aboutsummaryrefslogtreecommitdiff
path: root/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'nixos')
-rw-r--r--nixos/configurations/dean.nix8
-rw-r--r--nixos/configurations/default.nix2
-rw-r--r--nixos/modules/bcg.nix31
-rw-r--r--nixos/modules/default.nix2
-rw-r--r--nixos/modules/desktop.nix194
-rw-r--r--nixos/modules/generic.nix149
-rw-r--r--nixos/modules/monitoring.nix34
-rw-r--r--nixos/modules/packages.nix86
-rw-r--r--nixos/modules/syncthing.nix2
-rw-r--r--nixos/modules/users.nix78
10 files changed, 304 insertions, 282 deletions
diff --git a/nixos/configurations/dean.nix b/nixos/configurations/dean.nix
index adc9e87..6feae96 100644
--- a/nixos/configurations/dean.nix
+++ b/nixos/configurations/dean.nix
@@ -1,10 +1,4 @@
-{
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) mkForce;
-in {
+{pkgs, ...}: {
turris.board = "mox";
deploy.enable = true;
diff --git a/nixos/configurations/default.nix b/nixos/configurations/default.nix
index c653c2d..974d9d9 100644
--- a/nixos/configurations/default.nix
+++ b/nixos/configurations/default.nix
@@ -29,7 +29,7 @@ in
];
specialArgs = {
inputModules =
- mapAttrs (n: v: v.nixosModules) (filterAttrs (n: v: v ? nixosModules) self.inputs)
+ mapAttrs (_: v: v.nixosModules) (filterAttrs (_: v: v ? nixosModules) self.inputs)
// {
vpsadminos = self.inputs.vpsadminos.nixosConfigurations.container;
};
diff --git a/nixos/modules/bcg.nix b/nixos/modules/bcg.nix
index 626a67f..3146c15 100644
--- a/nixos/modules/bcg.nix
+++ b/nixos/modules/bcg.nix
@@ -4,13 +4,10 @@
pkgs,
...
}:
-
-with lib;
-
-let
+with lib; let
cfg = config.services.bcg;
configFile = (pkgs.formats.yaml {}).generate "bcg.conf.yaml" (
- filterAttrsRecursive (n: v: v != null) {
+ filterAttrsRecursive (_: v: v != null) {
inherit (cfg) device name mqtt;
retain_node_messages = cfg.retainNodeMessages;
qos_node_messages = cfg.qosNodeMessages;
@@ -21,16 +18,15 @@ let
automatic_rename_nodes = cfg.automaticRenameNodes;
}
);
-in
-{
+in {
options = {
services.bcg = {
enable = mkEnableOption "BigClown gateway";
- package = mkPackageOption pkgs [ "python3Packages" "bcg" ] { };
+ package = mkPackageOption pkgs ["python3Packages" "bcg"] {};
environmentFiles = mkOption {
type = types.listOf types.path;
default = [];
- example = [ "/run/keys/bcg.env" ];
+ example = ["/run/keys/bcg.env"];
description = ''
File to load as environment file. Environment variables from this file
will be interpolated into the config file using envsubst with this
@@ -148,21 +144,22 @@ in
systemd.services.bcg = let
envConfig = cfg.environmentFiles != [];
- finalConfig = if envConfig
- then "$RUNTIME_DIRECTORY/bcg.config.yaml"
- else configFile;
+ finalConfig =
+ if envConfig
+ then "$RUNTIME_DIRECTORY/bcg.config.yaml"
+ else configFile;
in {
description = "BigClown Gateway";
- wantedBy = [ "multi-user.target" ];
- wants = [ "network-online.target" ] ++ lib.optional config.services.mosquitto.enable "mosquitto.service";
- after = [ "network-online.target" ];
+ wantedBy = ["multi-user.target"];
+ wants = ["network-online.target"] ++ lib.optional config.services.mosquitto.enable "mosquitto.service";
+ after = ["network-online.target"];
