOption {
- type = with types; nullOr ints.u16;
- default = null;
- };
- mtu = mkOption {
- type = types.ints.u16;
- default = 1500;
- };
- };
-
- config = mkIf cfg.enable {
- networking.wireguard.interfaces = mapAttrs'
- (hname: hconf:
- let
- magicPort = 51820 + hconf.magicNumber + cfg.magicNumber;
- iname = "wgmesh-${substring 0 8 hname}";
- in
- nameValuePair iname {
- allowedIPsAsRoutes = false;
- privateKeyFile = cfg.keyPath;
- ips = [
- "${cfg.prefixV4}.${toString cfg.magicNumber}/24"
- "${cfg.prefixV6}:${toString cfg.magicNumber}/64"
- ];
- listenPort = magicPort;
- peers = optional (hconf.pubkey != null) {
- publicKey = hconf.pubkey;
- allowedIPs = [ "0.0.0.0/0" "::0/0" ];
- endpoint = with hconf; mkIf (publicAddress4 != null || publicAddress6 != null) (
- if (publicAddress4 != null)
- then "${publicAddress4}:${toString magicPort}"
- else "[${publicAddress6}]:${toString magicPort}"
- );
- persistentKeepalive = with hconf; mkIf (publicAddress4 == null && publicAddress6 == null) 25;
- };
- postSetup = ''
- ip route add ${cfg.prefixV4}.${toString hconf.magicNumber}/32 dev ${iname}
- ${optionalString (cfg.fwmark != null) "wg set ${iname} fwmark ${toString cfg.fwmark}"}
- ip link set ${iname} mtu ${toString cfg.mtu}
- '';
- }
- )
- netHosts;
- networking.firewall.allowedUDPPorts =
- mapAttrsToList (_: hconf: 51820 + hconf.magicNumber + cfg.magicNumber) netHosts;
- };
-}
diff --git a/config/profiles/base/nix.nix b/config/profiles/base/nix.nix
index a52bce57..5dc9719b 100644
--- a/config/profiles/base/nix.nix
+++ b/config/profiles/base/nix.nix
@@ -26,9 +26,9 @@
trusted-users = [ "root" "@wheel" ];
};
gc = {
- automatic = lib.mkDefault false;
+ automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
- options = lib.mkDefault "--delete-older-than 1w";
+ options = lib.mkDefault "--delete-older-than 7d";
};
};
}
diff --git a/config/profiles/gnome/gnome.nix b/config/profiles/gnome/gnome.nix
index ea46585c..91df896b 100644
--- a/config/profiles/gnome/gnome.nix
+++ b/config/profiles/gnome/gnome.nix
@@ -18,8 +18,6 @@
environment.systemPackages = (with pkgs.gnomeExtensions; [
gsconnect
vitals
- paperwm
- timezone
switcher
espresso
impatience
@@ -30,6 +28,8 @@
random-wallpaper
mullvad-indicator
tray-icons-reloaded
+ noannoyance-2
+ dash-to-panel
]) ++ (with pkgs; [
mullvad-vpn
ytmdesktop
diff --git a/config/profiles/gui/nfs.nix b/config/profiles/gui/nfs.nix
index 51dcc51c..cdfd4de9 100644
--- a/config/profiles/gui/nfs.nix
+++ b/config/profiles/gui/nfs.nix
@@ -3,14 +3,13 @@
{
boot.supportedFilesystems = [ "nfs" ];
-
+ /*
fileSystems."/mnt/kat-nas" = lib.mkIf (config.networking.hostName != "yukari") {
- device = "${meta.network.nodes.yukari.network.addresses.wireguard.domain}:/mnt/zraw/media";
+ device = "${meta.network.nodes.yukari.network.addresses.w.domain}:/mnt/zraw/media";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" "nfsvers=4" "soft" "retrans=2" "timeo=60" ];
};
- /*
fileSystems."/mnt/hex-corn" = {
device = "storah.net.lilwit.ch:/data/cornbox";
fsType = "nfs";
diff --git a/config/profiles/hardware/raspi.nix b/config/profiles/hardware/raspi.nix
index 0d2d166d..7ba46180 100644
--- a/config/profiles/hardware/raspi.nix
+++ b/config/profiles/hardware/raspi.nix
@@ -48,6 +48,13 @@
services.udisks2.enable = false;
boot.enableContainers = false;
+ home-manager.users.kat.manual = {
+ json.enable = false;
+ manpages.enable = false;
+ };
+
+ services.logrotate.enable = false;
+
nixpkgs.crossSystem = systems.examples.raspberryPi // {
system = "armv6l-linux";
};
diff --git a/config/profiles/network.nix b/config/profiles/network.nix
index 86a55632..abe96aac 100644
--- a/config/profiles/network.nix
+++ b/config/profiles/network.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, meta, ... }: with lib;
+{ config, lib, tf, pkgs, meta, ... }: with lib;
{
options.network = with lib; {
@@ -31,59 +31,103 @@
};
};
- networking.firewall.extraCommands = ''
- ip6tables -A INPUT -p 89 -i wgmesh-+ -j ACCEPT
- ${if config.networking.hostName != "marisa" then "ip route replace to 10.42.68.0/24 via ${meta.network.nodes.marisa.network.addresses.wireguard.nixos.ipv4.address}" else ""}
- '';
- networking.nftables.extraInput = ''
- meta l4proto 89 iifname wgmesh-* accept
- '';
-
- network.firewall.private.interfaces = singleton "wgmesh-*";
-
- networking.policyrouting = {
- enable = true;
- rules = [
