From 320570979ec7c303dbd59fb59838144e35a756c6 Mon Sep 17 00:00:00 2001 From: Sebastian Moser Date: Thu, 11 Sep 2025 02:13:56 +0200 Subject: [PATCH] disko flash script, new hosts, and other things --- common/nixos-wayland.nix | 18 +- common/nixos.nix | 2 + flake.lock | 254 ++++++++++++++------------ flake.nix | 147 ++++++++++++++- hosts/{fes.nix => fe.nix} | 4 +- hosts/ki.nix | 324 +++++++++++++++++++++++++++++++++ hosts/le.nix | 324 +++++++++++++++++++++++++++++++++ hosts/mac.nix | 1 + hosts/te.nix | 366 ++++++++++++++++++++++++++++++++++++++ hosts/ti.nix | 324 +++++++++++++++++++++++++++++++++ misc/my-hosts | 5 +- misc/my-hosts-h | 1 + misc/my-hosts-t | 1 + programs/ssh.nix | 12 ++ 14 files changed, 1657 insertions(+), 126 deletions(-) rename hosts/{fes.nix => fe.nix} (98%) create mode 100644 hosts/ki.nix create mode 100644 hosts/le.nix create mode 100644 hosts/te.nix create mode 100644 hosts/ti.nix diff --git a/common/nixos-wayland.nix b/common/nixos-wayland.nix index 56359d3..f1d50a2 100644 --- a/common/nixos-wayland.nix +++ b/common/nixos-wayland.nix @@ -50,7 +50,7 @@ in { settings = rec { initial_session = { #command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time -d --env WLR_RENDERER_ALLOW_SOFTWARE=1 --cmd sway"; - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd ${pkgs.writeScriptBin "run-sway" '' + command = "${pkgs.writeScriptBin "run-sway" '' export WLR_RENDERER_ALLOW_SOFTWARE=1 export SDL_VIDEODRIVER=wayland export _JAVA_AWT_WM_NONREPARENTING=1 @@ -506,14 +506,14 @@ in { bindsym $mod+m mode ChangeWorkroom ############################# Fx stuff: - blur disable - blur_passes 0 - blur_radius 1 - blur_noise 0 - blur_brightness 1 + #blur disable + #blur_passes 0 + #blur_radius 1 + #blur_noise 0 + #blur_brightness 1 - corner_radius 12 - default_dim_inactive 0.15 + #corner_radius 12 + #default_dim_inactive 0.15 # Layout stuff: gaps inner 2 @@ -524,7 +524,7 @@ in { #smart_gaps on default_border pixel 2 - corner_radius 0 + #corner_radius 0 # disable_titlebar yes floating_modifier $mod normal diff --git a/common/nixos.nix b/common/nixos.nix index 9438694..8638ec8 100644 --- a/common/nixos.nix +++ b/common/nixos.nix @@ -25,7 +25,9 @@ networking.extraHosts = '' ${builtins.readFile "${self}/misc/my-hosts"} ${builtins.readFile "${self}/misc/my-hosts-me"} + ${builtins.readFile "${self}/misc/my-hosts-t"} ''; + environment.etc.current_hosts.text = builtins.readFile "${self}/misc/my-hosts-me"; environment.etc.current_hosts.mode = "rw"; } diff --git a/flake.lock b/flake.lock index 855b08f..16addab 100644 --- a/flake.lock +++ b/flake.lock @@ -4,7 +4,7 @@ "inputs": { "devshell": "devshell", "flake-utils": "flake-utils_5", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1638562808, @@ -25,7 +25,7 @@ "inputs": { "devshell": "devshell_2", "flake-utils": "flake-utils_12", - "nixpkgs": "nixpkgs_15" + "nixpkgs": "nixpkgs_16" }, "locked": { "lastModified": 1638562808, @@ -46,7 +46,7 @@ "inputs": { "devshell": "devshell_3", "flake-utils": "flake-utils_19", - "nixpkgs": "nixpkgs_22" + "nixpkgs": "nixpkgs_23" }, "locked": { "lastModified": 1638562808, @@ -67,7 +67,7 @@ "inputs": { "devshell": "devshell_4", "flake-utils": "flake-utils_26", - "nixpkgs": "nixpkgs_30" + "nixpkgs": "nixpkgs_31" }, "locked": { "lastModified": 1638562808, @@ -98,7 +98,7 @@ "nix-wsl": "nix-wsl_2", "nixos-generators": "nixos-generators_2", "nixos-hardware": "nixos-hardware_2", - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_14", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap_4", "nixpkgs-old": "nixpkgs-old_2", "nixpkgs-unstable": "nixpkgs-unstable_2", @@ -139,7 +139,7 @@ "nix-wsl": "nix-wsl_3", "nixos-generators": "nixos-generators_3", "nixos-hardware": "nixos-hardware_3", - "nixpkgs": "nixpkgs_20", + "nixpkgs": "nixpkgs_21", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap_6", "nixpkgs-unstable": "nixpkgs-unstable_3", "nur": "nur_3", @@ -176,7 +176,7 @@ "nix-wsl": "nix-wsl_4", "nixos-generators": "nixos-generators_4", "nixos-hardware": "nixos-hardware_4", - "nixpkgs": "nixpkgs_28", + "nixpkgs": "nixpkgs_29", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap_8", "nixpkgs-unstable": "nixpkgs-unstable_4", "podman": "podman_4", @@ -343,6 +343,25 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1746728054, + "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=", + "owner": "nix-community", + "repo": "disko", + "rev": "ff442f5d1425feb86344c028298548024f21256d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "latest", + "repo": "disko", + "type": "github" + } + }, "doom-emacs": { "flake": false, "locked": { @@ -977,7 +996,7 @@ "inputs": { "flake-compat": "flake-compat", "lib-aggregate": "lib-aggregate", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1752151250, @@ -1102,7 +1121,7 @@ "flake-compat": "flake-compat_4", "lib-aggregate": "lib-aggregate_2", "mozilla": "mozilla", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1729272011, @@ -1124,7 +1143,7 @@ "flake-compat": "flake-compat_7", "lib-aggregate": "lib-aggregate_3", "mozilla": "mozilla_2", - "nixpkgs": "nixpkgs_17" + "nixpkgs": "nixpkgs_18" }, "locked": { "lastModified": 1714587578, @@ -1146,7 +1165,7 @@ "flake-compat": "flake-compat_10", "lib-aggregate": "lib-aggregate_4", "mozilla": "mozilla_3", - "nixpkgs": "nixpkgs_24" + "nixpkgs": "nixpkgs_25" }, "locked": { "lastModified": 1714047754, @@ -2122,7 +2141,7 @@ }, "lan-mouse": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -2296,7 +2315,7 @@ }, "my-log": { "inputs": { - "nixpkgs": "nixpkgs_25" + "nixpkgs": "nixpkgs_26" }, "locked": { "lastModified": 1712193044, @@ -2384,7 +2403,7 @@ "flake-utils": "flake-utils_3", "format-all": "format-all", "nix-straight": "nix-straight", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nose": "nose", "ob-racket": "ob-racket", "org": "org", @@ -2426,7 +2445,7 @@ "flake-utils": "flake-utils_9", "format-all": "format-all_2", "nix-straight": "nix-straight_2", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "nose": "nose_2", "ob-racket": "ob-racket_2", "org": "org_2", @@ -2468,7 +2487,7 @@ "flake-utils": "flake-utils_16", "format-all": "format-all_3", "nix-straight": "nix-straight_3", - "nixpkgs": "nixpkgs_18", + "nixpkgs": "nixpkgs_19", "nose": "nose_3", "ob-racket": "ob-racket_3", "org": "org_3", @@ -2510,7 +2529,7 @@ "flake-utils": "flake-utils_23", "format-all": "format-all_4", "nix-straight": "nix-straight_4", - "nixpkgs": "nixpkgs_26", + "nixpkgs": "nixpkgs_27", "nose": "nose_4", "ob-racket": "ob-racket_4", "org": "org_4", @@ -2977,7 +2996,7 @@ "nix-wsl": { "inputs": { "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1752138162, @@ -2997,7 +3016,7 @@ "inputs": { "flake-compat": "flake-compat_6", "flake-utils": "flake-utils_10", - "nixpkgs": "nixpkgs_12" + "nixpkgs": "nixpkgs_13" }, "locked": { "lastModified": 1729203674, @@ -3017,7 +3036,7 @@ "inputs": { "flake-compat": "flake-compat_9", "flake-utils": "flake-utils_17", - "nixpkgs": "nixpkgs_19" + "nixpkgs": "nixpkgs_20" }, "locked": { "lastModified": 1714355896, @@ -3037,7 +3056,7 @@ "inputs": { "flake-compat": "flake-compat_12", "flake-utils": "flake-utils_24", - "nixpkgs": "nixpkgs_27" + "nixpkgs": "nixpkgs_28" }, "locked": { "lastModified": 1713947658, @@ -3271,16 +3290,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752124863, - "narHash": "sha256-5rWuf6RAlMDp/CAEuyYEz7ryxzgjxOCgUDhWEef864c=", - "owner": "nixos", + "lastModified": 1757034884, + "narHash": "sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "40de82b434526744da778ed53c742c1282d9e75e", + "rev": "ca77296380960cd497a765102eeb1356eb80fed0", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -3658,6 +3677,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1638371214, + "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a640d8394f34714578f3e6335fc767d0755d78f9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1728888510, "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", @@ -3673,7 +3708,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1695806987, "narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=", @@ -3688,7 +3723,7 @@ "type": "indirect" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1728740863, "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=", @@ -3704,7 +3739,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1741892592, "narHash": "sha256-ai0XSujeUYInQtp1u6TQfrTx9Vtv9bAOkK63lWcttzk=", @@ -3720,7 +3755,7 @@ "type": "github" } }, - "nixpkgs_14": { + "nixpkgs_15": { "locked": { "lastModified": 1613434981, "narHash": "sha256-Q6JRyPs5g2AXov/yEof//jOOiQ/VZVxrSYC7jiCEhSE=", @@ -3734,7 +3769,7 @@ "type": "indirect" } }, - "nixpkgs_15": { + "nixpkgs_16": { "locked": { "lastModified": 1637841632, "narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=", @@ -3750,7 +3785,7 @@ "type": "github" } }, - "nixpkgs_16": { + "nixpkgs_17": { "locked": { "lastModified": 1638371214, "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", @@ -3766,7 +3801,7 @@ "type": "github" } }, - "nixpkgs_17": { + "nixpkgs_18": { "locked": { "lastModified": 1714253743, "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", @@ -3782,7 +3817,7 @@ "type": "github" } }, - "nixpkgs_18": { + "nixpkgs_19": { "locked": { "lastModified": 1695806987, "narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=", @@ -3797,7 +3832,23 @@ "type": "indirect" } }, - "nixpkgs_19": { + "nixpkgs_2": { + "locked": { + "lastModified": 1752124863, + "narHash": "sha256-5rWuf6RAlMDp/CAEuyYEz7ryxzgjxOCgUDhWEef864c=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "40de82b434526744da778ed53c742c1282d9e75e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_20": { "locked": { "lastModified": 1714272655, "narHash": "sha256-3/ghIWCve93ngkx5eNPdHIKJP/pMzSr5Wc4rNKE1wOc=", @@ -3813,23 +3864,7 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1740560979, - "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "5135c59491985879812717f4c9fea69604e7f26f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_20": { + "nixpkgs_21": { "locked": { "lastModified": 1714564312, "narHash": "sha256-+Pu+QmY5u33E+PMulmvLiyAgZDi2bgbV5LEtiVXa0c4=", @@ -3845,7 +3880,7 @@ "type": "github" } }, - "nixpkgs_21": { + "nixpkgs_22": { "locked": { "lastModified": 1613434981, "narHash": "sha256-Q6JRyPs5g2AXov/yEof//jOOiQ/VZVxrSYC7jiCEhSE=", @@ -3859,7 +3894,7 @@ "type": "indirect" } }, - "nixpkgs_22": { + "nixpkgs_23": { "locked": { "lastModified": 1637841632, "narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=", @@ -3875,7 +3910,7 @@ "type": "github" } }, - "nixpkgs_23": { + "nixpkgs_24": { "locked": { "lastModified": 1638371214, "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", @@ -3891,7 +3926,7 @@ "type": "github" } }, - "nixpkgs_24": { + "nixpkgs_25": { "locked": { "lastModified": 1713895582, "narHash": "sha256-cfh1hi+6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U=", @@ -3907,7 +3942,7 @@ "type": "github" } }, - "nixpkgs_25": { + "nixpkgs_26": { "locked": { "lastModified": 1702830618, "narHash": "sha256-lvhwIvRwhOLgzbRuYkqHy4M5cQHYs4ktL6/hyuBS6II=", @@ -3923,7 +3958,7 @@ "type": "github" } }, - "nixpkgs_26": { + "nixpkgs_27": { "locked": { "lastModified": 1695806987, "narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=", @@ -3938,7 +3973,7 @@ "type": "indirect" } }, - "nixpkgs_27": { + "nixpkgs_28": { "locked": { "lastModified": 1713013257, "narHash": "sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib+8=", @@ -3954,7 +3989,7 @@ "type": "github" } }, - "nixpkgs_28": { + "nixpkgs_29": { "locked": { "lastModified": 1714082080, "narHash": "sha256-ntuxg7lSDr6HNZ9/3fVf6qFy/FNGvEAHYM0lXgyrW5w=", @@ -3970,7 +4005,23 @@ "type": "github" } }, - "nixpkgs_29": { + "nixpkgs_3": { + "locked": { + "lastModified": 1740560979, + "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "5135c59491985879812717f4c9fea69604e7f26f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_30": { "locked": { "lastModified": 1613434981, "narHash": "sha256-Q6JRyPs5g2AXov/yEof//jOOiQ/VZVxrSYC7jiCEhSE=", @@ -3984,22 +4035,7 @@ "type": "indirect" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1695806987, - "narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f3dab3509afca932f3f4fd0908957709bb1c1f57", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixpkgs-unstable", - "type": "indirect" - } - }, - "nixpkgs_30": { + "nixpkgs_31": { "locked": { "lastModified": 1637841632, "narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=", @@ -4015,7 +4051,7 @@ "type": "github" } }, - "nixpkgs_31": { + "nixpkgs_32": { "locked": { "lastModified": 1638371214, "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", @@ -4032,6 +4068,21 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1695806987, + "narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f3dab3509afca932f3f4fd0908957709bb1c1f57", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixpkgs-unstable", + "type": "indirect" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1751792365, "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", @@ -4047,7 +4098,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1752162966, "narHash": "sha256-3MxxkU8ZXMHXcbFz7UE4M6qnIPTYGcE/7EMqlZNnVDE=", @@ -4063,7 +4114,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1751984180, "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", @@ -4079,7 +4130,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1613434981, "narHash": "sha256-Q6JRyPs5g2AXov/yEof//jOOiQ/VZVxrSYC7jiCEhSE=", @@ -4093,7 +4144,7 @@ "type": "indirect" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1637841632, "narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=", @@ -4109,22 +4160,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1638371214, - "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a640d8394f34714578f3e6335fc767d0755d78f9", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-21.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nmd": { "flake": false, "locked": { @@ -4384,7 +4419,7 @@ "nur": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1752169447, @@ -4753,7 +4788,7 @@ "podman": { "inputs": { "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1661906180, @@ -4772,7 +4807,7 @@ "podman_2": { "inputs": { "flake-utils": "flake-utils_11", - "nixpkgs": "nixpkgs_14" + "nixpkgs": "nixpkgs_15" }, "locked": { "lastModified": 1661906180, @@ -4791,7 +4826,7 @@ "podman_3": { "inputs": { "flake-utils": "flake-utils_18", - "nixpkgs": "nixpkgs_21" + "nixpkgs": "nixpkgs_22" }, "locked": { "lastModified": 1661906180, @@ -4810,7 +4845,7 @@ "podman_4": { "inputs": { "flake-utils": "flake-utils_25", - "nixpkgs": "nixpkgs_29" + "nixpkgs": "nixpkgs_30" }, "locked": { "lastModified": 1661906180, @@ -4940,7 +4975,7 @@ "robotnix": { "inputs": { "androidPkgs": "androidPkgs", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "nixpkgsUnstable": "nixpkgsUnstable" }, "locked": { @@ -4960,7 +4995,7 @@ "robotnix_2": { "inputs": { "androidPkgs": "androidPkgs_2", - "nixpkgs": "nixpkgs_16", + "nixpkgs": "nixpkgs_17", "nixpkgsUnstable": "nixpkgsUnstable_2" }, "locked": { @@ -4980,7 +5015,7 @@ "robotnix_3": { "inputs": { "androidPkgs": "androidPkgs_3", - "nixpkgs": "nixpkgs_23", + "nixpkgs": "nixpkgs_24", "nixpkgsUnstable": "nixpkgsUnstable_3" }, "locked": { @@ -5000,7 +5035,7 @@ "robotnix_4": { "inputs": { "androidPkgs": "androidPkgs_4", - "nixpkgs": "nixpkgs_31", + "nixpkgs": "nixpkgs_32", "nixpkgsUnstable": "nixpkgsUnstable_4" }, "locked": { @@ -5019,6 +5054,7 @@ }, "root": { "inputs": { + "disko": "disko", "firefox": "firefox", "firefox-addons": "firefox-addons", "flake-utils": "flake-utils_2", @@ -5032,7 +5068,7 @@ "nix-wsl": "nix-wsl", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap_2", "nixpkgs-old": "nixpkgs-old", "nixpkgs-unstable": "nixpkgs-unstable", diff --git a/flake.nix b/flake.nix index 56b568a..468bcc9 100644 --- a/flake.nix +++ b/flake.nix @@ -46,6 +46,11 @@ lan-mouse.url = "github:feschber/lan-mouse"; + disko = { + url = "github:nix-community/disko/latest"; + #inputs.nixpkgs.follows = "nixpkgs"; + }; + robotnix = { #url = "github:nix-community/robotnix"; url = "github:c2vi/robotnix"; @@ -235,6 +240,109 @@ ############ apps ################ apps = { + flash = let + + # echo the disks which will be flashed... + diskListing = hostname: let + list = mypkgs.lib.attrsets.mapAttrsToList (name: value: "echo flashing disk ${name} onto device ${value.device}") self.nixosConfigurations.${hostname}.config.disko.devices.disk; + string = mypkgs.lib.strings.concatStringsSep "\n" list; + in string; + + diskDefinitionsList = hostname: let + list = mypkgs.lib.attrsets.mapAttrsToList (name: value: "diskDefinitions[${name}]=${value.device}") self.nixosConfigurations.${hostname}.config.disko.devices.disk; + string = mypkgs.lib.strings.concatStringsSep "\n" list; + in string; + + createFlashScript = hostname: { + type = "app"; + program = "${mypkgs.writeShellScriptBin "flash-te" '' + set -eo pipefail + + echo flashing for host ${hostname} + ${diskListing hostname} + + declare -A diskDefinitions + ${diskDefinitionsList hostname} + + + # default value if no --mode provided + MODE="default" + ARGS=() + + while [[ $# -gt 0 ]]; do + case "$1" in + --) # end of options; take remaining args as-is + shift + while [[ $# -gt 0 ]]; do + ARGS+=("$1") + shift + done + break + ;; + --mode=*) # --mode=VALUE + MODE="''${1#*=}" + shift + ;; + --mode) # --mode VALUE + if [[ $# -lt 2 ]]; then + echo "Error: --mode requires a value" >&2 + exit 1 + fi + MODE="$2" + shift 2 + ;; + --do-flash) + DO_FLASH=yes + shift 1 + ;; + --disk) # --mode VALUE + if [[ $# -lt 3 ]]; then + echo "Error: --disk requires two values" >&2 + exit 1 + fi + diskname="$2" + diskval="$3" + diskDefinitions["$diskname"]="$diskval" + shift 3 + ;; + *) + ARGS+=("$1") # all other args preserved + shift + ;; + esac + done + + + # generate arg string from diskDefinitions + diskDefinitionString="" + for i in "''${!diskDefinitions[@]}" + do + diskDefinitionString="$diskDefinitionString --disk $i ''${diskDefinitions[$i]}" + done + + + echo would run: sudo -E ${inputs.disko.packages.x86_64-linux.disko-install}/bin/disko-install --mode $MODE --flake ${self}#${hostname} $diskDefinitionString ''${ARGS[@]} + + + if [[ $DO_FLASH != "yes" ]] + then + echo type yes to continue... + read acc + if [[ "$acc" != "yes" ]] + then + echo aborting... + exit + fi + fi + + echo flashing... + sudo -E ${inputs.disko.packages.x86_64-linux.disko-install}/bin/disko-install --mode $MODE --flake ${self}#${hostname} $diskDefinitionString ''${ARGS[@]} + ''}/bin/flash-te"; + }; + in { + te = createFlashScript "te"; + ki = createFlashScript "ki"; + }; test = inputs.nix-on-droid.outputs.apps.x86_64-linux.deploy; wsl = { @@ -365,11 +473,46 @@ ]; }; - "fes" = nixpkgs.lib.nixosSystem { + #fesu my second server to fusu + "fe" = nixpkgs.lib.nixosSystem { inherit specialArgs; system = "x86_64-linux"; modules = [ - ./hosts/fes.nix + ./hosts/fe.nix + ]; + }; + + # lesh... seccond raspi + "le" = nixpkgs.lib.nixosSystem { + inherit specialArgs; + system = "aarch64-linux"; + modules = [ + ./hosts/le.nix + ]; + }; + + "te" = nixpkgs.lib.nixosSystem { + inherit specialArgs; + system = "x86_64-linux"; + modules = [ + ./hosts/te.nix + ]; + }; + + "ki" = nixpkgs.lib.nixosSystem { + inherit specialArgs; + system = "x86_64-linux"; + modules = [ + ./hosts/ki.nix + ]; + }; + + # my asus tinker board + "ti" = nixpkgs.lib.nixosSystem { + inherit specialArgs; + system = "x86_64-linux"; + modules = [ + ./hosts/ti.nix ]; }; diff --git a/hosts/fes.nix b/hosts/fe.nix similarity index 98% rename from hosts/fes.nix rename to hosts/fe.nix index 5ad66cc..fccf333 100644 --- a/hosts/fes.nix +++ b/hosts/fe.nix @@ -45,7 +45,7 @@ fileSystems."/boot" = { device = "/dev/disk/by-label/FES-BOOT"; - fsType = "fat32"; + fsType = "vfat"; }; services.openssh = { @@ -147,7 +147,7 @@ address = "192.168.1.1"; interface = "br0"; }; - hostName = "fes"; + hostName = "fe"; nameservers = [ "1.1.1.1" "8.8.8.8" ]; }; diff --git a/hosts/ki.nix b/hosts/ki.nix new file mode 100644 index 0000000..de31fa4 --- /dev/null +++ b/hosts/ki.nix @@ -0,0 +1,324 @@ +{ lib, secretsDir, pkgs, inputs, unstable, ... }: let + +myobs = pkgs.wrapOBS { + plugins = with pkgs.obs-studio-plugins; [ + obs-ndi + obs-teleport + ]; +}; + + +in { + + imports = [ + ../common/all.nix + ../common/nixos.nix + ../common/building.nix + + inputs.home-manager.nixosModules.home-manager + inputs.networkmanager.nixosModules.networkmanager + inputs.disko.nixosModules.disko + ../users/me/gui.nix + ../users/root/default.nix + ../common/nixos-wayland.nix + ]; + services.tailscale.enable = true; + programs.nix-ld.enable = true; + + networking.hostName = "mac"; + networking.firewall.enable = false; + services.avahi = { + enable = true; + nssmdns = true; + publish = { + enable = true; + addresses = true; + domain = true; + hinfo = true; + userServices = true; + workstation = true; + }; + }; + networking.firewall.allowedTCPPorts = [ + 8888 # for general usage + 9999 # for general usage + 6000 # Xserver + 6666 # vnc sway + 5900 # vnc for win VM + 5901 # vnc + 5902 # vnc + 4400 # rdp win VM + 4401 # ssh for mandroid + 4402 # random + 4403 # random + 4404 # random + 4405 # clipboard sync + ]; + + networking.firewall.allowedUDPPorts = [ + 48899 # GoodWe inverter discovery + 4410 # lan-mouse + ]; + + swapDevices = [ { device = "/swapfile"; } ]; + + boot.kernelModules = [ "usbip_core" ]; + boot.extraModprobeConfig = "options kvm_intel nested=1"; + + # to build rpi images + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + ]; + + virtualisation.libvirtd = { + enable = true; + qemuOvmf = true; + qemuSwtpm = true; + #qemuOvmfPackage = pkgs.OVMFFull; + }; + + environment.systemPackages = with pkgs; [ + linuxPackages.usbip + helvum + passt + mount + pkgs.hicolor-icon-theme + efibootmgr + tcpdump + ]; + + + services.openssh = { + enable = true; + # require public key authentication for better security + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.PermitRootLogin = "no"; + + settings.X11Forwarding = true; + + extraConfig = '' + X11UseLocalhost no + ''; + }; + + + services.greetd = lib.mkForce { + enable = true; + settings = rec { + terminal.vt = 1; + initial_session = let + + newerUnstableSrc = builtins.getFlake "nixpkgs/d0fc30899600b9b3466ddb260fd83deb486c32f1"; + newerUnstable = import newerUnstableSrc.outPath {}; + + mySway = newerUnstable.sway.override { + sway-unwrapped = (newerUnstable.sway-unwrapped.overrideAttrs (prev: { + /* + src = pkgs.fetchFromGitHub { + owner = "WillPower3309"; + repo = "swayfx"; + rev = ""; + hash = ""; + }; + */ + src = pkgs.fetchFromGitHub { + owner = "swaywm"; + repo = "sway"; + rev = "73c244fb4807a29c6599d42c15e8a8759225b2d6"; + hash = "sha256-P2w1oRVUNBWajt8jZOxPXvBE29urbrhtORy+lfYqnF8="; + }; + })).override { + wlroots = newerUnstable.wlroots.overrideAttrs (prev: { + version = "master"; + src = pkgs.fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "wlroots"; + repo = "wlroots"; + rev = "master"; + sha256 = "sha256-2FK6FGRpgf/YYqwJST0LVA/pnNRSUDrfrrp6mSwA0Fk="; + }; + + }); + }; + }; + + in { + #command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time -d --env WLR_RENDERER_ALLOW_SOFTWARE=1 --cmd sway"; + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd ${pkgs.writeScriptBin "run-sway" '' + export WLR_RENDERER_ALLOW_SOFTWARE=1 + export SDL_VIDEODRIVER=wayland + export _JAVA_AWT_WM_NONREPARENTING=1 + export QT_QPA_PLATFORM=wayland + export XDG_CURRENT_DESKTOP=sway + export XDG_SESSION_DESKTOP=sway + exec ${pkgs.lib.getExe mySway} + ''}/bin/run-sway"; + user = "me"; + }; + default_session = initial_session; + }; + }; + + + systemd.extraConfig = "DefaultLimitNOFILE=2048"; + + ###################################################### the kiosk stuff + + services.dbus.enable = true; + + fonts.enableDefaultPackages = true; + xdg.icons.enable = true; + gtk.iconCache.enable = true; + + services.udisks2.enable = false; + hardware.opengl.enable = true; + hardware.enableRedistributableFirmware = true; + + systemd.defaultUnit = "graphical.target"; + + + ############################# networkmanager + networking.networkmanager.enable = true; + + networking.networkmanager.profiles = { + pw = { + connection = { + id = "pw"; + uuid = "e0103dac-7da0-4e32-a01b-487b8c4c813c"; + type = "wifi"; + interface-name = "wlp2s0"; + }; + + wifi = { + hidden = "true"; + mode = "infrastructure"; + ssid = builtins.readFile "${secretsDir}/wifi-ssid"; + }; + + wifi-security = { + key-mgmt = "wpa-psk"; + psk = builtins.readFile "${secretsDir}/wifi-password"; + }; + + ipv4 = { + #address1 = "192.168.20.11/24"; + dns = "1.1.1.1;8.8.8.8;"; + method = "auto"; + }; + }; + + hot = { + connection = { + id = "hot"; + uuid = "ab51de8a-9742-465a-928b-be54a83ab6a3"; + type = "wifi"; + autoconnect = false; + interface-name = "wlp3s0"; + }; + wifi = { + mode = "ap"; + ssid = "c2vi-mac"; + }; + + wifi-security = { + key-mgmt = "wpa-psk"; + psk = builtins.readFile "${secretsDir}/wifi-password"; + }; + + ipv4 = { + method = "shared"; + }; + }; + + share = { + connection = { + id = "share"; + uuid = "f55f34e3-4595-4642-b1f6-df3185bc0a04"; + type = "ethernet"; + autoconnect = false; + interface-name = "enp2s0"; + }; + + ethernet = { + mac-address = "C8:2A:14:0B:7F:3D"; + }; + + ipv4 = { + address1 = "192.168.4.1/24"; + method = "shared"; + }; + + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + }; + + dhcp = { + connection = { + id = "dhcp"; + uuid = "c006389a-1697-4f77-91c3-95b466f85f13"; + type = "ethernet"; + autoconnect = true; + interface-name = "enp2s0"; + }; + + ethernet = { + mac-address = "C8:2A:14:0B:7F:3D"; + }; + + ipv4 = { + method = "auto"; + address1 = "192.168.1.33/24,192.168.1.1"; + }; + }; + + }; + + ############### disk config + boot.plymouth.enable = false; + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.devices = [ "nodev" ]; + boot.loader.grub.extraConfig = '' + set timeout=2 + ''; + + # the flash drive in use for te + #disko.devices.disk.root.device = "/dev/disk/by-id/usb-Generic_Flash_Disk_FF830E8F-0:0"; + disko.devices.disk.root.device = "/dev/disk/by-id/ata-SSD_HB202408140276168"; + disko.devices = { + disk = { + root = { + type = "disk"; + content = { + type = "gpt"; + partitions = { + + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/le.nix b/hosts/le.nix new file mode 100644 index 0000000..b0a277f --- /dev/null +++ b/hosts/le.nix @@ -0,0 +1,324 @@ +{ lib, pkgs, inputs, secretsDir, config, ... }: +{ + + #system.stateVersion = "23.05"; # Did you read the comment? + + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" + #inputs.nixos-hardware.nixosModules.raspberry-pi-4 + inputs.networkmanager.nixosModules.networkmanager + + ../common/all.nix + + inputs.home-manager.nixosModules.home-manager + ../users/me/headless.nix + + ##### project modules ##### + + # the module for the zwave setup + #"${workDir}/htl/labor/hackl/zwave.nix" + + # labor nas project + # with this moduel it does not boot, it waits for /dev/disk/by-label/nas-storage + # "${workDir}/htl/labor/nas/nixos/lush-module.nix" + ]; + + # fix bluetooth + hardware = { + bluetooth = { + package = pkgs.bluez; + enable = true; + powerOnBoot = true; + }; + }; + + # get usbip working + boot.extraModulePackages = [ + config.boot.kernelPackages.usbip + ]; + + + boot.kernelParams = lib.mkForce ["console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0" "nohibernate" "loglevel=7" ]; + # hardware.bluetooth.enable = true; + + + + # home-manager.users.me = import ../users/me/home-headless.nix; + + + /* for cross compiling + #nixpkgs.hostPlatform.system = "aarch64-linux"; + #nixpkgs.buildPlatform.system = "x86_64-linux"; + nixpkgs.overlays = [ + + (outerFinal: outerPrev: { + #https://github.com/adrienverge/openfortivpn/issues/446 + #https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/tools/networking/openfortivpn/default.nix#L47 + openfortivpn = outerPrev.openfortivpn.overrideAttrs (final: prev: { + configureFlags = prev.configureFlags or [] ++ [ + "--disable-proc" + "--with-rt_dst=yes" + "--with-pppd=/usr/sbin/pppd" + ]; + }); + }) + ]; + */ + + services.blueman.enable = true; + hardware.enableRedistributableFirmware = true; + + services.tailscale.enable = true; + + environment.systemPackages = with pkgs; [ + linuxPackages.usbip + vim + bluez + git + ]; + + # "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" creates a + # disk with this label on first boot. Therefore, we need to keep it. It is the + # only information from the installer image that we need to keep persistent + fileSystems."/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + noCheck = true; + fsType = "ext4"; + }; + + boot = { + #kernelPackages = lib.mkForce pkgs.linuxPackages_latest; + loader = { + generic-extlinux-compatible.enable = lib.mkDefault true; + grub.enable = lib.mkDefault false; + }; + }; + + ########################### ssh ############################ + services.openssh = { + enable = true; + ports = [ 22 ]; + + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.PermitRootLogin = "no"; + settings.X11Forwarding = true; + extraConfig = '' + X11UseLocalhost no + ''; + }; + + + ####################################### networking ########################## + + networking.firewall.allowedUDPPorts = [ + 3702 # wsdd + 51820 # wireguard + 67 # allow DHCP traffic + 53 # allow dns + ]; + + networking.firewall.allowedTCPPorts = [ + 8888 # general use + 9999 # general use + 3240 # usbip + ]; + + networking.hostName = "lush"; + + networking.networkmanager.enable = true; + + networking.networkmanager.profiles = { + pw = { + connection = { + id = "pw"; + uuid = "e0103dac-7da0-4e32-a01b-487b8c4c813c"; + type = "wifi"; + interface-name = "wlan0"; + autoconnect = true; + autoconnect-priority = "-200"; + }; + + wifi = { + hidden = "true"; + mode = "infrastructure"; + ssid = builtins.readFile "${secretsDir}/wifi-ssid"; + }; + + wifi-security = { + key-mgmt = "wpa-psk"; + psk = builtins.readFile "${secretsDir}/wifi-password"; + }; + + ipv4 = { + address1 = "192.168.20.21/24"; + method = "auto"; + }; + }; + + hh40 = { + connection = { + id = "hh40"; + uuid = "73a61cef-8f7b-4f42-ab3f-0066e0295bbc"; + type = "wifi"; + interface-name = "wlan0"; + autoconnect = true; + autoconnect-priority = "-999"; + }; + + wifi = { + hidden = "false"; + mode = "infrastructure"; + ssid = builtins.readFile "${secretsDir}/home-wifi-ssid"; + }; + + wifi-security = { + key-mgmt = "wpa-psk"; + psk = builtins.readFile "${secretsDir}/home-wifi-password"; + }; + + ipv4 = { + method = "auto"; + address1 = "192.168.1.37/24"; + }; + }; + + dhcp = { + connection = { + id = "dhcp"; + uuid = "c006389a-1697-4f77-91c3-95b466f85f13"; + type = "ethernet"; + autoconnect = "true"; + interface-name = "end0"; + }; + + ethernet = { + mac-address = "DC:A6:32:CB:4D:5E"; + }; + + ipv4 = { + address1 = "192.168.1.44/24,192.168.1.1"; + method = "auto"; + }; + }; + + share = { + connection = { + id = "share"; + uuid = "f55f34e3-4595-4642-b1f6-df3185bc0a04"; + type = "ethernet"; + autoconnect = false; + interface-name = "end0"; + }; + + ethernet = { + mac-address = "DC:A6:32:CB:4D:5E"; + }; + + ipv4 = { + address1 = "192.168.4.1/24"; + method = "shared"; + }; + + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + }; + + pt = { + connection = { + id = "pt"; + uuid = "f028117e-9eef-47c1-8483-574f7ee798a4"; + type = "bluetooth"; + autoconnect = true; + }; + + bluetooth = { + bdaddr = "E8:78:29:C4:BA:7C"; + type = "panu"; + }; + + ipv4 = { + address1 = "192.168.44.22/24"; + method = "auto"; + }; + }; + + + /* + me = { + connection = { + id = "me"; + uuid = "fe45d3bc-21c6-41ff-bc06-c936017c6e02"; + type = "wireguard"; + autoconnect = "true"; + interface-name = "me0"; + }; + wireguard = { + listen-port = "51820"; + private-key = builtins.readFile "${secretsDir}/wg-private-lush"; + }; + ipv4 = { + address1 = "10.1.1.4/24"; + method = "manual"; + }; + } // (import ../common/wg-peers.nix { inherit secretsDir; }); + */ + }; + + + systemd.services.iwd.serviceConfig.Restart = "always"; + /* + networking = { + interfaces."wlan0".useDHCP = true; + + interfaces."eth0" = { + #name = "eth0"; + ipv4.addresses = [ + { address = "192.168.5.5"; prefixLength = 24;} + ]; + }; + */ + + /* + wireless = { + interfaces = [ "wlan0" ]; + enable = true; + networks = { + seb-phone.psk = "hellogello"; + }; + }; + }; + + */ + + + ####################################### wireguard ########################## + /* + systemd.network.netdevs.me0 = { + enable = true; + wireguardPeers = import ../common/wg-peers.nix { inherit secretsDir; }; + wireguardConfig = { + ListenPort = 51820; + PrivateKeyFile = "/etc/wireguard/secret.key"; + }; + }; + networking.wireguard.interfaces = { + me = { + ips = [ "10.1.1.11/24" ]; + }; + */ + + /* + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; + initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + */ + +} diff --git a/hosts/mac.nix b/hosts/mac.nix index a603c36..8ca04ba 100644 --- a/hosts/mac.nix +++ b/hosts/mac.nix @@ -213,6 +213,7 @@ in { }; }; + in { #command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time -d --env WLR_RENDERER_ALLOW_SOFTWARE=1 --cmd sway"; command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd ${pkgs.writeScriptBin "run-sway" '' diff --git a/hosts/te.nix b/hosts/te.nix new file mode 100644 index 0000000..10d038e --- /dev/null +++ b/hosts/te.nix @@ -0,0 +1,366 @@ +{ lib, secretsDir, pkgs, inputs, unstable, ... }: let + +in { + + #users.users.me.password = builtins.readFile "${secretsDir}/te-password"; + #users.users.root.password = builtins.readFile "${secretsDir}/te-password"; + + imports = [ + ../common/all.nix + ../common/nixos.nix + ../common/building.nix + + inputs.home-manager.nixosModules.home-manager + inputs.networkmanager.nixosModules.networkmanager + inputs.disko.nixosModules.disko + ../users/me/gui.nix + ../users/root/default.nix + ../common/nixos-wayland.nix + ]; + + services.tailscale.enable = true; + programs.nix-ld.enable = true; + + networking.hostName = "te"; + networking.firewall.enable = false; + services.avahi = { + enable = true; + nssmdns = true; + publish = { + enable = true; + addresses = true; + domain = true; + hinfo = true; + userServices = true; + workstation = true; + }; + }; + networking.firewall.allowedTCPPorts = [ + 8888 # for general usage + 9999 # for general usage + 6000 # Xserver + 6666 # vnc sway + 5900 # vnc for win VM + 5901 # vnc + 5902 # vnc + 4400 # rdp win VM + 4401 # ssh for mandroid + 4402 # random + 4403 # random + 4404 # random + ]; + + networking.firewall.allowedUDPPorts = [ + 48899 # GoodWe inverter discovery + 4410 # lan-mouse + ]; + + swapDevices = [ + { + device = "/swapfile"; + size = 4 * 1024; + } + ]; + + boot.kernelModules = [ "usbip_core" ]; + boot.extraModprobeConfig = "options kvm_intel nested=1"; + + # to build rpi images + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + ]; + + virtualisation.libvirtd = { + enable = true; + qemuOvmf = true; + qemuSwtpm = true; + #qemuOvmfPackage = pkgs.OVMFFull; + }; + + environment.systemPackages = with pkgs; [ + linuxPackages.usbip + mount + efibootmgr + tcpdump + ]; + + + services.openssh = { + enable = true; + # require public key authentication for better security + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.PermitRootLogin = "no"; + + settings.X11Forwarding = true; + + extraConfig = '' + X11UseLocalhost no + ''; + }; + + systemd.services."sway@" = let + mySway = unstable.sway.overrideAttrs (prev: { + /* + src = pkgs.fetchFromGitHub { + owner = "WillPower3309"; + repo = "swayfx"; + rev = ""; + hash = ""; + }; + */ + src = pkgs.fetchFromGitHub { + owner = "swaywm"; + repo = "sway"; + rev = "73c244fb4807a29c6599d42c15e8a8759225b2d6"; + hash = "sha256-P2w1oRVUNBWajt8jZOxPXvBE29urbrhtORy+lfYqnF8="; + }; + }); + in { + enable = false; + after = [ "systemd-user-sessions.service" "dbus.socket" "systemd-logind.service" "getty@%i.service" "plymouth-deactivate.service" "plymouth-quit.service" ]; + before = [ "graphical.target" ]; + wants = [ "dbus.socket" "systemd-logind.service" "plymouth-deactivate.service" ]; + wantedBy = [ "graphical.target" ]; + conflicts = [ "getty@%i.service" ]; # "plymouth-quit.service" "plymouth-quit-wait.service" + + restartIfChanged = false; + serviceConfig = { + ExecStart = "${lib.getExe mySway}"; + User = "me"; + + # ConditionPathExists = "/dev/tty0"; + IgnoreSIGPIPE = "no"; + + # Log this user with utmp, letting it show up with commands 'w' and + # 'who'. This is needed since we replace (a)getty. + UtmpIdentifier = "%I"; + UtmpMode = "user"; + # A virtual terminal is needed. + TTYPath = "/dev/%I"; + TTYReset = "yes"; + TTYVHangup = "yes"; + TTYVTDisallocate = "yes"; + # Fail to start if not controlling the virtual terminal. + #StandardInput = "tty-fail"; + #StandardOutput = "syslog"; + #StandardError = "syslog"; + # Set up a full (custom) user session for the user, required by Cage. + PAMName = "cage"; + }; + }; + + systemd.extraConfig = "DefaultLimitNOFILE=2048"; + + ###################################################### the kiosk stuff + + services.dbus.enable = true; + + fonts.enableDefaultPackages = true; + xdg.icons.enable = true; + gtk.iconCache.enable = true; + + services.udisks2.enable = false; + hardware.opengl.enable = true; + hardware.enableRedistributableFirmware = true; + + systemd.defaultUnit = "graphical.target"; + + + ############################# networkmanager + + # update name of wifi-interface + systemd.services.update-wifi-iface = { + description = "Update Wi-Fi interface name in network manager"; + path = with pkgs; [ + networkmanager # for nmcli + iproute2 # for ip + gawk # for awk + ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.writeShellScriptBin "run" '' + name=$(ip link | awk -F: '/^[0-9]+: wl/ {print $2}' | sed 's/^ //') + nmcli connection modify pw connection.interface-name $name + ''}/bin/run"; + }; + wantedBy = [ "multi-user.target" ]; + after = [ "Networkmanager.service" "network.target" ]; + }; + + networking.networkmanager.enable = true; + + networking.networkmanager.profiles = { + pw = { + connection = { + id = "pw"; + uuid = "e0103dac-7da0-4e32-a01b-487b8c4c813c"; + type = "wifi"; + interface-name = "wlp3s0"; + }; + + wifi = { + hidden = "true"; + mode = "infrastructure"; + ssid = builtins.readFile "${secretsDir}/wifi-ssid"; + }; + + wifi-security = { + key-mgmt = "wpa-psk"; + psk = builtins.readFile "${secretsDir}/wifi-password"; + }; + + ipv4 = { + #address1 = "192.168.20.11/24"; + dns = "1.1.1.1;8.8.8.8;"; + method = "auto"; + }; + }; + + pt = { + connection = { + id = "pt"; + uuid = "f028117e-9eef-47c1-8483-574f7ee798a4"; + type = "bluetooth"; + autoconnect = "false"; + }; + + bluetooth = { + bdaddr = "E8:78:29:C4:BA:7C"; + type = "panu"; + }; + + ipv4 = { + address1 = "192.168.44.11/24"; + method = "auto"; + }; + }; + + hot = { + connection = { + id = "hot"; + uuid = "ab51de8a-9742-465a-928b-be54a83ab6a3"; + type = "wifi"; + autoconnect = false; + interface-name = "wlp3s0"; + }; + wifi = { + mode = "ap"; + ssid = "c2vi-te"; + }; + + wifi-security = { + key-mgmt = "wpa-psk"; + psk = builtins.readFile "${secretsDir}/wifi-password"; + }; + + ipv4 = { + method = "shared"; + }; + }; + + share = { + connection = { + id = "share"; + uuid = "f55f34e3-4595-4642-b1f6-df3185bc0a04"; + type = "ethernet"; + interface-name = "enp2s0"; + }; + + ethernet = { + mac-address = "C8:2A:14:0B:7F:3D"; + }; + + ipv4 = { + address1 = "192.168.4.1/24"; + method = "shared"; + }; + + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + }; + + }; + + ############ boot stuff + boot.plymouth.enable = false; + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.devices = [ "nodev" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "uhci_hcd" + "ohci_hcd" + "usb_storage" + "uas" + "sd_mod" + "sr_mod" + "scsi_mod" + ]; + boot.loader.grub.extraConfig = '' + set timeout=2 + ''; + + ############### disk config + # the flash drive in use for te + #disko.devices.disk.root.device = "/dev/disk/by-id/usb-Generic_Flash_Disk_FF830E8F-0:0"; + disko.devices.disk.root.device = "/dev/disk/by-id/ata-KBG40ZNV512G_KIOXIA_70GPGA85QBV1"; + disko.devices = { + disk = { + root = { + type = "disk"; + content = { + type = "gpt"; + partitions = { + + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + + biosboot = { + size = "2M"; + type = "21686148-6449-6E6F-744E-656564454649"; # BIOS boot + }; + + root = { + size = "240G"; + content = { + # LUKS passphrase will be prompted interactively only + type = "luks"; + name = "crypted"; + settings = { + allowDiscards = true; + }; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + + pub = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/pub"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/ti.nix b/hosts/ti.nix new file mode 100644 index 0000000..b0a277f --- /dev/null +++ b/hosts/ti.nix @@ -0,0 +1,324 @@ +{ lib, pkgs, inputs, secretsDir, config, ... }: +{ + + #system.stateVersion = "23.05"; # Did you read the comment? + + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" + #inputs.nixos-hardware.nixosModules.raspberry-pi-4 + inputs.networkmanager.nixosModules.networkmanager + + ../common/all.nix + + inputs.home-manager.nixosModules.home-manager + ../users/me/headless.nix + + ##### project modules ##### + + # the module for the zwave setup + #"${workDir}/htl/labor/hackl/zwave.nix" + + # labor nas project + # with this moduel it does not boot, it waits for /dev/disk/by-label/nas-storage + # "${workDir}/htl/labor/nas/nixos/lush-module.nix" + ]; + + # fix bluetooth + hardware = { + bluetooth = { + package = pkgs.bluez; + enable = true; + powerOnBoot = true; + }; + }; + + # get usbip working + boot.extraModulePackages = [ + config.boot.kernelPackages.usbip + ]; + + + boot.kernelParams = lib.mkForce ["console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0" "nohibernate" "loglevel=7" ]; + # hardware.bluetooth.enable = true; + + + + # home-manager.users.me = import ../users/me/home-headless.nix; + + + /* for cross compiling + #nixpkgs.hostPlatform.system = "aarch64-linux"; + #nixpkgs.buildPlatform.system = "x86_64-linux"; + nixpkgs.overlays = [ + + (outerFinal: outerPrev: { + #https://github.com/adrienverge/openfortivpn/issues/446 + #https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/tools/networking/openfortivpn/default.nix#L47 + openfortivpn = outerPrev.openfortivpn.overrideAttrs (final: prev: { + configureFlags = prev.configureFlags or [] ++ [ + "--disable-proc" + "--with-rt_dst=yes" + "--with-pppd=/usr/sbin/pppd" + ]; + }); + }) + ]; + */ + + services.blueman.enable = true; + hardware.enableRedistributableFirmware = true; + + services.tailscale.enable = true; + + environment.systemPackages = with pkgs; [ + linuxPackages.usbip + vim + bluez + git + ]; + + # "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" creates a + # disk with this label on first boot. Therefore, we need to keep it. It is the + # only information from the installer image that we need to keep persistent + fileSystems."