c2vi/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: c2vi:60b70c23d2c6ab07cb4b8e2eb9efc62e2eaacd57
Branches Tags
c2vi:main c2vi:master
...
compare: c2vi:main
Branches Tags
c2vi:main c2vi:master

10 Commits
60b70c23d2 ... main

Author SHA1 Message Date
Sebastian Moser
8e5316761c idk 2026-02-26 19:34:43 +01:00
Sebastian Moser
d98c64bc11 fix 2026-02-17 22:38:13 +01:00
Sebastian Moser
e6a35ee756 stuff 2026-02-17 22:30:17 +01:00
Sebastian Moser
d3f6e79b85 has libvirtd in container in fusu-services.nix 2025-10-03 17:29:42 +02:00
Sebastian Moser
320570979e disko flash script, new hosts, and other things 2025-09-11 02:13:56 +02:00
Sebastian Moser
bc2da33ca9 fix fes boot mount 2025-09-09 20:52:24 +02:00
Sebastian Moser
287648124c added fes and other things 2025-09-09 20:45:00 +02:00
Sebastian Moser
0c04a03e26 streaming from imac now works 2025-09-07 03:41:22 +02:00
Sebastian Moser
73837c71cb ... 2025-07-17 09:45:00 +02:00
Sebastian Moser
50b5c2908c update to 25.05 and new screenshot solution, because the old one broke 2025-07-17 09:44:45 +02:00
41 changed files with 7016 additions and 796 deletions
Expand all files Collapse all files

9
common/all.nix
View File

@@ -13,7 +13,7 @@
programs.dconf.enable = true;
# set root user pwd
users.users.root.password = "changeme";
#users.users.root.password = "changeme";
# Set your time zone.
time.timeZone = "Europe/Vienna";
@@ -40,6 +40,13 @@
services.openssh.settings.GatewayPorts = "clientspecified";
# add extre nix registries
nix.registry = {
ni.flake = inputs.nixpkgs;
nu.flake = inputs.nixpkgs-unstable;
me.flake = self;
};
# This value determines the NixOS release from which the default

186
common/nixos-wayland.nix
View File

@@ -8,21 +8,64 @@
# - win + D command
# - kernel output for luks pwd on all displays
{ lib, pkgs, nur, unstable, ... }: {
{ lib, pkgs, nur, unstable, inputs, ... }:
let
newerUnstableSrc = builtins.getFlake "nixpkgs/d0fc30899600b9b3466ddb260fd83deb486c32f1";
newerUnstable = import newerUnstableSrc.outPath {};
mySway = newerUnstable.sway;
myOtherSway = newerUnstable.sway.override {
sway-unwrapped = (newerUnstable.sway-unwrapped.overrideAttrs (prev: {
/*
src = pkgs.fetchFromGitHub {
owner = "WillPower3309";
repo = "swayfx";
rev = "";
hash = "";
};
*/
src = pkgs.fetchFromGitHub {
owner = "swaywm";
repo = "sway";
rev = "73c244fb4807a29c6599d42c15e8a8759225b2d6";
hash = "sha256-P2w1oRVUNBWajt8jZOxPXvBE29urbrhtORy+lfYqnF8=";
};
})).override {
wlroots = newerUnstable.wlroots.overrideAttrs (prev: {
nativeBuildInputs = prev.nativeBuildInputs ++ [ pkgs.cmake pkgs.libdrm pkgs.pkg-config pkgs.wayland ];
buildInputs = prev.nativeBuildInputs ++ [ pkgs.cmake pkgs.libdrm pkgs.pkg-config pkgs.wayland ];
version = "master";
src = pkgs.fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "wlroots";
repo = "wlroots";
rev = "2c64b30a6750d5e585c00c4c116f415bac33d18f";
sha256 = "sha256-Hxf3xVJddSlSHytYJNNq7f2oQdiSXp0tmK1FepRpqaA=";
};
});
};
};
in {
# aparently also needed for wayland... or not idk
services.xserver.xkb.layout = "de";
services.greetd = {
enable = true;
settings = rec {
initial_session = {
#command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time -d --env WLR_RENDERER_ALLOW_SOFTWARE=1 --cmd sway";
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd ${pkgs.writeScriptBin "run-sway" ''
command = "${pkgs.writeScriptBin "run-sway" ''
export WLR_RENDERER_ALLOW_SOFTWARE=1
export SDL_VIDEODRIVER=wayland
export _JAVA_AWT_WM_NONREPARENTING=1
export QT_QPA_PLATFORM=wayland
export XDG_CURRENT_DESKTOP=sway
export XDG_SESSION_DESKTOP=sway
exec sway
exec ${pkgs.lib.getExe mySway}
''}/bin/run-sway";
user = "me";
};
@@ -30,6 +73,32 @@
};
};
systemd.user.services.xdg-desktop-portal-wlr.serviceConfig.ExecStart = let
settingsFormat = pkgs.formats.ini { };
configFile = settingsFormat.generate "xdg-desktop-portal-wlr.ini" {
screencast = {
output_name = "eDP-1";
# to make streaming of individual windows work
chooser_type = "dmenu";
chooser_cmd = "${lib.getExe pkgs.bemenu}";
};
};
package = pkgs.xdg-desktop-portal-wlr.overrideAttrs (prev: {
src = pkgs.fetchFromGitHub {
owner = "emersion";
repo = "xdg-desktop-portal-wlr";
rev = "b3703cceea485972b139c22342bdc2ed7b80c1c2";
sha256 = "sha256-nFAp/9ofRH4kIFgg2SjzZNXYu8r0BBjO5VPFc3jKeas=";
};
});
in [
# Empty ExecStart value to override the field
""
"${package}/libexec/xdg-desktop-portal-wlr --config=${configFile}"
];
security.rtkit.enable = true;
services.pipewire = {
enable = true;
@@ -48,40 +117,31 @@
default = "wlr";
};
};
wlr.enable = true;
wlr.settings.screencast = {
output_name = "eDP-1";
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
extraPortals = [
pkgs.xdg-desktop-portal-gtk
pkgs.xdg-desktop-portal-wlr
];
};
fonts.packages = with pkgs; [
(nerdfonts.override {fonts = ["Hack"];})
nerd-fonts.hack
];
home-manager.users.me.services.swayosd.enable = true;
services.blueman.enable = true;
hardware.bluetooth.enable = true;
services.keyd = {
enable = true;
keyboards.default.settings = {
main = {
leftalt = "leftcontrol";
leftcontrol = "leftalt";
};
};
};
environment.systemPackages = with pkgs; [
# flameshot where clipboard works with wayland
# i am not even using flameshot anymore....
/*
(flameshot.overrideAttrs (prev: {
nativeBuildInputs = prev.nativeBuildInputs or [] ++ [ libsForQt5.kguiaddons ];
cmakeFlags = prev.nativeBuildInputs or [] ++ [ "-DUSE_WAYLAND_CLIPBOARD=true" "-DUSE_WAYLAND_GRIM=ON" ];
patches = prev.patches or [] ++ [ ../overlays/patches/flameshot-wayland.patch ];
}))
*/
hyprpicker
satty
@@ -105,11 +165,13 @@
}))
*/
sway
bemenu
xdg-desktop-portal
wlr-randr
rofi-wayland
rofi
wev
swayfx
wl-clipboard
zoxide
@@ -196,10 +258,28 @@
output * scale 1 bg #121212 solid_color
#################### from nwg-display
# Generated by nwg-displays on 2025-07-09 at 20:13:34. Do not edit manually.
# Generated by nwg-displays on 2025-10-20 at 18:16:29. Do not edit manually.
output "DP-1" {
mode 3840x2160@59.997Hz
pos 3840 0
transform normal
scale 1.0
scale_filter nearest
adaptive_sync off
dpms on
}
output "eDP-1" {
mode 1920x1080@60.001Hz
pos 1920 1080
transform normal
scale 1.0
scale_filter nearest
adaptive_sync off
dpms on
}
output "HDMI-A-1" {
mode 1920x1080@60.0Hz
pos 0 1080
transform normal
scale 1.0
@@ -207,16 +287,6 @@
adaptive_sync off
dpms on
}
output "DP-1" {
mode 3840x2160@59.997Hz
pos 1920 0
transform normal
scale 1.0
scale_filter nearest
adaptive_sync off
dpms on
}
output "DP-2" disable
#################### end from nwg-display
set $disp2 "DP-1"
@@ -250,6 +320,10 @@
pointer_accel -0.5
}
# the lan-mouse input
#input 0:0:wlr_virtual_pointer_v1 {
#}
### Border colors and looks
client.focused #ff4060 #222222 #ff4060 #ff4060 #ff4060
client.focused_inactive #222222 #222222 #ff4060 #222222 #222222
@@ -263,6 +337,7 @@
#exec "/usr/bin/env bash ${./..}/scripts/idlescript" # Manages suspending and locking
exec ${pkgs.bash}/bin/bash ${./..}/scripts/batteryscript.sh # Sends battery notifications when necessary
exec tmux # create a tmux session in which one can run commands that need WAYLAND_DISPLAY set
exec nm-applet # Networkmanager applet
exec blueman-applet # Bluetoothmanager applet
exec blueman-tray # Bluetoothmanager tray icon
@@ -285,8 +360,12 @@
### Key bindings
#bindsym Mod4+Shift+Return exec $term
bindsym $mod exec alacritty
# QuickLaunch
bindsym $mod+i mode "QuickLaunch"
mode QuickLaunch {
bindsym $mod+f exec alacritty; mode "default"
bindsym Escape mode "default"
}
bindsym --locked $mod+d exec wlr-randr --output eDP-1 --on
bindsym --locked $mod+Shift+d exec wlr-randr --output eDP-1 --off
@@ -305,7 +384,23 @@
#resume 'swaymsg "output * dpms on"' \
#before-sleep 'swaylock -f -c 000000 -i $lock_bg'
bindsym $mod+Shift+s exec "${./..}/scripts/screenshot.sh"
bindsym $mod+Shift+s exec "${
let
innerScript = pkgs.writeScript "screenshot-inner" ''
geometry=$(slurp -c "#ff0000ff")
if [[ "$?" != "0" ]]
then
pkill wayfreeze || true
exit
fi
grim -g "$geometry" -t ppm - | satty --filename - --copy-command=wl-copy --early-exit &
pkill wayfreeze || true
'';
in "${pkgs.wayfreeze}/bin/wayfreeze --after-freeze-cmd ${innerScript}"
}"
bindsym $mod+p exec $menu -show combi -combi-modes "ssh,run"
@@ -379,10 +474,11 @@
# default display outputs for workspaces with fallback to disp1
workspace 1 output $disp2 $disp1
workspace 6 output $disp2 $disp1
workspace 4 output $disp2 $disp1
workspace 8 output $disp2 $disp1
workspace 9 output $disp2 $disp1
workspace 7 output eDP-1
workspace 0 output HEADLESS-1
workspace 0 output eDP-1
workspace_auto_back_and_forth false
focus_wrapping workspace
@@ -426,14 +522,14 @@
bindsym $mod+m mode ChangeWorkroom
############################# Fx stuff:
blur disable
blur_passes 0
blur_radius 1
blur_noise 0
blur_brightness 1
#blur disable
#blur_passes 0
#blur_radius 1
#blur_noise 0
#blur_brightness 1
corner_radius 12
default_dim_inactive 0.15
#corner_radius 12
#default_dim_inactive 0.15
# Layout stuff:
gaps inner 2
@@ -444,7 +540,7 @@
#smart_gaps on
default_border pixel 2
corner_radius 0
#corner_radius 0
# disable_titlebar yes
floating_modifier $mod normal

6
common/nixos.nix
View File

@@ -4,7 +4,7 @@
# excluding for example my phone phone
{
system.stateVersion = "23.05"; # Did you read the comment?
##system.stateVersion = "23.05"; # Did you read the comment?
# Select internationalisation properties.
@@ -24,9 +24,7 @@
# the hosts file
networking.extraHosts = ''
${builtins.readFile "${self}/misc/my-hosts"}
${builtins.readFile "${self}/misc/my-hosts-me"}
${builtins.readFile "${self}/misc/my-hosts-t"}
'';
environment.etc.current_hosts.text = builtins.readFile "${self}/misc/my-hosts-me";
environment.etc.current_hosts.mode = "rw";
}

3159
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

266
flake.nix
View File

@@ -3,10 +3,11 @@
################################### INPUTS #########################################
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/release-24.11";
#nixpkgs.url = "github:NixOS/nixpkgs/b9562c824b11473587286eb499680129c2d0d4f1";
nixpkgs.url = "github:NixOS/nixpkgs/release-25.05";
#nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-new.url = "github:NixOS/nixpkgs/release-25.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-old.url = "github:NixOS/nixpkgs/release-23.11";
@@ -19,12 +20,36 @@
inputs.nixpkgs.follows = "nixpkgs";
};
zed.url = "github:zed-industries/zed";
#zed.inputs.nixpkgs.follows = "nixpkgs";
hetzner_ddns = {
url = "github:c2vi/hetzner_ddns";
flake = false;
};
home-manager = {
url = "github:nix-community/home-manager/release-24.11";
url = "github:nix-community/home-manager/release-25.05";
#url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
compass = {
url = "github:ppc-social/compass";
inputs.nixpkgs.follows = "nixpkgs";
};
elephant = {
url = "github:abenz1267/elephant";
#inputs.nixpkgs.follows = "nixpkgs";
};
walker = {
url = "github:abenz1267/walker";
inputs.elephant.follows = "elephant";
#inputs.nixpkgs.follows = "nixpkgs";
};
home-manager-old = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
@@ -32,6 +57,11 @@
nix-doom-emacs.url = "github:nix-community/nix-doom-emacs";
arion = {
url = "github:hercules-ci/arion";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database.url = "github:Mic92/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
@@ -46,22 +76,27 @@
lan-mouse.url = "github:feschber/lan-mouse";
disko = {
url = "github:nix-community/disko/latest";
#inputs.nixpkgs.follows = "nixpkgs";
};
robotnix = {
#url = "github:nix-community/robotnix";
url = "github:c2vi/robotnix";
#inputs.nixpkgs.follows = "nixpkgs";
};
# use fork see: https://github.com/nix-community/nix-on-droid/pull/203#issuecomment-2956162178
nix-on-droid = {
url = "github:nix-community/nix-on-droid/release-23.05";
#url = "github:zhaofengli/nix-on-droid";
inputs.nixpkgs.follows = "nixpkgs";
url = "github:frankitox/nix-on-droid/supervisord";
inputs.home-manager.follows = "home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
# for bootstrap zip ball creation and proot-termux builds, we use a fixed version of nixpkgs to ease maintanence.
# head of nixos-23.05 as of 2023-06-18
# note: when updating nixpkgs-for-bootstrap, update store paths of proot-termux in modules/environment/login/default.nix
nixpkgs-for-bootstrap.url = "github:NixOS/nixpkgs/c7ff1b9b95620ce8728c0d7bd501c458e6da9e04";
nixpkgs-for-nix-on-droid-bootstrap.url = "github:NixOS/nixpkgs/49ee0e94463abada1de470c9c07bfc12b36dcf40";
nix-wsl.url = "github:nix-community/NixOS-WSL";
@@ -105,6 +140,7 @@
workDir = "/home/me/work";
secretsDir = "/home/me/secrets";
persistentDir = "/home/me/work/app-data";
dataDir = "/home/server/host";
tunepkgs = import nixpkgs {
@@ -145,7 +181,7 @@
};
specialArgs = {
inherit inputs confDir workDir secretsDir persistentDir self tunepkgs unstable nur pkgsUnstable;
inherit inputs confDir workDir secretsDir persistentDir self tunepkgs unstable nur pkgsUnstable dataDir;
system = "x86_64-linux";
pkgs = mypkgs;
};
@@ -178,9 +214,16 @@
overlays = [ (import ./overlays/static-overlay.nix) (import ./overlays/my-overlay.nix) ];
};
acern = self.nixosConfigurations.acern.config.system.build.tarballBuilder;
lush = self.nixosConfigurations.lush.config.system.build.sdImage;
rpi = self.nixosConfigurations.rpi.config.system.build.sdImage;
nod = (mypkgs.callPackage ./mods/nix-on-droid-pkgs.nix {
system = "aarch64-linux";
_nativeSystem = "x86_64-linux";
nix-on-droid-flake = inputs.nix-on-droid;
nixpkgs = inputs.nixpkgs-for-nix-on-droid-bootstrap;
nixOnDroidChannelURL = "${inputs.nix-on-droid}";
nixpkgsChannelURL = "${inputs.nixpkgs-for-nix-on-droid-bootstrap}";
home-manager-flake = inputs.home-manager-old;
#nixOnDroidFlakeURL = inputs.nix-on-droid.
}).customPkgs.bootstrapZip;
# collection of only my nur pkgs
# my nur is unstable by default
@@ -235,7 +278,119 @@
############ apps ################
apps = {
test = inputs.nix-on-droid.outputs.apps.x86_64-linux.deploy;
flash = let
# echo the disks which will be flashed...
diskListing = hostname: let
list = mypkgs.lib.attrsets.mapAttrsToList (name: value: "echo flashing disk ${name} onto device ${value.device}") self.nixosConfigurations.${hostname}.config.disko.devices.disk;
string = mypkgs.lib.strings.concatStringsSep "\n" list;
in string;
diskDefinitionsList = hostname: let
list = mypkgs.lib.attrsets.mapAttrsToList (name: value: "diskDefinitions[${name}]=${value.device}") self.nixosConfigurations.${hostname}.config.disko.devices.disk;
string = mypkgs.lib.strings.concatStringsSep "\n" list;
in string;
createFlashScript = hostname: {
type = "app";
program = "${mypkgs.writeShellScriptBin "flash-te" ''
set -eo pipefail
echo flashing for host ${hostname}
${diskListing hostname}
declare -A diskDefinitions
${diskDefinitionsList hostname}
# default value if no --mode provided
MODE="format"
ARGS=()
while [[ $# -gt 0 ]]; do
case "$1" in
--) # end of options; take remaining args as-is
shift
while [[ $# -gt 0 ]]; do
ARGS+=("$1")
shift
done
break
;;
--mode=*) # --mode=VALUE
MODE="''${1#*=}"
shift
;;
--mode) # --mode VALUE
if [[ $# -lt 2 ]]; then
echo "Error: --mode requires a value" >&2
exit 1
fi
MODE="$2"
shift 2
;;
--do-flash)
DO_FLASH=yes
shift 1
;;
--efi-vars)
ARGS+=("--write-efi-boot-entries") # all other args preserved
shift 1
;;
--help)
ARGS+=("--help") # all other args preserved
DO_FLASH=yes
shift 1
;;
--disk) # --mode VALUE
if [[ $# -lt 3 ]]; then
echo "Error: --disk requires two values" >&2
exit 1
fi
diskname="$2"
diskval="$3"
diskDefinitions["$diskname"]="$diskval"
shift 3
;;
*)
ARGS+=("$1") # all other args preserved
shift
;;
esac
done
# generate arg string from diskDefinitions
diskDefinitionString=""
for i in "''${!diskDefinitions[@]}"
do
diskDefinitionString="$diskDefinitionString --disk $i ''${diskDefinitions[$i]}"
done
echo would run: sudo -E ${inputs.disko.packages.x86_64-linux.disko-install}/bin/disko-install --mode $MODE --flake ${self}#${hostname} $diskDefinitionString ''${ARGS[@]}
if [[ $DO_FLASH != "yes" ]]
then
echo type yes to continue...
read acc
if [[ "$acc" != "yes" ]]
then
echo aborting...
exit
fi
fi
echo flashing...
sudo -E ${inputs.disko.packages.x86_64-linux.disko-install}/bin/disko-install --mode $MODE --flake ${self}#${hostname} $diskDefinitionString ''${ARGS[@]}
''}/bin/flash-te";
};
in {
te = createFlashScript "te";
ki = createFlashScript "ki";
fasu = createFlashScript "fasu";
};
wsl = {
type = "app";
@@ -301,6 +456,46 @@
############ nixosConfigurations ################
nixosConfigurations = rec {
"_lsp_dummp" = nixpkgs.lib.nixosSystem {
inherit specialArgs;
system = "x86_64-linux";
modules = [
inputs.home-manager.nixosModules.home-manager
inputs.networkmanager.nixosModules.networkmanager
inputs.arion.nixosModules.arion
inputs.disko.nixosModules.disko
# other overlay and home manager module access
{
nixpkgs.overlays = [
# overlay for nix vscode extensions to appear in packages
#nix-vscode-extensions.overlays.default
];
# a dummy user to expose home-manager modules
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {
inherit self;
};
users.users._lsp_dummy_user = {
isNormalUser = true;
description = "dummy";
};
# the user is managed by home-manager
home-manager.users._lsp_dummy_user = {
home.username = "_lsp_dummy_user";
home.homeDirectory = "/home/_lsp_dummy_user";
home.stateVersion = "24.05";
# add custom and third party options and configurations
imports = [
inputs.lan-mouse.homeManagerModules.default
];
};
}
];
};
"main" = nixpkgs.lib.nixosSystem {
inherit specialArgs;
system = "x86_64-linux";
@@ -365,6 +560,40 @@
];
};
#fesu my second server to fusu
"fe" = nixpkgs.lib.nixosSystem {
inherit specialArgs;
system = "x86_64-linux";
modules = [
./hosts/fe.nix
];
};
"te" = nixpkgs.lib.nixosSystem {
inherit specialArgs;
system = "x86_64-linux";
modules = [
./hosts/te.nix
];
};
"ki" = nixpkgs.lib.nixosSystem {
inherit specialArgs;
system = "x86_64-linux";
modules = [
./hosts/ki.nix
];
};
# my asus tinker board
"ti" = nixpkgs.lib.nixosSystem rec {
specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self unstable nur dataDir system;};
system = "aarch64-linux";
modules = [
./hosts/ti.nix
];
};
# server that hosts stuff
"fasu" = nixpkgs.lib.nixosSystem {
inherit specialArgs;
@@ -393,6 +622,16 @@
];
};
# lesh... seccond raspi
"le" = nixpkgs.lib.nixosSystem rec {
specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self system; };
system = "aarch64-linux";
modules = [
./hosts/le.nix
];
};
"hec-tmp" = nixpkgs.lib.nixosSystem rec {
system = "aarch64-linux";
specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self system; };
@@ -560,6 +799,7 @@
############ nixOnDroidConfigurations ################
nixOnDroidConfigurations = rec {
"phone" = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs { system = "aarch64-linux"; };
modules = [
./hosts/phone/nix-on-droid.nix
{
@@ -575,6 +815,7 @@
];
};
"tab" = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs { system = "aarch64-linux"; };
modules = [
./hosts/tab/nix-on-droid.nix
{
@@ -593,4 +834,3 @@
};
};
}

