machines: remove nixpkgs.config

2024-01-15 22:35:36 +01:00 · 2024-01-15 22:35:36 +01:00 · 3cac8cc3b8
parent 5e3b53744e
commit 3cac8cc3b8
14 changed files with 91 additions and 97 deletions
--- a/machines/cake/config.nix
+++ b/machines/cake/config.nix
@ -14,16 +14,16 @@ in {
    #../../2configs/support-nixos.nix
    # ../../2configs/homeautomation/default.nix
    # ../../2configs/homeautomation/google-muell.nix
-    # ../../2configs/hw/pseyecam.nix
+    ../../2configs/hw/pseyecam.nix
    # configure your hw:
    # ../../2configs/save-diskspace.nix

    # directly use the alsa device instead of attaching to pulse

    ../../2configs/tinc/retiolum.nix
-    ../../2configs/audio/respeaker.nix
-    ../../2configs/home/rhasspy/default.nix
-    ../../2configs/home/rhasspy/led-control.nix
+    # ../../2configs/audio/respeaker.nix
+    #../../2configs/home/rhasspy/default.nix
+    #../../2configs/home/rhasspy/led-control.nix
  ];
  krebs = {
    enable = true;
@ -35,4 +35,5 @@ in {
  documentation.info.enable = false;
  documentation.man.enable = false;
  documentation.nixos.enable = false;
+  #nixpkgs.config.allowUnsupportedSystem = true;
 }
--- a/machines/cake/hardware-config.nix
+++ b/machines/cake/hardware-config.nix
@ -1,8 +1,11 @@
-{ pkgs, lib, nixos-hardware,... }:
+{ pkgs, lib, nixos-hardware, nixpkgs, ... }:
 {
-  environment.systemPackages = [ pkgs.libraspberrypi ];
-  imports = [ nixos-hardware.nixosModules.raspberry-pi-4 ];
-  boot.kernelPackages = pkgs.linuxPackages_rpi4;
+  imports = [ 
+    nixos-hardware.nixosModules.raspberry-pi-4 
+    #"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+  ];
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_rpi4;
+  #nixpkgs.pkgs = nixpkgs.legacyPackages.aarch64-linux;
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-label/NIXOS_SD";
@ -10,6 +13,20 @@
      options = [ "noatime" ];
    };
  };
-  hardware.raspberry-pi."4".fkms-3d.enable = true; 
-  hardware.raspberry-pi."4".audio.enable = true;  
+  console.enable = false;
+  hardware = {
+    raspberry-pi."4" = {
+      apply-overlays-dtmerge.enable = true;
+      audio.enable = true;  
+      fkms-3d.enable = true; 
+    };
+    #deviceTree = {
+    #  enable = true;
+    #  filter = lib.mkForce "*rpi-4-*.dtb";
+    #};
+  };
+
+  nixpkgs.localSystem.system = "aarch64-linux";
+
+  environment.systemPackages = [ pkgs.libraspberrypi pkgs.raspberrypi-eeprom ];
 }
--- a/machines/firecracker/hardware-config.nix
+++ b/machines/firecracker/hardware-config.nix
@ -7,7 +7,7 @@
  boot.loader.generationsDir.enable = lib.mkDefault false;
  boot.supportedFilesystems = lib.mkForce [ "vfat" ];

-  boot.tmpOnTmpfs = lib.mkForce false;
+  boot.tmp.useTmpfs = lib.mkForce false;
  boot.cleanTmpDir = true;
  hardware.enableRedistributableFirmware = true;

--- a/machines/gum/config.nix
+++ b/machines/gum/config.nix
@ -11,7 +11,7 @@ in {
      {
        # wait for mount
        systemd.services.rtorrent.wantedBy = lib.mkForce [];
-        systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce [];
+        # systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce [];
        systemd.services.samba-smbd.wantedBy = lib.mkForce [];
      }
      {
@ -51,6 +51,7 @@ in {

      ../../2configs/zsh-user.nix
      ../../2configs/mosh.nix
+      # ../../2configs/disable_v6.nix
      ../../2configs/storj/forward-port.nix
      # ../../2configs/gui/xpra.nix

@ -132,8 +133,8 @@ in {
      { makefu.backup.server.repo = "/var/backup/borg"; }
      ../../2configs/backup/server.nix
      ../../2configs/backup/state.nix
-      ../../2configs/wireguard/server.nix
-      ../../2configs/wireguard/wiregrill.nix
+      # ../../2configs/wireguard/server.nix
+      ../../2configs/wireguard/wiregrill-server.nix

