aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests1 Projects Releases Packages Wiki Activity Actions

Things

Browse source 
- `wireguard` for `hs`
- gnome keyring for VSCode to make Copilot work
- uninstalled local `Hydra` on `pc`
- VSCode -> VSCodeFHS
- Emacs
  - typescript
  - solidity
  - envrc mode
This commit is contained in:
Andrea Ciceri 2022-06-26 12:35:43 +02:00
parent 3668e2d3d0
commit 816bd8fe6f
No known key found for this signature in database
GPG key ID: A1FC89532D1C5654
132 changed files with 1410 additions and 3682 deletions

18
hosts/bootstrap.nix
View file

@ -1,18 +0,0 @@
{ profiles, ... }:
{
# build with: `bud build bootstrap bootstrapIso`
# reachable on the local link via ssh root@fe80::47%eno1
# where 'eno1' is replaced by your own machine's network
# interface that has the local link to the target machine
imports = [
# profiles.networking
profiles.core
profiles.users.root # make sure to configure ssh keys
profiles.users.ccr
];
boot.loader.systemd-boot.enable = true;
# will be overridden by the bootstrapIso instrumentation
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; };
}

334
hosts/hs/configuration.nix
View file

@ -1,334 +0,0 @@
{ config, lib, pkgs, profiles, ... }:
{
imports = with profiles; [ sshd ];
boot = {
initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
loader.grub = pkgs.lib.mkForce {
enable = true;
version = 2;
device = "/dev/disk/by-id/ata-OCZ-VERTEX_TMHAK8OARSURAIF6N1A5";
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
};
"/mnt/archivio" = {
device = "/dev/disk/by-label/archivio";
fsType = "ext4";
};
"/mnt/film" = {
device = "/dev/disk/by-label/film";
fsType = "ext4";
};
};
swapDevices =
[{ device = "/dev/disk/by-label/swap"; }];
systemd.services.standby-sdb = {
description = "Set spindown time (sleep) for /dev/sdb ";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.hdparm}/bin/hdparm -B 127 -S 241 /dev/sdb";
};
};
systemd.services.standby-sdc = {
description = "Set spindown time (sleep) for /dev/sdc ";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.hdparm}/bin/hdparm -B 127 -S 241 /dev/sdc";
};
};
systemd.services.amuled.serviceConfig.Restart = pkgs.lib.mkForce "always";
users.users.amule = {
isNormalUser = false;
isSystemUser = true;
group = "amule";
};
users.groups."amule" = { };
services = {
samba-wsdd = {
enable = true;
workgroup = "WORKGROUP";
hostname = "nas";
discovery = true;
};
samba = {
enable = true;
securityType = "user";
extraConfig = ''
workgroup = WORKGROUP
server string = nas
netbios name = nas
security = user
map to guest = bad user
vfs objects = recycle
recycle:repository = .recycle
recycle:keeptree = yes
recycle:versions = yes
'';
shares = {
archivio = {
path = "/mnt/archivio/archivio";
comment = "archivio";
"force user" = "ccr";
browseable = "yes";
writeable = "yes";
"guest ok" = "yes";
"read only" = "no";
};
film = {
path = "/mnt/film/film";
comment = "film";
"force user" = "ccr";
browseable = "yes";
writeable = "yes";
"guest ok" = "yes";
"read only" = "no";
};
transmission = {
path = "/mnt/archivio/transmission";
comment = "transmission";
"force user" = "transmission";
browseable = "yes";
writeable = "yes";
"guest ok" = "yes";
"read only" = "no";
};
amule = {
path = "/mnt/archivio/amule";
comment = "amule";
"force user" = "ccr";
browseable = "yes";
writeable = "yes";
"guest ok" = "yes";
"read only" = "no";
};
musica = {
path = "/mnt/film/musica";
comment = "music";
"force user" = "ccr";
browseable = "yes";
writeable = "no";
"guest ok" = "yes";
