diff options
Diffstat (limited to 'jeschli')
-rw-r--r-- | jeschli/1systems/bln/config.nix | 189 | ||||
-rw-r--r-- | jeschli/1systems/bln/hardware-configuration.nix | 34 | ||||
-rw-r--r-- | jeschli/1systems/bln/source.nix | 4 | ||||
-rw-r--r-- | jeschli/1systems/brauerei/config.nix | 132 | ||||
-rw-r--r-- | jeschli/1systems/brauerei/hardware-configuration.nix | 33 | ||||
-rw-r--r-- | jeschli/1systems/brauerei/source.nix | 4 | ||||
-rw-r--r-- | jeschli/1systems/reagenzglas/.source.nix.swp | bin | 0 -> 12288 bytes | |||
-rw-r--r-- | jeschli/1systems/reagenzglas/config.nix | 146 | ||||
-rw-r--r-- | jeschli/1systems/reagenzglas/hardware-configuration.nix | 33 | ||||
-rw-r--r-- | jeschli/1systems/reagenzglas/source.nix | 4 | ||||
-rw-r--r-- | jeschli/2configs/default.nix | 66 | ||||
-rw-r--r-- | jeschli/2configs/retiolum.nix | 22 | ||||
-rw-r--r-- | jeschli/2configs/tests/dummy-secrets/empty | 0 | ||||
-rw-r--r-- | jeschli/2configs/urxvt.nix | 34 | ||||
-rw-r--r-- | jeschli/2configs/vim.nix | 92 | ||||
-rw-r--r-- | jeschli/default.nix | 9 | ||||
-rw-r--r-- | jeschli/source.nix | 22 |
17 files changed, 824 insertions, 0 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix new file mode 100644 index 000000000..901970e81 --- /dev/null +++ b/jeschli/1systems/bln/config.nix @@ -0,0 +1,189 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + <stockholm/jeschli> + ./hardware-configuration.nix + # ./dcso-vpn.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + boot.loader.grub.extraEntries = '' + menuentry "Debian GNU/Linux, kernel 4.9.0-4-amd64" { + search --set=drive1 --fs-uuid f169fd32-bf96-4da0-bc34-294249ffa606 + linux ($drive1)/vmlinuz-4.9.0-4-amd64 root=/dev/mapper/pool-debian ro + initrd ($drive1)/initrd.img-4.9.0-4-amd64 + } + ''; + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-uuid/cba5d550-c3c8-423e-a913-14b5210bdd32"; + preLVM = true; + allowDiscards = true; + } + ]; + + networking.hostName = "BLN02NB0154"; # Define your hostname. + networking.networkmanager.enable = true; + #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + nixpkgs.config.allowUnfree = true; + environment.shellAliases = { n = "nix-shell"; }; + environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; + environment.systemPackages = with pkgs; [ + # system helper + ag + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + rxvt_unicode + # editors + emacs + # internet + thunderbird + hipchat + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + gnumake + jetbrains.pycharm-professional + jetbrains.webstorm + jetbrains.goland + texlive.combined.scheme-full + pandoc + redis + # document viewer + zathura + ]; + + + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + programs.bash.enableCompletion = true; + programs.vim.defaultEditor = true; + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + services.printing.enable = true; + services.printing.drivers = [ pkgs.postscript-lexmark ]; + # Enable the X11 windowing system. + services.xserver.enable = true; + # services.xserver.xrandrHeads = [ + # { output = "eDP1"; } + # { output = "DP-2-2-8"; primary = true; } + # { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; } + # ]; + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + # services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. +# services.xserver.displayManager.lightdm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; +# services.xserver.desktopManager.gnome3.enable = true; + # services.xserver.displayManager.gdm.enable = true; + services.xserver.displayManager.sddm.enable = true; + #services.xserver.desktopManager.plasma5.enable = true; +# services.xserver.displayManager.sessionCommands = '' +# (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off +#''; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.markus = { + isNormalUser = true; + extraGroups = ["docker"]; + uid = 1000; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "17.09"; # Did you read the comment? + + # Gogland Debugger workaround +# nixpkgs.config.packageOverrides = super: { +# idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { +# postFixup = '' +# interp="$(cat $NIX_CC/nix-support/dynamic-linker)" +# patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv +# chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv +# ''; +# }); +# }; + +# virtualisation.docker.enable = true; + + + # DCSO Certificates + security.pki.certificateFiles = [ + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + ]; + + hardware.bluetooth.enable = true; + krebs.build.host = config.krebs.hosts.bln; +} diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix new file mode 100644 index 000000000..714162271 --- /dev/null +++ b/jeschli/1systems/bln/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/02144ea4-947d-440e-bbf9-99cab0dccf05"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/f169fd32-bf96-4da0-bc34-294249ffa606"; + fsType = "ext2"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/68ef2163-7b3d-4dbb-add9-d3543ad7c738"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = "powersave"; +} diff --git a/jeschli/1systems/bln/source.nix b/jeschli/1systems/bln/source.nix new file mode 100644 index 000000000..0864fd90c --- /dev/null +++ b/jeschli/1systems/bln/source.nix @@ -0,0 +1,4 @@ +import <stockholm/jeschli/source.nix> { + name = "bln"; + secure = true; +} diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix new file mode 100644 index 000000000..171a002da --- /dev/null +++ b/jeschli/1systems/brauerei/config.nix @@ -0,0 +1,132 @@ +# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). +{ config, pkgs, ... }: +{ + imports = [ + <stockholm/jeschli> + ./hardware-configuration.nix + <stockholm/jeschli/2configs/urxvt.nix> + ]; + + krebs.build.host = config.krebs.hosts.brauerei; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + # or "nodev" for efi only + boot.initrd.luks.devices = [ { + name = "root"; + device = "/dev/sda2"; + preLVM = true; + allowDiscards = true; + } ]; + # networking.hostName = "nixos"; + # Define your hostname. + networking.wireless.enable = true; + # Enables wireless support via wpa_supplicant. + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + # Set your time zone. # + time.timeZone = "Europe/Amsterdam"; + nixpkgs.config.allowUnfree = true; + # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget + environment.systemPackages = with pkgs; [ + # system helper + ag + curl + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + # rxvt_unicode + # editors + emacs + # internet + thunderbird + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + gnumake + jetbrains.pycharm-professional + jetbrains.webstorm + jetbrains.goland + # document viewer + zathura + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.bash.enableCompletion = true; + # programs.mtr.enable = true; + programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + # services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + # services.xserver.displayManager.sddm.enable = true; + # services.xserver.desktopManager.plasma5.enable = true; + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; +# + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.jeschli = { + isNormalUser = true; + uid = 1000; + }; + users.extraUsers.jamie = { + isNormalUser = true; + uid = 1001; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" + ]; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "17.09"; # Did you read the comment? + +} diff --git a/jeschli/1systems/brauerei/hardware-configuration.nix b/jeschli/1systems/brauerei/hardware-configuration.nix new file mode 100644 index 000000000..75fdb89fd --- /dev/null +++ b/jeschli/1systems/brauerei/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sdhci_pci" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/e264fc21-45bb-4224-93fc-b0e19c2c3478"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/bd0846ce-7d39-4329-bcb4-7c76becd6ab1"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/42BF-0795"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; +} diff --git a/jeschli/1systems/brauerei/source.nix b/jeschli/1systems/brauerei/source.nix new file mode 100644 index 000000000..61978768e --- /dev/null +++ b/jeschli/1systems/brauerei/source.nix @@ -0,0 +1,4 @@ +import <stockholm/jeschli/source.nix> { + name = "brauerei"; + secure = true; +} diff --git a/jeschli/1systems/reagenzglas/.source.nix.swp b/jeschli/1systems/reagenzglas/.source.nix.swp Binary files differnew