diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/compile.nix | 30 | ||||
-rw-r--r-- | nixos/modules/default.nix | 11 | ||||
-rw-r--r-- | nixos/modules/desktop.nix | 158 | ||||
-rw-r--r-- | nixos/modules/develop.nix | 105 | ||||
-rw-r--r-- | nixos/modules/generic.nix | 98 | ||||
-rw-r--r-- | nixos/modules/hardware.nix | 12 | ||||
-rw-r--r-- | nixos/modules/hosts.nix | 104 | ||||
-rw-r--r-- | nixos/modules/openvpn.nix | 26 | ||||
-rw-r--r-- | nixos/modules/syncthing.nix | 115 | ||||
-rw-r--r-- | nixos/modules/wifi-client.nix | 23 |
10 files changed, 682 insertions, 0 deletions
diff --git a/nixos/modules/compile.nix b/nixos/modules/compile.nix new file mode 100644 index 0000000..a1709e6 --- /dev/null +++ b/nixos/modules/compile.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + options = { + cynerd.compile = mkOption { + type = types.bool; + default = false; + description = "If machine is about to be used for compilation."; + }; + }; + + config = mkIf config.cynerd.compile { + + environment.systemPackages = with pkgs; [ + # Tools + git bash + #uroot + qemu + + # Python + python3Packages.pip + + ]; + + }; + +} diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix new file mode 100644 index 0000000..fe401df --- /dev/null +++ b/nixos/modules/default.nix @@ -0,0 +1,11 @@ +nixpkgs: { + cynerd-compile = import ./compile.nix; + cynerd-desktop = import ./desktop.nix; + cynerd-develop = import ./develop.nix nixpkgs; + cynerd-generic = import ./generic.nix; + cynerd-hardware = import ./hardware.nix; + cynerd-hosts = import ./hosts.nix; + cynerd-openvpn = import ./openvpn.nix; + cynerd-syncthing = import ./syncthing.nix; + cynerd-wifi-client = import ./wifi-client.nix; +} diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix new file mode 100644 index 0000000..41efa0b --- /dev/null +++ b/nixos/modules/desktop.nix @@ -0,0 +1,158 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + + cnf = config.cynerd.desktop; + +in { + + options = { + cynerd.desktop = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable my desktop"; + }; + laptop = mkOption { + type = types.bool; + default = false; + description = "The desktop requires Laptop extensions"; + }; + }; + }; + + config = mkIf cnf.enable { + cynerd.hosts.enable = true; + + # TODO autologin but only on tty1 + services.gpm.enable = true; + + programs.sway.enable = true; + programs.sway.extraPackages = with pkgs; [ + gnome.dconf-editor + glib gsettings-desktop-schemas + i3blocks sysstat + wofi rofimoji wev + swaybackground myswaylock + + alacritty + + kanshi wdisplays wayvnc wl-mirror + slurp grim + xdg-desktop-portal-wlr xdg-desktop-portal-gtk pipewire wf-recorder + wl-clipboard wl-color-picker + swayidle + dunst + + isync msmtp notmuch astroid + taskwarrior vdirsyncer khal khard + gnupg pass pinentry-gnome pinentry-curses + + firefox chromium + ferdi + libreoffice + mupdf pdfgrep + + xdg-utils xdg-launch + mesa-demos vulkan-tools + + pulsemixer + mpd mpc-cli ncmpcpp + feh shotwell id3lib + vlc mpv youtube-dl + + delft-icon-theme gnome3.adwaita-icon-theme + vanilla-dmz + sound-theme-freedesktop + gucharmap + + samba cifs-utils + + tigervnc freerdp + kdeconnect + + hdparm ethtool multipath-tools + usb-modeswitch + v4l-utils + + # Calculating + python3Packages.numpy python3Packages.sympy python3Packages.matplotlib + + # Creation + simple-scan + audacity + gimp inkscape + blender + kdenlive + + # GStreamer + gst_all_1.gst-libav + gst_all_1.gst-plugins-bad + gst_all_1.gst-plugins-base + gst_all_1.gst-plugins-good + gst_all_1.gst-plugins-ugly + gst_all_1.gst-plugins-viperfx + + ] ++ ( [ + # Power management + powertop + acpi + ]); + programs.vim.package = pkgs.vimHugeX; + programs.shellrc.desktop = true; + xdg.portal.enable = true; + xdg.portal.wlr.enable = true; + xdg.portal.gtkUsePortal = true; + xdg.mime.defaultApplications = { + "application/pdf" = [ "mupdf.desktop" ]; + }; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + enableBrowserSocket = true; + }; + services.dbus.packages = [ pkgs.gcr ]; + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + security.rtkit.enable = true; + + services.printing = { + enable = true; + drivers = with pkgs; [ + gutenprint gutenprintBin + cnijfilter2 + ]; + }; + + fonts.fonts = with pkgs; [ + arkpandora_ttf + corefonts + dejavu_fonts + font-awesome + freefont_ttf + hack-font + liberation_ttf + libertine + noto-fonts + noto-fonts-emoji + terminus_font_ttf + ubuntu_font_family + unifont + ]; + + services.udev.extraRules = '' + ACTION=="add|change", KERNEL=="sd*[!0-9]", ATTR{queue/scheduler}="bfq" + ''; + hardware.opengl.driSupport = true; + hardware.opengl.driSupport32Bit = true; + + + }; +} diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix new file mode 100644 index 0000000..bf5c2de --- /dev/null +++ b/nixos/modules/develop.nix @@ -0,0 +1,105 @@ +nixpkgs: { config, lib, pkgs, ... }: + +with lib; + +let + + armv6l = (import nixpkgs.outPath { + localSystem = config.system.build.toplevel.system; + crossSystem = { + config = "armv6l-none-eabi"; + libc = "newlib"; + }; + }); + armv7l = (import nixpkgs.outPath { + localSystem = config.system.build.toplevel.system; + crossSystem = { + config = "armv7l-none-eabi"; + libc = "newlib"; + }; + }); + +in { + + options = { + cynerd.develop = mkOption { + type = types.bool; + default = false; + description = "If machine is about to be used for development."; + }; + }; + + config = mkIf config.cynerd.develop { + cynerd.compile = true; + environment.systemPackages = with pkgs; [ + # Tools + tig gource hub github-cli # Git + wlc # Weblate + cloc + openssl + sterm + + # Nix + nix-prefetch-git nix-prefetch-github nix-prefetch-scripts + + # C + ccls bear + check + valgrind + cppcheck flawfinder + gdb + lcov massif-visualizer + + # Shell + dash # Posix shell + bats + shellcheck + + # Python + python3 python3Packages.ipython + twine + python3Packages.pytest python3Packages.pytest-html #python3Packages.pytest-tap + python3Packages.coverage + python3Packages.python-lsp-black + mypy + pylint python3Packages.pydocstyle + + # Lua + lua51Packages.luacheck + + # Ansible + ansible + + # U-Boot + ubootTools + tftp-hpa + + # Network + iperf2 iperf3 + wireshark + inetutils + + # Gtk + glade + + # Containers + lxc lxd + docker + + # Barcode generation + barcode + + # D-Bus + dfeet + + # Bare metal + openocd + #armv6l.buildPackages.gcc armv6l.buildPackages.gdb + #armv7l.buildPackages.gcc armv7l.buildPackages.gdb + pkgsCross.arm-embedded.buildPackages.gcc + + ]; + + }; + +} diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix new file mode 100644 index 0000000..31f0829 --- /dev/null +++ b/nixos/modules/generic.nix @@ -0,0 +1,98 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + system.stateVersion = "22.05"; + + nix = { + extraOptions = "experimental-features = nix-command flakes"; + autoOptimiseStore = true; + registry = { + personal.to = { + type = "git"; + url = "https://git.cynerd.cz/nixos-personal"; + }; + }; + }; + + boot.loader.systemd-boot.enable = mkDefault true; + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelParams = ["boot.shell_on_fail"]; + hardware.enableAllFirmware = true; + + + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + git # We need git for this repository to even work + # Administration tools + coreutils moreutils psmisc progress lshw + dig + + # NCurses tools + htop iotop glances + mc + screen tmux + ncdu + + # ls tools + tree + mlocate + lsof + strace + + sourceHighlight # Colors for less + unrar p7zip + + # Vim plugins (used for root account) + vimPlugins.vim-nix + vimPlugins.vim-nftables + + # Network + nmap netcat traceroute + iftop nethogs + # TODO add mdns + + lm_sensors + + ] ++ optional (system == "x86_64-linux") ltrace; + + users.mutableUsers = false; + users.groups.cynerd.gid = 1000; + users.users = { + root = { + passwordFile = "/run/secrets/root.pass"; + }; + cynerd = { + uid = 1000; + subUidRanges = [{ count = 65534; startUid = 10000; }]; + subGidRanges = [{ count = 65534; startGid = 10000; }]; + group = "cynerd"; + isNormalUser = true; + createHome = true; + shell = pkgs.zsh.out; + extraGroups = ["users" "wheel"]; + passwordFile = "/run/secrets/cynerd.pass"; + openssh.authorizedKeys.keyFiles = [ + (config.personal-secrets + "/unencrypted/git-private.pub") + ]; + }; + }; + programs.zsh.enable = true; + programs.shellrc.enable = true; + programs.vim.defaultEditor = mkDefault true; + + security.sudo.extraRules = [ + { groups = [ "wheel" ]; commands = [ "ALL" ]; } + ]; + + services.openssh.enable = true; + + time.timeZone = "Europe/Prague"; + i18n.defaultLocale = "en_US.UTF-8"; + }; + +} diff --git a/nixos/modules/hardware.nix b/nixos/modules/hardware.nix new file mode 100644 index 0000000..d6bbd94 --- /dev/null +++ b/nixos/modules/hardware.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + options = { }; + + config = { + }; + +} diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix new file mode 100644 index 0000000..19f877e --- /dev/null +++ b/nixos/modules/hosts.nix @@ -0,0 +1,104 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cnf = config.cynerd.hosts; + + staticZoneOption = mkOption { + type = types.attrsOf types.str; + readOnly = true; + }; + +in { + + options = { + cynerd.hosts = { + enable = mkOption { + type = types.bool; + default = false; + description = "Use my personal static hosts"; + }; + vpn = staticZoneOption; + spt = staticZoneOption; + adm = staticZoneOption; + }; + }; + + config = { + cynerd.hosts = { + vpn = { + "lipwig" = "10.8.0.1"; + # Portable + "android" = "10.8.0.2"; + "albert" = "10.8.0.3"; + "dean" = "10.8.0.4"; + "susan" = "10.8.0.5"; + "binky" = "10.8.0.6"; + # Endpoints + "spt-omnia" = "10.8.0.50"; + "adm-omnia" = "10.8.0.51"; + }; + spt = { + # Network + "omnia" = "10.8.2.1"; + "mox" = "10.8.2.2"; + "mox2" = "10.8.2.3"; + # Local + "mpd" = "10.8.2.51"; + "errol" = "10.8.2.60"; + # Portable + "albert" = "10.8.2.61"; + "susan" = "10.8.2.62"; + "binky" = "10.8.2.63"; + }; + adm = { + # Network + "omnia" = "10.8.3.1"; + "omnia2" = "10.8.3.3"; + # Local + "ridcully" = "10.8.3.60"; + "3dprint" = "10.8.3.80"; + "mpd" = "192.168.0.51"; + # Portable + "albert" ="10.8.3.61"; + "susan" = "10.8.3.62"; + "binky" = "10.8.3.63"; + }; + }; + + networking.hosts = mkIf cnf.enable { + # VPN + "${cnf.vpn.lipwig}" = ["lipwig.vpn"]; + "${cnf.vpn.android}" = ["android.vpn"]; + "${cnf.vpn.albert}" = ["albert.vpn"]; + "${cnf.vpn.dean}" = ["dean.vpn"]; + "${cnf.vpn.susan}" = ["susan.vpn"]; + "${cnf.vpn.binky}" = ["binky.vpn"]; + "${cnf.vpn.spt-omnia}" = ["spt.vpn"]; + "${cnf.vpn.adm-omnia}" = ["adm.vpn"]; + # Spt + "${cnf.spt.omnia}" = ["omnia.spt"]; + "${cnf.spt.mox}" = ["mox.spt"]; + "${cnf.spt.mox2}" = ["mox2.spt"]; + "10.8.2.4" = ["mi3g.spt"]; + "${cnf.spt.mpd}" = ["mpd.spt"]; + "${cnf.spt.errol}" = ["errol" "desktop.spt"]; + "${cnf.spt.albert}" = ["albert.spt"]; + "${cnf.spt.susan}" = ["susan.spt"]; + "${cnf.spt.binky}" = ["binky.spt"]; + # Adm + "${cnf.adm.omnia}" = ["omnia.adm"]; + "10.8.3.2" = ["redmi.adm"]; + "${cnf.adm.omnia2}" = ["omnia2.adm"]; + "${cnf.adm.ridcully}" = ["ridcully" "desktop.adm"]; + "${cnf.adm.albert}" = ["albert.adm"]; + "${cnf.adm.susan}" = ["susan.adm"]; + "${cnf.adm.binky}" = ["binky.adm"]; + "${cnf.adm."3dprint"}" = ["3dprint"]; + "${cnf.adm.mpd}" = ["mpd.adm"]; + }; + }; + +} diff --git a/nixos/modules/openvpn.nix b/nixos/modules/openvpn.nix new file mode 100644 index 0000000..abcd1f0 --- /dev/null +++ b/nixos/modules/openvpn.