"read only" = "no";
};
};
};
transmission = {
enable = true;
# the following json is merged to this attrset, it must have `rpc-username` and `rpc-password`
credentialsFile = "/mnt/archivio/transmission/credentials.json";
settings = {
download-dir = "/mnt/archivio/transmission/";
incomplete-dir = "/mnt/archivio/transmission/.incomplete";
incomplete-dir-enabled = true;
rpc-port = 9091;
rpc-whitelist-enabled = false;
rpc-host-whitelist-enabled = false;
rpc-authentication-required = true;
};
};
amule = {
dataDir = "/mnt/archivio/amule";
enable = true;
user = "amule";
};
calibre-web = {
enable = true;
listen = {
ip = "0.0.0.0";
port = 9092;
};
options.calibreLibrary = "/mnt/archivio/calibre/";
openFirewall = true;
};
syncthing = {
enable = true;
guiAddress = "0.0.0.0:8384";
dataDir = "/mnt/archivio/syncthing";
user = "ccr";
overrideDevices = false;
overrideFolders = false;
folders = {
"/mnt/archivio/syncthing/camera" = {
id = "camera";
};
"/mnt/archivio/syncthing/orgzly" = {
id = "orgzly";
};
"/mnt/archivio/syncthing/roam" = {
id = "roam";
};
"/mnt/archivio/syncthing/whatsapp" = {
id = "whatsapp";
};
"/mnt/archivio/syncthing/calls" = {
id = "calls";
};
};
};
navidrome = {
enable = false;
settings = {
Address = "0.0.0.0";
Port = 9093;
MusicFolder = "/mnt/film/musica";
DataFolder = "/mnt/film/musica/.navidrome";
};
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "10G"; # max file size for uploads
commonHttpConfig = ''
log_format upstream_time '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"'
'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
'';
virtualHosts = {
"torrent.ccr.ydns.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:9091";
};
};
"sync.ccr.ydns.eu" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://localhost:8384";
};
};
"books.ccr.ydns.eu" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://localhost:9092";
};
};
"music.ccr.ydns.eu" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://localhost:9093";
};
};
"gate.ccr.ydns.eu" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://192.168.1.71:80";
};
};
"cam.ccr.ydns.eu" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://192.168.1.80:80";
};
};
};
};
};
systemd.services.ydns =
let
ydnsUpdater = pkgs.writeScriptBin "ydnsUpdater" ''
#!${pkgs.stdenv.shell}
USER="andrea.ciceri@autistici.org"
PASSWORD=$(cat /home/ccr/.ydns-password)
DOMAIN="ccr.ydns.eu"
for SUBDOMAIN in "books" "music" "sync" "torrent" "gate" "cam"
do
HOST="$SUBDOMAIN.$DOMAIN"
${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$HOST
done
${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$DOMAIN
'';
in
{
description = "YDNS IP updater";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = "ccr";
Type = "oneshot";
ExecStart = "${ydnsUpdater}/bin/ydnsUpdater";
};
};
systemd.timers.ydnsUpdater = {
wantedBy = [ "timers.target" ];
partOf = [ "ydnsUpdater.service" ];
timerConfig = {
OnCalendar = "*-*-* *:00:00"; # hourly
Unit = "ydnsUpdater.service";
};
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
80 # http
139 # samba
443 # https
445 # samba
4712 # amule
4711 # amule web gui
8384 # syncthing
];
allowedUDPPorts = [
137 # samba
138 # samba
];
};
security.acme = {
acceptTerms = true;
email = "andrea.ciceri@autistici.org";
};
nix = {
gc = {
automatic = true;
options = "--delete-older-than 3d";
};
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

7
hosts/hs/default.nix
View file

@ -1,7 +0,0 @@
{ suites, ... }:
{
imports = [
./configuration.nix
] ++ suites.base;
}