75
hosts/fasu.nix
View File

@@ -6,22 +6,13 @@
../common/nixos.nix
../common/building.nix
inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.home-manager
../users/me/headless.nix
../users/root/default.nix
../users/server/headles.nix
];
fileSystems."/" = {
device = "/dev/disk/by-label/fasu-root";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/FASU-BOOT";
fsType = "vfat";
};
# allow acern to ssh into server
users.users.server.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTV1VoNAjMha5IP+qb8XABDo02pW3iN0yPBIbSqZA27 me@acern"
@@ -35,16 +26,8 @@
}
];
# Use the GRUB 2 boot loader.
boot.loader.grub = {
enable = true;
#device = "/dev/nbd1";
device = "nodev";
efiSupport = false;
extraConfig = ''
set timeout=2
'';
};
services.tailscale.enable = true;
#fileSystems."/boot" = {
# device = "/dev/disk/by-label/fusu-boot";
@@ -124,4 +107,56 @@
};
};
############### disk config
boot.plymouth.enable = false;
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = false;
boot.loader.grub.efiInstallAsRemovable = false;
boot.loader.grub.devices = [ "nodev" ];
boot.loader.grub.extraConfig = ''
set timeout=2
'';
# Add these modules
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
"virtio_balloon"
"virtio_blk"
"virtio_pci"
"virtio_ring"
];
# the flash drive in use for fasu
disko.devices.disk.root.device = "/dev/nbd0";
disko.devices = {
disk = {
root = {
type = "disk";
content = {
type = "gpt";
partitions = {
biosboot = {
size = "2M";
type = "21686148-6449-6E6F-744E-656564454649"; # BIOS boot
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

182
hosts/fe.nix Normal file
View File

@@ -0,0 +1,182 @@
{ inputs, pkgs, secretsDir, lib, ... }:
{
#disabledModules = [ "services/databases/couchdb.nix" ];
imports = [
#"${inputs.nixpkgs-unstable}/nixos/modules/services/databases/couchdb.nix"
../common/all.nix
../common/nixos.nix
../common/building.nix
inputs.home-manager.nixosModules.home-manager
../users/me/headless.nix
../users/root/default.nix
../users/server/headless.nix
inputs.arion.nixosModules.arion
../mods/fesu-services.nix
];
users.users.server.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNXOPxlnSxkhm050ui56D5SHrkhuFwUOU0Gf0C+Vmks melektron@goarnix"
];
users.users.me.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNXOPxlnSxkhm050ui56D5SHrkhuFwUOU0Gf0C+Vmks melektron@goarnix"
];
services.tailscale.enable = true;
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
qemuSwtpm = true;
#qemuOvmfPackage = pkgs.OVMFFull;
};
users.users.server.extraGroups = [ "docker" ];
# Use the GRUB 2 boot loader.
boot.loader.grub = {
enable = true;
#device = "/dev/disk/by-id/ata-TOSHIBA_MQ04ABF100_11MYT5RBT";
device = "nodev"; # don't install, when i do nixre -h fusu ... but when installing onto the two discs (sata hdd and nvme ssd) change to the device like above
efiSupport = true;
extraConfig = ''
set timeout=2
'';
};
fileSystems."/" = {
device = "/dev/disk/by-label/fes-root";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/FES-BOOT";
fsType = "vfat";
};
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "yes";
ports = [ 22 49004 ];
settings.X11Forwarding = true;
extraConfig = ''
X11UseLocalhost no
'';
};
networking.firewall.allowPing = true;
networking.firewall.enable = true;
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
443 # couchdb for obsidian live sync https
44444 # resilio sync
9000 # resilio webui
];
services.samba.openFirewall = true;
networking.firewall.allowedTCPPorts = [
80 # http
443 # https
8888 # for general usage
9999 # for general usage
8080 # for mitm proxy
5901 # vnc
5357 # wsdd
8080 # for mitm proxy
49388
49389
49390
49391
49392
49393
];
networking.firewall.allowedTCPPortRanges = [
{ from = 49000; to = 49300;} # general
];
networking.firewall.allowedUDPPortRanges = [
{ from = 49000; to = 49300;} # general
];
networking.firewall.allowedUDPPorts = [
3702 # wsdd
67 # allow DHCP traffic
53 # allow dns
];
networking.networkmanager.enable = false; # Easiest to use and most distros use this by default.
# to build rpi images
boot.binfmt.emulatedSystems = [
"aarch64-linux"
];
environment.systemPackages = with pkgs; [
sshfs
ntfs3g
virtiofsd
bcache-tools
su
fuse3
terraform
usbutils
];
nix.settings = {
trusted-public-keys = [
"sebastian@c2vi.dev:0tIXGRJMLaI9H1ZPdU4gh+BikUuBVHtk+e1B5HggdZo="
];
trusted-users = [ "me" ];
};
networking.useDHCP = false;
networking.bridges = {
"br0" = {
interfaces = [ "enp4s0" ];
};
};
networking.interfaces.br0.ipv4.addresses = [ {
address = "192.168.1.4";
prefixLength = 24;
} ];
networking = {
usePredictableInterfaceNames = true;
defaultGateway = {
address = "192.168.1.1";
interface = "br0";
};
hostName = "fe";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
};
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
swapDevices = [{
device = "/swapfile";
size = 63 * 1024; # 64GB
}];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
################################ services ############################
services.traefik = {
};
}

61
hosts/fusu.nix
View File

@@ -1,6 +1,7 @@
{ inputs, pkgs, secretsDir, ... }:
{
{ inputs, pkgs, secretsDir, config, dataDir, ... }: let
in {
#disabledModules = [ "services/databases/couchdb.nix" ];
imports = [
@@ -14,6 +15,9 @@
../users/root/default.nix
../users/files/headless.nix
../users/server/headless.nix
inputs.arion.nixosModules.arion
../mods/fusu-services.nix
];
# mac address for wakeonlan: 00:19:99:fd:28:23
@@ -23,6 +27,17 @@
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTV1VoNAjMha5IP+qb8XABDo02pW3iN0yPBIbSqZA27 me@acern"
#];
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
qemuSwtpm = true;
};
# store libvirt data in dataDir
fileSystems."/var/lib/libvirt" = {
device = "/home/me/host/libvirt";
options = [ "bind" ];
};
# allow server user to shutdown fusu
@@ -37,12 +52,29 @@
services.tailscale.enable = true;
services.resilio = {
# TODO: add the config for the share to here
enable = true;
enableWebUI = true;
httpListenAddr = "100.70.54.18";
checkForUpdates = false;
listeningPort = 44444;
};
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
44444 # resilio sync
9000 # resilio webui
9001 # fwin vnc
9002 # fwin rdp
9003 # fwin ssh
];
networking.firewall.interfaces."br0".allowedTCPPorts = [
44444 # resilio sync
9000 # resilio webui
9001 # fwin vnc
9002 # fwin rdp
9003 # fwin ssh
];
boot.supportedFilesystems = [ "zfs" ];
@@ -55,15 +87,6 @@
fsType = "zfs";
};
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
qemuSwtpm = true;
#qemuOvmfPackage = pkgs.OVMFFull;
};
virtualisation.docker.enable = true;
users.users.server.extraGroups = [ "docker" ];
# Use the GRUB 2 boot loader.
boot.loader.grub = {
enable = true;
@@ -98,12 +121,6 @@
networking.firewall.allowPing = true;
networking.firewall.enable = true;
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
443 # couchdb for obsidian live sync https
44444 # resilio sync
9000 # resilio webui
];
services.samba.openFirewall = true;
networking.firewall.allowedTCPPorts = [
@@ -154,6 +171,8 @@
fuse3
terraform
usbutils
qemu_full
libvirt
];
nix.settings = {
@@ -430,6 +449,10 @@
user = "server";
port = 49388;
};
ocih = {
hostname = "152.67.70.13";
user = "ubuntu";
};
};
};
};
@@ -505,7 +528,7 @@
};
path = with pkgs; [ curl bash socat borgbackup openssh ];
serviceConfig = {
ExecStart = "/home/borgs/backups/fusu-ocih.sh";
ExecStart = "/home/borgs/backups/ocih.sh";
User = "borgs";
Group = "borgs";
WorkingDirectory = "/home/borgs/backups";

320
hosts/ki.nix Normal file
View File

@@ -0,0 +1,320 @@
{ lib, secretsDir, pkgs, inputs, unstable, ... }: let
in {
imports = [
../common/all.nix
../common/nixos.nix
../common/building.nix
inputs.home-manager.nixosModules.home-manager
inputs.networkmanager.nixosModules.networkmanager
inputs.disko.nixosModules.disko
../users/me/gui.nix
../users/root/default.nix
../common/nixos-wayland.nix
];
services.tailscale.enable = true;
programs.nix-ld.enable = true;
services.keyd.enable = lib.mkForce false;
networking.hostName = "ki";
networking.firewall.enable = false;
services.avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
networking.firewall.allowedTCPPorts = [
8888 # for general usage
9999 # for general usage
6000 # Xserver
6666 # vnc sway
5900 # vnc for win VM
5901 # vnc
5902 # vnc
4400 # rdp win VM
4401 # ssh for mandroid
4402 # random
4403 # random
4404 # random
4405 # clipboard sync
];
networking.firewall.allowedUDPPorts = [
48899 # GoodWe inverter discovery
4410 # lan-mouse
41641 # tailscale
];
services.resilio = {
enable = true;
enableWebUI = true;
httpListenAddr = "100.96.201.42";
checkForUpdates = false;
listeningPort = 44444;
};
users.users.me.extraGroups = [ "rslsync" ];
users.users.rslsync.extraGroups = [ "users" ];
users.users.me.homeMode = "770"; # important for resilio
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
44444 # resilio sync
9000 # resilio webui
];
swapDevices = [ { device = "/swapfile"; } ];
boot.kernelModules = [ "usbip_core" ];
boot.extraModprobeConfig = "options kvm_intel nested=1";
# to build rpi images
boot.binfmt.emulatedSystems = [
"aarch64-linux"
];
home-manager.users.me.home.file.".config/sway/config".text = ''
exec ${pkgs.wayvnc}/bin/wayvnc 0.0.0.0 6666
'';
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
qemuSwtpm = true;
#qemuOvmfPackage = pkgs.OVMFFull;
};
environment.systemPackages = with pkgs; [
linuxPackages.usbip
helvum
passt
mount
pkgs.hicolor-icon-theme
efibootmgr
tcpdump
];
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
settings.X11Forwarding = true;
extraConfig = ''
X11UseLocalhost no
'';
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
services.logind = {
extraConfig = ''
HandlePowerKey=suspend-then-hibernate
'';
lidSwitch = "ignore";
lidSwitchExternalPower = "ignore";
lidSwitchDocked = "ignore";
};
services.dbus.enable = true;
fonts.enableDefaultPackages = true;
xdg.icons.enable = true;
gtk.iconCache.enable = true;
services.udisks2.enable = false;
hardware.opengl.enable = true;
hardware.enableRedistributableFirmware = true;
systemd.defaultUnit = "graphical.target";
############################# networkmanager
networking.networkmanager.enable = true;
networking.networkmanager.profiles = {
pw = {
connection = {
id = "pw";
uuid = "e0103dac-7da0-4e32-a01b-487b8c4c813c";
type = "wifi";
interface-name = "wlp2s0";
autoconnect-priority = "200";
};
wifi = {
hidden = "true";
mode = "infrastructure";
ssid = builtins.readFile "${secretsDir}/wifi-ssid";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/wifi-password";
};
ipv4 = {
#address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;";
method = "auto";
};
};
gw = {
connection = {
id = "gw";
uuid = "de655c52-1af2-4b46-b7b2-8ddad9edb52f";
type = "wifi";
interface-name = "wlp2s0";
autoconnect-priority = "300";
};
wifi = {
hidden = "false";
mode = "infrastructure";
ssid = builtins.readFile "${secretsDir}/gw-ssid";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/gw-password";
};
ipv4 = {
#address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;";
method = "auto";
};
};
hot = {
connection = {
id = "hot";
uuid = "ab51de8a-9742-465a-928b-be54a83ab6a3";
type = "wifi";
autoconnect = false;
interface-name = "wlp3s0";
};
wifi = {
mode = "ap";
ssid = "c2vi-ki";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/wifi-password";
};
ipv4 = {
method = "shared";
};
};
share = {
connection = {
id = "share";
uuid = "f55f34e3-4595-4642-b1f6-df3185bc0a04";
type = "ethernet";
autoconnect = false;
interface-name = "enp2s0";
};
ethernet = {
mac-address = "C8:2A:14:0B:7F:3D";
};
ipv4 = {
address1 = "192.168.4.1/24";
method = "shared";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
};
dhcp = {
connection = {
id = "dhcp";
uuid = "c006389a-1697-4f77-91c3-95b466f85f13";
type = "ethernet";
autoconnect = true;
interface-name = "enp2s0";
};
ethernet = {
mac-address = "C8:2A:14:0B:7F:3D";
};
ipv4 = {
method = "auto";
address1 = "192.168.1.33/24,192.168.1.1";
};
};
};
############### disk config
boot.plymouth.enable = false;
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.grub.devices = [ "nodev" ];
boot.loader.grub.extraConfig = ''
set timeout=2
'';
# the flash drive in use for te
#disko.devices.disk.root.device = "/dev/disk/by-id/usb-Generic_Flash_Disk_FF830E8F-0:0";
disko.devices.disk.root.device = "/dev/disk/by-id/ata-SSD_HB202408140276168";
disko.devices = {
disk = {
root = {
type = "disk";
content = {
type = "gpt";
partitions = {
biosboot = {
size = "2M";
type = "21686148-6449-6E6F-744E-656564454649"; # BIOS boot
};
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

