diff options
| author | makefu <github@syntax-fehler.de> | 2015-08-07 15:50:26 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2015-08-07 15:50:26 +0200 |
| commit | d38809879df79be835de25d0d7531c8c0eb6423a (patch) | |
| tree | ad491ce214d982d9f1ac92ca7fcb9c5636562d01 /makefu | |
| parent | 2499c472a08783d1cc1105c9b4c48b04f8062b5b (diff) | |
| parent | a919ddb3878c59f1306d8d22f46b603aceb90e27 (diff) | |
Merge branch 'tsp-vicious'
Diffstat (limited to 'makefu')
| -rw-r--r-- | makefu/1systems/pnp.nix | 45 | ||||
| -rw-r--r-- | makefu/1systems/tsp.nix | 70 | ||||
| -rw-r--r-- | makefu/2configs/base-gui.nix | 39 | ||||
| -rw-r--r-- | makefu/2configs/base.nix | 26 | ||||
| -rw-r--r-- | makefu/2configs/graphite-standalone.nix | 1 | ||||
| -rw-r--r-- | makefu/2configs/graphite-web.nix | 24 | ||||
| -rw-r--r-- | makefu/2configs/sda-crypto-root.nix | 27 | ||||
| -rw-r--r-- | makefu/2configs/tinc-basic-retiolum.nix | 14 | ||||
| -rw-r--r-- | makefu/2configs/tp-x200.nix | 23 | ||||
| -rw-r--r-- | makefu/2configs/vim.nix | 119 | ||||
| -rw-r--r-- | makefu/2configs/vm-single-partition.nix | 20 |
11 files changed, 274 insertions, 134 deletions
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index a8df522f2..bc4c679b7 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -11,6 +11,8 @@ ../2configs/base.nix ../2configs/cgit-retiolum.nix ../2configs/graphite-standalone.nix + ../2configs/vm-single-partition.nix + ../2configs/tinc-basic-retiolum.nix ]; krebs.build.host = config.krebs.hosts.pnp; krebs.build.user = config.krebs.users.makefu; @@ -21,50 +23,21 @@ url = https://github.com/NixOS/nixpkgs; rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; }; - secrets = { - url = "/home/makefu/secrets/${config.krebs.build.host.name}"; - }; - stockholm = { - url = toString ../..; - }; }; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - hardware.enableAllFirmware = true; - hardware.cpu.amd.updateMicrocode = true; - networking.firewall.allowedTCPPorts = [ # nginx runs on 80 - 80 # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp - 8080 2003 - ]; + 80 + 8080 2003 + ]; networking.firewall.allowedUDPPorts = [ 2003 ]; + networking.firewall.rejectPackets = true; networking.firewall.allowPing = true; - fileSystems."/" = - { device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - krebs.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "gum" - "pigstarter" - "fastpoke" - ]; - }; - # $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; [ - jq - ]; + environment.systemPackages = with pkgs; [ + jq + ]; } diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 3de2d300c..da7466d75 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -9,80 +9,28 @@ [ # Include the results of the hardware scan. ../2configs/base.nix ../2configs/base-gui.nix + ../2configs/tinc-basic-retiolum.nix + ../2configs/sda-crypto-root.nix + # hardware specifics are in here + ../2configs/tp-x200.nix ]; - services.xserver = { - videoDriver = "intel"; - }; + # not working in vm krebs.build.host = config.krebs.hosts.tsp; krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@tsp"; krebs.build.deps = { nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; - }; - # TODO generalize in base.nix - secrets = { - url = "/home/makefu/secrets/${config.krebs.build.host.name}"; - }; - # TODO generalize in base.nix - stockholm = { - url = toString ../..; - }; - }; - - krebs.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "gum" - "pigstarter" - "fastpoke" - ]; - }; - - boot = { - #x200 specifics - kernelModules = [ "tp_smapi" "msr" ]; - extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; - - loader.grub.enable =true; - loader.grub.version =2; - loader.grub.device = "/dev/sda"; - - # crypto boot - # TODO: use UUID - initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}]; - initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/luksroot"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-label/nixboot"; - fsType = "ext4"; + #url = https://github.com/NixOS/nixpkgs; + # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L) + url = https://github.com/makefu/nixpkgs; + rev = "8b8b65da24f13f9317504e8bcba476f9161613fe"; }; }; - # hardware specifics - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - # TODO: generalize to numCPU + 1 - nix.maxJobs = 3; - - networking.firewall.rejectPackets = true; networking.firewall.allowPing = true; - - # $ nix-env -qaP | grep wget environment.systemPackages = with pkgs; [ vim jq diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 5f977251f..c4755c217 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -1,20 +1,39 @@ { config, lib, pkgs, ... }: - +## +# of course this name is a lie - it prepares a GUI environment close to my +# current configuration. +# +# autologin with mainUser into awesome +## +# with lib; +let + mainUser = config.krebs.build.user.name; +in { imports = [ ]; - services.xserver.enable = true; - services.xserver.layout = "us"; + services.xserver = { + enable = true; + layout = "us"; + xkbVariant = "altgr-intl"; + xkbOptions = "ctrl:nocaps"; -# use awesome, direct boot into - services.xserver.displayManager.auto.enable =true; - services.xserver.displayManager.auto.user =config.krebs.users.makefu; - services.xserver.windowManager.awesome.enable = true; + windowManager = { + awesome.enable = true; + awesome.luaModules = [ pkgs.luaPackages.vicious ]; + default = "awesome"; + }; + + displayManager.auto.enable = true; + displayManager.auto.user = mainUser; + desktopManager.xterm.enable = false; + }; - security.setuidPrograms = [ "slock" ]; + environment.systemPackages = [ + pkgs.xlockmore + pkgs.rxvt_unicode-with-plugins + ]; -# use pulseaudio - environment.systemPackages = [ pkgs.slock ]; hardware.pulseaudio = { enable = true; systemWide = true; diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix index 8dfb2ef27..25d92d63d 100644 --- a/makefu/2configs/base.nix +++ b/makefu/2configs/base.nix @@ -2,11 +2,18 @@ with lib; { - imports = [ ]; + imports = [ + { + users.extraUsers = + mapAttrs (_: h: { hashedPassword = h; }) + (import /root/src/secrets/hashedPasswords.nix); + } + ./vim.nix + ]; krebs.enable = true; krebs.search-domain = "retiolum"; - networking.hostName = config.krebs.build.host.name; + users.extraUsers = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; @@ -24,10 +31,23 @@ with lib; }; }; + networking.hostName = config.krebs.build.host.name; + nix.maxJobs = config.krebs.build.host.cores + 1; + #nix.maxJobs = 1; + + krebs.build.deps = { + secrets = { + url = "/home/makefu/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; + services.openssh.enable = true; nix.useChroot = true; - users.mutableUsers = true; + users.mutableUsers = false; boot.tmpOnTmpfs = true; systemd.tmpfiles.rules = [ diff --git a/makefu/2configs/graphite-standalone.nix b/makefu/2configs/graphite-standalone.nix index 50c623ab9..8b70c11c8 100644 --- a/makefu/2configs/graphite-standalone.nix +++ b/makefu/2configs/graphite-standalone.nix @@ -5,6 +5,7 @@ with lib; { imports = [ ]; + services.graphite = { web = { enable = true; diff --git a/makefu/2configs/graphite-web.nix b/makefu/2configs/graphite-web.nix deleted file mode 100644 index daa1d49a3..000000000 --- a/makefu/2configs/graphite-web.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -{ - imports = [ ]; - services.graphite = { - web = { - enable = true; - host = "0.0.0.0"; - }; - carbon = { - enableCache = true; - storageSchemas = '' - [carbon] - pattern = ^carbon\. - retentions = 60:90d - - [default] - pattern = .* - retentions = 60s:30d,300s:1y - ''; - }; - }; -} diff --git a/makefu/2configs/sda-crypto-root.nix b/makefu/2configs/sda-crypto-root.nix new file mode 100644 index 000000000..0d979a0b8 --- /dev/null +++ b/makefu/2configs/sda-crypto-root.