From 93b0545d11bf8c7f065203f7f3eaf1d0e3730dce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Mon, 21 Feb 2022 21:54:09 +0100 Subject: Add initial version --- nixos/default.nix | 10 +++ nixos/machine/adm-mpd.nix | 23 ++++++ nixos/machine/adm-omnia.nix | 10 +++ nixos/machine/adm-omnia2.nix | 10 +++ nixos/machine/albert.nix | 31 +++++++++ nixos/machine/binky.nix | 60 ++++++++++++++++ nixos/machine/default.nix | 17 +++++ nixos/machine/errol.nix | 35 ++++++++++ nixos/machine/lipwig.nix | 58 ++++++++++++++++ nixos/machine/ridcully.nix | 31 +++++++++ nixos/machine/spt-mox.nix | 31 +++++++++ nixos/machine/spt-mox2.nix | 78 +++++++++++++++++++++ nixos/machine/spt-mpd.nix | 23 ++++++ nixos/machine/spt-omnia.nix | 10 +++ nixos/machine/susan.nix | 26 +++++++ nixos/modules/compile.nix | 30 ++++++++ nixos/modules/default.nix | 11 +++ nixos/modules/desktop.nix | 158 ++++++++++++++++++++++++++++++++++++++++++ nixos/modules/develop.nix | 105 ++++++++++++++++++++++++++++ nixos/modules/generic.nix | 98 ++++++++++++++++++++++++++ nixos/modules/hardware.nix | 12 ++++ nixos/modules/hosts.nix | 104 +++++++++++++++++++++++++++ nixos/modules/openvpn.nix | 26 +++++++ nixos/modules/syncthing.nix | 115 ++++++++++++++++++++++++++++++ nixos/modules/wifi-client.nix | 23 ++++++ 25 files changed, 1135 insertions(+) create mode 100644 nixos/default.nix create mode 100644 nixos/machine/adm-mpd.nix create mode 100644 nixos/machine/adm-omnia.nix create mode 100644 nixos/machine/adm-omnia2.nix create mode 100644 nixos/machine/albert.nix create mode 100644 nixos/machine/binky.nix create mode 100644 nixos/machine/default.nix create mode 100644 nixos/machine/errol.nix create mode 100644 nixos/machine/lipwig.nix create mode 100644 nixos/machine/ridcully.nix create mode 100644 nixos/machine/spt-mox.nix create mode 100644 nixos/machine/spt-mox2.nix create mode 100644 nixos/machine/spt-mpd.nix create mode 100644 nixos/machine/spt-omnia.nix create mode 100644 nixos/machine/susan.nix create mode 100644 nixos/modules/compile.nix create mode 100644 nixos/modules/default.nix create mode 100644 nixos/modules/desktop.nix create mode 100644 nixos/modules/develop.nix create mode 100644 nixos/modules/generic.nix create mode 100644 nixos/modules/hardware.nix create mode 100644 nixos/modules/hosts.nix create mode 100644 nixos/modules/openvpn.nix create mode 100644 nixos/modules/syncthing.nix create mode 100644 nixos/modules/wifi-client.nix (limited to 'nixos') diff --git a/nixos/default.nix b/nixos/default.nix new file mode 100644 index 0000000..72eae65 --- /dev/null +++ b/nixos/default.nix @@ -0,0 +1,10 @@ +nixpkgs: + +let + + modules = import ./modules nixpkgs; + machines = import ./machine; + +in modules // machines // { + default = { imports = builtins.attrValues modules; }; +} diff --git a/nixos/machine/adm-mpd.nix b/nixos/machine/adm-mpd.nix new file mode 100644 index 0000000..3e103e1 --- /dev/null +++ b/nixos/machine/adm-mpd.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + fileSystems = { + "/" = { + device = "/dev/mmcblk0p2"; + options = ["compress=lzo" "subvol=@nix"]; + }; + "/home" = { + device = "/dev/mmcblk0p2"; + options = ["compress=lzo" "subvol=@home"]; + }; + "/boot" = { + device = "/dev/mmcblk0p1"; + }; + }; + }; + +} diff --git a/nixos/machine/adm-omnia.nix b/nixos/machine/adm-omnia.nix new file mode 100644 index 0000000..21bfeb6 --- /dev/null +++ b/nixos/machine/adm-omnia.