347
hosts/le.nix Normal file
View File

@@ -0,0 +1,347 @@
{ lib, pkgs, inputs, secretsDir, config, ... }:
{
#system.stateVersion = "23.05"; # Did you read the comment?
imports = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
#inputs.nixos-hardware.nixosModules.raspberry-pi-4
inputs.networkmanager.nixosModules.networkmanager
../common/all.nix
inputs.home-manager.nixosModules.home-manager
../users/me/headless.nix
##### project modules #####
# the module for the zwave setup
#"${workDir}/htl/labor/hackl/zwave.nix"
# labor nas project
# with this moduel it does not boot, it waits for /dev/disk/by-label/nas-storage
# "${workDir}/htl/labor/nas/nixos/lush-module.nix"
];
# fix bluetooth
hardware = {
bluetooth = {
package = pkgs.bluez;
enable = true;
powerOnBoot = true;
};
};
# get usbip working
boot.extraModulePackages = [
config.boot.kernelPackages.usbip
];
boot.kernelParams = lib.mkForce ["console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0" "nohibernate" "loglevel=7" ];
# hardware.bluetooth.enable = true;
# home-manager.users.me = import ../users/me/home-headless.nix;
/* for cross compiling
#nixpkgs.hostPlatform.system = "aarch64-linux";
#nixpkgs.buildPlatform.system = "x86_64-linux";
nixpkgs.overlays = [
(outerFinal: outerPrev: {
#https://github.com/adrienverge/openfortivpn/issues/446
#https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/tools/networking/openfortivpn/default.nix#L47
openfortivpn = outerPrev.openfortivpn.overrideAttrs (final: prev: {
configureFlags = prev.configureFlags or [] ++ [
"--disable-proc"
"--with-rt_dst=yes"
"--with-pppd=/usr/sbin/pppd"
];
});
})
];
*/
services.blueman.enable = true;
hardware.enableRedistributableFirmware = true;
services.tailscale.enable = true;
environment.systemPackages = with pkgs; [
linuxPackages.usbip
vim
bluez
git
];
# "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" creates a
# disk with this label on first boot. Therefore, we need to keep it. It is the
# only information from the installer image that we need to keep persistent
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
noCheck = true;
fsType = "ext4";
};
boot = {
#kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
loader = {
generic-extlinux-compatible.enable = lib.mkDefault true;
grub.enable = lib.mkDefault false;
};
};
########################### ssh ############################
services.openssh = {
enable = true;
ports = [ 22 ];
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
settings.X11Forwarding = true;
extraConfig = ''
X11UseLocalhost no
'';
};
####################################### networking ##########################
networking.firewall.allowedUDPPorts = [
3702 # wsdd
51820 # wireguard
67 # allow DHCP traffic
53 # allow dns
];
networking.firewall.allowedTCPPorts = [
8888 # general use
9999 # general use
3240 # usbip
];
networking.hostName = "le";
networking.networkmanager.enable = true;
networking.networkmanager.profiles = {
pw = {
connection = {
id = "pw";
uuid = "e0103dac-7da0-4e32-a01b-487b8c4c813c";
type = "wifi";
interface-name = "wlan0";
autoconnect = true;
autoconnect-priority = "400";
};
wifi = {
hidden = "true";
mode = "infrastructure";
ssid = builtins.readFile "${secretsDir}/wifi-ssid";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/wifi-password";
};
ipv4 = {
address1 = "192.168.20.21/24";
method = "auto";
};
};
hot = {
connection = {
id = "hot";
uuid = "ab51de8a-9742-465a-928b-be54a83ab6a3";
type = "wifi";
interface-name = "wlp3s0";
autoconnect-priority = "200";
};
wifi = {
mode = "ap";
ssid = "c2vi-le";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/wifi-password";
};
ipv4 = {
method = "shared";
};
};
hh40 = {
connection = {
id = "hh40";
uuid = "73a61cef-8f7b-4f42-ab3f-0066e0295bbc";
type = "wifi";
interface-name = "wlan0";
autoconnect = true;
autoconnect-priority = "300";
};
wifi = {
hidden = "false";
mode = "infrastructure";
ssid = builtins.readFile "${secretsDir}/home-wifi-ssid";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/home-wifi-password";
};
ipv4 = {
method = "auto";
address1 = "192.168.1.37/24";
};
};
dhcp = {
connection = {
id = "dhcp";
uuid = "c006389a-1697-4f77-91c3-95b466f85f13";
type = "ethernet";
autoconnect = true;
interface-name = "end0";
};
ethernet = {
mac-address = "DC:A6:32:CB:4D:5E";
};
ipv4 = {
address1 = "192.168.1.44/24,192.168.1.1";
method = "auto";
};
};
share = {
connection = {
id = "share";
uuid = "f55f34e3-4595-4642-b1f6-df3185bc0a04";
type = "ethernet";
autoconnect = false;
interface-name = "end0";
};
ethernet = {
mac-address = "DC:A6:32:CB:4D:5E";
};
ipv4 = {
address1 = "192.168.4.1/24";
method = "shared";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
};
pt = {
connection = {
id = "pt";
uuid = "f028117e-9eef-47c1-8483-574f7ee798a4";
type = "bluetooth";
autoconnect = true;
};
bluetooth = {
bdaddr = "E8:78:29:C4:BA:7C";
type = "panu";
};
ipv4 = {
address1 = "192.168.44.22/24";
method = "auto";
};
};
/*
me = {
connection = {
id = "me";
uuid = "fe45d3bc-21c6-41ff-bc06-c936017c6e02";
type = "wireguard";
autoconnect = "true";
interface-name = "me0";
};
wireguard = {
listen-port = "51820";
private-key = builtins.readFile "${secretsDir}/wg-private-lush";
};
ipv4 = {
address1 = "10.1.1.4/24";
method = "manual";
};
} // (import ../common/wg-peers.nix { inherit secretsDir; });
*/
};
systemd.services.iwd.serviceConfig.Restart = "always";
/*
networking = {
interfaces."wlan0".useDHCP = true;
interfaces."eth0" = {
#name = "eth0";
ipv4.addresses = [
{ address = "192.168.5.5"; prefixLength = 24;}
];
};
*/
/*
wireless = {
interfaces = [ "wlan0" ];
enable = true;
networks = {
seb-phone.psk = "hellogello";
};
};
};
*/
####################################### wireguard ##########################
/*
systemd.network.netdevs.me0 = {
enable = true;
wireguardPeers = import ../common/wg-peers.nix { inherit secretsDir; };
wireguardConfig = {
ListenPort = 51820;
PrivateKeyFile = "/etc/wireguard/secret.key";
};
};
networking.wireguard.interfaces = {
me = {
ips = [ "10.1.1.11/24" ];
};
*/
/*
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
*/
}

26
hosts/lush.nix
View File

@@ -155,6 +155,32 @@
method = "auto";
};
};
gw = {
connection = {
id = "gw";
uuid = "de655c52-1af2-4b46-b7b2-8ddad9edb52f";
type = "wifi";
interface-name = "wlan0";
autoconnect-priority = "300";
};
wifi = {
hidden = "true";
mode = "infrastructure";
ssid = builtins.readFile "${secretsDir}/gw-ssid";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/gw-password";
};
ipv4 = {
#address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;";
method = "auto";
};
};
hh40 = {
connection = {

218
hosts/mac.nix
View File

@@ -1,9 +1,10 @@
{ lib, secretsDir, pkgs, inputs, ... }: let
{ lib, secretsDir, pkgs, inputs, unstable, ... }: let
myobs = pkgs.wrapOBS {
plugins = with pkgs.obs-studio-plugins; [
obs-ndi
obs-teleport
droidcam-obs
];
};
@@ -21,6 +22,10 @@ in {
../users/root/default.nix
../common/nixos-wayland.nix
];
services.tailscale.enable = true;
programs.nix-ld.enable = true;
#services.pid-fan-controller.enable = true;
networking.hostName = "mac";
networking.firewall.enable = false;
@@ -57,6 +62,19 @@ in {
4410 # lan-mouse
];
##### Netbird Configuration
services.netbird.clients.ppc = {
#login = {
#enable = true;
#setupKeyFile = "${secretsDir}/netbird-setup-key";
#};
port = 51821;
ui.enable = false;
openFirewall = true;
#openInternalFirewall = true;
};
swapDevices = [ { device = "/swapfile"; } ];
boot.kernelModules = [ "usbip_core" ];
@@ -67,11 +85,15 @@ in {
"aarch64-linux"
];
networking.nftables.enable = true;
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
qemuSwtpm = true;
#qemuOvmfPackage = pkgs.OVMFFull;
extraConfig = ''
firewall_backend = "nftables"
'';
};
# Use the GRUB 2 boot loader.
@@ -85,7 +107,32 @@ in {
'';
};
# fix bluetooth-3-0-keyboard not reporting left and right cmd seperately (and remapping the other things the way i want them)
services.udev.extraHwdb = ''
evdev:input:b0005v05AC*
KEYBOARD_KEY_700e3=leftctrl
KEYBOARD_KEY_700e7=rightalt
KEYBOARD_KEY_700e2=leftmeta
KEYBOARD_KEY_700e0=leftalt
'';
# fan speed fix
systemd.services.my-fan-speed-fix = {
description = "Set applesmc fan values";
serviceConfig = {
Type = "oneshot";
ExecStart = ''
/bin/sh -c 'echo 1 > /sys/devices/platform/applesmc.768/fan2_manual; echo 1000 > /sys/devices/platform/applesmc.768/fan2_output'
'';
};
#startAt = "*:0/3"; # Runs every 3 minutes
wantedBy = [ "multi-user.target" "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
};
environment.systemPackages = with pkgs; [
myobs
lm_sensors
linuxPackages.usbip
helvum
passt
@@ -107,20 +154,7 @@ in {
};
networking = {
#usePredictableInterfaceNames = false;
defaultGateway = {
address = "192.168.1.1";
interface = "enp2s0";
};
nameservers = [ "1.1.1.1" "8.8.8.8" ];
interfaces = {
"enp2s0" = {
name = "enp2s0";
ipv4.addresses = [
{ address = "192.168.1.33"; prefixLength = 24;}
];
};
};
};
services.openssh = {
@@ -137,12 +171,12 @@ in {
'';
};
home-manager.users.me.home.file.".config/sway/config".text = ''
exec ${pkgs.wayvnc}/bin/wayvnc 0.0.0.0 6666
#home-manager.users.me.home.file.".config/sway/config".text = ''
#exec ${pkgs.wayvnc}/bin/wayvnc 0.0.0.0 6666
#exec 'wl-paste -w ${pkgs.netcat-openbsd}/bin/nc 192.168.1.11 4405'
#exec 'sh -c "while true; do ${pkgs.netcat-openbsd}/bin/nc -l 4405 | wl-copy; done"'
#exec 'sh -c "while true; do cat ~/clipboard | wl-paste; done"'
'';
#'';
home-manager.users.me.programs.lan-mouse = {
enable = true;
@@ -155,10 +189,8 @@ in {
position = "left";
hostname = "main";
activate_on_startup = true;
ips = [ "192.168.1.11" ];
ips = [ "192.168.4.2" "100.71.47.106" ];
port = 4410;
#enter_hook = "${pkgs.wl-clipboard}/bin/wl-paste | ${pkgs.netcat-openbsd}/bin/nc 192.168.1.11 4405";
enter_hook = "/run/current-system/sw/bin/cat /home/me/.cache/clipboard | ${pkgs.netcat-openbsd}/bin/nc 192.168.1.11 4405 -N";
}
];
};
@@ -170,13 +202,49 @@ in {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgKLRF9iYRH3Y8hPjLX1ZY6GyavruqcQ0Q0Y8bnmpv9 me@tab"
];
#services.greetd.enable = lib.mkForce false;
services.greetd = lib.mkForce {
enable = true;
settings = rec {
terminal.vt = 2;
initial_session = {
terminal.vt = 1;
initial_session = let
newerUnstableSrc = builtins.getFlake "nixpkgs/d0fc30899600b9b3466ddb260fd83deb486c32f1";
newerUnstable = import newerUnstableSrc.outPath {};
mySway = newerUnstable.sway.override {
sway-unwrapped = (newerUnstable.sway-unwrapped.overrideAttrs (prev: {
/*
src = pkgs.fetchFromGitHub {
owner = "WillPower3309";
repo = "swayfx";
rev = "";
hash = "";
};
*/
src = pkgs.fetchFromGitHub {
owner = "swaywm";
repo = "sway";
rev = "73c244fb4807a29c6599d42c15e8a8759225b2d6";
hash = "sha256-P2w1oRVUNBWajt8jZOxPXvBE29urbrhtORy+lfYqnF8=";
};
})).override {
wlroots = newerUnstable.wlroots.overrideAttrs (prev: {
version = "master";
src = pkgs.fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "wlroots";
repo = "wlroots";
rev = "master";
sha256 = "sha256-2FK6FGRpgf/YYqwJST0LVA/pnNRSUDrfrrp6mSwA0Fk=";
};
});
};
};
in {
#command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time -d --env WLR_RENDERER_ALLOW_SOFTWARE=1 --cmd sway";
command = "${pkgs.writeScriptBin "run-sway" ''
export WLR_RENDERER_ALLOW_SOFTWARE=1
export SDL_VIDEODRIVER=wayland
@@ -184,7 +252,7 @@ in {
export QT_QPA_PLATFORM=wayland
export XDG_CURRENT_DESKTOP=sway
export XDG_SESSION_DESKTOP=sway
exec sway > /tmp/sway-log 2>&1
exec ${pkgs.lib.getExe mySway}
''}/bin/run-sway";
user = "me";
};
@@ -192,6 +260,56 @@ in {
};
};
systemd.services."sway@" = let
mySway = unstable.sway.overrideAttrs (prev: {
/*
src = pkgs.fetchFromGitHub {
owner = "WillPower3309";
repo = "swayfx";
rev = "";
hash = "";
};
*/
src = pkgs.fetchFromGitHub {
owner = "swaywm";
repo = "sway";
rev = "73c244fb4807a29c6599d42c15e8a8759225b2d6";
hash = "sha256-P2w1oRVUNBWajt8jZOxPXvBE29urbrhtORy+lfYqnF8=";
};
});
in {
enable = false;
after = [ "systemd-user-sessions.service" "dbus.socket" "systemd-logind.service" "getty@%i.service" "plymouth-deactivate.service" "plymouth-quit.service" ];
before = [ "graphical.target" ];
wants = [ "dbus.socket" "systemd-logind.service" "plymouth-deactivate.service" ];
wantedBy = [ "graphical.target" ];
conflicts = [ "getty@%i.service" ]; # "plymouth-quit.service" "plymouth-quit-wait.service"
restartIfChanged = false;
serviceConfig = {
ExecStart = "${lib.getExe mySway}";
User = "me";
# ConditionPathExists = "/dev/tty0";
IgnoreSIGPIPE = "no";
# Log this user with utmp, letting it show up with commands 'w' and
# 'who'. This is needed since we replace (a)getty.
UtmpIdentifier = "%I";
UtmpMode = "user";
# A virtual terminal is needed.
TTYPath = "/dev/%I";
TTYReset = "yes";
TTYVHangup = "yes";
TTYVTDisallocate = "yes";
# Fail to start if not controlling the virtual terminal.
#StandardInput = "tty-fail";
#StandardOutput = "syslog";
#StandardError = "syslog";
# Set up a full (custom) user session for the user, required by Cage.
PAMName = "cage";
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
@@ -209,7 +327,7 @@ in {
hardware.enableRedistributableFirmware = true;
systemd.services."cage@" = {
enable = true;
enable = false;
after = [ "systemd-user-sessions.service" "dbus.socket" "systemd-logind.service" "getty@%i.service" "plymouth-deactivate.service" "plymouth-quit.service" ];
before = [ "graphical.target" ];
wants = [ "dbus.socket" "systemd-logind.service" "plymouth-deactivate.service" ];
@@ -258,12 +376,28 @@ in {
networking.networkmanager.enable = true;
networking.networkmanager.profiles = {
home = {
connection = {
id = "home";
uuid = "a02273d9-ad12-395e-8372-f61129635b6f";
type = "ethernet";
autoconnect-priority = "300";
interface-name = "enp2s0";
};
ipv4 = {
address2 = "192.168.4.3/24";
dns = "1.1.1.1;";
method = "manual";
};
};
pw = {
connection = {
id = "pw";
uuid = "e0103dac-7da0-4e32-a01b-487b8c4c813c";
type = "wifi";
interface-name = "wlp3s0";
autoconnect-priority = "200";
};
wifi = {
@@ -284,13 +418,40 @@ in {
};
};
gw = {
connection = {
id = "gw";
uuid = "de655c52-1af2-4b46-b7b2-8ddad9edb52f";
type = "wifi";
interface-name = "wlp3s0";
autoconnect-priority = "300";
};
wifi = {
hidden = "true";
mode = "infrastructure";
ssid = builtins.readFile "${secretsDir}/gw-ssid";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/gw-password";
};
ipv4 = {
#address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;";
method = "auto";
};
};
hot = {
connection = {
id = "hot";
uuid = "ab51de8a-9742-465a-928b-be54a83ab6a3";
type = "wifi";
autoconnect = false;
interface-name = "wlp3s0";
autoconnect-priority = "100";
};
wifi = {
mode = "ap";
@@ -336,7 +497,8 @@ in {
id = "dhcp";
uuid = "c006389a-1697-4f77-91c3-95b466f85f13";
type = "ethernet";
autoconnect = true;
autoconnect = false;
autoconnect-priority = "200";
interface-name = "enp2s0";
};

