aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2024-01-10 11:17:22 +0100
committerKarel Kočí <cynerd@email.cz>2024-01-10 11:17:22 +0100
commit55296b643fe2934b875561dd58861b69d4951e9c (patch)
tree26e673315c12c099b681ce813a0d6299e72bf957
parent78201a313a24376b1e54f8d6d977191a4d5735fd (diff)
downloadnixos-personal-55296b643fe2934b875561dd58861b69d4951e9c.tar.gz
nixos-personal-55296b643fe2934b875561dd58861b69d4951e9c.tar.bz2
nixos-personal-55296b643fe2934b875561dd58861b69d4951e9c.zip
nixos: multiple tweaks
-rw-r--r--flake.lock151
-rw-r--r--flake.nix2
-rwxr-xr-xhosts.sh6
-rw-r--r--nixos/machine/errol.nix1
-rw-r--r--nixos/modules/generic.nix88
5 files changed, 146 insertions, 102 deletions
diff --git a/flake.lock b/flake.lock
index 7a10550..3c73760 100644
--- a/flake.lock
+++ b/flake.lock
@@ -4,14 +4,15 @@
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
- "nixpkgs": "nixpkgs"
+ "nixpkgs": "nixpkgs",
+ "systems": "systems"
},
"locked": {
- "lastModified": 1701216516,
- "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=",
+ "lastModified": 1703433843,
+ "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247",
+ "rev": "417caa847f9383e111d1397039c9d4337d024bf0",
"type": "github"
},
"original": {
@@ -28,11 +29,11 @@
]
},
"locked": {
- "lastModified": 1673295039,
- "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+ "lastModified": 1700795494,
+ "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
- "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+ "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
@@ -44,7 +45,7 @@
},
"flake-utils": {
"inputs": {
- "systems": "systems"
+ "systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
@@ -61,7 +62,7 @@
},
"flake-utils_10": {
"inputs": {
- "systems": "systems_7"
+ "systems": "systems_9"
},
"locked": {
"lastModified": 1694529238,
@@ -78,7 +79,7 @@
},
"flake-utils_2": {
"inputs": {
- "systems": "systems_2"
+ "systems": "systems_3"
},
"locked": {
"lastModified": 1692799911,
@@ -108,12 +109,15 @@
}
},
"flake-utils_4": {
+ "inputs": {
+ "systems": "systems_4"
+ },
"locked": {
- "lastModified": 1678901627,
- "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+ "lastModified": 1701680307,
+ "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+ "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@@ -137,7 +141,7 @@
},
"flake-utils_6": {
"inputs": {
- "systems": "systems_3"
+ "systems": "systems_5"
},
"locked": {
"lastModified": 1694529238,
@@ -154,7 +158,7 @@
},
"flake-utils_7": {
"inputs": {
- "systems": "systems_4"
+ "systems": "systems_6"
},
"locked": {
"lastModified": 1694529238,
@@ -171,7 +175,7 @@
},
"flake-utils_8": {
"inputs": {
- "systems": "systems_5"
+ "systems": "systems_7"
},
"locked": {
"lastModified": 1694529238,
@@ -188,7 +192,7 @@
},
"flake-utils_9": {
"inputs": {
- "systems": "systems_6"
+ "systems": "systems_8"
},
"locked": {
"lastModified": 1681202837,
@@ -209,11 +213,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
- "lastModified": 1701857213,
- "narHash": "sha256-W4hjAi1nn7gzxro63gi2t2PK2B42mAnj6WZ572Q+4n0=",