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + }; + +} diff --git a/nixos/machine/adm-omnia2.nix b/nixos/machine/adm-omnia2.nix new file mode 100644 index 0000000..21bfeb6 --- /dev/null +++ b/nixos/machine/adm-omnia2.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + }; + +} diff --git a/nixos/machine/albert.nix b/nixos/machine/albert.nix new file mode 100644 index 0000000..0adad68 --- /dev/null +++ b/nixos/machine/albert.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + cynerd.desktop.enable = true; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d"; + options = ["compress=lzo" "subvol=@nix"]; + }; + "/home" = { + device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d"; + options = ["compress=lzo" "subvol=@home"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/E403-124B"; + }; + + "/home2" = { + device = "/dev/disk/by-uuid/55e177a1-215e-475b-ba9c-771b5fa3f8f0"; + options = ["compress=lzo" "subvol=@home"]; + }; + }; + + }; + +} diff --git a/nixos/machine/binky.nix b/nixos/machine/binky.nix new file mode 100644 index 0000000..849c719 --- /dev/null +++ b/nixos/machine/binky.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + cynerd = { + desktop = { + enable = true; + laptop = true; + }; + wifiClient = true; + develop = true; + }; + + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod"]; + boot.kernelModules = ["kvm-amd"]; + + boot.initrd.luks.devices = { + "encroot".device = "/dev/disk/by-uuid/b317feb5-d68d-4ec3-a24f-0307c116cac8"; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/encroot"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@"]; + }; + "/nix" = { + device = "/dev/mapper/encroot"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@nix"]; + }; + "/home" = { + device = "/dev/mapper/encroot"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@home"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/8F7D-A154"; + fsType = "vfat"; + }; + }; + + services.syncthing = { + enable = true; + user = mkDefault "cynerd"; + group = mkDefault "cynerd"; + openDefaultPorts = true; + + overrideDevices = false; + overrideFolders = false; + + dataDir = "/home/cynerd"; + configDir = "/home/cynerd/.config/syncthing"; + }; + + }; + +} diff --git a/nixos/machine/default.nix b/nixos/machine/default.nix new file mode 100644 index 0000000..bfd2594 --- /dev/null +++ b/nixos/machine/default.nix @@ -0,0 +1,17 @@ +{ + machine-albert = import ./albert.nix; + machine-binky = import ./binky.nix; + machine-errol = import ./errol.nix; + machine-lipwig = import ./lipwig.nix; + machine-ridcully = import ./ridcully.nix; + machine-susan = import ./susan.nix; + + machine-spt-omnia = import ./spt-omnia.nix; + machine-spt-mox = import ./spt-mox.nix; + machine-spt-mox2 = import ./spt-mox2.nix; + machine-spt-mpd = import ./spt-mpd.nix; + + machine-adm-omnia = import ./adm-omnia.nix; + machine-adm-omnia2 = import ./adm-omnia2.nix; + machine-adm-mpd = import ./spt-mpd.nix; +} diff --git a/nixos/machine/errol.nix b/nixos/machine/errol.nix new file mode 100644 index 0000000..707d8eb --- /dev/null +++ b/nixos/machine/errol.