Commit 0dd2534b18f9
Changed files (70)
tmp
nixos-configuration
assets
machine
modules
hardware
profiles
assets
programs
virtualisation
overlays
pkgs
tmp/nixos-configuration/assets/machines.nix.example
@@ -1,37 +0,0 @@
-let
- wireguard = {
- ips = {
- kerkouane = "10.100.0.1";
- shikoku = "10.100.0.2";
- # […]
- };
- kerkouane = {
- allowedIPs = [ "${wireguard.ips.kerkouane}/32" ];
- publicKey = "<kerkouane wireguard public key>";
- };
- shikoku = {
- allowedIPs = [ "${wireguard.ips.shikoku}/32" ];
- publicKey = "<shikoku wireguard public key>";
- };
- # […]
- };
- ssh = {
- kerkouane = {
- port = <custom ssh port>;
- key = "<kerkouane ssh public key>";
- };
- shikoku = {
- key = "<shikoku ssh public key>";
- };
- };
-in {
- wireguard = wireguard;
- wg = {
- allowedIPs = "10.100.0.0/24";
- listenPort = <wireguard port to listen to>;
- endpointIP = "<public remote address>";
- persistentKeepalive = 25;
- peers = [ wireguard.shikoku ];
- };
- ssh = ssh;
-}
tmp/nixos-configuration/hardware/dell-latitude-e6540.nix
@@ -1,25 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- boot = {
- loader.efi.canTouchEfiVariables = true;
- kernelParams = [
- # Kernel GPU Savings Options (NOTE i915 chipset only)
- "i915.enable_rc6=0" "i915.enable_fbc=1"
- "i915.lvds_use_ssc=0"
- "drm.debug=0" "drm.vblankoffdelay=1"
- ];
- blacklistedKernelModules = [
- # Kernel GPU Savings Options (NOTE i915 chipset only)
- "sierra_net" "cdc_mbim" "cdc_ncm"
- ];
- };
- hardware = {
- opengl = {
- enable = true;
- extraPackages = [ pkgs.vaapiIntel ];
- driSupport32Bit = true;
- };
- };
- services.acpid.enable = true;
-}
tmp/nixos-configuration/hardware/lenovo-p50.nix
@@ -1,49 +0,0 @@
-{ config, pkgs, ...}:
-
-{
- imports = [ ./thinkpad.nix ];
- hardware = {
- bluetooth = {
- enable = true;
- powerOnBoot = true;
- };
- nvidia.optimus_prime = {
- enable = true;
- nvidiaBusId = "PCI:1:0:0";
- intelBusId = "PCI:0:2:0";
- };
- };
- services = {
- tlp = {
- extraConfig = ''
-# CPU optimizations
-CPU_SCALING_GOVERNOR_ON_AC=performance
-CPU_SCALING_GOVERNOR_ON_BAT=powersave
-CPU_MIN_PERF_ON_AC=0
-CPU_MAX_PERF_ON_AC=100
-CPU_MIN_PERF_ON_BAT=0
-CPU_MAX_PERF_ON_BAT=50
-# DEVICES (wifi, ..)
-DEVICES_TO_DISABLE_ON_STARTUP=""
-DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan"
-DEVICES_TO_DISABLE_ON_BAT=""
-# Network management
-DEVICES_TO_DISABLE_ON_LAN_CONNECT=""
-DEVICES_TO_DISABLE_ON_WIFI_CONNECT=""
-DEVICES_TO_DISABLE_ON_WWAN_CONNECT=""
-DEVICES_TO_ENABLE_ON_LAN_DISCONNECT=""
-DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT=""
-DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT=""
-# Docking
-DEVICES_TO_DISABLE_ON_DOCK="wifi"
-DEVICES_TO_ENABLE_ON_UNDOCK="wifi"
-# Make sure it uses the right hard drive
-DISK_DEVICES="nvme0n1p2"
- '';
- };
- udev.extraRules = ''
- # Rules for Lenovo Thinkpad WS Dock
- SUBSYSTEM=="usb", ACTION=="add|remove", ENV{ID_VENDOR}=="17ef", ENV{ID_MODEL}=="305a", RUN+="${pkgs.vde-thinkpad}/bin/dock"
- '';
- };
-}
tmp/nixos-configuration/hardware/thinkpad-t460s.nix
@@ -1,37 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [ ./thinkpad.nix ];
- services = {
- tlp = {
- extraConfig = ''
-# CPU optimizations
-CPU_SCALING_GOVERNOR_ON_AC=performance
-CPU_SCALING_GOVERNOR_ON_BAT=powersave
-CPU_MIN_PERF_ON_AC=0
-CPU_MAX_PERF_ON_AC=100
-CPU_MIN_PERF_ON_BAT=0
-CPU_MAX_PERF_ON_BAT=50
-# DEVICES (wifi, ..)
-DEVICES_TO_DISABLE_ON_STARTUP=""
-DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan"
-DEVICES_TO_DISABLE_ON_BAT=""
-# Network management
-DEVICES_TO_DISABLE_ON_LAN_CONNECT=""
-DEVICES_TO_DISABLE_ON_WIFI_CONNECT=""
-DEVICES_TO_DISABLE_ON_WWAN_CONNECT=""
-DEVICES_TO_ENABLE_ON_LAN_DISCONNECT=""
-DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT=""
-DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT=""
-# Docking
-DEVICES_TO_DISABLE_ON_DOCK="wifi"
-DEVICES_TO_ENABLE_ON_UNDOCK="wifi"
-# Make sure it uses the right hard drive
-DISK_DEVICES="nvme0n1p3"
- '';
- };
- xserver = {
- dpi = 128;
- };
- };
-}
tmp/nixos-configuration/hardware/thinkpad-x220.nix
@@ -1,55 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [ ./thinkpad.nix ];
- boot = {
- kernelParams = [ "i915.enable_psr=1" ];
- extraModprobeConfig = ''
- options iwlwifi 11n_disable=1
- '';
- };
- security = {
- pam.services = {
- slimlock.fprintAuth = false;
- slim.fprintAuth = false;
- login.fprintAuth = false;
- xscreensaver.fprintAuth = false;
- };
- };
- services = {
- fprintd.enable = true;
- tlp = {
- extraConfig = ''
-# CPU optimizations
-CPU_SCALING_GOVERNOR_ON_AC=performance
-CPU_SCALING_GOVERNOR_ON_BAT=powersave
-CPU_MIN_PERF_ON_AC=0
-CPU_MAX_PERF_ON_AC=100
-CPU_MIN_PERF_ON_BAT=0
-CPU_MAX_PERF_ON_BAT=50
-CPU_BOOST_ON_AC=1
-CPU_BOOST_ON_BAT=0
-# DEVICES (wifi, ..)
-DEVICES_TO_DISABLE_ON_STARTUP="bluetooth"
-DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan"
-DEVICES_TO_DISABLE_ON_BAT="bluetooth"
-# Network management
-DEVICES_TO_DISABLE_ON_LAN_CONNECT=""
-DEVICES_TO_DISABLE_ON_WIFI_CONNECT=""
-DEVICES_TO_DISABLE_ON_WWAN_CONNECT=""
-DEVICES_TO_ENABLE_ON_LAN_DISCONNECT=""
-DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT=""
-DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT=""
-DISK_IDLE_SECS_ON_AC=0
-DISK_IDLE_SECS_ON_BAT=2
-MAX_LOST_WORK_SECS_ON_AC=15
-MAX_LOST_WORK_SECS_ON_BAT=60
-DISK_DEVICES="ata-Corsair_Force_LX_SSD_15256501000102160059"
-SOUND_POWER_SAVE_ON_AC=0
-SOUND_POWER_SAVE_ON_BAT=1
-USB_AUTOSUSPEND=1
-USB_BLACKLIST_BTUSB=1
- '';
- };
- };
-}
tmp/nixos-configuration/hardware/thinkpad.nix
@@ -1,74 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- boot = {
- blacklistedKernelModules = [
- # Kernel GPU Savings Options (NOTE i915 chipset only)
- "sierra_net" "cdc_mbim" "cdc_ncm"
- ];
- extraModprobeConfig = ''
- options snd_hda_intel power_save=1
- '';
- initrd = {
- availableKernelModules = [ "aesni-intel" "aes_x86_64" "cryptd" ];
- };
- kernelModules = [ "kvm_intel" ];
- kernelParams = [
- # Kernel GPU Savings Options (NOTE i915 chipset only)
- "i915.enable_rc6=1" "i915.enable_fbc=1"
- "i915.lvds_use_ssc=0"
- "drm.debug=0" "drm.vblankoffdelay=1"
- "kvm_intel.nested=1"
- "intel_iommu=on"
- ];
- loader.efi.canTouchEfiVariables = true;
- };
- environment.systemPackages = with pkgs; [
- linuxPackages.tp_smapi
- ];
- hardware = {
- trackpoint.enable = false;
- cpu.intel.updateMicrocode = true;
- opengl = {
- #enable = true;
- extraPackages = [ pkgs.vaapiIntel ];
- #driSupport32Bit = true;
- };
- };
- services = {
- acpid = {
- enable = true;
- lidEventCommands = ''
-if grep -q closed /proc/acpi/button/lid/LID/state; then
- date >> /tmp/i3lock.log
- DISPLAY=":0.0" XAUTHORITY=/home/fadenb/.Xauthority ${pkgs.i3lock}/bin/i3lock &>> /tmp/i3lock.log
-fi
- '';
- };
- tlp = {
- enable = true;
- };
- xserver = {
- synaptics.enable = false;
- config =
- ''
- Section "InputClass"
- Identifier "Enable libinput for TrackPoint"
- MatchIsPointer "on"
- Driver "libinput"
- Option "ScrollMethod" "button"
- Option "ScrollButton" "8"
- EndSection
- '';
- inputClassSections = [
- ''
- Identifier "evdev touchpad off"
- MatchIsTouchpad "on"
- MatchDevicePath "/dev/input/event*"
- Driver "evdev"
- Option "Ignore" "true"
- ''
- ];
- };
- };
-}
tmp/nixos-configuration/machine/carthage.nix
@@ -1,49 +0,0 @@
-{ config, pkgs, ... }:
-
-with import ../assets/machines.nix; {
- imports = [
- ../networking.nix # generated at runtime by nixos-infect
- ];
- time.timeZone = "Europe/Paris";
- boot = {
- cleanTmpDir = true;
- loader.grub.enable = true;
- };
- profiles = {
- git.enable = true;
- nix-config.localCaches = [];
- nix-config.buildCores = 1;
- ssh.enable = true;
- syncthing.enable = true;
- };
- networking.firewall.allowPing = true;
- networking.firewall.allowedTCPPorts = [ 80 443 ];
- security = {
- acme.certs = {
- "sbr.pm".email = "vincent@sbr.pm";
- };
- };
- services = {
- nginx = {
- enable = true;
- virtualHosts."carthage.sbr.pm" = {
- enableACME = true;
- forceSSL = true;
- root = "/home/vincent/desktop/sites/carthage.sbr.pm";
- locations."/" = {
- index = "index.html";
- };
- };
- };
- openssh.ports = [ ssh.carthage.port ];
- openssh.permitRootLogin = "without-password";
- syncthing.guiAddress = "127.0.0.1:8384";
- wireguard = {
- enable = true;
- ips = [ "${wireguard.ips.carthage}/24" ];
- endpoint = wg.endpointIP;
- endpointPort = wg.listenPort;
- endpointPublicKey = wireguard.kerkouane.publicKey;
- };
- };
-}
tmp/nixos-configuration/machine/hokkaido.nix
@@ -1,86 +0,0 @@
-{ config, pkgs, ... }:
-
-with import ../assets/machines.nix; {
- imports = [ ../hardware/thinkpad-x220.nix ./home.nix ];
- boot = {
- kernel.sysctl = {
- "net.bridge.bridge-nf-call-arptables" = 0;
- "net.bridge.bridge-nf-call-iptables" = 0;
- "net.bridge.bridge-nf-call-ip6tables" = 0;
- };
- };
- profiles = {
- avahi.enable = true;
- dev.enable = true;
- ssh.enable = true;
- syncthing.enable = true;
- nix-config.buildCores = 2;
- virtualization = {
- enable = true;
- nested = true;
- listenTCP = true;
- };
- };
- services = {
- logind = {
- lidSwitch = "ignore";
- };
- syncthing.guiAddress = "0.0.0.0:8384";
- wireguard = {
- enable = true;
- ips = [ "${wireguard.ips.hokkaido}/24" ];
- endpoint = wg.endpointIP;
- endpointPort = wg.listenPort;
- endpointPublicKey = wireguard.kerkouane.publicKey;
- };
- };
- # -----------------------------------
- environment.etc."vrsync".text = ''
-/home/vincent/desktop/pictures/screenshots/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/screenshots/
-/home/vincent/desktop/pictures/wallpapers/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/wallpapers/
-/home/vincent/desktop/documents/ vincent@synodine.home:/volume1/documents/
-/mnt/Toshito/photos/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/photos/
-/mnt/Toshito/music/ vincent@synodine.home:/volumeUSB2/usbshare/music/
- '';
- systemd.services.vrsync = {
- description = "vrsync - sync folders to NAS";
- requires = [ "network-online.target" ];
- after = [ "network-online.target" ];
-
- unitConfig.X-StopOnRemoval = false;