file mode 100644 index 000000000..8c1a75f39 --- /dev/null +++ b/jeschli/1systems/reagenzglas/.source.nix.swp diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix new file mode 100644 index 000000000..d65e897ae --- /dev/null +++ b/jeschli/1systems/reagenzglas/config.nix @@ -0,0 +1,146 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + <stockholm/jeschli> + ./hardware-configuration.nix + ]; + + # Use the GRUB 2 boot loader. + # boot.loader.grub.enable = true; + # boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + # Define on which hard drive you want to install Grub. +# boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-id/wwn-0x5002538844584d30-part2"; + preLVM = true; + allowDiscards = true; + } + ]; + networking.hostName = "reaganzglas"; # Define your hostname. +# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + nixpkgs.config.allowUnfree = true; + environment.shellAliases = { n = "nix-shell"; }; + environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; + environment.systemPackages = with pkgs; [ + # system helper + ag + curl + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + rxvt_unicode + # editors + emacs + # internet + thunderbird + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + gnumake + # document viewer + zathura + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas" + ]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + services.xserver.layout = "us"; + services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; + + # services.xserver.desktopManager.plasma5.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.jeschli = { + isNormalUser = true; + uid = 1000; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "18.03"; # Did you read the comment? + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + export GOPATH=$HOME/go + export PATH=$PATH:$GOPATH/bin + ''; + }; + + krebs.build.host = config.krebs.hosts.reagenzglas; + + hardware.bluetooth.enable = true; +} diff --git a/jeschli/1systems/reagenzglas/hardware-configuration.nix b/jeschli/1systems/reagenzglas/hardware-configuration.nix new file mode 100644 index 000000000..a6ab3f16e --- /dev/null +++ b/jeschli/1systems/reagenzglas/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/09130cf7-b71b-42ab-9fa3-cb3c745f1fc9"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/8bee50b3-5733-4373-a966-388def141774"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/DA40-AC19"; + fsType = "vfat"; + }; + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 8; +# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/jeschli/1systems/reagenzglas/source.nix b/jeschli/1systems/reagenzglas/source.nix new file mode 100644 index 000000000..7543de6b9 --- /dev/null +++ b/jeschli/1systems/reagenzglas/source.nix @@ -0,0 +1,4 @@ +import <stockholm/jeschli/source.nix> { + name = "reagenzglas"; + secure = true; +} diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix new file mode 100644 index 000000000..7fb240951 --- /dev/null +++ b/jeschli/2configs/default.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + imports = [ + ./vim.nix + ./retiolum.nix + { + environment.variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + } + ]; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + parallel + proot + populate + + #style + most + rxvt_unicode.terminfo + + #monitoring tools + htop + iotop + + #network + iptables + iftop + + #stuff for dl + aria2 + + #neat utils + file + kpaste + krebspaste + mosh + pciutils + psmisc + # q + # rs + tmux + untilport + usbutils + # logify + goify + + #unpack stuff + p7zip + unzip + unrar + + (pkgs.writeDashBin "sshn" '' + ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" + '') + ]; + + krebs.enable = true; +} diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix new file mode 100644 index 000000000..403300b30 --- /dev/null +++ b/jeschli/2configs/retiolum.