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cnf = config.cynerd.openvpn; + +in { + + options = { + cynerd.openvpn.enable = mkOption { + type = types.bool; + default = false; + description = "My personal OpenVPN"; + }; + }; + + config = mkIf cnf.enable { + services.openvpn.servers.personal = { + config = "config /run/secrets/personal.ovpn"; + }; + }; + +} + diff --git a/nixos/modules/syncthing.nix b/nixos/modules/syncthing.nix new file mode 100644 index 0000000..44c1ac1 --- /dev/null +++ b/nixos/modules/syncthing.nix @@ -0,0 +1,115 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with lib; + +let + + cnf = config.cynerd.syncthing; + hostName = config.networking.hostName; + allDevices = [ + "albert" "binky" "errol" "lipwig" "ridcully" "susan" "spt-omnia" + ]; + mediaDevices = [ + "lipwig" "binky" "errol" "ridcully" "spt-omnia" + ]; + bigStorageDevices = [ + "errol" "ridcully" "spt-omnia" + ]; + filterDevice = folders: filterAttrs (n: v: any (d: d == hostName) v.devices) folders; + +in { + + options = { + cynerd.syncthing = { + + enable = mkOption { + type = types.bool; + default = false; + description = "My personal Syncthing configuration"; + }; + + baseDir = mkOption { + type = types.str; + default = "/home/cynerd"; + description = "Base directory for all folders being synced."; + }; + + }; + }; + + config = mkIf cnf.enable { + services.syncthing = { + enable = any (n: n == hostName) allDevices; + user = mkDefault "cynerd"; + key = "/run/secrets/syncthing/key.pem"; + cert = "/run/secrets/syncthing/cert.pem"; + + openDefaultPorts = true; + + overrideFolders = true; + folders = filterDevice { + "${cnf.baseDir}/documents" = { + label = "Documents"; + id = "documents"; + devices = allDevices; + ignorePerms = false; + }; + "${cnf.baseDir}/notes" = { + label = "Notes"; + id = "notes"; + devices = allDevices; + ignorePerms = false; + }; + "${cnf.baseDir}/projects" = { + label = "Projects"; + id = "projects"; + devices = allDevices; + ignorePerms = false; + }; + "${cnf.baseDir}/pictures" = { + label = "Pictures"; + id = "pictures"; + devices = mediaDevices; + ignorePerms = false; + }; + # TODO phone-photos + "${cnf.baseDir}/music/primary" = { + label = "Music-primary"; + id = "music-primary"; + devices = mediaDevices; + ignorePerms = false; + }; + "${cnf.baseDir}/music/secondary" = { + label = "Music-secondary"; + id = "music-secondary"; + devices = bigStorageDevices; + ignorePerms = false; + }; + "${cnf.baseDir}/music/flac" = { + label = "Music-flac"; + id = "music-flac"; + devices = bigStorageDevices; + ignorePerms = false; + }; + "${cnf.baseDir}/video" = { + label = "Video"; + id = "video"; + devices = bigStorageDevices; + ignorePerms = false; + }; + }; + + overrideDevices = true; + devices = recursiveUpdate + (genAttrs allDevices (name: { + id = config.secrets.syncthingIDs."${name}"; + })) + { + lipwig.addresses = ["tcp://cynerd.cz"]; + }; + # TODO phone + }; + }; + +} diff --git a/nixos/modules/wifi-client.nix b/nixos/modules/wifi-client.nix new file mode 100644 index 0000000..af09155 --- /dev/null +++ b/nixos/modules/wifi-client.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + options = { + cynerd.wifiClient = mkOption { + type = types.bool; + default = false; + description = "Enable Wi-Fi client support"; + }; + }; + + config = mkIf config.cynerd.wifiClient { + networking.wireless = { + enable = true; + networks = config.secrets.wifiNetworks; + environmentFile = "/run/secrets/wifi.env"; + userControlled.enable = true; + }; + }; +} |