- { rule = "lookup main suppress_prefixlength 0"; prio = 7000; }
- { rule = "lookup 89 suppress_prefixlength 0"; prio = 8000; }
- { rule = "from all fwmark 51820 lookup main"; prio = 9000; }
- ] ++ (lib.optional config.network.routeDefault { rule = "not from all fwmark 51820 lookup 89"; prio = 9000; });
- };
-
- network.wireguard = {
- enable = true;
- tf.enable = true;
- fwmark = 51820;
- };
-
- network.bird =
- let
- mkKernel = version: ''
- ipv${toString version} {
- import all;
- export filter {
- if source = RTS_STATIC then reject;
- accept;
- };
- };
- kernel table 89;
- scan time 15;
- '';
- mkIgp = version: {
- version = 3;
- extra = "ipv${toString version} { import all; export all; };";
- areas."0".interfaces."wgmesh-*".cost = 100;
- };
- in
- {
- routerId = "${config.network.wireguard.prefixV4}.${toString config.network.wireguard.magicNumber}";
- kernel4Config = mkKernel 4;
- kernel6Config = mkKernel 6;
- ospf = {
- enable = true;
- protocols.igp4 = mkIgp 4;
- protocols.igp6 = mkIgp 6;
- };
- };
+ kw.secrets.variables.tailscale-authkey = {
+ path = "secrets/tailscale";
+ field = "password";
};
+
+ deploy.tf.variables.tailscale-authkey.export = true;
+
+ networking.firewall = {
+ trustedInterfaces = [ "tailscale0" ];
+
+ # allow the Tailscale UDP port through the firewall
+ allowedTCPPorts = [ 5200 ];
+ allowedUDPPorts = [ config.services.tailscale.port ];
+ };
+
+ services.tailscale.enable = true;
+
+ systemd.services.tailscale-autoconnect = {
+ description = "Automatic connection to Tailscale";
+
+ # make sure tailscale is running before trying to connect to tailscale
+ after = [ "network-pre.target" "tailscale.service" ];
+ wants = [ "network-pre.target" "tailscale.service" ];
+ wantedBy = [ "multi-user.target" ];
+
+ # set this service as a oneshot job
+ serviceConfig.Type = "oneshot";
+
+ # have the job run this shell script
+ script = with pkgs; ''
+ # wait for tailscaled to settle
+ sleep 2
+
+ # check if we are already authenticated to tailscale
+ status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
+ if [ $status = "Running" ]; then # if so, then do nothing
+ exit 0
+ fi
+
+ # otherwise authenticate with tailscale
+ ${tailscale}/bin/tailscale up -authkey ${tf.variables.tailscale-authkey.get}
+ '';
+ };
+};
}
+
+# networking.firewall.extraCommands = ''
+# ip6tables -A INPUT -p 89 -i wgmesh-+ -j ACCEPT
+# ${if config.networking.hostName != "marisa" then "ip route replace to 10.42.68.0/24 via ${meta.network.nodes.marisa.network.addresses.wireguard.nixos.ipv4.address}" else ""}
+# '';
+# networking.nftables.extraInput = ''
+# meta l4proto 89 iifname wgmesh-* accept
+# '';
+#
+# network.firewall.private.interfaces = singleton "wgmesh-*";
+#
+# networking.policyrouting = {
+# enable = true;
+# rules = [
+# { rule = "lookup main suppress_prefixlength 0"; prio = 7000; }
+# { rule = "lookup 89 suppress_prefixlength 0"; prio = 8000; }
+# { rule = "from all fwmark 51820 lookup main"; prio = 9000; }
+# ] ++ (lib.optional config.network.routeDefault { rule = "not from all fwmark 51820 lookup 89"; prio = 9000; });
+# };
+#
+# network.wireguard = {
+# enable = true;
+# tf.enable = true;
+# fwmark = 51820;
+# };
+#
+# network.bird =
+# let
+# mkKernel = version: ''
+# ipv${toString version} {
+# import all;
+# export filter {
+# if source = RTS_STATIC then reject;
+# accept;
+# };
+# };
+# kernel table 89;
+# scan time 15;
+# '';
+# mkIgp = version: {
+# version = 3;
+# extra = "ipv${toString version} { import all; export all; };";
+# areas."0".interfaces."wgmesh-*".cost = 100;
+# };
+# in
+# {
+# routerId = "${config.network.wireguard.prefixV4}.${toString config.network.wireguard.magicNumber}";
+# kernel4Config = mkKernel 4;
+# kernel6Config = mkKernel 6;
+# ospf = {
+# enable = true;
+# protocols.igp4 = mkIgp 4;
+# protocols.igp6 = mkIgp 6;
+# };
+# };
diff --git a/config/services/access.nix b/config/services/access.nix
index eaf140d4..c36a444f 100644
--- a/config/services/access.nix
+++ b/config/services/access.nix
@@ -1,36 +1,42 @@
-{ config, lib, meta, ... }: with lib; {
+{ config, lib, meta, pkgs, ... }: with lib; {
deploy.tf.dns.records.services_plex = {
inherit (config.network.dns) zone;
domain = "plex";
cname = { inherit (config.network.addresses.public) target; };
};
- deploy.tf.dns.records.services_owncast = {
- inherit (config.network.dns) zone;
- domain = "cast";