271
hosts/main.nix
View File

@@ -1,5 +1,5 @@
{ pkgs, lib, workDir, self, secretsDir, config, inputs, system, pkgsUnstable, ... }:
{ pkgs, lib, persistentDir, self, secretsDir, config, inputs, system, pkgsUnstable, ... }:
{
# https://bugzilla.kernel.org/show_bug.cgi?id=110941
@@ -35,7 +35,18 @@
#services.openssh.enable = true;
programs.obs-studio = {
enable = true;
enableVirtualCamera = true;
plugins = with pkgs.obs-studio-plugins; [
droidcam-obs
#distroav
obs-teleport
];
};
# virtual display
/*
hardware.display = {
edid.packages = [
@@ -56,12 +67,13 @@
UUEwQzAxNzgwMDEKACU=
EOF
'')
*/
];
*/
# find a free GPU output using this command:
# for p in /sys/class/drm/*/status; do con=${p%/status}; echo -n "${con#*/card?-}: "; cat $p; done
/*
outputs."DP-2" = {
edid = "virtual.bin";
@@ -71,10 +83,25 @@
mode = "1920x1080e";
};
};
*/
##### Netbird Configuration
services.netbird.clients.ppc = {
#login = {
#enable = true;
#setupKeyFile = "${secretsDir}/netbird-setup-key";
#};
port = 51821;
ui.enable = false;
openFirewall = true;
#openInternalFirewall = true;
};
programs.fuse.userAllowOther = true;
services.gnome.gnome-keyring.enable = true;
services.sunshine = {
enable = false;
autoStart = true;
@@ -118,6 +145,10 @@
});
};
fonts.packages = with pkgs; [
league-gothic
];
hardware.graphics.extraPackages = with pkgs; [
@@ -125,22 +156,41 @@
];
services.keyd = {
enable = true;
/*
keyboards.bluetooth-3-0-keyboard = {
ids = [ "05ac:0255:f22563e9" ];
settings.main = {
leftalt = "meta";
leftcontrol = "leftalt";
};
};
*/
#keyboards.default.ids = [ "-05ac:0255" ]; completely disables my rebinding...... hmmmm
keyboards.default.settings = {
main = {
leftalt = "leftcontrol";
leftcontrol = "leftalt";
};
};
};
home-manager.users.me.programs.lan-mouse = {
enable = true;
settings = {
authorized_fingerprints."0d:4f:2c:8a:46:d5:6a:e2:22:c9:02:89:39:da:75:69:2d:e9:32:39:d7:dc:e6:e2:50:d6:20:22:a5:26:d4:44" = "mac";
authorized_fingerprints."20:e2:a0:c1:e9:52:9b:72:d5:68:8c:7c:91:c0:ac:33:ba:ec:bc:61:73:e9:8e:c1:a8:30:1a:ea:ae:2b:55:33" = "mac";
port = 4410;
clients = [
{
position = "right";
hostname = "mac";
activate_on_startup = true;
ips = [ "192.168.1.33" ];
ips = [ "192.168.4.3" "100.100.55.117" ];
port = 4410;
#enter_hook = "${pkgs.wl-clipboard}/bin/wl-paste | ${pkgs.openssh}/bin/ssh mac 'cat > ~/clipboard'";
#enter_hook = "/run/current-system/sw/bin/echo hooooooooooo > /home/me/p1";
enter_hook = "/run/current-system/sw/bin/cat /home/me/.cache/clipboard | /run/current-system/sw/bin/ssh mac 'cat >~/clipboard'";
}
];
};
@@ -155,10 +205,17 @@
services.tailscale.enable = true;
services.resilio = {
enable = true;
enable = false;
enableWebUI = true;
httpListenAddr = "100.71.47.106";
checkForUpdates = false;
listeningPort = 44444;
};
users.users.me.homeMode = "770"; # important for resilio
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
44444 # resilio sync
9000 # resilio webui
];
@@ -193,11 +250,11 @@
################# make firefox default browser
environment.sessionVariables.DEFAULT_BROWSER = "firefox"; # for electron apps
xdg.mime.defaultApplications = {
"text/html" = "firefox.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"x-scheme-handler/about" = "firefox.desktop";
"x-scheme-handler/unknown" = "firefox.desktop";
"text/html" = "firefox-nightly.desktop";
"x-scheme-handler/http" = "firefox-nightly.desktop";
"x-scheme-handler/https" = "firefox-nightly.desktop";
"x-scheme-handler/about" = "firefox-nightly.desktop";
"x-scheme-handler/unknown" = "firefox-nightly.desktop";
};
@@ -214,6 +271,7 @@
#../common/nixos-graphical.nix
../common/nixos-wayland.nix
../common/building.nix
../common/nixos.nix
../mods/battery_monitor.nix
inputs.networkmanager.nixosModules.networkmanager
@@ -229,12 +287,17 @@
#inputs.waveforms.nixosModule
];
services.udev.packages = [ inputs.waveforms.packages.${system}.adept2-runtime ];
users.users.rslsync.extraGroups = ["users"];
#services.udev.packages = [ inputs.waveforms.packages.${system}.adept2-runtime ];
#users.users.rslsync.extraGroups = ["users"];
# add myself to plugdev group for waveforms
# and incus-admin to use incus without sudo
users.users.me.extraGroups = [ "incus-admin" "plugdev" "rslsync" ];
users.users.me.extraGroups = [
"incus-admin" "plugdev"
#"rslsync"
"docker"
];
nixpkgs.config.permittedInsecurePackages = [
@@ -243,7 +306,14 @@
environment.systemPackages = with pkgs; [
inputs.waveforms.packages.${system}.waveforms
((builtins.getFlake "nixpkgs/96bc8fec15133d6056410ed3abae2fb9419fb545").legacyPackages.${system}.affine.overrideAttrs {
patches = [
../overlays/patches/affin-edgeless-right-click-drag.patch
];
})
#inputs.waveforms.packages.${system}.waveforms
intel-compute-runtime-legacy1
ffmpeg-full
remmina
@@ -257,13 +327,6 @@
slurp # screenshot functionality
wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout
mako # notification system developed by swaywm maintainer
(pkgs.wrapOBS {
plugins = with obs-studio-plugins; [
obs-ndi
obs-teleport
];
})
(writeShellScriptBin "davinci" ''
NIXPKGS_ALLOW_UNFREE=1 OCL_ICD_ENABLE_TRACE=True QT_QPA_PLATFORM=xcb nix run nixpkgs#davinci-resolve --impure -L
'')
@@ -284,7 +347,7 @@
dhcpcd
looking-glass-client
swtpm
win-virtio
virtio-win
];
# shedule nix builds with low priority, so the laptop is still usable while building something
@@ -390,6 +453,66 @@
'';
# */
################################ extra home-manager config for main #############################
home-manager.users.me.programs.bash = {
bashrcExtra = ''
function rp () {
host=$1
if [[ "$host" == "mosatop" ]]
then
xfreerdp /u:"c2vi" /v:mosatop /p:$(cat ${secretsDir}/mosatop-rdp-password) /dynamic-resolution +clipboard +auto-reconnect /wm-class:"Microsoft Windows"
elif [[ "$host" == "acern" ]]
then
xfreerdp /u:"seb" /v:acern /p:$(cat ${secretsDir}/acern-rdp-password) /dynamic-resolution +clipboard +auto-reconnect /wm-class:"Microsoft Windows"
elif [[ "$host" == "mwin" ]]
then
xfreerdp /u:"me" /v:mac:4400 /p:$(cat /home/me/secrets/win-vm-pwd) /dynamic-resolution +clipboard +auto-reconnect +home-drive /wm-class:"Microsoft Windows";
elif [[ "$host" == "win" ]]
then
xfreerdp /u:"me" /v:192.168.122.141 /p:$(cat /home/me/secrets/win-vm-pwd) /dynamic-resolution +clipboard +auto-reconnect +home-drive /wm-class:"Microsoft Windows";
elif [[ "$host" == "phone" ]]
then
ssh phone "source ~/.bashrc && on" &
${pkgs.rustdesk}/bin/rustdesk --connect 100.77.80.77
elif [[ "$host" == "vnc-fwin" ]]
then
${pkgs.remmina}/bin/remmina -c ${persistentDir}/remmina/fwin.remmina
elif [[ "$host" == "fwin" ]]
then
xfreerdp /u:"me" /v:fusu:9002 /p:$(cat /home/me/secrets/win-vm-pwd) /dynamic-resolution +clipboard +auto-reconnect +home-drive /wm-class:"Microsoft Windows";
elif [[ "$host" == "ki" ]]
then
${pkgs.remmina}/bin/remmina -c ${persistentDir}/remmina/ki.remmina
elif [[ "$host" == "mac" ]]
then
${pkgs.remmina}/bin/remmina -c ${persistentDir}/remmina/mac.remmina
elif [[ "$host" == "mandroid" ]]
then
${pkgs.remmina}/bin/remmina -c ${persistentDir}/remmina/mandroid.remmina
fi
}
complete -W "mosatop acern phone mwin win fwin ki mac mandroid" rp
'';
};
################################ my youtube blocking service #############################
environment.etc."host.conf" = {
# needed so that firefox does not ignore the hosts file
@@ -433,10 +556,6 @@
services.samba.openFirewall = true;
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
44444 # resilio sync
];
networking.firewall.allowedTCPPorts = [
5357 # wsdd
8888 # for general usage
@@ -455,6 +574,7 @@
53 # allow dns
48899 # GoodWe inverter discovery
4410 # lan-mouse
41641 # tailscale
];
#networking.search = [ "c2vi.local" ];
@@ -470,10 +590,10 @@
uuid = "a02273d9-ad12-395e-8372-f61129635b6f";
type = "ethernet";
autoconnect-priority = "-999";
interface-name = "enp1s0";
interface-name = "enp0s13f0u1u4u3";
};
ipv4 = {
address1 = "192.168.1.11/24,192.168.1.1";
address2 = "192.168.4.2/24";
dns = "1.1.1.1;";
method = "manual";
};
@@ -530,6 +650,7 @@
uuid = "e0103dac-7da0-4e32-a01b-487b8c4c813c";
type = "wifi";
interface-name = "wlo1";
autoconnect-priority = "200";
};
wifi = {
@@ -550,6 +671,33 @@
};
};
gw = {
connection = {
id = "gw";
uuid = "de655c52-1af2-4b46-b7b2-8ddad9edb52f";
type = "wifi";
interface-name = "wlo1";
autoconnect-priority = "300";
};
wifi = {
hidden = "true";
mode = "infrastructure";
ssid = builtins.readFile "${secretsDir}/gw-ssid";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/gw-password";
};
ipv4 = {
#address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;";
method = "auto";
};
};
hec = {
connection = {
id = "hec";
@@ -623,8 +771,8 @@
id = "dhcp";
uuid = "c006389a-1697-4f77-91c3-95b466f85f13";
type = "ethernet";
autoconnect = "false";
interface-name = "enp1s0";
autoconnect = "true";
interface-name = "enp0s13f0u1u3";
};
ethernet = {
@@ -718,17 +866,21 @@
######################################### virtualisation ###############################
networking.nftables.enable = true;
virtualisation.docker.enable = true;
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
#qemuOvmf = true;
qemuSwtpm = true;
#qemuOvmfPackage = pkgs.OVMFFull;
extraConfig = ''
firewall_backend = "nftables"
'';
};
# see: https://github.com/NixOS/nixpkgs/issues/300081
#disabledModules = [ "virtualisation/incus.nix" ];
networking.nftables.enable = true;
# client package now separated...
#virtualisation.incus.clientPackage = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.incus;
virtualisation.incus.enable = true;
@@ -773,9 +925,9 @@
# boot.resumeDevice = "/swapfile";
services.logind = {
extraConfig = ''
HandlePowerKey=suspend-then-hibernate
'';
#extraConfig = ''
#HandlePowerKey=suspend-then-hibernate
#'';
lidSwitch = "lock";
lidSwitchExternalPower = "lock";
lidSwitchDocked = "ignore";
@@ -784,6 +936,45 @@
HibernateDelaySec=4h
HibernateMode=shutdown
'';
############################## swap and hibernate ###################################
/*
fileSystems."/home/me/work/things/ppc" = {
device = "https://dav.ppc.social";
fsType = "davfs";
options = [
"netdev"
"rw"
"user"
"uid=1000"
"filemode=0644"
"dirmode=0755"
"noauto"
"x-systemd.automount"
];
};
*/
services = {
davfs2 = {
enable = true;
davUser = "me";
settings = {
globalSection = {
gui_optimize = true;
file_refresh = 30;
};
sections = {
"/home/me/work/things/ppc" = {
gui_optimize = true;
file_refresh = 30;
};
};
};
};
};
}

366
hosts/te.nix Normal file
View File

@@ -0,0 +1,366 @@
{ lib, secretsDir, pkgs, inputs, unstable, ... }: let
in {
#users.users.me.password = builtins.readFile "${secretsDir}/te-password";
#users.users.root.password = builtins.readFile "${secretsDir}/te-password";
imports = [
../common/all.nix
../common/nixos.nix
../common/building.nix
inputs.home-manager.nixosModules.home-manager
inputs.networkmanager.nixosModules.networkmanager
inputs.disko.nixosModules.disko
../users/me/gui.nix
../users/root/default.nix
../common/nixos-wayland.nix
];
services.tailscale.enable = true;
programs.nix-ld.enable = true;
networking.hostName = "te";
networking.firewall.enable = false;
services.avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
networking.firewall.allowedTCPPorts = [
8888 # for general usage
9999 # for general usage
6000 # Xserver
6666 # vnc sway
5900 # vnc for win VM
5901 # vnc
5902 # vnc
4400 # rdp win VM
4401 # ssh for mandroid
4402 # random
4403 # random
4404 # random
];
networking.firewall.allowedUDPPorts = [
48899 # GoodWe inverter discovery
4410 # lan-mouse
];
swapDevices = [
{
device = "/swapfile";
size = 4 * 1024;
}
];
boot.kernelModules = [ "usbip_core" ];
boot.extraModprobeConfig = "options kvm_intel nested=1";
# to build rpi images
boot.binfmt.emulatedSystems = [
"aarch64-linux"
];
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
qemuSwtpm = true;
#qemuOvmfPackage = pkgs.OVMFFull;
};
environment.systemPackages = with pkgs; [
linuxPackages.usbip
mount
efibootmgr
tcpdump
];
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
settings.X11Forwarding = true;
extraConfig = ''
X11UseLocalhost no
'';
};
systemd.services."sway@" = let
mySway = unstable.sway.overrideAttrs (prev: {
/*
src = pkgs.fetchFromGitHub {
owner = "WillPower3309";
repo = "swayfx";
rev = "";
hash = "";
};
*/
src = pkgs.fetchFromGitHub {
owner = "swaywm";
repo = "sway";
rev = "73c244fb4807a29c6599d42c15e8a8759225b2d6";
hash = "sha256-P2w1oRVUNBWajt8jZOxPXvBE29urbrhtORy+lfYqnF8=";
};
});
in {
enable = false;
after = [ "systemd-user-sessions.service" "dbus.socket" "systemd-logind.service" "getty@%i.service" "plymouth-deactivate.service" "plymouth-quit.service" ];
before = [ "graphical.target" ];
wants = [ "dbus.socket" "systemd-logind.service" "plymouth-deactivate.service" ];
wantedBy = [ "graphical.target" ];
conflicts = [ "getty@%i.service" ]; # "plymouth-quit.service" "plymouth-quit-wait.service"
restartIfChanged = false;
serviceConfig = {
ExecStart = "${lib.getExe mySway}";
User = "me";
# ConditionPathExists = "/dev/tty0";
IgnoreSIGPIPE = "no";
# Log this user with utmp, letting it show up with commands 'w' and
# 'who'. This is needed since we replace (a)getty.
UtmpIdentifier = "%I";
UtmpMode = "user";
# A virtual terminal is needed.
TTYPath = "/dev/%I";
TTYReset = "yes";
TTYVHangup = "yes";
TTYVTDisallocate = "yes";
# Fail to start if not controlling the virtual terminal.
#StandardInput = "tty-fail";
#StandardOutput = "syslog";
#StandardError = "syslog";
# Set up a full (custom) user session for the user, required by Cage.
PAMName = "cage";
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
###################################################### the kiosk stuff
services.dbus.enable = true;
fonts.enableDefaultPackages = true;
xdg.icons.enable = true;
gtk.iconCache.enable = true;
services.udisks2.enable = false;
hardware.opengl.enable = true;
hardware.enableRedistributableFirmware = true;
systemd.defaultUnit = "graphical.target";
############################# networkmanager
# update name of wifi-interface
systemd.services.update-wifi-iface = {
description = "Update Wi-Fi interface name in network manager";
path = with pkgs; [
networkmanager # for nmcli
iproute2 # for ip
gawk # for awk
];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.writeShellScriptBin "run" ''
name=$(ip link | awk -F: '/^[0-9]+: wl/ {print $2}' | sed 's/^ //')
nmcli connection modify pw connection.interface-name $name
''}/bin/run";
};
wantedBy = [ "multi-user.target" ];
after = [ "Networkmanager.service" "network.target" ];
};
networking.networkmanager.enable = true;
networking.networkmanager.profiles = {
pw = {
connection = {
id = "pw";
uuid = "e0103dac-7da0-4e32-a01b-487b8c4c813c";
type = "wifi";
interface-name = "wlp3s0";
};
wifi = {
hidden = "true";
mode = "infrastructure";
ssid = builtins.readFile "${secretsDir}/wifi-ssid";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/wifi-password";
};
ipv4 = {
#address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;";
method = "auto";
};
};
pt = {
connection = {
id = "pt";
uuid = "f028117e-9eef-47c1-8483-574f7ee798a4";
type = "bluetooth";
autoconnect = "false";
};
bluetooth = {
bdaddr = "E8:78:29:C4:BA:7C";
type = "panu";
};
ipv4 = {
address1 = "192.168.44.11/24";
method = "auto";
};
};
hot = {
connection = {
id = "hot";
uuid = "ab51de8a-9742-465a-928b-be54a83ab6a3";
type = "wifi";
autoconnect = false;
interface-name = "wlp3s0";
};
wifi = {
mode = "ap";
ssid = "c2vi-te";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/wifi-password";
};
ipv4 = {
method = "shared";
};
};
share = {
connection = {
id = "share";
uuid = "f55f34e3-4595-4642-b1f6-df3185bc0a04";
type = "ethernet";
interface-name = "enp2s0";
};
ethernet = {
mac-address = "C8:2A:14:0B:7F:3D";
};
ipv4 = {
address1 = "192.168.4.1/24";
method = "shared";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
};
};
############ boot stuff
boot.plymouth.enable = false;
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.grub.device = "nodev";
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"uhci_hcd"
"ohci_hcd"
"usb_storage"
"uas"
"sd_mod"
"sr_mod"
"scsi_mod"
];
boot.loader.grub.extraConfig = ''
set timeout=2
'';
############### disk config
# the flash drive in use for te
#disko.devices.disk.root.device = "/dev/disk/by-id/usb-Generic_Flash_Disk_FF830E8F-0:0";
disko.devices.disk.root.device = "/dev/disk/by-id/ata-KBG40ZNV512G_KIOXIA_70GPGA85QBV1";
disko.devices = {
disk = {
root = {
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
biosboot = {
size = "2M";
type = "21686148-6449-6E6F-744E-656564454649"; # BIOS boot
};
root = {
size = "240G";
content = {
# LUKS passphrase will be prompted interactively only
type = "luks";
name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
pub = {
size = "100%";
content = {
type = "filesystem";
format = "exfat";
mountpoint = "/pub";
};
};
};
};
};
};
};
}