- restartIfChanged = false;
-
- path = with pkgs; [ rsync coreutils bash openssh ];
- script = ''
- ${pkgs.vrsync}/bin/vrsync
- '';
-
- startAt = "hourly";
- serviceConfig = {
- Type = "oneshot";
- OnFailure = "status-email-root@%n.service";
- };
- };
- # ape – sync git mirrors
- systemd.services.ape = {
- description = "Ape - sync git mirrors";
- requires = [ "network-online.target" ];
- after = [ "network-online.target" ];
-
- restartIfChanged = false;
- unitConfig.X-StopOnRemoval = false;
-
- serviceConfig = {
- Type = "oneshot";
- User = "vincent";
- OnFailure = "status-email-root@%n.service";
- };
-
- path = with pkgs; [ git ];
- script = ''
- ${pkgs.nur.repos.vdemeester.ape}/bin/ape up /home/vincent/var/mirrors
- '';
-
- startAt = "hourly";
- };
-}
tmp/nixos-configuration/machine/home.nix
@@ -1,30 +0,0 @@
-{ config, pkgs, ... }:
-
-with import ../assets/machines.nix; {
- boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ];
- networking.domain = "synodine.home";
- time.timeZone = "Europe/Paris";
- # To mimic autofs on fedora
- fileSystems."/net/synodine.home/" = {
- device = "${home.ips.synodine}:/";
- fsType = "nfs";
- options = [ "x-systemd.automount" "noauto" ];
- };
- # FIXME(vdemeester): I think it acts like this because there is only one export
- fileSystems."/net/sakhalin.home/export/" = {
- device = "${home.ips.sakhalin}:/";
- fsType = "nfs";
- options = [ "x-systemd.automount" "noauto" ];
- };
- # Deprecated
- fileSystems."/mnt/synodine" = {
- device = "${home.ips.synodine}:/";
- fsType = "nfs";
- options = [ "x-systemd.automount" "noauto" ];
- };
- fileSystems."/mnt/sakhalin" = {
- device = "${home.ips.sakhalin}:/";
- fsType = "nfs";
- options = [ "x-systemd.automount" "noauto" ];
- };
-}
tmp/nixos-configuration/machine/honshu.nix
@@ -1,36 +0,0 @@
-{ config, pkgs, ... }:
-
-with import ../assets/machines.nix; {
- imports = [ ../hardware/dell-latitude-e6540.nix ./home.nix ];
- networking = {
- firewall.enable = false; # we are in safe territory :D
- bridges.br1.interfaces = [ "eno1" ];
- useDHCP = false;
- interfaces.br1 = {
- useDHCP = true;
- };
- };
- profiles = {
- avahi.enable = true;
- dev.enable = true;
- nix-config.buildCores = 4;
- ssh.enable = true;
- syncthing.enable = true;
- virtualization = {
- enable = true;
- nested = true;
- listenTCP = true;
- };
- };
- services = {
- logind.lidSwitch = "ignore";
- syncthing.guiAddress = "0.0.0.0:8384";
- wireguard = {
- enable = true;
- ips = [ "${wireguard.ips.honshu}/24" ];
- endpoint = wg.endpointIP;
- endpointPort = wg.listenPort;
- endpointPublicKey = wireguard.kerkouane.publicKey;
- };
- };
-}
tmp/nixos-configuration/machine/kerkouane.nix
@@ -1,86 +0,0 @@
-{ config, pkgs, ... }:
-
-with import ../assets/machines.nix; {
- imports = [ ../networking.nix ];
- time.timeZone = "Europe/Paris";
- boot = {
- cleanTmpDir = true;
- loader.grub.enable = true;
- };
- profiles = {
- git.enable = true;
- nix-config.localCaches = [];
- nix-config.buildCores = 1;
- ssh.enable = true;
- syncthing.enable = true;
- wireguard.server.enable = true;
- };
- networking.firewall.allowPing = true;
- networking.firewall.allowedTCPPorts = [ 80 443 ];
- security = {
- acme.certs = {
- "sbr.pm".email = "vincent@sbr.pm";
- };
- };
- services = {
- govanityurl = {
- enable = true;
- user = "nginx";
- host = "go.sbr.pm";
- config = ''
- paths:
- /ape:
- repo: https://gitlab.com/vdemeester/ape
- /nr:
- repo: https://gitlab.com/vdemeester/nr
- /ram:
- repo: https://gitlab.com/vdemeester/ram
- /sec:
- repo: https://gitlab.com/vdemeester/sec
- '';
- };
- nginx = {
- enable = true;
- virtualHosts."dl.sbr.pm" = {
- enableACME = true;
- forceSSL = true;
- root = "/home/vincent/desktop/sites/dl.sbr.pm";
- locations."/" = {
- index = "index.html";
- };
- };
- virtualHosts."paste.sbr.pm" = {
- enableACME = true;
- forceSSL = true;
- root = "/home/vincent/desktop/sites/paste.sbr.pm";
- locations."/" = {
- index = "index.html";
- };
- };
- virtualHosts."go.sbr.pm" = {
- enableACME = true;
- forceSSL = true;
- locations."/" = { proxyPass = "http://127.0.0.1:8080"; };
- };
- virtualHosts."sbr.pm" = {
- enableACME = true;
- forceSSL = true;
- root = "/home/vincent/desktop/sites/sbr.pm";
- locations."/" = {
- index = "index.html";
- };
- };
- virtualHosts."vincent.demeester.fr" = {
- enableACME = true;
- forceSSL = true;
- root = "/home/vincent/desktop/sites/vincent.demeester.fr";
- locations."/" = {
- index = "index.html";
- };
- };
- };
- openssh.ports = [ ssh.kerkouane.port ];
- openssh.permitRootLogin = "without-password";
- syncthing.guiAddress = "127.0.0.1:8384";
- };
-}
tmp/nixos-configuration/machine/okinawa.nix
@@ -1,95 +0,0 @@
-{ config, pkgs, ... }:
-
-with import ../assets/machines.nix; {
- imports = [ ./home.nix ];
- boot = {
- cleanTmpDir = true;
- };
- networking = {
- firewall.enable = false; # we are in safe territory :D
- bridges.br1.interfaces = [ "enp0s31f6" ];
- useDHCP = false;
- interfaces.br1 = {
- useDHCP = true;
- };
- };
- profiles = {
- avahi.enable = true;
- git.enable = true;
- nix-config.buildCores = 4;
- ssh.enable = true;
- syncthing.enable = true;
- virtualization = {
- enable = true;
- nested = true;
- listenTCP = true;
- };
- };
- services = {
- bind = {
- enable = true;
- forwarders = [ "8.8.8.8" "8.8.4.4" ];
- cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ];
- zones = [
- {
- # home
- name = "home";
- slaves = [];
- file = ../assets/db.home;
- }
- {
- # home.reverse
- name = "192.168.1.in-addr.arpa";
- slaves = [];
- file = ../assets/db.192.168.1;
- }
- {
- # vpn
- name = "vpn";
- slaves = [];
- file = ../assets/db.vpn;
- }
- {
- # vpn.reverse
- name = "10.100.0.in-addr.arpa";
- slaves = [];
- file = ../assets/db.10.100.0;
- }
- ];
- };
- nix-binary-cache = {
- enable = true;
- domain = "nix.cache.home";
- aliases = [ "cache.massimo.home" "nix.okinawa.home" ];
- };
- syncthing.guiAddress = "0.0.0.0:8384";
- tarsnap = {
- enable = true;
- archives = {
- documents = {
- directories = [ "/home/vincent/desktop/documents" ];
- period = "daily";
- keyfile = "/etc/nixos/assets/tarsnap.documents.key";
- };
- org = {
- directories = [ "/home/vincent/desktop/org" ];
- period = "daily";
- keyfile = "/etc/nixos/assets/tarsnap.org.key";
- };
- sites = {
- directories = [ "/home/vincent/desktop/sites" ];
- period = "daily";
- keyfile = "/etc/nixos/assets/tarsnap.sites.key";
- };
- };
- };
- wireguard = {
- enable = true;
- ips = [ "${wireguard.ips.okinawa}/24" ];
- endpoint = wg.endpointIP;
- endpointPort = wg.listenPort;
- endpointPublicKey = wireguard.kerkouane.publicKey;
- };
- };
- security.apparmor.enable = true;
-}
tmp/nixos-configuration/machine/sakhalin.nix
@@ -1,154 +0,0 @@
-{ config, pkgs, ... }:
-
-with import ../assets/machines.nix; {
- imports = [ ./home.nix ];
- boot = {
- cleanTmpDir = true;
- };
- networking = {
- firewall.enable = false; # we are in safe territory :D
- bridges.br1.interfaces = [ "enp0s31f6" ];
- useDHCP = false;
- interfaces.br1 = {
- useDHCP = true;
- };
- };
- profiles = {
- avahi.enable = true;
- git.enable = true;
- nix-config.buildCores = 4;
- ssh.enable = true;
- syncthing.enable = true;
- virtualization = {
- enable = true;
- nested = true;
- listenTCP = true;
- };
- };
- fileSystems."/export/gaia" = { device = "/mnt/gaia"; options = [ "bind" ]; };
- fileSystems."/export/toshito" = { device = "/mnt/toshito"; options = [ "bind" ]; };
- services = {
- nfs.server = {
- enable = true;
- exports = ''
- /export 192.168.1.0/24(rw,fsid=0,no_subtree_check) 10.100.0.0/24(rw,fsid=0,no_subtree_check)
- /export/gaia 192.168.1.0/24(rw,fsid=1,no_subtree_check) 10.100.0.0/24(rw,fsid=1,no_subtree_check)
- /export/toshito 192.168.1.0/24(rw,fsid=2,no_subtree_check) 10.100.0.0/24(rw,fsid=2,no_subtree_check)
- '';
- };
- bind = {
- enable = true;
- forwarders = [ "8.8.8.8" "8.8.4.4" ];
- cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ];
- zones = [
- {
- # home
- name = "home";
- slaves = [];
- file = ../assets/db.home;
- }
- {
- # home.reverse
- name = "192.168.1.in-addr.arpa";
- slaves = [];
- file = ../assets/db.192.168.1;
- }
- {
- # vpn
- name = "vpn";
- slaves = [];
- file = ../assets/db.vpn;
- }
- {
- # vpn.reverse
- name = "10.100.0.in-addr.arpa";
- slaves = [];
- file = ../assets/db.10.100.0;
- }
- ];
- };
- syncthing.guiAddress = "0.0.0.0:8384";
- wireguard = {
- enable = true;
- ips = [ "${wireguard.ips.sakhalin}/24" ];
- endpoint = wg.endpointIP;
- endpointPort = wg.listenPort;
- endpointPublicKey = wireguard.kerkouane.publicKey;
- };
- };
- security.apparmor.enable = true;
- # -----------------------------------
- environment.etc."vrsync".text = ''
- /home/vincent/desktop/pictures/screenshots/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/screenshots/
- /home/vincent/desktop/pictures/wallpapers/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/wallpapers/
- /home/vincent/desktop/documents/ vincent@synodine.home:/volume1/documents/
- /mnt/gaia/photos/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/photos/
- /mnt/gaia/music/ vincent@synodine.home:/volumeUSB2/usbshare/music/
- '';
- systemd.services.vrsync = {
- description = "vrsync - sync folders to NAS";
- requires = [ "network-online.target" ];
- after = [ "network-online.target" ];
-
- unitConfig.X-StopOnRemoval = false;
- restartIfChanged = false;
-
- path = with pkgs; [ rsync coreutils bash openssh ];
- script = ''
- ${pkgs.vrsync}/bin/vrsync
- '';
-
- startAt = "hourly";
- serviceConfig = {
- Type = "oneshot";
- OnFailure = "status-email-root@%n.service";
- };
- };
- # ape – sync git mirrors
- systemd.services.ape = {
- description = "Ape - sync git mirrors";
- requires = [ "network-online.target" ];
- after = [ "network-online.target" ];
-
- restartIfChanged = false;
- unitConfig.X-StopOnRemoval = false;
-
- serviceConfig = {
- Type = "oneshot";
- User = "vincent";
- OnFailure = "status-email-root@%n.service";
- };
-
- path = with pkgs; [ git ];
- script = ''
- ${pkgs.nur.repos.vdemeester.ape}/bin/ape up /home/vincent/var/mirrors