79
hosts/pbp/configuration.nix
View file

@ -1,79 +0,0 @@
{ config, lib, pkgs, profiles, ... }:
{
imports = with profiles; [ mount-nas sshd dbus avahi printing xdg syncthing ];
boot = {
initrd.availableKernelModules = [ "usbhid" ];
extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
hardware = {
opengl.enable = true;
pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
};
bluetooth = {
enable = true;
settings = {
General = {
MultiProfile = "multiple";
ControllerMode = "dual";
AutoConnect = true;
};
Policy = {
AutoEnable = true;
};
};
};
};
services.blueman.enable = true;
networking = {
useDHCP = false;
interfaces.wlan0.useDHCP = true;
networkmanager.enable = true;
};
time.timeZone = "Europe/Rome";
# location = {
# # not using geoclue since it's broken on aarch64
# latitude = "45.4654219";
# longitude = "45.4654219";
# };
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/5aa67d2d-93fd-4e7c-b634-aa8d7b65bbb8";
fsType = "btrfs";
};
"/boot" = {
device = "/dev/disk/by-uuid/C406-2AFC";
fsType = "vfat";
};
};
swapDevices =
[{ device = "/dev/disk/by-uuid/e236d328-496e-4cf8-ba54-857789ca258f"; }];
nix = {
gc = {
automatic = true;
options = "--delete-older-than 3d";
};
};
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
services.logind.extraConfig = ''
HandlePowerKey=ignore
'';
}

6
hosts/pbp/default.nix
View file

@ -1,6 +0,0 @@
{ suites, ... }:
{
imports = [
./configuration.nix
] ++ suites.base;
}

89
hosts/pc/configuration.nix
View file

@ -1,89 +0,0 @@
{ config, lib, pkgs, profiles, ... }:
{
imports = with profiles; [ mount-nas sshd dbus avahi printing xdg docker adb syncthing qmk-udev ];
system.stateVersion = "22.05";
boot = {
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" "snd-aloop" "v4l2loopback" ];
extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
pkgs.v4l2loopback-dc
];
extraModprobeConfig = ''
options v42loopback exclusive_caps=1 max_buffers=2
'';
binfmt.emulatedSystems = [ "aarch64-linux" ];
loader.grub = pkgs.lib.mkForce {
enable = true;
version = 2;
device = "/dev/sda";
};
};
sound.enable = true;
hardware = {
opengl.enable = true;
pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
};
};
fileSystems."/" =
{
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
fileSystems."/home" =
{
device = "/dev/disk/by-label/home";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-label/swap"; }];
nix = {
gc = {
automatic = lib.mkForce false; # Temporarily disabled, TODO: re-enable
options = "--delete-older-than 3d";
};
# package = pkgs.nixFromMaster;
package = pkgs.nix;
extraOptions = lib.mkForce ''
experimental-features = ca-derivations nix-command flakes
keep-outputs = true
keep-derivations = true
'';
};
systemd.services.nix-daemon.serviceConfig = {
LimitNOFILE = lib.mkForce "Infinity"; # 131072; # should help with fds errors due to experimental feature `ca-derivations`
};
networking.firewall = {
enable = true;
allowPing = true;
};
services.hydra = {
enable = true;
hydraURL = "http://localhost:3000"; # externally visible URL
notificationSender = "hydra@localhost"; # e-mail of hydra service
# a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [ ];
# you will probably also want, otherwise *everything* will be built from scratch
useSubstitutes = true;
};
}

7
hosts/pc/default.nix
View file

@ -1,7 +0,0 @@
{ suites, ... }:
{
imports = [
./configuration.nix
] ++ suites.base;
}

151
hosts/thinkpad/default.nix Normal file
View file

@ -0,0 +1,151 @@
{
config,
lib,
pkgs,
fleetModules,
...
}: {
imports = fleetModules [
"common"
"audio"
"ccr"
"exwm"
];
hardware.cpu.intel.updateMicrocode = true;
hardware.enableRedistributableFirmware = true;
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "rpool/system/root";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "rpool/system/nix";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/user/home";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/3cab8a5d-602c-4e3d-b436-c0e5595aeb94";}
];
networking.hostId = "8ef630a9";
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
#networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
#networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
boot.loader.grub = {
enable = true;
copyKernels = true;
efiSupport = true;
devices = ["nodev"];
efiInstallAsRemovable = true;
};
networking.hostName = "thinkpad"; # Define your hostname.
# Pick only one of the below networking options.
#networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
# keyMap = "us";
useXkbConfig = true; # use xkbOptions in tty.
};
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
#Define a user account. Don't forget to set a password with passwd.
#users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# thunderbird
# ];
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
networkmanager
wget
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}