c2vi/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

...

Browse Source
This commit is contained in:
Sebastian Moser
2023-11-21 13:53:05 +01:00
parent 31a632d87b
commit cbcf3a0e3d
13 changed files with 377 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
common/all.nix
View File

@@ -1,4 +1,4 @@
{ inputs, self, secretsDir, specialArgs, ... }:
{ lib, inputs, self, secretsDir, specialArgs, ... }:
# config that i use on all my hosts
@@ -25,8 +25,10 @@
export PATH=$PATH:${self}/mybin
'';
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings = {
experimental-features = lib.mkDefault "nix-command flakes";
trusted-users = [ "root" "@wheel" ];
};
home-manager.backupFileExtension = "backup";

18
common/nixos-headless.nix
View File

@@ -0,0 +1,18 @@
{ lib, ... }:
# config that i use on all my hosts, that run native nixos
# excluding for example my phone phone
{
system.stateVersion = lib.mkDefault "23.05"; # Did you read the comment?
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
#keyMap = "at";
useXkbConfig = true; # use xkbOptions in tty.
};
}

4
common/nixos.nix
View File

@@ -1,9 +1,11 @@
{ ... }:
{ lib, ... }:
# config that i use on all my hosts, that run native nixos
# excluding for example my phone phone
{
system.stateVersion = "23.05"; # Did you read the comment?
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";

35
flake.nix
View File

@@ -95,20 +95,23 @@
"rpi" = nixpkgs.lib.nixosSystem {
inherit specialArgs;
system = "x86_64-linux";
modules = [
./hosts/rpi.nix
];
};
# my raspberry to try out stuff with
"luna" = nixpkgs.lib.nixosSystem {
"lush" = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
inputs.nixos-hardware.nixosModules.raspberry-pi-4
./hosts/luna.nix
./hosts/lush.nix
{
system.stateVersion = "23.05"; # Did you read the comment?
nixpkgs.hostPlatform.system = "aarch64-linux";
nixpkgs.buildPlatform.system = "x86_64-linux"; #If you build on x86 other wise changes this.
nixpkgs.buildPlatform.system = "x86_64-linux";
hardware.enableRedistributableFirmware = true;
}
@@ -134,29 +137,11 @@
];
};
"wsl" = nixpkgs.lib.nixosSystem {
"acern" = nixpkgs.lib.nixosSystem {
inherit specialArgs;
system = "x86_64-linux";
modules = [
inputs.nix-wsl.nixosModules.wsl
{
wsl.enable = true;
services.openssh = {
enable = true;
ports = [ 2222 ];
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
users.users.nixos.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjgXf9S9hxjyph2EEFh1el0z4OUT9fMoFAaDanjiuKa me@main"
];
programs.bash.loginShellInit = "nixos-wsl-welcome";
}
./common/all.nix
./hosts/acern.nix
];
};
@@ -218,11 +203,11 @@
run-vm = specialArgs.pkgs.writeScriptBin "run-vm" ''
${self.nixosConfigurations.hpm.config.system.build.vm}/bin/run-hpm-vm -m 4G -cpu host -smp 4
'';
#wsl = inputs.nix-wsl.nixosConfigurations.modern.config.system.build.tarballBuilder;
acern = inputs.nix-wsl.nixosConfigurations.modern.config.system.build.tarballBuilder;
#luna = (self.nixosConfigurations.luna.extendModules {
#modules = [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-new-kernel-no-zfs-installer.nix" ];
#}).config.system.build.sdImage;
luna = self.nixosConfigurations.luna.config.system.build.sdImage;
lush = self.nixosConfigurations.lush.config.system.build.sdImage;
test = nixpkgs.legacyPackages.x86_64-linux.pkgsCross.raspberryPi.raspberrypi-armstubs;
};