349
hosts/ti.nix Normal file
View File

@@ -0,0 +1,349 @@
{ lib, pkgs, inputs, secretsDir, config, ... }:
{
#system.stateVersion = "23.05"; # Did you read the comment?
imports = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
#inputs.nixos-hardware.nixosModules.raspberry-pi-4
inputs.networkmanager.nixosModules.networkmanager
../common/all.nix
inputs.home-manager.nixosModules.home-manager
../users/me/headless.nix
##### project modules #####
# the module for the zwave setup
#"${workDir}/htl/labor/hackl/zwave.nix"
# labor nas project
# with this moduel it does not boot, it waits for /dev/disk/by-label/nas-storage
# "${workDir}/htl/labor/nas/nixos/lush-module.nix"
];
#nixpkgs.config.allowUnsupportedSystem = true;
#nixpkgs.hostPlatform.system = "aarch64-linux";
#nixpkgs.buildPlatform.system = "x86_64-linux";
# fix bluetooth
hardware = {
bluetooth = {
package = pkgs.bluez;
enable = true;
powerOnBoot = true;
};
};
# get usbip working
boot.extraModulePackages = [
config.boot.kernelPackages.usbip
];
#boot.kernelParams = lib.mkForce ["console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0" "nohibernate" "loglevel=7" ];
/* for cross compiling
#nixpkgs.hostPlatform.system = "aarch64-linux";
#nixpkgs.buildPlatform.system = "x86_64-linux";
nixpkgs.overlays = [
(outerFinal: outerPrev: {
#https://github.com/adrienverge/openfortivpn/issues/446
#https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/tools/networking/openfortivpn/default.nix#L47
openfortivpn = outerPrev.openfortivpn.overrideAttrs (final: prev: {
configureFlags = prev.configureFlags or [] ++ [
"--disable-proc"
"--with-rt_dst=yes"
"--with-pppd=/usr/sbin/pppd"
];
});
})
];
*/
services.blueman.enable = true;
hardware.enableRedistributableFirmware = true;
services.tailscale.enable = true;
environment.systemPackages = with pkgs; [
linuxPackages.usbip
vim
bluez
git
];
# "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" creates a
# disk with this label on first boot. Therefore, we need to keep it. It is the
# only information from the installer image that we need to keep persistent
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
noCheck = true;
fsType = "ext4";
};
boot = {
loader = {
generic-extlinux-compatible.enable = lib.mkDefault true;
grub.enable = lib.mkDefault false;
};
};
########################### ssh ############################
services.openssh = {
enable = true;
ports = [ 22 ];
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
settings.X11Forwarding = true;
extraConfig = ''
X11UseLocalhost no
'';
};
####################################### networking ##########################
networking.firewall.allowedUDPPorts = [
3702 # wsdd
51820 # wireguard
67 # allow DHCP traffic
53 # allow dns
];
networking.firewall.allowedTCPPorts = [
8888 # general use
9999 # general use
3240 # usbip
];
networking.hostName = "ti";
networking.networkmanager.enable = true;
networking.networkmanager.profiles = {
pw = {
connection = {
id = "pw";
uuid = "e0103dac-7da0-4e32-a01b-487b8c4c813c";
type = "wifi";
interface-name = "wlan0";
autoconnect = true;
autoconnect-priority = "-200";
};
wifi = {
hidden = "true";
mode = "infrastructure";
ssid = builtins.readFile "${secretsDir}/wifi-ssid";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/wifi-password";
};
ipv4 = {
address1 = "192.168.20.21/24";
method = "auto";
};
};
gw = {
connection = {
id = "gw";
uuid = "de655c52-1af2-4b46-b7b2-8ddad9edb52f";
type = "wifi";
interface-name = "wlp2s0";
autoconnect-priority = "300";
};
wifi = {
hidden = "false";
mode = "infrastructure";
ssid = builtins.readFile "${secretsDir}/gw-ssid";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/gw-password";
};
ipv4 = {
#address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;";
method = "auto";
};
};
hh40 = {
connection = {
id = "hh40";
uuid = "73a61cef-8f7b-4f42-ab3f-0066e0295bbc";
type = "wifi";
interface-name = "wlan0";
autoconnect = true;
autoconnect-priority = "-999";
};
wifi = {
hidden = "false";
mode = "infrastructure";
ssid = builtins.readFile "${secretsDir}/home-wifi-ssid";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/home-wifi-password";
};
ipv4 = {
method = "auto";
address1 = "192.168.1.37/24";
};
};
dhcp = {
connection = {
id = "dhcp";
uuid = "c006389a-1697-4f77-91c3-95b466f85f13";
type = "ethernet";
autoconnect = "true";
interface-name = "eth0";
};
ethernet = {
mac-address = "DC:A6:32:CB:4D:5E";
};
ipv4 = {
address1 = "192.168.1.44/24,192.168.1.1";
method = "auto";
};
};
share = {
connection = {
id = "share";
uuid = "f55f34e3-4595-4642-b1f6-df3185bc0a04";
type = "ethernet";
autoconnect = false;
interface-name = "eth0";
};
ethernet = {
mac-address = "DC:A6:32:CB:4D:5E";
};
ipv4 = {
address1 = "192.168.4.1/24";
method = "shared";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
};
pt = {
connection = {
id = "pt";
uuid = "f028117e-9eef-47c1-8483-574f7ee798a4";
type = "bluetooth";
autoconnect = true;
};
bluetooth = {
bdaddr = "E8:78:29:C4:BA:7C";
type = "panu";
};
ipv4 = {
address1 = "192.168.44.22/24";
method = "auto";
};
};
/*
me = {
connection = {
id = "me";
uuid = "fe45d3bc-21c6-41ff-bc06-c936017c6e02";
type = "wireguard";
autoconnect = "true";
interface-name = "me0";
};
wireguard = {
listen-port = "51820";
private-key = builtins.readFile "${secretsDir}/wg-private-lush";
};
ipv4 = {
address1 = "10.1.1.4/24";
method = "manual";
};
} // (import ../common/wg-peers.nix { inherit secretsDir; });
*/
};
systemd.services.iwd.serviceConfig.Restart = "always";
/*
networking = {
interfaces."wlan0".useDHCP = true;
interfaces."eth0" = {
#name = "eth0";
ipv4.addresses = [
{ address = "192.168.5.5"; prefixLength = 24;}
];
};
*/
/*
wireless = {
interfaces = [ "wlan0" ];
enable = true;
networks = {
seb-phone.psk = "hellogello";
};
};
};
*/
####################################### wireguard ##########################
/*
systemd.network.netdevs.me0 = {
enable = true;
wireguardPeers = import ../common/wg-peers.nix { inherit secretsDir; };
wireguardConfig = {
ListenPort = 51820;
PrivateKeyFile = "/etc/wireguard/secret.key";
};
};
networking.wireguard.interfaces = {
me = {
ips = [ "10.1.1.11/24" ];
};
*/
/*
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
*/
}

