diff options
| -rw-r--r-- | jeschli/1systems/brauerei/config.nix | 99 | ||||
| -rw-r--r-- | jeschli/1systems/brauerei/hardware-configuration.nix | 33 | ||||
| -rw-r--r-- | jeschli/1systems/brauerei/source.nix | 4 | ||||
| -rw-r--r-- | jeschli/2configs/tests/dummy-secrets/empty | 0 | ||||
| -rw-r--r-- | lib/types.nix | 22 | ||||
| -rw-r--r-- | nin/1systems/hiawatha/config.nix | 2 | ||||
| -rw-r--r-- | nin/2configs/default.nix | 1 | ||||
| -rw-r--r-- | nin/2configs/git.nix | 4 | ||||
| -rw-r--r-- | nin/source.nix | 2 | ||||
| -rw-r--r-- | tv/1systems/querel/config.nix | 3 | ||||
| -rw-r--r-- | tv/2configs/urlwatch.nix | 12 |
11 files changed, 175 insertions, 7 deletions
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix new file mode 100644 index 0000000..9988fc2 --- /dev/null +++ b/jeschli/1systems/brauerei/config.nix @@ -0,0 +1,99 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/sda2"; + preLVM = true; + allowDiscards = true; + } + ]; + + # networking.hostName = "nixos"; # Define your hostname. + networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + environment.systemPackages = with pkgs; [ + vim + git + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.bash.enableCompletion = true; + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + # services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + # services.xserver.displayManager.sddm.enable = true; + # services.xserver.desktopManager.plasma5.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.jeschli = { + isNormalUser = true; + uid = 1000; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" + ]; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "18.03"; # Did you read the comment? + +} diff --git a/jeschli/1systems/brauerei/hardware-configuration.nix b/jeschli/1systems/brauerei/hardware-configuration.nix new file mode 100644 index 0000000..75fdb89 --- /dev/null +++ b/jeschli/1systems/brauerei/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sdhci_pci" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/e264fc21-45bb-4224-93fc-b0e19c2c3478"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/bd0846ce-7d39-4329-bcb4-7c76becd6ab1"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/42BF-0795"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; +} diff --git a/jeschli/1systems/brauerei/source.nix b/jeschli/1systems/brauerei/source.nix new file mode 100644 index 0000000..6197876 --- /dev/null +++ b/jeschli/1systems/brauerei/source.nix @@ -0,0 +1,4 @@ +import <stockholm/jeschli/source.nix> { + name = "brauerei"; + secure = true; +} diff --git a/jeschli/2configs/tests/dummy-secrets/empty b/jeschli/2configs/tests/dummy-secrets/empty new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/jeschli/2configs/tests/dummy-secrets/empty diff --git a/lib/types.nix b/lib/types.nix index c3b14d8..b857949 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -231,7 +231,12 @@ rec { source = submodule ({ config, ... }: { options = { type = let - types = ["file" "git" "symlink"]; + types = [ + "file" + "git" + "pass" + "symlink" + ]; in mkOption { type = enum types; default = let @@ -255,6 +260,10 @@ rec { type = nullOr git-source; default = null; }; + pass = mkOption { + type = nullOr pass-source; + default = null; + }; symlink = let symlink-target = (symlink-source.getSubOptions "FIXME").target.type; in mkOption { @@ -287,6 +296,17 @@ rec { }; }; + pass-source = submodule { + options = { + dir = mkOption { + type = absolute-pathname; + }; + name = mkOption { + type = pathname; # TODO relative-pathname + }; + }; + }; + symlink-source = submodule { options = { target = mkOption { diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix index fdae354..a09eed9 100644 --- a/nin/1systems/hiawatha/config.nix +++ b/nin/1systems/hiawatha/config.nix @@ -15,7 +15,6 @@ with lib; <stockholm/nin/2configs/git.nix> <stockholm/nin/2configs/retiolum.nix> <stockholm/nin/2configs/termite.nix> - <stockholm/nin/2configs/skype.nix> ]; krebs.build.host = config.krebs.hosts.hiawatha; @@ -87,6 +86,7 @@ with lib; environment.systemPackages = with pkgs; [ firefox git + lmms networkmanagerapplet python steam diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 0d2253c..d7b89c8 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -4,6 +4,7 @@ with import <stockholm/lib>; { imports = [ ../2configs/vim.nix + <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> { users.extraUsers = diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix index 6bdc857..2a86046 100644 --- a/nin/2configs/git.nix +++ b/nin/2configs/git.nix @@ -40,8 +40,8 @@ let post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "ni.r"; + channel = "#xxx"; + server = "irc.r"; verbose = config.krebs.build.host.name == "onondaga"; # TODO define branches in some kind of option per repo branches = [ "master" ]; diff --git a/nin/source.nix b/nin/source.nix index 188ebaf..ccf5e6a 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString <stockholm>; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "c99239b"; + ref = "afe9649"; }; } diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix index b564383..05b4d91 100644 --- a/tv/1systems/querel/config.nix +++ b/tv/1systems/querel/config.nix @@ -11,6 +11,9 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.querel; krebs.build.user = mkForce config.krebs.users.itak; + boot.extraModulePackages = [ + config.boot.kernelPackages.exfat-nofuse + ]; boot.initrd.availableKernelModules = [ "ahci" ]; boot.initrd.luks = { cryptoModules = [ "aes" "sha512" "xts" ]; diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index a352543..509257c 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -13,8 +13,16 @@ with import <stockholm/lib>; http://www.exim.org/ + { + url = https://api.github.com/repos/Gabriel439/nix-diff/git/refs/heads/master; + filter = "system:${pkgs.jq}/bin/jq -r .object.sha"; + } + # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix - https://api.github.com/repos/simple-evcorr/sec/tags + { + url = https://api.github.com/repos/simple-evcorr/sec/tags; + filter = "system:${pkgs.jq}/bin/jq ."; + } # ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix https://thp.io/2008/urlwatch/ @@ -47,7 +55,7 @@ with import <stockholm/lib>; #http://hackage.haskell.org/package/web-page # ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github* - https://help.github.com/articles/github-s-ip-addresses/ + https://api.github.com/meta # <stockholm/tv/2configs/xserver/xserver.conf.nix> # is derived from `configFile` in: |