26
hosts/acern.nix Normal file
View File

@@ -0,0 +1,26 @@
{ pkgs, inputs, ...}:
{
imports = [
inputs.nix-wsl.nixosModules.wsl
./users/me/headless.nix
./common/all.nix
./common/nixos-headless.nix
];
wsl.enable = true;
services.openssh = {
enable = true;
ports = [ 2222 ];
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
users.users.me.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjgXf9S9hxjyph2EEFh1el0z4OUT9fMoFAaDanjiuKa me@main"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICWsqiz0gEepvPONYxqhKKq4Vxfe1h+jo11k88QozUch me@bitwarden"
];
programs.bash.loginShellInit = "nixos-wsl-welcome";
}

0
hosts/luna.nix → hosts/lush.nix
View File

9
hosts/main.nix
View File

@@ -13,7 +13,7 @@
imports = [
../common/all.nix
../common/nixos.nix
../common/nixos-headless.nix
../common/nixos-graphical.nix
../common/building.nix
@@ -29,6 +29,7 @@
];
virtualisation.podman.enable = true;
hardware.bluetooth.settings = {
General = {
MultiProfile = "multiple";
@@ -88,7 +89,9 @@
then
rm /etc/host-youtube-block
else
echo old: $timeout
timeout=$((timeout - 1))
echo new: $timeout
echo -en $timeout > /etc/host-youtube-block
fi
else
@@ -144,8 +147,9 @@
security.polkit.enable = true;
networking.firewall.enable = true;
networking.firewall.allowPing = true;
networking.firewall.enable = true;
services.samba.openFirewall = true;
@@ -156,6 +160,7 @@
5357 # wsdd
8888 # for general usage
9999 # for general usage
8080 # for mitm proxy
];
networking.firewall.allowedUDPPorts = [

66
hosts/rpi.md Normal file
View File

@@ -0,0 +1,66 @@
# get pi to boot from usb-source
echo program_usb_boot_mode=1 | sudo tee -a /boot/config.txt
https://www.elektronik-kompendium.de/sites/raspberry-pi/2404241.htm
# setup
## set static ip (192.168.1.2)
used /etc/network/interfaces (seems to be debian only)
## enable ssh (touch ssh file in the boot partition)
## set root pwd (copy hash from local /etc/shadow)
CMD: apt update
CMD: apt install nodejs npm
CMD: npm i -g @bitwarden/cli
## set hostname
## setup bcache
- if "sudo make-bcache -C /dev/sda3 -B /dev/md0" then no need for registering (i think)
PKG: bcache-tools git build-essential uuid-dev mdadm
CMD: sudo make-bcache -C /dev/sda3
CMD: sudo mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb /dev/sdc
CMD: sudo make-bcache -B /dev/md0
## other bcache things
- you can echo 1 > /sys/fs/bcache/<UUID>/unregister
- but there also is: echo 1 > /sys/block/bcache0/bcache/stop
- if seccond is not done, volumes used by this bcache device will show as "<dev> is apparently in use by the system; will not make a filesystem here!", when mkfs.ext5 <dev>
## mdadm things
- do a check: https://www.thomas-krenn.com/de/wiki/Mdadm_checkarray
## add swap file maybe
CMD: sudo vim /etc/dphys-swapfile
CMD: sudo dphys-swapfile setup
CMD: sudo dphys-swapfile swapon
# things
- users
admin - sudo without password and access to bitwarden
files - for managing files (old: dateimanager)
server - for deployed servers (podman)
mamafiles - for the mamafiles share
- swap
- mdadm
- bcache
- mount /home/files/storage
- so that other users can't read it
- smb shares
- ssh acces
- ssh config: PermitRootAccess and PasswordAuthentication
- me-net (wireguard)
- podman containers
- dyndns
- wstunnel for wireguard
- rclone mount onedrive backups
- borgmatic

