From aacc9e9eedaa545d50c75f1a6047d48775f9a94b Mon Sep 17 00:00:00 2001 From: Sebastian Moser Date: Fri, 16 Feb 2024 02:01:28 +0100 Subject: [PATCH] ... --- common/all.nix | 2 +- flake.nix | 12 ++- hosts/acern-real.nix | 124 +++++++++++++++++++++++ hosts/acern.nix | 4 + hosts/fusu.nix | 6 +- hosts/hpm.nix | 4 + hosts/lush.nix | 4 + hosts/main.nix | 8 +- hosts/rpi.nix | 29 +++++- misc/my-hosts | 1 + mods/my-nixpkgs-overlay.nix | 9 ++ mods/static/python311Packages-lxml.patch | 13 +++ mybin/ru | 17 ++++ programs/bash.nix | 7 +- programs/ssh.nix | 8 +- users/me/gui-home.nix | 1 + 16 files changed, 233 insertions(+), 16 deletions(-) mode change 100755 => 100644 common/all.nix create mode 100644 hosts/acern-real.nix mode change 100755 => 100644 hosts/hpm.nix mode change 100755 => 100644 hosts/lush.nix mode change 100755 => 100644 misc/my-hosts mode change 100755 => 100644 mods/my-nixpkgs-overlay.nix diff --git a/common/all.nix b/common/all.nix old mode 100755 new mode 100644 index b29fa55..f2fb6ca --- a/common/all.nix +++ b/common/all.nix @@ -4,7 +4,7 @@ { imports = [ - ../mods/my-nixpkgs-overlay.nix + #../mods/my-nixpkgs-overlay.nix ]; diff --git a/flake.nix b/flake.nix index 9ec0fa7..231b796 100644 --- a/flake.nix +++ b/flake.nix @@ -83,8 +83,8 @@ ]; }; overlays = [ - ( import ./mods/my-nixpkgs-overlay.nix { inherit nixpkgs; } ) - ( import ./mods/second-overlay.nix { inherit nixpkgs; } ) + #( import ./mods/my-nixpkgs-overlay.nix { inherit nixpkgs; } ) + #( import ./mods/second-overlay.nix { inherit nixpkgs; } ) ]; }; @@ -198,6 +198,14 @@ ]; }; + "acern-real" = nixpkgs.lib.nixosSystem { + inherit specialArgs; + system = "x86_64-linux"; + modules = [ + ./hosts/acern-real.nix + ]; + }; + "the-most-default" = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self system; }; diff --git a/hosts/acern-real.nix b/hosts/acern-real.nix new file mode 100644 index 0000000..cb00da8 --- /dev/null +++ b/hosts/acern-real.nix @@ -0,0 +1,124 @@ +{ config, lib, pkgs, inputs, secretsDir, ...}: +{ + imports = [ + ../users/me/gui.nix + + inputs.networkmanager.nixosModules.networkmanager + inputs.home-manager.nixosModules.home-manager + ../common/all.nix + ../common/nixos-headless.nix + ]; + + services.xserver = { + desktopManager.gnome.enable = true; + + /* + displayManager.lightdm = { + enable = true; + greeters.enso = { + enable = true; + blur = true; + extraConfig = '' + default-wallpaper=/usr/share/streets_of_gruvbox.png + ''; + }; + }; + # */ + layout = "at"; + }; + sound.enable = true; + hardware.pulseaudio.enable = true; + services.blueman.enable = true; + hardware.bluetooth.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + services.xserver.libinput.enable = true; + + + + # Use the GRUB 2 boot loader. + boot.loader.grub = { + enable = true; + version = 2; + device = "nodev"; + efiSupport = true; + extraConfig = '' + set timeout=2 + menuentry "win-server" { + insmod part_gpt + insmod fat + insmod search_fs_uuid + insmod chain + search --label --set=root EFI + chainloader /EFI/Microsoft/Boot/bootmgfw.efi + } + ''; + }; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + boot.initrd.availableKernelModules = [ "xhci_pci" "vmd" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + boot.loader.efi.canTouchEfiVariables = true; + + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos-root"; + fsType = "btrfs"; + options = [ "subvol=main" ]; + }; + + + + services.openssh = { + enable = true; + ports = [ 2222 ]; + + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.X11Forwarding = true; + extraConfig = '' + X11UseLocalhost no + ''; + }; + + # to build rpi images + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + ]; + + + ######################### networking ##################################### + + networking.hostName = "acern"; + networking.firewall.allowPing = true; + networking.firewall.enable = true; + networking.firewall.allowedUDPPorts = [ + 3702 # wsdd + 51820 # wireguard + ]; + + networking.firewall.allowedTCPPorts = [ + 2222 # sshd + ]; + + networking.networkmanager.enable = true; + + networking.networkmanager.profiles = { + main = { + connection = { + id = "main"; + uuid = "a02273d9-ad12-395e-8372-f61129635b6f"; + type = "ethernet"; + autoconnect-priority = "-999"; + interface-name = "enp1s0"; + }; + ipv4 = { + address1 = "192.168.1.5/24,192.168.1.1"; + dns = "1.1.1.1;"; + method = "manual"; + }; + }; +} diff --git a/hosts/acern.nix b/hosts/acern.nix index e2a1952..b71eb53 100644 --- a/hosts/acern.nix +++ b/hosts/acern.nix @@ -18,6 +18,10 @@ settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; + settings.X11Forwarding = true; + extraConfig = '' + X11UseLocalhost no + ''; }; programs.bash.loginShellInit = ""; diff --git a/hosts/fusu.nix b/hosts/fusu.nix index 76fb5ed..21db9a6 100644 --- a/hosts/fusu.nix +++ b/hosts/fusu.nix @@ -49,9 +49,11 @@ settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "yes"; - #settings.X11UseLocalhost = "no"; settings.X11Forwarding = true; - #settings.AddressFamily = "inet"; + + extraConfig = '' + X11UseLocalhost no + ''; }; networking.firewall.allowPing = true; diff --git a/hosts/hpm.nix b/hosts/hpm.nix old mode 100755 new mode 100644 index 8cb0794..cee602e --- a/hosts/hpm.nix +++ b/hosts/hpm.nix @@ -18,6 +18,10 @@ settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "yes"; + settings.X11Forwarding = true; + extraConfig = '' + X11UseLocalhost no + ''; }; networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. diff --git a/hosts/lush.nix b/hosts/lush.nix old mode 100755 new mode 100644 index c7cd5b8..7311d18 --- a/hosts/lush.nix +++ b/hosts/lush.nix @@ -82,6 +82,10 @@ settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "no"; + settings.X11Forwarding = true; + extraConfig = '' + X11UseLocalhost no + ''; }; diff --git a/hosts/main.nix b/hosts/main.nix index 87748d3..6ac2e8b 100644 --- a/hosts/main.nix +++ b/hosts/main.nix @@ -27,16 +27,15 @@ ]; - - - environment.systemPackages = with pkgs; [ cifs-utils + nfs-utils ntfs3g dhcpcd looking-glass-client ]; + # enable ntp #services.ntp.enable = true; # if i hibernate and ren unhibernate in the school network ... the time will be off, because 0.nixos.pool.ntp.org can't be reached @@ -180,6 +179,7 @@ security.polkit.enable = true; services.avahi.enable = true; + services.avahi.hostName = "c2vi"; networking.networkmanager.enable = true; #networking.networkmanager.extraConfig = '' @@ -421,7 +421,7 @@ virtualisation.kvmgt.enable = true; boot.extraModprobeConfig = "options i915 enable_guc=2"; - boot.kernelParams = [ "intel_iommu=on" ]; + boot.kernelParams = [ "intel_iommu=on" "pcie_aspm=force" ]; virtualisation.kvmgt.vgpus = { "i915-GVTg_V5_8" = { diff --git a/hosts/rpi.nix b/hosts/rpi.nix index 4d4e7ba..4d8f635 100644 --- a/hosts/rpi.nix +++ b/hosts/rpi.nix @@ -116,6 +116,29 @@ dns = "1.1.1.1;"; method = "manual"; }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = builtins.readFile "${secretsDir}/wifi-rpi-password"; + }; + }; + + hot = { + connection = { + id = "hot"; + uuid = "ab51de8a-9742-465a-928b-be54a83ab6a3"; + type = "wifi"; + autoconnect = "false"; + interface-name = "wlan0"; + }; + wifi = { + mac-address = "0C:96:E6:E3:64:03"; + mode = "ap"; + ssid = "c2vi-rpi"; + }; + + ipv4 = { + method = "shared"; + }; }; /* @@ -196,6 +219,10 @@ settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "no"; + settings.X11Forwarding = true; + extraConfig = '' + X11UseLocalhost no + ''; }; ################################ samba ###################################### @@ -283,7 +310,7 @@ services.borgbackup.jobs.files = { #user = "files"; - extraCreateArgs = "--verbose --list --filter=AMECbchfsx --stats --checkpoint-interval 600"; + extraCreateArgs = "--verbose --list --filter=AMECbchfs --stats --checkpoint-interval 600"; extraArgs = "--progress"; paths = "/home/files/storage"; doInit = false; diff --git a/misc/my-hosts b/misc/my-hosts old mode 100755 new mode 100644 index 2f6f12d..3caea6f --- a/misc/my-hosts +++ b/misc/my-hosts @@ -1,6 +1,7 @@ 127.0.0.1 youtube.com 127.0.0.1 www.youtube.com 192.168.122.56 uwu +192.168.122.126 lako ::1 www.youtube.com ::1 youtube.com ::1 localhost diff --git a/mods/my-nixpkgs-overlay.nix b/mods/my-nixpkgs-overlay.nix old mode 100755 new mode 100644 index 17cf1f7..8aeb48b --- a/mods/my-nixpkgs-overlay.nix +++ b/mods/my-nixpkgs-overlay.nix @@ -92,6 +92,7 @@ ]; patches = [ ./static/python311Packages-lxml.patch + # built without any extensions ... hardcoded with a patch ]; STATICBUILD = true; @@ -110,6 +111,14 @@ #mv ./libs/libxml2-2.10.4.tar.xz ./libs/libxml2-2.10.4.tar.gz }); }; + + pkgsStatic = prev.pkgsStatic // { + libglvnd = prev.libglvnd; + gonme2.libIDL = prev.gnome2.libIDL; + libjpeg-turbe = prev.libjpeg-turbo; + }; + + } diff --git a/mods/static/python311Packages-lxml.patch b/mods/static/python311Packages-lxml.patch index f336715..f3ede18 100644 --- a/mods/static/python311Packages-lxml.patch +++ b/mods/static/python311Packages-lxml.patch @@ -24,3 +24,16 @@ index ab2efad..22fa8f6 100644 return download_library(dest_dir, from_location, 'libxslt', version_re, filename, version=version) +diff --git a/setupinfo.py b/setupinfo.py +index 90b1de4..2284de3 100644 +--- a/setupinfo.py ++++ b/setupinfo.py +@@ -152,6 +152,8 @@ def ext_modules(static_include_dirs, static_library_dirs, + cythonize_directives['linetrace'] = True + + result = [] ++ modules = [] ++ module_files = [] + for module, src_file in zip(modules, module_files): + is_py = module in COMPILED_MODULES + main_module_source = src_file + ( diff --git a/mybin/ru b/mybin/ru index f94d7e3..4e6115d 100755 --- a/mybin/ru +++ b/mybin/ru @@ -22,6 +22,12 @@ then rclone mount --vfs-cache-mode full -vvvv onedrive-school:projekt-autobatterie ~/work/htl/projekt/wechner/mnt +elif [ "$1" == "mnt-school" ] +then +rclone mount --vfs-cache-mode full -vvvv onedrive-school: ~/mnt + + + elif [ "$1" == "wstunnel" ] then wstunnel -L 55555:127.0.0.1:49388 ws://sebastian.dns.army:49389 @@ -34,6 +40,17 @@ wget -O /tmp/speed-test.iso "https://dl.t2sde.org/binary/2022/t2-22.6-x86-64-min rm /tmp/speed-test.iso +elif [ "$1" == "speed-test-upload" ] +then +host=$1 +cat /dev/random | pv | ssh $host "cat > /dev/null" + +elif [ "$1" == "speed-test-download" ] +then +host=$1 +ssh $host "cat /dev/random" | pv > /dev/null + + elif [ "$1" == "p" ] then ping orf.at diff --git a/programs/bash.nix b/programs/bash.nix index de7a7db..747a349 100644 --- a/programs/bash.nix +++ b/programs/bash.nix @@ -88,6 +88,7 @@ export PATH=${self}/mybin:$PATH export TERM="xterm-color" export system=${system} + export NIX_PATH=$NIX_PATH:nixpkgs=${self} # the commit hash of nixpkgs 23.11 export nip="nixpkgs/71db8c7a02f3be7cb49b495786050ce1913246d3" @@ -139,7 +140,7 @@ tta(){ if [[ "$1" == "" ]] then - rsync -rv --delete ~/work/priv-share/fast/* tab:/sdcard/fast + rsync -rv --delete ~/work/priv-share/fast/ tab:/sdcard/fast elif [[ "$1" == "p" ]] then rsync -rv tab:/sdcard/fast/* ~/work/priv-share/fast @@ -154,7 +155,7 @@ tph(){ if [[ "$1" == "" ]] then - rsync -rv --delete ~/work/priv-share/fast/* phone:/sdcard/fast + rsync -rv --delete ~/work/priv-share/fast/ phone:/sdcard/fast elif [[ "$1" == "p" ]] then rsync -rv phone:/sdcard/fast/* ~/work/priv-share/fast @@ -305,7 +306,7 @@ complete -W "start stop restart status daemon-reload" stl # run - complete -W "mnt-wechner sync-school wstunnel hibernate p speed-test-nixos-iso bat bstat mnt-files-local mnt-lan-local mnt-files-remote mnt-lan-remote suspend rm-tab-cur rm-last-char" ru + complete -W "mnt-wechner sync-school wstunnel hibernate p speed-test-nixos-iso speed-test-upload speed-test-download bat bstat mnt-files-local mnt-lan-local mnt-files-remote mnt-lan-remote suspend rm-tab-cur rm-last-char mnt-school" ru ''; diff --git a/programs/ssh.nix b/programs/ssh.nix index aad4006..39ed6b6 100644 --- a/programs/ssh.nix +++ b/programs/ssh.nix @@ -9,6 +9,9 @@ "github.com" = { hostname = "github.com"; }; + sepp = { + user = "seb"; + }; here = { port = 8888; hostname = "127.0.0.1"; @@ -57,9 +60,8 @@ }; ocia = { - hostname = "140.238.212.229"; - user = "root"; - #identityFile = "${secretsDir}/private-key-ocia"; + hostname = "140.238.173.196"; + user = "ubuntu"; }; ocib = { diff --git a/users/me/gui-home.nix b/users/me/gui-home.nix index c2fd555..869954a 100755 --- a/users/me/gui-home.nix +++ b/users/me/gui-home.nix @@ -62,6 +62,7 @@ # gui packages obsidian + gnome.eog xorg.xkbcomp haskellPackages.xmonad-extras haskellPackages.xmonad-contrib