821
log Normal file
View File

@@ -0,0 +1,821 @@
warning: Git tree '/home/me/work/config' is dirty
evaluation warning: You have set specialArgs.pkgs, which means that options like nixpkgs.config
and nixpkgs.overlays will be ignored. If you wish to reuse an already created
pkgs, which you know is configured correctly for this NixOS configuration,
please import the `nixosModules.readOnlyPkgs` module from the nixpkgs flake or
`(modulesPath + "/misc/nixpkgs/read-only.nix"), and set `{ nixpkgs.pkgs = <your pkgs>; }`.
This properly disables the ignored options to prevent future surprises.
evaluation warning: nix-index-database: flake output `hmModules` has been renamed to `homeModules`
evaluation warning: In order to support declarative extension configuration,
extension installation has been moved from
programs.firefox.profiles.<profile>.extensions
to
programs.firefox.profiles.<profile>.extensions.packages
evaluation warning: 'system' has been renamed to/replaced by 'stdenv.hostPlatform.system'
error:
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:1691:14:
1690| zipAttrsWith (
1691| n: values:
| ^
1692| let
… while calling the 'head' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:1696:13:
1695| if length values == 1 || pred here (elemAt values 1) (head values) then
1696| head values
| ^
1697| else
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:1188:17:
1187| mapAttrs (
1188| name: value:
| ^
1189| if isAttrs value && cond value then recurse (path ++ [ name ]) value else f (path ++ [ name ]) value
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:1189:85:
1188| name: value:
1189| if isAttrs value && cond value then recurse (path ++ [ name ]) value else f (path ++ [ name ]) value
| ^
1190| );
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:275:71:
274| # For definitions that have an associated option
275| declaredConfig = mapAttrsRecursiveCond (v: !isOption v) (_: v: v.value) options;
| ^
276|
… while evaluating the attribute 'value'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1118:7:
1117| // {
1118| value = addErrorContext "while evaluating the option `${showOption loc}':" value;
| ^
1119| inherit (res.defsFinal') highestPrio;
… while evaluating the option `system.build.toplevel':
… while evaluating the attribute 'mergedValue'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1192:5:
1191| # Type-check the remaining definitions, and merge them. Or throw if no definitions.
1192| mergedValue =
| ^
1193| if isDefined then
… while evaluating a branch condition
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1193:7:
1192| mergedValue =
1193| if isDefined then
| ^
1194| if type.merge ? v2 then
… while evaluating the attribute 'values'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1186:9:
1185| {
1186| values = defsSorted;
| ^
1187| inherit (defsFiltered) highestPrio;
… while evaluating a branch condition
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1180:11:
1179| # Avoid sorting if we don't have to.
1180| if any (def: def.value._type or "" == "order") defsFiltered.values then
| ^
1181| sortProperties defsFiltered.values
… while calling the 'any' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1180:14:
1179| # Avoid sorting if we don't have to.
1180| if any (def: def.value._type or "" == "order") defsFiltered.values then
| ^
1181| sortProperties defsFiltered.values
… while evaluating the attribute 'values'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1360:7:
1359| {
1360| values = concatMap (def: if getPrio def == highestPrio then [ (strip def) ] else [ ]) defs;
| ^
1361| inherit highestPrio;
… while calling the 'concatMap' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1360:16:
1359| {
1360| values = concatMap (def: if getPrio def == highestPrio then [ (strip def) ] else [ ]) defs;
| ^
1361| inherit highestPrio;
… while calling the 'concatMap' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1160:26:
1159| # Process mkMerge and mkIf properties.
1160| defsNormalized = concatMap (
| ^
1161| m:
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1161:11:
1160| defsNormalized = concatMap (
1161| m:
| ^
1162| map (
… while calling the 'map' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1162:11:
1161| m:
1162| map (
| ^
1163| value:
… while evaluating definitions from `/nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/nixos/modules/system/activation/top-level.nix':
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1171:80:
1170| }
1171| ) (addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
| ^
1172| ) defs;
… while calling 'dischargeProperties'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1311:5:
1310| dischargeProperties =
1311| def:
| ^
1312| if def._type or "" == "merge" then
… while evaluating a branch condition
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1312:5:
1311| def:
1312| if def._type or "" == "merge" then
| ^
1313| concatMap dischargeProperties def.contents
… while evaluating the attribute 'value'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:805:21:
804| inherit (module) file;
805| inherit value;
| ^
806| }) module.config
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/nixos/modules/system/activation/top-level.nix:81:26:
80| # Handle assertions and warnings
81| baseSystemAssertWarn = lib.asserts.checkAssertWarn config.assertions config.warnings baseSystem;
| ^
82|
… while calling 'checkAssertWarn'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/asserts.nix:193:27:
192| checkAssertWarn =
193| assertions: warnings: val:
| ^
194| let
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/asserts.nix:200:7:
199| else
200| showWarnings warnings val;
| ^
201|
… while calling 'showWarnings'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/trivial.nix:982:28:
981|
982| showWarnings = warnings: res: lib.foldr (w: x: warn w x) res warnings;
| ^
983|
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/trivial.nix:982:33:
981|
982| showWarnings = warnings: res: lib.foldr (w: x: warn w x) res warnings;
| ^
983|
… while calling 'foldr'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/lists.nix:139:14:
138| foldr =
139| op: nul: list:
| ^
140| let
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/lists.nix:144:5:
143| in
144| fold' 0;
| ^
145|
… while calling 'fold''
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/lists.nix:142:15:
141| len = length list;
142| fold' = n: if n == len then nul else op (elemAt list n) (fold' (n + 1));
| ^
143| in
… while evaluating a branch condition
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/lists.nix:142:18:
141| len = length list;
142| fold' = n: if n == len then nul else op (elemAt list n) (fold' (n + 1));
| ^
143| in
… while calling the 'length' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/lists.nix:141:13:
140| let
141| len = length list;
| ^
142| fold' = n: if n == len then nul else op (elemAt list n) (fold' (n + 1));
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/nixos/modules/system/activation/top-level.nix:81:72:
80| # Handle assertions and warnings
81| baseSystemAssertWarn = lib.asserts.checkAssertWarn config.assertions config.warnings baseSystem;
| ^
82|
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:1188:17:
1187| mapAttrs (
1188| name: value:
| ^
1189| if isAttrs value && cond value then recurse (path ++ [ name ]) value else f (path ++ [ name ]) value
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:1189:85:
1188| name: value:
1189| if isAttrs value && cond value then recurse (path ++ [ name ]) value else f (path ++ [ name ]) value
| ^
1190| );
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:275:71:
274| # For definitions that have an associated option
275| declaredConfig = mapAttrsRecursiveCond (v: !isOption v) (_: v: v.value) options;
| ^
276|
… while evaluating the attribute 'value'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1118:7:
1117| // {
1118| value = addErrorContext "while evaluating the option `${showOption loc}':" value;
| ^
1119| inherit (res.defsFinal') highestPrio;
… while evaluating the option `warnings':
(10 duplicate frames omitted)
… while evaluating definitions from `/nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/nixos/modules/system/boot/systemd.nix':
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1171:80:
1170| }
1171| ) (addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
| ^
1172| ) defs;
… while calling 'dischargeProperties'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1311:5:
1310| dischargeProperties =
1311| def:
| ^
1312| if def._type or "" == "merge" then
… while evaluating a branch condition
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1312:5:
1311| def:
1312| if def._type or "" == "merge" then
| ^
1313| concatMap dischargeProperties def.contents
… while evaluating the attribute 'value'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:805:21:
804| inherit (module) file;
805| inherit value;
| ^
806| }) module.config
… while calling the 'concatLists' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/nixos/modules/system/boot/systemd.nix:494:7:
493| in
494| concatLists (
| ^
495| mapAttrsToList (
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/nixos/modules/system/boot/systemd.nix:496:17:
495| mapAttrsToList (
496| name: service:
| ^
497| let
… while calling the 'concatLists' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/nixos/modules/system/boot/systemd.nix:502:11:
501| in
502| concatLists [
| ^
503| (optional (type == "oneshot" && (restart == "always" || restart == "on-success"))
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/nixos/modules/system/boot/systemd.nix:503:14:
502| concatLists [
503| (optional (type == "oneshot" && (restart == "always" || restart == "on-success"))
| ^
504| "Service '${name}.service' with 'Type=oneshot' cannot have 'Restart=always' or 'Restart=on-success'"
… while calling 'optional'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/lists.nix:777:20:
776| */
777| optional = cond: elem: if cond then [ elem ] else [ ];
| ^
778|
… while evaluating a branch condition
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/lists.nix:777:26:
776| */
777| optional = cond: elem: if cond then [ elem ] else [ ];
| ^
778|
… in the left operand of the AND (&&) operator
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/nixos/modules/system/boot/systemd.nix:503:42:
502| concatLists [
503| (optional (type == "oneshot" && (restart == "always" || restart == "on-success"))
| ^
504| "Service '${name}.service' with 'Type=oneshot' cannot have 'Restart=always' or 'Restart=on-success'"
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/nixos/modules/system/boot/systemd.nix:498:20:
497| let
498| type = service.serviceConfig.Type or "";
| ^
499| restart = service.serviceConfig.Restart or "no";
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:1188:17:
1187| mapAttrs (
1188| name: value:
| ^
1189| if isAttrs value && cond value then recurse (path ++ [ name ]) value else f (path ++ [ name ]) value
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:1189:85:
1188| name: value:
1189| if isAttrs value && cond value then recurse (path ++ [ name ]) value else f (path ++ [ name ]) value
| ^
1190| );
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:275:71:
274| # For definitions that have an associated option
275| declaredConfig = mapAttrsRecursiveCond (v: !isOption v) (_: v: v.value) options;
| ^
276|
… while evaluating the attribute 'value'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1118:7:
1117| // {
1118| value = addErrorContext "while evaluating the option `${showOption loc}':" value;
| ^
1119| inherit (res.defsFinal') highestPrio;
… while evaluating the option `systemd.services.home-manager-me.serviceConfig':
… while evaluating the attribute 'mergedValue'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1192:5:
1191| # Type-check the remaining definitions, and merge them. Or throw if no definitions.
1192| mergedValue =
| ^
1193| if isDefined then
… while evaluating the attribute 'value'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/types.nix:878:17:
877| headError = checkDefsForError check loc defs;
878| value = mapAttrs (
| ^
879| n: v:
… while calling the 'mapAttrs' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/types.nix:878:25:
877| headError = checkDefsForError check loc defs;
878| value = mapAttrs (
| ^
879| n: v:
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/types.nix:872:21:
871| # Meaning it is less lazy
872| filterAttrs (n: v: v.optionalValue ? value) (
| ^
873| zipAttrsWith (name: defs: mergeDefinitions (loc ++ [ name ]) elemType defs) (pushPositions defs)
… while calling 'filterAttrs'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:663:23:
662| */
663| filterAttrs = pred: set: removeAttrs set (filter (name: !pred name set.${name}) (attrNames set));
| ^
664|
… while calling the 'removeAttrs' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:663:28:
662| */
663| filterAttrs = pred: set: removeAttrs set (filter (name: !pred name set.${name}) (attrNames set));
| ^
664|
… while calling the 'filter' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:663:45:
662| */
663| filterAttrs = pred: set: removeAttrs set (filter (name: !pred name set.${name}) (attrNames set));
| ^
664|
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:663:53:
662| */
663| filterAttrs = pred: set: removeAttrs set (filter (name: !pred name set.${name}) (attrNames set));
| ^
664|
… in the argument of the not operator
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:663:60:
662| */
663| filterAttrs = pred: set: removeAttrs set (filter (name: !pred name set.${name}) (attrNames set));
| ^
664|
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:663:60:
662| */
663| filterAttrs = pred: set: removeAttrs set (filter (name: !pred name set.${name}) (attrNames set));
| ^
664|
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/types.nix:872:37:
871| # Meaning it is less lazy
872| filterAttrs (n: v: v.optionalValue ? value) (
| ^
873| zipAttrsWith (name: defs: mergeDefinitions (loc ++ [ name ]) elemType defs) (pushPositions defs)
… while evaluating the attribute 'optionalValue'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1256:5:
1255|
1256| optionalValue = if isDefined then { value = mergedValue; } else { };
| ^
1257| };
… while evaluating a branch condition
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1256:21:
1255|
1256| optionalValue = if isDefined then { value = mergedValue; } else { };
| ^
1257| };
(8 duplicate frames omitted)
… while evaluating definitions from `/nix/store/s7l9ap273g9f7jkci4i2m6mi87lax03b-source/nixos':
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1171:80:
1170| }
1171| ) (addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
| ^
1172| ) defs;
… while calling 'dischargeProperties'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1311:5:
1310| dischargeProperties =
1311| def:
| ^
1312| if def._type or "" == "merge" then
… while evaluating a branch condition
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1312:5:
1311| def:
1312| if def._type or "" == "merge" then
| ^
1313| concatMap dischargeProperties def.contents
… while evaluating the attribute 'value'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/types.nix:819:15:
818| inherit (def) file;
819| value = v;
| ^
820| }) def.value
… while calling the 'getAttr' builtin
at <nix/derivation-internal.nix>:50:17:
49| value = commonAttrs // {
50| outPath = builtins.getAttr outputName strict;
| ^
51| drvPath = strict.drvPath;
… while calling the 'derivationStrict' builtin
at <nix/derivation-internal.nix>:37:12:
36|
37| strict = derivationStrict drvAttrs;
| ^
38|
… while evaluating derivation 'home-manager-generation'
whose name attribute is located at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/stdenv/generic/make-derivation.nix:541:13
… while evaluating attribute 'buildCommand' of derivation 'home-manager-generation'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/trivial-builders/default.nix:80:17:
79| enableParallelBuilding = true;
80| inherit buildCommand name;
| ^
81| passAsFile = [ "buildCommand" ] ++ (derivationArgs.passAsFile or [ ]);
… while calling the 'getAttr' builtin
at <nix/derivation-internal.nix>:50:17:
49| value = commonAttrs // {
50| outPath = builtins.getAttr outputName strict;
| ^
51| drvPath = strict.drvPath;
… while calling the 'derivationStrict' builtin
at <nix/derivation-internal.nix>:37:12:
36|
37| strict = derivationStrict drvAttrs;
| ^
38|
… while evaluating derivation 'activation-script'
whose name attribute is located at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/stdenv/generic/make-derivation.nix:541:13
… while evaluating attribute 'text' of derivation 'activation-script'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/trivial-builders/default.nix:129:13:
128| inherit
129| text
| ^
130| executable
… while calling the 'concatStringsSep' builtin
at /nix/store/s7l9ap273g9f7jkci4i2m6mi87lax03b-source/modules/home-environment.nix:756:13:
755| if sortedCommands ? result then
756| lib.concatStringsSep "\n" (map mkCmd sortedCommands.result)
| ^
757| else
… while calling 'mkCmd'
at /nix/store/s7l9ap273g9f7jkci4i2m6mi87lax03b-source/modules/home-environment.nix:749:17:
748| let
749| mkCmd = res: ''
| ^
750| _iNote "Activating %s" "${res.name}"
… while evaluating the attribute 'data'
at /nix/store/s7l9ap273g9f7jkci4i2m6mi87lax03b-source/modules/lib/dag.nix:100:45:
99| {
100| result = map (v: { inherit (v) name data; }) sorted.result;
| ^
101| }
… while evaluating the attribute 'data'
at /nix/store/s7l9ap273g9f7jkci4i2m6mi87lax03b-source/modules/lib/dag.nix:92:9:
91| name = n;
92| data = v.data;
| ^
93| after = v.after ++ dagBefore dag n;
… from call site
at /nix/store/s7l9ap273g9f7jkci4i2m6mi87lax03b-source/modules/lib/dag.nix:92:16:
91| name = n;
92| data = v.data;
| ^
93| after = v.after ++ dagBefore dag n;
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:1188:17:
1187| mapAttrs (
1188| name: value:
| ^
1189| if isAttrs value && cond value then recurse (path ++ [ name ]) value else f (path ++ [ name ]) value
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/attrsets.nix:1189:85:
1188| name: value:
1189| if isAttrs value && cond value then recurse (path ++ [ name ]) value else f (path ++ [ name ]) value
| ^
1190| );
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:275:71:
274| # For definitions that have an associated option
275| declaredConfig = mapAttrsRecursiveCond (v: !isOption v) (_: v: v.value) options;
| ^
276|
… while evaluating the attribute 'value'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/modules.nix:1118:7:
1117| // {
1118| value = addErrorContext "while evaluating the option `${showOption loc}':" value;
| ^
1119| inherit (res.defsFinal') highestPrio;
… while evaluating the option `home-manager.users.me.home.activation.installPackages.data':
(10 duplicate frames omitted)
… while evaluating definitions from `/nix/store/s7l9ap273g9f7jkci4i2m6mi87lax03b-source/modules/home-environment.nix':
(6 duplicate frames omitted)
… while evaluating derivation 'home-manager-path'
whose name attribute is located at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/stdenv/generic/make-derivation.nix:541:13
… while evaluating attribute 'passAsFile' of derivation 'home-manager-path'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/trivial-builders/default.nix:81:9:
80| inherit buildCommand name;
81| passAsFile = [ "buildCommand" ] ++ (derivationArgs.passAsFile or [ ]);
| ^
82| }
… while evaluating the attribute 'passAsFile'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/buildenv/default.nix:114:9:
113| # XXX: The size is somewhat arbitrary
114| passAsFile = if builtins.stringLength pkgs >= 128 * 1024 then [ "pkgs" ] else [ ];
| ^
115| }
… while evaluating a branch condition
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/buildenv/default.nix:114:22:
113| # XXX: The size is somewhat arbitrary
114| passAsFile = if builtins.stringLength pkgs >= 128 * 1024 then [ "pkgs" ] else [ ];
| ^
115| }
… in the argument of the not operator
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/buildenv/default.nix:114:52:
113| # XXX: The size is somewhat arbitrary
114| passAsFile = if builtins.stringLength pkgs >= 128 * 1024 then [ "pkgs" ] else [ ];
| ^
115| }
… while calling the 'lessThan' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/buildenv/default.nix:114:52:
113| # XXX: The size is somewhat arbitrary
114| passAsFile = if builtins.stringLength pkgs >= 128 * 1024 then [ "pkgs" ] else [ ];
| ^
115| }
… while calling the 'stringLength' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/buildenv/default.nix:114:25:
113| # XXX: The size is somewhat arbitrary
114| passAsFile = if builtins.stringLength pkgs >= 128 * 1024 then [ "pkgs" ] else [ ];
| ^
115| }
… while calling the 'toJSON' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/buildenv/default.nix:109:16:
108| pathsToLinkJSON = builtins.toJSON pathsToLink;
109| pkgs = builtins.toJSON chosenOutputs;
| ^
110| extraPathsFrom = lib.optional includeClosures (writeClosure pathsForClosure);
… while evaluating list element at index 34
… while evaluating attribute 'paths'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/buildenv/default.nix:68:7:
67| chosenOutputs = map (drv: {
68| paths =
| ^
69| # First add the usual output(s): respect if user has chosen explicitly,
… while evaluating list element at index 0
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/buildenv/default.nix:68:7:
67| chosenOutputs = map (drv: {
68| paths =
| ^
69| # First add the usual output(s): respect if user has chosen explicitly,
… while calling the 'getAttr' builtin
at <nix/derivation-internal.nix>:50:17:
49| value = commonAttrs // {
50| outPath = builtins.getAttr outputName strict;
| ^
51| drvPath = strict.drvPath;
… while calling the 'derivationStrict' builtin
at <nix/derivation-internal.nix>:37:12:
36|
37| strict = derivationStrict drvAttrs;
| ^
38|
… while evaluating derivation 'python3-3.10.19-env'
whose name attribute is located at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/stdenv/generic/make-derivation.nix:541:13
… while evaluating attribute 'passAsFile' of derivation 'python3-3.10.19-env'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/trivial-builders/default.nix:81:9:
80| inherit buildCommand name;
81| passAsFile = [ "buildCommand" ] ++ (derivationArgs.passAsFile or [ ]);
| ^
82| }
(6 duplicate frames omitted)
… while calling the 'map' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/build-support/buildenv/default.nix:67:21:
66| let
67| chosenOutputs = map (drv: {
| ^
68| paths =
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/development/interpreters/python/wrapper.nix:26:15:
25| let
26| paths = requiredPythonModules (extraLibs ++ [ python ]) ++ [
| ^
27| (runCommand "bin" { } ''
… while calling 'requiredPythonModules'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/development/interpreters/python/python-packages-base.nix:94:5:
93| requiredPythonModules =
94| drvs:
| ^
95| let
… while calling the 'foldl'' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/development/interpreters/python/python-packages-base.nix:98:5:
97| in
98| lib.unique (
| ^
99| [ python ] ++ modules ++ lib.concatLists (lib.catAttrs "requiredPythonModules" modules)
… while calling the 'concatLists' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/development/interpreters/python/python-packages-base.nix:99:32:
98| lib.unique (
99| [ python ] ++ modules ++ lib.concatLists (lib.catAttrs "requiredPythonModules" modules)
| ^
100| );
… while calculating requiredPythonModules for python3.10-pandas-2.3.1:
… from call site
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/development/interpreters/python/python-packages-base.nix:121:11:
120| requiredPythonModules = builtins.addErrorContext "while calculating requiredPythonModules for ${drv.name or drv.pname}:" (
121| requiredPythonModules drv.propagatedBuildInputs
| ^
122| );
… while calling 'requiredPythonModules'
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/development/interpreters/python/python-packages-base.nix:94:5:
93| requiredPythonModules =
94| drvs:
| ^
95| let
… while calling the 'foldl'' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/development/interpreters/python/python-packages-base.nix:98:5:
97| in
98| lib.unique (
| ^
99| [ python ] ++ modules ++ lib.concatLists (lib.catAttrs "requiredPythonModules" modules)
… while calling anonymous lambda
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/lists.nix:1857:25:
1856| */
1857| unique = foldl' (acc: e: if elem e acc then acc else acc ++ [ e ]) [ ];
| ^
1858|
… while evaluating a branch condition
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/lists.nix:1857:28:
1856| */
1857| unique = foldl' (acc: e: if elem e acc then acc else acc ++ [ e ]) [ ];
| ^
1858|
… while calling the 'elem' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/lists.nix:1857:31:
1856| */
1857| unique = foldl' (acc: e: if elem e acc then acc else acc ++ [ e ]) [ ];
| ^
1858|
… in the condition of the assert statement
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/lib/customisation.nix:412:15:
411| outPath =
412| assert condition;
| ^
413| drv.${outputName}.outPath;
… in the right operand of the IMPL (->) operator
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/development/interpreters/python/mk-python-derivation.nix:464:11:
463| drv.disabled
464| -> throw "${removePrefix namePrefix drv.name} not supported for interpreter ${python.executable}"
| ^
465| ) { } drv
… while calling the 'throw' builtin
at /nix/store/ql735ybqjzwjdsjhywplx17cfvq9s1fm-source/pkgs/development/interpreters/python/mk-python-derivation.nix:464:14:
463| drv.disabled
464| -> throw "${removePrefix namePrefix drv.name} not supported for interpreter ${python.executable}"
| ^
465| ) { } drv
error: numpy-2.3.4 not supported for interpreter python3.10

6
misc/my-hosts
View File

@@ -1,5 +1,3 @@
192.168.122.194 uwu
192.168.122.126 lako
127.0.0.1 localhost
100.70.54.18 obsidian.c2vi.dev
192.168.1.2 mc.ppc.social
192.168.3.1 gw.c2vi.dev

1
misc/my-hosts-h
View File

@@ -1,4 +1,5 @@
192.168.1.6 hpm
192.168.1.4 fe
192.168.1.2 fusu
192.168.1.2 files
192.168.1.5 acern

3
misc/my-hosts-me
View File

@@ -1,3 +0,0 @@
10.1.1.3 phone
10.1.1.11 main

14
misc/my-hosts-t Normal file
View File

@@ -0,0 +1,14 @@
100.71.47.106 main
100.77.80.77 phone
100.70.54.18 fusu
100.70.54.18 files
100.81.207.107 lush
100.76.146.119 tab
100.70.39.65 waydroid
100.107.67.76 te
100.100.55.117 mac
100.96.201.42 ki
100.107.101.77 fe
100.107.101.77 fesu
100.93.225.52 fasu
100.91.200.82 fwin

2
mods/eGTouch-driver/module.nix Normal file
View File

@@ -0,0 +1,2 @@
{ pkgs, ... }: {
}

52
mods/eGTouch-driver/pkg.nix Normal file
View File

@@ -0,0 +1,52 @@
{ stdenv
, fetchurl
, p7zip
# wether to build the version to be used with Xorg or not Xorg (eg wayland)
, forXorg ? false
, ...
}: let
nameExtension = (
if stdenv.isx86_64 or stdenv.isx86_32
then "x"
else if stdenv.isAarch64 or stdenv.isAarch32 or stdenv.isMips
then "ma"
else builtins.throw "unsupported system" ""
);
fileName = "eGTouch_v2.5.13219.L-${nameExtension}";
pathArch =
if stdenv.isAarch64 then "eGTouchAARCH64"
else builtins.throw "unsupported arch..." "";
pathBackend =
if forXorg then "${pathArch}withX"
else "${pathArch}nonX";
in stdenv.mkDerivation rec {
version = "2.5";
pname = "eGTouch";
nativeBuildInputs = [
p7zip # to unpack the src
];
# there are seperate tarballs... one for x86 and one for arm andmips
src = fetchurl {
url = "https://www.eeti.com/touch_driver/Linux/20240510/${fileName}.7z";
hash =
if nameExtension == "x"
then "sha256-zZlM4finrnvtxBmqKm4Sl0zQeFz/7yCTuTjXEwmolVI="
else "";
};
unpackPhase = ''
7z x $src
'';
installPhase = ''
mkdir -p $out/bin
cp ./${fileName}/${pathArch}/${pathBackend}/eGTouch $out/bin
'';
}

