From 635ee38e3b21e5c9b04ff6bed8c419827ae918cd Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 7 Aug 2015 12:10:02 +0200
Subject: [PATCH] refactor tsp
---
1systems/tsp.nix | 51 +++---------------------------------
2configs/base-gui.nix | 26 +++++++++++-------
2configs/base.nix | 14 +++++++++-
2configs/sda-crypto-root.nix | 27 +++++++++++++++++++
2configs/tp-x200.nix | 23 ++++++++++++++++
5 files changed, 84 insertions(+), 57 deletions(-)
create mode 100644 2configs/sda-crypto-root.nix
create mode 100644 2configs/tp-x200.nix
diff --git a/1systems/tsp.nix b/1systems/tsp.nix
index 2d3fd92..3979b70 100644
--- a/1systems/tsp.nix
+++ b/1systems/tsp.nix
@@ -9,11 +9,10 @@
[ # Include the results of the hardware scan.
../2configs/base.nix
../2configs/base-gui.nix
+ ../2configs/tp-x200.nix
+ ../2configs/sda-crypto-root.nix
];
# not working in vm
- #services.xserver = {
- # videoDriver = "intel";
- #};
krebs.build.host = config.krebs.hosts.tsp;
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@tsp";
@@ -21,18 +20,9 @@
krebs.build.deps = {
nixpkgs = {
#url = https://github.com/NixOS/nixpkgs;
+ # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L)
url = https://github.com/makefu/nixpkgs;
- #rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
- #rev = "08275910ba86ed9bd7a2608e6a1e5285faf24cb2";
- rev = "53d79a8074e7a4465515e67ea565dc73cbc14c5c";
- };
- # TODO generalize in base.nix
- secrets = {
- url = "/home/makefu/secrets/${config.krebs.build.host.name}";
- };
- # TODO generalize in base.nix
- stockholm = {
- url = toString ../..;
+ rev = "8b8b65da24f13f9317504e8bcba476f9161613fe";
};
};
@@ -46,40 +36,7 @@
];
};
- boot = {
- #x200 specifics
- kernelModules = [ "tp_smapi" "msr" ];
- extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
-
- loader.grub.enable =true;
- loader.grub.version =2;
- loader.grub.device = "/dev/sda";
-
- # crypto boot
- # TODO: use UUID
- initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
- initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
- initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- };
- fileSystems = {
- "/" = {
- device = "/dev/mapper/luksroot";
- fsType = "ext4";
- };
- "/boot" = {
- device = "/dev/disk/by-label/nixboot";
- fsType = "ext4";
- };
- };
-
# hardware specifics
- networking.wireless.enable = true;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
- # TODO: generalize to numCPU + 1
- nix.maxJobs = 3;
networking.firewall.rejectPackets = true;
diff --git a/2configs/base-gui.nix b/2configs/base-gui.nix
index 056005f..7f329c6 100644
--- a/2configs/base-gui.nix
+++ b/2configs/base-gui.nix
@@ -1,31 +1,39 @@
{ config, lib, pkgs, ... }:
-
+##
+# of course this name is a lie - it prepares a GUI environment close to my
+# current configuration.
+#
+# autologin with mainUser into awesome
+##
+#
with lib;
+let
+ mainUser = config.krebs.build.user.name;
+in
{
imports = [ ];
services.xserver = {
enable = true;
layout = "us";
-# use awesome, direct boot into
- displayManager.auto.enable = true;
-# TODO: use config.krebs.users.makefu ... or not
- displayManager.auto.user = "makefu";
-
windowManager = {
awesome.enable = true;
awesome.luaModules = [ pkgs.luaPackages.vicious ];
default = "awesome";
};
+ displayManager.auto.enable = true;
+ displayManager.auto.user = mainUser;
desktopManager.xterm.enable = false;
- desktopManager.default = "none";
};
security.setuidPrograms = [ "slock" ];
-# use pulseaudio
- environment.systemPackages = [ pkgs.slock ];
+ environment.systemPackages = [
+ pkgs.slock
+ pkgs.rxvt_unicode-with-plugins
+ ];
+
hardware.pulseaudio = {
enable = true;
systemWide = true;
diff --git a/2configs/base.nix b/2configs/base.nix
index 8dfb2ef..792cccc 100644
--- a/2configs/base.nix
+++ b/2configs/base.nix
@@ -6,7 +6,7 @@ with lib;
krebs.enable = true;
krebs.search-domain = "retiolum";
- networking.hostName = config.krebs.build.host.name;
+
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
@@ -24,6 +24,18 @@ with lib;
};
};
+ networking.hostName = config.krebs.build.host.name;
+ nix.maxJobs = config.krebs.build.host.cores + 1;
+
+ krebs.build.deps = {
+ secrets = {
+ url = "/home/makefu/secrets/${config.krebs.build.host.name}";
+ };
+ stockholm = {
+ url = toString ../..;
+ };
+ };
+
services.openssh.enable = true;
nix.useChroot = true;
diff --git a/2configs/sda-crypto-root.nix b/2configs/sda-crypto-root.nix
new file mode 100644
index 0000000..0d979a0
--- /dev/null
+++ b/2configs/sda-crypto-root.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+# sda: bootloader grub2
+# sda1: boot ext4 (label nixboot)
+# sda2: cryptoluks -> ext4
+with lib;
+{
+ boot = {
+ loader.grub.enable =true;
+ loader.grub.version =2;
+ loader.grub.device = "/dev/sda";
+
+ initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
+ initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/luksroot";
+ fsType = "ext4";
+ };
+ "/boot" = {
+ device = "/dev/disk/by-label/nixboot";
+ fsType = "ext4";
+ };
+ };
+}
diff --git a/2configs/tp-x200.nix b/2configs/tp-x200.nix
new file mode 100644
index 0000000..64d3f85
--- /dev/null
+++ b/2configs/tp-x200.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ #services.xserver = {
+ # videoDriver = "intel";
+ #};
+
+ boot = {
+ kernelModules = [ "tp_smapi" "msr" ];
+ extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+
+ };
+
+ networking.wireless.enable = true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ hardware.trackpoint.enable = true;
+ hardware.trackpoint.sensitivity = 255;
+ hardware.trackpoint.speed = 255;
+}