- cname = { inherit (config.network.addresses.public) target; };
- };
deploy.tf.dns.records.services_cloud = {
inherit (config.network.dns) zone;
domain = "cloud";
cname = { inherit (config.network.addresses.public) target; };
};
-
+
deploy.tf.dns.records.services_home = {
inherit (config.network.dns) zone;
domain = "home";
+ cname = { inherit (config.network.addresses.public) target; };
+ };
+
+ deploy.tf.dns.records.gensokyo_root_v4 = {
+ zone = "gensokyo.zone.";
a = { inherit (config.network.addresses.public.tf.ipv4) address; };
};
- deploy.tf.dns.records.services_home_v6 = {
- inherit (config.network.dns) zone;
- domain = "home";
+ deploy.tf.dns.records.gensokyo_root_v6 = {
+ zone = "gensokyo.zone.";
aaaa = { inherit (config.network.addresses.public.tf.ipv6) address; };
};
+
services.nginx.virtualHosts = mkMerge [
{
-
+ "gensokyo.zone" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ root = pkgs.gensokyoZone;
+ };
+ };
"home.${config.network.dns.domain}" = {
forceSSL = true;
enableACME = true;
@@ -80,6 +86,5 @@
};
};
}
- (mkIf config.deploy.profile.trusted (import config.kw.secrets.repo.access.source { inherit config meta; }))
];
}
diff --git a/config/services/keycloak.nix b/config/services/keycloak.nix
index 40bee736..d14985a1 100644
--- a/config/services/keycloak.nix
+++ b/config/services/keycloak.nix
@@ -6,34 +6,20 @@ in {
package = (pkgs.keycloak.override {
jre = pkgs.openjdk11;
});
- bindAddress = "127.0.0.1";
- httpPort = "8089";
- httpsPort = "8445";
initialAdminPassword = "mewpymewlymewlies";
- forceBackendUrlToFrontendUrl = true;
- frontendUrl = "https://auth.${config.network.dns.domain}/auth";
database.passwordFile = config.secrets.files.keycloak-postgres-file.path;
- extraConfig = {
- "subsystem=undertow" = {
- "server=default-server" = {
- "http-listener=default" = {
- "proxy-address-forwarding" = true;
- };
+ settings = {
+ http-enabled = true;
+ http-host = "127.0.0.1";
+ http-port = 8089;
+ https-port = 8445;
+ hostname = "auth.kittywit.ch";
+ http-relative-path = "/auth";
+ hostname-strict-backchannel = true;
+ https-key-store-file = "/var/lib/acme/domain-auth/trust-store.jks";
+ https-key-store-password = keystore-pass;
};
};
- "subsystem=keycloak-server" = {
- "spi=truststore" = {
- "provider=file" = {
- enabled = true;
- properties.password = keystore-pass;
- properties.file = "/var/lib/acme/domain-auth/trust-store.jks";
- properties.hostname-verification-policy = "WILDCARD";
- properties.disabled = false;
- };
- };
- };
- };
- };
network.extraCerts.domain-auth = "auth.${config.network.dns.domain}";
diff --git a/config/services/nfs.nix b/config/services/nfs.nix
index f2788a2b..5ea9407f 100644
--- a/config/services/nfs.nix
+++ b/config/services/nfs.nix
@@ -9,7 +9,7 @@ with lib;
};
services.nfs.server.enable = true;
- services.nfs.server.exports = "/mnt/zraw/media 192.168.1.0/24(rw) ${config.network.wireguard.prefixV4}.0/24(rw) fe80::/10(rw) 200::/7(rw) 2a00:23c7:c597:7400::/56(rw)";
+ services.nfs.server.exports = "/mnt/zraw/media 192.168.1.0/24(rw) fe80::/10(rw) 200::/7(rw) 2a00:23c7:c597:7400::/56(rw)";
services.nginx.virtualHosts = kw.virtualHostGen {
networkFilter = [ "private" "yggdrasil" ];
diff --git a/config/targets/rinnosuke-domains.nix b/config/targets/rinnosuke-domains.nix
index ef976639..77c6467c 100644
--- a/config/targets/rinnosuke-domains.nix
+++ b/config/targets/rinnosuke-domains.nix
@@ -19,16 +19,6 @@ let rinnosuke = config.network.nodes.rinnosuke; in
domain = rinnosuke.network.addresses.wireguard.subdomain;
a.address = rinnosuke.network.addresses.wireguard.tf.ipv4.address;
};
- node_wireguard_rinnosuke_v6 = {
- inherit (rinnosuke.network.dns) zone;
- domain = rinnosuke.network.addresses.wireguard.subdomain;
- aaaa.address = rinnosuke.network.addresses.wireguard.tf.ipv6.address;
- };
- node_yggdrasil_rinnosuke_v6 = {
- inherit (rinnosuke.network.dns) zone;
- domain = rinnosuke.network.addresses.yggdrasil.subdomain;
- aaaa.address = rinnosuke.network.addresses.yggdrasil.tf.ipv6.address;
- };
};
};
}
diff --git a/config/tf b/config/tf
index 84b1742d..1a223367 160000
--- a/config/tf
+++ b/config/tf
@@ -1 +1 @@
-Subproject commit 84b1742d36714279de336e2bee37848d0b3b6de8
+Subproject commit 1a2233676398de7e7b3da2b6c431898dd8cddb3b
diff --git a/config/tf.nix b/config/tf.nix
index a464a16e..d674064b 100644
--- a/config/tf.nix
+++ b/config/tf.nix
@@ -29,7 +29,7 @@
};
};