preStart = ''
umask 077
${pkgs.envsubst}/bin/envsubst -i "${configFile}" -o "${finalConfig}"
- '';
+ '';
serviceConfig = {
EnvironmentFile = cfg.environmentFiles;
- ExecStart="${cfg.package}/bin/bcg -c ${finalConfig} -v ${cfg.verbose}";
+ ExecStart = "${cfg.package}/bin/bcg -c ${finalConfig} -v ${cfg.verbose}";
RuntimeDirectory = "bcg";
};
};
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index 90a4b58..6bc0d70 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -17,6 +17,6 @@ in
// {
default = {
imports = attrValues modules ++ default_modules;
- disabledModules = [ "services/misc/bcg.nix" ];
+ disabledModules = ["services/misc/bcg.nix"];
};
}
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix
index 2e67730..62e7fb2 100644
--- a/nixos/modules/desktop.nix
+++ b/nixos/modules/desktop.nix
@@ -23,6 +23,14 @@ in {
};
config = mkIf cnf.enable {
+ hardware = {
+ opengl = {
+ driSupport = true;
+ driSupport32Bit = true;
+ };
+ bluetooth.enable = mkIf cnf.laptop true;
+ };
+
programs = {
sway = {
enable = true;
@@ -168,73 +176,123 @@ in {
acpi
]);
};
+
firefox = {
enable = true;
languagePacks = ["en-US" "cs"];
nativeMessagingHosts.packages = with pkgs; [browserpass];
};
+
light.enable = mkIf cnf.laptop true;
+
nix-ld = {
enable = true;
libraries = with pkgs; [xorg.libXpm];
};
- };
- xdg.portal = {
- enable = true;
- wlr.enable = true;
- extraPortals = with pkgs; [xdg-desktop-portal-gtk];
- };
- xdg.mime.defaultApplications = {
- "text/html" = ["firefox.desktop"];
- "application/pdf" = ["org.pwmt.zathura.desktop"];
- "image/jpeg" = ["feh.desktop"];
- "image/png" = ["feh.desktop"];
- "image/svg" = ["feh.desktop"];
- };
- programs.usbkey = {
- enable = true;
- devicesUUID = ["de269652-2070-46b2-84f8-409dc9dd50ee" "16a089d0-a663-4047-bd88-3885dd7fdee2"];
+ usbkey = {
+ enable = true;
+ devicesUUID = [
+ "de269652-2070-46b2-84f8-409dc9dd50ee"
+ "16a089d0-a663-4047-bd88-3885dd7fdee2"
+ ];
+ };
+
+ gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ enableBrowserSocket = true;
+ };
};
- programs.gnupg.agent = {
- enable = true;
- enableSSHSupport = true;
- enableBrowserSocket = true;
+ xdg = {
+ portal = {
+ enable = true;
+ wlr.enable = true;
+ extraPortals = with pkgs; [xdg-desktop-portal-gtk];
+ };
+ mime.defaultApplications = {
+ "text/html" = ["firefox.desktop"];
+ "application/pdf" = ["org.pwmt.zathura.desktop"];
+ "image/jpeg" = ["feh.desktop"];
+ "image/png" = ["feh.desktop"];
+ "image/svg" = ["feh.desktop"];
+ };
};
- services.dbus.packages = [pkgs.gcr];
- programs.kdeconnect.enable = true;
+ services = {
+ # Autologin on the first TTY
+ getty = {
+ extraArgs = ["--skip-login"];
+ loginProgram = "${pkgs.bash}/bin/sh";
+ loginOptions = toString (pkgs.writeText "login-program.sh" ''
+ if [[ "$(tty)" == '/dev/tty1' ]]; then
+ ${pkgs.shadow}/bin/login -f cynerd;
+ else
+ ${pkgs.shadow}/bin/login;
+ fi
+ '');
+ };
- services.pipewire = {
- enable = true;
- alsa.enable = true;
- alsa.support32Bit = true;
- pulse.enable = true;
- extraConfig.pipewire."10-zeroconf" = {
- "context.modules" = [{name = "libpipewire-module-zeroconf-discover";}];
+ gpm.enable = true; # mouse in buffer