- '';
-
- startAt = "hourly";
- };
- # mr -i u daily
- systemd.services.mr = {
- description = "Update configs daily";
- requires = [ "network-online.target" ];
- after = [ "network-online.target" ];
-
- restartIfChanged = false;
- unitConfig.X-StopOnRemoval = false;
-
- serviceConfig = {
- Type = "oneshot";
- User = "vincent";
- OnFailure = "status-email-root@%n.service";
- };
-
- path = with pkgs; [ git mr ];
- script = ''
- set -e
- cd /mnt/gaia/src/configs/
- mr -t run git reset --hard
- mr -t u
- '';
-
- startAt = "daily";
- };
-}
tmp/nixos-configuration/machine/wakasu.nix
@@ -1,91 +0,0 @@
-{ config, pkgs, ... }:
-
-with import ../assets/machines.nix; {
- imports = [ ../hardware/lenovo-p50.nix ./home.nix ];
- boot = {
- kernelModules = [ "kvm_intel" ];
- kernelParams = [ "kvm_intel.nested=1" ];
- kernel.sysctl = {
- "net.bridge.bridge-nf-call-arptables" = 0;
- "net.bridge.bridge-nf-call-iptables" = 0;
- "net.bridge.bridge-nf-call-ip6tables" = 0;
- };
- };
- networking = {
- firewall.enable = false; # we are in safe territory :D
- hosts = {
- "${home.ips.honshu}" = [ "honshu.home" ];
- "${wireguard.ips.honshu}" = [ "honshu.vpn" ];
- "${home.ips.shikoku}" = [ "shikoku.home" ];
- "${wireguard.ips.shikoku}" = [ "shikoku.vpn" ];
- "${home.ips.wakasu}" = [ "wakasu.home" ];
- "${wireguard.ips.wakasu}" = [ "wakasu.vpn" ];
- "${home.ips.hokkaido}" = [ "hokkaido.home" ];
- "${wireguard.ips.hokkaido}" = [ "hokkaido.vpn" ];
- "${home.ips.sakhalin}" = [ "sakhalin.home" ];
- "${wireguard.ips.sakhalin}" = [ "sakhalin.vpn" ];
- "${wireguard.ips.massimo}" = [ "massimo.vpn" ];
- "${home.ips.synodine}" = [ "synodine.home" ];
- "${home.ips.okinawa}" = [ "okinawa.home" "cache.home" "svc.home" "nix.cache.home" "go.cache.home" ];
- "${wireguard.ips.okinawa}" = [ "okinawa.vpn" ];
- "${wireguard.ips.carthage}" = [ "carthage.vpn" ];
- "${wireguard.ips.kerkouane}" = [ "kerkouane.vpn" ];
- };
- };
- profiles = {
- dev.enable = true;
- laptop.enable = true;
- desktop.autoLogin = true;
- docker.enable = true;
- nix-config.buildCores = 4;
- #qemu-user = { arm = true; aarch64 = true; };
- ssh = {
- enable = true;
- forwardX11 = true;
- };
- virtualization = {
- enable = true;
- nested = true;
- listenTCP = true;
- };
- yubikey.enable = true;
- };
- programs = {
- podman.enable = true;
- };
- security.sudo = {
- extraConfig = ''
- %users ALL = (root) NOPASSWD: /home/vincent/.nix-profile/bin/kubernix
- '';
- };
- services = {
- logind.extraConfig = ''
- HandleLidSwitch=ignore
- HandleLidSwitchExternalPower=ignore
- HandleLidSwitchDocked=ignore
- '';
- #syncthing.guiAddress = "${wireguard.ips.wakasu}:8384";
- syncthing.guiAddress = "0.0.0.0:8384";
- smartd = {
- enable = true;
- devices = [ { device = "/dev/nvme0n1"; } ];
- };
- wireguard = {
- enable = true;
- ips = [ "${wireguard.ips.wakasu}/24" ];
- endpoint = wg.endpointIP;
- endpointPort = wg.listenPort;
- endpointPublicKey = wireguard.kerkouane.publicKey;
- };
- xserver = {
- videoDrivers = [ "nvidia" ];
- dpi = 96;
- serverFlagsSection = ''
- Option "BlankTime" "0"
- Option "StandbyTime" "0"
- Option "SuspendTime" "0"
- Option "OffTime" "0"
- '';
- };
- };
-}
tmp/nixos-configuration/modules/hardware/sane-extra-config.nix
@@ -1,43 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
- cfg = config.hardware.sane;
-
- pkg = if cfg.snapshot
- then pkgs.sane-backends-git
- else pkgs.sane-backends;
-
- backends = [ pkg ] ++ cfg.extraBackends;
-
- saneConfig = pkgs.mkSaneConfig { paths = backends; };
-
- saneExtraConfig = pkgs.runCommand "sane-extra-config" {} ''
- cp -Lr '${pkgs.mkSaneConfig { paths = [ pkgs.sane-backends ]; }}'/etc/sane.d $out
- chmod +w $out
- ${concatMapStrings (c: ''
- f="$out/${c.name}.conf"
- [ ! -e "$f" ] || chmod +w "$f"
- cat ${builtins.toFile "" (c.value + "\n")} >>"$f"
- chmod -w "$f"
- '') (mapAttrsToList nameValuePair cfg.extraConfig)}
- chmod -w $out
- '';
-
-in
-
-{
- options = {
- hardware.sane.extraConfig = mkOption {
- type = types.attrsOf types.lines;
- default = {};
- example = { "some-backend" = "# some lines to add to its .conf"; };
- };
- };
-
- config = mkIf (cfg.enable && cfg.extraConfig != {}) {
- hardware.sane.configDir = saneExtraConfig.outPath;
- };
-}
tmp/nixos-configuration/modules/profiles/assets/fish/fish_prompt.fish
@@ -1,258 +0,0 @@
-# name: lambda
-function __fish_basename -d 'basically basename, but faster'
- string replace -r '^.*/' '' -- $argv
-end
-
-function __fish_dirname -d 'basically dirname, but faster'
- string replace -r '/[^/]+/?$' '' -- $argv
-end
-
-
-function __fish_prompt_status -S -a last_status -d 'Display flags for non-zero-exit status, root user, and background jobs'
- set -l nonzero
- set -l superuser
- set -l bg_jobs
-
- # Last exit was nonzero
- [ $last_status -ne 0 ]
- and set nonzero 1
-
- # If superuser (uid == 0)
- #
- # Note that iff the current user is root and '/' is not writeable by root this
- # will be wrong. But I can't think of a single reason that would happen, and
- # it is literally 99.5% faster to check it this way, so that's a tradeoff I'm
- # willing to make.
- [ -w / ]
- and [ (id -u) -eq 0 ]
- and set superuser 1
-
- # Jobs display
- jobs -p >/dev/null
- and set bg_jobs 1
-
- if [ "$nonzero" ]
- set_color red
- echo -n '! '
- set_color normal
- end
-
- if [ "$superuser" ]
- set_color red
- echo -n '$ '
- set_color normal
- end
-
- if [ "$bg_jobs" ]
- set_color gray
- echo -n '% '
- set_color normal
- end
-end
-
-function __fish_prompt_user -S -d 'Display current user and hostname'
- [ -n "$SSH_CLIENT" ]
- and set -l display_user_hostname
-
- if set -q display_user_hostname
- set -l IFS .
- hostname | read -l hostname __
- echo -ns (whoami) '@' $hostname
- end
-end
-
-function __fish_git_project_dir
- set -l git_dir (command git rev-parse --git-dir ^/dev/null)
- or return
-
- pushd $git_dir
- set git_dir $PWD
- popd
-
- switch $PWD/
- case $git_dir/\*
- # Nothing works quite right if we're inside the git dir
- # TODO: fix the underlying issues then re-enable the stuff below
-
- # # if we're inside the git dir, sweet. just return that.
- # set -l toplevel (command git rev-parse --show-toplevel ^/dev/null)
- # if [ "$toplevel" ]
- # switch $git_dir/
- # case $toplevel/\*
- # echo $git_dir
- # end
- # end
- return
- end
-
- set -l project_dir (__fish_dirname $git_dir)
-
- switch $PWD/
- case $project_dir/\*
- echo $project_dir
- return
- end
-
- set project_dir (command git rev-parse --show-toplevel ^/dev/null)
- switch $PWD/
- case $project_dir/\*
- echo $project_dir
- end
-end
-
-function __fish_git_ahead -S -d 'Print the ahead/behind state for the current branch'
- set -l ahead 0
- set -l behind 0
- for line in (command git rev-list --left-right '@{upstream}...HEAD' ^/dev/null)
- switch "$line"
- case '>*'
- if [ $behind -eq 1 ]
- echo '±'
- return
- end
- set ahead 1
- case '<*'
- if [ $ahead -eq 1 ]
- echo "±"
- return
- end
- set behind 1
- end
- end
-
- if [ $ahead -eq 1 ]
- echo "+"
- else if [ $behind -eq 1 ]
- echo "-"
- end
-end
-
-function __fish_git_branch -S -d 'Get the current git branch (or commitish)'
- set -l ref (command git symbolic-ref HEAD ^/dev/null)
- and begin
- string replace 'refs/heads/' "" $ref
- and return
- end
-
- set -l tag (command git describe --tags --exact-match ^/dev/null)
- and echo "tag:$tag"
- and return
-
- set -l branch (command git show-ref --head -s --abbrev | head -n1 ^/dev/null)
- echo "detached:$branch"
-end
-
-function __fish_prompt_git -S -a current_dir -d 'Display the actula git state'
- set -l dirty ''
- set -l show_dirty (command git config --bool bash.showDirtyState ^/dev/null)
- if [ "$show_dirty" != 'false' ]
- set dirty (command git diff --no-ext-diff --quiet --exit-code ^/dev/null; or echo -n "*")
- end
-
- set -l staged (command git diff --cached --no-ext-diff --quiet --exit-code ^/dev/null; or echo -n "~")
- set -l stashed (command git rev-parse --verify --quiet refs/stash >/dev/null; and echo -n '$')
- set -l ahead (__fish_git_ahead)
-
- set -l new ''
- set -l show_untracked (command git config --bool bash.showUntrackedFiles ^/dev/null)
- if [ "$show_untracked" != 'false' ]
- set new (command git ls-files --other --exclude-standard --directory --no-empty-directory ^/dev/null)
- if [ "$new" ]
- set new "…"
- end
- end
-
- set -l flags "$dirty$staged$stashed$ahead$new"
- [ "$flags" ]
- and set flags ":$flags"
-
- __fish_path_segment $current_dir
-
- set_color green
- echo -n '{'
- echo -ns (__fish_git_branch) $flags ''
- echo -n '}'
- set_color normal
-
- set -l project_pwd (command git rev-parse --show-prefix ^/dev/null | string trim --right --chars=/)
-
- if [ "$project_pwd" ]
- set_color brblack
- echo -n "/$project_pwd"
- set_color normal
- end
-end
-
-function __fish_prompt_dir -S -d 'Display a shortened form of the current directory'
- __fish_path_segment "$PWD"
-end
-
-function __fish_path_segment -S -a current_dir -d 'Display a shortened form of a directory'
- set -l directory
- set -l parent
-
- switch "$current_dir"
- case /
- set directory '/'
- case "$HOME"
- set directory '~'
- case '*'
- set parent (__fish_pretty_parent "$current_dir")
- set directory (__fish_basename "$current_dir")
- end
-
- set_color white
- echo -n $parent
- set_color --bold
- echo -ns $directory ''
- set_color normal
-end
-
-function __fish_pretty_parent -S -a current_dir -d 'Print a parent directory, shortened to fit the prompt'
- set -q fish_prompt_pwd_dir_length
- or set -l fish_prompt_pwd_dir_length 1
-
- # Replace $HOME with ~
- set -l real_home ~
- set -l parent_dir (string replace -r '^'"$real_home"'($|/)' '~$1' (__fish_dirname $current_dir))
-
- # Must check whether `$parent_dir = /` if using native dirname
- if [ -z "$parent_dir" ]
- echo -n /
- return
- end
-
- if [ $fish_prompt_pwd_dir_length -eq 0 ]
- echo -n "$parent_dir/"
- return
- end
-
- string replace -ar '(\.?[^/]{'"$fish_prompt_pwd_dir_length"'})[^/]*/' '$1/' "$parent_dir/"
-end
-
-# TODO: handle envs (nix-shell, virtualenv, ...)
