Commit c1c72d48c69e
Changed files (16)
modules
services
virtualisation
machine/carthage.nix
@@ -46,7 +46,7 @@ with import ../assets/machines.nix; {
};
openssh.ports = [ ssh.carthage.port ];
openssh.permitRootLogin = "without-password";
- syncthing-edge.guiAddress = "${wireguard.ips.carthage}:8384";
+ syncthing.guiAddress = "${wireguard.ips.carthage}:8384";
wireguard = {
enable = true;
ips = [ "${wireguard.ips.carthage}/24" ];
machine/hokkaido.nix
@@ -25,7 +25,7 @@ with import ../assets/machines.nix; {
logind = {
lidSwitch = "ignore";
};
- syncthing-edge.guiAddress = "${wireguard.ips.hokkaido}:8384";
+ syncthing.guiAddress = "${wireguard.ips.hokkaido}:8384";
wireguard = {
enable = true;
ips = [ "${wireguard.ips.hokkaido}/24" ];
machine/honshu.nix
@@ -23,7 +23,7 @@ with import ../assets/machines.nix; {
};
services = {
logind.lidSwitch = "ignore";
- syncthing-edge.guiAddress = "${wireguard.ips.honshu}:8384";
+ syncthing.guiAddress = "${wireguard.ips.honshu}:8384";
wireguard = {
enable = true;
ips = [ "${wireguard.ips.honshu}/24" ];
machine/kerkouane.nix
@@ -20,7 +20,7 @@ with import ../assets/machines.nix; {
services = {
openssh.ports = [ ssh.kerkouane.port ];
openssh.permitRootLogin = "without-password";
- syncthing-edge.guiAddress = "${wireguard.ips.kerkouane}:8384";
+ syncthing.guiAddress = "${wireguard.ips.kerkouane}:8384";
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGR4dqXwHwPpYgyk6yl9+9LRL3qrBZp3ZWdyKaTiXp0p vincent@shikoku"
machine/okinawa.nix
@@ -61,7 +61,7 @@ with import ../assets/machines.nix; {
domain = "nix.cache.home";
aliases = ["cache.massimo.home" "nix.okinawa.home"];
};
- syncthing-edge.guiAddress = "${wireguard.ips.okinawa}:8384";
+ syncthing.guiAddress = "${wireguard.ips.okinawa}:8384";
tarsnap = {
enable = true;
archives = {
machine/wakasu.nix
@@ -37,12 +37,11 @@ with import ../assets/machines.nix; {
};
profiles = {
dev.enable = true;
- docker.enable = true;
laptop.enable = true;
desktop.networkmanager = false;
desktop.autoLogin = true;
nix-config.buildCores = 4;
- qemu-user = { arm = true; aarch64 = true; };
+ #qemu-user = { arm = true; aarch64 = true; };
ssh = {
enable = true;
forwardX11 = true;
@@ -63,7 +62,7 @@ with import ../assets/machines.nix; {
HandleLidSwitchExternalPower=ignore
HandleLidSwitchDocked=ignore
'';
- syncthing-edge.guiAddress = "${wireguard.ips.wakasu}:8384";
+ syncthing.guiAddress = "${wireguard.ips.wakasu}:8384";
smartd = {
enable = true;
devices = [ { device = "/dev/nvme0n1"; } ];
modules/profiles/desktop.nix
@@ -84,7 +84,8 @@ in
};
programs.dconf.enable = true;
-
+ xdg.portal.enable = cfg.flatpak;
+
services = {
flatpak.enable = cfg.flatpak;
dbus.packages = [ pkgs.gnome3.dconf ];
modules/profiles/docker.nix
@@ -27,7 +27,7 @@ in
config = mkIf cfg.enable {
profiles.containerd.enable = true;
virtualisation = {
- mydocker = {
+ docker = {
enable = true;
package = cfg.package;
liveRestore = false;
modules/profiles/nix-auto-update.nix
@@ -23,7 +23,7 @@ in
type = types.str;
};
version = mkOption {
- default = "19.03";
+ default = "19.09";
description = "System version (NixOS)";
type = types.str;
};
modules/profiles/qemu.nix
@@ -35,7 +35,7 @@ in {
nixpkgs = {
overlays = [ (import ../../overlays/qemu/default.nix) ];
};
- boot.binfmtMiscRegistrations =
+ boot.binfmt.registrations =
optionalAttrs cfg.arm { inherit arm; } //
optionalAttrs cfg.aarch64 { inherit aarch64; } //
optionalAttrs cfg.riscv64 { inherit riscv64; };
modules/profiles/syncthing.nix
@@ -15,7 +15,7 @@ in
};
};
config = mkIf cfg.enable {
- services.syncthing-edge = {