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + + krebs.tinc.retiolum = { + enable = true; + connectTo = [ + "prism" + "gum" + "ni" + "dishfire" + ]; + }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; + + environment.systemPackages = [ + pkgs.tinc + ]; +} diff --git a/jeschli/2configs/tests/dummy-secrets/empty b/jeschli/2configs/tests/dummy-secrets/empty new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/jeschli/2configs/tests/dummy-secrets/empty diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix new file mode 100644 index 000000000..a2e02de35 --- /dev/null +++ b/jeschli/2configs/urxvt.nix @@ -0,0 +1,34 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; + +{ + services.urxvtd.enable = true; + krebs.xresources.enable = true; + krebs.xresources.resources.urxvt = '' + *foreground: rgb:a8/a8/a8 + *background: rgb:00/00/00 + *faceName: DejaVu Sans Mono + *faceSize: 12 + *color0: rgb:00/00/00 + *color1: rgb:a8/00/00 + *color2: rgb:00/a8/00 + *color3: rgb:a8/54/00 + *color4: rgb:00/00/a8 + *color5: rgb:a8/00/a8 + *color6: rgb:00/a8/a8 + *color7: rgb:a8/a8/a8 + *color8: rgb:54/54/54 + *color9: rgb:fc/54/54 + *color10: rgb:54/fc/54 + *color11: rgb:fc/fc/54 + *color12: rgb:54/54/fc + *color13: rgb:fc/54/fc + *color14: rgb:54/fc/fc + *color15: rgb:fc/fc/fc + + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*font: xft:DejaVu Sans Mono:pixelsize=20 + URXvt*faceSize: 12 + ''; +} diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix new file mode 100644 index 000000000..1a2231a86 --- /dev/null +++ b/jeschli/2configs/vim.nix @@ -0,0 +1,92 @@ +{ config, pkgs, ... }: + +let + customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { + name = "vim-javascript"; + src = pkgs.fetchFromGitHub { + owner = "pangloss"; + repo = "vim-javascript"; + rev = "1.2.5.1"; + sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; + }; + }; + customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { + name = "vim-jsx"; + src = pkgs.fetchFromGitHub { + owner = "mxw"; + repo = "vim-jsx"; + rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + }; + }; +in { +# { + environment.systemPackages = [ + (pkgs.vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = '' + set nocompatible + + :imap jk <Esc> + :vmap v v + :map gr :GoRun<Enter> + :nnoremap <S-TAB> :bnext<CR> + :nnoremap <C-TAB> <c-w><c-w> + :map nf :NERDTreeToggle<CR> + set autowrite + set number + set ruler + set path+=** + set wildmenu + + noremap x "_x + set clipboard=unnamedplus + + let g:jsx_ext_required = 0 + + let g:go_list_type = "quickfix" + let g:go_test_timeout = '10s' + let g:go_fmt_command = "goimports" + let g:go_snippet_case_type = "camelcase" + let g:go_highlight_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_extra_types = 1 + autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 + let g:rehash256 = 1 + let g:molokai_original = 1 + colorscheme molokai + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:go_metalinter_autosave = 1 + " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] + " let g:go_def_mode = 'godef' + " let g:go_decls_includes = "func,type" + + + " Trigger configuration. Do not use <tab> if you use https://github.com/Valloric/YouCompleteMe. + let g:UltiSnipsExpandTrigger="<c-e>" + let g:UltiSnipsJumpForwardTrigger="<c-t>" + let g:UltiSnipsJumpBackwardTrigger="<c-q>" + + " If you want :UltiSnipsEdit to split your window. + let g:UltiSnipsEditSplit="vertical" + + if has('persistent_undo') "check if your vim version supports it + set undofile "turn on the feature + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + endif + ''; + + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" "molokai" "Syntastic" "ctrlp" "surround" "snipmate" "nerdtree" "easymotion"]; } + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode + { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } + { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } + ]; + }) + ]; +} diff --git a/jeschli/default.nix b/jeschli/default.nix new file mode 100644 index 000000000..7886fef49 --- /dev/null +++ b/jeschli/default.nix @@ -0,0 +1,9 @@ +_: +{ + imports = [ + ../krebs + ./2configs +# ./3modules +# ./5pkgs + ]; +} diff --git a/jeschli/source.nix b/jeschli/source.nix new file mode 100644 index 000000000..d1b64b0ed --- /dev/null +++ b/jeschli/source.nix @@ -0,0 +1,22 @@ +with import <stockholm/lib>; +host@{ name, secure ? false, override ? {} }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "jeschli"; + _file = <stockholm> + "/jeschli/1systems/${name}/source.nix"; +in + evalSource (toString _file) [ + { + |