/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + noCheck = true; + fsType = "ext4"; + }; + + boot = { + #kernelPackages = lib.mkForce pkgs.linuxPackages_latest; + loader = { + generic-extlinux-compatible.enable = lib.mkDefault true; + grub.enable = lib.mkDefault false; + }; + }; + + ########################### ssh ############################ + services.openssh = { + enable = true; + ports = [ 22 ]; + + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.PermitRootLogin = "no"; + settings.X11Forwarding = true; + extraConfig = '' + X11UseLocalhost no + ''; + }; + + + ####################################### networking ########################## + + networking.firewall.allowedUDPPorts = [ + 3702 # wsdd + 51820 # wireguard + 67 # allow DHCP traffic + 53 # allow dns + ]; + + networking.firewall.allowedTCPPorts = [ + 8888 # general use + 9999 # general use + 3240 # usbip + ]; + + networking.hostName = "lush"; + + networking.networkmanager.enable = true; + + networking.networkmanager.profiles = { + pw = { + connection = { + id = "pw"; + uuid = "e0103dac-7da0-4e32-a01b-487b8c4c813c"; + type = "wifi"; + interface-name = "wlan0"; + autoconnect = true; + autoconnect-priority = "-200"; + }; + + wifi = { + hidden = "true"; + mode = "infrastructure"; + ssid = builtins.readFile "${secretsDir}/wifi-ssid"; + }; + + wifi-security = { + key-mgmt = "wpa-psk"; + psk = builtins.readFile "${secretsDir}/wifi-password"; + }; + + ipv4 = { + address1 = "192.168.20.21/24"; + method = "auto"; + }; + }; + + hh40 = { + connection = { + id = "hh40"; + uuid = "73a61cef-8f7b-4f42-ab3f-0066e0295bbc"; + type = "wifi"; + interface-name = "wlan0"; + autoconnect = true; + autoconnect-priority = "-999"; + }; + + wifi = { + hidden = "false"; + mode = "infrastructure"; + ssid = builtins.readFile "${secretsDir}/home-wifi-ssid"; + }; + + wifi-security = { + key-mgmt = "wpa-psk"; + psk = builtins.readFile "${secretsDir}/home-wifi-password"; + }; + + ipv4 = { + method = "auto"; + address1 = "192.168.1.37/24"; + }; + }; + + dhcp = { + connection = { + id = "dhcp"; + uuid = "c006389a-1697-4f77-91c3-95b466f85f13"; + type = "ethernet"; + autoconnect = "true"; + interface-name = "end0"; + }; + + ethernet = { + mac-address = "DC:A6:32:CB:4D:5E"; + }; + + ipv4 = { + address1 = "192.168.1.44/24,192.168.1.1"; + method = "auto"; + }; + }; + + share = { + connection = { + id = "share"; + uuid = "f55f34e3-4595-4642-b1f6-df3185bc0a04"; + type = "ethernet"; + autoconnect = false; + interface-name = "end0"; + }; + + ethernet = { + mac-address = "DC:A6:32:CB:4D:5E"; + }; + + ipv4 = { + address1 = "192.168.4.1/24"; + method = "shared"; + }; + + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + }; + + pt = { + connection = { + id = "pt"; + uuid = "f028117e-9eef-47c1-8483-574f7ee798a4"; + type = "bluetooth"; + autoconnect = true; + }; + + bluetooth = { + bdaddr = "E8:78:29:C4:BA:7C"; + type = "panu"; + }; + + ipv4 = { + address1 = "192.168.44.22/24"; + method = "auto"; + }; + }; + + + /* + me = { + connection = { + id = "me"; + uuid = "fe45d3bc-21c6-41ff-bc06-c936017c6e02"; + type = "wireguard"; + autoconnect = "true"; + interface-name = "me0"; + }; + wireguard = { + listen-port = "51820"; + private-key = builtins.readFile "${secretsDir}/wg-private-lush"; + }; + ipv4 = { + address1 = "10.1.1.4/24"; + method = "manual"; + }; + } // (import ../common/wg-peers.nix { inherit secretsDir; }); + */ + }; + + + systemd.services.iwd.serviceConfig.Restart = "always"; + /* + networking = { + interfaces."wlan0".useDHCP = true; + + interfaces."eth0" = { + #name = "eth0"; + ipv4.addresses = [ + { address = "192.168.5.5"; prefixLength = 24;} + ]; + }; + */ + + /* + wireless = { + interfaces = [ "wlan0" ]; + enable = true; + networks = { + seb-phone.psk = "hellogello"; + }; + }; + }; + + */ + + + ####################################### wireguard ########################## + /* + systemd.network.netdevs.me0 = { + enable = true; + wireguardPeers = import ../common/wg-peers.nix { inherit secretsDir; }; + wireguardConfig = { + ListenPort = 51820; + PrivateKeyFile = "/etc/wireguard/secret.key"; + }; + }; + networking.wireguard.interfaces = { + me = { + ips = [ "10.1.1.11/24" ]; + }; + */ + + /* + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; + initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + */ + +} diff --git a/misc/my-hosts b/misc/my-hosts index 55d41c2..8f52e28 100644 --- a/misc/my-hosts +++ b/misc/my-hosts @@ -1,5 +1,2 @@ -192.168.122.194 uwu -192.168.122.126 lako 127.0.0.1 localhost -100.70.54.18 obsidian.c2vi.dev -192.168.1.2 mc.ppc.social + diff --git a/misc/my-hosts-h b/misc/my-hosts-h index 07ef3df..67e1ae3 100644 --- a/misc/my-hosts-h +++ b/misc/my-hosts-h @@ -1,4 +1,5 @@ 192.168.1.6 hpm +192.168.1.4 fe 192.168.1.2 fusu 192.168.1.2 files 192.168.1.5 acern diff --git a/misc/my-hosts-t b/misc/my-hosts-t index 5175f1a..ba68d75 100644 --- a/misc/my-hosts-t +++ b/misc/my-hosts-t @@ -5,3 +5,4 @@ 100.76.146.119 tab 100.70.39.65 waydroid 100.78.105.36 mac +100.107.67.76 te diff --git a/programs/ssh.nix b/programs/ssh.nix index dbb267f..339400b 100644 --- a/programs/ssh.nix +++ b/programs/ssh.nix @@ -78,6 +78,18 @@ user = "me"; }; + fe = { + port = 22; + hostname = "fe"; + user = "me"; + }; + + fes = { + port = 22; + hostname = "fe"; + user = "server"; + }; + fusus = { port = 49388; hostname = "fusu";