-
-function fish_prompt -d 'vde-lambda, a fish theme optimized for me :D'
- if test $TERM = "dumb"
- echo "\$ "
- return 0
- end
- # Save the last status for later
- set -l last_status $status
-
- __fish_prompt_status $last_status
- __fish_prompt_user
-
- # vcs
- set -l git_root (__fish_git_project_dir)
-
- if [ "$git_root" ]
- __fish_prompt_git $git_root
- else
- __fish_prompt_dir
- end
-
- set_color --bold brblack
- echo -n " λ "
- set_color normal
-end
tmp/nixos-configuration/modules/profiles/assets/fish/fish_right_prompt.fish
@@ -1,30 +0,0 @@
-function __fish_prompt_nix_shell
- [ -z "$IN_NIX_SHELL" ]
- and return
- set_color yellow
- echo -n -s '🄪 '
- set_color normal
-end
-
-# ⏍ ⧆ ⌗ ⧉
-function __fish_prompt_direnv
- [ -z "$DIRENV_DIR" ]
- and return
- set_color yellow
- echo -n -s '⧉ '
- set_color normal
-end
-
-function __fish_prompt_virtualenv
- [ -z "$VIRTUAL_ENV" ]
- and return
- set_color green
- echo -ns 'venv:' (basename "$VIRTUAL_ENV") ' '
- set_color normal
-end
-
-function fish_right_prompt
- __fish_prompt_direnv
- __fish_prompt_nix_shell
- __fish_prompt_virtualenv
-end
tmp/nixos-configuration/modules/profiles/avahi.nix
@@ -1,31 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.avahi;
-in
-{
- options = {
- profiles.avahi = {
- enable = mkOption {
- default = false;
- description = "Enable avahi profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- services = {
- avahi = {
- enable = true;
- ipv4 = true;
- ipv6 = true;
- nssmdns = true;
- publish = {
- enable = true;
- userServices = true;
- };
- };
- };
- };
-}
tmp/nixos-configuration/modules/profiles/base.nix
@@ -1,54 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.base;
-in
-{
- options = {
- profiles.base = {
- enable = mkOption {
- default = true;
- description = "Enable base profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- boot.loader.systemd-boot.enable = true;
- environment = {
- variables = {
- EDITOR = pkgs.lib.mkOverride 0 "vim";
- };
- systemPackages = with pkgs; [
- cachix
- direnv
- exa
- file
- htop
- iotop
- lsof
- netcat
- psmisc
- pv
- tmux
- tree
- vim
- vrsync
- wget
- gnumake
- ];
- };
- systemd.services."status-email-root@" = {
- description = "status email for %i to vincent";
- serviceConfig = {
- Type = "oneshot";
- ExecStart = ''
- ${pkgs.nur.repos.vdemeester.systemd-email}/bin/systemd-email vincent@demeester.fr %i
- '';
- User = "root";
- Environment = "PATH=/run/current-system/sw/bin";
- };
- };
- };
-}
tmp/nixos-configuration/modules/profiles/buildkit.nix
@@ -1,44 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.buildkit;
-in
-{
- options = {
- profiles.buildkit = {
- enable = mkOption {
- default = false;
- description = "Enable buildkit profile";
- type = types.bool;
- };
- package = mkOption {
- default = pkgs.nur.repos.vdemeester.buildkit;
- description = "buildkit package to be used";
- type = types.package;
- };
- runcPackage = mkOption {
- default = pkgs.nur.repos.vdemeester.runc;
- description = "runc package to be used";
- type = types.package;
- };
- };
- };
- config = mkIf cfg.enable {
- profiles.containerd = {
- enable = true;
- runcPackage = cfg.runcPackage;
- };
- environment.systemPackages = with pkgs; [
- cfg.package
- ];
- virtualisation = {
- buildkitd= {
- enable = true;
- package = cfg.package;
- packages = [ cfg.runcPackage pkgs.git ];
- extraOptions = "--oci-worker=false --containerd-worker=true";
- };
- };
- };
-}
tmp/nixos-configuration/modules/profiles/containerd.nix
@@ -1,52 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.containerd;
-in
-{
- options = {
- profiles.containerd = {
- enable = mkOption {
- default = false;
- description = "Enable containerd profile";
- type = types.bool;
- };
- package = mkOption {
- default = pkgs.nur.repos.vdemeester.containerd;
- description = "containerd package to be used";
- type = types.package;
- };
- runcPackage = mkOption {
- default = pkgs.runc;
- description = "runc package to be used";
- type = types.package;
- };
- cniPackage = mkOption {
- default = pkgs.cni;
- description = "cni package to be used";
- type = types.package;
- };
- cniPluginsPackage = mkOption {
- default = pkgs.cni-plugins;
- description = "cni-plugins package to be used";
- type = types.package;
- };
- };
- };
- config = mkIf cfg.enable {
- environment.systemPackages = with pkgs; [
- cfg.cniPackage
- cfg.cniPluginsPackage
- cfg.package
- cfg.runcPackage
- ];
- virtualisation = {
- containerd = {
- enable = true;
- package = cfg.package;
- packages = [ cfg.runcPackage ];
- };
- };
- };
-}
tmp/nixos-configuration/modules/profiles/desktop.nix
@@ -1,209 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.desktop;
-in
-{
- options = {
- profiles.desktop = {
- enable = mkOption {
- default = false;
- description = "Enable desktop profile";
- type = types.bool;
- };
- avahi = mkOption {
- default = true;
- description = "Enable avahi with the desktop profile";
- type = types.bool;
- };
- pulseaudio = mkOption {
- default = true;
- description = "Enable pulseaudio with the desktop profile";
- type = types.bool;
- };
- flatpak = mkOption {
- default = true;
- description = "Enable flatpak with the desktop profile";
- type = types.bool;
- };
- syncthing = mkOption {
- default = true;
- description = "Enable syncthing with the desktop profile";
- type = types.bool;
- };
- scanning = mkOption {
- default = true;
- description = "Enable scanning with the desktop profile";
- type = types.bool;
- };
- printing = mkOption {
- default = true;
- description = "Enable printing with the desktop profile";
- type = types.bool;
- };
- networkmanager = mkOption {
- default = true;
- description = "Enable networkmanager with the desktop profile";
- type = types.bool;
- };
- autoLogin = mkOption {
- default = false;
- description = "Enable auto login";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- profiles.avahi.enable = cfg.avahi;
- profiles.printing.enable = cfg.printing;
- profiles.pulseaudio.enable = cfg.pulseaudio;
- profiles.scanning.enable = cfg.scanning;
- profiles.syncthing.enable = cfg.syncthing;
-
- boot = {
- tmpOnTmpfs = true;
- plymouth.enable = true;
- };
-
- hardware.bluetooth.enable = true;
-
- networking.networkmanager = {
- enable = cfg.networkmanager;
- unmanaged = [
- "interface-name:ve-*"
- "interface-name:veth*"
- "interface-name:wg0"
- "interface-name:docker0"
- "interface-name:virbr*"
- ];
- packages = with pkgs; [ networkmanager-openvpn ];
- };
-
- programs.dconf.enable = true;
- xdg.portal.enable = cfg.flatpak;
-
- services = {
- flatpak.enable = cfg.flatpak;
- dbus.packages = [ pkgs.gnome3.dconf ];
- xserver = {
- enable = true;
- enableTCP = false;
- windowManager.twm.enable = true;
- libinput.enable = true;
- synaptics.enable = false;
- layout = "fr(bepo),fr";
- xkbVariant = "oss";
- xkbOptions = "grp:menu_toggle,grp_led:caps,compose:caps";
- inputClassSections = [
- ''
- Identifier "TypeMatrix"
- MatchIsKeyboard "on"
- MatchVendor "TypeMatrix.com"
- MatchProduct "USB Keyboard"
- Driver "evdev"
- Option "XbkModel" "tm2030USB"
- Option "XkbLayout" "fr"
- Option "XkbVariant" "bepo"
- ''
- ''
- Identifier "ErgoDox"
- #MatchVendor "ErgoDox_EZ"
- #MatchProduct "ErgoDox_EZ"
- MatchIsKeyboard "on"
- MatchUSBID "feed:1307"
- Driver "evdev"
- Option "XkbLayout" "fr"
- Option "XkbVariant" "bepo"
- ''
- ];
- displayManager = {
- # defaultSession = "none+i3";
- lightdm = {
- enable = true;
- autoLogin = {
- enable = true;
- user = "vincent";
- };
- };
- };
- };
- };
- fonts = {
- enableFontDir = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- corefonts
- dejavu_fonts
- emojione
- feh
- fira
- fira-code
- fira-code-symbols
- fira-mono
- hasklig
- inconsolata
- iosevka
- noto-fonts
- noto-fonts-cjk
- noto-fonts-emoji
- noto-fonts-extra
- overpass
- symbola
- source-code-pro
- twemoji-color-font
- ubuntu_font_family
- unifont
- ];
- };
-
- # Polkit.