+ "lastModified": 1704734040,
+ "narHash": "sha256-A8ZPW28fLUh0lEhLLMyjUYSa9JZzLi9MNAnkynuVDs4=",
"ref": "refs/heads/master",
- "rev": "d41a0609e62debf109dcd0811620f0db3ce0d0fb",
- "revCount": 3379,
+ "rev": "7279a1c6a10cfaf0b21a15b3a7fdb7ad1f6cc067",
+ "revCount": 3441,
"submodules": true,
"type": "git",
"url": "https://gitlab.elektroline.cz/elektroline/flatlineng.git"
@@ -232,11 +236,11 @@
]
},
"locked": {
- "lastModified": 1682203081,
- "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
+ "lastModified": 1703113217,
+ "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
+ "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
@@ -287,11 +291,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1701656485,
- "narHash": "sha256-xDFormrGCKKGqngHa2Bz1GTeKlFMMjLnHhTDRdMJ1hs=",
+ "lastModified": 1704786394,
+ "narHash": "sha256-aJM0ln9fMGWw1+tjyl5JZWZ3ahxAA2gw2ZpZY/hkEMs=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "fa194fc484fd7270ab324bb985593f71102e84d1",
+ "rev": "b34a6075e9e298c4124e35c3ccaf2210c1f3a43b",
"type": "github"
},
"original": {
@@ -301,11 +305,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1677676435,
- "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
+ "lastModified": 1703013332,
+ "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
+ "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
@@ -373,11 +377,11 @@
},
"nixpkgs_4": {
"locked": {
- "lastModified": 1701893209,
- "narHash": "sha256-050hRfYUCfS1Kh72RpuG9fgEtwu6cuHHF3P8iC0BKgY=",
+ "lastModified": 1704835834,
+ "narHash": "sha256-2XSWpm+0GBPHnCZmm/ell+yuPx3aP7zbitFFkFq7zlg=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "e4e2af6d113155799eb9be93e3d8dd32d7300e06",
+ "rev": "7bb62b90ef7f7e76603bcd52d7e10ddb6d589f15",
"type": "github"
},
"original": {
@@ -388,11 +392,11 @@
},
"nixpkgs_5": {
"locked": {
- "lastModified": 1679734080,
- "narHash": "sha256-z846xfGLlon6t9lqUzlNtBOmsgQLQIZvR6Lt2dImk1M=",
+ "lastModified": 1704811223,
+ "narHash": "sha256-rcXk+mdSHG/Hp5bzTOCPyNXkcwjsxlhfmWg3Qw3gSuE=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "dbf5322e93bcc6cfc52268367a8ad21c09d76fea",
+ "rev": "4b0751bbc680ed971f80be370a2874a72f3d42fc",
"type": "github"
},
"original": {
@@ -416,11 +420,11 @@
},
"nixpkgs_7": {
"locked": {
- "lastModified": 1699343069,
- "narHash": "sha256-s7BBhyLA6MI6FuJgs4F/SgpntHBzz40/qV0xLPW6A1Q=",
+ "lastModified": 1700538105,
+ "narHash": "sha256-uZhOCmwv8VupEmPZm3erbr9XXmyg7K67Ul3+Rx2XMe0=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "ec750fd01963ab6b20ee1f0cb488754e8036d89d",
+ "rev": "51a01a7e5515b469886c120e38db325c96694c2f",
"type": "github"
},
"original": {
@@ -462,15 +466,16 @@
"nixpkgs": "nixpkgs_5"
},
"locked": {
- "lastModified": 1680711275,
- "narHash": "sha256-WSKHOP65VEp9hyB0h4kcNbJT02zaJHc40hIq9l+uG4U=",
+ "lastModified": 1704876311,
+ "narHash": "sha256-NnCcbyosqTy/U3X17pUscKmjT3O+8LQyuXimHhQOX8M=",
"owner": "cynerd",
"repo": "nixturris",
- "rev": "45e61620f26b4d8f293b4e8ec6a29f1bdded2657",
