Merge branch 'tsp-vicious'
This commit is contained in:
commit
d38809879d
|
@ -11,6 +11,8 @@
|
|||
../2configs/base.nix
|
||||
../2configs/cgit-retiolum.nix
|
||||
../2configs/graphite-standalone.nix
|
||||
../2configs/vm-single-partition.nix
|
||||
../2configs/tinc-basic-retiolum.nix
|
||||
];
|
||||
krebs.build.host = config.krebs.hosts.pnp;
|
||||
krebs.build.user = config.krebs.users.makefu;
|
||||
|
@ -21,48 +23,19 @@
|
|||
url = https://github.com/NixOS/nixpkgs;
|
||||
rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
|
||||
};
|
||||
secrets = {
|
||||
url = "/home/makefu/secrets/${config.krebs.build.host.name}";
|
||||
};
|
||||
stockholm = {
|
||||
url = toString ../..;
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
hardware.enableAllFirmware = true;
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
# nginx runs on 80
|
||||
80
|
||||
# graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
|
||||
80
|
||||
8080 2003
|
||||
];
|
||||
networking.firewall.allowedUDPPorts = [ 2003 ];
|
||||
|
||||
networking.firewall.rejectPackets = true;
|
||||
networking.firewall.allowPing = true;
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
};
|
||||
krebs.retiolum = {
|
||||
enable = true;
|
||||
hosts = ../../Zhosts;
|
||||
connectTo = [
|
||||
"gum"
|
||||
"pigstarter"
|
||||
"fastpoke"
|
||||
];
|
||||
};
|
||||
|
||||
# $ nix-env -qaP | grep wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
jq
|
||||
|
|
|
@ -9,80 +9,28 @@
|
|||
[ # Include the results of the hardware scan.
|
||||
../2configs/base.nix
|
||||
../2configs/base-gui.nix
|
||||
../2configs/tinc-basic-retiolum.nix
|
||||
../2configs/sda-crypto-root.nix
|
||||
# hardware specifics are in here
|
||||
../2configs/tp-x200.nix
|
||||
];
|
||||
services.xserver = {
|
||||
videoDriver = "intel";
|
||||
};
|
||||
# not working in vm
|
||||
krebs.build.host = config.krebs.hosts.tsp;
|
||||
krebs.build.user = config.krebs.users.makefu;
|
||||
krebs.build.target = "root@tsp";
|
||||
|
||||
krebs.build.deps = {
|
||||
nixpkgs = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
|
||||
};
|
||||
# TODO generalize in base.nix
|
||||
secrets = {
|
||||
url = "/home/makefu/secrets/${config.krebs.build.host.name}";
|
||||
};
|
||||
# TODO generalize in base.nix
|
||||
stockholm = {
|
||||
url = toString ../..;
|
||||
#url = https://github.com/NixOS/nixpkgs;
|
||||
# rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L)
|
||||
url = https://github.com/makefu/nixpkgs;
|
||||
rev = "8b8b65da24f13f9317504e8bcba476f9161613fe";
|
||||
};
|
||||
};
|
||||
|
||||
krebs.retiolum = {
|
||||
enable = true;
|
||||
hosts = ../../Zhosts;
|
||||
connectTo = [
|
||||
"gum"
|
||||
"pigstarter"
|
||||
"fastpoke"
|
||||
];
|
||||
};
|
||||
|
||||
boot = {
|
||||
#x200 specifics
|
||||
kernelModules = [ "tp_smapi" "msr" ];
|
||||
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
|
||||
|
||||
loader.grub.enable =true;
|
||||
loader.grub.version =2;
|
||||
loader.grub.device = "/dev/sda";
|
||||
|
||||
# crypto boot
|
||||
# TODO: use UUID
|
||||
initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
|
||||
initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
|
||||
initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||
};
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/mapper/luksroot";
|
||||
fsType = "ext4";
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/nixboot";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
# hardware specifics
|
||||
networking.wireless.enable = true;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
# TODO: generalize to numCPU + 1
|
||||
nix.maxJobs = 3;
|
||||
|
||||
|
||||
networking.firewall.rejectPackets = true;
|
||||
networking.firewall.allowPing = true;
