From 55296b643fe2934b875561dd58861b69d4951e9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Wed, 10 Jan 2024 11:17:22 +0100 Subject: nixos: multiple tweaks --- flake.lock | 151 ++++++++++++++++++++++++++++------------------ flake.nix | 2 +- hosts.sh | 6 +- nixos/machine/errol.nix | 1 + nixos/modules/generic.nix | 88 ++++++++++++++------------- 5 files changed, 146 insertions(+), 102 deletions(-) diff --git a/flake.lock b/flake.lock index 7a10550..3c73760 100644 --- a/flake.lock +++ b/flake.lock @@ -4,14 +4,15 @@ "inputs": { "darwin": "darwin", "home-manager": "home-manager", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "systems": "systems" }, "locked": { - "lastModified": 1701216516, - "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=", + "lastModified": 1703433843, + "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", "owner": "ryantm", "repo": "agenix", - "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247", + "rev": "417caa847f9383e111d1397039c9d4337d024bf0", "type": "github" }, "original": { @@ -28,11 +29,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -44,7 +45,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1701680307, @@ -61,7 +62,7 @@ }, "flake-utils_10": { "inputs": { - "systems": "systems_7" + "systems": "systems_9" }, "locked": { "lastModified": 1694529238, @@ -78,7 +79,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1692799911, @@ -108,12 +109,15 @@ } }, "flake-utils_4": { + "inputs": { + "systems": "systems_4" + }, "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -137,7 +141,7 @@ }, "flake-utils_6": { "inputs": { - "systems": "systems_3" + "systems": "systems_5" }, "locked": { "lastModified": 1694529238, @@ -154,7 +158,7 @@ }, "flake-utils_7": { "inputs": { - "systems": "systems_4" + "systems": "systems_6" }, "locked": { "lastModified": 1694529238, @@ -171,7 +175,7 @@ }, "flake-utils_8": { "inputs": { - "systems": "systems_5" + "systems": "systems_7" }, "locked": { "lastModified": 1694529238, @@ -188,7 +192,7 @@ }, "flake-utils_9": { "inputs": { - "systems": "systems_6" + "systems": "systems_8" }, "locked": { "lastModified": 1681202837, @@ -209,11 +213,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1701857213, - "narHash": "sha256-W4hjAi1nn7gzxro63gi2t2PK2B42mAnj6WZ572Q+4n0=", + "lastModified": 1704734040, + "narHash": "sha256-A8ZPW28fLUh0lEhLLMyjUYSa9JZzLi9MNAnkynuVDs4=", "ref": "refs/heads/master", - "rev": "d41a0609e62debf109dcd0811620f0db3ce0d0fb", - "revCount": 3379, + "rev": "7279a1c6a10cfaf0b21a15b3a7fdb7ad1f6cc067", + "revCount": 3441, "submodules": true, "type": "git", "url": "https://gitlab.elektroline.cz/elektroline/flatlineng.git" @@ -232,11 +236,11 @@ ] }, "locked": { - "lastModified": 1682203081, - "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { @@ -287,11 +291,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1701656485, - "narHash": "sha256-xDFormrGCKKGqngHa2Bz1GTeKlFMMjLnHhTDRdMJ1hs=", + "lastModified": 1704786394, + "narHash": "sha256-aJM0ln9fMGWw1+tjyl5JZWZ3ahxAA2gw2ZpZY/hkEMs=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "fa194fc484fd7270ab324bb985593f71102e84d1", + "rev": "b34a6075e9e298c4124e35c3ccaf2210c1f3a43b", "type": "github" }, "original": { @@ -301,11 +305,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1677676435, - "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -373,11 +377,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1701893209, - "narHash": "sha256-050hRfYUCfS1Kh72RpuG9fgEtwu6cuHHF3P8iC0BKgY=", + "lastModified": 1704835834, + "narHash": "sha256-2XSWpm+0GBPHnCZmm/ell+yuPx3aP7zbitFFkFq7zlg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4e2af6d113155799eb9be93e3d8dd32d7300e06", + "rev": "7bb62b90ef7f7e76603bcd52d7e10ddb6d589f15", "type": "github" }, "original": { @@ -388,11 +392,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1679734080, - "narHash": "sha256-z846xfGLlon6t9lqUzlNtBOmsgQLQIZvR6Lt2dImk1M=", + "lastModified": 1704811223, + "narHash": "sha256-rcXk+mdSHG/Hp5bzTOCPyNXkcwjsxlhfmWg3Qw3gSuE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dbf5322e93bcc6cfc52268367a8ad21c09d76fea", + "rev": "4b0751bbc680ed971f80be370a2874a72f3d42fc", "type": "github" }, "original": { @@ -416,11 +420,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1699343069, - "narHash": "sha256-s7BBhyLA6MI6FuJgs4F/SgpntHBzz40/qV0xLPW6A1Q=", + "lastModified": 1700538105, + "narHash": "sha256-uZhOCmwv8VupEmPZm3erbr9XXmyg7K67Ul3+Rx2XMe0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ec750fd01963ab6b20ee1f0cb488754e8036d89d", + "rev": "51a01a7e5515b469886c120e38db325c96694c2f", "type": "github" }, "original": { @@ -462,15 +466,16 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1680711275, - "narHash": "sha256-WSKHOP65VEp9hyB0h4kcNbJT02zaJHc40hIq9l+uG4U=", + "lastModified": 1704876311, + "narHash": "sha256-NnCcbyosqTy/U3X17pUscKmjT3O+8LQyuXimHhQOX8M=", "owner": "cynerd", "repo": "nixturris", - "rev": "45e61620f26b4d8f293b4e8ec6a29f1bdded2657", + "rev": "b6867c82270a45afd4fb71275410532e0b7234d5", "type": "gitlab" }, "original": { "owner": "cynerd", + "ref": "new-ci", "repo": "nixturris", "type": "gitlab" } @@ -499,15 +504,15 @@ "locked": { "lastModified": 1699625542, "narHash": "sha256-jNTFdR1zFSWBbPljAjv5E05u1ZLVKXo9lyK6lmMLdOc=", - "ref": "refs/heads/master", + "owner": "silicon-heaven", + "repo": "pyshv", "rev": "55379a94ae4c6bd911bb15293181486bf3c1ebed", - "revCount": 159, - "type": "git", - "url": "https://gitlab.com/elektroline-predator/pyshv.git" + "type": "github" }, "original": { - "type": "git", - "url": "https://gitlab.com/elektroline-predator/pyshv.git" + "owner": "silicon-heaven", + "repo": "pyshv", + "type": "github" } }, "root": { @@ -553,11 +558,11 @@ "pyshv": "pyshv" }, "locked": { - "lastModified": 1700733387, - "narHash": "sha256-k/1OzuO7sw90nH1JzuqQ3GzbV+r1dSFqtvFMOR33HPg=", + "lastModified": 1702330302, + "narHash": "sha256-mbPZ1ogTiLnMu6OVUXc8SIaNgZ2YgPNAp3MruG+CRgg=", "owner": "silicon-heaven", "repo": "shvcli", - "rev": "86131cb5cf8b42f885a0539db3ac670dead94705", + "rev": "3a41dbe21787b7fe81dfbe4c1124e940e9b74fb1", "type": "github" }, "original": { @@ -572,11 +577,11 @@ "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1701080464, - "narHash": "sha256-YKo35TarvYKVHGk3ffN+qQ/5nVzZAdDd9Fsqira0zOU=", + "lastModified": 1704363088, + "narHash": "sha256-PhBgqjNDI9lYNhVu1BsTe691F4NsBuTFH8bjFr6ZYu4=", "ref": "refs/heads/master", - "rev": "334da50ac8308588492cc73018763bcbe1eadc39", - "revCount": 417, + "rev": "d9b1dd4695ccb739dcc95953b82f8c09ea2f74bb", + "revCount": 423, "submodules": true, "type": "git", "url": "https://github.com/silicon-heaven/shvspy.git" @@ -692,6 +697,36 @@ "type": "github" } }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_9": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "usbkey": { "inputs": { "flake-utils": "flake-utils_10", @@ -713,11 +748,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1701770553, - "narHash": "sha256-fcfueTRG8osOH7I6RtR+PJ3TN/c5IkVUqo8fUwtGFrw=", + "lastModified": 1704805549, + "narHash": "sha256-qsTfv50DiW6ii4zDmxvg67eBzGNanBqz//z8K2+kiGQ=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "47df7ebe2c313d8e6421936976f8459fefb4d6e9", + "rev": "4e77ea7ff7da2f294b56914b0ad0c14f0a51794c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5e1f1fa..72d8924 100644 --- a/flake.nix +++ b/flake.nix @@ -11,7 +11,7 @@ flatline.url = "git+https://gitlab.elektroline.cz/elektroline/flatlineng.git?submodules=1"; shvcli.url = "github:silicon-heaven/shvcli"; - nixturris.url = "gitlab:cynerd/nixturris"; + nixturris.url = "gitlab:cynerd/nixturris/new-ci"; nixbigclown.url = "github:cynerd/nixbigclown"; vpsadminos.url = "github:vpsfreecz/vpsadminos"; diff --git a/hosts.sh b/hosts.sh index ae108e9..a133f7b 100755 --- a/hosts.sh +++ b/hosts.sh @@ -3,8 +3,10 @@ source "${0%/*}/tools/common.sh" declare -a default_hosts ################################################################################ ## x86_64 +# Desktops +default_hosts+=( "errol" "ridcully" ) # VPSFree -default_hosts+=( "lipwig" "mrpump" ) +default_hosts+=( "lipwig" ) ## aarch64 # Mox @@ -85,7 +87,7 @@ case "$operation" in build-boot|bb) for_hosts build copy boot ;; - default) + *) echo "Unknown operation: $operation" >&2 exit 2 ;; diff --git a/nixos/machine/errol.nix b/nixos/machine/errol.nix index de23bc3..922ff57 100644 --- a/nixos/machine/errol.nix +++ b/nixos/machine/errol.nix @@ -62,6 +62,7 @@ with lib; { configDir = "/home/cynerd/.config/syncthing"; }; + nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO services.home-assistant = { enable = true; openFirewall = true; diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix index 8688732..9b64aa8 100644 --- a/nixos/modules/generic.nix +++ b/nixos/modules/generic.nix @@ -32,10 +32,12 @@ in { }; }; - boot.loader.systemd-boot.enable = mkOverride 1100 true; - boot.loader.efi.canTouchEfiVariables = mkDefault true; - boot.kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest; - boot.kernelParams = ["boot.shell_on_fail"]; + boot = { + loader.systemd-boot.enable = mkOverride 1100 true; + loader.efi.canTouchEfiVariables = mkDefault true; + kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest; + kernelParams = ["boot.shell_on_fail"]; + }; hardware.enableAllFirmware = true; services.fwupd.enable = mkIf (pkgs.system == "x86_64-linux") true; @@ -107,46 +109,50 @@ in { mlocate ]; - users.mutableUsers = false; - users.groups.cynerd.gid = 1000; - users.users = { - root = { - hashedPasswordFile = "/run/secrets/root.pass"; - }; - cynerd = { - group = "cynerd"; - extraGroups = ["users" "wheel" "dialout" "kvm" "uucp"]; - uid = 1000; - subUidRanges = [ - { - count = 65534; - startUid = 10000; - } - ]; - subGidRanges = [ - { - count = 65534; - startGid = 10000; - } - ]; - isNormalUser = true; - createHome = true; - shell = - if isNative - then pkgs.zsh.out - else pkgs.bash.out; - hashedPasswordFile = "/run/secrets/cynerd.pass"; - openssh.authorizedKeys.keyFiles = [ - (config.personal-secrets + "/unencrypted/git-private.pub") - ]; + users = { + mutableUsers = false; + groups.cynerd.gid = 1000; + users = { + root = { + hashedPasswordFile = "/run/secrets/root.pass"; + }; + cynerd = { + group = "cynerd"; + extraGroups = ["users" "wheel" "dialout" "kvm" "uucp"]; + uid = 1000; + subUidRanges = [ + { + count = 65534; + startUid = 10000; + } + ]; + subGidRanges = [ + { + count = 65534; + startGid = 10000; + } + ]; + isNormalUser = true; + createHome = true; + shell = + if isNative + then pkgs.zsh.out + else pkgs.bash.out; + hashedPasswordFile = "/run/secrets/cynerd.pass"; + openssh.authorizedKeys.keyFiles = [ + (config.personal-secrets + "/unencrypted/git-private.pub") + ]; + }; }; }; - programs.zsh = { - enable = isNative; - syntaxHighlighting.enable = isNative; + programs = { + zsh = { + enable = isNative; + syntaxHighlighting.enable = isNative; + }; + shellrc = true; + vim.defaultEditor = mkDefault true; }; - programs.shellrc = true; - programs.vim.defaultEditor = mkDefault true; security.sudo.extraRules = [ { -- cgit v1.2.3