+ udev.extraRules = ''
+ ACTION=="add|change", KERNEL=="sd*[!0-9]", ATTR{queue/scheduler}="bfq"
+ '';
+ xserver.xkb.options = "grp:alt_shift_toggle,caps:escape";
+
+ # Gnome crypto services (GnuPG)
+ dbus.packages = [pkgs.gcr];
+
+ pipewire = {
+ enable = true;
+ alsa.enable = true;
+ alsa.support32Bit = true;
+ pulse.enable = true;
+ extraConfig.pipewire."10-zeroconf" = {
+ "context.modules" = [{name = "libpipewire-module-zeroconf-discover";}];
+ };
};
- };
- security.rtkit.enable = true;
- services.printing = {
- enable = true;
- drivers = with pkgs; [
- gutenprint
- gutenprintBin
- cnijfilter2
- ];
+ upower.enable = true;
+ hardware.openrgb = {
+ enable = true;
+ package = pkgs.openrgb-with-all-plugins;
+ };
+
+ printing = {
+ enable = true;
+ drivers = with pkgs; [
+ gutenprint
+ gutenprintBin
+ cnijfilter2
+ ];
+ };
+ avahi.enable = true;
+ samba-wsdd = {
+ enable = true;
+ discovery = true;
+ };
+ davfs2.enable = true;
+
+ locate.enable = true;
+ snapper.configs = {
+ home = {
+ SUBVOLUME = "/home";
+ ALLOW_GROUPS = ["users"];
+ TIMELINE_CREATE = true;
+ TIMELINE_CLEANUP = true;
+ };
+ };
};
- services.upower.enable = mkDefault cnf.laptop;
+ # Beneficial for Pipewire
+ security.rtkit.enable = true;
- services.avahi.enable = true;
- services.samba-wsdd = {
- enable = true;
- discovery = true;
+ # Local share (avahi, samba)
+ networking.firewall = {
+ allowedTCPPorts = [5357];
+ allowedUDPPorts = [3702];
};
- networking.firewall.allowedTCPPorts = [5357];
- networking.firewall.allowedUDPPorts = [3702];
fonts.packages = with pkgs; [
(nerdfonts.override {fonts = ["Hack"];})
@@ -253,52 +311,12 @@ in {
unifont
];
- services.udev.extraRules = ''
- ACTION=="add|change", KERNEL=="sd*[!0-9]", ATTR{queue/scheduler}="bfq"
- '';
- hardware.opengl = {
- driSupport = true;
- driSupport32Bit = true;
- };
-
- hardware.bluetooth.enable = mkIf cnf.laptop true;
-
- services.hardware.openrgb = {
- enable = true;
- package = pkgs.openrgb-with-all-plugins;
- };
-
documentation = {
enable = true;
man.enable = true;
info.enable = true;
};
- services.snapper.configs = {
- home = {
- SUBVOLUME = "/home";
- ALLOW_GROUPS = ["users"];
- TIMELINE_CREATE = true;
- TIMELINE_CLEANUP = true;
- };
- };
-
- # Autologin on the first TTY
- services.getty = {
- extraArgs = ["--skip-login"];
- loginProgram = "${pkgs.bash}/bin/sh";
- loginOptions = toString (pkgs.writeText "login-program.sh" ''
- if [[ "$(tty)" == '/dev/tty1' ]]; then
- ${pkgs.shadow}/bin/login -f cynerd;
- else
- ${pkgs.shadow}/bin/login;
- fi
- '');
- };
-
- # Leds group is required for light
- users.users.cynerd.extraGroups = ["leds"];
-
# VTI settings
console = {
colors = [
@@ -322,12 +340,6 @@ in {
earlySetup = true;
useXkbConfig = true;
};
- services.xserver.xkb.options = "grp:alt_shift_toggle,caps:escape";
- services.gpm.enable = true;
-
- services.locate.enable = true;
-
- services.davfs2.enable = true;
# Support running app images
boot.binfmt.registrations.appimage = {
diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix
index 97391b8..02afd17 100644
--- a/nixos/modules/generic.nix
+++ b/nixos/modules/generic.nix
@@ -1,12 +1,9 @@
{
- config,
lib,
pkgs,
...