+ "rev": "b6867c82270a45afd4fb71275410532e0b7234d5",
"type": "gitlab"
},
"original": {
"owner": "cynerd",
+ "ref": "new-ci",
"repo": "nixturris",
"type": "gitlab"
}
@@ -499,15 +504,15 @@
"locked": {
"lastModified": 1699625542,
"narHash": "sha256-jNTFdR1zFSWBbPljAjv5E05u1ZLVKXo9lyK6lmMLdOc=",
- "ref": "refs/heads/master",
+ "owner": "silicon-heaven",
+ "repo": "pyshv",
"rev": "55379a94ae4c6bd911bb15293181486bf3c1ebed",
- "revCount": 159,
- "type": "git",
- "url": "https://gitlab.com/elektroline-predator/pyshv.git"
+ "type": "github"
},
"original": {
- "type": "git",
- "url": "https://gitlab.com/elektroline-predator/pyshv.git"
+ "owner": "silicon-heaven",
+ "repo": "pyshv",
+ "type": "github"
}
},
"root": {
@@ -553,11 +558,11 @@
"pyshv": "pyshv"
},
"locked": {
- "lastModified": 1700733387,
- "narHash": "sha256-k/1OzuO7sw90nH1JzuqQ3GzbV+r1dSFqtvFMOR33HPg=",
+ "lastModified": 1702330302,
+ "narHash": "sha256-mbPZ1ogTiLnMu6OVUXc8SIaNgZ2YgPNAp3MruG+CRgg=",
"owner": "silicon-heaven",
"repo": "shvcli",
- "rev": "86131cb5cf8b42f885a0539db3ac670dead94705",
+ "rev": "3a41dbe21787b7fe81dfbe4c1124e940e9b74fb1",
"type": "github"
},
"original": {
@@ -572,11 +577,11 @@
"nixpkgs": "nixpkgs_10"
},
"locked": {
- "lastModified": 1701080464,
- "narHash": "sha256-YKo35TarvYKVHGk3ffN+qQ/5nVzZAdDd9Fsqira0zOU=",
+ "lastModified": 1704363088,
+ "narHash": "sha256-PhBgqjNDI9lYNhVu1BsTe691F4NsBuTFH8bjFr6ZYu4=",
"ref": "refs/heads/master",
- "rev": "334da50ac8308588492cc73018763bcbe1eadc39",
- "revCount": 417,
+ "rev": "d9b1dd4695ccb739dcc95953b82f8c09ea2f74bb",
+ "revCount": 423,
"submodules": true,
"type": "git",
"url": "https://github.com/silicon-heaven/shvspy.git"
@@ -692,6 +697,36 @@
"type": "github"
}
},
+ "systems_8": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "systems_9": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
"usbkey": {
"inputs": {
"flake-utils": "flake-utils_10",
@@ -713,11 +748,11 @@
},
"vpsadminos": {
"locked": {
- "lastModified": 1701770553,
- "narHash": "sha256-fcfueTRG8osOH7I6RtR+PJ3TN/c5IkVUqo8fUwtGFrw=",
+ "lastModified": 1704805549,
+ "narHash": "sha256-qsTfv50DiW6ii4zDmxvg67eBzGNanBqz//z8K2+kiGQ=",
"owner": "vpsfreecz",
"repo": "vpsadminos",
- "rev": "47df7ebe2c313d8e6421936976f8459fefb4d6e9",
+ "rev": "4e77ea7ff7da2f294b56914b0ad0c14f0a51794c",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 5e1f1fa..72d8924 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,7 +11,7 @@
flatline.url = "git+https://gitlab.elektroline.cz/elektroline/flatlineng.git?submodules=1";
shvcli.url = "github:silicon-heaven/shvcli";
- nixturris.url = "gitlab:cynerd/nixturris";
+ nixturris.url = "gitlab:cynerd/nixturris/new-ci";
nixbigclown.url = "github:cynerd/nixbigclown";
vpsadminos.url = "github:vpsfreecz/vpsadminos";
diff --git a/hosts.sh b/hosts.sh
index ae108e9..a133f7b 100755
--- a/hosts.sh
+++ b/hosts.sh
@@ -3,8 +3,10 @@ source "${0%/*}/tools/common.sh"
declare -a default_hosts
################################################################################
## x86_64
+# Desktops
+default_hosts+=( "errol" "ridcully" )