- security.polkit.extraConfig = ''
- polkit.addRule(function(action, subject) {
- if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
- action.id == "org.freedesktop.udisks2.encrypted-unlock-system"
- ) &&
- subject.local && subject.active && subject.isInGroup("users")) {
- return polkit.Result.YES;
- }
- var YES = polkit.Result.YES;
- var permission = {
- // required for udisks1:
- "org.freedesktop.udisks.filesystem-mount": YES,
- "org.freedesktop.udisks.luks-unlock": YES,
- "org.freedesktop.udisks.drive-eject": YES,
- "org.freedesktop.udisks.drive-detach": YES,
- // required for udisks2:
- "org.freedesktop.udisks2.filesystem-mount": YES,
- "org.freedesktop.udisks2.encrypted-unlock": YES,
- "org.freedesktop.udisks2.eject-media": YES,
- "org.freedesktop.udisks2.power-off-drive": YES,
- // required for udisks2 if using udiskie from another seat (e.g. systemd):
- "org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
- "org.freedesktop.udisks2.filesystem-unmount-others": YES,
- "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
- "org.freedesktop.udisks2.eject-media-other-seat": YES,
- "org.freedesktop.udisks2.power-off-drive-other-seat": YES
- };
- if (subject.isInGroup("wheel")) {
- return permission[action.id];
- }
- });
- '';
-
- environment.systemPackages = with pkgs; [
- cryptsetup
- xlibs.xmodmap
- xorg.xbacklight
- xorg.xdpyinfo
- xorg.xhost
- xorg.xinit
- xss-lock
- xorg.xmessage
- unzip
- gnupg
- pinentry
- inxi
- ];
- };
-}
tmp/nixos-configuration/modules/profiles/dev.nix
@@ -1,27 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.dev;
-in
-{
- options = {
- profiles.dev = {
- enable = mkOption {
- default = false;
- description = "Enable dev profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- profiles.git.enable = true;
- environment.systemPackages = with pkgs; [
- git
- tig
- grc
- ripgrep
- gnumake
- ];
- };
-}
tmp/nixos-configuration/modules/profiles/docker.nix
@@ -1,43 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.docker;
-in
-{
- options = {
- profiles.docker = {
- enable = mkOption {
- default = false;
- description = "Enable docker profile";
- type = types.bool;
- };
- package = mkOption {
- default = pkgs.docker-edge;
- description = "docker package to be used";
- type = types.package;
- };
- runcPackage = mkOption {
- default = pkgs.runc;
- description = "runc package to be used";
- type = types.package;
- };
- };
- };
- config = mkIf cfg.enable {
- profiles.containerd.enable = true;
- virtualisation = {
- docker = {
- enable = true;
- package = cfg.package;
- liveRestore = false;
- storageDriver = "overlay2";
- extraOptions = "--experimental --add-runtime docker-runc=${cfg.runcPackage}/bin/runc --default-runtime=docker-runc --containerd=/run/containerd/containerd.sock";
- };
- };
- environment.etc."docker/daemon.json".text = ''
- {"features":{"buildkit": true}, "insecure-registries": ["172.30.0.0/16", "192.168.12.0/16", "massimo.home:5000", "r.svc.home:5000", "r.svc.home" ]}
- '';
- networking.firewall.trustedInterfaces = [ "docker0" ];
- };
-}
tmp/nixos-configuration/modules/profiles/fish.nix
@@ -1,28 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.fish;
-in
-{
- options = {
- profiles.fish = {
- enable = mkOption {
- default = false;
- description = "Enable fish profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- programs.fish = {
- enable = true;
- promptInit = ''
- source /etc/fish/functions/fish_prompt.fish
- source /etc/fish/functions/fish_right_prompt.fish
- '';
- };
- environment.etc."fish/functions/fish_prompt.fish".source = ./assets/fish/fish_prompt.fish;
- environment.etc."fish/functions/fish_right_prompt.fish".source = ./assets/fish/fish_right_prompt.fish;
- };
-}
tmp/nixos-configuration/modules/profiles/gaming.nix
@@ -1,30 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.gaming;
-in
-{
- options = {
- profiles.gaming = {
- enable = mkOption {
- default = false;
- description = "Enable gaming profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- hardware = {
- opengl = {
- driSupport32Bit = true;
- };
- };
- services.udev.extraRules = ''
- # Steam controller
- SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
- KERNEL=="uinput", MODE="0660", GROUP="users", OPTIONS+="static_node=uinput"
- '';
- environment.systemPackages = with pkgs; [ steam ];
- };
-}
tmp/nixos-configuration/modules/profiles/git.nix
@@ -1,73 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.git;
-in
-{
- options = {
- profiles.git = {
- enable = mkOption {
- default = false;
- description = "Enable git profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- environment.systemPackages = with pkgs; [
- gitAndTools.gitFull
- gitAndTools.git-annex
- gitAndTools.git-extras
- ];
- environment.etc."gitconfig" = rec { text = ''
- [alias]
- co = checkout
- st = status
- ci = commit --signoff
- ca = commit --amend
- b = branc --color -v
- br = branch
- unstage = reset HEAD
- lg = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr)%Creset' --abbrev-commit --date=relative
- lga = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr)%Creset' --abbrev-commit --date=relative --branches --remotes
- lol = log --pretty=oneline --abbrev-commit --graph --decorate
- conflicts = !git ls-files --unmerged | cut -c51- | sort -u | xargs $EDITOR
- resolve = !git ls-files --unmerged | cut -c51- | sort -u | xargs git add
- [color]
- branch = auto
- diff = auto
- status = auto
- [color "branch"]
- current = cyan reverse
- local = cyan
- remote = green
- [color "diff"]
- meta = white reverse
- frag = magenta reverse
- old = red
- new = green
- [color "status"]
- added = green
- changed = yellow
- untracked = red
- [core]
- #excludesfile = ~/.gitignore.global
- [push]
- default = matching
- [merge]
- tool = vimdiff
-
- [user]
- name = Vincent Demeester
- email = vincent@sbr.pm
-
- [http]
- cookiefile = /home/vincent/.gitcookies
-
- [url "git@github.com:"]
- pushInsteadOf = git://github.com/
- '';
- };
- };
-}
tmp/nixos-configuration/modules/profiles/i18n.nix
@@ -1,24 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.i18n;
-in
-{
- options = {
- profiles.i18n = {
- enable = mkOption {
- default = true;
- description = "Enable i18n profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- console.keyMap = "fr-bepo";
- console.font = "Lat2-Terminus16";
- i18n = {
- defaultLocale = "en_US.UTF-8";
- };
- };
-}
tmp/nixos-configuration/modules/profiles/ipfs.nix
@@ -1,43 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.ipfs;
-in
-{
- options = {
- profiles.ipfs = {
- enable = mkOption {
- default = false;
- description = "Enable ipfs profile";
- type = types.bool;
- };
- autoMount = mkOption {
- default = true;
- description = "Automount /ipfs and /ipns";
- type = types.bool;
- };
- localDiscovery = mkOption {
- default = true;
- description = "Enable local discovery, switch profile to server if disable";
- type = types.bool;
- };
- extraConfig = mkOption {
- default = {
- Datastore.StorageMax = "40GB";
- };
- description = "Extra ipfs daemon configuration";
- type = types.attrs;
- };
- };
- };
- config = mkIf cfg.enable {
- services.ipfs = {
- enable = true;
- enableGC = true;
- localDiscovery = cfg.localDiscovery;
- autoMount = cfg.autoMount;
- extraConfig = cfg.extraConfig;
- };
- };
-}
tmp/nixos-configuration/modules/profiles/laptop.nix
@@ -1,32 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.laptop;
-in
-{
- options = {
- profiles.laptop = {
- enable = mkOption {
- default = false;
- description = "Enable laptop profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- boot.kernel.sysctl = {
- "vm.swappiness" = 10;
- "vm.dirty_ratio" = 25;
- "vm.dirty_background_ratio" = 10;
- "vm.dirty_writeback_centisecs" = 5000;
- "vm.dirty_expire_centisecs" = 5000;
- };
- profiles.desktop.enable = true;
- environment.systemPackages = with pkgs; [
- lm_sensors
- powertop
- acpi
- ];
- };
-}
tmp/nixos-configuration/modules/profiles/mail.nix
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ...}:
-
-with lib;
-let
- cfg = config.profiles.mail;
-in
-{
- options = {
- profiles.mail = {
- enable = mkOption {
- default = true;
- description = "Enable mail profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- environment.etc."msmtprc".source = ../../assets/msmtprc;
- environment.systemPackages = with pkgs; [ msmtp ];
- };
-}
tmp/nixos-configuration/modules/profiles/nix-auto-update.nix
@@ -1,65 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.nix-auto-update;
-in
-{
- options = {
- profiles.nix-auto-update = {
- enable = mkOption {
- default = true;
- description = "Enable nix-auto-update profile";
- type = types.bool;
- };
- autoUpgrade = mkOption {
- default = true;
- description = "Automatically try to upgrade the system";
- type = types.bool;
- };
- dates = mkOption {
- default = "weekly";
- description = "Specification (in the format described by systemd.time(7)) of the time at which the auto-update will run. ";
- type = types.str;
- };
- version = mkOption {
- default = "20.03";
- description = "System version (NixOS)";
- type = types.str;
- };
- };
- };
- config = mkIf cfg.enable (
- mkMerge [
- {
- system = {
- stateVersion = cfg.version;
- };
- }
- (
- mkIf cfg.autoUpgrade {
- systemd.services.nixos-update = {
- description = "NixOS Upgrade";
- unitConfig.X-StopOnRemoval = false;
- restartIfChanged = false;
- serviceConfig.Type = "oneshot";
- environment = config.nix.envVars
- // {
- inherit (config.environment.sessionVariables) NIX_PATH;
- HOME = "/root";
- };
- path = [ pkgs.gnutar pkgs.xz pkgs.git pkgs.gnumake config.nix.package.out pkgs.commonsCompress ];
- script = ''
- export PATH=/run/current-system/sw/bin
- cd /etc/nixos/
- git pull --autostash --rebase
- /run/current-system/sw/bin/make update switch
- '';
- startAt = cfg.dates;
- onFailure = [ "status-email-root@%n.service" ];
- };
- }
- )
- ]
- );
-}
tmp/nixos-configuration/modules/profiles/nix-config.nix
@@ -1,83 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.nix-config;
-in
-{
- options = {
- profiles.nix-config = {
- enable = mkOption {
- default = true;
- description = "Enable nix-config profile";
- type = types.bool;
- };
- gcDates = mkOption {
- default = "weekly";
- description = "Specification (in the format described by systemd.time(7)) of the time at which the garbage collector will run. ";
- type = types.str;
- };
- olderThan = mkOption {
- default = "15d";
- description = "Number of day to keep when garbage collect";
- type = types.str;
- };
- buildCores = mkOption {
- type = types.int;
- default = 2;
- example = 4;
- description = ''
- Maximum number of concurrent tasks during one build.