- dns.zones = genAttrs [ "kittywit.ch." "dork.dev." ] (_: {
+ dns.zones = genAttrs [ "kittywit.ch." "dork.dev." "gensokyo.zone." ] (_: {
provider = "dns.katdns";
});
}
diff --git a/config/users/kat/media/packages.nix b/config/users/kat/media/packages.nix
index bcd15d91..382fb4c8 100644
--- a/config/users/kat/media/packages.nix
+++ b/config/users/kat/media/packages.nix
@@ -15,17 +15,5 @@
v4l-utils
gimp-with-plugins
wf-recorder
- dolphinEmuMaster
- pcsxr
- pcsx2
- mgba
- nestopia
- snes9x-gtk
- citra
- melonDS
- mupen64plus
- retroarch
- sixpair
- xboxdrv
];
}
diff --git a/config/users/kat/personal/git.nix b/config/users/kat/personal/git.nix
index 4d4d5bc3..28c2a4bb 100644
--- a/config/users/kat/personal/git.nix
+++ b/config/users/kat/personal/git.nix
@@ -4,9 +4,7 @@
home.packages = with pkgs; [
git-crypt
gitAndTools.gitRemoteGcrypt
- gitAndTools.gitAnnex
git-revise
- gitAndTools.git-annex-remote-b2
];
programs.git = {
package = pkgs.gitAndTools.gitFull;
diff --git a/config/users/kat/personal/taskwarrior.nix b/config/users/kat/personal/taskwarrior.nix
deleted file mode 100644
index bb369a96..00000000
--- a/config/users/kat/personal/taskwarrior.nix
+++ /dev/null
@@ -1,108 +0,0 @@
-{ config, pkgs, tf, lib, ... }:
-
-with lib;
-
-{
- kw.secrets.variables =
- let
- fieldAdapt = field: if field == "key" then "notes" else field;
- in
- mapListToAttrs
- (field:
- nameValuePair "taskwarrior-${field}" {
- path = "services/taskwarrior";
- field = fieldAdapt field;
- }) [ "key" "credentials" ];
-
- secrets.files = {
- taskw_key = {
- text = "${tf.variables.taskwarrior-key.ref}";
- owner = "kat";
- group = "users";
- };
- taskw_config = {
- text = ''
- taskd.credentials=${tf.variables.taskwarrior-credentials.ref}
- '';
- owner = "kat";
- group = "users";
- };
- };
-
- programs.taskwarrior = {
- enable = true;
- config = {
- taskd = {
- certificate = "${pkgs.writeText "taskd_cert.pem" ''
- -----BEGIN CERTIFICATE-----
- MIIFRzCCAy+gAwIBAgIULP2UcJYZuZqRI505UwRf+RWdc7gwDQYJKoZIhvcNAQEM
- BQAwFjEUMBIGA1UEAxMLa2l0dHl3aXQuY2gwIBcNMjEwMzE0MDA1MjUxWhgPOTk5
- OTEyMzEyMzU5NTlaMCsxFDASBgNVBAMTC2tpdHR5d2l0LmNoMRMwEQYDVQQKEwpr
- aXR0eXdpdGNoMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvVZZgWRA
- XHWzWVkGb/go1ynVYY9U/AItgc0DuKt/9glb/bGA+VkFYknd3djM0NrUqLWwR3Ln
- pUBH95SVOzJTkF4Sri6vCG6r9YjyIw22iwQQeYcnR9MRy5BuTRsLhwPJWl1pJVHC
- tdqDLUqaP1P6UAlYXYxtZDFN3Y8iW22xe+8+/Ew1GiXGdeFrfRgo3TAp9PbKy0wq
- Kqe1V/mcCcDcUEFrujL+6soeSZAs2AffMPfl23kC8MB08DHRv06d97DlDGXd2tql
- 5OkJHZehwIiTBeJMXHyjRRXyam2DY4/ucVMbXgHi7nUn0FmfYPyljzU1kYiwUxxf
- 6/rIGXOYQJkq6AKsih8p1h5NmL0PRtd7E074Zh1ABvY79k6a+uawIKk+nhyu4Gil
- IIvYbJqpXDHeZ4m/UBIjcxQZEcDgnR3jlqBZshB6hyaPRy0EBgcOJxOefLzOpcD+
- tul39AIaK6InM4ftdb1W6GXiuXr+JBH0rNe52s8G7AiZZxjsQhIaRvsNcq+dX9fT
- 0NLOmCF8lqKCoEha50ELfSyUtfR/jKTvmiuxPT3mUgqP5DeDErgTJ+x1Hr6nqH7g
- VL0jrYhf7UcmmVC236H8yjkad7rx70B5JVzA4yMcE1qoUXEAxJfXoVyjbyDPAg8P
- VL3pSRYV+RIyQ9XevZiF6dFjlJsyIRUJlUkCAwEAAaN2MHQwDAYDVR0TAQH/BAIw
- ADATBgNVHSUEDDAKBggrBgEFBQcDAjAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQW
- BBRkudH4JVQy6akuhU0Me++nUknMWzAfBgNVHSMEGDAWgBRmz2varlp5iPH6DGES
- WjtTVUs3jjANBgkqhkiG9w0BAQwFAAOCAgEATuASvWkbS0x3NJGRuxhHBF7svBdL
- Gd72AbN2oiqPs0pRkRE/oar/osNRqCClv6GqWt/yGbFHCIeE+8UkmqBYYps8N5G0
- mqaQU9okafoNqEvQUIxRtJByG9RNlEZD4qB0pw/QUTkCn77a75hyVy5/x9zi75Ya
- XS5djO5zA7st1rBzvWVCWdFH4Mk00aZbh66IoWpG+YO6kuTdd8ZKAL+UO5Q5PBjM
- /ZgwVyuQBTA5LbLLHPoCRhgWbSv/DRhDZUlWslRU/NkulE5ju4lX2Uuxj4yc2rT2
- 8b3hrHI6IC0hMYCrDynbws71LNEjG/lejBhOLnbBOHOGq+hl1CMNWaLedlH2xFa0
- sJorShW5IarJ/Pthj/FEX7U8LcmnKkbNXL1qwfVU4NVXQSMkqSc+GOxDPYUeFgMt
- atpIo3PjucdPpqqSly4yuZZJritVVpm0IvLdE2euDAuLPyQEhqBeMn50zS9seGhw
- +heTRZjt0zhDU1MK790cYdWBqfttvOFF4pUTlWiIuBGl6Wn/bzZFatscSrj1r42y
- rs819ej8Ey8Us9bRFJC21q712AIPetSM3BnmM4oT6mkQZ8e2Zn1K41GP0r7MLFaB
- KpwGEQxfo+rAiUsnF/FS8a9pCmlYIFdfSN3eLh6c9WQdzWm76BFubYyN1g3WTtRh
- kuLR6WeghnkGENo=
- -----END CERTIFICATE-----
- ''}";
- key = config.secrets.files.taskw_key.path;
- ca = "${pkgs.writeText "taskd_ca.pem" ''
- -----BEGIN CERTIFICATE-----
- MIIE/zCCAuegAwIBAgIUO/FZVcMIwnusVeiMGNOHznpUH7UwDQYJKoZIhvcNAQEM
- BQAwFjEUMBIGA1UEAxMLa2l0dHl3aXQuY2gwIBcNMjEwMzE0MDA1MjUwWhgPOTk5
- OTEyMzEyMzU5NTlaMBYxFDASBgNVBAMTC2tpdHR5d2l0LmNoMIICIjANBgkqhkiG
- 9w0BAQEFAAOCAg8AMIICCgKCAgEA1ui/3U5yhyd2J2Z1ahq6uMyS8HHpuX8TSxNV
- mbNPTc1D+jGHa3W7sp0GHRDM6Ct9A0BJkkWAjegWJBZRXAeryZg++xoPma4AK908
- /8uq1WTgchy74Or6luTFKHhxkNXZcjNCjsVGeaogK1KvBLapP83L8mBVb1n5DjlN
