Merge branch 'master' of prism.r:stockholm

author: jeschli <jeschli@gmail.com> 2018-01-05 21:14:15 +0100
committer: jeschli <jeschli@gmail.com> 2018-01-05 21:14:15 +0100
commit: aef0ce1766723a593c3788ce060853bfb86a1e9d (patch)
tree: 07e60d15fb55b774046a8d1e17ac0ad4f8cccc9f
parent: 82e93163b744b05d948b532bc371c566148251ee (diff)
parent: c1566e3964a499d7df03e27bc7354ecb59d7e3a8 (diff)
12 files changed, 160 insertions, 13 deletions
diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix
new file mode 100644
index 0000000..c5f38c1
--- /dev/null
+++ b/nin/1systems/axon/config.nix
@@ -0,0 +1,117 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  imports = [
+    <stockholm/nin>
+    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    #../2configs/copyq.nix
+    <stockholm/nin/2configs/games.nix>
+    <stockholm/nin/2configs/git.nix>
+    <stockholm/nin/2configs/retiolum.nix>
+    <stockholm/nin/2configs/termite.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.axon;
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/pool/root";
+      fsType = "ext4";
+    };
+
+  fileSystems."/tmp" =
+    { device = "tmpfs";
+      fsType = "tmpfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/sda1";
+      fsType = "ext2";
+    };
+
+  boot.initrd.luks.devices.crypted.device = "/dev/sda2";
+  boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 4;
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  # Define on which hard drive you want to install Grub.
+  boot.loader.grub.device = "/dev/sda";
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # nin config
+  time.timeZone = "Europe/Berlin";
+  services.xserver.enable = true;
+
+  networking.networkmanager.enable = true;
+  #networking.wireless.enable = true;
+
+  hardware.pulseaudio = {
+    enable = true;
+    systemWide = true;
+  };
+
+  hardware.bluetooth.enable = true;
+
+  hardware.opengl.driSupport32Bit = true;
+
+  #nixpkgs.config.steam.java = true;
+
+  environment.systemPackages = with pkgs; [
+    firefox
+    git
+    lmms
+    networkmanagerapplet
+    python
+    steam
+    thunderbird
+    vim
+    virtmanager
+  ];
+
+  nixpkgs.config = {
+
+    allowUnfree = true;
+
+  };
+
+  #services.logind.extraConfig = "HandleLidSwitch=ignore";
+
+  services.xserver.synaptics = {
+    enable = true;
+  };
+
+
+  services.xserver.desktopManager.xfce = let
+    xbindConfig = pkgs.writeText "xbindkeysrc" ''
+      "${pkgs.pass}/bin/passmenu --type"
+        Control + p
+  '';
+  in {
+    enable = true;
+      extraSessionCommands = ''
+      ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
+    '';
+  };
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+  system.stateVersion = "17.03";
+
+}
diff --git a/nin/1systems/axon/source.nix b/nin/1systems/axon/source.nix
new file mode 100644
index 0000000..6a40296
--- /dev/null
+++ b/nin/1systems/axon/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/nin/source.nix> {
+  name = "axon";
+  secure = true;
+}
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix
index d7b89c8..62f499a 100644
--- a/nin/2configs/default.nix
+++ b/nin/2configs/default.nix
@@ -16,6 +16,7 @@ with import <stockholm/lib>;
         root = {
           openssh.authorizedKeys.keys = [
             config.krebs.users.nin.pubkey
+            config.krebs.users.nin_h.pubkey
           ];
         };
         nin = {
@@ -31,6 +32,7 @@ with import <stockholm/lib>;
           ];
           openssh.authorizedKeys.keys = [
             config.krebs.users.nin.pubkey
+            config.krebs.users.nin_h.pubkey
           ];
         };
       };
diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix
index 2a86046..9ebbaab 100644
--- a/nin/2configs/git.nix
+++ b/nin/2configs/git.nix
@@ -53,7 +53,7 @@ let
     with git // config.krebs.users;
     repo:
       singleton {
-        user = [ nin ];
+        user = [ nin nin_h ];
         repo = [ repo ];
         perm = push "refs/*" [ non-fast-forward create delete merge ];
       } ++
diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix
index 05b4d91..07ec8e4 100644
--- a/tv/1systems/querel/config.nix
+++ b/tv/1systems/querel/config.nix
@@ -29,6 +29,7 @@ with import <stockholm/lib>;
   };
 
   environment.systemPackages = with pkgs; [
+    chromium
     firefoxWrapper
     gimp
     kate
@@ -65,6 +66,8 @@ with import <stockholm/lib>;
 
   networking.networkmanager.enable = true;
 