- '';
- };
- localCaches = mkOption {
- default = [ "http://nix.cache.home" ];
- description = "List of local nix caches";
- type = types.listOf types.str;
- };
- };
- };
- config = mkIf cfg.enable {
- nix = {
- buildCores = cfg.buildCores;
- useSandbox = true;
- gc = {
- automatic = true;
- dates = cfg.gcDates;
- options = "--delete-older-than ${cfg.olderThan}";
- };
- # if hydra is down, don't wait forever
- extraOptions = ''
- connect-timeout = 20
- build-cores = 0
- '';
- binaryCaches = cfg.localCaches ++ [
- "https://cache.nixos.org/"
- "https://r-ryantm.cachix.org"
- "https://vdemeester.cachix.org"
- "https://shortbrain.cachix.org"
- ];
- binaryCachePublicKeys = [
- "r-ryantm.cachix.org-1:gkUbLkouDAyvBdpBX0JOdIiD2/DP1ldF3Z3Y6Gqcc4c="
- "vdemeester.cachix.org-1:uCECG6so7v1rs77c5NFz2dCePwd+PGNeZ6E5DrkT7F0="
- "shortbrain.cachix.org-1:dqXcXzM0yXs3eo9ChmMfmob93eemwNyhTx7wCR4IjeQ="
- "mic92.cachix.org-1:gi8IhgiT3CYZnJsaW7fxznzTkMUOn1RY4GmXdT/nXYQ="
- ];
- trustedUsers = [ "root" "vincent" ];
- };
- nixpkgs = {
- overlays = [
- (import ../../overlays/sbr.overlay.nix)
- (import ../../overlays/unstable.overlay.nix)
- ];
- config = {
- allowUnfree = true;
- packageOverrides = pkgs: {
- nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
- inherit pkgs;
- };
- };
- };
- };
- };
-}
tmp/nixos-configuration/modules/profiles/printing.nix
@@ -1,25 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.printing;
-in
-{
- options = {
- profiles.printing = {
- enable = mkOption {
- default = false;
- description = "Enable printing profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- services = {
- printing = {
- enable = true;
- drivers = [ pkgs.gutenprint ];
- };
- };
- };
-}
tmp/nixos-configuration/modules/profiles/pulseaudio.nix
@@ -1,63 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.pulseaudio;
-in
-{
- options = {
- profiles.pulseaudio = {
- enable = mkOption {
- default = false;
- description = "Enable pulseaudio profile";
- type = types.bool;
- };
- tcp = mkOption {
- default = false;
- description = "Enable pulseaudio tcp";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- hardware = {
- pulseaudio = {
- enable = true;
- support32Bit = true;
- zeroconf = {
- discovery.enable = cfg.tcp;
- publish.enable = cfg.tcp;
- };
- tcp = {
- enable = cfg.tcp;
- anonymousClients = {
- allowAll = true;
- allowedIpRanges = [ "127.0.0.1" "192.168.12.0/24" "10.0.0.0/24" ];
- };
- };
- package = pkgs.pulseaudioFull;
- };
- };
- sound.mediaKeys.enable = true;
-
- security.pam.loginLimits = [
- { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
- { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
- { domain = "@audio"; item = "nofile"; type = "-"; value = "99999"; }
- ];
-
- # spotify & pulseaudio
- networking.firewall = {
- allowedTCPPorts = [ 57621 57622 4713 ];
- allowedUDPPorts = [ 57621 57622 ];
- };
- environment.systemPackages = with pkgs; [
- apulse # allow alsa application to use pulse
- pavucontrol # pulseaudio volume control
- pasystray # systray application
- playerctl
- ];
- # We assume xserver runs when pulseaudio does
- services.xserver.displayManager.sessionCommands = "${pkgs.pasystray}/bin/pasystray &";
- };
-}
tmp/nixos-configuration/modules/profiles/qemu.nix
@@ -1,49 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-let
- cfg = config.profiles.qemu-user;
- arm = {
- interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm";
- magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
- mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
- };
- aarch64 = {
- interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64";
- magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';
- mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
- };
- riscv64 = {
- interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64";
- magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
- mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
- };
-in {
- options = {
- profiles.qemu-user = {
- arm = mkEnableOption "enable 32bit arm emulation";
- aarch64 = mkEnableOption "enable 64bit arm emulation";
- riscv64 = mkEnableOption "enable 64bit riscv emulation";
- };
- nix.supportedPlatforms = mkOption {
- type = types.listOf types.str;
- description = "extra platforms that nix will run binaries for";
- default = [];
- };
- };
- config = mkIf (cfg.arm || cfg.aarch64) {
- nixpkgs = {
- overlays = [ (import ../../overlays/qemu/default.nix) ];
- };
- boot.binfmt.registrations =
- optionalAttrs cfg.arm { inherit arm; } //
- optionalAttrs cfg.aarch64 { inherit aarch64; } //
- optionalAttrs cfg.riscv64 { inherit riscv64; };
- nix.supportedPlatforms = (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
- ++ (optional cfg.aarch64 "aarch64-linux");
- nix.extraOptions = ''
- extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux
- '';
- nix.sandboxPaths = [ "/run/binfmt" ] ++ (optional cfg.arm "${pkgs.qemu-user-arm}") ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}");
- };
-}
tmp/nixos-configuration/modules/profiles/scanning.nix
@@ -1,28 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.scanning;
-in
-{
- options = {
- profiles.scanning = {
- enable = mkOption {
- default = false;
- description = "Enable scanning profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- environment.systemPackages = with pkgs; [
- saneFrontends
- saneBackends
- simple-scan
- ];
- hardware.sane = {
- enable = true;
- extraConfig = { "pixma" = "bjnp://192.168.12.70"; };
- };
- };
-}
tmp/nixos-configuration/modules/profiles/ssh.nix
@@ -1,34 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.ssh;
-in
-{
- options = {
- profiles.ssh = {
- enable = mkOption {
- default = false;
- description = "Enable ssh profile";
- type = types.bool;
- };
- forwardX11 = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to allow X11 connections to be forwarded.
- '';
- };
- };
- };
- config = mkIf cfg.enable {
- services = {
- openssh = {
- enable = true;
- startWhenNeeded = false;
- forwardX11 = cfg.forwardX11;
- };
- };
- programs.mosh.enable = true;
- };
-}
tmp/nixos-configuration/modules/profiles/syncthing.nix
@@ -1,26 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.syncthing;
-in
-{
- options = {
- profiles.syncthing = {
- enable = mkOption {
- default = false;
- description = "Enable syncthing profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- services.syncthing = {
- enable = true;
- user = "vincent";
- dataDir = "/home/vincent/.syncthing";
- configDir = "/home/vincent/.syncthing";
- openDefaultPorts = true;
- };
- };
-}
tmp/nixos-configuration/modules/profiles/users.nix
@@ -1,66 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.users;
-in
-{
- options = {
- profiles.users = {
- enable = mkOption {
- default = true;
- description = "Enable users profile";
- type = types.bool;
- };
- user = mkOption {
- default = "vincent";
- description = "Username to use when creating user";
- type = types.str;
- };
- # add more options (like openssh keys and config)
- };
- };
- config = mkIf cfg.enable {
- users = {
- extraUsers = {
- ${cfg.user} = {
- isNormalUser = true;
- uid = 1000;
- createHome = true;
- extraGroups = [ "wheel" "input" ] ++ optionals config.profiles.desktop.enable ["audio" "video" "lp" "scanner" "networkmanager"]
- ++ optionals config.profiles.docker.enable [ "docker" ]
- ++ optionals config.profiles.buildkit.enable [ "buildkit" ]
- ++ optionals config.profiles.virtualization.enable [ "libvirtd" "vboxusers" ];
- shell = if config.programs.fish.enable then pkgs.fish else pkgs.zsh;
- initialPassword = "changeMe";
- openssh.authorizedKeys.keys =
- with import ../../assets/machines.nix; [ ssh.yubikey.key ssh.yubikey5.key ssh.wakasu.key ssh.vincent.key ssh.houbeb.key ssh.hokkaido.key ssh.okinawa.key ];
- subUidRanges = [{ startUid = 100000; count = 65536; }];
- subGidRanges = [{ startGid = 100000; count = 65536; }];
- };
- };
- };
- programs.ssh.extraConfig = with import ../../assets/machines.nix; ''
- Host kerkouane kerkouane.sbr.pm
- Hostname kerkouane.sbr.pm
- Port ${toString ssh.kerkouane.port}
- Host kerkouane.vpn ${wireguard.ips.kerkouane}
- Hostname ${wireguard.ips.kerkouane}
- Port ${toString ssh.kerkouane.port}
- Host carthage carthage.sbr.pm
- Hostname carthage.sbr.pm
- Port ${toString ssh.carthage.port}
- Host carthage.vpn ${wireguard.ips.carthage}
- Hostname ${wireguard.ips.carthage}
- Port ${toString ssh.carthage.port}
- Host hokkaido.vpn ${wireguard.ips.hokkaido}
- Hostname ${wireguard.ips.hokkaido}
- Host honshu.vpn ${wireguard.ips.honshu}
- Hostname ${wireguard.ips.honshu}
- Host okinawa.vpn ${wireguard.ips.okinawa}
- Hostname ${wireguard.ips.okinawa}
- Host wakasu.vpn ${wireguard.ips.wakasu}
- Hostname ${wireguard.ips.wakasu}
- '';
- };
-}
tmp/nixos-configuration/modules/profiles/virtualization.nix
@@ -1,69 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.virtualization;
-in
-{
- options = {
- profiles.virtualization = {
- enable = mkOption {
- default = false;
- description = "Enable virtualization profile";
- type = types.bool;
- };
- nested = mkOption {
- default = false;
- description = "Enable nested virtualization";
- type = types.bool;
- };
- listenTCP = mkOption {
- default = false;
- description = "Make libvirt listen to TCP";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable (
- mkMerge [
- {
- virtualisation.libvirtd = {
- enable = true;
- };
- environment.systemPackages = with pkgs; [
- qemu
- vde2
- libosinfo
- ];
- }
- (
- mkIf cfg.nested {
- environment.etc."modprobe.d/kvm.conf".text = ''
- options kvm_intel nested=1
- '';
- }
- )
- (
- mkIf config.profiles.desktop.enable {
- environment.systemPackages = with pkgs; [ virtmanager ];
- }
- )
- (
- mkIf cfg.listenTCP {
- boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; };
- virtualisation.libvirtd = {
- allowedBridges = [ "br1" ];
- extraConfig = ''
- listen_tls = 0
- listen_tcp = 1
- auth_tcp="none"
- tcp_port = "16509"
- '';
- # extraOptions = [ "--listen" ];
- };
- networking.firewall.allowedTCPPorts = [ 16509 ];
- }
- )
- ]
- );
-}
tmp/nixos-configuration/modules/profiles/wireguard.server.nix
@@ -1,35 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.wireguard.server;
-in
-{
- options = {
- profiles.wireguard.server = {
- enable = mkOption {
- default = false;
- description = "Enable wireguard.server profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
- environment.systemPackages = [ pkgs.wireguard ];
- boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
- networking.firewall.extraCommands = ''
- iptables -t nat -A POSTROUTING -s10.100.0.0/24 -j MASQUERADE
- '';
- networking.firewall.allowedUDPPorts = [ 51820 ];
- networking.firewall.trustedInterfaces = [ "wg0" ];
- networking.wireguard.interfaces = with import ../../assets/machines.nix; {
- "wg0" = {
- ips = wireguard.kerkouane.allowedIPs;
- listenPort = wg.listenPort;
- privateKeyFile = "/etc/nixos/wireguard.private.key";
- peers = wg.peers;
- };
- };
- };
-}
tmp/nixos-configuration/modules/profiles/yubikey.nix
@@ -1,38 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.yubikey;
-in
-{
- options = {
- profiles.yubikey = {
- enable = mkOption {
- default = false;
- description = "Enable yubikey profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- environment = {
- systemPackages = with pkgs; [
- yubico-piv-tool
- yubikey-personalization
- yubioath-desktop
- yubikey-manager
- ];
- };
- services = {
- pcscd.enable = true;
- udev = {
- packages = with pkgs; [ yubikey-personalization ];
- extraRules = ''
-# Yubico YubiKey
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", MODE="0660", GROUP="wheel"
-# ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
- '';
- };
- };
- };
-}
tmp/nixos-configuration/modules/profiles/zsh.nix
@@ -1,22 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.zsh;
-in
-{
- options = {
- profiles.zsh = {
- enable = mkOption {
- default = true;
- description = "Enable zsh profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- programs.zsh = {
- enable = true;
- };
- };
-}
tmp/nixos-configuration/modules/programs/podman.nix
@@ -1,111 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
- cfg = config.programs.podman;
-
-in
-
-{
- options = {
- programs.podman = {
- enable = mkOption {
- default = false;
- description = ''
- Whether to configure podman
- '';
- type = types.bool;
- };
- package = mkOption {
- default = pkgs.podman;
- description = "podman package to be used";
- type = types.package;
- };
- runcPackage = mkOption {
- default = pkgs.runc;
- description = "runc package to be used";
- type = types.package;
- };
- conmonPackage = mkOption {
- default = pkgs.conmon;
- description = "conmon package to be used";
- type = types.package;
- };
- cniPackage = mkOption {
- default = pkgs.cni;
- description = "cni package to be used";
- type = types.package;
- };
- cniPluginsPackage = mkOption {
- default = pkgs.cni-plugins;
- description = "cni-plugins package to be used";
- type = types.package;
- };
- };
- };
-
- config = mkIf cfg.enable {
-
- environment.etc."containers/libpod.conf".text = ''
- image_default_transport = "docker://"
- runtime_path = ["${cfg.runcPackage}/bin/runc"]
- conmon_path = ["${cfg.conmonPackage}/bin/conmon"]
- cni_plugin_dir = ["${cfg.cniPluginsPackage}/bin/"]
- cgroup_manager = "systemd"
- cni_config_dir = "/etc/cni/net.d/"
- cni_default_network = "podman"
- # pause
- pause_image = "k8s.gcr.io/pause:3.1"
- pause_command = "/pause"
- '';
-
- environment.etc."containers/registries.conf".text = ''
- [registries.search]
- registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
-
- [registries.insecure]
- registries = ['massimo.local:5000', '192.168.12.0/16']
- '';
-
- environment.etc."containers/policy.json".text = ''
- {
- "default": [
- { "type": "insecureAcceptAnything" }
- ]
- }
- '';
-
- environment.etc."cni/net.d/87-podman-bridge.conflist".text = ''
-{
- "cniVersion": "0.3.0",
- "name": "podman",
- "plugins": [
- {
- "type": "bridge",
- "bridge": "cni0",
- "isGateway": true,
- "ipMasq": true,
- "ipam": {
- "type": "host-local",
- "subnet": "10.88.0.0/16",
- "routes": [
- { "dst": "0.0.0.0/0" }
- ]
- }
- },
- {
- "type": "portmap",
- "capabilities": {
- "portMappings": true
- }
- }
- ]
-}
- '';
-
- environment.systemPackages = with pkgs; [ cfg.package cfg.conmonPackage cfg.runcPackage iptables ];
-
- };
-}
tmp/nixos-configuration/modules/services/athens.nix
@@ -1,72 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.athens;
-in
-{
- options = {
- services.athens = {
- enable = mkEnableOption ''
- Athens is a go module proxy
- '';
- package = mkOption {
- type = types.package;
- default = pkgs.nur.repos.vdemeester.athens;
- description = ''
- Athens package to use.