+ services.syncthing = {
enable = true;
user = "vincent";
dataDir = "/home/vincent/.syncthing";
modules/profiles/virtualization.nix
@@ -32,6 +32,7 @@ in
environment.systemPackages = with pkgs; [
qemu
vde2
+ libosinfo
];
}
(mkIf cfg.nested {
modules/services/coredns.nix
@@ -1,122 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.coredns;
- names = builtins.attrNames cfg.names;
-
- invert-suffix = ip:
- let
- elts = builtins.split "[\.]" ip;
- in "${builtins.elemAt elts 6}.${builtins.elemAt elts 4}";
-
- toNSFile = mapAttrs' (name: value: nameValuePair ("coredns/db.${name}") { text = toNS name value.entries; });
- toReverseNSFile = mapAttrs' (name: value: nameValuePair ("coredns/db.${value.reverse}") { text = toReverseNS name value.entries; });
- toCorefile = names: {"coredns/Corefile"= {text = ''
-.:53 {
-
- ${concatStrings (kToFile names)}
-
- proxy . 8.8.8.8
- log stdout
- errors
-}
- '';
- };
- };
-
- kToNS = nsName: mapAttrsToList (name: value:
- "${name}.${nsName}. IN A ${value}\n"
- );
- kToReverseNS = nsName: mapAttrsToList(name: value:
- if hasPrefix "*" name
- then
- "" # no "reverse" for wildcard domain
- else
- "${invert-suffix value} IN PTR ${name}.${nsName}.\n"
- );
-
- kToFile = names: mapAttrsToList (n: v: "${v}") (mapAttrs (name: value: ''
- file /etc/coredns/db.${name} ${name}
- file /etc/coredns/db.${value.reverse} ${value.reverse}.in-addr.arpa
-'') names);
-
- toNS = (name: ns: ''
-$TTL 604800
-@ IN SOA ns1.${name}. admin.${name}. (
- 3 ; Serial
- 604800 ; Refresh
- 86400 ; Retry
- 2419200 ; Expire
- 604800 ) ; Negative Cache TTL
-
-; name servers - NS records
-@ IN NS ns1
-@ IN NS ns2
-
-${concatStrings (kToNS name ns)}
- '');
- toReverseNS = (name: ns: ''
-$TTL 604800
-@ IN SOA ns1.${name}. admin.${name}. (
- 3 ; Serial
- 604800 ; Refresh
- 86400 ; Retry
- 2419200 ; Expire
- 604800 ) ; Negative Cache TTL
-
-; name servers - NS records
-@ IN NS ns1.${name}.
-@ IN NS ns2.${name}.
-
-${concatStrings (kToReverseNS name ns)}
-'');
-in
-{
- options = {
- services.coredns = {
- enable = mkEnableOption ''
- CoreDNS is a DNS server implemented in Go
- '';
- package = mkOption {
- type = types.package;
- default = pkgs.coredns;
- description = ''
- CoreDNS package to use.
- '';
- };
- names = mkOption {
- type = types.attrs;
- default = {};
- example = { "foo" = { reverse = "1.1"; entries = { "bar" = "1.1.1.1"; }; }; };
- description = ''
- Names to setup in coredns
- '';
- };
- };
- };
- config = mkIf cfg.enable {
- networking.firewall = {
- allowedUDPPorts = [ 53 ];
- allowedTCPPorts = [ 53 ];
- };
- systemd.packages = [ cfg.package ];
-
- environment.etc = toNSFile cfg.names
- // toReverseNSFile cfg.names
- // toCorefile cfg.names;
-
- systemd.services.coredns = {
- description = "CoreDNS service";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- Restart = "on-failure";
- ExecStart = ''
- ${cfg.package}/bin/coredns -conf /etc/coredns/Corefile
- '';
- };
- path = [ cfg.package ];
- };
- };
-}
modules/services/syncthing.nix
@@ -1,169 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
- cfg = config.services.syncthing-edge;
- defaultUser = "syncthing";
-in {
- ###### interface
- options = {
- services.syncthing-edge = {
-
- enable = mkEnableOption ''
- Syncthing - the self-hosted open-source alternative
- to Dropbox and Bittorrent Sync. Initial interface will be
- available on http://127.0.0.1:8384/.
- '';
-
- guiAddress = mkOption {
- type = types.str;
- default = "127.0.0.1:8384";
- description = ''
- Address to serve the GUI.