# VPSFree
-default_hosts+=( "lipwig" "mrpump" )
+default_hosts+=( "lipwig" )
## aarch64
# Mox
@@ -85,7 +87,7 @@ case "$operation" in
build-boot|bb)
for_hosts build copy boot
;;
- default)
+ *)
echo "Unknown operation: $operation" >&2
exit 2
;;
diff --git a/nixos/machine/errol.nix b/nixos/machine/errol.nix
index de23bc3..922ff57 100644
--- a/nixos/machine/errol.nix
+++ b/nixos/machine/errol.nix
@@ -62,6 +62,7 @@ with lib; {
configDir = "/home/cynerd/.config/syncthing";
};
+ nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO
services.home-assistant = {
enable = true;
openFirewall = true;
diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix
index 8688732..9b64aa8 100644
--- a/nixos/modules/generic.nix
+++ b/nixos/modules/generic.nix
@@ -32,10 +32,12 @@ in {
};
};
- boot.loader.systemd-boot.enable = mkOverride 1100 true;
- boot.loader.efi.canTouchEfiVariables = mkDefault true;
- boot.kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest;
- boot.kernelParams = ["boot.shell_on_fail"];
+ boot = {
+ loader.systemd-boot.enable = mkOverride 1100 true;
+ loader.efi.canTouchEfiVariables = mkDefault true;
+ kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest;
+ kernelParams = ["boot.shell_on_fail"];
+ };
hardware.enableAllFirmware = true;
services.fwupd.enable = mkIf (pkgs.system == "x86_64-linux") true;
@@ -107,46 +109,50 @@ in {
mlocate
];
- users.mutableUsers = false;
- users.groups.cynerd.gid = 1000;
- users.users = {
- root = {
- hashedPasswordFile = "/run/secrets/root.pass";
- };
- cynerd = {
- group = "cynerd";
- extraGroups = ["users" "wheel" "dialout" "kvm" "uucp"];
- uid = 1000;
- subUidRanges = [
- {
- count = 65534;
- startUid = 10000;
- }
- ];
- subGidRanges = [
- {
- count = 65534;
- startGid = 10000;
- }
- ];
- isNormalUser = true;
- createHome = true;
- shell =
- if isNative
- then pkgs.zsh.out
- else pkgs.bash.out;
- hashedPasswordFile = "/run/secrets/cynerd.pass";
- openssh.authorizedKeys.keyFiles = [
- (config.personal-secrets + "/unencrypted/git-private.pub")
- ];
+ users = {
+ mutableUsers = false;
+ groups.cynerd.gid = 1000;
+ users = {
+ root = {
+ hashedPasswordFile = "/run/secrets/root.pass";
+ };
+ cynerd = {
+ group = "cynerd";
+ extraGroups = ["users" "wheel" "dialout" "kvm" "uucp"];
+ uid = 1000;
+ subUidRanges = [
+ {
+ count = 65534;
+ startUid = 10000;
+ }
+ ];
+ subGidRanges = [
+ {
+ count = 65534;
+ startGid = 10000;
+ }
+ ];
+ isNormalUser = true;
+ createHome = true;
+ shell =
+ if isNative
+ then pkgs.zsh.out
+ else pkgs.bash.out;
+ hashedPasswordFile = "/run/secrets/cynerd.pass";
+ openssh.authorizedKeys.keyFiles = [
+ (config.personal-secrets + "/unencrypted/git-private.pub")
+ ];
+ };
};
};
- programs.zsh = {
- enable = isNative;
- syntaxHighlighting.enable = isNative;
+ programs = {
+ zsh = {
+ enable = isNative;
+ syntaxHighlighting.enable = isNative;
+ };
+ shellrc = true;
+ vim.defaultEditor = mkDefault true;
};
- programs.shellrc = true;
- programs.vim.defaultEditor = mkDefault true;
security.sudo.extraRules = [
{