- '';
- };
-
- user = mkOption {
- type = types.str;
- };
-
- group = mkOption {
- type = types.str;
- default = "nogroup";
- };
- };
- };
- config = mkIf cfg.enable {
- networking.firewall = {
- allowedTCPPorts = [ 3000 ];
- };
- systemd.packages = [ cfg.package ];
- environment.etc."athens/config.toml".text = ''
- GoBinary = "${pkgs.go}/bin/go"
- # what is that ?
- GoEnv = "development"
- GoGetWorkers = 30
- ProtocolWorkers = 30
- LogLevel = "debug"
- BuffaloLogLevel = "debug"
- Port = ":3000"
- ForceSSL = false
- CloudRuntime = "none"
- Timeout = 300
- StorageType = "disk"
-
- [Storage]
- [Storage.Disk]
- RootPath = "/var/lib/athens"
- '';
- systemd.services.athens = {
- description = "Athens service";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
- preStart = ''
- mkdir -p /var/lib/athens
- '';
- environment = { HOME="/var/lib/athens"; };
- serviceConfig = {
- User = cfg.user;
- Restart = "on-failure";
- ExecStart = ''
- ${cfg.package}/bin/proxy -config_file=/etc/athens/config.toml
- '';
- };
- path = [ cfg.package ] ++ [ pkgs.go pkgs.git ];
- };
- };
-}
tmp/nixos-configuration/modules/services/govanityurl.nix
@@ -1,54 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.govanityurl;
-in
-{
- options = {
- services.govanityurl = {
- enable = mkEnableOption ''
- govanityurl is a go canonical path server
- '';
- package = mkOption {
- type = types.package;
- default = pkgs.nur.repos.vdemeester.govanityurl;
- description = ''
- govanityurl package to use.
- '';
- };
-
- user = mkOption {
- type = types.str;
- };
-
- host = mkOption {
- type = types.str;
- };
-
- config = mkOption {
- type = types.lines;
- };
- };
- };
- config = mkIf cfg.enable {
- systemd.packages = [ cfg.package ];
- environment.etc."govanityurl/config.yaml".text = ''
- host: ${cfg.host}
- ${cfg.config}
- '';
- systemd.services.govanityurl = {
- description = "Govanity service";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = cfg.user;
- Restart = "on-failure";
- ExecStart = ''
- ${cfg.package}/bin/vanityurl /etc/govanityurl/config.yaml
- '';
- };
- path = [ cfg.package ];
- };
- };
-}
tmp/nixos-configuration/modules/services/nix-binary-cache.nix
@@ -1,94 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.nix-binary-cache;
-in
-{
- options = {
- services.nix-binary-cache = {
- enable = mkOption {
- default = false;
- description = "Enable nix-binary-cache";
- type = types.bool;
- };
- domain = mkOption {
- description = "domain to serve";
- type = types.str;
- };
- aliases = mkOption {
- default = [];
- description = "server aliases to serve";
- type = types.listOf types.str;
- };
- };
- };
- config = mkIf cfg.enable {
- networking.firewall.allowedTCPPorts = [ 80 443];
- services.nginx = {
- enable = true;
- appendHttpConfig = ''
- proxy_cache_path /var/public-nix-cache/ levels=1:2 keys_zone=cachecache:1200m max_size=20g inactive=365d use_temp_path=off;
- # Cache only success status codes; in particular we don't want to cache 404s.
- # See https://serverfault.com/a/690258/128321
- map $status $cache_header {
- 200 "public";
- 302 "public";
- default "no-cache";
- }
- access_log logs/access.log;
- '';
- virtualHosts."${cfg.domain}" = {
- serverAliases = cfg.aliases;
- # enableACME = true;
-
- locations."/" = {
- root = "/var/public-nix-cache/";
- extraConfig = ''
- expires max;
- add_header Cache-Control $cache_header always;
- # Ask the upstream server if a file isn't available locally
- error_page 404 = @fallback;
- '';
- };
- extraConfig = ''
- # Using a variable for the upstream endpoint to ensure that it is
- # resolved at runtime as opposed to once when the config file is loaded
- # and then cached forever (we don't want that):
- # see https://tenzer.dk/nginx-with-dynamic-upstreams/
- # This fixes errors like
- # nginx: [emerg] host not found in upstream "upstream.example.com"
- # when the upstream host is not reachable for a short time when
- # nginx is started.
- resolver 8.8.8.8;
- set $upstream_endpoint https://cache.nixos.org;
- '';
- locations."@fallback" = {
- proxyPass = "$upstream_endpoint";
- extraConfig = ''
- proxy_cache cachecache;
- proxy_cache_valid 200 302 60m;
- expires max;
- add_header Cache-Control $cache_header always;
- '';
- };
- # We always want to copy cache.nixos.org's nix-cache-info file,
- # and ignore our own, because `nix-push` by default generates one
- # without `Priority` field, and thus that file by default has priority
- # 50 (compared to cache.nixos.org's `Priority: 40`), which will make
- # download clients prefer `cache.nixos.org` over our binary cache.
- locations."= /nix-cache-info" = {
- # Note: This is duplicated with the `@fallback` above,
- # would be nicer if we could redirect to the @fallback instead.
- proxyPass = "$upstream_endpoint";
- extraConfig = ''
- proxy_cache cachecache;
- proxy_cache_valid 200 302 60m;
- expires max;
- add_header Cache-Control $cache_header always;
- '';
- };
- };
- };
- };
-}
tmp/nixos-configuration/modules/services/wireguard.client.nix
@@ -1,71 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.wireguard;
-in
-{
- options = {
- services.wireguard = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to enable a reverse SSH proxy.
- '';
- };
- ips = mkOption {
- type = with types; listOf str;
- description = ''
- The client IPs
- '';
- };
- allowedIPs = mkOption {
- default = [ "10.100.0.0/24" ];
- type = with types; listOf str;
- description = ''
- The peer (server) allowedIPs
- '';
- };
- endpoint = mkOption {
- type = with types; str;
- description = ''
- The endpoint IP to target
- '';
- };
- endpointPort = mkOption {
- default = 51820;
- type = with types; int;
- description = ''
- The endpoint Port to target
- '';
- };
- endpointPublicKey = mkOption {
- type = with types; str;
- description = ''
- The peer (server) public key
- '';
- };
- };
- };
- config = mkIf cfg.enable {
- boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
- environment.systemPackages = [ pkgs.wireguard ];
- networking.firewall.trustedInterfaces = [ "wg0" ];
- networking.wireguard.enable = true;
- networking.wireguard.interfaces = {
- wg0 = {
- ips = cfg.ips;
- privateKeyFile = "/etc/nixos/wireguard.private.key";
- peers = [
- {
- publicKey = cfg.endpointPublicKey;
- allowedIPs = cfg.allowedIPs;
- endpoint = "${cfg.endpoint}:${toString cfg.endpointPort}";
- persistentKeepalive = 25;
- }
- ];
- };
- };
- };
-}
tmp/nixos-configuration/modules/virtualisation/buildkit.nix
@@ -1,105 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
- cfg = config.virtualisation.buildkitd;
-
-in
-{
- ###### interface
-
- options.virtualisation.buildkitd = {
- enable =
- mkOption {
- type = types.bool;
- default = false;
- description =
- ''
- This option enables buildkitd
- '';
- };
-
- listenOptions =
- mkOption {
- type = types.listOf types.str;
- default = ["/run/buildkitd/buildkitd.sock"];
- description =
- ''
- A list of unix and tcp buildkitd should listen to. The format follows
- ListenStream as described in systemd.socket(5).
- '';
- };
-
-
-
- package = mkOption {
- default = pkgs.buildkitd;
- type = types.package;
- example = pkgs.buildkitd;
- description = ''
- Buildkitd package to be used in the module
- '';
- };
-
- packages = mkOption {
- type = types.listOf types.package;
- default = [ pkgs.runc pkgs.git ];
- description = "List of packages to be added to buildkitd service path";
- };
-
- extraOptions =
- mkOption {
- type = types.separatedString " ";
- default = "";
- description =
- ''
- The extra command-line options to pass to
- <command>buildkitd</command> daemon.
- '';
- };
- };
-
- ###### implementation
-
- config = mkIf cfg.enable {
- users.groups = [
- { name = "buildkit";
- gid = 350;
- }
- ];
- environment.systemPackages = [ cfg.package];
- systemd.packages = [ cfg.package ];
-
- systemd.services.buildkitd = {
- wants = [ "containerd.service" ];
- after = [ "containerd.service" ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- ExecStart = [
- ""
- ''
- ${cfg.package}/bin/buildkitd \
- ${cfg.extraOptions}
- ''];
- };
- path = [cfg.package] ++ cfg.packages;
- };
-
-
- systemd.sockets.buildkitd = {
- description = "Buildkitd Socket for the API";
- wantedBy = [ "sockets.target" ];
- socketConfig = {
- ListenStream = cfg.listenOptions;
- SocketMode = "0660";
- SocketUser = "root";
- SocketGroup = "buildkit";
- };
- };
-
- };
-
-
-}
tmp/nixos-configuration/modules/virtualisation/containerd.nix
@@ -1,100 +0,0 @@
-# Systemd services for containerd.
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
- cfg = config.virtualisation.containerd;
-
-in
-
-{
- ###### interface
-
- options.virtualisation.containerd = {
- enable =
- mkOption {
- type = types.bool;
- default = false;
- description =
- ''
- This option enables containerd, a daemon that manages
- linux containers.
- '';
- };
-
- listenOptions =
- mkOption {
- type = types.listOf types.str;
- default = ["/run/containerd/containerd.sock"];
- description =
- ''
- A list of unix and tcp containerd should listen to. The format follows
- ListenStream as described in systemd.socket(5).
- '';
- };
-
- package = mkOption {
- default = pkgs.containerd;
- type = types.package;
- example = pkgs.containerd;
- description = ''
- Containerd package to be used in the module
- '';
- };
-
- packages = mkOption {
- type = types.listOf types.package;
- default = [ pkgs.runc ];
- description = "List of packages to be added to containerd service path";
- };
-
- extraOptions =
- mkOption {
- type = types.separatedString " ";
- default = "";
- description =
- ''
- The extra command-line options to pass to
- <command>containerd</command> daemon.