- I4XhREe4kTWhMJuoG1yUca3g2iIezKa+b1GYY/jOpEOQiciqxjcwgSZSpRTH2kC9
- 3d9JFzJBU+kTDVjuaC3SWgu9tqk2WiBRr3ERUdBvEIRq90xax1ChSAEZgrb3k3yS
- vE5IsZ3F85piDbS7tBh6PgbaWf9Bxp4rVJ6FeypSNFyBwzgQP3jiKLJcgChjFIDx
- imkJmdQJEmSNImgofkO5l3ZYwXal4G1qT1na+ashrQAbYdDdbgg0XDctVKQBY6oP
- YSbyp1aJTed7I2Tm9xm/pSFwR5JrWv7qMB8/4XwziraRL13KGoCmWcfqcUWm6hKW
- cTnaA6J5gbNQC3R0+yJXZE+lrUL2QBkM7QtLRHB8FIBQcwKxLmEIB702B+X41EAL
- 2gmzV8PpoQvUDQ8w0jZ3HB0f7R5MTYhv44qF4KM30i6gdUPFeiy6lnaqs17yfu8x
- kNm2SD7NwmSrDUpAnmvuq7Iq7xvkdr0+qi2p7N7RolJOHw9jYJnU9YXj6CDS2ofg
- ur+eWBsCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
- MB0GA1UdDgQWBBRmz2varlp5iPH6DGESWjtTVUs3jjANBgkqhkiG9w0BAQwFAAOC
- AgEAATViuvVGa1p5CBTghmp51VfMOcQoAOiTe+tIOVJMRc379uPfESMJ5nsVlZCt
- rP+XhDA6gGToEjcUBZIwfLzrKSmbmTpmVK+X5EMGldbytBkdbhQkUaLqD3LnxNNr
- WnwhHKcMKAJlZ/523AjFURA3cGf7anhghJHJbr3En45jfrYabKX9gpBpmnOVrBNG
- cd5ZmwLMJKrASQ14Px+XHX7+S5y6D2dM6qvXG4y6YMwlROqoy3gcG7j+uvdCzWuC
- sSpOj0gVOcCdeOZuSD0lFXbh4WnrS2SDG6M2Zj2tLRsn8nq76RqxIKz9dWSV7nXM
- xTSSZOs01rvyrwd1Ydez+qYg5db0ZcD4mF2b78QJU8gKevh53UvHv1PK8I1S6+1E
- i5qnduRrX8FaKcD0+UkvLG9ZeE855K1cnquy9vAiuHgKp90R+yzyQfj7w1ofigCR
- YSADxgw7w/s5OBIeUYw43SmkmL5nLCAETm36mr2l1g6ixtjN3qDJXnGWHvAHUdhY
- 4vhBNNwEtvLp73skkmj5+5qaxn5e8jR9WoNxr8ajoRFaH6LlpoI4/+fWhmfTCpXj
- UkdGJClj76VuB1PAg0xCnuLDT2xCA6leF07bn+P8Xzhh21AR1oq2eTyUGkgA2oqi
- kmKyccoP1SQXAZd96EFArlzalVt+h+fOuOxuulmqVskK+w0=
- -----END CERTIFICATE-----
- ''}";
- server = "${config.network.dns.domain}:53589";
- };
- };
- extraConfig = ''
- include ${config.secrets.files.taskw_config.path}
- '';
- };
-}
diff --git a/flake.lock b/flake.lock
index 8034c66b..2106d61c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -107,15 +107,17 @@
},
"emacs-overlay": {
"inputs": {
- "flake-utils": "flake-utils",
+ "flake-utils": [
+ "flake-utils"
+ ],
"nixpkgs": "nixpkgs"
},
"locked": {
- "lastModified": 1652901942,
- "narHash": "sha256-3HsYj0/0mHD+63oB3WM4HIfs8fxcURQKstzsQsGRbSA=",
+ "lastModified": 1652934326,
+ "narHash": "sha256-YgSgR0V/rsqJX6DWyXlPOwsaXXiOkN+9z5rfE9kn2IU=",
"owner": "nix-community",
"repo": "emacs-overlay",
- "rev": "679fcedab06892651d3173c2f504dcf40b4ef939",
+ "rev": "de5c826149bcfbaa5f0ce985bb184c9bc7f11e46",
"type": "github"
},
"original": {
@@ -252,51 +254,6 @@
"type": "github"
}
},
- "flake-utils_2": {
- "locked": {
- "lastModified": 1652776076,
- "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_3": {
- "locked": {
- "lastModified": 1614513358,
- "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "5466c5bbece17adaab2d82fae80b46e807611bf3",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_4": {
- "locked": {
- "lastModified": 1629481132,
- "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "997f7efcb746a9c140ce1f13c72263189225f482",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -304,15 +261,15 @@
]
},
"locked": {
- "lastModified": 1652913097,
- "narHash": "sha256-hOs8Z5WYzCor+qP+JgSgrCJRC+UuN9pfTUnXqyRUBvY=",
- "owner": "nix-community",
+ "lastModified": 1649980189,
+ "narHash": "sha256-55dgKGs7W8eC3s9GYewll9y4IlP/KAlSinjQwshNpxM=",
+ "owner": "kittywitch",
"repo": "home-manager",
- "rev": "cb9f03d519cf96fcd7dfb990cc0e586a62ca6e69",
+ "rev": "c591c34311923598fc0092ed06da6e4a515354d7",
"type": "github"
},
"original": {
- "owner": "nix-community",
+ "owner": "kittywitch",
"ref": "master",
"repo": "home-manager",
"type": "github"
@@ -356,7 +313,9 @@
},
"nix-dns": {
"inputs": {
- "flake-utils": "flake-utils_3",
+ "flake-utils": [
+ "flake-utils"
+ ],
"nixpkgs": [
"nixpkgs"
]
@@ -386,7 +345,9 @@
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
- "flake-utils": "flake-utils_4",
+ "flake-utils": [
+ "flake-utils"
+ ],
"nix-straight": "nix-straight",
"nixpkgs": [
"nixpkgs"
@@ -434,12 +395,10 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1652739558,
- "narHash": "sha256-znGkjGugajqF/sFS+H4+ENmGTaVPFE0uu1JjQZJLEaQ=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "ff691ed9ba21528c1b4e034f36a04027e4522c58",
- "type": "github"
+ "lastModified": 0,
+ "narHash": "sha256-FqNrXC1EE6U2RACwXBlsAvg1lqQGLYpuYb6+W3DL9vA=",
+ "path": "/nix/store/57zwl7b883kkya60akvg6wssl1qkxwl5-source",
+ "type": "path"
},
"original": {
"id": "nixpkgs",
@@ -448,11 +407,11 @@
},
"nixpkgs-darwin": {
"locked": {
- "lastModified": 1652824101,
- "narHash": "sha256-R8ldgGP40+6gAOzNSmeeWYGZABr7EKZ1Edv4pUAskEQ=",
+ "lastModified": 1652881001,