      { # recent changes mediawiki bot
        networking.firewall.allowedUDPPorts = [ 5005 5006 ];
--- a/machines/gum/hetznercloud/default.nix
+++ b/machines/gum/hetznercloud/default.nix
@ -36,7 +36,7 @@
  boot.loader.grub.device = "/dev/sda";

  networking.hostId = "3150697b"; # required for zfs use
-  boot.tmpOnTmpfs = true;
+  boot.tmp.useTmpfs = true;
  boot.supportedFilesystems = [ "zfs" ];

  boot.loader.grub.enable = true;
--- a/machines/iso/config.nix
+++ b/machines/iso/config.nix
@ -47,26 +47,26 @@ with pkgs.stockholm.lib;
  # enable ssh in the iso boot process
  systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
  # hack `tee` behavior
-  nixpkgs.config.packageOverrides = super: {
-    irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
-      pkgs = pkgs // {
-        coreutils = pkgs.symlinkJoin {
-          name =  "coreutils-hack";
-          paths = [
-            pkgs.coreutils
-            (pkgs.writeDashBin "tee" ''
-              if test "$1" = /dev/stderr; then
-                while read -r line; do
-                  echo "$line"
-                  echo "$line" >&2
-                done
-              else
-                ${super.coreutils}/bin/tee "$@"
-              fi
-            '')
-          ];
-        };
-      };
-    };
-  };
+  #nixpkgs.config.packageOverrides = super: {
+  #  irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
+  #    pkgs = pkgs // {
+  #      coreutils = pkgs.symlinkJoin {
+  #        name =  "coreutils-hack";
+  #        paths = [
+  #          pkgs.coreutils
+  #          (pkgs.writeDashBin "tee" ''
+  #            if test "$1" = /dev/stderr; then
+  #              while read -r line; do
+  #                echo "$line"
+  #                echo "$line" >&2
+  #              done
+  #            else
+  #              ${super.coreutils}/bin/tee "$@"
+  #            fi
+  #          '')
+  #        ];
+  #      };
+  #    };
+  #  };
+  #};
 }
--- a/machines/iso/target-config.nix
+++ b/machines/iso/target-config.nix
@ -12,7 +12,7 @@
    "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
  ];
  users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ];
-  boot.tmpOnTmpfs = true;
+  boot.tmp.useTmpfs = true;
  programs.bash.enableCompletion = true;
  services.journald.extraConfig = ''
    SystemMaxUse=1G
--- a/machines/latte/1blu/default.nix
+++ b/machines/latte/1blu/default.nix
@ -36,7 +36,7 @@
  boot.loader.grub.device = "/dev/vda";

  networking.hostId = "3150697c"; # required for zfs use
-  boot.tmpOnTmpfs = true;
+  boot.tmp.useTmpfs = true;
  boot.supportedFilesystems = [ "zfs" ];

  boot.loader.grub.enable = true;
--- a/machines/omo/config.nix
+++ b/machines/omo/config.nix
@ -14,6 +14,15 @@ in {
      ../../2configs/headless.nix
      ../../2configs/support-nixos.nix
      ../../2configs/nur.nix
+      {
+        services.xserver.enable = true;
+        services.xserver.displayManager.sddm.enable = true;
+        services.xserver.desktopManager.plasma5.enable = true;
+
+        services.xrdp.enable = true;
+        services.xrdp.defaultWindowManager = "startplasma-x11";
+        services.xrdp.openFirewall = true;
+      }
      # x11 forwarding
      {
        services.openssh.forwardX11 = true;
@ -53,9 +62,9 @@ in {
      ../../2configs/share
      ../../2configs/share/omo.nix
      ../../2configs/share/gum-client.nix
-      ../../2configs/sync
+      # ../../2configs/sync

-      ../../2configs/wireguard/wiregrill.nix
+      ../../2configs/wireguard/wiregrill-client.nix
      #../../2configs/dcpp/airdcpp.nix
      #{ krebs.airdcpp.dcpp.shares = let
      #    d = path: "/media/cryptX/${path}";
@ -97,7 +106,7 @@ in {
      ../../2configs/remote-build/slave.nix
      # TODO:
      ../../2configs/virtualisation/docker.nix
-      ../../2configs/bluetooth-mpd.nix
+      # ../../2configs/bluetooth-mpd.nix

      ../../2configs/home/jellyfin.nix
      ../../2configs/home/music.nix
@ -117,11 +126,12 @@ in {
        users.users.makefu.packages = [ pkgs.pkgrename ];
      }

+      ../../2configs/home/paperless.nix

-      {
-        hardware.pulseaudio.systemWide = true;
-        makefu.mpd.musicDirectory = "/media/cryptX/music";
-      }
+      #{
+      #  hardware.pulseaudio.systemWide = true;
+      #  makefu.mpd.musicDirectory = "/media/cryptX/music";
+      #}