- '';
- };
- };
-
- ###### implementation
-
- config = mkIf cfg.enable {
- environment.systemPackages = [ cfg.package];
- systemd.packages = [ cfg.package];
-
- systemd.services.containerd = {
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- ExecStart = [
- ""
- ''
- ${cfg.package}/bin/containerd \
- ${cfg.extraOptions}
- ''];
- };
- path = [cfg.package] ++ cfg.packages;
- };
-
-
- systemd.sockets.containerd = {
- description = "Containerd Socket for the API";
- wantedBy = [ "sockets.target" ];
- socketConfig = {
- ListenStream = cfg.listenOptions;
- SocketMode = "0660";
- SocketUser = "root";
- SocketGroup = "root";
- };
- };
-
- };
-
-
-}
tmp/nixos-configuration/modules/module-list.nix
@@ -1,41 +0,0 @@
-{ pkgs, lib, ... }:
-
-{
- imports = [
- ./hardware/sane-extra-config.nix
- ./profiles/avahi.nix
- ./profiles/base.nix
- ./profiles/buildkit.nix
- ./profiles/fish.nix
- ./profiles/containerd.nix
- ./profiles/desktop.nix
- ./profiles/dev.nix
- ./profiles/docker.nix
- ./profiles/gaming.nix
- ./profiles/git.nix
- ./profiles/i18n.nix
- ./profiles/ipfs.nix
- ./profiles/laptop.nix
- ./profiles/mail.nix
- ./profiles/nix-config.nix
- ./profiles/nix-auto-update.nix
- ./profiles/printing.nix
- ./profiles/pulseaudio.nix
- ./profiles/qemu.nix
- ./profiles/scanning.nix
- ./profiles/ssh.nix
- ./profiles/syncthing.nix
- ./profiles/users.nix
- ./profiles/virtualization.nix
- ./profiles/wireguard.server.nix
- ./profiles/yubikey.nix
- ./profiles/zsh.nix
- ./programs/podman.nix
- ./services/athens.nix
- ./services/govanityurl.nix
- ./services/nix-binary-cache.nix
- ./services/wireguard.client.nix
- ./virtualisation/buildkit.nix
- ./virtualisation/containerd.nix
- ];
-}
tmp/nixos-configuration/overlays/qemu/qemu/default.nix
@@ -1,43 +0,0 @@
-{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison,
-makeStaticLibraries, glibc, qemu, fetchFromGitHub }:
-
-let
- env2 = makeStaticLibraries stdenv;
- myglib = (glib.override { stdenv = env2; }).overrideAttrs (drv: {
- mesonFlags = (drv.mesonFlags or []) ++ [ "--default-library both" ];
- });
- riscv_src = fetchFromGitHub {
- owner = "riscv";
- repo = "riscv-qemu";
- rev = "7d2d2add16aff0304ab0c279152548dbd04a2138"; # riscv-all
- sha256 = "16an7ifi2ifzqnlz0218rmbxq9vid434j98g14141qvlcl7gzsy2";
- };
- is_riscv = (user_arch == "riscv32") || (user_arch == "riscv64");
- arch_map = {
- arm = "i386";
- aarch64 = "x86_64";
- riscv64 = "x86_64";
- x86_64 = "x86_64";
- };
-in
-stdenv.mkDerivation rec {
- name = "qemu-user-${user_arch}-${version}";
- version = "3.1.0";
- src = if is_riscv then riscv_src else qemu.src;
- buildInputs = [ python pkgconfig zlib.static myglib flex bison glibc.static ];
- patches = [ ./qemu-stack.patch ];
- configureFlags = [
- "--enable-linux-user" "--target-list=${user_arch}-linux-user"
- "--disable-bsd-user" "--disable-system" "--disable-vnc"
- "--disable-curses" "--disable-sdl" "--disable-vde"
- "--disable-bluez" "--disable-kvm"
- "--static"
- "--disable-tools"
- "--cpu=${arch_map.${user_arch}}"
- ];
- NIX_LDFLAGS = [ "-lglib-2.0" ];
- enableParallelBuilding = true;
- postInstall = ''
- cc -static ${./qemu-wrap.c} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap
- '';
-}
tmp/nixos-configuration/overlays/qemu/qemu/qemu-stack.patch
@@ -1,11 +0,0 @@
---- a/linux-user/elfload.c 2016-09-02 12:34:22.000000000 -0300
-+++ b/linux-user/elfload.c 2017-07-09 18:44:22.420244038 -0300
-@@ -1419,7 +1419,7 @@
- * dependent on stack size, but guarantee at least 32 pages for
- * backwards compatibility.
- */
--#define STACK_LOWER_LIMIT (32 * TARGET_PAGE_SIZE)
-+#define STACK_LOWER_LIMIT (128 * TARGET_PAGE_SIZE)
-
- static abi_ulong setup_arg_pages(struct linux_binprm *bprm,
- struct image_info *info)
tmp/nixos-configuration/overlays/qemu/qemu/qemu-wrap.c
@@ -1,58 +0,0 @@
-#include <alloca.h>
-#include <malloc.h>
-#include <errno.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <libgen.h>
-
-#if !defined(QEMU_ARM_BIN)
- #define QEMU_ARM_BIN "qemu-arm"
-#endif
-
-const char * qemu_arm_bin = QEMU_ARM_BIN;
-
-// This program takes arguments according to the behavior of binfmt_misc with
-// the preserve-argv[0] flag set.
-//
-// The first value in argv is the name of this executable, uninteresting.
-// The second value is the full path of the executable to run with the
-// alternate interpreter.
-// The third value is the name that executable was called with.
-//
-// This program passes the third value in to qemu-arm after the -0 flag.
-int main(int argc, char const* argv[]) {
- // Abort if we don't have sufficient arguments
- if(argc < 3){
- fprintf( stderr, "qemu-arm wrapper called with too few arguments.\nEnsure that the 'P' flag is set in binfmt_misc.\n");
- return -1;
- }
-
- char *qemu;
- asprintf(&qemu, "%s/%s", dirname(argv[0]), qemu_arm_bin);
-
- // Allocate the new argc array to pass to qemu-arm
- const int new_argc = argc + 1;
- char** const new_argv = alloca((new_argc + 1) * sizeof(void *));
-
- // Fill this new array
- new_argv[0] = qemu;
- new_argv[1] = strdup("-0");
- new_argv[2] = strdup(argv[2]);
- new_argv[3] = strdup(argv[1]);
- for(int i = 4; i < new_argc; ++i){
- new_argv[i] = strdup(argv[i-1]);
- }
- new_argv[new_argc] = NULL;
-
- // Run qemu with the new arguments
- execvp(new_argv[0], new_argv);
- const int ret = errno;
-
- // Clean up, haha C
- for(int i = 0; i < new_argc; ++i){
- free(new_argv[i]);
- }
-
- return ret;
-};
tmp/nixos-configuration/overlays/qemu/default.nix
@@ -1,11 +0,0 @@
-self: super:
-
-{
- qemu-user-arm = if self.stdenv.system == "x86_64-linux"
- then self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; }
- else self.callPackage ./qemu { user_arch = "arm"; };
- qemu-user-x86 = self.callPackage ./qemu { user_arch = "x86_64"; };
- qemu-user-arm64 = self.callPackage ./qemu { user_arch = "aarch64"; };
- qemu-user-riscv32 = self.callPackage ./qemu { user_arch = "riscv32"; };
- qemu-user-riscv64 = self.callPackage ./qemu { user_arch = "riscv64"; };
-}
tmp/nixos-configuration/overlays/sbr.overlay.nix
@@ -1,8 +0,0 @@
-self: super: {
- vrsync = import ../pkgs/vrsync {
- inherit (self) stdenv lib;
- };
- vde-thinkpad = import ../pkgs/vde-thinkpad {
- inherit (self) stdenv lib;
- };
-}
tmp/nixos-configuration/overlays/unstable.overlay.nix
@@ -1,9 +0,0 @@
-_: _: let
- unstableTarball = fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz;
- unstable = import unstableTarball { overlays = []; };
-in {
- inherit (unstable)
- # cachix
- #git
- ;
-}
tmp/nixos-configuration/pkgs/vde-thinkpad/default.nix
@@ -1,14 +0,0 @@
-{ stdenv, lib }:
-
-stdenv.mkDerivation rec {
- name = "vde-thinkpad";
- src = ./.;
-
- phases = [ "install" ];
-
- install = ''
- mkdir -p $out/bin
- cp $src/dock $out/bin
- chmod +x $out/bin/dock
- '';
-}
tmp/nixos-configuration/pkgs/vde-thinkpad/dock
@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-export DISPLAY=":0.0"
-export XAUTHORITY=/home/vincent/.Xauthority
-xmessage dock
tmp/nixos-configuration/pkgs/vrsync/default.nix
@@ -1,14 +0,0 @@
-{ stdenv, lib }:
-
-stdenv.mkDerivation rec {
- name = "vrsync";
- src = ./.;
-
- phases = [ "install" ];
-
- install = ''
- mkdir -p $out/bin
- cp $src/vrsync $out/bin
- chmod +x $out/bin/vrsync
- '';
-}
tmp/nixos-configuration/pkgs/vrsync/foo
@@ -1,1 +0,0 @@
-/home/vincent/desktop/documents/ vincent@synodine.local:/volume1/documents/
\ No newline at end of file
tmp/nixos-configuration/pkgs/vrsync/vrsync
@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-# Look for /etc/vrsync.conf
-# For each line run rsync with on source:target
-# and some specials cases
-CONF=${CONF:-/etc/vrsync}
-
-cmd="rsync -ave ssh --progress --size-only --delete --exclude='*~' --exclude=.stfolder"
-test -e $CONF || {
- echo "$CONF does not exists, bailing…"
- exit 1
-}
-
-while IFS='' read -r line || [[ -n "$line" ]]; do
- $cmd $line $@
-done < "$CONF"
tmp/nixos-configuration/pkgs/default.nix
@@ -1,13 +0,0 @@
-{ system ? builtins.currentSystem }:
-
-let
- pkgs = import <nixpkgs> { inherit system; };
-in
-rec {
- vrsync = import ./vrsync {
- inherit (pkgs) stdenv lib;
- };
- vde-thinkpad = import ./vde-thinkpad {
- inherit (pkgs) stdenv lib;
- };
-}
tmp/nixos-configuration/.dir-locals.el
@@ -1,7 +0,0 @@
-;;; Directory Local Variables
-;;; For more information see (info "(emacs) Directory Variables")
-
-((nil (eval . (setq projectile-project-compilation-cmd "nixos-rebuild dry-build"
- projectile-project-run-cmd "nixos-rebuild switch")))
- (nix-mode
- (tab-width . 2)))
tmp/nixos-configuration/.gitignore
@@ -1,11 +0,0 @@
-hardware-configuration.nix
-result
-result-bin
-.tramp*
-*~
-hostname
-accounts.nix
-assets/*
-networking.nix
-wireguard*.key
-.envrc
tmp/nixos-configuration/.gitmodules
@@ -1,3 +0,0 @@
-[submodule "pkgs/nix-beautify"]
- path = pkgs/nix-beautify
- url = git@github.com:vdemeester/nix-beautify
tmp/nixos-configuration/configuration.nix
@@ -1,20 +0,0 @@
-# This configuration file simply determines the hostname and then import both
-# the default configuration (common for all machine) and specific machine
-# configuration.
-
-{ config, pkgs, ... }:
-let
- hostName = "${builtins.readFile ./hostname}";
-in
-rec {
- imports = [
- # Generated hardware configuration
- ./hardware-configuration.nix
- # Default profile with default configuration
- ./modules/module-list.nix
- # Machine specific configuration files
- (./machine + "/${hostName}.nix")
- ];
-
- networking.hostName = "${hostName}";
-}
tmp/nixos-configuration/Makefile
@@ -1,22 +0,0 @@
-all: dry-build
-
-.PHONY: assets
-assets:
- mkdir -p assets
- cp -Rv /home/vincent/sync/nixos/* assets/
-
-.PHONY: update
-update:
- nix-channel --update
-
-.PHONY: dry-build
-dry-build: assets
- nixos-rebuild dry-build
-
-.PHONY: switch
-switch: assets
- nixos-rebuild switch
-
-.PHONY: clean
-clean:
- nix-env --profile /nix/var/nix/profiles/system --delete-generations 15d
tmp/nixos-configuration/README.md
@@ -1,20 +0,0 @@
-# Nixos configuration 🐸
-
-This is my nixos configuration, commonly used on all my
-nixos-enabled computers.
-
-## How to use 🐻
-
-## NixOS
-
-When installing nixos:
-
-- clone this repository in `/etc/nixos`
-- create a `hostname` with the hostname you want (`echo wakasu > /etc/nixos/hostname`)
-- create a `machine/${hostname}.nix` file with the thing you want (look at other ones)
-- run `nixos-generate-configuration` to have the
- `hardware-configuration.nix` generated.
-
-## On other operating system/distributions
-
-Use [vdemeester/home](https://github.com/vdemeester/home) instead.