+ "narHash": "sha256-k9JmPCojaJnqGz4aRXXT1HZqJKHCXijoMfBAb24abXk=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "2816fee9ce7ff2747db8b060192941c429691e94",
+ "rev": "2d474d6a4a43a0348b78db68dc00c491032cf5cf",
"type": "github"
},
"original": {
@@ -466,13 +425,13 @@
"locked": {
"lastModified": 1652659998,
"narHash": "sha256-FqNrXC1EE6U2RACwXBlsAvg1lqQGLYpuYb6+W3DL9vA=",
- "owner": "NixOS",
+ "owner": "nixos",
"repo": "nixpkgs",
"rev": "1d7db1b9e4cf1ee075a9f52e5c36f7b9f4207502",
"type": "github"
},
"original": {
- "owner": "NixOS",
+ "owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
@@ -496,11 +455,11 @@
},
"nur": {
"locked": {
- "lastModified": 1652919218,
- "narHash": "sha256-Hr0OM2VmA5Qid52GQRk4KX7ci5VUNKWtFYU2AKA+Cec=",
+ "lastModified": 1652938196,
+ "narHash": "sha256-kv6EEwTPtvtqVlaSH/sRhWx9ecONrr5bccMdxu1nhwc=",
"owner": "nix-community",
"repo": "nur",
- "rev": "4e920d8ea51612dc1557d922d2d3204b28a46447",
+ "rev": "2d8f65d73133859961b8714918ac8f60d98a76e5",
"type": "github"
},
"original": {
@@ -614,7 +573,7 @@
"darwin": "darwin",
"emacs-overlay": "emacs-overlay",
"flake-compat": "flake-compat",
- "flake-utils": "flake-utils_2",
+ "flake-utils": "flake-utils",
"home-manager": "home-manager",
"home-manager-darwin": "home-manager-darwin",
"impermanence": "impermanence",
@@ -679,7 +638,7 @@
"trusted": {
"flake": false,
"locked": {
- "lastModified": 1,
+ "lastModified": 1652920457,
"narHash": "sha256-Q3QXOoy+iN4VK2CflvRulYvPZXYgF0dO7FoF7CvWFTA=",
"path": "./empty/.",
"type": "path"
diff --git a/flake.nix b/flake.nix
index 527afb60..d717afa6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,7 +1,7 @@
{
description = "kat's nixfiles";
inputs = {
- nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
arcexprs = {
url = "github:arcnmx/nixexprs/master";
flake = false;
@@ -11,7 +11,7 @@
flake = false;
};
home-manager = {
- url = "github:nix-community/home-manager/master";
+ url = "github:kittywitch/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence/master";
@@ -27,12 +27,17 @@
nix-dns = {
url = "github:kirelagin/nix-dns/master";
inputs.nixpkgs.follows = "nixpkgs";
+ inputs.flake-utils.follows = "flake-utils";
+ };
+ emacs-overlay = {
+ url = "github:nix-community/emacs-overlay/master";
+ inputs.flake-utils.follows = "flake-utils";
};
- emacs-overlay.url = "github:nix-community/emacs-overlay/master";
nur.url = "github:nix-community/nur/master";
nix-doom-emacs = {
url = "github:vlaci/nix-doom-emacs/develop";
inputs.nixpkgs.follows = "nixpkgs";
+ inputs.flake-utils.follows = "flake-utils";
};
tf-nix = {
url = "github:arcnmx/tf-nix/master";
@@ -49,25 +54,7 @@
};
};
- outputs = { self, nixpkgs, flake-utils, darwin, home-manager-darwin, ... }@inputs: {
- darwinConfigurations."sumireko" = let
- system = "aarch64-darwin";
- meta = self.legacyPackages.${system};
- in darwin.lib.darwinSystem {
- inherit inputs;
- inherit system;
- specialArgs = {
- inherit inputs meta;
- tf = { };
- };
- pkgs = self.legacyPackages.${system}.darwin-pkgs;
- modules = with meta; [
- home-manager-darwin.darwinModules.home-manager
- meta.hosts.sumireko
- ];
- };
- } //
- (flake-utils.lib.eachDefaultSystem
+ outputs = { self, nixpkgs, flake-utils, darwin, home-manager-darwin, ... }@inputs: flake-utils.lib.eachDefaultSystem
(system:
let pkgs = nixpkgs.legacyPackages.${system}; in
rec {
@@ -75,5 +62,22 @@
legacyPackages = import ./outputs.nix { inherit inputs system; };
nixosConfigurations = legacyPackages.network.nodes;
}
- ));
+ ) // {
+ darwinConfigurations."sumireko" = let
+ system = "aarch64-darwin";
+ meta = self.legacyPackages.${system};
+ in darwin.lib.darwinSystem {
+ inherit inputs;
+ inherit system;
+ specialArgs = {
+ inherit inputs meta;
+ tf = { };
+ };
+ pkgs = self.legacyPackages.${system}.darwin-pkgs;
+ modules = with meta; [
+ home-manager-darwin.darwinModules.home-manager
+ meta.hosts.sumireko
+ ];
+ };
+ };
}
diff --git a/overlays/local/default.nix b/overlays/local/default.nix
index 5ee98f0c..e417e8ea 100644
--- a/overlays/local/default.nix
+++ b/overlays/local/default.nix
@@ -9,4 +9,5 @@ final: prev: {
waybar-gpg = final.callPackage ./waybar-gpg { };
waybar-konawall = final.callPackage ./waybar-konawall { };
hedgedoc-cli = final.callPackage ./hedgedoc-cli.nix { };
+ gensokyoZone = final.callPackage ./gensokyoZone { };
}
diff --git a/overlays/local/gensokyoZone/cute.png b/overlays/local/gensokyoZone/cute.png