- '';
- };
-
- systemService = mkOption {
- type = types.bool;
- default = true;
- description = "Auto launch Syncthing as a system service.";
- };
-
- user = mkOption {
- type = types.str;
- default = defaultUser;
- description = ''
- Syncthing will be run under this user (user will be created if it doesn't exist.
- This can be your user name).
- '';
- };
-
- group = mkOption {
- type = types.str;
- default = "nogroup";
- description = ''
- Syncthing will be run under this group (group will not be created if it doesn't exist.
- This can be your user name).
- '';
- };
-
- all_proxy = mkOption {
- type = with types; nullOr str;
- default = null;
- example = "socks5://address.com:1234";
- description = ''
- Overwrites all_proxy environment variable for the syncthing process to
- the given value. This is normaly used to let relay client connect
- through SOCKS5 proxy server.
- '';
- };
-
- dataDir = mkOption {
- type = types.path;
- default = "/var/lib/syncthing";
- description = ''
- Path where synced directories will exist.
- '';
- };
-
- configDir = mkOption {
- type = types.path;
- description = ''
- Path where the settings and keys will exist.
- '';
- default =
- let
- nixos = config.system.stateVersion;
- cond = versionAtLeast nixos "19.03";
- in cfg.dataDir + (optionalString cond "/.config/syncthing");
- };
-
- openDefaultPorts = mkOption {
- type = types.bool;
- default = false;
- example = literalExample "true";
- description = ''
- Open the default ports in the firewall:
- - TCP 22000 for transfers
- - UDP 21027 for discovery
- If multiple users are running syncthing on this machine, you will need to manually open a set of ports for each instance and leave this disabled.
- Alternatively, if are running only a single instance on this machine using the default ports, enable this.
- '';
- };
-
- package = mkOption {
- type = types.package;
- default = pkgs.syncthing;
- defaultText = "pkgs.syncthing";
- example = literalExample "pkgs.syncthing";
- description = ''
- Syncthing package to use.
- '';
- };
- };
- };
-
- imports = [
- (mkRemovedOptionModule ["services" "syncthing" "useInotify"] ''
- This option was removed because syncthing now has the inotify functionality included under the name "fswatcher".
- It can be enabled on a per-folder basis through the webinterface.
- '')
- ];
-
- ###### implementation
-
- config = mkIf cfg.enable {
-
- networking.firewall = mkIf cfg.openDefaultPorts {
- allowedTCPPorts = [ 22000 ];
- allowedUDPPorts = [ 21027 ];
- };
-
- systemd.packages = [ cfg.package ];
-
- users = mkIf (cfg.user == defaultUser) {
- users."${defaultUser}" =
- { group = cfg.group;
- home = cfg.dataDir;
- createHome = true;
- uid = config.ids.uids.syncthing;
- description = "Syncthing daemon user";
- };
-
- groups."${defaultUser}".gid =
- config.ids.gids.syncthing;
- };
-
- systemd.services = {
- syncthing = mkIf cfg.systemService {
- description = "Syncthing service";
- after = [ "network.target" ];
- environment = {
- STNORESTART = "yes";
- STNOUPGRADE = "yes";
- inherit (cfg) all_proxy;
- } // config.networking.proxy.envVars;
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- Restart = "on-failure";
- SuccessExitStatus = "2 3 4";
- RestartForceExitStatus="3 4";
- User = cfg.user;
- Group = cfg.group;
- PermissionsStartOnly = true;
- ExecStart = ''
- ${cfg.package}/bin/syncthing \
- -no-browser \
- -gui-address=${cfg.guiAddress} \
- -home=${cfg.configDir}
- '';
- };
- };
-
- syncthing-resume = {
- wantedBy = [ "suspend.target" ];
- };
- };
- };
-}
modules/virtualisation/docker.nix
@@ -1,213 +0,0 @@
-# Systemd services for docker.
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
- cfg = config.virtualisation.mydocker;
- proxy_env = config.networking.proxy.envVars;
-
-in
-
-{
- ###### interface
-
- options.virtualisation.mydocker = {
- enable =
- mkOption {
- type = types.bool;
- default = false;
- description =
- ''
- This option enables docker, a daemon that manages
- linux containers. Users in the "docker" group can interact with
- the daemon (e.g. to start or stop containers) using the
- <command>docker</command> command line tool.
- '';
- };
-
- listenOptions =
- mkOption {
- type = types.listOf types.str;
- default = ["/var/run/docker.sock"];
- description =
- ''
- A list of unix and tcp docker should listen to. The format follows
- ListenStream as described in systemd.socket(5).
- '';
- };
-
- enableOnBoot =
- mkOption {
- type = types.bool;
- default = true;
- description =
- ''
- When enabled dockerd is started on boot. This is required for
- container, which are created with the
- <literal>--restart=always</literal> flag, to work. If this option is
- disabled, docker might be started on demand by socket activation.