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + cynerd.desktop.enable = true; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/b4b3dd52-29d0-4cb9-91c9-694dfcd9672c"; + options = ["compress=lzo" "subvol=@nix"]; + }; + "/home" = { + device = "/dev/disk/by-uuid/b4b3dd52-29d0-4cb9-91c9-694dfcd9672c"; + options = ["compress=lzo" "subvol=@home"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/87B0-A1D5"; + }; + + "/home2" = { + device = "/dev/disk/by-uuid/259d078f-b3d9-4bcc-90cc-6a0d7271a03d"; + options = ["compress=lzo" "subvol=@home"]; + }; + "/var/build" = { + device = "/dev/disk/by-uuid/259d078f-b3d9-4bcc-90cc-6a0d7271a03d"; + options = ["compress=lzo" "subvol=@build" "uid=build" "gid=build"]; + }; + }; + + }; + +} diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix new file mode 100644 index 0000000..aa3d448 --- /dev/null +++ b/nixos/machine/lipwig.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + boot.isContainer = true; + boot.loader.initScript.enable = true; + + cynerd.openvpn.enable = true; + + # Git ###################################################################### + services.gitolite = { + enable = false; + user = "git"; + group = "git"; + dataDir = "/var/lib/git"; + adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key"; + }; + services.gitDaemon = { + enable = false; + user = "gitdemon"; + group = "gitdaemon"; + basePath = "/var/lib/git/repositories"; + }; + + # CalDAV and CardDAV ####################################################### + services.radicale = { + enable = true; + settings = { + server = { + hosts = [ "0.0.0.0:5232" "[::]:5232" ]; + ssl = true; + certificate = "/run/secrets/radicale/radicale.crt"; + key = "/run/secrets/radicale/radicale.key"; + }; + encoding = { + request = "utf-8"; + stock = "utf-8"; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = "/run/secrets/radicale/users"; + htpasswd_encryption = "bcrypt"; + delay = 1; + }; + storage = { + filesystem_folder = "/var/lib/radicale/"; + }; + web = { + type = "none"; + }; + }; + }; + }; + +} diff --git a/nixos/machine/ridcully.nix b/nixos/machine/ridcully.nix new file mode 100644 index 0000000..882f967 --- /dev/null +++ b/nixos/machine/ridcully.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + cynerd.desktop.enable = true; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/3b3063aa-c284-4075-bb37-8820df12a2f5"; + options = ["compress=lzo" "subvol=@nix"]; + }; + "/home" = { + device = "/dev/disk/by-uuid/3b3063aa-c284-4075-bb37-8820df12a2f5"; + options = ["compress=lzo" "subvol=@home"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/C1A0-B7C9"; + }; + + "/home2" = { + device = "/dev/disk/by-uuid/c9aa0b7b-7482-4d4a-bcc3-8bd6a853ae7f"; + options = ["compress=lzo" "subvol=@home"]; + }; + }; + + }; + +} diff --git a/nixos/machine/spt-mox.nix b/nixos/machine/spt-mox.nix new file mode 100644 index 0000000..eb304b2 --- /dev/null +++ b/nixos/machine/spt-mox.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + networking = { + vlans = { + "eth0.2" = { + id = 2; + interface = "eth0"; + }; + }; + bridges = { + brlan = { + interfaces = [ + "eth0" "lan1" "lan2" "lan3" "lan4" + ]; + }; + brguest = { + interfaces = [ + "eth0.2" + ]; + }; + }; + dhcpcd.allowInterfaces = [ "brlan" ]; + }; + }; + +} diff --git a/nixos/machine/spt-mox2.nix b/nixos/machine/spt-mox2.nix new file mode 100644 index 0000000..ed6a028 --- /dev/null +++ b/nixos/machine/spt-mox2.nix @@ -0,0 +1,78 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + + #boot.kernelPatches = [{ + # name = "rwtm"; + # patch = null; + # extraConfig = '' + # TURRIS_MOX_RWTM y + # ARMADA_37XX_RWTM_MBOX y + # ''; + #}]; + + networking.hostapd = { + "mlan0" = { + countryCode = "CZ"; + ssid = "TurrisRules"; + wpa = true; + wpaPskFile = "/run/secrets/wifi/TurrisRules.psk"; + }; + "wlp1s0" = { + countryCode = "CZ"; + hwMode = "a"; + channel = 36; + ieee80211ac = true; + ht_capab = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "DSSS_CCK-40"]; + vht_capab = ["RXLDPC" "SHORT-GI-80" "TX-STBC-2BY1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; + ssid = "TurrisRules5"; + wpa = true; + wpaPskFile = "/run/secrets/wifi/TurrisRules5.psk"; + bss = { + "wlp1s0host" = { + ssid = "NixTurris5Guest"; + wpa = true; + wpaPassphrase = "somepassword"; + }; + }; + }; + }; + + networking = { + vlans = { + "eth0.2" = { + id = 2; + interface = "eth0"; + }; + }; + bridges = { + brlan = { + interfaces = [ + "eth0" #"mlan0" "wlp1s0" + ]; + }; + brguest = { + interfaces = [ + "eth0.2" #"mlan0host" "wlp1s0host" + ]; + }; + }; + interfaces.brlan = { + ipv4 = { + addresses = [{ + address = config.cynerd.hosts.spt.mox2; + prefixLength = 24; + }]; + }; + }; + defaultGateway = config.cynerd.hosts.spt.omnia; + nameservers = [ config.cynerd.hosts.spt.omnia "1.1.1.1" "8.8.8.8" ]; + dhcpcd.allowInterfaces = [ "brlan" ]; + }; + }; + +} diff --git a/nixos/machine/spt-mpd.nix b/nixos/machine/spt-mpd.nix new file mode 100644 index 0000000..3e103e1 --- /dev/null +++ b/nixos/machine/spt-mpd.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + fileSystems = { + "/" = { + device = "/dev/mmcblk0p2"; + options = ["compress=lzo" "subvol=@nix"]; + }; + "/home" = { + device = "/dev/mmcblk0p2"; + options = ["compress=lzo" "subvol=@home"]; + }; + "/boot" = { + device = "/dev/mmcblk0p1"; + }; + }; + }; + +} diff --git a/nixos/machine/spt-omnia.nix b/nixos/machine/spt-omnia.nix new file mode 100644 index 0000000..21bfeb6 --- /dev/null +++ b/nixos/machine/spt-omnia.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + }; + +} diff --git a/nixos/machine/susan.nix b/nixos/machine/susan.nix new file mode 100644 index 0000000..b452ed9 --- /dev/null +++ b/nixos/machine/susan.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + cynerd.desktop.enable = true; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/e092a3ad-fb32-44fa-bc1f-14c2733da033"; + options = ["compress=lzo" "subvol=@nix"]; + }; + "/home" = { + device = "/dev/disk/by-uuid/e092a3ad-fb32-44fa-bc1f-14c2733da033"; + options = ["compress=lzo" "subvol=@home"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/EB3E-3635"; + }; + }; + + }; + +} diff --git a/nixos/modules/compile.nix b/nixos/modules/compile.nix new file mode 100644 index 0000000..a1709e6 --- /dev/null +++ b/nixos/modules/compile.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + options = { + cynerd.compile = mkOption { + type = types.bool; + default = false; + description = "If machine is about to be used for compilation."; + }; + }; + + config = mkIf config.cynerd.compile { + + environment.systemPackages = with pkgs; [ + # Tools + git bash + #uroot + qemu + + # Python + python3Packages.pip + + ]; + + }; + +} diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix new file mode 100644 index 0000000..fe401df --- /dev/null +++ b/nixos/modules/default.nix @@ -0,0 +1,11 @@ +nixpkgs: { + cynerd-compile = import ./compile.nix; + cynerd-desktop = import ./desktop.nix; + cynerd-develop = import ./develop.nix nixpkgs; + cynerd-generic = import ./generic.nix; + cynerd-hardware = import ./hardware.nix; + cynerd-hosts = import ./hosts.nix; + cynerd-openvpn = import ./openvpn.nix; + cynerd-syncthing = import ./syncthing.nix; + cynerd-wifi-client = import ./wifi-client.nix; +} diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix new file mode 100644 index 0000000..41efa0b --- /dev/null +++ b/nixos/modules/desktop.nix @@ -0,0 +1,158 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + + cnf = config.cynerd.desktop; + +in { + + options = { + cynerd.desktop = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable my desktop"; + }; + laptop = mkOption { + type = types.bool; + default = false; + description = "The desktop requires Laptop extensions"; + }; + }; + }; + + config = mkIf cnf.enable { + cynerd.hosts.enable = true; + + # TODO autologin but only on tty1 + services.gpm.enable = true; + + programs.sway.enable = true; + programs.sway.extraPackages = with pkgs; [ + gnome.dconf-editor + glib gsettings-desktop-schemas + i3blocks sysstat + wofi rofimoji wev + swaybackground myswaylock + + alacritty + + kanshi wdisplays wayvnc wl-mirror + slurp grim + xdg-desktop-portal-wlr xdg-desktop-portal-gtk pipewire wf-recorder + wl-clipboard wl-color-picker + swayidle + dunst + + isync msmtp notmuch astroid + taskwarrior vdirsyncer khal khard + gnupg pass pinentry-gnome pinentry-curses + + firefox chromium + ferdi + libreoffice + mupdf pdfgrep + + xdg-utils xdg-launch + mesa-demos vulkan-tools + + pulsemixer + mpd mpc-cli ncmpcpp + feh shotwell id3lib + vlc mpv youtube-dl + + delft-icon-theme gnome3.adwaita-icon-theme + vanilla-dmz + sound-theme-freedesktop + gucharmap + + samba cifs-utils + + tigervnc freerdp + kdeconnect + + hdparm ethtool multipath-tools + usb-modeswitch + v4l-utils + + # Calculating + python3Packages.numpy python3Packages.sympy python3Packages.matplotlib + + # Creation + simple-scan + audacity + gimp inkscape + blender + kdenlive + + # GStreamer + gst_all_1.gst-libav + gst_all_1.gst-plugins-bad + gst_all_1.gst-plugins-base + gst_all_1.gst-plugins-good + gst_all_1.gst-plugins-ugly + gst_all_1.gst-plugins-viperfx + + ] ++ ( [ + # Power management + powertop + acpi + ]); + programs.vim.package = pkgs.vimHugeX; + programs.shellrc.desktop = true; + xdg.portal.enable = true; + xdg.portal.wlr.enable = true; + xdg.portal.gtkUsePortal = true; + xdg.mime.defaultApplications = { + "application/pdf" = [ "mupdf.desktop" ]; + }; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + enableBrowserSocket = true; + }; + services.dbus.packages = [ pkgs.gcr ]; + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + security.rtkit.enable = true; + + services.printing = { + enable = true; + drivers = with pkgs; [ + gutenprint gutenprintBin + cnijfilter2 + ]; + }; + + fonts.fonts = with pkgs; [ + arkpandora_ttf + corefonts + dejavu_fonts + font-awesome + freefont_ttf + hack-font + liberation_ttf + libertine + noto-fonts + noto-fonts-emoji + terminus_font_ttf + ubuntu_font_family + unifont + ]; + + services.udev.extraRules = '' + ACTION=="add|change", KERNEL=="sd*[!0-9]", ATTR{queue/scheduler}="bfq" + ''; + hardware.opengl.driSupport = true; + hardware.opengl.driSupport32Bit = true; + + + }; +} diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix new file mode 100644 index 0000000..bf5c2de --- /dev/null +++ b/nixos/modules/develop.nix @@ -0,0 +1,105 @@ +nixpkgs: { config, lib, pkgs, ... }: + +with lib; + +let + + armv6l = (import nixpkgs.outPath { + localSystem = config.system.build.toplevel.system; + crossSystem = { + config = "armv6l-none-eabi"; + libc = "newlib"; + }; + }); + armv7l = (import nixpkgs.outPath { + localSystem = config.system.build.toplevel.system; + crossSystem = { + config = "armv7l-none-eabi"; + libc = "newlib"; + }; + }); + +in { + + options = { + cynerd.develop = mkOption { + type = types.bool; + default = false; + description = "If machine is about to be used for development."; + }; + }; + + config = mkIf config.cynerd.develop { + cynerd.compile = true; + environment.systemPackages = with pkgs; [ + # Tools + tig gource hub github-cli # Git + wlc # Weblate + cloc + openssl + sterm + + # Nix + nix-prefetch-git nix-prefetch-github nix-prefetch-scripts + + # C + ccls bear + check + valgrind + cppcheck flawfinder + gdb + lcov massif-visualizer + + # Shell + dash # Posix shell + bats + shellcheck + + # Python + python3 python3Packages.ipython + twine + python3Packages.pytest python3Packages.pytest-html #python3Packages.pytest-tap + python3Packages.coverage + python3Packages.python-lsp-black + mypy + pylint python3Packages.pydocstyle + + # Lua + lua51Packages.luacheck + + # Ansible + ansible + + # U-Boot + ubootTools + tftp-hpa + + # Network + iperf2 iperf3 + wireshark + inetutils + + # Gtk + glade + + # Containers + lxc lxd + docker + + # Barcode generation + barcode + + # D-Bus + dfeet + + # Bare metal + openocd + #armv6l.buildPackages.gcc armv6l.buildPackages.gdb + #armv7l.buildPackages.gcc armv7l.buildPackages.gdb + pkgsCross.arm-embedded.buildPackages.gcc + + ]; + + }; + +} diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix new file mode 100644 index 0000000..31f0829 --- /dev/null +++ b/nixos/modules/generic.nix @@ -0,0 +1,98 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = { + system.stateVersion = "22.05"; + + nix = { + extraOptions = "experimental-features = nix-command flakes"; + autoOptimiseStore = true; + registry = { + personal.to = { + type = "git"; + url = "https://git.cynerd.cz/nixos-personal"; + }; + }; + }; + + boot.loader.systemd-boot.enable = mkDefault true; + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelParams = ["boot.shell_on_fail"]; + hardware.enableAllFirmware = true; + + + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + git # We need git for this repository to even work + # Administration tools + coreutils moreutils psmisc progress lshw + dig + + # NCurses tools + htop iotop glances + mc + screen tmux + ncdu + + # ls tools + tree + mlocate + lsof + strace + + sourceHighlight # Colors for less + unrar p7zip + + # Vim plugins (used for root account) + vimPlugins.vim-nix + vimPlugins.vim-nftables + + # Network + nmap netcat traceroute + iftop nethogs + # TODO add mdns + + lm_sensors + + ] ++ optional (system == "x86_64-linux") ltrace; + + users.mutableUsers = false; + users.groups.cynerd.gid = 1000; + users.users = { + root = { + passwordFile = "/run/secrets/root.pass"; + }; + cynerd = { + uid = 1000; + subUidRanges = [{ count = 65534; startUid = 10000; }]; + subGidRanges = [{ count = 65534; startGid = 10000; }]; + group = "cynerd"; + isNormalUser = true; + createHome = true; + shell = pkgs.zsh.out; + extraGroups = ["users" "wheel"]; + passwordFile = "/run/secrets/cynerd.pass"; + openssh.authorizedKeys.keyFiles = [ + (config.personal-secrets + "/unencrypted/git-private.pub") + ]; + }; + }; + programs.zsh.enable = true; + programs.shellrc.enable = true; + programs.vim.defaultEditor = mkDefault true; + + security.sudo.extraRules = [ + { groups = [ "wheel" ]; commands = [ "ALL" ]; } + ]; + + services.openssh.enable = true; + + time.timeZone = "Europe/Prague"; + i18n.defaultLocale = "en_US.UTF-8"; + }; + +} diff --git a/nixos/modules/hardware.nix b/nixos/modules/hardware.nix new file mode 100644 index 0000000..d6bbd94 --- /dev/null +++ b/nixos/modules/hardware.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + options = { }; + + config = { + }; + +} diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix new file mode 100644 index 0000000..19f877e --- /dev/null +++ b/nixos/modules/hosts.nix @@ -0,0 +1,104 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cnf = config.cynerd.hosts; + + staticZoneOption = mkOption { + type = types.attrsOf types.str; + readOnly = true; + }; + +in { + + options = { + cynerd.hosts = { + enable = mkOption { + type = types.bool; + default = false; + description = "Use my personal static hosts"; + }; + vpn = staticZoneOption; + spt = staticZoneOption; + adm = staticZoneOption; + }; + }; + + config = { + cynerd.hosts = { + vpn = { + "lipwig" = "10.8.0.1"; + # Portable + "android" = "10.8.0.2"; + "albert" = "10.8.0.3"; + "dean" = "10.8.0.4"; + "susan" = "10.8.0.5"; + "binky" = "10.8.0.6"; + # Endpoints + "spt-omnia" = "10.8.0.50"; + "adm-omnia" = "10.8.0.51"; + }; + spt = { + # Network + "omnia" = "10.8.2.1"; + "mox" = "10.8.2.2"; + "mox2" = "10.8.2.3"; + # Local + "mpd" = "10.8.2.51"; + "errol" = "10.8.2.60"; + # Portable + "albert" = "10.8.2.61"; + "susan" = "10.8.2.62"; + "binky" = "10.8.2.63"; + }; + adm = { + # Network + "omnia" = "10.8.3.1"; + "omnia2" = "10.8.3.3"; + # Local + "ridcully" = "10.8.3.60"; + "3dprint" = "10.8.3.80"; + "mpd" = "192.168.0.51"; + # Portable + "albert" ="10.8.3.61"; + "susan" = "10.8.3.62"; + "binky" = "10.8.3.63"; + }; + }; + + networking.hosts = mkIf cnf.enable { + # VPN + "${cnf.vpn.lipwig}" = ["lipwig.vpn"]; + "${cnf.vpn.android}" = ["android.vpn"]; + "${cnf.vpn.albert}" = ["albert.vpn"]; + "${cnf.vpn.dean}" = ["dean.vpn"]; + "${cnf.vpn.susan}" = ["susan.vpn"]; + "${cnf.vpn.binky}" = ["binky.vpn"]; + "${cnf.vpn.spt-omnia}" = ["spt.vpn"]; + "${cnf.vpn.adm-omnia}" = ["adm.vpn"]; + # Spt + "${cnf.spt.omnia}" = ["omnia.spt"]; + "${cnf.spt.mox}" = ["mox.spt"]; + "${cnf.spt.mox2}" = ["mox2.spt"]; + "10.8.2.4" = ["mi3g.spt"]; + "${cnf.spt.mpd}" = ["mpd.spt"]; + "${cnf.spt.errol}" = ["errol" "desktop.spt"]; + "${cnf.spt.albert}" = ["albert.spt"]; + "${cnf.spt.susan}" = ["susan.spt"]; + "${cnf.spt.binky}" = ["binky.spt"]; + # Adm + "${cnf.adm.omnia}" = ["omnia.adm"]; + "10.8.3.2" = ["redmi.adm"]; + "${cnf.adm.omnia2}" = ["omnia2.adm"]; + "${cnf.adm.ridcully}" = ["ridcully" "desktop.adm"]; + "${cnf.adm.albert}" = ["albert.adm"]; + "${cnf.adm.susan}" = ["susan.adm"]; + "${cnf.adm.binky}" = ["binky.adm"]; + "${cnf.adm."3dprint"}" = ["3dprint"]; + "${cnf.adm.mpd}" = ["mpd.adm"]; + }; + }; + +} diff --git a/nixos/modules/openvpn.nix b/nixos/modules/openvpn.nix new file mode 100644 index 0000000..abcd1f0 --- /dev/null +++ b/nixos/modules/openvpn.