78
mods/fesu-hosting-base.nix Normal file
View File

@@ -0,0 +1,78 @@
{ lib, pkgs, ... }:
{
nix.settings = {
experimental-features = lib.mkDefault "nix-command flakes";
trusted-users = [ "root" "@wheel" ];
};
nixpkgs.config.allowUnfree = true;
boot.tmp.useTmpfs = true;
virtualisation.docker.enable = true;
programs.bash.shellInit = ''
cd /root/host
export HISTFILE=$HOME/host/bash_history
export HISTSIZE=10000
'';
environment.systemPackages = with pkgs; [
vim
wget
# required for ppc wiki publish.sh
git
rsync
nodejs
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAgNB1nsKZ5KXnmR6KWjQLfwhFKDispw24o8M7g/nbR me@bitwarden"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/mCDzCBE2J1jGnEhhtttIRMKkXMi1pKCAEkxu+FAim me@main"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGw5kYmBQl8oolNg2VUlptvvSrFSESfeuWpsXRovny0x me@phone"
];
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "yes";
settings.X11Forwarding = true;
extraConfig = ''
X11UseLocalhost no
'';
};
/*
system.activationScripts.addDefaultRoute = {
text = ''
ip route add default via dev eth0
'';
};
*/
networking = {
defaultGateway = "192.168.1.4";
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
#useNetworkd = true;
/*
interfaces.eth0.ipv4.routes = [
{
via = "192.168.101.1";
address = "default";
prefixLength = 24;
}
];
*/
};
services.resolved.enable = true;
networking.firewall.enable = false;
#systemd.network.enable = true;
system.stateVersion = "24.11";
}

443
mods/fesu-services.nix Normal file
View File

@@ -0,0 +1,443 @@
{ pkgs, dataDir, config, inputs, system, lib, secretsDir, ... }:
/*
## ports
- 49001 ssh me-hosting
- 49002 ssh ppc-hosting
- 49003 ssh pcmc
- 49004 ssh fe
- 49101 mc first
- 49102 mc first voice
- 49103 mc nonstop
- 49104 mc nonstop voice
- 49105 mc lage0
- 49106 mc lage0 voice
- 49107 mc lobby
- 49108 mc lobby voice
- 49109 mc compass
- 49110 mc compass voice
- 49111 mc second
- 49112 mc second voice
- 49113 mc second bedrock
- 49114 mc lobby bedrock
- me hosting ports
- 8000 wiki site
- 8001 lage0 site
- 8002 plausible site
- 8003 ppc-site
- 8004 instant db
- 8005 instant webui
- ppc hosting ports
- 8000 dav
- 8001 affine
- 8002 git
- 8003 git ssh
## hosting container ips (on the interface br-proxy
- fusu 192.168.1.2
- me-hosting 192.168.1.20
- ppc-hosting 192.168.1.21
- pcmc 192.168.1.23
*/
let
/**
thanks: @melektron
This builder creates a small shell script that wraps arion to specify
it to operate on a specific registered arion service identified by `srv_name`.
This can be used to manage the docker-compose functionality of an arion service
that is defined in the NixOS system, independently from the systemctl service that
starts it. If you start/stop compose projects using this, you should first stop
the systemctl service.
*/
createArionServiceManager = srv_name: setup: (
pkgs.writeShellScriptBin "manage-arion-${srv_name}" ''
echo operating on: ${config.virtualisation.arion.projects."${srv_name}".settings.out.dockerComposeYaml}
${setup}
${pkgs.lib.getExe inputs.arion.packages."${system}".arion} --prebuilt-file ${config.virtualisation.arion.projects."${srv_name}".settings.out.dockerComposeYaml} $@
''
);
basicTraefikSettingAttrs = configs: extraRouters: extraServices: let
tmp = map (val: basicTraefikSetting val) configs;
routerList = map (val: val.routers) tmp;
serviceList = map (val: val.services) tmp;
routers = lib.attrsets.mergeAttrsList (routerList ++ extraRouters);
services = lib.attrsets.mergeAttrsList (serviceList ++ extraServices);
in { inherit routers services; };
basicTraefikSetting = { name, domain, host, port }: let
host_ip =
if host == "me-hosting" then "192.168.1.20"
else if host == "pcmc" then "192.168.1.23"
else if host == "ppc-hosting" then "192.168.1.21"
else if host == "fesu" then "192.168.1.4"
else host;
in {
impotrs = [
"${inputs.hetzner_ddns}/release/nixos_module.nix"
];
routers.${name} = {
rule = "Host(`${domain}`)";
service = name;
tls = {
certResolver = "LE";
domains = [
{ main = domain; }
];
};
};
services.${name}.loadBalancer.servers = [
{ url = "http://${host_ip}:${builtins.toString port}"; }
];
};
in {
imports = [
"${inputs.hetzner_ddns}/release/NixOS/nixos_module.nix"
];
environment.systemPackages = [
pkgs.arion
# Do install the docker CLI to talk to podman.
# Not needed when virtualisation.docker.enable = true;
pkgs.docker-client
# add all the service managers
];
############################ virtualisation #########################
# Arion works with Docker, but for NixOS-based containers, you need Podman
# since NixOS 21.05.
virtualisation.docker.enable = false;
virtualisation.podman.enable = true;
virtualisation.podman.dockerSocket.enable = true;
virtualisation.libvirtd.enable = true;
virtualisation.arion = {
backend = "podman-socket";
};
users.extraUsers.me.extraGroups = ["podman"];
# incus
virtualisation.incus.enable = true;
users.users.me.extraGroups = [
"incus-admin"
];
networking.nftables.enable = true;
############################ networking #########################
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = true;
};
############################ dyndns #########################
systemd.services.hetzner_ddns.serviceConfig = {
User = "me";
Group = "users";
};
services.hetzner_ddns = {
protections = false;
enable = true;
api_key_file = "/home/me/secrets/hetzner_ddns_key";
zones = [
{
domain = "c2vi.dev";
records = [
{
name = "home";
type = "A";
}
];
}
{
domain = "ppc.social";
records = [
{
name = "@";
type = "A";
}
];
}
];
};
############################ containers #########################
# me-hosting container
containers.me-hosting = {
autoStart = true;
privateNetwork = true;
privateUsers = "pick";
#hostAddress = "192.168.100.10";
hostBridge = "br0";
#localAddress = "192.168.100.11";
localAddress = "192.168.1.20/24";
extraFlags = [ "--system-call-filter=@keyring" ];
allowedDevices = [
{
modifier = "rwm";
node = "/dev/net/tun";
}
{
modifier = "rwm";
node = "/dev/fuse";
}
];
bindMounts."data-dir" = {
mountPoint = "/root/host:idmap";
hostPath = "${dataDir}/me-hosting";
isReadOnly = false;
};
# see: https://github.com/systemd/systemd/issues/27994
bindMounts."/run/sys" = {
hostPath = "/sys";
isReadOnly = false;
};
forwardPorts = [
{
hostPort = 49001;
containerPort = 22;
protocol = "tcp";
}
];
config = { config, pkgs, lib, ... }: {
imports = [
./fesu-hosting-base.nix
];
};
};
# ppc-hosting container
containers.ppc-hosting = {
autoStart = true;
privateNetwork = true;
privateUsers = "pick";
#hostAddress = "192.168.100.12";
hostBridge = "br0";
#localAddress = "192.168.100.13";
localAddress = "192.168.1.21/24";
extraFlags = [ "--system-call-filter=@keyring" ];
allowedDevices = [
{
modifier = "rwm";
node = "/dev/net/tun";
}
{
modifier = "rwm";
node = "/dev/fuse";
}
];
bindMounts."data-dir" = {
mountPoint = "/root/host:idmap";
hostPath = "${dataDir}/ppc-hosting";
isReadOnly = false;
};
# see: https://github.com/systemd/systemd/issues/27994
bindMounts."/run/sys" = {
hostPath = "/sys";
isReadOnly = false;
};
forwardPorts = [
{
hostPort = 49002;
containerPort = 22;
protocol = "tcp";
}
];
config = { config, pkgs, lib, ... }: {
imports = [
./fesu-hosting-base.nix
];
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuH2ilZeIQrr9wYtBtQyRD5oaVkuLImjm9EIGfn+wqw" # Mr3DAlien
];
};
};
};
# pcmc container
containers.pcmc = {
autoStart = true;
privateNetwork = true;
privateUsers = "pick";
#hostAddress = "192.168.100.14";
hostBridge = "br0";
#localAddress = "192.168.100.15";
localAddress = "192.168.1.23/24";
extraFlags = [ "--system-call-filter=@keyring" ];
allowedDevices = [
{
modifier = "rwm";
node = "/dev/net/tun";
}
{
modifier = "rwm";
node = "/dev/fuse";
}
];
bindMounts."data-dir" = {
mountPoint = "/root/host:idmap";
hostPath = "${dataDir}/pcmc";
isReadOnly = false;
};
# see: https://github.com/systemd/systemd/issues/27994
bindMounts."/run/sys" = {
hostPath = "/sys";
isReadOnly = false;
};
forwardPorts = [
{ # ssh port
hostPort = 49003;
containerPort = 22;
protocol = "tcp";
}
]
++ # add all mc server ports as tcp
(map (port: {
hostPort = port;
containerPort = port;
protocol = "tcp";
}) (lib.range 49100 49200))
++ # add all mc server ports as udp
(map (port: {
hostPort = port;
containerPort = port;
protocol = "udp";
}) (lib.range 49100 49200))
;
config = { config, pkgs, lib, ... }: {
imports = [
./fesu-hosting-base.nix
];
};
};
############################ compass app #########################
systemd.services.compass = {
enable = true;
description = "Compass Bot Deployment";
unitConfig = {
Type = "simple";
};
serviceConfig = {
User = "server";
Group = "server";
Restart = "always";
RestartSec = "500s";
ExecStart = "${lib.getExe inputs.compass.packages.${system}.default} --data ${dataDir}/compass --config ${dataDir}/compass/config.json --db ${dataDir}/compass/compass.db --settings ${dataDir}/compass/settings.json";
};
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
};
############################ traefik #########################
services.traefik = {
enable = true;
#dataDir = "${dataDir}/traefik";
staticConfigOptions = {
entryPoints = {
web = {
address = ":80";
asDefault = true;
http.redirections.entrypoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {
address = ":443";
asDefault = true;
http.tls.certResolver = "LE";
};
};
log = {
level = "TRACE";
#filePath = "${config.services.traefik.dataDir}/traefik.log";
#format = "json";
};
certificatesResolvers.LE.acme = {
email = "c2vi.dev@gmail.com";
storage = "${config.services.traefik.dataDir}/acme.json";
httpChallenge.entryPoint = "web";
};
api.dashboard = true;
api.insecure = true;
};
dynamicConfigOptions = {
http = (basicTraefikSettingAttrs
# basic configs
[
{ name = "wiki-site"; domain = "wiki.ppc.social"; host = "me-hosting"; port = 8000; }
{ name = "lage0-site"; domain = "lage0.c2vi.dev"; host = "me-hosting"; port = 8001; }
{ name = "plausible"; domain = "plausible.c2vi.dev"; host = "me-hosting"; port = 8002; }
{ name = "ppc-site"; domain = "ppc.social"; host = "me-hosting"; port = 8003; }
{ name = "compass-site"; domain = "compass.ppc.social"; host = "fesu"; port = 3000; }
{ name = "dav"; domain = "dav.ppc.social"; host = "ppc-hosting"; port = 8000; }
{ name = "instant"; domain = "instant.ppc.social"; host = "me-hosting"; port = 8004; }
{ name = "instant-backend"; domain = "instant-backend.ppc.social"; host = "me-hosting"; port = 8005; }
{ name = "isotoke-website"; domain = "isotoke.ppc.social"; host = "192.168.1.26"; port = 80; }
{ name = "affine"; domain = "affine.ppc.social"; host = "ppc-hosting"; port = 8001; }
{ name = "gitea"; domain = "git.ppc.social"; host = "ppc-hosting"; port = 8002; }
]
# extraRouters (full configs)
[
]
# extraServices (full configs)
[
]);
};
};
}

48
mods/fusu-services.nix Normal file
View File

@@ -0,0 +1,48 @@
{ pkgs, dataDir, config, inputs, system, ... }: let
/**
thanks: @melektron
This builder creates a small shell script that wraps arion to specify
it to operate on a specific registered arion service identified by `srv_name`.
This can be used to manage the docker-compose functionality of an arion service
that is defined in the NixOS system, independently from the systemctl service that
starts it. If you start/stop compose projects using this, you should first stop
the systemctl service.
*/
createArionServiceManager = srv_name: setup: (
pkgs.writeShellScriptBin "manage-arion-${srv_name}" ''
echo operating on: ${config.virtualisation.arion.projects."${srv_name}".settings.out.dockerComposeYaml}
${setup}
${pkgs.lib.getExe inputs.arion.packages."${system}".arion} --prebuilt-file ${config.virtualisation.arion.projects."${srv_name}".settings.out.dockerComposeYaml} $@
''
);
in {
environment.systemPackages = [
pkgs.arion
# Do install the docker CLI to talk to podman.
# Not needed when virtualisation.docker.enable = true;
pkgs.docker-client
# add all the service managers
];
# Arion works with Docker, but for NixOS-based containers, you need Podman
# since NixOS 21.05.
virtualisation.docker.enable = false;
virtualisation.podman.enable = true;
virtualisation.podman.dockerSocket.enable = true;
users.extraUsers.me.extraGroups = ["podman"];
virtualisation.arion = {
backend = "podman-socket";
};
}

105
mods/le-disk-setup.nix Normal file
View File

@@ -0,0 +1,105 @@
# future setup of using disko to format my raspi sd-card
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image.nix"
"${inputs.nixpkgs}/nixos/modules/profiles/base.nix"
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.consoleLogLevel = lib.mkDefault 7;
# The serial ports listed here are:
# - ttyS0: for Tegra (Jetson TX1)
# - ttyAMA0: for QEMU's -machine virt
boot.kernelParams = [
"console=ttyS0,115200n8"
"console=ttyAMA0,115200n8"
"console=tty0"
];
sdImage = {
populateFirmwareCommands =
let
configTxt = pkgs.writeText "config.txt" ''
[pi3]
kernel=u-boot-rpi3.bin
# Otherwise the serial output will be garbled.
core_freq=250
[pi02]
kernel=u-boot-rpi3.bin
[pi4]
kernel=u-boot-rpi4.bin
enable_gic=1
armstub=armstub8-gic.bin
# Otherwise the resolution will be weird in most cases, compared to
# what the pi3 firmware does by default.
disable_overscan=1
# Supported in newer board revisions
arm_boost=1
[cm4]
# Enable host mode on the 2711 built-in XHCI USB controller.
# This line should be removed if the legacy DWC2 controller is required
# (e.g. for USB device mode) or if USB support is not required.
otg_mode=1
[all]
# Boot in 64-bit mode.
arm_64bit=1
# U-Boot needs this to work, regardless of whether UART is actually used or not.
# Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
# a requirement in the future.
enable_uart=1
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
'';
in
''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
# Add the config
cp ${configTxt} firmware/config.txt
# Add pi3 specific files
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-2-b.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-3-b.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-3-b-plus.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-cm3.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-zero-2.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-zero-2-w.dtb firmware/
# Add pi4 specific files
cp ${pkgs.ubootRaspberryPi4_64bit}/u-boot.bin firmware/u-boot-rpi4.bin
cp ${pkgs.raspberrypi-armstubs}/armstub8-gic.bin firmware/armstub8-gic.bin
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-4-b.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-400.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4s.dtb firmware/
'';
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}

28
mods/nix-on-droid-base-module.nix Normal file
View File

@@ -0,0 +1,28 @@
{ ... }: {
services.openssh = {
enable = true;
allowSFTP = true;
extraConfig = ''
X11UseLocalhost no
PasswordAuthentication no
KbdInteractiveAuthentication no
PermitRootLogin no
X11Forwarding yes
'';
};
home-manager.useUserPackages = false;
home-manager.config = {
home.stateVersion = "23.05";
home.file.".ssh/authorized_keys".text = ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAgNB1nsKZ5KXnmR6KWjQLfwhFKDispw24o8M7g/nbR me@bitwarden
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/mCDzCBE2J1jGnEhhtttIRMKkXMi1pKCAEkxu+FAim me@main
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGw5kYmBQl8oolNg2VUlptvvSrFSESfeuWpsXRovny0x me@phone
'';
};
}