122
hosts/rpi.nix Normal file
View File

@@ -0,0 +1,122 @@
{ lib, pkgs, ... }:
{
imports = [
../common/all.nix
../common/nixos-headless.nix
../users/me/default.nix
../users/root/default.nix
];
# This causes an overlay which causes a lot of rebuilding
environment.noXlibs = lib.mkForce false;
# "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" creates a
# disk with this label on first boot. Therefore, we need to keep it. It is the
# only information from the installer image that we need to keep persistent
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
loader = {
generic-extlinux-compatible.enable = lib.mkDefault true;
grub.enable = lib.mkDefault false;
raspberryPi.firmwareConfig = ''
program_usb_boot_mode=1
'';
};
};
virtualisation.podman.enable = true;
networking.firewall.allowPing = true;
networking.firewall.enable = true;
services.samba.openFirewall = true;
networking.hostName = "rpi";
networking = {
defaultGateway = {
address = "192.168.1.1";
interface = "eth0";
};
interface."eth0" = {
#name = "eth0";
ipv4.addresses = [
{ address = "192.168.1.6"; prefixLength = 24;}
];
};
interfaces."wlan0".useDHCP = true;
wireless = {
interfaces = [ "wlan0" ];
enable = true;
networks = {
seb-phone.psk = "hellogello";
};
};
};
networking.firewall.allowedTCPPorts = [
5357 # wsdd
8888 # for general usage
9999 # for general usage
8080 # for mitm proxy
];
networking.firewall.allowedUDPPorts = [
3702 # wsdd
];
################################## ssh ######################################
services.openssh.enable = true;
users.users.me.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjgXf9S9hxjyph2EEFh1el0z4OUT9fMoFAaDanjiuKa me@main"
];
################################ samba ######################################
services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
services.samba = {
enable = true;
securityType = "user";
extraConfig = ''
security = user
map to guest = bad user
guest account = me
server role = standalone server
workgroup = WORKGROUP
'';
shares = {
rpi_schule = {
path = "${workDir}/rpi-schule/";
"guest ok" = "yes";
"read only" = "no";
public = "yes";
writable = "yes";
printable = "no";
comment = "share for rpi in school wlan";
};
share = {
comment = "share for sharing stuff";
path = "${workDir}/share";
public = "yes";
"guest ok" = "yes";
"read only" = "no";
writable = "yes";
};
};
};
}

6
users/me/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, secretsDir, inputs, config, self, ... }:
{ pkgs, secretsDir, inputs, config, self, lib, ... }:
{
users.users.me = {
isNormalUser = true;
@@ -7,13 +7,13 @@
extraGroups = [ "networkmanager" "wheel" "libvirtd" ]; # Enable sudo for the user.
};
#home-manager._module.args = { inherit inputs; };
home-manager.users.me = import ./home.nix;
home-manager.extraSpecialArgs = {
inherit self;
hostname = config.networking.hostName;
};
home-manager.users.me = import ./home.nix;
fonts.fonts = with pkgs; [
hack-font
];

17
users/me/headless.nix Normal file
View File

@@ -0,0 +1,17 @@
{ self, config, ... }:
{
users.users.me = {
isNormalUser = true;
#passwordFile = "${secretsDir}/me-pwd";
password = "changeme";
extraGroups = [ "networkmanager" "wheel" "libvirtd" ]; # Enable sudo for the user.
};
home-manager.extraSpecialArgs = {
inherit self;
hostname = config.networking.hostName;
};
home-manager.users.me = import ./home-headless.nix;
}

78
users/me/home-headless.nix Normal file
View File

@@ -0,0 +1,78 @@
{ config, pkgs, self, secretsDir, inputs, persistentDir, ... }:
{
# The home.stateVersion option does not have a default and must be set
home.stateVersion = "23.05";
imports = [
inputs.nix-index-database.hmModules.nix-index
# all my headless programms with their own config
../../programs/git.nix
../../programs/lf/default.nix
../../programs/bash.nix
../../programs/ssh.nix
../../programs/neovim.nix
];
programs.nix-index.enable = false;
programs.nix-index.enableBashIntegration = false;
programs.nix-index.enableZshIntegration = false;
home.sessionVariables = {
EDITOR = "nvim";
};
home.sessionPath = [ "${self}/mybin" ];
home.file = {
".rclone.conf".source = config.lib.file.mkOutOfStoreSymlink "${secretsDir}/rclone-conf";
".subversion/config".text = ''
[miscellany]
global-ignores = node_modules target
''; # documentation for this config file: https://svnbook.red-bean.com/en/1.7/svn.advanced.confarea.html
};
home.packages = with pkgs; [
vim
tree
htop
subversion
pv
nodejs
neofetch
file
lshw
zip
unzip
arp-scan
lolcat
comma
delta
jq
wget
tmux
# python....
(python310.withPackages (p: with p; [
pandas
click
click-aliases
]))
(busybox.overrideAttrs (final: prev: {
# get only nslookup from busybox
# because the less would overwrite the actuall less and the busybox does not have -r
# it's a pfusch, but it works
postInstall = prev.postInstall + ''
echo ============ removing anything but nslookup ============
mv $out/bin/nslookup $out/nslookup
mv $out/bin/busybox $out/busybox
rm $out/bin/*
mv $out/nslookup $out/bin/nslookup
mv $out/busybox $out/bin/busybox
'';
}))
];
}

