From 91a112c24294154be3b812e2b52e1c651d336aff Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 7 Aug 2015 12:10:02 +0200 Subject: refactor tsp --- makefu/1systems/tsp.nix | 51 +++---------------------------------- makefu/2configs/base-gui.nix | 26 ++++++++++++------- makefu/2configs/base.nix | 14 +++++++++- makefu/2configs/sda-crypto-root.nix | 27 ++++++++++++++++++++ makefu/2configs/tp-x200.nix | 23 +++++++++++++++++ 5 files changed, 84 insertions(+), 57 deletions(-) create mode 100644 makefu/2configs/sda-crypto-root.nix create mode 100644 makefu/2configs/tp-x200.nix (limited to 'makefu') diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 2d3fd9225..3979b70b9 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -9,11 +9,10 @@ [ # Include the results of the hardware scan. ../2configs/base.nix ../2configs/base-gui.nix + ../2configs/tp-x200.nix + ../2configs/sda-crypto-root.nix ]; # not working in vm - #services.xserver = { - # videoDriver = "intel"; - #}; krebs.build.host = config.krebs.hosts.tsp; krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@tsp"; @@ -21,18 +20,9 @@ krebs.build.deps = { nixpkgs = { #url = https://github.com/NixOS/nixpkgs; + # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L) url = https://github.com/makefu/nixpkgs; - #rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; - #rev = "08275910ba86ed9bd7a2608e6a1e5285faf24cb2"; - rev = "53d79a8074e7a4465515e67ea565dc73cbc14c5c"; - }; - # TODO generalize in base.nix - secrets = { - url = "/home/makefu/secrets/${config.krebs.build.host.name}"; - }; - # TODO generalize in base.nix - stockholm = { - url = toString ../..; + rev = "8b8b65da24f13f9317504e8bcba476f9161613fe"; }; }; @@ -46,40 +36,7 @@ ]; }; - boot = { - #x200 specifics - kernelModules = [ "tp_smapi" "msr" ]; - extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; - - loader.grub.enable =true; - loader.grub.version =2; - loader.grub.device = "/dev/sda"; - - # crypto boot - # TODO: use UUID - initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}]; - initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/luksroot"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-label/nixboot"; - fsType = "ext4"; - }; - }; - # hardware specifics - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - # TODO: generalize to numCPU + 1 - nix.maxJobs = 3; networking.firewall.rejectPackets = true; diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 056005f75..7f329c6ce 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -1,31 +1,39 @@ { config, lib, pkgs, ... }: - +## +# of course this name is a lie - it prepares a GUI environment close to my +# current configuration. +# +# autologin with mainUser into awesome +## +# with lib; +let + mainUser = config.krebs.build.user.name; +in { imports = [ ]; services.xserver = { enable = true; layout = "us"; -# use awesome, direct boot into - displayManager.auto.enable = true; -# TODO: use config.krebs.users.makefu ... or not - displayManager.auto.user = "makefu"; - windowManager = { awesome.enable = true; awesome.luaModules = [ pkgs.luaPackages.vicious ]; default = "awesome"; }; + displayManager.auto.enable = true; + displayManager.auto.user = mainUser; desktopManager.xterm.enable = false; - desktopManager.default = "none"; }; security.setuidPrograms = [ "slock" ]; -# use pulseaudio - environment.systemPackages = [ pkgs.slock ]; + environment.systemPackages = [ + pkgs.slock + pkgs.rxvt_unicode-with-plugins + ]; + hardware.pulseaudio = { enable = true; systemWide = true; diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix index 8dfb2ef27..792cccc71 100644 --- a/makefu/2configs/base.nix +++ b/makefu/2configs/base.nix @@ -6,7 +6,7 @@ with lib; krebs.enable = true; krebs.search-domain = "retiolum"; - networking.hostName = config.krebs.build.host.name; + users.extraUsers = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; @@ -24,6 +24,18 @@ with lib; }; }; + networking.hostName = config.krebs.build.host.name; + nix.maxJobs = config.krebs.build.host.cores + 1; + + krebs.build.deps = { + secrets = { + url = "/home/makefu/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; + services.openssh.enable = true; nix.useChroot = true; diff --git a/makefu/2configs/sda-crypto-root.nix b/makefu/2configs/sda-crypto-root.nix new file mode 100644 index 000000000..0d979a0b8 --- /dev/null +++ b/makefu/2configs/sda-crypto-root.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +# sda: bootloader grub2 +# sda1: boot ext4 (label nixboot) +# sda2: cryptoluks -> ext4 +with lib; +{ + boot = { + loader.grub.enable =true; + loader.grub.version =2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}]; + initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/luksroot"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-label/nixboot"; + fsType = "ext4"; + }; + }; +} diff --git a/makefu/2configs/tp-x200.nix b/makefu/2configs/tp-x200.nix new file mode 100644 index 000000000..64d3f85a1 --- /dev/null +++ b/makefu/2configs/tp-x200.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + #services.xserver = { + # videoDriver = "intel"; + #}; + + boot = { + kernelModules = [ "tp_smapi" "msr" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + + }; + + networking.wireless.enable = true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.trackpoint.enable = true; + hardware.trackpoint.sensitivity = 255; + hardware.trackpoint.speed = 255; +} -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/b6300000.lock: No such file or directory (2)