|
||||
|
||||
|
||||
# $ nix-env -qaP | grep wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
jq
|
||||
|
|
|
@ -1,20 +1,39 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
##
|
||||
# of course this name is a lie - it prepares a GUI environment close to my
|
||||
# current configuration.
|
||||
#
|
||||
# autologin with mainUser into awesome
|
||||
##
|
||||
#
|
||||
with lib;
|
||||
let
|
||||
mainUser = config.krebs.build.user.name;
|
||||
in
|
||||
{
|
||||
imports = [ ];
|
||||
services.xserver.enable = true;
|
||||
services.xserver.layout = "us";
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
layout = "us";
|
||||
xkbVariant = "altgr-intl";
|
||||
xkbOptions = "ctrl:nocaps";
|
||||
|
||||
# use awesome, direct boot into
|
||||
services.xserver.displayManager.auto.enable =true;
|
||||
services.xserver.displayManager.auto.user =config.krebs.users.makefu;
|
||||
services.xserver.windowManager.awesome.enable = true;
|
||||
windowManager = {
|
||||
awesome.enable = true;
|
||||
awesome.luaModules = [ pkgs.luaPackages.vicious ];
|
||||
default = "awesome";
|
||||
};
|
||||
|
||||
security.setuidPrograms = [ "slock" ];
|
||||
displayManager.auto.enable = true;
|
||||
displayManager.auto.user = mainUser;
|
||||
desktopManager.xterm.enable = false;
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.xlockmore
|
||||
pkgs.rxvt_unicode-with-plugins
|
||||
];
|
||||
|
||||
# use pulseaudio
|
||||
environment.systemPackages = [ pkgs.slock ];
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
|
|
|
@ -2,11 +2,18 @@
|
|||
|
||||
with lib;
|
||||
{
|
||||
imports = [ ];
|
||||
imports = [
|
||||
{
|
||||
users.extraUsers =
|
||||
mapAttrs (_: h: { hashedPassword = h; })
|
||||
(import /root/src/secrets/hashedPasswords.nix);
|
||||
}
|
||||
./vim.nix
|
||||
];
|
||||
krebs.enable = true;
|
||||
krebs.search-domain = "retiolum";
|
||||
|
||||
networking.hostName = config.krebs.build.host.name;
|
||||
|
||||
users.extraUsers = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||
|
@ -24,10 +31,23 @@ with lib;
|
|||
};
|
||||
};
|
||||
|
||||
networking.hostName = config.krebs.build.host.name;
|
||||
nix.maxJobs = config.krebs.build.host.cores + 1;
|
||||
#nix.maxJobs = 1;
|
||||
|
||||
krebs.build.deps = {
|
||||
secrets = {
|
||||
url = "/home/makefu/secrets/${config.krebs.build.host.name}";
|
||||
};
|
||||
stockholm = {
|
||||
url = toString ../..;
|
||||
};
|
||||
};
|
||||
|
||||
services.openssh.enable = true;
|
||||
nix.useChroot = true;
|
||||
|
||||
users.mutableUsers = true;
|
||||
users.mutableUsers = false;
|
||||
|
||||
boot.tmpOnTmpfs = true;
|
||||
systemd.tmpfiles.rules = [
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
with lib;
|
||||
{
|
||||
imports = [ ];
|
||||
|
||||
services.graphite = {
|
||||
web = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
imports = [ ];
|
||||
services.graphite = {
|
||||
web = {
|
||||
enable = true;
|
||||
host = "0.0.0.0";
|
||||
};
|
||||
carbon = {
|
||||
enableCache = true;
|
||||
storageSchemas = ''
|
||||
[carbon]
|
||||
pattern = ^carbon\.
|
||||
retentions = 60:90d
|
||||
|
||||
[default]
|
||||
pattern = .*
|
||||
retentions = 60s:30d,300s:1y
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
27
makefu/2configs/sda-crypto-root.nix
Normal file
27
makefu/2configs/sda-crypto-root.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
# sda: bootloader grub2
|
||||
# sda1: boot ext4 (label nixboot)
|
||||
# sda2: cryptoluks -> ext4
|
||||
with lib;
|
||||
{
|
||||
boot = {
|
||||
loader.grub.enable =true;
|
||||
loader.grub.version =2;
|
||||
loader.grub.device = "/dev/sda";
|
||||
|
||||
initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
|
||||
initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
|
||||
initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||
};
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/mapper/luksroot";
|
||||
fsType = "ext4";
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/nixboot";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
}
|
14
makefu/2configs/tinc-basic-retiolum.nix
Normal file
14
makefu/2configs/tinc-basic-retiolum.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
krebs.retiolum = {