+  nixpkgs.config.chromium.enablePepperFlash = true;
+
   programs.ssh.startAgent = false;
 
   services.printing = {
diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix
index 5c59389..b3e084f 100644
--- a/tv/1systems/wu/config.nix
+++ b/tv/1systems/wu/config.nix
@@ -44,12 +44,6 @@ with import <stockholm/lib>;
     };
   };
 
-  krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name;
-  hardware.bumblebee.enable = true;
-  hardware.bumblebee.group = "video";
-  hardware.enableRedistributableFirmware= true;
-  hardware.opengl.driSupport32Bit = true;
-
   services.printing.enable = true;
 
   services.udev.extraRules = ''
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 280552f..2ccab3d 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -1,6 +1,8 @@
 with import <stockholm/lib>;
 { config, pkgs, ... }: {
 
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
   boot.tmpOnTmpfs = true;
 
   krebs.enable = true;
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index bf13a38..8b34b16 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@@ -3,6 +3,9 @@
 with import <stockholm/lib>;
 
 {
+  environment.systemPackages = [
+    pkgs.eximlog
+  ];
   krebs.exim-retiolum.enable = true;
   tv.iptables.input-retiolum-accept-tcp = singleton "smtp";
 }
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index 079013c..68fbcd1 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -3,6 +3,9 @@
 with import <stockholm/lib>;
 
 {
+  environment.systemPackages = [
+    pkgs.eximlog
+  ];
   krebs.exim-smarthost = {
     enable = true;
     dkim = [
diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix
index 787bfc6..55e9482 100644
--- a/tv/2configs/hw/w110er.nix
+++ b/tv/2configs/hw/w110er.nix
@@ -1,8 +1,20 @@
+with import <stockholm/lib>;
 { pkgs, ... }:
 
 {
   imports = [
     ../smartd.nix
+    {
+      # nvidia doesn't build despite
+      #  https://github.com/NixOS/nixpkgs/issues/33284
+      #hardware.bumblebee.enable = true;
+      #hardware.bumblebee.group = "video";
+      #hardware.enableRedistributableFirmware= true;
+      #krebs.nixpkgs.allowUnfreePredicate = pkg:
+      #  hasPrefix "nvidia-x11-" pkg.name ||
+      #  hasPrefix "nvidia-persistenced-" pkg.name ||
+      #  hasPrefix "nvidia-settings-" pkg.name;
+    }
   ];
 
   boot.extraModprobeConfig = ''
@@ -15,6 +27,7 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  hardware.opengl.driSupport32Bit = true;
   hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
 
   networking.wireless.enable = true;
@@ -41,4 +54,8 @@
         echo auto > $i/power/control # defaults to 'on'
       done)
   '';
+
+  services.xserver = {
+    videoDriver = "intel";
+  };
 }
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 8a27b60..59619f9 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -233,7 +233,7 @@ let {
           lua = {};
           sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
           sh.extraStart = concatStringsSep ''\|'' [
-            ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
+            ''write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
             ''[a-z]*Phase[ \t\r\n]*=''
           ];
           yaml = {};
diff --git a/tv/source.nix b/tv/source.nix
index f3bda27..b5e3f7c 100644
--- a/tv/source.nix
+++ b/tv/source.nix
@@ -1,8 +1,10 @@
 with import <stockholm/lib>;
-host@{ name, secure ? false, override ? {} }: let
-  builder = if getEnv "dummy_secrets" == "true"
-              then "buildbot"
-              else "tv";
+{ name
+, dummy_secrets ? getEnv "dummy_secrets" == "true"
+, override ? {}
+, secure ? false
+}@host: let
+  builder = if dummy_secrets then "buildbot" else "tv";
   _file = <stockholm> + "/tv/1systems/${name}/source.nix";
 in
   evalSource (toString _file) [
@@ -10,7 +12,7 @@ in
       nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix";
       nixpkgs.git = {
         # nixos-17.09
-        ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887";
+        ref = mkDefault "53e6d671a9662922080635482b7e1c418d2cdc72";
         url = https://github.com/NixOS/nixpkgs;
       };
       secrets.file = getAttr builder {
author	jeschli <jeschli@gmail.com>	2018-01-05 21:14:15 +0100
committer	jeschli <jeschli@gmail.com>	2018-01-05 21:14:15 +0100
commit	aef0ce1766723a593c3788ce060853bfb86a1e9d (patch)
tree	07e60d15fb55b774046a8d1e17ac0ad4f8cccc9f
parent	82e93163b744b05d948b532bc371c566148251ee (diff)
parent	c1566e3964a499d7df03e27bc7354ecb59d7e3a8 (diff)