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +# sda: bootloader grub2 +# sda1: boot ext4 (label nixboot) +# sda2: cryptoluks -> ext4 +with lib; +{ + boot = { + loader.grub.enable =true; + loader.grub.version =2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}]; + initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/luksroot"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-label/nixboot"; + fsType = "ext4"; + }; + }; +} diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix new file mode 100644 index 000000000..cb1991bd6 --- /dev/null +++ b/makefu/2configs/tinc-basic-retiolum.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + krebs.retiolum = { + enable = true; + hosts = ../../Zhosts; + connectTo = [ + "gum" + "pigstarter" + "fastpoke" + ]; + }; +} diff --git a/makefu/2configs/tp-x200.nix b/makefu/2configs/tp-x200.nix new file mode 100644 index 000000000..64d3f85a1 --- /dev/null +++ b/makefu/2configs/tp-x200.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + #services.xserver = { + # videoDriver = "intel"; + #}; + + boot = { + kernelModules = [ "tp_smapi" "msr" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + + }; + + networking.wireless.enable = true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.trackpoint.enable = true; + hardware.trackpoint.sensitivity = 255; + hardware.trackpoint.speed = 255; +} diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix new file mode 100644 index 000000000..b71d95148 --- /dev/null +++ b/makefu/2configs/vim.nix @@ -0,0 +1,119 @@ +{ config, pkgs, ... }: + +let + customPlugins.vim-better-whitespace = pkgs.vimUtils.buildVimPlugin { + name = "vim-better-whitespace"; + src = pkgs.fetchFromGitHub { + owner = "ntpeters"; + repo = "vim-better-whitespace"; + rev = "984c8da518799a6bfb8214e1acdcfd10f5f1eed7"; + sha256 = "10l01a8xaivz6n01x6hzfx7gd0igd0wcf9ril0sllqzbq7yx2bbk"; + }; + }; + +in { + + environment.systemPackages = [ + pkgs.python27Full # required for youcompleteme + (pkgs.vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = '' + set nocompatible + syntax on + + filetype off + filetype plugin indent on + + colorscheme darkblue + set background=dark + + set number + set relativenumber + set mouse=a + set ignorecase + set incsearch + set wildignore=*.o,*.obj,*.bak,*.exe,*.os + set textwidth=79 + set shiftwidth=2 + set expandtab + set softtabstop=2 + set shiftround + set smarttab + set tabstop=2 + set et + set autoindent + set backspace=indent,eol,start + + + inoremap <F1> <ESC> + nnoremap <F1> <ESC> + vnoremap <F1> <ESC> + + nnoremap <F5> :UndotreeToggle<CR> + set undodir =~/.vim/undo + set undofile + "maximum number of changes that can be undone + set undolevels=1000000 + "maximum number lines to save for undo on a buffer reload + set undoreload=10000000 + + nnoremap <F2> :set invpaste paste?<CR> + set pastetoggle=<F2> + set showmode + + set showmatch + set matchtime=3 + set hlsearch + + autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red + + + " save on focus lost + au FocusLost * :wa + + autocmd BufRead *.json set filetype=json + au BufNewFile,BufRead *.mustache set syntax=mustache + + cnoremap SudoWrite w !sudo tee > /dev/null % + + " create Backup/tmp/undo dirs + set backupdir=~/.vim/backup + set directory=~/.vim/tmp + + function! InitBackupDir() + let l:parent = $HOME . '/.vim/' + let l:backup = l:parent . 'backup/' + let l:tmpdir = l:parent . 'tmp/' + let l:undodir= l:parent . 'undo/' + + + if !isdirectory(l:parent) + call mkdir(l:parent) + endif + if !isdirectory(l:backup) + call mkdir(l:backup) + endif + if !isdirectory(l:tmpdir) + call mkdir(l:tmpdir) + endif + if !isdirectory(l:undodir) + call mkdir(l:undodir) + endif + endfunction + call InitBackupDir() + + + ''; + + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" + "YouCompleteMe" + "vim-better-whitespace" ]; } + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + ]; + + }) + ]; +} diff --git a/makefu/2configs/vm-single-partition.nix b/makefu/2configs/vm-single-partition.nix new file mode 100644 index 000000000..78a5e7175 --- /dev/null +++ b/makefu/2configs/vm-single-partition.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +# vda1 ext4 (label nixos) -> only root partition +with lib; +{ + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + hardware.cpu.amd.updateMicrocode = true; + + +} |