      # security
      ../../2configs/sshd-totp.nix
--- a/machines/omo/hw/vaapi.nix
+++ b/machines/omo/hw/vaapi.nix
@ -1,17 +1,17 @@
 { pkgs, ... }:
+let
+  vaapi = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+in
 {
-  nixpkgs.config.packageOverrides = pkgs: {
-    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
-  };
  hardware.opengl = {
    enable = true;
    extraPackages = with pkgs; [
      intel-media-driver # LIBVA_DRIVER_NAME=iHD
-      vaapiIntel         # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+      vaapi              # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
      vaapiVdpau
      libvdpau-va-gl
    ];
  };
-  hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ vaapiIntel ];
+  hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ vaapi ];
  environment.systemPackages = [ pkgs.libva-utils ];
 }
--- a/machines/savarcast/config.nix
+++ b/machines/savarcast/config.nix
@ -28,7 +28,7 @@
      ../../2configs/mosh.nix
      # Networking
      ../../2configs/tinc/retiolum.nix
-      ../../2configs/wireguard/wiregrill.nix
+      ../../2configs/wireguard/wiregrill-client.nix

      # services
      ../../2configs/bgt/savarcast/download.nix
@ -52,7 +52,7 @@

  # Network
  networking = {
-    useDHCP = lib.mkDefault true;
+    useDHCP = true;
    firewall = {
        allowedTCPPorts = [ 80 443 ];
        allowPing = true;
--- a/machines/shack-autoinstall/shack-config.nix
+++ b/machines/shack-autoinstall/shack-config.nix
@ -13,7 +13,7 @@
  };
  networking.hostName = "shackbook";

-  boot.tmpOnTmpfs = true;
+  boot.tmp.useTmpfs = true;

  users.users.shack = {
    createHome = true;
--- a/machines/wbob/config.nix
+++ b/machines/wbob/config.nix
@ -65,46 +65,8 @@ in {
      # ../../2configs/bam/visitor-photostore.nix
      # ../../2configs/bam/mpd.nix #mpd is only used for TTS, this is the web interface
      ../../2configs/mqtt.nix
-      {
-        services.mjpg-streamer = {
-          enable = true;
-          inputPlugin = "input_uvc.so -d /dev/video0 -r 640x480 -y -f 30 -q 50 -n";
-          outputPlugin = "output_http.so -w @www@ -n -p 18088";
-        };
-      }
-      (let
-          collectd-port = 25826;
-          influx-port = 8086;
-          admin-port = 8083;
-          grafana-port = 3000; # TODO nginx forward
-          db = "collectd_db";
-          logging-interface = "enp0s25";
-        in {
-          networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ];
-
-          services.grafana.enable = true;
-          services.grafana.settings.server.http_addr = "0.0.0.0";
-          services.influxdb.enable = true;
-          systemd.services.influxdb.serviceConfig.LimitNOFILE = 8192;
-
-          services.influxdb.extraConfig = {
-            meta.hostname = config.krebs.build.host.name;
-            # meta.logging-enabled = true;
-            http.bind-address = ":${toString influx-port}";
-            admin.bind-address = ":${toString admin-port}";
-            collectd = [{
-              enabled = true;
-              typesdb = "${pkgs.collectd}/share/collectd/types.db";
-              database = db;
-              bind-address = ":${toString collectd-port}";
-            }];
-          };
-
-          networking.firewall.extraCommands = ''
-            iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
-          '';
-      })
-
+      ../../2configs/bam/cam.nix
+      ../../2configs/bam/influx.nix
      ../../2configs/backup/state.nix
      # temporary
      # ../../2configs/temp/rst-issue.nix
--- a/machines/x/config.nix
+++ b/machines/x/config.nix
@ -172,7 +172,7 @@
      ../../2configs/tor.nix
      # ../../2configs/vpn/vpngate.nix
      # ../../2configs/buildbot-standalone.nix
-      # ../../2configs/remote-build/aarch64-community.nix
+      ../../2configs/remote-build/aarch64-community.nix
      # ../../2configs/remote-build/gum.nix
      # { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }

@ -222,8 +222,8 @@
    ];


-  nixpkgs.config.allowUnfree = true;
-  nixpkgs.config.oraclejdk.accept_license = true;
+  # nixpkgs.config.allowUnfree = true;
+  # nixpkgs.config.oraclejdk.accept_license = true;

  # configure pulseAudio to provide a HDMI sink as well
  networking.firewall.enable = true;
@ -251,6 +251,9 @@
    "/home/makefu/.secrets-pass"
    "/home/makefu/.config/syncthing"
  ];
+  boot.binfmt.emulatedSystems = [
+    "aarch64-linux"
+  ];

  # services.syncthing.user = lib.mkForce "makefu";
  # services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";