- '';
- };
-
- liveRestore =
- mkOption {
- type = types.bool;
- default = true;
- description =
- ''
- Allow dockerd to be restarted without affecting running container.
- This option is incompatible with docker swarm.
- '';
- };
-
- storageDriver =
- mkOption {
- type = types.nullOr (types.enum ["aufs" "btrfs" "devicemapper" "overlay" "overlay2" "zfs"]);
- default = null;
- description =
- ''
- This option determines which Docker storage driver to use. By default
- it let's docker automatically choose preferred storage driver.
- '';
- };
-
- logDriver =
- mkOption {
- type = types.enum ["none" "json-file" "syslog" "journald" "gelf" "fluentd" "awslogs" "splunk" "etwlogs" "gcplogs"];
- default = "journald";
- description =
- ''
- This option determines which Docker log driver to use.
- '';
- };
-
- extraOptions =
- mkOption {
- type = types.separatedString " ";
- default = "";
- description =
- ''
- The extra command-line options to pass to
- <command>docker</command> daemon.
- '';
- };
-
- autoPrune = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to periodically prune Docker resources. If enabled, a
- systemd timer will run <literal>docker system prune -f</literal>
- as specified by the <literal>dates</literal> option.
- '';
- };
-
- flags = mkOption {
- type = types.listOf types.str;
- default = [];
- example = [ "--all" ];
- description = ''
- Any additional flags passed to <command>docker system prune</command>.
- '';
- };
-
- dates = mkOption {
- default = "weekly";
- type = types.str;
- description = ''
- Specification (in the format described by
- <citerefentry><refentrytitle>systemd.time</refentrytitle>
- <manvolnum>7</manvolnum></citerefentry>) of the time at
- which the prune will occur.
- '';
- };
- };
-
- package = mkOption {
- default = pkgs.docker;
- type = types.package;
- example = pkgs.docker-edge;
- description = ''
- Docker package to be used in the module.
- '';
- };
-
- packages = mkOption {
- default = [ pkgs.git ];
- type = types.listOf types.package;
- example = [ pkgs.git ];
- description = ''
- Additional packages to be used in the module
- '';
- };
- };
-
- ###### implementation
-
- config = mkIf cfg.enable (mkMerge [{
- environment.systemPackages = [ cfg.package ];
- users.groups.docker.gid = config.ids.gids.docker;
- systemd.packages = [ cfg.package ];
-
- systemd.services.docker = {
- wantedBy = optional cfg.enableOnBoot "multi-user.target";
- environment = proxy_env;
- serviceConfig = {
- ExecStart = [
- ""
- ''
- ${cfg.package}/bin/dockerd \
- --group=docker \
- --host=fd:// \
- --log-driver=${cfg.logDriver} \
- ${optionalString (cfg.storageDriver != null) "--storage-driver=${cfg.storageDriver}"} \
- ${optionalString cfg.liveRestore "--live-restore" } \
- ${cfg.extraOptions}
- ''];
- ExecReload=[
- ""
- "${pkgs.procps}/bin/kill -s HUP $MAINPID"
- ];
- };
-
- path = [ pkgs.kmod ] ++ cfg.packages ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs);
- };
-
- systemd.sockets.docker = {
- description = "Docker Socket for the API";
- wantedBy = [ "sockets.target" ];
- socketConfig = {
- ListenStream = cfg.listenOptions;
- SocketMode = "0660";
- SocketUser = "root";
- SocketGroup = "docker";
- };
- };
-
-
- systemd.services.docker-prune = {
- description = "Prune docker resources";
-
- restartIfChanged = false;
- unitConfig.X-StopOnRemoval = false;
-
- serviceConfig.Type = "oneshot";
-
- script = ''
- ${cfg.package}/bin/docker system prune -f ${toString cfg.autoPrune.flags}
- '';
-
- startAt = optional cfg.autoPrune.enable cfg.autoPrune.dates;
- };
- }
- ]);
-
- imports = [
- (mkRemovedOptionModule ["virtualisation" "docker" "socketActivation"] "This option was removed in favor of starting docker at boot")
- ];
-
-}
modules/module-list.nix
@@ -32,12 +32,9 @@
./profiles/zsh.nix
./programs/podman.nix
./services/athens.nix
- ./services/coredns.nix
./services/nix-binary-cache.nix
- ./services/syncthing.nix
./services/wireguard.client.nix
./virtualisation/buildkit.nix
./virtualisation/containerd.nix
- ./virtualisation/docker.nix
];
}