}: let
- inherit (lib) mkOverride mkDefault optionals;
- isNative = config.nixpkgs.hostPlatform == config.nixpkgs.buildPlatform;
- isArm = config.nixpkgs.hostPlatform.isAarch;
+ inherit (lib) mkOverride mkDefault;
in {
config = {
system.stateVersion = "24.05";
@@ -43,153 +40,11 @@ in {
services.fwupd.enable = mkDefault (pkgs.system == "x86_64-linux");
systemd.oomd.enable = false;
- nixpkgs = {
- config.allowUnfree = true;
- flake = {
- setNixPath = false;
- setFlakeRegistry = false;
- };
- };
- environment.systemPackages = with pkgs;
- [
- git # We need git for this repository to even work
- # Administration tools
- coreutils
- binutils
- psmisc
- progress
- lshw
- file
- vde2
- ldns
- wget
- gnumake
- exfat
- exfatprogs
- ntfs3g
- usbutils
- pciutils
- smartmontools
- parted
-
- # NCurses tools
- htop
- btop
- iotop
- mc
- screen
- tmux
- pv
-
- # ls tools
- tree
- lsof
- strace
-
- sourceHighlight # Colors for less
- unrar
- p7zip
- zip
- unzip
-
- # Network
- netcat
- traceroute
- iftop
- nethogs
- sshfs
- wakeonlan
- speedtest-cli
- librespeed-cli
- termshark
-
- lm_sensors
- ]
- ++ optionals (system == "x86_64-linux") [
- nmap
- ltrace
- ]
- ++ optionals (!isNative) [
- ncdu_1
- ]
- ++ optionals isNative [
- moreutils
- glances
- ncdu
- mlocate
- ];
-
- users = {
- mutableUsers = false;
- groups.cynerd.gid = 1000;
- users = {
- root = {
- hashedPasswordFile = "/run/secrets/root.pass";
- };
- cynerd = {
- group = "cynerd";
- extraGroups = ["users" "wheel" "dialout" "kvm" "uucp" "wireshark"];
- uid = 1000;
- subUidRanges = [
- {
- count = 65534;
- startUid = 10000;
- }
- ];
- subGidRanges = [
- {
- count = 65534;
- startGid = 10000;
- }
- ];
- isNormalUser = true;
- createHome = true;
- shell =
- if isNative
- then pkgs.zsh.out
- else pkgs.bash.out;
- hashedPasswordFile = "/run/secrets/cynerd.pass";
- openssh.authorizedKeys.keyFiles = [
- (config.personal-secrets + "/unencrypted/git-private.pub")
- ];
- };
- };
- };
- programs = {
- zsh = {
- enable = isNative;
- syntaxHighlighting.enable = isNative;
- };
- shellrc = true;
- vim.defaultEditor = isArm;
- neovim = {
- enable = !isArm;
- defaultEditor = true;
- withNodeJs = true;
- };
-
- wireshark.enable = true;
- };
-
- security.sudo.extraRules = [
- {
- groups = ["wheel"];
- commands = ["ALL"];
- }
- ];
networking = {
nftables.enable = true;
dhcpcd.extraConfig = "controlgroup wheel";
};
- services.openssh = {
- enable = true;
- settings = {
- PasswordAuthentication = false;
- PermitRootLogin = "no";
- };
- };
-
time.timeZone = "Europe/Prague";
i18n.defaultLocale = "en_US.UTF-8";
@@ -209,8 +64,6 @@ in {
chmod +x $out/bin/nixos-system
'';
- programs.fuse.userAllowOther = true;
-
documentation = {
enable = mkDefault false;
doc.enable = mkDefault false;
diff --git a/nixos/modules/monitoring.nix b/nixos/modules/monitoring.nix
index 44d0cbb..db77b00 100644
--- a/nixos/modules/monitoring.nix
+++ b/nixos/modules/monitoring.nix
@@ -119,22 +119,24 @@ in {
(mkIf (config.networking.hostName == "lipwig") {
# InfluxDB
- services.influxdb2.enable = true;
- services.telegraf.extraConfig.inputs.prometheus = {
- urls = ["http://localhost:8086/metrics"];
- };
- # Grafana
- services.grafana = {
- enable = true;
- settings = {
- users.allow_sign_up = false;
- security = {
- admin_user = "cynerd";
- admin_password = "$__file{/run/secrets/grafana.admin.pass}";
- };
- server = {
- http_addr = "";
- http_port = 3000;
+ services = {
+ influxdb2.enable = true;
+ telegraf.extraConfig.inputs.prometheus = {