100
users/me/home.nix
View File

@@ -2,28 +2,16 @@
{ config, pkgs, self, secretsDir, inputs, persistentDir, ... }:
{
# The home.stateVersion option does not have a default and must be set
home.stateVersion = "23.05";
imports = [
inputs.nix-index-database.hmModules.nix-index
./home-headless.nix
# all my programms with their own config
../../programs/git.nix
../../programs/lf/default.nix
# my gui programs
../../programs/alacritty.nix
../../programs/bash.nix
../../programs/emacs/default.nix
../../programs/rofi/default.nix
../../programs/zathura.nix
../../programs/ssh.nix
../../programs/neovim.nix
];
programs.nix-index.enable = false;
programs.nix-index.enableBashIntegration = false;
programs.nix-index.enableZshIntegration = false;
gtk.cursorTheme = {
name = "Yaru";
};
@@ -37,110 +25,64 @@
services.dunst.enable = true;
home.sessionVariables = {
EDITOR = "nvim";
};
home.sessionPath = [ "${self}/mybin" ];
home.file = {
".rclone.conf".source = config.lib.file.mkOutOfStoreSymlink "${secretsDir}/rclone-conf";
".subversion/config".text = ''
[miscellany]
global-ignores = node_modules target
''; # documentation for this config file: https://svnbook.red-bean.com/en/1.7/svn.advanced.confarea.html
".mysecrets/root-pwd".text = "changeme";
".mysecrets/me-pwd".text = "changeme";
".mozilla/firefox".source = config.lib.file.mkOutOfStoreSymlink "${persistentDir}/firefox";
".cache/rofi-3.runcache".source = config.lib.file.mkOutOfStoreSymlink "${persistentDir}/rofi-run-cache";
};
home.packages = with pkgs; [
vim
# packages that i might not need everywhere??
wstunnel
rclone
playerctl
alsa-utils
usbutils
android-tools
android-studio
moonlight-qt
pciutils
jmtpfs
pmutils
cntr
nil
# gui packages
obsidian
tree
xorg.xkbcomp
haskellPackages.xmonad-extras
haskellPackages.xmonad-contrib
xorg.xev
htop
subversion
pv
blueman
pavucontrol
spotify
flameshot
nodejs
neofetch
networkmanagerapplet
haskellPackages.xmobar
dolphin
mupdf
xclip
rclone
stalonetray
killall
nil
file
wstunnel
playerctl
alsa-utils
usbutils
pciutils
lshw
jmtpfs
pmutils
cntr
signal-desktop
element-desktop
discord
wireshark
zip
unzip
arp-scan
gparted
lolcat
android-tools
moonlight-qt
comma
delta
jq
xorg.xkill
wget
xorg.xmodmap
tmux
android-studio
# my own packages
supabase-cli
inputs.firefox.packages.${pkgs.system}.firefox-nightly-bin
# python....
(python310.withPackages (p: with p; [
pandas
click
click-aliases
]))
(busybox.overrideAttrs (final: prev: {
# get only nslookup from busybox
# because the less would overwrite the actuall less and the busybox does not have -r
# it's a pfusch, but it works
postInstall = prev.postInstall + ''
echo ============ removing anything but nslookup ============
mv $out/bin/nslookup $out/nslookup
mv $out/bin/busybox $out/busybox
rm $out/bin/*
mv $out/nslookup $out/bin/nslookup
mv $out/busybox $out/bin/busybox
'';
}))
# base-devel
gcc