new file mode 100644
index 00000000..300cbcb3
Binary files /dev/null and b/overlays/local/gensokyoZone/cute.png differ
diff --git a/overlays/local/gensokyoZone/default.nix b/overlays/local/gensokyoZone/default.nix
new file mode 100644
index 00000000..2d2603b3
--- /dev/null
+++ b/overlays/local/gensokyoZone/default.nix
@@ -0,0 +1,22 @@
+{ writeTextFile, linkFarm }:
+
+let
+ mewp = writeTextFile {
+ name = "index.html";
+ text = ''
+
+
+ Gensokyo Zone
+
+
+ 
+
+
+ '';
+ };
+ mewy = "${./cute.png}";
+in
+linkFarm "index" [
+ { name = "index.html"; path = mewp; }
+ { name = "cute.png"; path = mewy; }
+]
diff --git a/overlays/local/pigpio.nix b/overlays/local/pigpio.nix
new file mode 100644
index 00000000..9fe318ef
--- /dev/null
+++ b/overlays/local/pigpio.nix
@@ -0,0 +1,60 @@
+{ stdenv, glibc, fetchFromGitHub, cmake, writeTextFile
+,
+}:
+
+let
+ version = "79";
+ pname = "pigpio";
+
+ pkgConfig = writeTextFile {
+ name = "${pname}.pc";
+ text = ''
+ prefix=@out@
+ exec_prefix=''${prefix}
+ includedir=''${prefix}/include
+ libdir=''${prefix}/lib
+
+ Name: pigpio
+ Description: GPIO library for Raspberry Pi computers
+ Version: ${version}
+ Libs: -L''${libdir} -lpigpio -lpthread -lm
+ Cflags: -I''${includedir}
+ '';
+ };
+
+in
+ stdenv.mkDerivation rec {
+ inherit pname version;
+
+ src = fetchFromGitHub {
+ owner = "joan2937";
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "0wgcy9jvd659s66khrrp5qlhhy27464d1pildrknpdava19b1r37";
+ };
+
+ patches = [
+ ./Pi4Revision.patch
+ ];
+
+ nativeBuildInputs = [
+ cmake
+ ];
+
+ buildInputs = [
+ glibc
+ ];
+
+ meta = with stdenv.lib; {
+ description = "GPIO library for the Raspberry Pi";
+ homepage = "http://abyz.me.uk/rpi/pigpio/index.html";
+ license = licenses.unlicense;
+ platforms = platforms.unix;
+ };
+
+ installPhase = ''
+ make install
+ mkdir -p $out/lib/pkgconfig
+ substitute ${pkgConfig} $out/lib/pkgconfig/pigpio.pc --subst-var out
+ '';
+ }
diff --git a/trusted/flake.lock b/trusted/flake.lock
index 5ad15e3a..db0173e7 100644
--- a/trusted/flake.lock
+++ b/trusted/flake.lock
@@ -20,11 +20,11 @@
"arcexprs": {
"flake": false,
"locked": {
- "lastModified": 1649357469,
- "narHash": "sha256-lJFMdc+ZYRZbs4zWzUhTAByiquqOfNx8Z1RQ50zdj+I=",
+ "lastModified": 1652207446,
+ "narHash": "sha256-KWMMkKny/5Ukh36rus2nr6X7rDmRBpjOdJeEwlnsJL8=",
"owner": "arcnmx",
"repo": "nixexprs",
- "rev": "53f5058ed9b28b040b2640efde3127c19ca8ef65",
+ "rev": "1d80363ae941952431cf377816c4790e451823f4",
"type": "github"
},
"original": {
@@ -59,11 +59,11 @@
]
},
"locked": {
- "lastModified": 1648278671,
- "narHash": "sha256-1WrR9ex+rKTjZtODNUZQhkWYUprtfOkjOyo9YWL2NMs=",
+ "lastModified": 1651916036,
+ "narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=",
"owner": "lnl7",
"repo": "nix-darwin",
- "rev": "4fdbb8168f61d31d3f90bb0d07f48de709c4fe79",
+ "rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba",
"type": "github"
},
"original": {
@@ -107,12 +107,19 @@
}
},
"emacs-overlay": {
+ "inputs": {
+ "flake-utils": [
+ "nixfiles",
+ "flake-utils"
+ ],
+ "nixpkgs": "nixpkgs"
+ },
"locked": {
- "lastModified": 1649732714,
- "narHash": "sha256-D8iDZsLJWXB4n/Iy/KCpgdKSLFff2rynCeohO7Xs3R0=",
+ "lastModified": 1652934326,
+ "narHash": "sha256-YgSgR0V/rsqJX6DWyXlPOwsaXXiOkN+9z5rfE9kn2IU=",
"owner": "nix-community",
"repo": "emacs-overlay",
- "rev": "8b7323d06cc5310f75781ae87dd50840c3b2bfc7",
+ "rev": "de5c826149bcfbaa5f0ce985bb184c9bc7f11e46",
"type": "github"
},
"original": {
@@ -221,11 +228,11 @@
"flake-compat": {
"flake": false,
"locked": {
- "lastModified": 1648199409,
- "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
+ "lastModified": 1650374568,
+ "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
- "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
+ "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
@@ -236,41 +243,11 @@
},
"flake-utils": {
"locked": {
- "lastModified": 1649676176,
- "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
+ "lastModified": 1652776076,
+ "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_2": {
- "locked": {
- "lastModified": 1614513358,
- "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "5466c5bbece17adaab2d82fae80b46e807611bf3",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_3": {
- "locked": {
- "lastModified": 1629481132,
- "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "997f7efcb746a9c140ce1f13c72263189225f482",