+ urls = ["http://localhost:8086/metrics"];
+ };
+ # Grafana
+ grafana = {
+ enable = true;
+ settings = {
+ users.allow_sign_up = false;
+ security = {
+ admin_user = "cynerd";
+ admin_password = "$__file{/run/secrets/grafana.admin.pass}";
+ };
+ server = {
+ http_addr = "";
+ http_port = 3000;
+ };
};
};
};
diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix
new file mode 100644
index 0000000..f880dbd
--- /dev/null
+++ b/nixos/modules/packages.nix
@@ -0,0 +1,86 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}: let
+ inherit (lib) optionals;
+ isNative = config.nixpkgs.hostPlatform == config.nixpkgs.buildPlatform;
+in {
+ nixpkgs = {
+ config.allowUnfree = true;
+ flake = {
+ setNixPath = false;
+ setFlakeRegistry = false;
+ };
+ };
+ environment.systemPackages = with pkgs;
+ [
+ git # We need git for this repository to even work
+ # Administration tools
+ coreutils
+ binutils
+ psmisc
+ progress
+ lshw
+ file
+ vde2
+ ldns
+ wget
+ gnumake
+ exfat
+ exfatprogs
+ ntfs3g
+ usbutils
+ pciutils
+ smartmontools
+ parted
+
+ # NCurses tools
+ htop
+ btop
+ iotop
+ mc
+ screen
+ tmux
+ pv
+
+ # ls tools
+ tree
+ lsof
+ strace
+
+ sourceHighlight # Colors for less
+ unrar
+ p7zip
+ zip
+ unzip
+
+ # Network
+ netcat
+ traceroute
+ iftop
+ nethogs
+ sshfs
+ wakeonlan
+ speedtest-cli
+ librespeed-cli
+ termshark
+
+ lm_sensors
+
+ ncdu
+ ]
+ ++ optionals (system == "x86_64-linux") [
+ nmap
+ ltrace
+ ]
+ ++ optionals (!isNative) [
+ ncdu_1
+ ]
+ ++ optionals isNative [
+ moreutils
+ glances
+ mlocate
+ ];
+}
diff --git a/nixos/modules/syncthing.nix b/nixos/modules/syncthing.nix
index d6b65e6..91736ca 100644
--- a/nixos/modules/syncthing.nix
+++ b/nixos/modules/syncthing.nix
@@ -26,7 +26,7 @@
"ridcully"
"spt-omnia"
];
- filterDevice = filterAttrs (n: v: any (d: d == hostName) v.devices);
+ filterDevice = filterAttrs (_: v: any (d: d == hostName) v.devices);
in {
options = {
cynerd.syncthing = {
diff --git a/nixos/modules/users.nix b/nixos/modules/users.nix
new file mode 100644
index 0000000..d169423
--- /dev/null
+++ b/nixos/modules/users.nix
@@ -0,0 +1,78 @@
+{
+ pkgs,
+ config,
+ ...
+}: let
+ isNative = config.nixpkgs.hostPlatform == config.nixpkgs.buildPlatform;
+ isArm = config.nixpkgs.hostPlatform.isAarch;
+in {
+ users = {
+ mutableUsers = false;
+ groups.cynerd.gid = 1000;
+ users = {
+ root = {
+ hashedPasswordFile = "/run/secrets/root.pass";
+ };
+ cynerd = {
+ group = "cynerd";
+ extraGroups = ["users" "wheel" "dialout" "kvm" "uucp" "wireshark" "leds"];
+ uid = 1000;
+ subUidRanges = [
+ {
+ count = 65534;
+ startUid = 10000;
+ }
+ ];
+ subGidRanges = [
+ {
+ count = 65534;
+ startGid = 10000;
+ }
+ ];
+ isNormalUser = true;
+ createHome = true;
+ shell =
+ if isNative
+ then pkgs.zsh.out
+ else pkgs.bash.out;
+ hashedPasswordFile = "/run/secrets/cynerd.pass";
+ openssh.authorizedKeys.keyFiles = [
+ (config.personal-secrets + "/unencrypted/git-private.pub")
+ ];
+ };
+ };
+ };
+
+ security.sudo.extraRules = [
+ {
+ groups = ["wheel"];
+ commands = ["ALL"];
+ }
+ ];
+
+ services.openssh = {
+ enable = true;
+ settings = {
+ PasswordAuthentication = false;
+ PermitRootLogin = "no";
+ };
+ };
+
+ programs = {
+ zsh = {
+ enable = isNative;
+ syntaxHighlighting.enable = isNative;
+ };
+ shellrc = true;
+ vim.defaultEditor = isArm;
+ neovim = {
+ enable = !isArm;
+ defaultEditor = true;
+ withNodeJs = true;
+ };
+
+ wireshark.enable = true;
+ };
+
+ programs.fuse.userAllowOther = true;
+}