83
mods/nix-on-droid-pkgs.nix Normal file
View File

@@ -0,0 +1,83 @@
# Copyright (c) 2019-2024, see AUTHORS. Licensed under MIT License, see LICENSE.
# copied from: https://github.com/nix-community/nix-on-droid/blob/1c306c07b3e99ab79b967ead32f9af7b8672a7ef/pkgs/default.nix
{ nixpkgs
, system # system to compile for, user-facing name of targetSystem
, _nativeSystem ? null # system to cross-compile from, see flake.nix
, nixOnDroidChannelURL ? null
, nixpkgsChannelURL ? null
, nixOnDroidFlakeURL ? null
, nix-on-droid-flake
, home-manager-flake
}:
let
nativeSystem = if _nativeSystem == null then system else _nativeSystem;
nixDirectory = callPackage "${nix-on-droid-flake}/pkgs/nix-directory.nix" { inherit system; };
initialPackageInfo = import "${nixDirectory}/nix-support/package-info.nix";
pkgs = import nixpkgs { system = nativeSystem; };
urlOptionValue = url: envVar:
let
envValue = builtins.getEnv envVar;
in
pkgs.lib.mkIf
(envValue != "" || url != null)
(if url == null then envValue else url);
modules = import "${nix-on-droid-flake}/modules" {
inherit pkgs;
targetSystem = system;
home-manager-path = home-manager-flake;
isFlake = true;
config = {
imports = [
"${nix-on-droid-flake}/modules/build/initial-build.nix"
./nix-on-droid-base-module.nix
];
_module.args = {
inherit initialPackageInfo;
pkgs = pkgs.lib.mkForce pkgs; # to override ./modules/nixpkgs/config.nix
};
system.stateVersion = "24.05";
# Fix invoking bash after initial build.
user.shell = "${initialPackageInfo.bash}/bin/bash";
build = {
channel = {
nixpkgs = urlOptionValue nixpkgsChannelURL "NIXPKGS_CHANNEL_URL";
nix-on-droid = urlOptionValue nixOnDroidChannelURL "NIX_ON_DROID_CHANNEL_URL";
};
flake.nix-on-droid = urlOptionValue nixOnDroidFlakeURL "NIX_ON_DROID_FLAKE_URL";
};
};
};
callPackage = pkgs.lib.callPackageWith (
pkgs // customPkgs // {
inherit (modules) config;
inherit callPackage nixpkgs nixDirectory initialPackageInfo;
targetSystem = system;
}
);
customPkgs = {
bootstrap = callPackage "${nix-on-droid-flake}/pkgs/bootstrap.nix" { };
bootstrapZip = callPackage "${nix-on-droid-flake}/pkgs/bootstrap-zip.nix" { };
prootTermux = callPackage "${nix-on-droid-flake}/pkgs/cross-compiling/proot-termux.nix" { };
tallocStatic = callPackage "${nix-on-droid-flake}/pkgs/cross-compiling/talloc-static.nix" { };
};
in
{
inherit (modules) config;
inherit customPkgs;
}

2
mods/nurPkgs/vcs-cli-utils.nix
View File

@@ -14,7 +14,7 @@ rustPlatform.buildRustPackage rec {
sha256 = "sha256-vRqYQd5OaYXAc74Jlg8twBGDr9YxP+Mk1ZY9JGJTmvc=";
};
cargoHash = "sha256-xz+pi6awwDeiISGqJs5DxqFdryc5mY8wMuds1ZXRr1Q=";
cargoHash = "sha256-RoDXIPCjygdmG9dfDMtKiSdj2rgDAfxkKUXkIUAWotI=";
meta = with lib; {
description = "Command line utilities for the Simple Voice Chat Minecraft Mod";

8
mybin/ru
View File

@@ -21,6 +21,10 @@ elif [ "$1" == "du" ]
then
du -d 1 -h $2 | sort -h -r
elif [ "$1" == "g" ]
then
ping 1.1.1.1
@@ -162,9 +166,7 @@ sudo systemctl hibernate
elif [ "$1" == "suspend" ]
then
sudo systemctl suspend-then-hibernate
sudo systemctl suspend
fi

2
nur.nix
View File

@@ -14,6 +14,8 @@ in pkgs.lib.attrsets.genAttrs names (name: (pkgs.callPackage "${pwd}/mods/nurPkg
imap-backup = pkgs.callPackage ./mods/imap-backup/package.nix {};
eGTouch = pkgs.callPackage ./mods/eGTouch-driver/pkg.nix {};
/* fails for nur evaluations
iio-hyprland = let
repo = pkgs.fetchFromGitHub {

22
overlays/patches/affin-edgeless-right-click-drag.patch Normal file
View File

@@ -0,0 +1,22 @@
diff --git a/blocksuite/affine/gfx/pointer/src/tools/pan-tool.ts b/blocksuite/affine/gfx/pointer/src/tools/pan-tool.ts
index c1abe0aea..b86367ca5 100644
--- a/blocksuite/affine/gfx/pointer/src/tools/pan-tool.ts
+++ b/blocksuite/affine/gfx/pointer/src/tools/pan-tool.ts
@@ -54,7 +54,7 @@ export class PanTool extends BaseTool<PanToolOption> {
override mounted(): void {
this.addHook('pointerDown', evt => {
- const shouldPanWithMiddle = evt.raw.button === MouseButton.MIDDLE;
+ const shouldPanWithMiddle = evt.raw.button === MouseButton.SECONDARY;
if (!shouldPanWithMiddle) {
return;
@@ -111,7 +111,7 @@ export class PanTool extends BaseTool<PanToolOption> {
});
const dispose = on(document, 'pointerup', evt => {
- if (evt.button === MouseButton.MIDDLE) {
+ if (evt.button === MouseButton.SECONDARY) {
restoreToPrevious();
}
dispose();

50
programs/bash.nix
View File

@@ -1,4 +1,4 @@
{ secretsDir, confDir, hostname, self, pkgs, config, system, inputs, workDir, ... }:
{ lib, secretsDir, confDir, hostname, self, pkgs, config, system, workDir, ... }:
{
programs.bash = {
@@ -21,7 +21,6 @@
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
"checkwinsize"
# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
"globstar"
@@ -34,18 +33,22 @@
# is needed to that ssh works
# TERM = "xterm";
# my prompt
PS1 = ''\[\033[01;34m\]\W\[\033[00m\]\[\033[01;32m\]\[\033[00m\] '';
TEST = "hiiiiiiiiiiiiiiiiiiiiiiiiiii";
};
shellAliases = {
archive-video = "${lib.getExe pkgs.yt-dlp} -f \"bv*+ba/b\" --merge-output-format mp4 --embed-thumbnail --write-thumbnail --convert-thumbnails png --add-metadata -o \"%(title)s.%(ext)s\"";
#zed="WAYLAND_DISPLAY= zeditor";
npm="pnpm";
md="~/work/modules/modules/dev/run";
mize="~/work/mize/mize";
m="~/work/mize/mize";
c2="~/work/c2-system/cli/target/debug/system-c2-cli";
ports = "${pkgs.lsof}/bin/lsof -i -P -n";
losetup = "${pkgs.util-linux}/bin/losetup";
u = "sudo umount ~/mnt";
@@ -63,7 +66,7 @@
shutdown = "echo try harder.... xD";
npw = "nmcli c up pw";
flex = "neofetch | lolcat";
kwoche = "curl https://kalenderwoche.celll.net/?api=1; echo";
kwoche = "curl -k https://kalenderwoche.celll.net/?api=1; echo";
psg = "ps -e | grep";
vilias = "nvim -c 'set syntax=bash' ${confDir}/common/programs/bash.nix";
stl = "sudo systemctl";
@@ -115,9 +118,16 @@
# my prompt
if [[ "${hostname}" == "main" ]]
then
export PS1="\[\033[01;34m\]\W\[\033[00m\]\[\033[01;32m\]\[\033[00m\] "
#export PS1="\[\033[01;34m\]\W\[\033[00m\]\[\033[01;32m\]\[\033[00m\] "
#export PS1="\[\033[01;34m\]\W\[\033[00m\]\[\033[01;32m\]\[\033[00m\] > "
# \n\[\033[1;34m\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\$\[\033[0m\]
#export PS1="\W > ";
export PS1="\[\033[01;34m\]\W\033[00m "
else
export PS1="\033[1;32m${hostname} \[\033[01;34m\]\W\[\033[00m\]\[\033[01;32m\]\[\033[00m\] "
#export PS1="\033[1;32m${hostname} \[\033[01;34m\]\W\[\033[00m\]\[\033[01;32m\]\[\033[00m\] "
export PS1="\033[1;32m${hostname}\[\033[01;34m\] \W\033[00m "
fi
@@ -135,31 +145,6 @@
function rp () {
host=$1
if [[ "$host" == "mosatop" ]]
then
xfreerdp /u:"c2vi" /v:mosatop /p:$(cat ${secretsDir}/mosatop-rdp-password) /dynamic-resolution +clipboard +auto-reconnect /wm-class:"Microsoft Windows"
elif [[ "$host" == "acern" ]]
then
xfreerdp /u:"seb" /v:acern /p:$(cat ${secretsDir}/acern-rdp-password) /dynamic-resolution +clipboard +auto-reconnect /wm-class:"Microsoft Windows"
elif [[ "$host" == "mwin" ]]
then
xfreerdp /u:"me" /v:mac:4400 /p:$(cat /home/me/secrets/win-vm-pwd) /dynamic-resolution +clipboard +auto-reconnect +home-drive /wm-class:"Microsoft Windows";
elif [[ "$host" == "win" ]]
then
xfreerdp /u:"me" /v:192.168.122.141 /p:$(cat /home/me/secrets/win-vm-pwd) /dynamic-resolution +clipboard +auto-reconnect +home-drive /wm-class:"Microsoft Windows";
fi
}
complete -W "mosatop acern" rp
# function to create a tmpdir, to use for some temporary work....
# made this, to not just keep cluttering my $HOME... with all kinds of projects
function mt () {
@@ -211,6 +196,7 @@
fi
}
tph(){
if [[ "$1" == "" ]]
then

15
programs/lf/default.nix
View File

@@ -13,10 +13,19 @@
cmakeFlags = prev.cmakeFlags or [] ++ [ "-DENABLE_SWAY=ON" ];
});
mylf = pkgs.lf.overrideAttrs (final: prev: {
oldpkgs = (builtins.getFlake "nixpkgs/release-25.05").legacyPackages.${system};
mylf = oldpkgs.lf.overrideAttrs (final: prev: {
patches = (prev.patches or [ ]) ++ [
./lf-filter.patch
];
/*
src = pkgs.fetchFromGitHub { # use the old v35 version of lf... so that my patch applies
owner = "gokcehan";
repo = "lf";
rev = "r35";
hash = "sha256-0ZyIbEKiQ9l30gqHlpW7l/6/TzqVRvnKk9c2FiQ6E6Y=";
};
*/
checkPhase = "";
});
@@ -52,7 +61,7 @@
exiftool # (metadata/audio, and file detection for .webm files)
jq # (json and metadata)
lynx # (html/web pages)
poppler_utils # pdftoppm # (pdf)
poppler-utils # pdftoppm # (pdf)
odt2txt # (odt)
imagemagick # convert from imagemagick (fonts)
atool # (archives)
@@ -105,7 +114,7 @@
enable = true;
commands = {
dragon-out = ''%${pkgs.xdragon}/bin/xdragon -a -x "$fx"'';
dragon-out = ''%${pkgs.dragon-drop}/bin/xdragon -a -x "$fx"'';
editor-open = ''$$EDITOR $f'';
mkdir = ''
''${{

23
programs/neovim.nix
View File

@@ -1,5 +1,9 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
ccls
];
programs.neovim = {
enable = true;
withPython3 = true;
@@ -25,6 +29,16 @@
"rust-analyzer.diagnostics.enable" = true;
"rust-analyzer.checkOnSave.enable" = false;
"languageserver" = {
"ccls" = {
"command" = "ccls";
"filetypes" = ["c" "cpp" "objc" "objcpp"];
"rootPatterns" = [".ccls" "compile_commands.json" ".vim/" ".git/" ".hg/"];
"initializationOptions" = {
"cache" = {
"directory" = "/tmp/ccls";
};
};
};
"slint" = {
"filetypes" = [ "slint" ];
"command" = "slint-lsp";
@@ -45,10 +59,11 @@
"filetypes" = [ "nix" ];
"rootPatterns" = [ "flake.nix" ];
};
"typst" = {
"command" = "${pkgs.typst-lsp}/bin/typst-lsp";
"filetypes" = [ "typ" "typst" ];
};
#"typst" = {
# error: 'typst-lsp' has been removed due to lack of upstream maintenance, consider using 'tinymist' instead
#"command" = "${pkgs.typst-lsp}/bin/typst-lsp";
#"filetypes" = [ "typ" "typst" ];
#};
};
"svelte.enable-ts-plugin" = true;
};

35
programs/ssh.nix
View File

@@ -40,6 +40,29 @@
port = 49388;
user = "server";
};
fwin = {
user = "me";
hostname = "fwin";
};
feh = {
user = "root";
hostname = "100.107.101.77";
port = 49001;
};
ppc-hosting = {
user = "root";
hostname = "100.107.101.77";
port = 49002;
};
pcmc = {
user = "root";
hostname = "100.107.101.77";
port = 49003;
};
phone = {
user = "u0_a345";
port = 8022;
@@ -78,6 +101,18 @@
user = "me";
};
fe = {
port = 22;
hostname = "fe";
user = "me";
};
fes = {
port = 22;
hostname = "fe";
user = "server";
};
fusus = {
port = 49388;
hostname = "fusu";

36
programs/thunderbird.nix Normal file
View File

@@ -0,0 +1,36 @@
{ pkgs, config, persistentDir, ... }: {
## thunderbird settings
programs.thunderbird = {
enable = true;
profiles.me = {
isDefault = true;
};
};
## mail archiveing...
## email accounts
/*
accounts.email.accounts.sewi-gmail = {
flavor = "gmail.com";
};
accounts.email.accounts.c2vi-gmail = {
flavor = "gmail.com";
};
*/
/*
# not working....
home.file.".thunderbird" = {
force = true;
source = config.lib.file.mkOutOfStoreSymlink "${persistentDir}/thunderbird";
};
*/
}

7
random-pkgs.nix
View File

@@ -7,6 +7,13 @@
lib = pkgs.lib;
in rec {
affine = (pkgs.affine.overrideAttrs {
patches = [
"../overlays/patches/affin-edgeless-right-click-drag.patch"
];
});
runc = pkgs.runc.overrideAttrs ({
src = /home/me/work/config/gitignore/runc;
});

14
scripts/screenshot.sh
View File

@@ -1,14 +0,0 @@
hyprpicker -r -z &
geometry=$(slurp -c '#ff0000ff')
if [[ "$?" != "0" ]]
then
pkill hyprpicker || true
exit
fi
grim -g "$geometry" -t ppm - | satty --filename - --copy-command=wl-copy --early-exit &
pkill hyprpicker || true

12
users/common/home.nix
View File

@@ -21,8 +21,11 @@
home.sessionVariables = {
EDITOR = "nvim";
};
home.sessionPath = [
"/home/me/work/path-extra"
"${self}/mybin"
];
home.sessionPath = [ "${self}/mybin" ];
home.file = {
".subversion/config".text = ''
@@ -34,6 +37,8 @@
} // (if hostname == "main" then { ".rclone.conf".source = config.lib.file.mkOutOfStoreSymlink "${secretsDir}/rclone-conf"; } else {});
home.packages = with pkgs; [
unar
lm_sensors
borgbackup
rclone
archivemount
@@ -41,7 +46,8 @@
pkgs.hostname
vim
tree
htop
lsof
htop-vim
subversion
pv
nodejs
@@ -62,7 +68,7 @@
wakeonlan
# python....
(python310.withPackages (p: with p; [
(python3.withPackages (p: with p; [
pandas
click
click-aliases

41
users/me/gui-home.nix
View File

@@ -1,5 +1,5 @@
{ config, pkgs, self, workDir, inputs, persistentDir, system, ... }:
{ config, secretsDir, pkgs, self, workDir, inputs, persistentDir, system, pkgsUnstable, ... }:
{
imports = [
@@ -13,7 +13,29 @@
../../programs/rofi/default.nix
../../programs/zathura.nix
../../programs/firefox/default.nix
../../programs/thunderbird.nix
inputs.lan-mouse.homeManagerModules.default
"${inputs.vscode-server}/modules/vscode-server/home.nix"
inputs.walker.homeManagerModules.default
];
programs.zed-editor = {
enable = true;
package = inputs.zed.packages.x86_64-linux.default;
};
programs.walker = {
enable = false;
runAsService = true;
};
programs.vscode.enable = true;
programs.vscode.extensions = with pkgs.vscode-extensions; [
ms-vscode-remote.remote-ssh
ms-vscode-remote.remote-ssh-edit
];
programs.lan-mouse.systemd = true;
@@ -45,12 +67,15 @@
home.sessionVariables = {
inherit system;
VIC_BINARY = "/home/me/work/victorinix/vic";
PPC_DATA_DIR = "/home/me/work/gitignore/ppc/data";
};
services.dunst.enable = true;
home.file = {
".davfs2/secrets".source = config.lib.file.mkOutOfStoreSymlink "${secretsDir}/davfs2-secrets";
#".mozilla/firefox".source = config.lib.file.mkOutOfStoreSymlink "${persistentDir}/firefox";
".cache/rofi-3.runcache".source = config.lib.file.mkOutOfStoreSymlink "${persistentDir}/rofi-run-cache";
@@ -66,6 +91,7 @@
# packages that i might not need everywhere??
#wstunnel
rclone
pkgsUnstable.tsx
playerctl
alsa-utils
usbutils
@@ -81,8 +107,9 @@
# gui packages
songrec
obsidian
gnome.eog
eog
xorg.xkbcomp
haskellPackages.xmonad-extras
haskellPackages.xmonad-contrib
@@ -92,7 +119,7 @@
spotify
networkmanagerapplet
haskellPackages.xmobar
dolphin
kdePackages.dolphin
mupdf
xclip
stalonetray
@@ -102,7 +129,7 @@
# use signal from unstable, because the app itself says it would to update to be usable
self.inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.signal-desktop
self.inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.ticktick
#self.inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.ticktick
element-desktop
discord
wireshark
@@ -111,7 +138,7 @@
xorg.xmodmap
inkscape
kazam
onlyoffice-bin
onlyoffice-desktopeditors
# my own packages
supabase-cli
@@ -136,12 +163,14 @@
libvirt
virt-manager
freerdp
nixd
#(pkgs.writeShellApplication {
#name = "log";
#runtimeInputs = [ inputs.my-log.packages.${system}.pythonForLog ];
#text = "cd /home/me/work/log/new; nix develop -c 'python ${workDir}/log/new/client.py'";
#text = ''${inputs.my-log.packages.${system}.pythonForLog}/bin/python ${workDir}/log/new/client.py "$@"'';
#})
(pkgs.writeShellApplication {
name = "rpi";
text = let
@@ -287,5 +316,3 @@
})
];
}