|
||||
enable = true;
|
||||
hosts = ../../Zhosts;
|
||||
connectTo = [
|
||||
"gum"
|
||||
"pigstarter"
|
||||
"fastpoke"
|
||||
];
|
||||
};
|
||||
}
|
23
makefu/2configs/tp-x200.nix
Normal file
23
makefu/2configs/tp-x200.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
#services.xserver = {
|
||||
# videoDriver = "intel";
|
||||
#};
|
||||
|
||||
boot = {
|
||||
kernelModules = [ "tp_smapi" "msr" ];
|
||||
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
|
||||
|
||||
};
|
||||
|
||||
networking.wireless.enable = true;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
hardware.trackpoint.enable = true;
|
||||
hardware.trackpoint.sensitivity = 255;
|
||||
hardware.trackpoint.speed = 255;
|
||||
}
|
119
makefu/2configs/vim.nix
Normal file
119
makefu/2configs/vim.nix
Normal file
|
@ -0,0 +1,119 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
customPlugins.vim-better-whitespace = pkgs.vimUtils.buildVimPlugin {
|
||||
name = "vim-better-whitespace";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "ntpeters";
|
||||
repo = "vim-better-whitespace";
|
||||
rev = "984c8da518799a6bfb8214e1acdcfd10f5f1eed7";
|
||||
sha256 = "10l01a8xaivz6n01x6hzfx7gd0igd0wcf9ril0sllqzbq7yx2bbk";
|
||||
};
|
||||
};
|
||||
|
||||
in {
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.python27Full # required for youcompleteme
|
||||
(pkgs.vim_configurable.customize {
|
||||
name = "vim";
|
||||
|
||||
vimrcConfig.customRC = ''
|
||||
set nocompatible
|
||||
syntax on
|
||||
|
||||
filetype off
|
||||
filetype plugin indent on
|
||||
|
||||
colorscheme darkblue
|
||||
set background=dark
|
||||
|
||||
set number
|
||||
set relativenumber
|
||||
set mouse=a
|
||||
set ignorecase
|
||||
set incsearch
|
||||
set wildignore=*.o,*.obj,*.bak,*.exe,*.os
|
||||
set textwidth=79
|
||||
set shiftwidth=2
|
||||
set expandtab
|
||||
set softtabstop=2
|
||||
set shiftround
|
||||
set smarttab
|
||||
set tabstop=2
|
||||
set et
|
||||
set autoindent
|
||||
set backspace=indent,eol,start
|
||||
|
||||
|
||||
inoremap <F1> <ESC>
|
||||
nnoremap <F1> <ESC>
|
||||
vnoremap <F1> <ESC>
|
||||
|
||||
nnoremap <F5> :UndotreeToggle<CR>
|
||||
set undodir =~/.vim/undo
|
||||
set undofile
|
||||
"maximum number of changes that can be undone
|
||||
set undolevels=1000000
|
||||
"maximum number lines to save for undo on a buffer reload
|
||||
set undoreload=10000000
|
||||
|
||||
nnoremap <F2> :set invpaste paste?<CR>
|
||||
set pastetoggle=<F2>
|
||||
set showmode
|
||||
|
||||
set showmatch
|
||||
set matchtime=3
|
||||
set hlsearch
|
||||
|
||||
autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red
|
||||
|
||||
|
||||
" save on focus lost
|
||||
au FocusLost * :wa
|
||||
|
||||
autocmd BufRead *.json set filetype=json
|
||||
au BufNewFile,BufRead *.mustache set syntax=mustache
|
||||
|
||||
cnoremap SudoWrite w !sudo tee > /dev/null %
|
||||
|
||||
" create Backup/tmp/undo dirs
|
||||
set backupdir=~/.vim/backup
|
||||
set directory=~/.vim/tmp
|
||||
|
||||
function! InitBackupDir()
|
||||
let l:parent = $HOME . '/.vim/'
|
||||
let l:backup = l:parent . 'backup/'
|
||||
let l:tmpdir = l:parent . 'tmp/'
|
||||
let l:undodir= l:parent . 'undo/'
|
||||
|
||||
|
||||
if !isdirectory(l:parent)
|
||||
call mkdir(l:parent)
|
||||
endif
|
||||
if !isdirectory(l:backup)
|
||||
call mkdir(l:backup)
|
||||
endif
|
||||
if !isdirectory(l:tmpdir)
|
||||
call mkdir(l:tmpdir)
|
||||
endif
|
||||
if !isdirectory(l:undodir)
|
||||
call mkdir(l:undodir)
|
||||
endif
|
||||
endfunction
|
||||
call InitBackupDir()
|
||||
|
||||
|
||||
'';
|
||||
|
||||
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
|
||||
vimrcConfig.vam.pluginDictionaries = [
|
||||
{ names = [ "undotree"
|
||||
"YouCompleteMe"
|
||||
"vim-better-whitespace" ]; }
|
||||
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
||||
];
|
||||
|
||||
})
|
||||
];
|
||||
}
|
20
makefu/2configs/vm-single-partition.nix
Normal file
20
makefu/2configs/vm-single-partition.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
# vda1 ext4 (label nixos) -> only root partition
|
||||
with lib;
|
||||
{
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
||||
|
||||
}
|
Loading…
Reference in a new issue