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cnf = config.cynerd.openvpn; + +in { + + options = { + cynerd.openvpn.enable = mkOption { + type = types.bool; + default = false; + description = "My personal OpenVPN"; + }; + }; + + config = mkIf cnf.enable { + services.openvpn.servers.personal = { + config = "config /run/secrets/personal.ovpn"; + }; + }; + +} + diff --git a/nixos/modules/syncthing.nix b/nixos/modules/syncthing.nix new file mode 100644 index 0000000..44c1ac1 --- /dev/null +++ b/nixos/modules/syncthing.nix @@ -0,0 +1,115 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with lib; + +let + + cnf = config.cynerd.syncthing; + hostName = config.networking.hostName; + allDevices = [ + "albert" "binky" "errol" "lipwig" "ridcully" "susan" "spt-omnia" + ]; + mediaDevices = [ + "lipwig" "binky" "errol" "ridcully" "spt-omnia" + ]; + bigStorageDevices = [ + "errol" "ridcully" "spt-omnia" + ]; + filterDevice = folders: filterAttrs (n: v: any (d: d == hostName) v.devices) folders; + +in { + + options = { + cynerd.syncthing = { + + enable = mkOption { + type = types.bool; + default = false; + description = "My personal Syncthing configuration"; + }; + + baseDir = mkOption { + type = types.str; + default = "/home/cynerd"; + description = "Base directory for all folders being synced."; + }; + + }; + }; + + config = mkIf cnf.enable { + services.syncthing = { + enable = any (n: n == hostName) allDevices; + user = mkDefault "cynerd"; + key = "/run/secrets/syncthing/key.pem"; + cert = "/run/secrets/syncthing/cert.pem"; + + openDefaultPorts = true; + + overrideFolders = true; + folders = filterDevice { + "${cnf.baseDir}/documents" = { + label = "Documents"; + id = "documents"; + devices = allDevices; + ignorePerms = false; + }; + "${cnf.baseDir}/notes" = { + label = "Notes"; + id = "notes"; + devices = allDevices; + ignorePerms = false; + }; + "${cnf.baseDir}/projects" = { + label = "Projects"; + id = "projects"; + devices = allDevices; + ignorePerms = false; + }; + "${cnf.baseDir}/pictures" = { + label = "Pictures"; + id = "pictures"; + devices = mediaDevices; + ignorePerms = false; + }; + # TODO phone-photos + "${cnf.baseDir}/music/primary" = { + label = "Music-primary"; + id = "music-primary"; + devices = mediaDevices; + ignorePerms = false; + }; + "${cnf.baseDir}/music/secondary" = { + label = "Music-secondary"; + id = "music-secondary"; + devices = bigStorageDevices; + ignorePerms = false; + }; + "${cnf.baseDir}/music/flac" = { + label = "Music-flac"; + id = "music-flac"; + devices = bigStorageDevices; + ignorePerms = false; + }; + "${cnf.baseDir}/video" = { + label = "Video"; + id = "video"; + devices = bigStorageDevices; + ignorePerms = false; + }; + }; + + overrideDevices = true; + devices = recursiveUpdate + (genAttrs allDevices (name: { + id = config.secrets.syncthingIDs."${name}"; + })) + { + lipwig.addresses = ["tcp://cynerd.cz"]; + }; + # TODO phone + }; + }; + +} diff --git a/nixos/modules/wifi-client.nix b/nixos/modules/wifi-client.nix new file mode 100644 index 0000000..af09155 --- /dev/null +++ b/nixos/modules/wifi-client.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + options = { + cynerd.wifiClient = mkOption { + type = types.bool; + default = false; + description = "Enable Wi-Fi client support"; + }; + }; + + config = mkIf config.cynerd.wifiClient { + networking.wireless = { + enable = true; + networks = config.secrets.wifiNetworks; + environmentFile = "/run/secrets/wifi.env"; + userControlled.enable = true; + }; + }; +} -- cgit v1.2.3