+ "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8",
"type": "github"
},
"original": {
@@ -287,15 +264,15 @@
]
},
"locked": {
- "lastModified": 1649642044,
- "narHash": "sha256-V9ZjTJcbDPgWG+H3rIC6XuPHZAPK1VupBbSsuDbptkQ=",
- "owner": "nix-community",
+ "lastModified": 1649980189,
+ "narHash": "sha256-55dgKGs7W8eC3s9GYewll9y4IlP/KAlSinjQwshNpxM=",
+ "owner": "kittywitch",
"repo": "home-manager",
- "rev": "e39a9d0103e3b2e42059c986a8c633824b96c193",
+ "rev": "c591c34311923598fc0092ed06da6e4a515354d7",
"type": "github"
},
"original": {
- "owner": "nix-community",
+ "owner": "kittywitch",
"ref": "master",
"repo": "home-manager",
"type": "github"
@@ -309,11 +286,11 @@
]
},
"locked": {
- "lastModified": 1649642044,
- "narHash": "sha256-V9ZjTJcbDPgWG+H3rIC6XuPHZAPK1VupBbSsuDbptkQ=",
+ "lastModified": 1652913097,
+ "narHash": "sha256-hOs8Z5WYzCor+qP+JgSgrCJRC+UuN9pfTUnXqyRUBvY=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "e39a9d0103e3b2e42059c986a8c633824b96c193",
+ "rev": "cb9f03d519cf96fcd7dfb990cc0e586a62ca6e69",
"type": "github"
},
"original": {
@@ -340,7 +317,10 @@
},
"nix-dns": {
"inputs": {
- "flake-utils": "flake-utils_2",
+ "flake-utils": [
+ "nixfiles",
+ "flake-utils"
+ ],
"nixpkgs": [
"nixfiles",
"nixpkgs"
@@ -371,7 +351,10 @@
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
- "flake-utils": "flake-utils_3",
+ "flake-utils": [
+ "nixfiles",
+ "flake-utils"
+ ],
"nix-straight": "nix-straight",
"nixpkgs": [
"nixfiles",
@@ -432,7 +415,7 @@
"impermanence": "impermanence",
"nix-dns": "nix-dns",
"nix-doom-emacs": "nix-doom-emacs",
- "nixpkgs": "nixpkgs",
+ "nixpkgs": "nixpkgs_2",
"nixpkgs-darwin": "nixpkgs-darwin",
"nur": "nur",
"tf-nix": "tf-nix",
@@ -441,38 +424,35 @@
]
},
"locked": {
- "narHash": "sha256-EsjRXQ9TKNS2EL06nHKg7RmSiOxh7Lh213Eg7JDnj1I=",
- "path": "/nix/store/dy1mzx66q2x85zzi9lp4vcda62j5k2c8-source",
+ "lastModified": 0,
+ "narHash": "sha256-Gi7tG1c/ePjp4GRO+lqyVyBw4D/Q6ArhqQoQAviGBZ8=",
+ "path": "/nix/store/0d1rpf5pi4lnykkg4lq409d11lh6gga6-source",
"type": "path"
},
"original": {
- "path": "/nix/store/dy1mzx66q2x85zzi9lp4vcda62j5k2c8-source",
+ "path": "/nix/store/0d1rpf5pi4lnykkg4lq409d11lh6gga6-source",
"type": "path"
}
},
"nixpkgs": {
"locked": {
- "lastModified": 1649497218,
- "narHash": "sha256-groqC9m1P4hpnL6jQvZ3C8NEtduhdkvwGT0+0LUrcYw=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "fd364d268852561223a5ada15caad669fd72800e",
- "type": "github"
+ "lastModified": 0,
+ "narHash": "sha256-FqNrXC1EE6U2RACwXBlsAvg1lqQGLYpuYb6+W3DL9vA=",
+ "path": "/nix/store/57zwl7b883kkya60akvg6wssl1qkxwl5-source",
+ "type": "path"
},
"original": {
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
+ "id": "nixpkgs",
+ "type": "indirect"
}
},
"nixpkgs-darwin": {
"locked": {
- "lastModified": 1649675302,
- "narHash": "sha256-joXkXjdOn73GF/1Y3mhir44aG5doekJyJwiG3DblIlo=",
+ "lastModified": 1652881001,
+ "narHash": "sha256-k9JmPCojaJnqGz4aRXXT1HZqJKHCXijoMfBAb24abXk=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "a31e3437d3b5d8f0b4f3bbc3b097b15b10250dab",
+ "rev": "2d474d6a4a43a0348b78db68dc00c491032cf5cf",
"type": "github"
},
"original": {
@@ -482,6 +462,22 @@
"type": "github"
}
},
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1652659998,
+ "narHash": "sha256-FqNrXC1EE6U2RACwXBlsAvg1lqQGLYpuYb6+W3DL9vA=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "1d7db1b9e4cf1ee075a9f52e5c36f7b9f4207502",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"nose": {
"flake": false,
"locked": {
@@ -500,11 +496,11 @@
},
"nur": {
"locked": {
- "lastModified": 1649749110,
- "narHash": "sha256-gN/BkRu93GDHGENao+G0oHrknSJB3l+sfGOZWkqG2RY=",
+ "lastModified": 1652938196,
+ "narHash": "sha256-kv6EEwTPtvtqVlaSH/sRhWx9ecONrr5bccMdxu1nhwc=",
"owner": "nix-community",
"repo": "nur",
- "rev": "287aa9ab138e00c3a3519e437a56b7627c62c478",
+ "rev": "2d8f65d73133859961b8714918ac8f60d98a76e5",
"type": "github"
},
"original": {
@@ -651,11 +647,11 @@
"tf-nix": {
"flake": false,
"locked": {
- "lastModified": 1649261463,
- "narHash": "sha256-Sd/lrUeHsDUfIs6xoVsrP9xl98yg7LLxXo+BTJxh/J8=",
+ "lastModified": 1652202366,
+ "narHash": "sha256-CFNcYVwth9GdDO6o602UjLGKBy2Zsv/X00G3kofXRi8=",
"owner": "arcnmx",
"repo": "tf-nix",
- "rev": "c75325133a321904c02e0535d93d0f49cbe81860",
+ "rev": "d45eb5ed2311f8d18d0ceaf93e544abbf48167fa",
"type": "github"
},
"original": {